Planet Russell


Worse Than FailureRepresentative Line: The Validation Regex

Regular expressions are a powerful tool for validating inputs, but what if your input is itself a regular expression? Is there a regular expression that can validate regular expressions?

Well, yes, if your regular expression engine supports recursion: /^((?:(?:[^?+*{}()[\]\\|]+|\\.|\[(?:\^?\\.|\^[^\\]|[^\\^])(?:[^\]\\]+|\\.)*\]|\((?:\?[:=!]|\?<[=!]|\?>)?(?1)??\)|\(\?(?:R|[+-]?\d+)\))(?:(?:[?+*]|\{\d+(?:,\d*)?\})[?+]?)?|\|)*)$/.

Today’s Representative Line (which is more than a single line) comes from Ryan S, who found an implementation of isValidRegex which is perhaps a bit more elegant:

	public static bool isValidRegEx(string value)
            // intent is to block empty strings from being accepted
            return !string.IsNullOrEmpty(value);

You might be thinking, “That doesn’t validate anything at all!”, but at least it doesn’t summon dread Cthulhu from R’gexyleh. I count that as a win.

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

TEDOrganizing principles: Notes from Session 5 of TEDSummit

Do we have the vision and the energy to confront seemingly impossible problems — like predatory corporations, political deadlock, the wasted potential of millions of refugees? Session 5 rounded up people who are jumping right in.

A call to action on fossil fuels. Costa Rica, climate advocate Monica Araya’s native country,  gets almost 100 percent of its electricity from renewable sources, including hydropower, geothermal and solar. It started with the country’s bold decision to abolish its military in 1948. Investing that money in social spending created stability, which gave Costa Rica the freedom to explore alternative energy options. But it’s no utopia, Aaraya explains, because fossil fuels are still used for the country’s transportation systems — systems that are gridlocked and crumbling. Going forward, she urges the next generation to form coalitions of citizens, corporations and clean energy champions to get Costa Rica off fossil fuels completely and commit clean energy in all sectors.

Photo by Ryan Lash/TED.

Monica Araya suggests that the future of alternative energy is in places like her home, Costa Rica. Photo by Ryan Lash/TED.

There are reasons to hope. Across the world, there are true signs of progress, despite the media’s constant drone of doom and gloom in their headlines. Global affairs thinker Jonathan Tepperman has seen it with his own eyes in three countries: Canada, Indonesia and Mexico. In each country, Tepperman examines their historical trajectory and transformation into places of societal advancement and inclusivity — drawing a common thread that connects them all. Within their borders, these nations have embraced the extreme in times of existential peril, found power in promiscuous, open-minded thinking and exercised compromise to its fullest extent. “The real obstacle is not ability and it’s not circumstances,” says Tepperman. “It’s much simpler: Making big changes involves taking big risks, and taking big risks is scary. Overcoming that fear requires guts.”

Online education for all. Imagine a world where every refugee has access to a free higher education, anywhere, at anytime. Although this may seem unbelievable, this is Shai Reshefs dream, and so far he has already made progress towards achieving it. Soon, the University of the People, founded by Reshef, will admit 500 Syrian refugees at no cost to them. University of the People is an online education platform that he believes will make this goal not only accessible and affordable but also replicable and scalable across the world. Despite the return on investment for education being incredibly high, currently refugees are 10% likely to receive higher education in their host countries. Beyond increasing this dismal statistic, Reshef hopes his institution will be able to help refugees with the lack of legal identification often holding them back, and eventually facilitate their transfer into local universities. Right now, 250 additional students are slated to be enrolled in the coming months and eventually they hope to sustain 12,000. Reshef wants to create an entire program ran by refugees for other refugees, proving that higher education need not exclude anyone, because as Reshef says “online, everyone gets a front row seat.”

Photo by Ryan Lash/TED.

Pavan Sukhdev says: While the backbone of our global economy is the corporation, we’ve evolved corporate systems that ruthlessly drain public benefits for private gain.  Photo by Ryan Lash/TED.

A new company for a new economy. “The last two and a half decades have seen scientists, economists, and politicians say again and again and more and more often that we need to change economic direction. we need a green economy, a circular economy. Despite all that agreement, we are still hurtling towards planetary boundaries.” To understand why, we need to ask an important question: can the corporations of today deliver the economy of tomorrow? According to environmental economist Pavan Sukhdev, the answer is no. That’s because today’s business as usual creates huge public costs to generate private profits — “this is the biggest free lunch in the history of mankind.” The good news? There are micro-solutions and if we follow them, we can evolve a new type of corporation whose goals are aligned with society rather than at its expense.

Who is making the decisions that increasingly govern our lives? What we see and then think? What we think and then do? The questions isn’t who — it’s what. And the answer is the increasingly powerful algorithms employed by entities  from Facebook to human resources departments to prison sentencing boards. It’s a problem that troubles sociologist Zeynep Tufekci, who explains that the complex way that algorithms grow and improve — through  a semi-autonomous form of computing called machine learning, which evolved from pattern recognition and prediction software — makes them hard to see through and hard to steer effectively. “What safeguards do you have that your black box isn’t doing something shady?” wonders Tufekci. Making things worse, companies are very protective of their secret recipes for algorithms, so it’s almost impossible to gauge how objective they really are — but given that they’re only as unbiased as the data they are fed, that doesn’t sound like a recipe for fairness.

Photo by Bret Hartman/TED.

As AIs learn to learn, there’s a point where, says Sam Harris, they might outstrip our own intelligence. Photo by Bret Hartman/TED.

Scared of AI? You should be. Regardless of whether or not you’re afraid of Artificial Intelligence, Sam Harris wants you to be more afraid. He believes that we are culturally “unable to marshall an appropriate emotional response to the dangers that lay ahead.” Although it may seem alarming, Harris is not imagining a dystopian terminator future straight out of science fiction. Rather, his fear is based on three rational assumptions: 1. Intelligence is a matter of information processing information through physical systems, 2. We will continue to improve our intelligent machines, and 3. We as humans do not rank anywhere close to the possible apex of intelligent life. The eventual existence of a hyper intelligent machine is undeniable and when our goals and the machine’s inevitably differ, these superior machines will waste no time disposing of any thing standing between them and their objective. Due to the immense havoc these innovations are capable of wreaking, Harris urges that the time to begin tackling the ethics of AI is now, regardless of how far away it may seem. Because we only have one shot at getting the initial conditions right and we better make sure they’re conditions we can live with.  

Humility in the face of fear. In a vulnerable, striking and meditative move, author Anand Giridharadas read “A letter to the other half” to the TEDSummit audience. Penned just days before the conference, it reflected Giridharadas’ regret over ignoring the legitimate struggles and instability of a people enraged over a changing globalized world — echoing events such as Brexit and the rise of Donald Trump.

Unsubscribe. Comedian James Veitch wrapped up session 5, turning his frustrations into whimsy and amusement when his local supermarket refused to take him off their email list, despite numerous attempts on his end. The hijinks that ensues is an entertaining and priceless venture into the world of online customer care.

TEDLetter to the other half: Anand Giridharadas at TEDSummit

Photo by Ryan Lash/TED.

Photo by Ryan Lash/TED.

Writer Anand Giridharadas has come to TEDSummit to share an open letter to his fellow citizens. Invited by curator Bruno Giussani to address the dismay and confusion many have felt in the week after the Brexit vote result in the UK, the American writer and journalist lays out a vision that is as honest as it is poetic.

“I write to you because at present this quaking world we share scares me. I gather it scares you too,” he said, as he stood stock still in the center of TED’s red circle, as the audience listened, spellbound. “Some of what we fear, I suspect, we fear in common. But much of what we fear seems to be each other. You fear the world I want to live in, and I fear your visions in turn.”

With that, Giridharadas was off and running, describing the malaise and worry that so many feel, acknowledging that so many, in fact, have not enjoyed the benefits of increasingly global societies. Be that in Texas or South Dakota, in Greece or Japan, the quality of life for many has changed dramatically and for the worse … and yet too often the privileged elites such as Giridharadas and his ilk have failed to acknowledge this reality. “I heard that the fabric of your life was tearing. You used to be able to count on work and now you couldn’t. You used to be able to nourish your children and guarantee they would climb a little bit further in life than you had, and now you couldn’t. You used to be made to feel dignity in your work and now you didn’t. It used to be normal for people like you to own a home, and now it wasn’t,” he says, adding, “I heard all these things but I didn’t listen. I looked but didn’t see. I read but didn’t understand. I paid attention only when you began to vote and shout.”

And Giridharadas has a confession to make. Because here’s the thing. Not only was attention not paid until votes and the shouts made their presence felt, but in a way, attention was not granted because it was not deemed deserved. And while he will not accept that old privileges should remain, he does allow that empathy is key and has been missing. “I will admit, fellow citizen, that I have discounted the burden of coping with the loss of status. I had forgotten that what is socially necessary can be personally grueling.”

Globalism has been an inexorable force, and it has simply not been beneficial for all. What some dubbed “flexibility and freedom” was another person’s volatile pay, erratic hours and vanishing opportunities. But by using the terminology of increased interdependence, through the profligate use of terms such as “sharing economy,” “disruption,” or “global resource,” he admits that “I see what I was really doing at times was buying your pain on the cheap, sprucing it up and trying to sell it back to you as freedom.”

So. What’s the solution? Is there one? Sure. It won’t be pretty, it certainly won’t be easy, but the only way is through. “What we are doing, me with my marketplace, you with democracy, me with a fixation on disruption, you with a yearning for stability, is trying to survive by going around each other. If this goes on, there may be blood.” There’s still time for redemption, but it won’t come cheap. “This will take more. This will take accepting we both made choices to be here.”

But perhaps with this joint acknowledgement, both sides can help each other — and approach one another again. “You can help me to remember the vitality of belonging. I can help you to cope with change,” says Giridharadas. “If there is hope to summon in this ominous hour, it is this. We have for too long chased various shimmering dreams at the cost of attention to the foundational dream of each other.” It is time to tend to each other’s dreams once more, to unleash each others’ wonders and move through history together. “Let us start there,” he concludes.

TEDThe deciders: Zeynep Tufekci at TEDSummit

Photo by Bret Hartman/TED.

Zeynep Tufekci looks at our growing use of machine learning in everyday tasks — and asks us to examine the hidden bias (and even artificial stupidity) that AI may bring in its wake. Photo by Bret Hartman/TED.

Who would have thought when you left those high school math problems behind that you would one day be encountering algorithms on a daily basis? Zeynep Tufekci might have guessed; now an assistant professor at the University of North Carolina’s School of Information, Tufekci’s first job as a teenager was as a computer programmer. So it’s no surprise that she is way more adept at decrypting the confusing and often misleading worlds of social media than most of us.

And while she’s perfectly comfortable to hold forth on exactly Facebook’s algorithm does, what troubles her more are the next generation of algorithms even more powerful and ominous. “There are computational systems that can suss out emotional states — even lying — from processing human faces, “ she says. “They are developing cars that could decide who to run over.”

If that sounds a bit dramatic, Tufekci is quick to caution that most machine learning systems won’t crash through walls like killer cars, but be invited in, like friends who can solve problems.

“We are now asking questions of computation that have no single right answers, like, ‘Who should our company hire?’ or ‘Which convict is more likely to re-offend?’ But we have no benchmarks for how to make decisions about messy human affairs.”

Still, that hasn’t stopped software companies from trying, fine-tuning and turbo-charging algorithms to take more and more data into account to deliver more and more answers. In traditional programming, a system is given a series of static commands and computes the answer. Modern algorithms are driven by so-called machine learning, an approach to computing that evolved from pattern recognition and prediction software. With machine learning, a system calculates its results by churning through and “learning from” loads of data — but how those results are arrived at could well be a mystery even to those who defined the task parameters.

“In the past decade, complex algorithms have made great strides,” says Tufekci. “They can recognize human faces. they can decipher handwriting. The downside is we don’t really understand what the system learned. In fact, that’s its power.”

The idea of a company or college using an advanced algorithm to sort through mountains of job or school applicants is exactly the kind of thing that worries the Turkish-born technosociologist. “Hiring in a gender- and race-blind way certainly sounds good to me,” she says. “But these computational systems can infer all sorts of things about you from your digital crumbs, even if you did not disclose these things.”

Among the inferences computers can make even without an explicit mention: sexual preference, political leaning, ethnic background, social class and more. “What safeguards do you have that your black box isn’t doing something shady? What if [your hiring algorithm] is weeding out women most likely to be pregnant in the next year? With machine learning, there is no variable labeled ‘higher risk of pregnancy.’ So not only do you not know what your system is selecting on, you don’t even know where to look to find out.”

Tufekci is not a Luddite, though — far from it. “Such a system may even be less biased than human managers,” she points out. “And it could well make good monetary sense as well.  But is this the kind of society we want to build without even knowing we’ve done it? Because we’ve turned decision making over to machines we don’t totally understand?”

Machine learning doesn’t begin from a place of purposeful intention like traditional programming — it’s driven by data, which in and of itself can have a bias. One system that’s used by American courts in parole and sentencing decisions was scrutinized by ProPublica, which audited the algorithm. “They found it was wrongly labeling black defendants at twice the rate as white defendants.”

As another data point: When the story of the civil rights protests in Ferguson, Missouri, exploded in 2014, she saw it on her Twitter feed — which was not filtered algorithmically. But on the filtered Facebook? Not so much. “The story of Ferguson wasn’t algorithm friendly — it’s not Like-able,” she says. “Instead, that week Facebook’s algorithms highlighted the ALS ice-bucket challenge.” A wet t-shirt parade in the name of charity? Who wouldn’t click on that?

The decision is ours –but only if we can decide we want to make it. The more we surrender that choice, the more knowledge and power we surrender of the world around us.

Sky CroeserWeb presence 2: dad-bods, activism, and pizza

1: ab hancer – “get a six pack in seconds – you don’t need to work out to get hot abs”. Audience: middle-aged dads. Marketing ab hancers on Facebook, Twitter, and maybe spam email. Suggestion: perhaps reconsider sending spam email!

2: Community group about awareness and acceptance of your and other heritages. Project Heritage. Spreading this through Instagram mainly, with a target audience of younger people. Personal stories along with a photo. Online personalities like YouTubers and refugee support groups. Suggestion: this sounds great! Just consider how you’ll manage cross-promotion (sharing content across accounts, and getting the celebrities you’re working with to share your campaign), and perhaps have someone in mind to moderate comments.

3: Education for children in offshore asylum centres – “Refugee children are still children and they have a right to education”. Facebook and Twitter, mainly aiming at the younger generation. Spreading awareness through schools, connecting with online communities. Suggestion: The idea of connecting with specific schools is a good one – you might think about how you can get local communities to send support (including books and other learning resources) to children in detention.

4: “Back to Basics” – pro-organic food movement. Audience – young parents, pregnant women, people who go to farmer’s markets. Instagram, Snapchat, and Facebook. Snapchat for a daily reminder, Instagram for food bloggers and health and fitness accounts. Suggestion: consider how you might differentiate your campaign from other similar campaigns.

5: Political campaign to increase the demand for organic food – an unhealthy food tax, with the money from that being used for healthy food. Advertising it through Facebook and Instagram to reach young audiences. Suggestion: telling young people that the food they like will be taxed more might be a hard sell – consider how you’ll make this message more positive.

6: Encouraging people to download the app to ‘hit the A button’. Ads on Spotify. Suggestion: develop your idea in more detail, consider using independent music platforms like Bandcamp.

7: Budget pizza business: “budget pizza any time any place (in Perth)”. Yelp, Google Plus (for reviews), Twitter to advertise discounts. Suggestion: consider developing the personality of your brand online to help it stand out from the competition.

Planet DebianSean Whitton: bucheontimestop

This summer I’m living in a flat five minutes walk from Bucheon station, near Seoul. Today there is a threat of rain and it’s very humid, which tends to make one feel that time has stopped: it’s as if everyone and everything is waiting for the rain to fall before getting on with their lives. There are two other reasons why one might think that time has stopped. There is a household goods shop outside the station that has a poster up which says “last day of business”, but of course it says this every day. A few weeks ago it said “last three days of business” instead, but they must have decided that was starting to look implausible or something. They do various things to look like they’re struggling to get rid of their wares. The other day they just piled everying up in a huge pile on the street outside the shop. They have a guy with a megaphone shouting all day about how cheap everything is in an urgent tone.

The other reason to think time has stopped is that “today’s coffee” in Starbucks is always the same coffee. On the little blackboard that all Starbucks branches have they have written: “now brewing: hot: iced coffee blend. iced: iced coffee blend.” Every time I order a cup of today’s coffee I have to wait five minutes while they actually brew it because it seems like no-one else is ordering it. And it tastes exactly the same as yesterday’s coffee.

Sky CroeserWeb presence workshop 1: activism, support, and volcano sacrifices

Today I ran a couple of short workshops for students visiting Curtin. They developed a digital strategy for their campaign, business, or organisation, and presented their plan in lightning talks. Here’s some brief feedback:

1 The cool kids club: addressing parents and children. Ads, website forums, FB page. Asking people to post positive reviews. Suggestion: you need to think carefully about issues around privacy – how will you create a safe space for people to talk without being identified?

2: “You can help”: messages to friends of teenagers with mental illnesses. Mainly using FB. Suggestion: again, consider how you’ll manage privacy and moderation – how will you help make this a safe space?

3: Racial representation in performing arts. Looking at colour casting, stigma around casting PoC in movies, musicals, etc. Worked together as a community that puts on plays with colour-blind casting. Tumblr, crowdfunding, Twitter for announcements, use tags to gather community around the organisation. Suggestion: this is an excellent idea, and you’ve thought carefully for strategies linking local productions with a broader community. Just be aware that you may need to engage in careful moderation of some of the platforms you’re using (which could be a place to ask allies to provide support).

4: New religion: ‘despair’. Mission is to sacrifice children to a volcano. Snapchat and Tumblr to spread our message due to their passionate approach. Audience: the elderly and those over 16, as they’re safe from sacrifice. One issue to consider: a potential mismatch between your chosen platforms and your key audience. Maybe consider a TV slot to inform the elderly about the exciting potential of your religion!

5: Gun control in the US: key communities – general public and young adults, Facebook and Tumblr and Twitter. A suggestion: consider how you’ll differentiate yourself from other similar campaigns – how will you build on and expand their work?

6: Recognition in the Australian Constitution: broad range of audiences. Instagram and Facebook, TV shows and Facebook for the older generation. Suggestion: think careful about how to centre Indigenous analysis and voices.

7: Political organisation, The Blues, for conserving water: through Facebook, Tumblr, and Twitter because of their passion. Suggestion: think about how you’ll connect with local communities and councils.

TEDForest for the trees: Suzanne Simard at TEDSummit

Photo by Bret Hartman/TED.

Forest ecologist Suzanne Simard examines the unseen relationship between trees in a forest. Photo by Bret Hartman/TED.

Have you ever stood among the trees — those tall, stoic, magnificent plants — listening to their leaves rustle in the wind and imagined quietly to yourself that they’re communicating in some way? Perhaps in whispers, or hushed voices?

It turns out that your imagination isn’t at wild as you might believe; Trees do, in fact, talk.

However, as forest ecologist Suzanne Simard discovered through her research, this communication happens not in the air but deep below our feet in an incredibly dense, complex network of roots and chemical signals.

“Trees are the foundation of a forest, but a forest is much more than what you see,” says Simard. “Underground, there is this “other” other world of infinite biological pathways that connect trees and allow them to communicate.”

Using 80 replicas of trees (birch, Douglas firs and other species), Simard observed the amazing interactions between different clusters of trees, noting that their relationships were dependent on factors such as proximity and how much shade they received on a given day. She found that trees were not competing but collaborating, sending things like carbon, water, nitrogen, phosphorus and even distress signals throughout their group as needed.

“The great thing about forests,” says Simard, “is that as complex systems, they have an enormous capacity to self-heal.”

One of the most incredible, visceral facts that Simard unearthed was the role of “mother” trees in these ecological communities. These more mature trees acts as hubs or anchors for tree groupings, and look after their families, nurturing seedlings and even sharing wisdom when they are injured or dying.

“In a single forest, a mother tree may be connected to hundreds of other trees,” she says.

On the TEDSummit stage, Simard shared her life’s work, this monumental evidence that may hopefully change some decision-making behind our terrible forest-clearing habits and instill in us the idea that, like humans and most living things, trees build families, form relationships and thrive best when surrounded by a diverse community of species and genotypes.

“You can take out one or two hub trees, but there’s a tipping point,” says Simard. “You take out one too many and the whole system collapses.”

To protect of forests, their livelihoods, and ultimately ours, we must reconnect with nature and save our old-growth forests, to regenerate and reinforce their strength as they deal with ever-looming threat of climate change.

TEDI am British: Alexander Betts at TEDSummit

“I am British.” Alexander Betts says this, and pauses. “Never before has the phrase ‘I am British’ elicited so much pity.”

Betts is here to talk about the June 24 Brexit vote — in which 52% of UK voters expressed their wish that their country leave the European Union. It’s a move that divided the country along almost every fault line, he says: “Everybody was blaming everybody else. People blamed the prime minister for calling the referendum in the first place. The young accused the old, the educated blamed the less well educated.” Worse, he reports seeing “levels of xenophobia and racist abuse in the streets of Britain at a level that I have never seen before in my lifetime.”

Now, one week past the shock and the meltdown, Betts asks the big question:  Should we actually have been shocked by this?

Photo by Bret Hartman/TED.

The map of the UK, on the screen behind Alexander Betts, shows how the Brexit vote went down — blue to stay, and red to leave. Photo by Bret Hartman/TED.

The vote split along lines of age, education, class and geography. But Betts contends that, at bottom, the vote is about an unexamined divide: “those that embrace globalization and those that fear globalization.” He suggests that the Leave vote is a big clue that globalization — the vision of an interconnected, tolerant world, where trade, money and people are free to move — is not working for many people, and baffling to many others. This, in turn, produces fear, alienation, a sense that the country’s leadership isn’t actually speaking for them. And when globalization’s rhetoric of growth and possibility doesn’t resonate, what does, Betts says, is a populist rhetoric of nationalism and separatism, a “post-factual” politics of fear and hatred.

“The challenge that comes from that,” Betts says, “is that we need to find a new way to narrate globalization.” As a case in point, some of the people who voted most strongly against the EU were paradoxically those who were most dependent on EU trade (see chart below). Governments, media and elites are simply not telling the story of how they benefit.

Chart by John Burn-Murdoch.

Chart by John Burn-Murdoch.

Globalization has many positives, says Betts, but “globalization also has redistributive effects; it creates winners and losers. To take the example of migration, we know that immigration is a net positive as a whole, but that low-skilled immigration into a region can lead to a reduction of wages for the most impoverished in our society.” Balancing these effects, for instance by raising the level of social services for locals, is an important part of making globalization and immigration look less like a zero-sum game that alienates UK citizens.

So, Betts asks: “How do we address alienation while vehemently refusing to give in to xenophobia and nationalism?” He offers four steps forward.

  1. “How can we rebuild respect for truth and evidence into our liberal democracies? It has to start with education,” Betts says. Civic education can address the gap between perception and reality, and rebuild the space for conversation between the extremes.
  2. Encourage more interaction among diverse communities, addressing the “huge public misunderstandings about the levels of immigration,” he says. “Ironically, the regions of my country that are the most tolerant of immigrants have the largest stock of immigrants.”
  3. “We have to ensure that everybody shares in the benefits of globalization,” and that where a free trade policy creates an imbalance at the local level, it’s addressed at the local level.
  4. We need more responsible politics. “What we see around the world today is a tragic polarization, a failure to have dialogue between the extremes in politics,” says Betts. We might not achieve that dialogue today, but at the very least we have to call on our media and politicians to drop the language of fear and be far more tolerant of one another.”

TEDPathways: Notes from Session 4 of TEDSummit

This morning’s Session 4 explored the ways we connect — the pathways our money takes, our communication, our trust, even our intelligence(s). Read on:

Trust in your neighbor, but maybe not in your bank. Why is it that, despite being told “don’t get into a car with a stranger” for as long as we can remember, five million of us opt to do this every day when we call an Uber? Rachel Botsman believes the popularity of these services, including Uber, AirBnB and the like, represents a fundamental shift in our societies away from an institutional model of trust and towards a distributive model. In recent history, a handful of major events have severely weakened the public’s trust in our banks, our government and even the church. As this form of institutional trust collapses, we have witnesses a simultaneous rise in what’s known as the “sharing economy.” This new bottom-up model for trust is empowered by technology, including systems like the blockchain, which may someday remove the need for third-party trust systems entirely. As trust becomes more and more local and accountability-based, technology will continue to shift power away from these economic institutions and distribute itself into the hands of all of us.

Photo by Bret Hartman/TED.

Rachel Botsman explores the changing nature of trust — and how informal trust networks powered by new tech have created new behaviors. Photo by Bret Hartman/TED.

Benedict Android: how your phone can be hacked to betray you. The good news about smartphone surveillance is really good: In the past few years, many ordinary citizens have been able to capture shocking and irrefutable evidence of violent civil-rights abuses by police, soldiers and others, starting huge and important conversations. But the bad news is also really bad. Apple may have made news by refusing to bend or break the high-security encryption on its iPhones even for a FBI terrorism investigation. However, as the noted surveillance researcher Christopher Soghoian explains, Apple is the exception, and its products are affordable only to an upper-income tier of the world’s population. The security encryptions on most smartphones — the Android-style phones used by most of the world —  are far easier to hack by law enforcement or government officials, putting Android users at a much greater risk for having their phones (and the contents of them)) used against them. Soghoian calls this problem “the digital security divide,” and, having extensively studied how governments use malware and other underhanded surveillance measures to hack into computers and smartphones, he offers a very compelling case that, whatever new cool apps, trendy games and photo filters are in the pipeline for the next generation of smartphones, Apple-strength security measures are desperately needed first. “If the only people who can protect themselves from the gaze of the government are the elite, that’s a problem,” says Soghoian. “It’s not a technology problem — it’s a civil rights problem.”

Photo by Marla Aufmuth/TED.

Christopher Soghoian advocates for encryption on all our smartphones — not just Apple products. Photo by Marla Aufmuth/TED.

The awe of the puzzle. The Rubik’s cube is one of the most recognizable puzzles the world over, but as techno-illusionist Marco Tempest points out, it’s still as challenging today as when it first appeared in the 1970s. As he handed audience members cubes to jumble up, he explained their tugging pull: “Puzzles are mysteries that promise a solution, we just have to find it.” He then collected the cubes and brought an audience member onstage, where she challenged him to solve a cube — which he did in under 10 seconds. Holding up another cube, she showed him each of its six sides and he, almost effortlessly, matched a separate cube to reflect its same disorder. Without blinking, Tempest arranged the cubes into a square sculpture, while illustrating the universal appeal of the puzzle, “The Rubik’s cube is not an easy puzzle, but its design is elegant and it taps into that universal desire to solve problems, to bring meaning from chaos. It’s one of the traits that makes us human and has taken us to where we are now.” 

Photo by Marla Aufmuth/TED.

Techno-illusionist Marco Tempest hands out Rubik’s cubes, inviting the audience to scramble them up. Photo by Marla Aufmuth/TED.

Censorship and the fight against terror. If there is one thing Rebecca MacKinnon believes, it’s that the fight against terrorism cannot be won without the strict preservation of human rights. Human rights, in her opinion, along with freedom of the press and an open internet, are integral tools to stop the spread of radical extremist ideologies in democratic societies. Yet, the unfortunate reality is that the people on the forefront of exercising these liberties, such as independent journalists and bloggers, are often persecuted by the same government forces as the extremists. This persecution can take the form of actual jail time, as it has in Morocco, Turkey and Saudi Arabia, but may also occur in less direct ways. In the US, Washington DC and Silicon Valley have teamed up to stop the spread of ISIS’s online communities. However, their censorship has inadvertently silenced the voices of some who simply happen to share a name with a suspected terrorist or terrorist group, like the scores of women named Isis who have found their Twitter accounts deleted. As democratic governments across the world continue to crack down on whistleblowers and dissenters, 2015 marked the 10th consecutive year that freedom had been on a decline worldwide. This is why MacKinnon believes we need to fight for transparency and accountability from our governments and for the right to encryption for all citizens. She believes that privacy is essential to the survival of investigative journalism and public discourse, thus we must make choices to reflect our support lest we stifle the very people on the frontline of the fight against extremism.

The inevitable tendencies of artificial intelligence. “The actual path of a raindrop as it goes down the valley is unpredictable, but the general direction is inevitable,” says digital visionary Kevin Kelly, and technology is much the same, driven by patterns that may surprise us but that are driven by inevitable tendencies. One tendency in particular stands out because it will have a profound impact on the next 20 years: our tendency to make things smarter and smarter — the process of cognification — that we identify as artificial intelligence. Kelly explores three trends of AI that we need to understand in order to embrace it, because it’s only by embracing artificial intelligence that we can steer it. But the big takeaway? We’re in very, very beginning of artificial intelligence. “The most popular AI product 20 years from now that everyone uses has not been invented yet — that means that you’re not late.”

Scientific proof that trees talk. Forest ecologist Suzanne Simard researches the quiet and cohesive ways of the woods. In her research, she’s discovered monumental evidence that will change the way you look at these stoic plants — because trees, like humans and most living things, communicate and develop communities.  Using their roots to deliver information, forests and similar collections of trees build a resilient, self-healing family; there are even “mother” trees who look after seedlings and share wisdom when injured or dying. As Simard says: “A forest is much more than what you see.” Read more about Suzanne Simard’s talk.

I am a Brit. Two days ago, Alexander Betts agreed to give a talk here at TEDSummit on an issue close to his heart: how Brexit happened, and what it means for his home country and his global vision. In a powerful talk, he asks why the UK seemed to split apart on June 24 … and whether or not this should have come (as it did to many) as a shock. Read more about Alexander Betts’ talk.



Planet DebianPaul Wise: DebCamp16 day 6

Redirect one person contacting the Debian sysadmin and web teams to Debian user support. Review wiki RecentChanges. Usual spam reporting. Check and fix a derivatives census issue. Suggest sending the titanpad maintainence issue to a wider audience. Update check-all-the-things and copyright review tools wiki page for licensecheck/devscripts split. Ask if debian-debug could be added to Discuss more about the devscripts/licensecheck split. Yesterday I grrred at Debian perl bug #588017 that causes vulnerabilities in check-all-the-things, tried to figure out the scope of the issue and workaround all of the issues I could find. (Perls are shiny and Check All The thingS can be abbreviated as cats) Today I confirmed with the reporter (Jakub Wilk) that the patch mitigates this. Release check-all-the-things to Debian unstable (finally!!). Discuss with the borg about syncing cats to Ubuntu. Notice autoconf/automake being installed as indirect cats build-deps (via debhelper/dh-autoreconf) and poke relevant folks about this. Answer question about alioth vs LDAP.

Chaotic Idealism5 deaths, 9 days

I think we're having a summer homicide spike. Homicides of autistics have been coming in very fast lately.

June 19: Kevin Wilkes is killed by a fellow group home resident who was known to beat him up and bully him; staff kept them housed in the same location despite Kevin's previous injuries.

June 20: The body of Aaron Pajich is found buried under a concrete slab. He was abducted by two acquaintances, then murdered.

June 21: Tammara Killam is left alone in a trailer without air conditioning. Her twin sister, also disabled, watches her die of dehydration in the Las Vegas desert heat.

June 21: Lane Lesko escapes from a "therapeutic wilderness program". He is shot by police, though unarmed, after stealing a truck from the program's parking lot and crashing it.

June 28: An 11-year-old boy, his name not yet released, drowns in the bathtub when his stepfather puts him in the tub and leaves. A physical disability makes it impossible for him to keep his head above water.

I don't know if there's a connection, if this is one of those spikes that comes after a publicized case devalues autistic lives, or if this is just randomness clustering into pseudopatterns.

Either way, it's sad.

Planet DebianGunnar Wolf: Batch of the Next Thing Co.'s C.H.I.P. computers on its way to DebConf!)

Hello world!

I'm very happy to inform that the Next Thing Co. has shipped us a pack of 50 C.H.I.P. computers to be given away at DebConf! What is the C.H.I.P.? As their tagline says, it's the world's first US$9 computer. Further details:

All in all, it's a nice small ARM single-board computer; I won't bore you on this mail with tons of specs; suffice to say they are probably the most open ARM system I've seen to date.

So, I agreed with Richard, our contact at the company, I would distribute the machines among the DebConf speakers interested in one. Of course, not every DebConf speaker wants to fiddle with an adorable tiny piece of beautiful engineering, so I'm sure I'll have some spare computers to give out to other interested DebConf attendees. We are supposed to receive the C.H.I.P.s by Monday 4; if you want to track the package shipment, the DHL tracking number is 1209937606. Don't DDoS them too hard!

So, please do mail me telling why do you want one, what your projects are with it. My conditions for this giveaway are:

  • I will hand out the computers by Thursday 7.
  • Preference goes to people giving a talk. I will "line up" requests on two queues, "speaker" and "attendee", and will announce who gets one in a mail+post to this list on the said date.
  • With this in mind, I'll follow a strict "first come, first served".

To sign up for yours, please mail - I will capture mail sent to that alias ONLY.

Planet DebianOlivier Grégoire: Fifth week at GSoC: push information from the daemon!

*Last week I worked to create a window for the gnome client to display information.*

This week I worked on linking the D-BUS with the gnome client.
To do that I needed to modify the LRC.
-Create a QT slot to catch the signal from the D-BUS
-Create a signal connect with a lambda function on the client

Unfortunately, I can only push a single variable at the time. So, I chose to use MAP to contain all my information. After changing this type in the daemon, D-Bus, LRC and the gnome client. Everything finally work!

Google AdsenseAnnouncing the Certified Publishing Partner Summer Challenge

Summer 2016 is a time of passion, excellence, and good-natured competition. For our Certified Publishing Partners, we’re excited to announce the launch of the Google Certified Publishing Partner Summer Challenge on July 1st.

