Planet Russell

,

Sociological ImagesThe Chinatown of the American South

When one thinks of American Chinatowns, they usually think of San Francisco and New York, but at one time the third largest Chinatown in the U.S. was in Louisiana. It’s story is an example of how economics and geopolitics shape the growth of ethnic enclaves.

After the American Civil War ended legalized slavery in the U.S., Southern planters faced the challenge of finding labor to work their crops. It was common to employ the same black men and women who had been enslaved, now as sharecroppers or wage laborers, but the planters were interested in other sources of labor as well.

At nola.com, Richard Campanella describes how some planters in Louisiana turned to Chinese laborers. Ultimately, they hired about 1,600 Chinese people, recruited directly from China and also from California.

This would be a doomed experiment. The Chinese workers demanded better working conditions and pay then the Louisiana planters wanted to give. There was a general stalemate and many of the Chinese workers migrated to the city.

By 1871, there was a small, bustling Chinatown just outside of the French quarter and, by the late 1930s, two blocks of Bourbon St. were dominated by Chinese businesses: import shops, laundries, restaurants, narcotics, and cigar stores (some of the migrants had come to the U.S. via Cuba). Campanella quotes the New Orleans Bee:

A year ago we had no Chinese among us, we now see them everywhere… This looks, indeed, like business.

Big Gee and Lee Sing, New Orleans 1937 (photo courtesy of nola.com):

2

Other residents, it seemed, welcomed the way the Chinese added color and texture to the city. Campanella writes that “New Orleanians of all backgrounds also patronized Chinatown.” Louis Armstrong, who was born in 1901, talked of going “down in China Town [and] hav[ing] a Chinese meal for a change.” Jelly Roll Morton mentioned dropping by to pick up drugs for the sex workers employed in the nearby red light district.

A strip club now inhabits the old Chinese laundry; none of the original Chinatown businesses remain. But it held on a long time, with a few businesses lasting until the 1990s. All that’s left today is a hand-painted sign for the On Leong Merchants Association at 530 1/2 Bourbon St.

For more, get Richard Campanella’s book, Geographies of New Orleans.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Falkvinge - Pirate PartyA Year Ago, The European Supreme Court Appears To Have Ruled The Whole Web To Be In The Public Domain, And Nobody Noticed

Spiderweb

Copyright Monopoly: On February 13, 2014, the European Court of Justice – the Supreme Court of the European Union – appears to have ruled that anything published on the web may be re-published freely by anybody else. The case concerned linking, but the court went beyond linking in its ruling. This case has not really been noticed, nor have its effects been absorbed by the community at large.

It was a little-known ruling about hyperlinking. But beneath the surface lay a bombshell that will have repercussions for how the entire world exercises the copyright monopoly: a Supreme Court ruling that every single item posted on every single webpage without access control is permanently and irrevocably in the public domain, free for anybody else to copy and rebroadcast without restrictions – without restrictability.

The case was Svensson et al v Retriever Sverige AB. It concerned whether a news aggregator is allowed to link to news articles. The court found that linking was allowed, but elaborated quite a bit on why in the process, and that ruling has the net effect that the entire web is now in the public domain, republishable by anybody on web pages of their own.

The background is that the copyright monopoly in the European Union is governed by the European Union Copyright Directive (EUCD), which is the European equivalent of federal law. The EUCD goes well beyond ambiguous and vague concepts like “copying”, and lists exactly which exclusive rights are contained in the fuzzy umbrella concept of the copyright monopoly.

Basically, that umbrella contains two different rights. The copyright monopoly holder has the exclusive right to produce physical copies of their works (article 2), and the same holder has the exclusive right to communicate the work to the public, or authorize or prohibit others do to so (article 3).

Publishing on web pages falls in the latter category, “communicating to the public”. We can read in the EUCD, article 3:

Member States shall provide authors with the exclusive right to authorise or prohibit any communication to the public of their works, by wire or wireless means, including the making available to the public of their works in such a way that members of the public may access them from a place and at a time individually chosen by them.

This paragraph lists exactly what is contained in the exclusive right, and it is key for the ECJ ruling.

The people who wanted to ban linking had argued that hyperlinking was such an act of communication to the public, and the ECJ explains in quite a bit of detail why it is not. Quoting from the full ruling, with my highlights:

24. None the less, according to settled case-law, in order to be covered by the concept of ‘communication to the public’, within the meaning of Article 3(1) of Directive 2001/29, a communication, such as that at issue in the main proceedings, concerning the same works as those covered by the initial communication and made, as in the case of the initial communication, on the Internet, and therefore by the same technical means, must also be directed at a new public, that is to say, at a public that was not taken into account by the copyright holders when they authorised the initial communication to the public (see, by analogy, SGAE, paragraphs 40 and 42; order of 18 March 2010 in Case C‑136/09 Organismos Sillogikis Diacheirisis Dimiourgon Theatrikon kai Optikoakoustikon Ergon, paragraph 38; and ITV Broadcasting and Others, paragraph 39).

25. In the circumstances of this case, it must be observed that making available the works concerned by means of a clickable link, such as that in the main proceedings, does not lead to the works in question being communicated to a new public.

26. The public targeted by the initial communication consisted of all potential visitors to the site concerned, since, given that access to the works on that site was not subject to any restrictive measures, all Internet users could therefore have free access to them.

27. In those circumstances, it must be held that, where all the users of another site to whom the works at issue have been communicated by means of a clickable link could access those works directly on the site on which they were initially communicated, without the involvement of the manager of that other site, the users of the site managed by the latter must be deemed to be potential recipients of the initial communication and, therefore, as being part of the public taken into account by the copyright holders when they authorised the initial communication.

28. Therefore, since there is no new public, the authorisation of the copyright holders is not required for a communication to the public such as that in the main proceedings.

Do you understand how this changes the copyright monopoly game completely?

The European Court of Justice (ECJ) goes well beyond linking here, and rules in a broader sense on what constitutes an “act of communication to the public”, which is the exclusive right enjoyed by the copyright monopoly holder according to the EUCD. It rules quite specifically what falls inside and outside the scope of that monopoly, in order to apply that ruling to hyperlinking specifically. (Actually, it doesn’t so much rule as it refers to previously settled case law – and this is a crucial nuance, as it would not be legally binding otherwise: see the comments below.)

The ECJ makes it clear that the copyright monopoly holder, once having granted an audience permission to access the work, that holder has no further right to authorize or prohibit other transmissions of the same work to the same public or audience.

Specifically, the ECJ says that for an exclusive right to exist, the “communication to the public” must concern “communication to a new public”, that is, one not previously granted access.

It therefore follows, as the ECJ writes in its ruling, that once something is published openly on the web, the entire world has been granted access to it, deliberately, by the copyright monopoly holder. Therefore, the ECJ continues in driving down the hammer on this crucial point, there are no further exclusive rights to authorize or withhold. This effectively puts the work in the public domain.

(The text “effectively put in the public domain” is not in the ruling, as that is not a legal concept. However, that is still the net effect – at least as far as the Internet is concerned; you still wouldn’t be allowed to produce physical copies of the work as per article 2 of the EUCD.)

Does this mean that photos, that are published on one website without a paywall (such as a news site), may be freely published on any other website? Yes, that’s exactly what it means. Among many other things. And this is the Supreme Court of the European Union – unappealable and the final say.

Actually, the ruling goes even further and says that you may also embed content from another web page into your own, without that being a “communication to the public” (and therefore subject to copyright monopoly controls), as long as that content was freely available to the world – i.e. the same audience as you’re presenting to – from the original webpage.

I find it strange that this ruling didn’t get more attention at the time. Fortunately, the ruling is also quite in line with common sense.

So what happens when national state laws go above and beyond this? The European Court of Justice has that case covered too:

Lastly, the Court states that the Member States do not have the right to give wider protection to copyright holders by broadening the concept of ‘communication to the public’. That would have the effect of creating legislative differences and, accordingly, legal uncertainty, when the directive at issue is specifically intended to remedy those problems.

Most interesting. This case had been assumed to be about linking and linking only. It goes way beyond linking.

So let’s hear it from all other paralegals in the community – shoot this down? If this holds, we’re dealing with a new legal landscape, one that was common sense all the time.

Sociological ImagesHappy Birthday, Karl Marx!

104968043_df071622bd

(Image here.)

Have a scholar we should commemorate?  Send us a wacky pic and we will!

(View original at http://thesocietypages.org/socimages)

CryptogramEasily Cracking a Master Combination Lock

Impressive.

Kamkar told Ars his Master Lock exploit started with a well-known vulnerability that allows Master Lock combinations to be cracked in 100 or fewer tries. He then physically broke open a combination lock and noticed the resistance he observed was caused by two lock parts that touched in a way that revealed important clues about the combination. (He likened the Master Lock design to a side channel in cryptographic devices that can be exploited to obtain the secret key.) Kamkar then made a third observation that was instrumental to his Master Lock exploit: the first and third digit of the combination, when divided by four, always return the same remainder. By combining the insights from all three weaknesses he devised the attack laid out in the video.

Worse Than FailureCodeSOD: Version Logging

251220061158 (335194668)

When a system evolves and grows, it's usually necessary to identify various versions of software living in the wild. There are many ways to do that: some hide their version numbers in code, some keep them in configuration and metadata files, and others store them in the application's database.

No matter the scheme, accessing and modifying the current version number should be easy and painless- that is, unless you're working with Stan K.'s codebase. In a truly brillant case of reusing existing system facilities, the developers resorted to a much less common method of determining which patches and upgrades have been applied:

my $path = "/var/log/";
my $rval = MyOwn::System::ls({ file => $path });
my @things = split(/\n/, $rval->{'stdout'});

foreach my $item (@things) {
    my $checkver = undef;

    ### ignore everything but Patches and Upgrades
    ### 'prev' indicates that a patch was uninstalled
    if ($item =~ "Patch" && $item !~ "prev" && $item !~ "rollback") {
        my @parts = split(/Patch\-/, $item);
        $checkver = $parts[1];
    } elsif ($item =~ "Upgrade" && $item !~ "prev" && $item !~ "rollback") {
        my @parts = split(/Upgrade\-/, $item);
        $checkver = $parts[1];
    }
    #snip...
}

Abusing the fact that every upgrade and patch installation leaves a log file behind, the code browses the /var/log/ directory looking for them, and determines the version number using their filenames. While mind-bending, the solution does work- until the application server starts running low on disk space, and the system admins decide to clean up the old logs...

<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script> <style>code { font-family: Consolas, monospace; }</style>
[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Planet DebianRaphaël Hertzog: My Free Software Activities in April 2015

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 26.25 hours on Debian LTS. In that time I did the following:

  • CVE triage: I pushed 52 commits to the security tracker. I finished a new helper script (bin/lts-cve-triage.py) that builds on the JSON output that Holger implemented recently. It helps to triage more quickly some issues based on the triaging work already done by the Debian Security team.
  • I filed #783005 to clarify the situation of libhtp and suricata in unstable (discovered this problem while triaging issues affecting those packages).
  • I reviewed and sponsored DLA-197-1 for Nguyen Cong fixing 5 CVE on libvncserver.
  • I released DLA-199-1 fixing one CVE on libx11. I also used codesearch.debian.net to identify all packages that had to be rebuilt with the fixed macro and uploaded them all (there was 11 of them).
  • I sponsored DLA-207-1 for James McCoy fixing 7 CVE on subversion.
  • I released DLA-210-1 fixing 5 CVE on qt4-x11.
  • I released DLA-213-1 fixing 7 CVE on openjdk-6.
  • I released DLA-214-1 fixing 1 CVE on libxml-libxml-perl.
  • I released DLA-215-1 fixing 1 CVE on libjson-ruby. This backport was non-trivial but luckily included some non-regression tests.
  • I filed #783800 about the security-tracker not handling correctly squeeze-lts/non-free.

Now, still related to Debian LTS, but on unpaid hours I did quite a few other things:

Other Debian work

Feature request in update-alternatives. After a discussion with Josselin Mouette during the Mini-DebConf in Lyon, I filed #782493 to request the possibility to override at a system-wide level the default priority of alternatives recorded in update-alternatives. This would make it easier for derivatives to make different choices than Debian.

Sponsored a dnsjava NMU. This NMU introcuded a new upstream version which is needed by jitsi. And I also notified the MIA team that the dnsjava maintainers have disappeared.

python-crcmod bug fix and uploads to *-backports. A member of the Google Cloud team wanted this package (with its C extension) to be available to Wheezy users so I NMUed the package in unstable (to fix #782379) and prepared backports for wheezy-backports and jessie-backports (the latter only once the release team rejected a fix in jessie proper, see #782766).

Old and new PTS updates for Jessies’s release. I took care to update tracker.debian.org and packages.qa.debian.org to take into account Jessie’s release (which, most notably, introduced the “oldoldstable” suite as the new name for Squeeze until its end of life).

Received thanks with pleasure. This is not something that I did but I enjoyed reading so many spontaneous thanks in response to Guillem’s terse and thankless notification of me stepping down from dpkg maintenance. I love the Debian community. Thank you.

Thanks

See you next month for a new summary of my activities.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Planet DebianLaura Arjona: Debian Publicity Team meeting today!

Today at 18:00 UTC (this evening for me) there will be a Debian Publicity Team IRC meeting (open meeting, everybody invited), and I’m very happy because it will be the first meeting that I know of, since I joined the team (years!).

Being part of the Publicity team

There are many tasks handled by Publicity, and when I joined, I supposed that I was going to be part of a team with many members and well structured. And it was true… but not as I imagined. Publicity is a great team, in the sense that it accepts contributions from many people, and the few core members do an amazing work: on one side, get things done; on the other side, integrate all those occasional contributions from the wider community. But there are fewer core contributors than what one would expect by the output of the team. I would say we are maximum 10 people (out of 353 voters, 1033 Debian Developers, and 1197 contributors in the Debian Community in 2015). And as far as I know, everybody is member of some other teams too (I’m a translator, others in website team, sysadmins, packaging teams… and now we have a member sharing Publicity membership with DPL-ship!).

Organisation around the tasks

Publicity regular tasks (announcements, the newsletter “Debian Project News”, posting in social networks and in bits.debian.org, and other…) are all well defined and documented, in order to allow anybody jump in and help, and this is great, because it ensures a way for contributions to “arrive” the wide audience from the very first day: you pick something, you follow the instructions, and you’re done. I love this approach, because I tend to prefer to follow instructions than to “create” something, and my Debian time is made of small chunks at random days/times. But sometimes I feel that we all work “alone”, in something like a cold, robotic do-ocracy, and I also wonder how many people don’t contribute or become regular contributors just because they don’t understand the procedures, or they don’t like them, or other reasons…

IRC meeting

IRC is something that I use only for contributing to free software, not in other parts of my life.  I like IRC, it’s productive and fun, but I’m not always there, and I don’t save logs when I am idle, and I usually prefer email for communication. However, I try to be more present in the Debian IRC channels of the teams where I contribute, because I’ve learned that it plays a big role in “feeling at home in Debian”. Currently you can find me in #debconf-team #debconf15-germany #debian-i18n #debian-l10n-spanish #debian-publicity #debian-women and #debian-www .

I’ve attended some meetings in IRC (MediaGoblin monthly meetings, and DebConf15 meetings) and I’ve learned about MeetBot and more or less how to chair an IRC meeting. Today it will be my first time chairing, it’s hard to emulate so great chairs as Marga or Chris Webber, bu I hope I do it decently, and we all have a nice time knowing each other and sharing  ideas for the Publicity team.

Want to attend? All the details (when, where, agenda…) in the wiki page of the meeting. See you in a few hours!


Filed under: My experiences and opinion Tagged: Communities, Contributing to libre software, Debian, English, Free Software, IRC, libre software, Project Management

Planet DebianPaul Wise: The #newinjessie game: developer & QA tools

Continuing the #newinjessie game:

There are a number of development and QA tools that are new in jessie:

  • autorevision: store VCS meta-data in your release tarballs and use it during build
  • git-remote-bzr: bidirectional interaction with Bzr repositories for git users
  • git-remote-hg: bidirectional interaction with Mercurial repositories for git users
  • corekeeper: dump core files when ELF programs crash and send you mail
  • adequate: check installed Debian packages for various issues
  • duck: check that the URLs in your Debian package are still alive
  • codespell: search your code for spelling errors and fix them
  • iwyu: include only the headers you use to reduce compilation time
  • clang-modernize: modernise your C++ code to use C++11
  • shellcheck: check shell scripts for potential bugs
  • bashate: check shell scripts for stylistic issues
  • libb-lint-perl: check Perl code for potential bugs and style issues
  • epubcheck: validate your ePub docs against the standard
  • i18nspector: check the work of translators for common issues

Planet DebianDirk Eddelbuettel: RcppAnnoy 0.0.6

annoy logo

A few days ago, Erik released a new version of his Annoy library -- a small, fast, and lightweight C++ template header library for approximate nearest neighbours -- which now no longer requires Boost. While I don't mind Boost (actually, quite the opposite), it appears to have been a blocker in getting the Python part of Annoy over to the world of python3.

And with a new Annoy out, I updated RcppAnnoy to it. In the process I got another pull request into Annoy (use R's RNG rather than rand() which R CMD check really dislikes).

This new package is now on CRAN.

Courtesy of CRANberries, there is also a diffstat report for this release.

More detailed information is on the RcppAnnoy page page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

TED8 tips for virtual collaboration, from TED’s tech team

TED tech team on telecommuting

TED’s technology team is spread out across the country, so we rely on videoconferencing to do our work. But don’t let the image fool you — we rarely wear suits. Image courtesy of iStock

Our 29-member Technology Team is spread out. TED HQ is in New York, but our team includes developers who live in six other states — from Florida to Oregon, with a stopoff in South Dakota — and two other countries. (Yes, tech talent doesn’t always reside in New York and San Francisco.) There are big benefits to being so spread out: Our team’s growth isn’t constrained by the cost of office space, and local challenges like a hurricane or a power outage don’t halt our work entirely. But it also means we have to be very deliberate about how we work, because we rely on virtual collaboration.

We know we’re not alone. More and more workplaces are bringing together talented people in flexible, virtual work environments. If you’re a part of one, or thinking about giving it a try, we’d love to share these 8 strategies our team uses for seamless (mostly) remote working.

  1. Review your tools. Good communication starts with great tools. Like many tech teams, we use GitHub to collaborate on code. We obsessively upload to Dropbox, as it’s a great place for us to store assets we all use, and use Google Docs for notes on group thinking and works in progress. Another essential tool: Everyone on our team has a very good headset. During videoconferences, a headset makes an incredible difference in call quality — and prevents those irritating echoes. Speaking of…
    .
  2. Invest in videoconferencing. We have put a lot of effort into getting our videoconferencing to a good place. We tested and bought high-quality cameras for each of our conference rooms, found a great teleconferencing partner (we use Blue Jeans, but Vidyo is also good, and Skype and Google Hangouts work great for smaller meetings), and created a custom iPad app for our meeting rooms that allows staffers to quickly dial in. We send out staff surveys periodically to understand pain points for people inside and outside the office. It’s a work in progress and there’s always room for improvement, but structural support is one of the most important factors in pulling off reliable virtual collaboration. (As a bonus, our tech team’s obsession with videoconferencing makes video meetings better across the whole company.)
    .
  3. Get together in person when you can. We’re advocates of the virtual team, but there’s still something important about gathering in one room. That’s why, as we speak, our team is gathered in the Badlands of South Dakota for our seventh Tech Summit. We do these summits every three to four months — we head to a neutral location to talk as a group about our goals and to share ideas for front-end features and back-end tools that we want to build and develop. For most teams, once or twice a year would suffice, but the pace of change in technology requires us to regroup pretty often, and we get so much done in the span of a week it justifies the cost of travel. Some things that have changed because of discussions at our tech summits: programming languages we use, the features of our 401(k) plan and health insurance, our approach to working in groups. Plus, you just don’t get the same high-quality team photography when you have to Photoshop everyone together.
    Our full team gets together every 3-4 months for a Tech Summit. Here, the full team. Photo: Thaniya Keereepart

    Our full team gets together every three to four months for a Tech Summit. Here, the group in South Dakota. Photo: Thaniya Keereepart

    For summits, we plan our agenda collectively in a group wiki, alternate coasts to keep the travel burden fair (we’ve done Denver, Nashville, Portland, Savannah — the only rule for locations is: any continental US city that isn’t Las Vegas), and designate a pair of logistical planners (usually including a local) to figure out the rest. We make sure to do one or more local activities so we’re experiencing and bonding — not just debating and working.

  4. Replicate the elements of a normal office. What are those little office things that a virtual team misses out on? We think about how to institute virtual replacements. We use chat for 1:1 conversations, and we use Flowdock internally for team chatter (Slack is another great option). It helps facilitate transparency in our conversations and achieve that serendipity that happens in the office when you overhear two teammates talking about a project and you have something to offer. We even have a “Watercooler” channel for the posting of random news, interesting articles, pointless debates, and GIFs to mimic the fun that happens over coffee in the kitchen.
    .
  5. Have a standing meeting. We do a regularly scheduled team meeting every week to help us all stay on the same page. This is where we talk through launches, outages, what we’re working on, who’s going on vacation soon — it’s a chance to disseminate little bits of information to the full team. It’s every week — same time, same place — and an impressive collection of visual jokes has developed over time. A notable one: spur-of-the-moment wardrobe choices made by our remote team members create team-wide traditions like hats on launch days. I now have a fez on my desk in the office for the next one.

    A TED teach team tradition: hats for launches.

    Another TED Tech Team tradition: everyone wears a hat during launches. Some are sillier than others.

  6. Get a room (for everyone). We know big talent can come from anywhere. But our one rule for remote team members is that they must have access to a room of their own — one with a door. If they have this in their home and prefer to work there, excellent. If they don’t, we help them find a convenient coworking space to use. We require this because the ability to control your environment and get heads down is very important for development work. But it also helps team members join virtual meetings without distraction.
    .
  7. Set expectations for teleconference behavior. For virtual meetings to work, everyone has to have the same expectations. If some members of the team videoconference into a call while others pick up the phone and dial in, it creates odd imbalances and pauses. Our rule: We always plan for video. This allows us to see everyone and to screenshare presentations and comps. Also, if a few team members are together in one meeting room and others are remote, it is the meeting organizer’s job to normalize the experience for everyone. For example, if we’re brainstorming on an office whiteboard, someone transcribes the text into Google Docs for the remote team. It’s part of our culture to actively tweak and improve the remote experience, so the team in New York doesn’t get complacent and the remote team doesn’t get quietly frustrated.
    .
  8. Everyone gets a hotspot. Sometimes a remote worker wants to spend the day at a coffee shop. Sometimes the wifi just flakes out at home. This is why an important step in our onboarding process is, you are issued a MiFi — a portable WiFi hotspot, just in case. See also: when our Director of Ops worked for a month from France. He had the most amazing backgrounds in videoconferencing meetings.
Where we are right now: Badlands National Park for our seventh Tech Summit. It's a time for us to discuss goals in person — and experience a new location together. Photo: Haley Hoffman

Where we are right now: Badlands National Park for our seventh Tech Summit. It’s a time for us to discuss goals in person. Photo: Haley Hoffman

Interested in more behind-the-scenes thoughts from our technology team? Follow, at your peril, the adventures of the tech team on Twitter. Relevance not guaranteed.


,

TEDAK-47s transformed into jewelry and watches, thanks to a chance meeting in a TED hallway

The metal in this watch was once an AK-47, serial number 6113110. Through Fonderie 47, social entrepreneur Peter Thum has helped decommission 45,000 weapons in Africa. Photo: Courtesy of Fonderie 47

The metal in this watch was once an AK-47. Through the company Fonderie 47, social entrepreneur Peter Thum has helped decommission 45,000 of these assault rifles in Africa. Photo: Courtesy of Fonderie 47

The watch looks both futuristic and retro at the same time. A swirl of visible gears and carefully calibrated dials, it charts time in an unusual way — the hour jumps into place at the top, the minute is marked in a semicircle along the bottom, and the seconds swoop above. It’s a statement watch, the kind of piece that people inevitably ask about.

This watch — which at $195,000 is no small investment — comes in a rose or white gold finish. But the metal underneath has a history. Before being crafted into a high-end timepiece, this metal formed an AK-47. Each watch has the serial number of the weapon destroyed to create it displayed across the side. And each purchase funds the destruction of an additional thousand assault rifles in Africa.

This watch was dreamed up by social entrepreneur Peter Thum, the founder of Ethos Water and a TED attendee. Thum calls the AK-47 “the most infamous and destructive gun in the world” and through the company Fonderie 47, he transforms these weapons into jewelry — rings, cuffs, earrings, necklaces and more. The watch is the company’s pièce de résistance.

The idea for Fonderie 47 was born out of a chance meeting at TED2009, when Thum struck up a conversation with fellow entrepreneur John Zapolski. “We met in between sessions in the lobby,” Thum remembers. “Like a lot of people at TED, you meet in the hallways — and then they become people that you know and interact with for the rest of your life.”

As the two talked, they discovered that they had both recently traveled to Tanzania. “I don’t remember how we got to this topic, but the subject of security and guns came up,” says Thum. “We were talking about the AK-47, and we both said, ‘We should talk about this more.’”

The AK-47 is a gun designed by Mikhail Kalashnikov for the Soviet military in 1947. While it has become one of the most widely used shoulder weapons in the world, in Africa it is especially prevalent. Because of its low cost, ease of use and long-term durability, the AK-47 has become the gun of choice for rebels, militia members and terrorists in Africa. (An interesting watch: the PBS Frontline special, “On the trail of an AK-47.”) In April, Al-Shabaab gunmen used AK-47s in a horrifying attack on a university in Kenya that left 148 people dead. The curve of the AK-47’s magazine has become eerily iconic in images from conflict regions.

A stockpile of weapons. Photo: Moises Saman

A stockpile of AK-47s and other assault rifles. Thum makes these weapons the raw material for something beautiful. Photo: Moises Saman

Both Thum and Zapolski were concerned about the proliferation of assault rifles in Africa and wanted to come up with an idea to take AK-47s specifically out of circulation. They wondered: could they transform these weapons into something benign — even something beautiful?

“John was thinking about an art installation. I said, ‘I think we should try to make it into something that would live in the world, something that would be a part of people’s lives and that would get talked about,’” says Thum. “The idea evolved from there … We focused on watches because they are also mechanical — but at the opposite end of the spectrum in terms of things that human beings make … The AK-47 is not a refined thing. Swiss watchmaking, at its highest levels, is probably one of the most refined things that human beings do. So it seemed compelling to take this object that was about death and destruction and make it into something that was also a machine, but one of beauty.”

Creating this watch ended up being a much bigger challenge than Thum and Zapolski, who left the company in 2012, originally imagined.

“It might have taken us longer to finish the first watch than it took Michelangelo to paint the Sistine Chapel,” says Thum. (History buffs will note that is almost true, though not quite.)

The first issue: figuring out how to get AK-47s in an ethical way. The solution came in 2011, when Thum got permission to transform AK-47s confiscated in Virunga National Park in the eastern part of the Democratic Republic of the Congo. This stunning park is in the North Kivu province, a seat of conflict since 1998.

Peter Thum examines TK. Photo: Moises Saman

Peter Thum examines a cache of confiscated weaponry. Photo: Moises Saman

The next hurdle: getting the AK-47s to the United States, which has strict laws about the import of weapons. “We made a lot of different attempts and tried a lot of different angles, all of them legal,” says Thum. The solution: destroying the weapons locally and then transporting them. “We brought them back in our luggage,” recalls Thum. “We brought them across the border of the Congo and Rwanda, and then checked our bags at the airport in Kigali and flew back to New York.”

And yet, this method led to another challenge — finding people who would work with the material. “The steel looked like junk,” says Thum. “People who make luxury jewelry and watches are accustomed to working with materials that are easier to work with — precious metals like 18-karat gold and 24-karat gold that are soft and have low melting temperatures, With steel, the melting temperature is much higher. Their equipment isn’t really built to work with it.”

Thum found an initial collaborator in a friend of a friend, a blacksmith who proposed building a forge to heat the steel to a high temperature. He then pounded the metal using an anvil and hammer into molds, in order to create usable parts. Because the effects of the economic recession were still being felt at the time, Thum says he actually had an easy time finding factories willing to take the project on.

Thum landed on the name Fonderie 47 — “fonderie,” because it’s French for “foundry,” and “47” for “AK-47.” In 2011, he began talking to investors — including many from the TED community — and offering the first products.

The brand has grown steadily ever since. James de Givenchy created a collection for Fonderie 47, and the watch was designed by Adrian Glessing and produced by Swiss watchmaker David Candaux. Every purchase funds the destruction of more AK-47s.

“As of the end of last year, we destroyed a little over 45,000 assault rifles in [the Congo and Burundi],” says Thum.

Photo: Mines Advisory Group

Before becoming jewelry, these weapons are destroyed locally. Fonderie 47 works with Nobel Peace Prize laureate Mines Advisory Group to destroy weapons. Photo: Mines Advisory Group

The real value here is that these guns are unlikely to be replaced. “There’s a significant difference in the economic value of the AK-47 in Africa versus the global trading price,” says Thum. “The upper end of the price range for an AK-47 type weapon is $534 and the lower end of the range is $349. So if you look at the value of 45,000 AK-47s that are legacy weapons, it would cost between $15 and $24 million to replace them.”

In the summer of 2012, Thum and his wife, actress Cara Buono, had the idea to take things a step further and create products made out of weapons secured in the United States. They founded a new brand, Liberty United, to make pendants, charms and rings.

“The idea was very similar,” say Thum. “We partnered with American cities and police departments to give us guns from buyback [programs] or evidence that had been released from crimes. We take guns and bullets as material and transform it.”

So far, Liberty United is working with police departments in Philadelphia, Pennsylvania; Syracuse, New York; Cook County, Illinois; and Newburgh, New York. The price of these pieces tends to be lower, and the design is overseen more tightly by the company, as fabrication is done in New York and Rhode Island.

Photo: Courtesy of Liberty United

Liberty United is a different spin on the same idea—this line of jewelry is crafted from the metal of weapons collected by buyback programs in the United States. Photo: Courtesy of Liberty United

Both companies physically transform weapons. But beyond that, both also have at the core of their business model funding further work to defuse violence. Fonderie 47 gives financial support to Mines Advisory Group (MAG), a Nobel Peace Prize laureate that secures and destroys weapons in Angola, Cambodia, the Congo, Libya and Iraq. And Liberty United funds a variety of youth education programs in cities, including the Philadelphia Anti-Drug/Anti-Violence Network’s Youth Violence Reduction Partnership and the Syracuse Model Neighborhood Facility’s Journey 2 Manhood Program.

This makes sense, as Thum is one of the pioneers of the social entrepreneurship movement. “When I first came up with the idea for Ethos Water in 2001, there was almost no information about companies like this,” says Thum, noting that Ben & Jerry’s, Newman’s Own and The Body Shop were virtually the only companies out there with a social good component at the time. “We’ve gone from very few of these companies as examples to almost every college and business school having courses taught on social entrepreneurship.”

The fact that people are learning about social entrepreneurship has the domino effect: it gets people interested in starting these businesses, creates more demand on a consumer level, and pushes large companies to enter the arena too.

Ethos Water got Americans to think about the global water crisis in a way many hadn’t before, says Thum. “It was a tool that used consumerism to flip a switch in people’s minds about the importance of the issue by getting them involved at a very light-touch level,” he says. (Watch his talk on social entrepreneurship from TEDxSMU below.) “The idea for Fonderie 47 is similar. The gun issue in Africa is one that hasn’t received the same kind of attention in the United States as other issues. I think in large part because it’s complicated and not easy to solve.”

He continues, “The good thing about the growth of this field of people becoming social entrepreneurs — whether they are doing so in a pure non-profit environment, a pure for-profit approach, a hybrid business, or by trying to alter large organizations — is that each idea can be viewed as an experiment.”

He’s excited to see what happens with Fonderie 47 and Liberty United. “The more experiments you run, the more people you have trying, the more likely it is that one of those people will come up with a recipe that makes a change.”

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/r-p89BYgCHg?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>


Planet DebianSantiago García Mantiñán: ScreenLock on Jessie's systemd

Something I was used to and which came as standard on wheezy if you installed acpi-support was screen locking when you where suspending, hibernating, ...

This is something that I still haven't found on Jessie and which somebody had point me to solve via /lib/systemd/system-sleep/whatever hacking, but that didn't seem quite right, so I gave it a look again and this time I was able to add some config files at /etc/systemd and then a script which does what acpi-support used to do before

Edit: Michael Biebl has sugested on my google+ post that this is an ugly hack and that one shouldn't use this solution and instead what we should use are solutions with direct support for logind like desktops with built in support or xss-lock, the reasons for this being ugly are pointed at this bug

The main thing here is this little config file: /etc/systemd/system/screenlock.service

[Unit] Description=Lock X session Before=sleep.target [Service] Type=oneshot ExecStart=/usr/local/sbin/screenlock.sh [Install] WantedBy=sleep.target

This config file is activated by running: systemctl enable screenlock

As you can see that config file calls /usr/local/sbin/screenlock.sh which is this little script:

#!/bin/sh # This depends on acpi-support being installed # and on /etc/systemd/system/screenlock.service # which is enabled with: systemctl enable screenlock test -f /usr/share/acpi-support/state-funcs || exit 0 . /etc/default/acpi-support . /usr/share/acpi-support/power-funcs if [ x$LOCK_SCREEN = xtrue ]; then . /usr/share/acpi-support/screenblank fi

The script of course needs execution permissions. I tend to combine this with my power button making the machine hibernate, which was also easier to do before and which is now done at /etc/systemd/logind.conf (doesn't the name already tell you?) where you have to set: HandlePowerKey=hibernate

And that's all.

Planet DebianMike Gabriel: Rebasing NXv3 against latest X.Org -- already ~2,700,000 lines of code removed

We have set sails for a great endeavour. We are cleaning up the nx-X11 / nxagent code tree [1] and rebase it against latest / recent X.Org. Until now, we have been able to drop ~2,700,000 lines of code [2] from the source tree that originally got released by NoMachine.

The plan is...

  • to make NXv3 usable with recent desktop environments (work needed on nxagent's randr proto, composite proto, GL, probably more),
  • facilitate multimedia content over NX via the Telekinesis framework (originally developped for X2Go),
  • make X11 events inside nxagent accessible for third party applications
  • and facilitate NX traffic via unix domain sockets.

For more details, see the Readme.md[3] file on our Github project.

What we have achieved so far...

  • We have only one(!) bundled library left (nx-X11/extras/Mesa--yeah, getting rid of this hunk will be quite an issue, indeed).
  • We are continuously dropping bundled X11 libraries (already dropped: libNX_Xdmcp.so, libNX_Xfont.a, libNX_Xdmcp.so, pending: libNX_Xinerama, libNX_Xrandr, libNX_Xdamage).
  • We have had three major commits that dropped many many lines of completely unneeded imake build logic.

read more

Planet Linux AustraliaAndrew Pollock: [life] Zoe at 5

Zoe celebrated her 5th birthday a day early with a lovely party at Sarah's house, with a bunch of her friends from Kindergarten, Prep and beyond. This birthday also means she's been living in two homes for as much of her life as she's lived in one. On that front, mercifully, she seems to be doing as well as one could possibly hope for. This is her normal, as much as it breaks my heart.

She's doing fabulously well on all fronts, really. She's grown into a lovely little girl that I always enjoy spending time with. She's finally figured out how to ride a bike, so I've bought her a bigger bike for her birthday. I believe her swimming is going really well (I haven't seen her in action for a while because she does her swim classes via after-school care, but I'm fortunate to have one of my Thermomix consultant team members be her swim teacher, so I get some feedback from time to time).

We had parent-teacher interviews at the end of last term, and from all reports there, Zoe seemed to be doing well in Prep. Her sight-words are going pretty well. She's got the hang of phonics. She can write her name. She seems to have made friends with lots of the kids in her class. We've had a few of them over for dinner. I feel very connected with the school community.

I'm really grateful that I got about 5 weeks at the start of Prep before I returned to work. I got to be really involved with school for a little bit. I helped out with her school swim classes. I helped out with a literacy group. I did Tuckshop a couple of times. It was lovely. I wish I could be a stay at home parent so I could do that sort of thing all the time, but that's just not possible (at the moment, anyway). The school clearly relies quite heavily on parent helpers.

Five (and the lead up to it) seems to be a pretty fantastic age. I'm loving being her Dad now just as much as any other time.

Geek FeminismThe Recompiler: An Interview with Audrey Eschright

Audrey Eschright is a well-known figure in the Portland, Oregon tech scene, and for good reason: her open source project, Calagator, has been connecting Portland techies with local tech and user group events since 2008.  She also co-founded Open Source Bridge, a tech conference that has raised the bar for inclusiveness, diversity, and volunteerism in technical conferences.

Audrey’s newest project is The Recompiler, a feminist hacker magazine that will be launching in summer of 2015.  Given Audrey’s successful track record, The Recompiler promises bring something wonderful and valuable to the lives of many technically-minded people. I wanted to learn more about this project and what she hopes to make of it.  Our conversation follows; if you’re interested in helping make The Recompiler a success, don’t forget to become a subscriber – a subscription drive is currently underway.

What’s your vision for The Recompiler?

I want to create a community of learning and inclusion for people working with technology, via a print and online magazine, and other media projects. I’m very interested in exploring the diversity that already exists in tech, and connecting the dots to show people pathways into areas of tech beyond the webdev bootcamp –> tech startup job model that seems to be the primary way we’re talking about creating a “pipeline” for under-represented groups to engage in technical work.

I’m at a point in my career, the pipeline isn’t the thing I think about the most anymore. I’m thinking about creating a platform for people to continue to live and work in this space, especially as we find ourselves to be no longer raw beginners, but people who have experience, competence, and yet still need to continue to learn more, keep building our skills.

I’ve also been asking myself: what am I even doing diversity work for? What is geek feminism for? The work of promoting and explaining diversity needs can completely swamp you, take up all your time and energy. If there isn’t still a space to do tech, to build technology that we need, by us and for us, there’s no point.

What sort of content are you envisioning for The Recompiler? Who’s your ideal audience, and what value should subscribing / reading expect to get?  How about those who might not normally consider themselves in the readership of a feminist hacker magazine?

I’m looking for a range of content on technical topics: tutorials, articles, personal stories, and also art and illustrations. I’ve been really inspired by zine culture, as well as newer magazines like Lucky Peach that take a topic (in their case, food) and explore it from a variety of angles: factual, creative, work, play, at home, and traveling all over the world.

My ideal audience is people who are working with technology and just starting to be aware of the bigger range of unknown unknowns (I don’t know what I don’t know). And also people who are in other places in their learning progression, but want to continue to expand their knowledge in a fun, playful way. I think that by combining tutorials and technical articles with personal narratives and art, we can build a map of possibilities together.

I hope that for people who see themselves as being outside that audience, it will give them a greater awareness of the real breadth of activities and kinds of participation that are possible in technology. Part of my process as I started working on The Recompiler was to ask myself, what inspired me when I first started to learn to program? What encouraged me to want to be involved in computing? So much of that was about exploring possibilities, building things that hadn’t existed before, and connecting with other people through new kinds of communication tools. I hope that everyone who reads The Recompiler will feel a little of that spark.

Tell me about the history of this project. What inspired you, and what led you to the point where you decided to make The Recompiler happen?

Well, one of the most direct inspirations was Amelia Greenhall’s “Start Your Own B(r)and” post. Around December, January, I was looking at my job and career options, and trying to decide whether to stay where I was, move to another startup, or do something else. I made a list of what I thought I was looking for, and talked to a lot of people, and then Amelia’s post really hit me at the right time.

After that, I talked to a lot of friends about maybe doing a “feminist hacker magazine”, and everyone from Women Who Hack, and people were really into the idea. So I spent some time writing down every idea that came to mind, working out a budget, figuring out what I would need to make it work, then I quit my job to focus on this at the end of March. It’s not the first time I’ve thought about starting a business and going to work for myself, but having so much information about what I needed to learn, and friends who could give me referrals and business advice, that made a huge difference.

The promotional video for your subscription campaign includes cameos by your three cats and a blue puppet I’m familiar with from your 2010 Open Source Bridge talk, “The Fine Line Between Creepy and Fun.” Tell me more about them!

My cats Sputnik, Kirk, and Yuri were all very obliging participants in the video. Sputnik (with the tuxedo) is getting to be a “senior”, but he’s still the most athletic: if he can see where he’s going, he can jump on top. Kirk (the tabby) is a snuggle bunny, sometimes he gets a little *too* enthusiastic and starts to head butt people. And Yuri is the baby, and the softest cat I’ve ever met.

It’s hard to keep Creepius from inviting himself to things like this. The weird little blue monster thinks he’s the star of everything.

Thanks for telling us more about The Recompiler, Audrey! The subscription drive continues for a couple more weeks.

TEDInterviews live from Baltimore, a life lesson from chess, and Ava DuVernay becomes a Barbie

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="https://embed.theguardian.com/embed/video/us-news/video/2015/apr/28/the-baltimore-riots-the-night-on-periscope-video" width="560"></iframe>

The TED community has been busy as usual this week. Below, some newsy highlights.

