Open Souce Funding Models

A look at various funding models for open source projects. Most of the major open source projects require a fair amount of development and maintenance and have many full-time people working on them.

People volunteer their time, most of the members of the numerous open source software foundations are unpaid and dedicate their own time and energy. Many of these volunteers work for companies who understand the importance of open source and give them the time.

Here’s a look at how open source projects, which by nature do not charge for their software, generate money to fund their projects.


Wikipedia is the best example of the donation model. Annually it turns to its users directly asking for donations, using banner ads and on-site promotions. The Wikimedia Foundation also receives funding from benefactors and grants. Wikimedia follows a very similar model as public radio in the U.S.

Bitcoin Foundation is funded by a membership model which you can join for a donation or if you wish you can donate without membership.# Membership is another very common model for offline non-profit organizations, for example the ACLU. The benefits of a membership model allows for recurring revenue and a mailing list you can reach out to to solicit future donations.

Software foundations such as the Free Software Foundation, Software for the Public Interest, Software Freedom Conservancy and Apache Foundation operate under a similar sponsorship model, with the majority of donations coming from large corporate sponsors.

However, the donation model is difficult to sustain particularly on an on-going basis and for smaller projects. See Nathan Willis’ article New funding models for open source software which discusses donation and crowd funded projects.

Corporate Sponsor or Patronage

Companies benefit greatly from open source software and will hire and employ people just to work on them. Google employed creator of Python, Guido van Rossum for 7-years. Yahoo employed creator of PHP, Rasmus Lerdorf for many years to further PHP development. Two examples which key people are able to dedicate their time.

Linux has long been funded and advanced by corporate contributors. You can see the amount of time given to open source by the Linux contributors list. A majority of these contributions are for drivers to make the company’s hardware work with Linux. The companies are motivated to get involved but the time and code contributed is still open source.

Android was created by Google and released as open source to generate a platform audience, receive contributions and feedback and encourage adoption. Also, as open source third-party manufacturers are more willing to adopt a platform since it is open. Google still maintains primarily control and employs the majority of developers.

Ruby on Rails is another example with 37 Signals releasing the software to both give back to the community, but also with larger adoption, they benefit through feature development and bug fixes. Also, as a company an increase in both community goodwill and experienced engineers; making it easier to hire. You can see the core team of Rails has since expanded beyond 37 Signals.

Other examples of companies developing then releasing software as open source include, Java by Sun Microsystems, Cassandra by Facebook, Hadoop by Yahoo, Bootstrap by Twitter, V8 and Go programming language by Google. Plus countless libraries released by all sizes of companies.

Commercial Enterprise Support

RedHat was one of the first companies who attempted to build a for-profit business off open source. The RedHat business model is to develop an enterprise version of the Linux platform and offer long-term stability and enterprise support contracts. RedHat had some bumps along the way but has worked out a pretty good model, now working well with the community and is a profitable company with a $10b valuation #

Ubuntu follows a similar model as RedHat but started with more a focus on the consumer market. Canonical, the company behind Ubuntu, was jump started by its founder Mark Shuttleworth who self-funded it. Canonical offers support and services to enterprises and governments. However it continues to struggle between profitability and ambitious projects, such as its recent failures with the Ubuntu Edge device and Ubuntu One file services.

MySQL started and continues to be a dual-licensed product, originally run by a Swedish-company MySQL AB, but now run by Oracle. The two versions of MySQL are an open source community version licensed under the GPL and a commercial enterprise server which includes support and advanced features not available in the community edition, for example backup, monitoring and high-availability services. Sun Microsystems acquired MySQL for $1b in 2008.

VirtualBox is an open source virtualization tool which Oracle releases the basic app free for all. They also offer advanced features and extensions which are free for personal use, but requires a commercial license for business use. This model appears to work well to encourage adoption, for example the Vagrant project uses VirtualBox as its primary engine.

Zend Framework is a PHP Framework used to develop web applications. The primary framework is open sourced and Zend Technologies gives away to encourage adoption. They sell their Zend Server product which adds additional features for packaging, deployment and support.

Hosted Version

WordPress is an open source blogging platform which has a diverse model of funding. Anyone can download and install WordPress on their own servers, however if you want a hosted version the easiest option is the commercial product offered by Automattic, the primary contributor to WordPress. Disclosure note, I am work for Automattic.

