Opinions expressed are your own. The consequences are not.

This isn’t a new thing, but there are more and more professionals (and you may take that word with as much weight as you like) who put this disclaimer on their Twitter page, Facebook or whatever other time-wasting watering hole for trite exists these days. “The opinions expressed are my own and not of my [employer, goat-sacrifice-accepting-deity etc…]” The idea is that no matter what I say, only I should be held responsible for what was said and not the people who help me pay bills.

But that’s not how it works does it?

The truth of the matter is that no matter what kind of disclaimer, warning, magic spell, enchanted stick figure you affix to your name, what you say can and always will be used. For you or against you depends on who’s ire or approval you’ve aroused. Arouse deeply enough in either direction and plenty of it will spill onto third parties even remotely associated with your name.

The internet is a magical pixieland with mounds for domains wherein each cluster of pixies hang out in popular mounds to spew and absorb whatever the firehose of kitty pics and strife that piques their fancy has to offer. [Most] people don’t like drama unless they’re third party observers (there’s a reason TV shows about women who have everything, including plastic faces, bickering over manufactured drama is popular).

The takeaway from all that build-up is simply this: What you say will spill over to who you associate, be it employers, friends or the like. You can choose to blog/tweet/share under a pseudonym (made more annoying lately by Google and Facebook’s real name policies), which is something I’ve decided to give up since Ghostnetworks went bust, or you can avoid any mention of your employer. How deeply it will affect them, as mentioned previously, will depend on who’s taken interest in you and in what form.

There’s a reason the name of my current employer or my boss’ name (who I affectionately refer to as “Boss” on Twitter)  isn’t listed on Facebook (the info is several years obsolete), Twitter or this blog. Unless someone really spends the time and effort to hunt through my information, I can plausibly deny who I work for. Therefore what I express can not only be mine, the consequences for what I say really are limited to myself as well.


So, this happened

That feeling you get when something you shared (and you didn’t even write) suddenly went viral. It’s not always a warm and fuzzy one. Yesterday, I shared a social media failure any company wanting to save face should avoid. Today, I saw something interesting.

Just the day

Just the day

This week. And it's only Monday morning.

This week. And it’s only Monday morning.

And this month. It's still the 8th.

And this month. It’s still the 8th.

Funny thing is that it hasn’t stopped. People are still Twooting, Bookfacing and the like. I just glanced my feed and it’s being shared in Germany, Switzerland, Sweden, Russia, South Africa and even Saudi Arabia.

I need a coffee!

Update: 4:30PM

Looks like Salon picked up the post as well.

Dear David Cramer: You’re not the internet

Yesterday, David Cramer and a bunch of other people, who may go on to teach their children how to end civilization, decided to be an ass for no particular reason other than… well, it’s what all the cool kids do. Also, if you’re not needlessly rude about other people’s work you’re not a programmer… or a man, apparently.

Because grep and sed fit into every concievable situation. Situations inconcievable by David, don't exist.

Because grep and sed fit into every concievable situation. Situations inconcievable by David, don’t exist.

Mind you, these folks had no idea what that particular bit of code was for, where it was being used, how it was being used and any of the other million reasons why it exists. Granted, considering the medium of Twitter, it’s hard to be detailed on exactly why or what’s wrong with the said bit of code, but it would have been nice if he and the others bothered at the time.

Now this wouldn’t be so bad except the others, which IMO went quite a bit far and were in fact worse, have already apologized. Quite the opposite in fact, David became the Internet.

I'm not an ass. I am the Internet!

I’m not an ass. I am the Internet!

I’m sure she’s not mad people disagree with her. If David had read her post, he would have known this. This is about how you say it, not what you say.

Freedom of speech, David — I’m sure you’re thinking of right now — is not freedom from consequence of that speech. I.E. You can be an ass all you want and say things (short of unprotected speech) all day and night, however that means everyone else gets to call you an ass for being one.

ID Obfuscation Part II

Last week, I wrote a simple function for obfuscating a string that can be used to shorten URLs. I got a few emails from people who would actually like to obfuscate an ID key (E.G. a numeric primary key) of a large size (E.G. a PostgreSQL ‘bigserial’ type which can go up to 231). So many examples out there, but they seem convert the input to integers first, which can lead to loss of precision, especially in PHP.