On the ground in Baltimore. Last Monday night, Paul Lewis used Twitter’s live video app, Periscope, to document the demonstrations and riots that erupted after Freddie Gray’s funeral in Baltimore. In a series of videos, he interviewed residents of the city, including Donte Hickman — a pastor who had just discovered that the $16 million senior center funded by his church was on fire — and Cynthia Brooks, a local who drew a parallel to the riots of 1968. Lewis used this new technology to powerful effect to “observe a community making sense of the destruction and chaos.” (Watch Paul’s TED Talk, “Crowdsourcing the news.”)

Film director Barbie. Who is your “sheroe?” Mattel has announced a line of dolls made in the likeness of six women honored at the Variety Power of Women Luncheon, aka “Sheroes.” Among these dolls: a Barbie version of Selma director Ava DuVernay. This doll will be auctioned off to support charity. (Read our conversation with Ava.)

Keeping curiosity alive. Late last month, author Ken Robinson released a new book, Creative Schools: The Grassroots Revolution That’s Changing Education. In an excerpt featured in The Washington Post, Robinson gets to the heart of the matter: “The most fundamental question is, what is education for?” Curiosity, he says, is one of humanity’s most innate traits. “Keeping it alive is the key to education,” he writes. (Watch Ken’s TED Talk, “How schools kill creativity,” our most-watched of all time.)

School lunch heroes. The first Friday in May brings with it a special holiday: School Lunch Hero Day. Founded by Jarrett J. Krosoczka as a way for kids in the U.S. to express gratitude to those who serve them lunch, students celebrate by making thank-you cards. Krosoczka shared this adorable photo of the festivities with us on Friday. (Watch Jarrett’s TED Talk, “Why lunch ladies are heroes.”)

School Lunch Hero Day

A Vanity Portrait, courtesy of Desmond Tutu and Annie Leibovitz. In the May issue of Vanity Fair, Desmond Tutu wrote a moving piece about Bryan Stevenson, explaining his reverence for the public-interest lawyer. “Justice needs champions, and Bryan Stevenson is such a champion,” Tutu writes, in a piece alongside a stunning Annie Leibovitz photo of Bryan. “His courage and commitment contributed to the abolition of the death penalty for juveniles, and he is working tirelessly to end life sentences for adults convicted of crimes committed in their youth.” (Watch Bryan’s TED Talk, “We need to talk about an injustice.”)

Life lessons from chess. “They say in chess, it takes 10 good moves to win a game, and one bad move to lose a game,” says Maurice Ashley, the first African-American International Grandmaster of Chess, in the new documentary The Infectious Wisdom of Maurice Ashley. As he challenges locals to a friendly game in New York City’s Union Square, Ashley shares how chess has changed him. “It’s about teaching you to think right and to live right, because there are consequences to every single move you make in life,” he says. (Read about Maurice’s talk at TEDYouth.)

An up-and-coming ophthalmologist. TED Fellow Andrew Bastawrous made The Ophthalmologist’s Power List of the Top 40 Under 40 for 2015. This year, the magazine asked “who are the young, up-and-coming individuals set to rise to the top of their field?” — rather than focusing on those who already made it. Bastawrous was a natural fit for his work on a smartphone app to bring eye exams to people in remote areas. (Watch Andrew’s TED Talk, “Get your next eye exam on a smartphone.”)

Have a news to share? Write us at blog@ted.com and you may see it included in this weekly round-up.


Planet DebianMike Gabriel: My FLOSS activities in April 2015

April 2015 has been my first month on the Debian LTS team (as a paid contractor working underneath the Freexian [1] umbrella). Working in the team of paid Debian LTS developers requires to write a monthly summary about sponsored work on Debian LTS. Thanks to Raphael Hertzog for having me on his company's team and providing the framework for providing paid work on Debian LTS.

I will use this requirement for a monthly report as a starting point for documenting my FLOSS activities on a monthly basis via my blog (not only for Debian LTS, but also for other projects).

Work on Debian LTS

For the Debian LTS team I have been doing 8h of contracted work in April 2015 (and at the beginning of May 2015). The work focused on:

  • understanding / questioning details on the Debian LTS workflow
  • fixing several issues in xdg-utils for Debian squeeze-lts [2]
  • fixing two CVE issues in the xorg-server package (in two consecutive uploads) [3,4]
  • working on regression documentation

Several more hours have been spent by myself (and also Raphael) for getting me started in the team. Thanks for your patience.

Work on Debian jessie

The Debian MATE Packaging team was able to provide several fixes last-minute before the Debian jessie release (mate-control-center[5], caja-extensions[6], mate-desktop [7]). Thanks to the release team for processing the last-minute unblock requests so smoothly.

read more

Planet DebianMichael Prokop: The #newinjessie game: tools related to RPM packages

Continuing the #newinjessie game:

Bernhard Miklautz, contributor to jenkins-debian-glue and author of jenkins-package-builder (being in an early stage but under active development to provide support for building RPMs, similar to what jenkins-debian-glue provides for building Debian/Ubuntu packages) pointed out that there are new tools related to RPM packaging available in Debian/jessie:

  • mock: Build rpm packages inside a chroot (similar to what cowbuilder/cowbuilder/sbuild/… do in the Debian world)
  • obs-build: scripts for building RPM/debian packages for multiple distributions

Planet DebianJulien Danjou: The Hacker's Guide to Python, 2nd edition!

A year passed since the first release of The Hacker's Guide to Python in March 2014. A few hundreds copies have been distributed so far, and the feedback is wonderful!

I already wrote extensively about the making of that book last year, and I cannot emphasize enough how this adventure has been amazing so far. That's why I decided a few months ago to update the guide and add some new content.

So let's talk about what's new in this second edition of the book!

First, I obviously fixed a few things. I had some reports about small mistakes and typos which I applied as I received them. Not a lot fortunately, but it's still better to have fewer errors in a book, right?

Then, I updated some of the content. Things changed since I wrote the first chapters of that guide 18 months ago. Therefore I had to rewrite some of the sections and take into account new software or libraries that were released.

At last, I decided to enhance the book with one more interview. I've requested my fellow OpenStack developer Joshua Harlow, who is leading a few interesting Python projects, to join the long list of interviewees in the book. I hope you'll enjoy it!

If you didn't get the book yet, go check it out and use the coupon THGTP2LAUNCH to get 20% off during the next 48 hours!

Mark ShuttleworthAnnouncing the “wily werewolf”

Watchful observers will have wondered why “W” is yet unnamed! Without wallowing in the wizzo details, let’s just say it’s been a wild and worthy week, and as it happens I had the well-timed opportunity of a widely watched keynote today and thought, perhaps wonkily, that it would be fun to announce it there.

But first, thank you to all who have made such witty suggestions in webby forums. Alas, the “wacky wabbit” and “watery walrus”, while weird enough and wisely whimsical, won’t win the race. The “warty wombat”, while wistfully wonderful, will break all sorts of systems with its wepetition. And the “witchy whippet”, in all its wiry weeness, didn’t make the cut.

Instead, my waggish friends, the winsome W on which we wish will be… the “wily werewolf”.

Enjoy!

Krebs on SecuritySally Beauty Card Breach, Part Deux?

For the second time in a year, nationwide beauty products chain Sally Beauty Holdings Inc. says it is investigating reports of unusual credit and debit card activity at some of its U.S. stores.

Last week, KrebsOnSecurity began hearing from multiple financial institutions about a pattern of fraudulent charges on cards that were all recentlysally used at Sally Beauty locations in various states. Reached for comment on Sunday about the fraud pattern suggesting yet another card breach at the beauty products chain, Sally Beauty issued the following statement this morning:

“Sally Beauty Holdings, Inc. is currently investigating reports of unusual activity involving payment cards used at some of our U.S. Sally Beauty stores. Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure our customers are protected. Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.”

Their statement continues: “Consistent with our ‘Love it or Return It’ policy, customer security and confidence remains our number one priority. As a result, we encourage any customer who is concerned about the security of their payment cards to call our Customer Service Hotline at 1-866-234-9442, so that we can assist them in addressing any potential concerns. Sally Beauty will, as appropriate, provide updates as we learn more from our investigation.”

In addition, the company also sent out an urgent alert today to its employees, asking associates to direct any customers with credit card issues to the Sally Beauty Web site or to call customer service. “We hadn’t gotten an email like that since last year when we had our breach,” the Sally Beauty employee said on condition of anonymity.

On March 5, 2014, this publication first reported that a batch of more than 282,000 cards that went up for sale on Rescator[dotc]cc — the same site that was first to sell cards stolen in the Home Depot and Target breaches — all traced back to customers who’d shopped at Sally Beauty locations nationwide. Asked about that pattern at the time, a company spokesperson said Sally Beauty had recently detected an intrusion into its network, but that neither its information technology experts nor an outside forensics firm could find evidence that customer card data had been stolen from the company’s systems.

But on March 17, 2014, Sally Beauty officially confirmed a breach of its network, but said its investigation determined that fewer than 25,000 card accounts were removed from its network. Nevertheless, a subsequent, exhaustive analysis of the Sally Beauty store ZIP codes listed in the cards for sale on Rescator’s site indicated that the 2014 breach impacted virtually all 2,600+ Sally Beauty locations nationwide.

Sally Beauty is not alone in dealing with separate card compromise incidents in a short period of time. Last month, hotel franchise management firm White Lodging disclosed that for the second time in a year, hackers had broken into point-of-sale systems at food and beverage outlets inside of many of its franchise locations.

It is possible that Sally Beauty locations are feeling the brunt of a large number of compromises at point-of-sale vendors, such as the recently announced breach among Harbortouch POS customers. However, at least two banks contacted by this author say the cards they were alerted to by Visa and MasterCard that correspond to the Harbortouch incident have very little overlap with the customer cards that were hit with fraudulent charges in the wake of their use at Sally Beauty locations recently.

Sociological ImagesWhen “Intensive Mothering” Meets Special Needs

I am excited to see that sociologist Linda Blum has come out with a new book, Raising Generation Rx: Mothering Kids with Invisible Disabilities in an Age of Inequality. Here’s a post from the archive highlighting some of her important and powerful findings.

In an article titled Mother-Blame in the Prozac Nation, sociologist Linda Blum describes the lives of women with disabled children. While mothers are held to an essentially impossibly high standard of motherhood in the contemporary U.S. and elsewhere, mothers of disabled children find themselves even more overwhelmed.

The daily care of their child is often more intensive but, in addition to that added responsibility, mothers were actively involved in getting their children needed services and resources. The need for mothers to be proactive about this was exacerbated by the fact that they had to negotiate different social institutions, each with an interest in claiming certain service spheres, but also limited budgets. “While each system claims authoritative expertise,” Blum writes, “either system can reject responsibility, paradoxically, when costs are at issue.”  Because they often had to argue with service providers and find ways to beat a system that often tried to keep them at bay, they had to become experts in their child’s disability, of course, but also public policy, learning styles, the medical system, psychology/psychiatry, pharmaceutics, manipulation of jargon and law, and more.

Mothers often felt that they were their child’s only advocate, with his or her health and future dependent on making just one more phone call, getting one more meeting with an expert, or trying one more school. Accordingly, they were simultaneously exhausted and filled with guilt.  I wondered, when I came across this Post Secret confession, if this mother was experiencing some of the same things:

 Originally posted in 2012.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

RacialiciousNew Netflix Documentary Could Have Nina Simone Fans Feelin’ Good

By Arturo R. García

Nina Simone fans who are leery of the Zoe Saldana biopic Nina take heart: Netflix quietly posted the trailer for What Happened, Miss Simone?, a documentary that has the support of the singer’s estate and features her daughter, Lisa Simone Kelly.

“People think that when she went out on stage, she became Nina Simone,” Kelly says. “My mother was Nina Simone 24-7. And that’s where it became a problem.”

Directed by Oscar nominee Liz Garbus, the film — which is coming off an appearance at this year’s Sundance Film Festival — promises to feature rare and never-before-seen footage and tapes as part of a comprehensive look at not only Simone’s professional life, but her activism.

“I choose to reflect the times and the situations in which I find myself,” Simone says, amid chillingly-timely footage of police brutality and Black activists marching. “How can you be an artist and not reflect the times?”

The trailer, as posted late last week, can be seen below.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="https://www.youtube.com/embed/moOQXZxriKY" width="560"></iframe>

[h/t Paper]

The post New Netflix Documentary Could Have Nina Simone Fans Feelin’ Good appeared first on Racialicious - the intersection of race and pop culture.

ElspethCatching up with myself.

It's been quite a while since my last entry on this blog.

Since then, many things have happened.

Starting with the physical stuff, I'm an inch taller. This is a result of some pretty intense physiotherapy and rehabilitation work. My thoratic spine was frozen in place; that's been addressed, finally, and I'm slowly improving. I've even been able to start addressing my lower and upper spine issues. I have to maintain a pretty extensive stretch and exercise regimen, but even with the DOMS I have less back pain than I have had in decades.

Speaking of, I'm weightlifting twice a week. It's a simple split; generally on Mondays I do squats and assisted chin ups; on Thursdays I do deadlifts and some form of upper-body-push exercise, like a pushup or shoulder press. I got up to a working weight of 55kgs when doing squats (generally in four sets of eight reps). That's a pretty good start. I still have a very long way to go before I'm as strong as I'd like to be, especially in my upper body.

As far as flexibility goes, I can touch my toes most of the time, without extensive warm-up, for the first time in my life. Which is awesome. The downside is that combined with other things, there's a distinct possibility I may also have a hyperflexibility disorder. Apparently, when I'm not frozen up, or have muscular tension blocking things, I bend really really well. Too well. One of the implications is that it takes me a lot more effort to do pretty much anything, because I have to use muscles for support and control rather than ligaments and tendons. Which would also explain why and how I strain muscles so easily and often, and some of the fatigue I deal with. Also why I bruise so easily. The long term implications mean that I'm going to be doing an awful lot of strength training and flexibility/mobility work for as long as it's physically possible, just to maintain the level of functionality most people get from sitting in a chair all day. On the upside, knowing what the situation is makes it a whole lot easier to manage, instead of fumbling around and hoping that something will work.

Pain-wise, well, I'm not in pain 24/7 anymore. There are some weeks where I don't even take any painkillers. Day to day I probably experience more pain than most people, but it's rather less than I was accustomed to at most points, which I am very grateful for.

Mentally speaking - well, I'm on antidepressants again. The grey dog struck with a vengeance last year. Food was tasteless, I couldn't care about anything, especially not my own wellbeing, and things got not so great. I made the decision to address this, and I'm doing rather better, which is nice.

My memory has improved significantly. While I'm not back to my previous level of function, I no longer get lost on the way to places I've been several times before, and my memory for people is also much better. There's an entry of its own in there, but I'll leave that for after this one.

Socially speaking, I actually have a social life again! Which is amazing and wonderful. I miss all my Australian friends, but the isolation over here seems to have ended. I certainly hope it has; I'm pretty good with being solitary, but after 3 years of it, I'd like to be a social butterfly for a while. It hasn't all been sunshine and unicorn farts. Readjusting to being around people has been a little tricky - balancing the sensory overload with actually getting lonely when I can't go out is a current challenge. Still, the awesome new people in my life are more than worth it!

I have yet to take up any form of study. That's annoying, but in all honesty, something that has to wait until I'm sure I have the intellectual, emotional, and physical reserves to not run myself into the ground again. Or to recover when I do so the first few times before I manage to calibrate myself accurately enough.

That's pretty much it for now. I'm hoping that this is the start of me actually writing about my mindstate a little more often, but well, we'll have to see.

CryptogramDetecting QUANTUMINSERT

Fox-IT has a blog post (and has published Snort rules) on how to detect man-on-the-side Internet attacks like the NSA's QUANTUMINSERT.

From a Wired article:

But hidden within another document leaked by Snowden was a slide that provided a few hints about detecting Quantum Insert attacks, which prompted the Fox-IT researchers to test a method that ultimately proved to be successful. They set up a controlled environment and launched a number of Quantum Insert attacks against their own machines to analyze the packets and devise a detection method.

According to the Snowden document, the secret lies in analyzing the first content-carrying packets that come back to a browser in response to its GET request. One of the packets will contain content for the rogue page; the other will be content for the legitimate site sent from a legitimate server. Both packets, however, will have the same sequence number. That, it turns out, is a dead giveaway.

Here's why: When your browser sends a GET request to pull up a web page, it sends out a packet containing a variety of information, including the source and destination IP address of the browser as well as so-called sequence and acknowledge numbers, or ACK numbers. The responding server sends back a response in the form of a series of packets, each with the same ACK number as well as a sequential number so that the series of packets can be reconstructed by the browser as each packet arrives to render the web page.

But when the NSA or another attacker launches a Quantum Insert attack, the victim's machine receives duplicate TCP packets with the same sequence number but with a different payload. "The first TCP packet will be the 'inserted' one while the other is from the real server, but will be ignored by the [browser]," the researchers note in their blog post. "Of course it could also be the other way around; if the QI failed because it lost the race with the real server response."

Although it's possible that in some cases a browser will receive two packets with the same sequence number from a legitimate server, they will still contain the same general content; a Quantum Insert packet, however, will have content with significant differences.

It's important we develop defenses against these attacks, because everyone is using them.

Worse Than FailureMore is Better, They Said

Steve’s group was quite good,
they made quality software.
Then came Initech.

Initech bought them,
management had a field day
restructuring teams.

Haiku 2008-02-19

Steve was a mid-level developer when his company got purchased by Initech. Naturally, the new owners wanted to change everything. Old people were fired, new people were hired, and HR promised to take this group to “the next level.”

They hired a man named Ty, who replaced the senior developer on Steve’s team.

He was an expert
and his experience would
bring much rejoicing.

Or so said HR.
Steve quickly found himself to
disagree with them.

Early on in his new employment, Ty called Steve to his desk. “I’ve got this requirement, but I just can’t quite get the code to work. I’m getting an input from the user, and if it’s a number or a string, I have to do something different in each case. I can get it to work one way or another, but not both!” Steve quickly showed Ty the documentation for Integer.TryParse and the “if” statement. As he left, he heard Ty mutter, “his framework is way too complex! Nobody trained me for this!”

This was a common scenario. Steve had to hold Ty’s hand through even the most basic programming tasks.

Give him an input
and ask him to validate,
and he won’t get it.

Hand him a double
and have him round it to tenths,
and mainframes will crash.

Show him an error
and stacktrace, his own brain will
overheat and melt.

Fizz-Buzz would have been
enough of a test to stop
his acquisition.

Ty blamed everyone but himself for his problems. “Someone checked in bad code. It worked yesterday!” “My computer is broken!” “Steve is an idiot!” This last was exactly the sort of thing the new management wanted to hear. They pulled Ty into a critical new feature: new reports for their BI application. This happened to mirror work Steve had done just a year before.

When Ty was tasked to
develop BI reports,
Steve kept his distance.

Ty coded and worked,
and after several months his
work was deployed live.

But celebration
was not in order, there
was a big problem.

“Steve! We have a huge problem here!” said Tyler, as he burst into Steve’s workspace. “The numbers in my reports don’t match the numbers in your old reports. You need to figure out what you did wrong.”

Steve blinked. “No one has noticed any problems before. Are you sure your report is right?”

“Of course it’s right!” retorted Tyler. “Now go fix your bugs- we need an answer by the end of the week.”

Steve looked at Ty’s code
and found bad SQL joins.
The output was wrong!

Because of the joins,
sums grew exponentially
based on project count.

Employees with few
projects were in the ballpark,
but still not correct.

Employees with tons
of projects were millions of
bucks overstated!

Steve gathered his findings and prepared for an end-of-the-week meeting. Both Ty and the BI director scoffed at what he found.

Though Steve’s old reports
had not changed in many years,
they had to be wrong.

Ty’s report output
contained a lot more data!
And that’s a good thing!

“You see,” the BI director explained, “look at how many more rows are in Ty’s reports than yours. His shows more information. More information is always better!”

“But,” Steve tried to explain, “the data is wrong. He’s doing cross-joins where he shouldn’t be!”

“How can more data be wrong?” Ty challenged. The BI director nodded in agreement.

Since more is better,
Steve was given a new task.
His heart grew heavy.

Lo, his own reports
must be re-written to work
just like Ty’s reports!

Loosely inspired by this thread

Image Credit: KAMiKAZOW Haiku: Contributors (Own work) [MIT (http://opensource.org/licenses/mit-license.php) or MIT (http://opensource.org/licenses/mit-license.php)], via Wikimedia Commons

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet Linux AustraliaJanet Hawtin: lucy

we walk to the river to collect buckets of leaf litter for the garden.
a gradual taming of the red earth for zucchinis and beans.

she keeps close to my side
a honey coloured dark eyed shadow

we share the quiet society of insects, lizards and garden life
until evening when he returns.

Planet Linux AustraliaJanet Hawtin: catching the sun

on the edge of the porch they stand
close, like people huddled on a train platform
hailing the morning sun with relief and green vitality
a small distance above the chill
night air still lurks in the shadows
finding the lowest ground with the lowest temperature
not quite frozen this time.

Planet DebianLunar: Reproducible builds: first week in Stretch cycle

Debian Jessie has been released on April 25th, 2015. This has opened the Stretch development cycle. Reactions to the idea of making Debian build reproducibly have been pretty enthusiastic. As the pace is now likely to be even faster, let's see if we can keep everyone up-to-date on the developments.

Before the release of Jessie

The story goes back a long way but a formal announcement to the project has only been sent in February 2015.

Since then, too much work has happened to make a complete report, but to give some highlights:

  • New variations are now tested: umask, kernel version, domain name, and timezone. We might only be missing CPU type and current date now.
  • Many improvements to the test system on jenkins.debian.net and the pages showing the results.
  • Now not only packages from unstable are tested but also those in testing and experimental.
  • When rescheduling packages for testing, the build products can be kept and the IRC channel gets a notification when its over.
  • binutils version 2.25-6 is now built with the --enable-deterministic-archives flag. Making ar, strip and others create deterministic static libraries.
  • Number of identified issues has grown from about 80 to 123 today.

Lunar did a pretty improvised lightning talk during the Mini-DebConf in Lyon.

This past week

It seems changes were pilling behind the curtains given the amount of activity that happened in just one week.

Toolchain fixes

  • Niels Thykier uploaded debhelper/9.20150501 which includes fixes to dh_makeshlibs (#774100), dh_icons (#774102), dh_usrlocal (#775020). Patches written by Lunar.
  • Helmut Grohne uploaded doxygen/1.8.9.1-3 which will not generate timestamps in HTML by default. Kudos to akira for bringing the issue upstream.
  • Kenneth J. Pronovici uploaded epydoc/3.0.1+dfsg-6 adding a --no-include-build-time option. Patch by Jelmer Vernooij.
  • David Prévot uploaded php-apigen/2.8.1+dfsg-2 which now has reproducible output.
  • Cédric Boutillier uploaded ruby-prawn/2.0.1+dfsg-1 which now produce a deterministic output when using gradients. Patch by Lunar.
  • Jelmer Vernooij uploaded samba/2:4.1.17+dfsg-4 which contains a patch by Matthieu Patou making the output of pidl (from libparse-pidl-perl) reproducible.
  • Dmitry Shachnev uploaded sphinx/1.3.1-1 in experimental which should produce deterministic output. The original patch from Chris Lamb has inspired the upstream fix.
  • gregor herrmann uploaded libextutils-depends-perl/0.404-1 which makes ExtUtils::Depends output deterministic. Original patch by Reiner Herrmann.
  • Niko Tyni uploaded perl/5.20.2-4 which makes the output of Pod::Man reproducible. Nice team work visible on #780259.

We also rebased the experimental version of debhelper twice to merge the latest set of changes.

Lunar submitted a patch to add a -creation-date to genisoimage.

Reiner Herrmann opened #783938 to request making -notimestamp the default behavior for javadoc.

Juan Picca submitted a patch to add a --use-date flag to texi2html.

Packages fixed

The following packages became reproducible due to changes of their build dependencies: apport, batctl, cil, commons-math3, devscripts, disruptor, ehcache, ftphs, gtk2hs-buildtools, haskell-abstract-deque, haskell-abstract-par, haskell-acid-state, haskell-adjunctions, haskell-aeson, haskell-aeson-pretty, haskell-alut, haskell-ansi-terminal, haskell-async, haskell-attoparsec, haskell-augeas, haskell-auto-update, haskell-binary-conduit, haskell-hscurses, jsch, ledgersmb, libapache2-mod-auth-mellon, libarchive-tar-wrapper-perl, libbusiness-onlinepayment-payflowpro-perl, libcapture-tiny-perl, libchi-perl, libcommons-codec-java, libconfig-model-itself-perl, libconfig-model-tester-perl, libcpan-perl-releases-perl, libcrypt-unixcrypt-perl, libdatetime-timezone-perl, libdbd-firebird-perl, libdbix-class-resultset-recursiveupdate-perl, libdbix-profile-perl, libdevel-cover-perl, libdevel-ptkdb-perl, libfile-tail-perl, libfinance-quote-perl, libformat-human-bytes-perl, libgtk2-perl, libhibernate-validator-java, libimage-exiftool-perl, libjson-perl, liblinux-prctl-perl, liblog-any-perl, libmail-imapclient-perl, libmocked-perl, libmodule-build-xsutil-perl, libmodule-extractuse-perl, libmodule-signature-perl, libmoosex-simpleconfig-perl, libmoox-handlesvia-perl, libnet-frame-layer-ipv6-perl, libnet-openssh-perl, libnumber-format-perl, libobject-id-perl, libpackage-pkg-perl, libpdf-fdf-simple-perl, libpod-webserver-perl, libpoe-component-pubsub-perl, libregexp-grammars-perl, libreply-perl, libscalar-defer-perl, libsereal-encoder-perl, libspreadsheet-read-perl, libspring-java, libsql-abstract-more-perl, libsvn-class-perl, libtemplate-plugin-gravatar-perl, libterm-progressbar-perl, libterm-shellui-perl, libtest-dir-perl, libtest-log4perl-perl, libtext-context-eitherside-perl, libtime-warp-perl, libtree-simple-perl, libwww-shorten-simple-perl, libwx-perl-processstream-perl, libxml-filter-xslt-perl, libxml-writer-string-perl, libyaml-tiny-perl, mupen64plus-core, nmap, openssl, pkg-perl-tools, quodlibet, r-cran-rjags, r-cran-rjson, r-cran-sn, r-cran-statmod, ruby-nokogiri, sezpoz, skksearch, slurm-llnl, stellarium.

The following packages became reproducible after getting fixed:

Some uploads fixed some reproducibility issues but not all of them:

Patches submitted which did not make their way to the archive yet:

Improvements to reproducible.debian.net

Mattia Rizzolo has been working on compressing logs using gzip to save disk space. The web server would uncompress them on-the-fly for clients which does not accept gzip content.

Mattia Rizzolo worked on a new page listing various breakage: missing or bad debbindiff output, missing build logs, unavailable build dependencies.

Holger Levsen added a new execution environment to run debbindiff using dependencies from testing. This is required for packages built with GHC as the compiler only understands interfaces built by the same version.

debbindiff development

Version 17 has been uploaded to unstable. It now supports comparing ISO9660 images, dictzip files and should compare identical files much faster.

Documentation update

Various small updates and fixes to the pages about PDF produced by LaTeX, DVI produced by LaTeX, static libraries, Javadoc, PE binaries, and Epydoc.

Package reviews

Known issues have been tagged when known to be deterministic as some might unfortunately not show up on every single build.

For example, two new issues have been identified by building with one timezone in April and one in May. RD and help2man add current month and year to the documentation they are producing.

1162 packages have been removed and 774 have been added in the past week. Most of them are the work of proper automated investigation done by Chris West.

Summer of code

Finally, we learned that both akira and Dhole were accepted for this Google Summer of Code. Let's welcome them!

They have until May 25th before “coding” officialy begins. Now is the good time to help them feel more comfortable by sharing all these little bits of knowledge on how Debian works.

Mark ShuttleworthW is for…

… waiting till the Ubuntu Summit online opening keynote today, at 1400 UTC. See you there 😉

Planet Linux AustraliaJames Purser: On Super Hero Movies and worthiness

This was originally going to be a comment on this post over at the Guardian

Yeah so here's the thing. Hollywood isn't about worthy (in the academic sense), has never been about worthy as a business model.

Rather it's about bums on seats. From the time before they invented talkies the whole business is about making sure that people spend their hard earned cash watching the studios movie rather than someone elses.

I also think that Wilson is conflating two different phenomena. He blames the lack of "worthiness" for the fact that Directors and "auteurs" are moving away from film and towards the internet as a distribution model. This is what's known as bollocks.  This has nothing to do with Super Hero Films and everything to do with the fact that the market for entertainment itself is breaking up, meaning that people who fill a niche can now better connect with their target market.

Hollywood in twenty years time will be a completely different beast than it is today. And it's not because Super Hero Films with eventually die out (and they will). It's because the world has changed, and honestly, I think you'd be hard pressed to find anyone who will mourne the passing.

As I mentioned earlier, indie film isn't dying because of the rash of Super Hero Films, it's changing its focus. If you're an indie film maker, why would you ignore the worlds biggest market place for entertainment? if you've got a choice between an extremely limited run in an extremely limited number of cinemas with zero marketing budget, and the internet, with services like iTunes, Netflix or Google Play, I think the choice is obvious.

Honestly, there's a level of misguided snobbery around the original post. "Why does Hollywood make films about men in tights?" seems to be tone, when in fact it's not Hollywood that is "threatening" the authors idea of what is good, but the internet.

Blog Catagories: 

Krebs on SecurityFoiling Pump Skimmers With GPS

Credit and debit card skimmers secretly attached to gas pumps are an increasingly common scourge throughout the United States. But the tables can be turned when these fraud devices are discovered, as evidenced by one California police department that has eschewed costly and time-consuming stakeouts in favor of affixing GPS tracking devices to the skimmers and then waiting for thieves to come collect their bounty.

One morning last year the Redlands, Calif. police department received a call about a skimming device that was found attached to a local gas pump. This wasn’t the first call of the day about such a discovery, but Redlands police didn’t exactly have time to stake out the compromised pumps. Instead, they attached a specially-made GPS tracking device to the pump skimmer.

A gas pump skimmer retrofitted with a GPS tracking device. Image: 3VR's Crimedex Alert System.

A gas pump skimmer retrofitted with a GPS tracking device. Image: 3VR’s Crimedex Alert System.

At around 5 a.m. the next morning, a computer screen at the Redlands PD indicated that the compromised skimming device was on the move. The GPS device that the cops had hidden inside the skimmer was beaconing its location every six seconds, and the police were quickly able to determine that the skimmer was heading down a highway adjacent to the gas station and traveling at more than 50 MPH. Using handheld radios to pinpoint the exact location of the tracker, the police were able to locate the suspects, who were caught with several other devices implicating them in an organized crime ring.

A GPS tracking device manufactured by 3SI Security Systems (3sisecurity.com)

A GPS tracking device manufactured by 3SI Security Systems (3sisecurity.com)

This story in October 2014 the U.S. Justice Department‘s “COPS Office” indicates that the Redlands PD has taken the lead in using GPS technology to solve a variety of crimes, and had credited the technology with helping secure at least 139 arrests.

According to 3VR Inc., a San Francisco based surveillance and security firm, the Redlands PD has used the GPS technology to apprehend offender committing armed robberies, vehicle burglary, pharmaceutical burglary and robbery, cell store burglary and robbery, bike theft, laptop theft, constructions site theft, fire hydrant theft, metal theft, wire theft, 3rd row seat theft, cemetery theft, vending machine theft, mail theft, UPS parcel theft, residential burglary, tire theft, vehicle theft, cigarette theft, etc. “The technology has also been used to voluntarily track informants by sewing a unit into a purse,” 3VR wrote in a recent newsletter.

3VR notes that the GPS device used by the Redlands PD in the pump skimmer case runs for about six hours on a full battery, meaning cops have about six hours to locate the device before the GPS stops transmitting. However, the devices can be tweaked to extend the battery life, by allowing them to switch on only in the event the device actually is moved, and by decreasing the frequency with which the device beacons home.

One increasingly common type of gas pump skimmer — those equipped with Bluetooth technology — might not be as susceptible to these kinds of police tricks. Bluetooth skimmers are equipped to tap directly into the pump’s power supply, and to allow thieves to retrieve stolen card data wirelessly, just by pulling up to the compromised pump with a Bluetooth enabled laptop or smartphone and downloading the data without ever leaving the vehicle.

Unlike ATM skimmers, skimming devices attached to gas pumps usually are impossible for the average customer to spot because the skimmers are not stuck to the outside of the machine, but rather hidden inside after thieves gain access to the pump’s insides. I wouldn’t worry too much about pump skimmers, unless you’re accustomed to paying for fuel with a debit card: Having your checking account emptied of cash while your bank sorts out the situation can be a huge hassle and create secondary problems (bounced checks, for instance). Use a credit card instead.

How common are pump skimmers?  Thieves tend to attack multiple filling stations along a major interstate, as detailed in this July 2010 story about pump skimmer scammers. More recently, a law enforcement sweep of 6,100 gas stations in Florida last month turned up skimmers at 81 locations.

If you’re as fascinated by ATM and pump skimmers as I am, check out the rest of my skimmer series, All About Skimmers.

Sky CroeserUDC2015 Circuits of Struggle Day 3: commoning, digital infrastructures and/for social movements, and white men taking up space

Social Reproduction and the Emerging Institutions of the Common opened with Fiona Jeffries’ and Pablo Mendez’ work on ‘Domesticating the struggle! Commoning Care in the Global Encampment’. Jeffries, presenting, framed the encampment protest-form recently (re)popularised by Occupy and other Squares movements as a way of making the domestic visible. The encampment challenges the binaries of public/private and personal/political, turning ‘home’ inside out. There’s been a lot of debate about the failure of political encampments, but Jeffries and Mendez argue that their significance lies in the ways in which they showed the necessity of placing social reproduction at the centre of struggle. The home space is where the crisis is experienced, and where people have to address it. Silvia Federici reminds us that home has a double character, both a site of reproduction of relations of domination, and as a site for potential resistance.

Elise Thorburn followed with ‘Communication Technologies and Social Reproduction: Securitized and Autonomous’, discussing the CUTV livestreaming of student strikes in Quebec. She began by noting some of the ways in which digital technologies can be seen as alienating us from our very existence as human beings: the neoliberal fixation on productivity and speed separates us from the solidarity and connections that would help us build resistance. There is a need to liberate our channels of communication (not just digital, but also embodied) from neoliberal control. CUTV made an attempt at this by using high-definition livestreaming equipment during student strikes in an attempt to humanise the protesters, to build audience’s connections with them, and to monitor police violence. For some protesters, livestreamers provide a sense of safety, a space which is at least moderately protected by counter-surveillance. Livestreaming technology is harder to shut down, because of the connection to different networks (including 3G and 4G) and the ability to turn the packs into wireless hotspots. However, livestreamers can also become a target for police violence, and livestreaming can be used by police to watch protesters (we also talked about some of the debates around livestreaming in our research on Occupy Oakland). After a certain point, CUTV made a decision to move away from filming people’s faces, and to avoid filming acts that protesters might be charged with. We need to be prepared to constantly adapt our uses of digital technologies, as repressed forces co-opt them or counter our efforts.

Symon Benetti, #Macao in Assemblea – #tuttisumacao

Enda Brophy ended the session by exploring the Cultural Workers Organize project. He emphasised the need for responses to increasing precarity among cultural workers that consider ways of decommodifying labour and build possibilities for escaping wage relations. The research team has been looking at some of the occupations of theatres, cinemas, and other spaces which began in 2011 (building on a longer history of related occupations). Many of these have become laboratories for horizontal management through open assembly. They also tend to be spaces in which there is a radical openness to the community around them, creating forms of organisation that are expressly articulated around the idea of the common, rejecting the binary of public/private. However, they face serious challenges, including evictions by the state (as has happened to the Cinema America) and the need to find income streams to support participants. The sheer audacity of these initiatives encourages us to aspire to something beyond the binary of ‘good work’ and ‘bad work’, and to look for ways to build institutions of the common.

The next session addressed Social Movements and Digital Technologies. Stephane Couture and Sophie Toupin opened by looking at two case studies in ‘Digital Infrastructures and/for Social Movement’, both of which respond to the increasing commodification and surveillance of the Internet. Stephane discussed the World Free Media Forum (there are also notes on this in my summary of day 1), which has lead to the production of the World Charter of Free Media and journal edition on Free Information and Open Internet. He talked about attempts to use free software in the organising of the Forum (for example, mumbles rather than skype), and to set up spaces for tech activists to share their knowledge with others. However, there are challenges to this work, including the difficulty of working some tools and ideological clashes. The second case study was about feminist servers, broadly defined to include software, hardware, code design, social solidarities, and space (this was also addressed at the FemHack event I went to in Montreal). Feminist servers are a response to violence, bullying, harassment, surveillance, and the corporatisation of the internet. Infrastructure matters, even if by design infrastructure is made to be ignored (we often forget the infrastructure, until it fails). And frequently infrastructure is not designed by people thinking about safety, particularly not from a feminist perspective. As in yesterday‘s presentation from Melissa Meade and Cricket Keating, Sophie emphasised the importance of a “do it together” rather than a DIY ethos. (And perhaps you can also do it together, as the next TransHackFeminist convergence happens in Mexico in July). Both Stephane and Sophie emphasised the difficulty of bringing different communities and struggles together, and the necessity and value of doing this work. There is a need for more spaces and people that do this bridging work.

Elisabetta Ferrari followed with ‘Social Media for the 99%? Rethinking Alternative Media and Social Movements’ Identity in the Corporate Web 2.0′. This research explores some of the changes to the alternative media landscape since the late 1990s. One of the issues for social movements is that corporate platforms like Facebook and Twitter have become vital spaces for making alternative perspectives visible. Elisabetta’s analysis of Occupy Chicago’s use of these platforms produced some surprising results: a very limited proportion of content deals with identity, and mass media content shared with endorsement outweighs the proportion that’s shared with critical commentary. This is in part because OC was making an attempt to develop relationships with mainstream media – putting out press releases, holding press conferences, running media training, and even producing PR guides. The lack of identity material can be seen as a response to the difficulty of defining “who we are” for Occupy: reporting an actions provided a way to balance this by saying “what we do” instead. The lack of identity content can also be seen as a coping mechanism for movements where there is a fundamental disjuncture between a diverse, decentralised movement and accounts on social media that are built around singular identities. It is useful to investigate the relationship between political choices and technological choices: movements benefit from using corporate social media, but at the same time the structures of these media exacerbate existing political tensions in decentralised movements.

Image from @ksurkan

Image from @ksurkan

Finally, Anne-Marie Romanko talked about ‘Pepper Spray, Photoshop, and Protest: The Meme as a Tool for Socio-Political Protest’. Romanko argues that photoshop memes can create opposition to hegemonic forces through powerful political messages, focusing on the image of Lieutenant John Pike pepperspraying protesters at UC Davis. Memes give agency to polyvocal discourse: they allow for the voice of the other to be included in the message. They can act as a way to influence or counter mainstream media discourse, and while some scholars believe images and politics are trivialised through memes, they create dialogue, and humour can be a powerful form of dissent. Memes can connect people who might otherwise have little in common.

Anyone following me on Twitter will have gathered that I found the ‘question’ session on this panel very frustrating. There are useful critiques to be made of question sessions, and of the hierarchical structure of experts and audience. However, the commonly-expressed frustration at “more-a-comment-than-a-question” is based in part on the fact that those making “more a comment” are often the privileged (rather than marginalised people disrupting power hierarchies). I expect a moderate level of “more a comment”s at conferences, and have learned to sigh and bear it, but this panel was particularly remarkable because there were five or six white men in a row who took the opportunity to talk at length about their own ideas, the case studies they thought were relevant, or the arguments they thought should be used to frame these issues. Only one of them appended any pretence at a question mark. I asked a question (and made a note that others hadn’t), and as soon as presenters answered, there were more “comments” from the audience. Frustrated, I nervously tried to speak up and point out what was happening. And then one of the female presenters got thirty seconds into talking about her arguments before another white man interrupted to argue with her.

There are obviously things that individual men could, and should, be doing to avoid this: being aware of the demographics of who speaks and who is interrupted and how they might be contributing to that dynamic is a good start. (Similarly, white women need to be aware of the ways in which our voices are privileged in some spaces.) Continuing on from my previous post on thinking about conferences as technologies which should be approached with the same critical perspective we’re turning on digital technologies, there are also steps that organisers can take to build a better “question session” technology. For example, it might be useful to set out guidelines for moderators that include using a progressive stack to take audience questions, and making it clear whether comments will be accepted (if they are, making this explicit will make space for those who don’t feel confident commenting in a question session).

If we’re going to talk about the ways in which particular digital platforms marginalise or facilitate particular voices, we should also be prepared to think about that in our own spaces.


Planet DebianMike Hommey: Gnome shell Hello world

Gnome Shell, besides providing the main user interface for GNOME 3, is a Javascript shell with bindings to many native interfaces that allow e.g. Window manipulation, graphics rendering and animations, compositing, etc. It also allows developers to write extensions changing Gnome Shell’s behavior.

Less known is that it is possible to replace the entire Javascript code base that Gnome Shell uses. It can be useful to hack on Gnome Shell itself (no need to fiddle with system files, or, since 3.12, no need to rebuild libgnome-shell.so), but it can also be used to implement a completely new User Interface in Javascript.

I’m starting to experiment with the latter, because I want to try building a window manager that fits my needs, while keeping away the boring details of EWMH, xinerama, and other X11 things. And because it’s fun.