Automattic continues the WordPress mission by offering free hosted blogs, but for premium features such as domain name, space upgrades, custom design are paid upgrades. Additionally, and probably more importantly, WordPress is supported by thousands of freelance developers and designers who profit from selling their own services, themes and plug-ins built on top of the WordPress platform.

Github is a little similar in nature offering a paid hosted version for an open source tool. Though Github was not the developers of git, which was actually created by Linus Torvalds of Linux fame. Anyone can host their own git repository on their own servers, but if you want the convenience, speed and additional features, you can use the hosted version on Github.

This hosted (or cloud) model of funding is one of the stronger methods and should continue to grow in popularity. It gives users the confidence and freedoms of an open source project, so no vendor lock-in, but also the convenience of not having to run themselves.


Apache Server started as the NCSA HTTPd server developed at the National Center for Supercomputer Applications a unit of the University of Illinois. Support for the NCSA comes from the National Science Foundation, the state of Illinois and other business and federal partners. The Apache Foundation now manages the Apache server as well as dozens of other open source projects. The Foundation operates under a sponsorship/donation model.

The Scala programming language was developed by Martin Odersky while he was a professor at EPFL in Switzerland. # However, after 10-years of developement to continue and expand the work on Scala a for-profit company, Typesafe was founded and now is primary contributor to Scala development.


Mozilla uses the affiliate model which is not too common, especially since it ties closely to advertising and more reliance on a single source of income. In Mozilla’s case they receive the majority of their income from Google, $300m annually, by setting Google as the default search engine in Firefox. #

Mozilla uses this money to direct employee numerous engineers and other open source projects. For example, John Resig was working at Mozilla when he developed JQuery, the open source javascript library.


Conferences are another source of income for open source projects but typically not the largest nor most profitable. Most conferences have significant cost including paying for the space, refreshments, staff and require a lot of time to plan and run. A conference tend to be better for marketing, recruitment and building an open source community than a large source of profit for a project or foundation

You can see the costs of conferences in the Software Freedom Conservancy report # which shows in 2012 conference income of $183,083, and conference expenses $216,492. So a net loss due to conferences of $33,409, though overall might be considered worthwhile as promoting the software projects.

Brand Licensing

Another source of incomes for open source projects is licensing of the project name. This is used across many of the popular projects, but typically accounts for a small percentage of the product’s funding. This method also requires the project name to have enough popularity that others would want to use it. You can see below the GNOME Foundation only made 2% of income due to royalties.

Credit Cards

A form of brand licensing to some degree, both the Linux Fund and the Free Software Foundation offer credit cards which a portion of payments go to support their projects. Both of these foundations offer support to numerous open source projects


Bounties are a new form of open source funding which has popped up recently. One example is BountyOSS which allows crowdfunding of projects by paying for bugs or features to be developed. A little too soon to tell if this will be a viable funding model. My guess is it won’t, crowdfunding can offer a quick bump in income but not a recurring source of income, which software projects need since software is never done.

Foundation Budgets

It is interesting to look at the software foundation budgets, you can see that they are not employing vast amounts of developers and have minimal budgets. Here is the GNOME Foundation 2012 financial report which shows just $200k going to employees, which at today’s rates would only be 1-2 full time engineers.

GNOME Foundation 2012 Statement
Advisory Board $150,000
Sponsorship $121,584
Donations $53,649
GUADEC $84,269
Royalties $8,395
Training $751
TOTAL $418,648
Administration $11,210
Employees $201,934
GUADEC $29,953
Hackfests $21,932
Other Events $34,587
Marketing $1,117
Contracts $1,530
Women’s Outreach $106,741
TOTAL $409,004
About these ads

The Command-Line Office

Live your life on the command-line, this week we take a look at a suite of command-line office tools and utilities.

Updated: This article received a little bit of extra attention and comments which brought some great suggestions and alternatives. I’ve tested a few of them out and included additions below, also check out the comments for even more. Thanks everyone!


First, a gentle introduction, word processing is a bit of a no-brainer on the command-line. You have the trusty favorites of vim and emacs as well as the gentler nano editor. For spell checking files on the command-line, use aspell.

I create all of my documents in Markdown which is a nice plain text format which can easily be convert to HTML using pandoc utility. Plain text is simple, easy to work with and future proof – I won’t ever have to worry if I have an app that can read it.

