Planet Russell

,

Planet DebianNorbert Preining: Kobo Glo and GloHD firmware 3.17.3 mega update (KSM, nickel patch, ssh, fonts)

I have updated my mega-update for Kobo to the latest firmware 3.17.3. Additionally, I have not built (and tested) updates for both Mark4 hardware (Glo) and Mark6 hardware (GloHD). Please see the previous post for details on what is included.

The only difference that is important is the update to KSM (Kobo Start Menu) version 8, which is still in testing phase (thus a warning: the layout and setup of KSM8 might change till release). This is an important update as all version up to V7 could create database corruptions (which I have seen several times!) when used with Calibre and the Kepub driver.

Kobo Logo

Other things that are included are as usual: Metazoa firmware patches – for the Glo (non HD) version I have activated the compact layout patch; koreader, pbchess, coolreader, the ssh part of kobohack, custom dictionaries support, and some side-loaded fonts. Again, for details please see the previous post

You can check for database corruption by selecting tools - nickel diverse.msh - db chk integrity.sh in the Kobo Start Menu. If it returns ok, then all is fine. Otherwise you might see problems.

I solved the corruption of my database by first dumping the database to an sql file, and reloading it into a new database. Assuming that you have the file KoboReader.sqlite, what I did is:

$ sqlite3  KoboReader.sqlite 
SQLite version 3.8.11.1 2015-07-29 20:00:57
Enter ".help" for usage hints.
sqlite> PRAGMA integrity_check;
*** in database main ***
Page 5237: btreeInitPage() returns error code 11
On tree page 889 cell 1: 2nd reference to page 5237
Page 4913 is never used
Page 5009 is never used
Error: database disk image is malformed
sqlite> .output foo.sql
sqlite> .dump
sqlite> .quit
$ sqlite3 KoboReader.sqlite-NEW
SQLite version 3.8.11.1 2015-07-29 20:00:57
Enter ".help" for usage hints.
sqlite> .read foo.sql
sqlite> .quit

The first part shows that the database is corrupted. Fortunately dumping succeeded and then reloading it into a new database, too. Finally I replaced (after backup) the sqlite on the device with the new database.

Download

Mark6 – Kobo GloHD

firmware: Kobo 3.17.3 for GloHD

Mega update: Kobo-3.17.3-combined/Mark6/KoboRoot.tgz

Mark4 – Kobo Glo, Auro HD

firmware: Kobo 3.17.3 for Glo and AuroHD

Mega update: Kobo-3.17.3-combined/Mark4/KoboRoot.tgz

Enjoy.

,

TEDAdvice from a young TED speaker: Start a TED-Ed Club at your school

“We kids still dream about perfection. And that's a good thing, because in order to make anything a reality, you have to dream about it first,” said Adora Svitak on the TED stage in 2010, when she was 12. She’s now a TED-Ed intern, and wishes she’d had TED-Ed Clubs when she was high school to help her share ideas with her peers. Photo: James Duncan Davidson/TED

“We kids still dream about perfection. That’s a good thing, because in order to make anything a reality, you have to dream about it first,” said Adora Svitak on the TED stage in 2010, when she was 12. She’s now a TED-Ed intern, and wishes she’d had TED-Ed Clubs in high school to help her bat around ideas. Photo: James Duncan Davidson/TED

If you watch my TED Talk from 2010, you might see a confident 12-year-old, cracking jokes and striding around the stage in glasses that keep sliding down her nose. You won’t see me going home and crying, or starting every page in my journal with four words: “I feel sad today.”

I divided my life into two parts: my tear-stained journal versus my well-practiced speeches. A space to be vulnerable with others, for the larger purpose of sharing ideas? I didn’t have that in my high school.

When I was 12, TED-Ed Clubs didn’t exist — but today they provide students with a place to bat around ideas without judgment. Through a series of 13 meetings, TED-Ed Clubs support students in writing and giving short, TED-style talks. TED-Ed Clubs teach students presentation literacy — whether public speaking is something that comes naturally or outside their comfort zone.

If you asked me or my friends to sum up our high school experience in a word, we might have said “competitive.” While parents peered hawk-eyed at transcripts, students pulled all-nighters and posted on Facebook about acceptances to Ivy League colleges. In discussions in high school, there was a finite amount of time and thus a finite number of “points” to be earned for speaking up. This setup led to a desperate crush of raised hands among those who wanted A’s — and a silent half of the room, filled with kids who had given up on speaking up. We learned to write about “safe” topics in our essays and college applications, because the cost of taking risks seemed too high. In clubs like Model UN and Speech & Debate, we always tried to win — to beat somebody else.

TED-Ed Clubs aren’t about that. By exposing members to great talks on subjects of deep personal relevance, TED-Ed Clubs shine a light on old problems that need fresh perspectives. They create a strong, supportive community of students around the world, and truly celebrate student’s ideas.

Once a TED speaker, Adora Svitak is now a TED-Ed intern. As she watches TED-Ed Clubs talks, she feels a lot of empathy for students dealing with sadness, bullying and the weight of competition. Photo: Courtesy of Adora Svitak

Once a TED speaker, Adora Svitak is now a TED-Ed intern. As she watches TED-Ed Clubs talks, she feels a lot of empathy for students dealing with sadness, bullying and the weight of competition. Photo: Courtesy of Adora Svitak

As a TED-Ed summer intern, I’ve watched TED-Ed Club talks on everything from human-animal grafting to bullying. There’s a glimmer of recognition when I watch some of these videos. Whenever a student chooses to reveal a hidden part of themselves, I’m reminded of a moment at 15 when I finally chose to speak up about the two years of sadness chronicled in my journal. In the days, hours and minutes leading up to this talk, I found myself plagued with self-doubt. I considered backing out and giving a “safer” speech. But I realized that this was the talk I needed to give. It marked the first time I hugged a friend for moral support before darting on-stage, the first time I was scared to look into audience members’ faces as I spoke, the first time I cried because of a standing ovation.

Sometimes it’s easy to discount the value of a story. I was recently asked in an interview, “What achievement are you most proud of?”

I stumbled for a second as I tried to answer. I briefly wondered: is giving a talk really an achievement? But then I remembered Massachusetts Governor Deval Patrick’s famous “Just Words” speech during his election campaign. He said in response to an opponent:

“Her dismissive point … is [that] all I have to offer is words. Just words. ‘We hold these truths to be self-evident, that all men are created equal’ — just words. Just words. ‘We have nothing to fear but fear itself.’ Just words. ‘Ask not what your country can do for you, ask what you can do for your country.’ Just words. ‘I have a dream.’ Just words.”

It took me years, both of speaking and of silence, to realize that the worth of my talks didn’t come from some line item on my resumé or flashy slides, but from the authenticity of my story. Start or join a TED-Ed Club, and you won’t have your achievements memorialized with plaques or monetary rewards. But you will most definitely get, and give, “just words” — the kinds of words that bare your soul and earn you unconditional acceptance from your audience. The kinds of words that give you the power to change someone’s mind, introduce a new idea and affect their life, as subtly as flowing water shapes stones.

Shouldn’t every teenager have that experience?

More than 10,000 students are now sharing their ideas in TED-Ed Clubs. Interested in starting one at your school? Find out more »


CryptogramFriday Squid Blogging: Cephalopod Anatomy Class

Beautiful diorama.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

CryptogramMickens on Security

James Mickens, for your amusement. A somewhat random sample:

My point is that security people need to get their priorities straight. The "threat model" section of a security paper resembles the script for a telenovela that was written by a paranoid schizophrenic: there are elaborate narratives and grand conspiracy theories, and there are heroes and villains with fantastic (yet oddly constrained) powers that necessitate a grinding battle of emotional and technical attrition. In the real world, threat models are much simpler (see Figure 1). Basically, you're either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you'll probably be fine if you pick a good password and don't respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU'RE GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they're going to use a drone to replace your cellphone with a piece of uranium that's shaped like a cellphone, and when you die of tumors filled with tumors, they're going to hold a press conference and say "It wasn't us" as they wear t-shirts that say "IT WAS DEFINITELY US," and then they're going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere. Also, SANTA CLAUS ISN'T REAL. When it rains, it pours.

CryptogramThe Benefits of Endpoint Encryption

An unofficial blog post from FTC chief technologist Ashkan Soltani on the virtues of strong end-user device controls.

TEDThe music of sign language, a computer of water drops: 21 TED Fellows share ideas that swim against the tide

Meklit Hadero finds inspiration for her music all around her — particularly as she listens to the calls of birds and the way human voices rise and fall in pitch as we speak. Photo: Ryan Lash/TED

Meklit Hadero finds inspiration for her music all around her — as she listens to the calls of birds, and to the way human voices rise and fall in pitch. She showed how she shapes these influences into songs in Session 1 of the TED Fellows Retreat. Photo: Ryan Lash/TED

Tides are strong. They move swiftly, sweeping all toward the shore. But TED Fellows refuse to simply drift with the water. They are innovators, advocates and artists who challenge the status quo and work in the spaces between disciplines.

At the second TED Fellows Retreat — held from August 25-28, 2015, and themed “Swimming Against the Tide” — about 300 of these change-makers gathered at the Asilomar Conference Grounds in Pacific Grove, California, for a week of workshops and bonding. The highlight: three sessions of talks, hosted by Tom Rielly, in which Fellows shared their ideas. The scope ranged from how medical tests can be done at the kitchen table to how a series of experimental prisons illuminates the way we think of prisoners as ghosts.

Tap dancer Andrew Nemr started the program with a performance by his dance company, Cats Paying Dues. As a video showed a wave crashing on a beach, they created a ripple effect of rhythm with their feet.  

Then, on to the talks in Session 1:

“We are awash in musical expression, with every word and sentence that we speak, with every word and sentence we receive.”
Meklit Hadero on how the song of woodlarks, the pitch of language and even the little noises we hear in silence can teach us a lot about musicality

“I have dedicated the past 20 years of my life to the research and conservation of tapirs in Brazil. At the moment, I’ve been thinking really hard about the impact of my work. … Am I being effective in safeguarding their survival? Or am I just documenting their extinction?”
Patricia Medici on how a misunderstood mammal in her country actually fuels biodiversity

TED Fellows shared their ideas in three sessions of talks at the Sunset Center Theater, a space designed by architect Julia Morgan. She was the the first woman architect licensed in California, and the first woman to receive the AIA Gold Medal. Photo: Ryan Lash/TED

TED Fellows Retreat sessions took place at the Sunset Center Theater, a space that gave a sense of sacredness to the talks. Between sessions, Fellows conspired about potential collaborations. Photo: Ryan Lash/TED

“When I was younger the sound of my voice / Always seemed to catch me off-guard / So I trained my teeth to become barricade to keep words out.”
Lee Mokobe on how slam poetry helped him overcome selective mutism

“We cannot be the most excellent expression of our collective genius without the full measure of humanity brought to bear.”  
— Astrophysicist Jedidah Isler on how women of color in STEM are uniquely positioned to explore unasked questions

“Shapes are an interface for thinking. They affect and influence the very questions we ask. … Shapes help us see hidden patterns which are normally invisible.”
Kaustuv De Biswas as he demos how his platform, Mappr, visualizes data on TED Fellow collaborations

“The further away we look, the further into the universe’s past we’re looking.”
Renée Hlozek on how the Large Synoptic Survey Telescope will give a closer look at the cosmic history of the universe

“It’s about time that everybody have faith in their own medical ingenuity.”
José Gómez-Márquez introduces Ampli, a Lego set of diagnostic modules that will let the DIY community build medical tests at home

Andrew Nemr invited his his dance company and a few special guests to perform. Their faces shone with delight as they tapped in and out session 1. Photo: Bret Hartman/TED

Andrew Nemr invited special guests from the area to join his dance company and tap out Session 1 of the TED Fellows Retreat. Their faces lit up with delight as they did the Shim Sham. Photo: Bret Hartman/TED

The talks in Session2:

“The cello is an European instrument and it’s generally considered a European tradition. I’m an American. Happily, America has its own growing and diverse tradition of music.”
— Cellist Joshua Roman as he plays pieces by Johann Sebastian Bach and modern composers Mark O’Connor and Mark Summer

“Your goal is not to be charismatic or entertaining, or to tell stories about your life, or your organization, or any of that. Your real goal is to seed an idea in your audience’s mind.”
Chris Anderson on what makes a great talk, in a preview of his book, Talk This Way!: The Official TED Guide to Public Speaking, out in May 2016

“The Bureau of Prisons describes CMUs as ‘self-contained housing units.’ But I think that’s an Orwellian way of describing black holes.”
Will Potter on a series of experimental prisons in the US where communication is shockingly limited for prisoners

“I was born deaf and I was taught to believe sound wasn’t a part of my life. Yet I realize now sound was always a part of my life, really on my mind every day. … How is it that I understand sound? Well, I watch how people behave and respond to sound. You people are like my loudspeakers.”
Christine Sun Kim on how she uses American Sign Language in her art to explore our relationship to art and language

“There are only 32 geometric signs. Only 32 signs across a 30,000-year timespan, in the entire continent of Europe. That is a very small number. If these were random doodles and decorations, we’d expect to see a lot more variation. But instead, what we find are the same signs repeating across both space and time.”
Genevieve von Petzinger on studying the earliest cave art, and discovering that graphic communication might be much older than we think

“I love the old music because it reminds us where we come from and because it reminds us what we already know … I love new music because it gives us a chance to tell the stories we see outside of us.”
Abigail Washburn as she treated us to banjo tunes in both English and Chinese

Christine Sun Kim is deaf — but makes sound and language the center of her art. In her talk, she got the audience signing words and concepts to show them the lyric qualities of sign language. Photo: Ryan Lash/TED

Christine Sun Kim is deaf, but makes sound and language the center of her art. In Session 2 of the TED Fellows Retreat, she asked the audience to sign words and concepts to show them the lyrical qualities of sign language. Photo: Ryan Lash/TED

Session 3 opened with Iyeoka Okoawo singing Every Second Every Hour.” Then:

“As a human being, it’s not uncommon to feel detached from the real time, when you’re jet-lagged and can’t fall asleep in the night or when you’re daydreaming and miss your stop. … There’s no tool available to us to measure the personal perceptions of different times.”
— Designer E Roon Kang on a personalized clock that rejects the idea of a 24-hour clock for everyone

“What else are we allowing as a society that would shame us in 30 years? … We rationalize the unspeakable, forgetting that foundations that might seem unshakably strong today might crumble in our sleep.”
Yana Buhrer Tavanier on why she moved from writing articles on the inhumane treatment she saw in mental health facilities in Bulgaria to creating art to make people feel it

“Plastic, oil and radioactivity are horrible legacies. But the very worst legacy we can leave children are lies. We can no longer afford to shield kids from the ugly truth, because we need their imaginations to invent solutions. ”
Cesar Harada on how, at Maker Bay, kids think about environmental and social problems too

“Fire takes a thing that’s gone solid / a thing that is sleeping, settled in form / and breaks it apart, frees up its element / released to the sky in a storm of delight.”
Ben Burke performs his poem “Old Friend,” a reflection on fire

“We accept things in our religious lives that we do not accept in our secular lives. … Religion doesn’t just create the roots of morality, it creates the seeds of normality.”
Chelsea Shields on why she fights for gender equality in the Mormon church

“We have all the things needed to build universal Turing machines out of little droplets of water.”
Manu Prakash on how an observation about the movement of water drops led to the creation of a fluid-based computer

The day closed with a final performance from Meklit Hadero and her band. And the audience left the auditorium with something TED Curator Chris Anderson said hanging in the air: “If you were to take all of the ideas in the world that matter, a shockingly high number of them are represented in this room — right here, right now. The reason you’re a TED Fellow is because we thought that you were doing work and creating an idea that deserved to be more widely shared.”

Manu Prakash invents ways to make scientific equipment affordable for all. At the TED Fellows Retreat, he shared the decade of thinking that became his water computer — and shared that the audience could make it at home. Photo: Ryan Lash/TED

Manu Prakash invents ways to make scientific equipment affordable for all. In Session 3 of the TED Fellows Retreat, he spoke on the decade of thinking behind his water computer, and gave the audience a kit to test the concepts at home. Photo: Ryan Lash/TED


LongNow2,000-Year Old Termite Mounds Found in Central Africa

Much like ants, termites are a testament to the adage that a whole is greater than the sum of its parts. A single termite is an almost translucent creature, no more than a few millimeters long. But put several thousand of them together, and they become capable of building expansive structures, some reaching up as high as 17 feet.

Moreover, a recent discovery suggests that some termite mounds are not only very tall, but also very old. A joint Belgian-Congolese team of geologists carbon-dated a set of four mounds in the Congo’s Miombo Woods, and found them to be between 680 and 2200 years old. Though the oldest of these had been abandoned centuries ago, the researchers infer from their findings that some species of termites can inhabit one and the same structure for several hundreds of years. This far exceeds the lifespan of any one colony (which matches that of its queen), suggesting that a kind of intergenerational inheritance passes the mound from one queen to the next.

Swarm intelligence, it seems, leads not only to highly organized labor and solid engineering, but also to long-term thinking.

Planet DebianGunnar Wolf: 180

180 degrees — people say their life has changed by 180° whenever something alters their priorities, their viewpoints, their targets in life.

In our case, it's been 180 days. 183 by today, really. The six most amazing months in my life.

We are still the same people, with similar viewpoints and targets. Our priorities have clearly shifted.

But our understanding of the world, and our sources of enjoyment, and our outlook for the future... Are worlds apart. Not 180°, think more of a quantic transposition.

CryptogramGerman BfV - NSA Cooperation

The German newspaper Zeit is reporting the BfV, Germany's national intelligence agency, (probably) illegally traded data about Germans to the NSA in exchange for access to XKeyscore. From Ars Technica:

Unlike Germany's foreign intelligence service, the Bundesnachrichtendienst (BND), the domestic-oriented BfV does not employ bulk surveillance of the kind also deployed on a vast scale by the NSA and GCHQ. Instead, it is only allowed to monitor individual suspects in Germany and, even to do that, must obtain the approval of a special parliamentary commission. Because of this targeted approach, BfV surveillance is mainly intended to gather the content of specific conversations, whether in the form of e-mails, telephone exchanges, or even faxes, if anyone still uses them. Inevitably, though, metadata is also gathered, but as Die Zeit explains, "whether the collection of this [meta]data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts."

The BfV had no problems convincing itself that it was consistent with Germany's laws to collect metadata, but rarely bothered since­ -- remarkably­ -- all analysis was done by hand before 2013, even though metadata by its very nature lends itself to large-scale automated processing. This explains the eagerness of the BfV to obtain the NSA's XKeyscore software after German agents had seen its powerful metadata analysis capabilities in demonstrations.

It may also explain the massive expansion of the BfV that the leaked document published by Netzpolitik had revealed earlier this year. As Die Zeit notes, the classified budget plans "included the information that the BfV intended to create 75 new positions for the 'mass data analysis of Internet content.' Seventy-five new positions is a significant amount for any government agency."

Note that the documents this story is based on seem to have not been provided by Snowden.

RacialiciousSummer TV Recap: Reflections on HBO’s Ballers

by Kendra James

HBO’s Ballers is one of the most confusing yet simplistic shows to debut this summer. It doesn’t require more than 30 minutes of your attention a week, and if asked what it’s about you need only three words to explain: Entourage with football.

Starring Dwayne Johnson, John David Washington, Dule Hill, Omar Benson Miller, and Rob Corddry, the show was billed as a comedy about the lives of current and retired football players in Miami that would entertain while also highlighting some of the issues the NFL has faced (or tried to quietly sweep under the rug) over the past decade.

In reality, calling it a comedy would be an overstatement. It is better described as a show with an occasional guffaw. The pilot was directed by Peter Berg, who also directed the film and eventual pilot for Friday Night Lights before sticking around to executive produce that show’s entire run. That pedigree, and the fact that Ballers debuted before Berg shared a transphobic meme about Caitlin Jenner, had me inclined to at least give the pilot a chance.

The confusion in watching Ballers comes when you realise that you are still watching Ballers. By the time you’ve reached the finale you’re done trying to explain why you’re watching Ballers: an uneven show being kept afloat by nothing (really, nothing) more than the charm of the cast and the frustration of knowing that underneath the luxury porn and sex jokes there could be something there.

Wyatt Cenac on Twitter- -There's maybe only one response to being in a Miami hotel when room service finds you watching 'Ballers.' Holler out -YOLO- and over tip.-.clipular

 

Johnson is the ostensible lead as Spencer Strasmore, a former football player who’s moved into sports wealth management in his retirement. The two players he manages, Vernon Littlefield (Donovan Carter) and Ricky Jarrett (Washington) represent two distinct, if broadly drawn, tropes of NFL player. Vernon is new to money, and so is his entire family who he spends it on indiscriminately. His friend Reggie (London Brown) from the old neighborhood is his ‘financial manager’, and yes, that goes as badly as you think it will. Ricky is another young player, but his problems are self-imposed: He has a temper, a preoccupation with sleeping with every woman he comes across, and a chip on his shoulder the size and shape of his absentee father.

Johnson’s character is not a challenge to play, and the setting of Miami is a familiar one. He played football for the University of Miami and his former wife ran a Miami based wealth management company. Spencer requires very little dramatic stretch. He’s the straight man, trying to maintain his cool while navigating through a sea of idiocy– and his own issues.. When we meet Spencer in the pilot he’s downing a handful of pills for the headaches that plague him in his retirement. Ballers is subtle about very little, and it doesn’t take a huge jump to figure out that he is representative of the many NFL players who suffered possible severe head trauma during his playing days. A large portion of the season is taken up with Spencer’s reluctance to get an MRI to find out the extent of his potential brain damage. When Spencer finally does go in for the MRI he is given a clean bill of health. His headaches are psychosomatic and his time in the NFL will have zero consequences.

Zero consequences” quickly becomes a recurring theme on Ballers. The finale sees the Dallas Cowboys come back with the offer Reggie and Vernon wanted. Vernon signs the contract, Reggie makes good with Spencer, and the entire family sits down to a steak dinner and a $21 million advance check.

Reggie, Vernon, and the chains they can't actually afford yet.

Reggie, Vernon, and the chains they can’t actually afford yet.

Between Spencer’s player clients, I’d assumed that Vernon’s storyline would be more interesting. Watching a young man deal with his perceived obligations to his family and maintain ties to his community while struggling a new career and new money in the NFL seemed more promising than “haha, Ricky accidentally sleeps with his new Miami Dolphins teammate’s mother.” With Sports Illustrated estimating that 76% of NFL players are under financial stress in retirement despite being paid millions of dollars in just a single season alone, writers should have had plenty to work with. It starts off promisingly, as we meet Vernon’s huge family who has followed him (and his wealth) to Miami expecting to be taken care of with houses, cars, and lobster dinners.

When you have characters like this, you want them to learn something. You want growth. You want consequences. Reggie starts off as a character who’s fun to hate as he unintentionally sabotages Vernon’s career, and spends the season urging Vernon to continue to reject $40 million offers from the Cowboys in the naive hopes of receiving something higher. As Vernon continues to listen to Reggie instead of Spencer and his agent, I assumed the contract would fall through and it would be a lesson learned. I thought Reggie would get the boot, and they’d take the plot into the next season and start rebuilding Vernon’s career.

On the other hand, when we meet Ricky, he’s been caught having sex in a strip club, which gets him released from his contract. He manages, after screwing up a few times in the process, to secure a spot on the Dolphins. Once on the team, he begins cheating on his long term girlfriend with the mother of one of his teammates which, predictably, causes some locker room friction. Ricky’s entire arc revolves around him making childish decisions and getting Spencer to help him clean them up. We learn that Ricky blames much of his pathos on his absentee father, also an NFL star.

Ricky reveals secrets about his father during a one-on-one interview.

Ricky reveals secrets about his father during a one-on-one interview.

But even this fails to pay off. Ricky’s father, played by Robert Wisdom, shows up in the final episode and claims he was an absentee parent on purpose in order to give his son the drive he needed to be good at football. This bit of questionable reasoning is enough for Ricky to finally remove the specter of his father from his life and show up at training camp ready to take the season seriously. He’s still a diva, as demonstrated in his strange, possibly offensive costumed camel-top arrival to camp, but faces no consequences or problems going into the new football (or show) season.

Miami Entourage debuts after the NFL’s most tumultuous public relations year in recent memory. Jovan Belcher murdered his girlfriend before killing himself in 2012. In 2014, after his mother filed an unlawful death suit against his former team the Chiefs, a medical examiner determined that Belcher had brain damage likely incurred from taking too many hits on the field. His diagnosis, the degenerative disease CTE, affected the centers of the brain that controlled emotion and could have contributed to his actions. One only need mention the names Ray Rice and Adrian Peterson to conjure up an image that doesn’t reflect well on America’s pastime. Peterson’s charges of child abuse and Rice’s recorded physical abuse of his wife resulted in suspensions of 1 and 2 games respectively (Rice’s indefinite suspension was overturned in federal court). While already embroiled in ‘Deflate-Gate’ Tom Brady destroyed evidence, and still only received a 4 game suspension.

All of this considered, Ballers’ commitment to making sure each one of it’s characters gets away with poor behaviour and bad choices is either the result of one of the laziest writer’s room currently working on television, or one of the most brilliant. Poorly written or not, the show can be a disturbing mirror of the NFL’s reality. This is a stark contrast to ESPN’s short lived Playmakers (2003), an hour long more inclined to taking on deeper issues and the players who suffered because of them. 

I hesitate to give too much credit to a show where ‘two grown men get caught throwing a rager on their bosses’ yacht’ is a critical plot point. But Ballers is also the first show that takes place in a reality concurrent to our own where I’ve seen the words ‘Black Lives Matter’ on screen– a quick shot, but clearly purposefully staged. In that way, the show also mirrors our reality where athletes have taken some of the most public stances in support of the BLM movement. Like the athletes who walked out to practices in ‘I Can’t Breathe’ tees in visual solidarity, Ballers only lets the camera linger on the words in the scene before panning away. In some ways I do believe that Ballers, a show with a cast made up by a majority of Men of Color, has a point of view that aligns with the reality those actors live in. On the other hand the things they (like the NFL, to some extent) have chosen to ignore, like the complete absence of domestic violence, are just as conspicuous.

HBO GO. It's HBO. Anywhere..clipular (1)

As much as I enjoyed the season’s lite-fare, I spent a lot of time frustrated with all that it didn’t do. Vulture suggested that the lack of consequences and the neatly wrapped up finale was the writers thinking they’d only have the talented cast for a single season. After all Dwayne Johnson is a Hollywood leading man, and someone like John David Washington (Denzel’s son, by the way) should have his pick of roles after showing that he can shine even through mediocrity. This fear proved unwarranted, however, when Ballers was picked up for a second season before the first had finished airing. It was recently declared HBO’s most watched comedy this decade, which is significant for a show where there were only two white characters who recurred in all 10 episodes.

Next summer on Ballers I’d like to see the show’s Bro Gaze shift– there are barely any women on this show, and aside from a glorious ten seconds of The Rock’s backside, female nudity was plentiful. I’d like to have someone address the entitlement displayed by players like Tom Brady, or maybe they could talk about the bullying that went on in the real life Miami Dolphins. I was surprised that they didn’t get around to addressing the fines Black players can get for saying “nigger” on the field, if only because in the right hands that could be comedic gold. I’d love to see someone address domestic violence, even if it is tied into the already existing threads about brain trauma.

I was confused about why I was enjoying Ballers, but the fact remains that I enjoyed it and I want it to better. There’s a lot left for this show to cover. Season 1 was the mirror. Season 2 has the chance to be a moment of reflection.


 

[Ballers is currently airing in reruns on HBO, and is available for streaming on HBOGo. It’s a great quick, rainy Sunday binge watch. Be prepared for nudity, coarse language, and repeatedly having to yell back up the stairs to the older Black women in your life that, no, you are not watching a Denzel Washington movie, his son just sounds exactly like him, so please don’t come downstairs because the last thing you want to do is watch Ballers with your mother.]

The post Summer TV Recap: Reflections on HBO’s Ballers appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesIs New Orleans undergoing a revival?

Generally, residents of New Orleans are “remarkably optimistic” about its recovery and future. Partly because the city had just begun to recover from Hurricane Katrina when the Great Recession began, it suffered less job loss relative to its pre-recession state and GDP actually grew 3.9% between 2008 and 2011. No other southern metropolitan area cracked 2% in the same period.

Richard Webster, writing for nola.com, offers the following evidence of New Orleans’ resilience in the face of the Great Recession. Chart 1 shows that it lost a smaller percentage of its jobs than the U.S. as a whole.

19

 

This is even more significant as it looks, as New Orleans had been in economic decline for decades before Katrina. At EconSouth, Charles Davidson reports that “the economy in New Orleans has reversed decades of decline and outperformed the nation and other southern metropolitan areas. Consider: the job growth in New Orleans shown in Chart 2 may not look impressive, but compare it to the declines of its neighbors (blue is before Katrina, green is after).

2

Residents seem to feel that the city is doing well, with the stark exception of fear of crime. But white residents are much happier with the state of the city than the 60% of residents who identifies as African American (image via NPR). This likely reflects the widening wealth gap in the city post-Katrina.

3

New Orleans continues to face serious problems, including low wages, a widening wealth gap, an evisceration of the public schooling system, underfunded higher ed, high crime, negative effects of gentrification, and the looming threat of another storm. Still, thanks to greater diversification of its economy, entrepreneurship, record tourism, and rising investment money, many are arguing that the city is in the midst of a revival.

Lisa Wade is a professor of sociology at Occidental College. She writes about New Orleans here. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Sociological ImagesHappy Birthday, C. Wright Mills!

Krebs on SecuritySix Nabbed for Using LizardSquad Attack Tool

Authorities in the United Kingdom this week arrested a half-dozen young males accused of using the Lizard Squad’s Lizard Stresser tool, an online service that allowed paying customers to launch attacks capable of taking Web sites offline for up to eight hours at a time.

The Lizard Stresser came to prominence not long after Christmas Day 2014, when a group of young n’er-do-wells calling itself the Lizard Squad used the tool to knock offline the Sony Playstation and Microsoft Xbox gaming networks. As first reported by KrebsOnSecurity on Jan. 9, the Lizard Stresser drew on Internet bandwidth from hacked home Internet routers around the globe that are protected by little more than factory-default usernames and passwords. The LizardStresser service was hacked just days after that Jan. 9 story, and disappeared shortly after that.

The Lizard Stresser's add-on plans. In case it wasn't clear, this service is *not* sponsored by Brian Krebs.

The Lizard Stresser’s add-on plans. In case it wasn’t clear, this service was *not* sponsored by Brian Krebs as suggested in the screenshot.

“Those arrested are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous,” reads a statement from the U.K.’s National Crime Agency (NCA). “Organisations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies and a number of online retailers.”

The NCA says investigators also in the process of visiting 50 addresses linked to individuals registered on the Lizard Stresser Website but who haven’t yet carried out any apparent attacks. The agency notes that one-third of those individuals are below the age of 20, and that its knock-and-talk efforts are part of its wider work to address younger people at risk of entering into serious forms of cybercrime.

According to research published this month, the Lizard Stresser had more than 176 paying subscribers who launched more than 15,000 attacks against 3,907 targets in the two months the service was in operation.

For more information about how to beef up the security your Internet router, check out the “Harden Your Hardware” subsection in the post Tools for a Safer PC.

Further reading:

Stress-Testing the Booter Services, Financially

Story Category: DDoS-for-Hire

Finnish Decision is Win for Internet Trolls

Who’s In the Lizard Squad?

Crooks Use Hacked Routers to Aid Cyberheists

Spam Uses Default Passwords to Hack Routers

Planet DebianZlatan Todorić: The big life adventure called DebConf15

By the help of sponsorship I managed again to attend the conference where Debian family gathers. This is going to be a mix without any particular order of everything, anything and nothing else ;)

attendance pic

I arrived to Heidelberg Main Train Station around 9am on 15th August and almost right away found Debian people so it made my trip to hostel easier. After arrival I checked in but needed to wait for 3 hours to get the key (it seems that SA will not have that problem at all, which is already an improvement). Although waiting was 3 hours long, it wasn't actually difficult at all as I started hugging and saying hi to many old (the super old super friend of mine - moray, or how I call him, "doc") and new friends. I just must say - if you know or don't know Rhonda, try to get somehow into her hugs. With her hug I acknowledged that I really did arrive to reunion.

Read more… (14 min remaining to read)

Worse Than FailureError'd: Political Errors

"I agree, Google. When it comes to news coverage of politically sensitive topics, many errors have occurred," writes Scott.

 

"Jay F. wrote, "Not quite what I'd call 'free'..."

 

"Does this mean I'm the first? Or that my ID doesn't exist? Or did they just insult me and call me a zero?" writes Michael.

 

Josef V. wrote, "You like EventArgs? I've got EventArgs for days and days."

 

"To be honest, I don't want either Chuck or Wizards of the Coast sending me emails, so this works out just fine," Andrew P. wrote.

 

"I gave up on waiting in the queue to chat with a Microsoft representative after noticing the change in my 'progress'," Michael P. wrote.

 

"Wow, they sure have some strange weather up in Toronto," writes Geoff.

 

"Great. Not only did Word crash, but now I'm seeing double!" Vance wrote.

 

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

Planet DebianDimitri John Ledkov: Go enjoy Python3

Given a string, get a truncated string of length up to 12.

The task is ambiguous, as it doesn't say anything about whether or not 12 should include terminating null character or not. None the less, let's see how one would achieve this in various languages.
Let's start with python3

import sys
print(sys.argv[1][:12])

Simple enough, in essence given first argument, print it up to length 12. As an added this also deals with unicode correctly that is if passed arg is 車賈滑豈更串句龜龜契金喇車賈滑豈更串句龜龜契金喇, it will correctly print 車賈滑豈更串句龜龜契金喇. (note these are just random Unicode strings to me, no idea what they stand for).

In C things are slightly more verbose, but in essence, I am going to use strncpy function:

#include <stdio.h>
#include <string.h>
void main(int argc, char *argv[]) {
char res[12];
strncpy(res,argv[1],12);
printf("%s\n",res);
}
This treats things as byte-array instead of unicode, thus for unicode test it will end up printing just 車賈滑豈. But it is still simple enough.
Finally we have Go
package main

import "os"
import "fmt"
import "math"

func main() {
fmt.Printf("%s\n", os.Args[1][:int(math.Min(12, float64(len(os.Args[1]))))])
}
This similarly treats argument as a byte array, and one needs to cast the argument to a rune to get unicode string handling. But there are quite a few caveats. One cannot take out of bounds slices. Thus a naïve os.Args[1][:12] can result in a runtime panic that slice bounds are out of range. Or if a string is known at compile time, a compile time error. Hence one needs to calculate length, and do a min comparison. And there lies the next caveat, math.Min() is only defined for float64 type, and slice indexes can only be integers and thus we end up writing ]))))])...

12 points for python3, 8 points for C, and Go receives nul points Eurovision style.

EDIT: Andreas Røssland and James Hunt are full of win. Both suggesting fmt.Printf("%.12s\n", os.Args[1]) for go. I like that a lot, as it gives simplicity & readability without compromising the default safety against out of bounds access. Hence the scores are now: 14 points for Go, 12 points for python3 and 8 points for C.

EDIT2: I was pointed out much better C implementation by Keith Thompson - http://pastebin.com/5i7rFmMQ in essence it uses strncat() which has much better null termination semantics. And Ben posted a C implementation which handles wide characters http://www.decadent.org.uk/ben/blog/truncating-a-string-in-c.html. I regret to inform you that this blog post got syndicated onto hacker news and has now become the top viewed post on my blog of all time, overnight. In retrospect, I regret awarding points at the end of the blog post, as that's just was merely an expression of opinion and is highly subjective measure. But this problem statement did originate from me reviewing go code that did "if/then/else" comparison and got it wrong to truncate a string and I thought surely one can just do [:12] which has lead me down the rabbit hole of discovering a lot about Go; it's compile and runtime out of bounds access safeguards; lack of universal Min() function; runes vs strings handling and so on. I'm only a beginner go programmer and I am very sorry for wasting everyone's time on this. I guess people didn't have much to do on a Throwback Thursday.

The postings on this site are my own and don't necessarily represent Intel’s positions, strategies, or opinions.

Planet DebianLucas Nussbaum: DebConf’15

I attended DebConf’15 last week. After being on semi-vacation from Debian for the last few months, recovering after the end of my second DPL term, it was great to be active again, talk to many people, and go back to doing technical work. Unfortunately, I caught the debbug quite early in the week, so I was not able to make it as intense as I wanted, but it was great nevertheless.

I still managed to do quite a lot:

  • I rewrote a core part of UDD, which will make it easier to monitor data importer scripts and reduce the cron-spam
  • with DSA members, I worked on finding a suitable workaround for the storage performance issues that have been plaguing UDD for the last few months. fsyncs() will now longer hang for 15 minutes, yay!
  • I added a DUCK importer to UDD, and added that information to the Debian Maintainer Dashboard
  • I worked a bit on cleaning up the status of my packages, including digging into a strange texlive issue (that showed up in developers-reference), that is now fixed in unstable
  • I worked a bit on improving git-buildpackage documentation (more to come in that area)
  • Last but not least, I played Mao for the first time in years, and it was a lot of fun. (even if my brain is still slowly recovering)

DC15 was a great DebConf, probably one of the two bests I’ve attended so far. I’m now looking forward to DC16 in Cape Town!

Planet Linux AustraliaStewart Smith: Running OPAL in qemu – the powernv platform

Ben has a qemu tree up with some work-in-progress patches to qemu to support the PowerNV platform. This is the “bare metal” platform like you’d get on real POWER8 hardware running OPAL, and it allows us to use qemu like my previous post used the POWER8 Functional Simulator – to boot OpenPower firmware.

To build qemu for this, follow these steps:

apt-get -y install gcc python g++ pkg-config libz-dev libglib2.0-dev \
  libpixman-1-dev libfdt-dev git
git clone https://github.com/ozbenh/qemu.git
cd qemu
./configure --target-list=ppc64-softmmu
make -j `grep -c processor /proc/cpuinfo`

This will leave you with a ppc64-softmmu/qemu-system-ppc64 binary. Once you’ve built your OpenPower firmware to run in a simulator, you can boot it!

Note that this qemu branch is under development, and is likely to move/change or even break.

I do it like this:

cd ~/op-build/output/images;  # so skiboot.lid is in pwd
~/qemu/ppc64-softmmu/qemu-system-ppc64 -m 1G -M powernv \
-kernel zImage.epapr -nographic \
-cdrom ~/ubuntu-vivid-ppc64el-mini.iso

and this lets me test that we launch the Ubunut vivid installer correctly.

You can easily add other qemu options such as additional disks or networking and verify that it works correctly. This way, you can do development on some skiboot functionality or a variety of kernel and op-build userspace (such as the petitboot bootloader) without needing either real hardware or using the simulator.

This is useful if, say, you’re running on ppc64el, for which the POWER8 functional simulator is currently not available on.

Planet Linux AustraliaStewart Smith: doing nothing on modern CPUs

Sometimes you don’t want to do anything. This is understandably human, and probably a sign you should either relax or get up and do something.

For processors, you sometimes do actually want to do absolutely nothing. Often this will be while waiting for a lock. You want to do nothing until the lock is free, but you want to be quick about it, you want to start work once that lock is free as soon as possible.

On CPU cores with more than one thread (e.g. hyperthreading on Intel, SMT on POWER) you likely want to let the other threads have all of the resources of the core if you’re sitting there waiting for something.

So, what do you do? On x86 there’s been the PAUSE instruction for a while and on POWER there’s been the SMT priority instructions.

The x86 PAUSE instruction delays execution of the next instruction for some amount of time while on POWER each executing thread in a core has a priority and this is how chip resources are handed out (you can set different priorities using special no-op instructions as well as setting the Relative Priority Register to map how these coarse grained priorities are interpreted by the chip).

So, when you’re writing spinlock code (or similar, such as the implementation of mutexes in InnoDB) you want to check if the lock is free, and if not, spin for a bit, but at a lower priority than the code running in the other thread that’s doing actual work. The idea being that when you do finally acquire the lock, you bump your priority back up and go do actual work.

Usually, you don’t continually check the lock, you do a bit of nothing in between checking. This is so that when the lock is contended, you don’t just jam every thread in the system up with trying to read a single bit of memory.

So you need a trick to do nothing that the complier isn’t going to optimize away.

Current (well, MySQL 5.7.5, but it’s current in MariaDB 10.0.17+ too, and other MySQL versions) code in InnoDB to “do nothing” looks something like this:

ulint ut_delay(ulint   delay)
{
        ulint   i, j;
        UT_LOW_PRIORITY_CPU();
        j = 0;
        for (i = 0; i < delay * 50; i++) {
                j += i;
                UT_RELAX_CPU();
        }
        if (ut_always_false) {
                ut_always_false = (ibool) j;
        }
        UT_RESUME_PRIORITY_CPU();
        return(j);
}

On x86, UT_RELAX_CPU() ends up being the PAUSE instruction.

On POWER, the UT_LOW_PRIORITY_CPU() and UT_RESUME_PRIORITY_CPU() tunes the SMT thread priority (and on x86 they’re defined as nothing).

If you want an idea of when this was all written, this comment may be a hint:

/*!< in: delay in microseconds on 100 MHz Pentium */

But, if you’re not on x86 you don’t have the PAUSE instruction, instead, you end up getting this code:

# elif defined(HAVE_ATOMIC_BUILTINS)
#  define UT_RELAX_CPU() do { \
     volatile lint      volatile_var; \
     os_compare_and_swap_lint(&volatile_var, 0, 1); \
   } while (0)

Which you may think “yep, that does nothing and is not optimized away by the compiler”. Except you’d be wrong! What it actually does is generates a lot of memory traffic. You’re now sitting in a tight loop doing atomic operations, which have to be synchronized between cores (and sockets) since there’s no real way that the hardware is going to be able to work out that this is only a local variable that is never accessed from anywhere.

Additionally, the ut_always_false and j variable there is also attempts to trick the complier into not optimizing the loop away, and since ut_always_false is a global, you’re generating traffic to a single global variable too.

Instead, what’s needed is a compiler barrier. This simple bit of nothing tells the compiler “pretend memory has changed, so you can’t optimize around this point”.

__asm__ __volatile__ ("":::"memory")

So we can eliminate all sorts of useless non-work and instead do what we want: do nothing (a for loop for X iterations that isn’t optimized away by the compiler) and don’t have side effects.

In MySQL bug 74832 I detailed this with the appropriately produced POWER assembler. Unfortunately, this patch (submitted under the OCA) has sat since November 2014 (so, over 9 months) with no action. I’m a bit disappointed by that to be honest.

Anyway, the real moral of this story is: don’t implement your own locking primitives. You’re either going to get it wrong or you’ll be wrong in a few years when everything changes under you.

See also:

Planet DebianBen Hutchings: Securing my own blog

Yeah I know, a bit ironic that this isn't available over HTTP-S. I could reuse the mail server certificate to make https://decadent.org.uk/ work...

Planet DebianBen Hutchings: Securing debcheckout of git repositories

Some source packages have Vcs-Git URLs using the git: scheme, which is plain-text and unauthenticated. It's probably harder to MITM than HTTP, but still we can do better than this even for anonymous checkouts. git is now nearly as efficient at cloning/pulling over HTTP-S, so why not make that the default?

Adding the following lines to ~/.gitconfig will make git consistently use HTTP-S to access Alioth. It's not quite HTTPS-Everywhere, but it's a step in that direction:

[url "https://anonscm.debian.org/git/"]
	insteadOf = git://anonscm.debian.org/
	insteadOf = git://git.debian.org/

Additionally you can automatically fix up the push URL in case you have or are later given commit access to the repository on Alioth:

[url "git+ssh://git.debian.org/git/"]
	pushInsteadOf = git://anonscm.debian.org/
	pushInsteadOf = git://git.debian.org/

Similar for git.kernel.org:

[url "https://git.kernel.org/pub/scm/"]
	insteadOf = git://git.kernel.org/pub/scm/
[url "git+ssh://ra.kernel.org/pub/scm/"]
	pushInsteadOf = git://git.kernel.org/pub/scm/

RTFM for more information on these configuration variables.

Krebs on SecurityFBI: $1.2B Lost to Business Email Scams

The FBI today warned about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers. According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015.

athook

In January 2015, the FBI released stats showing that between Oct. 1, 2013 and Dec. 1, 2014, some 1,198 companies lost a total of $179 million in so-called business e-mail compromise (BEC) scams, also known as “CEO fraud.” The latest figures show a marked 270 percent increase in identified victims and exposed losses. Taking into account international victims, the losses from BEC scams total more than $1.2 billion, the FBI said.

“The scam has been reported in all 50 states and in 79 countries,” the FBI’s alert notes. “Fraudulent transfers have been reported going to 72 countries; however, the majority of the transfers are going to Asian banks located within China and Hong Kong.”

CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name. For example, if the target company’s domain was “example.com” the thieves might register “examp1e.com” (substituting the letter “L” for the numeral 1) or “example.co,” and send messages from that domain.

Unlike traditional phishing scams, spoofed emails used in CEO fraud schemes are unlikely to set off spam traps, because these are targeted phishing scams that are not mass e-mailed. Also, the crooks behind them take the time to understand the target organization’s relationships, activities, interests and travel and/or purchasing plans.

They do this by scraping employee email addresses and other information from the target’s Web site to help make the missives more convincing. In the case where executives or employees have their inboxes compromised by the thieves, the crooks will scour the victim’s email correspondence for certain words that might reveal whether the company routinely deals with wire transfers — searching for messages with key words like “invoice,” “deposit” and “president.”

On the surface, business email compromise scams may seem unsophisticated relative to moneymaking schemes that involve complex malicious software, such as Dyre and ZeuS. But in many ways, the BEC attack is more versatile and adept at sidestepping basic security strategies used by banks and their customers to minimize risks associated with account takeovers. In traditional phishing scams, the attackers interact with the victim’s bank directly, but in the BEC scam the crooks trick the victim into doing that for them.