After launching in October 2015, Google’s Certified Publishing Partner (GCPP) program encompasses close to 40 partners with proven expertise in driving innovation and growth for hundreds of thousands of publishers globally. Enabled by Google’s publisher solutions – Google AdSense, DoubleClick for Publishers, and DoubleClick Ad Exchange – each partner is trained to help publishers of various sizes and verticals optimize monetization strategies. Today, we’re launching this global contest to identify and recognize Certified Publishing Partners who have shown immense dedication and impressive expertise and several critical areas.

  • Customer Satisfaction Award: A partner who demonstrates outstanding overall quality of services for publishers, a key pillar of the Certified Publishing Partner program.
  • Mobile Champion Award: A partner who demonstrates strong strategy and implementation to help publishers capture mobile opportunities with strong user experiences and effective monetization.
  • Business Innovation Award: A partner who shows leadership in the publishing business, by demonstrating how they are innovators on all fronts from product to marketing to sales to support, and that their innovation has tangible impact on revenue and publisher satisfaction.
The contest will run from July 2016 through September 2016, with awards announced around October 2016.  If you are one of our Certified Publishing Partners, you will receive an invitation to enter the contest. If you are interested in becoming a Certified Publishing Partner, apply here. Or, if you are interested in using the Certified Publishing Partner services, learn more about the program and find a partner here.

Posted by Sean Meng,
Global Program Lead, Google Certified Publishing Partner Program

About Google Certified Publishing Partnerships:
A Certified Publishing Partner can help when you don’t want to do it alone. Our publishing partners handle everything from setting up to optimizing and maintaining ads, so you’re free to spend more time publishing content on your site. Using Google best practices, our publishing partners are adept at maximizing performance and earnings with AdSense, DoubleClick Ad Exchange, and DoubleClick for Publishers. For more information, visit

Sociological ImagesThe Most Trustful Societies are Weakly Religious and Diverse

We often think that religion helps to build a strong society, in part because it gives people a shared set of beliefs that fosters trust. When you know what your neighbors think about right and wrong, it is easier to assume they are trustworthy people. The problem is that this logic focuses on trustworthy individuals, while social scientists often think about the relationship between religion and trust in terms of social structure and context.

New research from David Olson and Miao Li (using data from the World Values survey) examines the trust levels of 77,405 individuals from 69 countries collected between 1999 and 2010. The authors’ analysis focuses on a simple survey question about whether respondents felt they could, in general, trust other people. The authors were especially interested in how religiosity at the national level affected this trust, measuring it in two ways: the percentage of the population that regularly attended religious services and the level of religious diversity in the nation.

These two measures of religious strength and diversity in the social context brought out a surprising pattern. Nations with high religious diversity and high religious attendance had respondents who were significantly less likely to say they could generally trust other people. Conversely, nations with high religious diversity, but relatively low levels of participation, had respondents who were more likely to say they could generally trust other people.


One possible explanation for these two findings is that it is harder to navigate competing claims about truth and moral authority in a society when the stakes are high and everyone cares a lot about the answers, but also much easier to learn to trust others when living in a diverse society where the stakes for that difference are low. The most important lesson from this work, however, may be that the positive effects we usually attribute to cultural systems like religion are not guaranteed; things can turn out quite differently depending on the way religion is embedded in social context.

Evan Stewart is a PhD candidate at the University of Minnesota studying political culture. He is also a member of The Society Pages’ graduate student board. There, he writes for the blog Discoveries, where this post originally appeared. You can follow him on Twitter

(View original at

Planet DebianWouter Verhelst: Debcamp NBD work

I had planned to do some work on NBD while here at debcamp. Here's a progress report:

Task Concept Code Tested
Change init script so it uses /etc/nbdtab rather than /etc/nbd-client for configuration
Change postinst so it converts existing /etc/nbd-client files to /etc/nbdtab
Change postinst so it generates /etc/nbdtab files from debconf
Create systemd unit for nbd based on /etc/nbdtab
Write STARTTLS support for client and/or server

The first four are needed to fix Debian bug #796633, of which "writing the systemd unit" was the one that seemed hardest. The good thing about debcamp, however, is that experts are aplenty (thanks Tollef), so that part's done now.

What's left:

  • Testing the init script modifications that I've made, so as to support those users who dislike systemd. They're fairly straightforward, and I don't anticipate any problems, but it helps to make sure.
  • Migrating the /etc/nbd-client configuration file to an nbdtab(5) one. This should be fairly straightforward, it's just a matter of Writing The Code(TM).
  • Changing the whole debconf setup so it writes (and/or updates) an nbdtab(5) file rather than a /etc/nbd-client shell snippet. This falls squarely into the "OMFG what the F*** was I thinking when I wrote that debconf stuff 10 years ago" area. I'll probably deal with it somehow. I hope. Not so sure how to do so yet, though.

If I manage to get all of the above to work and there's time left, I'll have a look at implementing STARTTLS support into nbd-client and nbd-server. A spec for that exists already, there's an alternative NBD implementation which has already implemented it, and preliminary patches exist for the reference implementation, so it's known to work; I just need to spend some time slapping the pieces together and making it work.

Ah well. Good old debcamp.

CryptogramInterview with an NSA Hacker

Peter Maas interviewed the former NSA official who wrote the infamous "I Hunt Sysadmins" memo.

It's interesting, but I wanted to hear less of Peter Maas -- I already know his views -- and more from the NSA hacker.

Worse Than FailureAnalyze This

When asked to choose among several possible tools to do a job, qualified technical people look at the manual and test to see if the tool actually does what they need it to do. Is it reasonably configurable? Must it have root privilege to launch, or can it be installed as your application login id? Smarter folks will do a load test to see if it will scale beyond a handful of records and work with the expected volumes of data. And all of this will be combined to form an informed opinion as to whether the tool is appropriate for the task at hand.

High Level Managers have a different approach. They are too busy to deal with mere technical details.

Sigmund Freud Anciano

After numerous outages at a large multi-national bank, a high level manager decided that they needed to do something to stabilize things, so he put together numerous charts to compare the various software packages that were available to automate solving their problems. There were slide shows, spreadsheets and myriad documents detailing how one tool was better than the others and that it would solve all of their problems.

The only problem with his analysis was that it was not based upon actual features or testing, but on the sales brochures and promises made by the salesman.

Not to let the facts get in the way of managing a problem, several suitcases of money were provisioned and turned over to the salesman in exchange for a full all-bells-and-whistles site license for the new tool. The new tool was brought in house and ran through a few simple test cases. Then it went live in production. Then it hit the fan.

Bob was brought in to see why their applications were crashing in spite of their shiny new be-all end-all tool.

Queries that should have completed in milliseconds took several minutes to complete. The tool was sucking up 80GB of memory just to launch in basic mode. And we're not even going to go into how the tool mistook email addresses for websites it had to crawl.

The manager, realizing that the salesman had lied to him, had to deal with the spilled milk, and opted to forge ahead at all costs.

Bob created a web app that alleviated the worst problems by pre-massaging input and query results. He could not push away a gnawing suspicion that he was merely repairing damage rather than adding actual value to the company.

After about a year of this, the manager committed to drastic changes in the work processes. When Bob learned about this, he asked them if they'd even done rough, back-of-napkin estimations of the expected manual workload in the changed process; after all, they already had a wealth of data from the past year and estimations surely could be done given the new process was specified in substantial detail. After all, they had gotten burned on their 'analysis' of the product they bought to solve all the instability. He was met with blank stares.

The new process was put in place and the amount of manual work tripled overnight.

Bob put in a lot of overtime trying to fight all manner of fires. Still, he was only partially successful, as the task of developing an app to totally fix the situation for a huge and complex package on top of a pretty complex work process was out of the question for a single developer.

After many, many months of this ongoing failure, the manager who started all of this had analysed the cause of the all of problems. The entire team was called in by the manager to a meeting. As could be expected, it was announced that the productivity was deemed too low while the risk and cost were too high, and so the entire team; analysts, lower level managers and Bob were laid off.

The manager was promoted for recognizing the cause of the failures and was given more responsibility to oversee other projects in addition to his own.

[Advertisement] Scale your release pipelines, creating secure, reliable, reusable deployments with one click. Download and learn more today!

Planet DebianMichal Čihař: PHP shapefile library

Since quite a long time phpMyAdmin had embedded the bfShapeFiles library for import of geospatial data. Over the time we had to apply fixes to it to stay compatible with newer PHP versions, but there was really no development. Unfortunately, as it seems to be only usable PHP library which can read and write ESRI shapefiles.

With recent switch of phpMyAdmin to dependency handling using Composer I wondered if we should get rid of the last embedded PHP library, which was this one - bfShapeFiles. As I couldn't find alive library which would work well for us, I resisted that for quite long, until pull request to improve it came in. At that point I've realized that it's probably better to separate it and start to improve it outside our codebase.

That's when phpmyadmin/shapefile was started. The code is based on bfShapeFiles, applies all fixes which were used in phpMyAdmin and adds improvements from the pull request. On top of that it has brand new testsuite (the coverage is still much lower than I'd like to have) and while writing the tests several parsing issues have been discovered and fixed. Anyway you can now get the source from GitHub or install using Composer from Packagist.

PS: While fixing parser bugs I've looked at other parsers as well to see how they handle some situations unclear in the specs and I had to fix Python pyshp on the way as well :-).

Filed under: Debian English phpMyAdmin | 0 comments

TEDBuilding blocks: Notes from Session 3 at TEDSummit

Michael Shellenberger suggests that the future of clean energy should involve nuclear energy. Photo: Bret Hartman

Michael Shellenberger suggests that the future of clean energy should involve nuclear energy — despite our deep-seated worries about the technology. Photo: Bret Hartman

What are the tools we’re using to build the future? Session 3 speakers go deep on what’s next in finance, energy, business and the structures we live in.

The next generation of trust on the Internet. For many online transactions, we rely on middlemen like banks and government to establish trust — but these systems face growing issues like hacking, exclusion and data privacy. Blockchain, “a vast distributed ledger run on millions of computers,” promises to upend all that, establishing trust not through big institutions but through “cryptography and clever code,” says technology communicator Don Tapscott. When blockchain technology matures, Tapscott believes, “For the first time in human history, people can trust each other and interact peer-to-peer,” and the power of that changing interaction could help us address the social inequality that’s at the heart of today’s anger, extremism and protectionism, not by redistributing wealth but by predistributing it.

Don Tapscott imagines a future of relationships powered by blockchain. Photo: Bret Hartman

Don Tapscott imagines a future of relationships powered by blockchain. Photo: Bret Hartman

The digital continuation of an old story. “There is a new technological institution that will fundamentally change how we exchange value, and it’s called the blockchain,” says researcher Bettina Warburg. But while blockchain technology is new, its intention is actually quite old, building on the ancient human search to lower uncertainty about each other so that we can exchange value. Blockchain helps us lower uncertainty in three important ways, by helping us: 1. know who we are transacting with, 2. have transparency in our transactions, and 3. have recourse when our transactions go wrong. There’s still a long road ahead of us before blockchain can become a reality, Warburg cautions, but “we need to start preparing ourselves, because we’re about to face a world where distributed, autonomous institutions are going to have quite a significant role.”

The new nuclear choice: Joseph Lassiter challenges us in the audience to view the energy crisis from a new point of view beyond the privileged choices available to the developed world. While developed nations like the US and many in Western Europe can afford cleaner energy sources, much of the developing world, China and India in particular, will use whatever energy sources are available that can improve the quality of life for as many of their citizens as possible, and do it quickly and cheaply. For these booming countries to adopt a renewable energy source, it’s going to have to pass what Vinod Khosla has called the “Chindia Test”:  it must be viable, scalable and effective without subsidy or mandate. Right now, wind and solar power do not pass that test, but Lassiter believes “new nuclear” power can, if people are willing to get past their historical apprehensions. We now have the ability to make and regulate nuclear power sources such that they are safer and cheaper than they have been in the past; now we have to make the choice to pursue it.

Going nuclear for clean energy. We’re in a clean energy revolution, some would think. Actually, it may be the opposite. According to Michael Shellenberger, a climate policy expert, the percentage of electricity from clean energy is declining, with nuclear taking the biggest hit  across the board. Nuclear is very low-carbon and can provide a lot of power, but three pervasive fears surround it that stand in the way of wide-scale generation: safety, waste and weapons. Turns out that nuclear is one of the safest renewable energies, doesn’t produce much waste — and the correlation between countries that invest in nuclear energy and in nuclear weapons isn’t strong. With many of the world’s richest nations taking down nuclear reactors instead of building them, we’re at risk of losing four times more clean energy than was lost over the past 10 years. In other words, “We’re not in a clean energy revolution, we’re in a clean energy crisis.”

The Beautiful Business Bureau? Any numbers of better-business bestsellers will tell you how to do things right. But writer Tim Leberecht does not tell you how to do things right — he wants to tell you how to do things wrong. The argument that he lays out in his 2015 book The Business Romantic is that businesspeople focus too much on our computerized rivals and their growing ability to complete tasks correctly. Instead, he argues that as human beings we have an ethical, philosophical and even fiduciary duty to not waste time trying to one-up our computers and, instead, do what we who are “only human” do best — be gloriously fallible. Not that he actually wants you to screw up. Leberecht would prefer that we focus on what he calls “creating beauty” — creating situations and environments that help balance out the obsession with bottom-line success, an obsession that can damage or even destroy a company’s culture. And of course, he has a list. (You knew he had a list.) 1. Do the unnecessary. Don’t just go the extra mile — do a 10K run, too. Companies need to cultivate the idea that they are more than a spreadsheet. (Key quote: “When you cut the unnecessary, you cut everything.”)  2. Create intimacy. Even in temporary settings, tear down barriers that keep workers apart. (Key quote: “Never underestimage the power of a ridiculous wig.”) 3. Stay incomplete. Single-minded focus on one goal has its plusses, but allows no room for deviation, flexibility, introspection and more. (Key quote:”Beautiful companies keep asking questions.”) 4. Embrace ugliness. As an old saying goes, good judgment comes from experience — and experience comes from bad judgment. By openly acknowledging our flaws, they have less power to harm us. (Key quote: “The first step towards beauty is a huge risk — the risk to be ugly.”)

How bad architecture added fuel to the fire in Syria. Marwa Al-Sabouni is a young architect in Homs, in Syria. Speaking to us over Skype, she talks about her ruined home city … and looks at how Syria’s once tolerant and multicultural society gradually was separated by colonialist powers into single-identity enclaves divided by class, race and religion. This separation, she believes, is one root cause of the terrible and destructive war in Syria. Read more about her talk.  

How women win wars: Twelve years ago Julia Bacha observed the valiant actions of young women in the village of Budrus, who stepped up to help save their community from become the site of an Israeli-Palestine separation barrier. This inspired her to investigate the role of women in nonviolent and violent conflicts worldwide. Bacha found that nonviolent campaigns were 100% more likely to succeed than their violent counterparts — and that the greatest indication of whether or not a group would chose to adopt a policy of nonviolence was their ideology toward women in public life. Organizations with women in leadership positions were much more likely to succeed. Our perception of the number of women involved in Middle Eastern conflicts is likely skewed, Bacha says, because the western media underrepresents their extent and importance. The first Palestinian Intifada, she reminds us, featured many women in prominent organizing positions. (The U.S. also erases the women of its own history, like Septima Poinsette Clark of the Civil Rights movement.) Bacha asks us to investigate how our own attitudes towards women will influence the conflicts of the future, their casualties and whether or not they are won.

Filmmaker Julia Bacha explores the hidden role of women in modern conflict. Photo: Bret Hartman

Filmmaker Julia Bacha explores the hidden role of women in modern conflict. Photo: Bret Hartman

Jazz turned upside down. An impassioned jazz performance to close out Session 3 starts with “Upside Down,” in which pianist Laila Biali plays an upbeat, walk-in-the-park-on-a-sunny-afternoon melody on the piano while singing, “You turn me upside down / when daylight comes / the dreams leave me spellbound.” As drum and a standing bass accompanied, Biali played a faster and faster tempo, exuding joy with each note, building to a time-shifting crescendo. She then transitioned to a slower, more reflective tune, “Joy,” muting the strings and then releasing the power of this rhythmic anthem.

TEDHow Syria’s buildings laid the foundation for brutal war: Marwa Al-Sabouni at TEDSummit

Recorded over Skype, young architect Marwa Al-Sabouni talks about life right now in Homs, Syria -- and suggests that the built environment played a role in the country's deadly conflict. Photo: Ryan Lash

Recorded over Skype, young architect Marwa Al-Sabouni talks about life right now in Homs, Syria — and suggests that the built environment played a role in the country’s deadly conflict. Photo: Ryan Lash

“E pluribus unem” worked in Syria once too.

The merciless six-year civil war in Syria has destroyed cities, killed hundreds of thousands of people and displaced millions more. The Syria of a decade ago is but a memory. The causes have been detailed exhaustively — social, economic, religious, geopolitical. But one woman, an architect who was born, grew up and still lives today in the central Syrian town of Homs, believes that one culprit has so far gone unnamed and unblamed — architecture. “It has played a role in creating, directing and amplifying conflict between warring factions,” she says bluntly.

But does architecture have that much power? Can it exert such an influence? Marwa Al-Sabouni, who ran a small architecture studio with her husband in the old city center of Homs for several years until the war destroyed most of the historic area, believes that it does and it can — and her contention is the crux of her memoir about life during wartime, “The Battle For Home.” She has stayed in Homs for six years watching the war tear her city apart, and believes that architecture and a century of thoughtless urban planning played a crucial role in the slow unraveling of Syrian cities’ social fabric, preparing the way for once-friendly, now-fragmented groups to become enemies instead of neighbors.

“The harmony of the social environment got trampled over by elements of modernity,” says Al-Sabouni. “The brutal, unfinished concrete blocks and the divisive urbanism that zoned communities by class, creed or affluence.”

Being a virtual prisoner in her home for two years after the war started, she says, gave her only too much time to think about the incredible transformation of the city she grew up in. “This has been historically a tolerant city, accustomed to variety, accommodating a wide range of beliefs, origins and customs, where mosques and churches were built back to back. What has led to this senseless war? How did my country degenerate into civil war, violence, displacement and unprecedented sectarian hatred?” So she began writing, mapping out how 20th-century urban planning took a united society of different threads and slowly rewove them into a cityscape of difference and division.

“It started with French colonial city planners, blowing up streets and relocating monuments,” she says. Then, she says, modern buildings started going up with little or no thought, design or planning, fracturing delicate communities further: “Architecture became a way of differentiation.” By the end of the 20th century, all that remained in Homs was a city center and, around it, a ring of ghettoized communities, each housing its own ethnic or religious group, and each enemies of the others.

Al-Sabouni does have hope for the future, she says — partly because she has a wildly optimistic husband, and partly because she feels there is now both room and reason to learn from the past and rebuild it better. That means not building giant tower blocks which isolate and alienate people — it means lower, mixed use buildings that can accommodate all kinds of people, races, ages, beliefs and more. When a rope breaks, the strongest way to mend it is to weave all the ends together. That is what Al-Sabouni wants — and what Homs, Syria and the whole world need.

TED10 years of TED Talks keeping pace with history


At TED2014, Curator Chris Anderson spoke to whistleblower Edward Snowden through a telepresence robot. Photo: Ryan Lash

In 2006, TED started putting talks online for free, a milestone in democratizing ideas worth spreading. Since then, the world has seen monumental shifts in history, including the rise and fall of revolutions, the roar of a deadly epidemic, the largest-ever leak of government secrets, an astronomical discovery predicted by Einstein and the election of the first African-American president in the US, to name a few.

To celebrate TED’s 10th anniversary, we’ve collected this playlist of talks that have intersected with history, providing insight on the significant events of their time. Read below for highlights:

Inside the Arab Spring: In December 2010, a man in Tunisia had his cart seized by the police; in protest of the general economic upheaval around him, he set himself on fire. This defiant act ignited the Arab Spring, a series of democratic uprisings and government overthrows across the Arab world. In January 2011, an Egyptian man set himself on fire in protest outside a parliament building in Cairo. The following wave of demonstrations and protests resulted in President Mubarak’s resignation and much later, a draft for a new constitution.

At TED2011, Internet activist and computer engineer Wael Ghonim spoke about his pivotal role in Egypt’s revolution: creating a Facebook page that circumvented censorship and brought new life to a burgeoning movement.

The whistleblower — and the whistleblowee: Edward Snowden was a government contractor working in Hawaii for the NSA. But in December 2012, he copied documents from the NSA that detailed government surveillance programs — some on ordinary citizens. With a whistle blow heard around the world, Snowden catalyzed one of the biggest leaks of government secrets in history, and touched off on ongoing conversation about our digital right to privacy.

At TED2014, speaking from a telepresence robot, Edward Snowden gave the audience a nuanced perspective on Internet freedoms and data privacy.

After this surprise talk, Curator Chris Anderson said, “If the NSA wants to respond, please do,” signaling a video response two days later from NSA Deputy Director Richard Ledgett.

Where corruption hides its money: Offshore accounts where the powerful, rich and famous stash millions in cash may sound like antics of the wealthy. But it turns out that leaving such assets untaxed means governments worldwide have to cut corners on crucial public services, such as education and food relief.  Such activities remained well-known but closeted facts until April 3, 2016, when, in the largest data leak in history, documents naming international government leaders, corporations and private citizens alike were leaked from the Panamanian bank Mossack Fonseca.

In the midst of the scandal, Robert Palmer gave vital context on the Panama Papers straight from the Global Witness headquarters in a direct-to-camera TED Talk.

The terrorist organization ISIS split from Al Qaeda over stark ideological differences and has since concentrated its effort into establishing a worldwide caliphate. Using shock and violence, ISIS attacks range from guerilla-style to large-scale bombings in countries such as Syria, Iraq, France, Belgium, among others.

At TED2015, international policy analyst Benedetta Berti shared with the audience the surprising ways groups such as Hezbollah, Hamas and ISIS maintain local clout in occupied territories: providing social goods, such as schools and hospitals, that are often neglected by governments.

The refugee crisis begins: In the midst of the Arab Spring, a group of Syrian pro-democracy demonstrators protested in March 2011. Security forces opened fire on them, killing several. What followed was a series of demonstrations calling for President Bashar al-Assad, who has been in power since 2000, to resign. This kickstarted a brutal five-year civil war that has, according to UNHCR, so far resulted in more than 4 million Syrian refugees.

At TEDGlobal>Geneva in 2015, former UN High Commissioner for Refugees António Guterres sat down with Bruno Giussani, TED’s European Director, in a Q&A to discuss the complexities of today’s refugee crisis. Guterres suggested that with improved screening, shelter and distribution at entry points, Europe can learn to better welcome refugees, achieving both its humanitarian and practical goals.

And at TED2016, scholar Alexander Betts offered fresh insight on the refugee crisis by addressing how to help refugees contribute and feel a part of their new homes, benefiting both the refugees and their host countries.

Should this physics discovery worry us? On July 4, 2012, scientists at CERN discovered the Higgs boson particle. This marked a monumental achievement in physics. At TEDxCERN, theoretical physicist Gian Giudice posed a worrisome question: Could a Higgs field, in an ultra-dense state, collapse all atomic matter?

The fight against Ebola: Although the virus first appeared in 1976, a new Ebola outbreak became a large-scale epidemic in 2014, ravaging West Africa. With an average 50 percent fatality rate, communities were crippled by the virus and over 11,000 people died, causing devastation and panic of a possible pandemic.

At TEDxPlaceDesNations, epidemiologist Bruce Aylward outlined four strategies to win the fight against Ebola.

Finding a ripple on space-time: Back in 1916, Albert Einstein predicted the existence of gravitational waves — ripples in space-time caused by a catastrophic cosmic event — when he mapped out his theory of relativity. Problem was, he didn’t have any proof. No one did, actually. Such waves could be the result of a collision of two black holes, supernovae, or leftover gravitational radiation from the birth of the Universe, among other possibilities. In September 2015, LIGO caught up with Einstein and detected real gravitational waves caused by two colliding black holes, an event dating back to the beginning of the Universe. The announcement of the find, after months of careful checking, came in February 2016.

At TED2016, theoretical physicist Allan Adams of LIGO  shared exactly how this discovery happened and the decades of work that led to it:

Finally, a climate agreement: With fits and bursts of underwhelming success, there have been a handful of global agreements, like the Kyoto Protocol, aimed at tackling climate change. The problem was that these agreements weren’t nearly as global as was hoped, with major powers like the US refusing to ratify. As the effects of climate change became more present and alarming, a new approach was needed, one with comprehensive proposals and a larger coalition of signatories. In December 2015, climate advocate Christiana Figueres was tapped to lead the Paris climate conference by the UN. At TED2016, Figueres shared how she brought 195 world leaders together to agree on a way to slow climate change, resulting in a consensus on the most important climate agreement in history.

The legacy of Nelson Mandela: There is no need  to spell out Nelson Mandela’s remarkable legacy as a fearless fighter against apartheid (resulting in 27 years in jail) and later, South Africa’s first democratically elected black president. He won innumerable accolades, including the Nobel Peace Prize, and at TEDWomen 2013, South African environmental and literacy activist Boyd Varty shared what Mandela taught him about nature, “ubuntu”and interrelatedness. He gave this talk mere hours after Nelson Mandela passed away on December 5, 2013, at the age of 95.

How Americans voted for the first African American president: On January 20, 2009, Barack Obama was inaugurated as the 44th President of the United States, making him the very first African-American president in US history. One month later, statistician Nate Silver challenged the TED2009 audience with surprising experiments and insights on how much a candidate’s skin color affects their chances.

Trying to learn from Haiti: On January 10, 2010, a devastating 7.0 earthquake rocked Haiti, leaving over 222,000 people dead and much of its infrastructure in complete ruin. Later, after time of detailed study, reflection and analysis, TED Fellow Peter Haas shared with the TEDGlobal 2010 audience how bad building practices and design exacerbated the fatality of this natural disaster.

Looking ahead in Afghanistan: In 2005, Afghanistan was a broken country, recovering from war and riddled with corruption, and Ashraf Ghani was an academic and finance minister who shared ideas for how the country might begin to rebuild. In 2014, Ghani became president of Afghanistan.





TED10 years of changing views on climate change, in TED Talks

10 years after Al Gore gave his eye-opening TED Talk about global warming, the UN's Christiana Figueres described the first global effort to fight it. Photo: Bret Hartman

10 years after Al Gore gave his eye-opening TED Talk about global warming, the UN’s Christiana Figueres described the first global effort to fight it. Photo: Bret Hartman/TED

On July 27, 2006, the first six TED Talks were posted online. Among them was Al Gore’s talk at TED2006, “Averting the climate crisis,” given a few months before the release of his groundbreaking documentary An Inconvenient Truth. With the release of the film, climate change stormed into public awareness. Fast-forward to 2016 and things have changed a lot, for both the discussion around climate change and Both have grown and evolved in ways that would have been impossible to predict back in 2006.

When Al Gore took the stage at TED2006, there was little public discussion or even awareness of climate change. In fact, An Inconvenient Truth was so instrumental in making people aware of climate change that scientists actually study its impact. But the conversation in 2006 was very different than the doomsday-scenario, polarized discussions we sometimes hear today. It was casual and calm, and the solutions at the heart of the talk weren’t big or grandiose. They didn’t involve terraforming a new planet or growing baby corals to rebuild reefs or locking seeds away deep in a Norwegian mountain. They were simple, the kind you might put on a pamphlet: Buy a hybrid, consume and invest consciously, calculate your carbon footprint, reduce-reuse-recycle. That’s not to say these are not important steps, they are, but listening to the conversation in 2006, there isn’t the same sense of urgency that comes later. And in fact, the primary message is not about a particular solution, it’s about raising awareness. “Become a catalyst of change. Teach others, learn about it, talk about it,” urged Gore. (Jill Sobule added her voice to the 2006 conversation with the lighthearted song “Manhattan in January.”) The public conversation was in its infancy, and before we could focus on making serious change, we needed to get the word out …

2007-2008: Quiet period

… which takes time. In 2007, there’s a TED salon called “Hot Science” to dig further into climate and energy science, but otherwise TED Talks goes relatively quiet on climate change. We posted 8 talks on climate change in 2007 (though some were filmed before 2007, before we had a website to put them on), and in 2008, we posted just 2 talks on climate change, including a follow-up talk from the newly minted Nobel Peace Prize winner Al Gore. The lull in coverage is reflective of the larger public and political conversation, or lack thereof. As Gore noted in his 2008 talk, “The top journalists for NBC asked 956 questions in 2007 of the presidential candidates. Two of them were about the climate crisis. ABC: 844 questions, two about the climate crisis. Fox: two. CNN: two. CBS: zero.”

Even harder than getting people to talk was getting them to care, he said. “There has been progress, but here is the key: when given a list of challenges to confront, global warming is still listed at near the bottom. What is missing is a sense of urgency. If you agree with the factual analysis, but you don’t feel the sense of urgency, where does that leave you?”

At this point, the real problem rested not with science–the evidence was strong–it rested with the public and policymakers.

2009: How can we help inspire the public to care?

In 2009, James Balog shared images from his Extreme Ice Survey, a photographic-scientific endeavour that showcased the role of art in getting people to care about climate: “In the Extreme Ice Survey, we’re dedicated to … merging art and science to the end of helping us understand nature and humanity’s relationship with nature better.” His goal: make climate change feel tangible to people. The problem is so abstract that it can be difficult to motivate people around something that feels so, well, distant. But being able to see it. Well, that changes everything.

“Ice is the canary in the global coal mine. It’s the place where we can see and touch and hear and feel climate change in action. Climate change is a really abstract thing in most of the world. Whether or not you believe in it is based on your sense of, Is it raining more or is it raining less? Is it getting hotter or is it getting colder? What do the computer models say about this, that and the other thing? All of that, strip it away. In the world of the arctic and alpine environments, where the ice is, it’s real and it’s present. The changes are happening. They’re very visible. They’re photographable. They’re measurable.”

(Other TED Talks have echoed this sentiment, the role of art in creating action and change on the part of the populace. For more talks like this, check out: Zaria Forman, Yann Arthus-Bertrand, and Chris Jordan.)

In 2009, we posted 9 talks on climate change, a 350% increase. The talks are varied. James Balog and Yann Arthus-Bertrand touched on the role of art, Cary Fowler shared a radical idea on how to protect ourselves and our plants, and Jane Poynter and Lewis Pugh shared two extraordinary awareness-raising experiences. The conversation has grown from its roots. There is a growing awareness that this touches all of our lives, all of our fields, and the way we talk about it has greatly expanded and will continue to over the following years. Climate change is no longer just about science or energy. It’s about art and social justice and philosophy–everything under the sun. The urgency, the care — it’s starting.

2010-2012: A lull, and then some tough love

But the momentum slackens for a moment after 2009. In 2010, we posted only 4 talks and in 2011, zero talks specifically on climate (though climate change is mentioned in lots of talks both years). In 2012 the momentum returns — but more important even than the number of talks we posted is how the tone of the conversation changes. There’s no gentleness anymore. There’s tough love, shake-you-awake kind of talks. The talks emphasize the severity of the situation and underscore that we need to do something about this.

At TED2012, climate scientist James Hansen said, “This path, if continued, guarantees that we will pass tipping points leading to ice sheet disintegration that will accelerate out of control of future generations. A large fraction of species will be committed to extinction. And increasing intensity of droughts and floods will severely impact breadbaskets of the world, causing massive famines and economic decline. Imagine a giant asteroid on a direct collision course with Earth.”

There’s also a move away from the mentality that it will only take simple changes within our existing economic framework. Instead, we start to share a realization that this will take immense change and action on the part of everyone at every level. As Paul Gilding said in 2012, “the idea that we can smoothly transition to a highly efficient, solar-powered, knowledge-based economy transformed by science and technology so that nine billion people can live in 2050 a life of abundance and digital downloads is a delusion. It’s not that it’s not possible to feed, clothe and house us all and have us live decent lives. It certainly is. But the idea that we can gently grow there with a few minor hiccups is just wrong, and it’s dangerously wrong, because it means we’re not getting ready for what’s really going to happen.”

2012-now: Acceptance and urgency

Between 2012 and 2015, the conversation continues. There’s a growing sense of acceptance and understanding, and with that comes fear and urgency. There are a lot of calls to action — along with growing frustration and despair at our lack of action. We’re there, but we’re not quite there. It’s an interesting time because there’s a lot of thought being given to climate change and growing understanding, but a complete inability to get anything done about it. It’s like there’s this sense of urgency but we are unable to harness it, or it hasn’t yet reached a tipping point.

Throughout these years, talks ranged from the firm, hopeful and practical in 2012…

“It’s up to us to look at our homes and our communities, our vulnerabilities and our exposures to risk, and to find ways to not just survive, but to thrive, and it’s up to us to plan and to prepare and to call on our government leaders and require them to do the same, even while they address the underlying causes of climate change. There are no quick fixes. There are no one-size-fits-all solutions. We’re all learning by doing.” (Vicki Arroyo)

…to the more ominous in 2014:

“the world as a whole is moving far too slowly. We’re not cutting emissions in the way we should. We’re not managing those structural transformations as we can. The depth of understanding of the immense risks of climate change are not there yet. The depth of understanding of the attractiveness of what we can do is not there yet. We need political pressure to build. We need leaders to step up. We can have better growth, better climate, a better world. We can make, by managing those two transformations well, the next 100 years the best of centuries. If we make a mess of it, we, you and me, if we make a mess of it, if we don’t manage those transformations properly, it will be, the next 100 years will be the worst of centuries.” (Lord Nicholas Stern)

Come 2015, a big shift occurs. Rather than talking about climate change happening in some distant, uncertain future, we see people talking about it as something that is happening now. As the president of the island nation of Kiribati, Anote Tong, said at Mission Blue II in 2015, ”What many people do not understand is they think climate change is something that is happening in the future. Well, we’re at the very bottom end of the spectrum. It’s already with us. We have communities who already have been dislocated. They have had to move, and every parliament session, I’m getting complaints from different communities asking for assistance to build seawalls, to see what we can do about the freshwater lens because it’s being destroyed. In my trips to the different islands, I’m seeing evidence of communities which are now having to cope with the loss of food crops, the contamination of the water lenses, and I see these communities perhaps leaving, having to relocate, within five to 10 years.”