Keep track of your todo items using Todo.txt a system development by Gina Trapani. A simple way that uses plain text files to track todo lists and a script to manage it all. Now extended to mobile and available for numerous languages and platforms.

Another great command-line todo manager is Task Warrior which has a little bit richer set of features and more add-ons and third party apps which can view and manipulate, see the tools section. I like vit which is a curses based front-end.


My favorite tool for building presentations is the ultimate converter app, pandoc. Pandoc is as mentioend above is a utility to convert file formats, some of the export formats include various HTML presentations. Formats supported: Slidy, reveal.js, Slideous, S5, or DZSlides. So you can create your slides in markdown and output a presentation.

If you want a more pure command-line experience, there is terminal power point which is a ruby script which displays the slides within the command-line. Unfortuntaely, as with all ruby scripts for me, I couldn’t finagle dependencies and versions to get it working. Your mileage may vary.


The days of Lotus notes on the terminal are not quite over, ok its not Lotus 1-2-3 but you can still do some spreadsheeting in the terminal using the spreadsheet calculator sc. The sc program provides the familiar grid spreadsheet with vim bindings and basic calculations and functionality.

More tools and resources exist for charting and graphics, the most popular being gnuplot but matplotlib for Python is gaining popularity with the recent data science revival

If you just want to do some quick calculations, check out bc, a standard precision calculator installed on most distributions, or typically I’ll just use the Python REPL or even the newer iPython. iPython is pretty nice because it always stores the results in an array that you can access.


remind is a nice reminder utility, which you can use to remind you of various dates, for example birthdays. It has a powerful scripting language which allows for just about any date formatting/calculation. See LifeHacker article for more.

If you are looking for a little more from your terminal calendar, check out calcurse. Calcurse is a curses based calendar and task manager with customizable interface and suppots iCal and more formats, closer to an Outlook replacement.

As always, if you just need a month calendar, just do a quick cal on the command-line.

Apps & Utilities

For password management, I now use pass command-line tool. Pass uses simple gpg-encrypted files and far quicker and easier to use, though no browser integration. Combined with BitTorrent Sync makes for a nice synchronized password system, also it uses just basic files so you can have multiline text.

If you are looking for a command-line RSS reader, check out Canto and
Newsbeuter which claims to be the mutt of RSS readers.

Twitter, may or may not be part of the new office suite, but anything with a command-line client is a win in my book, check out python twitter tools (ptt)

A bit of a coincidence, my company just released a open source command-line tool for Cloudup, which allows uploading files, photos and more to share online quickly. Ping me if you want an invite, I know some people.

Preventing Errors in Code

Coding and Preventing Errors

A little delayed with getting this edition out, the weather has been too nice and some gardening was required. Nothing beats yard work near spring-time, beautiful weather and working the earth, good for the soul.

On with the show, this week looking at preventing errors when coding

An ounce of prevention

If you don’t read anything else, read the Joel Test to make sure your development practices follow the basics. If you can’t pass the test there’s your todo list, Joel Spolsky wrote it over a dozen years ago and still just as valid today.

Pete Warden writes an observant counter to argument against open-offices, Writing code is not most programmers primary task which is worth a read. I include it as a reminder, many errors occur by not asking questions and understanding the goal of what you’re doing. No number of unit tests will fix misunderstood problems.

Be consistent, use a checklist. If you find yourself repeating a complex process look at creating a checklist to help your memory. Pilots and doctors are doing it why not your iPhone app deployment. I saw Matthew Eppelsheimer give a good flash talk on using checklists at WordCamp Portland.

Accidents Happen

Why? Why? Why? Why? Why? The five why methodology is used to discover the root cause analysis and not just fix the current problem, but prevent it from ever happening again. Eric Ries wrote a good article about Five Whys for Start-Ups or if you prefer a bit older look at the methodology:

For want of a nail a shoe was lost,
for want of a shoe a horse was lost,
for want of a horse a rider was lost,
for want of a rider an army was lost,
for want of an army a battle was lost,
for want of a battle the war was lost,
for want of the war the kingdom was lost,
and all for the want of a little horseshoe nail.

In case of emergency

Accidents do happen and downtimes occur, don’t hide but be up front and honest with your users. Communicate the results, Google and Amazon have dashboards for their service outages why should you be embarassed. Create your own check out open source project System Status Dashboard or maybe the hosted SaaS solution if your site is down, your alert system might be too.

