— I’ve started a weekly newsletter! If you want updates on this blog or my research, or just a weekly dose of the going’s on in information security and threat intelligence, you can subscribe here. —
After the January 6th attack on the capitol, and after many of the events of the last few months and years, I’ve become increasingly worried about the rise of fascism. It’s one of the reasons I started this blog, and it’s spurred my own political evolution over the last year. After the sixth, though, I knew I had to do more than donating and spreading awareness. So, I set my sights on TheDonald.
The Donald’s Checkered Past
The Donald started as a subreddit, /r/TheDonald, that had a less than stellar history. Reddit censored and warned the platform on multiple occasions for failing to moderate hate speech, threats of violence and constant cross-sub harassment. Finally, in an overall purge of less-than-savory material, Reddit finally permabanned TheDonald after it had become one of the largest MAGA platforms on the web at the time.
At this point in time, Gab was growing and Parler was yet to be created if I recall correctly, so the former grew and many of TheDonald’s users vowed a return. Thus, TheDonald(.)win appeared, a blatantly obvious Reddit twin with little to no content moderation requirements. Threats of violence flowed like cheap light beer in a MAGA frat party as users discovered that their hosting providers, OVH, and their DDoS protection provider, CloudFlare, would pretty much let them get away with anything… and still do.
In the leadup to the January 6th capitol riot, the violent rhetoric on TheDonald increased. The attacks have since been praised by many on TheDonald, with continuing violence being discussed and supported by users on the site.
CloudFlare actively ignoring violence on one of their customer sites
So, what to do?
Dumping on The Donald
So, what better than to make sure that if or when TheDonald disappears, we still have access to the data? Make it searchable, archivable and easy to research for OSINT analysts and antifascist researchers alike. So I set about creating a scraper. If you’re bored by technical details, feel free to skip to the bottom where I give you access to all the data I’ve scraped, but if you want to know how I did it, stick around.
By way of disclaimer, I don’t think this is the best way to go about this. It’s the way I did it, but it’s slow and not super well automated. I plan on making some tweaks over the coming week as I have time, but it’s allowed me to scrape well over 10 thousand posts and links.
CloudFlare made it quite a bit more difficult to scrape this site. Normally, I would write a scraper first in raw requests using Python. If there were any rate limiting or other protections, I’d move to Selenium. With the vast majority of sites I’ve written scrapers for, this worked fine. But because CloudFlare is still protecting fascist insurrectionists hellbent on committing violent acts against political enemies, I had to be a bit more creative.
First, I did some research on writing browser extensions in JavaScript. It’s relatively simple to do and I had a simple one working in about 30 minutes. I wrote the JavaScript scraper in about an hour and 30 minutes later I had a backend Flask server to process and store the posts in a Mongo database. The extension requires me to actively be on the page and requires some refreshing and debugging relatively frequently, but it works relatively well. Because CloudFlare, it was easiest to write a scraper for the front page that would grab usernames, post titles, dates and links but a bit harder to write one that would then fetch the body of those posts… so, I’ll likely have to either wait for CloudFlare to drop service for TheDonald (pls pressure them) or find some other kind of workaround.
If anyone's curious, the real IP for thedonald,win is 167,114,145,140
Port 80 is open but it appears to be only allowing connections from CloudFlare IPs, so evidence preservation efforts might be complicated.
— Soatok is now on furry.engineer instead of here (@SoatokDhole) January 9, 2021
Notably, @SoaTokDhole on Twitter found the real IP behind CloudFlare but it doesn’t lead to a CloudFlare bypass. If anyone does find one, it would be pretty cool of you to shoot that my way so I can ramp up scraping a bit more.
The Data
As of the time of writing, I’ve pulled about 12,000 links including the username, post title, date of post and links associated to the post and the user. The plan is to use these links as a list of links to scrape later once I find a CloudFlare bypass or CloudFlare drops their TheDonald. I’ll be doing some more posts in the future with some analysis of the data, but until then you can find the data on my GitHub.
The Future
I’m going to keep developing the scraper and will keep the data updated as well. You can follow me on Twitter to know when I push more data, or just follow the GitHub repo as well. If you want to help out, just go do it. Hit me up if you want to do something collaborative, but people across the world are hitting extremism where it hurts however they can. Be aware of the law, anything you do is your fault and not mine, blah blah blah. Oh, and put some more pressure on CloudFlare for continuing to protect these violent fascists using the hashtag… I don’t know, I’m bad at this. #CloudFlareProtectsFascists or something.
—
I write relatively extensively on the far-right and will be continuing to publish my research and findings on this blog. Watch this space for more research.
On 6 January 2020, right wing extremists gathered, at the President’s request, in the US capitol for a political rally. After the President’s lawyer and “America’s mayor” said that the election, which he called fraudulent, should be solved by trial by combat, and a GOP politician quoted Hitler in a speech on stage, the day quickly unfolded into one that I don’t believe we as a country will recover from, at least for a long, long time.
Trump supporters got into fights with the Capitol Police after they tried to enter the Capitol Building. pic.twitter.com/ZQjn3fOVtL
Right wing extremists pushed an incredibly passive and undermanned police force back, receiving a paltry few salvos of pepper balls and pushes compared to the rampant violence unleashed by the same police force last summer during the BLM riots. Eventually, they arrived at the capitol, where the certification of the 2020 election results was taking place. With conservative Christian extremist hate preachers blaring cherry-picked bible verses over their megaphones, the crowd pushed the police back even more, eventually meeting a police line that seemed to willingly let them past.
They had reached the doors then, and the seemingly unthinkable happened: extremists donning concentration camp memorabilia and carrying Confederate flags broke into the capitol. Once inside, they ransacked politicians’ offices, taking pictures of hastily abandoned, still-unlocked computer screens, stealing documents, and leaving damage, disarray and disaster in their path. The chamber was locked with congress and press still inside, and before long protesters arrived at the chamber as politicians and press alike were evacuating. Guns drawn and doors barricaded, law enforcement officers in the literal last layer of defense aimed handguns at the door as protesters battered their way inside. They occupied the chamber for some time, one extremist taking the dais occupied by Vice President Pence just moments before to proclaim “Trump won that election!”
