Code & Coffee: Uptown Brigade

In September 2017, I launched an edition of Code & Coffee in Uptown– my neighborhood in Chicago. In collaboration with my friend and colleague, Ryan Koch, we have launched a weekly meetup for the technology community in our neighborhood. In three month’s time, the group on meetup has grown from zero to 136 members, we have begun a civic technology project in collaboration with the Chicago Public Library, and built an inclusive, diverse community composed of diverse ethnicities, gender identities, and faiths. Our small but mighty group was invited to participate in the Code for America Brigade Congress and gained the attention and support of our local Alderman’s office in securing local government buy-in for our civic hacking projects.

Due to demand, we have expanded our twice-per-month co-working event to a weekly gathering at Emerald City Uptown and begun to pioneer an evening edition dubbed Bytes & Beer in collaboration with the Uptown Arcade.

In addition to the resource portal for underserved residents in our neighborhood and have been asked by the Chicago Public Schools to breathe new life into our neighborhood public school’s website.

I am proud of the eclectic group’s diversity not only in terms of technology stacks but racial and ethnic diversity, gender inclusiveness, age, and socioeconomic inclusiveness. Future goals include partnering with other community organizations such as TransTech Social and the Center on Halsted to reach broader and more diverse groups of technologists.

Check out our website and join us on Slack!

Crypto Party: 3 Easy Steps You Can Take Right Now to Improve Your Online Privacy

The title of this post is inspired by Crypto Parties, groups committed to promoting digital privacy for normal people. With more of our lives online now than ever, the potential for compromising data to be leaked is more frightening and possible than ever. Cryptography isn’t something reserved for government spooks, criminal hackers, or computer nerds. It’s something we should all be taking seriously. And it’s not as hard as you think! Here are three simple actions you can take right now, in less than 20 minutes, which will dramatically improve the safety of your online activities, personal information, and communications.

1. Use Signal as an SMS replacement. With iPhone, Android, and desktop apps, there is no reason not to. Signal allows you to send text, group, voice, video, and picture messages around the world. You can even make encrypted voice calls to other users— albeit the feature works best over wifi. It’s completely free, open source, and operated by Open Whisper Systems, a project of the Electronic Frontier Foundation, which advocates for Internet privacy rights.

2. Route your web traffic through a VPN. A virtual private network, a VPN encrypts data in a secure pipeline between your device and the VPN server, ideally located somewhere else. The remote server then processes your requests, obtains the data you requested, and routes it back to you over the same encrypted tunnel. Some things to look for in a good VPN service:

  • transparency about where the servers are located, make sure the service is headquartered in a jurisdiction that does not require service providers to keep your personal information. You probably don’t want a Russian or Chinese VPN for example.
  • some assurance of what happens to traffic logs. All servers have the capability to log traffic requests, IP data, and other PII. A good VPN provider does not store this information for longer than 24 hours to allow site reliability engineers to troubleshoot any possible network issues.

I recommend VPN Unlimited, a product of KeepSolid. The service supports macOS, Windows, iOS, Android, and several other platforms natively. And they have a pricing model that allows for unlimited, lifetime usage for a flat fee. If you have fewer than five devices a one-time charge buys you lifetime protection. PC Magazine gives them their Editor’s Choice Award so you don’t just have to take my word for it.

3. Consider protecting your HTTP traffic. In a “man-in-the-middle” attack, a hacker spoofs a host address and intercepts your data. They can even send back fake data, a website with false information for example, claiming to be a legitimate company. This is easy to do on public wifi and there are tools like Cain & Abel freely available to download. This is not sophisticated: I was doing this kind of attack as a high school student. Enforcing HTTPS is a way to deter hackers with malicious intent from sifting through your web traffic.

HTTPS is a form of the hypertext transfer protocol, the “S” stands for “secure.” The Electronic Frontier Foundation makes a simple browser extension called HTTPS Everywhere. This extension, which works in Chrome, Firefox, and Opera (no Safari, sorry), takes an extra step to rewrite standard HTTP requests as HTTPS requests. The project also makes it easy for webmasters to learn about how to deploy HTTPS on their websites to protect their users from potentially harmful attacks, thus growing the body of content on the web that supports HTTPS requests.

This article in Entrepreneur takes a less technical and more enterprise approach to the distinction. This may be something worth considering if you own a website. I’ve been using Github Pages for hosting lately because it’s completely free and supports static pages. Did I mention it’s free? (I recognize this blog doesn’t use HTTPS yet, I’m working on it).

