How to make a multiplayer FPS that isn’t Battlefield or Call of Duty

So those guys (BF, CoD, maybe even Overwatch) are super-huge. They don’t really have problems with scaling. Or, maybe, in some cases, they do?

Here’s something I saw while playing Titanfall 2. First off, and I think this is a significant problem, they have a TON of datacenters, like around 8 or 10 within 100ms of my location. So I’m on at, like 1AM Pacific. There are a couple hundred people active on my closest-location data center (Salt Lake City). There are a couple hundred on in Oregon (GCE1?). A couple hundred more in Oregon-2 (GCE2). But we’re having matching problems, and it’s taking longer than it should to start games, and I keep seeing the same people. Logically, I can see that during peak times, with a crazy-high number of players logged-in, you want everyone to be as close as they can to their own data center, and you want as many damned data centers as you can throw money at to get. But when not? We’re splitting too many players across too many data centers, all for the sake of the difference between 45ms and 65ms. As it got later and later (I am a bit of a night owl) I started to check out other servers, farther away. In many cases, numbers as low as zero. Ugh. There’s a real concern that you might have some people logging in, seeing just a few users, and giving up. That’s enormously dangerous.

This is a really hard problem. Crazy hard. There are a lot of different ways to approach it, and as I was thinking about it, I thought I might’ve come up with a decent algorithm that might work. This is more of a thought experiment, me armchair-quarterbacking a problem that I’m sure the actual devs are already hard-at-work fixing. But anyways, here’s my idea:

  • First off, instead of connecting to your closest data-center, you instead connect to one Grand Unified Centralized registration system. First come, first serve. And, yes, if you live 500ms away, your registration time will be 500ms older than someone else. Too bad, that’s life. A “registration consist of just an IP/serial/whatever, a version number, and the number of milliseconds of delay to every datacenter that exists.
  • Now the server has a list of registrations, in time order. First, you grab the oldest registration. (Note the time, for keeping track of worst-case registration times). Grab the shortest datacenter from the list of datacenters. Walk through registrations in time order, trying to find (howevery many users you need for a game) users for whom that is also their closest datacenter.
    • Did that work? Then great. Shunt those ‘N’ players off to a game hosted in that data center. Then repeat with the next oldest registration.
    • Let’s say that didn’t work. Now, things get interesting. Of all the registrations you have, find the lowest-ranked first-choice. This, by the way, is the same method as Instant Runoff Voting. For anyone who had chosen that first choice, bump them to their second choice. That may include our candidate registration, itself.
    • Now, repeat the attempt to match up our candidate. Keep eliminating the least-popular data center until you can find a match.

So that’s it. Here are some of the practical advantages and disadvantages of this system, and some weird side-effects:

  • If there’s, like, a 10 minute wait (which there oughtn’t ever to be), some people could beat that time by being at the end of the queue, but being in a region that needs players. I think that’s OK.
  • I _think_ this might be hard to parallelize. You’d have high contention for the oldest items in the queue; you’d have to have some kind of locking mechanism, or something. This algorithm works best if running in series. Maybe there are some sneaky ways to do it otherwise, but I don’t know how off the top of my head. Maybe grab batches of 1000 registrations, and working that way?
  • Super-duper single-point-of-failure. You lose the centralized registration server, game over. Maybe you fall back to the ‘old’ way? Or maybe you’re just down, and that’s it.
  • I worry what might happen if you start getting to 10,000,000 players all online at the same time? Being unable to burn through those folks fast enough might become a problem. Maybe once your region gets >1000 users on it, you let them just hit their local region? I don’t know?
  • The centralized registration system does have one simple function: match players and bounce them over to their regions. So it has exactly-one job, and I can’t imagine a single ‘matching’ taking more than a few hundred milliseconds or so?
  • In terms of scaling and stuff, I would say that you should add capacity to a region when there are no free game servers available (or ‘game slots’). If new servers take a while to spin up, I’d be more liberal than that (maybe using an algorithm of “if there are less than ‘n’ slots available, then add a server”).
  • You can go completely nuts spinning up data centers. Until you get into the, like 1000’s or so, this algorithm ought to keep working pretty well.
  • When there are only ‘n’ people online, total – and they’re from all around the globe – they may end up having a bad time; high latency. That is life, too bad.
  • There may be a point where you say, “Sorry, person, but you’re fucked. There’s no one close enough to you to play a game.” That would be a terrible result, but it could happen. It depends on where the barrier to ‘too many milliseconds’ is.
  • I’ve thought about ways to globalize the registration system, with some kinds of distributed databases or whatever. I don’t think the costs are worth it, but, maybe, you could do some kind of distributed database-ey thing. I don’t know.
  • The registration data is pretty dang ephemeral. You could maybe do this with something like Redis, though some of the queries we’d be talking about doing might not work there.
  • I’d probably have it set up so that if the centralized service blows up and loses all its data, the various game clients will all try and reconnect. Especially if the registration service uses an ephemeral data-store, this could happen.

Of course, there are so many ‘gotchyas’ and caveats and potential failure modes, and all kinds of problems with networking and latency and who-knows-what. I don’t know if this system is harder to implement with those caveats or not.

And I’m just some guy, not a brilliant algorithms person or some distributed programming guru. This could all be a horrible, disastrous mistake of a system. I doubt most armchair quarterbacks actually call spectacular plays when they’re watching their various football games. (Look, sports reference! Yay!)

