Tampa Bay What I’m Up To

Next week’s “UC Baseline” courses cover Windows and Linux, and I’m ready!

Photo: Joey deVilla and Steve Ballmer, who is wearing a Canadian flag hat
Me and Microsoft’s then-CEO Steve Ballmer at the Canadian Windows 7 launch in Toronto, 2009.

Logo: UC BaselineToday marks the end of the second week of The Undercroft’s 5-week cybersecurity training program, UC Baseline. This week was a quick but in-depth (we each had a Cisco switch to configure) introduction to networking. Next week, we look at Windows and Linux from a security perspective.

I have some familiarity with the operating systems in question.

Photo: Joey deVilla, with his accordion, poses with Linus Torvalds, who is holding a pool cue.
Me and Linux creator Linus Torvalds at LinuxWorld Expo NYC 2000.
Photo: Richard M. Stallman and Joey deVilla onstage.
GNU/Free Software Foundation founder Richard M. Stallman and me at the CUSEC Conference in Montreal, 2009.

If you’re bored: When I was a Microsoft developer evangelist (they hired me from the open source/free software world), I won Stallman’s auction for a plush GNU gnu — and paid for it with my Microsoft corporate card. Here’s the story, titled Winning the GNU.

Current Events Tampa Bay

This Saturday: The Suncoast Developers Guild Conference — FREE and ONLINE!

Banner: Suncoast Developers Conference - Saturday, August 1, 2020

The Suncoast Developers Conference, a free online conference for developers organized by Suncoast Developers Guild, happens this Saturday, August 1st, from 10:00 a.m. to 3:00 p.m.! Register here to join in on the geeky fun.

The conference will be made of bite-size (15 minutes or shorter!) presentations by Tampa Bay techies and demos of capstone projects by Suncoast Developers Guild alums. Here’s the schedule, which is subject to update:

Time Presentation
10:00 a.m.
  • Opening ceremony
    (Suncoast Developers Guild)
  • Badges? We don’t need no stinkin’ badges!
    (Jason L Perry)
  • Will it Scale?
    (Robert Bieber)
11:00 a.m.
  • Demo: Smash Bros Combo
    (Kento Kawakami)
  • Your Friendly Neighborhood Type System
    (Dylan Sprague)
  • Demo: Evolution X
    (Cody Banks & Abtahee Ali)
  • The Rubber Duck Pal Program
    (Daniel Demerin)
12:00 p.m.
  • Furry Friends
    (Colter Lena)
  • Demo
    (Trent Costa)
  • Don’t Crash! CSS-Modules in React
    (Dylan Attal)
  • How to start your own Coding Podcast 101
    (Vincent Tang)
1:00 p.m.
  • Pull Requests, and the Developers Who Love Them
    (Michele Cynowicz)
  • Demo: Rollerblade Buyers Guide
    (Abe Eveland)
  • Post Bootcamp Reflections: Rebuilding my capstone in React Native
    (Liz Tiller)
  • Create games, visual novels, and fast food dating sims (and learn programming) with Ren’Py!
    (Joey deVilla)
2:00 p.m.
  • Demo
    (Rob Mack)
  • “You do belong here” and other affirmations and ways to beat imposter syndrome.
    (Michael Traverso)
  • A Taste Of Docs As Code
    (Kat Batuigas)

Once again, it’s free-as-in-beer (and not free-as-in-mattress) to attend, and all you need is an internet connection! Register here.

Since opening their doors in the summer of 2018, Suncoast Developers Guild’s coding school has graduated over 100 students, and before that, they taught people to code in their previous incarnation as the Tampa Bay branch of The Iron Yard.

In another life, I was a developer evangelist who travelled across North America and I saw tech scenes from Palo Alto to Peoria. I can tell you that one of the signs of a healthy tech community in a small- to medium-sized city is a coding school that acts as a social/technical/gathering place. If your city had one, things were looking up for local techies. If not, it was a safe bet that the place was experiencing a brain drain.

Here in Tampa Bay, Suncoast Developers Guild fills that vital role, and it does so spectacularly. They’re a key part of the heart and soul of tech in the area, and it shows in their efforts, such as events like this.

Thanks, Suncoast Developers Guild! I’ll see you on Saturday!

Current Events Tampa Bay

Online workshop TONIGHT — “Hackathons — Who owns the IP?”

Photo: Brett C.J. Britton

Here’s the TLDR:

  • What: An online workshop where Tampa Bay’s best-known tech lawyer and IP attorney, Brent C.J. Britton, will talk about the intellectual property issues surrounding hackathons.
  • When: Tonight! As in Thursday, July 30th, 2020, from 6:00 to 7:30 p.m.
  • How/Where: This Zoom meeting.