Bonus Content

In the wake of Edward Snowden’s reveals, a movement called CryptoParty has spring up with clones in many cities around the world. A grassroots endeavor, these parties promote adoption of basic, practical cryptography. You can find an event near you. Some technologies CryptoParties promote:

  • Tor anonymity network Tor = “the onion router” which is an analogy for the layers of an onion. Tor relays are open nodes that operate around the world with the single goal of routing anonymized web traffic. These servers are also the gateways to the “deep web” (websites that end in .onion TLDs which cannot be accessed from the “regular” Internet). Tor relays do not keep connection or traffic logs. The Tor browser is a Firefox clone which can be downloaded to your computer and used to surf the web anonymously. Tor is NOT a replacement for a VPN. Tor should never be used to transmit PII. Tor promises anonymity, not privacy. Since Tor nodes are open to the public and due to their anonymous nature, we can never know who is watching. Use it for looking up “alternative facts” which could raise red flags from your home or work network. For example, I have used it to research recruitment tactics of extremist groups in order to better understand how to disrupt them. But I don’t use it for ordering from Amazon.
  • TAILS is a complete operating system which is build atop the Linux kernel. TAILS routes ALL network traffic through the Tor network. Unless you have a dedicate “anonymous browsing” machine, it’s not practical to install on local disk as a primary operating system. I keep it on a bootable USB drive which I used once to do research on the dark web. I prefer this setup for exploring the dark web because it makes it very easy to “get out” if I’m compromised by accidentally stumbling upon a malicious application. If you want a bootable TAILS drive that will work from any computer, I can make one for you. Using TAILS is a fun learning exercise but I struggle to find “everyday practicality” because I’m not peddling wares on the dark web.
  • Key signing parties — PGP works because you have a “public key” and a “private key,” by verifying the identity of a person and their private key, we can be sure that the communication pipeline between the two parties is secure. Signal has a neat built-in feature for doing this and alerts you when the key of someone you’re communicating with has changed— an indicator that their device may have been compromised or a third-party is attempting to spoof their identity.
  • Disk encryption — If you’re on MacOS, there is a feature in your settings which allows full disk encryption. On my MacBook Pro, I’ve been using this feature for a few months and don’t notice any real performance hits. The operating system decrypts your disk once you log in, so it might take a fraction of a second longer after you type your password. If you’re on Windows or Linux, TrueCrypt is a standup option which has received a lot of praise in the tech world.

The right to be protected from government snooping is enshrined in the fourth amendment of the Bill of Rights and it’s something I personally take very seriously. Until recently cybersecurity was complicated and inconvenient. It is also our responsibility as users of the Internet to protect ourselves from those who seek to steal, cheat, or otherwise cause harm. With more and more sensitive, personally identifying, and financial data online every day, inaction is the only foolish choice.

Any thoughts? Concerns? Questions? Corrections? Leave them in the comments!

On Learning Python: Pixie Killing, Imposter Syndrome

Adventures with Python continued this past month with the Chicago Python Mentorship Program. I’m pleased to announce significant progress with two projects that have been the focus of my participation, both the inventory control script for my work and a meeting cost calculator for Federal employees. However, the biggest gains in the past month manifest not in lines of code, but rather feeling for the first time that, I can do this.

Over cookies and coffee with Ray Berg, Braintree Developer and Mentorship Coordinator, we carefully unpacked two concepts that have been key to my participation as a mentee: pixie killing and the imposter syndrome. In my last post, I referenced my fascination with the “magic” of technology. Crediting my mentor, Chris Foresman, an amazing brain and computer scientist for Sprout Social, I have been able to learn a tremendous amount about why these lines of code I type into Atom can direct a computer to behave in a certain way– accomplishing complex tasks automatically. While True: this does take some of the sorcery out of technology, it has made me a more competent and confident budding programmer.

Confidence is key to being successful in this (or any field). The Atlantic wrote recently about a confidence gap that exists between equally qualified women and men performing the same work. Making the decision to build my skill set and move towards the tech industry has raised a lot of questions. Can I even do this? What am I doing here trying to talk the talk with so many well-qualified and experienced programmers? Am I an imposter? Imposter syndrome is a real issue defined by the American Psychological Association. And the issue of feeling like a fraud isn’t new, even in the wild west of software engineering.

http://pre11.deviantart.net/a182/th/pre/i/2010/120/b/c/the_imposter_by_yastach.jpg

There are lots of folks willing to help overcome these issues of confidence and self-doubt in the computing community. If you’re a mentee in the program and this is on your mind, let’s talk about it! Or talk to your mentor. Or one of the coordinators. You can also look here. Or here. Or here.

Additionally, this is the first time that I’ve built a program that carries out several complex tasks simultaneously in order to return the desired output. Several times throughout the process I found myself feeling overwhelmed, confused, lost, and generally anguished. But yet again, I was reminded that I’m not alone in facing these challenges. In addition to the helpful community on Slack, Chris introduced me to a new strategic approach to programming, “chunking.” Essentially breaking up the larger program into smaller, more manageable components, testing these components individually, and then, once working integrating them with other “chunks” of code to hack together a working prototype. Chunking is also an excellent way to debug when errors happen. Directing the computer to return information that the program ought to have gathered by certain points in the operation, the savvy programmer can better see where the error might be originating.

Cool, so I learned some stuff. But what have I actually done with it? Part of my job used to involve a tedious, weekly manual review of inventory manifests. The process required me to compare a warehouse and an office manifest and account for discrepancies greater than 500 items. Passing this data into two CSVs allowed me to lean on Python’s built-in CSV library to build a script which completes what previously took hours out of my week in under 5 seconds.

