Images, Objects, and Privacy Badger False Positives

Today on Twitter I saw the a tweet by Kay Marie showing a very seductive and enticingly beautiful image of Piper for a group blog she had written at Humiliation Bootcamp.

Just to be clear, it is an adult blog so do not go looking at it if you are not at least 18 years of age and at least the minimum age to look at adult content where you are located (might be above 18 in some places)

Anyway I followed the link to the blog, expecting the image to be part of the blog, but I did not see it. A reduced size of what I saw is below.

No image in the blog, but because the tweet about the blog had one, usually that means there is suppose to be one. The culprit blocking it is often Privacy Badger.

So I looked at what suspected trackers Privacy Badger was blocking, and one of them was Piper’s main blog – Your Naughty Lover.

DISCLAIMER – I am not in any way responsible for the content, code, or administration of those mentioned blogs. They are just referenced here as a demonstration of what I want to create a general solution for.

Her main blog wasn’t trying to track me, it’s just a standard WordPress blog. But since I had been to her blog, my browser had a cookie from her blog with a unique identifier. That means if a blog on HumiliationBootcamp.com contains an image hosted at YourNaughtyLover.com that cookie will be sent when my browser requests the image, and that is why Privacy Badger saw it as a potential tracker and blocked it.

Adding YourNaughtyLover.com to the white list in Privacy Badger allowed it to load:

That’s better, much better, and is what I was intended to see.

Several problems however were exposed that have solutions. Well, will have solutions once I finish work on them.

The Exposed Problems

The obvious problem is that a side effect of the image being hosted on Piper’s main blog is that anyone who has been to her main blog without clearing the cookie will have a cookie that is sent with the request for the image. That triggers privacy software to block it, because it looks like a tracker and could be a tracker.

The less obvious problem is that all the benefits of responsive images have been lost. When you view the source to the blog, you see the following:

[LEFT ANGLE BRACKET]img class=" wp-image-3355" src="http://yournaughtylover.com/wp-content/uploads/2018/02/2a-1024x683.jpg" alt="" width="444" height="296" /[RIGHT ANGLE BRACKET]

There is a single version of the image available. However many modern web applications, including WordPress, are capable of responsive images. Responsive images are where many versions of the same image exist and the browser selects the smallest one that is large enough to render in the space provided taking the device pixel density into consideration.

In this case, only one image was provided, but knowing how WordPress works I was able to easily guess that many other versions of the image actually existed on the original host. Here is a link to the largest version of that image:

http://yournaughtylover.com/wp-content/uploads/2018/02/2a.jpg

There are many other sizes too, automatically created when the largest one is uploaded. But they are not available to the Humiliation Bootcamp blog because it does not know about them.

Alice’s Solution

One of the things I am working towards is file resources as objects. As in as PHP objects. An image would be seen by the web application as a PHP object and not as a URI path as web applications currently see them. Yes, when the page is served it is a URI path, but to the web application it is an object.

So uploading the image 2a.jpg to Piper’s blog would not only resize the image, but also create a Redis database entry with information about the entry needed for PHP to create and cache the the object view of the resource.

Part of that object could be that path to a cookieless pull type server that external servers could use when referencing the image. For example, say LDW had a cookieless domain set up at images.ldwgroup.com that acted as a pull server.

Piper’s blog wouldn’t need to reference images as being on that host (though it could), but that host would be referenced in the image object as PHP sees it.

When Piper wants to use the image in a blog hosted at another domain, she can just keep doing what she does now – give http://yournaughtylover.com/wp-content/uploads/2018/02/2a-1024x683.jpg as the URL to the image in the blog on the other domain.

However that other blog before just using that one version of the image would look to see if http://yournaughtylover.com/wp-content/uploads/2018/02/2a-1024x683.json (note the extension is different) existed – and if it did, that JSON file would include the information needed for HumiliationBootcamp.com to create its own own object – including using images.ldwgroup.com as the image source and all the sizes the image is available in so that HumiliationBootcamp can create a responsive image tailored to the device displaying the image.

When the browser asks for the image from images.ldwgroup.com since that hypothetical domain would not ever set any cookies, browsers wouldn’t have cookies for that domain, and it would never be blocked as a false positive potential tracker.

images.ldwgroup.com if it had the image would directly serve it – but if not, it would ask for the image (based on path) from YouNaughtyLover.com and then serve it, but then it would have that version of the image next time it was requested (that’s what a pull server is – sometimes called a pull CDN if there are many geographical endpoints).

Anyway, that’s the kind of thing I’m working on with my File Resource class –

https://github.com/AliceWonderMiscreations/FileResource

That’s just the base abstract class, but what I’m doing with it, that’s what is going to be wicked.

Alice Out.

The Danger of Facebook Trackers

If you use Privacy Badger, it is easy to see what trackers a website has embedded in it. They will be listed in the list of trackers Privacy Badger is blocking.

Privacy Badger Logo

If you are not using Privacy Badger, you probably should be.

Privacy Badger is a project of the EFF and can be downloaded from https://www.eff.org/privacybadger.

It detects tracking cookies and blocks them. It also gives you the ability to white-list those you either know are false positives or otherwise do not mind being tracked by. For example, I do not mind being tracked by Spreaker, I believe they are a good company and do not believe they are doing nefarious things with what they track about me. I am choosing to let them track me, it helps them suggest podcasts I might enjoy.

But most trackers I do not like.

Yesterday, I went to a website where one of the trackers was a Facebook tracker. That is very very common. I decided to temporarily disable Privacy Badger and look at what was actually being done. It shocked the hell out of me.

This wasn’t just a tracker with a unique identifier, Facebook was transmitting personal information about me over an insecure connection.

The Tracker

The tracker visually was in the right-most column of a typical WordPress 3 column display. Note that on phones, it would still be there, but just not visible at all – the column it is in would have a CSS display property of none. But it would still be there.

Anyway this is what it looked like:

Screenshot from Web Page

The blue areas are what I blotted out to keep the identity of the web site secret, I informed them of what is going on and they removed the tracker.

Anyway there was a text hyperlink stating “Follow xxxx on Facebook” – with empty white space below it.

That empty white space I suspect is suppose to have a Facebook like button, but that seems to have not worked.

The white space though was an iframe.

If you are not familiar with what an iframe is, it is basically the HTML5 method for embedding one web page inside of another web page.

The embedded web page is quite often on a completely different server, and in this case, the embedded web page was on a facebook server.

FireFox right-click menu

In FireFox when you right click a part of a web page, you are presented with a menu list of options.

The Inspect Element (Q) menu option lets you look at the HTML source as the browser see it.

This is different than View Page Source. View Page Source only shows you the HTML of the page as it was served. Inspect Element shows you what it is like after scripts have run and third party resource have loaded and helps you see what CSS rules are applied etc.

Anyway, Inspect Element is how one views the source for an iframe as it is pulled into the web page, and that is what I needed to do to see what the Facebook code in this page looks like and actually does.

Insecure Connection – Shame on Facebook

That’s what the Inspect Element frame looked like, again I used Blue to protect the privacy of the company running this web site.