But baby steps, first: let’s bootstrap a Hello world with Gnome shell.

  • Create a directory that will hold your code.
  • In that directory, create a ui subdirectory.
  • In that ui directory, create a environment.js file, with the following contents:
    const Shell = imports.gi.Shell;
    
    function init() {
      window.global = Shell.Global.get();
    }
    
  • In the same directory, create a main.js file, with the following contents:
    const St = imports.gi.St;
    
    function start() {
      let text = new St.Label({ text: "Hello, world!" });
      global.stage.add_actor(text);
      global.stage.show();
    }
    
  • Run Gnome Shell with your code:
    $ GNOME_SHELL_JS=/path/to/parent/of/ui gnome-shell
    

    You may want to run this in a separate X server (I use Xephyr)

I tested this with Gnome Shell 3.14. Trying various older versions, I got different results for reasons I don’t know. 3.4 doesn’t display anything unless, paradoxically, global.stage.show() is removed, and 3.8 doesn’t display anything no matter what.

I guess the next step is to go through some Clutter tutorials and transpose them to Javascript.

Update: On the other hand, a lot of the window managing is still done by mutter under the hood, which doesn’t leave a lot of space for something really different.

Planet DebianSteve Kemp: A weekend of migrations

This weekend has been all about migrations:

Host Migrations

I've migrated several more systems to the Jessie release of Debian GNU/Linux. No major surprises, and now I'm in a good state.

I have 18 hosts, and now 16 of them are running Jessie. One of them I won't touch for a while, and the other is a KVM-host which runs about 8 guests - so I won't upgraded that for a while (because I want to schedule the shutdown of the guests for the host-reboot).

Password Migrations

I've started migrating my passwords to pass, which is a simple shell wrapper around GPG. I generated a new password-managing key, and started migrating the passwords.

I dislike that account-names are stored in plaintext, but that seems known and unlikely to be fixed.

I've "solved" the problem by dividing all my accounts into "Those that I wish to disclose post-death" (i.e. "banking", "amazon", "facebook", etc, etc), and those that are "never to be shared". The former are migrating, the latter are not.

(Yeah I'm thinking about estates at the moment, near-death things have that effect!)

,

Planet DebianErich Schubert: @Zigo: Why I don't package Hadoop myself

A quick reply to Zigo's post:
Well, I looked at the Bigtop efforts because I needed Hadoop packages. But they are not very useful. They have lots of issues (including empty packages, naming conflicts etc.).
I filed a few bugs, and I even uploaded my fixes to Github. Some of that went unnoticed, because Sean Owen of Cloudera decided to remove all Debian packaging from Spark. But in the end, even with these fixes, the resulting packages do not live up to Debian quality standards (not to say, they would outright violate policy).
If you wanted to package Hadoop properly, you should ditch Apache Bigtop, and instead use the existing best practises for packaging. Using any of the Bigtop work just makes your job harder, by pulling in additional dependencies like their modified Groovy.
But whatever you do, you will be stuck in .jar dependency hell. Whatever you look at, it pulls in another batch of dependencies, that all need to be properly packaged, too. Here is the dependency chain of Hadoop:
[INFO] +- org.apache.hadoop:hadoop-hdfs:jar:2.6.0:compile
[INFO] |  +- com.google.guava:guava:jar:11.0.2:compile
[INFO] |  +- org.mortbay.jetty:jetty:jar:6.1.26:compile
[INFO] |  +- org.mortbay.jetty:jetty-util:jar:6.1.26:compile
[INFO] |  +- com.sun.jersey:jersey-core:jar:1.9:compile
[INFO] |  +- com.sun.jersey:jersey-server:jar:1.9:compile
[INFO] |  |  \- asm:asm:jar:3.1:compile
[INFO] |  +- commons-cli:commons-cli:jar:1.2:compile
[INFO] |  +- commons-codec:commons-codec:jar:1.4:compile
[INFO] |  +- commons-io:commons-io:jar:2.4:compile
[INFO] |  +- commons-lang:commons-lang:jar:2.6:compile
[INFO] |  +- commons-logging:commons-logging:jar:1.1.3:compile
[INFO] |  +- commons-daemon:commons-daemon:jar:1.0.13:compile
[INFO] |  +- javax.servlet.jsp:jsp-api:jar:2.1:compile
[INFO] |  +- log4j:log4j:jar:1.2.17:compile
[INFO] |  +- com.google.protobuf:protobuf-java:jar:2.5.0:compile
[INFO] |  +- javax.servlet:servlet-api:jar:2.5:compile
[INFO] |  +- org.codehaus.jackson:jackson-core-asl:jar:1.9.13:compile
[INFO] |  +- org.codehaus.jackson:jackson-mapper-asl:jar:1.9.13:compile
[INFO] |  +- tomcat:jasper-runtime:jar:5.5.23:compile
[INFO] |  +- xmlenc:xmlenc:jar:0.52:compile
[INFO] |  +- io.netty:netty:jar:3.6.2.Final:compile
[INFO] |  +- xerces:xercesImpl:jar:2.9.1:compile
[INFO] |  |  \- xml-apis:xml-apis:jar:1.3.04:compile
[INFO] |  \- org.htrace:htrace-core:jar:3.0.4:compile
[INFO] +- org.apache.hadoop:hadoop-auth:jar:2.6.0:compile
[INFO] |  +- org.slf4j:slf4j-api:jar:1.7.5:compile
[INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.2.5:compile
[INFO] |  |  \- org.apache.httpcomponents:httpcore:jar:4.2.4:compile
[INFO] |  +- org.apache.directory.server:apacheds-kerberos-codec:jar:2.0.0-M15:compile
[INFO] |  |  +- org.apache.directory.server:apacheds-i18n:jar:2.0.0-M15:compile
[INFO] |  |  +- org.apache.directory.api:api-asn1-api:jar:1.0.0-M20:compile
[INFO] |  |  \- org.apache.directory.api:api-util:jar:1.0.0-M20:compile
[INFO] |  +- org.apache.zookeeper:zookeeper:jar:3.4.6:compile
[INFO] |  |  +- org.slf4j:slf4j-log4j12:jar:1.7.5:compile
[INFO] |  |  \- jline:jline:jar:0.9.94:compile
[INFO] |  \- org.apache.curator:curator-framework:jar:2.6.0:compile
[INFO] +- org.apache.hadoop:hadoop-common:jar:2.6.0:compile
[INFO] |  +- org.apache.hadoop:hadoop-annotations:jar:2.6.0:compile
[INFO] |  |  \- jdk.tools:jdk.tools:jar:1.6:system
[INFO] |  +- org.apache.commons:commons-math3:jar:3.1.1:compile
[INFO] |  +- commons-httpclient:commons-httpclient:jar:3.1:compile
[INFO] |  +- commons-net:commons-net:jar:3.1:compile
[INFO] |  +- commons-collections:commons-collections:jar:3.2.1:compile
[INFO] |  +- com.sun.jersey:jersey-json:jar:1.9:compile
[INFO] |  |  +- org.codehaus.jettison:jettison:jar:1.1:compile
[INFO] |  |  +- com.sun.xml.bind:jaxb-impl:jar:2.2.3-1:compile
[INFO] |  |  |  \- javax.xml.bind:jaxb-api:jar:2.2.2:compile
[INFO] |  |  |     +- javax.xml.stream:stax-api:jar:1.0-2:compile
[INFO] |  |  |     \- javax.activation:activation:jar:1.1:compile
[INFO] |  |  +- org.codehaus.jackson:jackson-jaxrs:jar:1.8.3:compile
[INFO] |  |  \- org.codehaus.jackson:jackson-xc:jar:1.8.3:compile
[INFO] |  +- net.java.dev.jets3t:jets3t:jar:0.9.0:compile
[INFO] |  |  \- com.jamesmurty.utils:java-xmlbuilder:jar:0.4:compile
[INFO] |  +- commons-configuration:commons-configuration:jar:1.6:compile
[INFO] |  |  +- commons-digester:commons-digester:jar:1.8:compile
[INFO] |  |  |  \- commons-beanutils:commons-beanutils:jar:1.7.0:compile
[INFO] |  |  \- commons-beanutils:commons-beanutils-core:jar:1.8.0:compile
[INFO] |  +- org.apache.avro:avro:jar:1.7.4:compile
[INFO] |  |  +- com.thoughtworks.paranamer:paranamer:jar:2.3:compile
[INFO] |  |  \- org.xerial.snappy:snappy-java:jar:1.0.4.1:compile
[INFO] |  +- com.google.code.gson:gson:jar:2.2.4:compile
[INFO] |  +- com.jcraft:jsch:jar:0.1.42:compile
[INFO] |  +- org.apache.curator:curator-client:jar:2.6.0:compile
[INFO] |  +- org.apache.curator:curator-recipes:jar:2.6.0:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:1.3.9:compile
[INFO] |  \- org.apache.commons:commons-compress:jar:1.4.1:compile
[INFO] |     \- org.tukaani:xz:jar:1.0:compile
[INFO] +- org.apache.hadoop:hadoop-core:jar:1.2.1:compile
[INFO] |  +- org.apache.commons:commons-math:jar:2.1:compile
[INFO] |  +- tomcat:jasper-compiler:jar:5.5.23:compile
[INFO] |  +- org.mortbay.jetty:jsp-api-2.1:jar:6.1.14:compile
[INFO] |  |  \- org.mortbay.jetty:servlet-api-2.5:jar:6.1.14:compile
[INFO] |  +- org.mortbay.jetty:jsp-2.1:jar:6.1.14:compile
[INFO] |  |  \- ant:ant:jar:1.6.5:compile
[INFO] |  +- commons-el:commons-el:jar:1.0:compile
[INFO] |  +- hsqldb:hsqldb:jar:1.8.0.10:compile
[INFO] |  +- oro:oro:jar:2.0.8:compile
[INFO] |  \- org.eclipse.jdt:core:jar:3.1.1:compile
So the first step for packaging Hadoop would be to check which of these dependencies are not yet packaged in Debian... I guess 1/3 is not.
Maybe, we should just rip out some of these dependencies with a cluebat. For the stupid reason of making a webfrontend (which doesn't provide a lot of functionality, and I doubt many people use it at all), Hadoop embeds not just one web server, but two: Jetty and Netty...
Things would also be easier if e.g. S3 support, htrace, the web frontend, and different data serializations were properly put into modules. Then you could postpose S3 support, for example.
As I said, the deeper you dig, the crazier it gets.
If the OpenDataPlatform efforts of Hortonworks, Pivotal and IBM were anything but a marketing gag, they would try to address these technical issues. Instead, they make things worse by specifying yet another fatter core, including Ambari, Apaches attempt to automatically make a mess out of your servers - essentially, they are now adding the ultimate root shell, for all those cases where unaudited puppet commands and "curl | sudo bash" was not bad enough:
Example:
  command1 = as_sudo(["cat,"/etc/passwd"]) + " | grep user"
(from the Ambari python documentation)
The closer you look, the more you want to rather die than use this.
P.S. I have updated the libtrove3-java package (Java collections for primitive types; but no longer the fastest such library), so that it is now in the local maven repository (/usr/share/maven-repo) and that it can be rebuilt reproducible (the build user name is no longer in the jar manifest).

Revealing ErrorsGPS Errors and Pilgrimage to Lourde

Photograph of a man standing at the street sign for Lourde in France.

The Telegraph ran an article about a sizable — and growing — number of Catholic pilgrims arriving in a small village in the Pyrenean foothills. With 94 residents, the town has no hotels or shops — a fact that has left some of the new arrivals a bit confused. The town does have a small statue of the Virgin Mary which some pilgrims have worshiped at. Most pilgrims have noted that the town seems curiously quiet for Catholicism’s third largest pilgrimage site.

The village is Lourde. Without an “s”. The pilgrims, of course, are looking for Lourdes. The statue some pilgrims have prostrated themselves in front of is not the famous Statue of Our Lady at the Grotto of Massabielle but a simple village statue of the virgin. Lourde is 92 kilometers (57 miles) to the east of the larger and more famous city with the very similar name.

Given the similar names, pilgrims have apparently been showing up at Lourde for as long as the residents of the smaller village can remember. But villagers report a very large up-tick in confused pilgrims in recent years. To blame, apparently, is the growing popularity of GPS navigation systems.

Pilgrims have typed in “L-O-U-R-D-E” in their GPS navigation devices and forgotten the final “S”. Indeed, using the clunky on-screen keyboards and automatic completion functionality, it’s often much easier to type in the name of the tiny village than the name of the more likely destination. One letter and only 92 kilometers away in the same country, it’s an easy mistake to make because the affordances of many GPS navigation systems make it slightly easier to ask to go to Lourde than to Lourdes. Apparently, twenty or so cars of pilgrims show up in Lourde each day. Sometimes carrying as many people as live in the town of Lourde itself!

The GPS navigation systems, of course, will happy route drivers to either city and do not know or care that Lourde is rarely the location a driver navigating from across Europe wants. The GPS is designed to show drivers their next turn so a driver won’t know they’re off course until they reach their destination. The systems assume that destinations were entered correctly. A human navigator asked for directions would never point a person to the smaller village. Indeed, they would probably not know it even exists.

A municipal councilor in Lourde suggested that, “the GPS is not at fault. People are.” Of course, she’s correct. Pilgrims typed in the name of their destination incorrectly. But the reason there’s an increase in people making this particular mistake is because the technology people use to navigate in their cars has changed dramatically over the last decade in a way that makes this mistake more likely. A dwindling number of people pore over maps or ask a passer-by or a gas station attendant for directions. On the whole, navigation has become more effective and more convenient. But not without trade-offs and costs.

GPS technology frames our experience of navigation in ways that are profound, even as we are usually take it for granted. Unlike a human, the GPS will never suggest a short detour that leads us to a favorite restaurant or a beautiful vista we’ll be driving by just before sunset. As in the case of Lourde, it will make mistakes no human would (the reverse is also true, of course). In this way, the twenty cars of confused pilgrims showing up in Lourde each day can remind us of the power that technologies have over some of the little tasks in our lives.

Planet DebianLunar: Paranoia, uh?

A couple days ago The Intercept has released new documents provided by Edward Snowden. They show the efforts of the CIA to break the security of Apple plateforms.

One of the document introduces the Strawhorse program: Attacking the MacOS and iOS Software Development Kit:

(S//NF) Ken Thompson's gcc attack […] motivates the StrawMan work: what can be done of benefit to the US Intelligence Community (IC) if one can make an arbritrary modification to a system compiler […]? A (whacked) SDK can provide a subtle injection vector onto standalone developer networks, or it can modify any binary compiled by that SDK. In the past, we have watermarked binaries for attribution, used binaries as an exfiltration mechanism, and inserted Trojans into compiled binaries.

I knew it was a plausible hypothesis, but just reading it black on white gives me shivers.

Reproducible builds need to become the standard.

Planet DebianThorsten Alteholz: My Debian Activities in April 2015

FTP assistant

Another month, another statistic. This month I marked 90 packages for accept and rejected 20 of them.

Squeeze LTS

This was my tenth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

For some reasons this month I got assigned an exceptional high workload of 26.5h and I spent these hours to upload new versions of:

  • [DLA 188-1] arj security update
  • [DLA 189-1] libgd2 security update
  • [DLA 190-1] libgcrypt11 security update
  • [DLA 191-1] checkpw security update
  • [DLA 193-1] chrony security update
  • [DLA 195-1] libtasn1-3 security update
  • [DLA 200-1] ruby1.9.1 security update
  • [DLA 205-1] ppp security update
  • [DLA 211-1] curl security update
  • [DLA 212-1] php5 security update

[DLA 191-1] and [DLA 193-1] have been “only” sponsored uploads, where Markus Koschany and Joachim Wiedorn prepared the patches.
Due to the large number of hours I was able to make a php5 upload which resolves several issues that have been marked as no-dsa before. At this point I would like to thank Jan Ingvoldstad for his thorough tests of the package before I did the final upload.
The next big adventure will be ruby1.9.1. Unfortunately my workload in May is (hopefully) exceptional low, so I am not sure whether I can finish this by the end of that month.

I also uploaded [DLA 206-1] python-django-markupfield security update although no LTS sponsor indicated any interest in this package.

Other stuff

While searching for another bug, I stumbled upon #128818. It is a whishlist bug for apt to support rsync while downloading package metadata. It might not be useful for the entire Packages-file. But wouldn’t it make sense if each package gets its own file and one has to download only stuff that has really changed?

Donations

Again, thanks alot to all donors. I really appreciate this and hope that everybody is pleased with my commitment. Don’t hesitate to make suggestions for improvements.

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-04-27 to 2015-05-03

Planet DebianHideki Yamane: release, and user complains

Now I've just finished to translate Debian Jessie release note for Japanese... *Phew*

Also we Japanese people has celebrated its release at Tokyo and Kyoto (thanks to someone who added it to Wiki), I'll put some photos later.


Anyway, we succeeded to push it out, now users get Jessie as stable release. Then, I found many users complain about it. Why? because it includes incompatible changes with previous wheezy. However it is obviously noted to release notes (check! lazy people ;), and even they could try it before its release!

Most of users don't want to use pre-release version, what they want is released one. Probably Debian should consider to push "something release version" out, not only each 2 years stable release. Since our distribution's quality relies on manual Exploratory testing in unstable by developers and users now, but it is not enough to check bugs. Somehow we get more human resource for testing.

Sky CroeserUDC2015 Circuits of Struggle Day 2: journalism and climate change, culture/appropriation, struggles over digital technologies, and femtechnet

The second day of Circuits of Struggle opened with Robert Hackett arguing that the global climate crisis changes everything, including journalism. We need to be looking at the ways in which the logic of capitalism shapes journalistic institutions, and how the need to make a profit creates a form of censorship. In building these critiques, it’s vital to look for journalistic forms that can facilitate an appropriate societal response to climate change. Part of this requires changes within the existing structures of media, including reconsidering the frames through which climate change is presented. For example, we need to build narratives that combat people’s alienation from processes of political change: this means presenting success stories around climate change, normalising political action (rather than building a divide between ‘activists’ and the many people who don’t think of themselves this way), connecting struggles around different issues, rejecting consumerist greenwashing and false opposition between employment and the environment, and reframing conflict as being between the global fossil fuel industry and global civil society. Journalists need to report in depth, not just act as stenographers for politicians and industry. It’s also vital to explore alternative media forms that can work without succumbing to market pressures. Finally, we have to recognise that radical structural change towards a post-capitalist society is the only way to effectively deal with climate change.

The second panel I attended was on Seizing Culture, Heritage, and Citizenship: Struggles Against the Appropriation of Tradition. Patrick MacInnis began with ‘Appropriating City Spaces: Exploring Practice, Process and Policy in Aboriginal Street Art’, talking about the 7th Generation Image Makers. This project aims to centre Aboriginal people and Aboriginal issues in Canadian cities, as well as providing space to explore the complexities of urban Aboriginal identity. Patrick made a distinction between ‘open access’ and ‘cultural commons’, noting that murals by the 7th Generation project are not open access in the sense of being instantly accessible to passers-by. Instead, understanding of the murals draws on cultural commons: particular symbols and histories linked to Anishinaabe culture (which are not shared between all Anishinaabe communities). It is possible to see street art as a kind of urban enchantement: it takes you out of the flow of urban life and grounds you in a specific moment, inviting an encounter which may not be easy (or even fully accessible). These murals are an attempt to reappropriate Aboriginal cultural rights, and to think about how they can relate to urban life.

A screenshot from TimeTraveller.

Eva Athanasiu followed this with ‘Survivance Stories: Aboriginal Networks of Resistance and New Media Art in Canada’. This project combines networked Aboriginal histories with digital art histories, looking at Aboriginal art communities producing digital art, such as CyberPowWow, and Abtec. Some of the critical themes emerging from this work are survivance (a continuation and ongoing transformation of culture and community), the importance of networks and networking, and the need for problem-posing education. This work is also a reminder that networks of resistance and decolonising projects are extensive and complex: moments of visible protest such as marches are supported and sustained by ongoing networks and communities.

Lauren Cruikshank, Relaxomaxoscope, 2014

Henry Svec’s artistic work at the New Brunswick Laboratory of Imaginary Media Research + Design explores media that might become real, that we dream of, and that is dead or obsolete. Henry argued that the imaginary is an important component of media history, and that it provides opportunities to explore  counterhegemonic tactical media assemblages, particularly if we focus on how are our attempts to think the impossible are coralled or blocked by our society.

Lourdes Morales ended the session with ‘Digital Citizen Strategies: The Present Case of the Mexican Movement for Peace’. She traced some of the effects of the Mexican government’s ‘War on Drugs’, a process of militarised policing which has done little to address the underlying political corruption that sustains the drug trade, while at the same time leading to huge increases in homicides, kidnapping (levantón), extortion, and missing people. In this context, people are trying to develop forms of communication which can help them survive. #Red132NoEstanSolos is one example of this:  it’s a network of parents trying to support the political activities of their children. For example, when police surround protesters, parents walking at the back of the protest will try to stay in touch with them. The network also distributes information on what to do in cases of arbitrary detention. These efforts are dangerous, with many of those who are involved being murdered. Surveillance technologies like Kingfisher have been found on servers in Mexico, not run by the government but by private security companies, and these expose people to the risk of violence. Nevertheless, communities continue to build resistance, producing cartographies that map the risks around them and potential strategies for avoiding or managing them. Fear and anger work as a productive power (potenza) in these efforts.

The Struggles over Digital Technologies began with Sherry Yu’s work on ‘Ethnic Media and New Media Technologies’. Sherry pointed out that often when we raise concerns about media centralisation, we turn to alternative media (and noting this makes it clear to me how often our visions of ‘alternative media’ are very white, and very Anglocentric). Ethnic media (media by and for immigrants) can be an important form of alternative media that deserves more attention. It is frequently both diasporic and hyperlocal, with a focus on revenue generation rather than intercultural communication strategies. This is because the political economy of an analogue era continues within ethnic media.

Ultra-red, Sixty Sounds of the War on the Poor, 2007–2011, image from CD insert

David Jackson followed with a discussion of Ultra-red’s work on militant sound investigations. He focused particular on a project called Structural Adjustments, which explores “the sound of the war on the poor”. Neoliberal narratives around gentrification muffle the voices of displaced communities: they don’t ask (or answer) questions about where people go once public housing is privatised, or what happens to communities that are ‘developed’. Ultra-red uses field recordings as a way to provoke, reveal, and critique neoliberal framings, using listening as a political tool to make community voices audible. By sonically organising the social field Ultra-red is attempting to reconfigure space and find strategies to oppose oppression in the form of ‘development’. Listening can become a tool, an empathic practice that roots the body in the world.

Elise Thorburn raised some important provocations around the ways in which surveillance studies, as a field, tends to be structured by whiteness and a non-intersectional approach. While there’s a growing narrative around a tide of surveillance’ washing over all of us, it’s vital to recognise that surveillance targets particular bodies. Similarly, while critical discussions of digital technologies occasionally touch on the ways these are used within prisons, this is mostly as a mere footnote, or otherwise the prison is discussed purely as a metaphor. However, the prison abolition movement is a key site for anti-authoritarian politics today; we need to think more deeply about the ways in which digital technologies are used in (and move out from) systems of surveillance and control in prisons. We also need to be aware of the links between carceral and extra-carceral spaces: Elise mentioned catering companies that serve both prisons and many North American universities, and in the Australian context it’s hard not to think of the spreading influence of SERCO and G4S. A closer examination of the role of digital technologies in the prison system can be a vital starting-point to recognising potentials for resistance and struggle.

Finally, Andrew Mestrinaro argued for understanding Silk Road as a heterotopia, a space of counter-cultural community and otherness, which has both elements of shared experience and is, at the same time, placeless. This raises some interesting contradictions, as it’s both a place of deviance and privilege (requiring particular knowledge and technologies to access it).
The final panel looked at feminist activism and pedagogies, with most panellists coming from FemTechNet. Melissa Meade and Cricket Keating opened with a talk on shifting “from ‘Do it Yourself’ to ‘Doing With Others'”. This work explored a Distributed Open Collaborative Course (DOCC) launched 2015, a feminist response to MOOCs. Melissa and Cricket collaborated on a shared syllabus with overlapping assignments and readings. While they started with a DIY ethos, they began to move beyond individualist expressions of identity and isolated and isolating digital practices, thinking instead about connected learning. This also requires thinking carefully about issues to do with solidarity and coalition, remembering that we should not confuse home (a place of comfort) and coalition (which is often deeply uncomfortable). There was also some useful reflection on the discomfort and ambivalence with students’ preferred technologies [for more on this, I recommend my and other chapters in An Education in Facebook?]. I enjoyed the prompts from the FemTechNet manifesto, including: “Collaboration is a feminist technology”, “Care is a feminist technology”, “Irony, comedy, making a mess, and gravitas are feminist technologies.” It feels reassuring to see these ideas (and these emotions) centred, when they are so often absent from academia.

Joan Donovan followed with ‘What is a Broadcast? Activist Archives and Transmedia Storytelling’, talking about the role of livestreaming in protests. Livestreamers and citizen journalists covering protests on Twitter or other platforms strengthen connections between what could be considered discrete events. While new people might emerge covering each event, there are also networks of people who travel between protests, building narratives (and also sharing knowledge with each other about the technology they’re using). Livestreamers are not just a tether between the streets and online networks: online networks also provide useful information back to the streets as people share knowledge. (Tim and I have also written a bit about this as it relates to #oo).

KJ Surkan spoke about his experience ‘Hacking the Global Map: Connected Cartography in the Feminist Classroom’.  The FemTechNet Situated Knowledges Map is a way of working with feminist practices of mapping, recognising that “maps are active…they exercise power”. This is an experiment in thinking about the relationship between space, place, mobility, and knowledge production and circulation. Asking students to pin a google map with places that are significant to them and add narratives helps to explore issues through situated knowledges. This doesn’t always go smoothly, but important dialogue develops between pins as students question each others’ frames and add nuance.

This was a great session – I’m really glad my talk got put in and gave me a change to connect my current work with FemTechNet perspectives. I’m looking forward to exploring the FemTechNet site for some upcoming projects.


Sociological ImagesDisappointment in Women’s Real Faces

Most women in the U.S. go to considerable lengths to consistently protect the majority of men from their unmasked faces (it’s a “disguise,” remember?). Comedian Amy Schumer wonders what might happen if men saw the real us…

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="https://www.youtube.com/embed/fyeTJVU4wVo" width="560"></iframe>

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

,

Planet Linux AustraliaDavid Rowe: SM1000 Part 13 – Shipping!

The enclosure has arrived from the new manufacturer! Edwin and team at Dragino are now assembling, testing, and shipping the first batch of 100 SM1000s. We plan to ship all Aliexpress pre-orders in week starting 3 May, Australian orders the week starting 10 May.

We have sold almost all of the first batch just in pre-orders! Rick and Edwin have already started work on the next batch of 100, making some small changes to help production.

It is remarkable just how long the “little details” take to work out when putting a product into production. I had the prototype SM1000 working in September, and the first revision of the case was ready before Christmas. Things always take longer than you expect. Oh well, we have made it in the end. We are shipping about 14 months after Rick and I started work on the project, which is not bad for any product I guess. Thanks so much Rick and Edwin!

SM1000 Support

For SM1000 support please post to the Codec 2 mailing list, that way we can all share the information. We’ll publish some SM1000 user guide information over the next few weeks. Maybe a wiki, so you can all join in. I really want this to be a community project.

FreeDV News

In other FreeDV news I’ve been working hard on a new “negative SNR” FreeDV mode that will find it’s way into the SM1000 and other FreeDV platforms later this year. So far I’ve developed a prototype 650 bit/s version of Codec 2 and Octave/C versions of a new coherent PSK HF modem with frequency diversity which greatly helps HF fading channel performance. I am currently being frustrated by HF modem frequency offset estimation (yet again!) but I’ll get there eventually. Other parts of the new coherent PSK HF modem are working really well.

In the VHF space, Brady KC9TPA, has been working hard on a design and PCB layout for a prototype VHF radio that can run FreeDV and demonstrate our advanced new ideas for VHF Digital Voice. Wish I was building radios too but I’m knee deep in DSP code!

Dayton 2015

Rick will be attending the Dayton Hamfest and presenting a talk on the SM1000, and will have a bunch of SM1000s for you to play with. Mel, Bruce and team will have a booth at Dayton with FreeDV and the SM1000 on display – thanks guys for all your efforts and kind support.

Planet DebianEriberto Mota: Upload to jessie-backports from Debian Jessie stable

Today, trying upload to jessie-backports from a Jessie jail, I got this message from dput-ng:

 $ dput netdiscover_0.3beta7~pre-2~bpo8+1_amd64.changes
Uploading netdiscover using ftp to ftp-master (host: ftp.upload.debian.org; directory: /pub/UploadQueue/)
running allowed-distribution: check whether a local profile permits uploads to the target distribution
`jessie-backports' not in the codename group

To solve this problem, you can edit the /usr/share/dput-ng/codenames/debian.json file and add jessie-backports here:

 "backport": [
 "stable-backports",
 "oldstable-backports",
 "jessie-backports",
 "wheezy-backports",
 "squeeze-backports"
 ],

I hope this help someone.

 

Planet DebianNeil Williams: vmextract – userspace VM helper

In my previous post, I covered how to extend an initramfs to serve as a basis for tests and other purposes. In that example, the initramfs was simply copied off a device after installation. It occurred to me that python-guestfs would be a useful tool to make this step easier. So I’ve written the vmextract helper which is currently in the vmdebootstrap upstream git and will make it into the next release of vmdebootstrap for Debian (0.7).

Once vmdebootstrap has built an image, various files can be generated or modified during the install operations and some of these files can be useful when testing the image or packages which would be included in an updated image, before release. One example is the initrd built by the process of installing a Debian kernel. Rather than having to mount the image and copy the files manually, the vmextract helper can do it for you, without needing root privileges or any special setup.

$ /usr/share/vmdebootstrap/vmextract.py --verbose --boot \
  --image bbb/bbb-debian-armmp.img \
  --path /boot/initrd.img-3.14-2-armmp \
  --path /lib/arm-linux-gnueabihf/libresolv.so.2

This uses python-guestfs (which will become a Recommended package for vmdebootstrap) to prepare a read-only version of the image – in this case with the /boot partition also mounted – and copies files out into the current working directory.

Note the repeating use of --path to build a list of files to be copied out. To copy out an entire directory (and all sub-directories) as a single tarball, use:

$ /usr/share/vmdebootstrap/vmextract.py --verbose --boot \
  --image bbb/bbb-debian-armmp.img \
  --directory /boot/ \
  --filename bbb-armmp-boot.tgz

If --filename is not specified, the default filename is vmextract.tgz.

(vmextract uses gzip compression, just because.)

The other point to note is the use of the --boot option to mount the /boot partition as well as the root partition of the image as this example uses the beaglebone-black support which has a boot partition.

It’s just a little helper which I hope will prove useful – if only to avoid both the need for sudo and the need for loopback mount operations with the inherent confusion of calculating offsets. Thanks to the developers of python-guestfs for making this workable in barely 100 lines of python. It uses the same cliapp support as vmdebootstrap, so can be used silently in scripts by omitting the --verbose option.

I haven’t taken this on to the next step of unpacking the initrd and extending it, but that would just a bit of shell scripting using the files extracted by vmextract.py.

Next!

Next on the list will be extensions to vmdebootstrap to build live images of Debian, essentially adding Debian Installer to a vmdebootstrap image, which could actually be another python-guestfs helper (mounting read-write this time) to avoid adding lots more code to vmdebootstrap (which has grown to nearly 600 lines of python). That way, we can publish the bare VM images as well as a live conversion and reducing the number of times debootstrap needs to be called.

Planet DebianAndreas Metzler: balance sheet snowboarding season 2014/15

A very late start into the season, with a nice ending.

We had about zero snow until after christmas, and not just down in the valley, but also at 2000m in the mountains. My first run was therefore very late, on January 1st, followed by two short excursions (8:45 - 11:20) due to too many people on January 5th and 6th.

After that we had more than enough snow which allowed me to go to Diedamskopf most of the time (basically only natural snow there, which makes better slopes). I went there almost exclusively until they closed on Easter sunday after heavy snowfall in Holy week, and had 5 more days therafter In Dam&uumlls and Warth/Schröcken. Last run was on April 19.

Here is the balance sheet:

2005/06 2006/07 2007/08 2008/09 2009/10 2010/11 2011/12 2012/13 2013/14 2014/15
number of (partial) days25172937303025233024
Damüls10105101623104299
Diedamskopf15424231341419113
Warth/Schröcken0304131002
total meters of altitude12463474096219936226774202089203918228588203562274706224909
highscore10247m8321m12108m11272m11888m10976m13076m13885m12848m13278
# of runs309189503551462449516468597530

What does not show up here is the number of times I walked (with and without snowshoes) up the mountain and used the lift down and obviously also tobogganing.

Planet DebianPatrick Schoenfeld: Inbox: Zeroed.

E-Mail is a pest, a big time killer wasting your and my time each and every day. Of course it is also a valuable tool, one that no one can renounce. So how can it be of more use than trouble?

So far I’ve followed a no-delete policy when it comes to my mails, since space was not a problem at all. But it developed into a big nasty pile of mails, that brought regular distraction, each time I looked at my inbox. So I decided to adopt the Inbox zero concept.

Step 1: Get the pile down

My e-mails piled up since years, so I had around 10000 mails in my inbox, with some hundred being unread. I needed to get this pile down and started with the most recent mails, trying to identify clusters of mails, filtering for them and then following these steps:

  • prevent: A lot of mails I get are: newsletters and mailinglist posts (e.g. Debian lists and some open source products). For each of them, I decided if I really want them to go to my inbox. If not: unsubscribe.
  • file or delete: Do I need it for reference or should it go to trash? I trashed basically every newsletter and mail(s) for which copies exist (e.g. mailinglist posts) and archived everything where I was unsure. It doesn’t matter, really. Important is, that the inbox get’s down to zero, because that’s where you spend your daily time. Your archive folders can be as full as good as your search function is 😉

Since it wasn’t possible to decide on a course for every mail (that would be a bit like hoovering in the dessert), I did this only for the first 1000 of mails or so. All mails older than a month were marked read and moved to archive immediately after. Another approach would be to move all files to a folder called DMZ and go to step 2.

Step 2: Prepare for implanting some habits

Most mails are the opposite of good old hackish perl code: read only. They are easy to act on, when they come around: just archive or delete them.

But the rest will be what steals your time. Some mails require action, either immediately or in a while, some wait for a schedule, e.g. flight informations or reservation mails and stuff. Whatever the reason is, you want to keep them around, because they still have a purpose. There are various filing systems for those mails, most of them GTD variants. As a gmail user I found this variant, with multiple inboxes in a special gmail view, interesting and now give it a try.

One word about the archive folders. I can highly recommend to reduce the number of folders you archive to as much as possible.

Step 3: Get into habit

Now to the hard part. Get into habit with acting on your inbox. Do it regularly, maybe every hour or so and be prepared to do quick decisions.

Act on any mail immediately, which means either file/delete it, reply to it (if this is what takes less time) or “mark” it according to your filing system as prepared in step 2. And if no mails arrived, then it’s a good moment to review your marked mails if any on them can be further processed.

Now let’s see weither my inbox will still be zeroed in a month from now.

Sociological ImagesSix Decades of Increasing Partisanship in the U.S. House of Representatives

It sure seems like U.S. Democrats and Republicans are less likely to cooperate than they have been in the past and now, thanks to geographer Clio Andris and her colleagues, we can see that it’s true. They plotted six decades of voting in the House of Representatives, noting the likelihood that their vote will cross party lines.

This is your image of the week:

4

Or, here’s the long story short:

8

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianDimitri Fontaine: Quicklisp and debian

Common Lisp users are very happy to use Quicklisp when it comes to downloading and maintaining dependencies between their own code and the librairies it is using.

Sometimes I am pointed that when compared to other programming languages Common Lisp is lacking a lot in the batteries included area. After having had to package about 50 common lisp librairies for debian I can tell you that I politely disagree with that.

And this post is about the tool and process I use to maintain all those librairies.

Quicklisp is good at ensuring a proper distribution of all those libs it supports and actually tests that they all compile and load together, so I've been using it as my upstream for debian packaging purposes. Using Quicklisp here makes my life much simpler as I can grovel through its metadata and automate most of the maintenance of my cl related packages.

It's all automated in the ql-to-deb software which, unsurprisingly, has been written in Common Lisp itself. It's a kind of a Quicklisp client that will fetch Quicklisp current list of releases with version numbers and compare to the list of managed packages for debian in order to then build new version automatically.

The current workflow I'm using begins with using `ql-to-deb` is to `check` for the work to be done today:

$ /vagrant/build/bin/ql-to-deb check
Fetching "http://beta.quicklisp.org/dist/quicklisp.txt"
Fetching "http://beta.quicklisp.org/dist/quicklisp/2015-04-07/releases.txt"
update: cl+ssl cl-csv cl-db3 drakma esrap graph hunchentoot local-time lparallel nibbles qmynd trivial-backtrace
upload: hunchentoot

After careful manual review of the automatic decision, let's just `update` all what `check` decided would have to be:

$ /vagrant/build/bin/ql-to-deb update
Fetching "http://beta.quicklisp.org/dist/quicklisp.txt"
Fetching "http://beta.quicklisp.org/dist/quicklisp/2015-04-07/releases.txt"

Updating package cl-plus-ssl from 20140826 to 20150302.
     see logs in "//tmp/ql-to-deb/logs//cl-plus-ssl.log"
Fetching "http://beta.quicklisp.org/archive/cl+ssl/2015-03-02/cl+ssl-20150302-git.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/cl+ssl-20150302-git.tgz"
      md5: 61d9d164d37ab5c91048827dfccd6835
Building package cl-plus-ssl

Updating package cl-csv from 20140826 to 20150302.
     see logs in "//tmp/ql-to-deb/logs//cl-csv.log"
Fetching "http://beta.quicklisp.org/archive/cl-csv/2015-03-02/cl-csv-20150302-git.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/cl-csv-20150302-git.tgz"
      md5: 32f6484a899fdc5b690f01c244cd9f55
Building package cl-csv

Updating package cl-db3 from 20131111 to 20150302.
     see logs in "//tmp/ql-to-deb/logs//cl-db3.log"
Fetching "http://beta.quicklisp.org/archive/cl-db3/2015-03-02/cl-db3-20150302-git.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/cl-db3-20150302-git.tgz"
      md5: 578896a3f60f474742f240b703f8c5f5
Building package cl-db3

Updating package cl-drakma from 1.3.11 to 1.3.13.
     see logs in "//tmp/ql-to-deb/logs//cl-drakma.log"
Fetching "http://beta.quicklisp.org/archive/drakma/2015-04-07/drakma-1.3.13.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/drakma-1.3.13.tgz"
      md5: 3b548bce10728c7a058f19444c8477c3
Building package cl-drakma

Updating package cl-esrap from 20150113 to 20150302.
     see logs in "//tmp/ql-to-deb/logs//cl-esrap.log"
Fetching "http://beta.quicklisp.org/archive/esrap/2015-03-02/esrap-20150302-git.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/esrap-20150302-git.tgz"
      md5: 8b198d26c27afcd1e9ce320820b0e569
Building package cl-esrap

Updating package cl-graph from 20141106 to 20150407.
     see logs in "//tmp/ql-to-deb/logs//cl-graph.log"
Fetching "http://beta.quicklisp.org/archive/graph/2015-04-07/graph-20150407-git.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/graph-20150407-git.tgz"
      md5: 3894ef9262c0912378aa3b6e8861de79
Building package cl-graph

Updating package hunchentoot from 1.2.29 to 1.2.31.
     see logs in "//tmp/ql-to-deb/logs//hunchentoot.log"
Fetching "http://beta.quicklisp.org/archive/hunchentoot/2015-04-07/hunchentoot-1.2.31.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/hunchentoot-1.2.31.tgz"
      md5: 973eccfef87e81f1922424cb19884d63
Building package hunchentoot

Updating package cl-local-time from 20150113 to 20150407.
     see logs in "//tmp/ql-to-deb/logs//cl-local-time.log"
Fetching "http://beta.quicklisp.org/archive/local-time/2015-04-07/local-time-20150407-git.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/local-time-20150407-git.tgz"
      md5: 7be4a31d692f5862014426a53eb1e48e
Building package cl-local-time

Updating package cl-lparallel from 20141106 to 20150302.
     see logs in "//tmp/ql-to-deb/logs//cl-lparallel.log"
Fetching "http://beta.quicklisp.org/archive/lparallel/2015-03-02/lparallel-20150302-git.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/lparallel-20150302-git.tgz"
      md5: dbda879d0e3abb02a09b326e14fa665d
Building package cl-lparallel

Updating package cl-nibbles from 20141106 to 20150407.
     see logs in "//tmp/ql-to-deb/logs//cl-nibbles.log"
Fetching "http://beta.quicklisp.org/archive/nibbles/2015-04-07/nibbles-20150407-git.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/nibbles-20150407-git.tgz"
      md5: 2ffb26241a1b3f49d48d28e7a61b1ab1
Building package cl-nibbles

Updating package cl-qmynd from 20141217 to 20150302.
     see logs in "//tmp/ql-to-deb/logs//cl-qmynd.log"
Fetching "http://beta.quicklisp.org/archive/qmynd/2015-03-02/qmynd-20150302-git.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/qmynd-20150302-git.tgz"
      md5: b1cc35f90b0daeb9ba507fd4e1518882
Building package cl-qmynd

Updating package cl-trivial-backtrace from 20120909 to 20150407.
     see logs in "//tmp/ql-to-deb/logs//cl-trivial-backtrace.log"
Fetching "http://beta.quicklisp.org/archive/trivial-backtrace/2015-04-07/trivial-backtrace-20150407-git.tgz"
Checksum test passed.
     File: "/tmp/ql-to-deb/archives/trivial-backtrace-20150407-git.tgz"
      md5: 762b0acf757dc8a2a6812d2f0f2614d9
Building package cl-trivial-backtrace

Quite simple.