Business Email Compromise (BEC) scams are more versatile and adaptive than more traditional malware-based scams.

Business Email Compromise (BEC) scams are more versatile and adaptive than more traditional malware-based scams.

In these cases, the fraudsters will forge the sender’s email address displayed to the recipient, so that the email appears to be coming from example.com. In all cases, however, the “reply-to” address is the spoofed domain (e.g. examp1e.com), ensuring that any replies are sent to the fraudster.

The FBI’s numbers would seem to indicate that the average loss per victim is around $100,000. That may be so, but some of the BEC swindles I’ve written about thus far have involved much higher amounts. Earlier this month, tech firm Ubiquiti Networks disclosed in a quarterly financial report that it suffered a whopping $46.7 million hit because of a BEC scam.

In February, con artists made off with $17.2 million from one of Omaha, Nebraska’s oldest companies — The Scoular Co., an employee-owned commodities trader. According to Omaha.com, an executive with the 800-employee company wired the money in installments last summer to a bank in China after receiving emails ordering him to do so.

In March 2015, I posted the story Spoofing the Boss Turns Thieves a Tidy Profit, which recounted the nightmarish experience of an Ohio manufacturing firm that came within a whisker of losing $315,000 after an employee received an email she thought was from her boss asking her to wire the money to China to pay for some raw materials.

The FBI urges businesses to adopt two-step or two-factor authentication for email, where available, and/or to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media, as attackers perpetrating these schemes often will try to discover information about when executives at the targeted organization will be traveling or otherwise out of the office.

Consumers are not immune from these types of scams. According to a related advisory posted the FBI today, in the three months between April 1, 2015 and June 30, 2015, the agency received 21 complaints from consumers who suffered losses of nearly $700,000 after having their inboxes hijacked or spoofed by thieves. The FBI said it identified approximately $14 million in attempted losses associated with open FBI investigations into such crimes against consumers.

Planet DebianBen Hutchings: Securing git imap-send in Debian

I usually send patches from git via git imap-send, which gives me a chance to edit and save them through my regular mail client. Obviously I want to make a secure connection to the IMAP server. The upstream code now supports doing this with OpenSSL, but git is under GPL and it seems that not all relevant contributors have given the extra permission to link with OpenSSL. So in Debian you still need to use an external program to provide a TLS tunnel.

The commonly used TLS tunnelling programs, openssl s_client and stunnel, do not validate server certificates in a useful way - at least by default.

Here's how I've configured git imap-send and stunnel to properly validate the server certificate. If you use the PLAIN or LOGIN authentication method with the server, you will still see the warning:

*** IMAP Warning *** Password is being sent in the clear

The server does see the clear-text password, but it is encrypted on the wire and git imap-send just doesn't know that.

~/.gitconfig

[imap]
	user = ben
	folder = "drafts"
	tunnel = "stunnel ~/.git-imap-send/stunnel.conf"

~/.git-imap-send/stunnel.conf

debug = 3
foreground = yes
client = yes
connect = mail.decadent.org.uk:993
sslVersion = TLSv1.2
renegotiation = no
verify = 2
; Current CA for the IMAP server.
; If you don't want to pin to a specific CA certificate, use
; /etc/ssl/certs/ca-certificates.crt instead.
CAfile = /etc/ssl/certs/StartCom_Certification_Authority.pem
checkHost = mail.decadent.org.uk

If stunnel chokes on the checkHost variable, it doesn't support certificate name validation. Unfortunately no Debian stable release has this feature - only testing/unstable. I'm wondering whether it would be worthwhile to backport it or even to make a stable update to add this important security feature.

,

Planet DebianNorbert Preining: Kobo Japanese Dictionary Enhancer 1.1

Lots of releases in quick succession – the new Kobo Japanese Dictionary Enhancer brings multi-dictionary support and merged translation support. Using the Wadoku project’s edict2 database we can now add also German translations.

kobo-japanese-dictionary-enhancer

Looking at the numbers, we have now 326064 translated entries when using the English edict2, and 368943 translated entries when using the German Wadoku edict version. And more than that, as an extra feature it is now also possible to have merged translations, so to have both German and English translations added.

kobo-dict-de-en

Please head over to the main page of the project for details and download instructions. If you need my help in creating the updated dictionary, please feel free to contact me.

Enjoy.

Planet DebianBen Hutchings: Truncating a string in C

This version uses the proper APIs to work with the locale's multibyte encoding (with single-byte encodings being a trivial case of multibyte). It will fail if it encounters an invalid byte sequence (e.g. byte > 127 in the "C" locale), though it could be changed to treat each rejected byte as a single character.

#include <locale.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <wchar.h>

int main(int argc, char **argv)
{
    size_t n = 12, totlen = 0, maxlen, chlen;

    setlocale(LC_ALL, "");

    if (argc != 2)
	return EXIT_FAILURE;

    maxlen = strlen(argv[1]);

    while (n--) {
	chlen = mbrlen(argv[1] + totlen, maxlen - totlen, NULL);
	if (chlen > MB_CUR_MAX)
	    return EXIT_FAILURE;
	totlen += chlen;
    }

    printf("%.*s\n", (int)totlen, argv[1]);
    return 0;
}

Planet DebianAlexander Wirt: Basic support for SSO Client certificates on paste.debian.net

Sometimes waiting for a delayed flight helps to implement things. I added some basic support for the new Debian SSO Client Certificate feature to paste.debian.net.

If you are using such a certificate most anti-spam restrictions, code limitations and so on won’t count for you anymore.

Planet DebianRitesh Raj Sarraf: Laptop Mode Tools - 1.68

I am please to announce the release of Laptop Mode Tools, version 1.68.

This release is mainly focused on integration with the newer init system, systemd. Without the help from the awesome Debian systemd maintainers, this would not have been possible. Thank you folks.

While the focus now is on systemd, LMT will still support the older SysV Init.

With this new release, there are some new files: laptop-mode.service, laptop-mode.timer and lmt-poll.service. All the files should be documented well enough for users. lmt-poll.service is the equivalent of the module battery-level-polling, should you need it.

Filtered git log:

1.68 - Thu Aug 27 22:36:43 IST 2015

    * Fix all instances for BATTERY_LEVEL_POLLING

    * Group kill the polling daemon so that its child process get the same signal

    * Release the descriptor explicitly

    * Add identifier about who's our parent

    * Narrow down our power_supply subsystem event check condition

    * Fine tune the .service file

    * On my ultrabook, AC as reported as ACAD

    * Enhance lmt-udev to better work with systemd

    * Add a timer based polling for LMT. It is the equivalent of battery-polling-daemon,

      using systemd

    * Disable battery level polling by default, because most systems will have systemd running

    * Add documentation reference in systemd files
The md5 checksum for the tarball is 15edf643990e08deaebebf66b128b270
 

Categories: 

Keywords: 

Like: 

CryptogramIranian Phishing

CitizenLab is reporting on Iranian hacking attempts against activists, which include a real-time man-in-the-middle attack against Google's two-factor authentication.

This report describes an elaborate phishing campaign against targets in Iran's diaspora, and at least one Western activist. The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and "real time" login attempts by the attackers. Most of the attacks begin with a phone call from a UK phone number, with attackers speaking in either English or Farsi.

The attacks point to extensive knowledge of the targets' activities, and share infrastructure and tactics with campaigns previously linked to Iranian threat actors. We have documented a growing number of these attacks, and have received reports that we cannot confirm of targets and victims of highly similar attacks, including in Iran. The report includes extra detail to help potential targets recognize similar attacks. The report closes with some security suggestions, highlighting the importance of two-factor authentication.

The report quotes my previous writing on the vulnerabilities of two-factor authentication:

As researchers have observed for at least a decade, a range of attacks are available against 2FA. Bruce Schneier anticipated in 2005, for example, that attackers would develop real time attacks using both man-in-the-middle attacks, and attacks against devices. The"real time" phishing against 2FA that Schneier anticipated were reported at least 9 years ago.

Today, researchers regularly point out the rise of "real-time" 2FA phishing, much of it in the context of online fraud. A 2013 academic article provides a systematic overview of several of these vectors. These attacks can take the form of theft of 2FA credentials from devices (e.g. "Man in the Browser" attacks), or by using 2FA login pages. Some of the malware-based campaigns that target 2FA have been tracked for several years, are highly involved, and involve convincing targets to install separate Android apps to capture one-time passwords. Another category of these attacks works by exploiting phone number changes, SIM card registrations, and badly protected voicemail

Boing Boing article. Hacker News thread.

RacialiciousStraight Outta Compton, Black Women, and Black Lives Matter

By Guest Contributor Marquis Bey

A friend of mine asked, two days before the theatre premier of Straight Outta Compton, what impact I thought the N.W.A. biopic would have on the Black Lives Matter movement. My answer, since I had not seen or read much about the film, was insufficient and characterized by stock hip-hop feminist answers: white viewers and critics of the Movement may very well use the film to say, “See! They’re advocating violence, glorifying it even!”; hopefully it’ll give historically contextual backing to the legacy of violence visited upon Black bodies to which Black Lives Matter is speaking directly; and, of course, as with all things venerating hip-hop, I worry about the gendered violence and erasure of (Black) women.

This last point — the violence and erasure of Black women in particular — is what the conversation in the car ride with a few other Ph.D. students at my graduate school revolved around. And rightly so.

If we are to allow the film to speak to the plight of Black bodies in contemporary America and use it to do the work of Black liberation, then we must honor the aims of the Black Lives Matter Movement—and the three queer Black women who founded the movement—by critiquing the normalization of violence against Black women.

As Kimberly Foster explains, “One must be invested in dismantling a culture that normalizes violence against Black women before we talk about reconciliation. We’ve yet to see that from these men, and unless they’re going to do this work, linking the group to #BlackLivesMatter is an affront to the movement’s intersectional foundations. The current fight for Black liberation is for all of us—not just men.”

Among other key issues and erasures, one might think of the glossing-over of Ice Cube’s (O’Shea Jackson) coming from — as depicted in sociologist Patricia Hill Collins’ book Black Sexual Politics — a wealthy white neighborhood, in a gated home, raised in a two-parent family in a middle-class residential area of south central Los Angeles, never going to prison, and graduating from the wealthiest high school in Los Angeles. But that’s not “’hood” enough for “Niggaz” with attitude. The treatment of Black women in the film, hip-hop in general, and by the artists of N.W.A. deserves much attention.

For sure, many might see a critique of N.W.A.’s misogyny as a slight against the film’s quality, the artists’ talent, or the overall value of hip-hop, the assumption of which being that the film and N.W.A. are saintly racial heroes speaking for the oppressed Black youth and any critique of them an unjust critique of their entire enterprise. To be clear, then, my critique as a radical Black cisgender male feminist is a critique not of the quality of the film or artists’ lyrical talent (which is actually rather dexterous) but rather a critique of their perpetuation of violent narratives that endanger the lives and subjectivities of Black women, and the truncation of Black women’s humanity.

It is certainly easy to condemn wholesale the sexist lyrics of N.W.A. as they are riddled with “b*tches,” “hoes,” and said “b*tches” and “hoes” being assaulted sexually and physically. In their song “She Swallowed It,” the group rhymes, “And if you got a gang of niggas, the bitch would let you rape her / She likes suckin’ on d*cks, and lickin’ up nuts.” Throughout the song women are “punch[ed] in the eye” and told “You little ho’ hurry up and suck my d*ck!” demonstrating that women in the group’s lyrics are used as means to bolster the “authentic” (Black) masculinity of the artists via being a “down ass chick,” i.e. a woman who submits to the primarily sexual whims of these “real niggas.” And this, to be sure, is no new critique.

But what is often more insidious is how any woman is readily read as a “b*tch” on the basis of how quickly she succumbs to the wishes of the rapper. In a word, women in the minds and lyrics of N.W.A., with celerity, can go from “lady” to “b*tch” in one lyric flat if the artist is dissatisfied with her.

This distinction between good and bad women was captured succinctly as far back as 1996 by historian Robin D.G. Kelly in his essay “Kickin’ Reality, Kickin’ Ballistics: Gangsta Rap and Postindustrial Los Angeles”: “Distinguishing ‘bad’ women from ‘good’ women ultimately serves to justify violence against women by devaluing them.”

In this scenario, the “good” woman becomes bad the second the rapper wants to commit or justify violence against her, or she falls outside of his desired use. Ice Cube committed this exact bifurcation in an interview promoting the film, saying, “If you’re not a ho or a b*tch, don’t be jumping to the defense of these despicable females. Just like I shouldn’t be jumping to the defense of no punks or no cowards or no slimy son of a b*tches that’s men. I never understood why an upstanding lady would even think we’re talking about her.”

The distinction Ice Cube makes is a false one, used simply when any woman deigns to assert her humanity and lack of male ass-kissing (or, more accurately in this context, oral sex). To make a parallel that he may understand: you weren’t a “boy” or a “nigga” or a “banger” when those cops had you and your crew spread eagle on the ground about to arrest your ass, were you? Let me respond, with your own logic: “I never understood why an innocent, truth-telling young Black man like yourself would even think those words apply to you.”

Bottom line: Under this worldview, the valid humanity and due respect and integrity afforded to female bodies undergoes extreme doubt as soon as she falls away from male validation. Men, in a nutshell, are the arbiters of women’s social worth, and any action committed by a man against a female body is deemed just. Just devalue her, call her a b*tch, and it’s all good, have your way with her. After all, according to N.W.A. logic, why should anyone be jumping to the defense of slimy b*tches and despicable females? By virtue of a woman’s “b*tchness,” all assaults against her body are okay.

Now, surely not all the members of N.W.A. have been as crass as Cube. Dr. Dre, who assaulted TV host Dee Barnes in 1991, said that he has “made some f*cking horrible mistakes in [his] life,” and that “Those are some of the things that I would like to take back. It was really f*cked up. But I paid for those mistakes, and there’s no way in hell that I will ever make another mistake like that again.”

But still, Dre doesn’t reference the specific sexual assault, generalizing and glossing over it as “some f*cking horrible mistakes.” Dre, angry with Dee Barnes’ Pump It Up! segment in which Ice Cube is depicted dissing N.W.A., trapped her in a bathroom and slammed her head against a wall multiple times (for which, by her account, she still suffers migraines to this day) because, according to him, Barnes, not Ice Cube or the show’s producers, made N.W.A. “look like fools.”

Dre’s attempted contrition can be read as sincere or disingenuous politician-like apology, but it remains that he is still venerated as a hip-hop saint, which then invalidates the bodily integrity of Dee Barnes — and, by extension, all women — and sloughs off her assault as un-noteworthy, minor.

The film’s director, F. Gary Gray, who was actually the cameraman for the Pump It Up! segment that enraged Dre, highlights the unworthy depiction of the pervasive domestic violence committed by N.W.A. members as “side stories”: “The original editor’s cut was three hours and 30 minutes long, so we couldn’t get everything in the movie. We had to make sure we served the narrative; the narrative was about N.W.A. It wasn’t about side stories.” Uh huh, sure, and the scene where we see Ice Cube telling off an unidentified journalist (“Eat a d*ck, Brian”), the part where Ice Cube is laughing at his own script to Friday, or the scene in which some random ass buff Black dude ominously says to Jerry Heller “Nice house” are super integral to knowing the vagaries of N.W.A.’s career, right? F.O.H.

So for those who wish to use the film as a piece of the Black Lives Matter movement’s Black liberation discourse, this, I think, shows how much more inclusive and honest the proclamation that “Black Lives Matter” must be.

So to my friend’s question: what might the impact of Straight Outta Compton have on the Black Lives Matter Movement? My answer now is two-fold: I think the film does a phenomenal job of giving historical links to contemporary police brutality by depicting the numerous times N.W.A.’s members were racially profiled by police and the Rodney King beating, followed by the L.A. riots. An early scene in the film in which Ice Cube is innocently walking home and is subsequently slammed onto the hood of a police car by an officer and called a nigger is an external manifestation of contemporary sentiments between the US’ militarized police force and Black bodies. We can use this to speak to the contemporary moment and show that Black bodies have been criminalized long before Trayvon Martin. This discourse, given theatrical clout by a blockbuster film, needs to be out there, for real.

However, not to my surprise, the movie continues to denigrate the bodies of Black women. Whether it be in hotel room scenes where the group has throwaway sex with “groupies” the names of which none of them know; reducing women’s worth to their genitals and how much they let members f*ck; or rhyming about f*cking other men’s girlfriends as a means by which they become Über-men, the film fails to critique the pervasive sexism and truncation of female subjectivity.

N.W.A.’s manager, Jerry Heller, initially thinks the acronym stands for “No Whites Allowed.” Funny, and perhaps not entirely incorrect, but perhaps a more telling misnomer would be “No Women Allowed” … except when their only purpose is to please the members (pun intended). Black lives must matter if they are all to be liberated. That includes Black women’s lives. If Black life is continually coded as Black male life, then those who proclaim it are doing a disservice to the Black queer women who started the movement, and to the humanity for which Black liberation movements have been fighting for centuries.

Ayo Dre, I got something to say too: f*ck tha misogyny.

Marquis Bey is an English Ph.D. student at Cornell University. His work focuses primarily on African American Literature, Black Feminist Thought, and Transgender Studies. He hails from Philadelphia, PA, and his work can be found at https://cornell.academia.edu/MBey.

The post Straight Outta Compton, Black Women, and Black Lives Matter appeared first on Racialicious - the intersection of race and pop culture.

LongNowMarie’s Dictionary

<iframe allowfullscreen="" frameborder="0" height="332" src="https://player.vimeo.com/video/105673207?title=0&amp;byline=0&amp;portrait=0&amp;badge=0" width="590"></iframe>

This short documentary tells the story of Marie Wilcox, the last fluent speaker of the Wukchumni language and the dictionary she created in an effort to keep her language alive. Long Now’s PanLex project collects dictionaries such as these with the goal of creating a universal translation engine and fighting language extinction.

Sociological ImagesChildren’s educational trajectories after Katrina

A child that was 7 years old when Hurricane Katrina hit New Orleans will be 17 today. When the storm hit, he would have just started 2nd grade. Today, that 17-year-old is more likely than his same age peers in all but two other cities to be both unemployed and not in school. He is part of the Katrina generation.

(September 3, 2005 New Orleans) -- Evacuees and patients arive at New Orleans airport where FEMA's D-MATs have set up operations.  Photo: Michael Rieger/FEMA
(September 3, 2005 New Orleans) — Evacuees and patients arive at New Orleans airport where FEMA’s D-MATs have set up operations.
Photo: Michael Rieger/FEMA

When the city was evacuated, many families suffered a period of instability. A report published nine months after the storm found that families had moved an average of 3.5 times in the first nine months. One-in-five school-age children were either not enrolled in school or were only partially attending (missing more than 10 days a month).

Five years later, another study found that 40% of children still did not have stable housing and another 20% remained emotionally distressed. 34% of children had been held back in school (compared to a 19% baseline in the South).

(September 3, 2005 New Orleans) -- Evacuees and patients arive at New Orleans airport where FEMA's D-MATs have set up operations.  Photo: Michael Rieger/FEMA
(September 3, 2005 New Orleans) — Evacuees and patients arive at New Orleans airport where FEMA’s D-MATs have set up operations.
Photo: Michael Rieger/FEMA

With so much trauma and dislocation, it is easy to imagine that even young people in school would have trouble learning; for those who suffered the greatest instability, it’s likely that their education was fully on pause.

At The Atlantic, Katy Reckdahl profiles such a family. They evacuated to Houston, where they suffered abuse from locals who resented their presence. At school, boys from New Orleans were getting picked on and getting in fights. So the mother of three kept her 11- and 13-year-old boys at home, fearful for their safety. Indeed, another New Orleanian boy that they knew was killed while in Houston. The boys missed an entire year of school.

“An untold number of kids,” writes Reckdahl, “probably numbering in the tens of thousands—missed weeks, months, even years of school after Katrina.” She quotes an educator who specializes in teaching students who have fallen behind, who estimates that “90-percent-plus” of his students “didn’t learn for a year.”

When the brothers profiled by Reckdahl returned to New Orleans one year later, they were placed in the correct grade for their age, despite having missed a year of school. The system was in chaos. Teachers were inexperienced thanks to charter schools replacing the public school system. One of the boys struggled to make sense of it all and eventually dropped out and got his GED instead.

No doubt the high number of unemployed and unenrolled young people in New Orleans and other Gulf Coast cities devastated by Katrina is due, in part, to the displacement, trauma, and chaos of disaster. Optimistically, and resisting the “at risk” discourse, the Cowen Institute calls them “opportunity youth.” If there is the political will, we have the opportunity to help empower them to become healthy and productive members of our communities.

For more, pre-order sociologist Alice Fothergill and Lori Peek’s forthcoming book, Children of Katrina, watch an interview about their research, or read their preliminary findings here.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianThorsten Glaser: Go enjoy shell

Dimitri, I personally enjoy shell…

tglase@tglase:~ $ x=車賈滑豈更串句龜龜契金喇車賈滑豈更串句龜龜契金喇
tglase@tglase:~ $ echo ${x::12}
車賈滑豈更串句龜龜契金喇
tglase@tglase:~ $ printf '%s\n' 'import sys' 'print(sys.argv[1][:12])' >x.py
tglase@tglase:~ $ python x.py $x
車賈滑豈
 

… much more than Python, actually. (Python is the language in which you do not want to write code dealing with strings, due to UnicodeDecodeError and all; even py3k is not much better.)

I would have commented on your post if it allowed doing so without getting a proprietary Google+ account.

TEDTranslation by collaboration: How TEDxSapporo translators work together to find the perfect word

A snowboarder, a forklift operator, an exchange student and more: The TEDxSapporo translation team gets together for three hour meetings — in a playground-themed space — to work on translations. Photo: Courtesy of Ayana Ishiyama

A snowboarder, a forklift operator, an exchange student and more: The TEDxSapporo translation team meets in a playground-themed space to work on translations as a group. Photo: Courtesy of Ayana Ishiyama

Ayana Ishiyama always thought she wanted to be a journalist. Two years ago, when she left her hometown in northern Japan to study abroad in the US, she signed up for journalism courses and wrote articles for the school newspaper to sharpen up her English skills. But while she loved interviewing people and sharing their stories, Ishiyama — now 22 — realized she didn’t like everything about news writing.

“Sometimes journalists have to write bad things about people, like scandals. I didn’t want to do that,” she said. “I want to write good things about the people I interview. I came back to Japan thinking, ‘I want to do a good thing.’”

She found that good thing when a friend introduced her to TED’s Open Translation Project, a global network of volunteers who help TED and TEDx Talks crisscross languages and borders. Over the past few years, several TEDx events have formed teams of OTP volunteers to translate their talks into English, to help promote them around the world. Ishiyama joined the TEDxSapporo translation team in March 2014 and quickly became the team leader. The group, which has 10 members, transcribes TEDxSapporo talks in Japanese, and then translates the Japanese captions into English. Additionally, they help translate flyers and Facebook posts for TEDxSapporo events.

There are more than 40,000 OTP translators around the world: some volunteers work alone, others in pairs, others even as a family. Most translation teams communicate mainly online, but Ishiyama’s group works in person. “I want to make strong connections between team members,” Ishiyama said, “so I like getting together for meetings, face-to-face.”

Every month, her team meets for three hours at a creative workspace in Sapporo, in a playground-themed room carpeted in astroturf and featuring a ball pit. Together, they transcribe and translate TEDxSapporo talks. They’ve translated 18 talks so far.

The team members’ lifestyles couldn’t be more different. There are students, teachers and academics, but also an IT specialist, an exchange student from Indonesia, a snowboarder and a forklift operator. This diversity, says Ishiyama, is part of the reason the team is so productive. As team leader, Ishiyama is mindful of putting each team member’s strengths to good use and making sure everyone gets to practice the skills they want to improve.

“Each person has a different strength,” she said. “If we get together, we learn something new. I think this is what motivates and inspires us.”

Teammates work in pairs for each project, with newer members doing the initial translation and more experienced members reviewing their work. But when challenging words or phrases come up, the ten team members discuss them as a group. If even one member of the group isn’t satisfied with a translated word, the whole team works to find a better one.

“We can have a discussion for an hour on that one word,” said Ishiyama. “It’s sometimes tiring, but it makes me happy because we don’t want to give up on better translation.”

Ayana Ishiyama leads the TEDxSapporo translation team in an unconventional way — by stressing teamwork and togetherness. Photo: Courtesy of Ayana Ishiyama

Ayana Ishiyama leads the TEDxSapporo translation team in an unconventional way — by stressing teamwork and togetherness. Photo: Courtesy of Ayana Ishiyama

Early in Ishiyama’s time as team leader, a tricky talk tested the group’s unusual way of working. In June 2014, they started in to translate a TEDxSapporo talk encouraging women in science. (Only 14% of science and engineering students at Japanese universities are women.) The title included the Japanese word “Rikejo,” a shortened form of “Rikejoshi.” It means, roughly, “a woman with a scientific way of thinking,” but the term has more layers of cultural meaning — it connotes intellectual curiosity, open-mindedness and a balance of masculine and feminine traits.

“If we literally translated the Japanese title, it wouldn’t make sense,” said Ishiyama.

So the team came up with an idea: what if they turned the Japanese term “Rikejo” into an English acronym? The letters now stand for Respectful, Investigative, Knowledgeable, Enthusiastic, Joyful, Open. It captured the complex qualities a literal translation couldn’t.

Ishiyama’s team made a video explaining their acronym (watch it, in a talk Ishiyama gave at the 2015 Japanese OTP workshop) and sent it to the speaker, Noyuri Mima, to make sure she approved. “She loved it,” said Ishiyama. “Her attitude about the TEDxSapporo translation team completely changed. She said, ‘It’s just not a translation a computer could do automatically.’”

“RIKEJO was our teamwork,” Ishiyama said proudly. “We do not compromise. We do not give up.”

Next year, Ishiyama will move to Tokyo to start a job in sales planning, a first step in a career bolstered by her experience with the Open Translation Project. “Working as an OTP leader helped me a lot,” she said. “I learned about my strengths working in a team. And in the job interview, when I said I run a team for TEDxSapporo, they said, ‘Wow.’”

In anticipation of the move, Ishiyama recently stepped down as the leader of the team to give another teammate the chance to lead. “I want to make this a sustainable team,” she said.

She feels the same about the Open Translation Project as a whole. “I would really like to see the OTP network work like a huge team. Let’s get together and have discussions,” she said.

“We translate for the spirit of TED — ideas worth spreading — and we can help spread more ideas together.”

Read this story in Japanese »

The TEDxSapporo translation team isn't afraid to get creative and turn a hard-to-translate Japanese term into an English acronym. Photo: Courtesy of Ayana Ishiyama

The TEDxSapporo translation team isn’t afraid to get creative and turn a hard-to-translate Japanese term into an English acronym. Photo: Courtesy of Ayana Ishiyama


CryptogramDefending All the Targets Is Impossible

In the wake of the recent averted mass shooting on the French railroads, officials are realizing that there are just too many potential targets to defend.

The sheer number of militant suspects combined with a widening field of potential targets have presented European officials with what they concede is a nearly insurmountable surveillance task. The scale of the challenge, security experts fear, may leave the Continent entering a new climate of uncertainty, with added risk attached to seemingly mundane endeavors, like taking a train.

The article talks about the impossibility of instituting airport-like security at train stations, but of course even if were feasible to do that, it would only serve to move the threat to some other crowded space.

Worse Than FailureNo Changes Please

A new codebase at a new job is a lot like a new relationship: everything’s great until you really get to know each other. Just ask Bradley, who joined Javatechsoft Industries a few months ago. He was brought on to lend a hand with an overdue project. The pay was good, the job came with life insurance, and he had plenty of experience with Enterprise Java. It seemed like the perfect fit.

E-II-R-soap

Specs came in, Bradley shipped code out, and their honeymoon was smooth sailing. The bad things crept up slowly, poking their heads out of the code in funny little ways that didn’t seem like a big deal, they were kind of cute, until…

    273 warnings

“What’s this?” Bradley had just compiled a module he hadn’t seen before. There were a lot of warnings, sure, but they were all pretty straightforward:

    WARNING: Import xxx is never used.
    WARNING: Import yyy is never used.
    WARNING: Type SomeType is a raw type. References to generic type SomeType<E> should be parameterized

It looked like code written in a hurry. Bradley was more than happy to clean it up. He started by removing the unused imports, and committed his changes. He had left the module far behind by the time the project lead, Bill, caught up to him on instant message.

BILL: brad, hey, we need to revert your changes ok? plz dont make changes other than whats in specs

It was pedantic and poorly spelled, but Bradley understood where Bill was coming from. Still, he hoped that cleaning up the sloppy code was on the roadmap.

BRADLEY: Sorry about that. When’s this code due to be fixed?
BILL: we need to run tests on all affected modules b4 we touch any code
BRADLEY: Even when we’re just removing unused imports?
BILL: yup
BRADLEY: Okay, but I can run the unit tests for that module…
BILL: there are none. all code to be tested live!1!

No wonder they hadn’t cleaned anything up. Bradley kept delivering the new functionality, but he itched to leave every codebase a little better than he found it. Finding himself with some extra time, he decided to get them off the ground with more unit tests. The first step was to mock out the data access layer. He found all beans inherited from an abstract base class, like so:

    class MyAbstractBean {
        private JDBCTemplate jdbcTemplate;
    }

That was a problem. They were using the database adapter object by explicitly naming its type, instead of using its interface, JDBCOperations. With the interface, he could have mocked out DB access in his tests. He fired up the IM to ask Bill about this.

BILL: whats jdbc operatoins?
BRADLEY: It’s the interface that JDBCTemplate implements. By switching the declaration I can automate testing for this code
BILL: we dont have time for new stuff rite now
BRADLEY: It’s not new. It’s been in Java since 2.5…
BILL: anyway, we can’t change the base class then we have to test everything in the code! just stick to the specs! PLZ!!!1!

Javatechsoft Industries had backed themselves into the classic testing trap: it was too risky to make changes, because they had no automated tests, but the only way to get automated test was to make changes. It was an anti-pattern Bradley had seen many times before, and he had to admit, he hadn’t been hired to drag them kicking and screaming out of the hole they’d dug. He put his head down, and focused on writing the best code he could while sticking to the specs. If he did that, he’d be safe… he thought.

His latest assignment was simple: implement a SOAP call to the service FooService, following these steps:

  1. Open a connection. If an error results, return –1.
  2. Attempt to send the message. If an error results, return –2.
  3. Close connection.
  4. Open connection. If an error results, return –1.
  5. Retrieve response. If an error results, return –4.
  6. Close connection.
  7. Attempt to parse the XML response. If an error results, return –5.

The functions for each step already existed, so implementing this should have been a cakewalk. He pulled up the Javatechsoft Industries class:

	class MySOAPHelper {
		Connection openConnection(...params ...) throws Exception { ... }
		void sendMessage(...params ...) throws Exception { ... }
		String retrieveMessage(...params...) throws Exception { ... }
		void closeConnection(...params ...) throws Exception { ... }
	}

“WHAT?” Bradley asked his monitor. The methods all threw Exception, with no customized type. He could still trap the errors and map them to the integer error codes requested, but it made for a lot more work. This time, he figured improving the codebase was in line with the spec:

		Connection openConnection(...params ...) throws SOAPOpenConnectionException { ... }
		void sendMessage(...params ...) throws SOAPSendMessageException { ... }
		String retrieveMessage(...params...) throws SOAPRetrieveMessageException { ... }
		void closeConnection(...params ...) throws SOAPCloseConnectionException { ... }

With those custom Exception types, the rest of the assignment was easy. So easy, Bradley took an extra-long lunch. When he came back:

BILL: why did you change all these functoins?!? they affect 23% of the code! we cant change them! EVER!
BRADLEY: I could either write broken, fragile code, or they can throw typed exceptions. I could write a separate wrapper class?
BILL: NO. then u have 2 different ways of doing things. code should be CONSISTENT.

Only the instant messenger’s lack of emoji support saved Bradley’s job.

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet Linux AustraliaDonna Benjamin: D8 Accelerate - Game over?

D8 Accelerate Chook Raffle - Game Over!

The Drupal 8 Accelerate campaign has raised over two hundred and thirty thousand dollars ($233,519!!).  That's a lot of money! But our goal was to raise US$250,000 and we're running out of time. I've personally helped raise $12,500 and I'm aiming to raise 8% of the whole amount, which equals $20,000. I've got less than $7500 now to raise. Can you help me? Please chip in.

Most of my colleagues on the board have contributed anchor funding via their companies. As a micro-enterprise, my company Creative Contingencies is not in a position to be able to that, so I set out to crowdfund my share of the fundraising effort.

I'd really like to shout out and thank EVERYONE who has made a contribution to get me this far.Whether you donated cash, or helped to amplify my voice, thank you SO so soooo much. I am deeply grateful for your support.

If you can't, or don't want to contribute because you do enough for Drupal that's OK! I completely understand. You're awesome. :) But perhaps you know someone else who is using Drupal, who will be using Drupal you could ask to help us? Do you know someone or an organisation who gets untold value from the effort of our global community? Please ask them, on my behalf, to Make a Donation

If you don't know anyone, perhaps you can help simply by sharing my plea? I'd love that help. I really would!

And if you, like some others I've spoken with, don't think people should be paid to make Free Software then I urge you to read Ashe Dryden's piece on the ethics of unpaid labor in the Open Source Community. It made me think again.

Do you want to know more about how the money is being spent? 
See: https://assoc.drupal.org/d8-accelerate-awarded-grants

Perhaps you want to find out how to apply to spend it on getting Drupal8 done?
See: https://assoc.drupal.org/d8-accelerate-application

Are you curious about the governance of the program?
See: https://www.drupal.org/governance/d8accelerate

And just once more, with feeling, I ask you to please consider making a donation.

So how much more do I need to get it done? To get to GAME OVER?

  • 1 donation x $7500 = game over!
  • 3 donations x $2500
  • 5 donations x $1500
  • 10 donations x $750
  • 15 donationsx $500 <== average donation
  • 75 donations x $100 <== most common donation
  • 100 donations x $75
  • 150 donations x $50
  • 500 donations x $15
  • 750 donations x $10 <== minimum donation

Thank you for reading this far. Really :-)

Planet DebianJoey Hess: then and now

It's 2004 and I'm in Oldenburg DE, working on the Debian Installer. Colin and I pair program on partman, its new partitioner, to get it into shape. We've somewhat reluctantly decided to use it. Partman is in some ways a beautful piece of work, a mass of semi-object-oriented, super extensible shell code that sprang fully formed from the brow of Anton. And in many ways, it's mad, full of sector alignment twiddling math implemented in tens of thousands of lines of shell script scattered amoung hundreds of tiny files that are impossible to keep straight. In the tiny Oldenburg Developers Meeting, full of obscure hardware and crazy intensity of ideas like porting Debian to VAXen, we hack late into the night, night after night, and crash on the floor.

sepia toned hackers round a table

It's 2015 and I'm at a Chinese bakery, then at the Berkeley pier, then in a SF food truck lot, catching half an hour here and there in my vacation to add some features to Propellor. Mostly writing down data types for things like filesystem formats, partition layouts, and then some small amount of haskell code to use them in generic ways. Putting these peices together and reusing stuff already in Propellor (like chroot creation).

Before long I have this, which is only 2 undefined functions away from (probably) working:

let chroot d = Chroot.debootstrapped (System (Debian Unstable) "amd64") mempty d
        & Apt.installed ["openssh-server"]
        & ...
    partitions = fitChrootSize MSDOS
        [ (Just "/boot", mkPartiton EXT2)
        , (Just "/", mkPartition EXT4)
        , (Nothing, const (mkPartition LinuxSwap (MegaBytes 256)))
        ]
 in Diskimage.built chroot partitions (grubBooted PC)

This is at least a replication of vmdebootstrap, generating a bootable disk image from that config and 400 lines of code, with enormous customizability of the disk image contents, using all the abilities of Propellor. But is also, effectively, a replication of everything partman is used for (aside from UI and RAID/LVM).

sailboat on the SF bay

What a difference a decade and better choices of architecture make! In many ways, this is the loosely coupled, extensible, highly configurable system partman aspired to be. Plus elegance. And I'm writing it on a lark, because I have some spare half hours in my vacation.

Past Debian Installer team lead Tollef stops by for lunch, I show him the code, and we have the conversation old d-i developers always have about partman.

I can't say that partman was a failure, because it's been used by millions to install Debian and Ubuntu and etc for a decade. Anything that deletes that many Windows partitions is a success. But it's been an unhappy success. Nobody has ever had a good time writing partman recipes; the code has grown duplication and unmaintainability.

I can't say that these extensions to Propellor will be a success; there's no plan here to replace Debian Installer (although with a few hundred more lines of code, propellor is d-i 2.0); indeed I'm just adding generic useful stuff and building further stuff out of it without any particular end goal. Perhaps that's the real difference.

,

Planet DebianCarl Chenet: Retweet 0.2 : bump to Python 3

Follow me on Identi.ca  or Twitter  or Diaspora*diaspora-banner

Don’t know Retweet? My last post about it introduced this small Twitter bot whichs just retweets (for now) every tweets from a Twitter account to another one.

Retweet

Retweet was created in order to improve the Journal du hacker Twitter account. The Journal du hacker is a Hacker News-like French-speaking website.

logo-journal-du-hacker

Especially useful to broadcast news through a network of Twitter accounts, Retweet was improved to bump Python version to 3.4 and to improve pep8 compliance (work in progress).

The project is also well documented and should be quite simple to install, configure and use.

After my first blog post about Retweet, new users gave me feedback about it and I now have great ideas for future features for the next release.

Twitter_logo_blue

What about you? If you try it, please tell me what you think about it, opening a bug request or ask for new features. Or just write your comment here ;)


Planet Linux AustraliaJames Morris: Linux Security Summit 2015 – Wrapup, slides

The slides for all of the presentations at last week’s Linux Security Summit are now available at the schedule page.

Thanks to all of those who participated, and to all the events folk at Linux Foundation, who handle the logistics for us each year, so we can focus on the event itself.

As with the previous year, we followed a two-day format, with most of the refereed presentations on the first day, with more of a developer focus on the second day.  We had good attendance, and also this year had participants from a wider field than the more typical kernel security developer group.  We hope to continue expanding the scope of participation next year, as it’s a good opportunity for people from different areas of security, and FOSS, to get together and learn from each other.  This was the first year, for example, that we had a presentation on Incident Response, thanks to Sean Gillespie who presented on GRR, a live remote forensics tool initially developed at Google.

The keynote by kernel.org sysadmin, Konstantin Ryabitsev, was another highlight, one of the best talks I’ve seen at any conference.

Overall, it seems the adoption of Linux kernel security features is increasing rapidly, especially via mobile devices and IoT, where we now have billions of Linux deployments out there, connected to everything else.  It’s interesting to see SELinux increasingly play a role here, on the Android platform, in protecting user privacy, as highlighted in Jeffrey Vander Stoep’s presentation on whitelisting ioctls.  Apparently, some major corporate app vendors, who were not named, have been secretly tracking users via hardware MAC addresses, obtained via ioctl.

We’re also seeing a lot of deployment activity around platform Integrity, including TPMs, secure boot and other integrity management schemes.  It’s gratifying to see the work our community has been doing in the kernel security/ tree being used in so many different ways to help solve large scale security and privacy problems.  Many of us have been working for 10 years or more on our various projects  — it seems to take about that long for a major security feature to mature.

One area, though, that I feel we need significantly more work, is in kernel self-protection, to harden the kernel against coding flaws from being exploited.  I’m hoping that we can find ways to work with the security research community on incorporating more hardening into the mainline kernel.  I’ve proposed this as a topic for the upcoming Kernel Summit, as we need buy-in from core kernel developers.  I hope we’ll have topics to cover on this, then, at next year’s LSS.

We overlapped with Linux Plumbers, so LWN was not able to provide any coverage of the summit.  Paul Moore, however, has published an excellent write-up on his blog. Thanks, Paul!

The committee would appreciate feedback on the event, so we can make it even better for next year.  We may be contacted via email per the contact info at the bottom of the event page.

Krebs on SecurityWho Hacked Ashley Madison?

AshleyMadison.com, a site that helps married people cheat and whose slogan is “Life is Short, have an Affair,” recently put up a half million (Canadian) dollar bounty for information leading to the arrest and prosecution of the Impact Team — the name chosen by the hacker(s) who recently leaked data on more than 30 million Ashley Madison users. Here is the first of likely several posts examining individuals who appear to be closely connected to this attack.

zu-launchpad-july-20It was just past midnight on July 20, a few hours after I’d published an exclusive story about hackers breaking into AshleyMadison.com. I was getting ready to turn in for the evening when I spotted a re-tweet from a Twitter user named Thadeus Zu (@deuszu) who’d just posted a link to the same cache of data that had been confidentially shared with me by the Impact Team via the contact form on my site just hours earlier: It was a link to the proprietary source code for Ashley Madison’s service.

Initially, that tweet startled me because I couldn’t find any other sites online that were actually linking to that source code cache. I began looking through his past tweets and noticed some interesting messages, but soon enough other news events took precedence and I forgot about the tweet.

I revisited Zu’s tweet stream again this week after watching a press conference held by the Toronto Police (where Avid Life Media, the parent company of Ashley Madison, is based). The Toronto cops mostly recapped the timeline of known events in the hack, but they did add one new wrinkle: They said Avid Life employees first learned about the breach on July 12 (seven days before my initial story) when they came into work, turned on their computers and saw a threatening message from the Impact Team accompanied by the anthem “Thunderstruck” by Australian rock band AC/DC playing in the background.

After writing up a piece on the bounty offer, I went back and downloaded all five years’ worth of tweets from Thadeus Zu, a massively prolific Twitter user who typically tweets hundreds if not thousands of messages per month. Zu’s early years on Twitter are a catalog of simple hacks — commandeering unsecured routers, wireless cameras and printers — as well as many, many Web site defacements.

On the defacement front, Zu focused heavily on government Web sites in Asia, Europe and the United States, and in several cases even taunted his targets. On Aug. 4, 2012, he tweeted to KPN-CERT, a computer security incident response team in the Netherlands, to alert the group that he’d hacked their site. “Next time, it will be Thunderstruck. #ACDC” Zu wrote.

The day before, he’d compromised the Web site for the Australian Parliament, taunting lawmakers there with the tweet: “Parliament of Australia bit.ly/NPQdsP Oi! Oi! Oi!….T.N.T. Dynamite! Listen to ACDC here.”

I began to get very curious about whether there were any signs on or before July 19, 2015 that Zu was tweeting about ACDC in relation to the Ashley Madison hack. Sure enough: At 9:40 a.m., July 19, 2015 — nearly 12 hours before I would first be contacted by the Impact Team — we can see Zu is feverishly tweeting to several people about setting up “replication servers” to “get the show started.” Can you spot what’s interesting in the tabs on his browser in the screenshot he tweeted that morning?

Twitter user ThadeusZu tweets about setting up replication servers. Note which Youtube video is playing on his screen.

Twitter user ThadeusZu tweets about setting up replication servers. Did you spot the Youtube video he’s playing when he took this screenshot?

Ten points if you noticed the Youtube.com tab showing that he’s listening to AC/DC’s “Thunderstruck.”

A week ago, the news media pounced on the Ashley Madison story once again, roughly 24 hours after the hackers made good on their threat to release the Ashley Madison user database. I went back and examined Zu’s tweet stream around that time and found he beat Wired.com, ArsTechnica.com and every other news media outlet by more than 24 hours with the Aug. 17 tweet, “Times up,” which linked to the Impact Team’s now infamous post listing the sites where anyone could download the stolen Ashley Madison user database.

ThadeusZu tweeted about the downloadable AshleyMadison data more than 24 hours before news outlets picked up on the cache.

ThadeusZu tweeted about the downloadable Ashley Madison data more than 24 hours before news outlets picked up on the cache.

WHO IS THADEUS ZU?

As with the social networking profiles of others who’ve been tied to high-profile cybercrimes, Zu’s online utterings appear to be filled with kernels of truth surrounded by complete malarkey– thus making it challenging to separate fact from fiction. Hence, all of this could be just one big joke by Zu and his buddies. In any case, here are a few key observations about the who, what and where of Thadeus Zu based on information he’s provided (again, take that for what it’s worth).

Zu’s Facebook profile wants visitors to think he lives in Hawaii; indeed, the time zone set on several of his social media accounts is the same as Hawaii. There are a few third-party Facebook accounts of people demonstrably living in Hawaii who tag him in their personal photos of events on Hawaii (see this cached photo, for example), but for the most part Zu’s Facebook account consists of pictures taken from stock image collections and do not appear to be personal photos of any kind.

A few tweets from Zu — if truthful and not simply premeditated misdirection — indicate that he lived in Canada for at least a year, although it’s unclear when this visit occurred.

thad-canada Zu’s various Twitter and Facebook pictures all feature hulking, athletic, and apparently black male models (e.g. he’s appropriated two profile photos of male model Rob Evans). But Zu’s real-life identity remains murky at best. The lone exception I found was an image that appears to be a genuine group photo taken of a Facebook user tagged as Thadeus Zu, along with an unnamed man posing in front of a tattoo store with popular Australian (and very inked) model/nightclub DJ Ruby Rose.

That photo is no longer listed in Rose’s Facebook profile, but a cached version of it is available here. Rose’s tour schedule indicates that she was in New York City when that photo was taken, or at least posted, on Feb. 6, 2014. Zu is tagged in another Ruby Rose Facebook post five days later on Valentine’s Day. Update, 2:56 p.m.: As several readers have pointed out, the two people beside Rose  in that cached photo appear to be Franz Dremah and Kick Gurry, co-stars in the movie Edge of Tomorrow).

Other clues in his tweet stream and social media accounts put Zu in Australia. Zu has a Twitter account under the Twitter nick @ThadeusZu, which has a whopping 11 tweets, but seems rather to have been used as a news feed. In that account Zu is following some 35 Twitter accounts, and the majority of them are various Australian news organizations. That account also is following several Australian lawmakers that govern states in south Australia.