That is a cropped view. Look at the iframe src – it uses standard http for the iframe, it does not use https. That means the html source from the facebook server is being sent to the web browser WITHOUT encryption. Anybody can read or even modify the contents of the iframe.

The highlighted line is the HTML source for what is in the iframe, that is what I really wanted to look at.

As you can see, there is not much in it. There does not need to be much in it, the intent as I suspect is just to produce a “Like on Facebook” button.

Why that did not work and there was no like button, I do not know, but that did not concern me. What did concern me is what was in those three script nodes.

The first two were just short fallback stuff to detect if async was possible, etc. The third script node however shocked me.

Again the blue blotches are to conceal the website this was on.

The yellow blotches however are to conceal my own private information – both my legal name and my facebook user ID number that remains static even if my legal name changes. A cropped view:

The script itself, sent over an insecure connection, contained my Facebook Account ID, my full legal name (I blotted out my last name there), and my short name. It’s possible my birthday is there too but in part of the script that isn’t visible in the Inspect Element window without horizontal scrolling – there were some JS variable names that had the word birthday in it, but I did not hunt through the code off to the side to see if it was there.

Anyway, there you have it.

Over an insecure connection, Facebook was sending a piece of plain text JavaScript that is easy to machine parse that included both the name of the website running the WordPress blog (blobbed out in Blue in the image) and my full legal name and Facebook account ID number.

Anyone could sniff that data, and the fact that I was at that website isn’t really something I would want Facebook to know about.

That is what trackers do. They invade privacy, and very often with extremely sloppy security that makes it easy for your private data to be leaked to anyone with just a little skill.

Facebook isn’t the only one that is this sloppy, many of them are.

They don’t give a damn.

Autism and Empathy 2

I wrote a blog about this earlier but now I have a specific example that I think quite clearly demonstrates the difference between Autistic emotion and Neurotypical emotion.

I hope I am not burning any bridges by posting this, I will not share this on social media and almost no one reads this blog so hopefully it won’t be seen as offensive.

Recently a company I am a customer of, I have frequently in private expressed my frustration at the third party trackers that company has all over the websites it manages. I have expressed that concern for years. I do not like it.

I can block most of it myself with Privacy Badger but it bothers me that they are so willing to trade tracking information of their users in exchange for widgets on their sites. They should hire someone to write the widgets they need without trackers. Not me, their site is WordPress and I fucking hate the WordPress code base and even got kicked off their mailing list for calling some of their devs a bunch of fucking idiots (just for the record, I agree with getting kicked off the list for that, but I was also being truthful).

Yet here I am using a WordPress blog. My purpose is actually to expose myself to the user interface because I want to create something secure that users will use, and while I am good with code, I don’t understand what users want in an interface.

Anyway, Internet Tracking is a huge invasion of user privacy and the fact that it is so prevalent is a very serious issue for me. This company is one that especially should be concerned about the tracking of their users.

I love the company, I really do. For years, every time I share a link to their products and services it creates an internal conflict because in doing so, I am exposing other people who follow the links to the tracking that takes place as a result.

It may seem silly to the neurotypical people, but to me it is a very real problem and to a large extent I feel betrayed because on the surface, the company claims that privacy is important to them, they claim to provide high quality service, yet they continue to trade the privacy of their customers in exchange for free WordPress widgets instead of hiring a coder to create what they need that doesn’t track, or even finding free widgets that do not track.

My emotion that I frequently feel is that they are lying to me when they say my privacy matters to them, when they say the privacy of others matters to them, because I have informed them of the privacy violations taking place and they do not take action to change it.

From the song “Behind Blue Eyes” — ‘No one bites back as hard on their anger‘

For years I have been holding back on how upsetting it is for me for a company that is in an industry where privacy is important, for a company that claims that privacy is important to them, for a company that claims part of their higher than industry average fees is higher quality service, to allow their customers to be so blatantly tracked by third parties.

It has been a serious battle for me to hold back for as long as I have because it does feel like a betrayal to me. I know they do not intend it as a betrayal, but that is what it feels like whether it is intentional or not. And the only reason I have bitten back for so long is because I really really really like this company.

It is clear to me that either they do not care about why I feel that way, or they do not understand that I feel that way even though I have tried to express it in private. I choose to believe the latter because I do believe they are good people.

But not understanding my feelings doesn’t mean they aren’t real or that I do not have them, it just means they either do not know I feel that or do not comprehend why I feel that way. The feeling themselves are very real, but without understanding them, it is not possible for them to have empathy with those feelings. That’s an important concept.

-=-

Two things happened that cracked my ability to continue my silence on the issue. First, I went to one of the websites run by this company and Privacy Badger reported an unusually high number of trackers on that page, I mean radically high. When I looked at what Privacy Badger was reporting, most of them were legitimate trackers and not false positives.

I then wrote a blog post on the issue. Since deleted, but I had to vent somewhere, because it really really bothered me.

A few days later, the Cambridge Data / Facebook misuse of tracking data broke.

That triggered some pretty strong emotions from me. Not because I was surprised, I knew this sort of thing was happening.

Basically when data about a person is collected without explicit informed consent, it will be abused. How can it not be abused when the person does not know how the data is to be used to even agree with what is being done with it?

Some people may not agree it is abuse, but whether tracked information can be used for a purpose is not the decision of those people, it is the decision of the person who tracked. Without their explicit permission, it is abuse. And often the abuse negatively impacts the person,.

The only way to collect data without explicit consent and not have the data not be abused is to completely anomymize the data in such a way as it is simply not possible to connects the dots from the data to the person.

It wasn’t that the data was being abused that bothered me, it is that I have been warning about this very thing for YEARS and people shrugged it aside and then suddenly when it is revealed my warnings were dead on, people were suddenly shocked and offended. Incidentally, Facebook is precisely one of the trackers I specifically warned about but was brushed aside as a loon for having concerns.

What that trigger did, I posted a screenshot from privacy badger of a website run by this company specifically showing that their sites include third party trackers from Facebook, and I tagged two of their blog administrators in the tweet.

That resulted in a response from the company, but not what I was looking for. What I was looking for was “We are working to fix this issue” but that is not what happened.

Keep in mind that notifying them in private is something I had tried numerous times in the past, and not just with them – with many companies. Publicly calling a company out over an issue the public is presently concerned with is often the only way to get action, which was my goal. My method at attaining that goal clearly failed, instead I think I pissed them off.

Clearly the approach I took was wrong. It caused emotional pain, I need to learn how not to do that. I acknowledge that, I own that. What is the right approach to get the trackers taken out of their site, I do not know, wish I could figure it out. They say they care about privacy so they can’t be adverse to removing them, I just don’t know how to get the action needed for their websites to match what they state.

Why is this is so important to me? Believe it or not, empathy!

Secret recordings show Cambridge Analytica would spread gay rumors to take down candidates

The same company that was misusing the private data from Facebook was involved in anti-gay bigotry as propaganda.

What happens when someone is exploring gender identity issues they do not want to have public, so they go to a website run by this company, and are tracked for visiting those sites – tracking that ties to their identity – and that tracking data ends up in the hands of someone like Cambridge Analytics that will use it for ill?

I do not want to see that happen.