Mentally, that’s a big shift. It dashes whatever delusions people held about averting climate change, and it makes the threat seem more imminent. Plus, if we’re being honest with ourselves, it’s much easier to care when the problem is going to affect us directly rather than the unnamed, unborn generations of the future. Alice Bows-Larkin put it well when she said, “So we have a choice. We can either choose to start to take climate change seriously, and significantly cut and mitigate our greenhouse gas emissions, and then we will have to adapt to less of the climate change impacts in future. Alternatively, we can continue to really ignore the climate change problem. But if we do that, we are also choosing to adapt to very much more powerful climate impacts in future. We’re making that choice on behalf of others as well. But the choice that we don’t have is a no-climate-change future.”

As we’ve seen, the buildup to 2016 was slow and painstaking, but TED Talks help illustrate how far we have come. In 2006, we posted 3 talks on climate change, but in 2016 so far we have posted 11. As a global community, we’ve gained urgency and momentum. We have gone through a dark period where it seemed unlikely we would ever act, but in 2016 we hear for the first time strains of optimism and concrete hope. That optimism is important.

For years, we have heard speakers reiterate their frustration: We know this is happening, but there’s no urgency to act. That urgency and momentum has been building. What was needed next was a way to harness that urgency, and Christiana Figueres found the key: optimism. That key would culminate in the Paris Climate Agreement.


So, when Al Gore took the stage again in 2016, a decade after his first talk, we had come a long way. It is just the start, the tip of the iceberg to solving this problem — but what a step from where we have been. As he says,  “Paris really was a breakthrough; some of the provisions are binding and the regular reviews will matter a lot. But nations aren’t waiting, they’re going ahead. China has already announced that starting next year, they’re adopting a nationwide cap-and-trade system. They will likely link up with the European Union. The United States has already been changing. All of these coal plants were proposed in the next 10 years and canceled. All of these existing coal plants were retired. We are moving forward. Last year — if you look at all of the investment in new electricity generation in the United States, almost three-quarters was from renewable energy, mostly wind and solar. We are solving this crisis. The only question is: how long will it take to get there?”

As these talks show, the road from awareness to concerted action (and the faintest glimmer of a solution) has not been easy. It’s been frustrating and scary with a strong helping of denial and pessimism. But they all share one commonality: an iron-strong belief that in our darkest hour, we can shine. Here’s to hoping that our next ten years of talks on climate change will show that to be true.


TED10 years of evolving biotech


At TED2016, Jennifer Kahn talked about a bold new step in biotech: gene drives, the act of systematically removing a pesky gene from an entire species. Photo: Ryan Lash

To celebrate 10 years of TED Talks, we went back through the archives to show you how fast biotechnology has changed over the past ten years, and some interesting moments along the way.

We start with some history in a talk by James Watson, who co-discovered the first models of DNA’s structure with his partner Francis Crick, as a 23-year-old student at Cambridge in the early 1950s. Onstage in 2005, Watson talked about the breakthrough day when it all become clear. As he describes it, “Crick and I started building models, and I’d learned a little chemistry, but not enough. Well, we got the answer on the 28th February ’53, because of a rule which, to me, is a very good rule: Never be the brightest person in a room. And we weren’t. We weren’t the best chemists in the room.” Instead, their colleague, chemist Jerry Donohue, made an important correction to one of their earlier models for DNA’s structure that guided them to “the [DNA] base pairing — and Francis immediately said the chains run in absolute directions. And we knew we were right. It all happened in about two hours, from nothing to thing: If you just put A next to T and G next to C, you have a copying mechanism. So we saw how genetic information is carried.”

Following on this discovery, Watson and Crick asked further questions, like “what does this genetic information actually do?” In 1960, they came to understand more of the fundamental mechanisms that allowed DNA to transfer information, and discovered the three forms of RNA. These first discoveries paved the way for other scientists to explore life’s code.

The race to code the entire human genome started in the 1990s. The first human genome was sequenced (and published in Nature) by J. Craig Venter at Celera in 2001. The US-government-funded Human Genome Project completed its first human genome sequence two years later. The possibilities seemed endless, as Juan Enriquez told TED in 2003, imagining what impact we could expect this new tool to have across the economy, science and culture.


First, Enriquez mused, we might expect to see extinct species return to the planet. He gives this hypothetical example: “They take some cells out of an adult gaur‘s mouth, insert the code from that into a fertilized cow’s egg, reprogram the cow’s egg with a different gene code. When you do that, the cow gives birth to a gaur. We are now experimenting with bongos, pandas, elands, Sumatran tigers …”

Next, he predicted, the technology to sequence our gene codes would get faster and much cheaper, very rapidly: “It takes about $5 billion to sequence a human being the first time. Takes about $3 million the second time. We will have a $1,000 genome within the next five to eight years. That means each of you will contain on a CD your entire gene code.” This will introduce a new factor into our healthcare: our genetic data.

And finally, we’ll see the beginning of gene editing, and the birth of new industries for manufacturing vaccines and materials. “This changes all rules. This is life, but we’re reprogramming it.”

In 2005, J. Craig Venter talked about his sea-going expedition to map samples of the oceans’ DNA, mainly in microbes. “Less than 5,000 microbial species have been characterized as of two years ago, and so we decided to do something about it,” he said. On this trip, he discovered as many as 50,000 new species, adding entire chapters to the “book of life” on this planet.

“Microbes make up about a half of the Earth’s biomass, whereas all animals only make up about one one-thousandth of all the biomass,” he said. “If you ever swallow a mouthful of seawater, keep in mind that each milliliter has about a million bacteria and on the order of 10 million viruses.”

Next, Venter and his team started decoding the functions of different genes, recognizing which ones were necessary to survive in different environments — for instance, how microorganisms living at different depths adapted to more or less light.

As we learned more about how elegantly DNA stored our information, we started looking for bigger lessons on design and information storage. In 2008, Paul Rothemund told TED about how our long strands of DNA were able to fit into a compact space: by folding themselves into complex origami.

At this point, in 2008, it’s been seven years since the human genome was first sequenced, and Rothemund takes a minute to marvel at how the field known as biotechnology has grown and diversified, as we begin to grasp the magnitude of what we could learn from genetic code: “My friends, molecular programmers, and I … are interested in using DNA, RNA and protein, and building new languages for building things from the bottom up, using biomolecules, potentially having nothing to do with biology.”

In his own work, he took lessons from DNA’s shape that inform design for very small computers: “They took a DNA origami, organized some carbon nanotubes, made a little switch, wired it up, tested it and showed that it is indeed a switch. Now, this is just a single switch and you need half a billion for a computer, so we have a long way to go. But the origami can organize parts just one-tenth the size of those in a normal computer. So it’s very promising for making small computers.”

Meanwhile: “The 3.2 billion base pairs inside each of your cells is really a history of where you’ve been for the past billion years,” as Enriquez put it in his early talk. So at TEDGlobal in 2011, Svante Pååbo introduced us to some newly discovered clues in our DNA that linked us back to our Neanderthal ancestors.

As Pååbo says: “The two human DNA sequences go back to a common ancestor quite recently. Farther back, there is one shared with chimpanzees. And because these mutations happen approximately as a function of time, you can transform these differences to estimates of time, where the two humans, typically, will share a common ancestor about half a million years ago.”

By 2009, technology to sequence human genomes was so cheap and accessible that Ellen Jorgenson set up a DIY biohacking lab in Brooklyn, called Genspace.

“The idea,” she said, “is that if you open up the science and you allow diverse groups to participate, it could really stimulate innovation. Putting technology in the hands of the end user is usually a good idea because they’ve got the best idea of what their needs are. And here’s this really sophisticated technology coming down the road, all these associated social, moral, ethical questions, and we scientists are just lousy at explaining to the public just exactly what it is we’re doing in those labs. So wouldn’t it be nice if there was a place in your local neighborhood where you could go and learn about this stuff, do it hands-on? I thought so.”

Bonus: Jorgenson gave TED an update on how much it cost to process human genomes: “Reading and writing DNA code is getting easier and cheaper. By the end of this year, we’ll be able to sequence the three million bits of information in your genome in less than a day and for less than 1,000 euros.” Enriquez’s 2003 prediction on how rapidly this technology would develop had come true!

But as she suggests, as the technology became more complicated, it brought up hard ethical questions about human life and evolution. Should we edit ourselves? Our children? Other species?

Stewart Brand told TED in 2013 about some of the opportunities available to conservationists who were mourning extinct species.

“What if you could find out that, using the DNA in museum specimens, fossils maybe up to 200,000 years old could be used to bring species back, what would you do? Where would you start?”

“Well, you’d start by finding out if the biotech is really there. I started with my wife, Ryan Phelan, who ran a biotech business called DNA Direct, and through her, one of her colleagues, George Church, one of the leading genetic engineers, who turned out to be also obsessed with passenger pigeons and a lot of confidence that methodologies he was working on might actually do the deed.”

George Church was experimenting with a method of rebuilding ancient damaged genomes to bring back extinct species, Brand told us: “He has a machine called the Multiplex Automated Genome Engineering machine. It’s kind of like an evolution machine. You try combinations of genes that you write at the cell level and then in organs on a chip, and the ones that win, that you can then put into a living organism. It’ll work.”

After this talk, Chris Anderson said to Brand, “I suspect there are some people out there asking tormented questions: ‘Wait a minute, there’s something wrong with mankind interfering in nature in this way. There’s going to be unintended consequences. You’re going to uncork some sort of Pandora’s box of who-knows-what.’ Do they have a point?”

Brand responded, “Well, we interfered in a big way by making these animals go extinct.”

Over the next few years, we saw new tools built from our ability to read and process gene codes — and new ethical questions that were starting to keep us up at night.

In a challenging court case that became a TEDx Talk, Tania Simoncelli asked our audience if we should be able to patent a gene?

Simoncelli discussed a case she worked on that involved the BRCA1 and BRCA2 genes, which can be markers for breast cancer — and on which a biotech company had secured a patent in the 1990s.

What does that mean? It meant that you couldn’t give your gene to your doctors and ask them to look at it, without permission of the patent holder. It also meant that the patent holder had the right to stop anyone else from using that gene in research or clinical testing.

Luckily, there’s a long history of legal cases in the United States that ruled similar patents illegal. “Turns out that the Supreme Court has made clear that … you can’t patent products of nature — the air, the water, minerals, elements of the periodic table. And you can’t patent laws of nature — the law of gravity, E = mc2. These things are just too fundamental and must remain free to all and reserved exclusively to none.“

Present at court the day of the trial, she says, was “the co-discoverer of DNA himself, James Watson, who had submitted a brief to the court, where he referred to gene patenting as ‘lunacy.’” They won their case, protecting the public’s access to their own genetic code.

That same year, Jorge Soto demoed his tool for early cancer detection, leveraging a few new things we had learned about RNA and the recently discovered microRNAs, RNAs that influence gene expression.

“Unlike DNA, which is mainly fixed, microRNAs can vary depending on internal and environmental conditions, telling us which genes are actively expressed at that particular moment. And that is what makes microRNAs such a promising biomarker for cancer, because as you know, cancer is a disease of altered gene expression. It is the uncontrolled regulation of genes.”

“No two cancers are the same, but at the microRNA level, there are patterns. Several scientific studies have shown that abnormal microRNA expression levels creates a unique, specific pattern for each type of cancer, even at the early stages, reflecting the progression of the disease, and whether it’s responding to medication or in remission, making microRNAs a perfect, highly sensitive biomarker.”

With these tags, Soto’s team has been able to detect pancreatic, breast, lung and hepatic cancer with image detection in the cloud via a smartphone.

Meanwhile, a revolution in gene editing was brewing, with the advent of CRISPR, a basic, simple and reliable tool to edit genes quite precisely. In 2015 CRISPR’s co-inventor, Jennifer Doudna, walked us through the process — and laid out a vision for using it responsibly.

In 2015, Enriquez came back to TED with a bold talk on the ethical questions we’ll have when we start modifying the next human species. Which we definitely will. His talk lays out five basic principles for the bioethics around gene editing, things like: Take responsibility, and Accept diversity. And he closed by saying:

“This is the single most exciting adventure human beings have been on. It would be a crime for you not to participate in this stuff because you’re scared of it, because you’re hiding from it. You can participate in the ethics. You can participate in the politics. You can participate in the business. You can participate in just thinking about where we’re going to take the world. It would be a crime for all of us not to be aware.”

2016 brought new ethical questions. Jennifer Kahn challenged our audience to learn more about gene drives, global efforts to eradicate a disease through genetic engineering, empowered by CRISPR, which she calls “basically a word processor for genes. You can take an entire gene out, put one in, or even edit just a single letter within a gene. And you can do it in nearly any species.”

There are two sides to the genes drives story, she points out:

“The good news is that this opens the door to some remarkable things. If you put an anti-malarial gene drive in just 1 percent of Anopheles mosquitoes, the species that transmits malaria, researchers estimate that it would spread to the entire population in a year. So in a year, you could virtually eliminate malaria.”

“This is the bad news. Gene drives are so effective that even an accidental release could change an entire species, and often very quickly.”

It’s clear the first TED Talks online audience, back in 2006, was already getting hints of the world of today, 2016, a time in which we can zap genes one by one, create patient-specific medicines, and build computers that steal ideas from DNA folding. Our speakers have unpacked this quickly developing field for our audience with clarity, humor and insight. Now: what’s next?

TEDFrom 1984 to 2016: TED Talks about interfaces to our technology

Over the past 10 years, TED Talks videos have tracked our ever-tighter relationship with technology — including the tools we use to access it, our interfaces … from keyboards and mice to magic wands and sensory vests. For our guide to this evolving field, we start with MIT Media Lab founder Nicholas Negroponte’s talk from the very first TED, in 1984, in which he makes five predictions about how our relationship to technology will change. Let’s roll through all five:

  1. In his talk, Negroponte asks the question that TED speakers have been trying to answer ever since: “Can it be a little bit more pleasurable to deal with a computer?”

To set the scene, remember that in 1984 you looked at computers via a TV screen, and as Negroponte reminds us: “TV was designed to be looked at from eight times the distance of the diagonal. So you get a 13-inch, 19-inch, whatever, TV, and you should multiply that by eight, and that’s the distance you should sit away from the TV set.” Over the next decades, we saw engineers and designers steadily remove that distance between the individual and interface.

In 2009, Pranav Mistry described his quest to make interfaces from our screens more tangible in our physical environments.

He describes a device that would replace television, bringing images much closer to our bodies. “I actually thought of putting a big-size projector on my head. I think that’s why this is called a head-mounted projector, isn’t it? I took it very literally, and took my bike helmet, put a little cut over there so that the projector actually fits nicely. So now, what I can do — I can augment the world around me with this digital information.” Is he predicting the virtual reality headsets that we would see in 2015? No — he’s working on a way to augment our senses: “I realized that I actually wanted to interact with those digital pixels, also. So I put a small camera over there that acts as a digital eye. Later, we moved to a much better, consumer-oriented pendant version of that, the SixthSense device.”

The functions of SixthSense sound a lot like some of the goals of now-ubiquitous devices like iPhones and activity trackers: “You can carry your digital world with you wherever you go. You can start using any surface, any wall around you, as an interface. The camera is actually tracking all your gestures. Whatever you’re doing with your hands, it’s understanding that gesture.” We’re slowly removing that barrier between human and machine that Negroponte described earlier with TVs.

In 2015, Nonny de la Peña described the power of virtual reality as an opportunity for storytellers and readers alike: “What if I could present you a story that you would remember with your entire body and not just with your mind? My whole life as a journalist, I’ve been compelled to try to make stories that can make a difference and maybe inspire people to care. I’ve worked in print. I’ve worked in documentary. I’ve worked in broadcast. But it really wasn’t until I got involved with virtual reality that I started seeing these really intense, authentic reactions from people that really blew my mind.”

Without the separation between human and machine interface, “you get this whole-body sensation, like you’re actually there,” she says. Her stories introduced readers to a man falling into a diabetic coma while waiting in line for food at a food bank in Los Angeles, life in Syria during the civil war — and the night of the Trayvon Martin shooting. Her stories took on an emotional experience because they involved all of our senses.

  1. Back in 1984, Negroponte described all the steps it took for a user to interact with information on a computer screen using a computer mouse, and our speakers offered some alternatives.

“When you think for a second of the mouse on Macintosh — and I will not criticize the mouse too much — when you’re typing, first of all, you’ve got to find the mouse. You have to probably stop, you find the mouse, and you’re going to have to wiggle it a little bit to see where the cursor is on the screen. And then when you finally see where it is, then you’ve got to move it to get the cursor over there, and then — ‘bang’ — you’ve got to hit a button or do whatever. That’s four separate steps, versus typing and just doing it all in one motion, or one-and-a-half, depending on how you want to count.” Negroponte was critical of how little we used our whole hands during this process.

Fast forward to 2015 and we’ve removed the mouse altogether; at TEDxCERN, Sean Follmer shows us a new touch-based interface that molds our input devices to our needs.

When we use the standard keyboard and mouse for everything from word processing to shopping to gaming, “it doesn’t allow us to interact, to capture the rich dexterity that we have in our bodies. We need new interfaces that can capture these rich abilities that we have and that can physically adapt to us and allow us to interact in new ways.”

A knockout moment in his demo: an interface that allows two people on a Skype call to reach out from the screen. A tool called inFORM “represents people’s hands, allowing them to actually touch and manipulate objects at a distance.”

  1. What’s an exciting alternative to the computer mouse, Negroponte asks in 1984? Maybe, an early generation of touch screens.

“You could build a pressure-sensitive display. And when you touch it with your finger, you can actually, then, introduce all the forces on the face of that screen, and that actually has a certain amount of value. Let me see if I can load another disc and show you, quickly, an example …”

Ten years ago, Jeff Han demoed his breakthrough multi-touch screen at TED to gasps and two standing ovations.

As he describes the device, “It’s about 36 inches wide and it’s equipped with a multi-touch sensor. Normal touch sensors that you see, like on a kiosk or interactive whiteboards, can only register one point of contact at a time. This thing allows you to have multiple points at the same time. They can use both my hands; I can use chording actions; I can just go right up and use all 10 fingers if I wanted to.”

Stepping forward one decade, at TED2016, augmented-reality demos from Meta and Hololens presented new ways that users could interact with data.

Meta’s headset projected holograms, creating an augmented reality that displayed not only what was physically present in the environment, but layers of additional images and information. Meta’s Meron Gribetz presents their design strategy with the goal “To isolate the single most intuitive interface, we use neuroscience to drive our design guidelines, instead of letting a bunch of designers fight it out in the boardroom. And the principle we all revolve around is what’s called the ‘Neural Path of Least Resistance.'”

The second design principle he calls “touch to see,” allowing users to use gestures to move images and information projected before their eyes.

Alex Kipman described Microsoft HoloLens as “the first fully untethered holographic computer. Devices like this will bring 3D holographic content right into our world, enhancing the way we experience life beyond our ordinary range of perceptions.

  1. Negroponte was excited about computers moving into classrooms. The next stage of education could be code, he predicted. This presented a whole new spectrum of how we could “measure intelligence.”

“You give a kid — a 3-year-old kid — a computer and they type a little command and — Poof! — something happens. And all of a sudden … You may not call that reading and writing, but a certain bit of typing and reading stuff on the screen has a huge payoff, and it’s a lot of fun.

In 2016, Reshma Saujani pushed us to think about the ways that coding in education also meant empowering our girls. The Girls Who Code founder showed how coding taught students to celebrate and learn from their mistakes in ways that traditional educational programs did not.

“I started a company to teach girls to code, and what I found is that by teaching them to code I had socialized them to be brave. Coding, it’s an endless process of trial and error, of trying to get the right command in the right place, with sometimes just a semicolon making the difference between success and failure. Code breaks and then it falls apart, and it often takes many, many tries until that magical moment when what you’re trying to build comes to life. It requires perseverance. It requires imperfection.”

Coding, as Negroponte predicted, created a new space in education for a different type of learning and creating. This turned out to be a game changer in education strategy.

  1. In his closing point, Negroponte proposes technology that replaces interfaces altogether with different objects — to sometimes surreal effect.

“We were asked to do a teleconferencing system where you had the following situation: you had five people at five different sites — they were known people — and you had to have these people in teleconference, such that each one was utterly convinced that the other four were physically present. Now, that is sufficiently zany that we would, obviously, jump to the bait, and we did. And we actually went so far as to build CRTs in the shapes of the people’s faces. So if I wanted to call my friend Peter Sprague on the phone, my secretary would get his head out and bring it and set it on the desk.”

In 2014, James Patten introduced new ways for museum visitors to learn about science in interactive exhibits. “I built an interactive chemistry exhibit at the Museum of Science and Industry in Chicago, and this exhibit lets people use physical objects to grab chemical elements off the periodic table and bring them together to cause chemical reactions to happen.”

“And the museum noticed that people were spending a lot of time with this exhibit, and a researcher from a science education center in Australia decided to study this exhibit and try to figure out what was going on. And she found that the physical objects that people were using were helping people understand how to use the exhibit, and were helping people learn in a social way.” There were opportunities for both more introverted and more extroverted learners to interact with machines to improve their experiences!

At TEDxSydney in 2015, Tom Uglow envisioned a world where users could interact with the internet all around them without using screens.

“Your phone is not very natural. And you probably think you’re addicted to your phone, but you’re really not. We’re not addicted to devices, we’re addicted to the information that flows through them. Reality is richer than screens.”

Imagine a forest where “children might have an opportunity to visit an enchanted forest guided by a magic wand, where they could talk to digital fairies and ask them questions, and be asked questions in return… I’m very excited by the possibility of getting kids back outside without screens, but with all the powerful magic of the Internet at their fingertips.”

Another version of this information without screens came from David Eagleman’s talk in 2015, where he unveiled a vest that added another dimension to human senses.

Our brains were not created to understand the scope of the entire universe, he says. “Now, what this means is that our experience of reality is constrained by our biology, and that goes against the commonsense notion that our eyes and our ears and our fingertips are just picking up the objective reality that’s out there. Instead, our brains are sampling just a little bit of the world.”

In a dramatic moment, he unveils the vest that processes data from the internet into patterns for our bodies to interpret, adding a new sense that could help “an astronaut being able to feel the overall health of the International Space Station, or, for that matter, having you feel the invisible states of your own health, like your blood sugar and the state of your microbiome, or having 360-degree vision or seeing in infrared or ultraviolet.” Maybe the next sense, the next interface would be further augmentations to our bodies, creating a true symbiosis between person and machine.

The machines we’ve encountered over the last few years help us connect between, feel more deeply, and interact more seamlessly with technology. It’s exciting to see how many of Nicholas Negroponte’s predictions came to fruition in ways he couldn’t imagine.


Planet DebianReproducible builds folks: First steps towards getting containers working

Author: ceridwen

The 0.1 alpha release of reprotest has been accepted into Debian unstable and is available for install at or through apt.

I've been working on redesigning reprotest so that it runs commands through autopkgtest's adt_testbed interface. For the most part, I needed to replace explicit calls to Python standard library functions for copying files and directories with calls to adt_testbed.Testbed.command() with copyup and copydown, and to use Testbed.execute() and Testbed.check_exec() to run commands instead of subprocess.

To test reprotest on the actual containers requires having containers constructed for this purpose. autopkgtest has a test that builds a minimal chroot. I considered doing something like this approach or using BusyBox. However, I have a Python script that mocks a build process, which requires having Python available in the container, and while I looked into busybox-python and MicroPython to keep the footprint small, I decided that for now this would take too much work and decided to go straight to the autopkgtest recommendations for building containers, mk-sbuild and vmdebootstrap. (I also ended up discovering a bug in debootstrap.) This means that to get the tests run requires some manual setup at the moment. In the long run, I'd like to improve that, but it's not an immediate priority. While working on adding tests for the other containers supported by autopkgtest, I also converted to py.test so that I could use fixtures and parametrization to run the Cartesian product of each variation with each container.

With tests written, I started trying to verify that my new code worked. One problem I encountered while trying to debug was that I wasn't getting full error output. In VirtSubproc.check_exec(), execute_timeout() acts something like a Popen() call:

(status, out, err) = execute_timeout(None, timeout, real_argv,
                                     stdout=stdout, stderr=subprocess.PIPE)

if status:
    bomb("%s%s failed (exit status %d)" %
         ((downp and "(down) " or ""), argv, status))
if err:
    bomb("%s unexpectedly produced stderr output `%s'" %
         (argv, err))

The problem with this is that if the call returns a non-zero exit code, which is typical for program failures, stderr doesn't get included in the error message.

I changed the first if-block to:

if status:
    bomb("%s%s failed (exit status %d)\n%s" %
         ((downp and "(down) " or ""), argv, status, err))

Another example is that autopkgtest calls schroot with the --quiet flag, which in one case was making schroot fail without any output due to a misconfiguration. I'm still trying to find and eliminate more places where errors are silenced.

autopkgtest was designed to be installed with Debian's packaging system, which handles arbitrary files and directory layouts. Unfortunately, setuptools is completely different in a way that doesn't work well with autopkgtest's design. (I'm sure this is partly because setuptools has to support all the different major OSes that run Python, including Windows.) As I discussed last week, autopkgtest has Python scripts in virt/ that are executed by subprocess calls in adt_testbed. Because these scripts import files from lib/, there needs to be an in virt/ to make it into a package and a sys.path hack in each script to allow it to find modules in lib/. Unfortunately, setuptools will not install this structure. First, setuptools will not install any file without a .py extension into a package. Theoretically, this is fixable, the files in virt/ are Python scripts so I could rename them. (Theoretically, there's supposed to be some workaround involving or package_data in, but I have yet to find any documentation or explanation giving a method for installing non-Python files inside a Python package.) Second, however, setuptools does not preserve the executable bit when installing package files. The obvious workaround, changing the subprocess calls so that they invoke python virt/ rather than virt/ requires changing all the internal calls in the autopkgtest code, which I'm loathe to do for fear of breaking it. (It's not clear to me I can easily find all of the calls, for starters.)

There are about three solutions to this I see at the moment, all of them difficult. The first involves using either the scripts keyword or console_scripts entry point in, as explained here. The scripts keyword is supposed to preserve the executable bit according to this StackExchange question, but I haven't verified this myself, and like everything to do with setuptools I don't trust anything anyone says about it without testing it myself. It also has the disadvantage of dumping them all into the common scripts directory. Using console_scripts involves rewriting all of them to have an executable function I can refer to in I worry that this would be both fragile and break existing expectations in the rest of the autopkgtest code, but it might be the best solution. The third solution involves refactoring of all the autopkgtest code to import the code in the scripts rather than running it through subprocess calls. I'm reluctant to do this because I think it's almost certain to break things that will require significant work to fix.

Getting setuptools to install the autopkgtest code correctly is one blocker for the next release. Another is that autopkgtest's handling of errors during the build process involves closing the adt_testbed.Testbed so it won't take further commands. Unfortunately, this handling runs before any cleanup code I write to run outside it, which means that at the moment errors during the build will result in things like disorderfs being left mounted.

The last release blocker is that adt_testbed doesn't have any way to set a working directory when running commands. For instance, the virt/schroot script always calls schroot with --directory=/. I thought about trying to use absolute paths, but decided this was unintuitive and impractical. For the user, this would mean that instead of running something simple like make in the correct directory, they would have to run make --file=/absolute/path/to/Makefile or something similar, making all paths absolute. I worry that some build scripts wouldn't handle this correctly, either: for instance, running python from a different directory can have different effects because Python's path is initialized to contain the current directory. Changing this is going to require going deeper into the autopkgtest code than I'd hoped.

I intend to try to resolve these three issues over the next week and then prepare the next release, though how much progress I make depends on how thorny they turn out to be.

TEDThings we think we know: Notes from Session 2 of TEDSummit

In Session 2, our speakers debunked received wisdom, looked critically at common knowledge — and restarted conversations we thought were closed. Here, our report: 

Antique lamps, new sound. Brothers Ryan and Hays Holladay opened Session 2 completely unseen. In near pitch-black darkness, broken antique lamps lit up one by one — each perfectly matched with an electronic musical pitch. As the melody and tempo changed, so did the rhythm of the light, changing color from white, to red, to purple. With the addition of synthesized claps, the ethereal sound took a slight hip hop beat. After the performance, TED’s Content Director Kelly Stoetzel asked them what their inspiration was, “Initially the idea was to create a small set up to play with color and light in addition to just sound. We fell in love with taking these objects and imbuing them with life, giving them a new functionality.”

African growth is a trend, not a fluke. When economist Ngozi Okonjo-Iweala spoke at the first TED in Africa, back in 2008, she drew our attention to Africa’s surprising growth. Now she returns to the stage to acknowledge that the continent’s rocketship growth of the late 2000s has slowed … and to make the case that growth can get back on track if African nations lean into what Africa as a continent has been doing well — and address eight challenges that might hold back a better future.  

Photo by Bret Hartman/TED.

Josh Tetrick wants to reimagine the food system — breaking our addiction to corn, soy and wheat, and looking to exotic grains and plants for the proteins and micronutrients we need. Photo by Bret Hartman/TED.

Starting over in food. After a brush with death, Josh Tetrick woke up and rethought his life. What would you do if you had only 5 years to live? He decided to devote his life to working on issues of starvation, malnutrition and “crappy food” plaguing families and children across the world, to the design of a food system that believes to be “actually aligned with our values.” Tetrick and his colleagues have been working on a platform that allows consumers to search a database of edible plants and find a numerical assessment of their molecular qualities. These qualities then show what plants are well suited for certain tastes and consistencies, and what plants may be able to achieve these tastes and consistencies under the most sustainable and nutritious conditions. For example, the grain to make “a good cookie that uses less carbon, less sodium and less cholesterol” or a substitute for “scrambled eggs that use less water and less arable land.” Through his program, Tetrick hopes to revolutionize the industrial food system to creates food that is both better for our children and the environment.

Photo by Marla Aufmuth/TED.

Anthropologist Helen Fisher, at right, studies whether romantic love is changing in the age of the Internet. Her conclusion: Not really. Relationship therapist Esther Perel, center, makes the case that tech does allow a new range of bad behavior, in an onstage Q&A hosted by Kelly Stoetzel (left). Photo by Marla Aufmuth/TED.

Our primordial drive to love. “We are built to love,” says anthropologist and romantic love expert Helen Fisher. The part of our brain that loves has evolved over thousands of years, and while technology may change how we court one another, it is not going to change who or how we love, ”the only real algorithm is your own human brain.” But there may be one change driven by technology: people are taking their time to love, extending the pre-commitment stage before marriage not because they’re scared of commitment but because they’re afraid of divorce. “We are right now in a marriage revolution,” suggests Fisher, driven not by technology but women piling into the job market, and that revolution is pushing us towards more egalitarian relationships between the sexes. At the end of a heart-warming affirmation of our drive to love, relationship therapist Esther Perel joined Fisher onstage to counter that while our need for love is universal, the way we love (and the way we keep our distance from love) is changing fundamentally.

Don’t buy the flashy CRISPR marketing. CRISPR — so easy to use and cheap to buy, you can edit your own genome in your kitchen sink!! Right? Not so fast, says Ellen Jorgensen. As a biologist and community science advocate, she knows that CRISPR’s hijack of nature’s surprisingly simple DNA repair system makes it easier for scientists to edit particular spots in the genome. But that doesn’t mean anyone can simply edit DNA beyond a cellular level, she warns. To impact an entire body, for example,  you’d have to use a virus, which requires more scientific expertise and a professional lab — at the very least. In other words, “It ain’t plug and play, not by a long shot.” The bigger picture is that the flashy do-it-yourself idea of CRISPR shouldn’t overshadow the remarkable strides scientists are making in their experiments with it. Paying close attention to the latter, she suggests, can ensure more positive outcomes for the environment and for ourselves.

Photo by Marla Aufmuth/TED.

TED Prize winner Sarah Parcak is just back from Peru, where, more than 100 years ago, Machu Picchu was rediscovered. Now, Parcak’s new crowd-sourcing platform can enable even more discovery of Peru’s fascinating history.  Photo by Marla Aufmuth/TED.

Crowd-sourcing the hunt for our history. If someone gave you a million dollars, how would you give it back to the world? Noted archaeologist Sarah Parcak announced tonight that she has used the money from winning the 2016 TED Prize to finance the building of Global Xplorer, an internet-based citizen-scientist platform that will allow anyone with a computer to join Parcak in her groundbreaking (literally) work that involves carefully poring over satellite imagery to spot previously undiscovered ancient sites. Parcak also announced that the first place she would partner up with her online Global Xplorer cohort to search would be Peru. Over the past few millennia, Peru was home to dozens of pre-Columbian cultures — the Incas are just the tip of the iceberg. In addition, the overgrown remoteness of much of the Peruvian landscape means much of it is still unexplored. However, the timing is crucial, as looting has become a serious problem at Peru’s ancient cultural sites. With the new initiative, Parcak hopes to help locate and preserve Peruvian cultural heritage for generations to come. Read more about what we hope to find.

Are we stealing nature from our kids? The short answer is — well, yes … but not in the way you’ve learned to expect. Environmental writer Emma Marris urges us to reconsider what we define as nature, when we talk about edens like Yellowstone and the Great Barrier Reef, to the wild, untended patches of grass and weeds growing in abandoned lots and around deserted buildings. (It may surprise you that that patch is most likely more biologically diverse than an entire national park.) What we define as “nature,” something generally understood as a place pure and devoid of human influence, is (by most definitions) not; even in some of the most isolated areas in the world, such as the Amazon, where people have lived for millennia. These new natures that spring up — such as that unkempt patch — must be not dismissed, and rather celebrated and cared for, in order to be protected by allowing our future generations into these truly wondrous places. How? Take kids to builds forts outside, to experience the natural world not just with their eyes, but their hands and entire beings. “We have to let children touch nature,” says Marris. “Because that which is untouched is unloved.”

