If your email address is guessable, or if you've ever made it public in any way, you're painfully aware of the massive uptick in pump & dump stock spams over the past couple of months (seemingly growing in quantity by the day).

I'm now receiving about 150 P&D spams in my inbox per day, added to the hundred or so spams trying to sell goods or services. And for those who will ponder, no I don't obfuscate my email address, and I have shared it publicly, however that should no more invite spam than an un-niqab'd woman invites rape.

Despite two heterogeneous layers of spam defense -- an email server spam detection system, and the spam defense in Outlook 2003 -- several dozen make it through to my inbox daily, as the spammers have adapted to bayesian filtering and are using new techniques to circumvent the filters (and I can hardly use a whitelist given that many of the people who contact me are legitimate new contacts who I haven't emailed before).

Spam relay blacklists no longer help much because the majority of spam is coming from mom and pops, their high-speed equipped home PC nefariously and unknowingly acting as a part of a massive worldwide botnet, relaying the latest pump&dump target emails by the billions from points across the globe.

Not only are legitimate emails getting shrouded in the haze of spam, the computational and bandwidth requirements to move all of this garbage -- especially now that spammers are resorting to embedded images -- is enormous. Extrapolate it out, things are looking very grim.

And what an ingenious target for spam, really: Spam to sell a product and inevitably people can track you down, because somehow there has to be a method of getting money to the spammer (or the person who paid the spammer). Spam to boost some irrelevant penny stock, however, and no such direct connection needs to exist, and the monetary path is masked by the cloud of the world capital markets (which makes me wonder if money laundering occurs through the same penny stocks. It isn't hard to envision scenarios where the market could be gamed, particularly among low-end unnoticed stocks, to elicit a loss on one end and a profit on the other).

Of course, the P&D scam isn't new: Buy some penny/low-capitalization stock (where a small amount of activity has a significant market effect). Talk it up as much as possible. Sell to a late comer. Laugh all the way to the bank. It really is a classic pyramid scheme, because once the flow of new suckers stops, the crash occurs. Sort of sounds like the .COM stocks in 2001. 

This technique has gone on in usenet newsgroups, or forums, and even by industry heavyweights who give credence to a stock they want to inflate and dump. Doing it through thousands (millions?) of compromised PCs, however, is new.

And the common analysis that I've seen of P&D completely misses the point in my opinion: I don't think the spammers truly think they're going to fool people into thinking these are great investments, but rather they're trying to fool people into thinking that they're fooling other people into thinking these are great investments. They're trying to entice Joe Clever into thinking "Ah...now they're pushing XYZ, and surely a bunch of suckers are going to buy into this nonsense...so I'm going to put $1000 in just to capitalize on those later suckers!" Of course everyone is thinking the same thing, until eventually it collapses on itself and the latecomers end up at an empty table when the waiter arrives with a hefty bill. Alternately it's commissioned work on behalf of insiders who want to cash out some holdings during an upswing, but I find the scenario of completely uninvolved 3rd parties more believable (again because the whole P&D scheme is founded around anonymity and disconnectedness)

It's a monetary game of chicken.

So without much further ado, let me present to you the current target of the game of financial chicken (if only I'd have listened to the wise words of P&D spam! I'd be rich I tell ya!). Since early this week I've been getting a ridiculous number of spams pushing SBNS.PK. Here's how it looks in the 5 day graph (this is up to date, so if you're looking at this entry in the future, it will not make much sense as the spammers will have moved on, the stock likely crashed). It looks like this pyramid is about to fall.

Given that the original spammer almost certainly bought in before starting their pump campaign, this represents a massive potential profit, so expect this to finance the massive next wave of stock spams, and R&D in evading spam filters.

UPDATE: It looks like the P&D target for the following week or two is SRRL.OB, another low-to-no volume bottom feeder. Notice the stocking up that took place in the latter half of the day, could it be the spam-master loading up before the run?

<>

NOTE: If you run an email server, before you bounce a castigating "SPAM FROM YOUR DOMAIN HAS BEEN REJECTED!!!!!" email, check if the domain has an SPF record. If it does, and the spam that claims to be from said domain doesn't come from an approved IP, save the reply. Along with the hundreds of spams a day, I'm also getting assaulted by a hundred or so message bounces/rejections per day because spammers are forging "@yafla.com". Don't pollute the net even more with illegitimate bounces, making the problem even worse.

A Coding Mercenary

I'm in it for the money.

Don't get me wrong: I love software development. I love finding the smallest, most elegant solution to a problem (I become truly giddy when speaking of the most elegant code structures). I love embracing and exploiting new advances in the industry. I love refactoring code towards perfection.

I love solving people's problems and making systems better and doing neat things and being respected and thought of as intelligent.