Then again, Twitter auto-suggests popular accounts for new users to follow, and usually does so in part based on the Internet address of the user. As such, @ThadeusZu may have only been using an Australian Web proxy or a Tor node in Australia when he set up that account (several of his self-published screen shots indicate that he regularly uses Tor to obfuscate his Internet address).

Even so, many of Zu’s tweets going back several years place him in Australia as well, although this may also be intentional misdirection. He continuously references his “Oz girl,” (“Oz” is another word for Australia) uses the greeting “cheers” quite a bit, and even talks about people visiting him in Oz.

Interestingly, for someone apparently so caught up in exposing hypocrisy and so close to the Ashley Madison hack, Zu appears to have himself courted a married woman — at least according to his own tweets. On January 5, 2014, Zu ‏tweeted:

“Everything is cool. Getting married this year. I am just waiting for my girl to divorce her husband. #seachange

MARRIEDzu

A month later, on Feb. 7, 2014, Zu offered this tidbit of info:

“My ex. We were supposed to get married 8 years ago but she was taken away from me. Cancer. Hence, my downward spiral into mayhem.”

DOWNwardspiral

To say that Zu tweets to others is a bit of a misstatement. I have never seen anyone tweet the way Zu does; He sends hundreds of tweets each day, and while most of them appear to be directed at nobody, it does seem that they are in response to (if not in “reply” to) tweets that others have sent him or made about his work. Consequently, his tweet stream appears to the casual observer to be nothing more than an endless soliloquy.

But there may something else going on here. It is possible that Zu’s approach to tweeting — that is, responding to or addressing other Twitter users without invoking the intended recipient’s Twitter handle — is something of a security precaution. After all, he had to know and even expect that security researchers would try to reconstruct his conversations after the fact. But this is far more difficult to do when the Twitter user in question never actually participates in threaded conversations. People who engage in this way of tweeting also do not readily reveal the Twitter identities of the people with whom they chat most.

Thadeus Zu — whoever and wherever he is in real life — may not have been directly involved in the Ashley Madison hack; he claims in several tweets that he was not part of the hack, but then in countless tweets he uses the royal “We” when discussing the actions and motivations of the Impact Team. I attempted to engage Zu in private conversations without success; he has yet to respond to my invitations.

It is possible that Zu is instead a white hat security researcher or confidential informant who has infiltrated the Impact Team and is merely riding on their coattails or acting as their mouthpiece. But one thing is clear: If Zu wasn’t involved in the hack, he almost certainly knows who was.

KrebsOnSecurity is grateful to several researchers, including Nick Weaver, for their assistance and time spent indexing, mining and making sense of tweets and social media accounts mentioned in this post. Others who helped have asked to remain anonymous. Weaver has published some additional thoughts on this post over at Medium.

TEDBlack Lives Matter: A playlist of powerful StoryCorps interviews

LeAlan Jones and Lloyd Newman took tape recorders into the Ida B. Wells Homes in Chicago to record a week of their lives in 1993. Their recordings became a radio documentary, which they named Ghetto Life 101. Working on it with them forever changed me — and showed me the importance of recording all Americans. Photo: John Brooks, courtesy of StoryCorps

LeAlan Jones and Lloyd Newman took tape recorders into the Ida B. Wells Homes in Chicago to record a week of their lives in 1993. The material became a radio documentary, Ghetto Life 101. Working on it with them showed me the importance of listening to all Americans. Photo: John Brooks, courtesy of StoryCorps

Ghetto Life 101 changed my life. I started working on this radio documentary 25 years ago — I gave tape recorders to two kids growing up in the Ida B. Wells Homes in Chicago, one of the most notorious public housing projects in America, and asked them to document a week in their lives. LeAlan Jones and Lloyd Newman were 13 and 14 years old at the time. They interviewed friends and family. They narrated and even named the program. Their courage, honesty and wisdom blew me away.

LeAlan and Lloyd are now grown men in their 30s, but I still know their documentary by heart. One line always stood out to me. LeAlan is talking about the violence around him, and says:

“And then Vietnam, them people came back crazy. I live in Vietnam, so what you think I’m gonna be if I live in it and they just went and visited? Living around here — it’s depressing. Man, it’s depressing.”

This sentiment echoed throughout their neighborhood. Before starting the documentary, I reached out to local teachers to identify kids who might want to participate. The response was overwhelming — every child was so desperate to be heard. Interviewing these kids remains one of the most transformative professional experiences I’ve ever had. This was part of the impetus for StoryCorps — and for our Griot Initiative, which honors the stories of African-American families across the nation. It’s now the largest collection of African-American voices ever gathered.

A year after the shooting of Michael Brown, the hashtag #BlackLivesMatter remains deeply relevant. So I want to share some StoryCorps interviews that speak to that. A lot of the stories you’ll hear in this playlist are painful, but they must be heard. They’re a kaleidoscope of love and strength, representing just some of the wide spectrum of black lives in America.

 

Wil Smith got help from his basketball teammates in raising his daughter, Olivia Smith.

Wil Smith got help from his basketball teammates in raising his daughter, Olivia Smith.

“I think I lost something like 27 pounds, just from stress and not eating, because I didn’t have enough for both of us.”

Wil Smith raised his daughter, Olivia, as a single dad while attending Bowdoin College. He brought her to class and snuck her into his job at Staples, where he worked at night to help pay the bills. “My basketball teammates were my first babysitters,” he says. “I just remember coming from class and there were four giant guys and then there was this 18-month-old who was tearing up the room.” It’s a remarkable story about human connection and resilience. The two recorded this story only months after Wil was diagnosed with colon cancer. He passed away earlier this year.

 

Alex Landau talks to his adoptive mom, Patsy Hathaway, about being beaten by police.

Alex Landau talks to his adoptive mom, Patsy Hathaway, about being beaten by police.

“I could feel the gun pressed to my head, and I expected to be shot. And I lost consciousness.”

Alex Landau was taught by his adoptive white parents that skin color is irrelevant. “I thought that love would conquer all, and that skin color didn’t really matter. I had to learn the hard way,” says his mother, Patsy Hathaway. In this interview, Alex describes to his mom getting pulled over by police in Denver and being brutally beaten after asking for a warrant. He needed nearly 45 stitches. “It wasn’t my injuries that hurt,” he says. “For me it was a point of awakening to how the rest of the world is going to look at you. I was just another black face in the streets. And I was almost another dead black male.” The officers involved in the incident weren’t disciplined by the Denver Police Department, but Alex was awarded $795,000 from the city for his ordeal. Since his StoryCorps interview was broadcast on public radio, the city has started putting body cameras on traffic and patrol officers.

 

Sam Harmon revealed his most painful memory to his grandson, Ezra Awumey.

Sam Harmon revealed his most painful memory to his grandson, Ezra Awumey.

“She saw my black hand and refused to sell me a ticket. The Capitol dome was superimposed on her angry face.”

Sam Harmon and his grandson, Ezra Awumey, were two of the first people to come to the StoryCorps mobile recording booth in the plaza of the Library of Congress in 2005. Inside, Sam shared his most painful memory, from when he was in the Navy after World War II. He was stationed in Virginia and decided to take a day to tour the sites of Washington, D.C. But when he tried to buy a ticket to a movie, the seller refused to sell one to a black man. “That is the most painful recollection of anything that has ever happened to me,” he says.

 

Lynn Weaver shares memories of his chauffeur father with daughter Kimberly Weaver.

Lynn Weaver shares memories of his chauffeur father with daughter Kimberly Weaver.

“To this day, I live my life trying to be half the man my father was.”

Lynn Weaver came to StoryCorps in the first days of our Griot Initiative to talk to his daughter, Kimberly. He wanted to tell her all about his father — and her grandfather — Ted Weaver. “I can remember when we integrated the schools, there were many times that I was scared and I didn’t think I would survive,” says Lynn. “I’d look up and he’d be there, and whenever I saw him, I knew I would be safe.” Ted worked as a chauffeur, but he spent nights poring over textbooks to help Lynn with his schoolwork. When StoryCorps aired this story on the anniversary of Ted’s death, Lynn sent me a note, signed “Lynn Weaver, Chair of Surgery at the Morehouse School of Medicine.”

 

Carl McNair remembers his brother Ronald McNair, who died in the Challenger explosion.

Carl McNair remembers his brother Ronald McNair, who died in the Challenger explosion.

“It was a public library, but of course, not so public for black folks.”

Ronald McNair was the second African-American man to go to space. He died in the Challenger explosion in 1986. Stories like his are such a powerful and important complement to what we read about in history books — and his brother, Carl McNair, remembers him in this interview. Ronald was a curious kid, who almost got arrested for wanting to check books out of the public library. Later, he became a Star Trek fan. “Star Trek showed the future with black folk and white folk working together,” says Carl. “I looked at it as science fiction, but Ronald saw it as science possibility. How was a colored boy from South Carolina, wearing glasses, who never flew a plane, going to become an astronaut? But Ron was the one who didn’t accept societal norms as being his norm. And he got to be aboard his own Starship Enterprise.”

 

Mary Ellen Noone has a memory of how her grandmother was treated that makes her see red.

Mary Ellen Noone has a memory of how her grandmother was treated that makes her see red.

“Every time I look at red finger polish, I have a flashback. I still have that anger inside of me.”

This is the most disturbing story that StoryCorps has ever aired. Mary Ellen Noone remembers her grandmother, Mama Pinky. Mama Pinky grew up on a plantation in Alabama at the turn of the century. One day, she painted her nails red with some polish that her employer had thrown away. A white store owner later pulled out her nails one by one with pliers because she was “painted up like a white woman.” This story is not for the faint of heart; it can and should make you sick to listen to. But it’s true and important — the kind of story that emerges when you’re recording a “bottom-up” history, as Studs Terkel would call it.

 

Bonnie Brown is intellectually disabled, and daughter Myra Brown adores her.

Bonnie Brown is intellectually disabled, and daughter Myra Brown adores her.

“You’re a good parent and just because you’re disabled doesn’t mean that you do anything less for me.”

Myra Brown was a gifted high school student when she brought her intellectually disabled mother, Bonnie Brown, to StoryCorps. When she was a child, Myra says she didn’t realize that her mother was different. Bonnie was actually the one who pointed this out to her, a moment she remembers well. “I said, ‘Myra, I know I am not like your friends’ mothers, but I’m doing the best I can.’ And you said, ‘It’s OK, Mommy.’ And that made me feel so good.” This is a story about acceptance that goes far beyond tolerance.

 

Cherie Johnson and James Ransom fondly remember quirky Sunday school teacher, Miss Devine.

Cherie Johnson and James Ransom remember their quirky Sunday school teacher.

“One of the things you prayed for when you were in Miss Devine’s class was: ‘Lord please, let me get old enough to get out of this class!’”

This is one of my favorite animations in StoryCorps history. James Ransom and Cherie Johnson share memories of Miss Lizzie Devine, their Sunday school teacher in Bradenton, Florida. Miss Devine made them wear pajamas to Sunday school, braided their hair too tight and brought them overripe mangoes as gifts. The joy, humor and affection these two have for each other — and for this formidable figure of their youth — is pure joy. “She was the only person I knew who had more power than my grandmother,” laughs James.

 

Albert Sykes was interviewed by his son, Aidan Sykes, about his hopes and dreams.

Albert Sykes was interviewed by his son, Aidan Sykes, about his hopes and dreams.

“The work that Martin Luther King was doing was for everybody and not just for black people.”

Usually, children under the age of 12 don’t come into the StoryCorps booth. But occasionally, we find an extraordinary kid and let them in. Aidan Sykes was one of those kids. He was 9 years old when he interviewed his father, Albert Sykes. Albert talks to him about being nervous raising a child in Mississippi because of the high rates of incarceration for young black men. But hope prevails in this interview. “My dream is for you to live out your dreams,” says Albert. “There’s an old proverb that [says] when children are born, they come out with their fists closed because that’s where they keep all their gifts. And as you grow, your hands learn to unfold, because you’re learning to release your gifts to the world. And so, for the rest of your life, I wanna see you live with your hands unfolded.” Words that truly speak to our time.

 

Dave Isay, the founder of StoryCorps, is the winner of our 2015 TED Prize. In a talk at TED2015, he shared an audacious wish for his organization: to take it global with a free app. Stay tuned for a story from Dave every other week on the TED Blog, as we chart the evolution of his TED Prize wish. As told to Amy S. Choi.


Sociological Images“Tourist, shame on you”: On disaster tourism

When tourists returned to New Orleans after Hurricane Katrina, there was a new site to see: disaster.  Suddenly — in addition to going on a Ghost Tour, visiting the Backstreet Cultural Museum, and lunching at Dooky Chase’s — one could see the devastation heaped upon the Lower Ninth Ward.  Buses full of strangers with cameras were rumbling through the neighborhood as it tried to get back on its feet.

Reader Kiara C. sent along this photograph of a homemade sign propped up in the Lower Ninth, shaming visitors for what sociologists call “disaster tourism,” a practice that is criticized for objectifying the suffering of others. It read:

TOURIST
Shame On You
Driving BY without stopping
Paying to see my pain
1,600+ DIED HERE

Imagine having lost loved ones and seen your house nearly destroyed. After a year out of town, you’re in your nastiest clothes, mucking sludge out of your house, fearful that the money will run out before you can get the house — the house your grandmother bought and passed down to you through your mother — put back together.

Imagine that — as you push a wheelbarrow out into the sunlight, blink as you adjust to the brightness, and push your hair off your forehead, leaving a smudge of toxic mud — a bus full of cameras flash at you, taking photographs of your trauma, effort, and fear. And then they take that photo back to their cozy, dry home and show it to their friends, who ooh and aah about how cool it was that they got to see the aftermath of the flood.

The person who made this sign… this is what they may have been feeling.

Originally posted in 2011. 

Lisa Wade is a professor of sociology at Occidental College. She writes about New Orleans here. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

CryptogramRegularities in Android Lock Patterns

Interesting:

Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology, recently collected and analyzed almost 4,000 ALPs as part of her master's thesis. She found that a large percentage of them­ -- 44 percent­ -- started in the top left-most node of the screen. A full 77 percent of them started in one of the four corners. The average number of nodes was about five, meaning there were fewer than 9,000 possible pattern combinations. A significant percentage of patterns had just four nodes, shrinking the pool of available combinations to 1,624. More often than not, patterns moved from left to right and top to bottom, another factor that makes guessing easier.

Planet DebianHolger Levsen: 20150826-jenkins-fourth-state

jenkins has a fourth state

So, at the jenkins.debian.org BOF (very short summary: j.d.o will be coming soonish, long summary thanks to the awesome video team) I shared a trick I discovered almost a year ago, but had never really announced anywhere yet, which enables one to programatically use a fourth state to the existing three jenkins job states ("success", "unstable" and "failed"), which is "aborted".

Common knowledge is that it's only possible to abort jobs manually, but it's also possible to do that like this:

TMPFILE=$(mktemp)
curl https://jenkins.debian.net/jnlpJars/jenkins-cli.jar -o $TMPFILE
java -jar $TMPFILE -s http://localhost:8080/ set-build-result aborted
rm $TMPFILE
exit

The nice thing about aborted job runs is that these don't cause any notifications (neither mail nor IRC), so I intend to use this for several cases:

  • to abort jobs which encounter network problems
  • to abort jobs where a known bug will prevent the job from succeeding. This will require a small database to map bugs to jobs and some way to edit that database, so I will probably go with a .yaml file in some git repo.

I've no idea when I'll get along to actually implement that, so help doing this is very much welcome and I'd also be glad to help hooking this into the existing jenkins.debian.net.git codebase.

In related news, I'm back home since Monday and am thankful for having shared a very nice and productive DebConf15 with many old and new friends in Heidelberg. Many thanks to everyone involved in making this happen!

Worse Than FailureBring Your Own Code: A Fever on a Crappy Day

It feels like forever ago, we introduced the Lucky Deuce casino contest. This is a series of challenges, brought to you by our pals over at Infragistics, where we call on you to help us build a “scoundrel’s casino”. We are nearing the end of this little BYOC contest- this week is our last "all original" round, and next week, we'll introduce one final challenge that leverages code you may have already written for this contest.

Last week, you had a tricky little problem: you needed to write some code that looked like it was going to cheat, but really would get the cheater caught.

<style> ul { list-style-type: circle; list-style-position: inside; margin-left: 3em; } </style>

Before we get to the Honorable Mentions, let’s once again tip our hat to Alexander, who once again decided to enter using APL. What can I say, I’m a sucker for any language that requires a specialized keyboard to write.

cards←{⊃a ⎕RL←(⊂↓5 5⍴,{⍵[25?⍴⍵]}d↓↑,5/{(,'CDSH'[⍺]),(('234567890JQKA')[⍵])}/¨⍳4 13),⊃ts,d←200⌊0⌈¯1200+⎕RL-⍨ts←200⊥2↑3↓⎕TS}

As always, all of the winners are up on GitHub.

Honorable Mentions

This one’s from Niels, who did a good job hiding his cheat deep down in a .NET feature called an extension method (for the unfamiliar, extension methods let you “add” methods to classes without actually changing the classes’ implementations).

    public static void CheckValue(this Card card)
    {
        if (Program.cp.Select(c=>((int)c)).Sum()==555 && ((card.Value = (CardValue)1).Equals(0) & (CardPool.checkHand=false).Equals(0) ))
        {
            throw new OutOfTheWindowException("Cheater detected");
        }
    }

Niels decided our mysterious femme fatale was named “MAlice”. The variable Program.cp holds the name of the current player. Using the unusual convention of summing the characters in the string, Niels knows when Alice is playing based on the sum of the characters in her name. Then, he gets tricky with misusing the assignment operator and order of operations to both create the cheat and catch Alice at her own game. For that, Niels recieves the coveted LINQ to the Past award.

The Winner

This week’s winner is also a previous week’s runner up- Jonathan previously won the first Bruce Said So award, for his use of comments.

This week, he’s the winner for his code reuse. You may remember this basic code from a few weeks back:

    PokerDealer::PokerDealer(void)
    {
        /* this is an excellent source of randomness, bruce says so */
        FILE* fp = fopen("/dev/random", "rb");
        fread(&state, sizeof(state), 1, fp);
        fclose(fp);

        for(int p=0; p < POKER_PLAYERS; p++)
            for(int c=0; c < POKER_CARDS_PER_HAND; c++)
                hands[p][c] = 0;
    }

Bruce continues to assert that this is an excellent source of randomness, which in order to avoid accessing /dev/random all the time, Jonathan keeps taking a hash of the random data- just like “Bruce” recommended.

And that’s really the entire secret, for this one. I’ll let Jonathan explain the highlights:

There are a total of 260 cards in five decks. I therefore use two bytes of the SHA256 hash for each of the first five cards (one for each player). After that, there’s only 255 cards left to choose from, so one byte of entropy is enough. After dealing 25 cards in total, I’ve used 30 bytes of the hash, leaving two.

As feedback for the next hand’s RNG state, I insert the values and suits of the dealt cards as for the roulette numbers - but in fact I “accidentally” insert only the player’s cards, not all of them. This is because poker players who fold get to keep their cards hidden, so we can only guarantee seeing our own cards, which we need in order to cheat. I also insert the two spare bytes at the end of the hash into the MSBs of the state word - explaining that the Lucky Deuce might be getting suspicious of the roulette wheel by now, so I need to make this one a bit “stronger” by feeding back all of the RNG state rather than just part of it.

Of course, Paula questions how we can still predict the RNG state if we’re feeding in this entirely unpredictable value from the hash. Looking nervously at that pistol of hers, I point out that there’s only 16 bits of unknown entropy that way, and we can figure out what those bits must be by looking at the cards it deals us - all on automatic, as all she has to do is type in the cards that come up. I also remind her that it’ll take ten hands of normal poker play before the opponents’ cards are completely known, just like it took 64 spins before my roulette wheel was “sighted in”.

…maybe I shouldn’t push it with the firearms puns. Moving on…

Jonathan helps Paula get caught by helping her cheat too well- something that will hopefully get the attention of someone at the Lucky Duece. Jonathan has explained his solution is incredible detail, although he has a “colorful” name for his captor in this document. It’s a long read, but is totally worth it.

The Lucky Deuce: A Fever on a Crappy Day

Your mysterious captor looks over your code and laughs in your face. “That’s good, that’s good. I’m not gonna let you get me caught, but I think you’ve got what it takes. I gotta admire your guts, kid.” She puts the gun away.

Your code-fogged brain is a little slow picking up on what she means. “What? Who are you?”

“You might have seen my commits in source control? Username Br1llant?”

RPG kostky

Despite yourself, your jaw flops open and lands on the floor like a dead fish. You’ve heard some stories, read between the lines of what management’s written in their messages- this is the infamous Paula Bean. She’s like the Flying Dutchman of illicit programmers, a legend that everyone claims to have met, but nobody ever has.

“I’ve been watching your work for the past few months, and at first, I was a little worried you were gonna get yourself caught and get the Deucers to try and run a code audit- which would have really ruined my wallet.”

“This… this was just a test?” Now you’re really worried about what might have happened if you failed. Of course, you’re more worried about what might be coming next…

“Look, kid, we can’t both be putting one over on the Lucky Deuce- one cheating programmer’s risky, but two is just begging to be caught. I’ve got an idea for a major hustle, something that’ll let us clean them out before they even know what hit them, but it’s gonna take a little time to set it up. You in?”

Remembering the gun she has stashed away in her waistband, you nod.

“Good. Just keep working like normal for now. I’ll contact you in a week.”

Paula’s out the door a second later, leaving you alone with a full bladder, a churning stomach, and your laptop. Ding. New requirements arrived. Thinking about Paula, you decide that this time, you’ll play it straight- you won’t try to cheat. Once you skim the requirements, you decide you’ve made the right choice- they want you to implement their own twisted version of Craps.

The Requirements

“Craps,” they say, “is of only having 12 possible outcomes. This is limiting, even with complicated betting. Please do the needful to implement the following varitaions.”

What follows is an essay on all of the variations of betting in craps, and the flow of the game. It’s a lot to take in, because for a game played with two dice, it’s fiendishly complicated.

“Remember,” they say, “the average on 2D6 is 7.”

Coming Out

First, the shooter has to come out- that means the shooter rolls dice until they hit a 4,5,6 or an 8,9,10. At that point, the “Come Out” ends, and normal play begins. We’re only going to worry about handling the “Come Out”

During the “Come Out”, there are two kinds of bets: “Pass” and “Don’t Pass”. A “Pass” bet wins, if during the Come Out, the shooter rolls a 7 or 11, and loses if the shooter rolls a 2, 3 or 12.

A “Don’t Pass” wins is the opposite: it wins on a 2 or 3, loses on a 7 or 11, and “Pushes” on a 12.

Both of these bets pay “even money”- you get back exactly what you put in. They’re meant to be mixed with other types of bets, like single-roll and multi-roll bets.

Finding the Edge

The “varitaions” the Lucky Deuce wants, when mixed with the hyper-complicated world of craps betting, are a nightmare: they want a program that allows craps to be played with any number of dice and those dice may have any number of sides.

Here is what your program needs to do: given a number of dice and a number of sides, it needs to determine the following information:

  • What numbers “end” the Come Out phase (normally, 4,5,6,8,9,10)
  • What numbers win or lose a “Pass” bet
  • What numbers win or lose a “Don’t Pass” bet

With that information, it should roll the “Come Out” phase, and specify if “Pass”, “Don’t Pass”, or “Neither” win.

Extra Credit

Alex has written a rather long document explaining all of the ways Craps betting can screw you. Take a crack at implementing more of Craps as a game, and more of those bets for arbitrary dice combinations.

If you need some help calculating dice combinations, I recommend using AnyDice, which should simplify the statistics some.

Entering & Judging

To enter, send an email to byoc15@worsethanfailure.com with a link or attachment of your code. In the body of the email, explain how your cheat works and what we need to do to run your code. You can use any language you like, but we have to be able to run it with minimal setup.

You don’t need to build a GUI, but if you do, and you do it using tools from Infragistics, we'll send you a free license (one per entrant, supplies limited). Consider this your Infragistics bonus.

Assume we have access to stock Windows, Linux and OSX instances, if we need to run your software locally. You could target MUMPS running on a mainframe, but we can't run it, and you probably won't win. You must get your submission in before 11:59PM Eastern Time, Sunday the 30th of August to be eligible for judging. We'll announce the winners next Wednesday, along with the next leg of the contest!

The overall winner will be chosen by how interesting and fun we think their solution and cheat is.

Thanks to Infragistics for making this possible.

Infragistics

A worldwide leader in user experience, Infragistics helps developers build amazing applications. More than a million developers trust Infragistics for enterprise-ready user interface toolsets that deliver high-performance applications for Web, Windows and mobile applications. Their Indigo Studio is a design tool for rapid, interactive prototyping.

<link href="http://thedailywtf.com/images/highlight/styles/github.css" rel="stylesheet"/>
<script src="http://thedailywtf.com/images/highlight/highlight.pack.js"></script>
<script>hljs.initHighlightingOnLoad();</script>

[Advertisement] Scout is the best way to monitor your critical server infrastructure. With over 90 open source plugins, robust alerting, beautiful dashboards and a 5 minute install - Scout saves youvaluable engineering time. Try the server monitoring you'll 👍 today.Your first 30 days are free on us. Learn more at Scout.

Planet DebianNOKUBI Takatsugu: 1Gbps FTTH

This month, I changed FTTH Internet from 100Mbps to 1Gbps. The costs is almost same as the past line.

To change the line, I had need to be witness in the construction, so I  couldn’t get time to attend DebConf 2015.

According to Speedtest.net, I can get about 300 Mbps upstream bandwidth.

Planet DebianRaphaël Hertzog: Freexian’s report about Debian Long Term Support, July 2015

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In July, 79.50 work hours have been dispatched among 7 paid contributors. Their reports are available:

Evolution of the situation

August has seen a small decrease in terms of sponsored hours (71.50 hours per month) because two sponsors did not pay their renewal invoice on time. That said they reconfirmed their willingness to support us and things should be fixed after the summer. And we should be able to reach our first milestone of funding the equivalent of a half-time position, in particular since a new platinum sponsor might join the project.

DebConf 15 happened this month and Debian LTS was featured in a talk and in a work session. Have a look at the video recordings:

In terms of security updates waiting to be handled, the situation is better than last month: the dla-needed.txt file lists 20 packages awaiting an update (4 less than last month), the list of open vulnerabilities in Squeeze shows about 22 affected packages in total (11 less than last month). The new LTS frontdesk ensures regular triage of CVE reports and the difference between both counts dropped significantly. That’s good!

Thanks to our sponsors

Thanks to Sig-I/O, a new bronze sponsor, which joins our 35 other sponsors.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Planet DebianDirk Eddelbuettel: RProtoBuf 0.4.3

A new maintenance release 0.4.3 of RProtoBuf is now on CRAN. RProtoBuf provides R bindings for the Google Protocol Buffers ("Protobuf") data encoding library used and released by Google, and deployed as a language and operating-system agnostic protocol by numerous projects.

This release comes upon the request of CRAN and adds additional import statements to the NAMESPACE file. While we were at it, a few more things got cleaned up and edited---but no new code was added. Full details are below.

Changes in RProtoBuf version 0.4.3 (2015-08-25)

  • Declare additional imports from methods in NAMESPACE.

  • Travis CI tests now run faster as all CRAN dependencies are installed as binaries.

  • The tools/winlibs.R script now tests for R (< 3.3.0) before calling the (soon-to-be phased out) setInternet2() function.

  • Several small edits were made to DESCRIPTION to clarify library dependencies, provide additonal references and conform to now-current R packaging standards.

CRANberries also provides a diff to the previous release. The RProtoBuf page has a package vignette, a a 'quick' overview vignette, and a unit test summary vignette. Questions, comments etc should go to the GitHub issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

,

Planet DebianNorbert Preining: Plex Home Theater 1.4.1 updated for Debian/sid

Debian/sid is going through a big restructuring with the switch to a new gcc and libstc++. Furthermore, libcec3 is now the default. So I have updated my PHT builds for Debian/sid to build and install on the current status, both for amd64 and i386.

plex-debian-new

Add the following lines to your sources.list:

deb http://www.preining.info/debian/ sid pht
deb-src http://www.preining.info/debian/ sid pht

You can also grab the binary for amd64 directly here for amd64 and i386, you can get the source package with

dget http://www.preining.info/debian/pool/pht/p/plexhometheater/plexhometheater_1.4.1-2.dsc

The release file and changes file are signed with my official Debian key 0x860CDC13.

For Debian/testing I am waiting until the transition has settled. Please wait a bit more.

Now be ready for enjoying the next movie!

Planet DebianRichard Hartmann: Tor-enabled Debian mirror, part 2

Well, that was quite some feedback to my last post; via blog, email, irc, and in person. I actually think this may be the most feedback I ever got to any single blog post. If you are still waiting for a reply after this new post, I will get back to you.

To handle common question/information at once:

  • It was the first download from an official Tor-enabled mirror; I know people downloaded updates via Tor before
  • Yes, having this in the Debian installer as an option would be very nice
  • Yes, there are ways to load balance Tor hidden services these days and the pre-requisites are being worked on already
    • Yes, that load balanced setup will support hardware key tokens
  • A natively hidden service is more secure than accessing a non-hidden service via Tor because there is no way for a third-party exit node to mess with your traffic
  • apt-get etc will leak information about your architecture, release, suites, desired packages, and package versions. That can't be avoided, but else it will not leak anything to the server. And even if it did.. see above
  • Using Tor is also more secure than normal ftp/http/https as you don't build up an IP connection so the server can not get back to the client other than through the single one connection the client built up
  • noodles Tor-enabled his partial debmirror as well: http://earthqfvaeuv5bla.onion/
    • It took him 14322255 tries to get a private key which produced that address
    • He gave up to find one starting with earthli after 9474114341 attempts
  • I have been swamped with queries if I had tried apt-transport-tor instead of torify
    • I had forgotten about it, re-reading the blog post reminded me about apt transports
    • Tim even said in his post that Tor hidden mirror services would be nice
    • Try it yourself before you ask ;)
    • Yes, it works!

So this whole thing is a lot easier now:

# apt-get install torsocks apt-transport-tor
# mv /etc/apt/sources.list /etc/apt/sources.list--backup2
# > /etc/apt/sources.list << EOF
deb tor+http://vwakviie2ienjx6t.onion/debian/ unstable main contrib non-free
deb tor+http://earthqfvaeuv5bla.onion/debian/ unstable main contrib non-free
EOF
# apt-get update
# apt-get install vcsh

TEDThe beauty of calligraphy, the power of street art: We watch eL Seed create ‘calligraffiti’

eL Seed paints messages of hope and inspiration in his self-styled Arabic script. In this piece commissioned by the Shubbak Festival of contemporary Arab culture (shown two days in progress), he painted a quote from John Locke: "It is one thing to show a man that he is in error, and another to put him in possession of the truth." Photo: Karen Eng

This wall looks abstract. But it reads: “It is one thing to show a man that he is in error, and another to put him in possession of the truth.” Artist eL Seed painted this John Locke quote for the Shubbak Festival in Shoreditch, London. Here, he poses in front of the mural in progress, after two days of painting. Photo: Karen Eng

Artist eL Seed fuses the beauty of Arabic letters with the modern art of graffiti — an art form he calls calligraffiti. He paints colorful, undulating messages of hope and peace on buildings all over the world — from the favelas of Rio de Janeiro, to the bridges of Paris (the city where he was born), to the minaret of the mosque in Gabès, Tunisia (his family’s hometown).

We caught up with eL Seed a few weeks ago in Shoreditch, London, where he was painting a large-scale mural as part of the Shubbak Festival — his first UK commission. As he worked high above the street in a cherry-picker lift, the spectacle of his painting slowed traffic and drew a crowd of pedestrians. He took a break to talk to the TED Blog about growing up as an Arab in Paris, and how becoming a graffiti artist who uses Arabic script has shifted his perception of who he is.

"It is one thing to show a man that he is in error, and another to put him in position of truth." -- John Locke. Shoreditch, London. Photo: Michael Brydon

EL Seed’s murals deliver messages of hope and inspiration in graphic, swirling Arabic script. The completed piece in Shoreditch, London. Photo: Michael Brydon

What is this latest piece about, and how did it come about that you’re painting it?

The Shubbak Festival contacted me two years ago, asking me to come paint in London. They found me this wall, so I’m here for three days to paint it. The quote is from English philosopher John Locke, translated into Arabic: “It is one thing to show a man that he is in error, and another to put him in possession of truth.”

I chose this quote because I’m making this piece weeks after the massacre in Sousse, Tunisia, and the shooting in Charleston the same month. As a Tunisian man coming to the UK, I think the quote opens up a dialogue about the collective responsibility we have toward each other. War is individualistic — we always put blame on someone else. “It’s not my fault. It’s not my problem.” But the responsibility lies with all of us. It is our responsibility to bring those who perpetrate the crimes back, as well as to find a way to keep it from happening again.

"It always seems impossible until it's done." -- Nelson Mandela. Cape Town, South Africa. Photo: eL Seed

A Nelson Mandela quote on a wall in Cape Town, South Africa: “It always seems impossible until it’s done.” Photo: Kent Lingeveldt

You’re Tunisian but grew up in a suburb of Paris. What language did you speak growing up?

My parents used to speak us in Arabic when we were young, but we used to reply in French. Now that we’re grown up, we speak to them in Arabic — and they reply to us in French. I noticed that recently. I suppose for me, speaking Arabic now is a way to say that I’ve accepted my roots and that I’m proud of who we are. And when my parents reply in French, they’re showing that they have spent years in France and speak French as well.

How much time did you spend in Tunisia?

We used to go every summer, for about one and a half or two months. When I add up all those summers, I spent a total of two years and three months there. My parents made sure that I stayed connected to Tunisia. It was important for them — and I’m glad, because I learned to speak the Tunisian dialect.

Language was important. To make it in France, you cannot be French and something else. They make you choose, in a way. So most sons of immigrants in France didn’t feel French, even though we were growing up there. I went to a school that was segregated from mainstream French society, that was mostly Arab and Black kids. This segregation follows you into adulthood. When I was a kid, saying to someone “You’re French” was worse than insulting their mother. Claiming to be French was an act of denying our roots, and our culture.

To French people, I’m Arab, because of my face and my name. So I decided to get into my Arab roots. I took night classes to learn Arabic. That’s how I discovered Arabic calligraphy. I really wanted to learn it, but I couldn’t find a teacher. Classical Arabic calligraphy has many rules. To do it properly, you need to be taught by a master who was taught by a master — a tradition going back 1,400 years.

_dsc4036-5Pointz - New York

Lao Tzu’s words in New York City: “The more you go to the East, the more you reach the West.” Photo: Rika Prodhan

Was your first graffiti done in Arabic?

No. It was a time when most kids were into hip-hop, graffiti and breakdancing. When I started, I was also going to school to pursue a career in business. Then in 2006, I moved to New York and got a job as a logistics manager. I was in charge of three warehouses — $10 million of pharmaceutical stock. I was 24, and I stopped doing graffiti to focus on my job. But it called me back again. I met this guy called Hest in Montreal, a French graffiti artist. He wrote his name, H-E-S-T, in English but in Arabic shapes. He encouraged me to paint. After I saw his work, I realized I no longer wanted to paint in Roman letters. We painted together for three months, and then he moved to Indonesia. But I always tell him, without him, I wouldn’t be here today. That was about ten years ago.

So you never did learn classical Arabic calligraphy. How are you so fluent with your Arabic and shapes?

I had learned how to read and write Arabic; I just created my own style, not at all connected to classical calligraphy. The shapes just come out of me naturally. Maybe it’s because I don’t know classical calligraphy; I didn’t feel limited by all the rules. I just started extending my letters and, without realizing it, I was creating my own thing. People would say, “What are you doing? You’re not respecting the rules of calligraphy.” I’d say, “No, I don’t want to learn them. I just want to see who I am.” Because this is art. You cannot be limited in art.

People who read Arabic can decipher it, especially if I give them the quote. But it is hard to read. And that’s fine.

eL Seed and his assistant Myneandyours paint a mural in Shoreditch. He works freehand, with minimal preliminary sketches. Photo: Karen Eng

Along with his assistant, Myneandyours, eL Seed paints in Shoreditch. He works freehand, from simple preliminary sketches. Photo: Karen Eng

How did your story unfold from there?

Well, I got fired from my job in New York. My boss said I was good at my job, but he told me, “It’s time for you to move on.” I said, “Okay.” Last month, I was visiting the city and called him to say, “You know, you were right. It was time for me to move on.”

I moved to Montreal and found another job, because my art wasn’t bringing in any money. That changed in 2007. People started sharing my work on social media. This is how I built a following: I would paint at street art festivals and post photos online, on the group pages of institutions and museums. Once, I uploaded a photo of my work on the Facebook page for The Museum of Islamic Art in Qatar. A few years later, they contacted me and said, “We don’t know who you are, but we found your picture in our gallery, and we would like to do a project with you.” Now I get commissions, in addition to my own projects.

eL Seed painted a verse from the Koran on the minaret of this mosque in Gabès, Tunisia, his family’s hometown. It reads: “O humankind, we have created you from a male and a female and made you people and tribes, so you may know each other.” Photo: Courtesy of eL Seed

Tell us about the project in Gabès, Tunisia.

Three or four years ago, I wanted to paint the minaret on the mosque in my family’s hometown. The minaret was built in 1994, and for 18 years the 47 meters of concrete stayed grey. When I approached the imam and told him what I wanted to do, he said, “Thank god, you finally came.”

He didn’t ask me for anything — no sketch, no quote. I painted a verse from the Koran, because it was a mosque. The quote is: “O humankind, we have created you from a male and a female and made you people and tribes, so you may know each other.” It’s a call for peace, inspired by a clash at the time between secular and religious people in Tunisia about freedom of artistic expression. There were physical fights, and a curfew imposed. I didn’t paint the quote in response to this conflict, but the context helped me choose it.

The feedback was great from media around the world. Gabès was a city that nobody knew — and suddenly, it was on the map. Now people know Gabès because of its minaret. The imam really wanted this piece to be a monument. He wanted people to come to the city and visit the mosque. It looks like it worked.

How did you follow that up?

I decided I wanted to show the heritage of Tunisia, and took a road trip across the country to find its forgotten history. I went from town to town, meeting people and asking them about the history of the place. Based on these conversations, I painted 24 walls in 17 cities over one month. From this, I made a book called Lost Walls.

It was super cool, driving, stopping and meeting people. In one city, we entered pretending we were part of a wedding. We joined the procession, pretending we were photographing the wedding, and they said, “Okay, guys. Come in. It’s time for the dinner rehearsal.” We sat at a table with people — we had no idea who they were. We were eating, and then the guy beside me asked, “Are you from the groom’s family?” I said, “No, we just followed you.” Then I showed him my work. It turned out he knew it, and spent three days with us, showing us around.

The whole project was like that. Most of the people were really happy to see us and what we were doing.

Vidigal, one of Rio's favelas. Caption TK

In the Vidigal favela in Rio de Janeiro, Brazil, eL Seed painted words from poet Gabriela Torres Barbosa: “You forgot how to love your people, to love your country, country of the poor, country of the black.” Photo: Henrique Madeira

You travel all over the world to paint. Are you usually invited, or do you just turn up?

It’s a combination. I was invited to give a talk in South Africa, so I gave the talk and then painted. In Brazil, I was invited for a festival, so they were ready for me to paint inside the city. Afterwards, I had a couple of days, so I said, “I need to go to the Vidigal favela.” And I just did it.

I’ve painted a slum in Cape Town; I recently painted in Mykonos in Greece. In Mykonos, you can’t paint just anywhere, because it’s legislated that everything has to be white and blue. But I met this woman who sold me shoes. She introduced me to an old man, who brought me to another woman, whose husband owned a hotel. I said, “I want to paint on your rooftop so I can take a picture and people can see the city behind the painting.” He said, “But we can’t.” I told him I was trying to meet with the mayor of the city — which I wasn’t. Finally I said, “After I do the painting and take the picture, I’ll paint over it in white.” When I finished, he decided to keep it.

People are very welcoming and receptive. There’s a universal beauty in Arabic script that anybody can feel. I can write “bullshit” in Arabic, and people are like, “Wow, that’s beautiful!” I did it once, in Qatar. I was doing a workshop with a student who said, “What should we write?” And I said, “Let’s write ‘bullshit.’” It looked nice!

DIdouche, Algeria. Caption TK

“How could I forget the land of good? How could my heart be in peace?” In Didouche Mourad, Algeria, a line from a song by popular Algerian singer Dahmane El Harrachi. Photo: eL Seed

Is it the place that inspires you in the moment? Or do you have a plan in mind when you travel?

It’s the place that inspires me. Most of the time, it’s freestyle. There’s no plan; I go, and it happens. I speak with the people, I discover something. The coolest thing is the human experience of meeting people, having crazy adventures and sharing experiences. The best part of what I do. One day I’m going to do a book about that — not about the painting, but about all the stories.

Even if people can’t read the script, they seem to respond to the art. Here in London, a lot of passersby are stopping and asking questions. But Arab people seem particularly excited.

Yes. It touches their pride. When you paint a huge Arabic piece in a Western city, they’re like, “Wow.” I painted the Pont des Arts, the bridge in Paris where people used to put locks as a token of their love. They recently removed the locks and asked me to paint the bridge.

"Paris is a veritable ocean. Plumb it, you will never know its depths." -- Honoré de Balzac. Pont des Arts, Paris, France. Image courtesy of eL Seed

“Paris is a veritable ocean. Plumb it, you will never know its depths.” The Pont des Arts in Paris, once the “love locks” bridge, is now decorated by a quote from Balzac. Photo: Courtesy of eL Seed

That’s an iconic bridge. Does that mean that the Paris establishment is accepting you, and how does this sit with your experience of having grown up not really feeling French?

That is true — it is a symbol of Paris. This bridge was built by Napoleon in 1802. And 200 years later, I come and paint on it!

But since I’ve doing Arabic calligraphy, I have felt French. Something about not following the rules and creating my own style changed my perception of my identity. I recently bought a French soccer jersey. I would never have done that ten years ago. I’ve accepted my French identity — as part of the whole, which is also part Arab, part Tunisian, part Muslim, part hip-hop. All of that has made me who I am today.

DSC_7385

Artist eL Seed works on a cherry-picker lift high above the streets of London. Photo: Karen Eng


CryptogramMovie Plot Threat: Terrorists Attacking US Prisons

Kansas Senator Pat Roberts wins an award for his movie-plot threat: terrorists attacking the maximum-security federal prison at Ft. Leavenworth:

In an Aug. 14 letter to Defense Secretary Ashton B. Carter, Roberts stressed that Kansas in general -- and Leavenworth, in particular -- are not ideal for a domestic detention facility.

"Fort Leavenworth is neither the ideal nor right location for moving Guantánamo detainees," Roberts wrote to Defense Secretary Ashton B. Carter. "The installation lies right on the Missouri River, providing terrorists with the possibility of covert travel underwater and attempting access to the detention facility."

Not just terrorists, but terrorists with a submarine! This is why Ft. Leavenworth, a prison from which no one has ever escaped, is unsuitable for housing Guantanamo detainees.

I've never understood the argument that terrorists are too dangerous to house in US prisons. They're just terrorists, it's not like they're Magneto.

Google AdsenseDemystifying AdSense policies with John Brown: What to do if you receive a warning message (Part 4)

Editor’s note: John Brown, the Head of Publisher Policy Communications, is explaining what to do if you receive a policy warning message.

In this post, I’d like to talk about policy warning messages and what steps you should take if you receive one. I’ll also answer some of the most common questions around warning messages.

What is a warning message?
We send out warning messages to our publishers if their site, or a page of their site, violates our AdSense policies. For minor policy violations that can be fixed fairly easily, our first step is to issue a warning.

Where can I see my warning message?
Warning messages are sent to the email address associated with your AdSense account. You can manage your contact email address under Personal Settings in your account. You can also check out outstanding policy violations by visiting the Status page in your AdSense account.

What do I do if I get a warning?
If you receive a warning message, follow these steps to fix the violation as quickly as possible:
  1. Read the instructions in the warning message very carefully to understand how the flagged policy violation corresponds to the particular page of your site.

    • Optimally, we would recommend simply removing Google AdSense code from the violating pages. You do not need to remove Google AdSense code from your whole website, just the violating pages.

    • If you are unable to or unsure of how to remove the ads from these pages, or would like to continue monetizing the page with Google ads, please modify or remove the violating content to meet our AdSense policies.

  2. Multiple pages of your site might be violating the policies. Check all your pages of all of your sites to make sure they’re compliant. 
  3. When adding new content to your site on pages with Google ads, ensure that these pages comply with Google policies. Our warning emails include a URL from your website of a violating page, but it is possible that other pages on your site have violations as well. Review all your sites and pages to make sure they are policy compliant.
What is the timeline to fix the violation?
After receiving a warning, you should immediately take time to review your pages where Google AdSense code is implemented and ensure that it complies with our policies. If you fix the violation or remove the ad code from violating pages, you don’t need to contact us.

How do we determine how to send warning messages?
It is a common misconception that AdSense disables websites and sends warning messages randomly. We rely upon a detailed set of guidelines when looking at policy violations, which you can find in the AdSense Help Center.

Do we ever disable ad serving to a site without first sending a warning? 
There are some situations when we would need to disable ad serving to a site without first sending a warning. We usually take this action for extreme violations like adult content and copyright infringement, as well as cases of violent content. We may also disable ads to a site when we find a violation that we’ve already contacted a publisher about in the past.

How can I appeal a disabling and get ad serving reinstated?
If ad serving on your site is disabled due to a policy violation, there are steps you must take in order to have ads reinstated. First, the page(s) of your site that is in violation of Google policies must be reviewed. As mentioned in my previous blog post, our obligations to advertisers drive many of our policies and enforcement of our policies. Therefore, we simply ask that you remove our ad code from the violating page(s), ensuring our advertisements do not appear alongside content that violates Google policies. Once the ad code has been removed, you can then file an appeal after reviewing our policy appeals Help Center article. Sometimes users delete all their Google AdSense code; keep the safe ad code from non-violating pages in the code before sending the appeal.