JavaScript: Callbacks, EventEmitters, and Promises – which one to use?!?

Short version

If you have something that’s simple and always synchronous, don’t use any of them. Just write a dumb function.

If you have a function that’s simple and only needs one asynchronous response – and there are no other potential responses – then a callback is fine.

If you have some kind of object that could have several different potential asynchronous responses – at various different points in lifecycle – and you might or might not want to listen to none, one, or more of them? Then use EventEmitters.

And finally, use Promises when:

  • You have a collection of asynchronous functions, and you need to respond only when all of them have returned, or any one of them have returned.
  • You’re doing mostly ‘imperative’ functions and don’t need to pass a lot of values around, you just need to chain together some callbacks in sequence.
  • You have some functions that might be synchronous, and some that might not be, and you’re not sure which until runtime
  • You have a collection of asynchronous events that are all firing, but the order that they must complete in is dependent upon some value determined only at runtime.
  • (weaker argument) You are falling victim to callback-hell, and your code is steadily creeping rightward

Long version


function foo(param1,param2,param3) {
  return "something";

var a=foo(1,2,3);

If you can do it this way your life will be better. Do it this way if at all possible.

Simple Callbacks

function foo(param1,param2,param3,callback) {
  process.nextTick(function () {

foo(1,2,3,function (result) {
  console.warn("Yay, we got result! "+result);

If you find you’re passing “callback1, callback2, callback3” definitely don’t do this. But for small, simple asynchronous functions, with not much else going on, this is still fine. Still pretty easy to reason about. As functions grow larger, and nested callbacks grow deeper, it gets harder and harder to reason about, though. The invocations of your little function probably ought not to be more than just a few lines; if they are, you should consider the next option…


I think 95% of the EventEmitters I create end up being ‘classes’ that extend the EventEmitter class, and I think that’s probably a good way to do it.

   /* ..... */
   /* ..... */
   /* ...... */ 
   /* ...... */
   this.emit("complete","something",success === true);

What’s great about this model is that someone who’s consuming this object might only care about one particular event – in which case they can listen for just that one. I believe it’s ok, and actually good, to emit liberally, even events that are similar but not the same (in my example “success”/”failure” as well as “complete”).

Another nice side-effect is that all of your various listen events (.on(foo)) help document what the callback is actually for. E.g. –

on("complete",function (param) {
  /* see? Now we know this event handler fires when things are complete! */

If you’re not careful, you can absolutely slide into callback-hell here. But this is my personal favorite pattern to use. It’s pretty extensible.

Never do synchronous callbacks; ever. If you want to do something ‘immediate’ at least wrap it in a process.nextTick(function () {/* blah */}); block; that’ll effectively be immediate but allow for someone to use it in the way most EventEmitters are used.

Never throw errors; just emit “error” instead.


These are massively over-hyped as the solution to everything. While they are actually very, very cool; they definitely have some real drawbacks.

  • They can get hard to debug
  • They can be confusing
  • missing something like a return – which is super-easy to do – may just cause silent code malfunctioning instead of issuing any kind of error
  • Propagating data forward from previously-resolved promises into later promises looks and acts weird.
  • You lose a lot of the benefits of ‘closing-over’ variables

But, when used properly – they can turn something nasty like this:

foo.on("bar",function (baz) {
  bif.on("blorgh",function (bling) {
    bloop.on("gloob",function (fweep) {
      /* .... */

Into something much prettier like this: (baz) {
  return "thing";
}).then(function(bling) {
  return "other_thing";
}).then(function (fweep) {
  return "last_thing";

Which, especially if you end up with a super-long list, can be helpful.

You can also use .catch() to grab any error in your list of actions – and that can be enormously useful.

Also, if you have an array of promises, you can do something like –

Promise.all(my_array_of_promises).then(function (results) {
  /* do something */

Which can be very, very handy.

Where it starts to get ugly is, if in that example I gave above – if you need to treat an error condition for each of those steps slightly differently. Now you can throw various .catch statements after each .then statement, but I can imagine trying to visually read through that as being a nightmare.

The other huge thing here is that some promises can be fully synchronous – e.g. Promise.resolve(7) – that’s a promise that will resolve to the number 7. And some promises (well, probably most of them) are asynchronous. This is great, and the ability to unify these two modes together can be very helpful.

So, absolutely use them when they make sense. But my current thinking (which might change) is that you should use the simplest asynchronous mechanism that expresses what you need, without adding complexity. Step up the complexities of your tech as you need to, but not before.

Use the right tool for the job.

A pinko-commie lefty-liberal’s _technical_ argument against The Secretary of State using Her Own Email Server

If an employee of mine tried to send email from their own server, instead of using my company’s, I’d reprimand them, harshly. And if they continued to refuse to use the appropriate email server I’d have to terminate them.

Why? Security.

Who ran Hillary Clinton’s Email server? What software did it run? Where was it hosted? How physically secure is that location? How secure is the ISP that serves data to that server? The administrators of that server – are they background-checked? Are we sure they are not in the service of any foreign entity, or even a domestic one? Is the server patched to the latest version? Are there any vulnerabilities on the version it is running? Are there any backdoors or rootkits or other such stuff on there? What’s the update schedule on that server? Is there any strong cryptography on it? What protocols are running?

And the answer in just about all of these cases is, “I have absolutely no idea.” And that is completely and totally unacceptable.