-=-

The emotions this conveyed to me are real, I can not deny that. However, I do not understand them. Just like they do not understand my emotions. That makes it impossible for me to empathize with their emotions.

I was told that it “felt like a betrayal of trust” because they thought I was “part of the team”. That is their emotion, I just do not understand it.

First of all I do not know what it means to be considered “part of the team”.

I do not work for them, I am not their employee nor have I done any contract work for them.

Many years ago when I had a lot of money to spend with them, I wrote a WordPress plugin that anonymized Gravitar data collection – Gravitar takes an unsalted md5sum of an e-mail address which isn’t very secure, it becomes easy to determine if a particular e-mail address created a particular post reply. So I created a WordPress plugin that added a salt first to prevent that from happening. They ran it, so maybe that is what they meant by “part of the team” but that was so long ago and it appears they no longer use it. I’m guessing a WordPress plugin broke it, an Automattic employee once expressed that he did not like what my plugin did (Gravitar makes it cake for Automattic to track users) , I wouldn’t be surprised if code was put in specifically to break my plugin. I don’t know, I just would not be surprised.

I offered them a birthday calendar plugin, the company CEO said she would have the blog admin look at it but I could tell from the server logs no one ever accessed it, so my guess is they did not want it but just wanted to be nice about it, and I can both understand that and empathize with that.

I initially offered Naughty.Audio to this company and again they said they would look at it but it was clear to me they did not want it. So I run that myself.

I offered to recreate a stale site of theirs that full of bad links, but that also was something that ultimately they did not want.

I offered to create a solution to an audio problem that exists on one of their sites, and at that point since I was fucking broke and nearing eviction, I offered to do it for a price but I got no response at all.

I don’t see how I can possibly be considered part of any “team” or what they mean by that, but apparently they saw me as part of the “team”.

I certainly do not feel like any part of a “team”, especially when what I know are valid concerns about privacy and tracking are just brushed aside and it is suggested that it is something we just have to accept happens.

This may not be fair of me, but this is how I feel. I sometimes wonder if I’m actually seen as just an “Oh him again” except when it is convenient for them to see me as part of a “team.”

I do frequently share their links on Twitter and Tumblr. I do not do that because I am part of any “team” – I do that because I really like that company and feel loyalty to them. That loyalty to be honest is really waning. The things that are important to me do not seem to be important to them, and it seems I am treated much differently now that I am really poor. That last bit isn’t suggesting class discrimination, my own demeanor has changed since I have become poor and that could be why I am treated differently now. However regardless of the cause, the loyalty I feel to that company has been waning. But I still really like them.

It is possible to really like a company but not like one aspect of it, at least for me. Maybe for some people that is not possible.

The Republicans for example – they think it is impossible to like America but dislike many of the policies, and they call us America Haters when we speak out against the policies we do not like. I am not like them. I can really like something but still not like one or more aspect of it.

With respect to betraying trust, neither the blog post (now deleted) nor the tweet (now deleted) involved any information I was trusted with. Any random joe blow could have made the exact same post and tweet without any prior contact with the company, so I do not understand how it was a betrayal of trust.

But they clearly felt that way, and just because it does not make sense to me does not invalidate their feelings – which is why I deleted both the post and the tweet.

A quote I have seen many neurotypical people use:

An acquaintance merely enjoys your company, a fair-weather companion flatters when all is well, a true friend has your best interests at heart and the pluck to tell you what you need to hear. — E.A. Bucchianeri

That, or quotes like it, are commonly spread around but it seems that does not always apply and I can not figure out when it does and when it does not, this seems to be a case where it does not apply and I should not have had the pluck to tell them what they really need to hear yet so far really haven’t.

I was trying to be a true friend as it is so often defined and I do not understand the emotion it invoked.

Since I can not understand the emotion they felt, I can not empathize with it either.

And that is why autistic people often are seen as lacking empathy.

But it’s a two way street. They obviously don’t understand my emotion either and thus can not empathize with it.

Please remember that when hear people say autistic people lack empathy.

We don’t lack empathy, in fact we often have very strong empathy. But empathy simply is only possible when we understand the emotion.

And when you think we lack empathy, please understand we feel the same way quite often when our own emotions are not understood, when we are told our failures in society are our fault because we do not fit in to a world of people that are fundamentally and neurologically different than we are. That is something even many “autism experts” completely fail to understand and completely lack empathy for.

It is true that sometimes we do not understand the emotion of the neurotypical, but it is just as true that the neurotypical often does not understand our emotion.

Regardless I do not want to burn any bridges but the emotions I am building up over this are just too strong and I literally have no outlet. I can’t afford a therapist and my best friend is a PSO that I can not afford to call. I haven’t spoken to her since December. The only other people close to me always say the answer to problems are in the Bible, yet from what I read in the Bible, the answers it has they are politically opposed to. I literally have no one that I do not pay and right now I can pay, which means frustrations will come out in public and burn bridges even more.

So I have to stay away from that company, completely, or I will just make things even worse. Not my intent but that will be the result.

Tracking, Advertising, Yada Yada

Anyone who knows me knows that I have ranted and raved and bitched and whined about Internet tracking for years and years and years.

Original Source: https://pixabay.com/en/bird-wild-world-animal-nature-3113835/

With the recent revelations about private user data tracked by Facebook being used improperly, it demonstrates exactly the kind of issue I have been warning about for years.

When it comes to web application security, there are some fundamental rules I try to live by:

A) Bake security in from the start. Do not try to address security as an add-on.

B) Trust can and will be exploited. Always validate when you can.

C) Security needs to be proactive. When it is only reactive, you are vulnerable until something happens to trigger the reactive measures.

The reason why I mention those three fundamental rules, it is impossible to have privacy without security. Any web application that is aims to keep user data private MUST make security a priority.

With respect to Internet Tracking, there is another fundamental rule.

If the data can be abused, it will be abused.

It is irresponsible to assume that data your web application allows a third party to track will not be used in ways that are harmful to your customers.

This is why it is very important to simply not allow third party trackers. At all. When you allow a third party tracker, you are allowing that third party to collect data about your users that not only can be abused, but sooner or later it will be abused.

The recent Facebook scandal – the only reason we know about it is because there was a whistle-blower. Had there not been a whistle-blower, well…

I can guarantee the same thing is happening at many more companies. We live in a capitalistic society where money has more importance than people. The data will be abused and it is being abused.

Web application developers need to develop web applications that do not use third party trackers, and more importantly, web masters need to stop deploying web applications that do use third party trackers.

Content Security Policy

Web masters need to deploy something called Content Security Policy (CSP).

With CSP, you can define precisely what domains what types of content referenced by your web platform are allowed to come from. Using CSP prevents the accidental loading of third party trackers, a very common problem for web sites that deploy web software updated without a packager between the upstream developer and the deployment.

When there is a packager, a person between your deployment and the upstream developer, these issues are often caught. These people though need to be paid to review the code, so when tools like Packagist (via Composer) and WordPress’ AutoUpdater came about allowing direct update from the upstream developer without needing to pay a packager, most companies jumped on it even though the result is that it allows the upstream developer to exploit the trust you have in them – because there is not someone verifying the integrity of the package.