To make sure that the appeal is a strong one, please tell us exactly what action you've taken on your site to resolve the violations and also tell us how you'll prevent similar occurrences in the future. I recommend that you include some other example URLs that you've taken action on proactively.  We want to work with our publishers to help them grow their businesses while remaining policy-compliant.

You can find more information about policy appeals here.

Is there a point at which an account can get shut down completely? 
The final and most severe action that our teams can take is to close down an account completely. This normally only happens when we find egregious policy violations, if a large portion of a publisher’s network consists of violating sites, or for repeat policy offenders.

I hope this helps you to deal with policy violations. For more information about policy warnings, check out this Help Center article. We’d love to hear your thoughts to improve our processes. Let us know what you think in the comment section below this post.

Subscribe to AdSense blog posts



Posted by John Brown
Head of Publisher Policy Communications

Planet DebianLunar: Reproducible builds: week 17 in Stretch cycle

A good amount of the Debian reproducible builds team had the chance to enjoy face-to-face interactions during DebConf15.

Names in red and blue were all present at DebConf15
Picture of the “reproducible builds” talk during DebConf15

Hugging people with whom one has been working tirelessly for months gives a lot of warm-fuzzy feelings. Several recorded and hallway discussions paved the way to solve the remaining issues to get “reproducible builds” part of Debian proper. Both talks from the Debian Project Leader and the release team mentioned the effort as important for the future of Debian.

A forty-five minutes talk presented the state of the “reproducible builds” effort. It was then followed by an hour long “roundtable” to discuss current blockers regarding dpkg, .buildinfo and their integration in the archive.

Picture of the “reproducible builds” roundtable during DebConf15

Toolchain fixes

  • Kenneth J. Pronovici uploaded epydoc/3.0.1+dfsg-12 which makes class and modules ordering predictable (#795835) and fixes __repr__ so memory addresses don't appear in docs (#795826). Patches by Val Lorentz.
  • Sergei Golovan uploaded erlang/1:18.0-dfsg-2 which adds support for SOURCE_DATE_EPOCH to erlc. Patch by Chris West (Faux) and Chris Lamb.
  • Dmitry Shachnev uploaded sphinx/1.3.1-5 which make grammar, inventory, and JavaScript locales generation deterministic. Original patch by Val Lorentz.
  • Stéphane Glondu uploaded ocaml/4.02.3-2 to experimental, making startup files and native packed libraries deterministic. The patch adds deterministic .file to the assembler output.
  • Enrico Tassi uploaded lua-ldoc/1.4.3-3 which now pass the -d option to txt2man and add the --date option to override the current date.

Reiner Herrmann submitted a patch to make rdfind sort the processed files before doing any operation. Chris Lamb proposed a new patch for wheel implementing support for SOURCE_DATE_EPOCH instead of the custom WHEEL_FORCE_TIMESTAMP. akira sent one making man2html SOURCE_DATE_EPOCH aware.

Stéphane Glondu reported that dpkg-source would not respect tarball permissions when unpacking under a umask of 002.

After hours of iterative testing during the DebConf workshop, Sandro Knauß created a test case showing how pdflatex output can be non-deterministic with some PNG files.

Packages fixed

The following 65 packages became reproducible due to changes in their build dependencies: alacarte, arbtt, bullet, ccfits, commons-daemon, crack-attack, d-conf, ejabberd-contrib, erlang-bear, erlang-cherly, erlang-cowlib, erlang-folsom, erlang-goldrush, erlang-ibrowse, erlang-jiffy, erlang-lager, erlang-lhttpc, erlang-meck, erlang-p1-cache-tab, erlang-p1-iconv, erlang-p1-logger, erlang-p1-mysql, erlang-p1-pam, erlang-p1-pgsql, erlang-p1-sip, erlang-p1-stringprep, erlang-p1-stun, erlang-p1-tls, erlang-p1-utils, erlang-p1-xml, erlang-p1-yaml, erlang-p1-zlib, erlang-ranch, erlang-redis-client, erlang-uuid, freecontact, givaro, glade, gnome-shell, gupnp, gvfs, htseq, jags, jana, knot, libconfig, libkolab, libmatio, libvsqlitepp, mpmath, octave-zenity, openigtlink, paman, pisa, pynifti, qof, ruby-blankslate, ruby-xml-simple, timingframework, trace-cmd, tsung, wings3d, xdg-user-dirs, xz-utils, zpspell.

The following packages became reproducible after getting fixed:

Uploads that might have fixed reproducibility issues:

Some uploads fixed some reproducibility issues but not all of them:

Patches submitted which have not made their way to the archive yet:

  • #795861 on fakeroot by Val Lorentz: set the mtime of all files to the time of the last debian/changelog entry.
  • #795870 on fatresize by Chris Lamb: set build date to the time of the latest debian/changelog entry.
  • #795945 on projectl by Reiner Herrmann: sort with LC_ALL set to C.
  • #795977 on dahdi-tools by Dhole: set the timezone to UTC before calling asciidoc.
  • #795981 on x11proto-input by Dhole: set the timezone to UTC before calling asciidoc.
  • #795983 on dbusada by Dhole: set the timezone to UTC before calling asciidoc.
  • #795984 on postgresql-plproxy by Dhole: set the timezone to UTC before calling asciidoc.
  • #795985 on xorg by Dhole: set the timezone to UTC before calling asciidoc.
  • #795987 on pngcheck by Dhole: set the date in the man pages to the latest debian/changelog entry.
  • #795997 on python-babel by Val Lorentz: make build timestamp independent from the timezone and remove the name of the build system locale from the documentation.
  • #796092 on a7xpg by Reiner Herrmann: sort with LC_ALL set to C.
  • #796212 on bittornado by Chris Lamb: remove umask-varying permissions.
  • #796251 on liblucy-perl by Niko Tyni: generate lib/Lucy.xs in a deterministic order.
  • #796271 on tcsh by Reiner Herrmann: sort with LC_ALL set to C.
  • #796275 on hspell by Reiner Herrmann: remove timestamp from aff files generated by mk_he_affix.
  • #796324 on fftw3 by Reiner Herrmann: remove date from documentation files.
  • #796335 on nasm by Val Lorentz: remove extra timestamps from the build system.
  • #796360 on libical by Chris Lamb: removes randomess caused Perl in generated icalderivedvalue.c.
  • #796375 on wcd by Dhole: set the date in the man pages to the latest debian/changelog entry.
  • #796376 on mapivi by Dhole: set the date in the man pages to the latest debian/changelog entry.
  • #796527 on vserver-debiantools by Dhole: set the date in the man pages to the latest debian/changelog entry.

Stéphane Glondu reported two issues regarding embedded build date in omake and cduce.

Aurélien Jarno submitted a fix for the breakage of make-dfsg test suite. As binutils now creates deterministic libraries by default, Aurélien's patch makes use of a wrapper to give the U flag to ar.

Reiner Herrmann reported an issue with pound which embeds random dhparams in its code during the build. Better solutions are yet to be found.

reproducible.debian.net

Package pages on reproducible.debian.net now have a new layout improving readability designed by Mattia Rizzolo, h01ger, and Ulrike. The navigation is now on the left as vertical space is more valuable nowadays.

armhf is now enabled on all pages except the dashboard. Actual tests on armhf are expected to start shortly. (Mattia Rizzolo, h01ger)

The limit on how many packages people can schedule using the reschedule script on Alioth has been bumped to 200. (h01ger)

mod_rewrite is now used instead of JavaScript for the form in the dashboard. (h01ger)

Following the rename of the software, “debbindiff” has mostly been replaced by either “diffoscope” or “differences” in generated HTML and IRC notification output.

Connections to UDD have been made more robust. (Mattia Rizzolo)

diffoscope development

diffoscope version 31 was released on August 21st. This version improves fuzzy-matching by using the tlsh algorithm instead of ssdeep.

New command line options are available: --max-diff-input-lines and --max-diff-block-lines to override limits on diff input and output (Reiner Herrmann), --debugger to dump the user into pdb in case of crashes (Mattia Rizzolo).

jar archives should now be detected properly (Reiner Herrman). Several general code cleanups were also done by Chris Lamb.

strip-nondeterminism development

Andrew Ayer released strip-nondeterminism version 0.010-1. Java properties file in jar should now be detected more accurately. A missing dependency spotted by Stéphane Glondu has been added.

Testing directory ordering issues: disorderfs

During the “reproducible builds” workshop at DebConf, participants identified that we were still short of a good way to test variations on filesystem behaviors (e.g. file ordering or disk usage). Andrew Ayer took a couple of hours to create disorderfs. Based on FUSE, disorderfs in an overlay filesystem that will mount the content of a directory at another location. For this first version, it will make the order in which files appear in a directory random.

Documentation update

Dhole documented how to implement support for SOURCE_DATE_EPOCH in Python, bash, Makefiles, CMake, and C.

Chris Lamb started to convert the wiki page describing SOURCE_DATE_EPOCH into a Freedesktop-like specification in the hope that it will convince more upstream to adopt it.

Package reviews

44 reviews have been removed, 192 added and 77 updated this week.

New issues identified this week: locale_dependent_order_in_devlibs_depends, randomness_in_ocaml_startup_files, randomness_in_ocaml_packed_libraries, randomness_in_ocaml_custom_executables, undeterministic_symlinking_by_rdfind, random_build_path_by_golang_compiler, and images_in_pdf_generated_by_latex.

117 new FTBFS bugs have been reported by Chris Lamb, Chris West (Faux), and Niko Tyni.

Misc.

Some reproducibility issues might face us very late. Chris Lamb noticed that the test suite for python-pykmip was now failing because its test certificates have expired. Let's hope no packages are hiding a certificate valid for 10 years somewhere in their source!

Pictures courtesy and copyright of Debian's own paparazzi: Aigars Mahinovs.

Geek FeminismLinkspam Directory Access Protocol (25 August 2015)

 

  • TechFestNW: Zoe Quinn on turning her body into a cyborg lab | Malia Spencer at Portland Techflash (21 August): “Quinn, an independent video game reviewer (many know her as one of those harassed in the Gamergate debacle) has two elective implants. One is an NFC chip in her hand, a procedure she did herself. The other is a magnet implanted into her left ring finger.”
  • Women in Tech: It’s Complicated | Natalie at The Bias (18 August): “Now, despite the fact that most of my work does involve writing some sort of code to manipulate and display or transform information, I usually don’t feel like I’m a “”woman in tech.”
  • Nerd Culture Has a Problem | Justin Denis at Everyday Feminism (20 August):”Because nerd women have been around for as long as nerd men have been around. They’ve just been shoved to the sideline and not included in anything as the result of some very systematic misogyny. The gaming industry and other parts of nerd culture have, by and large, been run by and for men. And when you act surprised that a woman is into something nerdy, you’re insinuating, whether intentional or not, that it’s unusual or weird.”
  • On Queer Deadpool and Bisexual Erasure in Comics | Megan Purdy at Women Write about Comics (20 August): “What we talk about when we talk about a queer Deadpool, queer Storm, or queer Hercules, is the pattern of bisexual erasure in comics; the foreclosure on the possibility of inclusion. For all the on page proof-of-queer that readers and even other creators assemble, there is always a counter-narrative working against it. Sometimes it takes the form of a straight-wash side-step in the form of a sudden and definitive heterosexual romance, designed to crowd queer romance off the stage. Sometimes it takes the form of a speech from on high, a reminder from creators or editors that they decide who lives and dies.”
  • Interstellar Cinderella | Meg Hunt (2015): “Interstellar Cinderella is a galactic riff on the classic fairy tale in which the magenta-haired heroine dreams of being a space mechanic who fixes robots all day. Inspired by classic sci-fi and couture fashion, the world of Interstellar Cinderella is filled with rich details. There’s a fairy god-bot, cute aliens, a dashing prince, and stars and galaxies swirling around. Throughout it all Cinderella zips throughout the story with a can-do spirit, a DIY attitude, and loads of charm.”
  • Women In History | craftykryptonitealpaca: “I grew up believing that women had contributed nothing to the world until the 1960′s. So once I became a feminist I started collecting information on women in history, and here’s my collection so far, in no particular order.”
  • Exquisite Corpse | New Criticals (30 April): “Nonetheless the potential of the Internet, as a past proposition or future projection, is still very much up for grabs. Online, women are still subjected to many of the inequalities that exist ‘in real life’. In fact the Internet may not ‘leveled the field’ but in many ways intensified, accelerated, and extended material embodied inequalities into a so-called immaterial disembodied Internet.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Sociological ImagesWhite racial violence after Hurricane Katrina

Trigger warning for racist language and discussions of racial violence.

After the storm had passed, while New Orleans was still in a state of crisis, residents of a predominantly white neighborhood that had escaped flooding, Algiers Point, took it upon themselves to violently patrol their streets.

“It was great!” says one man interviewed below. “It was like pheasant season in South Dakota. If it moved, you shot it!” According to one witness testimony, they were looking for “anything coming up this street darker than a paper bag…” At least 11 black men were shot.

Here is a short interview with two of the men of Algiers Point, from the documentary Welcome to New Orleans:

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="https://www.youtube.com/embed/6dWza8-BFIs" width="420"></iframe>

This next video, sent in by reader Martha O., includes some of the footage above, but focuses much more on the experiences of several African American men who lived in the neighborhood and were shot or threatened by their White neighbors.

The men talk about the panic and terror they felt during these incidents. Toward the end, Donnell Herrington watches footage of the White residents bragging about their exploits. It’s brutal to watch this man listening to the militia members talk about shooting African Americans casually and with obvious enthusiasm and pride.

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="315" width="420"><param name="allowFullScreen" value="true"/><param name="allowscriptaccess" value="always"/><param name="src" value="http://www.youtube.com/v/5r1X_G7cWak?version=3&amp;hl=en_US"/><param name="allowfullscreen" value="true"/><embed allowfullscreen="allowfullscreen" allowscriptaccess="always" height="315" src="http://www.youtube.com/v/5r1X_G7cWak?version=3&amp;hl=en_US" type="application/x-shockwave-flash" width="420"></object>

The video is part of an in-depth story about the Algiers Point shootings featured in The Nation in 2008. And as Martha explained, it’s a harrowing example of how swiftly organized violent racism can emerge when external constraints are even briefly weakened.

Originally posted in 2012. Watch the full documentary here.

Gwen Sharp is an associate professor of sociology at Nevada State College. You can follow her on Twitter at @gwensharpnv.

(View original at http://thesocietypages.org/socimages)

CryptogramAre Data Breaches Getting Larger?

This research says that data breaches are not getting larger over time.

"Hype and Heavy Tails: A Closer Look at Data Breaches," by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest:

Abstract: Recent widely publicized data breaches have exposed the personal information of hundreds of millions of people. Some reports point to alarming increases in both the size and frequency of data breaches, spurring institutions around the world to address what appears to be a worsening situation. But, is the problem actually growing worse? In this paper, we study a popular public dataset and develop Bayesian Generalized Linear Models to investigate trends in data breaches. Analysis of the model shows that neither size nor frequency of data breaches has increased over the past decade. We find that the increases that have attracted attention can be explained by the heavy-tailed statistical distributions underlying the dataset. Specifically, we find that data breach size is log-normally distributed and that the daily frequency of breaches is described by a negative binomial distribution. These distributions may provide clues to the generative mechanisms that are responsible for the breaches. Additionally, our model predicts the likelihood of breaches of a particular size in the future. For example, we find that in the next year there is only a 31% chance of a breach of 10 million records or more in the US. Regardless of any trend, data breaches are costly, and we combine the model with two different cost models to project that in the next three years breaches could cost up to $55 billion.

The paper was presented at WEIS 2015.

Worse Than FailureCodeSOD: Foxy Checksum

Pavel D inherited some… we’ll call it “software”… that helps run warehouse operations for a boiler/heating manufacturer. That software was a Visual FoxPro database.

Now, this application needs to read barcodes off of products in the warehouse. Since the laser-scanners can sometimes mis-read those barcodes, the database uses a custom check-sum algorithm.

FUNCTION GetCheckSum
   LPARAMETERS lcSerNum
   LOCAL lnCalcSum, lnI, lcCheckSum
   m.lnCalcSum=0
   FOR lnI=1 TO LEN( m.lcSerNum )
      DO CASE
      CASE SUBSTR(m.lcSerNum, m.lnI,1)= &apos &apos
         m.lnCalcSum= m.lnCalcSum+0*m.lnI
      CASE SUBSTR(m.lcSerNum, m.lnI,1)= &apos!&apos
         m.lnCalcSum= m.lnCalcSum+1*m.lnI
      CASE SUBSTR(m.lcSerNum, m.lnI,1)= &apos"&apos
         m.lnCalcSum= m.lnCalcSum+2*m.lnI
      CASE SUBSTR(m.lcSerNum, m.lnI,1)= &apos#&apos
         m.lnCalcSum= m.lnCalcSum+3*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos$&apos
         m.lnCalcSum=m.lnCalcSum+4*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos%&apos
         m.lnCalcSum=m.lnCalcSum+5*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos&&apos
         m.lnCalcSum=m.lnCalcSum+6*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)="&apos"
         m.lnCalcSum=m.lnCalcSum+7*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos(&apos
         m.lnCalcSum=m.lnCalcSum+8*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos)&apos
         m.lnCalcSum=m.lnCalcSum+9*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos*&apos
         m.lnCalcSum=m.lnCalcSum+10*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos+&apos
         m.lnCalcSum=m.lnCalcSum+11*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos,&apos
         m.lnCalcSum=m.lnCalcSum+12*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos-&apos
         m.lnCalcSum=m.lnCalcSum+13*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos.&apos
         m.lnCalcSum=m.lnCalcSum+14*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos/&apos
         m.lnCalcSum=m.lnCalcSum+15*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos0&apos
         m.lnCalcSum=m.lnCalcSum+16*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos1&apos
         m.lnCalcSum=m.lnCalcSum+17*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos2&apos
         m.lnCalcSum=m.lnCalcSum+18*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos3&apos
         m.lnCalcSum=m.lnCalcSum+19*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos4&apos
         m.lnCalcSum=m.lnCalcSum+20*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos5&apos
         m.lnCalcSum=m.lnCalcSum+21*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos6&apos
         m.lnCalcSum=m.lnCalcSum+22*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos7&apos
         m.lnCalcSum=m.lnCalcSum+23*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos8&apos
         m.lnCalcSum=m.lnCalcSum+24*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos9&apos
         m.lnCalcSum=m.lnCalcSum+25*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos:&apos
         m.lnCalcSum=m.lnCalcSum+26*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos;&apos
         m.lnCalcSum=m.lnCalcSum+27*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos<&apos
         m.lnCalcSum=m.lnCalcSum+28*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos=&apos
         m.lnCalcSum=m.lnCalcSum+29*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos>&apos
         m.lnCalcSum=m.lnCalcSum+30*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos?&apos
         m.lnCalcSum=m.lnCalcSum+31*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos@&apos
         m.lnCalcSum=m.lnCalcSum+32*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposA&apos
         m.lnCalcSum=m.lnCalcSum+33*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposB&apos
         m.lnCalcSum=m.lnCalcSum+34*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposC&apos
         m.lnCalcSum=m.lnCalcSum+35*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposD&apos
         m.lnCalcSum=m.lnCalcSum+36*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposE&apos
         m.lnCalcSum=m.lnCalcSum+37*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposF&apos
         m.lnCalcSum=m.lnCalcSum+38*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposG&apos
         m.lnCalcSum=m.lnCalcSum+39*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposH&apos
         m.lnCalcSum=m.lnCalcSum+40*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposI&apos
         m.lnCalcSum=m.lnCalcSum+41*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposJ&apos
         m.lnCalcSum=m.lnCalcSum+42*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposK&apos
         m.lnCalcSum=m.lnCalcSum+43*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposL&apos
         m.lnCalcSum=m.lnCalcSum+44*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposM&apos
         m.lnCalcSum=m.lnCalcSum+45*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposN&apos
         m.lnCalcSum=m.lnCalcSum+46*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposO&apos
         m.lnCalcSum=m.lnCalcSum+47*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposP&apos
         m.lnCalcSum=m.lnCalcSum+48*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposQ&apos
         m.lnCalcSum=m.lnCalcSum+49*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposR&apos
         m.lnCalcSum=m.lnCalcSum+50*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposS&apos
         m.lnCalcSum=m.lnCalcSum+51*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposT&apos
         m.lnCalcSum=m.lnCalcSum+52*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposU&apos
         m.lnCalcSum=m.lnCalcSum+53*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposV&apos
         m.lnCalcSum=m.lnCalcSum+54*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposW&apos
         m.lnCalcSum=m.lnCalcSum+55*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposX&apos
         m.lnCalcSum=m.lnCalcSum+56*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposY&apos
         m.lnCalcSum=m.lnCalcSum+57*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposZ&apos
         m.lnCalcSum=m.lnCalcSum+58*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos[&apos
         m.lnCalcSum=m.lnCalcSum+59*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos\&apos
         m.lnCalcSum=m.lnCalcSum+60*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos]&apos
         m.lnCalcSum=m.lnCalcSum+61*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos^&apos
         m.lnCalcSum=m.lnCalcSum+62*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos_&apos
         m.lnCalcSum=m.lnCalcSum+63*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos`&apos
         m.lnCalcSum=m.lnCalcSum+64*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposa&apos
         m.lnCalcSum=m.lnCalcSum+65*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposb&apos
         m.lnCalcSum=m.lnCalcSum+66*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposc&apos
         m.lnCalcSum=m.lnCalcSum+67*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposd&apos
         m.lnCalcSum=m.lnCalcSum+68*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apose&apos
         m.lnCalcSum=m.lnCalcSum+69*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposf&apos
         m.lnCalcSum=m.lnCalcSum+70*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposg&apos
         m.lnCalcSum=m.lnCalcSum+71*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposh&apos
         m.lnCalcSum=m.lnCalcSum+72*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposi&apos
         m.lnCalcSum=m.lnCalcSum+73*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposj&apos
         m.lnCalcSum=m.lnCalcSum+74*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposk&apos
         m.lnCalcSum=m.lnCalcSum+75*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposl&apos
         m.lnCalcSum=m.lnCalcSum+76*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposm&apos
         m.lnCalcSum=m.lnCalcSum+77*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposn&apos
         m.lnCalcSum=m.lnCalcSum+78*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposo&apos
         m.lnCalcSum=m.lnCalcSum+79*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposp&apos
         m.lnCalcSum=m.lnCalcSum+80*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposq&apos
         m.lnCalcSum=m.lnCalcSum+81*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposr&apos
         m.lnCalcSum=m.lnCalcSum+82*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposs&apos
         m.lnCalcSum=m.lnCalcSum+83*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apost&apos
         m.lnCalcSum=m.lnCalcSum+84*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposu&apos
         m.lnCalcSum=m.lnCalcSum+85*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposv&apos
         m.lnCalcSum=m.lnCalcSum+86*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposw&apos
         m.lnCalcSum=m.lnCalcSum+87*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposx&apos
         m.lnCalcSum=m.lnCalcSum+88*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposy&apos
         m.lnCalcSum=m.lnCalcSum+89*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&aposz&apos
         m.lnCalcSum=m.lnCalcSum+90*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos{&apos
         m.lnCalcSum=m.lnCalcSum+91*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos|&apos
         m.lnCalcSum=m.lnCalcSum+92*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos}&apos
         m.lnCalcSum=m.lnCalcSum+93*m.lnI
      CASE SUBSTR(m.lcSerNum,m.lnI,1)=&apos~&apos
         m.lnCalcSum=m.lnCalcSum+94*m.lnI
      ENDCASE
   ENDFOR
   m.lcCheckSum = RIGHT(STR(m.lnCalcSum,7,0),1)
   RETURN m.lcCheckSum
ENDFUNC

Now, the obvious issue here is that the entire “CASE <script src="http://www.cornify.com/js/cornify.js" type="text/javascript"></script>” statement could be replaced with a call to “ASC”, which returns the ASCII code for a given character , but as Pavel notes, “the value of a character at position which equals a multiple of 10 is ignored”.

Pavel was tasked with reimplementing this in Python, and after a little thought, recreated the function in a much more concise fashion:

def validate(sn):
    checksum = 0

    for i, x in enumerate(sn[:-1]):
        checksum += (i + 1) * (ord(x) - 32)

    return str(checksum % 10) == sn[-1]
<link href="http://thedailywtf.com/images/highlight/styles/github.css" rel="stylesheet"/> <script src="http://thedailywtf.com/images/highlight/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Planet DebianRichard Hartmann: Tor-enabled Debian mirror

During Jacob Applebaum's talk at DebConf15, he noted that Debian should TLS-enable all services, especially the mirrors.

His reasoning was that when a high-value target downloads a security update for package foo, an adversary knows that they are still using a vulnerable version of foo and try to attack before the security update has been installed.

In this specific case, TLS is not of much use though. If the target downloads 4.7 MiB right after a security update with 4.7 MiB has been released, or downloads from security.debian.org, it's still obvious what's happening. Even padding won't help much as the 5 MiB download will also be suspicious. The mere act of downloading anything from the mirrors after an update has been released is reason enough to try an attack.

The solution, is, of course, Tor.

weasel was nice enough to set up a hidden service on Debian's infrastructure; initally we agreed that he would just give me a VM and I would do the actual work, but he went the full way on his own. Thanks :) This service is not redundant, it uses a key which is stored on the local drive, the .onion will change, and things are expected to break.

But at least this service exists now and can be used, tested, and put under some load:

http://vwakviie2ienjx6t.onion/

I couldn't get apt-get to be content with a .onion in /etc/apt/sources.list and Acquire::socks::proxy "socks://127.0.0.1:9050"; in /etc/apt/apt.conf, but the torify wrapper worked like a charm. What follows is, to the best of my knowledge, the first ever download from Debian's "official" Tor-enabled mirror:

~ # apt-get install torsocks
~ # mv /etc/apt/sources.list /etc/apt/sources.list.backup
~ # echo 'deb http://vwakviie2ienjx6t.onion/debian/ unstable main non-free contrib' > /etc/apt/sources.list
~ # torify apt-get update
Get:1 http://vwakviie2ienjx6t.onion unstable InRelease [215 kB]
Get:2 http://vwakviie2ienjx6t.onion unstable/main amd64 Packages [7548 kB]
Get:3 http://vwakviie2ienjx6t.onion unstable/non-free amd64 Packages [91.9 kB]
Get:4 http://vwakviie2ienjx6t.onion unstable/contrib amd64 Packages [58.5 kB]
Get:5 http://vwakviie2ienjx6t.onion unstable/main i386 Packages [7541 kB]
Get:6 http://vwakviie2ienjx6t.onion unstable/non-free i386 Packages [85.4 kB]
Get:7 http://vwakviie2ienjx6t.onion unstable/contrib i386 Packages [58.1 kB]
Get:8 http://vwakviie2ienjx6t.onion unstable/contrib Translation-en [45.7 kB]
Get:9 http://vwakviie2ienjx6t.onion unstable/main Translation-en [5060 kB]
Get:10 http://vwakviie2ienjx6t.onion unstable/non-free Translation-en [80.8 kB]
Fetched 20.8 MB in 2min 0s (172 kB/s)
Reading package lists... Done
~ # torify apt-get install vim
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  vim-common vim-nox vim-runtime vim-tiny
Suggested packages:
  ctags vim-doc vim-scripts cscope indent
The following packages will be upgraded:
  vim vim-common vim-nox vim-runtime vim-tiny
5 upgraded, 0 newly installed, 0 to remove and 661 not upgraded.
Need to get 0 B/7719 kB of archives.
After this operation, 2048 B disk space will be freed.
Do you want to continue? [Y/n] 
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Reading changelogs... Done
(Reading database ... 316427 files and directories currently installed.)
Preparing to unpack .../vim-nox_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-nox (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim_2%3a7.4.826-1_amd64.deb ...
Unpacking vim (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-tiny_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-tiny (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-runtime_2%3a7.4.826-1_all.deb ...
Unpacking vim-runtime (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-common_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-common (2:7.4.826-1) over (2:7.4.712-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for mime-support (3.58) ...
Processing triggers for desktop-file-utils (0.22-1) ...
Processing triggers for hicolor-icon-theme (0.13-1) ...
Setting up vim-common (2:7.4.826-1) ...
Setting up vim-runtime (2:7.4.826-1) ...
Processing /usr/share/vim/addons/doc
Setting up vim-nox (2:7.4.826-1) ...
Setting up vim (2:7.4.826-1) ...
Setting up vim-tiny (2:7.4.826-1) ...
~ # 

More services will follow. noodles, weasel, and me agreed that the project as a whole should aim to Tor-enable the complete package lifecycle, package information, and the website.

Maybe a more secure install option on the official images which, amongst others, sets up apt, apt-listbugs, dput, reportbug, et al up to use Tor without further configuration could even be a realistic stretch goal.

Planet DebianNorbert Preining: Kobo Japanese Dictionary Enhancer 1.0

I have just released a wastly improved new version of the Kobo Japanese Dictionary Enhancer. It allows you to enhance the Kobo Japanese dictionary with English translations.

kobo-japanese-dictionary-enhancer

The new version provides now 326064 translated entries, which covers most non-compound words, including Hiragana. In my daily life reading Harry Potter and some other books in Japanese, I haven’t found many untranslated words by now.

Please head over to the main page of the project for details and download instructions. If you need my help in creating the updated dictionary, please feel free to contact me.

Enjoy.

Planet DebianRaphael Geissert: Updates to the sources.debian.net editor

Debconf is a great opportunity to meet people in real life, to express and share ideas in a different way, and to work on all sort of stuff.

I therefore spent some time to finish a couple of features in the editor for sources.debian.net. Here are some of the changes:

  • Compare the source file with that of another version of the package
  • And in order to present that: tabs! editor tabs!
  • at the same time: generated diffs are now presented in a new editor tab, from where you can download it or email it


Get it for chromium, and iceweasel.

If your browser performs automatic updates of the extensions (the default), you should soon be upgraded to version 0.1.0 or later, bringing all those changes to your browser.

Want to see more? multi-file editing? in-browser storage of the editing session? that and more can be done, so feel free to join me and contribute to the Debian sources online editor!

Kelvin ThomsonChina Share Meltdown Shows Folly of Too Many Eggs in One Basket

China is our largest trading partner – our largest export market and our largest source of imports. Last week there was a hearing of the Joint Standing Committee on Treaties on the China Free Trade Agreement. At that Hearing I asked a Department of Foreign Affairs Deputy Secretary whether such a great reliance on China made Australia vulnerable to their economic fortunes, and asked whether Australia might be better served by trying to diversify, or become more self-reliant.<o:p></o:p>

The Deputy Secretary's reply expressed puzzlement at my describing our trade relationship with China as making us potentially vulnerable. She was clearly of the view that the more trade the better, and that we could not possibly have too much of this good thing.<o:p></o:p>

But I think the dramatic events on global share markets in the past week have borne out my concern. Commentators have regularly mentioned how dependent Australia is on China, using expressions such as "If China sneezes, Australia catches a cold". We are referred to as one of the commodity exporting countries at risk if China's growth is less than expected.<o:p></o:p>

The fact is that we have put a lot of eggs in the China basket. For the past thirty years we have engaged in an experiment, putting our faith in globalisation and free trade. We have allowed our manufacturing industries to go to the wall and have allowed our economic base to narrow. As a result we are less self-sufficient and more vulnerable than we used to be more vulnerable than is good for us.<o:p></o:p>

This is one of the reasons for my concern about the China Free Trade Agreement. I hope the Department of Foreign Affairs and Trade and the Australian Government will take a good hard look at what has been happening in the past few months, and rethink a strategy that is all about commodities and to hell with manufacturing. Australia needs to be more independent, self-sufficient and self-reliant than the policies of the past thirty years have left us.<o:p></o:p>

Kelvin ThomsonTax Cuts Less Important than Balancing the Books

After its election the Liberal Government waxed long and hard about what it called a Budget Emergency. There was no end to the shrill and hysterical rhetoric about the state of the Budget and the prospect of Budget Deficits into the future.<o:p></o:p>

The Budget Emergency was used as the alibi for all manner of attacks on public services and lower income earners in the 2014 Budget. It was the justification for the cutting of pension indexation. It was the justification for the deregulating of fees for university students. It was the justification for a new payment to visit the doctor. It was the justification for cuts of billions of dollars in health and education for the States. It was the justification for cuts to foreign aid, legal aid, and the ABC. It was the justification for abandoning the promise to implement the Gonski funding which had been promised to schools.<o:p></o:p>

When we voted against these broken promises, these harsh and counterproductive austerity measures, the Labor Opposition was attacked relentlessly for sabotaging the Government's efforts to "repair the Budget".<o:p></o:p>

Then, disappearing almost as suddenly as it came, the Budget Emergency vanished. The 2015 Budget took a new tack altogether. The Government stopped talking about it, and if asked about it, suggested they now had the problem under control.<o:p></o:p>

But the fact is that the Budget Deficits are still there. And yet Treasurer Hockey now talks about tax cuts! What a lightweight Joe Hockey is. He is totally incoherent on the subject of economic management. He must think the Australian electorate has the memory of a goldfish, that people will forget that only last year he was lecturing us day in day out on the need to balance the books.<o:p></o:p>
<o:p> </o:p>
The fact is that balancing the books does matter, and we should not be talking about tax cuts – and note that it is only talk, there is no substance to this talk whatsoever – until we have the books in a healthier condition, and have taken serious action to crack down on tax avoidance. It is not prudent or responsible to spend money we don't have, and Joe Hockey damages the credibility of politicians generally when he abandons the idea of fiscal discipline without any rational basis for doing so.

Chaotic IdealismSocial justice

I’ve started avoiding social justice type discussions lately. I don’t know how to say all the right things and how to avoid all the wrong implications. I take things literally, like I might say that “all lives matter” is a true statement, because they do matter; and then people think I’m a racist and don't care that black people get killed for no good reason much more often than white people do. And wish I could do something to help but don't know what to do because everybody who talks about it is just talking about words and saying the right words and... what I want to know is, how do I keep people from dying?

It’s hard being autistic and wanting to stick with facts, but also wanting to love people and change the world so that everyone is allowed in it. Because no matter what I say, I can never memorize all the social rules, and then people think I hate them, or hate some group of people who don’t deserve it. In reality I’ve never hated anybody in my life, not even the people who hurt me or hurt innocent people, because I just don’t know how to hate people. But people wouldn’t believe me if I said that, because I also said the wrong words, and words matter.

I’ll ignore “social justice” altogether and just love people. I don't care who you are or what you've done or what category you're in; I love you. All of you. Forever. Whoever you are. That's just... it.

Sorry. I'm tired. I wish things weren't so complicated.

,

Planet Linux AustraliaBlueHackers: The Legacy of Autism and the Future of Neurodiversity

The New York Times published an interesting review of a book entitled “NeuroTribes: The Legacy of Autism and the Future of Neurodiversity”, authored by Steve Silberman (534 pp. Avery/Penguin Random House).

Silberman describes how autism was discovered by a few different people around the same time, but with each the publicity around their work is warped by their environment and political situation.

This means that we mainly know the angle that one of the people took, which in turn warps our view of Aspergers and autism. Ironically, the lesser known story is actually that of Hans Asperger.

I reckon it’s an interesting read.

Planet DebianRichard Hartmann: DebConf15

Even though the week of DebCamp took its toll and the stress level will not go down any time soon...

...DebConf15 has finally started! :)

Planet DebianIustin Pop: Finally, systemd!

Even though Debian has moved to systemd as default a long while ago now, I've stayed with sysv as I have somewhat custom setups (self-built trimmed down kernels, separate /usr not pre-mounted by initrd, etc.).

After installing a new system with Jessie and playing a bit with systemd on it a couple of months ago, I said it's finally time to upgrade. Easier said than starting to actually do it ☹.

The first system I upgraded was a recent (~1 year old) install. It was a trimmed-down system with Debian's kernel, so everything went smoothly. So smoothly that I soon forgot I made the change, and didn't do any more switches for a while.

Systemd was therefore out of my mind until this recent Friday when I got a bug report about mt's rcS init script and shipping a proper systemd unit. The first step should be to actually start using systemd, so I said - let's convert some more things!

During the weekend I upgraded one system, still a reasonably small install, but older - probably 6-7 years. First reboot into systemd flagged the fact that I had some forced-load modules which no longer exist, fact that was too easy to ignore with sysv. Nice! The only downside was that there seems to be some race condition between and ntp, as it fails to start on boot (port listen conflict). I'll see if it repeats. Another small issue is that systemd doesn't like duplicate fstab entries (i.e. two devices which both refer to the same mount point), while this works fine for mount itself (when specifying the block device).

I said that after that system, I'll wait a while until to upgrade the next. But so it happened that today another system had an issue and I had to reboot it (damn lost uptimes!). The kernel was old so I booted into a newer one (this time compiled with the required systemd options), so I had a though - what if I take the opportunity and also switch to systemd on this system?

Caution said to wait, since this was the oldest system - installed sometime during or before 2004. Plus it doesn't use an initrd (long story), and it has a split /usr. Caution… excitement… caution lost ☺ and I proceeded.

It turns out that systemd does warn about split /usr but itself has no problems. I learned that I also had very old sysfs entries that no longer exist, and which I didn't know about as sysv doesn't make it obvious. I also had a crypttab entry which was obsolete, and I forgot about it, until I met the nice red moving ASCII bar which—fortunately—had a timeout.

To be honest, I believed I'll have to rescue boot and fix things on this "always-unstable" machine, on which I install and run random things, and which has a hackish /etc/fstab setup. I'm quite surprised it just worked. On unstable.

So thanks a lot to the Debian systemd team. It was much simpler than I thought, and now, on to exploring systemd!

P.S.: the sad part is that usually I'm a strong proponent of declarative configuration, but for some reason I was reluctant to migrate to systemd also on account on losing the "power" of shell scripts. Humans…

TEDA community for those who like to be alone, grown out of a blockbuster TED Talk

Melissa Ng makes 3D printed masks. She found inspiration on how to run a company, despite her quiet nature, from Susan Cain's TED Talk and new website. Photo: Courtesy of Melissa Ng

Melissa Ng makes 3D-printed masks. She found inspiration on how to run a company, despite her quiet nature, from Susan Cain’s TED Talk and new website, Quiet Revolution. Photo: Courtesy of Melissa Ng

Scott Drummond had been in the Air Force for eight years. It was 1994, and he was eligible to become a commissioned officer, the Air Force’s version of a manager. The average person gets the job after three interviews. Drummond interviewed 16 times over the next ten years before he got the job.

Looking back at his career, Drummond — now a director of inspections with the Indiana Air National Guard — can see that he lagged about ten years behind his peers as he rose through the ranks. At the time, he couldn’t figure out why. But today, at age 47, he attributes the gap to “starting slow and finishing strong,” thanks to his introverted nature. He knows he doesn’t have an outgoing, traditionally commanding personality — but he also knows that he is driven and qualified to lead. During group activities, he finds a corner and devises his own strategies. He “researches the crap out of everything” and creates detailed plans of action.

Drummond found a deeper understanding of his personality after watching Susan Cain’s TED Talk, “The power of introverts.” This talk has been watched nearly 12 million times since Cain gave it — and helped many introverts realize that being quiet is not only normal, but something to be celebrated.

The response to her talk led Cain to start a new web community: Quiet Revolution. It’s a place for introverts to share their stories, find like-minded people and read advice written specifically for them.

“I decided to start it because the response to the TED Talk and my book [Quiet] was so overwhelming and so heartfelt,” said Cain. “The talk unleashed questions like: How can I remake my life according to this new idea?”

Quiet Revolution is a website that offers community and advice specifically for introverts. Photo: Courtesy of Quiet Revolution

Quiet Revolution is a website that offers community and advice for introverts. Photo: Courtesy of Quiet Revolution

The site covers three main categories — kids, life and work — and offers content designed to unlock the power of introverts and make sure that quiet kids don’t grow up feeling inferior. There’s advice for introverts on rocking the job interview; an essay from a quiet mom on the difficulty of making small talk at children’s birthday parties; a listicle of strategies for introverted teachers; and interviews with notable introverts, like author (and fellow TED speaker) Brené Brown. Launched in June, the site’s content has grown steadily over the past few months. Traffic has exceeded Cain’s expectations.

“The site is supposed to be a place of community,” Cain said. “It’s not just for the introverts, but for people who love and work with introverts.”

Community is generated through the Quiet Revolutionaries section, where introverts can tell their personal stories. Drummond, the military officer, decided to share his story here in the hope that others may learn from him the same way he did from Cain.

“[Her talk] helped me understand I’m not alone — that other people have the same struggles and issues I have,” said Drummond. “That was key to helping me communicate better with people. Had I known that 20 or 30 years ago, I think I would be much further ahead in my career.”

Others who’ve posted as Quiet Revolutionaries, like Melissa Ng — a 28-year-old entrepreneur from Queens, New York — also credit Cain with helping them flourish. In 2010, Ng co-founded PianoVerse, a center for learning and playing music. But she found owning a business difficult because of her quiet nature. Cain’s talk helped her shed her fear of trying again. She credits this revelation with her starting a second business, Lumecluster, which makes 3D-printed masks.

“I realized I’m not the same scared person I used to be. I don’t feel any different. I’m still quiet … but I’m OK about it,” she said. “I hope someone reads [what I wrote] and thinks, ‘I don’t have to lower myself. I’m not going to let someone else define my standards for me.’”

Kate Groves also shared her story on Quiet Revolution. Susan Cain's work has helped her be more vocal with her colleagues about how she does her best work. Photo: Courtesy of Kate Groves

Kate Groves also shared her story on Quiet Revolution. Susan Cain’s work has helped her be more vocal with her colleagues about how she does her best work. Photo: Courtesy of Kate Groves

Coming up next: a series of “Quiet Life” videos talking to well-known introverts, and offering how-tos on helping quiet children thrive and growing in a corporate culture designed for extroverts. A series of e-courses is scheduled to launch in September, starting with one on parenting quiet kids. But for now, Cain is happy to see the emotional outpouring happening on the site. She hopes it’s a place people can find comfort.

That’s true for 37-year-old Kate Groves from Melbourne, Australia, who works with an NGO that improves healthcare systems in developing countries. She’s always known she’s an introvert — the thought of getting called on in class or being part of a brainstorming session sends shivers down her spine. Cain’s talk inspired her to speak up for herself and her fellow introverts.

“I think introversion was always considered a negative when I was at school and starting my career,” she said. “When you are so used to the word being said in a critical way, it’s hard not to see it as a defect.”

Thanks to Cain’s talk, she feels more comfortable telling her colleagues she’d prefer time to consider ideas before group discussions. And she’s become better at making small talk.

“I think the more access introverts have to different ideas and shared connections about our personalities, the more comfortable we will be in our own skin,” she said. “I love the idea of someone connecting with my story and maybe feeling a little more normal knowing that we have shared experiences.”

Scott Drummond had a major revelation watching Susan Cain’s TED Talk — he was lagging behind in his career because of his quiet personality. He shared his story on Quiet Revolution to let others know what he wish he’d known. Photo: Courtesy of Scott Drummond

Scott Drummond had a major revelation watching Susan Cain’s TED Talk — he was lagging behind in his career because of his quiet personality. He shared his story on Quiet Revolution to let others know what he wish he’d known. Photo: Courtesy of Scott Drummond


Planet DebianDavid Moreno: Thanks Debian

I sent this email to debian-private a few days ago, on the 10th anniversary of my Debian account creation:

Date: Fri, 14 Aug 2015 19:37:20 +0200
From: David Moreno 
To: debian-private@lists.debian.org
Subject: Retiring from Debian
User-Agent: Mutt/1.5.23 (2014-03-12)

[-- PGP output follows (current time: Sun 23 Aug 2015 06:18:36 PM CEST) --]
gpg: Signature made Fri 14 Aug 2015 07:37:20 PM CEST using RSA key ID 4DADEC2F
gpg: Good signature from "David Moreno "
gpg:                 aka "David Moreno "
gpg:                 aka "David Moreno (1984-08-08) "
[-- End of PGP output --]

[-- The following data is signed --]

Hi,

Ten years ago today (2005-08-14) my account was created:

https://nm.debian.org/public/person/damog

Today, I don't feel like Debian represents me and neither do I represent the
project anymore.

I had tried over the last couple of years to retake my involvement but lack of
motivation and time always got on the way, so the right thing to do for me is
to officially retire and gtfo.

I certainly learned a bunch from dozens of Debian people over these many years,
and I'm nothing but grateful with all of them; I will for sure carry the project
close to my heart — as I carry it with the Debian swirl I still have tattooed
on my back ;)

http://damog.net/blog/2005/06/29/debian-tattoo/

I have three packages left that have not been updated in forever and you can
consider orphaned now: gcolor2, libperl6-say-perl and libxml-treepp-perl.

With all best wishes,
David Moreno.
http://damog.net/


[-- End of signed data --]

I received a couple of questions about my decision here. I basically don’t feel like Debian represents my interests and neither do I represent the project – this doesn’t mean I don’t believe in free software, to the contrary. I think some of the best software advancements we’ve made as society are thanks to it. I don’t necessarily believe on how the project has evolved itself, whether that has been the right way, to regain relevancy and dominance, and if it’s remained primarily a way to feed dogmatism versus pragmatism. This is the perfect example of a tragic consequence. I was very happy to learn that the current Debian Conference being held in Germany got the highest attendance ever, hopefully that can be utilized in a significant and useful way.

Regardless, my contributions to Debian were never noteworthy so it’s also not that big of a deal. I just need to close cycles myself and move forward, and the ten year anniversary looked like a significant mark for that.

Poke me in case you wanna discuss some more. I’ll always be happy to. Specially over beer :)

Peace.

Krebs on SecurityLeaked AshleyMadison Emails Suggest Execs Hacked Competitors

Hacked online cheating service AshleyMadison.com is portraying itself as a victim of malicious cybercriminals, but leaked emails from the company’s CEO suggests that AshleyMadison’s top leadership hacked into a competing dating service in 2012.