Planet DebianJose M. Calhariz: at daemon 3.1.20, with 3 fixes

From the Debian BUG system I incorporated 3 fixes. One of them is experimental. It fixes a broken code but may have side effects. Please test it.

  • New release 3.1.20:
   * Add option b to getopt, (Closes: #812972).
   * Comment a possible broken code, (Closes: #818508).
   * Add a fflush to catch more errors during writes, (Closes: #801186).

You may download from here at_3.1.20.orig.tar.gz.

Planet DebianPaul Wise: DebCamp16 day 5

Beat head against shiny cats (no animals were harmed). Discuss the spice of sillyness. Forward a wiki bounce to the person. Mention my gobby git mail cron job. Start adopting the adequate package. Discuss cats vs licensecheck with Jonas. Usual spam reporting. Review wiki RecentChanges. Whitelisted one user in the wiki anti-spam system. Finding myself longing for a web technology. Shudder and look at the twinklies.

CryptogramSecurity Analysis of TSA PreCheck

Interesting research: Mark G. Stewart and John Mueller, "Risk-based passenger screening: risk and economic assessment of TSA PreCheck increased security at reduced cost?"

Executive Summary: The Transportation Security Administration's PreCheck program is risk-based screening that allows passengers assessed as low risk to be directed to expedited, or PreCheck, screening. We begin by modelling the overall system of aviation security by considering all layers of security designed to deter or disrupt a terrorist plot to down an airliner with a passenger-borne bomb. Our analysis suggests that these measures reduce the risk of such an attack by at least 98%. Assuming that the accuracy of Secure Flight may be less than 100% when identifying low and high risk passengers, we then assess the effect of enhanced and expedited (or regular and PreCheck) screening on deterrence and disruption rates. We also evaluate programs that randomly redirect passengers from the PreCheck to the regular lines (random exclusion) and ones that redirect some passengers from regular to PreCheck lines (managed inclusion). We find that, if 50% of passengers are cleared for PreCheck, the additional risk reduction (benefit) due to PreCheck is 0.021% for attacks by lone wolves, and 0.056% for ones by terrorist organisations. If 75% of passengers rather than 50% go through PreCheck, these numbers are 0.017% and 0.044%, still providing a benefit in risk reduction. Under most realistic combinations of parameter values PreCheck actually increases risk reduction, perhaps up to 1%, while under the worst assumptions, it lowers risk reduction only by some 0.1%. Extensive sensitivity analyses suggests that, overall, PreCheck is most likely to have an increase in overall benefit.

The report also finds that adding random exclusion and managed inclusion to the PreCheck program has little effect on the risk reducing capability of PreCheck one way or the other. For example, if 10% of non-PreCheck passengers are randomly sent to the PreCheck line, the program still is delivers a benefit in risk reduction, and provides an additional savings for TSA of $11 million per year by reducing screening costs -- while at the same time improving security outcomes.

There are also other co-benefits, and these are very substantial. Reducing checkpoint queuing times improves in the passenger experience, which would lead to higher airline revenues, can exceed several billion dollars per year. TSA PreCheck thus seems likely to bring considerable efficiencies to the screening process and great benefits to passengers, airports, and airlines while actually enhancing security a bit.

TEDMeet some of the world’s most colorful idioms

Mauritian Creole: "Cook and pour!" Used to spur someone to do something quick and well. Thai: "Cowness hasn't gone, buffaloness intervened" When an existing problem hasn't been solved, but another problem emerged, causing the situation to turn even worse than before.

Left: An idiom from Mauritian Creole: “Cook and pour!” It’s used to spur someone to do something quick and well. At right, a Thai idiom: “Cowness hasn’t gone, buffaloness intervened.” It’s used when an existing problem hasn’t been solved, but another problem emerged, causing the situation to turn even worse than before. Illustrations by Masahito Leo Takeuchi

“In a country with no dogs, cats are forced to bark.” This idiom in Georgian is colorful and cute — but what does it mean? According to Georgian translator Levan Lashauri: “When due to lack of qualified people, a task is given to, or done by, someone who is unable to do it properly.” (You know this idea will come in handy.) Cultural context is key to understanding some of the wisest and most pungent phrases in any language. Our volunteer TED Translators overcome this challenge all the time when they subtitle TED Talks — they build a cultural frame for speakers’ ideas with the words they choose to preserve meaning for viewers in their language.

This week at TEDSummit, 47 TED Translators are using idioms from their native languages to connect with Summit attendees. The idioms were illustrated by London-based artist Masahito Leo Takeuchi. His illustrations have been turned into stickers that attendees can collect from the translators they meet. Translators explain to attendees what the idiom means, oftentimes in exchange for a little song and dance, or an idiom in the attendee’s own language.

Check out the full set of idiom stickers, and watch this short video about how they’re connecting TEDSummit attendees.

This post first appeared on the TED Translators blog.

CryptogramFacebook Using Physical Location to Suggest Friends

This could go badly:

"People You May Know are people on Facebook that you might know," a Facebook spokesperson said. "We show you people based on mutual friends, work and education information, networks you're part of, contacts you've imported and many other factors."

One of those factors is smartphone location. A Facebook spokesperson said though that shared location alone would not result in a friend suggestion, saying that the two parents must have had something else in common, such as overlapping networks.

"Location information by itself doesn't indicate that two people might be friends," said the Facebook spokesperson. "That's why location is only one of the factors we use to suggest people you may know."

The article goes on to describe situations where you don't want Facebook to do this: Alcoholics Anonymous meetings, singles bars, some Tinder dates, and so on. But this is part of Facebook's aggressive use of location data in many of its services.

BoingBoing post.

EDITED TO ADD: Facebook backtracks.

Don MartiBig opportunities in 2016

When a big industry is wrong about important things, that's an opportunity.

  • adfraud is a problem for everybody.

  • Making ads "better" will fix ad blocking.

The first one is wrong because adfraud is priced in. Advertisers see a fraud-adjusted price, and intermediaries get paid, fraud or no fraud. The people who pay for adfraud are legit sites that compete with fraudulent ones, users who bear the costs of adfraud malware, and the copyright holders of work that shows up on ad-supported pirate sites. (The "publisher share" of online ad revenue includes undetected fraud.)

The second one is wrong because there are no "bad" ads. The same annoying and intrusive practices that get high response rates also provoke ad blocking.

Anyway, big opportunity. More on that later. For now, here's some background reading.

Mark Duffy: Copyranter: The biggest digital dumbasses of 2015

Ethan Zuckerman: Will 2016 be the year web advertisers realise we don’t want to be monitored?

Paul Muller, Adjust: Install fraud is threatening the app economy

BOB HOFFMAN: 5 Questions For The New Year

Jim Spanfeller: Opinion: The big lies of ad tech


Dawn Chmielewski: How ‘Do Not Track’ Ended Up Going Nowhere

Ricardo Bilton: Digital publishers face a winter of discontent (via Nieman Lab)

Adam Kleinberg: Why Ad Tech Is the Worst Thing That Ever Happened to Advertising

kevinmarks: Paul Graham has accidentally explained everything wrong with Silicon Valley’s world view - Quartz

Top News & Analysis: Inside Yahoo's troubled advertising business

Violet Blue: You say advertising, I say block that malware

VB Staff: Digital advertising forecast for 2016: Brands cut back, agencies double down

Allison Schiff: The Consumer POV On Cross-Device Tracking: ‘No, Thanks’

Scripting News: It's time to care about the open web

Steven Englehardt: Do privacy studies help? A Retrospective look at Canvas Fingerprinting

Michael Eisenberg: 2016 Prediction!

David Chavern: Opinion: Ad blocking threatens democracy

Lewis DVorkin, Forbes Staff: Inside Forbes: Our Ad Block Test Stirs Up Emotions, Then Brings Learnings and New Data

Frédéric Filloux: Google’s AMP Poised To Take The Lead From Facebook’s And Apple’s Walled Gardens

James Warren: Newspaper bosses ‘paralyzed’ by change, clueless about paid content, says Steve Brill

Robinson Meyer: Will More Newspapers Go Nonprofit?

Lubomir Rintel: NetworkManger and tracking protection in Wi-Fi networks

Doc Searls: Rethinking John Wanamaker

Laura Hautala: You'd say 'no' to your Android phone, if only you could, study finds - CNET

José Sáenz: Whitelist: Permission Based Marketing for the Web

Cog Blog: Just Because We Can… MediaDailyNews: Little Progress In War On Ad Fraud

Heather West: Prioritizing privacy: Good for business

Corey Layton: Podcast Pioneers: Where Audiences Choose to Listen to the Ads

Garett Sloane: What Apple’s iAd changes mean for the industry

Krux Digital: Data’s Role in Combatting Ad Blockers

Dave Carroll: One-Click Adblocking Peace Treaty

Matt Kapko: Why the ad industry will never win the war on ad blockers

Ben Thompson: The FANG Playbook (via Stratechery by Ben Thompson)

Digg Top Stories: The Secrets I Learned Writing Clickbait

Stephanie Hobson: Google Analytics, Privacy, and Event Tracking

Media Briefing TheMediaBriefing Analysis: Last chance to save US newspapers

BOB HOFFMAN: Advertising's Comedy Bitchfight

Cog Blog: The Advertiser Agency Battle Rumbles On

Erica Berger: The next generation of journalism students have no idea what they’re getting into

BOB HOFFMAN: Native Advertising - Just More Online Corruption

Andrea Peterson: The massive new privacy deal between U.S. and Europe, explained

Lindsay Rowntree: Failure to Act Against Ad Fraud is Equal to Supporting Cybercrime

Baekdal Plus: The Amazing Google And The Not So Amazing Ads

Rob Leathern: Advertising Needs to Become Harder to Buy

Rick Falkvinge: It doesn’t matter why data is collected: it only matters that it is

David Dayen: Eric Holder Makes Ads for Hillary Clinton While Making Deals for Corporate Clients

Stephen Kliff: Booting the bots: New botnet protections across our ads systems

Adrienne LaFrance: Facebook and the New Colonialism

Violet Blue: RIP: Adblock Plus

BOB HOFFMAN: Waste Not, Grow Not

The Earl Blog: Adblocking could allow news publishers to turn hate into opportunity

Media Briefing TheMediaBriefing Analysis: Guardian Media Group's David Pemsel: A paywall "would diminish our reach and influence around the world"

Cog Blog: Advertising Dies a Little

Dan Gillmor: Why Don’t Tech Reviews Discuss Gadget Security and Privacy?

Media Briefing TheMediaBriefing Analysis: The game has changed: Adblocking and audience consent

David Barton: Adblock users in their own words: what makes them tick?

BOB HOFFMAN: Why Online Ad Industry Can't Reform Itself

Cog Blog: Programming and Airtime Deals CPP: A Standardized Alternative to AMP

Ben Williams: Acceptable Ads explained: monetization

tony: Looking Back: Seven Years at Chartbeat

Scripting News: My open Instant Articles feed

Randy: Widespread XSS Vulnerabilities in Ad Network Code Affecting Top Tier Publishers, Retailers These Detroit-area journalists are breaking big stories...without the backing of major news outlets

Romain Gambier: Building Towards Value with Atlas

Bryan Clark: FCC drops the hammer on Verizon over ‘supercookie’ usage

Guardian readers and Tom Stevens: Why we use adblockers: 'We need to have more control over what we're exposed to'

Alexander Hanff: Whittingdale is wrong: it is advertisers who are destroying the digital economy

Mark Duffy: The lost art of the billboard


Dan Goodin: Big-name sites hit by rash of malicious ads spreading crypto ransomware

sil: Reasons to not like ads

BOB HOFFMAN: 3 Things I Don't Hate

robbo97: Snake Oil: More Deceptive Ads That Revcontent Runs

SpiderLabs Blog from Trustwave: Angler Takes Malvertising to New Heights (via Ars Technica)

Yuyu Chen: Confessions of a programmatic vet: ‘It’s such a mess right now.’

Rob Leathern: Deception Funds Your Online News

Dave Carroll: Artisanal Adtech

Joshua Kopstein for Motherboard: Creepy Ad Company Says It Will Stop Eavesdropping With ‘Audio Beacons’

Hacker News: Thank you for ad blocking

Kate Kaye: Key Verizon Data Becomes Available to AOL Advertisers, Slowly

Ken Doctor: Newsonomics: In Southern California’s newspaper chaos, is anyone really speaking for the readers? (via Nieman Lab)

Lara O'Reilly: Adobe has figured out a clever way to track people as they switch between devices (ADBE)

BOB HOFFMAN: Advertising's Slow-Motion Suicide Continues

Jacob Hoffman-Andrews: Victory: Verizon Will Stop Tagging Customers for Tracking Without Consent

Jérôme Segura: A Look Into Malvertising Attacks Targeting The UK

Johnny Ryan: Four big ideas emerge from PageFair global stakeholder roundtable

Frédéric Filloux: Clickbait Obsession Devours Journalism

BOB HOFFMAN: Bullshitters Bullshitting Bullshitters

Maciej Ceglowski: My Heroic and Lazy Stand Against IFTTT the Official John C. Dvorak RSS Feed: Why the Surveillance State Will Kill U.S. Software Sales

MediaPost | Garfield at Large: Fairy Dust

Yuyu Chen: How sponsored content drives more than 60 percent of The Atlantic’s ad revenue

Joshua Kopstein for Motherboard: Rise of Ad Blocking Is the Ad Industry's Fault, Says Outgoing FTC Commissioner

Martin Weigel: Fuck art. Let’s advertise (via Teeming)

Adam Broitman: Three Reasons Why Ad Blockers Are Good for Advertising

George Slefo: Ghostery Makes Its Ad Tech Diagnostic Maps More Accessible to Publishers, Vendors

Jerrid Grimm: The Subprime Banner Ad Crisis

@talktojimmer: How To Make Better Advertising and Advertising Better

Lara O'Reilly: 'BLATANTLY ILLEGAL': 17 newspapers slam ex-Mozilla CEO's new ad-blocking browser

Dan Gillmor: Journalists: Stop complaining about Facebook, and do something about it

Nelson Minar: Ad replacement is unethical

David Barton: Rights or Respect: the Ethics of Adblocking

Rob Leathern: Shitty ads cost iPhone users $8 billion a year

Dave Carroll: Co-Owning Our News Future

Joseph Lichterman: The Winnipeg Free Press’ bet on micropayments will generate about $100,000 in revenue this year

Jim Vande Hei: Escaping the Digital Media ‘Crap Trap’

Nick Heer: Ad Tech Is Completely Broken

Nick Heer: FTC to Crack Down on Cross-Browser Tracking

Jim: Bay Area News Group memo: ‘We will be eliminating a layer of valuable editing’


BlockAdBlock: About that claim that detecting Adblock may be illegal (via Nieman Lab)

Joseph Galarneau: Worst. Site. Ever. 1,665 tags on one page

AdExchanger: The Catch-22 Of Ad Fraud And Verification

Hacker News: Dark Patterns by the Boston Globe

David Barton: Procurement Could Play Vital Role in Stopping Adblocking

BlockAdBlock: Blocking Adblock without Javascript

Cog Blog: Principal-Based Media Buying – That Was Then, This Is Now

Josh: Yes, Popups Suck. Here’s Why I Won’t Be Taking Mine Down Anytime Soon

Yuyu Chen: Ad tech is having a premature midlife crisis Apple’s actual role in podcasting: be careful what you wish for (via Stratechery by Ben Thompson)

Nick Bilogorskiy: Malvertising on Pace for a Record-Breaking Year

BlockAdBlock: Adblocking and its dangerous arguments – Part I

trottdave: ONE AT A TIME

Massimo: The problem with content

Lara O'Reilly: The main reason why people are not already using ad blockers should worry publishers

Steven Englehardt: The Princeton Web Census: a 1-million-site measurement and analysis of web privacy

Dan Gillmor: Why It’s So Funny That Republicans Are Upset With Facebook for “Censoring” News

Joseph Galarneau: Confessions of a tag hunter: Call for vendor transparency

Ethan: From disastrous decisions to decentralization: a mostly spontaneous talk for Data & Society

Sharona Coutts: Anti-Choice Groups Use Smartphone Surveillance to Target ‘Abortion-Minded Women’ During Clinic Visits

Melody Kramer: If ad tech is not sustainable, what can publishers do?

All Updates: NAA Asks FTC to Investigate Unlawful Ad Blocking Practices

Elizabeth Dwoskin: Newspapers escalate their fight against ad blockers

Barb Palser: Relay Media Launches AMP Platform for Publishers

Tony Haile: The Facebook papers Part 4: What’s a publisher to do?

The PageFair Team: 2016 Mobile Adblocking Report (via The Ad Contrarian)

The Perks Are Great. Just Don’t Ask Us What We Do.

Dave Carroll: Awkward Conversation With Facebook

Cog Blog: A Mess Of Our Own Making

Laura Hazard Owen: Forbes has quit bugging (some) people about their adblockers

Aral Balkan: Introducing Better

Joseph Lichterman: Report: Ad tech (and the garbage #content it funds) is killing the web

Dave Carroll: Facebook’s Adgate

DCN: What New York Times President and CEO Mark Thompson had to say about ad blocking

Martin Shelton: How Can Newsrooms Not Be Creepy?

Hacker News: Fraudulent Advertising on Facebook

Marty Swant: ComScore Says People Prefer Ads in Podcasts Over Any Other Digital Medium (via Nieman Lab)

Lara O'Reilly: Bombshell report claims US ad agencies unethically pad their profits with secret rebate schemes (WPPGY, IPG, PUB, OMC, HAV)

Ben Thompson: The Future of Podcasting (via Nieman Lab) Large Podcast Advertising Company Buys Large Proprietary Podcast Player (via Nieman Lab)


Inti De Ceukelaire: Why you shouldn’t share links on Facebook

Mitch Stoltz: Newspapers’ Complaint to Consumer Agency Shouldn’t Lead to Bans on Privacy Software

Mikko: Interview with an Arbitrager: How to Make Money with Ad Fraud

Sean Blanchfield: The Dangers of Playing Cat and Mouse with Adblock

Lara O'Reilly: Ad tech company Criteo says its rival SteelHouse ran a 'counterfeit click fraud scheme' (CRTO)

BOB HOFFMAN: The Cons Of Silicon Valley

Garett Sloane: WTF are agency ‘preferred vendors?’

Doug Weaver: End of Days. (via Digital Content Next)

Tim Sullivan: The Case for Neck Tattoos, According to Economists (via NewCo Shift — Medium)

Matthew Green: What is Differential Privacy? (via Schneier on Security)

Jason Kint, CEO – DCN: Google and Facebook devour the ad and data pie. Scraps for everyone else. (via The Ad Contrarian)

Columbia Journalism Review: Local news isn't dead. We just need to stop killing it.

BOB HOFFMAN: Wrong Problem, Wrong Solution

Donal Kerr: The Hidden Ad Tech Gold Rush for Your Personal Data

BOB HOFFMAN: Sometimes, Even Bloggers Need To Shut Up

ASD: Link – The marketing truths we are all in danger of forgetting

quinwi02: Benchmarking Return on Ad Spend: Media Type and Brand Size Matter

Lara O'Reilly and Reuters: Adblock Plus' revenue model was just ruled illegal by a German court (SPR)

MediaPost | Online Publishing Insider: Finding The Answer In Search

Dan Goodin: Firm pays $950,000 penalty for using Wi-Fi signals to secretly track phone users (via Techrights)

Anne’s Blog: Translation from PR-speak to English of selected portions of “Perspectives on security research, consensus and W3C Process”

TEDA legacy that will outlive us: Notes from Session 1 of TEDSummit

Photo by Marla Aufmuth/TED.

Behind Chris Anderson is an image of the Bagan temples and pagodas of Myanmar, built between the 11th and 13th centuries. What can we build today that could stand such a test of time? Photo by Marla Aufmuth/TED.

TEDSummit is a gathering of TED’s tribes — our speaker community, volunteer translators, TED Fellows, TEDx organizers, partners and  more. In Session 1, we shared mainstage talks that sparkled with optimism for humanity — now and deep into our unknown future.

Ideas that stand the test of time. TED’s curator, Chris Anderson, opened TEDSummit with a throwback from the archive: An image of him trying to speak onstage while wearing a live Burmese python. It’s a playful (and terrifying) nod to the speakers from TED2005. TED’s come a long way since then, he says. In fact, this week marks the 10th anniversary of TED putting talks online for free. With all the changes over the years, he asks a central question: “What are we building today that will last 1,000 years?” The answer? Ideas that stand the test of time, pushing past borders and encouraging compassion. Remarking on this week’s Brexit vote, he notes that championing ideas of inclusion and tolerance is vital, now more than ever.

Why are some people extremely altruistic? One night twenty years, a mysterious man saved Abigail Marsh‘s life — by risking his own to rescue her after a car wreck. Today she asks: What made this man run across four lanes of highway traffic to save a person he’d never met? In her work, she studies the motivations of people who do extremely selfless and altruistic acts, like donating a kidney to a complete stranger. Are their brains just different? And what can we learn about these extreme altruists from their polar opposite: psychopaths?

Photo by Ryan Lash/TED.

The Eric Harvie Theatre in Banff hosts an audience composed of passionate TEDsters — TEDx hosts, volunteer translators, TEDxers, TED Fellows and partners. Photo by Ryan Lash/TED.

Fighting the distorting power of fear, with eyes wide open. Even without his impressive résumé, Isaac Lidsky has lived an amazing life. As a young adult, he slowly lost his sight to genetic disorder, and he feared that he would be fated to a life of disability and isolation — a frightful distortion caused by his fear of this new reality. But he became increasingly aware of the distortions that all our minds are capable creating in our own “objective” realities. Fear in particular has the ability to “replace the unknown with the awful,” he says, hindering our ability to think critically and take action. In the end, Lidsky’s blindness taught him to live with eyes wide open; he urges us all to remain aware of our own assumptions and fears in order to do the same.

Bringing life to soul. What is a soul? Self-proclaimed accidental theologist Lesley Hazleton asked the TEDSummit audience this most intangible, expansive and fundamental of questions. Tracing the soul’s conceptual history through culture, science and religion, Hazleton suggests we ditch the pious, weak modifiers we use for it and reclaim it with spirit — a new essence of life and vitality. Read more …

Photo by Ryan Lash/TED.

Ed Boyden stands in front of an image of expanded brain cells — a vision that may help us understand how a lump of flesh can produce every thought and emotion we know. Photo by Ryan Lash/TED.

Expanding the brain with help of … diapers. Ed Boyden wants to look inside the brain and see the nanoscale biomolecules that generate our thoughts and feelings. And rather than magnify these tiny structures and connections, he wondered: Could we enlarge them so they are easier to see? He and his lab are trying to use expanding polymers, like those responsible for enlarging wet baby diapers, to enlarge and ultimately map the inner workings of the brain. He showed the audience how these polymers expand to a thousand times their original size with the addition of water. By infusing this polymer into brain tissue, Boyden hopes to expand and label the elaborate neural structures of the brain, so we can learn how we process emotions, see how we form the thoughts and opinions that make us who we are — and maybe even locate the exact molecular changes that lead to disorders like epilepsy and Alzheimer’s.

Inbox (1). Comedian James Veitch dives into a hilarious, down-the-rabbit-hole exploration of what exactly happens when you reply to the spammers in your email inbox. Watch his previous, hilariously viral TED Talk for a taste. 

Photo by Ryan Lash/TED.

Juan Enriquez asks: What happens when our prosthetics, like the advanced hearing aid shown behind him, get so good that we actually choose to wear them to improve on our natural abilities? Photo by Ryan Lash/TED.

Should we evolve human beings? Over humanity’s history, we have evolved and modified plants, bacteria and even animals. At TEDSummit, futurist Juan Enriquez asks, “Is it ethical to evolve human beings?” We are getting to the point where our technology is developing a symbiotic relationship to the human body — think about pacemakers, next-gen hearing aids and prosthetics that improve our own limbs. This power comes with responsibility. If humanity decides to inhabit another planet, he argues, we must adapt and make radical changes to survive. In that case, evolving ourselves is not only ethical, but a moral imperative.

TEDThe view from the mountain: Notes from the TED Fellows session at TEDSummit

Photo by Ryan Lash/TED.

Asrtist eL Seed and his team choreographed an astonishing mural across 50 buildings in a Cairo suburb, viewable only from a nearby mountain. Photo by Ryan Lash/TED.

The TED Fellows program brings together young world-changers from many fields, from art to tech to activism, and encourages them to mix and combine and think big. On Monday morning we heard from a representative sample …

Graffiti’s unifying vantage point. Street artist eL Seed shares the story of his most ambitious project yet: a mural that incorporates 50 buildings in Manshiyat Naser, a district of Cairo, Egypt, which can only be seen from one location — a nearby mountain. Among the massive amounts of paint, lifts and hours needed to complete this colossal piece, Seed and his crew found themselves touched and their notions transformed by the community’s endless warmth and hospitality. For everyone involved in bringing this mural to life, perspectives shifted and new understandings were gained. “It was not about beautifying a place by bringing art to it,” eL Seed says. “It was about switching a perception and bringing dialogue.” Read more about this jaw-dropping mural.

Photo by Ryan Lash/TED.

Erik Hersman works to bring free, open Internet to Africa — and asks us to reject half measures like limited-access “free” offerings. Why shouldn’t African nations get the same internet the west has? Photo by Ryan Lash/TED.

How to correctly bring Internet to Africa. The African continent is huge, with more than 50 countries and 2,000+ languages. Bringing widespread Internet connection won’t be as simple as plopping a metal bird — or a balloon, or a satellite — in the sky. Erik Hersman is a technologist who creates platforms for open Internet in Africa. The problem is, not only is Internet penetration very low, only about 30 percent, but often the services available, like Wikipedia Zero and Facebook Free Basics, are very limited “lite” versions, where users can only visit certain approved sites, and can’t share video or music files, for example. Although companies such as Google and Facebook do have growing initiatives to bring access to the world, lack of digital infrastructure for reliable, full Internet is inhibiting open acces … yet it’s what we should be asking for. “Africans want access to the internet just like everybody else in the world, and for the same reasons,” Hersman says — and because of this, innovative and affordable wi-fi solutions for a mobile society are the future.

The widespread damage of cluster bombs. After meeting a young Lebanese refugee named Mohammed, Laura Boushnak became intimately acquainted with the catastrophic consequences of cluster munitions. When released during flight, cluster bombs release hundreds of bomblets, incurring a range of destruction incapable of discriminating between target and civilian. Many of the small bombs fail to explode on impact and thus lay dormant, waiting to harm any unsuspecting farmer or child who happens to encounter the mine by chance. The victims who survive these encounters, like Mohammed, often suffer wounds leading to multiple amputations, which severely hinder their ability to provide for their families, and can also lead to extreme psychological consequences. Because a large portion of these victims live in extreme poverty, they are unable to afford proper care and prosthetics and are forced to rely on humanitarian aid. A number of countries have signed treaties vowing to stop the use of cluster bombs, but major producers, like the U.S., Russia, and China, have not. During the Vietnam War, it is estimated that the U.S. dropped 2 million tons of cluster munitions on Laos alone, of which 9-27 million bomblets may remain unexploded. Although 98% of those affected by these weapons are civilians, major financial institutions continue to invest in companies that make them. Until action is taken, there will continue to be untold numbers of people just like Mohammed, unable to find employment and desperate for any sort of change.

Photo by Ryan Lash/TED.

Laura Boushnak speaks on the tragic power of cluster bombs — and why many nations still drop them by the millions (hint: follow the money). Photo by Ryan Lash/TED.

What do you do when you are failed by medicine? Jennifer Brea can tell you. In 2014, while a grad student at Harvard, she came down with a puzzling constellation of symptoms: crippling exhaustion, hypersensitivity to sound, burning sensations — which she was told by doctor after doctor were “all in your mind.” Not buying that story and doing her own digging online, Brea found that millions of people around the world with similar symptoms had been diagnosed with chronic fatigue syndrome, a surprisingly widespread and bewilderingly under-researched phenomenon that (in Brea’s case) is also known as myalgic encephalomyelitis. Nothing has cured her and few treatments have helped — but she’s not taking it lying down, She is making a documentary about people living with the disease, Canary in a Coal Mine, due out in 2017. Just because medicine doesn’t have answers doesn’t mean she’s going to stop asking questions. Read more about her talk.

Invigorating, revitalizing, refreshing. Musician Daniela Candillari opened and closed the Fellows sessions with two spritely, yet grounding pieces on piano. Each arrangement complemented the other, as Candillari’s magnificent, powerful keyboard work intermixed with lighter, more playful notes to create sounds like the cycle of a storm — from the dappling rain and whipping wind of an oncoming tempest, to the reprieve of sunlight peeking through parting clouds.

TEDA meditation on the soul: Lesley Hazleton at TEDSummit

Photo by Ryan Lash/TED.

“If we want to live life with soul, and I’m pretty sure most of us do, we need to breathe life into it,” says Lesley Hazleton at TEDSummit on Sunday night. Photo by Ryan Lash/TED.

What is a soul? Lesley Hazleton, an “accidental theologist,” prodded the TEDSummit audience with this provocative question, tracing the cultural, religious and societal origins of a remarkably intangible human hallmark. The body and soul used to be considered two equal physical entities — in fact, Descartes theorized the soul was located in the brain’s pineal gland. Meanwhile, church doctrine made the soul into a kind of currency via thoughts on morality and an afterlife: “a life lost is a soul found.” But that said, soul and fundamentalism don’t seem to go hand-in-hand. Are fundamentalists of all sorts heartless? Hazleton suggests: “It’s not that they have no soul, it’s that something in them seems to have shriveled. They’ve hunkered down and built a wall inside themselves. afraid of the unknown. They live walled off from the world.”

What if we re-thought the soul as not something internal but, instead, a quality of being? Perhaps it’s not a possession, but a dimension of existence itself. In what Hazleton calls an agnostic approach, she asks that we breathe new life into the idea of the soul, taking into account its vehicles, such as creativity and music (especially soul music, from Nina Simone to Beethoven). Spirit is a better substitute, she suggests, as it is vitality incarnate. Let’s reclaim soul, Hazleton rallies, from a meager, pious modifier into what it truly is — the essence of all things.

Worse Than FailureCodeSOD: The Bare Minimum

Let’s say you needed to find the maximum and minimum values for a field in a SQL database. If you’re like most people, you might write a query like SELECT MAX(someval), MIN(someval) FROM table.

That’s the least you could do. That’s the bare minimum. And do you want to be the kind of person who does the bare minimum? Kevin L’s co-worker doesn’t. He’s a Brian.

  $querymin = " select hmid ";
    $querymin .= " from  tagdetail ";
    $querymin .= " Where tagdetail.tag_ordr_ref=$grphdr_tag_ordr_ref";
    $querymin .= "   and tagdetail.refgrp=$grphdr_refgrp ";
    $querymin .= " order by hmid ";

    $resultmin = displayTable($conn_id1, $querymin, "N", "");
   $counter = 1;

    foreach ($resultmin as $a) {
        $count_rcds = $count_rcds + 1;
        if ($counter == 1) {
            $min_hmid = (trim($a [hmid]));

        $max_hmid = (trim($a [hmid]));
        $counter = $counter + 1;

That’s way better than using aggregate functions.

[Advertisement] Incrementally adopt DevOps best practices with BuildMaster, ProGet and Otter, creating a robust, secure, scalable, and reliable DevOps toolchain.

TEDAfrican growth is not a fluke: Ngozi Okonjo-Iweala at TEDSummit 2016

Photo by Bret Hartman/TED.

Across Africa, the rocketship growth of the late 2000s has slowed — but it’s not over, says Ngozi Okonjo-Iweala. She lays out a plan to get back on track. Photo by Bret Hartman/TED.

Many nations of Africa have suffered so many misfortunes for so long — poverty, diseases, famines, wars — that it sounds refreshing and even strange to hear someone talk about the day Africa won’t need aid from other countries. Other cultures around the world have been so conditioned to photos of displaced or malnourished Africans that the proposition of a self-reliant Africa sounds almost unreal.

But when that person making the proposition is the well-known economist (and two-term Finance Minister of Nigeria) Ngozi Okonjo-Iweala, you know that this is no idle speculation. Refreshingly candid and straightforward, she envisions a day not too far off that the nations of Africa will be able to stabilize their governments, economies and natural resources to ensure the kind of long, peaceful continuums that are so crucial to productive human endeavour, happiness and progress. As an example of positive movement, Okonjo-Iweala points to the special insurance agency, African Risk Capacity, created by a coalition of 32 African nations dedicated to helping nations through weather-based emergencies like droughts and flood so they don’t have to ask for outside aid.

“These are the kind of stories of an Africa ready to take responsibility for itself and look for solutions for its own problems,” she says.

At the same time, Okonjo-Iweala recognizes that it won’t be easy. After she enumerates the things Africa has done right — managing economies and environments better, keeping debt levels lower, immunizing and eduction children better, deploying technology wider, decreasing conflicts  — she ticks off a list of what Africa has done wrong. They include: not creating enough jobs for young people, not creating high-quality jobs, allowing income inequality to increase, allowing the number of people in poverty to increase, not investing in infrastructure, not trading between African countries enough, and not battling corruption enough.

Even so, Okonjo-Iweala’s optimism is undimmed — as is her strong desire for Africa to achieve its goals as much by self-reliance as possible. Corrupt enemies of her efforts in even went so far as to kidnap her mother. “In our countries, nobody is going to fight corruption for us but us,” says Okonjo-Iweala. “The rise of Africa narrative is not a fluke, it’s a trend. If we can unleash the power of our youth, our women — the trend is clear, Africa will continue to rise.”

Planet DebianJohn Goerzen: A great day for a flight with the boys

I tend to save up my vacation time to use in summer for family activities, and today was one of those days.