That use to be how I made money but it is clear companies now would rather trust upstream developers than pay someone to verify. I have to accept that. That being the case, it is critical to employ Content Security Manager as a proactive security measure to protect your users when an upstream developer exploits your trust in them and sneaks trackers into updates.

For example, it is not uncommon when using Packagist or the WordPress updater to find out that the new version of some software or plugin contains trackers that did not use to be there. CSP will prevent those third party resources from loading in the browser of your users, protecting them from the tracking that results. In some cases it may break your web application, but it is better to have that broken so you can find an alternative that does not track your users than to sacrifice the privacy of your users.

The Advertiser Problem

Advertisers on the Internet are a massive problem with tracking, and with the Internet in general.

In the old days, advertisers did not have any data on the individual person viewing their advertisement. A magazine or a TV show would produce quality content to attract viewers and then the advertisers would pay for advertisements based upon market research showing how many of people from the demographic they are targeting read that magazine or watched that TV show.

That has all changed. Advertisers no longer have to care about the quality of the venue or even what the venue, they pay per click or they pay per view and the advertising agencies target the user based upon tracking data they collected on that user, not based upon the demographic expected to use that venue.

As a result, the quality of what is produced has been greatly reduced in general. Web sites do not have to create content that retains users like magazines and TV shows did, they only need to get the user to the site and they get paid.

This is why so much click-bait and poorly written articles full of keywords and SEO tactics exist. Quality that retains users is not what gets the revenue, tricking the user into clicking on a link to your page is what gets the views, and tracking of that user is what determines the advertisements they see.

If we address the track problem so it does not happen, then the quality of the Internet in general will increase because advertisers will once again look for sites that produce quality content for the demographic they want to market to.

Solving the Content Security Problem

While you can create a Content Security Policy right in your Apache .htaccess file or use PHP to send the header, that really is not ideal.

There are times when you will want the CSP to be adjustable.

For example, some users may be willing to be tracked by YouTube at your web site in exchange for the ability to watch YouTube videos other users shared there. The default policy should be to block those resources, but specifically allow the user to consensually opt-in to tracking if they do mind being tracked.

They still will be tracked, but it will be informed, voluntary, and at any time they can change their mind and decide they no longer wish to be tracked by YouTube and they can then opt back out of seeing the videos.

Just as an example, they may decide they want to see the videos on their home computer and be tracked there but not see the videos on their work computer or smart phone. A solution that allows the user to control if and when they are tracked would be very valuable.

I am going to develop a PHP class that does just this. It will allow a JSON configuration file for the base configuration (what remote hosts you always want white-listed – which should only be hosts you control and maybe a CDN with a very good reputation, like code.jquery.com for jQuery though I personally wouldn’t).

The CSP object created from that base configuration could then have other resources added, such as the domains that need to be white-listed for YouTube, either from additional JSON files or from methods that are part of the class.

That way your PHP could check the session data for the user and add those additional domains resources are allowed to come from when the user has specifically opted in acknowledging their use on that device will result in tracking.

I will start working on this class by this weekend.

https://github.com/AliceWonderMiscreations/ContentSecurityPolicy is the github where the work will be done. It will be a PHP class. Unfortunately it will require PHP >= 7.1 because 7.1 introduced some features I am really fond of, and I’m too poor to have the kind of development setup that makes it easy to work with the archaic versions of PHP that people shouldn’t be using anymore but often are what hosting providers have. None of my currently produced code works in 5.6 or older. Much of it works in 7.0 but I can not easily fix bugs when it doesn’t, so 7.1 and 7.2 is what I develop for.

Solving the Advertiser Problems

Advertisers are an important source of revenue for many websites. When solving the issue of user tracking, using advertiser platforms that track simply is not an option.

It will take longer, and I will not start right away, but I already have an idea formulating based upon my FileResource class.

That class by itself is just an abstract class, originally it was part of my ResourceManager project for JS/CSS resources but I immediately saw the benefit of that abstract class being used for many different things, so I split it out into its own basic package.

What I will create is a class (perhaps more than one) that will make it easy to serve various types of advertisements from banners to videos etc. that will make use of the FileResource abstract class both for adding the code to the web page (either at generation or by Ajax) that will allow websites to sell advertising that is locally served to advertisers who want their products and services advertised at your website.

It will include a means of counting how often an ad is served and how often it is clicked on in a way that anonymizes the user while preventing double counts. I may even go the extra mile and provide an easy means for e-mailing the summary of views and clicks to the advertiser in a fancy report once a month.

No github for that project yet, I am still mulling in my mind what it will do.

Financial Support

As long as I can, I will work on these and other projects intended to assist in making the Internet safer, but I may become homeless by the end of the year.

I need to find a way to get some financial support for what I am doing.

One of the problems with the current Internet, many webmasters would rather sacrifice the privacy of their users in exchange for “free” plugins and apps and services that do cool things. Those products are not really free, you are turning your customers into a product to be traded without their consent.

Please help fund the solution. My code for this will be free, simply because it takes an incredible amount of money to start a company and market such a solution. Money I just do not have. Nor do I have the social skills needed to woo venture capitalists.

paypal@domblogger.net if you are at all compelled to help.

Some code I have recently released as free software if you wish to look at the quality of what I produce:

---

SimpleCache

This is an abstract class intended to extended in PSR-16 compliant cache solutions. It does most of the hard work of a PSR-16 implementation, and includes some useful features such as cache key namespacing and AEAD encryption of the cached content and the ability to stagger the expiration during cache warming so that everything does not expire at the same time.

https://github.com/AliceWonderMiscreations/SimpleCache

SimpleCacheAPCu

Extends the above class for using APCu caching. This is the cache engine I personally use because for the kind of caching I do, it is very fast, faster than any other cache implementation I tried. The downside of the cache not surviving a server daemon restart I am willing to live by compensating with cache loading (intentionally pre-loading the cache).

https://github.com/AliceWonderMiscreations/SimpleCacheAPCu

SimpleCacheRedis

Extends the SimpleCache abstract class for using the Redis cache engine. I created this extended class at the request of someone who like the APCu variant but wanted something persistent, which Redis provides.

Unfortunately that person did not pay me. It’s okay, they may be poor like me, and I told them to contribute what they can afford if they can afford. I guess they couldn’t.

Would have only taken about an hour if I was familiar with Redis, but I had to learn about Redis to do it right, Redis does some things differently than APCu that my code had to adjust for.

https://github.com/AliceWonderMiscreations/SimpleCacheRedis

If you read this far, thank you for your time.

Behind Blue Eyes

This song means a lot of different things to different people. That is one of the beauties of music, it allows for individual interpretation that helps us sort out our emotions.

 

This is my interpretation of this timeless song.

Before I dive into the lyrics, I want to talk about the phrase “Behind Blue Eyes”.

The Who was a band of white dudes from Europe. Blue Eyes in European culture, for reasons that are not so pure, are often seen as a symbol of heritage that has social status value. Look at how common blue eyes are when products are marketed to upper middle class white Europeans:

Blue Eyes symbolize social acceptance in European culture.

When The Who sings “Behind Blue Eyes” I take it that they are singing about the struggle to put on a front that is socially acceptable despite having feelings and emotions that are not. A skill I do not have.