Bits & Bytes

  • Selenium is the best functional testing framework for web applications. You can see my selenium example using python but better yet read up on Sauce Labs hosted selenium testing, lots of examples and code samples.

  • Tarek Ziade has a tool aptly named Boom! which is a command-line tool to generate load against a website, intended as a replacement for Apache Benchmark.

  • If using a local server to generate load is a bit pedestrian, you can always turn to the cloud, with a service like LoadStorm you can summon a 50,000 user Typhoon (name of the service level) and descend it against your website. Blitz is another popular load testing cloud service.

Hands on Introduction to Dogecoin

This week’s ebeab newsletter I try to figure out what is going on in the world of crypto-currency, specifically Dogecoin. I learn by doing, so here are my sad attempts at mining Dogecoin and how I spent and lost money along the way, I like to think I did it for you the reader.

I have a degree in math and stats so crypto-currencies interested me from the math and technical side; but I didn’t really see much practicality in them and a little too much anarchy.

However, Dogecoin came along and dismissed the notions of being practical and trying to be a legitimate alternative-currency and was having fun with it. A lot less overthrow-the-governments and a lot more “to the moon” silliness. They made it approachable and set a fairly low bar so most people can participate.

I started to read a bit more about Dogecoin and even made a sad first attempt to use it. I downloaded the wallet, scratched my head while it took hours to sync and then it didn’t really do anything. It wasn’t until last week my coworkers @TooTallNate and @rauchg were playing with it that I got anywhere. Nate gave me a couple of pointers and got me started.

So let’s get on with it, here are a few pointers, hopefully this article will be a good introduction to crypto-currencies and help you avoid the dumb mistakes I made and get you started in the fun world of Dogecoin.


Cryptocurrencies are a currency based on solving a very complex mathematical cryptographic problem, the exact math isn’t necessary to understand, but similar to how SSL and web security works; basically all around cryptographic keys and probably prime numbers.

The way coins are generated is to run a program on your computer to solve these crypto problems, this is called mining. If you are able to discover a block, you are awarded, if you’re mining Bitcoin you are awarded 1 coin, if mining Dogecoin awarded between 0 and 500,000 coins.

Relatively simple in concept, but finding those blocks is quite difficult and computationally intense. The probability of finding a block is a 1 in ( d * 2^32 ) chance where d is an increasing difficulty level, as more blocks are found, d is increased to slow down the production of coins and attempt to maintain their value by not flooding the market.

A single individual’s chance of finding a coin is pretty slim, my iMac rate for solving is around 28,000 hashes a second. This is how many crypto hashes it can check per second. This sounds like a lot, but the overall network right now is running at 234 GH/s (giga-hashes a second) or 10 million times more than my little computer.

A new block on the network is found every minute or so, I would have to get lucky or wait a million minutes, which is a long time. So people join a pool and combine their resources to mine the coins and when a block is found, it is divided up amongst those in the pool based on how much computing power you contributed.

After the coins are mined, they are delivered to your Dogecoin address, and you can then send the coins to other people in various ways. I’ll explain below how to actually do all of this.

Dogecoin Wallet

The first thing you need is to download a Dogecoin wallet, this will give you a Dogecoin address. You can download a wallet for most platforms at, you can even get mobile or online wallets. Unfortunately they don’t have a pre-built binary for Linux, here’s a guide on dogecoin and linux, the quick install

sudo add-apt-repository ppa:cwayne18/doge
sudo apt-get update && sudo apt-get install dogecoin-qt

Once you have your wallet installed, run it and you were see something like this.

Dogecoin Wallet

The wallet will need to synchronize with the network, this takes a few hours. What it is doing is downloading what is called the block chain which is a record of every transaction, ever.

The way you receive money is your wallet checks your address against these transactions and if there is a match, confirms you by using your crypto private key (held in your wallet) and then the coins are deposited in your wallet.

To get your Dogecoin address, go to the Much Receive tab and it will list your address. You can copy it from there, for example here is my Doegcoin address:


You can send money using the Pls Send tab, where you can enter in someone else’s address and how much you want to send them. Note, you’ll need coins in your wallet to do so. If you have coin and want to test sending some, my address is above ;-)

Important Don’t start two wallets and confuse the addresses, which I did. After my first succesful mine, I some how used an old wallet address due to browser auto-complete and sent 600 coins to a deleted wallet, they are lost forever.

