Jamie Thingelstad

Pro Tip: Small business owners, don’t name your WiFi the same as your business if it’s not open to customers.

Three years ago my friend, mentor and former professor John Riedl shared the news with our book club that he had been diagnosed with cancer. Melanoma. He spent the last three years fighting it. He did it all right, as the scientist he was. He was able to try never-before tested treatments. He adopted a vegan diet. He was strong and vital. He was optimistic, as always, and we were all optimistic for him. In the last month things got much worse very quickly. Yesterday I joined well over two hundred others in celebrating his life and spirit at his funeral. It was a perfect ceremony for a man that was loved and admired so much. I would like to share the story of how I came to know John.

Hackers v. Crackers

I started at the University of Minnesota in 1990. So did Dr. Riedl. 1990 was his first year as a professor in the Computer Science department of the Institute of Technology. At some point during that year the Minnesota Daily wrote a big exposé article on how bad hackers were. They were supposedly breaking into every computer system around, stealing credit cards and doing illegal things. I was fairly fresh from reading Stephen Levy’s fantastic book Hackers and I took great offense at this article. See, hackers are exceptional software developers (aka coders). People that break into computers? Those are crackers. A completely different type of software person focused on compromising systems, both technical and human.

I read this article and it got me all worked up so I sent a letter to the editor telling the Daily that they got it all wrong. Their hacker article was wrong and should have used the term cracker. This is clearly a semantic battle that never was. I don’t think anyone used the term cracker for people that broke into systems much after that point or even before, but I was principled.

The day after that letter ran I remember getting a phone call in my Frontier Hall dorm room. I picked it up and the guy introduced himself as Dr. Riedl, in the computer science department. He mentioned that he and Dr. Carlis were going to write an opinion piece on the article the Daily had published and wondered if I would mind if they quoted me. I have no idea why he thought he needed to ask, but he did and I stammered out “Sure” at some point. We chatted briefly on other University stuff and he ended by saying that “If I ever needed anything, feel free to stop by.” I said thanks and looked forward to reading the article.

Losing Unix Access?

A while after the article I was facing a problem. In 1990 when you took a Computer Science class you were given an account on the Unix workstations. However, that account was provisioned for the class you were enrolled in. So, I had an account but it was going to disappear when the quarter ended.

This was traumatic for me. You see, I had discovered Unix and it was like an entirely new world of technology had opened up. Actually, it wasn’t “like” that, it specifically was that! I had discovered IRC and was chatting with people around the world. I was FTP‘ing to servers at other Universities. I was building software on my own. This was amazing! And it was going to go away when my class ended. So, I went to see Dr. Riedl.

I went to his office and explained my predicament. His response? He put me on his graduate research team. This is the team that eventually became GroupLens, but I don’t think it had that name at that time. I went from hoping to get an account somehow to getting 24-hour access to a lab with dedicated machines, and a permanent account on a handful of SunOS workstations. I was in heaven! I was also a clueless freshman that couldn’t do much beside help with testing the stuff the grad students were working on. While my friends were going to parties on the weekend, I was heading to the graduate lab in the CSci building to explore the systems and software, and very importantly the pre-web Internet. I spent hours there just learning and learning. (To be clear, access to the computer lab was clearly not the only thing that kept me out of the social scene on the weekends. 🙂)

Go and Build Things

I learned so much in the CSci lab and loved being able to ask grad students questions that probably drove them a little crazy. It turns out I liked that a lot more than going to my other classes. Both Dr. Riedl and Dr. Carlis recognized that I knew the technology, but didn’t seem to be ready for all of the college experience. They both opened the door that maybe I should go and work in industry for a while. Maybe I would come back to the University, or maybe I wouldn’t. And that is what I did, and I never did end up coming back.

I lost touch with Dr. Riedl for a while. To be fair, we were both crazy busy. He took a break from the University to start NetPerceptions and had a wild ride. I was busy building BigCharts and then growing MarketWatch. Years later, after he had returned to the University I reached out to get lunch and we had a great time catching up. We stayed in contact for a long time after that. He graciously invited me to speak at the University of Minnesota a number of times, including being the keynote speaker at the Computer Science departments annual open house. He also gave a nice quote for me when I received the Forty Under 40 award.

Book Club

In late 2007 I got an email from him about a book club. 17 years from when we first met, wow. He mentioned that he was part of this small book club of geeky guys that liked to read about technology topics, and strayed off topic as they wished. Honestly, I wasn’t much of a reader at the time but the idea of reading books with a group that included John Riedl was far too much to pass up on. I joined without hesitation.

John was a voracious reader I realized. That shouldn’t have surprised me given his scholarly and scientific background. He was also a great person to discuss books with, as are Tom, Erik and Dan, the other members of the club. I count myself truly lucky to have shared a book club with John for 6 years. I’ve come to recognize it as a unique experience. Reading informs oneself, and reading together over the course of many years, brings you together and allows for raucous and challenging conversations. As Tom said in a reference to the club and John, “For years to come I’ll read something and think ‘John would really like this.’”