Yesterday, Jacob and Oliver enjoyed planning what they were going to do with me. They ruled out all sorts of things nearby, but they decided they would like to fly to Ponca City, explore the oil museum there, then eat at Enrique’s before flying home.

Of course, it is not particularly hard to convince me to fly somewhere. So off we went today for some great father-son time.

The weather on the way was just gorgeous. We cruised along at about a mile above ground, which gave us pleasantly cool air through the vents and a smooth ride. Out in the distance, a few clouds were trying to form.


Whether I’m flying or driving, a pilot is always happy to pass a small airport. Here was the Winfield, KS airport (KWLD):


This is a beautiful time of year in Kansas. The freshly-cut wheat fields are still a vibrant yellow. Other crops make a bright green, and colors just pop from the sky. A camera can’t do it justice.

They enjoyed the museum, and then Oliver wanted to find something else to do before we returned to the airport for dinner. A little exploring yielded the beautiful and shady Garfield Park, complete with numerous old stone bridges.


Of course, the hit of any visit to Enrique’s is their “ice cream tacos” (sopapillas with ice cream). Here is Oliver polishing off his.


They had both requested sightseeing from the sky on our way back, but both fell asleep so we opted to pass on that this time. Oliver slept through the landing, and I had to wake him up when it was time to go. I always take it as a compliment when a 6-year-old sleeps through a landing!


Most small airports have a bowl of candy setting out somewhere. Jacob and Oliver have become adept at finding them, and I will usually let them “talk me into” a piece of candy at one of them. Today, after we got back, they were intent at exploring the small gift shop back home, and each bought a little toy helicopter for $1.25. They may have been too tired to enjoy it though.

They’ve been in bed for awhile now, and I’m still smiling about the day. Time goes fast when you’re having fun, and all three of us were. It is fun to see them inheriting my sense of excitement at adventure, and enjoying the world around them as they go.

The lady at the museum asked how we had heard about them, and noticed I drove up in an airport car (most small airports have an old car you can borrow for a couple hours for free if you’re a pilot). I told the story briefly, and she said, “So you flew out to this small town just to spend some time here?” “Yep.” “Wow, that’s really neat. I don’t think we’ve ever had a visitor like you before.” Then she turned to the boys and said, “You boys are some of the luckiest kids in the world.”

And I can’t help but feel like the luckiest dad in the world.

Valerie AuroraCrosspost: No more rock stars: how to stop abuse in tech communities

This post originally appeared on Leigh Honeywell’s blog on June 21, 2016. I’m cross-posting here it because I am a co-author and I think my readers will enjoy it.

Content note for discussion of abuse and sexual violence.

In the last couple of weeks, three respected members of the computer security and privacy tech communities have come forward under their own names to tell their harrowing stories of sexual misconduct, harassment, and abuse committed by Jacob Appelbaum. They acted in solidarity with the first anonymous reporters of Jacob’s abuse. Several organizations have taken steps to protect their members from Appelbaum, including the Tor Project, Debian, and the Noisebridge hackerspace, with other responses in progress.

But Appelbaum isn’t the last – or the only – abuser in any of these communities. Many people are calling for long-term solutions to stop and prevent similar abuse. The authors of this post have recommendations, based on our combined 40+ years of community management experience in the fields of computer security, hackerspaces, free and open source software, and non-profits. In four words, our recommendation is:

No more rock stars.

What do we mean when we say “rock stars?” We like this tweet by Molly Sauter:

Seriously, “rock stars” are arrogant narcissists. Plumbers keep us all from getting cholera. Build functional infrastructure. Be a plumber.

You can take concrete actions to stop rock stars from abusing and destroying your community. But first, here are a few signs that help you identify when you have a rock star instead of a plumber:

A rock star likes to be the center of attention. A rock star spends more time speaking at conferences than on their nominal work. A rock star appears in dozens of magazine profiles – and never, ever tells the journalist to talk to the people actually doing the practical everyday work. A rock star provokes a powerful organization over minor issues until they crack down on the rock star, giving them underdog status. A rock star never says, “I don’t deserve the credit for that, it was all the work of…” A rock star humble-brags about the starry-eyed groupies who want to fuck them. A rock star actually fucks their groupies, and brags about that too. A rock star throws temper tantrums until they get what they want. A rock star demands perfect loyalty from everyone around them, but will throw any “friend” under the bus for the slightest personal advantage. A rock star knows when to turn on the charm and vulnerability and share their deeply personal stories of trauma… and when it’s safe to threaten and intimidate. A rock star wrecks hotel rooms, social movements, and lives.

Why are rock stars so common and successful? There’s something deep inside the human psyche that loves rock stars and narcissists. We easily fall under their spell unless we carefully train ourselves to detect them. Narcissists are skilled at making good first impressions, at masking abusive behavior as merely eccentric or entertaining, at taking credit for others’ work, at fitting our (often inaccurate) stereotypes of leaders as self-centered, self-aggrandizing, and overly confident. We tend to confuse confidence with competence, and narcissists are skilled at acting confident.

Sometimes rock stars get confused with leaders, who are necessary and good. What’s the difference between a rock star and a leader? We like the term “servant-leader” as a reminder that the ultimate purpose of a good leader is to serve the mission of their organization (though this feminist critique of the language around servant-leadership is worth reading). Having personal name recognition and the trust and support of many people is part of being an effective leader. This is different from the kind of uncritical worship that a rock star seeks out and encourages. Leaders push back when the adoration gets too strong and disconnected from achieving the mission (here is a great example from Anil Dash, pushing back after being held up as an example of positive ally for women in tech). Rock stars aren’t happy unless they are surrounded by unthinking adoration.

How do we as a community prevent rock stars?

If rock stars are the problem, and humans are susceptible to rock stars, how do we prevent rock stars from taking over and hijacking our organizations and movements? It turns out that some fairly simple and basic community hygiene is poisonous to rock stars – and makes a more enjoyable, inclusive, and welcoming environment for plumbers.

Our recommendations can be summarized as: decentralizing points of failure, increasing transparency, improving accountability, supporting private and anonymous communication, reducing power differentials, and avoiding situations that make violating boundaries more likely. This is a long blog post, so here is a table of contents for the rest of this post:

Have explicit rules for conduct and enforce them for everyone

Create a strong, specific, enforceable code of conduct for your organization – and enforce it, swiftly and without regard for the status of the accused violator. Rock stars get a kick out of breaking the rules, but leaders know they are also role models, and scrupulously adhere to rules except when there’s no alternative way to achieve the right thing. Rock stars also know that when they publicly break the little rules and no one calls them out on it, they are sending a message that they can also break the big rules and get away with it.

One of the authors of this post believed every first-person allegation of abuse and assault by Jacob Appelbaum – including the anonymous ones – immediately. Why? Among many other signs, she saw him break different, smaller rules in a way that showed his complete and total disregard for other people’s time, work, and feelings – and everyone supported him doing so. For example, she once attended a series of five minute lightning talks at the Noisebridge hackerspace, where speakers sign up in advance. Jacob arrived unannounced and jumped in after the first couple of talks with a forty-five minute long boring rambling slideshow about a recent trip he took. The person running the talks – someone with considerable power and influence in the same community – rolled his eyes but let Jacob talk for nine times the length of other speakers. The message was clear: rules don’t apply to Jacob, and even powerful people were afraid to cross him.

This kind of blatant disregard for the rules and the value of people’s time was so common that people had a name for it: “story time with Jake,” as described in Phoenix’s pseudonymous allegation of sexual harassment. Besides the direct harm, dysfunction, and disrespect this kind of rule-breaking and rudeness causes, when you allow people to get away with it, you’re sending a message that they can get away with outright harassment and assault too.

To solve this, create and adopt a specific, enforceable code of conduct for your community. Select a small expert group of people to enforce it, with provisions for what to do if one of this group is accused of harassment. Set deadlines for responding to complaints. Conduct the majority of discussion about the report in private to avoid re-traumatizing victims. Don’t make exceptions for people who are “too valuable.” If people make the argument that some people are too valuable to censure for violating the code of conduct, remove them from decision-making positions. If you ever find yourself in a situation where you are asking yourself if someone’s benefits outweigh their liabilities, recognize that they’ve already cost the community more than they can ever give to it and get to work on ejecting them quickly.

Start with the assumption that harassment reports are true and investigate them thoroughly

Over more than a decade of studying reports of harassment and assault in tech communities, we’ve noticed a trend: if things have gotten to the point where you’ve heard about an incident, it’s almost always just the tip of the iceberg. People argue a lot about whether to take one person’s word (the alleged victim) over another’s (the alleged harasser), but surprisingly often, this was not the first time the harasser did something harmful and it’s more likely a “one person said, a dozen other people said” situation. Think about it: what are the chances that someone had a perfect record of behavior, right up till the instant they stuck their hand in someone else’s underwear without consent – and that person actually complained about it – AND you heard about it? It’s far more likely that this person has been gradually ramping up their bad behavior for years and you just haven’t heard about it till now.

The vast majority of cases we know about fit one of these two patterns:

  1. A clueless person makes a few innocent, low-level mistakes and actually gets called on one of them fairly quickly. Signs that this is the likely case: the actual incident is extremely easy to explain as a mistake, the accused quickly understands what they did wrong, they appear genuinely, intensely embarrassed, they apologize profusely, and they offer a bunch of ways to make up for their mistake: asking the video of their talk to be taken down, writing a public apology explaining why what they did was harmful, or proposing that they stop attending the event for some period of time.
  2. A person who enjoys trampling on the boundaries of others has been behaving badly for a long time in a variety of ways, but everyone has been too afraid to say anything about it or do anything about other reports. Signs that this is the likely case: the reporter is afraid of retaliation and may try to stay anonymous, other people are afraid to talk about the incident for the same reason, the reported incident may be fairly extreme (e.g., physical assault with no question that consent was violated), many people are not surprised when they hear about it, you quickly gather other reports of harassment or assault of varying levels, the accused has plagiarized or stolen credit or falsified expense reports or done other ethically questionable things, the accused has consolidated a lot of power and attacks anyone who seems to be a challenge to their power, the accused tries to change the subject to their own grievances or suffering, the accused admits they did it but minimizes the incident, or the accused personally attacks the reporter using respectability politics or tone-policing.

In either case, your job is to investigate the long-term behavior of the accused, looking for signs of narcissism and cruelty, big and small. Rock stars leave behind a long trail of nasty emails, stolen credit, rude behavior, and unethical acts big and small. Go look for them.

Make it easy for victims to find and coordinate with each other

Rock stars will often make it difficult for people to talk or communicate without being surveilled or tracked by the rock star or their assistants, because private or anonymous communication allows people to compare their experiences and build effective resistance movements. To fight this, encourage and support private affinity groups for marginalized groups (especially people who identify as women in a way that is significant to them), create formal systems that allow for anonymous or pseudonymous reporting such as an ombudsperson or third-party ethics hotline, support and promote people who are trusted contact points and/or advocates for marginalized groups, and reward people for raising difficult but necessary problems.

Watch for smaller signs of boundary pushing and react strongly

Sometimes rock stars don’t outright break the rules, they just push on boundaries repeatedly, trying to figure out exactly how far they can go and get away with it, or make it so exhausting to have boundaries that people stop defending them. For example, they might take a little too much credit for shared work or other people’s work, constantly bring up the most disturbing but socially acceptable topic of conversation, resist de-escalation of verbal conflict, subtly criticize people, make passive-aggressive comments on the mailing list, leave comments that are almost but not quite against the rules, stand just a little too close to people on purpose, lightly touch people and ignore non-verbal cues to stop (but obey explicit verbal requests… usually), make comments which subtly establish themselves as superior or judges of others, interrupt in meetings, make small verbal put-downs, or physically turn away from people while they are speaking. Rock stars feel entitled to other people’s time, work, and bodies – signs of entitlement to one of these are often signs of entitlement to the others.

Call people out for monopolizing attention and credit

Is there someone in your organization who jumps on every chance to talk to a reporter? Do they attend every conference they can and speak at many of them? Do they brag about their frequent flyer miles or other forms of status? Do they jump on every project that seems likely to be high visibility? Do they “cookie-lick” – claim ownership of projects but fail to do them and prevent others from doing them either? If you see this happening, speak up: say, “Hey, we need to spread out the public recognition for this work among more people. Let’s send Leslie to that conference instead.” Insist that this person credit other folks (by name or anonymously, as possible) prominently and up front in every blog post or magazine article or talk. Establish a rotation for speaking to reporters as a named source. Take away projects from people if they aren’t doing them, no matter how sad or upset it makes them. Insist on distributing high status projects more evenly.

A negative organizational pattern that superficially resembles this kind of call-out can sometimes happen, where people who are jealous of others’ accomplishments and successes may attack effective, non-rock star leaders. Signs of this situation: people who do good, concrete, specific work are being called out for accepting appropriate levels of public recognition and credit by people who themselves don’t follow through on promises, fail at tasks through haplessness or inattention, or communicate ineffectively. Complaints about effective leaders may take the form of “I deserve this award for reasons even though I’ve done relatively little work” instead of “For the good of the organization, we should encourage spreading out the credit among the people who are doing the work – let’s talk about who they are.” People complaining may occasionally make minor verbal slips that reveal their own sense of entitlement to rewards and praise based on potential rather than accomplishments – e.g., referring to “my project” instead of “our project.”

Insist on building a “deep bench” of talent at every level of your organization

Your organization should never have a single irreplaceable person – it should have a deep bench. Sometimes this happens through a misplaced sense of excessive responsibility on the part of a non-abusive leader, but often it happens through deliberate effort from a “rock star.” To prevent this, constantly develop and build up a significant number of leaders at every level of your organization, especially near the top. You can do this by looking for new, less established speakers (keynote speakers in particular) at your events, paying for leadership training, creating official deputies for key positions, encouraging leaders to take ample vacation and not check email (or chat) while they are gone, having at least two people talk to each journalist, conducting yearly succession planning meetings, choosing board members who have strong opinions about this topic and a track record of acting on them, having some level of change or turnover every few years in key leadership positions, documenting and automating key tasks as much as possible, sharing knowledge as much as possible, and creating support structures that allow people from marginalized groups to take on public roles knowing they will have support if they are harassed. And if you need one more reason to encourage vacation, it is often an effective way to uncover financial fraud (one reason why abusive leaders often resist taking vacation – they can’t keep an eye on potential exposure of their misdeeds).

Flatten the organizational hierarchy as much as possible

Total absence of hierarchy is neither possible nor desirable, since “abolishing” a hierarchy simply drives the hierarchy underground and makes it impossible to critique (but see also the anarchist critique of this concept). Keeping the hierarchy explicit and making it as flat and transparent as possible while still reflecting true power relationships is both achievable and desirable. Ways to implement this: have as small a difference as possible in “perks” between levels (e.g., base decisions on flying business class vs. economy on amount of travel and employee needs, rather than position in the organization), give people ways to blow the whistle on people who have power over them (including channels to do this anonymously if necessary), and have transparent criteria for responsibilities and compensation (if applicable) that go with particular positions.

Build in checks for “failing up”

Sometimes, someone gets into a position of power not because they are actually good at their job, but because they turned in a mediocre performance in a field where people tend to choose people with proven mediocre talent over people who haven’t had a chance to demonstrate their talent (or lack thereof). This is called “failing up” and can turn otherwise reasonable people into rock stars as they desperately try to conceal their lack of expertise by attacking any competition and hogging attention. Or sometimes no one wants to take the hit for firing someone who isn’t capable of doing a good job, and they end up getting promoted through sheer tenacity and persistence. The solution is to have concrete criteria for performance, and a process for fairly evaluating a person’s performance and getting them to leave that position if they aren’t doing a good job.

Enforce strict policies around sexual or romantic relationships within power structures

Rock stars love “dating” people they have power over because it makes it easier to abuse or assault them and get away with it. Whenever we hear about an organization that has lots of people dating people in their reporting chain, it raises an automatic red flag for increased likelihood of abuse in that organization. Overall, the approach that has the fewest downsides is to establish a policy that no one can date within their reporting chain or across major differences in power, that romantic relationships need to be disclosed, and that if anyone forms a relationship with someone in the same reporting chain, the participants need to move around the organization until they no longer share a reporting chain. Yes, this means that if the CEO or Executive Director of an organization starts a relationship with anyone else in the organization, at least one of them needs to leave the organization, or take on some form of detached duty for the duration of the CEO/ED’s tenure. When it comes to informal power relationships, such as students dating prominent professors in their fields, they also need to be forbidden or strongly discouraged. These kinds of policies are extremely unattractive to a rock star, because part of the attraction of power for them is wielding it over romantic or sexual prospects.

Avoid organizations becoming too central to people’s lives

Having a reasonable work-life balance isn’t just an ethical imperative for any organization that values social justice, it’s also a safety mechanism so that if someone is forced to leave, needs to leave, or needs to take a step back, they can do so without destroying their entire support system. Rock stars will often insist on subordinates giving 100% of their available energy and time to the “cause” because it isolates them from other support networks and makes them more dependent on the rock star.

Don’t set up your community so that if someone has a breach with your community (e.g., is targeted for sustained harassment that drives them out), they are likely to also lose more than one of: their job, their career, their romantic relationships, their circle of friends, or their political allies. Encouraging and enabling people to have social interaction and support outside your organization or cause will also make it easier to, when necessary, exclude people behaving abusively or not contributing because you won’t need to worry that you’re cutting them off from all meaningful work or human contact.

You should discourage things like: semi-compulsory after hours socialising with colleagues, long work hours, lots of travel, people spending almost all their “intimacy points” or emotional labour on fellow community members, lots of in-group romantic relationships, everyone employs each other, or everyone is on everyone else’s boards. Duplication of effort (e.g., multiple activist orgs in the same area, multiple mailing lists, or whatever) is often seen as a waste, but it can be a powerfully positive force for allowing people some choice of colleagues.

Distribute the “keys to the kingdom”

Signs of a rock star (or occasionally a covert narcissist) may include insisting on being the single point of failure for one or more of: your technical infrastructure (e.g., domain name registration or website), your communication channels, your relationship with your meeting host or landlord, your primary source of funding, your relationship with the cops, etc. This increases the rock star’s power and control over the organization.

To prevent this, identify core resources, make sure two or more people can access/administer all of them, and make sure you have a plan for friendly but sudden, unexplained, or hostile departures of those people. Where possible, spend money (or another resource that your group can collectively offer) rather than relying on a single person’s largesse, specialized skills, or complex network of favours owed. Do things legally where reasonably possible. Try to be independent of any one critical external source of funding or resources. If there’s a particularly strong relationship between one group member and an external funder, advisor, or key organization, institutionalize it: document it, and introduce others into the relationship.

One exception is that it’s normal for contact with the press to be filtered or approved by a single point of contact within the organization (who should have a deputy). However, it should be possible to talk to the press as an individual (i.e., not representing your organization) and anonymously in cases of internal organizational abuse. At the same time, your organization should have a strong whistleblower protection policy – and board members with a strong public commitment and/or a track record of supporting whistleblowers in their own organizations.

Don’t create environments that make boundary violations more likely

Some situations are attractive to rock stars looking to abuse people: sexualized situations, normalization of drinking or taking drugs to the point of being unable to consent or enforce boundaries, or other methods of breaking down or violating physical or emotional boundaries. This can look like: acceptance of sexual jokes at work, frequent sexual liaisons between organization members, mocking people for not being “cool” for objecting to talking about sex at work, framing objection to sexualized situations as being homophobic/anti-polyamorous/anti-kink, open bars with hard alcohol or no limit on drinks, making it acceptable to pressure people to drink more alcohol than they want or violate other personal boundaries (food restrictions, etc.), normalizing taking drugs in ways that make it difficult to stay conscious or defend boundaries, requiring attendance at physically isolated or remote events, having events where it is difficult to communicate with the outside world (no phone service or Internet access), having events where people wear significantly less or no clothing (e.g. pool parties, saunas, hot tubs), or activities that require physical touching (massage, trust falls, ropes courses). It’s a bad sign if anyone objecting to these kinds of activities is criticized for being too uptight, puritanical, from a particular cultural background, etc.

Your organization should completely steer away from group activities which pressure people, implicitly or explicitly, to drink alcohol, take drugs, take off more clothing than is usual for professional settings in the relevant cultures, or touch or be touched. Drunkenness to the point of marked clumsiness, slurred speech, or blacking out should be absolutely unacceptable at the level of organizational culture. Anyone who seems to be unable to care for themselves as the result of alcohol or drug use should be immediately cared for by pre-selected people whose are explicitly charged with preventing this person from being assaulted (especially since they may have been deliberately drugged by someone planning to assault them). For tips on serving alcohol in a way that greatly reduces the chance of assault or abuse, see Kara Sowles’ excellent article on inclusive events. You can also check out the article on inclusive offsites on the Geek Feminism Wiki.

Putting this to work in your community

We waited too long to do something about it.

Odds are, your community already has a “missing stair” or three – even if you’ve just kicked one out. They are harming and damaging your community right now. If you have power or influence or privilege, it’s your ethical responsibility to take personal action to limit the harm that they are causing. This may mean firing or demoting them; it may mean sanctioning or “managing them out.” But if you care about making the world a better place, you must act.

If you don’t have power or influence or privilege, think carefully before taking any action that could harm you more and seriously consider asking other folks with more protection to take action instead. Their response is a powerful litmus test of their values. If no one is willing to take this on for you, your only option may be leaving and finding a different organization or community to join. We have been in this position – of being powerless against rock stars – and it is heartbreaking and devastating to give up on a cause, community, or organization that you care about. We have all mourned the spaces that we have left when they have become unlivable because of abuse. But leaving is still often the right choice when those with power choose not to use it to keep others safe from abuse.


While we are not asking people to “cosign” this post, we want this to be part of a larger conversation on building abuse-resistant organizations and communities. We invite others to reflect on what we have written here, and to write their own reflections. If you would like us to list your reflection in this post, please leave a comment or email us a link, your name or pseudonym, and any affiliation you wish for us to include, and we will consider listing it. We particularly invite survivors of intimate partner violence in activist communities, survivors of workplace harassment and violence, and people facing intersectional oppressions to participate in the conversation.

2016-06-21: The “new girl” effect by Lex Gill, technology law researcher & activist

2016-06-21: Patching exploitable communities by Tom Lowenthal, security technologist and privacy activist

2016-06-22: Tyranny of Structurelessness? by Gabriella Coleman, anthropologist who has studied hacker communities

We would prefer that people not contact us to disclose their own stories of mistreatment. But know this: we believe you. If you need emotional support, please reach out to people close to you, a counselor in your area, or to the trained folks at RAINN or Crisis Text Line.


This post was written by Valerie Aurora (@vaurorapub), Mary Gardiner (@me_gardiner), and Leigh Honeywell (@hypatiadotca), with grateful thanks for comments and suggestions from many anonymous reviewers.

Tagged: advice, feminism, open source

TEDThe story and stigma of a baffling illness: Jen Brea speaks at TEDSummit

TED Fellow Jen Brea was diagnosed with ME ... and told that her symptoms were caused by something all in her head. She's fighting back. Photo by Ryan Lash/TED.

TED Fellow Jen Brea was diagnosed with myalgic encephalomyelitis, or chronic fatigue syndrome … and was told that her symptoms were caused by something all in her head. She’s fighting back. Photo by Ryan Lash/TED.

Imagining a distinct border between mind and body has been a useful rule of thumb since Enlightenment philosophers dreamt it up centuries ago. It’s been particularly useful for modern medicine which has focused its scientific eye on the rational, physical body — and for the most part left the mind with all its mutability and moods to others to cure.

But sometimes, when medicine has come up short in diagnosing mysterious ailments, the response has been to lob the problem over to the other side, and ascribe it to something in the mind. For nearly two millennia, a variety of mysterious ailments suffered by women were chalked up to “hysteria,” a catch-all diagnosis that basically dismissed the symptoms as imaginary.

Sound like something from the middle ages? It’s still happening. Just ask Jennifer Brea, who in 2011 was pursuing a PhD in political science at Harvard when she came down with a sharp fever, which afterward gave way to a number of strange bodily symptoms — crippling exhaustion, hypersensitivity to sound, burning sensations and more. Doctor after doctor told her she was physically fine; tests found nothing amiss. When a neurologist told her she had conversion disorder and chalked her pain up to repressed trauma, Brea’s health only spiraled downhill more. Soon she was bedridden and almost unable to move. Not buying the conversion idea, Brea started doing her own digging online, finding a whole population of millions of people with similar symptoms who had been diagnosed with chronic fatigue syndrome, an widespread phenomenon that is poorly understood and badly under-researched. (Given popular perceptions that CFS is a “made-up” condition, Brea uses the more specific — if harder to pronounce — myalgic encephalomyeltis, or ME.)

Her five-year journey through the illness, which affects two to three times as many women as men, has been no day in the park. But Brea has found purpose in connecting with others with the disease, working as an activist to raise visibility and spur research about ME and being her own doctor to ferret out new or unexplored treatments. In the last two years, she has also taken on making a documentary, Canary in a Coal Mine, about people living with the crushing weight of the disease, scheduled to be released next year.

“We know that our bodies can have psychosomatic reactions — we know that stress can play a role in virtually any disease,” says Brea. “But psychiatry has too often become the place where medicine shunts illnesses that doctors cannot diagnose or that science does not yet understand.”

Brea’s struggle to be heard and taken seriously in the face of so much exhaustion and pain are inspiring. But more inspiring is her desire to keep digging and probing with so much uncertainty around the condition and so little willingness within the medical industry to address the problem. Brea’s fight to keep asking questions when there are no easy answers sends a powerful message that medicine needs to own up to its failings and admit they are stumped. “’I don’t know’ is a beautiful thing,” says Brea in her TED Talk. “‘I don’t know’ is where discovery starts.”


Planet DebianJonathan McDowell: Hire me!

It’s rare to be in a position to be able to publicly announce you’re looking for a new job, but as the opportunity is currently available to me I feel I should take advantage of it. That’s especially true given the fact I’ll be at DebConf 16 next week and hope to be able to talk to various people who might be hiring (and will, of course, be attending the job fair).

I’m coming to the end of my Masters in Legal Science and although it’s been fascinating I’ve made the decision that I want to return to the world of tech. I like building things too much it seems. There are various people I’ve already reached out to, and more that are on my list to contact, but I figure making it more widely known that I’m in the market can’t hurt with finding the right fit.

  • Availability: August 2016 onwards. I can wait for the right opportunity, but I’ve got a dissertation to write up so can’t start any sooner.
  • Location: Preferably Belfast, Northern Ireland. I know that’s a tricky one, but I’ve done my share of moving around for the moment (note I’ve no problem with having to do travel as part of my job). While I prefer an office environment I’m perfectly able to work from home, as long as it’s as part of a team that is tooled up for disperse workers - in my experience being the only remote person rarely works well. There’s a chance I could be persuaded to move to Dublin for the right role.
  • Type of role: I sit somewhere on the software developer/technical lead/architect spectrum. I expect to get my hands dirty (it’s the only way to learn a system properly), but equally if I’m not able to be involved in making high level technical decisions then I’ll find myself frustrated.
  • Technology preferences: Flexible. My background is backend systems programming (primarily C in the storage and networking spaces), but like most developers these days I’ve had exposure to a bunch of different things and enjoy the opportunity to learn new things.

I’m on LinkedIn and OpenHUB, which should give a bit more info on my previous experience and skill set. I know I’m light on details here, so feel free to email me to talk about what I might be able to specifically bring to your organisation.

Planet DebianPaul Wise: DebCamp16 day 4

Usual spam reporting. Review wiki RecentChanges. Rain glorious rain! Err... Update a couple of links on the debtags team page. Report Debian bug #828718 against Update links to debtags on DDPO and the old PTS. Report minor Debian bug #828722 against Update the debtags for check-all-the-things. More code and check fixes for check-all-the-things. Gravitate towards the fireplace and beat face against annoying access point, learn of wpa_cli blacklist & wpa_cli bssid from owner of devilish laptop. Ask stakeholders for feedback/commits before the impending release of check-all-the-things to Debian unstable. Meet developers of the One^WGNU Ring, discuss C++ library foo. Contribute some links to an open hardware thread. Point out the location of the Debian QA SVN repository. Clear skies at night, twinkling delight.

Krebs on SecurityScientology Seeks Captive Converts Via Google Maps, Drug Rehab Centers

Fake online reviews generated by unscrupulous marketers blanket the Internet these days. Although online review pollution isn’t exactly a hot-button consumer issue, there are plenty of cases in which phony reviews may endanger one’s life or well-being. This is the story about how searching for drug abuse treatment services online could cause concerned loved ones to send their addicted, vulnerable friends or family members straight into the arms of the Church of Scientology.

As explained in last year’s piece, Don’t Be Fooled by Fake Online Reviews Part II, there are countless real-world services that are primed for exploitation online by marketers engaged in false and misleading “search engine optimization” (SEO) techniques. These shady actors specialize in creating hundreds or thousands of phantom companies online, each with different generic-sounding business names, addresses and phone numbers. The phantom firms often cluster around fake listings created in Google Maps — complete with numerous five-star reviews, pictures, phone numbers and Web site links.

The problem is that calls to any of these phony companies are routed back to the same crooked SEO entity that created them. That marketer in turn sells the customer lead to one of several companies that have agreed in advance to buy such business leads. As a result, many consumers think they are dealing with one company when they call, yet end up being serviced by a completely unrelated firm that may not have to worry about maintaining a reputation for quality and fair customer service.

Experts say fake online reviews are most prevalent in labor-intensive services that do not require the customer to come into the company’s offices but instead come to the consumer. These services include but are not limited to locksmiths, windshield replacement services, garage door repair and replacement technicians, carpet cleaning and other services that consumers very often call for immediate service.

As it happens, the problem is widespread in the drug rehabilitation industry as well. That became apparent after I spent just a few hours with Bryan Seely, the guy who literally wrote the definitive book on fake Internet reviews.

Perhaps best known for a stunt in which he used fake Google Maps listings to intercept calls destined for the FBI and U.S. Secret Service, Seely knows a thing or two about this industry: Until 2011, he worked for an SEO firm that helped to develop and spread some of the same fake online reviews that he is now helping to clean up.

More recently, Seely has been tracking a network of hundreds of phony listings and reviews that lead inquiring customers to fewer than a half dozen drug rehab centers, including Narconon International — an organization that promotes the theories of Scientology founder L. Ron Hubbard regarding substance abuse treatment and addiction.

As described in Narconon’s Wikipedia entry, Narconon facilities are known not only for attempting to win over new converts, but also for treating all drug addictions with a rather bizarre cocktail consisting mainly of vitamins and long hours in extremely hot saunas. The Wiki entry documents multiple cases of accidental deaths at Narconon facilities, where some addicts reportedly died from overdoses of vitamins or neglect:

“Narconon has faced considerable controversy over the safety and effectiveness of its rehabilitation methods,” the Wiki entry reads. “Narconon teaches that drugs reside in body fat, and remain there indefinitely, and that to recover from drug abuse, addicts can remove the drugs from their fat through saunas and use of vitamins. Medical experts disagree with this basic understanding of physiology, saying that no significant amount of drugs are stored in fat, and that drugs can’t be ‘sweated out’ as Narconon claims.”


Source: Seely Security.


Seely said he learned that the drug rehab industry was overrun with SEO firms when he began researching rehab centers in Seattle for a family friend who was struggling with substance abuse and addiction issues. A simple search on Google for “drug rehab Seattle” turned up multiple local search results that looked promising.

One of the top three results was for a business calling itself “Drug Rehab Seattle,” and while it lists a toll-free phone number, it does not list a physical address (NB: this is not always the case with fake listings, which just as often claim the street address of another legitimate business). A click on the organization’s listing claims the Web site – a legitimate drug rehab search service. However, the owners of say this listing is unauthorized and unaffiliated with

As documented in this Youtube video, Seely called the toll-free number in the Drug Rehab Seattle listing, and was transferred to a hotline that took down his name, number and insurance information and promised an immediate call back. Within minutes, Seely said, he received a call from a woman who said she represented a Seattle treatment center but was vague about the background of the organization itself. A little digging showed that the treatment center was run by Narconon.

“You’re supposed to be getting a local drug rehab in Seattle, but instead you get taken to a call center, which can be owned by any number of rehab facilities around the country that pay legitimate vendors for calls,” Seely said. “If you run a rehab facility, you have to get people in the doors to make money. The guy who created these fake listings figured out you can use Google Maps to generate leads, and it’s free.”

TopSeek Inc.'s client list includes Narconon, a Scientology front group that recruits through a network of unorthodox addiction treatment centers.

The phony rehab establishment listed here is the third listing, which includes no physical address and routes the caller to a referral network that sells leads to Narconon, among others.

Here’s the crux of the problem: When you’re at and you search for something that Google believes to be a local search, Google adds local business results on top of the organic search results — complete with listings and reviews associated with Google Maps. Consumers might not even read them, but reviews left for businesses in this listings heavily influence their search rankings. The more reviews a business has, Seely said, the closer it gets to the coveted Number One spot in the search rankings.

That #1 rank attracts the most calls by a huge margin, and it can mean huge profits: Many rehab facilities will pay hundreds of dollars for leads that may ultimately lead to a new patient. After all, some facilities can then turn around and bill insurance providers for tens of thousands of dollars per patient.


Curious if he could track down the company or individual behind the phony review that prompted a call from Narconon, Seely began taking a closer look at the reviews for the facility he called. One reviewer in particular stood out — one “John Harvey,” a Google user who clearly has a great deal of experience with rehab centers.

A click on John Harvey’s Google Plus profile showed he reviewed no fewer than 82 phantom drug treatment centers around the country, offering very positive 5-star reviews on all of them. A brief search for John Harvey online shows that the person behind the account is indeed a guy named John Harvey from Sacramento who runs an SEO company in Kuilua, Hawaii called TopSeek Inc., which bills itself as a collection of “local marketing experts.”

A visit to the company’s Web site shows that Narconon is among four of TopSeek’s listed clients, all of which either operate drug rehab centers or are in the business of marketing drug rehab centers.

TopSeek Inc's client list includes Narconon, a Scientology front group that seeks to recruit new members via a network of unorthodox drug treatment facilities.