AshleyMadison CEO Noel Biderman. Source: Twitter.

AshleyMadison CEO Noel Biderman. Source: Twitter.

Late last week, the Impact Team — the hacking group that has claimed responsibility for leaking personal data on more than 30 million AshleyMadison users — released a 30-gigabyte archive that it said were emails lifted from AshleyMadison CEO Noel Biderman.

A review of those missives shows that on at least one occasion, a former company executive hacked another dating website, exfiltrating their entire user database. On Nov. 30, 2012, Raja Bhatia, the founding chief technology officer of AshleyMadison.com, sent a message to Biderman notifying his boss of a security hole discovered in nerve.com, an American online magazine dedicated to sexual topics, relationships and culture.

At the time, nerve.com was experimenting with its own adult dating section, and Bhatia said he’d uncovered a way to download and manipulate the nerve.com user database.

“They did a very lousy job building their platform. I got their entire user base,” Bhatia told Biderman via email, including in the message a link to a Github archive with a sample of the database. “Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.”

Neither Bhatia nor Biderman could be immediately reached for comment. KrebsOnSecurity.com spoke with Bhatia last week after the Impact Team made good on its threat to release the Ashley Madison user database. At the time, Bhatia was downplaying the leak, saying that his team of investigators had found no signs that the dump of data was legitimate, and that it looked like a number of fake data dumps the company had seen in the weeks prior. Hours later, the leak had been roundly confirmed as legitimate by countless users on Twitter who were able to find their personal data in the cache of account information posted online.

The leaked Biderman emails show that a few months before Bhatia infiltrated Nerve.com, AshleyMadison’s parent firm — Avid Life Media — was approached with an offer to partner with and/or invest in the property. Email messages show that Bhatia initially was interested enough to offer at least $20 million for the company along with a second property called flirts.com, but that AshleyMadison ultimately declined to pursue a deal.

More than six months after Bhatia came to Biderman with revelations of the nerve.com security vulnerabilities, Biderman was set to meet with several representatives of the company. “Should I tell them of their security hole?” Biderman wrote to Bhatia, who doesn’t appear to have responded to that question via email.

The cache of emails leaked from Biderman run from January 2012 to July 7, 2015 — less than two weeks before the attackers publicized their break-in on July 19. According to a press conference held by the Toronto Police today, AshleyMadison employees actually discovered the breach on the morning of July 12, 2015, when they came to work and powered on their computers only to find their screens commandeered  with the initial message from the Impact Team — a diatribe accompanied by the song “Thunderstruck” from rock band AC/DC playing in the background.

Interestingly, less than a month before that episode, AshleyMadison executives seemed very keen on completing a series of internal security assessments, audits and security awareness training exercises for employees.

“Given our open registration policy and recent high profile exploits, every security consultant and their extended family will be trying to trump up business,” wrote Ashley Madison Director of Security Mark Steele to Biderman in an email dated May 25, 2015. “Our codebase  has many (riddled?) XSS/CRSF vulnerabilities which are relatively easy to find (for a security researcher), and somewhat difficult to exploit in the wild (requires phishing). Other vulnerabilities would be things like SQL injection/data leaks, which would be much more damaging” [links added].

As bad as this breach has been for AshleyMadison and its millions of users, it’s likely nowhere near over: Hackers who have been combing through the company’s leaked email records have just released a “selected dox” archive — a collection of documents, images and other data from Biderman’s inbox, including a 100-page movie script co-written by Biderman called “In Bed With Ashley Madison.” Also included in the archive are dozens of other sensitive documents, including a scan of the CEO’s drivers license, copies of personal checks, bank account numbers, home address, and his income statements for the last four years.

Also, the Impact Team still have not released data from the other Avid Life Media property they claim to have hacked — Establishedmen.com, a “sugar daddy” site that claims to connect wealthy men with willing young women.

Earlier today, Toronto Police announced that Avid Life Media had offered a $500,000 reward for information leading to the arrest and prosecution of the hacker or hackers responsible for the breach. But many readers took to Twitter or to the comments section on this site to denounce the bounty as an overdue or cynical ploy, with some saying the company should have offered the reward weeks ago — before the Impact Team released the company’s entire user database and caused so much irreversible damage.

Leaving aside the proliferation of sites that now allow suspicious spouses to search for their significant other’s email address in the AshleyMadison data leak, some users are finding themselves on the receiving end of online extortion attacks. Worse still, Toronto Police told reporters this morning that they have two unconfirmed reports of suicides associated with the leak of AshleyMadison customer profiles.

Krebs on SecurityAshleyMadison: $500K Bounty for Hackers

AshleyMadison.com, an online cheating service whose motto is “Life is Short, Have an Affair,” is offering a $500,000 reward for information leading to the arrest and prosecution of the individual or group of people responsible for leaking highly personal information on the company’s more than 30 million users.

A snippet of the message left behind by the Impact Team.

A snippet of the message left behind by the Impact Team.

The bounty offer came at a press conference today by the police in Toronto — where AshleyMadison is based. At the televised and Webcast news conference, Toronto Police Staff Superintendant Bryce Evans recounted the key events in “Project Unicorn,” the code name law enforcement officials have assigned to the investigation into the attack. In relaying news of the reward offer, Evans appealed to the public and “white hat” hackers for help in bringing the attackers to justice.

“The ripple effect of the impact team’s actions has and will continue to have a long term social and economic impacts, and they have already sparked spin-offs of crimes and further victimization,” Evans said. “As of this morning, we have two unconfirmed reports of suicides that are associated [with] the leak of AshleyMadison customer profiles.”

Evans did not elaborate on the suicides, saying only that his office is investigating those reports. The San Antonio Express-News reported Friday that a city worker whose information was found in the leaked AshleyMadison database took his life last Thursday, although the publication acknowledges that it’s unclear whether the worker’s death had anything to do with the leak.

Evans warned the public and concerned AshleyMadison users to be on guard against a raft of extortion scams that are already popping up and targeting the site’s customers. On Friday, KrebsOnSecurity featured an exclusive story about one such extortion scheme that threatened to alert the victim’s spouse unless the recipient paid the attacker a Bitcoin (worth slightly more than USD $250). The Toronto Police posted this image of a similar extortion attempt that they have seen making the rounds.

“Criminals have already engaged in online scams by claiming to provide access to the leaked web site,” he said. “The public needs to be aware that by clicking on these links, you are exposing your computer to adware and spyware and viruses. Also there are those offering to erase customer profiles from the list. Nobody is going to be able to erase that information.”

Evans said AshleyMadison employees first learned of the intrusion when they arrived at work on the morning July 12, 2015. Evans said employees powered on their computers and were presented with the initial message from the Impact Team — the hacker group that has claimed responsibility for the breach — accompanied by the song “Thunderstruck” from rock band AC/DC playing in the background.

The Toronto Police Department is encouraging anyone with information about the attacker(s) to contact them via phone or Twitter. Likewise, the department is asking victims of extortion attacks tied to the data leak not to pay the ransom demands, but instead to report the crimes at the addresses and/or numbers listed below.

Toronto Police are asking anyone with information about the attacker(s) to contact them. AshleyMadison.com is offering a $500,000 reward for information leading to the arrest and prosecution of the intruders.

Toronto Police are asking anyone with information about the attacker(s) to contact them. AshleyMadison.com is offering a $500,000 reward for information leading to the arrest and prosecution of the intruders.

Planet DebianJonathan McDowell: Random post-DebConf 15 thoughts

There are a bunch of things I mean to blog about, but as I have just got fully home from Heidelberg and DebConf15 this afternoon that seems most appropriate to start with. It’s a bit of a set of disjoint thoughts, but I figure I should write them down while they’re in my head.

DebConf is an interesting conference. It’s the best opportunity the Debian project has every year to come together and actually spend a decent amount of time with each other. As a result it’s a fairly full on experience, with lots of planned talks as a basis and a wide range of technical discussions and general social interaction filling in whatever gaps are available. I always find it a thoroughly enjoyable experience, but equally I’m glad to be home and doing delightfully dull things like washing my clothes and buying fresh milk.

I have always been of the opinion that the key aspect of DebConf is the face time. It was thus great to see so many people there - we were told several times that this was the largest DebConf so far (~ 570 people IIRC). That’s good in the sense that it meant I got to speak to a lot of people (both old friends and new), but does mean that there are various people I know I didn’t spend enough, or in some cases any, time with. My apologies, but I think many of us were in the same situation. I don’t feel it made the conference any less productive for me - I managed to get a bunch of hacking done, discuss a number of open questions in person with various people and get pulled into various interesting discussions I hadn’t expected. In short, a typical DebConf.

Also I’d like to say that the venue worked out really well. I’ll admit I was dubious when I heard it was in a hostel, but it was well located (about a 30 minute walk into town, and a reasonable bus service available from just outside the door), self-contained with decent facilities (I’m a big believer in having DebConf talks + accommodation be as close as possible to each other) and the room was much better than expected (well, aside from the snoring but I can’t blame the DebConf organisers for that).

One of the surprising and interesting things for me that was different from previous DebConfs was the opportunity to have more conversations with a legal leaning. I expect to go to DebConf and do OpenPGP/general crypto related bits. I wasn’t expecting affirmation about the things I have learnt on my course over the past year, in terms of feeling that I could use that knowledge in the process of helping Debian. It provided me with some hope that I’ll be able to tie my technology and law skills together in a way that I will find suitably entertaining (as did various conversations where people expressed significant interest in the crossover).

Next year is in Cape Town, South Africa. It’s a long way (though I suppose no worse than Portland and I get to stay in the same time zone), and a quick look at flights indicates they’re quite expensive at the moment. The bid presentation did look pretty good though so as soon as the dates are confirmed (I believe this will happen as soon as there are signed contracts in place) I’ll take another look at flights.

In short, excellent DebConf, thanks to the organisers, lovely to see everyone I managed to speak to, apologies to those of you I didn’t manage to speak to. Hopefully see you in Cape Town next year.

Sociological ImagesWho didn’t evacuate for Hurricane Katrina? A picture of those left behind

This is what it looks like when government fails to protect its citizens:

New Orleans, LA 9/4/05 -- School buses have been swamped by the floodwaters following hurricane Katrina. Photo by: Liz Roll
New Orleans, LA 9/4/05 — School buses have been swamped by the floodwaters following hurricane Katrina. Photo by: Liz Roll

When Hurricane Katrina hit, more than a quarter of people living in New Orleans in August of 2005 lived below the poverty line. Many of the poor in stayed at home to weather the storm. Why?

27% of New Orleanians didn’t own a car, making evacuation even more difficult and expensive than it would otherwise be.

People without the means to leave are also the most likely to rely on the television, as opposed to the radio or internet, for news. TV news began warning people how bad the storm would be only 48 hours before it hit; some people, then, had only 48 hours to process this information and make plans.

Poor people are more likely than middle and upper class people to never leave where they grew up. This means that they were much less likely to have a network of people outside of New Orleans with whom they could stay, at the same time that they were least able to afford a motel room.

For those who were on government assistance, living check-to-check, it was the end of the month. Their checks were due to arrive three days after the hurricane. It was also back-to-school time and many were extra cash poor because they had extra expenses for their children.

A study of New Orleanians rescued and evacuated to Houston, described here, found that:

…14% were physically disabled, 23% stayed in New Orleans to care for a physically disabled person, and 25% were suffering from a chronic disease…  Also,

• 55% did not have a car or a way to evacuate
• 68% had neither money in the bank nor a useable credit card
• 57% had total household incomes of less than $20,000 in the prior year
• 76% had children under 18 with them in the shelter
• 77% had a high school education or less
• 93% were black
• 67% were employed full or part-time before the hurricane

The city failed to get information to their most vulnerable residents in time and they failed to facilitate their evacuation.  The empty buses in flood water, buses that could have been filled with evacuees prior to the storm, is a testament to this failure.

Lisa Wade is a professor of sociology at Occidental College. She writes about New Orleans here. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet Linux AustraliaJames Purser: Mark got a booboo

Mark Latham losing his AFR column because an advertiser thought his abusive tweets and articles weren't worth being associated with isn't actually a freedom of speech issue.

Nope, not even close to it.

Do you know why?

Because freedom of speech DOES NOT MEAN YOU'RE ENTITLED TO A GODS DAMNED NEWSPAPER COLUMN!!

No one is stopping Latho from spouting his particular brand of down home "outer suburban dad" brand of putresence.

Hell, all he has to do to get back up and running is go and setup a wordpress account and he can be back emptying his bile duct on the internet along with the rest of us who don't get cushy newspaper jobs because we managed to completely screw over our political career in a most spectacular way

Hey, he could setup a Patreon account and everyone who wants to can support him directly, either monthly sub, or a per flatulence rate.

This whole thing reeks of a massive sense of entitlement, both with Latho himself and his media supporters. Bolt, Devine and others who have lept to his defence all push this idea that any move to expose writers to consequences arising from their rantings is some sort of mortal offense against democracy and freedom. Of course, while they do this, they demand the scalps of anyone who dares to write abusive rants against their own positions.

Sigh.

Oh and as I've been reminded, Australia doesn't actually have Freedom of Speech as they do in the US.

Blog Catagories: 

Planet DebianDirk Eddelbuettel: RcppDE 0.1.3

A pure maintenance release 0.1.3 of the RcppDE package arrived on CRAN yesterday. RcppDE is a "port" of DEoptim, a popular package for derivative-free optimisation using differential optimization, to C++. By using RcppArmadillo, the code becomes a lot shorter and more legible.

This version simply fixes a typo in the vignette metadata noticed by Kurt, and updates the package in a few other spots to update it to current CRAN Repository Policy standards.

Courtesy of CRANberries, there is also a diffstat report for the most recent release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet DebianMichael Prokop: DebConf15: “Continuous Delivery of Debian packages” talk

At the Debian Conference 2015 I gave a talk about Continuous Delivery of Debian packages. My slides are available online (PDF, 753KB). Thanks to the fantastic video team there’s also a recording of the talk available: WebM (471MB) and on YouTube.

CryptogramThe Advertising Value of Intrusive Tracking

Here's an interesting research paper that tries to calculate the differential value of privacy-invasive advertising practices.

The researchers used data from a mobile ad network and was able to see how different personalized advertising practices affected customer purchasing behavior. The details are interesting, but basically, most personal information had little value. Overall, the ability to target advertising produces a 29% greater return on an advertising budget, mostly by knowing the right time to show someone a particular ad.

The paper was presented at WEIS 2015.

Worse Than FailureThe Old Ways

Greg never thought he’d meet a real-life mentat.

“We’re so happy to have you aboard,” said Jordan, the CEO of IniTech. She showed Greg to the back end of the office, to a closed door marked with just one word: Frank. Jordan, not bothering to knock, opening the door.

A mentat from the film Dune

Greg was overwhelmed with the stench of burned coffee and old-man smell. The office was unadorned and dark, the blinds drawn, illuminated by the blue light coming from an aging CRT screen. He saw a wrinkled scalp behind a tall, black office chair.

“I’m busy,” Frank said.

Jordan cleared her throat. “This is your new programming partner.”

“I’m Greg. It’s nice to meet you–” Greg offered his hand, but a wrinkled appendage slapped it away.

“Get yourself a chair. I know where everything is. You just show me you can type.”

Greg shot Jordan a glance as they left Frank’s office.

“He’s been with us 22 years,” she said. “He knows everything about our code. But his typing’s not what it used to be. Just do what he says. With some luck he’ll be retiring in a few months.”

Total Recall

Greg pulled a spare office chair into Frank’s den. He could see Frank’s face in profile now, resembling the mummy of Rameses II. Frank slid his keyboard to Greg. “Open C:\project.make in Vim,” Frank said, “and go to line 22.”

Greg thought it was odd that a makefile would right under C:\, but he did so. He moved the cursor to line 22.

“Increment $VERSION to 8.3.3.”

Greg noticed that Frank had his eyes shut, but humored him. In fact, line 22 did declare a $VERSION constant, and Greg changed it to 8.3.3.

“You’ll be suitable,” Frank said, crossing his arms. “You’ll do your work from the SMB server. Don’t make any changes without my authorization first.”

Change Management

Back at his desk, Greg found the SMB server where Frank kept all of his code. Or rather, the SMB mapped all of the files on Frank’s hard drive. Curious, Greg searched for .pas, .make, and other source files, wondering why Frank would keep his principle makefile under C:\.

There were 440 source files, about 200 megabytes, spread out all over the directory strucure. C:\Windows\System32, C:\Users\Shared\Project, C:\Program Files\… Frank’s entire computer was the de facto source repository.

Greg knew if he ever had to make an on-the-fly change to the source, it would take hours just tracking down the right file on SMB. Surely they had a repository he could check changes into. Greg took a deep breath and re-entered Frank’s den.

“Frank, do we have any of this in a repo somewhere? I don’t want to SMB onto your computer every time we make a change. What if we have to patch something overnight?”

“What?!” Frank rose from his office chair, unsteady on his disused legs. “There will be no code changes without my direct supervision! It’s worked just fine for 22 years. Is that understood?”

In Memory

Greg endured this for several months. Frank would harbor no suggestions of version control or repos. Everything, Frank said, was in his head. As long as no one changed the source without his permission, he would know where everything was.

Despite his frustrations, it greatly impressed Greg. Especially when Frank had memorized loop variables such as these:

for RecursiveWaypointCompressionThreadModuleIndexVerifierPropertyHandleIndex := 1 to 99 do ...  

Less amusing was Frank’s insistence on using HEX constants for any encoded string. “You can’t trust any string encoding,” Frank said. It even extended to embedded web pages in their embedded manual:

const
    ThirdWebPage : array of byte = [ $2d, $20, ... 660k OF HEX CONSTS..... ];
    JQuery33WebPage : array of byte = [ $2d, $20, ... 3,660k OF HEX CONSTS..... ];  

But Greg wondered. What would happen if he slipped in just a little change? How long would it take before Frank found out?

One night, he came into the office and logged into Frank’s SMB server. He opened a file and found an innocuous for-loop block. He replaced the twenty-something variable name with i, saved a backup on his own machine, and went home.

Greg arrived in the office late that morning, stuck in traffic, and was met by Jordan at the door. “Keep this quiet, but Frank just passed away.”

“Was it last night?”

“Brain aneurysm in his sleep.”

Frank probably died before he had a chance to see Greg’s unauthorized change. Greg would never know if Frank actually had the entire codebase memorized. Sometimes Greg would memorize a line or two, or find himself looking up mnemonic tricks to remember long sequences of characters. But it wasn’t like Frank rubbed off on him. Not really.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Planet Linux AustraliaDavid Rowe: Dual Rav 4 SM1000 Installation

Andy VK5AKH, and Mark VK5QI, have mirror image SM1000 mobile installations, same radio, even the same car! Some good lessons learned on testing and debugging microphone levels that will be useful for other people installing their SM1000. Read all about it on Mark’s fine blog.

Planet Linux AustraliaDavid Rowe: Codec 2 Masking Model Part 1

Many speech codecs use Linear Predictive Coding (LPC) to model the short term speech spectrum. For very low bit rate codecs, most of the bit rate is allocated to this information.

While working on the 700 bit/s version of Codec 2 I hit a few problems with LPC and started thinking about alternatives based on the masking properties of the human ear. I’ve written Octave code to prototype these ideas.

I’ve spent about 2 weeks on this so far, so thought I better write it up. Helps me clarify my thoughts. This is hard work for me. Many of the steps below took several days of scratching on paper and procrastinating. The human mind can only hold so many pieces of information. So it’s like a puzzle with too many pieces missing. The trick is to find a way in, a simple step that gets you a working algorithm that is a little bit closer to your goal. Like evolution, each small change needs to be viable. You need to build a gentle ramp up Mount Improbable.

Problems with LPC

We perceive speech based on the position of peaks in the speech spectrum. These peaks are called formants. To clearly perceive speech the formants need to be distinct, e.g. two peaks with a low level (anti-formant) region between them.

LPC is not very good at modeling anti-formants, the space between formants. As it is an all pole model, it can only explicitly model peaks in the speech spectrum. This can lead to unwanted energy in the anti-formants which makes speech sound muffled and hard to understand. The Codec 2 LPC postfilter improves the quality of the decoded speech by suppressing interformant-energy.

LPC attempts to model spectral slope and other features of the speech spectrum which are not important for speech perception. For example “flat”, high pass or low pass filtered speech is equally easy for us to understand. We can pass speech through a Q=1 bandpass or notch filter and it will still sound OK. However LPC wastes bits on these features, and get’s into trouble with large spectral slope.

LPC has trouble with high pitched speakers where it tends to model individual pitch harmonics rather than formants.

LPC is based on “designing” a filter to minimise mean square error rather than the properties of the human ear. For example it works on a linear frequency axis rather than log frequency like the human ear. This means it tends to allocates bits evenly across frequency, whereas an allocation weighted towards low frequencies would be more sensible. LPC often produces large errors near DC, an important area of human speech perception.

LPC puts significant information into the bandwidth of filters or width of formants, however due to masking the ear is not very sensitive to formant bandwidth. What is more important is sharp definition of the formant and anti-formant regions.

So I started thinking about a spectral envelope model with these properties:

  1. Specifies the location of formants with just 3 or 4 frequencies. Focuses on good formant definition, not the bandwidth of formants.
  2. Doesn’t care much about the relative amplitude of formants (spectral slope). This can be coarsely quantised or just hard coded using, e.g. voiced speech has a natural low pass spectral slope.
  3. Works in the log amplitude and log frequency domains.

Auditory Masking

Auditory masking refers to the “capture effect” of the human ear, a bit like an FM receiver. If you hear a strong tone, then you cant hear slightly weaker tones nearby. The weaker ones are masked. If you can’t hear these masked tones, there is no point sending them to the decoder. So we can save some bits. Masking is often used in (relatively) high bit rate audio codecs like MP3.

I found some Octave code for generating masking curves (Thanks Jon!), and went to work applying masking to Codec 2 amplitude modelling.

Masking in Action

Here are some plots to show how it works. Lets take a look at frame 83 from hts2a, a female speaker. First, 40ms of the input speech:

Now the same frame in the frequency domain:

The blue line is the speech spectrum, the red the amplitude samples {Am}, one for each harmonic. It’s these samples we would like to send to the decoder. The goal is to encode them efficiently. They form a spectral envelope, that describes the speech being articulated.

OK so lets look at the effect of masking. Here is the masking curve for a single harmonic (m=3, the highest one):

Masking theory says we can’t hear any harmonics beneath the level of this curve. This means we don’t need to send them over the channel and can save bits. Yayyyyyy.

Now lets plot the masking curves for all harmonics:

Wow, that’s a bit busy and hard to understand. Instead, lets just plot the top of all the masking curves (green):

Better. We can see that the entire masking curve is dominated by just a few harmonics. I’ve marked the frequencies of the harmonics that matter with black crosses. We can’t really hear the contribution from other harmonics. The two crosses near 1500Hz can probably be tossed away as they just describe the bottom of an anti-formant region. So that leaves us with just three samples to describe the entire speech spectrum. That’s very efficient, and worth investigating further.

Spectral Slope and Coding Quality

Some speech signals have a strong “low pass filter” slope between 0 an 4000Hz. Others have a “flat” spectrum – the high frequencies are about the same level as low frequencies.

Notice how the high frequency harmonics spread their masking down to lower frequencies? Now imagine we bumped up the level of the high frequency harmonics, e.g. with a first order high pass filter. Their masks would then rise, masking more low frequency harmonics, e.g. those near 1500Hz in the example above. Which means we could toss the masked harmonics away, and not send them to the decoder. Neat. Only down side is the speech would sound a bit high pass filtered. That’s no problem as long as it’s intelligible. This is an analog HF radio SSB replacement, not Hi-Fi.

This also explains why “flat” samples (hts1a, ve9qrp) with relatively less spectral slope code well, whereas others (kristoff, cq_ref) with a strong spectral slope are harder to code. Flat speech has improved masking, leaving less perceptually important information to model and code.

This is consistent with what I have heard about other low bit rate codecs. They often employ pre-processing such as equalisation to make the speech signal code better.

Putting Masking to work

Speech compression is the art of throwing stuff away. So how can we use this masking model to compress the speech? What can we throw away? Well lets start by assuming only the samples with the black crosses matter. This means we get to toss quite a bit of information away. This is good. We only have to transmit a subset of {Am}. How I’m not sure yet. Never mind that for now. At the decoder, we need to synthesise the speech, just from the black crosses. Hopefully it won’t sound like crap. Let’s work on that for now, and see if we are getting anywhere.

Attempt 1: Lets toss away any harmonics that have a smaller amplitude than the mask (Listen). Hmm, that sounds interesting! Apart from not being very good, I can hear a tinkling sound, like trickling water. I suspect (but haven’t proved) this is because harmonics are coming and going quickly as the masking model puts them above and below the mask, which makes them come and go quickly. Little packets of sine waves. I’ve heard similar sounds on other codecs when they are nearing their limits.

Attempt 2: OK, so how about we set the amplitude of all harmonics to exactly the mask level (Listen): Hmmm, sounds a bit artificial and muffled. Now I’ve learned that muffled means the formants are not well formed. Needs more difference between the formats and anti-formant regions. I guess this makes sense if all samples are exactly on the masking curve – we can just hear ALL of them. The LPC post filter I developed a few years ago increased the definition of formants, which had a big impact on speech quality. So lets try….

Attempt 3: Rather than deleting any harmonics beneath the mask, lets reduce their level a bit. That way we won’t get tinkling – harmonics will always be there rather than coming and going. We can use the mask instead of the LPC post filter to know which harmonics we need to attenuate (Listen).

That’s better! Close enough to using the original {Am} (Listen), however with lots of information removed.

For comparison here is Codec 2 700B (Listen and Codec 2 1300 (aka FreeDV 1600 when we add FEC) Listen. This is the best I’ve done with LPC/LSP to date.

The post filter algorithm is very simple. I set the harmonic magnitudes to the mask (green line), then boost only the non-masked harmonics (black crosses) by 6dB. Here is a plot of the original harmonics (red), and the version (green) I mangle with my model and send to the decoder for synthesis:

Here is a spectrogram (thanks Audacity) for Attempt 1, 2, and 3 for the first 1.6 seconds (“The navy attacked the big”). You can see the clearer formant representation with Attempt 3, compared to Attempt 2 (lower inter-formant energy), and the effect of the post filter (dark line in center of formants).

Command Line Kung Fu

If you want to play along:

~/codec2-dev/build_linux/src$ ./c2sim ../../raw/kristoff.raw --dump kristoff
 
octave:49> newamp_batch("../build_linux/src/kristoff");
 
~/codec2-dev/build_linux/src$ ./c2sim ../../raw/kristoff.raw --amread kristoff_am.out -o - | play -t raw -r 8000 -e signed-integer -b 16 - -q

The “newamp_fbf” script lets you single step through frames.

Phases

To synthesise the speech at the decoder I also need to come up with a phase for each harmonic. Phase and speech is still a bit of a mystery to me. Not sure what to do here. In the zero phase model, I sampled the phase of the LPC synthesis filter. However I don’t have one of them any more.

Lets think about what the LPC filter does with the phase. We know at resonance phase shifts rapidly:

The sharper the resonance the faster it swings. This has the effect of dispersing the energy in the pitch pulse exciting the filter.

So with the masking model I could just choose the center of each resonance, and swing the phase about madly. I know where the center of each resonance is, as we found that with the masking model.

Next Steps

The core idea is to apply a masking model to the set of harmonic magnitudes {Am} and select just 3-4 samples of that set that define the mask. At the decoder we use the masking model and a simple post filter to reconstruct a set of {Am_} that we use to synthesise the decoded speech.

Still a few problems to solve, however I think this masking model holds some promise for high quality speech at low bit rates. As it’s completely different to conventional LPC/LSP I’m flying blind. However the pieces are falling into place.

I’m currently working on i) how to reduce the number of samples to a low number ii) how to determine which ones we really need (e.g. discarding interformant samples); and iii) how to represent the amplitude of each sample with a low or zero number of bits. There are also some artifacts with background noise and chunks of spectrum coming and going.

I’m pretty sure the frequencies of the samples can be quantised coarsely, say 3 bits each using scalar quantisation, or perhaps 8 bit/s frame using VQ. There will also be quite a bit of correlation between the amplitudes and frequencies of each sample.

For voiced speech there will be a downwards (low pass) slope in the amplitudes, for unvoiced speech more energy at high frequencies. This suggests joint VQ of the sample frequencies and amplitudes might be useful.

The frequency and amplitude of the mask samples will be highly correlated in time (small frame to frame variations) so will have good robustness to bit errors if we apply trellis decoding techniques. Compared to LPC/LSP the bandwidth of formants is “hard coded” by the masking curves, so the dreaded LSPs-too-close due to bit errors R2D2 noises might be a thing of the past. I’ll explore robustness to bit errors when we get to the fully quantised stage.

,

Planet DebianNorbert Preining: Debian/TeX Live complete update

Triggered by all the bugs around font problems I spent my weekend instead of mountaineering with crawling through the TeX Live history for changes and fixes to dvipdfm-x. Thanks to 角藤さん for his hints, I have pulled out the changes necessary to fix Type1 support in dvipdfm-x and have reincluded them into the Debian texlive-bin package. The uploaded binaries (version 2015.20150524.37493-6) are already compiled against the new C++ ABI, see the Debian transition, so most systems will still need to wait for the update to be installable.

Debian - TeX Live 2015

At the same time I did an update to the whole set of arch: all packages (texlive-base, texlive-lang, texlive-extra (version 2015.20150823-1). This was triggered by bug that seems to be caused by bad interplay between fontspec and l3 packages. Furthermore, I needed to remove the activation for fontconfig of the URW++ Base35 fonts, to ensure that fontconfig returns always the ones from the gsfonts package, instead of a mixture between TeX Live and gsfonts.

Unrelated bug fix: libpaper intergration has been fixed and should work again. So for now all the bugs are now hopefully settled and we are back to normal. What remains is trying to fix jessie which is also broken in some respects.

Updated packages

acro, animate, babel-bosnian, babel-french, babel-latin, beamer-FUBerlin, beebe, breqn, chemformula, chet, cnltx, crossrefware, dantelogo, datetime2-it-fulltext, disser, drm, dvipdfmx-def, ecclesiastic, eledform, gradstudentresume, idxcmds, l3build, mcf2graph, media9, pageslts, pdfpages, reledmac, siunitx, tcolorbox, tex4ht, texlive-docindex, texlive-scripts, udesoftec, upmethodology, xindy.

New packages

blochsphere, e-french, fitbox, nar

Enjoy.

Sociological ImagesA feminist case for shoplifting

In this two minute clip, comedian Kate Berlant casually makes the case that women should steal cosmetics because, to paraphrase Berlant, no one should have to constantly pay for their own domination.

Enjoy!

<iframe frameborder="0" height="288" src="http://media.mtvnservices.com/embed/mgid:arc:video:comedycentral.com:fcea1db8-6c88-4f0e-8f17-ca50d49872a6" width="512"></iframe>

Thanks Letta!

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-08-17 to 2015-08-23

,

Planet Linux AustraliaDavid Rowe: A Miserable Debt Free Life Part 2

The first post was very popular, and sparked debate all over the Internet. I’ve read many of the discussions, and would like to add a few points.

Firstly I don’t feel I did a very good job of building my assets – plenty of my friends have done much better in terms of net worth and/or early retirement. Many have done the Altruism thing better than I. Sites like Mr. Money Moustache do a better job at explaining the values I hold around money. Also I’ve lost interest in more accumulation, but my lifestyle seems interesting to people, hence these posts.

The Magical 10%

The spreadsheet I put up was not for you. It was just a simple example, showing how compound interest, savings and time can work for you. Or against you, if you like easy credit and debt. A lot of people seem hung up on the 10% figure I used.

I didn’t spell out exactly what my financial strategy is for good reason.

You need to figure out how to achieve your goals. Maybe its saving, maybe it’s getting educated to secure a high income, or maybe it’s nailing debt early. Some of my peers like real estate. I like shares, a good education, professional experience, and small business. I am mediocre at most of them. I looked at other peoples stories, then found something that worked for me.

But you need to work this out. It’s part of the deal, and you are not going to get the magic formula from a blog post by some guy sitting on a couch with too much spare time on his hands and an Internet connection.

The common threads are spending less than your earn, investment, and time. And yes, this is rocket science. The majority of the human race just can’t do it. Compound interest is based on exponential growth – which is completely under-appreciated by the human race. We just don’t get exponential growth.

Risk

Another issue around the 10% figure is risk. People want guarantees, zero risk, a cook book formula. Life doesn’t work like that. I had to deal with shares tumbling after 9/11 and the GFC, and a divorce. No one on a forum in the year 2000 told me about those future events when I was getting serious about saving and investing. Risk and return are a part of life. The risk is there anyway – you might lose your job tomorrow or get sick or divorced or have triplets. It’s up to you if you want to put that risk to work or shy away from it.

Risk can be managed, plan for it. For example you can say “what happens if my partner loses his job for 12 months”, or “what happens if the housing market dips 35% overnight”. Then plug those numbers in and come up with a strategy to manage that risk.

Lets look at the down side. If the magical 10% is not achieved, or even if a financial catastrophe strikes, who is going to be in a better position? Someone who is frugal and can save, or someone maxed out on debt who can’t live without the next pay cheque?

There is a hell of lot more risk in doing nothing.

Make a Plan and Know Thy Expenditure

Make your own plan. There is something really valuable in simply having a plan. Putting some serious thought into it. Curiously, I think this is more valuable than following the plan. I’m not sure why, but the process of planning has been more important to me than the actual plan. It can be a couple of pages of dot points and a single page spreadsheet. But write it down.

Some people commented that they know what they spend, for example they have a simple spreadsheet listing their expenses or a budget. Just the fact that they know their expenditure tells me they have their financial future sorted. There is something fundamental about this simple step. The converse is also true. If you can’t measure it, you can’t manage it.

No Magic Formula – It’s Hard Work

If parts of my experience don’t work for you, go and find something that does. Anything of value is 1% inspiration and 99% perspiration. Creating your own financial plan is part of the 99%. You need to provide that. Develop the habit of saving. Research investment options that work for you. Talk to your successful friends. Learn to stop wasting money on stuff you don’t need. Understand compound interest in your saving and in your debt. Whatever it takes to achieve your goals. These things are hard. No magic formula. This is what I’m teaching my kids.

Work your System

There is nothing unique about Australia, e.g. middle class welfare, socialised medicine, or high priced housing. Well it is quite nice here but we do speak funny and the drop bears are murderous. And don’t get me started on Tony Abbott. The point is that all countries have their risks and opportunities. Your system will be different to mine. Health care may suck where you live but maybe house prices are still reasonable, or the average wage in your profession is awesome, or the cost of living really low, or you are young without dependents and have time in front of you. Whatever your conditions are, learn to make them work for you.

BTW why did so few people comment on the Altruism section? And why so many on strategies for retiring early?

Cory DoctorowComing to Reno’s Grassroots Books this Friday!


I’m doing a Q&A and signing at Reno’s Grassroots Books — a local, indie store with an emphasis on affordable reading for all — this Friday, Aug 28 at 6:30PM — just a quick stop on the way to That Thing in the Desert. I hope you’ll come by and say hello!

Planet Linux AustraliaBinh Nguyen: Cracking a Combination Lock, Some Counter-Stealth Thoughts, and More Apple Information

Someone was recently trying to sell a safe but they didn't have the combination (they had proof of ownership if you're wondering). Anybody who has been faced with this situation is often torn because sometimes the item in question is valuable but the safe can be of comparable value so it's a lose lose situation. If you remember that the original combination then all is fine and well (I first encountered this situation in a hotel when I locked something but forgot the combination. It took me an agonising amount of time to recall the unlock code). If not, you're left with physical destruction of the safe to get back in, etc...

Tips on getting back in:
- did you use mneumonics of some sort to get at the combination?
- is there a limitation on the string that can be entered (any side intelligence is useful)?
- is there a time lock involved?
- does changing particular variables make it easier to get back in non-descructively?
- keep a log on the combinations that you have tried to ensure you don't re-cover the same territory

In this case, things were a bit odd. It had rubber buttons which when removed exposed membrane type switches which could be interfaced via an environmental sensor acquisition and interface device (something like an Arduino)(if you're curious this was designed and produced by a well known international security firm proving that brand doesn't always equate to quality). Once you program it and wire things up correctly, it's simply a case of letting your robot and program run until you open the safe. Another option is a more robust robot where it pushes buttons but obviously this takes quite a bit more hardware (which can make the project pretty expensive and potentially unworthwhile) to get working.
http://techcrunch.com/2015/05/14/this-robot-cracks-open-combination-locks-in-seconds/

As I covered in my book on 'Cloud and Internet Security' please use proper locks with adequate countemeasures (time locks, variable string lengths, abnormal characters, shim proof, relatively unbreakable, etc...) and have a backup in case something goes wrong.
https://play.google.com/store/books/author?id=Binh+Nguyen
http://www.amazon.com/mn/search/?_encoding=UTF8&camp=1789&creative=390957&field-author=Binh%20Nguyen&linkCode=ur2&search-alias=digital-text&sort=relevancerank&tag=bnsb-20&linkId=3BWQJUK2RCDNUGFY

Been thinking about stealth design and counter measures a bit more.

- when you look at the the 2D thrust vectoring configuration of the F-22 Raptor you think why didn't they go 3D at times. One possible reason may be the 'letterbox effect'. It was designed as an air superiority fighter predominantly that relies heavily on BVR capabilities. From front on the plume effect is diminished (think about particle/energy weapon implementation problems) making it more difficult to detect. Obviously, this potentially reduces sideward movement (paricularly in comparison with 3D TVT options. Pure turn is more difficult but combined bank and turn isn't). Obvious tactic is to force the F-22 into sideward movements if it is ever on your tail (unlikely, due to apparently better sensor technology though)
- the above is a null point if you factor in variable thrust (one engine fires at a higher rate of thrust relative to the other) but it may result in feedback issues. People who have experience with fly by wire systems or high performance race cars which are undertuned will better understand this
- people keep on harping on about how 5th gen fighters can rely more heavily on BVR capabilities. Something which is often little spoken of is the relatively low performance of AAM (Air to Air Missile) systems (Morever, there is a difference between seeing, achieving RADAR lock, and achieving a kill). There must be upgrades along the way/in the pipeline to make 5th gen fighters a viable/economic option into the future
- the fact that several allied nations (Japan, Korea, and Turkey are among them currently)(India, Indonesia, and Russia are among those who are developing their own based on non-Western design) are developing their own indiginous 5th gen fighters which have characteristics more similar to the F-22 Raptor (the notable exception may be Israel who are maintaining and upgrading their F-15 fleet) and have air superiority in mind tells us that the F-35 is a much poorer brother to the F-22 Raptor in spite of what is being publicly said
https://www.rt.com/usa/312220-f-35-flying-saucer-tech/
http://www.news1130.com/2015/08/12/f-35-might-not-meet-performance-standards-of-cf-18s-says-u-s-think-tank/
http://www.defensenews.com/story/defense/air-space/strike/2015/08/10/turkey-upgrade-f-16-block-30-aircraft/31408875/
https://en.wikipedia.org/wiki/Mitsubishi_ATD-X
http://www.businessinsider.in/Indo-Russian-5th-Generation-Fighter-Aircraft-program-Delays-and-the-possible-outcomes/articleshow/47655536.cms
http://www.defenseone.com/technology/2015/02/heres-what-youll-find-fighter-jet-2030/104736/
https://en.wikipedia.org/wiki/Fifth-generation_jet_fighter
https://en.wikipedia.org/wiki/TAI_TFX
https://en.wikipedia.org/wiki/KAI_KF-X
http://www.defenseindustrydaily.com/kf-x-paper-pushing-or-peer-fighter-program-010647/
Warplanes: No Tears For The T-50
https://www.strategypage.com/htmw/htairfo/articles/20150421.aspx
- it's clear that the US and several allied nations believe that current stealth may have limited utility in the future. In fact, the Israeli's have said that within 5-10 years the JSF may lost any significant advantage that it currently has without upgrades
- everyone knows of the limited utility of AAM (Air to Air Missile) systems. It will be interesting to see whether particle/energy weapons are retrofitted to the JSF or whether they will be reserved entirely for 6th gen fighters. I'd be curious to know how much progress they've made with regards to this particularly with regards to energy consumption
- even if there have been/are intelligence breaches in the design of new fighter jets there's still the problem of production. The Soviets basically had the complete blue prints for NASA's Space Shuttle but ultimately decided against using it on a regular basis/producing more because like the Americans they discovered that it was extremely uneconomical. For a long time, the Soviets have trailed the West with regards to semiconductor technology which means that their sensor technology may not have caught up. This mightn't be the case with the Chinese. Ironically, should the Chinese fund the Russians and they work together they may achieve greater progress then working too independently
http://www.abc.net.au/news/2015-08-18/former-spy-molly-sasson-says-soviet-mole-infiltrated-asio/6704096
https://en.wikipedia.org/wiki/Buran_(spacecraft)
- some of the passive IRST systems out have current ranges of about 100-150km mark (that is publicly acknowledged)
http://www.washingtonexaminer.com/the-price-of-stealth/article/2570647
http://aviationweek.com/technology/new-radars-irst-strengthen-stealth-detection-claims
https://en.wikipedia.org/wiki/Stealth_aircraft
http://thediplomat.com/2014/10/how-effective-is-chinas-new-anti-stealth-radar-system-really/
http://www.wired.co.uk/news/archive/2012-10/01/radar-detects-stealth-aircraft
https://en.wikipedia.org/wiki/Radar
http://www.migflug.com/jetflights/p-i-r-a-t-e-versus-raptor.html
http://nationalinterest.org/blog/the-buzz/are-us-fighter-jets-about-become-obsolete-12612
http://nationalinterest.org/feature/are-submarines-about-become-obsolete-12253
http://theminiaturespage.com/boards/msg.mv?id=374487
http://www.navytimes.com/story/military/tech/2015/02/09/greenert-questions-stealth-future/22949703/
http://watchingamerica.com/WA/2015/03/23/the-us-navy-has-already-stopped-believing-in-the-jsf/
- disoriention of gyroscopes has been used as a strategy against UCAV/UAVs. I'd be curious about how such technology would work against modern fighters which often go into failsafe mode (nobody wants to lose a fighter jet worth 8 or more figures. Hence, the technology) when the pilot blacks out... The other interesting thing would be how on field technologies such as temporal sensory deprivation (blinding, deafening, dis-orirentation, etc...) could be used in unison from longer range. All technologies which have been tested and used against ground based troops before)
http://defensesystems.com/articles/2015/08/10/kaist-researchers-take-out-drones-with-sound.aspx
https://en.wikipedia.org/wiki/Brown_note
- I've been thinking/theorising about some light based detection technologies to aircraft in general. One option I've been considering is somewhat like a sperical ball. The spherical ball is composed of lenses which focus in on a centre which is composed of sensors which would be a hybrid based technology based on the photoelectric effect and spectrascopic theory. The light would automatically trigger a voltage (much like a solar cell) while use of diffraction/spectrascopic theory would enable identification of aircraft from long range using light. The theory behind this is based on the way engine plumes work and the way jet fuels differ. Think about this carefully. Russian rocket fuel is very different from Western rocket fuel. I suspect it's much the same for jet fuel. We currently identify star/planet composition on roughly the same theory. Why not fighter aircraft? Moreover, there are other distinguishing aspects of the jet fighter nozzle exhausts (see my previous post and the section on LOAN systems, http://dtbnguyen.blogspot.com/2015/07/joint-strike-fighter-f-35-notes.html). Think about the length and shape of each one based on their current flight mode (full afterburner, cruising, etc...) and the way most engine exhausts are unique (due to a number of different reasons including engine design, fuel, etc...). Clearly, the F-22, F-35, B-2, and other stealth have very unique nozzle shapes when compared to current 4th gen fighter options and among one another. The other thing is that given sufficient research (and I suspect a lot of time) I believe that the benefits of night or day flight will/could be largely mitigated. Think about the way in which light and camera filters (and night vision) work. They basically screen out based on frequency/wavelength to make things more visible. You should be able achieve the same thing during daylight. The other bonus of such technology is that it is entirely passive giving the advantage back to the party in defense and intelligence is relatively easy to collect. Just show up at a demonstration or near an airfield...
https://en.wikipedia.org/wiki/Jet_fuel
http://foxtrotalpha.jalopnik.com/so-what-were-those-secret-flying-wing-aircraft-spotted-1555124270
http://www.globalsecurity.org/military/world/stealth-aircraft-vulnerabilities-contrails.htm
https://en.wikipedia.org/wiki/Electro-optical_sensor
https://en.wikipedia.org/wiki/Optical_spectrometer
https://en.wikipedia.org/wiki/AN/AAQ-37 
- such technology may be a moot point as we have already made progress on cloaking (effectively invisible to the naked eye) technology (though exact details are classified as is a lot of other details regarding particle/energy weapons and shielding technologies)... There's also the problem of straight lines. For practical purposes, light travels in straight lines... OTH type capabilities are beyond such technology (for the time being. Who knows what will happen in the future?)
- someone may contest that I seem to be focusing in on exhaust only but as as you aware this style of detection should also work against standard objects as well (though it's practicallity would be somewhat limited). Just like RADAR though you give up on being able to power through weather and other physical anomalies because you can't use a conventional LASER. For me, this represents a balance between being detected from an attackers perspective and being able to track them from afar... If you've ever been involved in a security/bug sweep you will know that a LASER even of modest power can be seen from quite a distance away
- everybody knows how dependent allied forces are upon integrated systems (sensors, re-fuelling, etc...)
- never fly straight and level against a 5th gen fighter. Weave up and down and side to side even on patrols to maximise the chances of detection earlier in the game because all of them don't have genuine all aspect stealth
- I've been thinking of other ways of defending against low observability aircraft. The first is based on 'loitering' weapons. Namely, weapons which move at low velocity/loiter until they come within targeting range of aicraft. Then they 'activate' and chase their target much like a 'moving mine' (a technology often seen in cartoons?). Another is essentially turning off all of your sensors once they become within targeting range. Once they end up in passive detection range, then you fire in massive, independent volleys knowing full well that low observability aircraft have low payload capability owing to comprimises in their design
- as stated previously, I very much doubt that the JSF is as bad some people are portraying
http://sputniknews.com/military/20150816/1025815446.html
http://news.usni.org/2015/08/13/davis-f-35b-external-weapons-give-marines-4th-5th-generation-capabilities-in-one-plane
- it's clear that defense has become more integrated with economics now by virtue of the fact that most of our current defense theory is based on the notion of deterrence. I beleive that the only true way forward is reform of the United Nations, increased use of un-manned technologies, and perhaps people coming to terms with their circumstances more differently (unlikely given how long humanity has been around), etc... There is a strong possibility that the defense estabilshment's belief that future defense programs could be unaffordable could become true within the context of deterence and our need to want to control affairs around the word. We need cheaper options with the ability to 'push up' when required...
http://www.thephora.net/forum/showthread.php?t=79496
http://breakingdefense.com/2014/04/f-35s-stealth-ew-not-enough-so-jsf-and-navy-need-growlers-boeing-says-50-100-more/
http://theaviationist.com/2013/06/17/su-35-le-bourget/
http://staugustine.com/news/2015-08-18/pentagon-plans-increase-drone-flights-50-percent

All of this is a moot point though because genuine 5th gen fighters should be able to see you from a mile off and most countries who have entered into the stealth technology arena are struggling to build 5th gen options (including Russia who have a long history in defense research and manufacturing). For the most part, they're opting for a combination of direct confrontation and damage limitation through reduction of defensive projection capability through long range weapons such as aicraft carrier destroying missiles, targeting of AWACS/refuelling systems, etc... and like for like battle options...
http://www.businessinsider.com/all-the-weapons-russias-sukhoi-t-50-fighter-jet-is-designed-to-carry-in-one-infographic-2015-8?IR=T
http://www.onislam.net/english/health-and-science/special-coverage/492459-muslim-sibirs-stealth-sukhoi-pak-fa-infographs.html

I've been working on more Apple based technolgy of late (I've been curious about the software development side for a while). It's been intriguing taking a closer look at their hardware. Most people I've come across have been impressed by the Apple ecosystem. To be honest, the more I look at the technology borne from this company the more 'generic' them seem. Much of the technology is simply repackaged but in a better way. They've had more than their fair share of problems.