The Lyrics

No one knows what it’s like
To be the bad man
To be the sad man
Behind blue eyes

That is an expression of frustration. He has to fit in, to keep the facade of social acceptance, but it is not what he wants, it is an inner struggle to be forced to try and be something he is not.

Some well-known examples of this are transgender people, if they express what they really are they are rejected as freaks so often they try to keep it bottled up inside and pretend to be what they are not. This is one of the reasons why suicide rates are so high among transgender people.

Another lesser known example is Autistic people. Autistics are frequently subjected to something called “Applied Behavior Analysis” that is promoted by many in the medical industry, that literally is a technique that wants to force us to hide who we are and make us change to suit what is acceptable to society, just like many want to force transgender people to live according to their assigned gender to fit better into society.

Rather than changing society to be accepting of people who are simply different, those who are different are forced to suppress who they are and hide “behind blue eyes”. This is why suicide rates are so high among autistics as well, 7-9 times the rate of “neuro-typical” people.

We aren’t killing ourselves because we are autistic, we are killing ourselves because the society we live in makes it very clear it is not okay to be autistic, and we have to pretend to be something else. That wears us down.

Those lyrics are not specific to transgender or autistic, the problem exists in general with anyone who isn’t the same as what the social norms demand of us.

No one knows what it’s like
To be hated
To be fated
To telling only lies

The lyrics here expand upon the frustration that is being felt. That I feel. What you really are is something that is hated by the society norms, so you are fated to live a lie if you want to survive in this world. When you no longer can live the lie, you die.

But my dreams
They aren’t as empty
As my conscience seems to be

I have hours, only lonely
My love is vengeance
That’s never free

We have dreams, we have passions, we do not want to become the evil that we are see ourselves becoming as a result of our dreams and passions constantly being crushed.

The crushing of our dreams and passions erodes us, takes away our conscious, we become evil inside and full of a desire for vengeance against those who force our dreams and passions to be crushed just because we do not fit into the world they built specifically to exclude us.

It’s a very lonely existence.

Vengeance becomes our passion, and that is a very heavy price to pay. We would much have our dreams but that just is not possible.

No one knows what it’s like
To feel these feelings
Like I do
And I blame you

A lot of people say they sympathize with us, but they refuse to do anything to actually change it. Things work for them and they don’t want to risk losing that.

They are part of the problem because they allow it to continue instead of rejecting it and demanding change.

They feel bad that people who are different are destined for poverty, destined to a life of constant rejection, but they perpetuate the problem by accepting the society and buying into and even profiting from the very system that is literally killing and squashing our ability to have dreams, taking away all our hope.

No one bites back as hard
On their anger
None of my pain and woe
Can show through

This is something I have personally experienced. I use to be a member of the Enchantrix Empire social network. I guess technically I still am. When I first joined, it was a different sort of place where people were more free to express who they are. Kink communities are often like that, because they see the pain that transgender people go through.

But that community changed and the things I expressed anger at were not the right kind of thing to express anger at in the community. If I was to remain there, I couldn’t let my pain and woe show through because doing so angered other people there. They wanted it to be a superficial community where talking about superficial “ooh baby that’s so sexy” was sufficient, don’t express anything that is controversial or shakes up the view. I would have had to “hide behind blue eyes” to remain there and as much as I loved it there, that was something I just could not do. If I couldn’t be me, then being there was toxic to me, which resulted in me being toxic to others.

Biting back on my anger was damaging me, I could not do any longer, so I had to leave the one place on the Internet that I loved more than anywhere else on the Internet.

I think what happened, as the economy continued to change and LDW raised their rates, less people in the lower social classes can afford their services so they started to leave the Enchantrix Empire leaving it as a place that was more for the upper middle class that financially benefit from things remaining the way they are and they don’t want to hear any opinions to the contrary, the poor are losers that they don’t want.

Also some key Mistresses (like Mistress Ann) who made the Empire fun left the empire, and many other Mistresses stopped coming to the Empire as much, but whatever the reasons, it no longer was a community where I felt I could be who I am.

To remain there, I would have to pretend to be someone other than who I am, not express any of my emotions, and pretend the superficial blue-eyed world was the be all end all. I could not do that.

But my dreams
They aren’t as empty
As my conscience seems to be

I have hours, only lonely
My love is vengeance
That’s never free

Repeated in the song, my earlier comments apply.

When my fist clenches, crack it open
Before I use it and lose my cool
When I smile, tell me some bad news
Before I laugh and act like a fool

Rage poisons us, this is a plea to help tame the rage that results from what we are feeling. We want vengeance, we want to act out violently against the world. At least I do.

Yet at the same time it goes against the very core of who we are and what we believe, yet we are poisoned and lust for it, and want to take pleasure in seeing that lust fulfilled.

That part of the song is a cry for help, to help us keep from letting our rage take over and win, for that would destroy us even further and take our evil to a point of no return where we would no longer be what we are but instead become the very thing we hate – taking pleasure in acts that harm others.

Sons of Anarchy, that’s what happened to Jax Teller, and when he saw that’s what happened to him – he left this world.

And if I swallow anything evil
Put your finger down my throat
And if I shiver, please give me a blanket
Keep me warm, let me wear your coat

Continuing the cry for help.

Putting your finger down someone’s throat causes a gag reflex and regurgitation. It is easy when full of rage to get taken in by evil desires. I believe this is what happened with Che Guevara. I believe he started with good intentions and wanted justice in the world, but he swallowed something evil that poisoned him as a person.

People like me, full of rage, are at risk of that. Those lyrics are a plea to help keep us from going down that path.

And a plea for comfort, because comfort is the only thing that can help us prevent our rage from getting to the dangerous point where it fundamentally changes who we are.

No one knows what it’s like
To be the bad man
To be the sad man
Behind blue eyes

 

AWonderPHP Projects

Okay whenever I finish something code-wise and feel satisfied, this Joan Jett song (cover) goes through my head:

As I mentioned in an earlier post, I have started cleaning up some of my personal PHP classes and getting them on Packagist for composer install.

More than just cleaning up the code, I have been making them conform to standards (I fucking hate coding standards but some people care more about how many spaces you have than what your code actually does) and writing proper unit tests and cleaning up possible errors that vimeo/psalm finds, etc (that tool ROCKS btw)

Here’s a list of what I’ve released in the past few days, and what they do:

SimpleCacheAPCu / SimpleCacheAPCuSodium

This is my interface to the APCu cache engine. I made three major changes to my class to get it ready for public consumption.

A) I ported it to be PSR-16 compliant. If you already are using a PSR-16 compliant caching class, this works as a drop-in replacement for it.

B) I added encryption support via the libsodium wrapper for PHP. The “value” part of your key => value pairs can now be encrypted with a quality modern AEAD cipher suite. The real benefit though is not just with the encryption, but the decryption. You see, cache poison attacks are not possible unless the attacker gets your secret because any cache injection attacks will not decrypt using the 32-byte secret and thus be treated as a cache miss.

C) I split the non-APCu stuff into a separate package, so if APCu is not your caching engine of choice, it is relatively easy to extend what I split off to work with the caching engine of your choice.