If you administer an email server, YOU CAN (usually) READ ANY EMAIL THAT IS ON IT. When it’s some regular schmoe somewhere, that’s less of a big deal (but still something to be concerned about). When it’s the Secretary of State of the United States of America, that’s a bit of a bigger deal.

If you are reading this and feeling like I’m not exactly right, go talk to your email admin. Ask them to read you your latest email – “just so you can see if your email software is working.” Let me know what you find.

How to do: Gulp + Browserify + Coffeescript + Sourcemaps + Uglify as of mid-2015

I blew so much time on this, it’s crazy.

I got it down to something simple and clean, finally. And it turns out the “recipes” section on the Gulp website pretty much had the answer already. I just needed to understand more about what I was trying to do in the first place.

Note: You need to install coffeeify to have it available as a transform!

var gulp        = require('gulp');
var browserify  = require('browserify');
var source      = require('vinyl-source-stream'); //to 'rename' your resulting file
var uglify      = require('gulp-uglify');
var buffer      = require('vinyl-buffer'); // to transform the browserify results into a 'stream'

var sourcemaps  = require('gulp-sourcemaps');

gulp.task("your_target",function() {
      entries: ["./"],
      debug: true,
      extensions: [".coffee"],
      transform: ["coffeeify"] // npm install --save-dev coffeeify
    .pipe(sourcemaps.init({loadMaps: true,debug: true}))
    .pipe(uglify(/* {
          debug: true,
          options: {
            sourceMap: true,
      }*/)).pipe(sourcemaps.write("./" /* optional second param here */))


If you don’t want the sourcemap URL in your resulting JS file (which I didn’t, because I keep my sourcemap file private), add a second parameter ,{addComment: false} to the sourcemaps.write line near the end.

Edit: – the parameter to uglify isn’t even needed.

Debugging or Troubleshooting the PHP Autoloader

I used PHP pretty heavily a while ago. It’s still – in its primitive, non-objectey, non-frameworked form – one of the environments in which I can ‘think’ in the language the fastest. If someone had a gun to my head and said “build me this thing ‘x'” – I would probably do it in PHP (unless it were large enough with lots of forms/fields/tables/etc., then I might use something else. Or maybe still PHP? I dunno.)

But that means I missed out on the newest revolutions in PHP – composer, Laravel, all that stuff. And some of it is actually pretty cool, once you get a handle on it.

Composer is very similar to how Bundler works under Ruby, or how npm works under Node. You say which libraries you need and which versions in a config file, then say ‘composer install’ (or ‘php composer.phar install’) and it magically goes and gets them and installs them. Pretty neat.

One of the more subtle pieces you get is no longer having to say require "foo.php"; – the new system of Autoloading does that for you, if you’ve gotten everything set up right. It seems to be powered by PHP Namespaces – each composer-able package declares which namespace it’s going to set stuff up in, and then if you try and use something from that namespace, it automagically gets loaded up. Pretty neat!

It’s actually very neat. Until…it doesn’t work. And then I started to find that it was extremely difficult to troubleshoot what it’s actually doing, and why my custom package wouldn’t autoload.

Probably the first place to start should be the DebugClassLoader component ("/Symfony/Component/Debug/DebugClassLoader.php"). That was installed by default in the Laravel app I was playing with. It looks like there’s a nice static class method you can invoke, which will help troubleshoot what’s going on in the class-loading process – “DebugClassLoader::enable()“. There seemed to be another Debug component – somewhere – that wanted to enable that feature – “/Symfony/Component/Debug/Debug.php” – but I couldn’t end up figuring out how to turn the damned thing on. If you do? I bet that’ll be more helpful than the other stuff I ended up playing around with. That DebugClassLoader seems like it will wrap the autoloading process and yell at you if it can’t find the classes it wants in the appropriate files, and there’s not a lot else going on with the autoload sequence than that.

But, due to my ignorance, the most useful tool that worked for me was manually loading up the autoloader object and just asking it dumb questions:

$autoloader = require "./vendor/autoload.php";

$results = $autoloader->findFile("\MyNamespace\MyClassName");

print "Found file for class at: $results";

Other methods I ended up playing with were:



Enough poking around with some of these techniques eventually got me to the point where I could figure out what it was that I was doing wrong. Hopefully I can save someone else a few hours of heartache too.


So there are a few people I’ve recently met who are anarchists, and I’ve told them all that I disagree with them. But I wanted to lay down my explanation as to why.

Let’s not talk about the moral underpinnings – because the morals behind any socio-political-economic system are always super-duper good and just. (e.g. socialism’s “From each according to ability, to each according to need”). But the devil’s always in the details. So let’s get into some details.

There are examples in actual history we can look at. The best modern example is probably Somalia, which basically has had no functioning central government for decades now. It, by most accounts, is not a very nice place. It is ruled by warlords. It is crippled by poverty and food shortages. If anarchy were so great, why isn’t Somalia a great place for anarchists to live?

We know the way that power tends to aggregate. See organized crime, or large multinational corporations (or perhaps I repeat myself – ZING). Though a great Libertarian/Anarchist argument against the organized crime part is that organized crime got the biggest boost in power during Prohibition. And the Mexican drug cartels that are currently dominating Mexico are being substantially weakened by the legalization of marijuana here in the US. And it’s a very good point, but the truth is that organized crime existed before and after prohibition, and will still exist even after we legalize pot. And large corporations existed before anti-trust legislation came about in the late 1800’s, early 1900’s, and afterwards. (Again, another Anarchist argument might be that large corporations would not have as much power without some kind of government intervention – if so I’d love to hear more about that; I think it was true of the Dutch East India Company, but more examples would be even better)

Let’s talk about a small town operating under anarchism. We’ll completely ignore the problems inherent in a large city – like my own New York – and just start focusing on my example small town. It’s got 100 residents, let’s say. Large cities will be probably even more problematic but I think I can explain my issues with my small town.