Elsewhere, law enforcement officers discharged their firearms in a hallway away from the chamber, killing an extremist who was attempting to climb through a broken window. By the end of the day, three more people would die of health-related injuries during the protest. According to capitol police, 60 officers were injured during the storming of the capitol. The casualties could have been far worse, as a number of improvised explosive devices were found strewn across the capitol, as well as a cooler full of molotovs. One extremist was photographed within the chamber, gun on hip, mask and hat hiding their face as they carried zip ties presumably to be used to take hostages during the assault.
Hi, quick question. What would you need motherfucking zip ties and a sidearm for if you weren't planning on taking hostages?
Don't you dare let right wing media – Tucker Carlson, FOX, etc. – downplay this. pic.twitter.com/3RwkKVp2oX
The police eventually cleared the capitol in a re-taking that appeared gentle compared to the beserkers of the same agency that assaulted press and protester alike just months ago during an uprising in support of police accountability, transparency, defunding and abolition. In the aftermath of the destruction, after the capitol was cleared, 6 congressmen and women maintained their objection to the results of the election: Senators Josh Hawley of Missouri, Ted Cruz of Texas, Tommy Tuberville of Alabama, Cindy Hyde-Smith of Mississippi, Roger Marshall of Kansas and John Kennedy of Louisiana. Notably, 100 Republican representatives opposed the results of the election as well. The election was certified in a ceremony that was supposed to have been a ceremonial and dry affair.
Beginning on the 6th, murmurs of invoking the 25th or otherwise removing the President from office in the 14 days before Joe Biden’s election turned into a roar. A myriad of cabinet members and high officials have offered their resignation in the background of conversations beginning the formal calls for impeachment. During the storming and brief occupation of the capitol, Donald Trump released a video on social media essentially praising the supporters while almost humorously calling for peace in what can only be called a dog whistle or an attempt at appeasement of his detractors. This video lead to his suspension from Twitter for 12 hours and an indefinite suspension from Facebook and Instagram as well as YouTube.
I personally don’t have much faith in the current ruling class to meaningfully act, even as their lives were at stake just a day ago. It frankly doesn’t matter, though. Either way, the right won a massive battle on the sixth.
Frankly, they have won quite a few battles over the last 5 years. Right wing extremism is at an all-time high in the US, with the FBI and hate watch groups all warning of the rise of the white nationalism and right wing extremism in the West and the US specifically. They have entered cities at will, firing upon protesters with chemical weapons, beating protesters with wooden and metal weaponry and planting proverbial and literal flags in their wake. In many instances, the only thing standing between the violent right wing invaders and an outright occupation were brave and thankfully experienced antifascist activists and organizers who battled it out in the streets, often outmanned and always outgunned. These protests have had a death toll of their own and have resulted in countless serious injuries. Antifascist activists were often arrested, beaten and gassed after the right wing extremists left without a finger lifted to arrest or otherwise prevent it. Notably, the FBI itself has rung the alarm concerning right wing infiltration of law enforcement, and the passivity of the police on the invasion of the 6th compared to the brutality brought upon BLM and antifascist activists last summer certainly raises concerns.
While planting flags across the United States in cities like Portland, Seattle, Los Angeles, DC, Minneapolis, Miami and elsewhere, recruitment was at an all-time high. Right wing hate group and street brawlers named the Proud Boys have initiated many new members as they toured the country beating and gassing indiscriminately even as the President called for them to “stand back and stand by” during the election. Right wing forums popped up like hate-spewing grift markets, to include Parler and thedonald(.)win, seemingly faster than administrators of Facebook and Reddit could take them down. Millions flooded right wing conspiracy groups to follow the latest words of Q as indoctrination in the form of anti-semitic, pro-Trump propaganda tied the red noose tighter and tighter around their throats. After a brief stagnation following the Charlottesville Unite the Right rally, recruitment for the far right has new faces and new branding, with the Proud Boys donning black and yellow polos and caps and red hats with white writing taking the place of red bands with a white circle and a black swastika.
On January 6th, we saw the Confederate flag flown inside the nation’s capitol. We saw men wearing holocaust glorification memorabilia occupying the center of political power in the nation. We saw the police bend, break and, in some cases, seemingly support the extremists that flooded the capitol, very likely the same police who beat and gassed protesters for doing far less just months ago. We saw men bent on taking leaders hostage by armed force enter the chamber of our capitol. Though they may have left, they planted their flags on January 6th. They won. The whole nation and the whole world watched the mob invited by the President take the capitol. It was every extremist recruiter’s wet dream, to see hate on display on international television in a glorious and valiant victory.
Better look at the guy with the 'Camp Auschwitz' hoodie from yesterday. Not only does it feature the SS 'totenkopf', but an English translation of 'Arbeit Macht Frei'. No wiggle room, no joking here. This is who these people are. (via @MrTAchilles) pic.twitter.com/i6zjuIAQbx
While the ceremonies of our democracy are still at play, while Biden is, as of now, set to enter office on January 20th, our freedom and democracy are in dire peril after the events on the 6th. Our enemy won a serious battle yesterday, one comparable only to Donald Trump’s election 4 years ago, and we very well may pay a dire price for that defeat yesterday.
—
I write relatively extensively on the far-right and will be continuing to publish my research and findings on this blog. Watch this space for more research.
I’ll start what will be a relatively serious and relatively non-technical blog post on a light note: thank God/Cthulu/The Blood God/Whatever Your Deity of Choice is that the Earth has finished the hellish route around the sun that we shall forever curse as the year 2020.
It was horrific, the deadliest year in my lifetime and one that, frankly, beat the hell out of my mental health. Between the pandemic taking so many lives, the abject spiral into autocratic and technocratic fascism that we took over such a short period of time, the “normal” stressors of work, parenthood, home ownership and pseudo-entrepreneurialism, economic rubber banding that left my finances in shock and all of the other things combined… It was an insane year.
One of the big goals I set for myself in January of last year, when COVID-19 was merely some crappy bat jokes by edgy comedians on Twitter, was to launch my SaaS app SketchyReq. I also said I would compete in a powerlifting competition and deadlift a personal record of 500 pounds. I said I’d do a lot of other things too, but I ended up doing very few of them. I could blame it on the year in general, COVID specifically, and a myriad of other things and I honestly wouldn’t be far off. I didn’t compete because I didn’t think competitions would be safe, I didn’t train because my gym shut down several times and I dropped my membership several times as well.
SketchyReq, however, bothered me.