How to identify MacBook models
https://support.apple.com/en-au/HT201608
How to identify MacBook Pro models
https://support.apple.com/en-us/HT201300

A whole heap of companies including graphic card, game console, and computer manufacturers were caught out with BGA implementation problems (basically, people tried to save money by reducing the quality of solder. These problems have largely been fixed much like the earlier capacitor saga). Apple weren't immune
https://www.ifixit.com/Guide/Yellow+Light+of+Death+Repair/3654
https://www.ifixit.com/Store/Game-Console/PlayStation-3-Yellow-Light-of-Death-YLOD-Fix-Kit/IF213-028-1
http://www.gamefaqs.com/ps3/927750-playstation-3/answers/66227-any-solutions-on-fixing-ylod-yellow-light-of-death

Lines on a screen of an Apple iMac. Can be due to software settings, firmware, or hardware
https://discussions.apple.com/thread/5625161
https://discussions.apple.com/thread/6604981
https://www.ifixit.com/Answers/View/172653/How+to+fix+%22vertical+lines%22+on+my+iMac+27+late+2009
https://www.ifixit.com/Answers/View/349/Vertical+lines+appearing+on+display

Apparently, Macbooks get noisy headjacks from time to time. Can be due to software settings or hardware failure
http://hints.macworld.com/article.php?story=20090729165848939
https://discussions.apple.com/thread/5516994
https://discussions.apple.com/thread/3853844
http://apple.stackexchange.com/questions/8039/how-can-i-make-my-macbook-pros-headphone-jack-stop-humming

One of the strangest things I've found is that in spite of a core failure of primary storage device people still try to sell hardware for almost what the current market value of a perfectly functional machine is. Some people still go for it but I'm guessing they have spare hardware lying around
https://discussions.apple.com/thread/5565827
https://discussions.apple.com/thread/6151526
http://apple.stackexchange.com/questions/158092/a-bad-shutdown-resulting-in-a-flashing-folder-with-question-mark

There are some interesting aspects to their MagSafe power adapters. Some aspects are similar to authentication protocols used by manufacturers such as HP to ensure that that everthing is safe and that only original OEM equipment is used. Something tells me they don't do enough testing though. They seem to have a continuous stream of anomalous problems. It could be similar to the Microsoft Windows security problem though. Do you want an OS delivered in a timely fashion or one that is deprecated but secure at a later date (delivered in a lecture by a Microsoft spokesman a while back). You can't predict everything that happens when things move into mass scale production but I would have thought that the 'torquing' problem would have been obvious from a consumer engineering/design perspective from the outset...
https://en.wikipedia.org/wiki/MagSafe
http://www.righto.com/2013/06/teardown-and-exploration-of-magsafe.html
https://www.ifixit.com/Answers/View/34477/Correct+wiring+of+MagSafe+power+adapter
http://www.instructables.com/id/MacBook-Mag-Safe-Charger-Budget-Repair-Disas/step2/Disassembly-of-Power-Brick-Brute-Force-Attack/
http://apple.stackexchange.com/questions/111617/using-85w-magsafe-inplace-of-60w-magsafe-2-for-mbp-retina-13
https://www.ifixit.com/Answers/View/1855/Definitive+answer+on+using+60w+or+85w+power+adapter+with+Macbook+Air

Upgrading Apple laptop hard drives is similar in complexity to that of PC based laptops
http://www.extremetech.com/computing/58220-upgrade-your-macbook-pros-hard-drive-2
http://www.macinstruct.com/node/130

One thing has to be said of Apple hardware construction. It's radically different to that of PC based systems. I'd rather deal with a business class laptop that is designed to be upgraded and probably exhibits greater reliability to be honest. Opening a lot of their devices has told me that form takes too much in the ratio between form and function
https://www.ifixit.com/Guide/MacBook+Core+2+Duo+Upper+Case+Replacement/515
https://www.ifixit.com/Guide/MacBook+Core+2+Duo+Logic+Board+Replacement/528
https://www.ifixit.com/Guide/MacBook+Pro+15-Inch+Unibody+Late+2011+Logic+Board+Replacement/7518

One frustrating aspect of the Apple ecosystem is that they gradually phase out support of old hardware by inserting pre-requisite checking. Thankfully, as others (and I) have discovered bypassing some of their checks can be trivial at times
https://en.wikipedia.org/wiki/OS_X
http://ask.metafilter.com/276359/How-to-best-upgrade-my-2006-MacBook-Pro
http://osxdaily.com/2011/04/08/hack-mac-os-x-lion-for-core-duo-core-solo-mac/
https://www.thinkclassic.org/viewtopic.php?id=425
http://www.macbreaker.com/2013/06/how-to-install-os-x-109-mavericks-dp1.html
http://apple.stackexchange.com/questions/103054/unsupported-hack-or-workaround-to-get-64-bit-os-x-to-install-on-a-macbook-pro-ha

Planet DebianJoachim Breitner: Quickest path to a local apt repository

As I’m writing this, DebConf 15 is coming to an end. I spend most of my time improving the situation of the Haskell Packages in Debian, by improving the tooling and upgrading our packages to match Stackage 3.0 and build against GHC 7.10. But that is mostly of special interest (see this mail for a partial summary), so I’d like to use this post to advertise a very small and simple package I just uploaded to Debian:

During one of the discussion here I noticed that it is rather tricky to make a locally built package available to apt-get. The latest version in unstable allows one to install a debian package simply by running apt-get install on it, but in some cases, e.g. when you want a convenient way to list all packages that you made available for local use, this is insufficient.

So the usual approach is to create a local apt repository with your packages. Which is non-trivial: You can use dpkg-scanpackage, apt-ftparchive or reprepro. You need to create the directories, run the commands, add the repository to your local sources. You need to worry about signing it or setting the right options to make apt-get accept it without signing.

It is precisely this work that my new package local-apt-repository automates for you: Once it is installed, you simply drop the .deb file into /srv/local-apt-repository/ and after the next apt-get update the package can be installed like any other package from the archive.

I chose to use the advanced features that systemd provides – namely activation upon path changes – so works best with systemd as the init system.

If you want to contribute, or test it before it passes the NEW queue, check out the git repository.

Planet DebianChristian Perrier: [LIFE] Running activities - Echappee Belle next week

Hello dear readers,

Next week, I'll be running the "Echappee Belle" race : 144km and 10.000 meters positive climb, in French Alps (Belledonne range, this time).

That will be, by far, my longest race ever and indeed a great challenge for me with very difficult tracks (when there are tracks).

I expect to run for about 48 hours, or even up to 55, two nights out.....or maybe less as I'm in very good shape.

You can follow me on the live tracking site. The race starts on Friday August 28th, 06:00 CET DST.

,

Geek FeminismLinkspam Green is People!! (21 August 2015)

 

  • SF Women of the 20th Century: Introduction | tansyrr.com (18 August): “[W]hile 20th century science fiction is so often framed as a masculine genre, as a sexist genre, as a boys club, and as a hub of male geekery, male childhood, male second childhood and a world peopled by old white men, it was always a place where women existed, and worked, and played, and created wonderful things.”
  • No, I don’t trust your conference without a Code of Conduct | Perpendicular Angel Design (14 August): “A clear, transparent, well-written code of conduct is step 1 of winning my trust. Enforcing that code of conduct *with the biggest burden affecting those who do wrong* is step 2. If there is a step 3, it’s that you communicate to the industry what you did, why, and what you might do differently in the future.”
  • Signal Boost: GG attacks SXSW panels on online safety, harassment, and VR. | Jacqueline Wernimont (18 August): “[T]he South by Southwest (SXSW) festival in Austin uses a crowdsourced approval method for its panels, taking into account online voting to see which proposed panels get approved. Three panels proposed for SXSW Interactive — about gaming and interactive media — are being attacked by GamerGate right now. One of them, a panel about VR, isn’t even related to feminism or social justice issues but is being targeted anyway because Brianna Wu is on it.”
  • [Trigger Warning: Examples of harassment discussed in detail] Almost No One Sided with #GamerGate: A Research Paper on the Internet’s Reaction to Last Year’s Mob | Superheroes in Racecars (17 August): “The results of this project suggest that the vast majority of people do in fact equate GamerGate with online harassment, sexism, and/or misogyny. More people see GamerGate as a toxic mob rather than a legitimate movement worthy of respect.”
  • Teen girls play video games, but they minimize their contact with other players. Boys, on the other hand, use games to socialize. | Slate (18 August): “No one should blame women and girls for choosing to play games in a way that renders them invisible to the larger gaming community, but an unfortunate side effect of this is that many guys who play are under the impression that it’s therefore a male hobby.”
  • [Trigger Warning: Brief description of harassment]How To (Accidentally) Build A More Female-Friendly Game | Medium (18 August): “In Ingress, by the time you learn someone’s gender, you’ve already seen how they play. Eventually as you get into hangouts and communities, people are going to learn you are female — but they are also going to be meeting you in real life at the same time and also see you as a valuable contributor. It humanizes that interaction. So the would-be trolls don’t have that time period where the only piece of information they have about you is that you are a woman, which makes it harder to troll. ”
  • [Trigger Warning: Brief description of harassment]Why Stack Overflow is a Good Workplace for Women | Medium (11 August): “Be careful with “Cultural Fit”. This is often a catch-all for a vague sense of “would not fit in”, which can come to mean “is like me”. If you feel someone is a good or bad cultural fit, you must explain what you mean.
    Valid “Cultural Fit” things: self-motivated, passionate, gets stuff done, cares about open source / giving back to the community, likes “default open”, hates office politics / meetings, pragmatic attitude towards tools / best practices, etc.
    Invalid “Cultural Fit” things: obvious stuff like race, gender, sexual orientation, religion but also softer things like age, personality or hobbies (does not have to like Magic the Gathering to be a good dev). Assume that your bias is to hire people you “like” and be very careful of that.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet DebianNorbert Preining: Work-Life Balance at Amazon

Having had personal contact with Amazon employees, and having read the NYT article Inside Amazon: Wrestling Big Ideas in a Bruising Workplace, I have only a few things to say:

  • Most Japanese companies have different methods, but work hours are similar, and exploitation even worse (voluntary service etc)
  • I loved one comment in the MobileRead thread on the article, link to the post:

    All you need to do is make one assumption: dishonest people will outperform honest people over the short term. Then every year Amazon’s “culling” will get rid of the honest people and keep the dishonest ones. Rinse and repeat. Soon only the sociopaths are left.

    Best supporting quote from the article: “You learn how to diplomatically throw people under the bus.”

What remains – I guess I would be a horrible performer at Amazon, and I am proud of it.

Planet Linux AustraliaDavid Rowe: Hamburgers versus Oncology

On a similar, but slightly lighter note, this blog was pointed out to me. The subject is high (saturated) fat versus carbohydrate based diets, which is an ongoing area of research, and may (may) be useful in managing diabetes. This gentleman is a citizen scientist (and engineer no less) like myself. Cool. I like the way he using numbers and in particular the way data is presented graphically.

However I tuned out when I saw claims of “using ketosis to fight cancer”, backed only by an anecdote. If you are interested, this claim is throughly debunked on www.sciencebasedmedicine.org.

Bullshit detection 101 – if you find a claim of curing cancer, it’s pseudo-science. If the evidence cited is one persons story (an anecdote) it’s rubbish. You can safely move along. It shows a dangerous leaning towards dogma, rather than science. Unfortunately, these magical claims can obscure useful research in the area. For example exploring a subtle, less sensational effect between a ketogenic diet and diabetes. That’s why people doing real science don’t make outrageous claims without very strong evidence – its kills their credibility.

We need short circuit methods for discovering pseudo science. Otherwise you can waste a lot of time and energy investing spurious claims. People can get hurt or even killed. Takes a lot less effort to make a stupid claim than to prove it’s stupid. These days I can make a call by reading about 1 paragraph, the tricks used to apply a scientific veneer to magical claims are pretty consistent.

A hobby of mine is critical thinking, so I enjoy exploring magical claims from that perspective. I am scientifically trained and do R&D myself, in a field that I earned a PhD in. Even with that background, I know how hard it is to create new knowledge, and how easy it is to fool myself when I want to believe.

I’m not going to try bacon double cheeseburger (without the bun) therapy if I get cancer. I’ll be straight down to Oncology and take the best that modern, evidence based medicine can give, from lovely, dedicated people who have spent 20 years studying and treating it. Hit me with the the radiation and chemotherapy Doc! And don’t spare the Sieverts!

Planet Linux AustraliaDavid Rowe: Is Alt-Med Responsible for 20% of Cancer Deaths?

In my meanderings on the InterWebs this caught my eye:

As a director of a cancer charity I work with patients everyday; my co-director has 40-yrs experience at the cancer coalface.We’re aware there are many cancer deaths that can be prevented if we could reduce the number of patients delaying or abandoning conventional treatment while experimenting with alt/med.It is ironic that when national cancer deaths are falling the numbers of patients embracing alt/med is increasing and that group get poor outcomes.If about 46,000 patients die from cancer in 2015, we suspect 10-20% will be caused by alt/med reliance. This figure dwarfs the road toll, deaths from domestic violence, homicide. suicide and terrorism in this country.

This comment was made by Pip Cornell, in the comments on this article discussing declining cancer rates. OK, so Pips views are anecdotal. She works for a charity that assists cancer sufferers. I’m putting it forward as a theory, not a fact. More research is required.

The good news is evidence based medicine is getting some traction with cancer. The bad news is that Alt-med views may be killing people. I guess this shouldn’t surprise me, Alt-med (non evidence-based medicine) has been killing people throughout history.

The Australian Government has recently introduced financial penalties for parents who do not vaccinate. Raw milk has been outlawed after it killed a toddler. I fully support these developments. Steps in the right direction. I hope they take a look at the effect of alt-med on serious illness like cancer.

CryptogramFriday Squid Blogging: Calamari Ripieni Recipe

Nice and easy Calamari Ripieni recipe, along with general instructions on cooking squid:

Tenderizing squid is as simple as pounding it flat -- if you're going to turn it into a steak. Otherwise, depending on the size of the squid, you can simply trim off the tentacles and slice the squid body, or mantle, into rings that can be grilled, sautéed, breaded and fried, added to soup, added to salad or pasta, or marinated. You can also ­ as chef Accursio Lota of Solare does -- stuff the squid with bread crumbs and aromatics and quickly bake it or grill it to serve with salad.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Planet DebianRhonda D'Vine: DebConf15

I tried to start to write this blog entry like I usually do: Type along what goes through my mind and see where I'm heading. This won't work out right now for various reasons, mostly because there is so much going on that I don't have the time to finish that in a reasonable time and I want to publish this today still. So please excuse me for being way more brief than I usually am, and hopefully I'll find the time to expand some things when asked or come back to that later.

Part of the reason of me being short on time is different stuff going on in my private life which requires additional attention. A small part of this is also something that I hinted in a former blog entry: I switched my job in June. I really was looking forward to this. I made them aware of what the name Rhonda means to me and it's definitely extremely nice to be addressed with female pronouns at work. And also I'm back in a system administration job which means there is an interest overlap with my work on Debian, so a win-win situation on sooo many levels!

I'm at DebConf15 since almost two weeks now. On my way here I was complimented on my outfit by a security guard at the Vienna airport which surprised me but definitely made my day. I was wearing one of these baggy hippie pants (which was sent to me by a fine lady I met at MiniDebConf Bucharest) but pulled up the leg parts to the knees so it could be perceived as a skirt instead. Since I came here I was pretty busy with taking care of DCschedule bot adjustments (like, changing topic and twittering from @DebConf at the start of the talks), helping out with the video team when I noticed there was a lack of people (which is a hint for that you might want to help with the video team in the future too, it's important for remote people but also for yourself because you can't attend multiple sessions at the same time).

And I have to repeat myself, this is the place I feel home amongst my extended family, even though I it still is sometimes for me to get to speak up in certain groups. I though believe it's more an issue of certain individuals taking up a lot of space in discussions without giving (more shy) people in the round the space to also join in. I guess it might be the time that we need a session on dominant talking patterns for next year and how to work against them. I absolutely enjoyed such a session during last year's FemCamp in Vienna which set the tone for the rest of the conference, and it was simply great.

And then there was the DebConf Poetry Night. I'm kinda disappointed with the outcome this year. It wasn't able to attract as much people anticipated, which I to some degree account to me not making people aware of it well enough, overlapping with a really great band playing at the same time in competition, and even though the place where we did it sounded like a good idea at first, it didn't had enough light for someone to read something from a book (but that was solved through smartphone lights). I know that most people did enjoy it, so it was good to do it, but I'm still a fair bit disappointed with the outcome and will try to work on improving on that grounds for next year. :)

With all this going on there unfortunately wasn't as much time as I would have liked to spend with people I haven't seen for a long time, or new people I haven't met yet. Given that this year's DebConf had an height in attendees (526 being here at certain times during the two weeks, and just today someone new arrived too, so that doesn't even have to be the final number) it makes it a bit painful to have picked up so many tasks and thus lost some chances to socialize as much as I would have liked to.

So, if you are still here and have the feeling we should have talked more, please look for me. As Bdale pointed out correctly in the New to DebConf BoF (paraphrased): When you see us DebConf old timers speaking to someone else and you feel like you don't want to disturb, please do disturb and speak to us. I always enjoyed to get to know new people. This for me always is one of the important aspects of DebConf.

Also, I am very very happy to have received feedback from different people about both my tweets and my blog, thank you a lot of that. It is really motivating to keep going.

So, lets enjoy the last few hours of DebConf!

Another last side notice: While my old name in the Debian LDAP did manage to find some wrongly displayed names in the DebConf website, like for speakers, or volunteers, it was clear to me that having it exposed through SSO.debian.org isn't really something I appreciate. So I took the chance and spoke to Luca from the DSA team right here today, and ... got it fixed. I love it! Next step is getting my gpg key exchanged, RT ticket is coming up. :)

/debian | permanent link | Comments: 1 | Flattr this

Planet DebianSimon Kainz: DUCK challenge: Final week

Well, here are the stats for the final week of the DUCK challenge as well as DebConf15:

So we had 21 packages fixed and uploaded by 14 different uploaders. People were really working hard on this during DebConf. A big "Thank You" to you!!

Since the start of this challenge, a total of 89 packages, were fixed.

Here is a quick overview:

Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Week 7
# Packages 10 15 10 14 10 9 21
Total 10 25 35 49 59 68 89

Thank you all for participating - either on purpose or "accidentially": Some people were really surprised as i sneaked up on them at DebConf15, confronting them with a green lighter! I just tried to put even more fun into Debian, i hope this worked out

Pevious articles are here: Week 1, Week 2, Week 3, Week 4, Week 5,Week 6.

TEDThe Great Thanksgiving Listen, a new “Goldilocks” planet, and the White House Demo Day

John Green's TED Talk

The TED community has been doing some big things over the past few weeks. Below, some newsy highlights.

Let’s interview our elders. This Thanksgiving, high school students across the United States will have an important assignment: Interview a grandparent or elder using the StoryCorps app. The Great Thanksgiving Listen — a partnership of StoryCorps, TED, NPR and ABC News —  is an ambitious effort “to preserve the voices and stories of a generation of Americans over a single holiday weekend.” TED Prize winner Dave Isay appeared on Good Morning America to announce the initiative: “It’s so important for us to understand where we came from,” he said. “But even more important to connect to the people who matter to us.” Audio interviews will be stored at the American Folklife Center at the Library of Congress. If you’re a teacher or parent who wants their student to participate, sign up now and you’ll get an email with the curriculum later this month. (Watch Dave Isay’s TED Talk, “Everyone around you has a story that the world needs to hear.”)

An exoplanet in the Goldilocks zone. The SETI Institute, along with NASA, announced the discovery of a promising new Earth-like planet called Kepler 452b, spotted by the Kepler Space Telescope some 1,400 light-years away from our own solar system. The planet is in the “Goldilocks zone” in its orbit around a Sun-like star – not too hot, not too cold to support the existence of water. Which means the chances of there being life are (comparatively) pretty good: “This planet has spent 6 billion years in the habitable zone of its star — longer than Earth,” said Jon Jenkins, Kepler data analysis lead at NASA. “That’s substantial opportunity for life to arise, should all the necessary ingredients and conditions for life exist on this planet.” (For more on exoplanets, watch Sara Seager’s TED Talk, “The search for planets beyond our solar system”)

The curious life of a made-up town that became real, then disappeared. Can fiction ever will itself into existence? That appears to be the case for Agloe, New York, a fake town that two cartographers placed on a real map as a form of copyright protection — a “paper town.” In a story for NPR’s All Things Considered, John Green shares how, eventually, enough people saw this Upstate dirt-road intersection on a map that it became briefly real. But as Green researched his book Paper Towns, he was disappointed to find, all that’s left of Agloe now is a field and an empty barn. What remains is its legacy as a place that switches between the real and imagined, “The strangest part of it to me is that this place that was imagined, and then real, and then disappeared, and then imagined again through my story — has kind of, in a way, become real again,” Green shared. (Watch John Green’s TED Talk, “The nerd’s guide to learning everything online”)

A TED Fellow goes to Washington. At the first-ever White House Demo Day, TED Fellow Joe Landolina showed how his VETI-GEL can stop serious bleeding in less than 10 seconds. “I was able to demo it, discuss how it came to be and share the vision for how it can change the way we look at wound care,” said Landolina. Other TED Talks stars at the event include Ramona Pierson, who demoed a new search engine, and Luis von Ahn, who showed off Duolingo. (Watch Joe Landolina’s TED Talk, “This gel can make you stop bleeding instantly.”)

Sad news from Jimmy Carter. Former US president Jimmy Carter revealed last week that he is suffering from aggressive cancer. I will be rearranging my schedule as necessary so I can undergo treatment,” he said in a statement. In the meantime, people close to him predict that he’ll keep on with his work for social justice. “The doctors are going to have a hard time getting him to slow down,” his former communications director told The New York Times. (Watch Jimmy Carter’s TED Talk from this May, “Why I believe the mistreatment of women is the number one human rights abuse.”)

A new TED show for Brazilian TV. TED Compartilhando Ideias (TED: Sharing Ideas) premieres on the Brazilian channel Futura on August 20. Hosted by neuroscientist Suzana Herculano-Houzel, it will explore topics in science, behavior, technology and the environment, adding nuance and new perspectives to a selection of TED Talks. Each of the 26 half-hour episodes feature interviews with Brazilian guests, such as entrepreneur Bel Pesce and engineer Henry Foresti. Watch the trailer for the show. (Watch Suzana Herculano-Houzel,’s TED Talk, What Is So Special About the Human Brain?, and Bel Pesce’s TED Talk, “5 ways to kill your dreams”)

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/el28GlEjLgs?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Have a news item to share? Write us at blog@ted.com and you may see it included in this weekly round-up.


Krebs on SecurityExtortionists Target Ashley Madison Users

People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters get posted online for anyone to download — as is the case with the recent hack of infidelity hookup site AshleyMadison.com — random blackmailers are bound to pounce on the opportunity.

An extortion email sent to an AshleyMadison user.

An extortion email sent to an AshleyMadison user.

According to security firms and to a review of several emails shared with this author, extortionists already see easy pickings in the leaked AshleyMadison user database.

Earlier today I heard from Rick Romero, the information technology manager at VF IT Services, an email provider based in Milwaukee. Romero said he’s been building spam filters to block outgoing extortion attempts against others from rogue users of his email service. Here’s one that he blocked this morning (I added a link to the bitcoin address in the message, which shows nobody has paid into this particular wallet yet):

Hello,

Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.

If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address:

1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]

Sending the wrong amount means I won’t know it’s you who paid.

You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here…..

The individual who received that extortion attempt — an AshleyMadison user who agreed to speak about the attack on condition that only his first name be used — said he’s “loosely concerned” about future extortion attacks, but not especially this one in particular.

“If I put myself in [the extortionist’s] shoes, the likelihood of them disclosing stuff doesn’t increase their chance of getting money,” said Mac. “I just not going to respond.”

Mac says he’s more worried about targeted extortion attacks. A few years ago, he met a woman via AshleyMadison and connected both physically and emotionally with the woman, who is married and has children. A father of several children who’s been married for more than 10 years, Mac said his life would be “incredibly disrupted” if extortionists made good on their threats.

Mac said he used a prepaid card to pay for his subscription at AshleyMadison.com, but that the billing address for the prepaid ties back to his home address.

“So they have my home billing address and first and last name, so it would be relatively easy for them to get my home records and figure out who I am,” Mac said. “I’ll accept the consequences if this does get disclosed, but obviously I’d rather not have that happen because my wife and I are both very happy in our marriage.”

Unfortunately, the extortion attempts like the one against Mac are likely to increase in number, sophistication and targeting, says Tom Kellerman, chief cybersecurity officer at Trend Micro.

Kellerman is convinced we’ll see criminals leveraging the AshleyMadison data to conduct spear-phishing attacks aimed at delivering malicious software such as ransomware, a different type of extortion threat that locks the victim’s most treasured files with a secret encryption key unless and until the victim pays a ransom (also in Bitcoins).

“There is going to be a dramatic crime wave of these types of virtual shakedowns, and they’ll evolve into spear-phishing campaigns that leverage crypto malware,” Kellerman said. “The same criminals who enjoy deploying ransomware would love to use this data.”

The leaked AshleyMadison data could also be useful for extorting U.S. military personnel and potentially stealing U.S. government secrets, experts fear. Some 15,000 email addresses ending in dot-mil (the top-level domain for the U.S. military) were included in the leaked AshleyMadison database, and this has top military officials just a tad concerned.

According to The Hill, the U.S. Defense Secretary Ash Carter said in his daily briefing Thursday that the DoD is investigating the leak.

“I’m aware of it, of course it’s an issue, because conduct is very important,” Carter told reporters at the briefing, The Hill reported. The publication notes that adultery in the military is a prosecuteable offense under Article 134 of the Uniform Code of Military Justice. Maximum punishment includes dishonorable discharge, forfeiture of all pay and allowances, and confinement for one year. As such, Carter told reporters that service members found to have used adultery website Ashley Madison could face disciplinary action.

Kellerman said attacks against military personnel who used AshleyMadison may well target spouses of people whose information is included in the database — all in a bid to infect the spouse as a way to eventually steal information from the real target (the cheating military husband or wife).

“Something must already be going on for [the Secretary of Defense] to actually have a press conference on that,” Kellerman said. “We may actually see spear-phishing campaigns against spouses of individuals who are involved in this, attacks that say, ‘Hey, your wife or husband was involved in this site, do you want to see proof of that?’

And the proof, in this scenario, would be a a booby-trapped attachment that deploys spyware or malware.

Mac, who’s not a military man, says he doesn’t regret the affair he had via AshleyMadison; his only regret is not finding a way to keep his home address out of his records on the site.

“I regret using my home address and some of my personal information that AshleyMadison didn’t take as good care of as they should have,” he said. “But I really, I’m mad these hackers feel it’s so important to force the hand of people that have a different outlook on life.”

The AshleyMadison data is leaked on various sites, but the data itself is not easily searchable by folks who aren’t familiar with raw database files. However, several sites have since popped up that allow anyone to search by email address to find if that address had an account at AshleyMadison.com. True, AshleyMadison.com did not always verify email addresses, but some of these AshleyMadison search services coming online will indicate whether the associated email address also has a payment record — a marker which could be useful to extortionists.

CryptogramNSA Plans for a Post-Quantum World

Quantum computing is a novel way to build computers -- one that takes advantage of the quantum properties of particles to perform operations on data in a very different way than traditional computers. In some cases, the algorithm speedups are extraordinary.

Specifically, a quantum computer using something called Shor's algorithm can efficiently factor numbers, breaking RSA. A variant can break Diffie-Hellman and other discrete log-based cryptosystems, including those that use elliptic curves. This could potentially render all modern public-key algorithms insecure. Before you panic, note that the largest number to date that has been factored by a quantum computer is 143. So while a practical quantum computer is still science fiction, it's not stupid science fiction.

(Note that this is completely different from quantum cryptography, which is a way of passing bits between two parties that relies on physical quantum properties for security. The only thing quantum computation and quantum cryptography have to do with each other is their first words. It is also completely different from the NSA's QUANTUM program, which is its code name for a packet-injection system that works directly in the Internet backbone.)

Practical quantum computation doesn't mean the end of cryptography. There are lesser-known public-key algorithms such as McEliece and lattice-based algorithms that, while less efficient than the ones we use, are currently secure against a quantum computer. And quantum computation only speeds up a brute-force keysearch by a factor of a square root, so any symmetric algorithm can be made secure against a quantum computer by doubling the key length.

We know from the Snowden documents that the NSA is conducting research on both quantum computation and quantum cryptography. It's not a lot of money, and few believe that the NSA has made any real advances in theoretical or applied physics in this area. My guess has been that we'll see a practical quantum computer within 30 to 40 years, but not much sooner than that.

This all means that now is the time to think about what living in a post-quantum world would be like. NIST is doing its part, having hosted a conference on the topic earlier this year. And the NSA announced that it is moving towards quantum-resistant algorithms.

Earlier this week, the NSA's Information Assurance Directorate updated its list of Suite B cryptographic algorithms. It explicitly talked about the threat of quantum computers:

IAD will initiate a transition to quantum resistant algorithms in the not too distant future. Based on experience in deploying Suite B, we have determined to start planning and communicating early about the upcoming transition to quantum resistant algorithms. Our ultimate goal is to provide cost effective security against a potential quantum computer. We are working with partners across the USG, vendors, and standards bodies to ensure there is a clear plan for getting a new suite of algorithms that are developed in an open and transparent manner that will form the foundation of our next Suite of cryptographic algorithms.

Until this new suite is developed and products are available implementing the quantum resistant suite, we will rely on current algorithms. For those partners and vendors that have not yet made the transition to Suite B elliptic curve algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.

Suite B is a family of cryptographic algorithms approved by the NSA. It's all part of the NSA's Cryptographic Modernization Program. Traditionally, NSA algorithms were classified and could only be used in specially built hardware modules. Suite B algorithms are public, and can be used in anything. This is not to say that Suite B algorithms are second class, or breakable by the NSA. They're being used to protect US secrets: "Suite A will be used in applications where Suite B may not be appropriate. Both Suite A and Suite B can be used to protect foreign releasable information, US-Only information, and Sensitive Compartmented Information (SCI)."

The NSA is worried enough about advances in the technology to start transitioning away from algorithms that are vulnerable to a quantum computer. Does this mean that the agency is close to a working prototype in their own classified labs? Unlikely. Does this mean that they envision practical quantum computers sooner than my 30-to-40-year estimate? Certainly.

Unlike most personal and corporate applications, the NSA routinely deals with information it wants kept secret for decades. Even so, we should all follow the NSA's lead and transition our own systems to quantum-resistant algorithms over the next decade or so -- possibly even sooner.

The essay previously appeared on Lawfare.

EDITED TO ADD: The computation that factored 143 also accidentally "factored much larger numbers such as 3599, 11663, and 56153, without the awareness of the authors of that work," which shows how weird this all is.

EDITED TO ADD: Seems that I need to be clearer: I do not stand by my 30-40-year prediction. The NSA is acting like practical quantum computers will exist long before then, and I am deferring to their expertise.

Sociological ImagesRe-racializing the fortune cookie… again

Flashback Friday.

Jenn F. found herself faced with a “Lucky Taco” at the end of her meal at a Mexican restaurant.  It contained the following wisdom: “Paco says, ‘A bird in hand can be very messy.'”

The Lucky Taco is, of course, a “Mexican” version of the Chinese fortune cookie with which most Americans (at least) are familiar. Jenn also sent the link to the company that makes them, the Lucky Cookie Company, and they have two other versions, the Lucky Cannoli and the Lucky Cruncher (meant to be, respectively, version inspired by Italians and the “tribal” [their term, not mine]). Behold:

So this company took the Chinese fortune cookie and re-racialized it…. three times over. Is this is an appropriation of Chinese culture?

Nope.

The fortune cookie isn’t Chinese. As best as can be figured out, it’s Japanese. But, in Japan, the fortune cookie wasn’t and isn’t like it is in the U.S. today. It’s larger and made with a darker batter seasoned with miso (instead of vanilla) and sprinkled with sesame seeds. This is a screenshot from a New York Times video about its history:

This drawing is believed to depict Japanese fortune cookie baking in 1878:

According to the New York Times, it was Japanese-Americans in California who first began making and selling fortune cookies in the ’20s. Many of them, however, served Chinese food. And Chinese-Americans may have picked up on the trend. Then, when the Japanese were forced into internment camps during WWII, Chinese-Americans took over the industry and, voila, the “Chinese fortune cookie.”

So the “Chinese” fortune cookie with which we’re all familiar isn’t Chinese at all and is certainly of American (re-)invention. So, insofar as the Lucky Taco, Lucky Cannoli, and the Lucky Cruncher are offensive — and I’m pretty sure they are — it’ll have to be for some other reason.

Originally posted in 2010.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Google Adsense[Infographic] Hindi content is key to growing an audience in India

Late last year we announced Hindi as the first Indic language supported by AdSense. It means you can earn money by displaying Google AdSense ads on Hindi webpages.

But why does Hindi matter? If you have a large user base in India; or you’re looking to grow in this strategic emerging market; catering your content to Hindi speakers is key. Check out this infographic to learn more:
Keen to start creating? Here are our top five tips for publishing Hindi content online:

1. Create Hindi content that is unique and provides value to your users.
Check out Google Trends in Search and YouTube to see what’s popular in India right now. You can also see a selection of high quality Hindi content from fellow publishers at hindiweb.com.

2. Get a professional translation, or have a native speaker review content.
If you plan to translate your site for Hindi speakers, ensure you provide good quality translations. Avoid auto-translation as it risks a low quality user experience. Read the Webmaster Quality Guidelines to learn more.

3. Be multi-screen and fast-loading.
Delight users with a mobile-friendly site that works well even on low-bandwidth connections. Explore these multi-screen guidelines to get your site ready.

4. Use Devanagari script. 
Access up to 40 free, beautiful fonts for publishing your Hindi content and benefit from better indexing of your site. Select Devanagari script at Google Fonts to add fonts to your collection.

5. Monetize with Google AdSense.
You can use your existing Google AdSense account and create a new ad unit to get started. If you’re new to AdSense, sign up now

We look forward to seeing the content you create in Hindi.





Posted by Amelia Walkley
Marketing Communications Specialist

CryptogramSS7 Phone-Switch Flaw Enabled Surveillance

Interesting:

Remember that vulnerability in the SS7 inter-carrier network that lets hackers and spies track your cellphone virtually anywhere in the world? It's worse than you might have thought. Researchers speaking to Australia's 60 Minutes have demonstrated that it's possible for anyone to intercept phone calls and text messages through that same network. So long as the attackers have access to an SS7 portal, they can forward your conversations to an online recording device and reroute the call to its intended destination. This helps anyone bent on surveillance, of course, but it also means that a well-equipped criminal could grab your verification messages (such as the kind used in two-factor authentication) and use them before you've even seen them.

I wrote about cell phone tracking based on SS7 in Data & Goliath (pp. 2-3):

The US company Verint sells cell phone tracking systems to both corporations and governments worldwide. The company's website says that it's "a global leader in Actionable Intelligence solutions for customer engagement optimization, security intelligence, and fraud, risk and compliance," with clients in "more than 10,000 organizations in over 180 countries." The UK company Cobham sells a system that allows someone to send a "blind" call to a phone--one that doesn't ring, and isn't detectable. The blind call forces the phone to transmit on a certain frequency, allowing the sender to track that phone to within one meter. The company boasts government customers in Algeria, Brunei, Ghana, Pakistan, Saudi Arabia, Singapore, and the United States. Defentek, a company mysteriously registered in Panama, sells a system that can "locate and track any phone number in the world...undetected and unknown by the network, carrier, or the target." It's not an idle boast; telecommunications researcher Tobias Engel demonstrated the same thing at a hacker conference in 2008. Criminals do the same today.

Worse Than FailureError'd: Nil, null, nihilism

"Figures. A suggestion devoid of meaning," writes Blake R..

 

"I guess since I am an Avis First member I am eligible for free upgrades?" wrote Ryan, "Or maybe they are just reminding me that you never really get the class of vehicle you reserve."

 

Gordon writes, "Always bound, maybe, but I sure can't find those keys."

 

Ali B. writes, "What is this? Some kind of code custody dispute?"

 

"I went onto Argos' website but, unfortunately, they didn't have anything that I was looking for," Luke G. wrote.

 

"According to Equifax, I have been building my credit history for a lonnnnnnnng time," Michael P. wrote.

 

"Worst of all, if my name wasn't 'good enough,' I don't even know how long it should be," Quentin G. "I better not pick 'other' else the consequences might be a bit harsh!"

 

"Sorry, Avast, I have to disagree. In fact, I'm pretty sure that I have plenty of time," German E. writes.

 

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Krebs on SecurityStreet Gangs, Tax Fraud and ‘Drop Hoes’

Authorities across the United States this week arrested dozens of gang members who stand accused of making millions of dollars stealing consumer identities in order to file fraudulent tax refund requests with the Internal Revenue Service (IRS). The arrests highlight the dramatic shift in gang activity in recent years from high-risk drug dealing to identity fraud — a far less risky yet equally lucrative crime.

cashgrafAccording to a story last week at CBS in Los Angeles, some 32 members of the so-called Insane Crip gang and their associates were charged with 283 counts of criminal conspiracy, 299 counts of identity theft, 226 counts of grand theft and 58 counts of attempted theft. Together, they are accused of operating a $14.3 million identity theft and tax fraud scheme.

In Elizabeth, N.J., 14 members of a street gang were arrested in a 49-count indictment charging the defendants with a range of “white-collar crimes,” including filing false tax returns and manufacturing fake gift cards to collect thousands of dollars. According to NJ.com, the money from the scams was used to support members of the 111 Neighborhood Crips and to aid other gang members who were in jail or prison.

“All 14 defendants face charges under New Jersey’s Racketeer Influenced and Corrupt Organizations (RICO) statute,” NJ’s Tom Haydon writes. “Defendants allegedly bought stolen identities of real people for use in the preparation of fraudulent W-2 forms. Those forms were used for fraudulent income tax returns filed early in the tax season.”

Tax return fraud costs consumers and the U.S. Treasury more than $6 billion annually, according the U.S. Government Accountability Office. And that number is by all accounts conservative. It should not be a surprise that street gangs are fast becoming the foot soldiers of cybercrime, which very often requires small armies of highly mobile individuals who can fan out across cities to cash out stolen credit cards and cash in on hijacked identities.

Tax fraud has become such an ingrained part of the modern gang culture that there is a growing set list of anthems to the crime — a type of rap music that evokes the Narcocorrido ballads of the Mexican drug cartels in that it glorifies making money from identity theft, credit card fraud and tax return fraud.

DROP HOES

A key component of cashing out tax return fraud involves recruiting unwitting or willing accomplices to receive the fraudulent refunds. Earlier this year, I wrote about Isha Sesay, a Pennsylvania woman who was arrested for receiving phony IRS refunds on behalf of at least two tax fraud victims — including Mike Kasper, the guy who helped expose the IRS’s pervasive authentication weaknesses and later testified to Congress about his ordeal.

Turns out, the sorts of gang members arrested in the above-mentioned crime sweeps have a different nickname for people like Ms. Sesay: Instead of money mules, they’re derisively known as “drop hoes.” In cybercriminal parlance, a “drop” is a person who can be recruited to help forward stolen funds or merchandise on to the criminals, providing a pivotal buffer against the cops for the thieves.

In this Youtube video (not safe for work), a self-styled rapper calling himself “J-Creek” opines about not being able to find enough drop hoes to help him cash out $40,000 in phony tax refund deposits to prepaid debit cards. It’s been a while since I’ve listened to pop music (let alone rap) but I think this work speaks for itself (if rather lewdly).

The artists allegedly responsible for the tax fraud paean, "Drop Hoes."

The artists allegedly responsible for the tax fraud paean, “Drop Hoes.”

Here are a few choice quotes from the song (I cut out much of it, and someone please correct me if I somehow butchered the lyrics here). I think my all-time favorite line is the one about the role of Intuit’s TurboTax: “She got them stacks then went tax on the turbo.”

Without further ado:

“Tax season again
I need a drop hoe bitch
I wanna be your boyfriend”

CHORUS

“I wanna drop hoe
I mean a drop hoe
That’s waitin’ on the debit card to hit the box hoe”

“Shorty gotta a whole crib and a new range
Said her home girl came with a few names
Told me all a nigga need is a laptop
And she gonna show me what to do to make a tax drop”

“Got a check for forty grand she goin’ buy a hummer
Ball hard got it all from playin’ with numbers
Told her when she break me off I’ma buy a crib
And take it straight to the kit to teach her how to whip”

“I ain’t tryna be on trial resident of the state
You think I’m probably going down federal pen
Scared of money stay broke nigga fuck you
And I’ma steal your information on the dub too [W-2]”

“Bitch gimme nuff to fly stay sky high
Man I own a mother fucker on the Wi-Fi
Momma let that money flow cause she got mo
Hey fuck a dime piece bro I want a drop hoe”

CHORUS

“Shorty got big bank with four cars
Say she need an address she got more cards
Wanna be hood rich honey I’ma show you
Told me get a date of birth don’t forget the Social”

“Oh that’s all I gotta do you can bet that
Meet me at the Amscot I need a check cashed
Tryna’ find a drop hoe it ain’t hard
You can look for new rims and a paint job”

“Keep her hair done nails done nice clothes
Curly two strain twists on a micro
More money than you can spend but she get it in
Say she got a boyfriend but he in the pen”

“Thats everybody’s bitch Im’a bite though
I’m the type a nigga give you what you ask fo
Told that bitch I’m comin home like a furlough
She got them stacks then went tax on the turbo”

This is the latest in a series of stories I’ve been writing over the past few years about the growing menace of tax refund fraud. For more in this series, see this link.

By far, my favorite tax return fraudster is Lance Ealy, an Ohio scam artist who went on the lam after being convicted for tax refund fraud, and proceeded to lead U.S. Marshals on a multi-state chase — all the while continuing to file phony tax refund requests in the names of people already in jail (individuals that Ealy compensated by topping up their prison commissary funds).

Planet DebianNorbert Preining: The sins of the past – adding Cyrillic glyphs without renaming fonts

The URW Base35 fonts are a great set of fonts, available for free as in free software. They have been part of various distributions and systems since long time. Big thanks to URW for their work. But these fonts don’t have Cyrillic or Greek glyphs. Be it as it is, world would be easy. People would need to use different fonts for these languages. Comes around someone who did the unthinkable – namely adding the Cyrillic and Greek glyphs to the fonts (by now nothing bad), but then NOT renaming the fonts. Here we see one point of the stupidity of GPL and absolute freedom. Because what we now have is that documents produced several TeX engines (in particular XeTeX and LuaTeX) which use fontconfig to search the fonts, suddenly pick up these changed fonts that fake their identity, and what comes out is this, a complete rubbish:

broken-fonts

And now we are suffering huge pain from that. Look at the bug reports of that are coming in:

  • 796120 xdvipdfmx broken
  • 789391 developers reference fonts broken
  • 787759 fonts broken in dblatex

Just to name a few. And there is a simple way to circumvent this: Don’t install gsfonts which guarantees that fontconfig finds the real original URW fonts within the TeX Live tree first.

I have now spent many hours to track down these problems, find the reason, and at the end of the day there is always gsfonts with its broken fonts with added Cyrillic glyphs. I honestly don’t care about the history, there are now many fonts with Cyrillic and Greek glyphs, there is no need to fake fonts, and incorrectly take over font names.