Problem #0 – I can walk down the street and just shoot someone in the face. There is no ‘legal’ ramification to that. If the person I do that to is not well-regarded, people might even cheer me on! Of course, if I do that to some beloved town local, I would assume that someone might come back and shoot me in the face. And I don’t want that. Of course the trick is to kill someone when no one else is looking.

Problem #1 – just about everyone has to own a gun. Some people might not, but in general, you just need to own one, primarily as a deterrent. With no formal social safety net, (plenty of informal ones, mind you! But nothing that’s guaranteed to catch people who are down on their luck) – there will be very desperate, very poor people who need things; or very depraved and lawless people who will take what they want. Some people may have an issue with having to own a firearm – and a system that practically forces them to do so seems unfair to those people. So a system that does not approve of force is now inherently, due to its structure, forcing people’s behavior.

So eventually due to the Organized Crime/Large Corporation problem, you will have to step up from the everyone-is-armed-at-home problem, and in to the Defense problem. E.g. instead of one down-on-their-luck person trying to take your possessions, killing you in the process – you now have the potential for a gang to come roaming through your town and ransack the place. You need some kind of defense; an army. So you hire one – and this is Problem #2. Well, it’s problem 2, 3, 4, 5 and 6. First off, you have to find an army that’s willing to defend your town – and we have a perfectly free market, so there will be a lot of competition, right? Maybe. In fact, your roving-gangs-of-ransackers are just as likely to be the ‘army’ that you’d hire. Or be somehow in cahoots. So how do we pay these people? We have 100 people in town, and we need to have them all band together to pay the army. But Old Man Caruthers doesn’t want to pay! Well, we can’t force him – Non-aggression principle. Now we have problem #3. So then we have to increase the price that everyone else pays to cover his share – and now all sorts of other people are going to start balking at the prices. So eventually you have to say, “either you pay, or you can get out of town.” That sounds like force. Or maybe you make a deal with the army – mark the houses that have paid, and they get protection, and the ones that don’t, don’t. Sounds like a mess. And things like securing the town’s borders won’t work in that way.

And how did we manage to select which army we got to defend us? A vote? A vote where only consensus is allowed? At 100 people consensus will be hard. At 1000 it will start to become impossible. As soon as we start having a ‘majority’ – then we’re coercing people, and breaking our own rules. Problem #4. (What about payola; the guys in Army Group #1 slipping $100 each to the people who are ‘on the fence’ to secure their vote?)

Problem #5 – who is to keep our ‘army’ in check? Let’s say I’ve got a roving band of raiders. Why don’t I meet up with the person in charge of the army-for-hire, we sit down and have a nice lunch, and I offer them a huge cash payout to stand down on such-and-such a day? Well, certainly, that would erode the trust one might have in such an army – if word ever got out. But why would it? My raiders would just go and kill everyone.

Problem #6 – how do you fire your army? Ideally, with another army, and the first ones just leave. But what if you decide you just don’t want an army at all, then what? And what if “your” army decides they don’t want to be fired?

And we haven’t even gotten into policing yet – which would probably end up being problem numbers 7 through 15…

And we haven’t even figured out what currency any of this stuff is bought or sold in. More problems.

So I think the real, fundamental economic problem here is this:

A market with no regulation at all is not at all free.

Not everyone has perfect information to make perfect economic choices. Certain goods and services exist in certain locations, and cannot be quickly or cheaply transported to wherever they are needed. Monopolies, cartels, and collusion happen and drive prices up. Gluts happen and drive prices down. There is inherent friction in every economic transaction.

And the political problem is this:

The Tragedy of the commons.

Without the ability to coerce people, and without the ability to form majority rule instead of consensus, you aren’t going to be able to do anything as a society. “The Commons” doesn’t have to be a physical thing; like a stream or a pond or grazing grass – it can be like our ‘how do we pay for the army’ problem above. Private property is not a solution. Private ownership of a common good like the water supply runs you into problems with inelastic demand – everyone needs water, so why not jack up the price for access to it? Still more thorny problems.

The Social problem is this:

This system completely and totally shafts the poor, and rewards the rich.

Can’t afford to pay for the army? Get out of town – or get treated however Mr. Caruthers got treated, above. Down on your luck? Hope for some handouts from private individuals. Still starving? Die. How much does this society help lift up the poor? How much does this society prevent the rich from just becoming more and more massively super-rich generation by generation; just sitting idle, reaping the rewards of actions done generations ago, or reaping the rewards of simple dumb luck?


Some interesting pro-anarchy thoughts I had while writing this up: What if you were to view this government as exactly the final result of having one of the armies in problem #2 defending you? E.g. the army won’t let you choose another army, it forces you to pay it. Though, to be nice, they charge a lower percentage of income to poor people and a higher one to rich people. What if that is, in effect, the government we have now, and modern taxation?