The current (as in today) release of SimpleCacheAPCu is 1.2.0 – named “I Got No Answers”.

• Packagist: https://packagist.org/packages/awonderphp/simplecacheapcu
• Github: https://github.com/AliceWonderMiscreations/SimpleCacheAPCu

There are a lot of PSR-16 implementations out there, but none of the others I looked at offer encryption.

SimpleCache

Yes, very similar name to what is above. It is an abstract class that has most of the logic behind what is above, but is agnostic to the cache engine used. If you do not use APCu but use something else, you can extend this abstract class to use the cache engine of your choice. Feel free to look at what the APCu implementation does, it does not require much code.

The API reference at API.md also should help get you started.

The current (as in today) release of SimpleCache is 1.0.0 – named “Androgynous”.

• Packagist: https://packagist.org/packages/awonderphp/simplecache
• Github: https://github.com/AliceWonderMiscreations/SimpleCache

The abstract class provides most of what is needed for a PSR-16 interface compliant cache class, and also provides the libsodium encryption stuff.

FileWrapper

This is the class largely inspired by Princess Andi, or rather, by an issue I found on her blog where password protected content was being leaked because of the piece of shit that wordpress is and how the Yoast SEO optimizer works.

This is a full feature PHP file server, you can use it to do actual checks on stuff before serving files to the requesting client – and even serve different files depending upon conditions.

It supports partial content requests so it works well for serving HTML5 media. It intelligently handles requests for cache life. It sniffs MIME types if needed. It even has the ability to minify JavaScript and CSS on the fly.

This class is what I use on Naughty.Audio to make sure I only serve audios to those who have verified they are adults, so it is well tested.

It does not yet have any unit tests written for it, that is going to be difficult because I have to emulate client / server responses, but it is possible and I will do it.

The current (3 days ago) release of FileWrapper is 1.1.1 – named “Do You Wanna Touch Me?”

• Packagist: https://packagist.org/packages/awonderphp/filewrapper
• Github: https://github.com/AliceWonderMiscreations/FileWrapper

FileResource

This class actually does not do very much, it is the beginning of a much larger concept, the ability to manage third party resources within a web application as objects that can be configured apart from the web application.

This class defines an abstract class intended to be extended for more specific use cases, such as JavaScript or Media files.

The current (3 days ago) release of FileResource is 1.0.0 – named “Crimson and Clover”

• Packagist: https://packagist.org/packages/awonderphp/fileresource
• Github: https://github.com/AliceWonderMiscreations/FileResource

The real beauty of this though is how it will be used by my ResourceManager project, which does not yet have a release but it does have a github:

https://github.com/AliceWonderMiscreations/ResourceManager

That is what will make it easy for web applications to use third party JS/CSS resources the right way. Most currently do not.

Alice Out.

Gender Identity and Alice

All my life I’ve identified as male but I’m not quite male, or rather, I do not fit what society expects a male to be. Growing up in an Evangelical household, Male is what I was. Those were my parts. But I was different than other males.

I thought maybe I was just more in touch with my feminine side than other men, but I that didn’t explain everything.

When I was young, in the bathtub I use to sometimes tuck my genital organ in such a way that it looked like a vagina because I was curious what I would look like if I was a girl.

I remember one telling mom and dad I wanted a doll for Christmas, they thought it was a phase because I was bullied in school and thought I was trying to make friends with the girls who played with dolls because the boys rejected me. Honestly I do not remember what my motive was for wanting one.

In the boy scouts when we did skits, a lot of the skits would have a female character for comedic effect and I would always volunteer to play that role because to me it was fun to pretend to be a girl, and when done for comedic effect it seemed to be socially acceptable.

When I first got into hacking, I used the handle “Living Dead Girl”. Now I use the handle Alice.

Yet despite those things I still identified as a male, a boy.

I do not feel like I am a woman, so I do not believe the term transgender applies to me. There are people assigned “male” at birth who truly are women. They do not just identify as women, I use to say they identified as women but now I believe that is a bit patronizing. They are women, the do not just identify as women. The term transgender I think is a better fit for them than it is for me, because I am not a woman.

I heard that song for the first time yesterday. I love Joan Jett, always have, but I admit I do not have any of her CDs and I had not heard that song before. Turns out it is a cover of a song by The Replacements. I like her version better.

Androgynous – Partly male and partly female in appearance; of indeterminate sex.

A light bulb went off in my head when I heard that song. That is what I am.

Gender is a social construct. I do not fit the social construct of either male or the social construct of female. I have characteristics of both. Outward appearance I do look male most of the time but I confess I do sometimes like to cross-dress and have the appearance of a woman. But outward appearance is just that.

What I am, what I feel like, is a mixture of both male and female. Perhaps more male than female, but that may be nurture opposed to nature that I still need to be freed from, I do not really know.

So What Does This Mean?

I don’t really know. Having the revelation clearly meant a lot to me, that song is musically not her best but it keeps going through my head, clearly the song and the revelation mean a lot to me.

I think maybe it will help me be at peace somewhat, but it does not change how I feel about myself, nor do I think it will change how I present myself.

I’m Michael in meat life, Alice online. I’m a He / Him unless someone refers to me as a She / Her which I never really had any issues with, I don’t really care what pronouns people use with me.

Maybe it will mean more in the future.

My younger sister is the only one in my family that I know would accept this revelation, I can’t disclose it to anyone else, but there’s a lot I can’t disclose to anyone else in my family, so that doesn’t change. I won’t disclose it my little sister because if I did it would risk it getting to my Mom and I don’t think she would take it well.

I guess it means I just keep being me.

The Future of PhoneSex

Image Source: https://pixabay.com/en/users/kalhh-86169/

There is this vision I have. I would say “I have a dream” but I’m not fit to fill the shoes of the man who first said that…

When most guys think of phone sex, they get turned on by the hot fantasies of what they would like to do with the operator on the other end of the line if the relationship was in the realm of meat life.

Okay I confess I do too, but I’m not your typical guy, I get excited at thinking of ways to do the backend better than it is currently done, I mean the web services that exist behind phone sex.

Recently to that end, I have been thinking of better ways to serve content.

Age verification is very important, as is the ability to selectively serve content to customers who deserve something better.

There are lots of solutions to these problems, but what has been musing through my mind is the technical aspects of how the web application itself sees the files being served to the end user.

To that end, I have this very basic class that I think now has everything it needs:

https://github.com/AliceWonderMiscreations/FileResource

It’s an abstract class that by itself does not do anything other than define what can be extended, but a lot can be extended it, and then elegantly served to the end user.

One of the purposes behind the class is to allow web applications to work with resources as objects, but another purpose behind the class is to make it easy to work with PHP as a file download wrapper, and there is a reason for that.

If you are a phone sex operator and you create a blog entry, you probably do not want that blog entry to be in a restricted members only area because your blogs are how you get indexed on search engines and find new customers with fantasies they want fulfilled.

So you might want to have three different versions of an image that accompanies the blog. One version would be a “safe” version that ends up in search engines, on twitter / tumblr, etc. when your page is indexed or shared. Because it has the naughty bits censored out, it won’t get into trouble or result in you being “shadow banned” or other penalties that sometimes happens when a bit of nipple is shown.