Let’s face it: The purpose of many (but not all) hackathons — even if it’s not the primary purpose — is to promote one or more tech company’s wares or services, or to act as a scouting exercise to find new talent. This is especially true when a hackathon is organized or sponsored by a for-profit company and especially when they encourage or require you to use one of their products, services, or APIs.

What if you participate in a hackathon held by a for-profit company and your idea is a really good one? Who owns it?

This workshop will be led by Brent C.J. Britton, local IP/techie lawyer, and generally the first guy I run to when I face some kind of intellectual property issue (and yes, I have, when a copyright troll was getting up in my business).

Check it out tonight!

Here’s Brent’s bio:

Brent Britton is the only graduate of the prestigious MIT Media Lab to become a lawyer. Brent holds degrees from the University of Maine, the The Media Lab at the Massachusetts Institute of Technology, and Boston University School of Law. He is Managing Partner for the Tampa office at De La Pena & Holiday LLP, where he advises companies on emerging business and technology law, intellectual property, complex commercial transactions.


Brent is the author of Ownability, How Intellectual Property Works and one of the most interesting and entertaining speakers in the Tampa Bay area on Startups, IP and related matters. He is recommended on Linkedin by a futurist as: “Visionary, pragmatic, insightful and full of life with a capital L”.

Process Tampa Bay What I’m Up To

Scenes from UC Baseline’s “Networking 101” class

Here’s my daily view for seven hours a day for the next little while, as I’m part of the inaugural cohort of UC Baseline, the 5-week cybersecurity training program from Tampa bay’s security guild, The Undercroft:

Tap to see at full size.

Last week was devoted entirely to the “Hardware 101” part of the program. Here’s a video summary of what happened that week, and Yours Truly’s in a fair bit of it:

This week is “Networking 101”, which is all about how the bits gets transferred across wires and air to our hardware.

One of the exercises is making our own Ethernet cables. I can do it — just, very, very slowly…

Tap to see at full size.

We spent a good chunk of time setting up virtual LANs on our individually-assigned Cisco Catalyst 3750 programmable 48-port switches (alas, we don’t get to keep them), hooking up our Raspberry Pi 4 boxes (which we do get to keep) to them, and wiring our VLANs together via trunks:

Tap to see at full size.

It’s a strange world, where IOS doesn’t Apple’s refer to “iPhone Operating System” — part of my usual stomping grounds as a developer — but in the world of network administration, it’s Cisco’s Internetwork Operating System:

Tap to see at full size.

This is way outside my normal experience with networking, which I do at the application level, where I deal with data structures like arrays, dictionaries, base64-encoded data, and maybe the occasional data stream. This is the world of packets, frames, switching, and routing. I would still probably ruin a server room if left in charge of it, but after this course, I’d ruin it less.

do have a refreshed generalized concept of what happens at the lower levels of the network, and that’s the important thing for me and the sort of work that I do.

Tap to see at full size.
Humor Programming

Me, with my calls to print() vs. you, with your fancy debugger

print() (or printf()) works for these pros…

…and it works pretty nicely for me, too.

Process Programming

Supplementary UC Baseline notes #2: The easiest way to explain public key cryptography for sending secret messages and signing them

I’m often asked about how public-key cryptography (a.k.a. asymmetric cryptography) works. The concept of private keys and public keys isn’t an intuitive one. A couple of years back, I spent some time trying to come up with an analogy that was layperson-friendly and memorable.

Photo: The Undercroft sign, featuring the Undercroft’s “mascot” — a stag standing upright in a suit, leaning jauntily against an umbrella, walking stick-style.Regular readers of this blog are probably aware that I’m in week two of a five-week cybersecurity course called UC Baseline offered by Tampa Bay’s security guild, The Undercroft. The topic of generating keys for SSH came up, and not all of us are familiar with public key cryptography. This article should help!

The special box

Imagine a box with a special lock, as pictured below:

The lock has three positions:

  1. When the lock is turned to the “9:00” position, the box is locked, and its contents are inaccessible.
  2. When the lock is turned to the “12:00” position, the box is unlocked, which means you can open it and view its contents.
  3. When the lock is turned to the “3:00” position, the box is locked, and its contents are inaccessible.

The lock’s position can be changed by two kinds of keys. The first type of key belongs to the owner of the box, and is thus called the private key:

The private key fits the lock, but it has a special limitation: it can only turn the lock clockwise — from 9:00 to 12:00, or from 12:00 to 3:00. It doesn’t turn counter-clockwise.

There’s only one copy of the private key, and as the owner of the box, you hold onto it.