Your wallet on your computer is the only record of the coins you hold, if you lose it, they’re gone. You can back it up and encrypt your wallet, which I would recommend.

So how to mine some coin!

As mentioned in the background section above, to mine coin you will want to join a mining pool. You want a pool that has a fair amount of activity and horsepower to actually receive some coins in a reasonable time.

The first pool I joined it took 8 days and then after we finally discovered a block just last night, and I had 2,700 coins coming my way. It turned out to be an orphan block already claimed by another pool. No coins for you!

During that time, I realized that pool didn’t have much fire power and joined a larger pool at Dogechain Info which has netted results, its a larger pool so I get a smaller cut, but at least its something.

You can find a large list of pools available here, and to join you can simply follow the registration instructions on the pool, some require email verification.

Once you have joined a pool, you need to create some workers. Click the “My Workers” link and add a worker. Use a simple worker name and password, the worker is the info you feed the mining program to identify who should get credit for the mining being done.

The last bit of info you need is the URL for the mining, this is typically found under the “Getting Started” link on the mining pool. For my pool it looks like stratum+tcp://

Mining Locally

Now with a worker setup and a URL, now we just need a miner to do some work. There are two main ways to mine, GPU mining using your powerful video card, this is fastest! Or CPU mining using your processors, this is a bit slower but better if you have a laptop and a weak video card. People warn about over-heating and burning both up, but my guess is that’s over-clockers pushing things to the edge.

There are various mining applications, the ones I’ve used are cgminer for GPU mining, minerd for CPU mining. On a Mac, there is an easy front-end called Asteroid which bundles it all up making it easy just edit the config and enter your pool info.

Asteroid Miner

So download one of the miners above, and for the command-line miners you configure using your pool url and worker credentials like so

./minerd -o stratum+tcp:// -u user.worker -p password

Note: I initially confused the worker username, your user is prepended with a dot to the name you give. So if your username is “marcus” and your worker name “mac” – you would pass “marcus.mac”

Once configured or running, your miner will report how many hashes it is, you can confirm the pool is receiving it by going to the dashboard. You can see your hash rate there.

Hashrate Graph
And then you wait… and wait… and wait… you might get refresh crazy. It takes hours sometimes days. Patience helps.

When the pool eventually finds a block, you will see it show up in the dashboard as Unconfirmed balance, and once the block is confirmed it will be deposited into your account. Woo hoo!

Transferring coins out: In the account settings, you can enter in your dogecoin address and transfer the coins to your wallet. You don’t need your wallet running, the next time you start it up, it will sync the block chain and see your transaction and deposit the coins.

That’s it to mining.

Using EC2 to Mine Coins – no profit here

Now for those who are impatient like myself and didn’t want to wait so long. You can build yourself some crazy powerful mining rig or in the age of cloud computing you can turn to Amazon and EC2 which I did.

I figured it would be cheaper to spend a little money on Amazon and learn how to mine than ordering a new computer. It was cheaper than a new computer, but by no means cost effective. I’ve spent around $120 on EC2 and netted about $4.00 in Dogecoin.

The mining aspect is the same for EC2 as it is locally, it really helps if you have previous EC2 experience. You basically spin up an EC2 instance and install and configure a miner. I then setup an init script to start the miner on boot and confirmed by rebooting.

I then saved this whole instance as a new AMI. So then anytime I spin up a new instance and pick this AMI, the miner would automatically start. So I don’t even need to login to the boxes, just start and stop instances.

A couple of tips on EC2, I found the c1.xlarge with 8-cores is a pretty good bargain when buying on Spot Instances. I was able to get them for around 7 cents per hour. On-demand pricing, for these instances is $0.66/hr. Familiarize yourself with EC2 pricing. Also, since lazy, I would spin 10 or 20 of them up at a time instead of waiting. Much power!

EC2 also has a GPU instance which is more expensive, around 65 cents an hour. I found the 10x CPU would net me about the same hashes per second as a GPU instance, which is funny since it matches the pricing. Spot pricing on GPU instances was much harder to get a bargain.

The GPU instance is a little trickier to setup, you can search Community AMIs and find a Doge one already setup for GPU mining. See this post for more make sure you configure it for your own pool. Also, once configured save your own AMI, and you can spin up without needing to configure each time.