I was at home for an entire year. No traveling or socializing to speak of aside from a couple day trips to see quarantined family and a couple of socially distanced outdoor barbecue when the weather permitted. This could have been the perfect year to make the best of it, to really focus in and launch my big project. So, in the beginning, I really hammered into it. I read The Lean Startup, a great book that I’ll talk about a fair bit in this post, and found the general approach of “launch early, fail fast, fix quickly, iterate constantly” very appealing. It was a great approach for someone with a hesitancy to launch or push things due to perfectionism or imposter syndrome. I sought third-party funding, something that landed me some very motivating responses as a background wallpaper on my desktop, and that failed pretty majorly.
I kept at it, though, with a goal of launching in September… then pushed to October, as some things just weren’t ironing out… then November, as the aesthetics just… weren’t quite right. Then, in December, with my own self-imposed deadlines on top of all of the things going on in the world and my world specifically weighing me down and the words of The Lean Startup echoing in my mind, I said I would have it out by the new year.
That, obviously, didn’t happen.
There’s an old adage that’s a bit of a meme at this point: don’t push to production on Fridays. The meaning of this is pretty simple: if you’ve been working on something all week, don’t make those changes to the product that customers and users see on a Friday. The reasoning is that if you push your changes to production and something breaks over the weekend, your whole weekend is gone or your Monday is going to be an absolute trash fire, or you’ll waste your whole Friday night trying to smash bugs. Whenever something breaks on a Friday, a lot of the IT crowd immediately jump on this adage as a way of explaining the downtime, but it’s also something we all do and have done in the past.
Pushing to prod on a Friday means rushing out something that probably hasn’t been given its due attention. It means pushing based on an imposed deadline instead of a logical schedule. It means risking setting fires purely for the purpose of “getting it out” so you can iterate later.
This whole year, I’ve been pushing to prod on Friday. I let my mental health degrade pretty significantly (notably, not to a dangerous level, just to a level of exhaustion and anxiety that frankly isn’t very healthy) in order to chase self-imposed deadlines that really didn’t have much logic to them. My internal thought process over time is “if I don’t get it out soon, it’ll just end up on my desk or on the shelf as a discarded project” and there’s honestly some truth to that. I didn’t give the project its due attention, trying to rush education through hundreds of dollars of (really good) Udemy courses to teach me full stack development instead of cooling down the development cycles and taking the time to learn things. This risked setting some pretty significant fires, and that is what finally woke me up to my issue.
During development, I arrived at user authentication and all of the wonderful quirks that come with it. I landed on a secure encryption schema based on my reading, tested it out and found it all worked… Then I started trying to move on to email authentication, 2FA, all of that and found myself rushing. I pumped the brakes very quickly then.
How many development teams at massive companies have reached a point of potential (massive) security failure and have rushed through it due to deadlines imposed from above? How many security incidents, both known and unknown, have resulted from that? Do I want to put user data at risk, regardless of how sensitive it is, just because I set an arbitrary deadline to get my app out ASAP because a book said to and I wanted to start making money?
I actually took a week or two off development, both due to this internal crisis of conscience and because of the holidays. I spent some time looking back over my code and didn’t find any glaring issues, but found several pretty severe inadequacies, areas to improve on and areas that failed in less than graceful ways. I thought to myself, “I’m new at this. If I’m sitting here finding moderate issues that could affect performance, security or operability, what could I be missing?” It was sobering, and I realized I needed to change my thinking.
Around this same time, my mental health was at a low. It was the holidays, and I was blessed to be able to see my family but the seasonal depression was unreal last year. Tack on watching people die as numbers on a computer screen at a rate that made the Iraq and Afghanistan war look tame, I was pretty depressed. I had some political crises internally that only worsened that depression and anxiety, and I (finally) realized that I was pushing on Friday pretty much everywhere in my life. I wasn’t giving the people and things around me the attention they deserved, and that the same inadequacies that I found in my code were all around me in my interactions with others and myself. I was letting my physical health decay, letting the excuse of not being able to go to the gym get to me, despite having a home gym that worked moderately well. My social life was non-existent as I let COVID stand in as an excuse for not spending (safe) time with friends and family. I was drinking too much, jokingly laughing about that being a natural by-product of stress instead of an unhealthy coping habit. I was constantly pushing on Friday.
So, late last month I decided to stop pushing on Friday. I bought a bike and have taken that up as a healthy hobby and I’ve started weightlifting again. I’ve started taking up more healthy coping methods like exercise, reading, meditation, gaming and music. I’ve re-prioritized social interaction and I’ve completely changed my approach to coding my projects. I’ve broken them into sprints and have rolling, long-term deadlines with structured sprint schedules and tasks and a release schedule that’s actually attainable instead of set arbitrarily. I’ve changed my mentality, seeing this as a cool side project I want to get out as soon as I can, but not that big of a priority. My mental and physical health, my interactions with friends and family, and my own personal development are far more important than arbitrary deadlines on a project.
If you’re struggling right now, I get it. If you feel like you need to, reach out to someone. The National Suicide Hotline is 800-273-8255. If you just need someone to vent to, I have open DMs. If you’re struggling with anxiety and depression similar to mine, take a step back. Stop pushing on Fridays. Focus on sustainability and realize that prioritizing yourself isn’t selfish. As the cliche saying goes, you have to put the oxygen mask on yourself before you help others.
—
This is a relatively out-of-character post for my blog. I typically write about technology and my research into Right Wing Extremism. Thank you for reading, and please do take care of yourself.
I’ve been thinking a lot about all the things I’ve started this year. It’s been a rough one, a hard-working year full of… well, let’s be honest, COVID has kinda fucked things up.
I was going pretty heavy into YouTube at the beginning of the year, trying to grow a brand and create content that I truly thought (and still think now) is cool, interesting and fun. My malware dev series was a blast, and something I genuinely learned a lot from. The trading bot was something cool that allowed me to learn a lot about the world of algorithmic trading, an interest I’m still fascinated by today. There were a couple problems with my approach back then, though, that lead to the lull that you’ve seen in my channel now.
TL;DR: I wasn’t creating content in a sustainable way, and the quality of the content was bad. I was trying to be a full-time content creator without the actual time commitment and subsequent quality that comes from that. It was taking ages to write up scripts, film and edit episodes and series. I’m a dad working a full-time job, trying to launch a SaaS app and trying my best to keep some level of balance in my social life during a pandemic… Doing all that + devoting a ton of time and effort to content creation just wasn’t sustainable.