But when a user comes to your blog and verifies they are 18 years of age, you want the spicier version of the image shown. And when that user is a really good customer of yours or has paid a special tip, you may want it to be a high resolution version of the image they can download and enjoy in all its full glory.

That is relatively easy to do when you let PHP control which version of the file is downloaded. If the user does not have the “ageverified” session variable set, they get the tame version. If they do have it set, they get the spicy version. And if they have the “preferred_customer” session variable set, they get the ultra high resolution spicy version.

All three versions would have the same URL, it is PHP that determines which image is sent to the user based upon the user’s session ID.

It’s not hard to do, but standardizing a file resource object class will make it easier to do consistently across web applications.

I haven’t started on the image extension of the class just yet, right now I’m actually working on a JavaScript / CSS resource object extension of the class for safer serving of JavaScript and CSS that are hosted on a different server than the web application.

But images / videos / audios most certainly is in the back of my mind.

I’m already doing a similar thing with audios on Naughty.Audio only I am not using a standardized method for doing it, standardizing how I do it will have a lot of benefits and significantly lighten the database load because JSON files can just be created that are templates for the objects that are used when the APCu cached object is cleared from cache, so the database won’t need to be queried as often (the JSON will act as a cache of its own, and with SSD on servers it is very fast that way)

The class at that link may not look like much, but it is the foundation of something big.

Just thinking about my code being used to serve sexy content… damn, I’ll be in my bunk…

Technical Knock Out

That’s what most people think about when they hear the term “TKO” – well, I do not know about most, but at least people familiar with the art of boxing.

“Still a man hears what he wants to hear and disregards the rest” — Meaningful lyrics.

Anyway, to me TKO means something else. It means “Trust No One” – okay, yes, that’s TNO but I always map the “No” in my mind to “Know” because “Know” comes from “Knowledge” and to me, “Trust” is what you do in the absence of “Knowledge” – You do not have to “Trust” when you actually “Know”. My mind makes these odd associations.

Anyway, one of the very first concepts of Internet Security I learned was the concept that trust can be and often is exploited. The less you trust, the better your security is.

But the way humans work, humans are social species and the way you become part of a group is to show people in that group you trust them and don’t need to verify what they say or their actions. Humans crave that kind of trust and are offended when you do not give it, and that cause insecurity to be the norm and causes social problems for me because it is a concept I have trouble with.

Social Engineering is the art of taking advantage the trust humans want to give each other as part of their desire to be socially accepted.

PHP Composer

PHP Composer is a method of installing web applications that is extremely popular and extremely dangerous because it is based highly on trust.

A web application will have what is called a “composer.json” file that lists other dependencies, some of which are optional features of PHP (e.g. the DOM extensions) but most of which end up being class libraries written by other random people.

When the composer install command is run, you are implicitly trusting every single package listed as a dependency.

Not only are you implicitly trusting every single package listed as a dependency, but you are trusting every package those dependencies list in their composer.json file. And every dependency they list in their composer.json file. And every dependency they list in their composer.json file.

You often end up with at least a dozen PHP libraries written by random people that are not listed in the web application’s composer.json file, they are dependencies of dependencies of dependencies.

AND THERE IS NO PROPER VALIDATION.

There is no process of code review that is required for a package to be listed on packagist. There is no process of code review that is required for a package to be updated on packagist. The trust when you install something via composer is completely blind trust.

Packagist implicitly trusts those submitting packages without even the slightest verification of their actual identity let alone what their code does.

I hope I don’t have to explain how fucking dangerous this is.

We have all heard of the big media hoopla over Russian hackers tampering with our elections. This kind of thing isn’t shocking, it’s cake to do because modern Internet tech is extremely irresponsible.

When a programmer is being paid well by a state sponsor to write free software that does useful things, it is much needed money in an age where Google and Amazon and Facebook services are taking away the ability of programmers to otherwise earn.

So when offered money to create free useful software, of course programmers are going to take these offers. The programmer themselves may not even be the ones submitting these useful packages to packagist for composer install.

Then a few months later when something has become popular, it gets updated with the craftily constructed malicious code that often just looks like a bug if found, but is an intentional mechanism to allow remote code injection. An intentional flaw that allows serialized objects to be injected into the web application are a common method.

Do you really think the recently discovered serialized object injection attack and default SSH password in a Cisco security product were accidental? Wise up if you do. Serialized object injection is the latest trend, and a lot of the holes are intentional. The fact that the same product also had a default password makes it even smellier. That was Java, not PHP Composer, but it happens with Composer too – and there is no code review before publish.

But whenever I, Alice Wonder, point this out – I get a technical knock out.

People in tech like to think they are really smart and do not like it pointed out how fucking stupid they are being from a security point of view.

So because I don’t have the social skills to point out these serious flaws in a way that makes the other programmers continue to feel good about themselves, I end up on the outside.

And that is why I no longer want to be a part of this world.

Coming to Terms

Trigger Warning: This post talks about suicide.

-=-

That has been one of my favorite songs since I was in my early 20s, and I bought a Woody Guthrie CD (This is Arlo, his son, singing it. Woody wrote it)

I am not an immigrant, though my mother is (from Germany as a child, she came with her parents shortly after World War 2)

The song though has more application than just the atrocious way our country treats the poor immigrant workers from Mexico. That treatment is just a symptom of the way the economic elite in American Capitalism see the poor.

Like the immigrants in the song, I do not have a name to them. I do not matter to them. I only exist for them to extract money from, and when done extracting all they can, I am no longer of any use, and it is time for me to die. That time is close at hand.

I was nearly evicted just before last winter, and I barely avoided it. Unfortunately what safety net I had is now completely gone and things are not getting better.

I am going to become homeless and when I do, my already poor mental health state will only further deteriorate. I can’t live through that.

I have seriously contemplated committing a premeditated violent crime for no other purpose than going to prison, where I would at least get some medical care, of which I get none right now. Also in prison, the constant financial frustration and daily financial stress would no longer be an issue.

I would make sure the person had it coming to them, but unfortunately the reality is I just don’t have it in me to do such a thing. No matter what it would solve, I would not be able to bring myself to do it.

But I also can not watch myself continue to decline in mental health which will only hasten when I am homeless, so the only solution I will have is to leave this world.

Code Dump

I am going to be cleaning up a lot of my code and getting it up on github for others to use. For my own personal use, my code is not always very clean. The dirty parts don’t matter, they are only problematic if the classes are not understood by those using them, but that’s a lot of people.

The first such class of mine is already cleaned up and available:

SimpleCacheAPCu

I took my existing class for interfacing with APCu and cleaned it up to meet the PSR-16 standard. I also added encryption support to it, you can use it to encrypt what you are going to cache before you cache it, so that if a hacker gets a dump of your server memory (not an uncommon thing) what you have cached is encrypted with a 32-byte secret key using a modern state of the art cipher.

That’s the kind of thing I like to do, but that also is the kind of thing companies do not like paying people to do, because it isn’t eye candy they can profit from.