Yet in the end, what matters to me most is the compensation: The wage, the bonus, the equity, the benefits. And then some.

There, I've gone and admitted it. Now I'm just a coding mercenary, right?

A Mercenary Against Misleading Rhetoric

Contrast that with the recent claims that there are Nine Things Developers Want More Than Money, or that money is a bad motivator, or that "One thing that programmers don't care about...They don't care about money".

This we-don't-want-no-stinkin'-money thing is becoming a bit of a meme, both by those with the fat wallet who want to keep as much as possible, trying to convince you that you should agree, and developers who want to demonstrate that somehow they must be really good and passionate and great because, they claim, they don't care about the money. Somehow their lack of greed, we are to believe, must make their work more pure. 

I call shenanigans.

Some who claim that they aren't in it for the money are outright lying through their teeth: Instead of rich compensation up front, they're hoping that a short period of poverty will be followed by an embarrassment of riches and influence. You can find this in many startups and open source projects where pseudo-idealistic developers will give the speech about how little money matters, but eventually will detail how their labour of love is going to net them millions months down the road. That's a story that I've heard play out far too many times, and it's just entirely disingenuous and misleading.

It's common for developers (and even just pundits) in the open source market to build as much namespace as they can. Often it pays off, and they get recruited into lucrative senior positions at megacorps, making lucrative dough acting as a bridge to the open source community.

It's like giving a moralizing speech about the irrelevance of money while waiting your turn in the lottery ticket line.

Others are basically young and naive (and usually just out of college), believing that the project they're working on is for the greater good, or that unspoken or vaguely promised compensation will pay off big-time later (again the short-term "money doesn't matter!" creed is a facade of selflessness). They're often the  backend developer working away developing the product, and then getting punted when it hits the big leagues.

"Sorry, gus, but we just sold out to MegaCorp, and they're going to port the data over to their platform and migrate the user list. You're not needed anymore."

Then there are those who truly in it for passion alone. This is a very rare individual, and while many try to present themselves as this sort of person, they are astonishingly rare in real actions and motivations.

Money Is More Than Just Paper

Money is freedom.

A John Carmack interview -- one of the best developers this industry has seen -- from back in 2000 has always stuck with me-

John: I have sufficient money that I don't need to work anymore; I really don't have to. That's a nice freedom, the freedom from anyone having the ability to have any leverage over you, as long as you've got the money to take care of yourself and you aren't wrapped up in having more and more money. There are a lot of people even though they have a lot of money, they can still be manipulated by the carrot of having more money.

His money is the freedom to do what he wants, when he wants to. It is the freedom to say "screw you" to excessive demands (John works overtime because he is so into it, not because someone hangs the axe of job security over his head), and to have the mobility and versatility that such financial means bring.

Many will read this far and see a seeming contradiction in what I just quoted: Isn't John saying that the benefit of having so much money is that he isn't manipulated by the carrot of money, while I'm advocating basically being enticed by said carrot?

Exactly.

The difference is that John is already there, contrasted with the reality that many of us not there are fighting to pay the monthly bills, desperately fearful that we demand too much or present the image of underworking or ask too many questions.

Many developers aren't seeking the carrot of money, but rather they're threatened by the spiked-tipped bludgeon that is the lack of money (aka loss of job). If you think people do the wrong things for extra money, realize that they do far, far worse to avoid the lack of money.

The goal of amassing net wealth is the freedom and confidence that comes with the ability to control your own destiny. It's the ability to live in a nice home, and have children if you want (without desperately clutching onto whatever spin comes out claiming that the lack of choice is a benefit), and actually take a couple of months to go traveling if you wanted. It's the ability to decide to start a business, and to have the leverage and means to do it with minimal stress or risk. This was tip #3 in "5 Tips for Enjoying the Software Development Profession".

And most any activity is much more enjoyable when it's optional. It can be fun "slumming" when you're wealthy, or working in the soup kitchen when you're volunteering, or cleaning garbage on Earth day, while none of those are quite as enjoyable when you have no other choice.

[It should be mentioned that income alone isn't enough, and those who are cursed to spend more than they take in will forever be running to stand still (or go backwards), but I'm speaking to those who have reasonable financial knowledge to efficiently use wealth for quality of life while maximizing their leverage in doing so]

Of Course Money Isn't Everything

This isn't to say that other things don't matter, and I'm not saying that I'd sit on a slimy rock in the pouring rain punching in market numbers for 16 hours a day if it paid well. It also doesn't mean that I'd risk future earning potential working on outdated platforms or working on trainwreck projects or acting as a maintenance programmer when some middle managers sell the executives on the idea of buying an outsourced insurance platform. Yet the importance of compensation can't be underestimated.