The other interesting one is how mafias and black markets tend to disappear when everything is permitted. Organized crime was at its most powerful here in the US in the middle of prohibition. Right now, it deals in drugs and other ‘sinful’ things. If all of those things were permitted, would organizations such as these disappear? What purpose would they serve? <CAVEAT – ARGUMENTUM AD MOVIE-UM> – in the Godfather Part II, we see a little glimpse of the early Sicilian Mob – and, while they were certainly murders, thieves, and extortionists – they were also community-builders, who helped their communities when the government would not. Maybe organizations/groups/towns whatever might end up acting like that?

I was also going to use the metaphor of prison for what happens when you ‘have no rules’. But prison has tons of rules! Yes, but the guards are really keeping “animals in cages” – and may not necessarily care for what the “animals” do. So that might-makes-right, everyone grouping into ‘tribles’ environment might be what you end up with. But what if that’s what the US *is* – the ‘rules’ the government puts on us are the prison guard’s rules, and today’s society is the same as that prison – tribalism, might-makes-right, what-have-you? I think the metaphor breaks down, but I still think it’s interesting.

Some actual things you could do for gun control stuff

Most people would probably agree to some formation of the following:

Someone ought to be able to own a firearm to protect their home and family. And all of these horrible shootings that keep happening are awful, and we should try to prevent them from happening. We can’t stop them all, but we can at least try to make it more difficult for them to happen.

And if you do agree with that, here’s my proposal:

Background-checks. Yes, even for private sales. In an era of $100 smart-phones, there’s a way to do it. When you sell a car, someone has to fill in or file a registration. It’s not unreasonable.

One-way database. In the same way you can have a ‘hash function’ which can map from source data to a hash value (But *not* backwards!), you should be able to map from serial numbers to people. But not the other way around. If you really need to see if someone has a firearm, you can get a warrant to search their house. But if a gun is used in a crime, and the serial number can be read off it, we need to be able to figure out who that gun belongs to. I would want to appoint some kind of privacy advocate to protect this data as well. The idea of the cops running around after Hurricane Katrina happened, confiscating legal firearms of civilians is something that should be prevented from even happening, and made even more terribly illegal than it was already.

Providing a firearm to someone who then commits a crime means you are an accessory. And should be criminally charged. Improper storage or securing of ones firearm(s) which are then used in crime mean you are negligent, or possibly an accessory.

And yes, that means if you ‘lose’ or have your firearm stolen, you need to report it. And that means if you didn’t secure it you can be charged. And that means you need to check in on your firearm every, say, 6 months or so – no saying “Oh, I forgot I had it! Haven’t looked at where I keep it in a while…”

That also means when you’re doing tearful press conferences about how no one knew that your kid could go shoot up a school, it’s likely you’ll be wearing prison-orange. Because you probably weren’t properly storing your firearms. Because if you were, maybe your kid would’ve had a harder time shooting up that school?

As for the definitions of what these things are? (How would a ‘household firearm’ work? What does ‘properly stored’ entail? Etc.) I don’t know and I think that’s probably an important place for us to get to. But let’s start a conversation here.

What about firearm types? I don’t care about that. AR-15 or AK-47 or simple 9mm Glock. Honestly, that’s the wrong road to go down. The right road to go down is stopping people who shouldn’t be able to buy guns managing from buying or acquiring them somehow. And making gun-owners responsible for secure and safe storage of their firearms. That, honestly, is not unreasonable.

Running Riak in Classic-EC2 (in a non-moronic way)

So I’ve been playing around with Riak lately – and it is a spectacular piece of software. It has a lot of the cool clustering goodness that you might get from something like Cassandra – but is a lot less of a pain in the ass to administer and deal with. Interacting with the database in an ad-hoc fashion is actually delightful – you can use lovely little REST URL’s like: to fetch one particular key. Riak doesn’t care what you store there – you could certainly throw a JSON blob in there, but you can throw whatever else you might like too. Want a secondary index? Make sure to use a 2i-capable backend (Leveldb, or others), then declare what values you want indexed when you write your data. Riak doesn’t load-balance over your cluster instances, but there are a ton of perfectly good load balancer solutions that already exist that work great with it. And if you need something tighter/faster than HTTP REST URL’s, you can use their protocol buffers interface for something that’s more socket-ey. If you’re into that kind of stuff, check it out. I’m really excited about it.

But be wary if you’re running it in Classic AWS (though their advice on running in VPC seems solid). The advice they give on their documentation website is terrible and wrong-headed. They actually expect you to manually go in and reconfigure the nodes on your cluster if one of your instances has to reboot. I worked out a better way. Of course, I offered it back to them, but they have yet to take me up on it.

You should basically run it the same way you’d run any other long-lived server in AWS. Allocate an Elastic IP address for each node. Look up the cool “public DNS name” for each of your elastic IP’s (should look like: “”), and use either that or a nice CNAME that points to that as your host identifier. That way, when your instances inside AWS resolve the name, they get the inside IP addresses. If your instance has to reboot, just reassociate your EIP to the instance. And that’s it. Oh, and the bits in the config where you’re supposed to put your internal IP address as something to listen to? Just put, it works fine (though there are allegedly some possible problems with Riak Control and HTTPS that way; that’s what Basho tells me but I don’t really know anything about that).

And you should of course protect your Riak port the same way you’d protect any other port for any other internal-facing system. There. That’s it. I have shut down and restarted my entire cluster (forcing it to get brand-new IP addresses), and using this method it seemed to work just fine.