There’s a second kind of key. You may have already guessed that it’s called the public key:

Like the private key, the public key also fits the lock, and it also has a special limitation — but a different one: it can only turn the lock counter-clockwise — from 3:00 to 12:00, or from 12:00 to 9:00. It doesn’t turn clockwise.

Unlike the private key, you give copies of the public key freely to other people. This lets them communicate with you.

Using the box and keys, two different things are possible:

  1. People can send you secret messages. This is done with encryption.
  2. You can send messages to people with proof that it was you who sent the message. This is done with digital signatures.

Sending secret messages with encryption

The idea behind sending secret messages is straightforward: you take the message and encrypt it (that is, scramble it so that it’s incomprehensible to other people), and then send it. The receiver gets the message, decrypts it (that is, performs the inverse of the operation that scrambled the message), restoring it to its original form and making it readable.

Think of encrypting the message as putting it in the special box and locking it. Think of decrypting the message as unlocking the box.

If you wanted to send a message to me, you’d use one of my boxes. Since it’s one of my boxes, I would have the private key for it, and I would have given you one of my public keys.

To send me the message so that only I would be able to read it, you’d put the message into the box and then lock it with my public key. Remember, the unlocked position is at 12:00, and public keys only turn counter-clockwise. When you lock it, you change the lock to the 9:00 position:

Once the box is locked, you’d ship it to me.

In order to read your secret message, I’d unlock the box using my private key. Remember, the lock is currently at the 9:00 position (locked), the unlocked position is at 12:00, and private keys only turn clockwise. When I unlock it, I return the lock to the 12:00 position:

With the box unlocked, I can now read the message you sent me.

Proving that I was the one who sent the message using a digital signature

I can also use one of my boxes to sign my messages in such a way that you know that they’re definitely from me and not some troll pretending to be me.

If I wanted to send you a message that was guaranteed to be from me, I’d use one of my boxes.

To send you a message in a way that proved that only I could have sent it, I’d put the message into the box and lock it with my private key. Remember, the unlocked position is at 12:00, and private keys only turn clockwise. When I lock it, you change the lock to the 3:00 position:

Once the box is locked, I’d ship it to you.

In order to confirm that the message was sent by me, you’d unlock the box using the public key I gave you. Remember, the  lock is currently at the 3:00 position (locked), the unlocked position is at 12:00, and public keys only turn counter-clockwise. When you unlock it, you return the lock to the 12:00 position:

You can rest assured that I sent the message, because in the digital signature scenario, only my private key could’ve locked the box that you unlocked with my public key.

It’s all math

You may have to remind people that the box isn’t actually a box, the things that we call the private key and public key are just really large numbers, and that encryption and digital signing are just some fancy math operations that are performed on your message (which is really just a bunch of numbers) using the private and public keys.

I’ll write up a layperson-friendly description of how the math in public-key crypto works, but in the meantime, if someone’s asking you to explain it, send them to the EFF’s article, A Deep Dive on End-to-End Encryption: How Do Public Key Encryption Systems Work?

Credit where credit is due

I found the original “special box” analogy put together by Panayotis Vryonis (pictured to the right), in his article titled Public-key cryptography for non-geeks. He came up with an analogy that treated asymmetric crypto as a box with a special lock and special keys, and it seemed to do the job nicely, and I wrote about it in this post back in June 2017.

Analogies often have limits, and it wasn’t long before my computer science prof, Dr. Robin Dawes (pictured to the right), pointed out a flaw in Vryonis’ analogy. With his help, combined with a suggestion from Matthew Ernest, I came up with a tweak, resulting in the analogy shown above. Thanks to all of them for their invaluable help!

Process Tampa Bay What I’m Up To

The UC Baseline cybersecurity course at The Undercroft — Begin week 2: Networking 101!

It’s Monday, July 27th, which means that I’ve completed the Hardware 101 portion of the 5-week UC Baseline cybersecurity training program offered by Tampa Bay’s security guild, The Undercroft! Here’s a quick rundown of what I’ve posted so far about my experiences…

We’re now on week 2, which means it’s time to move to the next module…

It’s time for Networking 101, which takes up the next five days! This should be fun.

In anticipation of this week’s lectures, I thought I’d repost these two “cats and networking” pics…

Photo: A stack of seven interlocking baskets, each with a cat. From top to bottom, the cats are labeled: Application, presentation, session, transport, network, data link, and phyiscal.
The OSI network model, illustrated with cats.
Photo: A stack of four boxes, each with a cat in it. The cats are labeled, from top to bottom: Application, transport, internet, and network interface.
The TCP/IP layers.