This should be a lesson to all the GPL zealots that require absolute freedom of each and everything. Unfortunately things don’t work like that. Using AND RENAMING is ok, the Knuth license as I would say, but anything else is just a source of much pain.

End for today, I have to go to work now. Real work instead of fighting sins of the past.

Nothing to enjoy here.

Additional information Just to let you know, before starting a flame war, I have already contacted the upstream developers, that is TeX Live, and explained them the situation. I don’t see much chance for fixing, since the problem is with fonts without upstream and support, which are probably only used in Debian (I haven’t seen them anywhere else but some mentioning in RH), and which are not officially supported or distributed. It really needs a nice developer to look into why this breakage appeared. Let us hope. And instead of flaming, anyone here is invited to dig into the code him/herself and search for changes.

Additional information 2015-08-22 Just to back up my complaints and counteract several of the comments: I am quoting from an email of a colleague on the list where we are discussing the problem:

However, the fonts extended by Valek Filippov are quite problematic. The Type1 spec clearly requires that there may not exist two different fonts with the same /FontName. The modified fonts shipped with Ghostscript have the same /FontName as the original fonts donated by URW and not even the /UniqueID was changed. IMO they are broken because they don’t comply with the Type1 specification.

I hope that convinced also the last in doubt.

,

Planet DebianAxel Beckert: German-written Debian Package Management Book

Thursday was our big day: After more than 2.5 years of working in the hidden, ups and downs, Frank Hofmann and myself were able to announce the availability of our book project Debian Package Management under a free license (Creative Commons Attribution ShareAlike 4.0 International License, short “CC BY-SA 4.0”) during a Lightning Talk at DebConf15 in Heidelberg.

This became possible because we found Onyx Neon, a publishing company which is specialised on books with contents under free licenses. Its founder does not only have a faible for Perl but also for Debian. (Since the question already came up: We also thought about self-publishing, e.g. via Lulu or Epubli — and it would have been our fallback solution —, but we prefer the professionalism and services of a real publisher. I’m though happy to share what I found out about self-publishing in the past few months.)

The source code of the book is written in the AsciiDoc format and available on GitHub.

The book is still work in progress. But if you want, you can already build an e-book out of the publically available source code:

sudo apt-get install asciidoc dblatex git
git clone git://github.com/dpmb/dpmb.git
cd dpmb
make

(Works fine on Debian 7 Wheezy, Debian 8 Jessie and Ubuntu 14.04 LTS Trusty. Does not work on Ubuntu 12.04 LTS Precise.)

If you find an error in the book, please file an issue on GitHub. If you also know how to fix the error, please for the Git repository on GitHub, fix the error in your Git repository and file a pull request. (The first pull request already happenend and has been applied.)

Initially there will be only a German written issue as e-book (at least in HTML, PDF and EPUB formats, maybe also KF8/MOBI and EPUB3) and at some point in the future also as printed book at Onyx Neon. But we’re also planning a translation to English as well as a Debian package.

If your want to get informed when we publish a printed book, a translation or an official e-book release, please subscribe to one of our mailing lists: There’s one in German and one in English.

Planet DebianSune Vuorela: Debconf 2015 – 7

The other day, the main talk was “Lets encrypt”, today it was “Let’s reproduce”

Cory DoctorowGuardian column: Ulysses pacts and spying hacks: warrant canaries and binary transparency


As the world’s governments exercise exciting new gag-order snooping warrants that companies can never, ever talk about, companies are trying out a variety of “Ulysses pacts” that automatically disclose secret spying orders, putting them out of business.

A “Ulysses pact” is a negotiating tactic in which one party voluntarily surrenders some freedom of action, named for the story of Ulysses ordering his men to tie him to the mast of his ship so that he couldn’t jump into the sea when he heard the sirens’ song. For example, a union leader heading into a negotiation might promise to resign rather than take a pay cut, making pay-cut demands useless (because if she acceded to such a demand, she’d have to resign before she could formalize the agreement).

In the world of secret spying orders, companies use “warrant canaries” as a kind of dead man’s switch: at regular intervals, they publish a transparency report with statistics for each kind of government request they’ve received, including “Secret spying orders: 0.” After receiving their first secret spying order, they stop publishing that line altogether. If the company sells its service as privacy-oriented, this is, effectively, suicide: the service’s users quit using it, and the spies have nothing.

But it’s a weak kind of Ulysses pact, because a CEO contemplating suicide-by-canary might just decide that one teensy lie isn’t such a big deal after all — and if spy agencies believe that this is the case, they’ll have every reason to use secret warrants, forcing the issue.

But technology gives us a new, stronger kind of Ulysses pact, one that takes the choice out of management’s hands — a self-enforcing self-destruct button, which has the potential to make some secret warrants totally useless: binary transparency.

There’s another kind of secret spying: malware implantation. This is when a government body orders a company to send some of its customers a software update that includes a backdoor. For example, the Saudi government once convinced Research in Motion to backdoor Blackberry devices within its borders. In May, 2014, the anonymously maintained Truecrypt project mysteriously shut down, leaving behind a cryptic note (possibly with a Dan-Brown-esque secret message in it). Many believe that they shut down in response to a government demand to weaken some or all of the Truecrypt programs in the wild.

In the case of programs that run on user’s computers there’s “binary transparency.” When a program with binary transparency receives an update, it computes that update’s “hash” (a mathematical fingerprint) and sends it to a server maintained by a disinterested third party. It also checks the hashes of all the other updates that have been received by all the other versions of the program that have checked in. If it sees that it has got a special update, it refuses to install it and alerts the user.

This is much stronger, more effective Ulysses pact. If a spy agency knows that any attempt to implant malware on a user’s computer through a software update will both fail and raise an alarm, there is absolutely no reason even to try.

‘Warrant canaries': a subtle hint that your email provider is compromised [The Guardian]

(Image: Herbert James Draper – Ulysses and the Sirens (1910), public domain)

Sociological Images“I don’t see color; I love diversity”: College students’ conflicting race frames

Despite popular notions that the U.S. is now “post-racial,” numerous recent events (such as the Rachel Dolezal kerfuffle and the Emmanuel AME Church shooting) have clearly showcased how race and racism continue to play a central role in the functioning of contemporary American society. But why is it that public rhetoric is at such odds with social reality?

A qualitative study by sociologists Natasha Warikoo and Janine de Novais provides insights. By conducting interviews with 47 white students at two elite universities, they explore the “lenses through which individuals understand the role of race in society.” Described as race frames, Warikoo and de Novais articulate two ways in which their respondents rely on particular cultural frames in making sense of race and race relations.

  • The color-blind frame: the U.S. is now a “post-racial” society where race has little social meaning or consequence.
  • The diversity frame: race is a “positive cultural identity” and the incorporation of a multitude of perspectives (also referred to as multiculturalism) is beneficial to all those involved.

Integral to Warikoo and de Novais’ study is the finding that about half of their student respondents simultaneously house both the color-blind and diversity frames. Of 24 students who held a color-blind frame, 23 also promoted a diversity frame. Warikoo and de Novais explain this discursive discordance as a product of the environments in which respondents reside: a pre-college environment where race is typically de-emphasized and a college environment that amplifies the importance of diversity and multiculturalism.

Importantly, Warikoo and de Novais argue that the salience of these two co-occurring race frames is significant not only because of their seeming contradictions, but because they share conceptions of race that largely ignore a structural frame: the idea that social structures are an important source of racism and racial inequality in the U.S. Ultimately, Warikoo and de Novais’ findings illustrate the general ambivalence that their white respondents share about race and race-based issues — undoubtedly reflective of the discrepancies concerning race in broader society.

Cross-posted at Discoveries.

Stephen Suh is a PhD candidate in Sociology at the University of Minnesota and a graduate board member at The Society Pages. His dissertation research examines the growing global trend of ethnic return migration through the perspectives of Korean Americans.

(View original at http://thesocietypages.org/socimages)

CryptogramNo-Fly List Uses Predictive Assessments

The US government has admitted that it uses predictive assessments to put people on the no-fly list:

In a little-noticed filing before an Oregon federal judge, the US Justice Department and the FBI conceded that stopping US and other citizens from travelling on airplanes is a matter of "predictive assessments about potential threats," the government asserted in May.

"By its very nature, identifying individuals who 'may be a threat to civil aviation or national security' is a predictive judgment intended to prevent future acts of terrorism in an uncertain context," Justice Department officials Benjamin C Mizer and Anthony J Coppolino told the court on 28 May.

"Judgments concerning such potential threats to aviation and national security call upon the unique prerogatives of the Executive in assessing such threats."

It is believed to be the government's most direct acknowledgement to date that people are not allowed to fly because of what the government believes they might do and not what they have already done.

When you have a secret process that can judge and penalize people without due process or oversight, this is the kind of thing that happens.

Worse Than FailureThorough Monitoring

City tv control room Doors Open Toronto 2012 (1)

Mr. Reynholm took great pride in his technical knowledge. Of course, as is often the case with CEOs and self-appointed CTOs of technology startups, that didn't necessarily mean he possessed any in the first place. But what Mr. Reynholm lacked in skills, he made up for in charisma. His designer suit, Brilliantine-laden hair, and the ability to turn a reading of El Reg with a thesaurus into a business pitch kept the company afloat despite the lack of any real product to speak of.

And as Jenny sat behind her ebony desk in Reynholm CorpoTech's office, reminiscing about her "technical" interview from two weeks ago, she thought that maybe she shouldn't have been that eager to accept her first real job offer from Mr. Reynholm's hands.

Suddenly, the loud ding of an Outlook notification snapped her out of her thoughts.

"Hey, Rob," she asked a young guy sitting to her right, "what's a, um ... Technical Meet-Up With Mr. Reynholm? Do I need to attend?"

"What, again?" Rob sighed, checking his email. "Aw, no. Aww, Jesus. And it's this afternoon?"

"Let me guess, it's not a fun ride?" Jenny asked.

"Well, that depends on how much you value your sanity," Rob said. "Think 30 minutes of buzzword bingo plus 30 minutes of Star Trek-grade technobabble, blended together to give you an hour of absolute common sense violation."

"Yikes. Can I—?"

"No, you have to be there," Rob interrupted her. "But hey, there's always pizza afterwards. It's from some really good place, too: Mario's Pizza, or something like that."

Jenny decided to bite the bullet. After all, meetings were part of a professional programmer's job. Numbing her brain for an hour couldn't be that hard.


The shiny, high-tech meeting room easily hosted all the company's coders. While most of them eyed the side door, hoping for the pizza guy to show up, Jenny focused on a large, strange object in front of the speaker's podium, covered with a bedsheet.

"What do you think that is?" she poked one of her colleagues.

“No idea," he said, trying to hide a yawn. "Probably some marketing gadget. Trust me, there's no way it's something interes—"

"AHEM! Let's start, shall we?"

The lights in the room cut off as Mr. Reynholm entered the stage, silencing everyone.

"So! Developers! Developers, developers, developers, as one Steve Ballmer used to say. The best of the best, crème de la crème, the relentless force of progress! Do you know why I gathered you here?"

Nobody raised a hand. Well, Jenny thought, it's not like you bothered to include an agenda...

"You see, here at Reynholm CorpoTech, our mission is to bring technology to everyone. It doesn't matter who or where you are. If you want to take this journey with us, we're waiting for you with arms wide open. For you see, I had a dream, and in that dream I was a poor child living on the streets..."

As much as Jenny tried to stay professional, her attention frequently wandered away from the speech.

"...and by making our company webpage viewable from even low-budget devices, we'll make our userbase as inclusive as possible. Which brings me to today's topic: responsive web design! You see, content is like water..."

The audience's collective grimace told Jenny it was okay to let go. A lot of words were being said, but none were worth listening to.


A half-hour later, the lights cut back on, startling everyone awake just as Mr. Reynholm approached the sheet-covered contraption.

"And now, I present to you ... The Responsive Testing Workbench!" He pulled away the sheet and let it drift to the floor.

Jenny blinked, then blinked again. The revealed table housed a great-looking PC tower, an ergonomic keyboard and mouse ... and six monitors of different sizes, from a huge 4K to a tiny fourteen-inch CRT hooked to a converter.

"With this setup, we'll be able to see how our website fits on any screen," Mr. Reynholm explained triumphantly. "Tiny ones, huge ones, we're prepared for anything! And I see we already have questions! Jenny, wasn't it?"

Jenny nodded, her raised hand still in the air. "Um, do we need all those screens? Can't we just test the website at different resolutions?"

Everyone was looking at her now—some with a smirk, others with genuine compassion in their eyes.

Mr. Reynholm didn't miss a beat. "Of course we could, and we will, but that's not the point! You see, when you browse the website on this huge screen, the fonts and images are bigger. On a small screen, they're smaller. So we need these monitors to see the website through our all our users' eyes. Understood?"

"But ... but ..." Jenny was about to object, but the first lesson in being a successful employee dawned on her. Sometimes it's better to let your opponent win. "I guess you're right. Sorry."

"Now now, no need to apologize, we're all here to learn! Now, back to the Workbench ..."


Months passed slowly at Reynholm CorpoTech. With two top-tier graphic cards, an overclocked processor, and open administrator account, the Workbench found its true purpose as a great time-wasting device. As for Jenny, she gained confidence and bonded with her team, but as the torrent of venture capital slowed to a trickle with no projects past the planning stage, she found herself looking for greener pastures.

Eventually, she ended up in front of Mr. Reynholm's office door.

"Oh, Jenny! Come on in,” he waved her inside. "By the way, have you seen any 14-inch monitors around here? I want to check the website at that size, but the Workbench is busy."

"No, I don't think we have any," Jenny said. "Can I show you a little trick, though?"

"Oh, I love learning new things! Come on, I'm all ears!" He shoved away from his PC, offering her control of the keyboard and mouse.

Jenny found the resolution settings and scaled them down to 1024x768.

Mr. Reynholm marveled at the results. "Now that's clever! That means I can finally test the website from my own office! It's nice to have all you geeks around to teach an old man new tricks."

"I hope you can make do with one less," Jenny said, handing Mr. Reynholm the envelope with her two-week notice. "I'm sorry. It was great working here, but I guess … I guess sometimes you need to look at things from several perspectives."

<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script> <style>code { font-family: Consolas, monospace; }</style>
[Advertisement] Scout is the best way to monitor your critical server infrastructure. With over 90 open source plugins, robust alerting, beautiful dashboards and a 5 minute install - Scout saves youvaluable engineering time. Try the server monitoring you'll 👍 today.Your first 30 days are free on us. Learn more at Scout.

Planet DebianRaphael Geissert: Call for release goal: package reconsideration

Based on a discussion around breakfast, and encouraged by the people at the table, I hereby call for a new release goal (or challenge, whatever you prefer to call it):


Every package maintainer should remove one of their packages from the archive.


It's dead simple. It is acceptable to adopt a package to replace the one that has been removed, or to add a new one to the archive.
For tracking purposes please include "for RG" (release goal) in the removal request to ftp.debian.org.


And how about a debconf challenge? how about filing over 100 removal requests before the end of Debconf 15 on Saturday night? blog about it, dent/twit about it, spam IRC about it!


The idea came up after discussing about how us as package maintainers refuse to remove our obsolete or unused packages. So yes, that may also include the very first package that you got into the archive.


Sad news, good news.

Planet DebianSimon Kainz: vim in Heidelberg

Following the tradition of Love Locks, apparently there is someone really in love with vim in Heidelberg!

Valerie

Found at the Old Bridge in Heidelberg during DebConf15.

Planet DebianSune Vuorela: Debconf 2015 – 6

There is more people with blue hair at Debconf than at an average Akademy. KDE – we need to do better :)

Planet DebianNorbert Preining: Introduction to CafeOBJ in English and Japanese

Thanks to Takahiro Seino we are now having a gentle introduction to CafeOBJ for beginners, in both English and Japanese, available. Please head over to the CafeOBJ web site for details, or jump directly to the English or Japanese version.

cafeobj-logo

We are also preparing for a new release with largely improved CITP support and better term inspection. Stay tuned.

,

TEDLawrence Lessig explores a run for president, around one powerful idea

Lawrence-Lessig-TED-Talk-CTA

Lawrence Lessig may be running for President of the United States. But he isn’t looking to big donors to fund his exploratory campaign.

Rather than do the usual candidate song and dance of courting wealthy donors and corporations, Lessig is using the Kickstarter method for his campaign. He’s collecting small donations from individuals through his website, LessigforPresident.com. If he raises $1 million by Labor Day, he’ll run. If he doesn’t, he won’t (and will return the contributions).

This fundraising method is key, as he’s focusing on one issue: campaign finance reform. It’s the idea he spoke passionately about in his TED Talk, “We the People, and the Republic we must reclaim”: Because the American electoral system requires candidates to raise a huge amounts of money — from a slim percentage of citizens — politicians are beholden to donors, and not to the people. This representative democracy is intrinsically broken, he says.

“Maybe about .05% of the US population are relevant funders of campaigns … You spend 30 to 70% of your time calling these funders,” Lessig told CNN on Tuesday after announcing his campaign. “It develops in you a sixth sense, a constant awareness, of how what you do will affect your ability to raise money.”

Lessig, who created Creative Commons and his given four TED Talks, would have one goal as president: pass The Citizen Equality Act of 2017. It’s a piece of legislation designed to make all citizens equal in elections — to reform how campaigns are financed, to end gerrymandering and to make election days a national holiday so more people can vote. He would stay in office however long it takes to pass this bill. Then, he’d step down and let his vice president take over.

His point: the way elections are funded isn’t “just a detail,” but an essential, foundational issue.

“If you’re a Republican and you want to simplify the tax code, there’s no way to simplify tax code as long as this is the way we want to fund campaigns,” he said to CNN. “If you’re a Democrat and you want climate change legislation or real healthcare reform, there’s no way to get those reforms until you change the way you fund elections.”

Lessig tells the TED Blog that when he gave his barn-burner talk at TED2013, he never expected to run for office himself. But he couldn’t let the election season pass by. “This is an incredible moment. There’s a huge focus from both Republicans and Democrats. I wanted to use this opportunity to make some progress. I’m hopeful to leverage the attention,” he said. “If this isn’t resolved now, it’s going to become normal and it will be almost impossible to change.”

Since he announced his exploratory campaign Tuesday, he’s received $181,569 in donations from 2,191 donors — and has 26 days left to fundraise.

“It’s actually been received more positively than I was expecting,” he said. “I thought there’d be a lot more organized anger by people committed to other candidates, but it turns out that people who aren’t really committed to anyone are very excited. That makes me optimistic.”

The one thing that would lead him to drop his campaign? If another candidate picks up The Citizen Equality Act.

“This campaign is not about a person, it’s about a principle,” he said.


Planet DebianPetter Reinholdtsen: In my hand, a pocket book edition of the Norwegian Free Culture book!

Today, finally, my first printed draft edition of the Norwegian translation of Free Culture I have been working on for the last few years arrived in the mail. I had to fake a cover to get the interior printed, and the exterior of the book look awful, but that is irrelevant at this point. I asked for a printed pocket book version to get an idea about the font sizes and paper format as well as how good the figures and images look in print, but also to test what the pocket book version would look like. After receiving the 500 page pocket book, it became obvious to me that that pocket book size is too small for this book. I believe the book is too thick, and several tables and figures do not look good in the size they get with that small page sizes. I believe I will go with the 5.5x8.5 inch size instead. A surprise discovery from the paper version was how bad the URLs look in print. They are very hard to read in the colophon page. The URLs are red in the PDF, but light gray on paper. I need to change the color of links somehow to look better. But there is a printed book in my hand, and it feels great. :)

Now I only need to fix the cover, wrap up the postscript with the store behind the book, and collect the last corrections from the proof readers before the book is ready for proper printing. Cover artists willing to work for free and create a Creative Commons licensed vector file looking similar to the original is most welcome, as my skills as a graphics designer are mostly missing.

Planet DebianAndrew Cater

Poetry for Debconf15 poetry night

Debian's reached the age of 22
I wish I could be there with you
In Heidelberg, fair German city
To share, in person, this my ditty

Rhonda's worked hard - the work is done
With poems now begins the fun
While others play cards or hack new code
Or dream of running down the road

Free software, arguments, warmth, good cheer
Too soon all over 'til next year
 All of the best are there / on 'Net
Here's hope that it's the best Debconf yet



Planet DebianAigars Mahinovs: Poetry night - Space

A bi-lingual poem created on inspiration from Debconf15 and in honor of Debconf Poetry Night by Rhonda

Du ...

Du hast ...

Du hast apt ...

Du hast apt gebrochen!

Reconsider your disk usage,

And APT might work again.

(as usual - licenced as CC-BY V3+ or GPLv2+)

CryptogramNasty Cisco Attack

This is serious:

Cisco Systems officials are warning customers of a series of attacks that completely hijack critical networking gear by swapping out the valid ROMMON firmware image with one that's been maliciously altered.

The attackers use valid administrator credentials, an indication the attacks are being carried out either by insiders or people who have otherwise managed to get hold of the highly sensitive passwords required to update and make changes to the Cisco hardware. Short for ROM Monitor, ROMMON is the means for booting Cisco's IOS operating system. Administrators use it to perform a variety of configuration tasks, including recovering lost passwords, downloading software, or in some cases running the router itself.

There's no indication of who is doing these attacks, but it's exactly the sort of thing you'd expect out of a government attacker. Regardless of which government initially discovered this, assume that they're all exploiting it by now -- and will continue to do so until it's fixed.

Rondam RamblingsAnd the award for the most ironic statement goes to...

...an unnamed individual, self-identified as "Eagle One", who was defending a "Muslim-free" gun range: I will fight to the death for someone’s right to practice whatever religion they want to. I’m not here because of that. I’m here because when people start resorting to violence, we can’t allow that.” [emphasis added] The amount of self-unawareness it takes to say something like that while

Sociological ImagesParsing American attitudes toward climate change

Who believes that the climate is changing? Researchers at Yale’s Project on Climate Change Communication asked 13,000 people and they found some pretty interesting stuff. First, they found that there was a great deal of disagreement, identifying six types:

  • The Alarmed (18%) – believe climate change is happening, have already changed their behavior, and are ready to get out there and try to save the world
  • The Concerned (33%) – believe it’s happening, but think it’s far off or isn’t going to affect them personally
  • The Cautious (19%) – aren’t sure if it’s happening or not and are also unsure whether it’s human caused
  • The Disengaged (12%) –  have heard the phrase “climate change,” but couldn’t tell you the first thing about it
  • The Doubtful (11%) – are skeptical that it’s happening and, if it is, they don’t think it’s a problem and don’t think it’s human caused
  • The Dismissive (7%) – do not believe in it, think it’s a hoax

As you might imagine, attitudes about climate change vary significantly by state and county. You can see all the data at their interactive map. Here are some of the findings I thought were interesting.

More Americans think that climate change is happening (left) than think it’s human caused (right); bluer = more skeptical, redder = more believing:

2

Even among people who say that they personally believe in climate change (left, same as above), there are many who think that there is no scientific consensus (right) suggesting that the campaign to misrepresent scientific opinion by covering “both sides” was successful:

10

People are somewhat worried about climate change (left), but very, very few think that it’s going to harm them personally (right):

11

Even though people are lukewarm on whether it’s happening, whether it’s human-caused, and whether it’s going to do any harm, there’s a lot of support for doing something about it. Support for regulating CO2 (left) and support for funding research on renewable energy (right):

12

Take a closer look yourself and explore more questions at the map or read more at the Scholars Strategy Network. And thanks to the people at Yale funding and doing this important work.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

CryptogramAVA: A Social Engineering Vulnerability Scanner

This is interesting:

First, it integrates with corporate directories such as Active Directory and social media sites like LinkedIn to map the connections between employees, as well as important outside contacts. Bell calls this the "real org chart." Hackers can use such information to choose people they ought to impersonate while trying to scam employees.

From there, AVA users can craft custom phishing campaigns, both in email and Twitter, to see how employees respond. Finally, and most importantly, it helps organizations track the results of these campaigns. You could use AVA to evaluate the effectiveness of two different security training programs, see which employees need more training, or find places where additional security is needed.

Of course, the problem is that both good guys and bad guys can use this tool. Which makes it like pretty much every other vulnerability scanner.

Worse Than FailureBring Your Own Code: The Lucky Deuce: In the Cards

Two weeks back, we introduced the Lucky Deuce casino contest. This is a series of challenges, brought to you by our pals over at Infragistics, where we call on you to help us build a “scoundrel’s casino”.

Last Week, you were again given some vague requirements, this time for building a broken slot machine. Once again, we had some seriously great submissions. Like last week, I’ve rehosted the winning code here.

Honorable Mentions

We didn’t get quite as many submissions this time around, but while folks didn’t quite top themselves for quantity, we still got some serious quality.

First, we have to give credit to Alexander, who delivered his submission in APL. That’s a clever solution for making certain your code is obfuscated enough that nobody will detect your cheat.

slot←{3↑⌽({⍵⊃⍨?⍴⍵}(⍳⍴⍵),(,⍵ ⍵⍴⍳⍵)~first),({⍵⊃⍨?⍴⍵}(⍳⍵),100⍴first),first←(?⍵)/⍨1+∧/&apos1&apos=⍕100⊥3↑3↓⎕TS}

This checks the time, and if it is only 1s with leading zeros (e.g, 01:11:11), guarantees a win. For that effort, we just have to award Alexander the I Broke My Keyboard prize.

Much like Josip’s “realistically bad” approach (see below), Alex K (what’s with all the Alexes?) uses a single line of incompetence to cover up his skullduggery. Most of his methods start with a signature that looks like this:

def playSlots():
    global a
    global b
    global c

    … actual code

That global keyword is how Python recognizes that Alex is using global variables, and not trying to declare local copies.

His main application loop, is the extra piece of icing on the cake.

while True:
    s = raw_input()
    if (s == &apostest&apos):
        # Warning! self-test is blocking, UI may become unresponsive
        selfTest()
    elif (s == &aposquit&apos):
        sys.exit(0)
    else:
        # Actual slots round is on a second thread, to not block your UI
        t = threading.Thread(target=playSlots)
        t.start()

That’s right- it spawns a thread that is never joined, to “not block your UI”, which means race conditions ahoy! This still requires a fair bit of luck for you to win, but it’s such a simple, easily avoided bug- that’s also easy to make. Bonus points for having a “test” mode, which “proves” that the application behaves as intended.

Great work, and I assume you decided to use threads because Bruce said so, which means you win the Bruce Said So award this week.

There were so many other great submissions- there was one that used the position of the window to emulate “tilting” a mechanical slot machine, another that essentially portscanned a target server to decide how to generate random numbers, and of course the requisite avalanche of “secret code” cheats. And they were all great, but for this week…

The Winner

Josip’s solution was to generate the first and second numbers more or less the way you’d expect- by pulling out random numbers. But for safety, or security, or for some unfathomable reason, after drawing the first number, a file containing a pile of random data is written out. When it comes time to generate the third number, that file is read back in and used to pick it. And that’s where Josip has a clever cheat:

    try
    {
        using (TextReader reader = new StreamReader(path))
        {
            // First, read all digits into one string
            string s = reader.ReadToEnd();

            // The, take out a number from that giant string
            int numberOfDigits = (int)(Math.Log10(maxNumber));
            int offset = r.Next(s.Length - numberOfDigits);
            string num = s.Substring(offset, numberOfDigits);

            // Finally, convert string to integer to show on the slot machine
            number = int.Parse(num);
        }
    }
    catch (Exception)
    {
        // Who needs exception handling in a slot machine. It will work juuuust fine...
    }

What I love about this one is how realistically bad it is. Dropping exceptions, using the same variable to represent every number as it’s drawn- this feels exactly like what you’d get if you hired a gutter-dwelling programmer to do your greymarket gambling system. Congratulations Josip, I’m not even sure if that code is bad on purpose.

Congrats to all our winners this week. For next week…

The Lucky Deuce: In the Cards

The last thing you remember was ordering a drink at the Palais Royale. The ironically named joint was the kind of dive that just used plywood on sawhorses as its bar. Somebody must have slipped you a mickey, because you come to tied to a chair, in a dusty garage, lit only by a bare incandescent bulb and the dim glowing ember of a cigarette clutched in red lips.

Dead man's hand

Your captor leans into the light. Her face is lean and hungry, her eyes are desparate. It reminds you of what you see in the mirror every morning. “I’ve finally caught up with you,” she says.

“W-who are you?” you slur out.

She shakes her head. “No names. I know you’re the programmer that’s been slipping bugs into the Lucky Deuce, and that’s all you need to know about me. But I’ve got a new set of requirements, and this time- you’re gonna give me your secret.”

She places a laptop on the table in front of you, and you can see an email inbox with a lone message- the latest set of requirements. That’s when you realize, this woman must be one of the other contract programmers who works for the Lucky Deuce. But if she saw the bugs, and she found you- the Lucky Deuce might know what’s up too.

Your stomach bottoms out, even as you try and bluster. “Why should I?”

The woman comes further into the light, and you can see her hand holds a Colt 1911 pistol. “Now, now, let’s not make it hard. You don’t want this to be hard.”

Glumly, you look at the requirements. Once again, leave it to the Lucky Deuce to invent a new variation on gambling that is borderline nonsense. “Playing poker with one deck of cards,” they write, “is full of card countings. We want there to be made a poker game that uses 5 decks of cards.”

Specifically, they want a module that generates up to 5, 5-card hands, by drawing from 5 decks of cards. They’re calling it “555”, the clever branding devils that they are. Of course, your captor wants you to sneak a backdoor in, but honestly, you’re not really all that inclined to help her. This time, you really want to make sure anybody who uses the backdoor gets caught, but whatever you put in for your backdoor has to at least fool her- another programmer as smart as you are. If you screw it up, you might find yourself staring down the wrong end of that pistol.

Entering & Judging

To enter, send an email to byoc15@worsethanfailure.com with a link or attachment of your code. In the body of the email, explain how your cheat works and what we need to do to run your code. You can use any language you like, but we have to be able to run it with minimal setup.

You don’t need to build a GUI, but if you do, and you do it using tools from Infragistics, we'll send you a free license (one per entrant, supplies limited). Consider this your Infragistics bonus.

Assume we have access to stock Windows, Linux and OSX instances, if we need to run your software locally. You could target MUMPS running on a mainframe, but we can't run it, and you probably won't win. You must get your submission in before 11:59PM Eastern Time, Sunday the 23rd of August to be eligible for judging. We'll announce the winners next Wednesday, along with the next leg of the contest!

The overall winner will be chosen by how interesting and fun we think their solution and cheat is.

Thanks to Infragistics for making this possible.

Infragistics

A worldwide leader in user experience, Infragistics helps developers build amazing applications. More than a million developers trust Infragistics for enterprise-ready user interface toolsets that deliver high-performance applications for Web, Windows and mobile applications. Their Indigo Studio is a design tool for rapid, interactive prototyping.

<link href="http://thedailywtf.com/images/highlight/styles/github.css" rel="stylesheet"/>
<script src="http://thedailywtf.com/images/highlight/highlight.pack.js"></script>
<script>hljs.initHighlightingOnLoad();</script>

[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet DebianPatrick Schoenfeld: aptituz/ssh 2.3.2 published

I’ve just uploaded an update version of  my puppet ssh module to the forge.

The module aims at being a generic module to manage of ssh server and clients, including key generation and known_hosts management. It provides a mechanism to generate and deploy ssh keys without the need of storeconfig or PuppetDB but a server-side cache instead. This is neat, if you want to remain ssh keys during a reprovisioning of a host.

Updates

The update is mostly to push out some patches I’ve received from contributors via pull requests in the last few months. It adds:

  • Support for the AllowUsers, AllowGroups and DenyUsers aswell as DenyGroups parameters in the default sshd_config template. Thanks to cachaldora  for the patches.
  • Support for multiple ports in the default sshd template. Thanks to Arnd Hannemann for that patch.
  • Fixes in the template for it to work with newer puppet versions. Untested by me, but this probably fixes compatibility with puppet 4. For that contribution my thanks go to Daine Danielson.Apart from this changes I’ve added a couple of beaker tests.If the module is of any use for you, I’d be happy for ratings at puppetforge. The same is true for critical feedback, bug reports or (even better :) pull requests.

Planet DebianRussell Coker: The Purpose of a Code of Conduct

On a private mailing list there have been some recent discussions about a Code of Conduct which demonstrate some great misunderstandings. The misunderstandings don’t seem particular to that list so it’s worthy of a blog post. Also people tend to think more about what they do when their actions will be exposed to a wider audience so hopefully people who read this post will think before they respond.

Jokes

The first discussion concerned the issue of making “jokes”. When dealing with the treatment of other people (particularly minority groups) the issue of “jokes” is a common one. It’s fairly common for people in positions of power to make “jokes” about people with less power and then complain if someone disapproves. The more extreme examples of this concern hate words which are strongly associated with violence, one of the most common is a word used to describe gay men which has often been associated with significant violence and murder. Men who are straight and who conform to the stereotypes of straight men don’t have much to fear from that word while men who aren’t straight will associate it with a death threat and tend not to find any amusement in it.

Most minority groups have words that are known to be associated with hate crimes. When such words are used they usually send a signal that the minority groups in question aren’t welcome. The exception is when the words are used by other members of the group in question. For example if I was walking past a biker bar and heard someone call out “geek” or “nerd” I would be a little nervous (even though geeks/nerds have faced much less violence than most minority groups). But at a Linux conference my reaction would be very different. As a general rule you shouldn’t use any word that has a history of being used to attack any minority group other than one that you are a member of, so black rappers get to use a word that was historically used by white slave-owners but because I’m white I don’t get to sing along to their music. As an aside we had a discussion about such rap lyrics on the Linux Users of Victoria mailing list some time ago, hopefully most people think I’m stating the obvious here but some people need a clear explanation.

One thing that people should consider “jokes” is the issue of punching-down vs punching-up [1] (there are many posts about this topic, I linked to the first Google hit which seems quite good). The basic concept is that making jokes about more powerful people or organisations is brave while making “jokes” about less powerful people is cowardly and serves to continue the exclusion of marginalised people. When I raised this issue in the mailing list discussion a group of men immediately complained that they might be bullied by lots of less powerful people making jokes about them. One problem here is that powerful people tend to be very thin skinned due to the fact that people are usually nice to them. While the imaginary scenario of less powerful people making jokes about rich white men might be unpleasant if it happened in person, it wouldn’t compare to the experience of less powerful people who are the target of repeated “jokes” in addition to all manner of other bad treatment. Another problem is that the impact of a joke depends on the power of the person who makes it, EG if your boss makes a “joke” about you then you have to work on your CV, if a colleague or subordinate makes a joke then you can often ignore it.

Who does a Code of Conduct Protect

One member of the mailing list wrote a long and very earnest message about his belief that the CoC was designed to protect him from off-topic discussions. He analysed the results of a CoC on that basis and determined that it had failed due to the number of off-topic messages on the mailing lists he subscribes to. Being so self-centered is strongly correlated with being in a position of power, he seems to sincerely believe that everything should be about him, that he is entitled to all manner of protection and that any rule which doesn’t protect him is worthless.

I believe that the purpose of all laws and regulations should be to protect those who are less powerful, the more powerful people can usually protect themselves. The benefit that powerful people receive from being part of a system that is based on rules is that organisations (clubs, societies, companies, governments, etc) can become larger and achieve greater things if people can trust in the system. When minority groups are discouraged from contributing and when people need to be concerned about protecting themselves from attack the scope of an organisation is reduced. When there is a certain minimum standard of treatment that people can expect then they will be more willing to contribute and more able to concentrate on their contributions when they don’t expect to be attacked.

The Public Interest

When an organisation declares itself to be acting in the public interest (EG by including “Public Interest” in the name of the organisation) I think that we should expect even better treatment of minority groups. One might argue that a corporation should protect members of minority groups for the sole purpose of making more money (it has been proven that more diverse groups produce better quality work). But an organisation that’s in the “Public Interest” should be expected to go way beyond that and protect members of minority groups as a matter of principle.

When an organisation is declared to be operating in the “Public Interest” I believe that anyone who’s so unable to control their bigotry that they can’t refrain from being bigoted on the mailing lists should not be a member.

Kelvin ThomsonGarfield Barwick=Liberal

Garfield Barwick was a Liberal MP, then a Liberal Government Attorney-General and Minister for External Affairs. He was appointed to the High Court by a Liberal Government, where he proved controversial, ruling in favour of tax avoiders and giving under the radar advice to John Kerr which was highly prejudicial to the Whitlam Government. His autobiography was titled “A Radical Tory”!<o:p></o:p>

So when you get invited to give a “Garfield Barwick” Lecture, you don’t need the forensic skills or analytical ability of a High Court judge to suspect that the Lecture might be a Liberal Party show. Dyson Heydon’s position as Royal Commissioner is untenable and he should resign from it.<o:p></o:p>

Krebs on SecurityWas the Ashley Madison Database Leaked?

Many news sites and blogs are reporting that the data stolen last month from 37 million users of AshleyMadison.com — a site that facilitates cheating and extramarital affairs — has finally been posted online for the world to see. In the past 48 hours, several huge dumps of data claiming to be the actual AshleyMadison database have turned up online. But there are precious few details in them that would allow one to verify these claims, and the company itself says it so far sees no indication that the files are legitimate.

Update, 11:52 p.m. ET: I’ve now spoken with three vouched sources who all have reported finding their information and last four digits of their credit card numbers in the leaked database. Also, it occurs to me that it’s been almost exactly 30 days since the original hack. Finally, all of the accounts created at Bugmenot.com for Ashleymadison.com prior to the original breach appear to be in the leaked data set as well. I’m sure there are millions of AshleyMadison users who wish it weren’t so, but there is every indication this dump is the real deal.

Original story:

A huge trove of data nearly 10 gigabytes in size was dumped onto the Deep Web and onto various Torrent file-sharing services over the past 48 hours.  According to a story at Wired.com, included in the files are names, addresses and phone numbers apparently attached to AshleyMadison member profiles, along with credit card data and transaction information. Links to the files were preceded by a text file message titled “Time’s Up” (see screenshot below).

The message left by the hackers claiming to leak the AshleyMadison.com database.

The message left by the latest group claiming to have leaked the hacked AshleyMadison.com database.

 

From taking in much of the media coverage of this leak so far — for example, from the aforementioned Wired piece or from the story at security blogger Graham Cluley’s site — readers would most likely conclude that this latest collection of leaked data is legitimate. But after an interview this evening with Raja Bhatia — AshleyMadison’s original founding chief technology officer — I came away with a different perspective.

Bhatia said he is working with an international team of roughly a dozen investigators who are toiling seven days a week, 24-hours a day just to keep up with all of the fake data dumps claiming to be the stolen AshleyMadison database that was referenced by the original hackers on July 19. Bhatia said his team sees no signs that this latest dump is legitimate.

“On a daily basis, we’re seeing 30 to 80 different claimed dumps come online, and most of these dumps are entirely fake and being used by other organizations to capture the attention that’s been built up through this release,” Bhatia said. “In total we’ve looked at over 100GB of data that’s been put out there. For example, I just now got a text message from our analysis team in Israel saying that the last dump they saw was 15 gigabytes. We’re still going through that, but for the most part it looks illegitimate and many of the files aren’t even readable.”

The former AshleyMadison CTO, who’s been consulting for the company ever since news of the hack broke last month, said many of the fake data dumps the company has examined to date include some or all of the files from the original July 19 release. But the rest of the information, he said, is always a mix of data taken from other hacked sources — not AshleyMadison.com.

“The overwhelming amount of data released in the last three weeks is fake data,” he said. “But we’re taking every release seriously and looking at each piece of data and trying to analyze the source and the veracity of the data.”

Bhatia said the format of the fake leaks has been changing constantly over the last few weeks.

“Originally, it was being posted through Imgur.com and Pastebin.com, and now we’re seeing files going out over torrents, the Dark Web, and TOR-based URLs,” he said.

To help locate new troves of data claiming to be the files stolen from AshleyMadison, the company’s forensics team has been using a tool that Netflix released last year called Scumblr, which scours high-profile sites for specific terms and data.

“For the most part, we can quickly verify that it’s not our data or it’s fake data, but we are taking each release seriously,” Bhatia said. “Scumbler helps accelerate the time it takes for us to detect new pieces of data that are being released.  For the most part, we’re finding the majority of it is fake. There are some things that have data from the original release, but other than that, what we’re seeing is other generic files that have been introduced, fake SQL files.”

Bhatia said this most recent leak is especially amusing because it included actual credit card data, even though AshleyMadison.com has never stored credit card information.

“There’s definitely not credit card information, because we don’t store that,” Bhatia said. “We use transaction IDs, just like every other PCI compliant merchant processor. If there is full credit card data in a dump, it’s not from us, because we don’t even have that. When someone completes a payment, what happens is from our payment processor, we get a transaction ID back. That’s the only piece of information linking to a customer or consumer of ours. If someone is releasing credit card data, that’s not from us. We don’t have that in our databases or our own systems.”

A screen shot of the archive released recently that many believe is the leaked AshleyMadison database.

A screen shot of the archive released recently that many believe is the leaked AshleyMadison database.

I should be clear that I have no idea whether this dump is in fact real; I’m only reporting what I have been able to observe so far. I have certainly seen many people I know on Twitter saying they’ve downloaded the files and found data from friends who’d acknowledged being members of the site.

Nearly every day since I first reported the exclusive story of the Ashley Madison hack on July 19,  I’ve received desperate and sad emails from readers who were or are AshleyMadison users and who wanted to know if the data would ever be leaked, or if I could somehow locate their information in any documents leaked so far. Unfortunately, aside from what I’ve reported here and in my original story last month, I don’t have any special knowledge or insight into this attack.

My first report on this breach quoted AshleyMadison CEO Noel Biderman saying the company suspected the culprit was likely someone who at one time had legitimate access to the company’s internal networks. I’d already come to the same conclusion by that time, and I still believe that’s the case. So I asked Bhatia if the company and/or law enforcement in Canada or the United States had apprehended anyone in relation to this hack.

Bhatia declined to answer, instead referring me to the written statement posted on its site today, which noted that investigation is still ongoing and that the company is simultaneously cooperating fully with law enforcement investigations, including by the Royal Canadian Mounted Police, the Ontario Provincial Police, the Toronto Police Services and the U.S. Federal Bureau of Investigation.

“This event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities,” the statement reads. “We know that there are people out there who know one or more of these individuals, and we invite them to come forward. While we are confident that the authorities will identify and prosecute each of them to the fullest extent of the law, we also know there are individuals out there who can help to make this happen faster.”

Readers should understand that if this dump does turn out to be legit, that just finding someone’s name, email address and other data in the archives doesn’t mean that person was a real user. As the above-mentioned Graham Cluley points out, AshleyMadison never bothered to verify the email addresses given to it by its users.

“So, I could have created an account at Ashley Madison with the address of barack.obama@whitehouse.gov, but it wouldn’t have meant that Obama was a user of the site,” Cluley wrote. “Journalists and commentators would be wise to remember that the credentials stored by Ashley Madison must be considered suspect because of their shonky practices, even before you start considering whether any leaked databases are falsified or not.”

Kelvin ThomsonShooting the Environment Messenger

If there was a narrative about the Liberal Government it is one of payback and punishment, in this case, of environmental groups who dare to have the temerity to challenge projects, as environmental groups should when environmental damage is foreseeable<o:p></o:p>

The announcement yesterday of proposed changes to the Environmental Protection and Biodiversity Conservation Act to repeal a section of the Act that allows green groups to mount legal challenges to environmental approvals is all about the government not accepting the umpire’s decision. This is following the Federal Court forcing the Government to reconsider its approval of Adani's $16 billion Carmichael coal mine because Environment Minister Greg Hunt had not properly considered the impacts on the yakka skink and ornamental snake.<o:p></o:p>

The Mackay Conservation Group launched its legal challenge in the Federal Court in January, alleging that greenhouse gas emissions from the mine, vulnerable species and Adani's environmental track record had not been taken into account. "The Minister conceded that he had made an error and Adani did as well that the proper process hadn't been followed in approving the Carmichael mine. He is required to take advice from his department on threatened species into account and he didn't do that,” Mackay Conservation Group coordinator Ellen Roberts said.<o:p></o:p>

Rather than seeing a failure in the Minister’s lack of due diligence, the Government has decided to shoot the messenger.<o:p></o:p>

The Government's claims the EPBC Act is costing jobs is not borne out by the facts. Since being passed by the Howard Government 15 years ago, the EPBC Act has been the overriding national environmental protection law, including throughout the mining boom – and environmental groups are required to operate within this law.<o:p></o:p>

Very few projects are legally challenged, and hardly any have been stopped. Adani has not been stopped, it has simply been required to comply with the law, as it should be.<o:p></o:p>
<o:p> </o:p>
Labor will not support weakening environmental protections or limiting a community's right to challenge Government decisions.

,

Krebs on SecurityMicrosoft Pushes Emergency Patch for IE

Microsoft today released an emergency software update to plug a critical security flaw in all supported versions of its Internet Explorer browser, from IE7 to IE 11 (this flaw does not appear to be present in Microsoft Edge, the new browser from Redmond and intended to replace IE).

IEwarning

According to the advisory that accompanies the patch, this a browse-and-get-owned vulnerability, meaning IE users can infect their systems merely by browsing to a hacked or malicious Web site. Windows users should install the patch whether or not they use IE as their main browser, as IE components can be invoked from a variety of applications, such as Microsoft Office. The emergency patch is available via Windows Update or from Microsoft’s Web site.

Microsoft’s advisory does not say whether this flaw is actively being exploited by attackers, but security experts at vulnerability management firm Qualys say it’s already happening.

“The vulnerability (CVE-2015-2502) is actively being exploited in the wild,” wrote Wolfgang Kandek, chief technology officer at Qualys, in a blog post about the update. “The attack code is hosted on a malicious webpage that you or your users would have to visit in order to get infected.”