To be totally honnest, I first had a problem with the parser generator library esrap wherein the README documentation changed to be a README.org file, and I had to tell my debian packaging about that. See the 0ef669579cf7c07280eae7fe6f61f1bd664d337e commit to ql-to-deb for details.

What about trying to install those packages locally? That's usually a very good test. Sometimes some dependencies are missing at the dpkg command line, so another apt-get install -f is needed:

$ /vagrant/build/bin/ql-to-deb install
sudo dpkg -i /tmp/ql-to-deb/cl-plus-ssl_20150302-1_all.deb /tmp/ql-to-deb/cl-csv_20150302-1_all.deb /tmp/ql-to-deb/cl-csv-clsql_20150302-1_all.deb /tmp/ql-to-deb/cl-csv-data-table_20150302-1_all.deb /tmp/ql-to-deb/cl-db3_20150302-1_all.deb /tmp/ql-to-deb/cl-drakma_1.3.13-1_all.deb /tmp/ql-to-deb/cl-esrap_20150302-1_all.deb /tmp/ql-to-deb/cl-graph_20150407-1_all.deb /tmp/ql-to-deb/cl-hunchentoot_1.2.31-1_all.deb /tmp/ql-to-deb/cl-local-time_20150407-1_all.deb /tmp/ql-to-deb/cl-lparallel_20150302-1_all.deb /tmp/ql-to-deb/cl-nibbles_20150407-1_all.deb /tmp/ql-to-deb/cl-qmynd_20150302-1_all.deb /tmp/ql-to-deb/cl-trivial-backtrace_20150407-1_all.deb
(Reading database ... 79689 files and directories currently installed.)
Preparing to unpack .../cl-plus-ssl_20150302-1_all.deb ...
Unpacking cl-plus-ssl (20150302-1) over (20140826-1) ...
Selecting previously unselected package cl-csv.
Preparing to unpack .../cl-csv_20150302-1_all.deb ...
Unpacking cl-csv (20150302-1) ...
Selecting previously unselected package cl-csv-clsql.
Preparing to unpack .../cl-csv-clsql_20150302-1_all.deb ...
Unpacking cl-csv-clsql (20150302-1) ...
Selecting previously unselected package cl-csv-data-table.
Preparing to unpack .../cl-csv-data-table_20150302-1_all.deb ...
Unpacking cl-csv-data-table (20150302-1) ...
Selecting previously unselected package cl-db3.
Preparing to unpack .../cl-db3_20150302-1_all.deb ...
Unpacking cl-db3 (20150302-1) ...
Preparing to unpack .../cl-drakma_1.3.13-1_all.deb ...
Unpacking cl-drakma (1.3.13-1) over (1.3.11-1) ...
Preparing to unpack .../cl-esrap_20150302-1_all.deb ...
Unpacking cl-esrap (20150302-1) over (20150113-1) ...
Preparing to unpack .../cl-graph_20150407-1_all.deb ...
Unpacking cl-graph (20150407-1) over (20141106-1) ...
Preparing to unpack .../cl-hunchentoot_1.2.31-1_all.deb ...
Unpacking cl-hunchentoot (1.2.31-1) over (1.2.29-1) ...
Preparing to unpack .../cl-local-time_20150407-1_all.deb ...
Unpacking cl-local-time (20150407-1) over (20150113-1) ...
Preparing to unpack .../cl-lparallel_20150302-1_all.deb ...
Unpacking cl-lparallel (20150302-1) over (20141106-1) ...
Preparing to unpack .../cl-nibbles_20150407-1_all.deb ...
Unpacking cl-nibbles (20150407-1) over (20141106-1) ...
Preparing to unpack .../cl-qmynd_20150302-1_all.deb ...
Unpacking cl-qmynd (20150302-1) over (20141217-1) ...
Preparing to unpack .../cl-trivial-backtrace_20150407-1_all.deb ...
Unpacking cl-trivial-backtrace (20150407-1) over (20120909-2) ...
Setting up cl-plus-ssl (20150302-1) ...
dpkg: dependency problems prevent configuration of cl-csv:
 cl-csv depends on cl-interpol; however:
  Package cl-interpol is not installed.

dpkg: error processing package cl-csv (--install):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of cl-csv-clsql:
 cl-csv-clsql depends on cl-csv; however:
  Package cl-csv is not configured yet.

dpkg: error processing package cl-csv-clsql (--install):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of cl-csv-data-table:
 cl-csv-data-table depends on cl-csv; however:
  Package cl-csv is not configured yet.

dpkg: error processing package cl-csv-data-table (--install):
 dependency problems - leaving unconfigured
Setting up cl-db3 (20150302-1) ...
Setting up cl-drakma (1.3.13-1) ...
Setting up cl-esrap (20150302-1) ...
Setting up cl-graph (20150407-1) ...
Setting up cl-local-time (20150407-1) ...
Setting up cl-lparallel (20150302-1) ...
Setting up cl-nibbles (20150407-1) ...
Setting up cl-qmynd (20150302-1) ...
Setting up cl-trivial-backtrace (20150407-1) ...
Setting up cl-hunchentoot (1.2.31-1) ...
Errors were encountered while processing:
 cl-csv
 cl-csv-clsql
 cl-csv-data-table

Let's make sure that our sid users will be happy with the update here:

$ sudo apt-get install -f
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Correcting dependencies... Done
The following packages were automatically installed and are no longer required:
  g++-4.7 git git-man html2text libaugeas-ruby1.8 libbind9-80
  libclass-isa-perl libcurl3-gnutls libdns88 libdrm-nouveau1a
  libegl1-mesa-drivers libffi5 libgraphite3 libgssglue1 libisc84 libisccc80
  libisccfg82 liblcms1 liblwres80 libmpc2 libopenjpeg2 libopenvg1-mesa
  libpoppler19 librtmp0 libswitch-perl libtiff4 libwayland-egl1-mesa luatex
  openssh-blacklist openssh-blacklist-extra python-chardet python-debian
  python-magic python-pkg-resources python-six ttf-dejavu-core ttf-marvosym
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  cl-interpol
The following NEW packages will be installed:
  cl-interpol
0 upgraded, 1 newly installed, 0 to remove and 51 not upgraded.
3 not fully installed or removed.
Need to get 20.7 kB of archives.
After this operation, 135 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://ftp.fr.debian.org/debian/ sid/main cl-interpol all 0.2.1-2 [20.7 kB]
Fetched 20.7 kB in 0s (84.5 kB/s)
debconf: unable to initialize frontend: Dialog
debconf: (Dialog frontend will not work on a dumb terminal, an emacs shell buffer, or without a controlling terminal.)
debconf: falling back to frontend: Readline
Selecting previously unselected package cl-interpol.
(Reading database ... 79725 files and directories currently installed.)
Preparing to unpack .../cl-interpol_0.2.1-2_all.deb ...
Unpacking cl-interpol (0.2.1-2) ...
Setting up cl-interpol (0.2.1-2) ...
Setting up cl-csv (20150302-1) ...
Setting up cl-csv-clsql (20150302-1) ...
Setting up cl-csv-data-table (20150302-1) ...

All looks fine, time to sign those packages. There's a trick here, where you want to be sure you're using a GnuPG setup that allows you to enter your passphrase only once, see ql-to-deb vm setup for details, and the usual documentations about all that if you're interested into the details.

$ /vagrant/build/bin/ql-to-deb sign
 signfile /tmp/ql-to-deb/cl-plus-ssl_20150302-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-plus-ssl_20150302-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/cl-csv_20150302-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-csv_20150302-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/cl-db3_20150302-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-db3_20150302-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/cl-drakma_1.3.13-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-drakma_1.3.13-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/cl-esrap_20150302-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-esrap_20150302-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/cl-graph_20150407-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-graph_20150407-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/hunchentoot_1.2.31-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/hunchentoot_1.2.31-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/cl-local-time_20150407-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-local-time_20150407-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/cl-lparallel_20150302-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-lparallel_20150302-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/cl-nibbles_20150407-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-nibbles_20150407-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/cl-qmynd_20150302-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-qmynd_20150302-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files
 signfile /tmp/ql-to-deb/cl-trivial-backtrace_20150407-1.dsc 60B1CB4E
 signfile /tmp/ql-to-deb/cl-trivial-backtrace_20150407-1_amd64.changes 60B1CB4E
Successfully signed dsc and changes files

Ok, with all tested and signed, it's time we upload our packages on debian servers for our dear debian users to be able to use newer and better versions of their beloved Common Lisp librairies:

$ /vagrant/build/bin/ql-to-deb upload
Trying to upload package to ftp-master (ftp.upload.debian.org)
Checking signature on .changes
gpg: Signature made Sat 02 May 2015 05:06:48 PM MSK using RSA key ID 60B1CB4E
gpg: Good signature from "Dimitri Fontaine <dim@tapoueh.org>"
Good signature on /tmp/ql-to-deb/cl-plus-ssl_20150302-1_amd64.changes.
Checking signature on .dsc
gpg: Signature made Sat 02 May 2015 05:06:46 PM MSK using RSA key ID 60B1CB4E
gpg: Good signature from "Dimitri Fontaine <dim@tapoueh.org>"
Good signature on /tmp/ql-to-deb/cl-plus-ssl_20150302-1.dsc.
Uploading to ftp-master (via ftp to ftp.upload.debian.org):
  Uploading cl-plus-ssl_20150302-1.dsc: done.
  Uploading cl-plus-ssl_20150302.orig.tar.gz: done.
  Uploading cl-plus-ssl_20150302-1.debian.tar.xz: done.
  Uploading cl-plus-ssl_20150302-1_all.deb: done.
  Uploading cl-plus-ssl_20150302-1_amd64.changes: done.
Successfully uploaded packages.

Of course the same text or abouts is then repeated for all the other packages.

Enjoy using Common Lisp in debian!

Oh and remember, the only reason I've written ql-to-deb and signed myself up to maintain those upteens Common Lisp librairies as debian package is to be able to properly package pgloader in debian, as you can see at https://packages.debian.org/sid/pgloader and in particular in the Other Packages Related to pgloader section of the debian source package for pgloader at https://packages.debian.org/source/sid/pgloader.

That level of effort is done to ensure that we respect the Debian Social Contract wherein debian ensures its users that it's possible to rebuild anything from sources as found in the debian repositories.

Planet DebianDirk Eddelbuettel: Rcpp 0.11.6

The new release 0.11.5 of Rcpp arrived on the CRAN network for GNU R yesterday; the corresponding Debian package has also been uploaded.

Rcpp has become the most popular way of enhancing GNU R with C++ code. As of today, 373 packages on CRAN depend on Rcpp for making analyses go faster and further; BioConductor adds another 57 packages, and casual searches on GitHub suggests many more.

This version adds a little more polish and refinement around things we worked on previous releases to solidify builds, installation and the run-time experience. It does not bring anything new or majorrelease continues the 0.11.* release cycle, adding another large number of small bug fixes, polishes and enhancements. As always, you can follow the development via the GitHub repo and particularly the Issue tickets and Pull Requests. And any discussions, questions, ... regarding Rcpp are always welcome at the rcpp-devel mailing list.

See below for a detailed list of changes extracted from the NEWS file.

Changes in Rcpp version 0.11.6 (2015-05-01)

  • Changes in Rcpp API:

    • The unwinding of exceptions was refined to protect against inadvertent memory leaks.

    • Header files now try even harder not to let macro definitions leak.

    • Matrices have a new default constructor for zero-by-zero dimension matrices (via a pull request by Dmitrii Meleshko).

    • A new empty() string constructor was added (via another pull request).

    • Better support for Vectors with a storage policy different from the default, i.e. NoProtectStorage, was added.

  • Changes in Rcpp Attributes:

    • Rtools 3.3 is now supported.

Thanks to CRANberries, you can also look at a diff to the previous release As always, even fuller details are on the Rcpp Changelog page and the Rcpp page which also leads to the downloads page, the browseable doxygen docs and zip files of doxygen output for the standard formats. A local directory has source and documentation too. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet DebianDirk Eddelbuettel: RcppArmadillo 0.5.100.1.0

A new minor release 5.100.1 of Armadillo was released by Conrad yesterday. Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab.

Our corresponding RcppArmadillo release 0.5.100.1.0 also reached CRAN and Debian yesterday. See below for the brief list of changes.

Changes in RcppArmadillo version 0.5.100.1.0 (2015-05-01)

  • Upgraded to Armadillo release 5.100.1 ("Ankle Biter Deluxe")

    • added interp1() for 1D interpolation

    • added .is_sorted() for checking whether a vector or matrix has sorted elements

    • updated physical constants to NIST 2010 CODATA values

Courtesy of CRANberries, there is also a diffstat report for the most recent CRAN release. As always, more detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet Linux AustraliaClinton Roy: clintonroy


Under a week to go – closes Friday 8th May

With just under a week to go until the PyCon Australia 2015 Call for Proposals closes, we thought it would be a good idea to give everyone an update and a reminder. We’re very happy with the proposals we’ve already received, but we’re eager to receive more! We hope our proposal writing working bees in Brisbane have been of help, and hope to roll them out to more cities next year. If you’ve got any questions please get in touch (numerous contact details are up on pycon-au.org). We would like to give a special shout out for the Education MiniConf, which is new this year: if you know people teaching and using computing in the education realm, please forward this CFP on.

The deadline for proposal submission is Friday 8th May, 2015.


Conference

The conference this year will be held on Saturday 1st and Sunday 2nd August 2015 in Brisbane. PyCon Australia attracts professional developers from all walks of life, including industry, government, and science, as well as enthusiast and student developers. We’re looking for proposals for presentations and tutorials on any aspect of Python programming, at all skill levels from novice to advanced.
Presentation subjects may range from reports on open source, academic or commercial projects; or even tutorials and case studies. If a presentation is interesting and useful to the Python community, it will be considered for inclusion in the program.
We’re especially interested in short presentations that will teach conference-goers something new and useful. Can you show attendees how to use a module? Explore a Python language feature? Package an application?

Miniconfs

Four Miniconfs will be held on Friday 31st July, as a prelude to the main conference. Miniconfs are run by community members and are separate to the main conference. If you are a first time speaker, or your talk is targeted to a particular field, the Miniconfs might be a better fit than the main part of the conference. If your proposal is not selected for the main part of the conference, it may be selected for one of our Miniconfs:
DjangoCon AU is the annual conference of Django users in the Southern Hemisphere. It covers all aspects of web software development, from design to deployment – and, of course, the use of the Django framework itself. It provides an excellent opportunity to discuss the state of the art of web software development with other developers and designers.
The Python in Education Miniconf aims to bring together community workshop organisers, professional Python instructors and professional educators across primary, secondary and tertiary levels to share their experiences and requirements, and identify areas of potential collaboration with each other and also with the broader Python community.
The Science and Data Miniconf is a forum for people using Python to tackle problems in science and data analysis. It aims to cover commercial and research interests in applications of science, engineering, mathematics, finance, and data analysis using Python, including AI and ‘big data’ topics.
The OpenStack Miniconf is dedicated to talks related to the OpenStack project and we welcome proposals of all kinds: technical, community, infrastructure or code talks/discussions; academic or commercial applications; or even tutorials and case studies. If a presentation is interesting and useful to the OpenStack community, it will be considered for inclusion. We also welcome talks that have been given previously in different events.

First Time Speakers

We welcome first-time speakers; we are a community conference and we are eager to hear about your experience. If you have friends or colleagues who have something valuable to contribute, twist their arms to tell us about it! Please also forward this Call for Proposals to anyone that you feel may be interested.

The most recent call for proposals information can always be found at: pycon-au.org/cfp

See you in Brisbane in July!

Important Dates

Call for Proposals opens: Friday 27th March, 2015
Proposal submission deadline: Friday 8th May, 2015
Proposal acceptance: Monday 25 May, 2015


Filed under:
Uncategorized

Planet DebianNiels Thykier: The release of Debian Jessie from an RM’s PoV

It was quite an experience to partake in the Jessie release – and also a rather long “Saturday”.  This post is mostly a time line of how I spent my release day with doing the actual release.  I have glossed over some details – the post is long enough without these. :)

We started out at 8 (UTC) with a final “dinstall” run, which took nearly 2 hours.  It was going to take longer, but we decided to skip the synchronisation to “coccia.debian.org” (the server hosting the DD-accessible mirror of release.debian.org).

The release itself started with the FTP masters renaming the aliases of Squeeze, Wheezy and Jessie to oldoldstable, oldstable and stable respectively.   While they worked, the release team reviewed and double checked their work.  After an hour (~11), the FTP masters reported that the stable releases were ready for the final review and the SRMs signed the relevant “Release” files.

Then the FTP masters pushed the stable releases to our CD build server, where Steve McIntyre started building the installation images.  While Steve started with the CDs, the FTP masters and the release team continued with creating a suite for Stretch.  On the FTP/release side, we finished shortly before 12:30.  At this point, our last ETA from Steve suggested that the installation media would take another 11 and a half hours to complete.  We could have opened for mirror synchronisation then, but we decided to wait for the installation media.

At 12:30, there was a long “intermission” for the release team in the release process.  That was an excellent time to improve some of our tools, but that is for another post. :)

We slowly started to resume around 22:20, where we tried to figure out when to open for the mirror synchronisation to time it with the installation media.  We agreed to start the mirror sync at 23:00 despite the installation media not being completely done then.  They followed half an hour later, when Steve reported that the last CD was complete.

At this point, “all” that was left was to update the website and send out the press announcement.  Sadly, we were hit by some (minor) issues then.  First, I had underestimated the work involved in updating the website. Secondly, we had no one online at the time to trigger an “out of band” rebuild of the website.  Steve and I spent an hour and a half solving website issues (like arm64 and ppc64el not being listed as a part of the release).  Unsurprisingly, I decided to expand our the “release checklist” to be slightly more verbose on this particular topic.

My “Saturday” had passed its 16th hour, when I thought we had fixed all the website issues (of course, I would be wrong) and we would now just be waiting for the an automatic rebuild.  I was tempted to just punt it and go to bed, when Paul Wise rejoined us at about 01:25.  He quickly got up to speed and offered to take care of the rest.  An offer I thankfully accepted and I checked out 15 minutes later at 01:40 UTC.

That more or less covers the Jessie release day from my PoV.  After a bit of reflection inside the release team, we have found several points where we can improve the process.  This part certainly deserves its own post as well, which will also give us some time to flesh out some of the ideas a bit more. :)


Filed under: Debian, Release-Team

Planet Linux AustraliaMaxim Zakharov: Fitbit and Android Lollipop

If you use FitBit tracker with a smartphone which has been recently undated to Android 5.0 Lollipop, you might faced the same problem as me - the Fitbit app has stopped synching with the tracker.

Surprisingly there are a lot of people complaining online or even raging in putting one star rating to the app in Google Play. However, the solution which helped me: uninstall and reinstall the app, is mentioned on the FitBit Help web-site, and it takes around a minute to remove and reinstall the app.

Sky CroeserUDC2015 Circuits of Struggle, Day 1: the World Forum of Free Media, community media in Oaxaca, Activating bodies, State violence, and an early night

Montserrat Boix, Media, politics and civil rights Tunisia 2015 World Social Forum Casa do Brasil

The first session, with Stéphane Couture, Gretchen King, and Sophie Toupin of McGill University, looked at the World Forum of Free Media (WFFM) and the Charter of Free Media. This discussion touched on some of the issues I’ve felt myself around the World Social Forum, including its institutionalisation. However, the panellists noted that their experience of the 2015 Forum was that there was space (often outside of official scheduling) for important collaborations. Gretchen talked about some of the debates that informed the development of the Charter, and I particularly liked her point that ‘hegemonic’ media is a better term than ‘mainstream’ media: we want alternatives that challenge existing power structures and narratives, and that means that we do want some independent media to become mainstream, in the sense of being broadly accessible and reaching a wide audience. On a related point, both Sophie and Gretchen spoke about the need to create bridges between different communities: hackers, media activists, feminists, queer activists, and others. Often, the cultures within these groups may be different (even when they overlap), but there’s a need to find ways to collaborate (and, as Stephane says, there’s also a need for this to be fun). As the 2016 WSF approaches, there’s a hope that activists in Montreal can work to set up autonomous infrastructures, including mesh networks, that will not only be a resource for the forum but also continue afterwards, and be a space for people to learn how to set these up themselves.

I missed the second panel to go to the #SOSblakAustralia protest at the Australian embassy, although I didn’t manage to find the other protesters. Hopefully they made it there at some point!

Alejandro Linares Garcia, Tequio by Jose Marcos Zenteno Aguayo at the Alebrije Parade of the Museo de Arte Popular, Mexico City

The lunchtime talk, by Loreto Bravo and Peter Bloom, looked at community radio stations and cellphone networks in Oaxaca, Mexico. The growth of indigenous media in Oaxaca comes out of the specific history of the area, and a form of community governance and social reproduction that Floriberto Díaz, Jaime Martínez Luna, and others have called comunalidad. Comunalidad includes a concept of communities linked to specific territories; structures of community governance rooted in traditional law and community assemblies rather than representative politics; community work (tequio) which all community members must contribute to, even if overseas; and festivals that build connections and allow people to build their organising skills.

Loreto talked about the ways in which women have lead community media initiatives since the 2006 protests in Oaxaca, when a group of women took over the mainstream TV station, Channel 9, living inside the station for a month, as well as 12 radio stations. After 2006, many local radio stations have started in the area, with people talking about their own issues in their languages, but the challenge is to provide education in relevant technology-especially free software-to allow them to appropriate it. This means not just how to use computers and mixers, but also how to fix radio transmitters and other hardware problems.

Peter’s talk focused on Rhizomatica‘s work setting up autonomous GSM networks, at first working with people from community radios and extending those networks and then building cellular networks for communities from scratch. Rhizomatica can do this much more cheaply than major cellular providers, at a cost that communities can fund themselves, which also makes it much cheaper to make and receive calls. However, all of this was done illegally at first: only .14% of the spectrum is available to freely use without permission, and Rhizomatica set up community networks before getting permission. Usually, all of the spectrum is sold off to the highest bidder often for billions of dollars). Rhizomatica was lucky in that the Mexican government had a portion of unused spectrum, and gave retrospective permission for it to be used. It’s important to think about how to set up networks that can be defended from attacks by the state or capital: in the case of these cellular networks, there are 19 different networks, one in each community, and they network but would have to be shut down individually. If the government tried it then communities wouldn’t cooperate, and the government would then also need to answer questions about their failure to provide coverage.

There were also some hints at the challenges involved in how these networks are run and might reproduce existing structural inequalities. Hosting communications data (such as records of calls) within the community may allow people to escape external surveillance. However, it can also expose at-risk groups to surveillance within the community: Peter noted that men had asked him, “what if someone calls my wife while I’m out? How will I know?” Loreto also talked about the ways in which women’s work with community radio might strain their financial resources, create problems with childcare, and expose them to the risk of paramilitary attack.

The Women Stayed: the untold story of the Euromaidan

The Women Stayed: the untold story of the Euromaidan

The panel on Activating Bodies In/to Digital Media Networks: Materiality, Narratives and Molotov Cocktails began with Marusya Bociurkiw’s work on feminist involvement in the Euromaidan movement. She talked about the absolute necessity of combining digital research with embodied research (which we’ve also argued for here and here). Marusya said that her initial ideas about the importance of social media in the protests were challenged once she travelled to Ukraine: Facebook and Twitter mattered, but it was the massed bodies on the ground, people’s willingness to face risks for their beliefs, that made the real difference. Her documentary focused on the Women’s Battalion, which started on Facebook but was used to organise actions on the ground.

I liked Laura Forlano’s discussion of the ways in which her diabetes diagnosis prompted her reflections on ‘Hacking the Feminist Body: Media, Materiality and Things’. Laura critiqued the ways in which hacker/maker identities are constructed, and suggested that a feminist hacker ethic would be built on a deeply personal reflective practice. Rather than making sweeping revolutionary calls for openness based on false discourses of meritocracy, feminist hacker ethics would be based on our own hybrid modes of existence. This also needs to create interventions into the capitalist cycle of consumption.

bodywirelessMél Hogan’s ‘Electromagnetic Soup: EMFs, Bodies, and Surveillance’ built on these themes, opening with a discussion of the invisibility of how wireless data transfers and is stored. Cell phones become an extension of our bodies, our brains, and also our privacies, and this is an embodied process: we hold phones carry, them, expose our voices to them, and the hardware we use is produced and discarded in processes which are often tremendously environmentally damaging. This opens up questions of ownership and responsibility that are rarely addressed, including issues about how our bodies might interact with the electromagnetic fields that increasingly surround us.

The final presentation in the panel, from Mary Elizabeth Luka, looked at the CRTC consultation process around ‘Let’s talk TV’ and the ways in which rhetorics of consultation and collaboration are frequently undermined by an emphasis on the ‘citizen-consumer’. There’s an assumption that a more “competitive” television model will automatically benefit consumers, but this is often in opposition to the idea of media as a public good that facilitates (and is facilitated by) citizen engagement.

The final panel, Policing the Populace: Corporate Media, Social Media and the Mobilization of State Violence against Racialized Minorities, is topical at the moment. I’m glad that many of the presenters addressed their own personal standpoints with regard to state violence: it feels surreal, sometimes, for presentations on such deep issues to be presented at such a distance from our lives. I can understand the impulse, though, both for those privileged enough not to be personally affected and for those whose lives are shaped by the threat or actuality of violence, and of course do it myself (since it’s often hard to overcome this academic training in a pretence at ‘objectivity’).

Elsipogtog land defender Annie Clair (centre) is fighting legal charges

Derek Antoine and Miranda J. Brady talked about the media discourses around the Elsipogtog struggle, contrasting mainstream media representations with those from the Halifax media co-op. Mainstream media coverage of Indigenous issues in Canada shifts between a binary of ‘noble or ignoble savages’, with Native peoples positioned as outside of the Western narrative of technology and progress. Struggles like those at Elsipogtog are presented as issues of law and order, or of well-intentioned but naive groups resisting technological progress. In contrast, the Halifax media co-op contextualised this struggle with reference to a history of colonialism, settler violence, broken treaties, and Indigenous resistance, as well as highlighting the processes of organising and deliberation happening around the Elsipogtog protests.

We the protesters

We the protesters

Chenjerai Kumanyika followed with ‘Beyond Techno-Utopianism: The Twitter Activism of @OpFerguson’. He argued that @OpFerguson, as well as being a valuable tool for organising, has also served as a key archive of the Black Lives Matter movement. Kumanyika said that while there are valid concerns around ‘Twitter activism’, these should not centre on whether it displaces on-the-ground work, but rather on the various ways in which capitalist platforms like Twitter and their media ecologies rely on systems of racial inequality and environmentally-unsustainable production and disposal. We also need to remember that while we often think of social media as authentic, what we see is mediated by algorithms and other aspects of the platforms. Nevertheless, @OpFerguson has served important important functions for organisers, providing counter-news information, promoting offline efforts, fundraising, representing and building solidarity, and also playing a role in consolidating leadership. Accounts like @OpFerguson can also help share attention for new waves of organising.

Aziz Douai and Julianne Condon spoke on ‘Police Brutality in the Age of New Media: Online Audiences and the Framing of Police Use of Force against Racial Minorities in Canada’, focusing on the 2013 police shooting of Sammy Yatim. They noted that while the Toronto Sun’s coverage of the shooting was conservative, erasing issues of structural inequality and framing the killing as a law and order issue, a significant proportion of users rejected this narrative in their comments. Instead, readers provided counter-framing, citing issues with systemic racism and police inability to deal with mental health issues.

Finally, Doug Tewksbury spoke on ‘Social Media, Shared Empathy, and Online-Offline Interconnectedness among Ferguson Protesters’. He talked about the ways in which social media can build community, interacting with offline interactions. He drew on Kirsty Robertson’s work on tear gas epiphanies: moments of embodied togetherness and a shared rejection of the disciplinary system (unevenly) imposed on them. (Which for me also suggests moments in which relatively-privileged protesters become aware of state violence that’s a part of others’ everyday experiences.) Social media can bolster the togetherness that comes out of these moments, allowing people to share ideas, knowledge, narratives, and also feelings that are necessary to create movements.

Sadly, I’ve missed the night’s keynote from Astra Taylor – it looks amazing, but 9am-9pm is too many hours of conference for me, so I’ll console myself with reading a little more of her excellent book tonight.


,

CryptogramFriday Squid Blogging: Ceramic Squid Planters

Planet DebianClint Adams: This is an example of fair use.

Geek FeminismThe physical layer, the network layer, the linkspam layer (1 May 2015)

  • Why some men pretend to work 80 hours a week | Harvard Business Review: “Many of these men acted on their feelings, finding different ways to resist the firm’s expectations that they be ideal workers. How they resisted shaped their futures at the firm in important ways: some men made small, under-the-radar changes to their work that allowed them to pull back, while still “passing” as the work-devoted superheroes the firm valued. Others were more transparent about their difficulties, and asked the firm for help in pulling back. Their efforts resulted in harsh penalties and marginalization.
  • Interactive exhibit features two decades of female game developers | Kill Screen – Videogame Arts & Culture.: ““Women created this industry,” Alex Handy, founder and director of a California digital art museum, told me via email. “From the imagination and creativity of Roberta Williams, to the technical skill of Carol Shaw, to the leadership skills of Amy Henning, women are an integral part of the history of video games.” Now, a new exhibit in Oakland, California, honors the legacy of Williams, Shaw, Henning and five other female developers. “Women in Game Development” opened April 12 at the Museum of Art and Digital Entertainment and is expected to run through the summer, said MADE founder Handy.”
  • The Police State is already here. | mathbabe: “Take a look at this incredible Guardian article written by Rose Hackman. Her title is, Is the online surveillance of black teenagers the new stop-and-frisk? but honestly that’s a pretty tame comparison if you think about the kinds of permanent electronic information that the police are collecting about black boys in Harlem as young as 10 years old.”
  • Online Troll Urges Game Developer Rachel Bryk To Commit Suicide: [CW: Suicide, harassment, abuse, transphobia] “Over the past two years, Bryk had become one of the most prominent game developers on a software project called Dolphin. She was well-known for her work on Gamecube and Wii emulators—her favorite being Pucca’s Kisses. Despite her beloved status in online gaming communities, Bryk commented on a popular 4chan forum that she was withdrawing from various sites because she suffered constant, trans-phobic harassment. After her death, word quickly spread throughout these communities, and forums were flooded with memorial posts in her honor, and tributes to her work and collaborative nature.”
  • It’s a man’s world – for one peer reviewer, at least | Retraction Watch: “Fiona Ingleby, a postdoc in evolutionary genetics at the University of Sussex in the United Kingdom, co-wrote an article on gender differences in the transition from PhD-dom to postdoc land and submitted it to a journal for consideration. What she heard back was lamentably ironic — and grossly sexist.”
  • Minecraft, Temple Run: Video game characters don’t have to default to male | Slate: “Fans of Minecraft—especially girls—have long felt frustrated that the only default character available in the popular building game is a man. Now, the game’s programmers have announced that players will get a lady option.”
  • How to Attract Female Engineers | NYTimes.com: “Women seem to be drawn to engineering projects that attempt to achieve societal good. Curious to learn whether that was true at other universities, my colleagues and I contacted the dozens of universities that have programs aimed at reducing global poverty and inequality. What we found was consistent and remarkable.”
  • Crash Course: An apology to the transgender community | Slate.: “But what you don’t get to decide is what offends others, especially in a group you’re not a part of.”
  • Game of Fear: The Story Behind GamerGate | Boston Magazine : [Strong CW: Gamergate, Stalking, Abuse, Harassment] “What if a stalker had an army? Zoe Quinn’s ex-boyfriend was obsessed with destroying her reputation—and thousands of online strangers were eager to help.”
  • Boots or Heels: My Wardrobe Paradox as a Woman in STEM | Scientific American Blogs: “I feel like I have found a balance again, partly as a result of being surrounded by so many STEM women in my daily life who are so different. Some love to bake, some love makeup and fancy shoes, some raise their own chickens, some are avid rock climbers, some sew their own clothes, and some have a collection of super hero costumes. But when we are together, no one questions our intellectual ability or commitment to science.”
  • The Recompiler: a magazine about technology | Indiegogo: “The Recompiler will invite writers and artists who work and play with technology to share what they know: how do things work? who builds what? how much can we take apart, and what will it look like to rebuild our technology and make it better? We’ll do this through a quarterly print and online magazine. As a subscriber, you will be a part of our learning community.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

CryptogramDigital Privacy Public Service Announcement

I thought this was very well done.

Planet DebianDaniel Kahn Gillmor: Preferred Packaging Practices

I just took a few minutes to write up my preferred Debian packaging practices.

The basic jist is that i like to use git-buildpackage (gbp) with the upstream source included in the repo, both as tarballs (with pristine-tar branches) and including upstream's native VCS history (Joey's arguments about syncing with upstream git are worth reading if you're not already convinced this is a good idea).

I also started using gbp-pq recently -- the patch-queue feature is really useful for at least three things:

  • rebasing your debian/patches/ files when a new version comes out upstream -- you can use all your normal git rebase habits! and
  • facilitating sending patches upstream, hopefully reducing the divergence, and
  • cherry-picking new as-yet-unreleased upstream bugfix patches into a debian release.

My preferred packaging practices document is a work in progress. I'd love to improve it. If you have suggestions, please let me know.

Also, if you've written up your own preferred packaging practices, send me a link! I'm hoping to share and learn tips and tricks around this kind of workflow at debconf 15 this year.

LongNowNeal Stephenson at The Interval: May 21, Book Signing and Livestream

Neal Stephenson at The Interval on May 21, 02015; photo by Kelly O'Connor
Neal Stephenson speaks at The Interval on May 21, 02015. Photo by Kelly O’Connor

Best-selling author Neal Stephenson will visit The Interval at Long Now in San Francisco to read from and sign his new book in a special daytime event: 12:30 to 2pm on Thursday May 21, 02015.

The talk itself is sold out but Long Now members can hear Neal live on May 21 via the Long Now member website. Neal is making two other appearances in the Bay Area, and we are thrilled that he is including The Interval in his tour.

You can join more than 6500 long-term thinkers around the world as a Long Now member

Signed copies of SEVENEVES can be pre-ordered to pick up the day of Neal’s reading. Book sales benefit Long Now and the Friends of the San Francisco Library. Pre-ordered books can be picked up at Readers Bookstore near The Interval. We will not be shipping books. More details here.

Neal Stephenson's SEVENEVES at The Interval on May 21, 02015

SEVENEVES comes out on May 19th. Here’s what Neal has to say about his new book:

SEVENEVES is a very old project; I first started thinking about it when I was working at Blue Origin, probably circa 2004. The kernel around which the story nucleated was the space debris problem, which I had been reading about, both as a potential obstacle to the company’s efforts and as a possible opportunity to do something useful in space by looking for ways to remediate it

You can read the beginning of SEVENEVES on Neal’s site.

Long Now’s co-founder Stewart Brand will host this event and talk with him onstage after the reading. Stewart Brand, Ryan Phelan, and Long Now’s Revive and Restore project are acknowledged by Neal for providing useful background for SEVENEVES.

This will be Neal Stephenson’s first visit to The Interval. We are honored that Neal was one of the earliest donors to our Interval ‘brickstarter’ as well. And we can’t wait to show him Long Now’s new home in San Francisco.

CryptogramEars as a Biometric

It's an obvious biometric for cell phones:

Bodyprint recognizes users by their ears with 99.8% precision with a false rejection rate of only 1 out of 13.

Grip, too.

News story.

EDITED TO ADD: I blogged this in 2011.

Planet DebianPetter Reinholdtsen: What would it cost to store all phone calls in Norway?

Many years ago, a friend of mine calculated how much it would cost to store the sound of all phone calls in Norway, and came up with the cost of around 20 million NOK (2.4 mill EUR) for all the calls in a year. I got curious and wondered what the same calculation would look like today. To do so one need an idea of how much data storage is needed for each minute of sound, how many minutes all the calls in Norway sums up to, and the cost of data storage.

The 2005 numbers are from digi.no, the 2012 numbers are from a NKOM report, and I got the 2013 numbers after asking NKOM via email. I was told the numbers for 2014 will be presented May 20th, and decided not to wait for those, as I doubt they will be very different from the numbers from 2013.

The amount of data storage per minute sound depend on the wanted quality, and for phone calls it is generally believed that 8 Kbit/s is enough. See for example a summary on voice quality from Cisco for some alternatives. 8 Kbit/s is 60 Kbytes/min, and this can be multiplied with the number of call minutes to get the storage requirements.

Storage prices varies a lot, depending on speed, backup strategies, availability requirements etc. But a simple way to calculate can be to use the price of a TiB-disk (around 1000 NOK / 120 EUR) and double it to take space, power and redundancy into account. It could be much higher with high speed and good redundancy requirements.

But back to the question, What would it cost to store all phone calls in Norway? Not much. Here is a small table showing the estimated cost, which is within the budget constraint of most medium and large organisations:

YearCall minutesSizePrice in NOK / EUR
200524 000 000 0001.3 PiB3 mill / 358 000
201218 000 000 0001.0 PiB2.2 mill / 262 000
201317 000 000 000950 TiB2.1 mill / 250 000

This is the cost of buying the storage. Maintenance need to be taken into account too, but calculating that is left as an exercise for the reader. But it is obvious to me from those numbers that recording the sound of all phone calls in Norway is not going to be stopped because it is too expensive. I wonder if someone already is collecting the data?

Planet DebianLisandro Damián Nicanor Pérez Meyer: Qt4's status and Qt4's webkit removal in Stretch

Hi everyone! As you might know Qt4 has been deprecated (in the sense "you better start to port your code") since Qt5's first release in December 19th 2012. Since that point on Qt4 received only bugfixes. Upstream is about to release the last point release, 4.8.7. This means that only severe bugs like security ones will get a chance to get solved.

Moreover upstream recommended keeping Qt4 until 2017. If we get a Debian release every ±2 years that will make Jessie oldstable in 2017 and deprecated in 2018. This means we should really consider starting to port code using Qt4 to Qt5 during Stretch's developing life cycle.

It is important to note that Qt4 depends on a number of dependencies that their maintainers might want to get removed from the archive for similar reasons. In this case we will simply don't hesitate in removing their support as long as Qt4 keeps building. This normally doesn't mean API/ABI breakage but missing plugins that will diminish functionality from your apps, maybe even key ones. As an example let's take the **hypothetical** case in which the libasound2 maintainers are switching to a new libasound3 which is not API-compatible and removing libasound2 in the process. In this case we will have no choice but to remove the dependency and drop the functionality it provides. This is another of the important reasons why you should be switching to Qt5.

Qt4's webkit removal

Webkit is definitely not an easy piece of code to maintain. For starters it means having a full copy of the code in the archive for both Qt4 and Qt5. Now add to that the fact that the code evolves quickly and thus having upstream support even for security bugs will be getting harder and harder. So we decided to remove Qt4's webkit from the archive. Of course we still have a lot of KDE stuff using Qt4's webkit, so it won't disappear "soon", but it will at some point.

Porting

Some of us where involved in various Qt4 to Qt5 migrations [0] and we know for sure that porting stuff from Qt4 to Qt5 is much much easier and less painful than it was from Qt3 to Qt4.

We also understand that there is still a lot of software still using Qt4. In order to ease the transition time we have provided Wheezy backports for Qt5.

Don't forget to take a look at the C++ API changes page [1] whenever you start porting your application.

[0] http://pkg-kde.alioth.debian.org/packagingqtstuff.html
[1] http://doc.qt.io/qt-5/sourcebreaks.html

Temporarily shipping both Qt4 and Qt5 builds of your library

In case you maintain a library chances are that upstream already provides a way to build it using Qt5. Please note there is no point in shipping an application built with both flavours, please use Qt5 whenever possible. This double compilation should be left only for libraries.

You can't mix Qt4 and Qt5 in the same binary, but you may provide libraries compiled against one or the other. For example, your source package foo could provide both libqt4foo1 and libqt5foo1. You need to mangle your debian/rules and/or build system accordingly to achieve this.

A good example both for upstream code allowing both styles of compilation and debian packaging is phonon. Take a look at the CMakeLists.txt files for seeing how a source can be built against both flavours and another to debian/rules to see an example of how to handle the compilation. Just bear in mind that you
need to replace $(overridden_command) with the command itself, that variable substitution comes from internal stuff from our team and you should not be using it without a very good reason. If in doubt, feel free to ask us on IRC [2] or on the mailing list [3].

[2] irc.debian.org #debian-kde
[3] debian-kde@lists.debian.org

Timeline

We plan to start filing wishlist bugs soon. Once we get most of KDE stuff running with Qt5's webkit we will start raising the severities.

