The latest video on the Global Nerdy YouTube channel is The CrowdStrike Outage Explained!
How did the CrowdStrike Bug of July 19, 2024 take down 8.5 million Windows systems and cause the biggest global outage of all time? I’ll explain in this video, where you’ll also learn about operating systems, the kernel, device drivers, and more!
It’s happening again: Computer Coach is running another 10-session twice-a-week online evening Python course — and I’m teaching it!
This will be an online course happening twice a week for 5 weeks, on Mondays and Wednesdays from 6:00 p.m. to 10:00 p.m. (with hourly breaks), from Monday, July 15 through Wednesday, August 14. The course will be aimed at beginning programmers who are new to Python, and I can adjust it based the skill and knowledge of the class.
If you find my Meetup presentations entertaining and informative, wait until you see the way I teach programming!
In my two decades doing developer relations work, I’ve found that every metropolitan area with a decent tech scene has a tech school whose people drive a lot of local tech events. Here in Tampa Bay, it’s Computer Coach!
If there’s a tech conference, meetup, or gathering happening in Tampa or St. Pete, Computer Coach is probably part of it — organizing it, sponsoring it, or providing volunteer support. If someone in the Tampa Bay area has recently picked up some tech skills, chances are that they got them via Computer Coach. Wherever Tampa Bay tech is, so is Computer Coach, and I’m always pleased to work with them.
The TIOBE Programming Community Index is a measure of the popularity of programming languages, and Python has been in the top position for the past little while. With its growth in popularity and as the preferred language of data scientists and machine learning, Python is a must-learn language.
What more can I say about Python? It’s my overall favorite programming language, it helps generate the weekly list of Tampa Bay tech events that appears on this blog, and thanks to its prominence in the fields of data science and artificial intelligence, it’s the hot language of the moment — despite having been first released in 1991 and being eclipsed by Ruby in the 2000s.
Consider this screenshot from the Python course I taught in November and December 2023:
It shows us using a spreadsheet classic — a list of employees and some of their attributes — represented as a Python data structure: a list of dictionaries, which for all intents and purposes is a spreadsheet. We used this to analyze the salaries and stock grants of anonymized software developers at Google, as listed on levels.fyi, a site where you can see the compensations and benefits for different jobs and levels across tech companies. This isn’t the sort of example you’ll see in most courses or textbooks, but my goal is to try and make the exercises as meaningful as possible to the people taking the course. And you’ll learn interesting non-Python things along the way, including the existence of sites like levels.fyi and the inner workings of large tech companies!
(And you’d better believe we’ll cover harnessing ChatGPT’s and DALL-E’s power via the OpenAI APIs…)
Most importantly, I want to show aspiring Python programmers how to think in a problem-solving manner. Programming is really about finding the intersection of “I have a specific problem I’m trying to solve” and “I know how to get the computer to perform a certain set of tasks.”
Does this sound like the kind of course you’d like to take? If so, head on over to Computer Coach’s page for the Python Programming course, which describes the course in a more official way, and sign up! Don’t forget that the class starts Monday, July 15th!
This is what my afternoon looks like. How’s yours going?
The laws of time, effort, and experience make it very clear: I’m in the middle of making my worst videos right now, and you’ll want to subscribe to see how bad they are!
Come check out the awfulness on the Global Nerdy YouTube channel, located at youtube.com/@GlobalNerdy!
I’ve already posted the first two videos. The first is a short that looks at an odd paragraph in an O’Reilly article on AI…
…and the second is a blast from the past — a promotional video featuring images of a lot of top-tier developers, followed by an image that’s supposed to represent you, the everyday developer…and guess whose image they used:
There’ll be a mix of short- and long-form videos, where I’ll cover software development topics and technology news in interesting, unusual, and amusing ways.
I’m spending the month of June working on the first set of videos, which I’ll release as quickly as I can, so you know they’ll be bad. And if you’re thinking “But HOW bad?”, there’s only one way to find out: visit the channel and subscribe!
I attended the swap meet held by the Neon Temple, Tampa Bay’s security guild, where attendees were selling, swapping, or simply giving away old tech gear and books they no longer needed.
That’s where I found and took a photo of the relic above: a PCMCIA card (a name that got shortened to “PC Card”), which used to be a way of adding peripherals to laptops. The card above was for a 56K modem, which means that it was likely used to download Backstreet Boys songs using Napster.
“What did they call those things before they shortened the name to ‘PC Card’?” someone behind me asked.
“PCMCIA,” someone else replied. “Can’t remember what that was short for.”
I have a great memory for trivia, and even I couldn’t remember. I confessed: “I only remember the joke that it was short for ‘People Can’t Memorize Computer Industry Acronyms’.”
Here it is — the video of my presentation, xz made EZ, which covers the security incident with the xz utils utility on Unix-y systems, which I gave at BSides Tampa 2024 on April 6th:
If you’d like them, here are the Google slides from the presentation.
The details of the xz vulnerability were made public mere days before the BSides Tampa 2024 cybersecurity conference, and on a whim, I emailed the organizers and asked if I could do a lightning talk on the topic.
They quickly got back to me and let me know that they’d had a last-minute speaker cancellation and gave me a full slot in which to do my presentation.
The moral of the story? It never hurts to ask, and it can lead to opportunities!
Let me answer with this slide from my presentation:
xz is short for xz Utils, a compression utility that you’ll find in Unix-y operating systems, including:
It’s usually used by Unix greybeards who generally use it in combination with tar.
xz was one of those open source projects that had a vulnerability best illustrated by this xkcd comic:
xz was like that project pointed out in the comic, except that the “random person” doing the maintaining was Lass Collin, a developer based in Finland, who was experiencing burnout. As a result, xz was languishing.
In what appeared to be a stroke of good fortune, a developer who went by the handle of “Jia Tan” on GitHub came to the rescue and started submitting patches to xz.
At about the same time, there were a number of complaints about xz’s lack of apparent maintenance. In hindsight, it looks like a clever two-pronged campaign:
…all while a burned-out Lasse Collin was facing a lot of stress.
On November 30, 2022, Lasse changed the email address for xz bug reports to an alias that redirected to both his email address as well as Jia Tan’s. At that point, Jia Tan, the apparently helpful developer who appeared at just the right time, was now an official co-maintainer.
Not long after, Lasse releases his last version of xz, and soon after Jia Tan, now the sole maintainer of the project, releases their own version.
With full control of the project, Jia Tan starts making changes — all the while, carefully disguising them — that create a “back door” within the xz application.
On any system that had Jia Tan’s tainted version of xz installed, an unauthorized user with the right private key could SSH into that system with root-level access. By becoming the maintainer of a trusted application used by many Linux versions, Jia Tan managed to create a vulnerability by what could have been one of the most devastating supply-chain attacks ever.
I originally posted a series of articles on date/time programming in Swift here on Global Nerdy, updated it, and published it on the Auth0 Developer Blog when I worked there.
I just checked to see how it ranked, and at least for me — remember, everyone sees different Google results — the series is still the number one result for swift dates times and smilar search terms.