This is the blog, but if you want to know more about me and my projects, check out the Projects and About pages.

Paywalls are OK, but Dumb Paywalls Aren't

I have hacked the paywall of my hometown newspaper’s website,, two or three times now. The first time came with more fanfare than I expected and the subsequent times have been more quiet, but each time I get some version of this pushback:

Twitter Convo

Look, I understand this point of view. You can, and many have, debated the business merits of paywalls for media companies such as the St. Louis Post Dispatch (yes, they over-thought the hell of their domain name). I think paywalls can and do work well, but it’s only viable for the big national sources and it doesn’t make business sense for regional news sources, but I understand why their employees might disagree.

What I can’t understand, and it’s the same reason why I keep testing their paywall every time they roll out a new version, is why they keep implementing their supposedly critical business solution is such a crappy way at a technical level.

To review, every single paywall has been implemented entirely on the client side. The first version was based off of a meta tag, and the most recent version was done primarily in CSS. It is even a paywall at that point? You’re requesting the article with their browser and they are giving the whole thing to you, but then they hide some of it…but you still have all of it sitting on your computer! This is akin to them giving out free newspapers with the last few sections stapled together unless you pay for it. All I did was leave a staple remover on the table. If your media business is struggling to survive you should come up with something stronger than a staple to keep your business together.


The Top Five Highlights of Defcon 27

Voting Village at Defcon 27

I love Defcon. For years, since I was a young script kiddie in high school, I had attending Defcon, the crazy huge hacker convention held every year in Las Vegas, on my bucket list. Now, Defcon 27 was my third Defcon and I seem to enjoy the conference more every year.

I could, and have, talked about Defcon and my love for the Defcon community at length…but I won’t here. What I do want to share is a short list of some of the best things I saw, learned, and experienced this year at Defcon.

5. Social Media Manipulation

One of the first main conference talks I attended this year (meaning it will be posted online at some point) was about social media manipulation. The primary point of the talk was discussing a particular botnet worm that a group is using to generate fake clicks, comments, and other engagement, but the talk was an interesting tour of the dark side of social media all together.

When I attend Defcon I do it as myself and work hard to keep my “day job” at arms length so that I can enjoy the conference and not feel like I have to tie it back to my professional work in any way, but obviously in my role as CTO of Studio71, this topic is of particular interest and I think there’s more the Studio71 team can do to research this topic in the future.

4. Everything Your Dev Team Does is OSINT Fodder

I’ll be very short here as this talk was off the record, but it’s amazing to think about how much information you and your teams leak by using standard development tools, such as Jira. Click a link from a ticket and your referrer information tells that site little bits of info. Is all of it bad? No, but added up and it could be. Something to think about.

3. Biohacking Disclosure Issues

Some people go to Defcon and hyperfocus on one or two topics they are particularly interested in, such as hanging out the whole time at the lock picking village. I love to talk to those people, but I’m more of a Defcon omnivore, roaming around the conference popping in to lots of lots of different things that sound interesting even if I have no plans to follow up with that topic later.

For example, on a whim, I walked in to a talk on biohacking and it was a panel discussion on the issues involved in biohacking (ex: finding security flaws in medical equipment such as a pacemaker). It’s not entirely shocking, but the medical industry has a long way to go in regards to responsible disclosure of exploits and ensuring all devices are as secure as possible. Really interesting stuff, and the key take away for me is: If I ever have to use a device like a pacemaker, dialysis machine, etc, ask a lot of questions and search the internet for the device maker before you move forward. The last thing you need is a pacemaker with exploitable software lodged in your chest for years.

2. The Fake TSA

There was a long line (no uncommon) to get in to the Defcon Arcade party on Saturday night. Just as the doors opened and the line started moving a group of guys wearing blue polo shirts ran up next to the line, set up a table, put bins on the table and started asking people to present their bags, take off their shoes, and walk through a metal detector. This was a joke. It was very much a joke…and yet…that wasn’t clear or that bit of monkey brain we all have that was programmed by almost two decades of travel didn’t want to question it for a lot of people. People started to grumble while taking off their shoes, and as I walked around the TSA stunt I heard one of the “agents” telling someone: “Dude, calm down. It’s a joke!”

Don’t let security theater seep in to your monkey brain.

1. Hack the Vote

The Voting Village is always equal parts awesome, enlightening and depressing…ok, maybe it’s 60% depressing, 20% awesome and 20% enlightening. This year, I took part in a group discussion, again off the record, with various election officials on what they can do to improve their security. I really feel for the gentlemen we worked with. I really believe they are doing everything they can to protect the vote in their counties (from a midwest state) but they are handcuffed on two key elements: The antiquated, potentially un-patched, voter registration system managed by the state, and the lack of decision making power to force a move to paper ballots.

I’d love to find ways to help on this, but the red tape and infighting make that so difficult, but even if I could step in an officially help these two midwest counties, what could I do that they haven’t? Maybe tighten a few things like forcing longer passwords, but if the State is unwilling or unable to upgrade their system and confirm that basic system maintenance is taking place, what can anyone do about it? The Federal government is the only entity that can, and we all know that one party is…disinterested…in making these critical changes.

See you next year, Defcon.