Another issue I have with my content earlier this year was its lack of impact. I built cool stuff and logged some of the process, but not enough of it to be actually helpful to people. I was spending a ton of time and effort to create a badly produced vlog talking about, but not really explaining, technical subjects. I could pump out 3 vlogs a day containing a bunch of nerdy Logan Paul-esque content, but what impact would I have? I was actually in a worse place than that hypothetical: I was spending a ton of time and effort producing content that… frankly didn’t matter.
So, I regrouped. I looked at the series and videos that were well-received, looked at what landed well, looked at the content that people engaged with. I found a couple things:
The OSCP series did incredibly well. People still ask if I’ve completed the OSCP (no, I haven’t, but I might do that later this year) and people were engaged and curious about the really low-quality vlog style content there, which is surprising to me honestly.
The Scamming the Scammer video was a “breakout” success. People really liked the “chaotic good” aspect of that video, and honestly I enjoyed making it.
The one-off, random info-vlogs like my one about Alibaba and China, didn’t do so well. That kinda sucks since I put a fair bit of effort into these.
While I was introspecting, a lot of things happened.
The Pivot
I started developing SketchyReq in January of this year, and it’s become my baby since. Also in that time, I switched jobs, becoming a Sr. Engineer for the first time in my very short career. I essentially switched over to a much more R&D centric job, one that I love and one that I didn’t realize I wanted until late this year. This meant way more coding, way more “in-the-weeds” technical work, and way more to learn
I’ve loved it.
Because of that, I decided I was going to give YouTube and content creation another go, this time from a development angle. I’ll still have the information security focus, but now I’ll be far more focused on development in the general sense. I’ve learned a lot from other content creators in the development space, people who have helped me learn new technologies and languages, people like Florin Pop, Randall and Dani, Devon Crawford, Ben Awad, Will Kwan, Tech with Tim, The Cyber Mentor and Denis Ivy, to name a few. One of the many things I’ve learned from them: sustainability is key. They have sustainable content creation strategies that focus on quantity and quality, sustainable series that are easier to produce than a lot of the more long-form stuff I was making. They also have had huge impacts in so many people’s lives because they focused on education and several different levels, and focused on it hard. Their videos are simple, in terms of production: sitting in front of the camera, speaking, screen and audio recordings. No B-Roll, no complicated effects, etc. The aforementioned content creators are all also full-time workers, so they have to focus on sustainability.
Thus, Viking Dev was born!
Starting this week, I’ve begun building out a backlog of videos around development and technical topics. I’ve pruned my videos a bit to remove some of the obvious bad attempts and plan to continue on with content creation with a much more sustainable plan: content creation with an educational and sustainable focus.
Blogs will follow the videos, because I found many people preferred a more static, reading approach versus videos. I also kinda want to grow my blog following since I genuinely enjoy writing, so this will be a much more free-form content creation space than the YouTube channel.
I’ve rambled for long enough. Thank you for reading, thank you for being patient and thank you for continuing to support. You can find me on YouTube here, where you can subscribe to know when I start uploading again, or you can set up an RSS feed to this blog to know when I go live with a new post or video. Thank you for your support!
Yes I know, I just got this blog, but I immediately noticed issues and had concerns with WordPress security, and there are a lot of things I’d like to change that WordPress makes a pain in the ass, so why not build something new?
Obviously, I’m not abandoning this blog. I’ll still be doing research and writing on this blog semi-daily, but in the meantime I’ll be building my own so I can have a bit more control over the analytics, ads, layout and customization features, as well as to get a feel for how it’s done. I think it’ll be fun!
This post won’t be super code-heavy, I’ll mainly be detailing my plan of attack, what features I want in the blog and how I plan on going about it, and by the end of it I’ll have a solid MVP to go off of, as well as a Trello board to track it all.
On to the features!
Feature List
Home page feed – The feed on my current home page looks horrific. I’ve done a little theme shopping and none of them look really good. What I’d really like is a home page that’s relatively easy to customize so that if I release something big, I can make it stand out from the other posts on the feed. This feed will include all of my posts in a default or custom format, as well as an area to sign up for my newsletter. Speaking of which…
Newsletter – So, I have the MailChimp plugin on my page to allow people to sign up for a weekly newsletter. Given that I only get a couple dozen viewers a day on this blog, it’s off to a slow start. I would like to build out my own, stripped down version of MailChimp so that I don’t have to hand my viewers’ data over to another company. MailChimp also has some crazy pricing structures to get to premium features, so making my own might be worth it and I can customize and prioritize the features to fit my need.
Projects page – So, I’m working on all of these projects, and it would be really cool if I could leave live, beta versions of them up on my site for people to tinker with. For example, having a beta version of the Day Trading Journal up on the site for people to play around with and suggest features for, etc. That’s not something that I could do super easily with WordPress in the way I currently have it set up.
Today was a great and horrible day for any of us following the US elections and disinformation campaigns surrounding them.
Today the New York Post decided to publish an incredibly questionable story detailing how Hunter Biden, son of US Presidential Candidate Joe Biden and continuous Person of Interest for right-wing conspiracy theorists up to and including the current President of the United States, dropped a water damaged laptop off at a PC repair place to recover data and never came to pick it back up. On the laptop were (allegedly) pictures of the then-Vice President’s son doing crack while engaged in an unnamed sex act with an unnamed woman, and, somehow more wildly than that, emails almost comically worded to implicate Hunter’s role in facilitating a relationship between Burisma executives and his father during Joe’s tenure as VP.
Now, this isn’t going to be yet another blog post about the quality of the journalism in the Post’s article. I’m not going to touch on the fact that this whole story reeks of a badly executed Russian disinformation ploy, as if Jacob Wohl were on the way to see his lawyer and decided to half-read Thomas Rid’s book on disinformation on the way there. Others have done a far better job at that, as well as touching at the complete lack of forensic data that should be readily available to confirm this story.
I’m going to nit-pick at the response by Twitter to take down mentions of the story itself.
I guarantee you I just lost a couple readers who rolled their eyes, said “here he goes again on this freedom of information nonsense” and that’s fine! Politically, this is probably the least important thing that could be discussed related to this story. I have some pretty specific issues with it, though, and I figure I can write on those here since I’m a moron with respect to forensics and disinformation. So to those of you who stayed, buckle up.