The method Basho proposes to handle a reboot is as follows: Stop the node. Mark it ‘down’ using another node. Rename the node to whatever your current private IP address is. Delete the ring directory. Start the node. Rejoin the cluster. Invoke the magic command “riak-admin cluster force-replace ” (Oh, I hope you remembered to keep track of what the old name was when you renamed it!) (Oh, and one more thing! Up until a few months ago that was misdocumented as “riak-admin cluster replace …” which would toss your node’s data). Plan, then commit the changes. If you like to do it that way, you are some kind of weird masochist. And if you think this is remotely a good idea, then you are not good at technology.

I got into a long back-and-forth with one of their engineers about their crazy recommendations, but he refused to budge. I even submitted them a pull request with a fixed version of the documentation – and they still haven’t merged it. Why? I have no idea. The general impression I got is that the guy I was talking to was just being obstinate. We were literally talking in circles. “Why don’t you just use VPC!?” I’m sorry dude, I can’t, because all my shit is on Classic and that’s where I’m stuck, for now. “But if you give it an elastic IP, now it’s accessible to the world!” No more or less so than if it just picks its own IP, buddy. “But you’ll be trying to talk to the outside IP!” No, those funny names resolve to inside IP’s when you’re inside of Amazon. “Well, you should just use VPC!” And so on. Literally, this dude told me to use VPC like 5 times in the course of our email exchange. When I was explaining how to use Riak in Classic-EC2.

So, yeah. Good database. Had a really nice leisurely chat with one of their sales guys, too – he seemed really cool and knowledgable and low-pressure. But this ‘evangelist’ fellow certainly makes that group seem pretty dysfunctional to me.

Minimum Wage Thoughts

The libertarian answer to the question of “should we raise the minimum wage” is always the same: “We shouldn’t even have a minimum wage.” I really like this video as an explanation of that viewpoint.

As someone who likes to flirt with libertarian thoughts on occasion, I have pondered this one for a while. My desire for people who are less well-off to get more money is certainly there, I’ll concede – but I also like the idea of getting rid of stupid regulations and letting the marketplace regulate itself (ideas about limiting CEO pay or bonuses or other stuff like that seems weird to me, for example).

I think I’ve found a way to think about the issue that actually makes sense to me:

Not raising – or even eliminating the minimum wage would make perfect sense in a perfectly functional free-market economy for labor. I will argue that #1) We don’t have one now, and #2) we aren’t going to get one.

A Free-Market Economy Example

Let’s talk about what a perfectly functional free-market economy looks like, in a place I am very familiar with: the PC hardware market. You’ve got many corporations (HP, Acer, Toshiba, Dell, Lenovo, Fujitsu, etc.), competing against each other tooth-and-nail in order to win marketshare and earn profits. While they’re fighting with each other, kicking and screaming, the consumers win – at least in terms of price. And yet the profit margins for these companies – for these product lines – are razor thin. Doesn’t that seem strange? Here we have a microcosm of an “ideal” market economy, and yet we have very tiny profits.

We can explain this strange attribute pretty simply however – let’s imagine we have two companies – “A” and “B”. They both sell similar products. Company “A” however is taking a very healthy profit on their sales. Whereas Company “B” does not. If their costs are similar, it means that Company “A” is charging more for their product – and thus Company “B” will be cheaper, and will sell more. If “A” doesn’t eventually drop their prices and reduce their profit, they will be driven out of business by Company “B”. There’s a real life example for this – Jeff Bezos had famously said something like, “Your margin is my opportunity.” Meaning, if you make too much of a profit margin, Amazon will step in and make little to none, and drive you out of business.

(Note for completeness’s sake: Apple is an example of a company “A” that is not dropping prices but is doing quite well. They’re a rare exception and don’t have exactly the same product as the “B” companies, so the analogy doesn’t work for them, but I should at least mention it, especially as an Apple Guy.)

So if we can agree that that is what a competitive marketplace ought to look like – why are Corporate profits the highest that they’ve ever been?

The Minimum Wage Effects on Employment

Studies have shown that moderate increases in the minimum wage do not affect employment significantly (caveat: they’re from the left. The ones from the right say the opposite). Does that mean you can triple it all of a sudden? No. Moderate increases are what have been studied.

The math here is pretty simple – corporate profits are at an all-time high, and minimum-wage changes don’t seem to affect employment – it seems like we might not have a fully-functioning free-market for labor. What’s wrong with our assumptions?

The non-free, inelastic-demand, non-rational market of incomplete information for labor

In a completely fluid, well-functioning marketplace, a worker will always move to where the jobs are. And if they find themselves working in an industry that doesn’t have a lot of jobs, and notice that another industry does, they will make sure to retrain themselves for the new industry so they can make more money. And furthermore, a worker will always have acccess to all of this information so they can make well-informed choices. Applying any level of scrutiny to these assumptions will show they are not always valid. A worker can’t always pick up and move to the slightly higher-paying job across town, they’ve got to find an apartment, they have to drive further, the day-care center where little Bobby or Sue goes will be too far away, family lives nearby, or any number of hundreds of other reasons from trivial to the serious. A worker can’t always re-train and enter into another industry that’s higher-paying than the one they’re in – this might entail them spending time they don’t have, or spending money they can’t afford. And a worker does not have perfect information on what jobs do/do not exist and where, or how to go about them. Perfect information like that doesn’t even exist – and if it did, not everyone has broadband, a computer, access to the Internet, and the ability to use it all.