It does mean that I'll happily do jobs that aren't sexy or glamorous or superficially interesting (I say superficially because most any programming task of consequence can be challenging and interesting if approached in the right way. Just because it's a P2P app or a first person shooter doesn't mean that it's going to be interesting or rewarding work, just as it isn't intrinsic that Wall Street/Bay Street apps B2B are going to be monotonous, unchallenging, or boring). It doesn't mean that I'll do work that is criminal or morally repulsive.

Watching Out For #1

All I'm presenting here is a bit of a counterpoint, and a bit of advice: Look out for #1, because that's exactly what many of the people you are dealing with are doing (and of course #1 to them is them). Make sure that equity positions are solid, and that the financial rewards align with the risks. Make sure that you're paid enough that you can build enough cushion that you don't become a financial slave, easily controlled and abused.

My wife and I decided to make some completely home-made pizza last night. The closest we'd come before was store bought shells and store bought sauce.

We found a sauce recipe we liked and I made that, and we found a dough recipe that looked good and tried that.

First time in the dough was a disaster. Whether the internet sourced recipe was a dud (which is unfortunately too common. Speaking of internet recipes, many try to immortalize themselves by modifying a common recipe slightly, adding their surname on it -- e.g. Dennis' Pizza Dough -- and casting it as their own. Just an observation there), or one of the ingredients was wrong, a mess emerged from the bread maker's dough cycle.

It was getting late (remember that the dough cycle takes 1 hour 45 minutes), and the easy option would have been to run to the store and buy a premade shell, but inevitably that would have meant that we would have soured ourselves on home-made dough. So instead we gave the kids something different for dinner, found another recipe, and tried again. This time the results were much better, and now we can modify the recipe to make exactly, precisely the dough we want. Wonderful. I can't wait to try all of the possibilities (and we'll probably make it tonight as well. I'd love to try a calzone as well)

We got back on the horse after it kicked us off.

The same thing happened when we tried making Nanaimo bars. Time after time the chocolate/egg mixtures started terribly clumping into a disastrous mess, but we kept trying. Eventually we got the right speed and temperature, and made some amazing little treats, opening up lots of options for us in that realm as well.

Edward Tufte's Beautiful Evidence: Wonderful book. Highly recommended.

Every month or so, an anti-XML screed tops the rankings of sites like Digg. Thousands of users signal their agreement in a deafening clattering of keystrokes, emboldening the mighty warrior who dares to take on the cure-all, solve-all Goliath that is XML.

"XML is an ill-suited, jack-all-all-trades master of none overly-complex distortion of SGML!" they proclaim.

But why? Why the XML hate?

What did XML ever do to them?

Not All Technical Debates Are Actually About Technology

My cynical side wonders if some of the hate might be interpersonal issues disguised as technical conclusions.

In the latter half of the 20^th century I was cursed with a pestering colleague -- a rather annoying sort who would spend weekends and evenings desperately working on a solution to try to outshine my deliverables, always demonstrating his proposal with the proclamation that he "did it in a few hours". This colleague suggested that I consider XML as an HTTP-delivered data stream between our own proprietary systems (an aggregation system and field collection systems).

I laughed him off, and began the process of inventing a long list of reasons why his suggestion was idiotic. "Imagine the bloat of XML!" I thought (sidenote: It would have been highly beneficial if the very first XML spec included basic, well-known and well-proven compression as a standard, optional element of XML. The SVG spec writers saw the value, as has Microsoft with their Office 2007 Open XML format. It would have been beneficial if every parser and library and validator automatically knew how to deal with compressed XML, without having to shoehorn additional, obvious steps around it)

"Our systems would grind to a halt trying to build and then deconstruct XML documents on each end!" I worried.

A few months later the project was implemented. It used XML. The agility that XML brought to both sides of the process offered convincing flexibility, and it was certainly the right choice for that project.

Perhaps I'm projecting, as us humans are prone to do, but I wonder how much of the XML-naysaying was motivated by a coworker or PHB who proposed XML as a cure-all for some corporate need, instantly creating XML opponents.

Of course I'm not trying to propose that all XML opponents are just trying to undermine a coworker: There are a lot of people with carefully thought out, well-supported arguments for their position, and who are opposed to XML being implemented where it would be a terrible decision. It's just that I think there's quite a few of the former sort as well, making me mildly suspicious when someone comes out, guns blazing, against XML.

For those on the fence I had considered authoring a detailed explanation of all of the strengths and weaknesses of XML, but there are already countless comparisons of that sort already out there (albeit usually being written to push an agenda that either XML is the silver-bullet of software development, or that it's a terrible mistake that needs to be corrected). Instead I'll simply end with a couple of simple points.