TopSeek Inc’s client list includes Narconon, a Scientology front group that seeks to recruit new members via a network of unorthodox drug treatment facilities.

Calls and emails to Mr. Harvey went unreturned, but it’s clear he quickly figured out that the jig was up: Just hours after KrebsOnSecurity reached out to Mr. Harvey for comment, all of his phony addiction treatment center reviews mysteriously disappeared (some of the reviews are preserved in the screenshot below).

“This guy is sitting in Hawaii saying he’s retired and that he’s not taking any more clients,” Seely said. “Well, maybe he’s going to have to come out of retirement to go into prison, because he’s committed fraud in almost every state.”

While writing fake online reviews may not be strictly illegal or an offense that could send one to jail, several states have begun cracking down on “reputation management” and SEO companies that engage in writing or purchasing fake reviews. However, it’s unclear whether the fines being enforced for violations will act as a deterrent, since those fines are likely a fraction of the revenues that shady SEO companies stand gain by engaging in this deceptive practice.

Some of John Harvey's reviews. All of these have since been deleted.

Some of John Harvey’s reviews. All of these have since been deleted.


Before doing business with a company you found online, don’t just pick the company that comes up tops in the search results on Google. Unfortunately, that generally guarantees little more than the company is good at marketing.

Take the time to research the companies you wish to hire before booking them for jobs or services, especially when it comes to big, expensive, and potentially risky services like drug rehab or moving companies. By the way, if you’re looking for a legitimate rehab facility, you could do worse than to start at the aforementioned, a legitimate rehab search engine.

It’s a good idea to get in the habit of verifying that the organization’s physical address, phone number and Web address shown in the search result match that of the landing page. If the phone numbers are different, use the contact number listed on the linked site.

Take the time to learn about the organization’s reputation online and in social media; if it has none (other than a Google Maps listing with all glowing, 5-star reviews), it’s probably fake. Search the Web for any public records tied to the business’ listed physical address, including articles of incorporation from the local secretary of state office online. A search of the company’s domain name registration records can give you an idea of how long its Web site has been in business, as well as additional details about the company and/or the organization itself.

Seely said one surefire way to avoid these marketing shell games is to ask a simple question of the person who answers the phone in the online listing.

“Ask anyone on the phone what company they’re with,” Seely said. “Have them tell you, take their information and then call them back. If they aren’t forthcoming about who they are, they’re most likely a scam.”

For the record, I requested comment on this story from Google — and specifically from the people at Google who handle Google Maps — but have yet to hear back from them. I’ll update this story in the event that changes.

Update, 7:47 p.m. ET: Google responded with the following statement: “We’re in a constant arms race with local business spammers who, unfortunately, use all sorts of tricks to try to game our system – and who’ve been a thorn in the Internet’s side for over a decade. Millions of businesses regularly make edits to their addresses, hours of operation and more, so we rely heavily on the community to help keep listings up-to-date and flag issues. But this kind of spam is a clear violation of our policies and we want to eradicate it. As spammers change their techniques, we’re continually working on new, better ways to keep them off Google Search and Maps. There’s work to do, and we want to keep doing better.”

Planet DebianScarlett Clark: Debian: Reproducible builds update

A quick update to note that I did complete extra-cmake-modules and was given the green light to push upstream and in Debian and will do so asap.
Due to circumstances out of my control, I am moving a few states over and will have to continue my efforts when I arrive at
my new place of residence in a few days. Thanks
for understanding.


Cory DoctorowI’m profiled in the Globe and Mail Report on Business magazine

The monthly Report on Business magazine in the Canadian national paper The Globe and Mail profiled my work on DRM reform, as well as my science fiction writing and my work on Boing Boing.

I’m grateful to Alec Scott for the coverage, and especially glad that the question of the World Wide Web Consortium’s terrible decision to standardize DRM as part of HTML5 is getting wider attention.

If you want learn more, here’s a FAQ, and here’s a letter you can sign onto in which we’re asking the W3C to take steps to protect security disclosures and competition on the web.

He doesn’t always have the last word with Berners-Lee, though. “I was surprised and disappointed that he recently announced that W3C was going to start standardizing DRM.…There is a sense among a lot of people that the Web is cooked.”

W3C is the World Wide Web Consortium, which Berners-Lee runs, and Doctorow is upset because it’s setting up a standardized regime for digital rights management, or DRM—the locks that tech and entertainment companies put on their products—to prevent people from sharing their wares.

Doctorow criticizes American and Canadian legislation that makes it an offence to tamper with these locks. After all, analog publishers can’t control what use purchasers make of their books. And the locks seldom help the creatives who originally produced the content. (1) In joking homage to Isaac Asimov’s laws of robotics, Doctorow has his own law: “Any time someone puts a lock on something that belongs to you and won’t give you the key, that lock isn’t there for your benefit.”

The crusader fighting lock-happy entertainment conglomerates
[Alec Scott/The Globe and Mail]

Google AdsenseCustomize your ads for a better user experience across screens

Users access your content from many different screens like phones, phablets, tablets, desktops, game consoles, TVs, and even wearables. The size and type of screens that people use are continually changing, so it’s important that your site, content, and ads adapt to any screen size.

Savvy publishers have responded by building a single “responsive” site instead of creating different sites for different screens. These sites use responsive design principles and a single set of HTML/CSS to control user experiences on multiple screens, streamlining publisher operations.

Adapting content to different screens though, isn’t enough. To ensure that users have seamless experiences with ads as well, many publishers are using AdSense ad units that are fully responsive.
These units automatically adapt to the size of the screen on which your site is being viewed. And if you find that our responsive ad code doesn't do everything you need, you may modify your ad code to better meet the requirements of your site. Among other things, you can:

  • Customize the size of ads based on the width of the screen
  • Specify the exact dimensions or proportions of the ad
  • Hide units for a particular screen width

If you’re specifying the ad unit sizes for particular screen widths, we recommend the following:
  • For screen widths up to 500px, use a 320x100 ad unit
  • For screen widths between 500px and 799px, use a 468x60 ad unit
  • For screen widths of 800px and wider, use a 728x90 ad unit
For more information, see our Help Center article that explains how to customize your ad code to respond to different scenarios. It also includes guidelines for those who are new to CSS media queries.

At AdSense, we’re committed to helping you make every interaction a user has with your brand, including the ads, a delightful one. Check out the Help Center for more details on these new ad units. Also, be sure to follow us on Google+ and Twitter we’d love to hear how you customize your code. Until next time.

Posted by Lea Wehbe, from the AdSense team

Sociological ImagesSense of Political Disenfranchisement Strongly Predicts Support for Trump

One explanation for Trump’s popularity on the political right is that supporters are attracted to him because they feel invisible to “establishment” candidates and Trump, as an “outsider” is going to “shake things up.” A survey of 3,037 Americans completed by RAND, weighted to match the US (citizen) population, suggests that there is something to this.

About six months ago, RAND asked respondents if they agreed with the statement “people like me don’t have any say about what the government does.” Responses among likely Democratic voters didn’t significantly correlate with support for either Sanders or Clinton and those among likely Republican voters didn’t significantly correlate with support for Rubio or Cruz, but responses did correlate dramatically with a preference for Trump. All other things being equal, people who “somewhat” or “strongly” agreed with the statement were 86% more likely to prefer Trump over other candidates.


“This increased preference for Trump,” RAND explains, “is over and beyond any preferences based on respondent gender, age, race/ethnicity, employment status, educational attainment, household income, attitudes towards Muslims, attitudes towards illegal immigrants, or attitudes towards Hispanics.”

Whatever else is driving Trump voters, a sense of disenfranchisement appears to be a powerful motivator.

Lisa Wade, PhD is a professor at Occidental College. She is the author of American Hookup, a book about college sexual culture, and Gender, a textbook. You can follow her on Twitter, Facebook, and Instagram.

(View original at

Planet DebianJohn Goerzen: I’m switching from git-annex to Syncthing

I wrote recently about using git-annex for encrypted sync, but due to a number of issues with it, I’ve opted to switch to Syncthing.

I’d been using git-annex with real but noncritical data. Among the first issues I noticed was occasional but persistent high CPU usage spikes, which once started, would persist apparently forever. I had an issue where git-annex tried to replace files I’d removed from its repo with broken symlinks, but the real final straw was a number of issues with the gcrypt remote repos. git-remote-gcrypt appears to have a number of issues with possible race conditions on the remote, and at least one of them somehow caused encrypted data to appear in a packfile on a remote repo. Why there was data in a packfile there, I don’t know, since git-annex is supposed to keep the data out of packfiles.

Anyhow, git-annex is still an awesome tool with a lot of use cases, but I’m concluding that live sync to an encrypted git remote isn’t quite there yet enough for me.

So I looked for alternatives. My main criteria were supporting live sync (via inotify or similar) and not requiring the files to be stored unencrypted on a remote system (my local systems all use LUKS). I found Syncthing met these requirements.

Syncthing is pretty interesting in that, like git-annex, it doesn’t require a centralized server at all. Rather, it forms basically a mesh between your devices. Its concept is somewhat similar to the proprietary Bittorrent Sync — basically, all the nodes communicate about what files and chunks of files they have, and the changes that are made, and immediately propagate as much as possible. Unlike, say, Dropbox or Owncloud, Syncthing can actually support simultaneous downloads from multiple remotes for optimum performance when there are many changes.

Combined with syncthing-inotify or syncthing-gtk, it has immediate detection of changes and therefore very quick propagation of them.

Syncthing is particularly adept at figuring out ways for the nodes to communicate with each other. It begins by broadcasting on the local network, so known nearby nodes can be found directly. The Syncthing folks also run a discovery server (though you can use your own if you prefer) that lets nodes find each other on the Internet. Syncthing will attempt to use UPnP to configure firewalls to let it out, but if that fails, the last resort is a traffic relay server — again, a number of volunteers host these online, but you can run your own if you prefer.

Each node in Syncthing has an RSA keypair, and what amounts to part of the public key is used as a globally unique node ID. The initial link between nodes is accomplished by pasting the globally unique ID from one node into the “add node” screen on the other; the user of the first node then must accept the request, and from that point on, syncing can proceed. The data is all transmitted encrypted, of course, so interception will not cause data to be revealed.

Really my only complaint about Syncthing so far is that, although it binds to localhost, the web GUI does not require authentication by default.

There is an ITP open for Syncthing in Debian, but until then, their apt repo works fine. For syncthing-gtk, the trusty version of the webupd8 PPD works in Jessie (though be sure to pin it to a low priority if you don’t want it replacing some unrelated Debian packages).

CryptogramCrowdsourcing a Database of Hotel Rooms

There's an app that allows people to submit photographs of hotel rooms around the world into a centralized database. The idea is that photographs of victims of human trafficking are often taken in hotel rooms, and the database will help law enforcement find the traffickers.

I can't speak to the efficacy of the database -- in particular, the false positives -- but it's an interesting crowdsourced approach to the problem.

Worse Than FailureLogging, Retooled

OR Route 38 erosion, Jan. 2012 storm

In every company, there is a tendency to value code that was invented in-house over code that was, to put it bluntly, Not Invented Here. There is an eternal struggle to find balance between the convenience of pre-packaged code that is not fully vetted and the trustworthiness of code they themselves have written. As is typical in these tales, Jon's company got it wrong.

When Jon was asked what logging solution he was planning to implement in his company's .NET-based application, he gave the right answer: log4net.

No sooner had he spoken, however, than the room grew quiet. The locusts could be heard clearly from outside the window, screaming their disgust at the idea. Not-here! Not-here! Not-here!

"Or ... maybe I could throw something together?" he suggested timidly.

"Splendid!" replied Jon's boss, Ned, heartily. "You can use my logger as a head start. Rolled it by hand back in my university days. It's much better than that log4net crap. Did you realize that piece of dung uses reflection? Reflection! Something as simple as a logger doesn't need anything as expensive as that."

And Ned was right, in a way. His logger didn't use reflection; it hardcoded the method name into each log call made. But that's not all. In a bid to save on "expensive" new features Ned barely understood, the logger was held to a strict 2.0 code level, despite the project using the 4.5 framework. And in a flash of coursework-inspired brillance, he had implemented his own custom stack to store incoming logs—a move that entirely undid any cost savings achieved by avoiding reflection three times over.

But Jon tried. He rewrote the stack structure, desperate to reclaim some of the cycles. He documented methods that confused him, hoping to leave the codebase better than he found it. And he tried and tried to make it work consistently.

The days turned into weeks, and the project deadlines began to slip. Ned grew sterner and sterner with every depressing status meeting. "That logger can't possibly be responsible for all this! It was fine when I wrote it!"

"But sir, if we just pull it and use Log4Net—" Jon began.

"I don't want to hear another word about Log4net! Just get the project done!"

And so it was done—weeks behind schedule, and with a tendency to drop log files in the event of a crash, just when you'd want them the most. Jon privately swore he'd never touch the logger again; come hell or high water, he'd use log4net next time and be done with it.

It was three months later before he had another chance. Another desktop app needed to be built where logs would be mission-critical in the event of a disaster.

"Sir, about the logging—" Jon piped up.

"I know what you're going to say, and I won't hear of it," Ned cut him off.

"But sir, if you'll just listen a moment—"

"I said no and that's final: there's no way you'll be using that POS logger you put into production last time! No, you're going to have to write something custom from scratch, no getting around it!"

Jon put in his custom, from scratch, two weeks' notice that very day.

[Advertisement] Onsite, remote, bare-metal or cloud – create, configure and orchestrate 1,000s of servers, all from the same dashboard while continually monitoring for drift and allowing for instantaneous remediation. Download Otter today!

Planet DebianAlessio Treglia: A – not exactly United – Kingdom


Island of Ventotene – Roman harbour

There once was a Kingdom strongly United, built on the honours of the people of Wessex, of Mercia, Northumbria and East Anglia who knew how to deal with the invasion of the Vikings from the east and of Normans from the south, to come to unify the territory under an umbrella of common intents. Today, however, 48% of them, while keeping solid traditions, still know how to look forward to the future, joining horizons and commercial developments along with the rest of Europe. The remaining 52%, however, look back and can not see anything in front of them if not a desire of isolation, breaking the European dream born on the shores of Ventotene island in 1944 by Altiero Spinelli, Ernesto Rossi and Ursula Hirschmann through the “Manifesto for a free and united Europe“. An incurable fracture in the country was born in a referendum on 23 June, in which just over half of the population asked to terminate his marriage to the great European family, bringing the UK back by 43 years of history.

<Read More…[by Fabio Marzocca]>

Planet DebianBits from Debian: DebConf16 schedule available

DebConf16 will be held this and next week in Cape Town, South Africa, and we're happy to announce that the schedule is already available. Of course, it is still possible for some minor changes to happen!

The DebCamp Sprints already started on 23 June 2016.

DebConf will open on Saturday, 2 July 2016 with the Open Festival, where events of interest to a wider audience are offered, ranging from topics specific to Debian to a wider appreciation of the open and maker movements (and not just IT-related). Hackers, makers, hobbyists and other interested parties are invited to share their activities with DebConf attendees and the public at the University of Cape Town, whether in form of workshops, lightning talks, install parties, art exhibition or posters. Additionally, a Job Fair will take place on Saturday, and its job wall will be available throughout DebConf.

The full schedule of the Debian Conference thorough the week is published. After the Open Festival, the conference will continue with more than 85 talks and BoFs (informal gatherings and discussions within Debian teams), including not only software development and packaging but also areas like translation, documentation, artwork, testing, specialized derivatives, maintenance of the community infrastructure, and other.

There will also be also a plethora of social events, such as our traditional cheese and wine party, our group photo and our day trip.

DebConf talks will be broadcast live on the Internet when possible, and videos of the talks will be published on the web along with the presentation slides.

DebConf is committed to a safe and welcome environment for all participants. See the DebConf Code of Conduct and the Debian Code of Conduct for more details on this.

Debian thanks the commitment of numerous sponsors to support DebConf16, particularly our Platinum Sponsor Hewlett Packard Enterprise.

About Hewlett Packard Enterprise

Hewlett Packard Enterprise actively participates in open source. Thousands of developers across the company are focused on open source projects, and HPE sponsors and supports the open source community in a number of ways, including: contributing code, sponsoring foundations and projects, providing active leadership, and participating in various committees.

Planet DebianPaul Tagliamonte: Hello, Sense!

A while back, I saw a Kickstarter for one of the most well designed and pretty sleep trackers on the market. I fell in love with it, and it has stuck with me since.

A few months ago, I finally got my hands on one and started to track my data. Naturally, I now want to store this new data with the rest of the data I have on myself in my own databases.

I went in search of an API, but I found that the Sense API hasn't been published yet, and is being worked on by the team. Here's hoping it'll land soon!

After some subdomain guessing, I hit on So, naturally, I went to take a quick look at their Android app and network traffic, lo and behold, there was a pretty nicely designed API.

This API is clearly an internal API, and as such, it's something that should not be considered stable. However, I'm OK with a fragile API, so I've published a quick and dirty API wrapper for the Sense API to my GitHub..

I've published it because I've found it useful, but I can't promise the world, (since I'm not a member of the Sense team at Hello!), so here are a few ground rules of this wrapper:

  • I make no claims to the stability or completeness.
  • I have no documentation or assurances.
  • I will not provide the client secret and ID. You'll have to find them on your own.
  • This may stop working without any notice, and there may even be really nasty bugs that result in your alarm going off at 4 AM.
  • Send PRs! This is a side-project for me.

This module is currently Python 3 only. If someone really needs Python 2 support, I'm open to minimally invasive patches to the codebase using six to support Python 2.7.

Working with the API:

First, let's go ahead and log in using python -m sense.

$ python -m sense
Sense OAuth Client ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Sense OAuth Client Secret: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Sense email:
Sense password: 
Attempting to log into Sense's API
Attempting to query the Sense API
The humidity is **just right**.
The air quality is **just right**.
The light level is **just right**.
It's **pretty hot** in here.
The noise level is **just right**.

Now, let's see if we can pull up information on my Sense:

>>> from sense import Sense
>>> sense = Sense()
>>> sense.devices()
{'senses': [{'id': 'xxxxxxxxxxxxxxxx', 'firmware_version': '11a1', 'last_updated': 1466991060000, 'state': 'NORMAL', 'wifi_info': {'rssi': 0, 'ssid': 'Pretty Fly for a WiFi (2.4 GhZ)', 'condition': 'GOOD', 'last_updated': 1462927722000}, 'color': 'BLACK'}], 'pills': [{'id': 'xxxxxxxxxxxxxxxx', 'firmware_version': '2', 'last_updated': 1466990339000, 'battery_level': 87, 'color': 'BLUE', 'state': 'NORMAL'}]}

Neat! Pretty cool. Look, you can even see my WiFi AP! Let's try some more and pull some trends out.

>>> values = [x.get("value") for x in sense.room_sensors()["humidity"]][:10]
>>> min(values)
>>> max(values)

I plan to keep maintaining it as long as it's needed, so I welcome co-maintainers, and I'd love to see what people build with it! So far, I'm using it to dump my room data into InfluxDB, pulling information on my room into Grafana. Hopefully more to come!

Happy hacking!


TEDGo behind the scenes at TEDSummit all week, inside the Facebook Live Studio

Live at TEDSummit

Get exclusive, behind-the-scenes access to TEDSummit inside our Facebook Live Studio. Join some of your favorite TED speakers for conversational interviews — and you can ask them your questions in the comments. See everything on TED’s Facebook page as it happens:

Here’s the schedule:

Sunday, June 26
4pm Eastern: TED speaker coaches share public-speaking tips

Monday, June 27
3:30pm Eastern: Celeste Headlee on how to have better conversations
6:30pm Eastern: Ethan Nadelmann on US drug policy

Tuesday, June 28
1pm Eastern: Eli Pariser on social media in the US election
Time TBD: Helen Fisher and Esther Perel on love and relationships

Wednesday, June 29
12:45pm EST: Nassim Assefi and Melissa Fleming on the refugee crisis
3:30pm EST: Christopher Soghoian on how to keep your data safe
6:30pm EST: Roman Mars on design in everyday life

TED Summit is a weeklong conference in Banff, Canada that celebrates the TED community, including TEDx organizers, TED-Ed educators and past TED speakers.

For more, visit:

Planet DebianSteinar H. Gunderson: Nageru 1.3.0 released

I've just released version 1.3.0 of Nageru, my live software video mixer.

Things have been a bit quiet on the Nageru front recently, for two reasons: First, I've been busy with moving (from Switzerland to Norway) and associated job change (from Google to MySQL/Oracle). Things are going well, but these kinds of changes tend to take, well, time and energy.

Second, the highlight of Nageru 1.3.0 is encoding of H.264 streams meant for end users (using x264), not just the Quick Sync Video streams from earlier versions, which work more as a near-lossless intermediate format meant for transcoding to something else later. Like with most things video, hitting such features really hard (I've been doing literally weeks of continuous stream testing) tends to expose weaknesses in upstream software.

In particular, I wanted x264 speed control, where the quality is tuned up and down live as the content dictates. This is mainly because the content I want to stream this summer (demoscene competitions) varies from the very simple to downright ridiculously complex (as you can see, YouTube just basically gives up and creates gray blocks). If you have only one static quality setting, you will have the choice between something that looks like crap for everything, and one that drops frames like crazy (or, if your encoding software isn't all that, like e.g. using ffmpeg(1) directly, just gets behind and all your clients' streams just stop) when the tricky stuff comes. There was an unofficial patch for speed control, but it was buggy, not suitable for today's hardware and not kept at all up to date with modern x264 versions. So to get speed control, I had to work that patch pretty heavily (including making it so that it could work in Nageru directly instead of requiring a patched x264)… and then it exposed a bug in x264 proper that would cause corruption when changing between some presets, and I couldn't release 1.3.0 before that fix had at least hit git.

Similarly, debugging this exposed an issue with how I did streaming with ffmpeg and the MP4 mux (which you need to be able to stream H.264 directly to HTML5 <video> without any funny and latency-inducing segmenting business); to know where keyframes started, I needed to flush the mux before each one, but this messes up interleaving, and if frames were ever dropped right in front of a keyframe (which they would on the most difficult content, even at speed control's fastest presets!), the “duration” field of the frame would be wrong, causing the timestamps to be wrong and even having pts < dts in some cases. (VLC has to deal with flushing in exactly the same way, and thus would have exactly the same issue, although VLC generally doesn't transcode variable-framerate content so well to begin with, so the heuristics would be more likely to work. Incidentally, I wrote the VLC code for this flushing back in the day, to be able to stream WebM for some Debconf.) I cannot take credit for the ffmpeg/libav fixes (that was all done by Martin Storsjö), but again, Nageru had to wait for the new API they introduce (that just signals to the application when a keyframe is about to begin, removing the need for flushing) to get into git mainline. Hopefully, both fixes will get into releases soon-ish and from there one make their way into stretch.

Apart from that, there's a bunch of fixes as always. I'm still occasionally (about once every two weeks of streaming or so) hitting what I believe is a bug in NVIDIA's proprietary OpenGL drivers, but it's nearly impossible to debug without some serious help from them, and they haven't been responding to my inquiries. Every two weeks means that you could be hitting it in a weekend's worth of streaming, so it would be nice to get it fixed, but it also means it's really really hard to make a reproducible test case. :-) But the fact that this is currently the worst stability bug (and that you can work around it by using e.g. Intel's drivers) also shows that Nageru is pretty stable these days.

Planet DebianIustin Pop: Random things of the week - brexit and the pretzel

Random things of the week

In no particular order (mostly).

Coming back from the US, it was easier dealing with the jet-lag this time; doing sports in the morning or at noon and eating light on the evening helps a lot.

The big thing of the week, that has everybody talking, is of course brexit. My thoughts, as written before on a facebook comment: Direct democracy doesn't really work if it's done once in a blue moon. Wikipedia says there have been thirteen referendums in UK since 1975, but most of them (10) on devolution issues in individual countries, and only three were UK-wide referendums (quoting from the above page): the first on membership of the European Economic Community in 1975, the second on adopting the Alternative vote system in parliamentary elections in 2011, and the third one is the current one. Which means that a referendum is done every 13 years or so.

At this frequency, people are not a) used to inform themselves on the actual issues, b) believing that your vote actually will change things, and most likely c) not taking the "direct-democracy" aspect seriously (thinking beyond the issue at hand and how will it play together with all the rest of the political decisions). The result is what we've seen, leave politicians already backpedalling on issues, and confusion that yes, leave votes actually counted.

My prognosis for what's going to happen:

  • one option, this gets magically undone, and there will be rejoicing at the barely avoided big damage (small damage already done).
  • otherwise, UK will lose significantly from the economy point of view, enough that they'll try being out of the EU officially but "in" the EU from the point of view of trade.
  • in any case, large external companies will be very wary of investing in production in UK (e.g. Japanese car manufacturers), and some will leave.
  • most of the 52% who voted leave will realise that this was a bad outcome, in around 5 years.
  • hopefully, politicians (both in the EU and in the UK) will try to pay more attention to inequality (here I'm optimistic).

We'll see what happens though. Reading comments on various websites still make me cringe at how small some people think: "independence" from the EU when the real issue is EU versus the other big blocks—US, China, in the future India; and "versus" not necessarily in a conflict sense, but simply as negotiating power, economic treaties, etc.

Back to more down-to-earth things: this week was quite a good week for me. Including commutes, my calendar turned out quite nice:

Week calendar

The downside was that most of those were short runs or bike sessions. My runs are now usually 6.5K, and I'll try to keep to that for a few weeks, in order to be sure that bone and ligaments have adjusted, and hopefully keep injuries away.

On the bike front, the only significant thing was that I did as well the Zwift Canyon Ultimate Pretzel Mission, on the last day of the contest (today): 73.5Km in total, 3h:27m. I've done 60K rides on Zwift before, so the first 60K were OK, but the last ~5K were really hard. Legs felt like logs of wood, I was only pushing very weak output by the end although I did hydrate and fuel up during the ride. But, I was proud of the fact that on the last sprint (about 2K before the end of the ride), I had ~34s, compared to my all-time best of 29.2s. Was not bad after ~3h20m of riding and 1300 virtual meters of ascent. Strava also tells me I got 31 PRs on various segments, but that's because I rode on some parts of Watopia that I never rode before (mostly the reverse ones).

Overall, stats for this week: ~160Km in total (virtual and real, biking and running), ~9 hours spent doing sports. Still much lower than the amount of time I was playing computer games, so it's a net win ☺

Have a nice start of the week everyone, and keep doing what moves you forward!

Planet DebianPaul Wise: DebCamp16 day 3

Review, approve chromium, gnome-terminal and radeontop screenshots. Disgusted to see the level of creativity GPL violators have. Words of encouragement on #debian-mentors. Pleased to see Tails reproducible builds funding by Mozilla. Point out build dates in versions leads to non-reproducible builds. Point out apt-file search to someone looking for a binary of kill. Review wiki RecentChanges. Alarmingly windy. Report important Debian bug #828215 against unattended-upgrades. Clean up some code in check-all-the-things and work on fixing Debian bug #826089. Wind glorious wind! Much clearer day, nice view of the mountain. More check-all-the-things code clean up and finish up fixing Debian bug #826089. Twinkling city lights and more wind. Final code polish during dinner/discussion. Wandering in the wind amongst the twinklies. Whitelisted one user in the wiki anti-spam system. Usual spam reporting.

Planet DebianMichal Čihař: Troja bridge in Prague

I think it's time to renew tradition of photography posts on this blog. I will start with pictures taken few weeks ago on Troja bridge, which is the newest bridge over the Vltava river in Prague.

Filed under: Debian English Photography | 0 comments

TEDTEDSummit 2016 kicks off: Photo gallery

It’s the Saturday before the start of TEDSummit, and while the conference staff are prepping and speakers are rehearsing, a few of the tribes gathering this week in Banff got things started a little early.

The TEDx Global Forum, an advisory group of TEDx hosts from all over the world, met up on Saturday to think on big questions about the TEDx program … and where it can grow next.

TEDx Global Forum at TEDSummit 2016, June 25, 2016, Banff, Canada. Photo: Marla Aufmuth / TED

Two TEDx hosts connect before the TEDx Global Forum meeting at TEDSummit 2016, June 25, 2016, Banff, Canada. Photo: Marla Aufmuth / TED

Post-it notes on a windo reflect the mountains of Banff outside, in a scene from the TEDx Global Forum meeting at TEDSummit 2016, June 25, 2016, Banff, Canada. Photo: Marla Aufmuth / TED

Post-it notes on a window reflect the mountains of Banff outside, in a scene from the TEDx Global Forum meeting at TEDSummit 2016, June 25, 2016, Banff, Canada. Photo: Marla Aufmuth / TED

Our TED Fellows also started the conference early; TEDSummit brings together past fellows from many different years, so they took time to reconnect at a dinner Friday night, then rehearsed their talks on Saturday morning — then took a gorgeous hike.

Musician "Blinky" Bill Sellanga, TED Fellows director Tom Rielly, physicist Jedidah Isler and entrepreneur Sangu Delle reconnect at a dinner for the TED Fellows at TEDSummit 2016, June 25, 2016, Banff, Canada. Photo: Ryan Lash / TED

Musician “Blinky” Bill Sellanga, TED Fellows director Tom Rielly, physicist Jedidah Isler and entrepreneur Sangu Delle connect at a Friday-night dinner for the TED Fellows at TEDSummit 2016, June 24, 2016, Banff, Canada. Photo: Ryan Lash / TED

TED Fellow Majala Mlagui on a hike before TEDSummit 2016, June 26, 2016, Banff, Canada. Photo: Ryan Lash / TED

TED Fellow Majala Mlagui on a Saturday afternoon hike at TEDSummit 2016, June 25, 2016, Banff, Canada. Photo: Ryan Lash / TED

And the gathering tribe of TED Translators shared dinner and a ride on Lake Louise before their Sunday workshop.

50 TED Translators gather at TEDSummit 2016, June 25, 2016, Banff, Canada. Photo: Marla Aufmuth / TED

50 TED Translators gather at TEDSummit 2016, June 25, 2016, Banff, Canada. Photo: Marla Aufmuth / TED

TED Translators connect at the TEDSummit 2016, Banff, Canada. Photo: Marla Aufmuth / TED

TED Translators connect at the TEDSummit 2016, Banff, Canada. Photo: Marla Aufmuth / TED

While all this was going on, our conference team was hard at work getting the big show ready for the arrival of the main body of conference attendees. The conference kicks off Sunday night; look for coverage of the mainstage talks here and on the @TEDTalks Twitter account.

Backstage at TEDSummit 2016 in the Eric Harvie Theatre at the Banff Centre, June 26, 2016, Banff, Canada. Photo: Marla Aufmuth / TED

Backstage at TEDSummit 2016 in the Eric Harvie Theatre at the Banff Centre, June 25, 2016, Banff, Canada. Photo: Marla Aufmuth / TED

And all around us, Banff just keeps on Banffing:

Banff, Canada. Photo: Bret Hartman / TED

Banff, Canada. Photo: Bret Hartman / TED


Planet DebianVasudev Kamath: Integrating Cython extension with setuptools and unit testing

I was reviewing changes for indic-trans as part of GSoC 2016. The module is an improvisation for our original transliteration module which was doing its job by substitution.

This new module uses machine learning of some sort and utilizes Cython, numpy and scipy. Student had kept pre-compiled shared library in the git tree to make sure it builds and passes the test. But this was not correct way. I started looking at way to build these files and remove it from the code base.

There is a cython documentation for distutils but none for setuptools. Probably it is similar to other Python extension integration into setuptools, but this was first time for me so after a bit of searching and trial and error below is what I did.

We need to use Extensions class from setuptools and give it path to modules we want to build. In my case beamsearch and viterbi are 2 modules. So I added following lines to

from setuptools.extension import Extension
from Cython.Build import cythonize

extensions = [


First argument to Extensions is the module name and second argument is a list of files to be used in building the module. The additional inculde_dirs argument is not normally necessary unless you are working in virtualenv. In my system the build used to work without this but it was failing in Travis CI, so added it to fix the CI builds. OTOH it did work without this on Circle CI.

Next is provide this extensions to ext_modules argument to setup as shown below


And for the reference here is full after modifications.

#!/usr/bin/env python

from setuptools import setup
from setuptools.extension import Extension
from Cython.Build import cythonize

import numpy

extensions = [


So now we can build the extensions (shared library) using following command.

python build_ext

Another challenge I faced was missing extension when running test. We use pbr in above project and testrepository with subunit for running tests. Looks like it does not build extensions by default so I modified the Makefile to build the extension in place before running test. The travis target of my Makefile is as follows.

     [ ! -d .testrepository ] || \
             find .testrepository -name "times.dbm*" -delete
     python build_ext -i
     python test --coverage \
     flake8 --max-complexity 10 indictrans

I had to build the extension in place using -i switch. This is because other wise the tests won't find the indictrans._decode.beamsearch and indictrans._decode.viterbi modules. What basically -i switch does is after building shared library symlinks it to the module directory, in ourcase indictrans._decode

The test for existence of .testrepository folder is over come this bug in testrepository which results in test failure when running tests using tox.