FileWrapper

That class is a re-write of something I had been using for a few years. There was (seems she took them down, so I can talk about it now) an issue with Princess Andi’s blog where what she intended to be protected content was actually easy for anyone to get, so easy that in fact search engines even had it indexed.

She had some password protected images, but because of the shitty code behind WordPress, the SEO optimizer plugin gives away the link to the images, and WordPress will serve the images even to people who have not entered the password if they view the page source and look at the OpenGraph data – which is exactly what search engines do. Hell even sharing the pages on Twitter resulted in Twitter embedding the images in the tweet.

So I took an existing class I had for acting as a file wrapper for JS/CSS content, and rewrote the class to work with any kind of content – including multimedia with support for browser range requests (where the browser only requests part of the file at a time)

Anyway the way it would work, a .htaccess file would redirect requests for the image to a PHP wrapper that uses the class file. If the user has session data indicating the user has authenticated with the password, the images that are protected would be served. Otherwise it would serve something else. That would solve the problem.

The cleaned up version of the code at github needs further testing but the dirty version I personally use works very well, and I use it at naughty.audio to make sure the user has age verified before playing dirty content etc.

There are several other of my PHP classes I want to clean up before I’m homeless and then depart from this world, but the most important one isn’t written yet.

PHP Resource Manager

The way most PHP web applications handle resources (JavaScript, CSS, images, etc.) is just fundamentally wrong. Especially JS and CSS.

They bundle third party scripts into the web application so they become stale over time. You can go to many websites and have different web apps on the same fucking server all serving slightly different versions of jQuery and all out of date. It’s fucking ridiculous.

I’m creating a concept I call a FileResource object.

The base FileResource object is really just a base for more specific implementations to extend.

Basically a FileResource object will have within it the ability to craft the necessary URI for the web application to insert into its web pages.

So if a web application needs jQuery 3.1 or newer, it will ask the Resource Manager for jQuery 3.1 or newer and the Resource Manager will respond with a JavaScript extension of the FileResource object that contains everything the web application needs to build the script node when creating the web page.

The jQuery URI the FileResource object returns could be a copy of jQuery on the local server, a company server just for hosting scripts, or a CDN. Whatever the system administrator has configured.

One of the nice things about objects, they can (and often do) contain methods.

So for example with the example of password protected images, the ImageFileResource could have a method that takes the user’s session data as an argument – and give out the file location based upon the session data when serving the image.

This concept of mine will hopefully be coded and tested and released to github before I depart.

It’s not an idea I can make money from, the problem is that companies do not want to hire programmers anymore, they want canned solutions. So the only way I can make money from it is if I worked for one of the companies creating canned solutions and that is no longer a possibility. It was in my 20s and I did, but it is not in my 40s, they do not want to hire “old people” who have not “made it” by the time they are 40.

However, if I put the code on github, these companies that make canned solutions will likely incorporate it. They will never pay me for it, but they will use it.

This Resource Manager will be my last major contribution to the world.

Though it probably won’t get used much, web app developers that do make it in the world prefer easy over doing things the right way, and just bundling the resources in the app is easy so they will just keep doing that. Most of them.

But I will put out a solution that does it the right way before I leave.

The Problem

Here is an example of what causes me so much stress and pain:

Really bad month for me

On the 12th I made a purchase that left me with 7.97 in the bank, February was a really really bad month for me, I mean really bad. I need a haircut and I can not get one, I need new shoes but I can not get them, I am eating once a day. I was hoping some funds would come in but they did not, and my safety net is completely gone now, that was eaten avoiding eviction just before winter.

Note the 7.97 balance. I have been eating oatmeal and rice, I have it.

The $12.00 they took out is the “poor tax” that Chase charges you if you do not have enough money going through your account. That caused me to become overdrawn, resulting in the overdraft fee when the $7.00 github payment was taken out.

But here’s the interesting thing:

Chase is crooked

That’s an e-mail I got from chase indicating the $7.00 fee for github was covered, and indeed knowing that $7.00 fee was coming out is why I was so careful to not spend anything when I had $7.97 left in the bank. My plan worked, or so I thought.

I knew the $12.00 charge for being poor was coming out too, but Chase can’t charge an overdraft for that and it always comes out after the monthly github payment.

But Chase in their evil greed to steal from the poor, even though they sent me an e-mail on the 24th indicating my github fee was covered, chose to reconcile the $12.00 poor fee on the 23rd resulting in the overdraft fee that put me way over.

That’s the way the wealthy treat the poor. If they can find a way to fuck us over, they will, and they do it constantly until there is nothing left to squeeze from us.

I can’t keep on living in this world anymore, the pain and stress of being poor is a daily pain and stress and it keeps getting worse and worse and worse and there is no path out of poverty for me. It doesn’t exist.

The only way to stop the pain is to stop existing myself.

My Problem with Employment

There are several reasons why I am not employable.

I am epileptic and it was not completely controlled by medication. That meant no drivers license, which immediately greatly reduces the employment opportunities.

It also means I have a tendency to hit my head (my seizures are big) and being a precondition, no insurance to cover the expensive ER visits when someone thinks they are doing me a favor by calling 911.

Hitting my head numerous times has resulted in short term memory issues, and it also has resulted in issues where I know exactly what I want to say or type but the pathway to get it from my brain and expressed does not work.

When I feel like I am going to have a seizure, I need to sleep or I do have one. That does not work well with employers. I can understand from their perspective why it would not work well for them, but as a result I am poor and will always be poor and just like the immigrant farm workers we pay shit wages to – I am worthless to the economic elite who only judge the worth of someone by how much money they can earn. And fucking Christians, Fucking Christians are the worst because they believe their wealth is because God blessed them so I must have done something to piss off God to not be blessed by him. Jesus wasn’t like that, but fucking Christians are like that.

Atheists are often far more Christ like than Christians.

I’m also autistic and that causes incredible problems with employment. I am not sociable, I don’t see things the same way others do, often am accused of having no sense of humor, and am prone to having meltdowns and people figure that out and do things to things to trigger them for their own amusement which results in me not working out as an employee.

I use to be able to work from home for shit pay but still work fixing bugs and issues people had but that’s all gone now, everything is cloud computing now and Google / Amazon / Facebook services, leaving nothing for people like me.

The message is loud and clear.

This isn’t a world I belong in.

I bought that Don McLean album after I heard “American Pie” on the radio when I was sick during a family trip to Yosemite.

Friends of the family had a cabin there, I ended up having strep throat and almost died (well not literally, the antibiotics worked well enough I only spent two days in the hospital) – but I was restricted to the cabin while family went and saw the scenes.

Anyway there was a radio, and I heard the song “American Pie” – I was 14 at the time, fell in love with the song, and bought the Don McLean album. Vincent though is the song on that album I fell in love with the most.

I get it. I am suffering for my sanity, and I can’t take it anymore.

I’m not an artist like Vincent, but my PHP code, I am cleaning that up and creating that resource manager (that will work much like PSR-4 autoloading for JavaScript and CSS) – that will be my art I leave the world with.

But I could have told you Alice, this world was never meant for one as beautiful as you.

---

Enjoy your capitalism.

It kills those who don’t fit in, and I hope you can find a way to change that.

But I can’t wait any longer for that change to happen, I don’t believe it ever will.