RacialiciousNerd Roundup: Brief Dispatches From C2E2

C2E2 earns the honour of being the only con I have ever attended where I’ve not felt that personal space and air to breathe were an inevitable sacrifice in a battle to the top of Nerd Mordor. Arriving late on Saturday, about two hours after the convention had already begun, I marveled at the amount of space between aisles and booths. Most of the big cons are ADA accessible at this point, but this is the only con I’ve attended where someone with, say, a wheelchair looked to be able to navigate somewhat freely throughout a show floor also accommodating a fair amount of service animals, helicarrier sized strollers, and the drunkenly zig-zagging paths of  the toddlers who had escaped them.

Despite Chicago being a massive and sprawling city, C2E2 seemed smaller than its sister-con in New York (both produced by ReedPop Entertainment). So in addition to the extra breathing room in aisles for multiple tentacled Doc Ock cosplays, the con had had something of a personal touch. Casual conversation with creators was much more readily available than at NYCC or SDCC (for instance, multiple people were lucky enough to simply bump into Sex Criminals artist Chip Zdarsky who was wandering around the Image booth), and I personally found that responses to issues like harassment, offensive costumes, and abuse were nearly instantaneous compared to NYCC.

So while C2E2 is the only con where I’ve seen someone cosplaying as not a Death Eater, a member of Hydra, or some other fictional Nazi allegory, but an actual Nazi (a cross-dressing Nazi, but a Nazi never the less), I can at least say that representatives from C2E2 responded to my tweets seconds after I made the complaint public. There was a concerted effort to try and locate the man and remove him from the convention. That was bolstering as safety is always an issue at these events whether one is in cosplay or not.

It’s unfortunate that incidents like that can completely mar a con experience, and equally unfortunate that panels like The Fangirl’s Guide To: Surviving Online have to exist. With the era of Gamergate and Doxxing upon us, panelists Sam Maggs, Amy Chu, Jen Aprahamian, Stephanie Cook, Cara McGee, and Gita Jackson gathered together to discuss how something as simple as having your email posted for professional inquiries can lead to a downward spiral of online harassment that can spill into the real world.

Racialicious did not attend as press this year and since I was there ‘on business’ I didn’t get to attend as many panels as I would have liked,  thus there is less the wrap! But even though I was only in attendance for Saturday and Sunday, I still managed to grab a few pics of the best (and youngest) cosplayers at the con.  After all, it’s always best to end on a cute note.

IMG_3907

 

 

 

 

 

IMG_3914

 

 

 

 

 

 

IMG_3922

 

 

 

 

 

 

IMG_3934

The post Nerd Roundup: Brief Dispatches From C2E2 appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesThe Geography of a Restaurant Menu

Flashback Friday.

I’ve posted about the use of apparent discounts as a marketing tool and about the rise of the shopping cart. Since I’m on a little marketing-related posting trend, I figured I might as well post about restaurant menus. New York Magazine recently provided an analysis of menus and how things such as placement, images, and so on influence purchases.

Here’s the menu analyzed in the article:

balthazarmenu091214_560

Some of the most interesting elements numbered on the menu:

1. Pictures of food on menus are tricky. They can convince people to buy a dish, but more expensive restaurants don’t want to be associated with low-cost places like Denny’s or Applebee’s. In general, the more expensive the restaurant, the less likely there are to be images of food, and if there are, they’re drawings, not color photos. And, apparently, the upper right corner is where customers’ eyes go first, so you need to make good use of that section.

2 and 3. You list something expensive (like a $115 seafood dish) in a prominent spot to serve the same function as a “manufacturer’s suggested retail price” on a sales tag at a retail store: to set an anchor price that makes other prices look like a bargain in comparison. The $70 seafood dish listed next to the $115 one seems way more reasonable than it would have it listed without the comparison anchor price.

5. Listing dishes in a column encourages customers to skim down the list, making it more likely that they’ll be focusing on the column of prices rather than the dishes themselves, and will pick from among the cheapest things on the menu. If the dish names are connected by a line of dots or dashes to specific prices, this is even more pronounced.

8. Restaurants often use “bracketing”:

…the same dish comes in different sizes. Here, that’s done with steak tartare and ravioli — but because “you never know the portion size, you’re encouraged to trade up,” Poundstone says. “Usually the smaller size is perfectly adequate.”

Notice the same things I mentioned in my post about meaningless discounts: high prices used to set an anchor that makes everything else look cheap and an emphasis on apparent savings to distract the customer from how much they’re spending.

And the bracketing thing is marketing genius: the larger portion is usually just a little bit more expensive, so the customer is likely to focus on the fact that the additional amount is actually a bargain, but you usually have very little information about how much bigger it actually is.

Knowledge is power! And now you know.

Originally posted in 2009.

Gwen Sharp is an associate professor of sociology at Nevada State College. You can follow her on Twitter at @gwensharpnv.

(View original at http://thesocietypages.org/socimages)

Planet DebianMiriam Ruiz: Sexualized depiction of women in SuperTuxKart 0.9

It has been recently discussed in Debian-Women and Debian-Games mailing lists, but for all of you who don’t read those mailing lists and might have kids or use free games with kids in the classroom, or stuff like that, I thought it might be good to talk about it here.

SuperTuxKart is a free 3D kart racing game, similar to Mario Kart, with a focus on having fun over realism. The characters in the game are the mascots of free and open source projects, except for Nolok, who does not represent a particular open source project, but was created by the SuperTux Game Team as the enemy of Tux.

On April 21, 2015, version 0.9 (not yet in Debian) was released which used the Antarctica graphics engine (a derivative of Irrlicht) and enabled better graphics appearance and features such as dynamic lighting, ambient occlusion, depth of field, and global illumination.

Along with this new engine comes a poster with a sexualized white woman is wearing an outfit that can be depicted as a mix of Native american clothes from different nation and a halo of feathers, as well as many models of her in a bikini swim suit, all along the game, even in the hall of the airport.

They say an image is worth more than a thousand words, don’t they?

 

Worse Than FailureError'd: Used Shellfish

"According to channel 7 in Australia these guys are right into trawling for content," Martin.

 

Maciek asks,, "So...Where do you submit an issue with Office 365's Issue List?"

 

"Plug Samsung Galaxy 4 Active into Windows 7 computer. Wait. Windows chooses the BEST driver for mounting a mobile phone share via USB. Cry," writes Anon.

 

"Some industry-specific terminology in a company manual I'd imported into Google Docs was not found Google's spellcheck dictionary," writes Louis N., "It turns out that Google's dictionary wasn't just missing industry lingo."

 

Mike writes, "If only I had a time machine, then I could travel into the future to get a machine that meets these specs!"

 

"Apparently the Industrial Revolution was a little more revolutionary than I first realized," writes Kartikeya I.

 

"Wow - I'm torn. I usually go with google.co.uk, but I'd be willing to give google.co.uk a shot too," wrote John.

 

"I just noticed this on a package of Bluetooth dongles we ordered," Tim T. wrote, "A quick Google search seems to indicate it's a VB.NET error message."

 

[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Krebs on SecurityHarbortouch is Latest POS Vendor Breach

Last week, Allentown, Pa. based point-of-sale (POS) maker Harbortouch disclosed that a breach involving “a small number” of its restaurant and bar customers were impacted by malicious software that allowed thieves to siphon customer card data from affected merchants. KrebsOnSecurity has recently heard from a major U.S. card issuer that says the company is radically downplaying the scope of the breach, and that the compromise appears to have impacted more than 4,200 Harbortouch customers nationwide.

harbortouchIn the weeks leading up to the Harbortouch disclosure, many sources in the financial industry speculated that there was possibly a breach at a credit card processing company. This suspicion usually arises whenever banks start feeling a great deal of card fraud pain that they can’t easily trace back to one specific merchant (for more on why POS vendor breaches are difficult to pin down, check out this post.

Some banks were so anxious about the unexplained fraud spikes as stolen cards were used to buy goods at big box stores that they instituted dramatic changes to the way they processed debit card transactions. Glastonbury, Ct. based United Bank recently included a red-backgrounded notice conspicuously at the top of their home page stating: “In an effort to protect our customers after learning of a spike in fraudulent transactions in grocery stores as well as similar stores such as WalMart and Target, we have instituted a block in which customers will now be required to select ‘Debit’ and enter their ‘PIN’ for transactions at these stores when using their United Bank debit card.”

A notice to customers of United Bank.

A notice to customers of United Bank.

In a statement released last week to KrebsOnSecurity, Harbortouch said it has “identified and contained an incident that affected a small percentage of our merchants.”

“The incident involved the installation of malware on certain point of sale (POS) systems,” Harbortouch said in a written statement. “The advanced malware was designed to avoid detection by the antivirus program running on the POS System. Within hours of detecting the incident, Harbortouch identified and removed the malware from affected systems. We have engaged Mandiant, a leading forensic investigator, to assist in our ongoing investigation.”

The company said the incident did not affect Harbortouch’s own network, nor was it the result of any vulnerability in the PA-DSS validated POS software.

“Harbortouch does not directly process or store cardholder data,” the company explained. “It is important to note that only a small percentage of our merchants were affected and over a relatively short period of time. We are working with the appropriate parties to notify the card issuing banks that were potentially impacted. Those banks can then conduct heightened monitoring of transactions to detect and prevent unauthorized charges. We are also coordinating our efforts with law enforcement to assist them in their investigation.”

However, according to sources at a top 10 card-issuing bank here in the United States that shared voluminous fraud data with this author on condition of anonymity, the breach extends to at least 4,200 stores that run Harbortouch’s point-of-sale software.

Reached for comment about this claim, Harbortouch reiterated that the malware incident impacted a small percentage of its merchants.

“It was nowhere near all of our customers, that is simply a false statement” said Nate Hirshberg, marketing director at Harbortouch, declining to answer questions about how many locations the company serves. “This malware incident impacted individual merchant locations, not Harbortouch. Harbortouch is not a processing platform, not a gateway and we do not store any cardholder data. This is not an ongoing incident and the malware was eliminated rapidly upon detection.”

One thing is for sure: POS providers — and their myriad customers — have a massive target on their backs, and there are almost certainly many other POS companies that are dealing with similar problems. Stay tuned for further updates.

Planet DebianKeith Packard: the machine architecture

The Machine Architecture

Here's a brief introduction to some of the hardware concepts within The Machine.

As the team at HP that I'm working with are busy working on Linux kernel changes motivated by the hardware, I'm hoping that providing this kind of documentation will help Linux kernel developers outside of HP evaluate that work, and work by others in related areas.

Joining HP and learning about The Machine

In January, I joined HP to work on Linux for The Machine.

I'd watched Martin Fink's video and read other articles on the new hardware coming out of HP labs. I had hints of what they were up to, and the possibilities seemed exciting enough to entice me to go back to HP.

When I arrived at HP, one of the first things I got to read was the external reference specification for The Machine. 170 pages detailing a more significant shift in computer architecture than I had been given any hints of, both in my interviews at HP and from what I could see in the press.

Since then, I've been eager to tell people about what we're doing, and I'm happy to say that we're finally ready to start the conversation with this brief description.

A Short Outline of Storage within The Machine

The basic unit of The Machine is a collection of hardware grouped in a Load Store Domain. A Load Store Domain consists of:

  • Multiple independent Compute Nodes

    • Independent operating systems
    • Local memory
    • Load/store access to shared, in-memory storage
  • Shared byte-addressable persistent memory:

    • Non-volatile wrt operating system life cycle
    • Global address space
    • Hardware access control
    • Accessed with standard CPU load/store instructions

Here's a diagram of how the various bits of the hardware are hooked together:

And, a brief description of the elements within the picture:

  • Compute Node. A set of processing cores, caches and various ancillary peripherals.
  • Local Store. Memory directly connected to the processing cores.
  • Firewall. Hardware access control between the compute node and shared memory.
  • Shared Byte-addressable Persistent Memory. This is the storage within The Machine. It is accessed directly via normal CPU load/store instructions in units as small as one byte.

I've intentionally drawn the shared memory in a large box to emphasize the notion that this machine is more "memory-centric" and less "processor-centric".

The shared byte-addressable persistent memory forms the sole persistent storage within The Machine.

More to Come

I'll continue to publish information about The Machine and our related Linux work as we work on the hardware and software.

Planet DebianMike Hommey: Announcing git-cinnabar 0.2.2

Git-cinnabar is a git remote helper to interact with mercurial repositories. It allows to clone, pull and push from/to mercurial remote repositories, using git.

Get it on github.

What’s new since 0.2.1?

  • Don’t require core.ignorecase to be set to false on the repository when using a case-insensitive file system. If you did set core.ignorecase to false because git-cinnabar told you to, you can now set it back to true.
  • Raise an exception when git update-ref or git fast-import return an error. Silently ignoring those errors could lead to bad repositories after an upgrade from pre-0.1.0 versions on OS X, where the default maximum number of open files is low (256), and where git update-ref uses a lot of lock files for large transactions.
  • Updated git to 2.4.0, when building with the native helper.
  • When doing git cinnabar reclone, skip remotes with remote.$remote.skipDefaultUpdate set to true.

,

CryptogramMeasuring the Expertise of Burglars

New research paper: "New methods for examining expertise in burglars in natural and simulated environments: preliminary findings":

Expertise literature in mainstream cognitive psychology is rarely applied to criminal behaviour. Yet, if closely scrutinised, examples of the characteristics of expertise can be identified in many studies examining the cognitive processes of offenders, especially regarding residential burglary. We evaluated two new methodologies that might improve our understanding of cognitive processing in offenders through empirically observing offending behaviour and decision-making in a free-responding environment. We tested hypotheses regarding expertise in burglars in a small, exploratory study observing the behaviour of 'expert' offenders (ex-burglars) and novices (students) in a real and in a simulated environment. Both samples undertook a mock burglary in a real house and in a simulated house on a computer. Both environments elicited notably different behaviours between the experts and the novices with experts demonstrating superior skill. This was seen in: more time spent in high value areas; fewer and more valuable items stolen; and more systematic routes taken around the environments. The findings are encouraging and provide support for the development of these observational methods to examine offender cognitive processing and behaviour.

The lead researcher calls this "dysfunctional expertise," but I disagree. It's expertise.

Claire Nee, a researcher at the University of Portsmouth in the U.K., has been studying burglary and other crime for over 20 years. Nee says that the low clearance rate means that burglars often remain active, and some will even gain expertise in the crime. As with any job, practice results in skills. "By interviewing burglars over a number of years we've discovered that their thought processes become like experts in any field, that is they learn to automatically pick up cues in the environment that signify a successful burglary without even being aware of it. We call it 'dysfunctional expertise,'" explains Nee.

See also this paper.

TEDThe mystery of left-handedness: Why two right-handers created a TED-Ed lesson for southpaws

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/TGLYcYCm2FM?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

About one-tenth of the world’s population is left-handed — and archaeological evidence suggests that it’s been this way for the last 500,000 years. But why do a small percentage of people carry this trait, and what does it mean about them that they do?

These were the questions that inspired educator Danny Abrams and animator Lisa LaBracio — ironically, both righties — to take a deep dive into the subject of southpaws in one of our most popular TED-Ed Lessons so far this year, “Why are some people left-handed?.” We caught up with the duo to talk about the process of taking this animation from script to screen — and to find out what they learned in the process.

What got you interested in the subject of left-handedness?

Danny Abrams: I’m not left-handed, but my father is. I often wondered about handedness growing up, especially when my dad told stories about his attempted “conversion” to right-handedness. A few years ago, I saw some statistics showing the disproportionate success of lefties in sports, and it made me start thinking about whether a mathematical model could explain those numbers. From there, I wondered about the general history of left-handedness — about how and why it evolved in the first place.

Left-handed-1

Educator Danny Abrams’ dad is left-handed. Ditto for animator Lisa LaBracio’s sister. Here, a still from the TED-Ed lesson they created together: “Why are some people left-handed?”

Lisa LaBracio: My sister is a lefty and I’m a righty. Growing up, I observed lots of little quirks that lefties had to overcome on a daily basis. She had her own scissors; I couldn’t use her softball glove; we had to arrange ourselves in diner booths so that our elbows wouldn’t knock into one another. My sister has definitely gone through life telling me that she was in her ‘right mind,’ while I most certainly was not, so secretly I wanted to find out if there was any proof to the contrary.

But in reality, I was mostly just curious: why are some people left-handed? The more I researched this, the more muddled my understanding became. I came across several theories including neurological, genetic, social, and biological explanations. Above all, I was fascinated to find that throughout history, despite prejudices against ‘southpaws,’ the percentage of left-handers in the population has consistently remained 10% – which indicates that there must be some advantages to being left-handed.

What else did you learn in making this lesson?

LL: Before this lesson, I was not familiar with frequency-dependent selection, and it definitely rounds out my understanding of human beings as a unique species that relies on both competition and cooperation to survive. I find it so intriguing that there are more lefties in hunter-gatherer societies, and that cooperative mammals tend to be evenly split between lefties and righties.

Lisa LaBracio landed on the red and blue color palette but accident—but loves that it's the two colors that pop to life with 3D glasses.

Animator Lisa LaBracio landed on the red and blue color palette purely by accident — but loves that she used the two colors that pop to life when wearing 3D glasses.

Danny, had you ever worked with an animator before?

DA: No, this was my first time working with an animator. Lisa asked a lot of questions that led to a better script and a better lesson, overall. Working with her gave me a chance to see my research with fresh eyes. After studying a topic for long enough, you start to lose perspective and forget what is most interesting and surprising. Interacting with TED-Ed while working on the script was a great way for me to get excited again and figure out how best to communicate things.

I was really impressed by Lisa’s work. She sent me early storyboards and then periodic updates with links to the in-progress animation. I felt like her ideas were key to the lesson. I had a few vague pictures in my head when we started, but she came up with a lot of better visuals that I never would have thought of.  The most exciting moment was seeing the initial storyboard. The images were very different from what I had imagined, which was great. I love getting another person’s ideas and perspective; I think the mixing of different points of view is the key to creativity.

LL: Danny was a breeze to work with. He was incredibly receptive to all of my ideas. And he had a lot of helpful insight and supplementary information for when I was stuck.

A storyboard for the lesson, created by LaBracio.

One of LaBracio’s initial storyboards for the lesson.

Lisa, how did you come up with the specific style for the lesson?

LL: I knew that I wanted to work with two distinct colors to represent left and right. Initially, I planned to work in black and white, but kept running into logistical problems. As I storyboarded the lesson, I was using Col-Erase pencils to sketch – and the most common colors are blue and red. I started to like the look. I had wanted to try an animation style that mimicked printmaking methods — and the idea of overlapping the two colors to introduce a third color felt like linoleum printmaking. Later, I realized that the colors actually matched the red and cyan in 3D glasses. At that point, I was sold on my accidental color choices.

I also had the opportunity to collaborate with two brilliant artists on this lesson. I was stoked to bring on Krystal Downs as an animator. I worked with her when she was a student, and it is beyond exciting to see her evolution as an artist. She was a blast to work with and created some truly beautiful animation for this lesson.

And Michael Dow — who is a lefty! — did the sound and music. When you’re making any kind of animated film, there’s a point where you can’t see what you are making any more. You’ve watched every frame so many times and so carefully that all you see is a to-do list. Then, the magical moment comes when the sound designer sends you a soundtrack. Suddenly you are watching a film — you finally see your own work come together coherently. When Michael delivered the first draft of the sound and music, I watched the lesson four times in a row. I was so excited that what I’d been working on for two months actually made sense.

A moment in the lesson that shows the little issues of being left-handed.

A moment in the lesson that shows the little adjustments left-handed people have to make in a right-handed world.

Any closing thoughts?

DA: I’m amazed by the great work of the team at TED-Ed, and I’m excited to keep watching their future videos.  I also want to be sure that my co-author and former student, Mark Panaggio, now a professor at Rose Hulman Institute of Technology, gets much-deserved credit for his big contribution to our model.

LL: I’ve noticed that in the responses to the lesson, people are asking, “So, what’s the deal with ambidexterity?” Perhaps we need to make a sequel.

A version of this story originally ran on the TED-Ed Blog. More stories from our education initiative:


Sociological ImagesThis Month in SocImages (April 2015)

SocImages in the News:

You like!  Here are our most appreciated posts this month:

Thanks everybody!

Editor’s picks:

Top post on Tumblr this month:

Follow us!

Finally…

To all the students, faculty, and staff out there, I found this mossy, wooden-eyed, 100-year-old teddy bear inside the walls of my (shotgun) house. It wishes you good luck for the end of the semester. Tell it “thank you”… OR ELSE.2

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

CryptogramProtecting Against Google Phishing in Chrome

Google has a new Chrome extension called "Password Alert":

To help keep your account safe, today we're launching Password Alert, a free, open-source Chrome extension that protects your Google and Google Apps for Work Accounts. Once you've installed it, Password Alert will show you a warning if you type your Google password into a site that isn't a Google sign-in page. This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice.

Here's how it works for consumer accounts. Once you've installed and initialized Password Alert, Chrome will remember a "scrambled" version of your Google Account password. It only remembers this information for security purposes and doesn't share it with anyone. If you type your password into a site that isn't a Google sign-in page, Password Alert will show you a notice like the one below. This alert will tell you that you're at risk of being phished so you can update your password and protect yourself.

It's a clever idea. Of course it's not perfect, and doesn't completely solve the problem. But it's an easy security improvement, and one that should be generalized to non-Google sites. (Although it's not uncommon for the security of many passwords to be tied to the security of the e-mail account.) It reminds me somewhat of cert pinning; in both cases, the browser uses independent information to verify what the network is telling it.

Slashdot thread.

EDITED TO ADD: It's not even a day old, and there's an attack.

Planet DebianJamie McClelland: So long email, it's been good to know yuh

Yesterday I permanently deleted 15 years of email.

It wasn't because I didn't have enough hard disk space to store it. It's because I decided, after 15 years, that the benefits of keeping all this email did not outweigh the risks. Although I have never had my email subpoenaed, I have had many legal interactions due to my involvement with May First/People Link, some of which were about finding the real identities of May First/People Link members. I'd rather not risk compromising anyone or needlessly exposing my networks. Now I have an Inbox, Sent Box, Trash Box and Detected Spam Box. The Inbox I empty manually and the other boxes are automatically purged on a scheduled basis.

In this age of surveillance it's sad to see data evaluated based on risk of exposure.

Planet DebianOlivier Berger: A howto record a screencast on Linux and tablet

I’ve documented the process of how I’m trying to perform DIY screencast recording, for the needs of a MOOC.

I’m working on my Debian or Ubuntu desktop, using an external graphic tablet with integrated display for annotating slides.

The main software used for the process are xournal for annotating PDFs and vokoscreen for the screen and video recording.

Here is the documentation : http://www-public.telecom-sudparis.eu/~berger_o/screencast-linux.html

And here’s the companion video : https://youtu.be/YxcUNqXPYZE

I hope this is useful to some.

Planet Linux AustraliaRusty Russell: Some bitcoin mempool data: first look

Previously I discussed the use of IBLTs (on the pettycoin blog).  Kalle and I got some interesting, but slightly different results; before I revisited them I wanted some real data to play with.

Finally, a few weeks ago I ran 4 nodes for a week, logging incoming transactions and the contents of the mempools when we saw a block.  This gives us some data to chew on when tuning any fast block sync mechanism; here’s my first impressions looking a the data (which is available on github).

These graphs are my first look; in blue is the number of txs in the block, and in purple stacked on top is the number of txs which were left in the mempool after we took those away.

The good news is that all four sites are very similar; there’s small variance across these nodes (three are in Digital Ocean data centres and one is behind two NATs and a wireless network at my local coworking space).

The bad news is that there are spikes of very large mempools around block 352,800; a series of 731kb blocks which I’m guessing is some kind of soft limit for some mining software [EDIT: 750k is the default soft block limit; reported in 1024-byte quantities as blockchain.info does, this is 732k.  Thanks sipa!].  Our ability to handle this case will depend very much on heuristics for guessing which transactions are likely candidates to be in the block at all (I’m hoping it’s as simple as first-seen transactions are most likely, but I haven’t tested yet).

Transactions in Mempool and in Blocks: Australia (poor connection)

Transactions in Mempool and in Blocks: Singapore

Transactions in Mempool and in Blocks: San Francisco

Transactions in Mempool and in Blocks: San Francisco (using Relay Network)

Worse Than FailureSource History Information Tool

In technology as in life, some folks get it, and some don’t. Trying to make the ones who don’t get it get it can sometimes challenge even the hardiest of tech-souls. Michelle made a valiant effort to enlighten one such individual, and failed. This is her story.

Dunny

Michelle’s predecessor had migrated their code-base from VSS to SVN, before fleeing for the hills. Michelle was “the replacement.” Before she finished finding her cube, she was cornered by her manager and peers with some concerns. “About this new-fangled SVN source control system,” they began, and then they tried to pin her down as to how she could address their “issues”…

Specifically, Bob, the manager asked: “Is it true that in SVN, anyone can check-out the code?”

“Of course”, Michelle replied. She explained that anyone with an account can check out the source code at any time. This started an avalanche of stupidity that, not unlike one of snow, only gained mass and momentum with time.

Jim, the lead developer, said that this was a problem. “If I checked out a file, I would have no idea if someone else was working on that file as well.” When Michelle just looked at him, blankly, he continued: “VSS was much better in that respect.”

Michelle explained that this was the whole point, and in fact, one of the main benefits of SVN. Unlike VSS, SVN supports concurrent development, and it’s smart enough to automatically keep track of who’s changing what for you.

Jim was worried that if he was working in an area of code, he needed to know that nobody else was working on it, so his change(s) wouldn’t get overwritten by the other developer.

Michelle went on to console him by explaining the concept of merges and how merge collisions would be handled.

“Yeah, but we’re working on a major bug and need to know that no-one else is working on those files!”

Michelle then explained the concept of branches. She further explained that the file history was available for examination, and in an extreme case, an automatic email notification could be sent where anyone on the mailing list would receive notification every time someone committed code.

Bob and Jim would have none of that. Bob complained, “No that’s not good enough. We can’t risk developers clobbering each other’s code. You need to change this. When I go to the bathroom, I have exclusive use of the stall. Others can only use it before me or after me, but not at the same time as me. We need this same level of isolation in handling our source code.”

Try as she might, there was no explaining that this was really not necessary, as going to the bathroom and editing source code were, in fact, two very different things, and that it defeated the point of a multi-versioned, concurrent development environment…

Bob insisted, in absolute finality: “No it’s too dangerous. Please change SVN to make to make it single check-out only; now! Before something terrible happens!”

In reality, something terrible already had. Michelle resigned herself to the stupidity of running source control in the same way as accessing a toilet, she wrote a trigger script hack to disable parallel check outs. But at the end of the day, she couldn’t bring herself to activate crap mode.

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

Sam VargheseChan and Sukumaran were just another means for Abbott to boost poll ratings

Judging from the deaths of drug smugglers Andrew Chan and Myuran Sukumaran, it appears that the Australian government does not know the definition of diplomacy.

Either that, or it chooses to ignore what it is, because the whole point of communicating with other countries is to shore up its political position at home.

The word diplomacy is best defined as “skill in managing negotiations, handling people, etc., so that there is little or no ill will; tact.”

One does not conduct diplomacy — and in the case of Chan and Sukumaran the aim was apparently to prevent these two young men being executed by firing squad — by announcing to all and sundry what is being done. Or what is intended to be done.

One uses the back-door for diplomacy. It does not matter who gets the credit, if the end result is what one wanted to achieve. Megaphones are not used when one is conducting diplomatic negotiations.

And one particularly avoids making one party look as if they have backed down or lost out in negotiations. This is the one thing that can kill a diplomatic process. But Australia has done exactly the opposite.

It is abundantly clear from all that has happened in the last few months, that for both the Australian prime minister Tony Abbott and the foreign minister Julie Bishop the lives of these two young men was the least important consideration.

Neither Abbott nor Bishop did a thing as long as community sentiment was not in favour of Chan and Sukumaran. Once there was sympathy in the community, both Abbott and Bishop started holding press conferences whenevr possible to trumpet whatever they were doing in the case.

It is downright cynicism, but then that it politics. Abbott saw a good chance to boost his poll ratings – and no doubt when the next opinion polls come out he will get a boost. Bishop has leadership ambitions and she took the chance to do her image as much good as possible.

Planet Linux AustraliaMichael Still: Coding club day one: a simple number guessing game in python

I've recently become involved in a new computer programming club at my kids' school. The club runs on Friday afternoons after school and is still very new so we're still working through exactly what it will look like long term. These are my thoughts on the content from this first session. The point of this first lesson was to approach a programming problem where every child stood a reasonable chance of finishing in the allotted 90 minutes. Many of the children had never programmed before, so the program had to be kept deliberately small. Additionally, this was a chance to demonstrate how literal computers are about the instructions they're given -- there is no room for intuition on the part of the machine here, it does exactly what you ask of it.

The task: write a python program which picks a random number between zero and ten. Ask the user to guess the number the program has picked, with the program telling the user if they are high, low, or right.

We then brainstormed the things we'd need to know how to do to make this program work. We came up with:
  • How do we get a random number?
  • What is a variable?
  • What are data types?
  • What is an integer? Why does that matter?
  • How do we get user input?
  • How do we do comparisons? What is a conditional?
  • What are the possible states for the game?
  • What is an exception? Why did I get one? How do I read it?


With that done, we were ready to start programming. This was done with a series of steps that we walked through as a group -- let's all print hello work. Now let's generate a random number and print it. Ok, cool, now let's do input from a user. Now how do we compare that with the random number? Finally, how do we do a loop which keeps prompting until the user guesses the random number?

For each of these a code snippet was written on the whiteboard and explained. It was up to the students to put them together into a program which actually works.

Due to limitations in the school's operating environment (no local python installation and repl.it not working due to firewalling) we used codeskulptor.org for this exercise. The code that the kids ended up with looks like this:

    import random
    
    # Pick a random number
    number = random.randint(0, 10)
    
    # Now ask for guesses until the correct guess is made
    done = False
    
    while not done:
        guess = int(raw_input('What is your guess?'))
        print 'You guessed: %d' % guess
        
        if guess < number:
            print 'Higher!'
        elif guess > number:
            print 'Lower!'
        else:
            print 'Right!'
            done = True
    


The plan for next session (tomorrow, in the first week of term two) is to recap what we did at the end of last term and explore this program to make sure everyone understands how it works.

Tags for this post: coding_club teaching coding
Related posts: I'm glad I've turned on comments here; Huffman coding

Comment

Planet DebianEddy Petrișor: Linksys NSLU2 JTAG help requested

Some time ago I have embarked on a jurney to install NetBSD on one of my two NSLU2-s. I have ran into all sorts of hurdles and problems which I finally managed to overcome, except one:

The NSLU I am using has a standard 20 pin ARM JTAG connector attached to it (as per this page http://www.nslu2-linux.org/wiki/Info/PinoutOfJTAGPort, only TDI, TDO, TMS, TCK, Vref and GND signals), but, although the chip is identified, I am unable to halt the CPU:
    $ openocd -f interface/ftdi/olimex-arm-usb-ocd.cfg -f board/linksys_nslu2.cfg
    Open On-Chip Debugger 0.8.0 (2015-04-14-09:12)
    Licensed under GNU GPL v2
    For bug reports, read
        http://openocd.sourceforge.net/doc/doxygen/bugs.html
    Info : only one transport option; autoselect 'jtag'
    adapter speed: 300 kHz
    Info : ixp42x.cpu: hardware has 2 breakpoints and 2 watchpoints
    0
    Info : clock speed 300 kHz
    Info : JTAG tap: ixp42x.cpu tap/device found: 0x29277013 (mfg: 0x009,
    part: 0x9277, ver: 0x2)
    [..]
    $ telnet localhost 4444
    Trying ::1...
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    Open On-Chip Debugger
    > halt
    target was in unknown state when halt was requested
    in procedure 'halt'
    > poll
    background polling: on
    TAP: ixp42x.cpu (enabled)
    target state: unknown
My main goal is to make sure I can  flash the device via JTAG, in case I break it, but it would be ideal if I could use the JTAG to single step through the code.

I have found that other people have managed to flash the device via JTAG without the other signals, and some have even changed the bootloader (and had JTAG confirmed as backup solution), so I am stuck.

So if anyone can give some insights into ixp42x / Xscale / NSLU2 specific JTAG issues or hints regarding this issue on OpenOCD or other such tool, I would be really grateful.


Note: I have made a hacked second stage Apex bootloader to laod the NetBSD image via TFTP, but the default RedBoot sequence 'boot; exec 0x01d00000' should be 'boot; go 0x01d00000' for NetBSD to work, so I am considering changing the RedBoot partition to alter that command. The gory details can be summed as my Apex is calling RedBoot functions to be network enabled (because Intel's NPE current code is not working on Apex) and I have tested this to work with go, but not with exec.

,

Planet Linux AustraliaDonna Benjamin: Constructive Conflict Resolution

I'm speaking at DrupalCon Los Angeles. 5pm, Tuesday 12 May in the 518 - Trellon room.

I first spoke about Constructive Conflict Resolution in Amsterdam at DrupalCon last year. I posted the slides, recording and speakers notes from that talk to the PreviousNext blog.

I'm reprising that talk in Los Angeles because someone else is now unable to make it, and I was asked if I could fill in. When I originally proposed the talk for LA I had planned to rework the slide and narrative - but unfortunately won't have much time to do that before the conference. However this is a conversation starter, and we'll have an opportunity in the room to discuss how we might embrace conflict as a force for good, as a force for progress. How to harness it, how to minimise it's potential for harm.

I hope to see you there!

Constructive Conflict Resolution will be in the core conversations track at DrupalCon Los Angeles.

Planet DebianSteinar H. Gunderson: Wat

I go to Seattle for two weeks, and Microsoft goes bonkers. First the Debian release party, and now Visual Studio for Linux?

(Source: BUILD conference keynote)

Chaotic IdealismIn the News: Adopted Pit Bull Helps Autistic Teenager Hug and Kiss His Mom For the First Time

Adopted Pit Bull Helps Autistic Teenager Hug And Kiss His Mom For The First Time

It's not uncommon for autistic people to learn things from animals when humans are too complex to understand. Learning to cuddle with a dog is just so much less complicated than learning how, when, and when it's appropriate to hug a human. I can't help but wonder whether Aspie kid now enjoys hugging his mom, or does it because he knows Mom likes it. Personally, I learned how to back off and stop being annoying from my cat, who would just glare and hiss. People don't glare and hiss, they're too polite to do that, so we don't get clued in!

But there's something about this article that seems a little skeevy to me. It's like... the dog is some kind of miracle, a dog with a saintly halo who helped this poor Aspie kid to do things he never would've otherwise. But plenty of people, autistic or not, learn things from their pets. Dogs are very demonstrative creatures, with such obvious emotions; why shouldn't it be easier to learn to hug a dog than a human?

What gets me about it, I suppose, is mostly that it's taken as extraordinary that this kid learned how to hug Mom without it being overwhelming. I guess he must have been very touch-sensitive, or something of that sort; and I guess the dog was easier because a dog doesn't get mad and sad and disappointed if you don't want to hug it. Still, it's not unusual for us autistics to learn new things, from a dog or from a human or from reading a book or watching someone do it or just figuring things out ourselves. And I'm pretty tired of newspapers that act like it's an unusual thing for us to learn something new, or to grow out of ultra-sensitivity that makes hugs painful, or to learn to ration our energy so we can hug someone who really wants a hug from us.

Because it's not unusual at all. It's the way things go. You grow up, you learn things. A boy and a dog become friends and both of them are the better for it. All I see is a very human, everyday situation.

Sociological ImagesTrans Teen Takes on the DMV, Wins Right to Wear Makeup

Sociologists are interested in studying how our institutions — in addition to our ideologies and interactions — reflect social norms in ways that tend to reproduce the status quo. A great example happened recently in South Carolina. In this case, the institution is the Department of Motor Vehicles, the norm is that boys and men don’t wear makeup, and the case is Chase Culpepper, a male-bodied trans teen who wanted to wear makeup in her driver’s license photo.

The officials at the DMV told her that she wasn’t allowed to wear makeup in the photo because it would be a “disguise.” As reported by NPR:

The department… cited a 2009 rule that prohibited applicants from “purposely altering his or her appearance so that the photo would misrepresent his or her identity.”

They told Culpepper to take off her makeup or go home without a license. She did what they said. She shared these before and after photos with the Transgender Legal Defense and Education Fund, who shared them with the public.

1c

It’s hard to defend the idea that somehow makeup distorts a man’s identity, but not a woman’s. It has exactly the same illusory power on a female face as a male one; that’s exactly why women wear it. The DMV’s policy did nothing, then, to help it do its job, it only served to press citizens of South Carolina to conform to the gender binary, at least as far as their primary form of identification went.

With the help of the Transgender Legal Defense and Education Fund, Culpepper sued and the DMV settled. As part of the settlement,

[they] agreed to change its policy to allow people seeking drivers’ licenses to be photographed as they regularly present themselves, even if their appearance does not match the officials’ expectations of how the applicant should look. The department also promised to send Culpepper a written apology and train its employees in how to treat transgender and gender-nonconforming individuals in professional settings.

This is what institutional change looks like, at least potentially. Thanks to Culpepper and her advocates, the South Carolina DMV is a little bit less gender binary than it was before.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Google AdsenseExplore AdSense help resources and support options

As a business owner, content creator, or webmaster, you can have many questions, e.g., when you will be paid, how you can earn more or how you can build a multi-screen website. We've improved our resources and support options to help you find the answers to your questions.

Most of the answers to your questions are available in the AdSense Help Center and in the Troubleshooting section. In addition, you can find answers and exchange ideas with other publishers in the AdSense Help Forum.

To provide a more simplified and personalized support experience, we’ve launched a new Contact us flow in the AdSense Help Center. Publishers consistently earning more than $25 per week (or local equivalent) are eligible to sign up for email consultations with AdSense support (available in 36 languages). If you can't see the “Contact Us” button, you can still reach us via the issue-based troubleshooters in the AdSense Help Center.

For all questions about your AdSense account, don’t forget to explore the AdSense help resources below:

To hear more about new features and opportunities, subscribe to the Inside AdSense blog, follow our Google+ and Twitter channels, and opt in to receiving emails from us.

Posted by Saurav Roy - AdSense Support Team

RacialiciousBlack Lives Matter Minneapolis activist: Authorities ‘sent cops to our houses’

By Guest Contributor Karĩ Mugo

Civil disobedience is what America is created on. It’s the foundation of our country so the fact that someone is trying to persecute us for performing civil disobedience just shows that they don’t know their own history and they don’t know how history is going to remember them in the future.
– Mica Grimm

When I first saw Mica Grimm, she was an unrepentant head of curly hair with a bull ringed nose and an alluring husky voice that forced you to lean in. Her slight slouch lead you to believe that she was both at ease and staggered by the agenda before her, as she and the other Black Lives Matter (BLM) Minneapolis organizers took to the floor. Over 100 people were gathered on a dusty floor in South Minneapolis to prep for an anti-police brutality demonstration by the group at the Mall of America (MOA). Weeks after the 1,500+ strong protest, I sat down for an interview with Mica. By then, her and 10 other members of Black Lives Matter were facing criminal charges for their role in organizing the protest.

The protest, but more so the law enforcement response to it, resulted in a partial shutdown of the largest North American mall on one of the busiest shopping days; the Saturday before Christmas. Though largely peaceful and carried out in the public eye, the criminal case brought against the organizers revealed an uncomfortable degree of collaboration between the Mall’s corporate owners, the Bloomington City Attorney (where the mall is located), and law enforcement in the lead up to the protest and after.

Leaked from City Attorney Sandra Johnson’s office present a chummy relationship with the Mall Of America Corporate Counsel. In the emails, Johnson suggested that the mall wait for the criminal cases against alleged protest leaders to play out before pursuing civil action, writing, “It’s the prosecution’s job to be the enforcer and MOA needs to continue to put on a positive, safe face.” Documents found elsewhere also show a feverish monitoring of the group, and attempts by mall security to involve the FBI Joint Terrorism Task Force in policing what was billed by organizers as a peaceful gathering of hymn singing in the Mall’s rotunda.

Mica is one in a series of young, black women at the helm of an attempt to create dialogue around blackness in America. In a quick survey of the country, from Ferguson to New Orleans, D.C. to Minneapolis, you will find an overwhelming number of women leading the organizing around Black Lives Matter. These women are giving voice to black issues and black female expression, yet the media focus that began with the shooting of Michael Brown has largely fixated on black men. Intent on exploring the untold narratives behind Black Lives Matter, and its larger goals, Mica and I discussed her involvement with Black Lives Matter, and the criminal charges facing her.

Born and raised in Minneapolis, Minnesota to a black mother and a white father, Mica has always been conscious about race and found herself balancing between two worlds from an early age, “The area that I lived in was on the border between this affluent South Minneapolis, and the inner-cities of Minneapolis. I could bike one direction and go hang out with my friends, have a whole different experience, then bike in the other direction and hang out with my friends on that side of town.” Beginning in high school, and finding itself cemented in college, Mica began to realize that there was little space given to black issues or representation in her classes and schools. Slowly, the imagined line between her two sets of friends and neighborhoods became more real and rigid.