The current unemployment rate is 6.6%. Now, that doesn’t mean the number of people who want to be employed and are not is 6.6% – that number doesn’t include people who have given up and dropped out of the workforce. The best proxy we can come up with for that is the employment-population rate (Epop). That number is 58.8% right now. 58.8% of our population is currently working. The high was 63.4% in Dec. 2006 (source: Bureau of Labor Statistics). Meaning that not only is there the 6.6% of population which is unemployed and looking for work, there is another 4-ish percent who’ve given up looking for a job actively (presumably because they couldn’t find one). So if you think that you can ask your minimum-wage employer for a raise, or you can ask not to work Saturday to spend time with your kids – what do you think is going to happen? That’s right, you’re fired, and replaced with someone else. Marx’s idea of “the reserve army of the unemployed” is perfectly real. (I also think his solutions to this problem, and others, are the worst solutions to any problem, ever – but that’s not the point of this piece).

In supply and demand terms, instead of imagining that ‘labor’ is the thing that is supplied-and-demanded, let’s reverse it and look at ‘jobs’ as the thing that’s in supply or demand. A high ‘bid’ for a job means “paying more hours for it” – accepting a lower wage, and a low ‘bid’ for a job means offering only a smaller number of hours for it – thus only accepting a high wage. What does this supply-and-demand curve look like? We can certainly argue that the demand for this commodity is somewhat inelastic – people need jobs and will even take jobs far beneath their skill level and training if they’re desperate enough. And supply of this commodity, while it’s not ‘fixed’, isn’t highly dynamic. The end result is that people are going to ‘overspend’ – driving ‘prices’ up – in our reversed chart, this means that people will accept wages much lower than they deserve.

So with all of that groundwork laid out, let’s get back to that video. I disagree with it, but I still like it and think it’s well done. When you get to 3:24, I think their misconception is laid out bare – “The owner will either give Bob a raise, or a competitor will scoop him up to work in his restaurant.” Does this really ever happen in fast-food restaurants? Managers of competitor restaurants in disguise sneaking in, taking notice of more productive workers and surreptitiously offering them a job with better pay? No. No it does not. Because it doesn’t have to. The fast-food owner can fire Bob the moment he starts making noise about wanting better pay and snatch someone else up who’s unemployed. That job won’t go unfilled for long. And neither will the ‘competitors’ fast-food job go unfilled for long. Plenty of people want work.

And the next thing to note – their pretend math is all wrong. I’m fine with pretend math; but any restaurant owner who is running at such a tight margin that a minimum wage increase would make some of his workers unprofitable is not going to be in the restaurant business for long. Want some more realistic numbers? Sure – I’m making these up but they’re at least closer to realistic: $8/hr labor, a fry cook can make around a burger every 5 minutes (12 burgers an hour) – they sell for maybe 5$ each. Your average fry cook is earning you $60/hr revenue and you’re paying him $8. A bump to $10.00 is not going to break the bank. And your less-profitable cook is bringing in only $50/hr, but is still useful.

Corporations Must Maximize Profits for Shareholders

The real problem of depressed wages is at the bottom part of the worker pay-scale, but to show that the problem exists all throughout various different pay-grades – look at the anti-poaching agreements a whole bunch of silicon valley giants had. These are for engineering jobs at various tech companies, so I don’t think a single salary we’d be talking about here would be less than $100,000 – probably more like $150,000 and more. These anti-poaching agreements which were deemed anticompetitive by the Department of Justice, by the way. They were entered into to prevent Silicon Valley companies from poaching each other’s employees. Why? To keep salaries from escalating. And these are the same companies that constantly beg to increase the number of H-1B visas. Is that because they can’t fill jobs? No, it’s because they can’t fill jobs as cheaply as they want.

Now there were people like Henry Ford who deliberately paid their employees more than they needed to – in order to improve retention, get higher-quality employees, and improve employee performance. But that’s the rarity. I don’t think we can bank on everyone being as smart as he was. (He was also a antisemitic asshole, but we’re just looking at a small piece of the business side of him). Costco is another modern example of deliberately paying higher wages in exchange for heightened productivity – but it also seems to be the exception rather than the rule.

The rule will always be: A CEO must maximize the profits of a company for his or her shareholders. There can’t really be any other way that I think makes any sense. You could even argue that a CEO who did not do these kinds of things is not acting in the best interest of shareholders, and should be fired. So they will pay the minimum they feel they can for as long as they can to maximize profit – and one might argue that’s what they should do.


So I would argue we can assemble these bits of information together – we don’t have a free market (when it comes to labor), and we probably can’t get one. Corporations are reaping the highest profits they’ve ever had, as a fraction of labor. And they’re going to pay as little as they can for wages. So what’s the simplest, bare-minimum piece of legislation we can pass to help try to fix the problem? Crank up the minimum wage a little bit.

There are also some side-effects of extremely low-paying jobs – they end up costing the government money, in terms of food stamps or other assistance. It effectively means the government is subsidizing these extremely low-paying jobs – allowing corporations to pay less than they should for labor, and making up the difference out of its own pocket. Now of course any libertarian worth his/her salt will immediately say “there should be no such government assistance programs!” but they’re there, and I don’t think they’re going away (And those programs aren’t what this is about).

So the problem – people working hard and still being in poverty – has a lot of causes and reasons behind it, but the simplest workaround for our inefficient markets remains the same – just bump up the minimum wage a bit.