Twitter issued a response after taking down several posts containing the Post article and censoring the link itself by issuing a warning related to the content the links send users to. The policy I take particular issue with can be found here. Essentially, Twitter has a policy against any links to materials containing information that is collected by hacking or illegal access. This is… incredibly broad, but I could see why the policy could be applied to the NY Post story. Obligatory “I am not a lawyer” but I can see a computer repairman illegally accessing and disseminating that information (in this case, laughably, allegedly after giving it to the FBI by giving it to Rudy Fuckin’ Giuliani) as a breach of that policy.
The same policy was used to censor any tweets (and many Twitter accounts) that contained links to the BlueLeaks material. BlueLeaks was an initiative by a transparency collective that goes by the name DDoSecrets containing information on hundreds of thousands of police officers and individuals associated with police officers and FBI fusion centers. After the leaks went viral, Twitter permanently suspended the DDoSecrets Twitter account and went further in removing and censoring any posts that linked to the leaks as well as issuing a warning to users that clicked links to the DDoSecrets site that the site “may be malicious,” a claim that… doesn’t seem to have any truth to it.
A Policy with Questionable Enforcement
One of the simplest issues I have with Twitter’s policy on hacked information is that it is applied unequally. Then-presidential candidate Trump infamously requested the Russians hack into Hillary Clinton’s emails during our first joyous go-around of the “BUT THEIR EMAILS” scandal, and videos, quotes and other material related to the request were all over Twitter. Notably, Wikileaks is still very much present and active on Twitter, and their profile features a direct link to the site. One can simply search “pastebin.com” “hack” in the Twitter search bar and they will find plenty of links to hacked data, hacking materials and more.
The typical whiners on Twitter, to include Ted Cruz, Bongino and Tami Lawren were quick to bring up the beaten dead horse of “conservative censorship,” crying that anti-Trump information is never treated this way and etcetera etcetera, ad nauseum. Without even remotely attempting to sound sympathetic to the Children of the Alt-Reich, Twitter has only supplied the National Racists Association with more ammunition in their constant battle of frequent oppression against the liberal elite of Silicone Valley.
God, that sentence hurt to type.
The problem with inadequate application of policy is that it gives actors the opportunity to argue in bad faith that they are being singled out. I don’t think Twitter is intentionally censoring information that is advantageous to conservatives. I think their censoring of Trump’s frequent and flagrant disinformation is justified, as well as hilarious, under their own policies. This policy, though, is so easily proved to be unequally applied that it lends credence to the obnoxious conservative rallying cry of silicone valley oppression, and as annoying as it is, Twitter isn’t helping their case all that much.
Infantilization of the World Public Square
Now, on to the meat and potatoes, the part where I rant on freedom of information and sticking it to the man!
My main issue with censorship in this case, and censorship in general, is the infantilization of social media users. I’ll explain my point eventually, but first I will construct the argument against my own point, since I’m a glutton for punishment, before moving on to explain what I see as a net negative in public education and critical thinking.
This has, frankly, been a horrible year for disinformation. Disinformation has lead to campers, mistaken for those horrible radical antifa leftists that everyone’s been talking about, to be chased, harassed, cornered and menaced. It has lead to militias preparing for buses full of antifa radicals to take to the streets to defend against an enemy that was… never coming. In foreign countries, it has lead to death and rioting, with major companies including Twitter and Facebook changing and strengthening their policies to combat dis- and misinformation that is being spread on their platform. Frankly, it is my belief that disinformation has lead to a complete breakdown of an already fragile system of governance in America, with pitiful older generations taking to the streets, fueled by COVID-19 misinformation and child exploitation conspiracies to an almost frenzied hysteria. We’re not far removed from Pizza Gate, a story that could have had a far darker ending after a man entered a pizza parlor, heavily armed, to search for kidnapped and exploited children who were supposedly hidden there by Hillary Clinton and Podesta.
To begin my argument, I’ll state that I don’t necessarily disagree with the premise that social media companies have a duty to combat disinformation. They are the architects of the algorithms that drive us to stay on the platform, as well as the all-important algorithms that drive us to read certain content. Facebook has been rightfully criticized as a platform that welcomes and drives individuals to take part in disseminating or consuming extremist content, as has YouTube. I think platforms should take part in combating misinformation…
… but I don’t think the method should be censorship
We are fighting a constant war against disinformation. It is on our TV screens, our billboards, in our email inboxes and our DMs. It is everywhere, and it’s very tempting to take a heavy-handed approach to removing disinformation to combat its spread. However, in my opinion, this approach is inefficient and ineffective. The reason why disinformation is having such a profound effect on us, especially Americans, is that we are not being taught to think critically. We aren’t exercising our ability to consider sourcing, to construct conflicting hypotheses, to research and read conflicting information. Social media has such a profound effect in the spread of disinformation because of the way it is being used and abused in its very construction to create echo chambers. Conservatives are not often being faced with direct, contradicting evidence pertaining to their beliefs, nor are liberals, and further censorship of information will only worsen this issue.
To Twitter’s credit, they have recently taken part in perhaps my favorite approach to date by a social media company to combat disinformation. They have begun tagging viral posts containing COVID-19 disinformation with conflicting, well-sourced counterpoints. They aren’t taking the disinformation down, they are presenting it as-is with a notice that the Tweet may contain misinformation, with a link to official sources refuting that point. I like this approach, because it presents the issue and allows the consumer of the information to formulate their own thoughts armed with well-sourced research from an official source.
I do believe that Facebook and Twitter are, in part, worthy of blame in the rise of QAnon, anti-vaxx ideology and white supremacy. I think they didn’t take action quickly enough to combat these ideologies and that they have blood on their hands for the role they played in the rampant spread of disinformation. However, in my opinion, the politicians and pundits who have allowed the US to get away with abysmal public spending on proper public education, which would have taught American citizens how to think and read critically, are far more to blame. Notably illustrated by the Streishand Effect, the censorship of information is far more likely to make it more viral. You would be an idiot to think that Email-gate 2.0 isn’t going to be the central talking point for weeks to come, arguably especially now that Twitter has decided to censor the story. Censorship time and time again has proven to pour fuel on the fire instead of extinguishing it, and in my opinion it is because that is the easiest and least costly strategy for social media to take.