It was these experiences as a black-identified person in a place that is often overlooked in discussions on racism, that led her into a social justice career, where she currently works at a local non-profit. When I ask her what it means to be black in Minnesota, she replies “Being black in Minnesota is hard… it means never having your own space. I think it means that you’ve learned to accommodate white comfort a lot. Minnesota is a very ironic place, because, how do I say this? We’re this bastion of Democrat-Progressiveness, we’re this fantastic Blue State, yet we have the largest racial disparities. Minnesota’s about people being perceived as progressive but not necessarily knowing or acting on that in a way that’s actually equitable for everyone.”

As a black person living in Minnesota, I can attest to this; Minnesota is a state that is ideologically diverse and lawfully progressive, but fails to accomplish this in a real sense. The state remains largely segregated in housing, schooling, and socialization, with study after study showing some of the highest, if not the highest racial disparities when it comes to measures of success. Mica and Black Lives Matter Minneapolis aim to harness the progressive nature of the state’s population to create real change, “We know that people want to help, we know that they think there’s this glass wall keeping them from doing it, so we’re really trying to bridge that gap and saying, “Okay this is not about just knowing about this, and this is not about being perceived as this, but now we have to get our hands dirty and do this work.”

All images by Patience Zalanga.

The group seeks more than just an end to police brutality, and its demands reveal this vision to improve the standing and quality of life for all black Minnesotans. “The way we’ve been looking at this entire issue is that it’s systemic. It’s not just about police brutality and police on their own. There’s a lot of things that go into making a bad police officer and those are the things that we have to look at too. For example, media bias. There’s a reason why people are immediately intimidated by black people and it’s not like they’re inherently racist, it’s that they’re taught to be afraid of black people.”

Mica also sees violence against the black community manifesting in different ways, “we know that people are brutalized throughout the system; the education system, we know that young men and women are taken out of the education system and put directly into jails. We know that our system thrives on putting black bodies at risk.” For her, “just hitting from one corner isn’t gonna be enough to create equality and change.” Which bring us to her involvement in Black Lives Mater Minneapolis and how the Minneapolis chapter came to be.

Like many young black people today, Mica felt frustrated and affected by events happening nationally, and Black Lives Matter represents, “a group of young people that decided that they were tired of the status quo and they were sick of their brothers and sisters being killed in the streets with no repercussions, so we all decided to take action.” Mica shies away from taking any credit for building the Minneapolis chapter, instead she feels that “the community is creating BLM,” and that as an organizer she merely helped create “a space for them to have one name to go towards the movement.”

Indeed Black Lives Matter Minneapolis has dug itself into its immediate community, responding to the communities needs for representation on issues locally. Their most recent success and rallying point has been the police shooting of 18-year-old high school student Tania Harris. Shot in the abdomen twice by police officers responding to a call from the teen’s mother that her daughter was being threatened by people who wanted to fight her, the group organized a march to allow the family access to their daughter who was been treated at a local hospital. Incidents like this have kept the Minneapolis group busy since its inception last fall, but it was the events following the killing of unarmed teenager Michael Brown and the non-indictment of Officer Dan Wilson that initially galvanized Mica to act.

She recalls the evening when the grand jury decision not to indict Officer Dan Wilson on murder charges was released, “I was sitting at home feeling very traumatized and very emotional, with my little brother, he’s 12. He’s trying to comprehend all these things and he’s telling me, “You know, it’s gonna be okay.” I’m just sitting there feeling all these emotions, and I remember thinking, “I can’t be the only person feeling this way.” I need to go to a space where I can try to heal and build with other people, and I don’t know where that space is.”

As she sat watching the news, Mica received a message from a friend asking her to meet at a local community organization where people were gathering. When she arrived she found “a lot of young black people sitting around looking on Twitter, watching the newsfeed and saying “What are we gonna do? Is Minneapolis gonna do something?” Basically expecting someone to know that there’s a call out there and take advantage of it.” The group spent the night discussing how they could show support for the protests in Ferguson and around the country, and began to see people in Ohio shutting down highways, taking on Michael Brown’s father’s call to “shut it down.” At around 1 am, Mica received another message from a friend asking if she wanted to shut down a highway the next day. She was on board.

“We just looked at it as an opportunity; look at all these people who are also feeling the same way that we feel and need some way to channel that in a positive way.” In a fury of emails, phone calls, and meetings, Mica and a group of other organizers with affiliations to local community organizations began planning to shut down a local highway. Enlisting the help of Communities United Against Police Brutality, which had been planning a march for that day, they were able to draw an energized crowd on a cold November evening, halting traffic in both directions of Minneapolis’ Highway 55.

“It was really cool to see something happen so quickly and so organically. None of us had ever worked together. We all knew each other or had worked together, some of us, but a lot of people were just meeting each other in these rooms. The beautiful thing about that march was that we created this space, when people didn’t have any way to direct their energy. It became so apparent because we were meant to walk maybe a mile at the most, and we couldn’t control the crowd. We could direct the crowd, but we couldn’t stop them. We ended up trying to end the march at one place and we realized after we’d ended it, that everyone had just kept marching. So people ended up marching 6 miles! Once people got started it was like, “No, this is real, people have been feeling this,” and then we thought it was this one time thing, and a week later the Eric Gardner non-indictment happened.”

During our conversations, Mica talks often about creating this “space” to heal, to process. For many in the black community who have witnessed their loved ones meet death prematurely for no other reason other than being black, this space in which to commune publicly is something that has been greatly lacking; instead reserved for conversations behind closed doors. It has been a well known secret in the black community that violence against black bodies has never ceased, merely taking on new forms in each generation. Perhaps this is what accounts to the success and proliferation of Black Lives Matter, whether as a movement organizing protests and rallies on the ground, or as a hashtag to rally around on social media. Black Lives Matter represents a refusal to be silent about an epidemic, and an opportunity to converse publicly about the state of Black America.

It was this desire to engage the public, while creating a safe and positive space for the community to express their feelings, that led to the Mall of America protest. According to Mica, “It (the protest) really wasn’t gonna be that big of a deal, and then we had the cops come to our house.” Mica describes the police visits to her and the organizers homes as the turning point for the group, who saw their actions as an attempt at intimidation.

“They sent cops to our houses and that was scary because I know stories like this. This just happened this last year, Al Flowers, who’s a vocal member of the community, was beat at his doorstep. With that happening, it shifted the attitude a little bit more. It made us wanna push a little bit farther. That’s when we decided to bring the media attention to it and start to talk about what was happening.

We looked at it as a way to not only promote this event to a larger audience that we can’t reach, but also prove, one, that we are peaceful and that this is a family event, but also, for protection. If cops come to your house, unfortunately at that point, I have to become more visible as a form of protection. We need more people to know who we are so that if something does happen, other people know that there’s more to the story than whatever happened.”

Mica never spoke with the police officer(s) who came to her door, in fact no one was home when they paid her a visit. Instead they left a card from the Bloomington Sheriff’s Department that said, “Please call, thanks.” Mica lives in Minneapolis, twenty minutes away from the city of Bloomington and outside of the Bloomington Sheriff Department’s jurisdiction and wondered, “What are you even doing in Minneapolis?” That’s how you know it was intimidation because it clearly was about showing we know where you live. No, you don’t wanna just talk to us, because we did talk to them before our action.”

According to Mica, the police department and the Mall were aware of the group’s intentions from the onset, and had tried to dissuade them from protesting inside the mall. They tried to steer the group towards an empty lot adjacent to the Mall’s series of parking ramps and surface lots, well away from the public eye. The group declined the offer and went ahead with their planning. Aside from the obvious fact that they wanted to make a visible statement, it was December in Minnesota, one of the coldest months of the year when temperatures regularly top out in the teens and low twenties. That the Mall would expect protestors to stand outside in the cold of winter was absurd.

As they persisted with their plans, the group sent a police liaison, who is among those charged, to meet with the Bloomington Police Department and representatives from the Mall to ensure that their protest would be safe and peaceful. The group was informed that they would be allowed twenty minutes for their protest before they received their first “trespass warning”, five minutes later they would receive a second warning and it was then that the organizers would tell the protesters to leave the Mall’s rotunda so as to avoid arrest. On the day of the protest, the Mall and Bloomington Police Department changed tactics on the group.

“When we got there, they had locked down the whole mall. Then they called the first trespassing warning after about 5 minutes. They were not trying to cooperate with us at all. It sent everything a little bit more into a state of a frenzy.” As someone who attended the protest, I remember the Mall being in complete chaos; adjacent entrances to the Mall’s rotunda had been barricaded, leaving shoppers and protestors trapped in sections of the mall, unable to exit or move about freely as police clad in riot gear, backed by mall security, created a perimeter around the protesters who had managed to make it to the rotunda. Twenty-five people were arrested for trespassing at the protest, but charges against the organizers did not come until January following much speculation over what the City Attorney would do.

When I interviewed Mica, she had not yet appeared in court to face the charges, and had this to say, “My personal feeling is that they actually helped our movement farther by filing charges. We’re protesting inequity and awful treatment towards black people and you look at this group, as a group of black people caring about black stuff and you decide to sue them?” Mica is also weary of the influence the Mall has in the city of Bloomington, which derives huge revenues from the massive shopping complex, stating “If MOA didn’t want these charges pressed, these charges wouldn’t be pressed right now. That’s how much control that corporation has in that town and it becomes really obvious.”

But more concerning to her was the “constitutional issue” at play as the City Attorney sought to pursue “reparations for the businesses” that had lost revenue during the protest. I attempted to clarify with Mica that she meant ‘restitution’, to which she replied “No. She (the Bloomington City Attorney) used the word ‘reparations’. You’re literally trolling us! You did not have to use that word. Restitution makes more sense than reparations. She said, ‘reparations.’”

While the use of the word ‘reparations’ has largely been associated with rectifying injustices suffered by one group at the hands of another, and is a charged word within the black community, it is also a legal term allowing more room for claims of loss than restitution does; where restitution seeks to reimburse measurable financial losses, reparations are more punitive for pain and suffering. In the last week, the mall issued a statement that they would not pursue $40,000 in restitution claims against protesters, however the city itself still intends to seek to $25,000 in restitution for police overtime in response to the protest.

Mica continues, “So you’re looking for reparations for these businesses, and for the police presence. Police we did not ask for. If people can all of a sudden charge people looking for reparations for police presence that they didn’t ask for, that stops people from being able to protest. That impedes upon people’s right to protest because all of a sudden people have this fear that they could have to pay for police presence that they didn’t ask for. On top of that, there was no property damage. Nothing was done to the mall.” This is the “constitutional issue” that worries Mica and that she says has drawn support from the ACLU which, “wrote a letter of support” and has talked about supporting the group on “the constitutional implications of the charges.”

Outside of the ACLU’s backing, Mica and the other organizers charged received a flood of support from attorneys who wanted to represent the group pro bono. This may prove a winning tactic for them ensuring that they do not have to worry about the cost of legal fees if the charges result in a lengthy, drawn out trial. There was also a legal fund set up in the planning stages of the protest that is helping to defray legal costs, “There’s been so much support and I think people recognize we were trying to do something good and create a safe, healing space. That’s what I care about at the end of the day. We never come together as a community and feel each other and feel our emotions and work through them. That’s what this is about.”

I asked Mica how she responds to the charge that the group had been warned by the Mall and the Bloomington Police Department that their protest was unlawful, and the criminal charges she now faces are the logical result, “Well, most people’s arguments are based off the fact that the mall is private property. There’s so many reasons why that’s just not true. Number one, it gets huge public subsidies, so if it’s private property that means I paid for part of that mall, I own part of that property. Number two, and there’s been cases on this across the country, malls are often considered the modern day town squares, they are places for people to congregate and meet that are safe and clean, and also we’re in Minnesota! We wanted to have an event for families, that’s why it was on a Saturday, that’s why it was in the mall, we knew people could get to it easily and you want little babies outside in December? Are you joking? MOA shouldn’t be considered private property, and if it is, then it should be considered a town square.”

Mica is fiery in her defense of her actions while ruminating on the meaning of “the law” as it exists in society; laws which black people find themselves on the wrong side of in statistically higher numbers, “To be honest with you, I feel like laws that are unjust are not laws. It really is that simple. I don’t know who said that originally, but if I see someone telling me that I can’t do something that I know is my constitutional right to be able to do, and this person is telling me I can’t do it because I have ulterior motives than trying to keep the community safe, or trying to promote a healthy society, but that’s what I’m doing. So if that’s what I’m doing, what are you doing actually that you’re trying to stop me?”

So, where does Black Lives Matter Minneapolis go from here, I ask Mica, “That’s a good question. I think BLM can become multiple things. I’m not sure what it’s going to become, but I would love to see a really strong community that takes care of each other, helps each other heal, finds power in each other, and builds with each other to the point where ideas can come to fruition, and really break down these systems from a lot of different areas and make the world better for us.”

On March 10th, Mica and 10 other defendants pleaded not guilty to charges ranging from trespassing, and disorderly conduct, to unlawful assembly. They will appear in court next on May 1st. The organizers continue to maintain that the charges against them are trumped up, and a misallocation of public funds in the interests of a private corporation. In the meantime, the group has launched a successful assault on the Mall’s public image. Most notably through an immediate call for a national boycott of the Mall, and an embarrassing Twitter takeover of the #ItsMyMall hashtag it created.

While the City Attorney and the Mall continue to insist that the criminal charges are valid and meant as a deterrent against such future demonstrations, I can’t help but wonder if the group’s message was really the problem, rather than the action itself. The case many people return to is the 5,000 strong gathering held peaceably in the mall’s rotunda in December 2013 to honor a Minnesota teen who died of cancer. Why was one met peaceably and the other clamped down on from its early days of planning? After all both demonstrations were in solidarity of lives lost too soon.

To stay up to date with Black Lives Matter Minneapolis, join their Facebook page, Black Lives Matter Minneapolis, or find them on Twitter. Donations to their legal fund can be made here.

Kari is a queer writer who was born and raised in Nairobi and spent her formative years in the Midwest. She is a Third Culture Kid trying to find the balance in 3. Her work has appeared on Autostraddle.com, Curve Magazine and TheToast.net. She is also entertainment contributor for Mshale.com, an African community newspaper. Follow her on Twitter @the_warm_fruit.

The post Black Lives Matter Minneapolis activist: Authorities ‘sent cops to our houses’ appeared first on Racialicious - the intersection of race and pop culture.

Planet DebianDirk Eddelbuettel: Finance-YahooQuote 0.25 hotfix

A hotfix release for the Finance-YahooQuote Perl module on CPAN is now available. Available Yahoo! Finance decided to change the base URL. My thanks to Nicola Chiapolini who not only noticed but also sent me the one-line patch fixing this:

--- YahooQuote.pm~      2010-03-27 01:44:10.000000000 +0100
+++ YahooQuote.pm       2015-04-29 11:31:20.407926674 +0200
@@ -34,7 +34,7 @@
 $VERSION = '0.24';
 
 ## these variables govern what type of quote the modules is retrieving
-$QURLbase = "http://download.finance.yahoo.com/d/quotes.csvr?e=.csv&f=";
+$QURLbase = "http://download.finance.yahoo.com/d/quotes.csv?e=.csv&f=";
 $QURLformat = "snl1d1t1c1p2va2bapomwerr1dyj1x";        # default up to 0.19
 $QURLextended = "s7t8e7e8e9r6r7r5b4p6p5j4m3m4";        # new in 0.20
 $QURLrealtime = "b2b3k2k1c6m2j3"; # also new in 0.20

If need be, edit your file YahooQuote.pm by hand.

This change in Finance-YahooQuote will also affect Beancounter and smtm both of which use this module.

The fix has been pushed to Debian for the corresponding package and to PAUSE for CPAN package.

Having maintained this since 2002 in RCS, I also just created a GitHub repo for it where development/maintenance will now happen.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Racialicious‘Hey Adam … Let’s Talk’: The #NotYourHollywoodIndian Q&A

By Arturo R. García

Earlier this week we covered the burgeoning campaign against Adam Sandler, Netflix, and their Ridiculous 6 project.

During our coverage, we caught up to Megan Red-Shirt Shaw, who devised the #NotYourHollywoodIndian tag in the wake of the mass walkout by a group of Native American performers, and talked about how the tag came together, how she feels about the defense of the film as “satire,” and where the campaign goes from here.

Let’s start at the beginning: describe, if you would, the moments when you first heard about the actors walking off the Sandler set. How did you go from there to getting the tag together?

Megan Red-Shirt Shaw: I was definitely upset, but also empowered by their decision to take a stand. It’s really difficult to hear that people within our communities are being dishonored – especially in ways that seem like “vintage” issues — the old Western and “Cowboys and Indians” films we’ve come to know really well. I went on Twitter to see what different voices were talking about and realized there wasn’t a hashtag consolidating the ideas. I looked through the original article by Vince Schilling and saw the quotation by Allie Young about being a “Hollywood Indian.” I knew that was what we had to get trending.

What was your reaction to seeing the tag and the story begin to spread?

Red-Shirt Shaw: The story had already started to grow but again, I thought everyone’s amazing ideas needed to be existing under one moniker –I still can’t believe how epic it’s become overnight. Twitter literally exploded. My phone went crazy. It’s really remarkable to see the ideas grow and who it’s connected me to – I was most recently put in touch with an activist named Nicholas Reville who started a Change.org petition that has come out of all of this conversation, and he asked me to co-author it with him. Change is planning on featuring it on their website this week, so we’re really excited to see the even more consolidated outcome of those signatures. I feel humbled. I feel hopeful. I am overall really proud of the world in helping this conversation ignite.

What kind of responses have you received from within Native communities?

Red-Shirt Shaw: Overall, the responses have been really positive and I have to say a huge thank you to all those who shared this effort — so much love to the activists I connected with who really started pushing it after I first tweeted it out. At the end of the day, we never want this to take away from the bravery exhibited by the actors who decided to walk off set — they are the true heroes here. My hope for all of this was that we could get the conversation rolling to the point where people logging in would see the hashtag #NotYourHollywoodIndian and wonder what it was all about. I think the most powerful piece has been the Native people who have tweeted to me sharing that they’ve cancelled their Netflix accounts. That is truly activism at its finest.

What’s your take on the response from Netflix?

Red-Shirt Shaw: I continue to stand in solidarity with the actors, it doesn’t make me feel one way or the other because I know they’re protecting their money, and I understand that’s all they’re seeing out of cancelling this movie. Reading some of the clips from the scripts, I don’t think Netflix has any educated idea about the implications of what the script is mocking — peace pipes, the role of women, the role of elders. I’m Lakota — these three things are integral to our identity as people. We’re not being oversensitive, Netflix. Please don’t belittle the importance of our identity and culture.

Did you see the video taken on the set where the producer tells an actor that Sandler’s character “loves you guys”?

Red-Shirt Shaw: Honestly, I don’t know how Adam Sandler feels, because he still hasn’t said anything. I’ll listen to him and have an open heart if he decides to come forward, but he hasn’t yet. I also think it’s really important that no one make any assumptions one way or another until we hear directly from him. I always try to approach activism giving people the benefit of the doubt. Maybe this is all he’s ever known — how can we productively teach him? How do we know if it’ll make a difference unless we try?

Much like Netflix, defenders of Sandler and the film’s material will say, “It’s just satire.” How do you respond?

Red-Shirt Shaw: I’ve definitely gotten those responses online –I think there needs to be room for dialogue on this and why it was offensive. We want Native actors and actresses in Native roles across all genres — but we also want to be on the end where we get to help produce the content. Native jokes are amazing — we specialize in a very particular type of humor that I think a lot of people would really enjoy. It doesn’t need to be slapstick with teepees and “ugg-a-wugg” names. Get us on the other side of the table and let us help these Hollywood leaders produce really good comedy.

What, if anything, could Sandler and Netflix do to help remedy the situation?

Red-Shirt Shaw: I would be lying if I didn’t say I hope they cancel this film – but I’m also still waiting to hear from the comedian himself. Until then, let’s keep telling him “Hey Adam, we’re #NotYourHollywoodIndian — let’s talk.”

What happens next, both for this campaign and Native In America?

Red-Shirt Shaw: I hope that #NotYourHollywoodIndian changes the conversation in the film industry about Indigenous identity and that the movement is productive, that ultimately people are using their positivity and power to educate. I hope that Natives In America takes over the world. Period. On a smaller scale … I hope the entire amazing NIA team knows how much they are surprising and inspiring people with their stories about being Native in the 21st century. Until we break through that glass ceiling of who America thinks we are, we have to keep telling our tales. And we will.

The post ‘Hey Adam … Let’s Talk’: The #NotYourHollywoodIndian Q&A appeared first on Racialicious - the intersection of race and pop culture.

CryptogramRemote Proctoring and Surveillance

Interesting article. There are a lot of surveillance and privacy issues at play here.

Worse Than FailureCodeSOD: One In a Million

Marcus inherited a big-ol-ball-of-mud PHP application. The entire thing is one difficult to summarize pile of WTF, but he searched long and hard to find one snippet that actually summarizes how awful the code is.

That snippet is this <script src="http://www.cornify.com/js/cornify.js" type="text/javascript"></script>:

function generate_confirmation_number(){
        //compact the job number to two digits by adding digits 1+2 and appending to the sum of digits 3+4
        $c_jobno = ($jobno{0}+$jobno{1}).($jobno{2}+$jobno{3});        
               
        //generate an array with 1 million elements        
        $numbers = range(0,999999);

        //get all the confirmation numbers that have been used
        $rs = $this->_conn->execute("SELECT used_num FROM used_num WHERE used_num LIKE &apos%s&apos ORDER BY used_num ASC",$jobno.&apos%&apos);
        
        if ($rs->get_record_count() > 0)
        {
            while (!$rs->eof)
            {
                //delete elements in array corresponding to the last six digits of the confirmation number            
                unset($numbers[substr($rs->value(&aposused_num&apos),4)]);
                $rs->move_next();
            }
        }
        
        //randomize the order of the remaining numbers
        shuffle($numbers);        
        
        //glue the compacted job number to the first element in the numbers array (which is ordered randomly)
        return $jobno.$numbers[0];
}
<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script>

The goal here is to find a number that hasn’t been used for a previous “confirmation”. To find that, they generate an array with every number from 0 to 999,999, and then query the database for previously used confirmation numbers. They then look at every previously used number, and then try to delete it from the array, if it exists.

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet Linux AustraliaCraige McWhirter: Craige McWhirter: Rebuilding An OpenStack Instance and Keeping the Same Fixed IP

OpenStack and in particular the compute service, Nova, has a useful rebuild function that allows you to rebuild an instance from a fresh image while maintaining the same fixed and floating IP addresses, amongst other metadata.

However if you have a shared storage back end, such as Ceph, you're out of luck as this function is not for you.

Fortunately, there is another way.

Prepare for the Rebuild:

Note the fixed IP address of the instance that you wish to rebuild and the network ID:

$ nova show demoinstance0 | grep network
| DemoTutorial network                       | 192.168.24.14, 216.58.220.133                     |
$ export FIXED_IP=192.168.24.14
$ neutron floatingip-list | grep 216.58.220.133
| ee7ecd21-bd93-4f89-a220-b00b04ef6753 |                  | 216.58.220.133      |
$ export FLOATIP_ID=ee7ecd21-bd93-4f89-a220-b00b04ef6753
$ neutron net-show DemoTutorial | grep " id "
| id              | 9068dff2-9f7e-4a72-9607-0e1421a78d0d |
$ export OS_NET=9068dff2-9f7e-4a72-9607-0e1421a78d0d

You now need to delete the instance that you wish to rebuild:

$ nova delete demoinstance0
Request to delete server demoinstance0 has been accepted.

Manually Prepare the Networking:

Now you need to re-create the port and re-assign the floating IP, if it had one:

$ neutron port-create --name demoinstance0 --fixed-ip ip_address=$FIXED_IP $OS_NET
Created a new port:
+-----------------------+---------------------------------------------------------------------------------------+
| Field                 | Value                                                                                 |
+-----------------------+---------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                  |
| allowed_address_pairs |                                                                                       |
| binding:vnic_type     | normal                                                                                |
| device_id             |                                                                                       |
| device_owner          |                                                                                       |
| fixed_ips             | {"subnet_id": "eb5db27f-edad-480e-92cb-1f8fec8848a8", "ip_address": "192.168.24.14"}  |
| id                    | c1927578-451b-4682-8888-55c7163898a4                                                  |
| mac_address           | fa:16:3e:5a:39:67                                                                     |
| name                  | demoinstance0                                                                         |
| network_id            | 9068dff2-9f7e-4a72-9607-0e1421a78d0d                                                  |
| security_groups       | 5898c15a-4670-429b-a414-9f59671c4d8b                                                  |
| status                | DOWN                                                                                  |
| tenant_id             | gsu7j52c50804cf3aad71b92e6ced65e                                                      |
+-----------------------+---------------------------------------------------------------------------------------+
$ export OS_PORT=c1927578-451b-4682-8888-55c7163898a4
$ neutron floatingip-associate $FLOATIP_ID $OS_PORT
Associated floating IP ee7ecd21-bd93-4f89-a220-b00b04ef6753
$ neutron floatingip-list | grep $FIXED_IP
| ee7ecd21-bd93-4f89-a220-b00b04ef6753 | 192.168.24.14   | 216.58.220.133     | c1927578-451b-4682-8888-55c7163898a4 |

Re-build!

Now you need to boot the instance again and specify port you created:

$ nova boot --flavor=m1.tiny --image=MyImage --nic port-id=$OS_PORT demoinstance0
$ nova show demoinstance0 | grep network
| DemoTutorial network                       | 192.168.24.14, 216.58.220.133                     |

Now your rebuild has been completed, you've got your old IPs back and you're done. Enjoy :-)

Planet Linux AustraliaJames Morris: SPARC Processor Documentation Online

For folks who don’t follow my twitter or plus accounts, there’s a bunch of SPARC processor documentation here:

http://www.oracle.com/technetwork/server-storage/sun-sparc-enterprise/documentation/sparc-processor-2516655.html

This is up to T4 & M5 and also now includes legacy systems back to Ultra-SPARC I.  Thanks to all who worked on getting these published.

Planet Linux AustraliaMichael Davies: OpenStack Hint of the Day: Wed Apr 29

When running tox and you get something like this:

mrda@garner:~/src/python-ironicclient (review/michael_davies/file-caching)$ tox -e py34
py34 runtests: PYTHONHASHSEED='3098345924'
py34 runtests: commands[0] | python setup.py testr --slowest --testr-args=
running testr
running=OS_STDOUT_CAPTURE=${OS_STDOUT_CAPTURE:-1} OS_STDERR_CAPTURE=${OS_STDERR_CAPTURE:-1} ${PYTHON:-python} -m subunit.run discover -t ./ ${OS_TEST_PATH:-./ironicclient/tests/unit}  --list 
db type could not be determined
error: testr failed (3)
ERROR: InvocationError: '/home/mrda/src/python-ironicclient/.tox/py34/bin/python setup.py testr --slowest --testr-args='
________________________________________________________________________________________________ summary _________________________________________________________________________________________________
ERROR:   py34: commands failed

The solution is to "rm -rf .testrepository/" and try again.

(Thanks to this little reference hidden away https://wiki.openstack.org/wiki/Python3#tox.2Ftestr_error:_db_type_could_not_be_determined)

Planet DebianDirk Eddelbuettel: RcppTOML 0.0.3: A New Approach to Configuration Files

A small project I worked on during the last few weeks has now come together in new package RcppTOML which arrived on CRAN yesterday.

It provides R with a reader for TOML files. TOML stands for Tom's Obvious Markup Language. And before you roll your eyes, glance at the TOML site. It really is different, and has a number of rather wonderful features:

  • free-format indentation as you please
  • comments anywhere, even on the same line
  • actual types such as string, integer, float, bool and datetime (!!) which are all native
  • vectors, of course, of the above
  • arbitrary nesting of tables

Here is a simple illustration where we parse the TOML example file derived from what is part of the main TOML README

R> p <- parseTOML(system.file("toml", "example.toml", package="RcppTOML"))
R> summary(p)
toml object with top-level slots:
   clients, database, owner, servers, title 
read from /usr/local/lib/R/site-library/RcppTOML/toml/example.toml 
R> p
List of 5
 $ clients :List of 2
  ..$ data :List of 2
  .. ..$ : chr [1:2] "gamma" "delta"
  .. ..$ : int [1:2] 1 2
  ..$ hosts: chr [1:2] "alpha" "omega"
 $ database:List of 4
  ..$ connection_max: int 5000
  ..$ enabled       : logi TRUE
  ..$ ports         : int [1:3] 8001 8001 8002
  ..$ server        : chr "192.168.1.1"
 $ owner   :List of 4
  ..$ bio         : chr "GitHub Cofounder & CEO\\nLikes tater tots and beer."
  ..$ dob         : POSIXct[1:1], format: "1979-05-27 07:32:00"
  ..$ name        : chr "Tom Preston-Werner"
  ..$ organization: chr "GitHub"
 $ servers :List of 2
  ..$ alpha:List of 2
  .. ..$ dc: chr "eqdc10"
  .. ..$ ip: chr "10.0.0.1"
  ..$ beta :List of 2
  .. ..$ dc: chr "eqdc10"
  .. ..$ ip: chr "10.0.0.2"
 $ title   : chr "TOML Example"
NULL
R> 

See much more at the TOML site. I converted one first project at work to this and it really rocks. Point to a file, get a list back and index all components by their names.

We also added really simple S3 classes to the default print() method uses str() for a more compact presentation of what (in R) is of course nested list types.

Internally, the RcppTOML packages use the splendid cpptoml parser by Chase Geigle. This brings in modern C++11 and makes it that CRAN simply cannot build a binary for R on Windows as the g++ version (still, as of April 2015) in Rtools is too old. There is word of an update to Rtools and that point should we able to support Windows as well. Until then, no mas.

A bit more information is on the package page here as well as as the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

,

Planet DebianJonathan Dowland: Deterministic Doom video

My last blog post proved popular, and I've had some requests for a video demonstrating it, so I've put one together:

LongNowNew Horizons Probe to Send Message to Interstellar Space

If you could tell the universe about planet Earth, what would you say?

The One Earth Message Initiative is sending a missive to the stars, and they want your input.

<iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/1dOiFJ-5QbA" width="560"></iframe>

The initiative’s goal is to create a message that will be digitally uploaded to a spacecraft currently making its way to the outer reaches of our solar system. Launched in 02006, the New Horizons probe will fly by Pluto, its primary target, later this summer. Once it completes this mission and sends its data back to Earth, the One Earth Message team hopes to use the space thus freed up on the probe’s on-board computer for a message that intelligent extraterrestrial life may one day intercept. They’ve petitioned NASA with more than 10,000 signatures of support from people all over the world, and received the agency’s encouragement to move forward with the project.

The effort is headed by Jon Lomberg, a long-time collaborator of the late astronomer Carl Sagan, who has decades of experience in the aesthetic design of communications both to and about the distant reaches of our universe. He was design director for the Golden Records that have been traveling aboard the Voyager crafts since the late 01970s, and has collaborated on numerous documentaries, films, and blogs about space exploration.

This new project unites his interest in outreach to the earthbound public with his passion for communicating with the universe. The One Earth Message team hopes to crowd-source their message to the furthest extent possible. They intend to create an internet platform where people from all over the globe can submit images for inclusion in the message and review submissions sent in by others. An advisory board of 86 specialists in a variety of fields – among them Long Now’s own Laura Welcher – will help curate submissions to help put together a message that represents the diversity of our global community.

People from every country will have the opportunity to submit photos and other content. Everyone will have the chance to view and vote online for the ones they think should be sent. It will be a global project that brings the people of the world together to speak as one. Who will speak for Earth? YOU WILL! So we are asking for your support to make it so. (Fiat Physica Campaign page)

The team is currently in the midst of a fundraising campaign to build the message website and spread word of the project around the globe. If the campaign is successful, stretch goals include the development of educational material to encourage creative engagement with One Earth Message, and expeditions to the remotest corners of Earth to make sure even the voices living there are included in the New Horizons message.

While there is a possibility that the message could one day reach alien recipients, The One Earth Message organization sees its project primarily as a way to inspire a sense of global unity, much like the Golden Records did – and like Stewart Brand once thought a picture of Earth from space might do.

For almost 40 years, people have been inspired by the Voyager record, a portrait of the Earth in 1977 … The world is very different now, and this new message will reflect the hopes and dreams of the second decade in the 21st century. It will inspire young people’s interest in science and ignite the imagination of all ages. We hope it will be an example of global creativity and cooperation, something that the entire planet can share as a cooperative venture … (space.com)

Artist's impression of the Rosetta spacecraft flying past an asteroid

In other words, the New Horizons message is a way to start a conversation – with alien life, but also with ourselves. Aside from a form of communication, we might also think of it as a self-portrait. Like the Rosetta Disk aboard the European Space Agency’s Rosetta probe, the New Horizons message will be a record of who we are as a global community. As Laura Welcher said of the Rosetta mission,

It’s interesting to think why people do this, why we send messages into space. I think partly we’re trying to commemorate special events … partly we’re also trying to communicate with ourselves; our current selves, and perhaps our future selves. … These messages that we’re sending into space are proxies for us. They are our ambassadors, and they go where we physically cannot go.

The creation of a self-portrait requires reflection on who we are, and who we want to be. It holds us accountable to the image we present to the world. Like any self-portrait, the One Earth Message is at least partly aspirational – it’s meant to compel continual engagement with ourselves and our own betterment; to inspire us always to strive to be our best selves.

To learn more about One Earth Message and ways to contribute, please visit the project’s fundraising page, or follow the project on Twitter.

TEDWhat do you want to know about past TED speakers? For one fan, it’s the apps they use and books they read

After-TED-Talks-homepageTED speaker Virginia Postrel swears by the app Anti-Social when she needs to focus on her writing. Jon Gosier considers his iPhone 5 “the Swiss Army knife of electronic gadgetry,” and relies on Waze for “directions and avoiding speeding tickets.” Meanwhile, Heather Barnett never reads a single book at a time — she usually has “a pile of books by my bed, spanning psychology, art, innovation, biology, education and fiction.”

We know this thanks to Brian Stefanelli’s website, After TED Talks, which posts his interviews with TED and TEDx speakers after their talks go live online. While these interviews dig into the topic of the talks, Stefanelli makes sure to ask speakers the same four questions: “What hardware do you use?” “What apps or software can you not live without?” “What are you currently reading?” and “What projects are you currently working on?” Their answers are fascinating.

Stefanelli discovered TED when someone posted a talk given by virtual reality pioneer Jaron Lanier at TEDxSF on StumbleUpon. “He was playing some sort of bamboo instrument from Vietnam,” recalls Stefanelli. “I spent the next few hours looking for other talks and became obsessed.” He found himself growing curious about (a) what his favorite speakers had been up to since they gave their talk and (b) how they generally organized their lives. So he decided to ask them — and blog the results. “There are many people that are just as curious as I am,” he says.

“In the beginning, I figured that if I could get a speaker who was listed in the most-viewed TED Talks of all time section on the TED site to answer my questions, it would give me credibility when I approached other speakers. But it turned out those speakers were really hard to get in touch with,” he says. So he took another tack, and just starting chatting with speakers he liked via social media. This produced better results.

“The first speaker that actually sent back a response was James Howard Kunstler. He was really generous with his answers,” says Stefanelli. “After that, I was motivated to reach out to more people.”

So far, he has interviewed 15 speakers whose talk topics range from topics from green design to the treatment of the Hazara people in Afghanistan and Pakistan. They’re short, compelling reads — perhaps because, as he says, “I have an admiration for every speaker I interview.”

Fanfare shares art, music, remixes, websites and more created by TED fans around our content. Have something you’d like to share? Write kate@ted.com and tell her about it.


Geek FeminismLike they say, if it quacks like a linkspam… (28 April 2015)


We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

(edited on May 1st to change the title, as the original title contained a pop-culture reference that was inappropriate given the content of the links)

CryptogramShaking Someone Down for His Password

A drug dealer claims that the police leaned him over an 18th floor balcony and threatened to kill him if he didn't give up his password. One of the policemen involved corroborates this story.

This is what's known as "rubber-hose cryptanalysis," well-described in this xkcd cartoon.

Krebs on SecurityChina Censors Facebook.net, Blocks Sites With “Like” Buttons

Chinese government censors at the helm of the “Great Firewall of China” appear to have inadvertently blocked Chinese Web surfers from visiting pages that call out to connect.facebook.net, a resource used by Facebook’s “like” buttons. While the apparent screw-up was quickly fixed, the block was cached by many Chinese networks — effectively blocking millions of Chinese Web surfers from visiting a huge number of sites that are not normally censored.

fblikeunlike

Sometime in the last 24 hours, Web requests from within China for a large number of websites were being redirected to wpkg.org, an apparently innocuous site hosting an open-source, automated software deployment, upgrade and removal program for Windows.

One KrebsOnSecurity reader living in China who was inconvenienced by the glitch said he discovered the problem just by trying to access the regularly non-blocked UK newspapers online. He soon noticed a large swath of other sites were also being re-directed to the same page.

“It has the feel of a cyber attack rather than a new addition to the Great Firewall,” said the reader, who asked not to be identified by name. “I thought it might be malware on my laptop, but then I got an email from the IT services at my university saying the issue was nation-wide, which made me curious. It’s obviously very normal for sites to be blocked here in China, but the scale and the type of sites being blocked (and the fact that we’re being re-directed instead of the usual 404 result) suggests a problem with the Internet system itself. It doesn’t seem like the kind of thing the Chinese gov would do intentionally, which raises some interesting questions.”

Nicholas Weaver, a researcher who has delved deeply into Chinese censorship tools in his role at the International Computer Science Institute (ICSI) and the University of California, Berkeley, agrees that the blocking of connect.facebook.net by censors inside the country was likely a mistake.

“Any page that had a Facebook Connect element on it that was unencrypted and visited from within China would instead get this thing which would reload the main page of wpkg.org,” Weaver said, noting that while Facebook.com always encrypts users’ connections, sites that rely on Facebook “like” buttons and related resources draw those from connect.facebook.net. “That screw-up seems to have been fairly quickly corrected, but the effect of it has lingered because it got into peoples’ domain name system (DNS) caches.”

In short, a brief misstep in censorship can have lasting and far flung repercussions. But why should this be considered a screw-up by Chinese censors? For one thing, it was corrected quickly, Weaver said.

“Also, the Chinese censors don’t benefit from it, because this caused a huge amount of disruption to Chinese web surfers on pages that the government doesn’t want to censor,” he said.

Such screw-ups are not unprecedented. In January 2014, Chinese censors attempting to block Greatfire.org — a site that hosts tools and instructions for people to circumvent restrictions erected by the Great Firewall — inadvertently blocked all Chinese Web surfers from accessing most of the Internet.

Doing censorship right — without introducing the occasional routing calamities and unintended consequences — is hard, Weaver said. And China isn’t the only nation that’s struggled with censorship goofs. The United Kingdom filters its providers’ Internet traffic for requests to known child pornography material. In 2008, a filtering system run by the U.K-based Internet Watch Foundation flagged the cover art for the album Virgin Killers by the rock band Scorpions as potential child porn. As a result, the system placed several pages from Wikipedia on its Internet black list.

The child porn filtering system checked for requests to images flagged as indecent by proxying the traffic through a specific system. So when many U.K. residents tried to edit Wiki pages following the blacklisting, Wikipedia saw those requests as huge numbers of users all trying to edit Wiki pages from the same Internet addresses, and blocked the proxy address — effectively cutting off U.K. users from editing all Wiki pages for several days.

Suggested further reading:

Don’t Be Fodder for China’s ‘Great Cannon’

Greatfire.org

Planet DebianZlatan Todorić: Home, is that you?

Today I found out (by mail from my German friend) that there is a place called Longo Mai. Still need to explore it but it made my day currently.

Sociological ImagesRacism Kills: New Data on Stress and Mortality

African Americans are less healthy than their white counterparts. There are lots of causes for this: food deserts, lack of access to healthcare, an absence of recreational opportunities in low income neighborhoods, and more. Arguably, these are indirect effects of racist individuals and institutions, leading to the disinvestment in predominantly black neighborhoods and the economic disempowerment of black people.

This post, though, is about a direct relationship between racism and health mediated by stress. Experiencing discrimination has been shown to have both acute and long-term effects on the body. Being discriminated against changes the biometrics that indicate stress and personal reports of stress (anxiety, depression, and anger). Bad health outcomes are the result.

A new study, published in PLOS One, adds another layer to the accumulating evidence. To get a strong measure of “area racism” — the prevalence of racist beliefs in a specific geographic area — epidemiologist David Chae and his colleagues counted how often internet users searched for the “n-word” on Google (ending in -er or -ers, but not -a or -as). This, they argued, is a good measure of the likelihood that an African American will experience discrimination. Here are their findings for area racism:

2

They then measured the rate at which black people over 25 in those areas die and the death rate from the four most common causes of death for that population: heart disease, cancer, stroke, and diabetes. They also included a series of control variables to attempt to isolate the predictive power of area racism.

The resulting data offer support for the idea that area racism increases mortality among African Americans. Chae and his colleagues summarize, saying that areas in which Google searches for the n-word are one standard deviation above the mean have an 8.2% increase in mortality among Blacks. The searches were related, also, to an increase in the rates of cancer, heart disease, and stroke. “This,” they explain, “amounts to over 30,000 [early] deaths among Blacks annually nationwide.”

When they controlled for area level demographics and socioeconomic variables, the magnitude of the effect dropped from 8.2% to 5.7%. But these factors, they argued, “are also influenced by racial prejudice and discrimination and therefore could be on the causal pathway.” In other words, it’s not NOT racism that’s making up that 2.5% difference.