• "XML" is a stack of related technologies. It is the leveraging of layers of this stack (such as the many brilliant, high-performance parsers and authoring tools, and the comprehensive XSD to document, communicate and validate concise, strongly-typed document formats) that presents the greatest benefit of XML.
• . . .yet you don't have to use all XML technologies to use XML. You don't have to touch namespaces, or XSDs, or XQuery, or XPath or XSLT or ISO 8601:2001 or DTDs or any other XML-related technology to embrace XML. Really. Simply nesting a couple of elements, and intelligently choosing attributes, really is XML. Really. And it already takes advantage of the tremendous agility the document format offers. Too many XML beginners are turned into adversaries after being presented a seemingly endless array of acronyms and languages in the XML gamut, often with so little specific information that it's difficult to determine what holds value for a particular project and what's just adding noise to the process.

[This post authored in Word 2007]

In the early days of instant-messaging, ICQ dominated. They had a huge user-base for the period, luring even more in with a rapidly evolving application featuring a market-leading array of features and functions (despite the fact that they had one of the most polluted websites on the net. Worse than even Excite after they went all crazy. Trying to find the latest release or how to reset a password, among any other normal use, was an exercise in seemingly intentional obstructionism).

I used ICQ. Everyone I knew used ICQ. IM was pretty much synonymous with ICQ.

While the people behind ICQ were guilty of forever calling it a beta (a product in wide "production" use is not a beta regardless of any exculpatory, defeatist-shrug labels are affixed to it, and that misnomer needs to be eradicated. At least Flickr made light of it by calling their production a Gamma version), it was very usable, relatively lightweight, and earned its position in the marketplace. It also allowed offline messages since early on, which is a feature that some IM networks still don't offer (usually under the premise that offline messages should be facilitated by email, which would be similar to email refusing to send a message if the recipient is available, forcing you to phone when that option is available).

As ICQ took the market by hold, paranoia was rampant that ICQ was just about to start charging for the client, or per message, or that it'd become infested by pop-up ads, and so on. It just didn't seem to make sense that they offered so much with no obvious revenue model.

Then they were bought out by AOL for a staggering $287 million dollars ($410 million if performance hit targets), proving that they had a brilliant revenue model after all.

In the wake of the purchase, some users stuck with ICQ, or they migrated to AOL's client, but I suspect a huge number of former ICQ users took the opportunity to investigate alternatives. Clearly many moved to MSN. AOL of course was already growing their own userbase, obviously catapulting off of their captive audience (similar to what Microsoft did with Windows Messenger)

I now mostly use Miranda IM or Gaim, connecting to several IM networks, and the majority of users who used to appear in the ICQ list now appear in the MSN list, with only a very tiny number of holdouts. I've never heard a later newcomer to the IM field mention ICQ, much less even know what it is or was.

While ICQ still technically exists under the umbrella of AOL, it's a small and relatively inconsequential niche considering its early complete and utter dominance. Perhaps such a fate was inevitable against competitors who could "cross-sell" IM with one of their other products (be it the operating system or the ISP), and the $400+ million dollar bounty was a mighty fan cash-out.

When I was a young buck in jr. high, I was recommended for, and eagerly agreed to, Junior Achievement. It's basically a geek club for prospective future pointy-haired bosses: You do an "IPO", selling shares to friends and family, and then plan and make (or acquire) some craft or spice rack, foisting it on family and relatives. Then you celebrate your profits. Or, if I recall correctly, you distributed the profits to the shareholders (who were generally the same people you sold the product to).

I don't believe any of this was overseen by the OSC (Ontario Securities Commission. Much like the SEC, but most of the power here lies at the provincial level).

Normally you do this program once, leaving room for future leadership-hopefuls to learn from it. There was a long list of kids hoping to get in, so it's not like they needed chair fillers.

Our first order of business was voting our "leadership committee". I decided that I'd go for one of the positions -- we're there to learn management and business administration, I thought, so it seemed the right thing to do -- so I went for procurement manager or something similar. Remember that you operate under the guidance and direction of local business leaders.

That's when us green recruits discovered that a group of individuals had returned to the program up to 4 times in a row, and were very chummy with the bona fide adults who led our group. For every position there was someone who'd done the same position multiple times, going up against the green recruits.

Despite the fact that I got significant popular support (my petition to the crowd was that I should be voted in because I was new to it, a message that really appealed to the audience. It's hard to be a tyrant in a real democracy, and this group seemed to be clamoring for noob representation), after taking the write-in votes outside and tabulating them, the two adults leading the program returned, ballots having been discarded, to proclaim that the existing incumbents were once again reelected.

What was left for the rest of us? Well, we got to do the manual labour, and we got to try to sell this stuff to people we knew.

We got to bask in the glory of our leadership team.

Nah.

I never went back. If they were using my ball, I would have taken it and gone home.

I've always pondered whether I was a sore loser, or whether this particular program was misrepresented. I lean towards the latter.