Instead of censoring information, a feat that is technically not that difficult, especially for the modern era’s social media giants, they could be helping to inform the public on critical thinking and reading. Social media companies could be constructing algorithms that present alternative research alongside trending topics. They could be focusing more effort on the deconstruction of harmful echo chambers on their platform. They could even focus more of their efforts on censoring legitimate bad actors that are taking part in disinformation campaigns on larger, automated scale, instead of censoring real-world people discussing current events. Censorship is the easy way out, and in my opinion it is one that will only lead to a less intelligent population who will, more and more, be unequipped to deal with the flood of information that holds our attention online.
This is day 2 of my Dev-A-Day series, a series of articles on cool projects I’m working on in my free time. You can find the rest of the series here. —
Today, I set out to knock out some things for the Trade Journal minimum viable product (MVP; basically the bare minimum, functional application) and created a new React app in my remote dev environment. I had some initial issues getting Git set-up due to some SSH key issues, but eventually managed to get everything working. I spun up a quick Trello board and documented all of the things I needed to do for a functional Trade Journal MVP. I’ll have a screenshot of the Trello board below, but if you want a good idea of what the Trade Journal is going to do and what I set out to do in the MVP, you can check out the first blog post here.
Ahh, I love the smell of a new React App in the morning…
After spinning up the yarn dev server and brewing a stout cup of coffee, I got to work. First, I set out to document all of the fields I would want in the Trade Journal entry page. I figured the following fields would be a good start:
Time and date
Ticker
Order volume
Trading volume
Price
Strategy
That last bit will eventually include a link to a certain strategy. In day trading, strategies are a relatively loose term. Some traders have very specific, indicator-based strategies that are pretty easy to quantify: if price is x percent above or below y amount, there is a z% chance that a long or a short position will be successful. These quantifiable trading strategies are also very common in automated trading algorithms, as it’s a lot easier to develop a trading bot based on objective algorithms instead of more subjective strategies. It also helps take the emotion out of trading by stating “regardless of how I’m feeling this morning, the math says I should execute this action based on x, y and z criteria.”
More loose strategies include “buying the morning dip” and “trading earnings” which are more general strategies. If I know a stock dips by 10-15% every morning at open before recovering by 10:30, I can institute a strategy that buys the “morning dip” and sells once it recovers by some amount.
Eventually, I hope to create my own mix of quantifiable as well as loose trading strategies to help track which strategies are winning and which aren’t worth trying. It’s out of scope for the MVP though, so I’m going to leave it as a default pull-down menu on the journal input form.
This form is going to be as basic as it gets. I only need it to be functional: input all of the information and send that in a post form to what will eventually be an API endpoint to handle all of the file or database input and output.
Ugly? Absolutely. Functional? Nope, not yet.
And there you have the form. It’s ugly as hell, but it has all of the form elements we need in a not-incorrect (but probably not very efficient and definitely not pretty) format. Now, I need to write in the functionality to update the state of the program every time the user inputs a new value in one of the fields so that, eventually, once the submit button is pressed, the state data can be sent on to the API endpoint. I want to do it this way so that, if a user is doing a fair bit of trading, they can input multiple trades at once without having to reload the page. There might be a better way to do this and I’ll likely change it over time, but this will work for the MVP.
Probably inefficient
I got everything converted over to a class-based form that changes the state, but I know that this can’t be the most efficient way to do it… A new function for every item just to, functionally, do the exact same thing in each function? That can’t be right… However, I’m working on an MVP. I try to not worry too much about deep diving into the efficiency or the cleanness of the code when I’m working on the MVP, that’s for later iterations. Could I have saved myself some time and a bit of code space? Probably, but at the moment I’m still very new to React and I don’t know the proper way to handle state changes from user inputs, and the way I wrote it works, so I’m going to leave it as is for now.
Now we’re on to write a simple dummy function that will send the resulting data off to the eventual API endpoint. For now, I’ll just route it to localhost.
Easy, breezy, beautiful dummy function
I would say something cocky like “and it was just that easy” but it was, and it was supposed to be… I’m just yeeting some JSON into the void with this dummy function. Later, we’ll work on an API that can handle all of the file or database IO.
That, however, will have to wait until next time. I have a hungry baby and a couple more blogs to write, so the next Dev-A-Day blog will be some back-end Flask API coding and maybe some database work. You can find all of my Dev-A-Day blogs by clicking this link, or you can search from the homepage for “Dev-A-Day” or the particular project you want to follow.
— If you enjoyed this content, let me know by signing up for the weekly newsletter using the form above or the form on the front page, and consider throwing some coffee money my way on Patreon. —
This is day 2 of my Dev-A-Day series, a series of articles on cool projects I’m working on in my free time. You can find the rest of the series here. —
Let’s be totally honest here, most of us would kill to at least have the lifestyle of the star day traders.
I’m not even talking about the Lamborghini in the garage or the six summer homes in the tropics, I’m talking about getting to work 2 hours a day, if you want to, and make serious bank on the world’s favorite form of gambling.
Personal political/economic issues with the stock-market aside, the financial freedom that comes from that kind of work is super enticing. If I could make a month’s wage in the first two hours of your average day, my life would look pretty different. I’d probably still work, still develop cool tools and all, but I’d have the freedom to be a lot pickier with what I develop and how often and how long I work. That level of financial freedom sounds awesome.
I’ve played around with day trading a bit, with some incredibly minor success. The last go-round I had with it, I managed to make a pretty decent 3-5% a week for a month or two before I lost interest. One of the biggest pieces of advice I had was to journal your trading day and track statistics, advice that I took by writing down each trade: the opening and closing price, the trade volume, the time and date, etc. I wrote it all down in a notebook and calculated metastatistics by hand whenever I was curious, which got incredibly old incredibly quick. I then, eventually, moved over to Google Sheets, but didn’t love that either. Around that time, I got bored with it and didn’t come back for a while.
Now, I want to write my own swing/day trading journal application, something that will allow me to log trade statistics, track them over time, and track various meta statistics, logging all of the above in JSON format for input into other eventual analytic programs. I figured this would best be served in a web-based format, and I need to keep practicing at front-end development, so I figure this is a good way to do some full(ish) stack development on my work-in-progress homelab.
I’m doing other work in React and I am slowly getting used to it, and there are eventual aspects about the journal that I want to be responsive, so I’ll develop the front-end in React, while the back-end will be written in Flask. I’m not doing a ton of super high-frequency trading, so I’ll probably do the data storage/access in flat JSON files instead of any kind of back-end magic. Remember this moment, it’s a very rare instance where I decide not to over complicate something.