(And see you in October, ShellCon!)

My First Mention in Variety

I’m late on this on the blog, but after a few years of working in entertainment and two years of living in Los Angeles, I got my first name drop in Variety.

A few weeks ago, we were talking internally about the entanglement of buyers and sellers and products and platforms, when someone wondered aloud about how many different ways there are to sell branded content in the market. Our CTO, Mike Flynn, was in the office at the time and took that question as a math challenge. He immediately set about doodling an equation to explain the cacophony.

Big picture? It’s nice and doesn’t matter much, but it is cool. I’ve also had posts on the front page of Hacker News a few times and that’s certainly lead to more emails, but it’s still cool to get a mention in the Hollywood press.

via Variety

Techcrunch Gives the Finger to Journalism and Kicks Newborn Puppy While Slapping Your Mom

In the latest segment in the endlessly long syndicated program entitled “Every Thing is On Fire at Journalism’s House” we have Techcrunch writing an article about the new but only Wednesday mid-day level news of Amazon Web Services launching the DocumentDB service.

I’ll let you guess what the title of this article, written by Federic Lardinois, is running in a (formally) respected tech news source.

A: “AWS Launches New DocumentDB service to take on MongoDB”

B: “MongoDB challenged by Amazon Web Services new DocumentDB Service”

C: “AWS gives open source the middle finger”

D: “You can earn $100 an hour working from home buying stuff online! Click here!”

At this point D is a solid guess so no shame there if that’s where you went, but the answer is actually C. C! “AWS give open source the middle finger” is the title of an news article and it’s blowing my mind. Also, and this is the real kicker here…spoiler alert…no they didn’t.

AWS launched DocumentDB today, a new database offering that is compatible with the MongoDB API. […] In effect, it’s a hosted drop-in replacement for MongoDB that doesn’t use any MongoDB code. […] AWS argues that while MongoDB is great at what it does, its customers have found it hard to build fast and highly available applications on the open-source platform…

No argument here…

It’s also no secret that AWS has long been accused of taking the best open-source projects and re-using and re-branding them without always giving back to those communities. […] MongoDB was one of the first companies that aimed to put a stop to this by re-licensing its open-source tools under a new license that explicitly stated that companies that wanted to do this had to buy a commercial license.

That’s a perfectly fine solution. AWS no longer uses MongoDB or they pay for it. Seems fair, but the article goes on to list several quotes from MongoDB executives and even describes them as “feisty.”

“However, developers are technically savvy enough to distinguish between the real thing and a poor imitation. MongoDB will continue to outperform any impersonations in the market.”

That kind of thing. Then after that Lardinois ends with a quick aside that mentions that AWS has actually been better about giving back to open source lately, but MongoDB is pissed because they “bypassed” their license. The end.

That’s it.

Did I miss the middle finger?

Did I miss the part where you told everyone about the new service AWS was offering?

Did I miss the part where MongoDB actually gave solid reasons why a company would want to run and scale MongoDB themselves rather than pay AWS to do the dirty work?

Lets review and see if we can find that middle finger…

  1. Amazon used MongoDB, which was an open source product.
  2. MongoDB didn’t like that so they changed their license to force Amazon to pay to use it.
  3. Amazon stopped using it and made their own similar product.
  4. MongoDB got super mad and stuff and called their buddy at Techcrunch to tell him all about it.

Did MongoDB actually give the finger to open source? Did Techcrunch give the finger to news? Did AWS do what all big tech companies do and you can choose to use their products or not? Is this the first time I’ve been to Techcrunch in years? Can you end an article with a series of questions?

(Yes. Yes. Yes. Yes. Yes.)

via Hacker News

My Current Media Diet - January 2019

In the vein of the wonderful and prolific Jason Kottke, I’d like to start sharing my current media diet on my blog. I’m not going to keep track of everything I read, watch, or listen to, but I do think a general review of what I’m consuming would be interesting to others and myself in the future.

Spider-Man Into the Spider-verse


I’m slow on movie intake these days, but we did take the whole family to “Spider-Man: Into the Spider-Verse” and I throughly enjoyed it. Very funny, the art direction was amazing, and loved the focus on Miles. I can’t wait for the many sequels. I think Sony as finally done something interesting with their Spider-Man license. (To be fair, 2004’s Spider-Man 2 was pretty good, but that whole trilogy has been hopelessly tainted by the atrocious Spider-Man 3)


Outside of “The Office” reruns, I have watched half of the third season of “Daredevil” on Netflix but stalled out over the holidays and then watched the entirety of “Bodyguard” which was really awesome. Best show I’ve watched in a while.


As of this moment, I’m tracking some YouTube creator drama, checking out the world of mechanical keyboards and watching people fix old Hot Wheels.


I’ve stalled a bit on my Audible queue in favor of Podcasts, but I’ve started “Countdown to Zero Day” (interesting but pretty dry) and “The Coming Storm” (same).


I beat Far Cry 4 in early December and moved in to Spider-Man on the PS4. On mobile, I’m playing a lot of Alto’s Odyssey while waiting in line or while watching TV.


My usual weekly roster applies:


Current Go-To Spotify Playlists or Albums:

mikeflynn @ GitHub thatmikeflynn @ Twitter