Planet DebianKevin Avignon: Tech questions 1-9 : LINQ questions

Hey guys, This is a new series I will try to maintain to the best of my capabilities. I have this awesome blogger who happens to be also a Microsoft MVP called Iris Classon. After her first year of programming, she started to ask and get answers for what she’d call “stupid question”. Why would … Continue reading Tech questions 1-9 : LINQ questions

Planet DebianClint Adams: A local script for local people

This isn't actually answering the question, but it's close. It's also horrible, so whoever adopts Enrico's script should also completely rewrite this or burn it along with the stack of pizza boxes and the grand piano.



set -e



# this doesn't handle hokey fetch failures
#(for fpr in $(hkt list --keyring ${keyring} --output-format JSON | jq '.[].publickey.fpr')
#  hokey fetch --keyserver "${keyserver}" --validation-method MatchPrimaryKeyFingerprint "${(Q)fpr}"
#done) >${NEWKEYS}
#gpg2 --no-default-keyring --keyring ${NEWKEYRING} --import ${NEWKEYS}

cp "${keyring}" "${NEWKEYRING}"
gpg2 --no-default-keyring --keyring ${NEWKEYRING} --refresh

hkt findpaths --keyring ${NEWKEYRING} '' '' '' > ${PATHS}
id=$(awk -F, "/${myfpr})\$/ {sub(/\(/,BLANKY,\$1);print \$1;}" ${PATHS})
grep -e ",\[${id}," -e ",${id}\]" ${PATHS} | sort -n | tail -n 10 > ${FARTHEST_TEN}
targetids=(${(f)"${$((sed 's/^.*\[//;s/,.*$//;' ${FARTHEST_TEN}; sed 's/\])$//;s/.*,//;' ${FARTHEST_TEN}) | sort -n -u | grep -v "^${id}$")}"})
targetfprs=($(for i in ${targetids}; do awk -F, "/\(${i},[^[]/ {sub(/\)/,BLANKY,\$2); print \$2}" ${PATHS}; done))
gpg2 --no-default-keyring --keyring ${NEWKEYRING} --list-keys ${targetfprs}


pub   rsa4096/0x664F1238AA8F138A 2015-07-14 [SC]
      Key fingerprint = 3575 0B8F B6EF 95FF 16B8  EBC0 664F 1238 AA8F 138A
uid                   [ unknown] Daniel Lange <>
sub   rsa4096/0x03BEE1C11DB1954B 2015-07-14 [E]

pub   rsa4096/0xDF23DA3396978EB3 2014-09-05 [SC]
      Key fingerprint = BBBC 58B4 5994 CF9C CC56  BCDA DF23 DA33 9697 8EB3
uid                   [  undef ] Michael Meskes <>
uid                   [  undef ] Michael Meskes <>
uid                   [  undef ] Michael Meskes <>
uid                   [  undef ] Michael Meskes <>
sub   rsa4096/0x85C3AFFECF0BF9B5 2014-09-05 [E]
sub   rsa4096/0x35D857C0BBCB3B25 2014-11-04 [S]

pub   rsa4096/0x1E953E27D4311E58 2009-07-12 [SC]
      Key fingerprint = C2FE 4BD2 71C1 39B8 6C53  3E46 1E95 3E27 D431 1E58
uid                   [  undef ] Chris Lamb <>
uid                   [  undef ] Chris Lamb <>
uid                   [  undef ] Chris Lamb <>
sub   rsa4096/0x72B3DBA98575B3F2 2009-07-12 [E]

pub   rsa4096/0xDF6D76C44D696F6B 2014-08-15 [SC] [expires: 2017-06-03]
      Key fingerprint = 1A6F 3E63 9A44 67E8 C347  6525 DF6D 76C4 4D69 6F6B
uid                   [ unknown] Sven Bartscher <>
uid                   [ unknown] Sven Bartscher <>
uid                   [ unknown] Sven Bartscher <>
sub   rsa4096/0x9E83B071ED764C3A 2014-08-15 [E]
sub   rsa4096/0xAEB25323217028C2 2016-06-14 [S]

pub   rsa4096/0x83E33BD7D4DD4CA1 2015-11-12 [SC] [expires: 2017-11-11]
      Key fingerprint = 0B5A 33B8 A26D 6010 9C50  9C6C 83E3 3BD7 D4DD 4CA1
uid                   [ unknown] Jerome Charaoui <>
sub   rsa4096/0x6614611FBD6366E7 2015-11-12 [E]
sub   rsa4096/0xDB17405204ECB364 2015-11-12 [A] [expires: 2017-11-11]

pub   rsa4096/0xF823A2729883C97C 2014-08-26 [SC]
      Key fingerprint = 8ED6 C3F8 BAC9 DB7F C130  A870 F823 A272 9883 C97C
uid                   [ unknown] Lucas Kanashiro <>
uid                   [ unknown] Lucas Kanashiro <>
sub   rsa4096/0xEE6E5D1A9C2F5EA6 2014-08-26 [E]

pub   rsa4096/0x2EC0FFB3B7301B1F 2014-08-29 [SC] [expires: 2017-04-06]
      Key fingerprint = 76A2 8E42 C981 1D91 E88F  BA5E 2EC0 FFB3 B730 1B1F
uid                   [ unknown] Niko Tyni <>
uid                   [ unknown] Niko Tyni <>
uid                   [ unknown] Niko Tyni <>
sub   rsa4096/0x129086C411868FD0 2014-08-29 [E] [expires: 2017-04-06]

pub   rsa4096/0xAA761F51CC10C92A 2016-06-20 [SC] [expires: 2018-06-20]
      Key fingerprint = C9DE 2EA8 93EE 4C86 BE73  973A AA76 1F51 CC10 C92A
uid                   [ unknown] Roger Shimizu <>
sub   rsa4096/0x2C2EE1D5DBE7B292 2016-06-20 [E] [expires: 2018-06-20]
sub   rsa4096/0x05C7FD79DD03C4BB 2016-06-20 [S] [expires: 2016-09-18]

Note that this completely neglects potential victims who are unconnected within the KSP set.

Planet DebianNiels Thykier: Anti-declarative packaging – top 15 build-helpers inserting maintscripts

Debian packages can run arbitrary code via “maintainer scripts” (sometimes shortened into “maintscripts”) during installation/removal etc. While they certainly have their use cases, their failure modes causes “exciting” bugs like “fails to install” or the dreaded “fails to remove”.

They also have other undesirable effects such as:

  • Bugs in/Updates to auto-generated snippets require a rebuild of all packages (not to mention the obvious code-duplication in all packages).
  • In case of circular dependencies[1] all having “postinst” scripts, dpkg will have to guess which package to configure first.
  • They require forking a shell at least once for each maintscript.
  • They complicate the implementations of e.g. detached chroot creation.

Accordingly, I think we should aim for a more declarative packaging style.  To help facilitate this, I have implemented 3 tracking tags in Lintian.

With these, we were able to learn that 73.5% of all packages do not have any of these scripts.  But I can now also produce a list of helpers that insert the most maintainer script snippets. The current top 15 is:

  1. “dhpython” with 3775 instances
    • This is an umbrella for all helpers using dh-python’s python module, see #827774.
  2. dh_installmenu with 1861 instances
  3. dh_makeshlibs with 1396 remaining instances
  4. dh_installinit with 1224 instances
  5. dh_python2 with 1168 instances
  6. dh_installdebconf with 772 instances
  7. dh_installdeb with 754 instances
    • These are the dpkg-maintscript-helper snippets for “rm_conffile”, “mv_conffile” etc.  Hopefully in the near future, dpkg will support these directly.
  8. dh_systemd_enable with 447 instances
  9. dh_installemacsen with 179 instances
  10. dh_icons with 165 instances
  11. dh_installtex with 137 instances
  12. dh_apache2 with 117 instances
  13. dh_installudev with 98 instances
  14. dh_installxfonts with 87 instances
  15. dh_systemd_start with 79 instances

With this list, it seems to me that some obvious focus areas would be:

  • Replacing the python scripts (I presume it is the byte-code handling, but I have not looked at this at all)
  • Migrating away from menu files
  • Support enabling + starting/stopping/restarting a service declaratively.
    • This might have a “hidden” requirement on declaratively creating service users if we want these packages to become truly “maintscript-less”.

Eventually we will also have to dig through all the “manual” maintainer scripts. But I think we got plenty to start with.:)


[1] For some, circular dependencies in itself is an issue. I can certainly appreciate them as being suboptimal, but most of the issues we have are probably caused by insufficient tooling rather than a theoretical issue (that is, if we remove all postinst scripts).

Filed under: Debhelper, Debian, Lintian

Planet DebianKevin Avignon: Shaping your profesional skills structure

Hey guys, So, professional shaped skills… What’s that. Basically, it’s the form your skills take concerning your expertise in your individual field(s). This form will depend on both depth and broadness. Trying to learn as many things as possible will lead to little depth and a large broadness of skills. The exact opposite leads to … Continue reading Shaping your profesional skills structure


Sociological ImagesHow the Childfree Decide

Media have tended to depict childfree people negatively, likening the decision not to have children to “whether to have pizza or Indian for dinner.” Misperceptions about those who do not have children have serious weight, given that between 2006 and 2010 15% of women and 24% of men had not had children by age 40, and that nearly half of women aged 40-44 in 2002 were what Amy Blackstone and Mahala Dyer Stewart refer to as “childfree,” or purposefully not intending to have children.

Trends in childlessness/childfreeness from the Pew Research Center:


Blackstone and Stewart’s forthcoming 2016 article in The Family Journal, “There’s More Thinking to Decide”: How the Childfree Decide Not to Parent, engages the topic and extends the scholarly and public work Blackstone has done, including her shared blog, We’re Not Having a Baby.

When researchers explore why people do not have children, they find that the reasons are strikingly similar to reasons why people do have children. For example, “motivation to develop or maintain meaningful relationships” is a reason that some people have children – and a reason that others do not. Scholars are less certain on how people come to the decision to to be childfree. In their new article, Blackstone and Stewart find that, as is often the case with media portrayals of contemporary families, descriptions of how people come to the decision to be childfree have been oversimplified. People who are childfree put a significant amount of thought into the formation of their families, as they report.

Blackstone and Stewart conducted semi-structured interviews with 21 women and 10 men, with an average age of 34, who are intentionally childfree. After several coding sessions, Blackstone and Stewart identified 18 distinct themes that described some aspect of decision-making with regard to living childfree. Ultimately, the authors concluded that being childfree was a conscious decision that arose through a process. These patterns were reported by both men and women respondents, but in slightly different ways.

Childfree as a conscious decision

All but two of the participants emphasized that their decision to be childfree was made consciously. One respondent captured the overarching message:

People who have decided not to have kids arguably have been more thoughtful than those who decided to have kids. It’s deliberate, it’s respectful, ethical, and it’s a real honest, good, fair, and, for many people, right decision.

There were gender differences in the motives for these decisions. Women were more likely to make the decision based on concern for others: some thought that the world was a tough place for children today, and some did not want to contribute to overpopulation and environmental degradation. In contrast, men more often made the decision to live childfree “after giving careful and deliberate thought to the potential consequences of parenting for their own, everyday lives, habits, and activities and what they would be giving up were they to become parents.”

Childfree as a process

Contrary to misconceptions that the decision to be childfree is a “snap” decision, Blackstone and Stewart note that respondents conceptualized their childfree lifestyle as “a working decision” that developed over time. Many respondents had desired to live childfree since they were young; others began the process of deciding to be childfree when they witnessed their siblings and peers raising children. Despite some concrete milestones in the process of deciding to be childfree, respondents emphasized that it was not one experience alone that sustained the decision. One respondent said, “I did sort of take my temperature every five, six, years to make sure I didn’t want them.” Though both women and men described their childfree lifestyle as a “working decision,” women were more likely to include their partners in that decision-making process by talking about the decision, while men were more likely to make the decision independently.

Blackstone and Stewart conclude by asking, “What might childfree families teach us about alternative approaches to ‘doing’ marriage and family?” The present research suggests that childfree people challenge what is often an unquestioned life sequence by consistently considering the impact that children would have on their own lives as well as the lives of their family, friends, and communities. One respondent reflected positively on childfree people’s thought process: ‘‘I wish more people thought about thinking about it… I mean I wish it were normal to decide whether or not you were going to have children.’’

Braxton Jones is a graduate student in sociology at the University of New Hampshire, and serves as a Graduate Research and Public Affairs Scholar for the Council on Contemporary Families, where this post originally appeared.

(View original at

CryptogramComparing Messaging Apps

Michah Lee has a nice comparison among Signal, WhatsApp, and Allo.

In this article, I'm going to compare WhatsApp, Signal, and Allo from a privacy perspective.

While all three apps use the same secure-messaging protocol, they differ on exactly what information is encrypted, what metadata is collected, and what, precisely, is stored in the cloud ­- and therefore available, in theory at least, to government snoops and wily hackers.

In the end, I'm going to advocate you use Signal whenever you can -­ which actually may not end up being as often as you would like.

EDITED TO ADD (6/25): Don't use Telegram.

Planet DebianPaul Wise: DebCamp16 day 2

Review wiki RecentChanges since my bookmark. Usual spam reporting. Mention microG on #debian-mobile. Answer pkg-config question on #debian-mentors. Suggest using UUIDs in response to a debian-arm query. Reported Debian bug #828103 against needrestart. A giant yellow SOS crane between the balcony hacklab and a truly misty city. Locate the 2014 Debian & stuff podcast on Poke the SPARC porters in response to a suggestion on debian-www. Mention systemctl daemon-reload wrt buildd service changes. Automate updating some extension lists from check-all-the-things. Reported wishlist Debian bug #828128 against debsources. Engage lizard mode! Wish for better display technology. Nice vegetarian food with nice folks and interesting discussions with interesting locals. Polish and release check-all-the-things. Close bugs I forgot to close in the changelog. Add link to debian-boot on Debootstrap wiki page. Notice first mockup of a theme for Debian stretch. Answer a question about package naming on #debian-mentors. Discuss the future of cross compilation on Debian. Notice a talk about FOSSology & update a wiki page. Mention AsteroidOS and MaruOS on the mobile wiki page. Contemplate how close to the FSDG Debian might be and approaches to improving that.

Planet DebianDimitri John Ledkov: Post-Brexit - The What Now?

Out of 46,500,001 electorate 17,410,742 voted to leave, which is a mere 37.4% or just over a third. [source]. On my books this is not a clear expression of the UK wishes.

The reaction that the results have caused are devastating. The Scottish First Minister has announced plans for 2nd Scottish Independence referendum [source]. Londoners are filing petitions calling for Independent London [source, source]. The Prime Minister announced his resignation [source]. Things are not stable.

I do not believe that super majority of the electorate are in favor of leaving the EU. I don't even believe that those who voted to leave have considered the break up of the UK as the inevitable outcome of the leave vote. There are numerous videos on the internet about that, impossible to quantify or reliably cite, but for example this [source]

So What Now?


I urge everyone to start protesting the outcome of the mistake that happened last Thursday. 4th of July is a good symbolic date to show your discontent with the UK governemnt and a tiny minority who are about to cause the country to fall apart with no other benefits. Please stand up and make yourself heard.
  • General Strikes 4th & 5th of July
There are 64,100,000 people living in the UK according to the World Bank, maybe the government should fear and listen to the unheard third. The current "majority" parliament was only elected by 24% of electorate.

It is time for people to actually take control, we can fix our parliament, we can stop austerity, we can prevent the break up of the UK, and we can stay in the EU. Over to you.

ps. How to elect next PM?

Electing next PM will be done within the Conservative Party, and that's kind of a bummer, given that the desperate state the country currently is in. It is not that hard to predict that Boris Johnson is a front-runner. If you wish to elect a different PM, I urge you to splash out 25 quid and register to be a member of the Conservative Party just for one year =) this way you will get a chance to directly elect the new Leader of the Conservative Party and thus the new Prime Minister. You can backdoor the Conservative election here.

Sociological ImagesA Sociology of Brexit: What Motivated the “Leave”?

Will Davies, a politics professor and economic sociologist at Goldsmiths, University of London, summarized his thoughts on Brexit for the Political Economy and Research Centre, arguing that the split wasn’t one of left and right, young and old, racist or not racist, but center and the periphery. You can read it in full there, or scroll down for my summary.


Many of the strongest advocates for Leave, many have noted, were actually among the beneficiaries of the UK’s relationship with the EU. Small towns and rural areas receive quite a bit of financial support. Those regions that voted for Leave in the greatest numbers, then, will also suffer some of the worst consequences of the Leave. What motivated to them to vote for a change that will in all likelihood make their lives worse?

Davies argues that the economic support they received from their relationship with the EU was paired with a culturally invisibility or active denigration by those in the center. Those in the periphery lived in a “shadow welfare state” alongside “a political culture which heaped scorn on dependency.”

Davies uses philosopher Nancy Fraser’s complementary ideas of recognition and redistribution: people need economic security (redistribution), but they need dignity, too (recognition). Malrecognition can be so psychically painful that even those who knew they would suffer economically may have been motivated to vote Leave. “Knowing that your business, farm, family or region is dependent on the beneficence of wealthy liberals,” writes Davies, “is unlikely to be a recipe for satisfaction.”

It was in this context that the political campaign for Leave penned the slogan: “Take back control.” In sociology we call this framing, a way of directing people to think about a situation not just as a problem, but a particular kind of problem. “Take back control” invokes the indignity of oppression. Davies explains:

It worked on every level between the macroeconomic and the psychoanalytic. Think of what it means on an individual level to rediscover control. To be a person without control (for instance to suffer incontinence or a facial tick) is to be the butt of cruel jokes, to be potentially embarrassed in public. It potentially reduces one’s independence. What was so clever about the language of the Leave campaign was that it spoke directly to this feeling of inadequacy and embarrassment, then promised to eradicate it. The promise had nothing to do with economics or policy, but everything to do with the psychological allure of autonomy and self-respect.

Consider the cover of the Daily Mail praising the decision and calling politicians “out-of-touch” and the EU “elite” and “contemptuous”:2

From this point of view, Davies thinks that the reward wasn’t the Leave, but the vote itself, a veritable middle finger to the UK center and the EU “eurocrats.” They know their lives won’t get better after a Brexit, but they don’t see their lives getting any better under any circumstances, so they’ll take the opportunity to pop a symbolic middle finger. That’s all they think they have.

And that’s where Davies thinks the victory  of the Leave vote parallels strongly with Donald Trump’s rise in the US:

Amongst people who have utterly given up on the future, political movements don’t need to promise any desirable and realistic change. If anything, they are more comforting and trustworthy if predicated on the notion that the future is beyond rescue, for that chimes more closely with people’s private experiences.

Some people believe that voting for Trump might in fact make things worse, but the pleasure of doing so — of popping a middle finger to the Republican party and political elites more generally — would be satisfaction enough. In this sense, they may be quite a lot like the Leavers. For the disenfranchised, a vote against pragmatism and solidarity may be the only satisfaction that this election, or others, is likely to get them.

Lisa Wade, PhD is a professor at Occidental College. She is the author of American Hookup, a book about college sexual culture, and Gender, a textbook. You can follow her on Twitter, Facebook, and Instagram.

(View original at


CryptogramFriday Squid Blogging: Bioluminescence as Camouflage


There is one feature of the squid that is not transparent and which could act as a signal to prey ­ the eyes. However, the squid has a developed protection here as well. The large eyes of the squid are camouflaged with bioluminescence.

Underneath the eyes of the squid are silvery patches of cells called photophores. These provide under surface bioluminescence which adds to the camouflage. The cells leak put light in multiple directions that effectively make the squid invisible when viewed from above. The resultant glowing blur makes the eyes of the glass squid less conspicuous to predator approaching from a variety of angles.

Research paper.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Cory DoctorowHow to protect the future web from its founders’ own frailty

Earlier this month, I gave the afternoon keynote at the Internet Archive’s Decentralized Web Summit, and my talk was about how the people who founded the web with the idea of having an open, decentralized system ended up building a system that is increasingly monopolized by a few companies — and how we can prevent the same things from happening next time.

The speech was very well received — it got a standing ovation — and has attracted a lot of discussion since.

Jonke Suhr has done me the service of transcribing the talk, which will facilitate translating it into other languages as well as making it accessible to people who struggle with video. Many thanks, Jonke!

This is also available as an MP3 and a downloadable video.

I’ve included an edited version below:

So, as you might imagine, I’m here to talk to you about dieting advice. If you ever want to go on a diet, the first thing you should really do is throw away all your Oreos.

It’s not that you don’t want to lose weight when you raid your Oreo stash in the middle of the night. It’s just that the net present value of tomorrow’s weight loss is hyperbolically discounted in favor of the carbohydrate rush of tonight’s Oreos. If you’re serious about not eating a bag of Oreos your best bet is to not have a bag of Oreos to eat. Not because you’re weak willed. Because you’re a grown up. And once you become a grown up, you start to understand that there will be tired and desperate moments in your future and the most strong-willed thing you can do is use the willpower that you have now when you’re strong, at your best moment, to be the best that you can be later when you’re at your weakest moment.

And this has a name: It’s called a Ulysses pact. Ulysses was going into Siren-infested waters. When you go into Siren-infested waters, you put wax in your ears so that you can’t hear what the Sirens are singing, because otherwise you’ll jump into the sea and drown. But Ulysses wanted to hear the Sirens. And so he came up with a compromise: He had his sailors tie him to the mast, so that when he heard the call of the Sirens, even though he would beg and gibber and ask them to untie him, so that he could jump into the sea, he would be bound to the mast and he would be able to sail through the infested waters.

This is a thing that economists talk about all the time, it’s a really critical part of how you build things that work well and fail well. Now, building a Web that is decentralized is a hard thing to do, and the reason that the web ceases to be decentralized periodically is because it’s very tempting to centralize things. There are lots of short term gains to be had from centralizing things and you want to be the best version of yourself, you want to protect your present best from your future worst.

The reason that the Web is closed today is that people just like you, the kind of people who went to Doug Engelbart’s demo in 1968, the kind of people who went to the first Hackers conference, people just like you, made compromises, that seemed like the right compromise to make at the time. And then they made another compromise. Little compromises, one after another.

And as humans, our sensory apparatus is really only capable of distinguishing relative differences, not absolute ones. And so when you make a little compromise, the next compromise that you make, you don’t compare it to the way you were when you were fresh and idealistic. You compare it to your current, “stained” state. And a little bit more stained hardly makes any difference. One compromise after another, and before you know it, you’re suing to make APIs copyrightable or you’re signing your name to a patent on one-click purchasing or you’re filing the headers off of a GPL library and hope no one looks too hard at your binaries. Or you’re putting a backdoor in your code for the NSA.

And the thing is: I am not better than the people who made those compromises. And you are not better than the people who made those compromises. The people who made those compromises discounted the future costs of the present benefits of some course of action, because it’s easy to understand present benefits and it’s hard to remember future costs.

You’re not weak if you eat a bag of Oreos in the middle of the night. You’re not weak if you save all of your friends’ mortgages by making a compromise when your business runs out of runway. You’re just human, and you’re experiencing that hyperbolic discounting of future costs because of that immediate reward in the here and now. If you want to make sure that you don’t eat a bag of Oreos in the middle of the night, make it more expensive to eat Oreos. Make it so that you have to get dressed and find your keys and figure out where the all-night grocery store is and drive there and buy a bag of Oreos. And that’s how you help yourself in the future, in that moment where you know what’s coming down the road.

The answer to not getting pressure from your bosses, your stakeholders, your investors or your members, to do the wrong thing later, when times are hard, is to take options off the table right now. This is a time-honored tradition in all kinds of economic realms. Union negotiators, before they go into a tough negotiation, will say: “I will resign as your negotiator, before I give up your pension.” And then they sit down across the table from the other side, and the other side says “It’s pensions or nothing”. And the union leaders say: “I hear what you’re saying. I am not empowered to trade away the pensions. I have to quit. They have to go elect a new negotiator, because I was elected contingent on not bargaining away the pensions. The pensions are off the table.”

Brewster has talked about this in the context of code, he suggested that we could build distributed technologies using the kinds of JavaScript libraries that are found in things like Google Docs and Google Mail, because no matter how much pressure is put on browser vendors, or on technology companies in general, the likelihood that they will disable Google Docs or Google Mail is very, very low. And so we can take Google Docs hostage and use it as an inhuman shield for our own projects.

The GPL does this. Once you write code, with the GPL it’s locked open, it’s irrevocably licensed for openness and no one can shut it down in the future by adding restrictive terms to the license. The reason the GPL works so well, the reason it became such a force for locking things open, is that it became indispensable. Companies that wanted to charge admission for commodity components like operating systems or file editors or compilers found themselves confronted with the reality that there’s a huge difference between even a small price and no price at all, or no monetary price. Eventually it just became absurd to think that you would instantiate a hundred million virtual machines for an eleventh of a second and get a license and a royalty for each one of them.

And at that point, GPL code became the only code that people used in cloud applications in any great volume, unless they actually were the company that published the operating system that wasn’t GPL’d. Communities coalesced around the idea of making free and open alternatives to these components: GNU/Linux, Open- and LibreOffice, git, and those projects benefited from a whole bunch of different motives, not always the purest ones. Sometimes it was programmers who really believed ethically in the project and funded their own work, sometimes talent was tight and companies wanted to attract programmers, and the way that they got them to come through the door is by saying: “We’ll give you some of your time to work on an ethical project and contribute code to it.”

Sometimes companies got tactical benefits by zeroing out the margins on their biggest competitor’s major revenue stream. So if you want to fight with Microsoft, just make Office free. And sometimes companies wanted to use but not sell commodity components. Maybe you want to run a cloud service but you don’t want to be in the operating system business, so you put a bunch of programmers on making Linux better for your business, without ever caring about getting money from the operating system. Instead you get it from the people who hire you to run their cloud.

Everyone of those entities, regardless of how they got into this situation of contributing to open projects, eventually faced hard times, because hard times are a fact of life. And systems that work well, but fail badly, are doomed to die in flames. The GPL is designed to fail well. It makes it impossible to hyperbolically discount the future costs of doing the wrong thing to gain an immediate benefit. When your investor or your acquisition suitor or your boss say “Screw your ethics, hippie, we need to make payroll”, you can just pull out the GPL and say: “Do you have any idea how badly we will be destroyed if we violate copyright law by violating the GPL?”

It’s why Microsoft was right to be freaked out about the GPL during the Free and Open Source wars. Microsoft’s coders were nerds like us, they fell in love with computers first, and became Microsoft employees second. They had benefited from freedom and openness, they had cated out BASIC programs, they had viewed sources, and they had an instinct towards openness. Combining that with the expedience of being able to use FLOSS, like not having to call a lawyer before you could be an engineer, and with the rational calculus, that if they made FLOSS, that when they eventually left Microsoft they could keep using the code that they had made there, meant that Microsoft coders and Microsoft were working for different goals. And the way they expressed that was in how they used and licensed their code.

This works so well that for a long time, nobody even knew if the GPL was enforceable, because nobody wanted to take the risk of suing and setting a bad precedent. It took years and years for us to find out in which jurisdictions we could enforce the GPL.

That brings me to another kind of computer regulation, something that has been bubbling along under the surface for a long time, at least since the Open Source wars, and that’s the use of Digital Rights Management (DRM) or Digital Restrictions Management, as some people call it. This is the technology that tries to control how you use your computer. The idea is that you have software on the computer that the user can’t override. If there is remote policy set on that computer that the user objects to, the computer rejects the user’s instruction in favor of the remote policy. It doesn’t work very well. It’s very hard to stop people who are sitting in front of a computer from figuring out how it works and changing how it works. We don’t keep safes in bank robbers’ living rooms, not even really good ones.

But we have a law that protects it, the Digital Millennium Copyright Act (DMCA), it’s been around since 1998 and it has lots of global equivalents like section 6 of the EUCD in Europe, implemented all across the EU member states. In New Zealand they tried to pass a version of the DMCA and there were uprisings and protests in the streets, they actually had to take the law off the books because it was so unpopular. And then the Christchurch earthquake hit and a member of parliament reintroduced it as a rider to the emergency relief bill to dig people out of the rubble. In Canada it’s Bill C-11 from 2011. And what it does is, it makes it a felony to tamper with those locks, a felony punishable by 500,000 dollars fine and five years in jail for a first offense. It makes it a felony to do security auditing of those locks and publish information about the flaws that are present in them or their systems.

This started off as a way to make sure that people who bought DVDs in India didn’t ship them to America. But it is a bad idea whose time has come. It has metastasized into every corner of our world. Because if you put just enough DRM around a product that you can invoke the law, then you can use other code, sitting behind the DRM, to control how the user uses that product, to extract more money. GM uses it to make sure that you can’t get diagnostics out of the car without getting a tool that they license to you, and that license comes with a term that says you have to buy parts from GM, and so all repair shops for GM that can access your diagnostic information have to buy their parts from GM and pay monopoly rents.

We see it in insulin pumps, we see it in thermostats and we see it in the “Internet of Things rectal thermometer”, which debuted at CES this year, which means we now have DRM restricted works in our asses. And it’s come to the web. It’s been lurking in the corners of the web for a long time. But now it’s being standardized at the World Wide Web Consortium (W3C) to something called Encrypted Media Extensions (EME). The idea of EME is that there is conduct that users want to engage in that no legislature in the world has banned, like PVR’ing their Netflix videos. But there are companies that would prefer that conduct not to be allowed. By wrapping the video with just enough DRM to invoke the DMCA, you can convert your commercial preference to not have PVRs (which are no more and no less legal than the VCR was when in 1984 the Supreme Court said you can record video off your TV) into something with the force of law, whose enforcement you can outsource to national governments.

What that means, is that if you want to do interoperability without permission, if you want to do adversarial interoperability, if you want to add a feature that the manufacturer or the value chain doesn’t want, if you want to encapsulate Gopher inside of the Web to launch a web browser with content form the first day, if you want to add an abstraction layer that lets you interoperate between two different video products so that you can shop between them and find out which one has the better deal, that conduct, which has never been banned by a legislature, becomes radioactively illegal.

It also means, that if you want to implement something that users can modify, you will find yourself at the sharp end of the law, because user modifiability for the core components of the system is antithetical to its goals of controlling user conduct. If there’s a bit you can toggle that says “Turn DRM off now”, then if you turn that bit off, the entire system ceases to work. But the worst part of all is that it makes browsers into no-go zones for security disclosures about vulnerabilities in the browser, because if you know about a vulnerability you could use it to weaken EME. But you could also use it to attack the user in other ways.

Adding DRM to browsers, standardizing DRM as an open standards organization, that’s a compromise. It’s a little compromise, because after all there’s already DRM in the world, and it’s a compromise that’s rational if you believe that DRM is inevitable. If you think that the choice is between DRM that’s fragmented or DRM that we get a say in, that we get to nudge into a better position, then it’s the right decision to make. You get to stick around and do something to make it less screwed up later, as opposed to being self-marginalized by refusing to participate at all.

But if DRM is inevitable, and I refuse to believe that it is, it’s because individually, all across the world, people who started out with the best of intentions made a million tiny compromises that took us to the point where DRM became inevitable, where the computers that are woven into our lives, with increasing intimacy and urgency, are designed to control us instead of being controlled by us. And the reasons those compromises were made is because each one of us thought that we were alone and that no one would have our back, that if we refuse to make the compromise, the next person down the road would, and that eventually, this would end up being implemented, so why not be the one who makes the compromise now.

They were good people, those who made those compromises. They were people who were no worse than you and probably better than me. They were acting unselfishly. They were trying to preserve the jobs and livelihoods and projects of people that they cared about. People who believed that others would not back their play, that doing the right thing would be self-limiting. When we’re alone, and when we believe we’re alone, we’re weak.

It’s not unusual to abuse standards bodies to attain some commercial goal. The normal practice is to get standards bodies to incorporate your patents into a standard, to ensure that if someone implements your standard, you get a nickel every time it ships. And that’s a great way to make rent off of something that becomes very popular. But the W3C was not armtwisted about adding patents back into standards. That’s because the W3C has the very best patents policy of any standards body in the world. When you come to the W3C to make a standard for the web, you promise not to use your patents against people who implement that standard. And the W3C was able to make that policy at a moment in which it was ascendant, in which people were clamoring to join it, in which it was the first moments of the Web and in which they were fresh.

The night they went on a diet, they were able to throw away all the Oreos in the house. They were where you are now, starting a project that people around the world were getting excited about, that was showing up on the front page of the New York Times. Now that policy has become the ironclad signifier of the W3C. What’s the W3C? It’s the open standards body that’s so open, that you don’t get to assert patents if you join it. And it remains intact.

How will we keep the DMCA from colonizing the Locked Open Web? How will we keep DRM from affecting all of us? By promising to have each others’ backs. By promising that by participating in the Open Web, we take the DMCA off the table. We take silencing security researchers, we take blocking new entrances to the market off the table now, when we are fresh, when we are insurgent, before we have turned from the pirates that we started out as into the admirals that some of us will become. We take that option off the table.

The EFF has proposed a version of this at the W3C and at other bodies, where we say: To be a member, you have to promise not to use the DMCA to aggress against those, who report security vulnerabilities in W3C standards, and people who make interoperable implementations of W3C standards. We’ve also proposed that to the FDA, as a condition of getting approval for medical implants, we’ve asked them to make companies promise in a binding way never to use the DMCA to aggress against security researchers. We’ve taken it to the FCC, and we’re taking it elsewhere. If you want to sign an open letter to the W3C endorsing this, email me:

But we can go further than that, because Ulysses pacts are fantastically useful tools for locking stuff open. It’s not just the paper that you sign when you start your job, that takes a little bit of money out of your bank account every month for your 401k, although that works, too. The U.S. constitution is a Ulysses pact. It understands that lawmakers will be corrupted and it establishes a principal basis for repealing the laws that are inconsistent with the founding principles as well as a process for revising those principles as need be.

A society of laws is a lot harder to make work than a society of code or a society of people. If all you need to do is find someone who’s smart and kind and ask them to make all your decisions for you, you will spend a lot less time in meetings and a lot more time writing code. You won’t have to wrangle and flame or talk to lawyers. But it fails badly. We are all of us a mix of short-sighted and long-term, depending on the moment, our optimism, our urgency, our blood-sugar levels…

We must give each other moral support. Literal moral support, to uphold the morals of the Decentralized Web, by agreeing now what an open internet is and locking it open. When we do that, if we create binding agreements to take certain kinds of conduct off the table for anything that interoperates with or is part of what we’re building today, then our wise leaders tomorrow will never be pressurized to make those compromises, because if the compromise can’t be made, there is no point in leaning on them to make it.

We must set agreements and principles that allow us to resist the song of the Sirens in the future moments of desperation. And I want to propose two key principles, as foundational as life, liberty, and the pursuit of happiness or the First Amendment:

1) When a computer receives conflicting instructions from its owner and from a remote party, the owner always wins.