The world is worse off without John here. He was a brilliant man, mentor and teacher who had such an impact on my life. And you know what? I wasn’t alone. I’ve heard many stories like mine of people who’s lives are substantially better due to their interactions with John. At his funeral, the common refrain was how much of a mentor he was. My condolences are with his wife Maureen who I got to read a handful of books with as well in our members + spouse meetings, and his children Eric, Karen and Kevin who I really only know through the annual Christmas letter, but all seem to be incredible individuals in their own right. No surprise there.

Related links:

• John’s obituary
• John’s CaringBridge site
• Researching collaboration for a better world post from Wikimedia Foundation
• John Riedl Memorial Celebration
• Obituary: U’s John Riedl was pioneer of recommender systems

Researching collaboration for a better world: John T. Riedl (1962 – 2013) ← My professor and friend John Riedl honored by Wikimedia.

Great crowd at Minnedemo tonight.

Made a super simple MediaWiki extension for parsing URLs.

Might as well cancel 5am alarm and just get up. Upside is time to make coffee.

40 minutes at the Apple Store and $149 later I have a new piece of glass in my iPhone 5. All better now.

Ugh. Just shattered my iPhone screen. 🙁

Time to head to the Apple Store tonight.

This method of using Questy Captcha has been defeated by some spammers. Please check out my updated dynamic Questy Captcha method. MediaWiki websites are often plagued by spammers. It’s annoying in the extreme. If you setup a blank MediaWiki website and do nothing it is likely that within a couple of weeks your site will be found, and in a matter of days you will have thousands of spam user accounts and tens of thousands of pages of spam. There are a number of ways to stop wikispam. I tried using Recaptcha to little benefit. I still got a large number of spam registrations on my publicly available wikis. I’ve found the combination below to be incredible efficient.

I started to use QuestyCaptcha which is a plugin for the ConfirmEdit extension (WikiApiary) which uses a simple question/answer paradigm and that worked well. However, the hard part with Questy is figuring out what questions to use. Particularly if your wiki is global, you need to avoid using questions that are specific to one culture or location, or even language. What color is the sky? Well, in what language? For WikiApiary I want to make sure that people from anywhere are able to register. I started with simple questions, like “What is the name of this website?” but that was quickly defeated and spam registrations started showing up. What to do?

I decided to see if QuestyCaptcha could accommodate dynamic questions and it can! So, the first thing I did was decide to use a question that required someone to know something generic, but could also be easily found with a single click on a URL. My choice was to ask about the GMT time, because if you search for “gmt time” on Google, it tells you the answer. The PHP function gmdate will also give the answer. So I created two questions that asked for the day of the week and the hour (24 hour time) at GMT, and provide hyperlinks to the answer. This worked great!

Then I decided to go a little further and ask a very dynamic question. This time I generated an 8 character random string, and ask the user to identify one of the characters in the string. No language issue! No culture challenges! Simple. Here is the code for both of these solutions as it would appear in your LocalSettings.php file.

# Let's stop MediaWiki registration spam
require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );
require_once("$IP/extensions/ConfirmEdit/QuestyCaptcha.php");
$wgCaptchaClass = 'QuestyCaptcha';

# Set questions for Questy
# First a couple that can be answered with a linked to Google search
$wgCaptchaQuestions[] = array (
    'question' => "What day of the week is it at <a href="http://google.com/search?q=gmt+time">Greenwich Mean Time</a> (GMT) right now?",
    'answer' => gmdate("l")
);
$wgCaptchaQuestions[] = array (
    'question' => "In 24-hour format, what hour is it in <a href="http://google.com/search?q=gmt+time">Greenwich Mean Time</a> (GMT) right now?",
    'answer' => gmdate("G")
);

# Now a more complicated one
# Generate a random string 8 characters long
$myChallengeString = substr(md5(uniqid(mt_rand(), true)), 0, 8);
# Pick a random location in those 8 strings
$myChallengeIndex = rand(0, 7) + 1;
# Let's use words to describe the position, just to make it a bit more complicated
$myChallengePositions = array ('first', 'second', 'third', 'fourth', 'fifth', 'sixth', 'seventh', 'eighth');
$myChallengePositionName = $myChallengePositions[$myChallengeIndex - 1];
# Build the question/anwer
$wgCaptchaQuestions[] = array (
    'question' => "Please provide the $myChallengePositionName character from the sequence <code>$myChallengeString</code>:",
    'answer' => $myChallengeString[$myChallengeIndex - 1]
);

# Skip CAPTCHA for people who have confirmed emails
$wgGroupPermissions['emailconfirmed']['skipcaptcha'] = true;
$ceAllowConfirmedEmail = true;

After putting these in place I’ve had nearly zero spam registrations (1 or 2 were clearly done by a human testing it). Now, can this be broken? Sure, easily. But not nearly as easy as static questions that could be harvested by a person and then put into a tool to automatically create accounts. In order to attack me, spammers would have to write a special handler that dealt with the randomness of the questions. This is very unlikely.

Feel free to use these examples, or, use other dynamic question/answer combinations. It’s not obvious that this type of configuration works with QuestyCaptcha, but it does and it allows for very powerful spam blocking.