Items that diverge by more than 500 stock are printed.

In the script above, item numbers that diverge by more than 500 stock are printed. Other items that appear on one list but not the other are parsed with the exception handler and printed as a double-check for the operator (me). Shoutout to fellow Chicago Pythoneer and ChiPy member Ryan Koch for his help with exceptions.

A less practical but more fun project nearing completion is a meeting cost calculator for Federal civilian employees. The user enters all the attendees at a meeting, using requests, Python pulls the public employee salary data from an API, and the cost of the meeting in calculated in real time.

I’m having a blast and am looking forward to continuing to share more with my fellow mentees and the Chicago Python community!

ChiPy: Python, Snake Charming, and Civic Tech

ChiPy (pronounced ‘chi,’ as in “chip,” ‘pee’) is a Chicago-based Python user group. Opening their doors to members of all-levels, ChiPy is a supportive space where novice programmers like me can sharpen their skills in a non-judgmental community. I was thrilled to be part of a small group selected to participate in ChiPy’s sixth iteration of of its nationally acclaimed Mentorship Program.

Upon embarking on this 12-week journey into the world of computer programming (which turns 70 today), I was fascinated with the magic of technology. Learning Python, to me, was akin to charming snakes. The earliest records of snake charming can be traced back to ancient Egypt where charmers acted as mystical healers and consultants to their clients. Using their magical ability to charm snakes, snake charming grew into a venerable and respected profession in the ancient world.

Fast forward to modern times, and I find myself enamored with the power of computing. As a full-time bureaucrat and millennial by birth, I find these components of my identity at odds. Why am I struggling day in, day out to use labor-intensive, manual processes on geriatric computer systems when, as Code for America’s Chicago Brigade Leader, Christopher Whitaker writes in his book, we have the power of a 1950s supercomputer in our pockets? As I was completing a weekly manual review of thousands of lines of XML containing addresses and order numbers, and comparing two CSVs side-by-side in Excel, I couldn’t help but think: there has to be a better way.

But how?

As a digital marketer by profession in the public service industry, I’ve been a regular attendee of Chi Hack Night, a weekly civic technology hackathon. Notably I supported the Chicago Nursing Home Search project by translating marketing graphics into Spanish for their launch. I also document the pre-hack meetings for the Chicago chapter of Young Government Leaders. While using my talents to support the civic tech movement is rewarding, I couldn’t help but notice all these cool applications changing the face of how social services and the public good can intersect with modern innovation in the digital age.

Yet I barely had the skills to create a basic HTML website from another developer’s template. Reenter ChiPy.

I am simultaneously humbled and floored to be working with my mentor Chris Foresman, a senior developer with Sprout Social, Ars Technica contributor, former indie record producer, dad, and all-round badass.

In the three weeks that we have been working together, I have used the Python CSV library to automate what was once a tedious, manual process in my day job. Chris’s Purdue computer science background really adds an interesting level of theoretical depth on how each line of code is parsed by the operating system and executed by the computer’s hardware. I find that my mentor’s formal education combined with a successful career as a technology writer and over six years of professional experience as a developer makes for an incredible learning experience. The patience and wisdom that come from having a three-year-old son at home also aren’t lost on me and greatly appreciated.

Next up, Chris and I plan to use Beautiful Soup and Requests to build an app that calculates the cost of meetings conducted by federal employees. Another tool I hope will encourage attention to transparency, efficiency, and efficacy in my line of work.

Image result for requests http for humans

Towards the end of the 12-week experience, I hope to have time left to pick Chris’s brain about APIs.

The racially diverse emoticon: A divisive rift rather than an inclusive gesture

With Apple’s recent announcement of racially inclusive emoticons, some users rejoiced over their digitalized emotional caricature having a similar skin tone. Meanwhile others with more malicious intent have begun to use these emoticons for more nefarious purposes such as slurs and other racially-charged liable. I argue that these new emoticons serve- not to remind us that we have the same feelings- but rather to divide us based on the color of our skin.

The company should’ve never made race a question, making the emojis raceless with yellow faces and leaving it at that.

CreditScore-169x300

photo: WaPo

Thats_Racist_Transparent

Yellow. Have you ever seen a (healthy) yellow person? I don’t mean my mom and grandparents from Taiwan, I mean actually yellow. You haven’t because among healthy human beings there is no such thing. The “classic” yellow emoji represents the corresponding feeling being communicated and doesn’t give much deference to skin color- usually unimportant in body language communication.

photo: USA Today

photo: USA Today

The company should’ve never made race a question, making the emojis raceless with yellow faces and leaving it at that,” writes Paige Tutt in The Washington PostRather than focusing on the purpose of an emoticon- to convey nonverbal expressions, thoughts, or feelings- the consideration of skin tone reminds us that even our emotions have skin color. The new emoji underscore the notion black, Asian, and white people can’t feel the same things nor share the same emotional landscape.