The application will include a home page dashboard that shows a small feed of recent trades and associated statistics, meta statistics like historical profit/loss numbers, best/worst trading days, best/worst ticker symbols, etc. On another page, there will be a larger, expanded feed where the user can see individual trades and associated statistics and expand individual trades to view an expanded account for that trade. I’m thinking things like trade type (long/short, swing/day) and individual industry traded. A lot of this can be automated away, such as finding the company name, history and associated industry of a given ticker symbol, but the MVP will be a manual input/output program that I’ll expand upon later. Finally, there will be a place to input new positions and close open ones.
The minimum viable product (MVP) for the first version will be a very basic form of the journal: a form to input new trades and close old ones, a very basic meta statistics page with an abbreviated feed, and a journal feed page with a basic view of each trade. I think this will be pretty cool to work on honestly, I have some cool ideas for expanding it in the future.
— If you enjoyed this content, let me know by signing up for the weekly newsletter using the form above or the form on the front page, and consider throwing some coffee money my way on Patreon. —
I recently announced on Twitter that I’d gotten a new job as a Sr. Engineer! I’d been developer heavy in many of my roles in the past, as much as I could, despite those roles not being explicitly technical or software development-centric. I’ve done a lot of development work in my “6 to 10” work as well, working on SketchyReq and tons of other small side projects. This blog itself is supposed to serve as a dev-blog as well as a place to work on my right-wing extremism research. I really do love development; to me it’s a sort of artistic feeling, starting with a blank canvas and an idea and, hours later with much headbanging frustration, ending up with something cool, often not entirely the same as what you intended. For someone with no art skills whatsoever, it’s a nice feeling.
Now, though, I have this engineering position and a thousand ideas and partially formed projects like SketchyReq. I need to hold myself accountable, to force myself to keep learning and keep building things. Obviously, my day job will help with part of that, but I still want to work on my own projects and to keep that passion going. That was one of the reasons I started my YouTube and Twitch channels and one of the reasons I switched from there to this blog. You can read a bit more about that move by reading my first blog on switching to less centralized social media.
With past platforms, I’ve chosen social media to help hold me accountable for continuing on those projects and… it’s largely failed. I’ve started and stopped streaming and YouTube’ing multiple times. Often it’s because the workload involved with producing a video is significantly more than the workload required to develop the project I’m depicting, or that streaming requires strict scheduling that I couldn’t really work out. Those are both big reasons why I switched to blogging, so I’m going to try out the same tactic here, with Dev-A-Day.
For Dev-A-Day, I’m going to be detailing different projects I’m working on, from big to small. I’m going to be blogging about SketchyReq development and other large-scale SaaS projects as well as smaller stuff like quick scripts to manipulate data or interact with an API. Sometimes, they’ll be technically dense, others they will be more of a discussion of the theory. I think this will be a good way to chat about cool stuff, to hold me accountable to work on cool stuff and to work with others on the cool stuff they’re building. It’s sort of like the #100DaysOfCode challenge, but… all the time.
I’m not likely to publish a new blog post every single day, and I’m not necessarily likely to work on something every single day either. Life happens. But DevADay is a better title than DevOccasionally or SometimesDev and it’s better to shoot for the moon and land among the stars… or something.
Anywho, be on the lookout for new DevADay stuff. I’m currently writing up a list of cool projects to work on and I’m pretty excited.
— If you enjoyed this content, let me know by signing up for the weekly newsletter using the form above or the form on the front page, and consider throwing some coffee money my way on Patreon. —
I’m going to start this blog on dog-whistling with the same quote that just about every other blog and article on racist dog-whistling starts with. This is Lee Atwater, the Republican Party strategist famous for being the brains behind Nixon’s Southern Strategy:
You start out in 1954 by saying, “Nigger, nigger, nigger.” By 1968, you can’t say “nigger” – that hurts you. Backfires. So you say stuff like forced busing, states’ rights and all that stuff. You’re getting so abstract now, you’re talking about cutting taxes. And all these things you’re talking about are totally economic things and a byproduct of them is [that] blacks get hurt worse than whites. And subconsciously maybe that is part of it. I’m not saying that. But I’m saying that if it is getting that abstract, and that coded, that we are doing away with the racial problem one way or the other. You follow me – because obviously sitting around saying, “We want to cut this,” is much more abstract than even the busing thing, and a hell of a lot more abstract than “Nigger, nigger.”
What Lee Atwater is describing is dog-whistling. Dog-whistling is using terminology that only a certain audience can understand the true meaning of, named after whistles used in sheepherding that only sheep dogs could hear. We’re going to go through some recent examples of dog-whistling, but it’s important to approach this topic with full honesty, so I’ll start with a sort of disclaimer below before we get into examples.
A very typical accusation, most recently from the far-right, is that “the left” likes to find a Nazi in everyone, that everything is a dog-whistle and that this anti-Nazi paranoia is leading to a more and more accusatory political climate that is ridding the political spectrum of any middle ground between outright fascists and tankies.
I will fully admit, this is a fair point in some cases. I recall a recent example where someone with a pretty good reputation in my field made a videogame that was meant to help educate kids on the basics of information security. Unfortunately, he chose the antagonist to be a rat with a vaguely “Jewish sounding” name, drawing the ire of some of the more… sensitive members of the community to accuse him of using the antagonist as an antisemitic dog-whistle. I thought the whole thing was incredibly over the top and performative, but a dear friend explained to me that rats were a common antisemitic symbol to depict Jews in a negative light. I understood where the sentiment came from (but still preserve that a fair bit of the outrage was largely performative) but thought that the accusations of dog-whistling were a step too far, considering the person’s past good behavior.
Anywho, on to some examples.
Trump’s Infamous ‘Low-income housing’ Dogwhistle
If you’re the type that gets angry about pointing out Trump’s dogwhistles, this post probably isn’t for you.
On 29 July 2020, President Donald Trump tweeted:
“I am happy to inform all of the people living their Suburban Lifestyle Dream that you will no longer be bothered or financially hurt by having low income housing built in your neighborhood…Your housing prices will go up based on the market, and crime will go down. I have rescinded the Obama-Biden AFFH Rule. Enjoy!”