EC2 Results

If I spin up around 10x c1.xlarge instances with 8-cores each, I would get around 556 KH/s for comparison the pool combined was doing 2.6 GH/s so 4,000 times more which means I would get 1/4,000th of a block when found or around 12 coins. The current conversion is roughly 500 dogecoins is worth a $1.00 USD, so those 12 coins are worth about 2 cents.

Now, a lot of the finding is based on luck to a certain degree, the more horse power you have searching the better luck you’ll have, I’ve seen several blocks found in an hour and I’ve seen no blocks found for 6 hours or more.

At peak mining, I launched 5x GPU instances and 20x CPU instances which was costing me about $5/hr and netted around 1,700 coins overnight, roughly 8-hours or so. The math, I spent around $40 on EC2 and got around $3 in Dogecoins.

No money to be made, but a great learning experience.


I hope you found this guide useful and good intro to Dogecoin. If you are curious, I recommend trying it out, the best way to learn is by your own experience and dive in.

One of the most exciting things about Dogecoin is the community around it and the relatively low value of the coin. People are actually using and sending dogecoin to each other. In contrast, Bitcoin seems to be more greed, hording and speculation of people trying to get rich.

The Dogecoin community is having fun and using it as micro-payments and a reward system. For example, a tip bot is setup on reddit which allows you to reward a good post or comment. I read the amount of Dogecoins transacted in a week is more than the total value which is crazy active!

See further resources below to dive deeper into the world of Dogecoin and if you found this guide helpful, once you’re setup you can throw me a bone to my doge address: DNYJ2ANdx1GL4sbCyikaVgYrf2GfiCtf8N

Further Resources

  • Dogecoin on Reddit – the best community and resouces. Hunt around for links in header and sidebar, they have a mining guide and everything else you’ll need.

  • Doge Education – a reddit for newcomers to the world of doge.

  • DogePay – calculate price of doge – one of many sites. The common way people calculate or convert is to convert Dogecoin to Bitcoin and then Bitcoin to dollars.

Disable Caps Lock in Ubuntu

One of the first things I do on after any new Linux install is disable the caps lock key, it is uselwss, oddly though I never map it to anything else. Here’s how to disable caps lock on Ubuntu.

Disable Caps Lock on Ubuntu 13.10

The upgrade to 13.10 actually made it a bit more difficult to disable capslock. The easiest way to do so is to install the Tweak Tool and use the settings there.

The Gnome Tweak Tool is in the standard repository, so you can install using apt-get, like so:

sudo apt-get install gnome-tweak-tool

You can then run Tweak Tool, select Typing and set Caps Lock key behavior to Caps Lock is disabled. See screen shot below.

Tweak Tool Disable Caps Lock Screenshot

Disable Caps Lock on Ubuntu 13.04

If you are running a previous version of Ubuntu, you don’t need to install a separate tool, but it does require a little hunting. You can find the setting for Caps Lock behavior in:

System Settings » Region and Language » Layouts » Options » Caps Lock Behaviour

Other OS?

February 7, 2014 – Productivity and Focus

This week’s newsletter is on productivity and focus, a few tools, tips and stories around just doing it. Remember though, reading about productivity is not really being productive.

{ Techniques }

xkcd reminds us to ask is it worth the time to optimize a routine task – take into the account the time it takes to do the optimization.

“The most productive people I know don’t read these books, they don’t watch these videos, they don’t try a new app every month. They are far too busy getting things done to read Getting Things Done.” from James Bedell’s look at The Trap of Productivity Porn

As much as I know the above is true, I still come across things like Bullet Journal and fall for it and its beautiful stationary, photography and penmanship; epic todo lists of beauty. Who cares about getting stuff done when your todo list has so much style!?

Don’t set goals, they just make you unhappy. James Clear writes “the problem with the goal mindset is that you’re teaching yourself to always put happiness and success off until the next milestone is achieved”

{ Avoid Distractions }

A popular method to maintain focus is the Pomodoro Technique which you dedicate 25-minute intervals to a single task, set a timer and when it goes off take a short break. You can put off any interruptions or distractions for that short-period.

The pomodoro technique seems counter to getting into The Zone which may take 15 minutes to reach and once there, you want no interruptions. However, if you get stuck and can’t get anything done as Joel writes, pomodoro might be a way to kick your self in the butt.