If the labor market was as competitive as the PC hardware market I described above – there would be no need for a minimum wage, and if there were one you certainly wouldn’t need to raise it. This is the view of most libertarians that I have read. But the two pieces of evidence – highest corporate profits ever, plus minimum-wage-increase doesn’t affect unemployment – really seem like a solid one-two punch. Why do they (we?) get it so wrong?

Because the libertarian viewpoint on supply-and-demand for labor is like a junior high school student’s view of physics. Sure, junior high physics isn’t really wrong – well, at speeds close to the speed of light I guess it is – it’s just simplified. But every example in that physics class starts with “assuming a perfect sphere, and a vacuum, and no gravity…”

But real physics examples deal with nonuniform bodies, friction, air-resistance, gravitational pull, non-perfect springs – and so on. And real economics problems need to deal with “friction” of their own. They don’t deal with friction, only with ‘perfect markets’ – which are probably more the exception than the rule.


And really at the end, what does a minimum wage mean? I would argue it’s the minimum price of human dignity. A true, pure, traditional libertarian would say that if someone wanted to work for a nickel an hour, he or she should be able to. But a place where that would actually be happening doesn’t sound to me like America. This is one of those rare occasions where I actually want the government to step in and say, “No, you can’t do that. Pay them a reasonable amount that they can live on, or figure out another business model. What you’re doing is bullshit.” If your company can’t operate without labor that costs less than the minimum wage, then your company shouldn’t exist. Most libertarians don’t believe that a person has a right to sell him or herself into slavery (only “most”) – so we are already setting a lower bound on wages, in a sense. I’m just arguing that bound can, and should, go up.

What I learned from the Defcon CTF

So if anyone follows me on Twitter, they might’ve caught that I tried the Defcon CTF challenge a week or so ago. I didn’t place on the finalist list; most of that stuff is waaaaaaay out of my league.

But the one category I thought was pretty interesting – and I ought to do well in – was the Web one. So I tried to get at least one point in that category, so I could prove to myself that I could do this type of stuff. I’m not a security guy; I’m a web developer.

The result? I got all five questions 🙂 The last one I got with just an hour to spare.

And it really got me to thinking – as a developer, ‘engineer’ or architect or whatever I am – about some of the security things that I haven’t really thought that deeply about before.

Here’s what I came up with:

#1) Don’t ever use dictionary passwords. Not even with your cl3v3r subst1tut10ns of punctuation or numbers for letters.

Why? Because I tried to brute force a password that was very strongly hashed (SHA-512). I was grinding through 3 and 4 character passwords with a custom-built script I put together. It had been running overnight and I got nothing from it.

But when the lovely and talented Snipeyhead pointed me over towards a password cracker tool, I decided to give that a shot.

The tool spat out the password I needed in probably about 60 seconds.

And the tool had a ruleset – built in to it – that allowed it to automatically test out numeric and punctuation substitutions. So your clever password that’s based on a dictionary word might get cracked – and maybe not with today’s ruleset, but definitely with tomorrow’s.

The password length is actually *less* of a big deal. Of course, if you try and brute-force a password (as I did), a longer one will take longer to force than a shorter one. But if your super duper long password is just a dictionary word – then, no, you’re still fucked.

If I were building something from scratch? I would definitely use a very strong hashing method (SHA-512? Bcrypt?) for password storage, but I would play around with different types of password requirements. If the user wants a super duper short password? Maybe it has to have lots of different types of characters. One that has just letters in it? Better be pretty damned long. Who knows? Maybe I’d just stick with what we’re doing now.

But regardless of that – if your password can be cracked with a dictionary, then you can’t use it. End of story.

(edit) And try not to expose usernames, maybe?

If you don’t know what username to dictionary-attack (or brute-force attack) – you don’t know what you’re going after. You can guess – but if you’re at least not exposing “valid username, but invalid password!” (and, holy crap, I hope you aren’t!) then you make their job just a liiiiittle bit harder. And that’s worth doing, if you can.

#2) Hashing (to prevent message alteration or tampering) and crypto (confidentiality) are completely orthogonal concepts.

If you want to hide the contents of the message, encrypt it. But someone clever can still mess with the contents a little bit. In fact, that’s just what I did in challenge number 5 🙂

If you want to ensure that a message is not altered in any way, present a hash of it (salted with a secret salty thing). This way if you change one tiny bit anywhere on the message, the resulting salt should change substantially.

So if you need both? DO BOTH. The two functions have nothing to do with each other.

#3) Error Messages in production

This one is probably the most embarrassing for me. I have, on plenty of occasions, allowed apps to go into production with full error messaging intact.

This is usually because I write shitty software that breaks. So when it does, I like to be able to quickly see what happened. So my heart’s in the right place, even if my code isn’t.

But this is a ridiculously fucking terrible fucking idea.

More than half of the challenges I was going after started to give me hints on how to break in once I was able to fingerprint what type of app they were (this year? Lots of Sinatra. Feel bad for those guys, like they got ‘picked on’ – but I guess, considering some of their bláse attitudes about security (calling hashed stuff ‘encrypted’?), maybe it’s warranted). Maybe it’s a wakeup call. Or maybe it’s just because Sinatra is fun to write? Who knows.

But, seriously – trying to figure what type of thing I was going after really took a lot of time away from trying to figure out how to break in. So the harder you can make those first couple of steps for an attacker (like me) – maybe the easier it might be to get him to go look at somebody else instead.