Directly and indirectly, racism kills.

H/t to Philip Cohen for the link.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianCraig Small: Backporting and git-buildpackage

For working with Debian packages, one method of maintaining them is to put them in git and use git-buildpackage to build them right out of the git repository.  There are a few pitfalls with it, notably around if you forget to import the upstream you get this strange treeish related error which still throws me at first when I see it.

Part of maintaining packages is to be able to fix security bugs in older versions of them that are found in stable and even sometimes old stable (jessie and wheezy respectively at the time of writing).  At first I used to do this outside git because to me there wasn’t a clear way of doing it within it.  This is not too satisfactory because it means you lose the benefits of using git in the first place, and for distributions you are more likely to need collaboration with, such as working with the security team or help with backporting.

So because I don’t think the details are easily found and also I’ll probably lose them again and need a central spot to find what I did last time.

Building the environment

The first step for a new distribution is to create the building environment.  You really only need to do this once when there is a new distribution with then possibly some updates from time to time. The command will create the environment in /var/cache/pbuilder/base-DIST.cow/

DIST=wheezy git-pbuilder create

You will find all the files in /var/cache/pbuilder/base-wheezy.cow/ which is then ready to do be used.

For more information about this useful tool, look at the git-builder entry on the Debian wiki.

Creating the branch

The master branch is generally where sid will located. For the other distributions, I use branches. For the initial setup you will need to create the branch and start it off from the right point.  For example, the last non-security update for wordpress in jessie was version 4.1+dfsg-1.  We then want the jessie branch to start from this point.

git branch jessie debian/4.1+dfsg-1
git checkout jessie

This will then create and put you on the jessie branch. You only need the first line once. You can switch between sid (master branch) and jessie (jessie branch).

At this point you have a working place to make all the updates you need to do. Nothing is terribly different from the usual workflow.

Building the package

Make sure you have checked in all your changes and now it is time to build your package!

git-buildpackage --git-pbuilder --git-dist=jessie --git-debian-branch=jessie

You may need two additional flags:

  • -sa Use this for the first security update so there is also the source included on the security servers.
  • –git-tag Once you are sure this is the latest changes for this version this will tag in git with the debian tag, such as debian/4.1+dfsg-1+deb8u1

 

Planet DebianThomas Goirand: @Erich Schubert: why not trying to package Hadoop in Debian?

Erich,

 

As a follow-up on your blog post, where you complain about the state of Hadoop. First, I couldn’t agree more with all you wrote. All of it! But why not trying to get Hadoop in Debian, rather than only complaining about the state of things?

 

I have recently packaged and uploaded Sahara, which is OpenStack big data as a service (in other words: running Hadoop as a service on an OpenStack cloud). Its working well, though it was a bit frustrating to discover exactly what you complained about: the operating system cloud image needed to run within Sahara can only be downloaded as a pre-built image, which is impossible to check. It would have been so much work to package Hadoop that I just gave up (and frankly, packaging all of OpenStack in Debian is enough work for a single person doing the job… so no, I don’t have time to do it myself).

OpenStack Sahara already provides the reproducible deployment system which you seem to wish. We “only” need Hadoop itself.

CryptogramNice Essay on Security Snake Oil

This is good:

Just as "data" is being sold as "intelligence", a lot of security technologies are being sold as "security solutions" rather than what they for the most part are, namely very narrow focused appliances that as a best case can be part of your broader security effort.

Too many of these appliances do unfortunately not easily integrate with other appliances or with the rest of your security portfolio, or with your policies and procedures. Instead, they are created to work and be operated as completely stand-alone devices. This really is not what we need. To quote Alex Stamos, we need platforms. Reusable platforms that easily integrate with whatever else we decide to put into our security effort.

Slashdot thread.

Worse Than FailureThe Daily WTF: Live: Killing the Virus

On April 10th, I hosted The Daily WTF: Live! in Pittsburgh. It was a blast. We had a great crowd, and some great performances.

Our first story is one of my own- a tale about how one computer virus finds its violent end.

Direct Link (mp3).

This episode is brought to you by our sponsor, Puppet Labs. Check out their intro video, it gives a pretty good overview of how they help their customers get things done. Start a [free trial](http://puppetlabs.com/download-puppet-enterprise) today!

Transcript

Host (Remy Porter):
Today’s Daily WTF Live is brought to you by Puppet Labs. Manage your infrastructure as code across all environments with Puppet. Start your free trial today!

Welcome to The Daily WTF Live. I’m your host Remy Porter, and over the next few weeks, we’ll be sharing a series of stores that were recorded at The Daily WTF Live show, held at the Maker Theater in Pittsburgh. We got local IT professionals up on stage to share their real-world, from-the-trenches stories in front of a live audience. Everybody who attended had a blast, I really enjoyed putting this together, and I look forward to doing this again sometime in the future.

For the moment, let me give a little bit of a shout-out to Puppet Labs. It was their sponsorship that made this show possible.

Our first story is one of my own. This is from a time when I was much, much younger, and much much braver. This particular story involves a little swashbuckling, a little derring-do… and in the end, something gets stabbed to death. Enjoy!


Storyteller (Remy Porter)
Like so many IT professionals, our lives from the trenches start quite young. Who here, you know, their first computer was a childhood memory? Right? So many of us, right? My first computer was a VIC–20. I remember as a wee lad my dad plugging it into the television, ‘cause that’s what you plugged computers into back then.

And I grew up with a computer in the house the entire time. We had the VIC–20, we had the Commodore 64… eventually we got the PS/1, which is the really really crappy version of the IBM PS/2. Like, imagine, you know… it was awful, it was a terrible computer. But, it was what I had when I was growing up. I thought it was the greatest thing.

And so, when I turned sixteen- like all aspiring nerds, I’d been saving up a lot of money, and it was not so I could go and buy a car. It was so that I could go to the Kingston Armory, where they were having a computer show. And I had, you know, all of my money saved up. I emptied my entire bank account to buy my first computer, the one that was mine to own.

This, this changed my life- or at least it was going to, right? Because I no longer had to get yelled at by my dad when something went wrong on the computer and it was like, “No, that’s your fault.”

I’m like, “I didn’t even touch it today! It’s not my…!” [sigh]

I didn’t have to put up with that anymore! I had my own computer! I could get any game I wanted. I could install it. This was going to be the big moment for me.

So I get home- and this was a computer show, so the computer wasn’t fully assembled. I had a motherboard, I had a processor, I had all of these things. And so I spend hours putting it all together. I had never done anything like this before. Sure it snaps together like Legos, but this is still the late 90s. It’s not fully like Legos, quite like it is today. You gotta mount it to the case right, and all of this stuff.

So, I spend hours doing this. This is my big moment for the weekend. And then I get it finally booted up, and I have to install all my software… hours and hours there… this is- I’m so excited. And the thing that really puts it over the top for me is that I have a friend who’s given me a lovely little floppy disk with… it was probably Doom 2, or Duke Nuke’em, something like that. And I had this illegally pirated floppy disk, and I built this computer just so I could put that floppy disk in there, load that program, and blow something to hell with all sorts of gory violence.

That was the perfect moment for me. Until… things just started getting weird with my computer.

I had just put it together. I had taken everything from my bank account, put it into this computer… my computer started acting weird… immediately after I put this floppy disk in there. I’m like, “Oh, this is… this is a problem. This isn’t good. This is… oh no.”

And I couldn’t pin down exactly what was weird. It was just all sorts of things like sounds wouldn’t play, but then they would, or the monitor would do weird things. I wasn’t really sure what was going on until I talked to the friend who gave me the floppy disk. And he said “Yeah, my computer had a virus. It was AntiCMOS.A, which did something to my motherboard, which destroyed my computer. I just had to get a new one.”

And I’m like, OK… That doesn’t sound entirely plausible, but at the same time, I’m utterly terrified, because I had just done everything. This- If I lost this computer, if I had to get a new one, I was done.

And this was the 90s, right? This was mid–90s. I couldn’t just go online and look up this virus. So I had to sit there and I had to reason about it. I had to think about it. You know, virus programs couldn’t get it because it was actually in the hardware. AntiCMOS.A actually infected the CMOS chip that controls your BIOS.

And I’m like, OK, I know it’s called AntiCMOS.A, so I know, I know, that this virus is somehow tied to my CMOS. And because I was a good nerd, I didn’t read the manuals, but I did have them. So I went to my motherboard manual, and I start flipping through, and I see stuff about the CMOS. And I see that to resolve my issues, or to purge the CMOS- to wipe it- there’s a jumper that you can close on the motherboard.

Now, this was a computer show motherboard, so it did not actually come with any spare jumpers. There were none of those little plastic gates that I could put over those pins- there wasn’t one. I didn’t have an extra one that I could just move from someplace else.

So I just sat and thought to myself and said, “I have a screwdriver.”

And I took the screwdriver and I put it between the two pins, and I hit the power button, and absolutely nothing happened. Nothing turned on, no lights flashed, and I’m like, “All right, that’s it. I’ve just stabbed my computer to death, aaand that is going to be the end of my life for the foreseeable future.”

But I take the screwdriver out, and I hit the power button again, just hoping against hope- and sure enough, my computer boots up. The problem is solved. I no longer have that virus, until I borrow another floppy disk from that friend- but at least then I knew what to do about it.

And as far as I know, this makes me the only person who has killed a computer virus with a screwdriver.


Host (Remy Porter)
And so that was my adventure with my first computer virus. A little bit of a violent ending there. Next week, our speaker will be Jean Lang, and she’s gonna be pulling back the curtain and explaining how the Steel City Ruby Conference came to be. Thank you for listening, tune in next week for more stories.

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet DebianMichael Prokop: GLT15: Slides of my “Debian 8 aka jessie, what’s new” talk

*

I wasn’t sure whether I would make it to Linuxdays Graz (GLT15) this year so I didn’t participate in its call for lectures. But when meeting folks on the evening before the main event I came up with the idea of giving a lightning talk as special kind of celebrating the Debian jessie release.

So I gave a lightning talk about "Debian 8 aka jessie, what’s new" on 25th of April (couldn’t have been a better date :)) and the slides of my talk turned up to be more useful than expected (>3000 downloads within the first 48 hours and I received lots of great feedback), so maybe it’s worth mentioning them here as well: "Debian 8 aka jessie, what’s new" (PDF, 450KB)

PS: please join the #newinjessie game, also see #newinjessie on twitter

Geek FeminismBook club: “Trade Me” by Courtney Milan

Hello! I’m helping relaunch the Geek Feminism Book Club, with a bit of a tweak in the interests of getting us going again swiftly (details at end). The book is Trade Me, a new contemporary romance novel by Courtney Milan, and we’ll talk about it in a comment thread here on May 28th.

In January, I snarfled up Trade Me. It stars a Chinese-American woman studying computer science at UC Berkeley. It’s about class and classism, deconstructing the Prince Charming/billionaire trope in romantic fiction, a product launch, Bay Area tech, ally fails, how to deal with cops, authenticity and adaptation, safety and freedom, trust, parents, and work. And one of the main secondary characters is trans, and all the physicality in the relationship is super consensual, and there is a kind-of reference to Cake Wrecks, and (maybe only I see it) to Randall Munroe’s “What If?” blog. I link it thematically to Jo Walton’s The Just City, Ellen Ullman’s The Bug, and the good parts of Amy Tan’s The Joy Luck Club. It’s pretty great, and you can read the first chapter for free at Milan’s site. (ROT13’d content warnings that are spoilers: qvfbeqrerq rngvat naq gur arne-qrngu bs n cnerag.)

Overall, Milan’s work is funny and loving and moving and smart. I like how she sets up and calls back to other books within series, I love that The Heiress Effect included an Indian guy, and I’m happy that she depicts queer characters and characters with disabilities. As a woman of color (“half-Chinese” in her words) she’s also especially aware of the importance of writing fictional representations of women of color in STEM, and of fixing broken standards that lead to unequal representation.

And she’s not just a geek, but a geek of my persuasion — specifically, an open source software maker. She wrote and wants people to reuse a chunk of GPL’d software to autogenerate links to a particular book at multiple online bookstores. Also she used to use Gentoo Linux. Of course she gives her readers permission to strip DRM from their copies of her books. Basically I would not be surprised if there is super flirty pair programming or a double entendre in a bash script in a future Milan book.

So this is the book for the next book club; usually we vote on what book to discuss next, but in the interests of getting momentum going again, I figured I’d choose this one by fiat and we’ll vote on the next one. Trade Me costs about USD$5 via any of several ebook retailers, and may be available via your local library‘s ebook lending program as well. Read it sometime in the next month and then come back here and we’ll talk about it!

Planet DebianRaphael Geissert: Updates to the Debian sources editor

Since the announcement of the chrome/chromium and firefox/iceweasel extensions that add in-browser editing of Debian sources there have been a few changes:

  • Update to Ace 1.1.9, which brings quite some fixes
  • Downloads with proper file names! this should work with recent browsers. E.g for a patch it will propose package-version_path_file.patch
  • Changing the order of additions and removals in the generated patches (it was strange to see additions first)
  • Improvements to the compatibility with debsources' URL parameters
  • Allow the extension to be enabled in private browsing mode (firefox/iceweasel)
  • Loading of the extension when browsing debsources via https
  • Internal extension packaging cleanup, including the generation of a versioned copy of the web (remote) files, so that users of version 0.0.x do use the remote code version 0.0.x

If your browser performs automatic updates of the extensions (the default), you should soon be upgraded to version 0.0.10 or later, bringing all those changes to your browser.

Want to see more? multi-file editing? emacs and vim editing modes? in-browser storage of the modified files? that and more can be done, so feel free to join me and contribute to the Debian sources editor!

Planet Linux AustraliaStewart Smith: Going beyond 1.3 MILLION SQL Queries/second

So, on a large IBM POWER8 system I was recently running the newly coined “yesmark” benchmark, which is best translated as this:

Benchmark (N for concurrency): for i in {1..N}; do yes "DO 0;" | mysql > /dev/null & done
Live results: mysqladmin -ri 1 extended-status | grep Questions

Which sounds all fun until you realize that it’s *amazingly* close in results to a sysbench point select benchmark these days (well, with MySQL 5.7.7).

Since yesmark doesn’t use InnoDB though, MariaDB is back in the game.

I don’t think it matters between MariaDB and MySQL at this point for yesbench. With MySQL in a KVM guest on a shared 2 socket POWER8 I could get 754kQPS and on a larger system, I could get 1.3 million / sec.

1.3 Million queries / sec is probably the highest number anybody has ever seen out of MySQL or MariaDB, so that’s fairly impressive in itself.

What’s also impressive is that on this workload, mysqld was still only using 50% of CPU in the system. The mysql command line client was really heavy user.

Other users are: 8% completely idle, another 12% in linux scheduler (alarmingly high really). So out of all execution time, only about 44% spent in mysqld, 29% in mysql client.

It seems that the current issues scaling to two socked POWER8 machines are the same as with scaling to other large systems, when we go beyond about 20 POWER8 cores (SMT8), we start to find new and interesting challenges.

Krebs on SecurityA Day in the Life of a Stolen Healthcare Record

When your credit card gets stolen because a merchant you did business with got hacked, it’s often quite easy for investigators to figure out which company was victimized. The process of divining the provenance of stolen healthcare records, however, is far trickier because these records typically are processed or handled by a gauntlet of third party firms, most of which have no direct relationship with the patient or customer ultimately harmed by the breach.

I was reminded of this last month, after receiving a tip from a source at a cyber intelligence firm based in California who asked to remain anonymous. My source had discovered a seller on the darknet marketplace AlphaBay who was posting stolen healthcare data into a subsection of the market called “Random DB ripoffs,” (“DB,” of course, is short for “database”).

Eventually, this same fraudster leaked a large text file titled, “Tenet Health Hilton Medical Center,” which contained the name, address, Social Security number and other sensitive information on dozens of physicians across the country.

AlphaBayHealthContacted by KrebsOnSecurity, Tenet Health officials said the data was not stolen from its databases, but rather from a company called InCompass Healthcare. Turns out, InCompass disclosed a breach in August 2014, which reportedly occurred after a subcontractor of one of the company’s service providers failed to secure a computer server containing account information. The affected company was 24 ON Physicians, an affiliate of InCompass Healthcare.

“The breach affected approximately 10,000 patients treated at 29 facilities throughout the U.S. and approximately 40 employed physicians,” wrote Rebecca Kirkham, a spokeswoman for InCompass.

“As a result, a limited amount of personal information may have been exposed to the Internet between December 1, 2013 and April 17, 2014, Kirkham wrote in an emailed statement. Information that may have been exposed included patient names, invoice numbers, procedure codes, dates of service, charge amounts, balance due, policy numbers, and billing-related status comments. Patient social security number, home address, telephone number and date of birth were not in the files that were subject to possible exposure. Additionally, no patient medical records or bank account information were put at risk. The physician information that may have been exposed included physician name, facility, provider number and social security number.”

Kirkham said up until being contacted by this reporter, InCompass “had received no indication that personal information has been acquired or used maliciously.”

So who was the subcontractor that leaked the data? According to PHIprivacy.net (and now confirmed by InCompass), the subcontractor responsible was PST Services, a McKesson subsidiary providing medical billing services, which left more than 10,000 patients’ information exposed via Google search for over four months.

As this incident shows, a breach at one service provider or healthcare billing company can have a broad impact across the healthcare system, but can be quite challenging to piece together.

Still, not all breaches involving health information are difficult to backtrack to the source. In September 2014, I discovered a fraudster on the now-defunct Evolution Market dark web community who was selling life insurance records for less than $7 apiece. That breach was fairly easily tied back to Torchmark Corp., an insurance holding company based in Texas; the name of the company’s subsidiary was plastered all over stolen records listing applicants’ medical histories.

HEALTH RECORDS GET AROUND

Health records are huge targets for fraudsters because they typically contain all of the information thieves would need to conduct mischief in the victim’s name — from fraudulently opening new lines of credit to filing phony tax refund requests with the Internal Revenue Service. Last year, a great many physicians in multiple states came forward to say they’d been apparently targeted by tax refund fraudsters, but could not figure out the source of the leaked data. Chances are, the scammers stole it from hacked medical providers like PST Services and others.

In March 2015, HealthCare IT News published a list of healthcare providers that experienced data breaches since 2009, using information from the Department of Health and Human Services. That data includes HIPAA breaches reported by 1,149 covered entities and business associates, and covers some 41 million Americans. Curiously, the database does not mention some 80 million Social Security numbers and other data jeopardized in the Anthem breach that went public in February 2015 (nor 11 million records lost in the Premera breach that came to light in mid-March 2015).

Sensitive stolen data posted to cybercrime forums can rapidly spread to miscreants and ne’er-do-wells around the globe. In an experiment conducted earlier this month, security firm Bitglass synthesized 1,568 fake names, Social Security numbers, credit card numbers, addresses and phone numbers that were saved in an Excel spreadsheet. The spreadsheet was then transmitted through the company’s proxy, which automatically watermarked the file. The researchers set it up so that each time the file was opened, the persistent watermark (which Bitglass says survives copy, paste and other file manipulations), “called home” to record view information such as IP address, geographic location and device type.

The company posted the spreadsheet of manufactured identities anonymously to cyber-crime marketplaces on the Dark Web. The result was that in less than two weeks, the file had traveled to 22 countries on five continents, was accessed more than 1,100 times. “Additionally, time, location, and IP address analysis uncovered a high rate of activity amongst two groups of similar viewers, indicating the possibility of two cyber crime syndicates, one operating within Nigeria and the other in Russia,” the report concluded.

Source: Bitglass

Source: Bitglass

Planet DebianGunnar Wolf: Bestest birthday ever

Bestest birthday ever

That's all I need to enjoy the best best party ever.

Oh! Shall I mention that we got a beautiful present for the kids from our very dear DebConf official Laminatrix! Photos not yet available, but will provide soon.

,

Krebs on SecuritySendGrid: Employee Account Hacked, Used to Steal Customer Credentials

Sendgrid, an email service used by tens of thousands of companies — including Silicon Valley giants as well as Bitcoin exchange Coinbase — said attackers compromised a Sendgrid employee’s account, which was then used to steal the usernames, email addresses and (hashed) passwords of customer and employee accounts. The announcement comes several weeks after Sendgrid sought to assure customers that the breach was limited to a single customer account.

sg1On April 9, The New York Times reported that Coinbase had its Sendgrid credentials compromised, and that thieves were apparently using the access to launch phishing attacks against Bitcoin-related businesses. Sendgrid took issue with the Times piece for implying that SendGrid had incurred a platform-wide breach. “The story has now been updated to reflect that only a single SendGrid customer account was compromised,” Sendgrid wrote in a blog post published that same day.

Today, Sendgrid published another post walking that statement back a bit, saying it now had more information about the extent of the intrusion thanks to assistance from data breach investigators:

“After further investigation in collaboration with law enforcement and FireEye’s (Mandiant) Incident Response Team, we became aware that a SendGrid employee’s account had been compromised by a cyber criminal and used to access several of our internal systems on three separate dates in February and March 2015,” wrote David Campbell, Sendgrid’s chief security officer.  Campbell continues:

“These systems contained usernames, email addresses, and (salted and iteratively hashed) passwords for SendGrid customer and employee accounts. In addition, evidence suggests that the cyber criminal accessed servers that contained some of our customers’ recipient email lists/addresses and customer contact information. We have not found any forensic evidence that customer lists or customer contact information was stolen. However, as a precautionary measure, we are implementing a system-wide password reset. Because SendGrid does not store customer payment cards we do know that payment card information was not involved.”

Sendgrid is urging customers to change their passwords, and to take advantage of the company’s multi-factor authentication offering. Sendgrid also said it is working to add more authentication methods for its two-factor security, and to expedite the release of special “API keys” that will allow customers to use keys instead of passwords for sending email through its systems.

Sendgrid manages billions of emails for some big brand names, including Pinterest, Spotify and Uber. This reach makes them a major target of fraudsters and spammers, who would like nothing more than to control whitelisted accounts capable of blasting out so much email each day.

In March 2015, U.S. prosecutors indicted three men in connection with the April 2011 compromise of commercial email giant Epsilon. Days after that break-in, customers at dozens of Fortune 500 companies began complaining of receiving spam to email addresses they’d created specifically for use with the companies directly served by Epsilon and its network of email providers.

TEDTED wins 11 Webby Awards

Webby winnersToday, as the winners of the 2015 Webby Awards were announced, our jaws hit the floor. Between TED and TED-Ed, we won a total of 11 awards — which means we’re tied with Always’ #LikeAGirl campaign for the most Webby Awards of the year.

TED.com won seven awards, for Websites: Events (both the judges’ award and the fan-voted People’s Voice award), Websites: Best Practices (judges’ award and People’s Voice), Websites: Best Home/Welcome Page (judges’ award and People’s Voice) and Mobile Sites & Apps: Education & Reference (People’s Voice).

And our TED-Ed project on its own won four, for Online Film & Video: Science & Education (judges’ award and People’s Voice), Online Video Channels & Networks: Science & Education (judges’ award) and Websites: Education (People’s Voice).

The award winners were voted on by the International Academy of Digital Arts & Sciences, which include judges such as Conan O’Brien and Arianna Huffington. And more than 500,000 fans from 200 countries and territories voted for the People’s Voice award winners. In other words, we are humbled and thankful, and in fantastic company — the list of all Webby winners is a great browse. Now, to get ready for our 5-word acceptance speeches.


CryptogramThe History of Lockpicking

Planet DebianMatthew Garrett: Reducing power consumption on Haswell and Broadwell systems

Edit to add: These patches on their own won't enable this functionality, they just give us a better set of options. Once they're merged we can look at changing the defaults so people get the benefit of this out of the box.

Haswell and Broadwell (Intel's previous and current generations of x86) both introduced a range of new power saving states that promised significant improvements in battery life. Unfortunately, the typical experience on Linux was an increase in power consumption. The reasons why are kind of complicated and distinctly unfortunate, and I'm at something of a loss as to why none of the companies who get paid to care about this kind of thing seemed to actually be caring until I got a Broadwell and looked unhappy, but here we are so let's make things better.

Recent Intel mobile parts have the Platform Controller Hub (Intel's term for the Southbridge, the chipset component responsible for most system i/o like SATA and USB) integrated onto the same package as the CPU. This makes it easier to implement aggressive power saving - the CPU package already has a bunch of hardware for turning various clock and power domains on and off, and these can be shared between the CPU, the GPU and the PCH. But that also introduces additional constraints, since if any component within a power management domain is active then the entire domain has to be enabled. We've pretty much been ignoring that.

The tldr is that Haswell and Broadwell are only able to get into deeper package power saving states if several different components are in their own power saving states. If the CPU is active, you'll stay in a higher-power state. If the GPU is active, you'll stay in a higher-power state. And if the PCH is active, you'll stay in a higher-power state. The last one is the killer here. Having a SATA link in a full-power state is sufficient to keep the PCH active, and that constrains the deepest package power savings state you can enter.

SATA power management on Linux is in a kind of odd state. We support it, but we don't enable it by default. In fact, right now we even remove any existing SATA power management configuration that the firmware has initialised. Distributions don't enable it by default because there are horror stories about some combinations of disk and controller and power management configuration resulting in corruption and data loss and apparently nobody had time to investigate the problem.

I did some digging and it turns out that our approach isn't entirely inconsistent with the industry. The default behaviour on Windows is pretty much the same as ours. But vendors don't tend to ship with the Windows AHCI driver, they replace it with the Intel Rapid Storage Technology driver - and it turns out that that has a default-on policy. But to make things even more awkwad, the policy implemented by Intel doesn't match any of the policies that Linux provides.

In an attempt to address this, I've written some patches. The aim here is to provide two new policies. The first simply inherits whichever configuration the firmware has provided, on the assumption that the system vendor probably didn't configure their system to corrupt data out of the box[1]. The second implements the policy that Intel use in IRST. With luck we'll be able to use the firmware settings by default and switch to the IRST settings on Intel mobile devices.

This change alone drops my idle power consumption from around 8.5W to about 5W. One reason we'd pretty much ignored this in the past was that SATA power management simply wasn't that big a win. Even at its most aggressive, we'd struggle to see 0.5W of saving. But on these new parts, the SATA link state is the difference between going to PC2 and going to PC7, and the difference between those states is a large part of the CPU package being powered up.

But this isn't the full story. There's still work to be done on other components, especially the GPU. Keeping the link between the GPU and an internal display panel active is both a power suck and requires additional chipset components to be powered up. Embedded Displayport 1.3 introduced a new feature called Panel Self-Refresh that permits the GPU and the screen to negotiate dropping the link, leaving it up to the screen to maintain its contents. There's patches to enable this on Intel systems, but it's still not turned on by default. Doing so increases the amount of time spent in PC7 and brings corresponding improvements to battery life.

This trend is likely to continue. As systems become more integrated we're going to have to pay more attention to the interdependencies in order to obtain the best possible power consumption, and that means that distribution vendors are going to have to spend some time figuring out what these dependencies are and what the appropriate default policy is for their users. Intel's done the work to add kernel support for most of these features, but they're not the ones shipping it to end-users. Let's figure out how to make this right out of the box.

[1] This is not necessarily a good assumption, but hey, let's see

comment count unavailable comments

Planet Linux AustraliaJan Schmidt: New gst-rpicamsrc features

I’ve pushed some new changes to my Raspberry Pi camera GStreamer wrapper, at https://github.com/thaytan/gst-rpicamsrc/

These bring the GStreamer element up to date with new features added to raspivid since I first started the project, such as adding text annotations to the video, support for the 2nd camera on the compute module, intra-refresh and others.

Where possible, you can now dynamically update any of the properties – where the firmware supports it. So you can implement digital zoom by adjusting the region-of-interest (roi) properties on the fly, or update the annotation or change video effects and colour balance, for example.

The timestamps produced are now based on the internal STC of the Raspberry Pi, so the audio video sync is tighter. Although it was never terrible, it’s now more correct and slightly less jittery.

The one major feature I haven’t enabled as yet is stereoscopic handling. Stereoscopic capture requires 2 cameras attached to a Raspberry Pi Compute Module, so at the moment I have no way to test it works.

I’m also working on GStreamer stereoscopic handling in general (which is coming along). I look forward to releasing some of that code soon.

 

Planet DebianScott Kitterman: Enabling DNSSEC Support For OpenDKIM

If you are using DNSSEC you can now use it to verify DKIM keys with opendkim.

This does require a bit of configuration.

Opendkim uses unbound for DNSSEC support.

You have to:

  • Install the unbound package (not just the library, which is already pulled in as an opendkim dependency)
  • Configure the DNSSEC trust anchor for unbound ( either in /etc/unbound/unbound.conf or by adding a configuration snippet to /etc/unbound/unbound.conf.d – the latter makes it much less likely you’ll have to resolve conflicts in the configuration file if the default file is changed on later package upgrades)
  • Update /etc/opendkim.conf and add:

ResolverConfiguration     /etc/unbound/unbound.conf

Once that’s done, restart opendkim and your DKIM key queries are DNSSEC protected (you can verify this in your mail logs since opendkim annotates unprotected keys when it logs).

Note:  This should also apply to Ubuntu 14.04, 14.10, and 15.04.

Update: In Wheezy (and Squeeze, at least the version in backports, I didn’t check the release version) and Ubuntu 10.04 (similarly with backports) this was possible too.  The opendkim.conf parameter was called UnboundConfigFile.  You may have to update your local configuration to use the new name when you upgrade.

Sociological ImagesOn Playboy’s New Feminism

I’m going to start this post even though I don’t have an ending.

About a year ago I was asked to start writing for Playboy. The editor said that he was helping to transform the magazine’s website into one that “was a destination for smart writing on sex.” I said that I’d keep the offer in mind but, between you and me, the answer was no.

Around the same time, I heard of some other high-profile feminist writers being invited as well. “Huh,” I thought, “they may actually be serious about this.”

Since then, I’ve ended up on the Playboy website a couple of times, following links by like-minded people who found material they thought was valuable. I’ve been surprised and tentatively impressed. Then, this week there was a flurry of links to a piece by Noah Berlatsky, deftly and smartly analyzing feminist responses to trans woman Laverne Cox’s decision to pose nude for Allure.

The article began with a cropped screenshot of Cox’s photograph featuring her face and de-emphasizing her body and a quote from Cox about the widespread belief that black women and trans women, and especially black trans women, can’t be beautiful.

12

Berlatsky then goes on to discuss the challenges intersectionality poses to feminism, conflicts within feminism about whether trans women count as women, debates over cosmetic surgery and the problem with trying to live up to patriarchal standards of beauty, and whether Cox’s decision to pose naked is degrading. You don’t have to agree with all Berlatsky says to notice that he is no stranger to feminist theory.

Moreover, he seems to look upon Cox’s photograph with a delicate and sensitive gaze, describing what he sees like this:

Cox is not fashion-model-thin. She’s not fashion-model-petite or willowy, either. She has very large hands, which are not hidden, boldly displayed. In the photo, Cox lies on a blanket; her body taut rather than relaxed, her head in one big, strong hand, eyes closed, a slight smile on her face — like she’s a little embarrassed and amused at being embarrassed. She’s voluptuous and awkward and sweet all at once. In her simultaneous enjoyment of and discomfort before the camera, she seems, in the frankly staged pose, startlingly natural — and beautiful.

As I reached the end of the article, I was considering sharing a post from Playboy for the very first time. Then, this happened:

11

That’s a screenshot of a pop-up that arrived on my screen when I reached the end of Berlatsky’s thoughtful, feminist essay. It says: “Enter your email to see a 45-year-old with an amazing booty.” In other words, “Click right now to see a woman still fuckable after 40!” (And here I’m going to just go with the idea that this is sexist, but not engage with the extensive feminist theorizing about pornography.)

This is where I’m at a loss.

Is this what change looks like? Is this what change looks like, specifically, when it comes from inside of an organization? A slow, stuttering shift from misogyny to feminism, replete with missteps and contradictions?

Who’s in charge over there? What is their strategic plan? Are they trying to appropriate feminism? It’s not like they haven’t done it before. What role do they see this feminist discourse playing in a space that’s still so misogynist?

Or is the right hand just not paying attention to what the left hand is doing? Maybe Berlatsky was as surprised by the pop-up as I was, thinking “Come on, guys!” Or do they not think that their pop-up was sexist at all?

And, from a feminist perspective, does this do anyone any good? I don’t mean this rhetorically. I honestly don’t know how to answer that question. And, on the flipside, could this hurt feminist activism?

What say you?

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet Linux AustraliaAndrew McDonnell: Using an i2c RTC with the Carambola2 (or any OpenWRT modified router)

Using i2c with a modded router is simple enough, if you have two spare GPIO then the module package kmod-i2c-gpio-custom allows selected GPIO pins to be bound to SCL and SDA respectively when the module is loaded.

However for inexplicable reasons the ability to bind an i2c RTC module to the Linux hardware clock is disabled by default by the OpenWRT configuration mechanism for ar71xx and other consumer router architectures, and there is no way to turn it on without patching!

Regardless, here is how to use an i2c RTC with the Carambola2 or any other ar71xx architecture router (e.g. WRTnode, etc.)

  • Patch the file target/linux/ar71xx/generic/target.mk as follows:
    -FEATURES += squashfs
    +FEATURES += squashfs +rtc
  • Patch the kernel configuration target/linux/ar71xx/config-3.xx where (xx depends on your version of OpenWRT) as follows:
    +CONFIG_RTC_CLASS=y
    +CONFIG_RTC_DRV_DS1307=m
  • Note: the kernel configuration can be modified via the kernel build system using the command make kernel_menuconfig
  • Note: add other kernel i2c RTC modules as required
  • Add the module to your image:
    CONFIG_RTC_SUPPORT=y
    CONFIG_DEFAULT_RTC_SUPPORT=y
    CONFIG_PACKAGE_kmod-rtc-ds1307=y
  • If you have previously built OpenWRT then remove the tmp/ directory, or the change ‘+rtc’ will be ignored and the DS1307 module will not be included in your image
  • Run make defconfig
  • Build your image: make -j2

If everything worked, then the the file /lib/modules/3.xx…/rtc-ds1307.ko should be in the resulting image

Following is an aggregation of information I was already able to find elsewhere on the net.

  • Ensure that i2c-tools package is installed as well. This may require the ‘oldpackages’ feed.
  • Configure the module as follows by creating a file /etc/modules.d/99gpio-i2c-rtc
  • You can also put this file into files/etc/modules.d/99gpio-i2c-rtc for it to be automatically added to your image
  • Create the following content, where in this example 18 == SDA pin id and 19 == SCL pin id
    i2c-gpio-custom bus0=0,18,19
    rtc-ds1307
  • There are additional arguments controlling delays, etc.; refer to package/kernel/i2c-gpio-custom/src/i2c-gpio-custom.c
  • Create a script, /etc/init.d/rtc-driver to load the device driver and set the time.
    #!/bin/sh /etc/rc.common
    logger "Setup i2c RTC"
    echo ds1307 0x68 > '/sys/class/i2c-dev/i2c-0/device/new_device'
    if hwclock | grep 'Jan' | grep -q 2000 ; then
      logger "RTC appears to have a flat battery..."
    else
      logger "RTC set hwclock"
      hwclock -s
    fi
  • Create a symlink…
    ln -s /etc/init.d/rtc-driver /etc/rc.d/S11rtc-driver
  • Note, if you are running ntp that will take over anyway, but for system with an intermittent or no network connection, or if the network is down on boot, the RTC will provide a better time than 1 Jan 2012 or whatever…

You can test the above out before scripting it by booting the system and manually stepping through:

modprobe i2c-gpio-custom bus0=0,18,19
i2cdetect -l
modprobe rtc-ds1307
echo ds1307 0x68 > '/sys/class/i2c-dev/i2c-0/device/new_device'
hwclock

Enjoy!

PS Dont forget pullup presistors, and take care interfacing between 5V and 3.3V systems and peripherals…

Planet DebianZlatan Todorić: Hell just froze

It's at least an interesting story that Microsoft celebrated Debian release. Once arch enemy of Linux world, now obviously on their knees when they must do such things to sustain their business model. Next stop, Microsoft goes open source, and still nobody cares. Then they go out of business - and no one cares. Maybe they survive as open hardware producer? ^_^

First they ignore you, then they laugh at you, then they fight you, then you win. - Mahatma Gandhi

RacialiciousUnhappy Gilmore: Native American Actors and Activists Protest New Adam Sandler Project

By Arturo R. García

If Adam Sandler thought his brand of “humor” would keep getting a pass in 2015, the past few days have surely disabused him of that notion.

As Indian Country Today Media Network reported, about a dozen Native American actors on his upcoming Netflix film, The Ridiculous Six, abandoned the production over the material.

“We were supposed to be Apache, but it was really stereotypical and we did not look Apache at all. We looked more like Comanche,” said actor Loren Anthony, a Navajo Nation member. “One thing that really offended a lot of people was that there was a female character called Beaver’s breath. One character says ‘Hey, Beaver’s Breath.’ And the Native woman says, ‘How did you know my name?’”

ICTMN also posted video taken on the set from another performer, Goldie Tom, showing actors voicing their concerns to an unidentified producer.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="https://www.youtube.com/embed/NML1FR5NEBs" width="420"></iframe>

“We don’t need to sell out our people,” one actor says in the footage.

“I understand completely,” the producer replies. “But we’re not gonna change ‘Beaver Breath.’”

Defamer’s Jordan Sargent posted excerpts from a version of the script, which featured characters named Sits-On-Face, Never-Wears-Bra and Smoking Fox.

“It’s no surprise, of course, that Adam Sandler has written another movie overflowing with the kinds of jokes that might feel edgy to an 11-year-old who finally understands what sex is,” Sargent observed.

The story quickly picked up traction nationally, blossoming into a rare public blunder for Netflix, which was just coming off the largely-favorable reception for Marvel’s new Daredevil series. And the budding broadcast hub chose to address the issue with a somewhat warmed-over statement.

“The movie has Ridiculous in the title for a reason: because it is ridiculous,” the company stated. “It is a broad satire of Western movies and the stereotypes they popularized, featuring a diverse cast that is not only part of — but in on — the joke.”

While Sandler himself has not weighed in, the chorus of Native Americans supporting the actors has only grown. Natives In America founder Megan Red Shirt-Shaw, a past Racialicious contributor, organized the #NotYourHollywoodIndian tag to rally attention to the incident.

And Netflix itself now faces the prospect of a boycott, as the #WalkOffNetflix campaign is also gaining steam. Online supporters are threatening to abandon the streaming service if it does not cancel Sandler’s project.

Meanwhile, the production staff has reportedly reached out to the actors who left the set, including 74-year-old Choctaw performer David Hill.

“I hope they will listen to us,” said Hill, a member of the American Indian Movement. “We understand this is a comedy, we understand this is humor, but we won’t tolerate disrespect. I told the director if he had talked to a native woman the way they were talked to in this movie — I said I would knock his ass out. This isn’t my first rodeo, if someone doesn’t speak up, no one will.”

The post Unhappy Gilmore: Native American Actors and Activists Protest New Adam Sandler Project appeared first on Racialicious - the intersection of race and pop culture.

CryptogramThe Further Democratization of Stingray

Stingray is the code name for an IMSI-catcher, which is basically a fake cell phone tower sold by Harris Corporation to various law enforcement agencies. (It's actually just one of a series of devices with fish names -- Amberjack is another -- but it's the name used in the media.) What is basically does is trick nearby cell phones into connecting to it. Once that happens, the IMSI-catcher can collect identification and location information of the phones and, in some cases, eavesdrop on phone conversations, text messages, and web browsing. <imsi for="for" identity="Identity" international="International" mobile="Mobile" stands="stands" subscriber="Subscriber">

The use of IMSI-catchers in the US used to be a massive police secret. The FBI is so scared of explaining this capability in public that the agency makes local police sign nondisclosure agreements before using the technique, and has instructed them to lie about their use of it in court. When it seemed possible that local police in Sarasota, Florida, might release documents about Stingray cell phone interception equipment to plaintiffs in civil rights litigation against them, federal marshals seized the documents. More recently, St. Louis police dropped a case rather than talk about the technology in court. And Baltimore police admitted using Stingray over 25,000 times.

The truth is that it's no longer a massive police secret. We now know a lot about IMSI-catchers. And the US government does not have a monopoly over the use of IMSI-catchers. I wrote in Data and Goliath:

There are dozens of these devices scattered around Washington, DC, and the rest of the country run by who-knows-what government or organization. Criminal uses are next.

From the Washington Post:

How rife? Turner and his colleagues assert that their specially outfitted smartphone, called the GSMK CryptoPhone, had detected signs of as many as 18 IMSI catchers in less than two days of driving through the region. A map of these locations, released Wednesday afternoon, looks like a primer on the geography of Washington power, with the surveillance devices reportedly near the White House, the Capitol, foreign embassies and the cluster of federal contractors near Dulles International Airport.

At the RSA Conference last week, Pwnie Express demonstrated their IMSI-catcher detector.

Building your own IMSI-catcher isn't hard or expensive. At Def Con in 2010, researcher Chris Paget demonstrated his homemade IMSI-catcher. The whole thing cost $1,500, which is cheap enough for both criminals and nosy hobbyists.

It's even cheaper and easier now. Anyone with a HackRF software-defined radio card can turn their laptop into an amateur IMSI-catcher. And this is why companies are building detectors into their security monitoring equipment.