A tip from me is try to avoid the Stats Refresh Compulsion, you know the hour after you post something and you check 30 times if you received a like, a re-tweet, views or some sort of validation. You don’t need to see each one come in and you’re going to check again in an hour, just wait.

{ Tools }

Inbox Pause is a nifty tool to do just that put a pause on your email. If you are trying to get work done reading and answering emails, getting new ones in is distracting. Inbox Pause helps remove that distraction but putting new mails on hold.

A quick tip, don’t login to a remote machine to just run a single command. You can easily send a remote command using ssh.

Need to run the same command on multiple machines, check out dsh: the distributed shell. An easy to use tool to send commands to many machines. Available in most package repositories, just an apt-get install dsh away.

Get instant coding answers via the command line using Benjamin Gleitzman’s howdoi tool. This handy utility pulls answers from Stack Overflow and displays nicely all on the command-line.

{ Bits & Bytes }

Save yourself some time and just trust the experts. There are a few electronics and gadgets that interest me, which I’ll research and spec out a bunch. However, the majority of devices, I just want a quality product. Now I’m using the Wire Cutter as my trusted source. If I’m looking for something I just trust whatever they say is best.

Along the same lines, don’t research basic things such as the best pen to buy some of us have problems, pen addicts, and as enthusiasts can read and write in depth about a mundane topic. Sometimes you just need a Bic and go. The Wire Cutter says, the Uni-ball Jetstream is the best.

A time sink, but in my research for this edition I came across Behance articles 99U – Insights on making ideas happen a whole slew of productivity porn articles – be careful you don’t spend too much time reading about how to save time.

January 31, 2014 – Hacking and Security

A small change, I migrated rookery i|o to my already established tech site at, which I should of done in the first place, but I liked the rookery name. You can subscribe to just the e-mail newsletter or if you follow the blog you’ll get one or two extra blog posts every so often.

Ok, on with the show, this week we look at security, online safety and hacking…

{Security Hacking}

Curious what your android device is doing, Victor Dorneanu was and
sniffed his Android phone for 24-hours. He posts his results and how he monitored the phone, so you too can see what all those random apps you installed are doing.

What’s your neighbor doing? Null Byte has a tutorial on how to find out by hacking into your neighbor, please use wisely and for security awareness. Is stealing wifi bandwidth ethical?

Zed Attack Proxy is an open source tool to help find vulnerabilities for your web site, I repeat your site. It is created by the OWASP group, the same group that publishes the annual Top 10 security vulnerabilities which every developer should understand. Burp Suite is another site scanner tool, a commercial product, but a free version is available.

Everything you wanted to know about Security Engineering is available for free in this online book; covering from access control to cyrptography to nuclear controls it has it all. The online format breaks chapters into pdfs but a quick script could probably download them all and merge together.

A few practical commands and things to look for to catch a hacker on your linux system. Most likely this will only tell you they’ve been there, doesn’t really catch them.

{Online Security & Safety}

A study of the top 100 sites finds does more to protect customer passswords. Target is also included in the top sites, so online password security isn’t everything. MLB is at the bottom of the list, probably because everyone uses “GoGiants”

Viral Mom gives some basic tips to safeguard your online identity. An easy common sense list everyone should be following. This is one you can forward to your non-technical to ease them in to better security practices.

Passwords are by far the weakest link in online security and looking at this list of most common passwords people still need reminding, don’t use “123456″ or “password” as your password.

Your best bet is to use a password manager to create really long random passwords and to remember and fill them out for you.

The security group for the UK government found that Linux is the clear choice for secure computing far ahead of Windows 8 and Mac OS X.

Us geeks might chuckle about people not understanding technology, but a Cambridge study shows that most warning and error messages are confusing. If you’re writing software, help your users, keep your messages clear, non-technical and authoritative.

Story of Naoki Hiroshima who was extorted for his @N Twitter handle by a compromise of his DNS server. The weakest link will always be exploited, this time by social engineering via telephone.

{Further Reading}

For more security reading, you should subscribe to Bruce Schneier’s blog on security, lately he’s been beating the dead horse that is the NSA story a bit too much. However, he is considered the foremost expert on computer and internet security and writes well about the topic.

{Bits & Bytes}