I use Postgres too and I’ve moved around the big number problem by appending a random digit or two to the front and then encoding the whole thing. So when I need the original, I just decode it and remove the front digit(s). This does two things: It obfuscates the ID (no one needs to know 10001 and 10002 are neighbors) and makes sure each one is unique as long as the key given to it is unique. Of course if it’s a primary key from a database, you won’t have to worry too much about uniqueness; it already is. And since I’m always appending the same number of digits as I’ll remove when decoding, it doesn’t matter how large the number gets.

So here’s a function that will create a shortened ID from a given numeric key in PHP :

public function ConvertKey( $k, $create = false ) {
	$range = str_split( '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' );
	$il = strlen( $k );
	$cl = 62; // count( $range ) is redundant;
	$out = '';
	// Get number from key
	if( $create ) {
		$out = 0;
		// Letter/number to array key swap
		$a = array_flip( $range );
		for( $i = 0; $i < $il; $i++ ) {
			$c = $k[$i];
			$n = bcpow( $cl, $il - $i - 1 );
			$out = bcadd( $out, bcmul( $a[$c], $n ) );
		// Strip front two random digits (appended below)
		$out = substr( $out, 2 );
	} else {
		// Append two random digits to the front
		// (NOT added, just attached to the front)
		$k = mt_rand( 10, 99 ) . $k . '.0';
		do {
			$c = bcmod( $k, $cl );
			$out .= $range[$c];
			$k = bcdiv( bcsub( $k, $c ), $cl );
		} while( bccomp( $k, 0 ) > 0 );
		// We worked from back to front
		$out = strrev( $out );
	return $out;

You can test this out by sticking it in a loop :

for( $i = 5000; $i < 6000; $i++ ) {
	$kConverted = ConvertKey( $i );
	$kOriginal = ConvertKey( $kConverted, true );
	echo $i . ' - ' . $kConverted . ' - ' . $kOriginal . '<br />';

Of course, you’ll need to keep in mind that the generated key will be different each time you run it, however the end result after decoding will be the same.

I also wrote a post on encryption with… *ahem*… colorful comments and, thankfully, most people stuck to the actual code itself when contacting me about it. Yes, I did change the encryption mode from CFB to CBC. CFB doesn’t need padding so I wasn’t lying about the sleep-deprivation. Thanks to those who wrote to me about it.

An ID obfuscation function that fits into a Tweet

If you’re bothered about long IDs in your app or want to shorten existing large number keys, there are many examples on the web that take your numeric ID and perform some witchcraft with a bunch of numbers, letters and a database to turn something like http://www.mydirtysocks.com into 3Q8zk. What’s basically happening is that the URL is stored in a database and a unique key is generated for it (usually by using the ID field of the table). Some services check if the URL already exists and, if it does, returns the existing key.

When someone visits the shortening service with the key, the serivce looks it up and redirects you to the original URL.

The basic premise of shortening is that once you’ve exhausted numbers 0 – 9, you then move on to a – z and then A – Z. So instead of a character pool of just 36 with numbers + lower case letters, you now have a pool of 62 to represent a long ID. This is almost never why people use these functions and most don’t care that their ID is shorter.

What they’re really using it is for hiding that ID 10001 came before 10002 and for this, a lot of the shortening mechanisms out there are severely overkill. And then there’s the fact that because you’re using both upper and lower case letters; if some genius decided to turn all uppercase letters in a URL to lowercase in their forum/blog/email-service or some other kitchen sink application, your whole shortening scheme is hosed. This happens far more often than you think.

If you just wanted to generate a unique key (provided the original ID was unique) instead of showing the original ID, then there’s an alternative that’s exactly 140 characters. I checked :

All this does is take that initial ID in string format, split it into 9 character chunks, generate a CRC32 hash of each chunk, convert it to base 32 (the maximum value allowed for the base_covnert function in PHP) and append to the output.

Of course, if you want a more nice-ified version of that…

function shortenID($k){

	$p = str_split($k,9);
	for( $i = 0; $i < count( $p ); $i++ ) {
		$out. = base_convert( crc32( $p[$i] ), 16, 36 );
	return $out;

Now, generating the ID is only half of the implementation. Since the hash cannot be reversed, you should generate it once for that particular ID and store it in a separate field in the same row of the DB table. This is what almost all URL shortening services do, but of course, they use that upper and lower case character malarkey.

Of course, if you do still want that malarkey, Lalit has created a class that does it too. Stop searching now and go download that class.


Please try to be sane with your URL shortening shenanigans. It’s really quite stupid to shorten an already short URL, not to mention very irritating.