Two points here. The first is that the FBI should stop treating Stingray like it's a big secret, so we can start talking about policy.

The second is that we should stop pretending that this capability is exclusive to law enforcement, and recognize that we're all at risk because of it. If we continue to allow our cellular networks to be vulnerable to IMSI-catchers, then we are all vulnerable to any foreign government, criminal, hacker, or hobbyist that builds one. If we instead engineer our cellular networks to be secure against this sort of attack, then we are safe against all those attackers.

Me:

We have one infrastructure. We can't choose a world where the US gets to spy and the Chinese don't. We get to choose a world where everyone can spy, or a world where no one can spy. We can be secure from everyone, or vulnerable to anyone.

Like QUANTUM, we have the choice of building our cellular infrastructure for security or for surveillance. Let's choose security.

EDITED TO ADD (5/2): Here's an IMSI catcher for sale on alibaba.com. At this point, every dictator in the world is using this technology against its own citizens. They're used extensively in China to send SMS spam without paying the telcos any fees. On a Food Network show called Mystery Diners -- episode 108, "Cabin Fever" -- someone used an IMSI catcher to intercept a phone call between two restaurant employees.

The new model of the IMSI catcher from Harris Corporation is called Hailstorm. It has the ability to remotely inject malware into cell phones. Other Harris IMSI-catcher codenames are Kingfish, Gossamer, Triggerfish, Amberjack and Harpoon. The competitor is DRT, made by the Boeing subsidiary Digital Receiver Technology, Inc.

EDITED TO ADD (5/2): Here's an IMSI catcher called Piranha, sold by the Israeli company Rayzone Corp. It claims to work on GSM 2G, 3G, and 4G networks (plus CDMA, of course). The basic Stingray only works on GSM 2G networks, and intercepts phones on the more modern networks by forcing them to downgrade to the 2G protocols. We believe that the more moderm ISMI catchers also work against 3G and 4G networks.

Planet Linux AustraliaBen Martin: Unbrick the NUC

It seems there are many folks with the suspend of death on the NUC. When you suspend to RAM you can't get back. When you disconnect power for a while you can't turn it on again. Welcome to brickland, population: you. I found that following the advice on the forums if I disconnect the CMOS battery for a bit then I could turn on the NUC again.

The downside is that the CMOS battery is installed under the motherboard, so you have to remove the motherboard which is no easy task the first time. Then each subsequent time that the NUC bricks you have to take it apart again to such a great extent.

Luckily I found these extension leads which let me bring out the battery from the case. So hopefully now a debrick isn't going to involve a system teardown anymore.

Worse Than FailureCodeSOD: Universal Printout

Dorian Gray

It had been a long meeting, and Bert was exhausted. Now, normally when a story on TDWTF starts that way, we go on to tell you about a hapless developer trapped in management hell, but this time, we're flipping the script on you: Bert was the Business Analyst on a project to enhance some self-check software for a number of supermarket chains. Ernie, the Software Engineer, was one of those braindead devs who needs everything spelled out before he'll write so much as a line of code, and Bert was much more comfortable with the looser specs in Agile projects.

Since the fourth Requirements Clarification Meeting was dragging on into hour two, Bert was getting a little snippy. So when Ernie asked for clarification on exactly how long a given printout might be, in millimetres, Bert couldn't help himself: he cracked. "Well, potentially infinite, I guess!"

The code Ernie delivered:


 public override SizeF PaperSizeInMM
 {
 get { return new SizeF(110F, float.MaxValue); }
 }
 
 

To put this in perspective: float.MaxValue here is 3.4x10^38 millimetres. This equates to about 11,018,635,432 gigaparsecs. A single parsec is 13 trillion kilometres; a gigaparsec is 1 billion of those. The observable universe is a sphere with a diameter of about 29 gigaparsecs. This author's spellcheck doesn't even recognize gigaparsec as a word!

But it wasn't just silly: it was bug-inducingly silly. On some versions of Windows, this would cause GDI+ to throw up its proverbial hands and emit a "Generic Error", crashing the self-check machine.

Next time, Bert would just rattle off some large number and call it a day...

<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script> <style>code { font-family: Consolas, monospace; }</style>
[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet Linux AustraliaLinux Users of Victoria (LUV) Announce: LUV Main May 2015 Meeting: Performance Co-Pilot / Android Privacy 101

May 5 2015 19:00
May 5 2015 21:00
May 5 2015 19:00
May 5 2015 21:00
Location: 

The Buzzard Lecture Theatre. Evan Burge Building, Trinity College, Melbourne University Main Campus, Parkville.

Speakers:

• Nathan Scott: Performance Co-Pilot
• Paul Fenwick: Android Privacy 101

The Buzzard Lecture Theatre, Evan Burge Building, Trinity College Main Campus Parkville Melways Map: 2B C5

Notes: Trinity College's Main Campus is located off Royal Parade. The Evan Burge Building is located near the Tennis Courts. See our Map of Trinity College. Additional maps of Trinity and the surrounding area (including its relation to the city) can be found at http://www.trinity.unimelb.edu.au/about/location/map

Parking can be found along or near Royal Parade, Grattan Street, Swanston Street and College Crescent. Parking within Trinity College is unfortunately only available to staff.

For those coming via Public Transport, the number 19 tram (North Coburg - City) passes by the main entrance of Trinity College (Get off at Morrah St, Stop 12). This tram departs from the Elizabeth Street tram terminus (Flinders Street end) and goes past Melbourne Central Timetables can be found on-line at:

http://www.metlinkmelbourne.com.au/route/view/725

Before and/or after each meeting those who are interested are welcome to join other members for dinner. We are open to suggestions for a good place to eat near our venue. Maria's on Peel Street in North Melbourne is currently the most popular place to eat after meetings.

LUV would like to acknowledge Red Hat for their help in obtaining the Buzzard Lecture Theatre venue and VPAC for hosting.

Linux Users of Victoria Inc. is an incorporated association, registration number A0040056C.

May 5, 2015 - 19:00

read more

Planet DebianGunnar Wolf: Worthy weekend

(No, I'm not talking about a future Ubuntu release... After all, what kind of weird animal would a weekend be?)

This weekend we took the kids outside for the first time (not counting, of course, visits to the pediatrician). We were quite anxious... Of course, they were born somewhat under weight and at 7½ months of gestation. But this Saturday we feelt adventurous, and took the kids out for a day among people!

It might not sound like a big deal, but... Well, we took a not such beautiful or scenic route: We took them to the supermarket, and had a small lunch out. For the first time in the already two months they have been with us.

Dinner with friends at home, having a very good time, and –as expected– a... Very hard night for us. All that excitement had the babies very nervous.

Today –again, for the first time– we took the children out to visit some friends of ours. Again, it was great, they behaved very nicely, and were lovely all around.

Lets see what this night holds in place for us.

Anyway, with them growing slowly but steadily... We are very happy, thankful parents. For the first time since Regina is with me in Mexico, this time we decided we would not have a birthday party (yes, I'm 30 minutes away from being 39 year old). I cannot imagine a fuller, better celebration than what we are having. This two babies are the real event in our lives.

Oh... And by the way, this weekend also saw the release of a great new Debian release: Debian 8, codenamed Jessie. Thanks, folks, for such a great birthday present ;-) For reasons that should by now be obvious, I wasn't able to go to either of the release parties I knew of in Mexico City (even one of them was ~500m from home!)

Krebs on SecurityWhat’s Your Security Maturity Level?

Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizations that really make cybersecurity a part of their culture and those that merely pay it lip service and do the bare minimum (think ‘15 pieces of flair‘). When the phrase “security maturity” came to mind, I thought for sure I’d conceived of an original idea and catchy phrase.

It turns out this is already a thing. And a really notable thing at that. The graphic below, produced last year by the Enterprise Strategy Group, does a nice job of explaining why some companies just don’t get it when it comes to taking effective measures to manage cyber risks and threats.

SecurityMaturity

Very often, experience is the best teacher here: Data breaches have a funny way of forcing organizations — kicking and screaming — from one vertical column to another in the Security Maturity matrix. Much depends on whether the security professionals in the breached organization have a plan (ideally, in advance of the breach) and the clout for capitalizing on the brief post-breach executive attention on security to ask for changes and resources that can assist the organization in learning from its mistakes and growing.

But the Security Maturity matrix doesn’t just show how things are broken: It also provides a basic roadmap for organizations that wish to change that culture. Perhaps unsurprisingly, entities that are able to manage that transition typically have a leadership that is invested in and interested in making security a core priority. The real trick is engineering ways to influence the leadership, with or without the fleeting momentum offered by a breach.

At last week’s RSA Security Conference in San Francisco, I had a chance to meet up with Demetrios “Laz” Lazarikos, the former chief information security officer at Sears. Now founder of the security consultancy blue-lava.net, Laz spends a great deal of time trying to impress upon his clients the need to take the security maturity model seriously. Here’s his sliding scale, which measures maturity in terms of preparedness and expectations.

Source: Blue Lava

Source: Blue Lava

I like Laz’s models because they’re customized to every organization, breaking down each business unit into its own security maturity score. The abbreviations in the graphic below — SDLC and PMO — stand for “security development life cycle” and “project management office,” respectively. Dark red boxes (marked with a “1”) indicate areas where the organization’s business unit needs the most work.

Source: Blue Lava Consulting

Source: Blue Lava Consulting

Laz’s security maturity hierarchy includes five levels:

  • Level 1 – Information Security processes are unorganized, and may be unstructured. Success is likely to depend on individual efforts and is not considered to be repeatable or scalable. This is because processes would not be sufficiently defined and documented to allow them to be replicated.
  • Level 2 – Information Security efforts are at a repeatable level where basic project management techniques are established and successes can be repeated. This is due to processes being established, defined, and documented.
  • Level 3 – Information Security efforts have greater attention to documentation, standardization, and maintenance support.
  • Level 4 – At this level, an organization monitors and controls its own Information Security processes through data collection and analysis.
  • Level 5 – This is an optimizing level where Information Security processes are constantly being improved through monitoring feedback from existing processes and introducing new processes to better serve the organization’s particular needs.

Where does your organization fit in these models? Are they a useful way for getting a handle on security and increasing maturity within your organization? Has your employer recently moved from one security maturity level to another? If so, tell us what you think prompted that shift? Sound off on these or any other thoughts on this subject in the comments below, please.

Planet DebianRuss Allbery: lbcd 3.5.2

This is a fairly minor patch release of the lbcd daemon, which is a daemon that listens for and responds to a simple UDP protocol to request information about system load. It's used in conjunction with lbnamed for dyanmic DNS, and can also be used as a lightweight way to remotely query load.

The only real change in this version is to support linking with libsystemd instead of libsystemd-daemon, since systemd upstream has merged the various small support libraries into one. I also did my normal merge of changes from C TAP Harness and rra-c-util.

NOTE: This package is actually orphaned. No one else has picked it up, and I still maintain the Debian package, so I went ahead and did a new release with this fix. But I'm not planning on doing any significant work on it, and am happy to hand it off to another maintainer.

You can get the latest release from the lbcd distribution page.

Planet DebianRuss Allbery: rra-c-util 5.7

This release has a somewhat random collection of accumulated fixes.

A couple of them are for the PAM libraries: new support for the Mac OS X PAM implementation, which doesn't use the same options and error codes as the rest of the world. It also uses a different pattern of const declaration, which required some additional Autoconf probing for the fake PAM library for testing.

There are also a few fixes for the systemd probe framework: libsystemd-daemon has been rolled into libsystemd in current versions, and the probe was using $(), which doesn't work on Solaris 10.

The Kerberos Autoconf macros should now hopefully work with the version of Kerberos bundled with Solaris 10.

Finally, this release supports checking for Clang as a compiler and choosing compiler warning flags accordingly, although rra-c-util isn't warning-free with Clang -Weverything yet.

You can get the latest release from the rra-c-util distribution page.

,

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-04-20 to 2015-04-26

Sociological ImagesGender Rolls, Tastes Like Repression!

Thanks to Stuff Mom Never Told You for this fantastic satire!

<iframe frameborder="0" height="326" id="dit-video-embed" scrolling="no" src="http://snagplayer.video.howstuffworks.com/888919/snag-it-player.htm?auto=no" width="580"></iframe>

Thanks to Meredith E. for the tip!

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Rondam RamblingsAT&T update: out of the frying pan, into the fire

An update on our on-going nightmare with AT&T: after two weeks, four technician visits to our house, and I don't know how many phone calls to CSRs and supervisors, they were finally able to get our internet connection back up and running today. That's the good news. The bad news is that somehow they managed to break our phone line in the process.  It was working this morning, but just as the

,

Rondam RamblingsDrawing The Line: making the case for idea-ism

This post has been too long in coming.  I've been busy coding.  (Actually, I've been busy writing documentation, which turns out to be even more time consuming.) A while back I promised commenter Luke that I would answer two questions: 1.  How can reason not be circular? 2.  Why is idea-ism (still searching for a better name) a better basis for morality than Christianity (or anything else for

Sociological ImagesFrequencies in Whisker Forms

At Vox, Phil Edwards dug up and revived an article from the American Journal of Sociology published in 1976. It tracks facial hair trends — or what the author whimsically calls “frequencies in whisker forms” — from 1842 to 1972. He notes, in particular, the overwhelming dominance of the clean face at the time of publication.

This is your image of the week:

8

The original author uses the data to make an argument about the existence of fashion trends. He’s interested, too, in why fashions change and, in like any good sociologist, recommends further research. He does speculate, though, about one possible driver of change: old people. He writes:

…as long as any considerable number of people who have stuck to a superseded form of personal appearance are still living, the young may tend to avoid such a mode as old hat. These distasteful associations seem to be safely overcome only after the passage of a century or more.

His theory holds. If his data is correct, beards disappeared right around 1915. It’s been a hundred years and beards are back!

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet Linux AustraliaChris Samuel: The True Meaning of Myki

Those around Victoria will be familiar with our public transport payment system called “Myki” which has had, shall we say, some teething troubles. It appears this was well known to the Vikings over 1,000 years ago as this list of Old Norse words that made it into English has:

muck – myki (cow dung)

So there you go, Myki is actually Old Norse for bullshit. :-)

This item originally posted here:

The True Meaning of Myki

Planet Linux AustraliaMichael Still: Tuggeranong Trig (again)

The cubs at my local scout group are interested in walking to a trig, but have some interesting constraints around mobility for a couple of their members. I therefore offered to re-walk Tuggeranong Trig in Oxley with an eye out for terrain. I think this walk would be very doable for cubs -- its 650 meters with only about 25 meters of vertical change. The path is also ok for a wheelchair I think.

             

Interactive map for this route.

Tags for this post: blog pictures 20150415-tuggeranong_trig photo canberra bushwalk trig_point
Related posts: Goodwin trig; Big Monks; Narrabundah trig and 16 geocaches; Cooleman and Arawang Trigs; One Tree and Painter; A walk around Mount Stranger

Comment

,

Planet Linux AustraliaDonna Benjamin: Peace and Freedom

Over 1000 women gathered in the Hague in 1915

It's ANZAC day.

It's the 100 year anniversary of a particularly bad battle in Turkey, that has somehow come to represent the apex of Australian and NewZealand glorification of war. Sure, we say it's not glorifying war - but seriously how is this wall to wall coverage not glorification? The coverage in all media over the past week has numbed my senses. Not made me reflect on sacrifice.

All our focus on this one stupid battle? I'd like to put some focus on those efforts to stop the slaughter.

Gallipolli was ultimately a battle lost for the ANZACs.

So too was the attempt by over 1000 women who came together in 1915 to try to stop war. To call for resolutions for peace. To identify and disarm the causes of conflict. If only we could reflect more on that effort.

The Women's International League for Peace and Freedom - http://www.wilpf.org.au/centenary/100years

Image: Screengrab from http://honesthistory.net.au/wp/wp-content/uploads/WILPF_posters_72dpi-FI...

Text in the image says:

As the British army, including Anzacs, is invading Turkey more than 1000 women from both warring and neutral nations meet in The Hague for the International Congress of Women. They set out resolutions for ending all war and resolve to take them immediately to all heads of state in Europe and the USA. They name themselves the International Committee of Women for Permanent Peace.
"I know that the idea that lasting peace can be gained through war is nonsense" - Eleanor Moore

CryptogramFriday Squid Blogging: The Unique Reproductive Habits of the Vampire Squid

Interesting:

While most female squid and octopuses have just one reproductive cycle before they die, vampire squid go through dozens of egg-making cycles in their lifetimes, scientists have found.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Geek FeminismThe Linkspam Agenda (24 April 2015)

There are several pieces on the documentary Code: Debugging the Gender Gap today:

  • When Women Code | The Atlantic: “Whatever the case, the film’s director, Robin Hauser Reynolds, traces how American culture has shaped the perception—perpetuated by men and women—that coding is just for men. She offers a history of the technology industry, and conducts interviews with subjects ranging from the White House chief technology officer to teenage girls who are taking after-school coding classes. I spoke to Reynolds earlier this week about how she approached this sensitive—and sprawling—subject, and what she learned along the way.”
  • “Code” and the Quest for Inclusive Software | The New Yorker: “The result of Reynolds’s inquiries was screened at the Tribeca Film Festival on Sunday, with the première of “Code: Debugging the Gender Gap,” a documentary that aims to make sense of the dearth of women in computer science. “Code” has already received disproportionate amount of attention for a documentary by a relatively unknown filmmaker; Reynolds and her film, which was financed partly through a crowdfunding campaign, had been profiled in a number of major publications well before the première, reflecting the broad interest in the tech industry’s diversity problem.”
  • A New Documentary Nails How Terrible It Is for Women in Tech — and How to Fix It | Arts.Mic: “A documentary like Code can only do so much. Its power, however, is in the incredible women who have found success in tech despite overwhelming odds who speak during the film. Seeing them and seeing their work is a clear sign that no matter how difficult it is to effect change, it’s worth it.”

Other links:

  • LGBTQ – Queer Women In Tech Share Experiences: “‘I’m having a lot of second thoughts about the tech industry being progressive in the last five years,’ Joire says. With the tech boom, she’s seeing a lot more opportunists descending on the scene — some of whom are frustratingly narrow-minded.”
  • Now What? How to Create Fair Companies after the Ellen Pao Verdict | Medium: “Innovation in people practices has lagged behind every other dimension of business. Even in Silicon Valley, tech has been leveraged less when applied to people ops than to product development, financial operations, manufacturing, and sales. It makes no sense, in a world where the purpose of a startup is to upend an established business or an entire industry, that every company has the same boilerplate policy. For an industry built on innovation, tech has shown a remarkable lack of creativity when it comes to tackling issues of culture and people.”
  • Who is Sharla P. Boehm? | The Edtech Curmudgeon: “So there it is – Sharla Boehm wrote the code that demonstrated the feasibility of packed-switched networks. You can look up the original paper that she and Baran wrote, and read every line of code that she wrote and see the actual output from her program.” [that is to say, the code that originally demonstrated the feasibility of the Internet was written by a woman]
  • Lindi Emoungu | Women of Silicon Valley: “The exciting thing about tech is that you can use very powerful tools to solve any problem you can imagine. Technology places an immense amount of power in your hands and in your mind. My advice to girls pursuing a future in tech is not to squander that power in exchange for acceptance. The higher you go, the more you will encounter people who will say all of the right things and never advance you. Don’t slow down for those people. Go fast, work hard, be yourself, trust yourself and you will find the people you are supposed to do great things with.”
  • To Promote Diversity, Apple Increases The Number Of WWDC Scholarships | TechCrunch: “To encourage greater diversity amongst its developer community, Apple announced it’s increasing the number of WWDC scholarships this year which provide students and developers the opportunity to attend Apple’s Worldwide Developers Conference taking place this June in San Francisco. Last year, Apple offered 200 scholarships by working with the National Center for Women & IT (NCWIT). But this year, the company says it has expanded its list of partner STEM organizations to more than 20 and will also increase the number of scholarships offers to 350.”
  • How to Fail at Coming Out Stories in Comics | Bisexual Books: “On April 22, 2015, comics retailers far and wide will be selling copies of All-New X-Men #40, which, spoiler, features the coming out of a major character from Marvel Comics’ original five X-Men (sort of): Bobby Drake, AKA Ice Man. On the one hand, I want to be loud and supportive, and to celebrate this wider diversity. But on the other hand, they do a really, really offensive crap job of it.”
  • So You’ve Been Publicly Scapegoated: Why We Must Speak Out on ‘Call-Out Culture’ | Feministing: “The publication of Jon Ronson’s So You’ve Been Publicly Shamed is the culmination of a recent trend: people of means and privilege engaged in well-remunerated shallow handwringing about “public shaming,” particularly through social media.”
  • Women Startup Competition and TeleSummit | Women Who Tech: “We’re excited to announce the first annual Women Startup Challenge, a crowdfunding competition in partnership with Craig Newmark of craigslist and craigconnects and investors Fred and Joanne Wilson.”
  • What Happens When There Are No Boys in the Room: A Report from Robyn’s Tekla Conference | Pitchfork: “For Robyn, making Tekla girls-only was about seeing ‘what happens when there are no boys in the room—maybe a girl decides that she wants to play the drums, and she wouldn’t if there was a boy there. A different dynamic happens, it frees the situation from some restrictive behaviors for girls. We’re rarely in a girl group when we just allow each other to play around and try stuff.’ She didn’t have a gateway to this arena as a kid, but ‘my parents used to have a theater group and they were on stage a lot, so that became something un-dramatic for me. I think that’s what it’s about—when you develop an interest, it usually comes from an environment that de-dramatizes things. Because then you’re able to find your own entrance into it.'”
  • Houston, We Have A Problem. | RUBY-WAN KENOOBIE: “I’m now at the point where ‘diversity in tech’ has become synonymous with white women. And I’m here to raise the red flag.”
  • Quantifying Silicon Valley’s Diversity Issue | WIRED: “At 27, Tracy Chou has become a leading voice for women in the tech industry by using data to call attention to how few of them are employed as engineers. She is an accomplished coder who had already worked at Facebook, Google, and the question-and-answer site Quora before arriving at Pinterest. And nearly two years ago, she took the simple but provocative step of uploading a spreadsheet—to the code-sharing platform Github, naturally—that companies could use to make public the number of female engineers in their ranks. The goal: to identify the scope of the problem as a first step toward making a stronger commitment to address it.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

CryptogramSigned Copies of Data and Goliath

You can now order signed copies of Data and Goliath from my website.

CryptogramFederal Trade Commissioner Julie Brill on Obscurity

I think this is good:

Obscurity means that personal information isn't readily available to just anyone. It doesn't mean that information is wiped out or even locked up; rather, it means that some combination of factors makes certain types of information relatively hard to find.

Obscurity has always been an important component of privacy. It is a helpful concept because it encapsulates how a broad range of social, economic, and technological changes affects norms and consumer expectations.

TEDStraw into gold: A TED Fellow cultivates mushrooms to fight climate change

Social entrepreneur Trang Tran is teaching Vietnamese farmers how to use rice straw as a substrate in which to grow profitable mushrooms. Photo: Fargreen

Social entrepreneur Trang Tran is teaching Vietnamese farmers how to use rice straw as a material in which to grow profitable mushrooms, helping to reduce greenhouse gas emissions and improve livelihoods. Photo: Fargreen

In agricultural entrepreneur Trang Tran’s native Vietnam, farmers traditionally burn the straw and husks that remain after the rice harvest. This practice happens at least twice a year for two months at a time, releasing noxious smoke and greenhouse gases into the atmosphere. Tran’s solution: using rice straw to cultivate mushrooms. Her social enterprise Fargreen is standardizing the process and teaching farmers how to recycle their own agricultural waste and improve their livelihoods. We asked Tran to tell us about how the idea evolved.

How did you become interested in the burning of rice straw as an environmental problem? Did you come from a farming community?

I’m from a little province called Hà Nam, two hours south of Hanoi, the capital city. My parents are not farmers, but Vietnam is an agricultural country, so everyone is surrounded by rice farms. Even if you live in Hanoi, the nearest farm is only a half an hour away.

Rice straw burning is something that happens every harvest season, and it happens all around us. It’s been done for many years, and it’s considered the most convenient way of getting rid of waste. Straw is perceived as having no value — farmers just want to get it out of the way as soon as possible in order to prepare for the next crop. In Vietnam, 20 to 50 million tons of rice straw are burned annually, releasing greenhouse gases into the atmosphere. Obviously this contributes to climate change, but the more immediate problem is that local people inhale the matter, causing serious health problems in communities — particularly in babies. Poor communities are most affected, and of course they have the least money for health care.

When rice straw is being burned, it’s very smoggy, and it’s hard to breathe. It also blocks visibility. A lot of car accidents happen during harvest season. It’s crazy — whenever I have to travel from my home to Hanoi for work, or come home during harvest season, rice straw is being burned along both sides of the road and it is very dangerous for drivers.

In rice-producing countries, rice straw is often burned on the field in preparation for new crops. Photo:  Scott Gable

In rice-producing countries, rice straw is often burned on the field in preparation for new crops. Photo: Scott Gable

Why is straw burned on roads? Why not just on the field?

The part of the rice plant left in the ground after the harvest is burnt right on the field. But the part left over after threshing is piled by the side of the road. There isn’t much space to store the agricultural waste once it’s been threshed, especially in Northern Vietnam, and roadsides are typically far enough away from houses that the straw can be safely burned. Some people also believe burning straw on the field helps the soil, but it’s actually really damaging because the soil gets drier and drier, and it just gets harder to farm it every year. The straw can’t just be buried because there is too much of it; composting rice straw requires a special technique and takes time. There’s a real need for the farmers to clear the field for the next round of rice cultivation — we plant two crops in Northern Vietnam and three in Southern Vietnam.

How did you come up with the idea to use rice straw to grow mushrooms?

My background is in international development. When I went to get my MBA in Colorado State, I kept thinking about this problem of rice straw waste back home. I had always seen this as an environmental problem, but getting my MBA gave me a way to see the problem differently and find a new way to approach it. My friend Thuy Dao, who was a fellow undergraduate back in Vietnam but in the biotechnology department, shared my fascination. Once I joked with her, “Oh, maybe someday we’ll work together on this problem.” Later, when I was talking to people to find a collaborator, her name popped into my head. So I contacted her and we started doing research.

Of course, we were not the first to tackle this problem. We looked into the various ways other researchers have considered to deal with rice straw. But because we grew up in the community as well as working in development, we could see from the local perspective that the problem is far more complex than just the act of burning. You have to ask, “What is the motivation for farmers? What’s in it for them not to burn?” If there’s nothing in it for them, and burning saves time so they can prepare for their next crop, then you can’t blame them for wanting to continue.

Bales of recycled rice straw are prepared for cultivating mushrooms. Photo: Fargreen

Bales of recycled rice straw are prepared for cultivating mushrooms. Photo: Fargreen

Fargreen grows white button, straw and oyster mushrooms for consumption. Photo: Fargreen

Fargreen grows white button, straw and oyster mushrooms. Photo: Fargreen

So we tried to think a bit differently — what can we offer the farmers that would make it worth it for them not to burn? In between rice seasons, most of the farmers we work with — many of them women — have to travel to the city to find employment. They don’t have skills to compete in the job market, so all they can get in cities are low-level jobs — picking up trash for recycling and so on. If they can stay on their land and cultivate a profitable crop between rice seasons, it would alleviate a lot of hardship.

One day, we discovered in our research that rice straw can be used to grow mushrooms. We saw that it wasn’t very complex, so we bought some spawn, collected some straw to the back of the house and grew a crop.

What were the varieties of mushrooms that you grew?

We grew paddy straw, oysters and white button. Our first harvest was only a few kilograms, but they were so good! At first we hadn’t even realized that the used straw could then be recycled back to the field. But we saw that the straw had turned into really good compost, because the fungi had helped break it down. Nearby farmers said, “Well, if you want to get rid of it, we’d love to get that to the field for you.” We said OK. We also started to experiment with planting potatoes with the used straw — you put the potatoes in soil, and layer the straw over it to provide more nutrients. We got a really good crop.

How did this experiment turn into an enterprise?

I went back to the United States to work on the business model, and thought about the impact we wanted to make and the sustainability of the business. We came up with a satellite business model. If we could get the farmers to grow the mushrooms while we retained control of the quality of the crops, we knew there would be a good market for them. Right now in Vietnam, 80 to 90 percent of mushrooms consumed come from China, but Vietnamese people distrust Chinese produce, worrying about the possibility of contamination by pollutants, chemicals, and so on.

So we thought, if we are completely transparent in how we produce our mushrooms, that would add value. It would mean an opportunity for farmers to increase their income as well. We’re targeting supermarkets and high-end restaurants whose consumers are highly conscious about food safety and quality. Right now, we work with a small group of farmers. Our target is, in seven years, to have hundreds of farmers in our network. When that happens, there’ll be a lot of mushrooms, which we might also be able to export. We’re also experimenting with drying and salting methods.

A Fargreen farmer harvests mushrooms. Photo: Fargreen

A Fargreen farmer harvests mushrooms. Photo: Fargreen

Mushrooms grown on a substrate of rice straw are sorted and weighed before being sold to restaurants and grocery stores. Photo: Fargreen

Mushrooms grown on rice straw are sorted and weighed before being sold to restaurants and grocery stores. Being able to stay home to cultivate profitable mushrooms between rice seasons prevents farmers from traveling to the city to find work. Photo: Fargreen

Is there an existing mushroom cultivation industry in Vietnam?

There is. The majority of the companies producing mushrooms right now use sawdust and cotton as their substrate. We’ll be the first company focusing on using straw to produce mushrooms. We could gather the straw and sell it to mushroom companies that are already in business, but that’s a different business model. We could even open a factory and grow the mushrooms ourselves. But how would we scale up? With this model, we can scale up anywhere. The mushrooms are grown by the farmers themselves, and all we need is a collection center where all the farmers can come and sell the mushrooms.

Regarding contamination, is there a possibility that Vietnamese rice straw itself contains pesticides or fertilizer residues?

You can’t totally avoid pesticides. But we do select which straw to use for our mushroom cultivation, avoiding fields that have been sprayed heavily with pesticides. We are also working on methods to analyze the residue in the straw so we’ll have a more precise indicator. After being collected, the straw gets dried and treated using a natural pasteurization method before it it’s used as a substrate for mushrooms. The process kills unwanted fungi or bacteria and softens the straw. It’s labor-intensive, as it’s done all by hand.

What kind of conditions are needed to grow mushrooms?

It depends on the mushroom that you grow. In general, mushrooms are quite sensitive to their environment, so beside keeping the environment clean to keep mushrooms from being attacked by unwanted fungi, we need to provide them with the right amount of moisture, temperature and sunlight to grow. For example, straw mushrooms like high temperatures and humidity, whereas oyster mushrooms prefer a cooler environment.

We have varied weather, so right now we grow seasonally. But we’re actually looking at building a mushroom house where we can help the fungi thrive in different temperatures and weather conditions, because weather’s changing right now. Vietnam is one of the countries that’s most affected by climate change.

Tran hopes that Fargreen will produce enough mushrooms not only to supply the Vietnamese market, but to export dried and salted mushrooms within seven years. Photo: Fargreen

Tran hopes that Fargreen will produce enough mushrooms not only to supply the Vietnamese market, but to export dried and salted mushrooms within seven years. Photo: Fargreen

A feast of fungi. Photo: Fargreen

A feast of fungi. Photo: Fargreen

Realistically, can mushroom cultivation take care of the rice straw problem in Vietnam? Can each farmer get rid of all of his rice straw growing mushrooms?

I think it’s possible, yes. We have a very flexible model where right now most of the straw can be used for mushroom cultivation, and the used straw can be mixed with additional straw waste after mushroom cultivation to quickly create useful compost. Each farmer has, on average, a four-acre farm, so they only produce a few tons of straw per year. Fargreen’s few farmers have so far collectively saved 10 tons of straw from being burned – which is the  equivalent of 10 tons of greenhouse gases.

What motivates you to do this work?

I grew up naturally aware of environmental conditions and how they affect life. My parents used to sell fresh homemade food in the local market, and because we didn’t have a fridge back then, my mom had to pay very close attention to the weather forecast to plan the amount of food they would prepare to take to the market. If it was a rainy day, nobody would want to stop by their kiosk in the market to buy their food, and that meant we’d have to throw the leftovers away.

There’s also a big river running behind the back of my home in Ha Nam. It used to be such a beautiful sweet river, and my dad used to carry me on his back across it in summers, when I was small. But as I grew up, I observed how the weather patterns in my country have changed over time. There are a lot of unexpected storms, floods and droughts — and that has changed the river.

But the main thing is that I want to improve the lives of Vietnamese farmers in a sustainable way. As I traveled doing development work, I noticed that the poor people were the ones who — like my parents in the old days — suffered the most from changes in weather patterns. Ours is a very agricultural country. Yet people in the farming industry are among the poorest. So to take Vietnam to the next level, we have to focus on our farmers.

Any plans to take Fargreen to other rice-producing countries?

Yes. As soon as we validate Fargreen in Vietnam and build the brand, we would love to franchise in other countries, because our neighbors are struggling with this problem, too. We think it will be a very attractive opportunity for farmers who want to diversify their income, and we hope to get environmentalists on board, too.

We hope that one day, we can also focus on making biofertilizer out of the straw waste after mushroom cultivation, which will help create organic farmers. So there will be more after mushrooms. For me, the goal is to prove that businesses can do well by doing good, that you can build prosperous and sustainable farming communities, prioritize the environment and still create a successful enterprise. That’s why we called it Fargreen — going far by going green.


Sociological ImagesA Sociology of Dirt and Disorder

Flashback Friday.

Beautiful:2 (1)

Disgusting:10

Dirt:15

Soil:16

In the classic book, Purity and Danger (1966), Mary Douglas points to the social construction of dirt. She writes:

There is no such thing as absolute dirt: it exists in the eye of the beholder.

If dirt and dirtiness is socially constructed, what do things we identify as dirt, filth, rubbish, and refuse have in common?

Douglas suggests that dirt is really a matter of disorganization. Literally, that a thing becomes dirt or garbage when it is out-of-place. “Dirt,” she writes, “offends against order.”

Eliminating it is not a negative movement, but a positive effort to organise the environment.

I chose the images above to try and illustrate this idea. Hair in the drain, like dirt on our hands, is out-of-place. It doesn’t belong there. In both cases, our reaction is disgust. Hair on the head, in contrast, is beautiful and becoming, while dirt outside is life-giving soil and part of the beauty of nature.

Images royalty free from Getty. Originally posted in 2009.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

CryptogramThe Further Democratization of QUANTUM

From my book Data and Goliath:

...when I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection­ -- basically, a technology that allows the agency to hack into computers. Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well. All of these existed before I wrote about QUANTUM. By using its knowledge to attack others rather than to build up the Internet's defenses, the NSA has worked to ensure that anyone can use packet injection to hack into computers.

And that's true. China's Great Cannon uses QUANTUM. The ability to inject packets into the backbone is a powerful attack technology, and one that is increasingly being used by different attackers.

I continued:

Even when technologies are developed inside the NSA, they don't remain exclusive for long. Today's top-secret programs become tomorrow's PhD theses and the next day's hacker tools.

I could have continued with "and the next day's homework assignment," because Michalis Polychronakis at Stony Book University has just assigned building a rudimentary QUANTUM tool as a homework assignment. It's basically sniff, regexp match, swap sip/sport/dip/dport/syn/ack, set ack and push flags, and add the payload to create the malicious reply. Shouldn't take more than a few hours to get it working. Of course, it would take a lot more to make it as sophisticated and robust as what the NSA and China have at their disposal, but the moral is that the tool is now in the hands of anyone who wants it. We need to make the Internet secure against this kind of attack instead of pretending that only the "good guys" can use it effectively.

End-to-end encryption is the solution. Nicholas Weaver wrote:

The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary.

Encryption doesn't just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.

There are many engineering and logistic difficulties involved in encrypting all traffic on the internet, but its one we must overcome if we are to defend ourselves from the entities that have weaponized the backbone.

Yes.

And this is true in general. We have one network in the world today. Either we build our communications infrastructure for surveillance, or we build it for security. Either everyone gets to spy, or no one gets to spy. That's our choice, with the Internet, with cell phone networks, with everything.

Worse Than FailureError'd: The Answer to this Question is WTF?!

"For a site that is used to view pay stubs, you'd think that they'd come up with better security questions," Carter K. wrote.

 

Shelly writes, "I'm not sure exactly how much I'd be paying at checkout with the Disney Premium Visa, but just to be safe, I think I'll use my Discover Card instead."

 

"Once you make it past the front doors of the retirement home where my friend's mother lives, you'll be faced with this layer of security," writes David N..

 

"We all know freemium games have a way to make you pay to avoid waiting. This will be a hard one to avoid for even the most patient ones among us - 2000 years?" writes Maarten.

 

"I just had to look and see this huge discount in my cart while searching for a new Logitech remote," Jeff T. wrote.

 

"I'm so glad that not every piece of software alerts me when there's no error, like iTunes does. I'd be clicking 'OK' all day," Daryl D. writes.

 

Gaelan S. wrote, "Does this mean I don't have to wash it?"

 

"I just wanted to resize a picture in Microsoft Word for a report,"Tyrone S. writes, "I guess I could try writing my report in Excel instead because it is better with numbers and math and stuff."

 

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

RacialiciousRacialicious In Chicago: A C2E2 Preview

I’ve never been to C2E2 before and know very little about what to expect– beyond the fact that there is a Brony fan meetup that I will be doing my utmost to avoid. Luckily, C2E2 also features a decently sized list of other panels and screenings that deal with race, gender, sexuality, fandom, and all the intersectionalities between them. I’ll only be attending the con Saturday and Sunday, so I won’t have time to see everything (and I’m incredibly sad to be missing Friday’s Racebending.com panel!), but I’ll be livetweeting as many panels as one person can reasonably make.

Last year in San Diego Arturo managed to profile quite a few artists and writers of colour during our time at the con. Reaching out to me @wriglied or via the team@racialicious.com email could yeild the same results, if  you’re a creator of colour who’d like to meet and chat about your work on Saturday or Sunday. Drop me a line, I’ll find your booth. And if you’re just a reader who just wants to say hi, don’t be shy! I won’t be in costume, but there’s a good chance you’ll see me at any of the Saturday or Sunday panels listed below.

FRIDAY

Through Brightest Days And Blackest Nights — A Black Nerd Girl’s Journey: 5:30-6:30; S405b: This is no longer Heinlein’s Nerdom. The white-skinned, flowing haired Damsel in Distress is more likely to be the dark-skinned, kinky haired Reluctant Hero. The chiseled, blue-eyed avatar is more likely to have brown eyes and rounded features. As the Geekverse grows, so do representations of black women within it. Unfortunately, black women still face many barriers towards being accepted as “real nerds.” Our discussion will focus on the past, present and future of the black nerd girl and her place in the ‘Verse. This Panel is sponsored in part by the Chicago Nerd Social Club.

Racebending.com Presents: Creating Diverse Characters: 2:45-3:45; S403: Racebending.com presents a diverse array of Novelists, Playwrights, Editors and Comics Authors who have crafted equally diverse characters across those mediums. Featuring Babs Tarr, Wesley Chu, Michi Trota, Mary Robinette Kowal, Gabrial Canada, Professor Turtel Onli and Danny Bernardo.

SATURDAY

From the Top Down: Creating Space for Diverse Voices: 2:45-3:45; S403: The desire for wider representation in geek culture has never been higher, but Artists and Creators aren’t the only ones who bear responsibility for creating more diverse work. This Panel will explore the role of traditional gatekeepers – Editors, Publishers and other media Professionals – in promoting greater visibility for minority Creators and different perspectives, whether you’re creating an anthology, choosing Guests for a Podcast or Panel or searching for new Writers and Artists. Panel sponsored in part by the Chicago Nerd Social Club.

Yellow Fever, Yellow Peril and the Yellow Ranger: Asian Americans in Geek Culture & History: 4:00-5:00; S405A: From otaku Fan culture to the myth of the “model minority,” there’s a rising interest in, enthusiasm for and host of assumptions about Asian Americans in geek culture. How have Asian Americans been represented in popular culture? What effect does this have on Creators and Fans? How does one’s ethnic identity affect the art we create and the way we consume it? Join Asian American Comic Writers, Geek Enthusiasts, Bloggers and Musicians for an interactive discussion on Asian Americans in geek history. Panel sponsored in part by the Chicago Nerd Social Club.

Hip-Hop & Comics: Cultures Combining: 7:15-8:15; S404: Hip-Hop and comics reflect each other in many ways – graffiti and album covers incorporate superheroic imagery, Rappers adopt secret identities and grandiose aliases, Writers base their characters in urban settings and Artists draw on Hip-Hop’s rich visual vocabulary. Here, Patrick A. Reed (of Depth Of Field Magazine and ComicsAlliance) brings together Graphic Artists and musical luminaries to discuss the deep ties between these two creative cultures.

SUNDAY

Coming Out Cosplay – LGBT Community Panel: 1:30-2:30; S405B: Alexa Heart, a transgender cosplay model, will discuss her decision to transition with the support of the cosplay and geek communities. She’ll cover the obstacles she’s faced and how she has used these challenges to help push for equality for everyone in the geek community and beyond.

The post Racialicious In Chicago: A C2E2 Preview appeared first on Racialicious - the intersection of race and pop culture.