Predictably, this was Trump furthering his tactic of repealing as much of Obama’s legacy as humanly possible, regardless of the cost to the average American, but the speech within the tweets are incredibly obvious dog-whistles, and relatively common ones at that.
We can start with the language hearkening back to “white purity” symbology of the pre-civil rights era and the associated terminology from Nazi ideology. A common tactic used by segregationists and white supremacists was not only demonizing and dehumanizing people of color, but upholding white people’s purity as a dividing factor between the two races. This tended to appear in the heavily used depiction of the black man as a rabid rapist out to destroy the beautiful purity of the white girl… terminology that sounds eerily similar to Trump’s description of Mexican migrants not too long ago. The usage of “Suburban Lifestyle Dream” depicting the perfect white suburb, the dream of every white family, “unbothered” by the scourge of the less pure “low income housing.” This is a dog-whistle essentially implying that whites don’t have to worry about the government making it easier (by providing further upward economic mobility) for blacks to move into their neighborhoods or for cities to provide affordable housing near white suburbia.
How does race tie in to the equation? “Affordable housing” is typically used to represent low-income people of color, as demographically suburbs are predominantly white and inner city areas and affordable housing are predominately black or Latinx. White flight as it plagues many cities across the US and other countries is one side of the equation, so naturally the “low-income housing” is the other side, along with its associated demographics. This is a near-perfect and very common dog-whistle. Most people hear “drop in property value due to less attractive housing units” but the real audience hears “drop in property value because the blacks are moving in.” Judging by Trump’s history in discriminatory housing practices, we can probably guess where he learned this verbiage.
While much of my work researching white supremacist groups includes noting connections between disparate groups, similarities in ideologies across different generations of white supremacists and tracking arrests and criminal records of known bad actors, a fair bit of my research has brought me into the symbology of white supremacy and Nazism. How did the Nazis end up using so much Buddhist symbology? Why is Norse symbology so common in white supremacist groups? What do these numbers commonly mean?
The study of white supremacist symbology has brought me to discover symbols like the Black Sun, swastika, lightning bolts and various Norse runes, but there are two numbers typically associated with white supremacist ideology: 14 and 88. The number 14 is a dog-whistle hearkening back to the 14 words popularized by neo-Nazi David Lane, while 88 represents the twice repeated 8th letter of the alphabet, H, short for ‘Heil Hitler.’ These are typically used in usernames on social media and white supremacist forums to identify oneself to other white supremacists, but another, possibly surprising forum found itself representing one of these numbers in a rather odd way: Trump’s swag store.
As covered by Business Insider, an official Trump merchandise store got a lot of flack for some merchandise that featured some pretty blatant dog-whistles, including a Trump-branded baseball that was being sold for $88 online. To me, this seems like an obvious one: the price on Trump merchandise is as arbitrary as it gets. Products are cheaply made and the purpose is entirely profit driven and to put out the Trump brand ahead of the election. Why $88? Why not $99? Why not $40? You’re telling me they could have picked just about any price possible and just happened to pick the incredibly common dog-whistle for ‘Heil Hitler’? The store also featured an “America first” tee with an eagle that very closely resembled the eagle donned by Hitler’s SS, ironic seeing as “America first” is a rather tongue in cheek bad-flavor-of-nationalist slogan in and of itself seeing as Hitler used very similar terminology during his rise to power.
The President of the United States is campaigning for reelection using a Nazi concentration camp symbol.
Nazis used the red triangle to mark political prisoners and people who rescued Jews.
Trump & the RNC are using it to smear millions of protestors.
— Bend the Arc: Jewish Action (@jewishaction) June 18, 2020
That very same week, Facebook removed a campaign ad that used Nazi symbology associated with political prisoners in concentration camps, and Trump himself retweeted a video that, very clearly, depicted a Trump supporter yelling ‘white power’ in a well-to-do golfing community. It was a rough week that seemed to be turning dog-whistles to bullhorns, but always still there were tongue-in-cheek critiques that leftists were just being silly or malicious in seeing swatstikas on every street and tweet. To be fair, leftists have their own dog-whistles…
What Might Be the Nail in Hillary’s Coffin
Hillary Clinton herself attempted to make use of her own dog-whistle during her 2016 campaign against Donald Trump, and, in my own opinion, it might be the campaign decision that had the largest adverse effect on her already comically clumsy attempt at the presidency. According to Wikipedia, the first time Hillary used the term ‘deplorables’ was September 9, 2016, saying that half of Trump’s supporters are a racist, sexist, xenophobic “basket of deplorables.” While it’s less a dog-whistle and more of a bullhorn, the term deplorables was seen to represent the uneducated, poor non-elite of America, those without the silver spoon, typically what much of the leftist elite would refer to as trailer trash red-necks.
You can probably guess how that went.
Trump effectively mobilized his irate base to use the term ‘deplorable’ as a rallying cry. The word showed up in Twitter usernames, in group logos and more as Trump’s base saw it as a dog-whistle to refer to a sort of resistance to the elite, the very sort of populism that Donald Trump sought to drum up during his first and, seemingly, second campaign for president. If Hillary’s elitist bullhorn weren’t loud enough, Donald Trump hooked up the speaker system and cranked up the volume.
Key Takeaways
I would highly recommend everyone study up on the symbology and common dog-whistles used by white supremacists and others, and call them out when you see them. Listen to people-of-color, who are used to the myriad of ways they are ‘othered’ in common lexicon. Study what tattoos are common among members of white supremacist and neo-Nazi groups, as they are a very common way for groups to ‘tag’ members to be recognized during social functions. Things like the lightning-bolt SS, the numbers 14 or 88, Norse runes (much to my chagrin) and iron crosses are incredibly common, albeit much more explicit, symbols to identify neo-Nazis and white supremacists, whether it be in tattoos or pictures posted online.
More generally, learn to read between the lines. Don’t accept Trump’s “Suburban Dream” at face value, really think about what this means from a nationalist populist perspective, and think of what it means in the context of Trump having a very questionable history in race relations. Think about what it means for Trump to say “there are perfectly good people on both sides” in the racist and deadly Charlottesville marches, for Trump’s press secretary to say he “won’t weigh in” on white supremacist Kyle Rittenhouse’s shooting of 3 BLM protesters.
Words never have only one meaning, and regardless of the constant gaslighting, it is important to perk your ears up at the first hint of a racist dog-whistle.