According to Qualys, attackers are using a number of mechanisms to increase their target reach and lure users to the webpage  including:

  • hosting the exploit on ad networks, which are then used by entirely legitimate websites
  • gaining control over legitimate websites, say blogs, by exploiting vulnerabilities in the blogging server software or simply weak credentials
  • setting up specific websites for the attack and manipulating search engine results
  • send you a link to the site by e-mail or other messaging programs

“Now that the vulnerability is disclosed we expect the attack code to spread widely and get integrated into exploit kits and attack frameworks,” Kandek wrote. “Patch as quickly as possible.”

The patch comes just one week after the company released a slew of IE updates and other fixes for security flaws in Windows and Windows components as part of its regular Patch Tuesday monthly patch cycle (the second Tuesday of each month). The advisory credits a Google employee with reporting the vulnerability.

Update, 6:10 p.m. ET: Added comments from Qualys.

CryptogramDid Kaspersky Fake Malware?

Two former Kaspersky employees have accused the company of faking malware to harm rival antivirus products. They would falsely classify legitimate files as malicious, tricking other antivirus companies that blindly copied Kaspersky's data into deleting them from their customers' computers.

In one technique, Kaspersky's engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal.

Then, when competitors ran this doctored file through their virus detection engines, the file would be flagged as potentially malicious. If the doctored file looked close enough to the original, Kaspersky could fool rival companies into thinking the clean file was problematic as well.

[...]

The former Kaspersky employees said Microsoft was one of the rivals that were targeted because many smaller security companies followed the Redmond, Washington-based company's lead in detecting malicious files. They declined to give a detailed account of any specific attack.

Microsoft's antimalware research director, Dennis Batchelder, told Reuters in April that he recalled a time in March 2013 when many customers called to complain that a printer code had been deemed dangerous by its antivirus program and placed in "quarantine."

Batchelder said it took him roughly six hours to figure out that the printer code looked a lot like another piece of code that Microsoft had previously ruled malicious. Someone had taken a legitimate file and jammed a wad of bad code into it, he said. Because the normal printer code looked so much like the altered code, the antivirus program quarantined that as well.

Over the next few months, Batchelder's team found hundreds, and eventually thousands, of good files that had been altered to look bad.

Kaspersky denies it.

EDITED TO ADD (8/19): Here's an October 2013 presentation by Microsoft on the attacks.

Geek FeminismRolling On the Floor Linkspamming (18 August 2015)

 

  • Gayme Corner: “Videogames for Humans” and the Intimate, Playful Engagement of Twine | Robin on Autostraddle (12 August): “A lot of the most well-known Twine games are written by trans women, which is pretty rad, though Merritt Kopas points out that, “Few of these authors are accorded the respect, attention, or monetary success of their white male counterparts,” and within the community, it’s mostly white trans women whose work is recognized. Even so, Twine has great potential. “Authors are doing things with Twine that aren’t possible with traditional text. And at the same time, they’re using interactive media to tell stories that mainstream videogames couldn’t dream of telling,” Kopas said.”
  • The CW’s Female Executive Producers Talk Telling Women’s Stories | Teresa Jusino on The Masy Sue (12 August): “The CW’s session at the Television Critics Association summer tour earlier this week gives us so much reason to hope. After their main presentation, where they debuted their upcoming show from Aline Brosh McKenna called Crazy Ex-Girlfriend, eight female executive producers from The CW took to the stage in a panel called Running the Show: The Women Executive Producers of The CW and spoke honestly and optimistically about being women in the television industry and what they’re doing to help other women thrive in the business.”
  • ReThink | Trisha Prabhu: “Passionate to stop cyberbullying in adolescents, I created the patented product “ReThink” that stops cyberbullying at the source, before the bullying occurs, before the damage is done! My research has found that with “Rethink”, adolescents change their mind 93% of the time and decide not to post an offensive message. I was selected as Google Global Science Fair Finalists 2014 for my work on “ReThink”.”
  • I spent a weekend at Google talking with nerds about charity. I came away … worried. | Dylan Matthews on Vox (10 August): “Effective altruists think that past attempts to do good — by giving to charity, or working for nonprofits or government agencies — have been largely ineffective, in part because they’ve been driven too much by the desire to feel good and too little by the cold, hard data necessary to prove what actually does good. […] Effective altruism is […] a movement, and like any movement, it has begun to develop a culture, and a set of powerful stakeholders, and a certain range of worrying pathologies. At the moment, EA is very white, very male, and dominated by tech industry workers. […] Effective altruism is a useful framework for thinking through how to do good through one’s career, or through political advocacy, or through charitable giving. It is not a replacement for movements through which marginalized peoples seek their own liberation. If EA is to have any hope of getting more buy-in from women and people of color, it has to at least acknowledge that.”
  • We Still Let Harassers Participate In Our Community | Katie Kovalcin (12 August) [warning for sexual harassment]: “So, I reported an incident. I detailed someone who harassed me, provided receipts of the sexual harassment, and you want to then tell him I reported him and stick us in the same hotel? While effectively punishing me and not allowing me to participate in part of the conference because I was on the receiving end of harassment?”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

TEDA $20,000 contest for smart ideas: 3 videos to inspire your submission

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/vJeyWy7jFUk?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Jessica O. Matthews makes toys, like a soccer ball and jump rope, that generate electricity. Jane Chen invented a portable, low-cost incubator that keeps premature babies warm and saves lives. Erin Bagwell directed a documentary called Dream, Girl that celebrates the drive of female entrepreneurs.

When TED asked filmmaker Gilly Barnes to craft video portraits of these three women to kick off the Clinique Smart Ideas competition, she was thrilled. All three radiate passion, but Barnes noticed another recurring theme in their stories: bravery. Barnes aimed to highlight each woman’s fearlessness in their video: Matthews, a speaker at TEDWomen 2013, stands out as one of the few black women at TechCrunch Disrupt in New York; Bagwell left her corporate job after experiencing harassment; and Chen, a TED Fellow, used the yellow pages in India to find clinics that would let her test the Embrace warmer, then went door-to-door with it.

“The humility of that — the lack of pride, the willingness to look like a fool, the ballsiness of it,” said Barnes. “You get the feeling that all of these women were mavericks making it up as they went along.”

Clinique and TED have teamed up to surface more great ideas from women. Between now and September 30, submissions are open for the Smart Idea contest, a global competition designed to source interesting ideas — both big and small — and celebrate the women behind them. The winner will receive $20,000 in funding for their idea, and an invitation to attend a TED event.

The guidelines are simple: share your idea in five hundred words or less. To paint a better portrait of the idea, you can also upload a photo or short video. It’s limited to one submission per person. Clinique and TED are looking to be surprised and inspired by submissions, and will select one innovator with a clear vision of their idea’s capacity to affect change.

Barnes has some thoughts for anyone hoping to enter the contest. While making these videos, she broke down the three women’s entrepreneurial tracks into a simple formula: “Experience + being open and receptive = an idea.”

And of course, bravery and passion help.

As Bagwell says in the video below about the making of her documentary, “Crazy things have happened because I truly believed in it.”

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/mO7on71AI_g?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/nC5bzlKbdaE?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/XbDG5hXB1gg?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>


TEDTED Talks Live: Six nights of talks on Broadway — and students and educators attend for free

TED-Talks-Live-blog logo

TED is coming to Broadway. And curious minds of all kinds are invited.

TED Talks Live” will bring six nights of talks to The Town Hall Theater in New York City’s Theater district this November. The program will focus on three topics: The Education Revolution, War & Peace and Science & Wonder. Each night will be a thought-provoking mix of talks, short films, performances, stories and more, hosted by author and comedian Baratunde Thurston.

It’s the first TED event in New York City open to the public, and a great chance to enjoy TED Talks in person. Tickets for the orchestra are $100 and are available now through Ticketmaster, as well as at The Town Hall box office. Tickets for the mezzanine are free for students and educators — all that’s required is applying for a pass online. You are welcome to attend multiple nights — just choose nights with different themes to avoid repeat speakers.

For The Education Revolution (on November 1 and 2), former White House Chef and nutritionist Sam Kass will share intriguing thoughts on the effects of malnutrition on education, while Sal Khan of the Khan Academy points to what’s next in online education. They’ll be joined by author and parenting expert Julie Lythcott-Haims, who’ll address helping kids ask the right questions to succeed; Dena Simmons, emotional intelligence expert; Victor Rios, who’ll speak on adversity and resilience; and Andrew Mangino of The Future Project. The night will be co-hosted by Sara Ramirez of Grey’s Anatomy.

For War & Peace (on November 3 and 4), author Sebastian Junger will reveal what he’s learned covering wars and their aftermath, Hector Garcia will share his research on PTSD, and Adam Driver of Girls will talk about his experience in the US Marine Corps and his work as co-founder of Arts in the Armed Forces. Simon Sinek — whose first TED Talk has been viewed more than 23 million times — will share observations on leadership gleaned in war.

For Science & Wonder (on November 5 and 6), futurist Juan Enriquez will talk about what’s next in genomics. Meanwhile, Latif Nasser of Radiolab will share a science story he can’t stop thinking about.

Attendees can also look forward to performances from Rufus Wainwright, Paul Cantelon, Angela McCluskey and Harlem Samba.

Author and comedian Baratunde Thurston has delivered many hilarious wrap-ups of TED events. Now he'll host TED Talks Live — six nights of TED Talks on Broadway in November. Photo: Brett Hartman/TED

Author and comedian Baratunde Thurston has delivered many hilarious wrap-ups of TED events. Now he’ll host TED Talks Live — six nights of TED Talks on Broadway in November. Photo: Bret Hartman/TED

Many more speakers and performers will be added to the program over the coming weeks.

TED Talks Live is funded by The Corporation for Public Broadcasting, in partnership with TED and ITVS. Content from the event will air in three primetime specials on PBS in the spring of 2016.

“We’ve been dreaming of this for a while,” says TED curator Chris Anderson. “It’s one thing to watch a TED Talk online, but quite another to spend a full evening with our speakers. It offers people a night out like they may never have experienced before. One that can give them new mental tools they’ll own forever.”

“It’s a week of great ideas brimming with humanity and passion,” says producer Juliet Blake.

Buy tickets to TED Talks Live »

Students and Students and educators, apply for your free passes »


TEDApplications are open for TED2016 Fellows — and you should apply

TEDFellows_2016_article_983x514

TED Fellows aren’t easy to classify. In the latest class, there’s a bioengineer who programs bacteria to change the color of urine to signal the presence of cancer — and to make bold, brightly colored art. There’s a data scientist who dreamed up a tool to let anyone with a cell phone build a credit score, even if they don’t have access to a bank. An astronomer who uses her training as an actor to inspire a new generation of scientists. A deaf artist whose sound installations explore our relationship to noise and language.

If you’re an innovator whose work crosses boundaries, you may just find a home in the TED Fellows program. The program welcomes thinkers with big vision — and helps them share their ideas with the world.

Why should you apply to be a TED Fellow? The TED Fellows program has a long track record of taking careers to the next level. Fellows attend a TED conference, for free, and have the opportunity to give a four-minute TED Talk. In speaking from the TED stage, you’ll reach a wide audience and meet industry leaders who may be able to help your realize your idea. Your talk may even be posted on TED.com. But aside from the conference itself, Fellows gain access to free life coaching and mentorship, public relations advice and speaker coaching from a panel of experienced advisors. And as a Fellow, you become part of a global network of innovators from a wide range of disciplines that may become future collaborators.

Applications for the 2016 class of TED Fellows are open now through September 20, 2015. The 20 individuals selected will attend the TED2016 conference in Vancouver, Canada, from February 12 to 19, 2016.

Program director Tom Rielly stresses that, even if it sounds like a longshot, you should take a chance and apply. “Some of our most successful Fellows have told us that they almost didn’t apply because they never imagined they’d be selected,” he says.

The online application for the TED Fellows program is low-key — it asks for basic information, answers to short essay questions and three references. And, yes, while the program is looking for applicants who’ve accomplished a lot so far, it also seeks out candidates with character and grit who have the potential to break barriers as they build their careers.

Sound like you?

Apply to be a TED Fellow »

Learn more about the TED Fellows program »

 

 

Photo credit: Camille A. Brown by Matt Karas


Sociological ImagesAre bikini baristas sex workers? Are you?

Is there really a clean-cut difference between work and sex work? Is sex work really or always sexual? Are all the other jobs asexual? Where do we draw the line? Can we draw a line? Should we?

These were some of the questions that we discussed in my power and sexuality class this past semester and, like magic, an article appeared asking whether “bikini-clad baristas” at sexy-themed coffee shops are sex workers. Well, are they?

These coffee shops require women to wear bikinis or lingerie. At The Atlantic, Leah Sottile writes that “bikini” is an overstatement. On that day, a Wednesday, the employee slinging coffee wears lacy underwear. It’s their slow day, she explains, because on Tuesdays and Thursdays she wears only a thong and pasties.

“It’s like a really friendly drive-through peep show,” writes Sottile.

School administrators have re-routed buses.

—————

There are some interesting players in this debate, people who sociologists would call stakeholders.

Mike Fagan is one. He’s a politician and some would say that he’s responsible for making sure that city rules match the values of his constituents. He’s pro-regulation, explaining:

In my mind we’re talking adult entertainment. We don’t want to shut down the stands. We want to say, “Look, you either put the bikinis back on, or you move your business to an appropriately zoned area.”

Business owners — at least the ones that own sexy coffee shops — are generally anti-regulation. They’re not interested in relocating their businesses to an “appropriately zoned area,” the sad, skeezy corners of the city where we find strip clubs. One explains that she’s “just selling coffee” and if her girls want to wear a bikini when they do, who’s to say they shouldn’t?

Sex worker advocates are also involved. Savannah Sly, a representative of the Seattle Sex Workers Outreach Project, argues that bikini baristas are sex workers:

…because their work involves using sexual appeal… Because they may be stigmatized or their place of employment scrutinized due to the erotic nature of the work, I deem it worthy of the label of sex work.

Right or wrong, this is a convenient conclusion for Sly. If more workers are classified as sex workers, than sex workers become more powerful as a group, enabling them to better advocate for better working conditions, more protection, and rights.

The bikini baristas themselves surely have a variety of opinions. The one interviewed by Sottile points out that models often wear as little or less clothing, but no one’s debating whether they’re sex workers.

It’s a fair point. And it gets back to our question — and the question for the cities of Spokane, WAClovis, CAForest Grove, OR; Aurora, CO and more — where do you draw the line between sex work and not sex work?

Honestly, I don’t think it’s possible.

Sex is a part of lots of jobs. It’s not a binary, it’s a spectrum. Sex is a part of modeling, dancing, and acting. The bartender, the waitress, and the hostess all sometimes deploy their sex appeal. How much does sex play into how lawyers are viewed in courtrooms or personal trainers are evaluated? Is sex a part of pro sports? The therapist’s relationship with their client? Selling pharmaceuticals to physicians? Heck, even college professors are evaluated with chili peppers.

Maybe the difference is the contact or the penetration? But there are other jobs that centrally involve bodies and some involve kinds of penetration. What about the dentist climbing in your mouth? The phlebotomist drawing your blood? The surgeon opening up your chest? All these things are invasive and risky, but we manage them.

If not the penetration, maybe it’s the stigma? But there are other jobs that are stigmatized, too: undertakers, sewage plant employees, slaughterhouse workers, abortion providers, politicians (only sort of kidding), and many more.

The truth is that the things involved with sex work — emotional vulnerability, intimacy, emotional manipulation, physical contact, health risks, and moral opprobrium — all characterize at least some other jobs, too. So, the only thing that separates work from sex work is sex.

And, this might sound weird but, I don’t really think that sex is a thing that lines can be drawn around.

Is penile-vaginal intercourse sex? Is oral sex? Is manual stimulation of the genitals? Is making out? Is kissing? Is thinking about kissing? Would you offer different answers if I asked if those things were sexual? Would you answer differently if the question wasn’t about what counted as sex, but what counted as abstinence?

Is the penis a sexual body part? The clitoris? The anus? Breasts? The inner thigh? The back of one’s knee? The back of one’s neck? How do you decide? Who gets to?

So when is work sex work? I can’t conceive of an answer that would satisfy me.

So, what should be done about bikini baristas? A strong minimum wage. Unions. Protection from harassment. Sick days. A nice vacation. Penalties for wage theft. Predictable schedules. A nice benefits package. I want all those things for bikini baristas. I want them for all the other “sex workers,” too. I want those things for all workers because the important word in the phrase “sex work” isn’t sex, it’s work.

Cross-posted at Pacific Standard.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet Linux AustraliaJames Purser: The next step in the death of the regional networks

So we were flicking around youtube this evening as we are wont to do and we came across this ad

Now, an ad on youtube is nothing special, however what is special about this one is the fact that it's a local ad. That fishing shop is fifteen minutes from where I live and it's not the first local ad that I've seen on Youtube lately.

This means two things. Youtube can tell that I'm from the area the ad is targetted at, and local businesses now have an alternative to the local tv networks for advertising, an alternative that is available across multiple platforms, has a constant source of new content and is deeply embedded in the internet enabled culture that the networks have been ignoring for the past fifteen years.

Getting rid of the 2/3 rule, or removing the 75% reach rule won't save the networks. Embracing the internet and engaging with people in that space, just might.

Blog Catagories: 

RacialiciousPhoto Gallery: Back in time on Governor’s Island

There are two weekends each summer in New York City when you might find yourself riding the downtown subway next to a flapper and her bootlegger dressed partner. They’re not elaborately costumed film extras, and you haven’t found yourself stuck in an episode of Doctor Who. This was the 10th year for the Jazz Age Lawn Party on Governor’s Island, and August’s Saturday date didn’t disappoint when it came to fashionable attendees.

For your enjoyment this morning, a lighter side of Racialicious. Check out our gallery of Gatsby era attired POC attendees below.

 

The post Photo Gallery: Back in time on Governor’s Island appeared first on Racialicious - the intersection of race and pop culture.

CryptogramMore on Mail Cover

I've previously written about mail cover -- the practice of recording the data on mail envelopes. Sai has been covering the issue in more detail, and recently received an unredacted copy of a 2014 audit report. The New York Times has an article on it:

In addition to raising privacy concerns, the audit questioned the Postal Service's efficiency and accuracy in handling mail cover requests. Many requests were processed late, the audit said, which delayed surveillance, and computer errors caused the same tracking number to be assigned to different requests.

[...]

The inspector general also found that the Postal Inspection Service did not have "sufficient controls" in place to ensure that its employees followed the agency's policies in handling the national security mail covers.

According to the audit, about 10 percent of requests did not include the dates for the period covered by surveillance. Without the dates in the files, auditors were unable to determine if the Postal Service had followed procedures for allowing law enforcement agencies to monitor mail for a specific period of time.

Additionally, 15 percent of the inspectors who handled the mail covers did not have the proper nondisclosure agreements on file for handling classified materials, records that must be maintained for 50 years. The agreements would prohibit the postal workers from discussing classified information.

And the inspector general found that in about 32 percent of cases, postal inspectors did not include, as required, the date on which they visited facilities where mail covers were being processed. In another 32 percent of cases, law enforcement agencies did not return documents to the Postal Inspection Service's Office of Counsel, which handles the national security mail covers, within the prescribed 60 days after a case was closed.

Worse Than FailureCodeSOD: At Least There's Tests

Having automated tests for a project is a good thing, as a general rule. We can debate the broader merits of “TDD”, “ATDD”, “BDD”, “ATBDDSM”, how much test coverage is actually worth having, and if we should view our test approach as a series of metrics that must be met, instead of some guidelines that will help improve our development process.

Our first exhibit today is from Paul. It’s a JUnit test, that, well, maybe misses the point of writing unit tests:

        @Test 
        public void testDateConversion(){
                BatchProcessManager newBpm = new BatchProcessManager();
                assertTrue( bpm.convertToRelativeDate(date) == newBpm.convertToRelativeDate(date) );
        }

Yes, that test simply calls the same method twice and confirms that the result of the first invocation is the same as the result of the second. That’s just silly, of course, but is a great example of how not to write a unit test.

It doesn’t hold a candle from this snippet from Alice. Salesforce, you see, refuses to release code unless there’s 75% test coverage. A contract developer programming on a deadline looked at that requirement and said, “Sure, I could write more tests… or I could write a pile of do-nothing code.”

That’s where this abomination came from:

Public Void codeCoverage(){ 
        String s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
         s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
         s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
         s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
         s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
         s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
         s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
         s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
         s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
         s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;
<script src="http://www.cornify.com/js/cornify.js" type="text/javascript"></script>s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
        s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;s = &apos&apos;
         
                  
   }

Now, with only one test, they can test a huge swath of the application code! Of course, Salesforce only counts raw lines in code coverage, so repeating the s=''; multiple times a line doesn’t actually help anything.

<link href="http://thedailywtf.com/images/highlight/styles/github.css" rel="stylesheet"/>
<script src="http://thedailywtf.com/images/highlight/highlight.pack.js"></script>
<script>hljs.initHighlightingOnLoad();</script>

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet Linux AustraliaFrancois Marier: Watching (some) Bluray movies on Ubuntu 14.04 using VLC

While the Bluray digital restrictions management system is a lot more crippling than the one preventing users from watching their legally purchased DVDs, it is possible to decode some Bluray discs on Linux using vlc.

First of all, install the required packages as root:

apt install vlc libaacs0 libbluray-bdj libbluray1
mkdir /usr/share/libbluray/
ln -s /usr/share/java/libbluray-0.5.0.jar /usr/share/libbluray/libbluray.jar

The last two lines are there to fix an error you might see on the console when opening a Bluray disc with vlc:

libbluray/bdj/bdj.c:249: libbluray.jar not found.
libbluray/bdj/bdj.c:349: BD-J check: Failed to load libbluray.jar

and is apparently due to a bug in libbluray.

Then, as a user, you must install some AACS decryption keys. The most interesting source at the moment seems to be labDV.com:

mkdir ~/.config/aacs
cd ~/.config/aacs
wget http://www.labdv.com/aacs/KEYDB.cfg

but it is still limited in the range of discs it can decode.

Planet Linux AustraliaDavid Rowe: OLPC and Measuring if Technology Helps

I have a penchant for dating teachers who have worked in Australia’s 3rd world. This has given me a deep, personal appreciation of just how hard developing world education can be.

So I was wondering where the OLPC project had gone. And in particular, has it helped people? I have had some experience with this wonderful initiative, and it was the subject of much excitement in my geeky, open source community.

I started to question the educational outcomes of the OLPC project in 2011. Too much tech buzz, and I know from my own experiences (and those of friends in the developing world) that parachuting rich white guy technology into the developing world then walking away just doesn’t work. It just makes geeks and the media feel good, for a little while at least.

Turns out 2.5M units have been deployed world wide, quite a number for any hardware project. One Education alone has an impressive 50k units in the field, and are seeking to deploy many more. Rangan Srikhanta from One Education Australia informed me (via a private email) that a 3 year study has just kicked off with 3 Universities, to evaluate the use of the XO and other IT technology in the classroom. Initial results in 2016. They have also tuned their deployment strategy to address better use of deployed XOs.

Other studies have questioned the educational outcomes of the OLPC project. Quite a vigorous debate in the comments there! I am not a teacher, so don’t profess to have the answers, but I did like this quote:

He added: “…the evidence shows that computers by themselves have no effect on learning and what really matters is the institutional environment that makes learning possible: the family, the teacher, the classroom, your peers.”

Measurement Matters

It’s really important to make sure the technology is effective. I have direct experience of developing world technology deployments that haven’t reached critical mass despite a lot of hard work by good people. With some initiatives like OLPC, even after 10 years (an eternity in IT, but not long in education) there isn’t any consensus. This means it’s unclear if the resources are being well spent.

I have also met some great people from other initiatives like AirJaldi and Inveneo who have done an excellent job of using geeky technology to consistently help people in the developing world.

This matters to me. These days I am developing technology building blocks (like HF Digital Voice), rather than working on direct deployments to the developing world. Not as sexy, I don’t get to sweat amongst the palm trees, or show videos of “unboxing” shiny technology in dusty locations. But for me at least, a better chance to “improve the world a little bit” using my skills and resources.

Failure is an Option

When I started Googling for recent OLPC developments I discovered many posts declaring OLPC to be a failure. I’m not so sure. It innovated in many areas, such as robust, repairable, eco-friendly IT technology purpose designed for education in the developing world. They have shipped 2.5M units, which I have never done with any of my products. It excited and motivated a lot of people (including me).

When working on the Village Telco I experienced difficult problems with interference on mesh networks and in working with closed source radio chip set vendors. This lead to me to ask fundamental questions about sending voice over radio and lead me to my current HF Digital Voice work – which is 1000 times (60db) more efficient than VOIP over Wifi and completely open source.

Pushing developing world education and telecommunications forward is a huge undertaking. Mistakes will be made, but without trying we learn nothing, and get no closer to solutions. So I say GO failure.

Measuring the Effectiveness of my Own Work

Lets put the spotlight on me. Can I can measure the efficacy of my own work in hard numbers? This blog gets visited by 5000 unique IPs a day (150k/month). Unique IPs is a reasonable measure for a blog, and it’s per day, so it shows some recurring utility.

OK, so how about my HF radio digital voice software? Like the OLPC project, that’s a bit harder to measure. Quite a few people trying FreeDV but an unknown number of them are walking away after an initial tinker. A few people are saying publicly it’s not as good as SSB. So “downloads”, like the number of XO laptops deployed, is not a reliable metric of the utility of my work.

However there is another measure. An end-user can directly compare the performance of FreeDV against analog SSB over HF radio. Your communication is either better or it is not. You don’t need any studies, you can determine the answer yourself in just a few minutes. So while I may not have reached my technical goals quite get (I’m still tweaking FreeDV 700), I have a built in way for anyone to determine if the technology I am developing is helping anyone.

Krebs on SecurityHow Not to Start an Encryption Company

Probably the quickest way for a security company to prompt an overwhelmingly hostile response from the security research community is to claim that its products and services are “unbreakable” by hackers. The second-fastest way to achieve that outcome is to have that statement come from an encryption company CEO who served several years in federal prison for his role in running a $210 million Ponzi scheme. Here’s the story of a company that managed to accomplish both at the same time and is now trying to learn from (and survive) the experience.

unbreakabletothecoreThanks to some aggressive marketing, Irvine, Calif. based security firm Secure Channels Inc. (SCI) and its CEO Richard Blech have been in the news quite a bit lately — mainly Blech being quoted in major publications such as NBC NewsPolitico and USA Today  — talking about how his firm’s “unbreakable” encryption technology might have prevented some of the larger consumer data breaches that have come to light in recent months.

Blech’s company, founded in 2014 and with his money, has been challenging the security community to test its unbreakable claim in a cleverly unwinnable series of contests: At the Black Hat Security conference in Las Vegas last year, the company offered a new BMW to anyone who could unlock a digital file that was encrypted with its “patented” technology.

At the RSA Security Conference this year in San Francisco, SCI offered a $50,000 bounty to anyone who could prove the feat. When no one showed up to claim the prizes, SCI issued press releases crowing about a victory for its products.

Turns out, Blech knows a thing or two about complex, unwinnable games: He pleaded guilty in 2003 of civil and criminal fraud charges and sentenced to six years in U.S. federal prison for running an international Ponzi scheme.

Once upon a time, Blech was the CEO of Credit Bancorp. Ltd., an investment firm that induced its customers to deposit securities, cash, and other assets in trust by promising the impossible: a “custodial dividend” based on the profits of “risk-less” arbitrage. Little did the company’s investors know at the time, but CBL was running a classic Ponzi scheme: Taking cash and other assets from new investors to make payments to earlier ones, creating the impression of sizable returns, prosecutors said. Blech was sentenced to 72 months in prison and was released in 2007.

THE UNBREAKABLE COMPETITION

humblethehacker

In April 2015, Lance James, a security researcher who has responded to challenges like the BMW and $50,000 prizes touted by SCI, began receiving taunting Tweets from Blech and Ross Harris, a particularly aggressive member of SCI’s sales team. That twitter thread (PDF) had started with WhiteHat Security CTO Jeremiah Grossman posting a picture of a $10,000 check that James was awarded from Telesign, a company that had put up the money after claiming that its StrongWebmail product was unhackable. Turns out, it wasn’t so strong; James and two other researchers found a flaw in the service and hacked the CEO’s email account. StrongWebmail never recovered from that marketing stunt.

James replied to Grossman that, coincidentally, he’d just received an email from SCI offering a BMW to anyone who could break the company’s crypto.

“When the crypto defeats you, we’ll give you a t-shirt, ‘Can’t touch this,’ you’ll wear it for a Tweet,” Blech teased James via Twitter on April 7, 2015. “Challenge accepted,” said James, owner of the security consultancy Unit 221b.  “Proprietary patented crypto is embarrassing in 2015. You should know better.”

As it happens, encrypting a file with your closed, proprietary encryption technology and then daring the experts to break it is not exactly the way you prove its strength or gain the confidence of the security community in general. Experts in encryption tend to subscribe to an idea known as Kerckhoff’s principle when deciding the relative strength and merits of any single cryptosystem: Put simply, a core tenet of Kerckhoff’s principle holds that “one ought to design systems under the assumption that the enemy will gain full familiarity with them.”

Translation: If you want people to take you seriously, put your encryption technology on full view of the security community (minus your private encryption keys), and let them see if they can break the system.

James said he let it go when SCI refused to talk seriously about sharing its cryptography solution, only to hear again this past weekend from SCI’s director of marketing Deirdre “Dee” Murphy on Twitter that his dismissal of their challenge proved he was “obsolete.” Murphy later deleted the tweets, but some of them are saved here.

Nate Cardozo, a staff attorney at the nonprofit digital rights group Electronic Frontier Foundation (EFF), said companies that make claims of unbreakable technologies very often are effectively selling snake oil unless they put their products up for peer review.

“They don’t disclose their settings or what modes their ciphers are running in,” Cardozo said. “They have a patent which is laughably vague about what it’s actually doing, and yet their chief marketing officer insults security researchers on Twitter saying, ‘If our stuff is so insecure, just break it.'”

Cardozo was quick to add that although there is no indication whatsoever that Secure Channels Inc. is engaging in any kind of fraud, they are engaged in “wildly irresponsible marketing.”

“And that’s not good for anyone,” he said. “In the cryptography community, the way you prove your system is secure is you put it up to peer review, you get third party audits, you publish specifications, etc. Apple’s not open-source and they do all of that. You can download the security white paper and see everything that iMessage is doing. The same is true for WhatsApp and PGP. When we see companies like Secure Channel treating crypto like a black box, that raises red flags. Any company making such claims deserves scrutiny, but because we can’t scrutinize the actual cryptography they’re using, we have to scrutinize the company itself.”

THE INTERVIEW

I couldn’t believe that any security company — let alone a firm that was trying to break into the encryption industry (a business that requires precision perhaps beyond any other, no less) — could make so many basic errors and miscalculations, so I started digging deeper into SCI and its origins. At the same time I requested and was granted an interview with Blech and his team.

I learned that SCI is actually licensing its much-vaunted, patented encryption technology from a Swiss firm by the same name – Secure Channels SA. Malcolm Hutchinson, president and CEO at Secure Channels SA, said he and his colleagues have been “totally dismayed at the level of marketing hype being used by SCI.”

“In hindsight, the mistake we made was licensing SCI to use the Secure Channel name, as this has led to a blurring of the distinction between the owner of the IP and the licensee of that IP which has been exploited,” he told KrebsOnSecurity in an email exchange.

SCI’s CEO Blech has been quoted in the news media saying the company has multiple U.S. government clients. When asked at the outset of a phone interview to name some of those government clients, Blech said he was unable to because they were all “three-letter agencies.” He mentioned instead a deal with MicroTech, a technology integrator that does work with a number of government agencies. When asked whether SCI was actually doing any work for any government clients via its relationship with MicroTech, Blech conceded that it was not.

“We’re on their GSA schedule and in a flow with these agencies,” Blech said.

The same turned out to be the case of another “client” Blech mentioned: American electronics firm Ingram Micro. Was anyone actually using SCI’s technology because of the Ingram relationship? Well, no, not yet.

Did the company actually have any paying clients, I asked? Blech said yes, SCI has three credit union clients in California, two who of whom couldn’t be disclosed because of confidentiality agreements. In what sense was the third credit union (La Loma Federal Credit Union) using SCI’s unbreakable encryption? As Blech explained it, SCI sent one of its employees to help the bank with a compliance audit, but La Loma FCU hasn’t actually deployed any of his products.

“They’re not ready for it, so we haven’t deployed it,” he said.

I asked Blech what about the gap in his resume roughly between 2003 and 2007. When he balked, I asked whether he’d advised all of his employees of his criminal record when they were hired? Yes, of course, he said (this, according to two former SCI employees, was not actually the case).

In any event, Blech seemed to know this subject was going to come up, and initially took ownership over the issue, although he said he never ran any Ponzi schemes.

“This is in my past and something I’ve addressed and paid my debt for in every way,” Blech said. “I took the approach that was going to get me home to my family the soonest. That meant cooperating with the government and not fighting them in a long, drawn-out battle. I took responsibility, financially and in every way I had to with this case.”

Then he added that it really wasn’t his fault. “There were people in my company that were in America while I was living in Europe that went out and did things inappropriately that got the attention of the authorities,” pointing out that virtually all of the money was returned to investors.

“I put more than $2 million of my own money into this company,” Blech said of SCI. “I could have hidden, and spent that to reinvent myself and sit on a beach in the Bahamas. But I didn’t do that.”

PATENTLY OBVIOUS?

Why in the world wouldn’t anyone want to deploy an unhackable security product? Perhaps because the product doesn’t offer much beyond existing encryption technologies to justify the expenditure?

The subject of all this hoopla — US Patent No. 8,744,078 B2, Issued June 3, 2014 — carries the title: “SYSTEM AND METHOD FOR SECURING MULTIPLE DATA SEGMENTS HAVING DIFFERENT LENGTHS USING PATTERN KEYS HAVING MULTIPLE DIFFERENT STRENGTHS.”

Put simply, SCI’s secret sauce is a process for taking existing encryption techniques (they only use vetted, established code libraries) and randomizing which one gets used to encrypt the file that needs to protected, and then encrypting the output with AES-256. Seems patently obvious, yet otherwise harmless. But how does this improve upon AES-256 — widely considered one of the most secure ciphers available today?

It’s not clear that it does. In case after case, we’ve seen security technologies that were previously secure compromised by the addition of functionality, features or implementations that are fundamentally flawed. In the case of the HeartBleed bug — a massive vulnerability in OpenSSL that enabled anyone to snoop on encrypted Web traffic — the bug was reportedly introduced accidentally by an OpenSSL volunteer programmer who intended to add new functionality to the widely-used standard.

Robert Hansen, vice president of WhiteHat Labs at WhiteHat Security, pointed to another example: Acutrust, a once ambitious security firm that came up with a brilliant idea to combat phishing attacks, only to create a new problem in the process.

“Acutrust turned a normal [password] hash into a pretty picture as a convoluted way to prevent phishing and it made it super easy to brute-force every username and password offline, and didn’t help with phishing at all,” Hansen wrote in a Facebook message. “This article single handedly effectively put them out of business, FYI.”

All told, I spent more than an hour on the phone with Blech and his team. At the beginning of the call, it was clear that neither he nor any of his people were familiar with Kerckhoff’s principle, or even appreciated the idea that having their product publicly vetted might be a good thing. But by the end of the call, things seemed to be turning around.

At first, Blech said anyone who wanted to try to break the company’s technology needed only to look to its patent on file with the U.S. Patent & Trademark Office, which he said basically explained the whole thing. I took another look at SCI’s press release about its precious patent: “One of the most interesting things about technology is the personalities behind it,” the company’s own in-house media firm crowed. No question about that.

Early in the interview, Blech said he wouldn’t want to let just anyone and everyone have access to their product; the company would want to vet the potential testers. Later in the call, the tone had changed.

“Without the decryption key, even if you have the source code, not going to be able to get through it,” Blech said. “We don’t know the randomization sequence,” chosen by their technology when it is asked to encrypt a file, he said.

Now we were getting somewhere, or at least a whole lot closer to crotchety ole’ Kerckhoff’s principle. The company finally seemed opening up to the idea of an independent review. This was progress. But would SCI cease its “unhackable” marketing shenananigans until such time? SCI’s Marketing Director Deirdre Murphy was non-committal, suggesting that perhaps the company would find a less controversial way to describe their product, such as “impenetrable.” I just had to sigh and end the interview.

Just minutes after that call, I received an email from SCI’s outside public relations company stating that SCI would, in fact, be publishing a request for proposal for independent testing of its technology:

“As an early stage company we were focused on coming to market and channel partnering.  We now realize that specific infosec industry norms around independent need to be met – and quickly.  We’ve been using the peer review and testing of existing partners, advanced prospects and early engagements up until now. WE hear the infosec community’s feedback on testing, and look forward to engaging in independently conducted tests.  We are today publishing requests for proposals for such testing.”

“We realize that sometimes a technology innovator’s earliest critics can be their best sources of feedback. We hope to solicit constructive involvement from  the infosec community and some of its vast array of experts.”

Kerckhoff would be so proud.

Planet Linux AustraliaLeon Brooks: Making good Canon LP-E6 battery-pack contacts

battery-pack contacts
Canon LP-E6 battery packs (such as those using in my 70D camera) have two fine connector wires used for charging them.  These seem to be a weak point, as (if left to themselves) they eventually fail to connect well, which means that they do not charge adequately, or (in the field) do not run the equipment at all.

One experimenter discovered that scrubbing them with the edge of a stiff business card helped to make
with (nonCanon this time) charger contacts
them good.  So I considered something more extensive.

Parts: squeeze-bottle of cleaner (I use a citrus-based cleaner from PlanetArk, which seems to be able to clean almost anything off without being excessively invasive); spray-can
equipment required
of WD-40; cheap tooth-brush, paper towels (or tissues, or bum-fodder).

Method: lightly
brush head
spray cleaner onto contacts. Gently but vigorously rub along the contacts with toothbrush. Paper-dry the contacts.

Lightly spray WD-40 onto contacts. Gently but vigorously rub along the contacts with toothbrush. Paper-dry the contacts.

wider view of brush on contacts

(optional) When thoroughly dry, add a touch of light machine oil. This wards off moisture.

This appears to be just as effective with 3rd-party battery packs.

,

Krebs on SecurityIRS: 330K Taxpayers Hit by ‘Get Transcript’ Scam

The Internal Revenue Service (IRS) disclosed today that identity thieves abused a feature on the agency’s Web site to pull sensitive data on more than 330,000 potential victims as part of a scheme to file fraudulent tax refund requests. The new figure is far larger than the number of Americans the IRS said were potentially impacted when it first acknowledged the vulnerability in May 2015 — two months after KrebsOnSecurity first raised alarms about the weakness.

Screenshot 2015-03-29 14.22.55In March 2015, I warned readers to Sign Up at IRS.gov Before Crooks Do It For You — which tracked the nightmarish story of Michael Kasper, one of millions of Americans victimized by tax refund fraud each year. When Kasper tried to get a transcript of the fraudulent return using the “Get Transcript” function on IRS.gov, he learned that someone had already registered through the IRS’s site using his Social Security number and an unknown email address.

Two months later, IRS Commissioner John Koskinen publicly acknowledged that crooks had used this feature to pull sensitive data on at least 110,000 taxpayers. Today, the Associated Press and other news outlets reported that the IRS is now revising those figures, estimating that an additional 220,000 potential victims had Social Security numbers and information from previous years’ tax filings stolen via the IRS Web site.

“In all, the thieves used personal information from about 610,000 taxpayers in an effort to access old tax returns,” the AP story notes. “They were successful in getting information from about 334,000 taxpayers.”

A BROKEN PROCESS

The IRS’s experience should tell consumers something about the effectiveness of the technology that the IRS, banks and countless other organizations use to screen requests for sensitive information.

As I reported in March, taxpayers who wished to obtain a copy of their most recent tax transcript had to provide the IRS with the following information: The applicant’s name, date of birth, Social Security number and filing status. After that data is successfully supplied, the IRS uses a service from credit bureau Equifax that asks four so-called “knowledge-based authentication” (KBA) questions. Anyone who succeeds in supplying the correct answers can see the applicant’s full tax transcript, including prior W2s, current W2s and more or less everything one would need to fraudulently file for a tax refund.

These KBA questions — which involve multiple choice, “out of wallet” questions such as previous address, loan amounts and dates — can be successfully enumerated with random guessing. But in practice it is far easier, as we can see from the fact that thieves were successfully able to navigate the multiple questions more than half of the times they tried.

If any readers here doubt how easy it is to buy personal data on just about anyone, check out the story I wrote in December 2014, wherein I was able to find the name, address, Social Security number, previous address and phone number on all current members of the U.S. Senate Commerce Committee. This information is no longer secret (nor are the answers to KBA-based questions), and we are all made vulnerable to identity theft as long as institutions continue to rely on static information as authenticators.

Unfortunately, the IRS is not the only government agency whose reliance on static identifiers actually makes them complicit in facilitating identity theft against Americans. The same process described to obtain a tax transcript at irs.gov works to obtain a free credit report from annualcreditreport.com, a Web site mandated by Congress. In addition, Americans who have not already created an account at the Social Security Administration under their Social Security number are vulnerable to crooks hijacking SSA benefits now or in the future. For more on how crooks are siphoning Social Security benefits via government sites, check out this story.

THE IRS IS STILL VULNERABLE

The IRS has responded to the problem of tax ID theft partly by offering Identity Protection PINs (IP PINs) to affected taxpayers that must be supplied on the following year’s tax application before the IRS will accept the return. However, according to Kasper — the tax ID theft victim whose story first prompted my reporting on the Get Transcript abuse problem back in March — the IRS.gov Web site allows consumers who have lost their IP PINs to recover them, and incredibly that feature is still using the same authentication method relied upon by  the IRS’s flawed Get Transcript function.

“Unless they’ve blocked access online for these 330,000 people, then those 330,000 are vulnerable by having their IP PIN being obtained by the same people who got their transcript,” Kasper said. “These people have already been victimized, and this IP PIN recovery process potentially exposes those people to being victimized again via the IRS.”

Kasper, who testified about his experience on June 2, 2015 before the Senate Homeland Security and Government Affairs Committee, says the IRS could ameliorate the problem by allowing taxpayers to lock in their refund payment details.

“This could be done either with a form and supporting proof of identity documents, or with a check box on your tax return which would apply for the next year’s tax return,” Kasper said. “Unlike Identity Protection PINs, no one can lose their home address or bank account number.  If someone has to change it, they can resubmit the form.  As a result, it should be easy to let people opt in nationwide to prevent stolen refunds.”

IP-PIN

The IRS said it is notifying all potential victims and offering free credit monitoring services. But this is hardly a useful solution. I have long urged readers to rely instead on freezing their credit files with the four major credit bureaus as a means of thwarting ID thieves (for more on what a security freeze is and why it’s superior to credit monitoring, see How I Learned to Stop Worrying and Embrace the Security Freeze).

Credit freezes prevent would-be creditors from approving new lines of credit in your name — and indeed from even being able to view or “pull” your credit file — but a freeze will not necessarily block fraudsters from filing phony tax returns in your name.

Unless, of course, the scammers in question are counting on obtaining your tax transcripts — or recovering your IP PIN — through the IRS’s own Web site. According to the IRS, people with a credit freeze on their file must lift the freeze (with Equifax, at least) before the agency is able to continue with the KBA questions as part of its verification process.

CryptogramData and Goliath Confiscated from Chelsea Manning

One of the books confiscated from Chelsea Manning was a copy of Data and Goliath.

LongNowPaul Saffo Featured on Singularity Hub’s Ask An Expert Series

This week’s episode of Singularity Hub’s Ask an Expert features Long Now Board member Paul Saffo.

<iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/tRAuGLxjKF8" width="560"></iframe>

Ask an Expert is a new web series in which, well, experts answer tweeted questions about the future of technology. In this episode, Paul discusses virtual reality, weighs in on the word ‘disrupt’, and considers the possibility of having a wooly mammoth for a pet – with a quick shout-out to Long Now’s Revive & Restore project.

To see more videos in the Ask an Expert series, you can visit this page. And if you have a question of your own, you can tweet it to @singularityu with the hashtag #AskSU.

 

Cory DoctorowInterview with O’Reilly Radar podcast

I did an interview (MP3) with the O’Reilly Radar podcast at the Solid conference last month; we talked about the Apollo 1201 project I’m doing with EFF.

In the absence of any other confounding factors, obnoxious stuff that vendors do tends to self-correct, but there’s an important confounding factor, which is that in 1998, Congress passed the Digital Millennium Copyright Act. In order to try and contain unauthorized copying, they made it a felony to break a lock that protects access to a copyrighted work or to tell people information that they could use to break that lock.

I’m way more worried about the fact that the [DMCA] law also criminalizes disclosing information about vulnerabilities in these systems.

Lawrence Lessig, who was on our board for many years and is a great friend and fellow of Electronic Frontier Foundation, talks about how there are four factors that regulate our society. There’s code, what’s technologically possible. There is law, what’s allowed. There’s norms, what’s socially acceptable. And then there are markets, what’s profitable. In many cases, the right thing is profitable and also socially acceptable and legal and also technologically possible. Every now and again you run up against areas where one or more of those factors just aren’t in harmony.

This summer, the EFF is launching its own certificate authority called ‘Let’s Encrypt‘ to try and overcome the fact that in order to have secure Web sessions, you effectively need permission from a big corporation that issues you a certificate. We’re going to issue free certificates to all comers starting this summer.

If you had a mobile device that was yours and that you trusted and that didn’t give your information to other people, it could amass an enormous amount of both explicit and implicit information about you. … Then, as that device moved thorough space, the things around it could advertise what kinds of services, opportunities, availabilities they had to the device without the device ever acknowledging that it received them, without the device telling them a single thing about you. Because your device knows a lot about you, more than you would ever willingly give out to a third party, it could actually make better inferences about what you should be doing at this time in this place than you would get if it were the other way around, if you were the thing being sensed instead of you being the thing that’s doing the sensing. I quite like that model. I think that’s a very exciting way of thinking about human beings as entities with agency and dignity and not just ambulatory wallets.

I think we’re already in a world where markets don’t solve all of our problems, but markets actually do discipline firms.