Systems should always be designed so that their owners can override remote instructions and should never be designed so that remote instructions can be executed if the owner objects to them. Once you create the capacity for remote parties to override the owners of computers, you set the stage for terrible things to come. Any time there is a power imbalance, expect the landlord, the teacher, the parent of the queer kid to enforce that power imbalance to allow them to remotely control the device that the person they have power over uses.

You will create security risks, because as soon as you have a mechanism that hides from the user, to run code on the user’s computers, anyone who hijacks that mechanism, either by presenting a secret warrant or by breaking into a vulnerability in the system, will be running in a privileged mode that is designed not to be interdicted by the user.

If you want to make sure that people show up at the door of the Distributed Web asking for backdoors, to the end of time, just build in an update mechanism that the user can’t stop. If you want to stop those backdoor requests from coming in, build in binary transparency, so that any time an update ships to one user that’s materially different from the other ones, everybody gets notified and your business never sells another product. Your board of directors will never pressurize you to go along with the NSA or the Chinese secret police to add a backdoor, if doing so will immediately shut down your business.

Throw away the Oreos now.

Let’s also talk about the Computer Fraud and Abuse Act. This is the act that says if you exceed your authorization on someone else’s computer, where that authorization can be defined as simply the terms of service that you click through on your way into using a common service, you commit a felony and can go to jail. Let’s throw that away, because it’s being used routinely to shut down people who discover security vulnerabilities in systems.

2) Disclosing true facts about the security of systems that we rely upon should never, ever be illegal.

We can have normative ways and persuasive ways of stopping people from disclosing recklessly, we can pay them bug bounties, we can have codes of conduct. But we must never, ever give corporations or the state the legal power to silence people who know true things about the systems we entrust our lives, safety, and privacy to.

These are the foundational principles. Computers obey their owners, true facts about risks to users are always legal to talk about. And I charge you to be hardliners on these principles, to be called fanatics. If they are not calling you puritans for these principles you are not pushing hard enough. If you computerize the world, and you don’t safeguard the users of computers form coercive control, history will not remember you as the heroes of progress, but as the blind handmaidens of future tyranny.

This internet, this distributed internet that we are building, the Redecentralization of the Internet, if it ever succeeds, will someday fail, because everything fails, because overwhelmingly, things are impermanent. What it gives rise to next, is a function of what we make today. There’s a parable about this:

The state of Roman metallurgy in the era of chariots, determined the wheel base of a Roman chariot, which determined the width of the Roman road, which determined the width of the contemporary road, because they were built atop the ruins of the Roman roads, which determined the wheel base of cars, which determined the widest size that you could have for a container that can move from a ship, to a truck, to a train, which determined the size of a train car, which determined the maximum size of the Space Shuttle’s disposable rockets.

Roman metallurgy prefigured the size of the Space Shuttle’s rockets.

This is not entirely true, there are historians who will explain the glosses in which it’s not true. But it is a parable about what happens when empires fall. Empires always fall. If you build a glorious empire, a good empire, an empire we can all be proud to live in, it will someday fall. You cannot lock it open forever. The best you can hope for is to wedge it open until it falls, and to leave behind the materials, the infrastructure that the people who reboot the civilization that comes after ours will use to make a better world.

A legacy of technology, norms and skills that embrace fairness, freedom, openness and transparency, is a commitment to care about your shared destiny with every person alive today and all the people who will live in the future.

Cory Doctorow: “How Stupid Laws and Benevolent Dictators can Ruin the Decentralized Web, too”
[Transcript by Jonke Suhr]

Rondam RamblingsI no longer believe in democracy

I used to believe in democracy, not because I thought it produced the best outcomes (it clearly doesn't) but because by giving people at least the illusion of having a say in the matter it encourages them to become engaged in the political process and, more importantly, to accept the results without resorting to violence.  At least in America the checks-and-balances built in to the system keep

Planet DebianPaul Wise: DebCamp16 day 1

Hating jetlag based headache. Disturbed to see the Brexit result. Review wiki RecentChanges. Answer some questions about Launchpad on #debian-mentors. Whitelisted one user in the wiki anti-spam system. Reviewed and sponsored yamllint 1.2.2-1 upload. Noted OFSET repo is broken and updated Freeduc info. Noted the Epidemic-Linux website is having database issues. Noted that Facebook finally completely dropped their RSS feeds, dropped Facebook RSS feed URL generation from the Debian derivatives census scripts and notified the affected derivatives. Cleared up Tanglu hash sum mismatches again. Minor changes to Planet Debian derivatives. Enjoyed the photos from Valessio. Hazy city away from the mountain and tablecloth clouds flowing over the mountain on the way to a pub lunch. Jet lag headaches seem to be subsiding thankfully. Ping someone generating a bounce when changing their SSH key. Mention autorevision and other suggestions in an IRC discussion about mesa & reproducible builds. Review some DebConf16 announcements and add minor fix. Push out some TODO items to check-all-the-things. Ask for a dd-list for the GCC 6 transition. Usual spam reporting throughout the day via manual List-Archive copy-paste, feeding mboxen to my report-spam-debian-lists and report-spam-debian-bugs scripts and manual BTS clicks. Usual wondering why there isn't an RFC for MUA spam reporting. Disturbed by the sudden appearance of an astronautess in the orga room but placated by a plentiful supply of crisps. Ask x32 folks about vs x32 on ports.d.o. Glad to just avoid the room shuffle dance. Finish mime support for check-all-the-things. Disappointed that does not actually resolve. Amused by pollito's virtual tour of UTC. Completely stuffed full of Butleritos.

Krebs on SecurityHow to Spot Ingenico Self-Checkout Skimmers

A KrebsOnSecurity story last month about credit card skimmers found in self-checkout lanes at some Walmart locations got picked up by quite a few publications. Since then I’ve heard from several readers who work at retailers that use hundreds of thousands of these Ingenico credit card terminals across their stores, and all wanted to know the same thing: How could they tell if their self-checkout lanes were compromised? This post provides a few pointers.

Happily, just days before my story point-of-sale vendor Ingenico produced a tutorial on how to spot a skimmer on self checkout lanes powered by Ingenico iSC250 card terminals. Unfortunately, it doesn’t appear that this report was widely disseminated, because I’m still getting questions from readers at retailers that use these devices.

The red calipers in the image above show the size differences in various noticeable areas of the case overlay on the left compared to the actual ISC250 on the right. Source: Ingenico.

The red calipers in the image above show the size differences in various noticeable areas of the case overlay on the left compared to the actual iSC250 on the right. Source: Ingenico.

“In order for the overlay to fit atop the POS [point-of-sale] terminal, it must be longer and wider than the target device,” reads a May 16, 2016 security bulletin obtained by KrebsOnSecurity. “For this reason, the case overlay will appear noticeably larger than the actual POS terminal. This is the primary identifying characteristic of the skimming device. A skimmer overlay of the iSC250 is over 6 inches wide and 7 inches tall while the iSC250 itself is 5 9/16 inch wide and 6 1⁄2 inches tall.”

In addition, the skimming device that thieves can attach in the blink of an eye on top of the Ingenico self-checkout card reader blocks the backlight from coming through the fake PIN pad overlay.

The backlight can be best seen while shading the keypad from room lights. The image on the left is a powered-on legitimate ISC250 viewed with the keypad shaded. The backlight can be seen in comparison to a powered-off ISC250 in the right image. Source: Ingenico.

The backlight can be best seen while shading the keypad from room lights. The image on the left is a powered-on legitimate iSC250 viewed with the keypad shaded. The backlight can be seen in comparison to a powered-off iSC250 in the right image. Source: Ingenico.

What’s more, the skimming overlay devices currently block the green LED light that is illuminated during contactless card reads like Apple Pay.

The green LED light that is lit up during contactless payments is obscured by the overlay skimmer. Source: Ingenico.

The green LED light that is lit up during contactless payments is obscured by the overlay skimmer. Source: Ingenico.

The overlay skimming devices pictured here include their own tiny magnetic read heads to snarf card data from the magnetic stripe when customers swipe their cards. Consequently, those tiny readers often interfere with the legitimate magnetic card reader on the underlying device, meaning compromised self-checkout lines may move a bit slower than others.

“The overlay design appears to occasionally interfere with the magnetic stripe reads, leading to greater numbers of read failures,” Ingenico wrote.

Finally, all checkout terminals include a tethered stylus that customers use to sign their names after swiping their cards. According to Ingenico, the skimmers made to fit the iSC250 appear to prevent the ordinary placement of the stylus due to the obtrusive overhang of the skimmer overlay.

The overlay skimmer on the left blocks the stylus tray. The picture on the right is a device that's not been attacked.

The overlay skimmer on the left blocks the stylus tray. The picture on the right is a device that’s not been attacked.

It’s probably true that posting information like this online gives skimmer scammers an opportunity to improve their product and to make the telltale giveaways less noticeable. However, this only goes so far without significantly driving up the cost of these overlay skimmers. Each iSC250 skimmer already retails for a few hundred bucks apiece — and that’s without the electronics needed to gather and store card data. The up-front cost of these fraud devices is important because the fraudsters have no guarantee they will be able to recover their skimmers before the devices are discovered.

On the other hand, as I mentioned earlier there are countless nationwide retailers that have hundreds of thousands of these Ingenico devices installed in self-checkout lanes, and that in turn means millions of employees and customers who are the first lines of defense against skimmers. The more people know about what to look for in these fraud devices, the more likely the fraudsters will lose their up-front investments — and maybe even get busted trying to retrieve them.

Planet DebianJoey Hess: twenty years of free software -- part 5 pristine-tar

I've written retrospectively about pristine-tar before, when I stopped maintaining it. So, I'll quote part of that here:

[...] a little bit about the reason I wrote pristine-tar in the
first place. There were two reasons:

1. I was once in a talk where someone mentioned that Ubuntu had/was
   developing something that involved regenerating orig tarballs
   from version control.
   I asked the obvious question: How could that possibly be done
   The (slightly hung over) presenter did not have a satesfactory
   response, so my curiosity was piqued to find a way to do it.
   (I later heard that Ubuntu has been using pristine-tar..)

2. Sometimes code can be subversive. It can change people's perspective
   on a topic, nudging discourse in a different direction. It can even
   point out absurdities in the way things are done. I may or may not
   have accomplished the subversive part of my goals with pristine-tar.

Code can also escape its original intention. Many current uses of
pristine-tar fall into that category. So it seems likely that some
people will want it to continue to work even if it's met the two goals
above already.

For me, the best part of building pristine-tar was finding an answer to the question "How could that possibly be done technically?" It was also pretty cool to be able to use every tarball in Debian as the test suite for pristine-tar.

I'm afraid I kind of left Debian in the lurch when I stopped maintaining pristine-tar.

"Debian has probably hundreds, if not thousands of git repositories using pristine-tar. We all rely now on an unmaintained, orphaned, and buggy piece of software." -- Norbert Preining

So I was relieved when it finally got a new maintainer just recently.

Still, I don't expect I'll ever use pristine-tar again. It's the only software I've built in the past ten years that I can say that about.

Next: ?twenty years of free software -- part 6 moreutils

Planet DebianKevin Avignon: Tech questions 10-17: FP questions

Hey guys, Today’s post is to make you understand that even is oriented-object programming (OOP) feels now finally natural and exquisite, they are better ways to design and implement your solutions to make them better and of course, safer. My goal today is to make you want to adopt a functional mindset when creating software … Continue reading Tech questions 10-17: FP questions

CryptogramUsing Social Media to Discover Hidden Wealth

Stories of burglars using social media to figure out who's on vacation are old hat. Now financial investigators are using social media to find hidden wealth.

Worse Than FailureError'd: It Ain't Over Til It's Over

"Countdowns are hard, particularly once they run out!" writes Peter.


Valts S. wrote, "Steam lures you in with what looks like a good deal and then bends how addition works."


"This used to be just a 16 megabyte SD card, but Disk Utility knows it has potential," writes Andrew C.


Simon N. wrote, "Thank goodness the details of my order are correct else I'd have no recourse!"


"One must ask themselves - is this a case of accidental labeling or the rise of the burger dogs?" wrote Sam.


Jake M. writes, "There's the right way to get people to use your app, and then there's the wrong way...guess which one this is."


"There's just no pleasing some web login forms," wrote Jacob.


[Advertisement] Otter allows you to easily create and configure 1,000's of servers, all while maintaining ease-of-use, and granular visibility down to a single server. Find out more and download today!

Planet DebianNorbert Preining: Rest in peace UK

I am mourning for the UK. I feel so much pain and pity for all my good friends over there. Stupidity has won again. Good bye UK, your long reign has found its end. The rest is silence.




(Graphic from The Guardian – EU referendum results in full)

Planet DebianNorbert Preining: Debian/TeX Live 2016.20160623-1

About one month has passed since we did release TeX Live 2016, and more than a month since the last Debian packages, so it is high time to ship out a new checkout of upstream. Nothing spectacular new here, just lots and lots of updates since the freeze.


I am dedicating this release to those intelligent beings who voted against the stupid Brexit and for remaining in the EC! – I am still optimist!

New packages

aucklandthesis, autobreak, cquthesis, getargs, hustthesis, ietfbibs, linop, markdown, olsak-misc, optidef, sanitize-umlaut, umbclegislation, wordcount, xcntperchap.

Updated packages

academicons, achemso, acmart, acro, animate, apa6, arabluatex, archaeologie, babel-hungarian, beamertheme-epyt, beebe, biblatex-abnt, biblatex-anonymous, biblatex-bookinother, biblatex-caspervector, biblatex-chicago, biblatex-manuscripts-philology, biblatex-morenames, biblatex-opcit-booktitle, biblatex-philosophy, biblatex-realauthor, biblatex-source-division, biblatex-subseries, bidi, bookcover, bxjscls, caption, chemformula, chemmacros, circuitikz, cloze, cochineal, context, csplain, cstex, datetime2, denisbdoc, dvipdfmx-def, epstopdf, erewhon, exsol, fbb, fibeamer, fithesis, fontawesome, fontspec, fonts-tlwg, geschichtsfrkl, getmap, glossaries, glossaries-extra, graphics, graphics-cfg, gregoriotex, gzt, he-she, hook-pre-commit-pkg, hyperref, ifluatex, keyvaltable, koma-script, l3build, latex, latex-bin, limap, lollipop, lshort-chinese, luaotfload, luatex85, luatex-def, luatexja, lua-visual-debug, marginnote, mcf2graph, media9, minted, mptopdf, msu-thesis, musixtex, navigator, nwejm, oberdiek, patchcmd, pdfcomment, pdftex-def, pdfx, pkuthss, platex, pstricks, ptex, ptex2pdf, ptex-base, ptex-ng, reledmac, repere, scheme-xml, sduthesis, showlabels, tableaux, tcolorbox, tex4ht, texinfo, texlive-scripts, tex-overview, textpos, tools, translations, tudscr, unicode-data, uplatex, uptex, xassoccnt, xcharter, xetex, xindy, yathesis, ycbook.



Planet DebianPaul Wise: DebCamp16 day 0

Today is officially the first day of DebCamp 2016. The night wasn't as cold as I had feared. Woke at 5am for some reason. Noted the network still blocks port 6697 and 7000, worked around in IRC client configuration using 9999. Reply to network discussion to point that out. Minor changes to the empathy Debian RTC wiki page. Answer support@mentors.d.n bug email about shared company OpenPGP keys and suggest moving to individual keys. Review wiki RecentChanges. Comment on NetworkManager upstream bug #705545 that MAC address privacy is a complicated feature with many use cases. Warn another person that reporting Alioth to SpamCop does nothing and link to the unsubscription URL. Talk to Brown about IP address conflict sparc64 porters found with the setup of notker (sparc64 build machine). Filed Debian wishlist bug #827944 against at asking for support for using an editor to write at jobs. Woke up properly, discussed spam over breakfast. Notice Point Linux in the Distrowatch feed and invite them to the derivatives census. Point out reproducible builds in a discussion about source-only uploads. Commented that I encountered evolution upstream crash bug #680471 again. Reported gnome-shell upstream crash bug #767969. Joined the tour around the campus, enjoyed the view from the outdoor hacklab at the top of the hill. Confirmed that "Monkey Gland" from the pub menu is not in fact derived from monkeys in any way. Noted that Pollito did not eat chicken from the buffet. Beat head against VPN/SIP/WebRTC for a while but oncoming jetlag put me out of business for some hours. Pointed out the future Packages.gz removal in favour of Packages.xz to the popcon developers.

Sociological ImagesWill the Democrat Sit In for Gun Control Work? A Measured Consideration

Democratic members of the US House of Representatives sat in on the floor of the House, demanding recorded votes on gun control measures. Rep. John Lewis (Georgia) made the speech that launched the effort, and was framed at the center of most of the photos; after all, he has an unrivaled record for participating in such efforts that dates back to the sit-in movement of 1960.

Click image to watch the video:


They’re grandstanding, hoping to the play to the crowd by violating the norms and rules of the House where, under normal circumstances, a member of the minority party can’t do much on matters of policy. Appealing to the public is their best shot to get a vote, but it’s not a very good one; and it’s extremely unlikely that anything gun control advocates in the House want could win majority support in that body. The members sat on the floor in the well of the House, likely the most comfortable surface Rep. Lewis has ever protested on, without much fear of arrest or violence. The presiding officer, always from the majority party, adjourned the session, turning off CSPAN’s cameras – seeking to deny Democrats the audience they seek. But the protesters are livestreaming on a variety of social media. It’s not quite so easy to control the flow of images and information anymore.

The Democratic revolt in the House is yet another response to the mass shooting in Orlando, which once again reminded Americans – and their representatives – that it’s very easy for dangerous people you don’t like to get powerful weapons. The sit-in is also an attempt to escalate the political conflict and make more of the generally fleeting moment of public attention that follows such a tragedy. We’ve all seen it many times before: a mass shooting captures public attention and sets the agenda, but only briefly, and a familiar political ritual plays out: Advocates of gun control hold vigils and make speeches; advocates of gun rights mostly stay silent on matters of policy, and offer thoughts and prayers for the victims and their families. And the moment passes.

In normal political life, when  everyone isn’t talking about guns all the time, the gun rights side of the debate enjoys a substantial advantage, particularly visible in the National Rifle Association, which deploys more money, more active membership, and calls upon more well-positioned allies than its opponents, who come and  go. Gun control advocates have been “outgunned, outmanned, outnumbered, outplanned” (to quote Hamilton).

Since the tragic massacre of school children in Newtown, Connecticut, gun control advocates have been building organizations and  an infrastructure for action. They have been better able to exploit the moment of a massacre, and less willing to allow their opponents to stall until concern passes.

Last week, Senator Chris Murphy, who previously represented Newtown in the House, staged a filibuster of sorts in the Senate, monopolizing the floor while standing, not sitting, and talking about the need for action. In the upper house, a Senator can hold the floor as long as he can stand and talk. Most Democrats, and a couple of Republicans, joined Senator Murphy for part of 15 hours, offering sympathetic questions and taking up some of the talking. The leadership agreed to hold votes on four gun control bills, and Murphy stopped talking. The next day, the Senate rejected all of them.

Movement on policy? Not so much, and not so fast, but all of this sets up further contest in the November elections.

Meanwhile, other advocates are prospecting another strategy that operates with different rules and on an alternative schedule. Parents of some of the massacred students at Sandy Hook Elementary School have filed a product liability suit against Remington Arms, the company the  manufactures and markets the AR-15 Bushmaster, the weapon used in the mass murder. (See Evan Osnos’s report at The New Yorker.) By pursuing their argument about deceptive marketing, they hope to publicize the workings of the arms industry, contributing to a political debate that’s only slowly emerging. America offers many outlets for people to try to organize for change, none of them very easy or fast.

Nothing gun control advocates have tried has affected national policy for more than twenty years. As public concern and political resources grow, however, they keep trying to innovate new approaches, hoping that something works before the next time.

David S. Meyer, PhD, is a professor of sociology and political science at the University of California, Irvine. He blogs at Politics Outdoors, where this post originally appeared, and where he offers comments on contemporary events informed by history and the study of social movements. 

(View original at

Google AdsenseFour ways to boost your ad viewability on mobile

What’s ad viewability and how is it measured? In this post we'll look at those questions and offer four ways to make your ads more viewable and profitable on mobile screens.

What’s viewability?

Most of us know that ads used to be measured by impressions: if a page loaded, and the ad was anywhere on that page, that counted. There was an obvious problem with this: if the ad was below the fold of the page, and the user didn't scroll down to see it, there wasn’t a chance for that ad to be seen. And ads that can’t be seen, don’t deliver results and can’t drive the impact that Advertisers are looking for.

Advertisers today want more transparency and effectiveness, and that's where ad viewability comes in. Now, by Media Rating Council and IAB standards, a
display ad is counted as viewable when at least 50% of the ad is within the viewable space on the user’s screen for one second or more.

That means an ad unit on the first screen ("above the fold") will be counted as viewable if a user opens the screen for one second, but an ad below the first screen will not be counted unless the viewer scrolls down. Check out this interactive demo to see how viewability works first hand.

Why does viewability matter?

Advertisers naturally tend to bid more for viewable impressions because they have a higher chance of being seen and as a result more likely to engage an advertiser's target audience. 

Smart advertisers are paying closer attention to the ads that they are paying for and are looking to ensure that the ads they buy have a chance to be seen by users. One way to track viewability is to check the Active View index in AdSense; it shows the percentage of ads that are viewable out of the total number of ads counted on the page. If one out of two ads are viewable, the rating is 50%.  

Viewability helps both advertisers and publishers. It lets advertisers identify their high- and low-value inventory and adjust budgets and targets to maximize reach and ROI. As they learn which inventory has the highest viewability, advertisers can better set their advertising strategies.

For publishers like you, focusing on viewability will increase the long-term value of your inventory. If an ad unit is rarely viewed, you may learn that viewers don't scroll to that area, quickly scroll past it, or that the ad size or format may need adjustment. You can discover the most (and least) valuable spots on your pages and optimize your ad units accordingly, rather than just scattering as many ads as possible.

How do I create more viewable impressions on mobile?

While numbers vary, a viewability index of around 50% is fairly typical. In general, the higher the index, the more people are seeing your ads ― although few sites reach 100%. On smaller mobile screens, publishers should consider which ad sizes earn them the most in different placements on their pages.

Here are four ways publishers can optimize their mobile viewability:

  1. Replace 320x50 ad units with 320x100. Revenue per thousand impressions (RPM) tend to increase when you move to the large mobile banner ad. By using the 320x100 ad unit, you allow the 320x50 ad to compete as well, doubling the fill-rate competition. The best practice is to put the ad just above the fold.
  2. Use 300x250 ads for a potential increase in fill rates and RPMs. 300x250 is built to fit most mobile screens. It also tends to have a high fill rate (and higher RPMs) since many advertisers prefer this size. Research has shown that a 300x250 ad unit placed just below the fold could generate an approximate 50% viewability rate, helping you to maximize the impact of your ad space.
  3. Cut accidental clicks by moving ads at least 150 pixels away from content. As you improve viewability, you can also improve the user experience and decrease spam rates by leaving room between ads and the context. 150 pixels of space is a good starting point; test and adjust to see what works best with your content.
  4. Use page-level ads designed for mobile devices. To keep pace with the trend to mobile, Google AdSense has launched two kinds of page-level ads: anchor ads and vignettes. Both are designed to increase mobile viewability. Anchor ads, as their name implies, stick to the bottom of the page as the user scrolls. They are smooth and easily dismissed, and they are typically reserved for high RPM ads. 

Vignettes are full-screen ads that appear as users move between pages on a website. These pre-loaded ads display immediately as the user leaves a page, so there's no waiting, and users can dismiss them at any time. Vignettes are reserved for the highest-paying ad impressions.


Viewability is a publisher's friend. It can help you understand the real performance of every ad to improve your strategy for ad formats and placement. It can also help you increase your revenues in a smarter way. 

Viewability is still relatively new in digital advertising. More and more advertisers are taking the index into account as they allocate future budgets. If you're a publisher, it's a good idea to get ahead of the curve on viewability data and start making adjustments now. Take a look at this infographic for more best practices on how to improve the viewability of your site.

Posted by Silu Luo, from the AdSense Team

Planet DebianJaminy Prabaharan: GSoC-Journey till Mid term

Hi readers,

Here comes my journey till the mid-term (June 21st) as a blog to share my experience.

I  have previously worked on some social related projects such as “smart guidance for blind” and “sensor based wireless controller”. I have been selected as a speaker for FOSSASIA-16 (Asia’s premier technological event)to talk on the project “smart guidance for blind”.FOSSASIA speakers. It was a great experience participating in the technological event in Singapore science centre.Got an opportunity to meet open source contributors from all over the world(even though it is an Asian event, participation was all over from the world). There were pre-meetups for FOSSASIA on the day before three-day event.I have attended the one organised by RedHat, Singapore.Discussed on many topics related to open source.

Three days of FOSSASIA event was a great experience.It was the second time as a speaker in an international conference.My talk was on the second day.Sharing is the best way to increase your knowledge. Talks and workshops were brainstorming.Learnt many new things and got the courage to contribute to the open source.Met Daniel Pocock in Debian exhibition table.Meeting awesome people can be the turning point of life.Had a discussion about the Debian projects and it motivated me for open source software.We have discussed about the Real Time Communication and was encouraged to apply for GSoC  (Google Summer of Code). As per our discussion, prepared the project proposal on “improving voice,video and chat communication with free software” and submitted it for GSoC. I have been selected to contribute for Debian with stipend from Google.

This was my first application for GSoC and I have been selected to contribute for open source and free software. I would like to thank Google and Debian for giving this amazing experience.

Learning and coding have begun.Updated my laptop with Jessie, latest version of Debian.Get acquainted with the new platform.Got to learn many things about Real Time Communication.Learnt more about SIP, XMPP, peer-to-peer technology to work on my project.It’s always better to be clear with theory before coding.When it comes to voice and video over IP, most people nowadays are quick to use Skype, Whatsapp, or Viber. My main goals of the project are helping people to avoid using proprietary communications tools like Skype, Viber and WhatsApp and simplifying the setup of free alternatives like Jitsi, Linphone, Ekiga, Tox (qtox), Mumble.Downloaded some of the already available open source VoIP to find the problems behind it and improve it further.Bootstrapping any business relevant network based on these free alternatives is still hard.

Would you like to list the senders, receivers and date of the messages in the inbox  of your mail.Python has a library file IMAP which can be used to connect to an email account, examine every message in every folder and look at the “To”, “From” and “CC” headers of every email message in the folder.

Do you have phone numbers and other contact details in old emails? Would you like a quick way to data-mine your inbox to find them and help migrate them to your address book? Got the help from phonenumbers library for parsing, formatting, and validating international phone numbers.I would like to share how I imported this library file into my coding.Download the given library file and open the file in the terminal.Type

$ python install

to install the library file.Now you can call the functions by importing phonenumbers.

You can go through the code in my GitHub profile here.(Recently started committing my projects in GitHub)

Iain R. Learmonth joined my journey as a mentor.Helped in solving some issues in my coding through GitHub.

It was a wonderful journey till now.Will be working further to improve voice, video and chat communication with free software.Stay connected to know more about my  further journey through GSoC.


Planet DebianJonathan McDowell: Fixing missing text in Firefox

Every now and again I get this problem where Firefox won’t render text correctly (on a Debian/stretch system). Most websites are fine, but the odd site just shows up with blanks where the text should be. Initially I thought it was NoScript, but turning that off didn’t help. Daniel Silverstone gave me a pointer today that the pages in question were using webfonts, and that provided enough information to dig deeper. The sites in question were using Cantarell, via:

src: local('Cantarell Regular'), local('Cantarell-Regular'), url(cantarell.woff2) format('woff2'), url(cantarell.woff) format('woff');

The Firefox web dev inspector didn’t show it trying to fetch the font remotely, so I removed the local() elements from the CSS. That fixed the page, letting me pinpoint the problem as a local font issue. I have fonts-cantarell installed so at first I tried to remove it, but that breaks gnome-core. So instead I did an fc-list | grep -i cant to ask fontconfig what it thought was happening. That gave:

/usr/share/fonts/opentype/cantarell/Cantarell-Regular.otf.dpkg-tmp: Cantarell:style=Regular
/usr/share/fonts/opentype/cantarell/Cantarell-Bold.otf.dpkg-tmp: Cantarell:style=Bold
/usr/share/fonts/opentype/cantarell/Cantarell-Bold.otf: Cantarell:style=Bold
/usr/share/fonts/opentype/cantarell/Cantarell-Oblique.otf: Cantarell:style=Oblique
/usr/share/fonts/opentype/cantarell/Cantarell-Regular.otf: Cantarell:style=Regular
/usr/share/fonts/opentype/cantarell/Cantarell-Bold-Oblique.otf: Cantarell:style=Bold-Oblique
/usr/share/fonts/opentype/cantarell/Cantarell-Oblique.otf.dpkg-tmp: Cantarell:style=Oblique
/usr/share/fonts/opentype/cantarell/Cantarell-BoldOblique.otf: Cantarell:style=BoldOblique

Hmmm. Those .dpkg-tmp files looked odd, and sure enough they didn’t actually exist. So I did a sudo fc-cache -f -v to force a rebuild of the font cache and restarted Firefox (it didn’t seem to work before doing so) and everything works fine now.

It seems that fc-cache must have been run at some point when dpkg had not yet completed installing an update to the fonts-cantarell package. That seems like a bug - fontconfig should probably ignore .dpkg* files, but equally I wouldn’t expect it to be run before dpkg had finished its unpacking stage fully.

Planet DebianJoey Hess: twenty years of free software -- part 4 ikiwiki-hosting

ikiwiki-hosting is a spin-off from ikiwiki. I wrote it to manage many ikiwiki instances for Branchable, and made it free software out of principle.

While Branchable has not reached the point of providing much income, it's still running after 6 years. Ikiwiki-hosting makes it pretty easy to maintain it, and I host all of my websites there.

A couple of other people have also found ikiwiki-hosting useful, which is not only nice, but led to some big improvements to it. Mostly though, releasing the software behind the business as free software caused us to avoid shortcuts and build things well.

Next: twenty years of free software -- part 5 pristine-tar

Worse Than FailureDumb's The Word


Brent's latest software project contained a story for adding a word-cloud to a PDF report that was already being generated on a production server using Java. Instead of being handled by Brent's in-house team, the requirement was assigned—against Brent's wishes—to overseas developers whom the company had recently contracted to "add more horsepower" to things.

Being fairly technical, the product manager found an example word-cloud library, linked to it in the ticket, and commented, "The output should look something like this."

A month passed. Then, Brent reported into work one morning to find a new ticket in JIRA listed as blocking the word-cloud ticket. Its title was Having trouble launching Internet Explorer from Selenium on Linux servers (works fine locally on my Windows development machine).

Brent's confusion left him paralyzed for a few moments. Then he realized, this was probably just a testing ticket that'd somehow gotten linked to the story by accident. To make sure, he called up Bobby, his counterpart from the contracting firm, who'd been the one to file the ticket.

"It's not a mistake," Bobby explained. "The story really is blocked."

"OK, so, you're really trying to launch Internet Explorer on the production app server?" Brent asked. "You realize IE's not installed on that server, right? What do you need it for?"

"It's integral to the implementation I came up with," Bobby replied.

Brent was afraid to ask. "How?"

"I couldn't find a native Java word-cloud library, so this is what I have to do to fulfill the specifications," Bobby said. "First, I take the PDF report data and serialize it to JSON. Then, I import Selenium into the production codebase. Then, I generate an HTML page and a Selenium script. Once Selenium is started, the script launches Internet Explorer and opens the HTML page. Once the HTML page loads, Selenium captures a screenshot of it. With Java, the screenshot is opened, cropped, and then embedded into the PDF report."

Brent was stunned speechless.

"I got this to work on my local machine, but then I tried to test on a server and hit the error," Bobby continued.

That's what you were doing all month? Brent marveled. "Uh, OK ... listen, the implementation you just described is unacceptable. I don't see why we can't keep it within Java. We're coming up on our deadline."

Brent's eyes strayed toward the calendar tacked to his cubicle wall, showing him how few empty squares he had left to deal with this. He took a deep breath, composed himself, then donned his project manager hat to do the managerly thing.

"Leave this alone for now, all right? I'm going to speak with some of my developers and let you know what we decide to do from here."

"OK," Bobby replied.

Once off the call, Brent opened up Outlook and fired off a meeting request for the earliest possible time. A short while later, he looked upon his assembled developers within a dimly lit conference room, half of whom were more interested in their laptops than in the minor crisis Brent related to them.

"What can we do about this on short notice?" he begged. "Is there a native Java library that can generate word-clouds?"

No amount of Internet-hunting turned up anything useful. Brent tugged at his collar. He'd been hoping Bobby had been wrong about that, and that a solution would only require a download and a few lines of code.

"All right. How hard would it be to code our own implementation?" Brent asked.

Cheryl, who'd been typing furiously all meeting, finally let up on the keyboard and shoved away from the table. "Here, I just finished."

As it turned out, her keyboard exercise had not been in the service of bashing trolls in comment threads. Everyone gathered to peek over her shoulder at the PDF-embedded word-cloud it'd taken her minutes to code and generate, an accomplishment that'd eluded their contractors for a whole month.

"Meeting adjourned!" Brent cried in triumph.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Sky CroeserPost-Arab Spring Tunisia: Decentralisation and Local Democracy

Building on the research Christalla Yakinthou and I recently publishing on Internet governance in Tunisia, I’ll be speaking at the Alfred Deakin Institute for Citizenship and Globalisation’s symposium, Post-Arab Spring Tunisia: Decentralisation and Local Democracy in July. There’s an amazing line-up of speakers, including many people who seem to be at the forefront of work in Tunisia, as well as researchers and practitioners from Indonesia, so I expect that I’ll learn a lot.

As well as finding out more about what’s happening in Tunisia and Indonesia today, I’m interested in how people are framing (and critically examining) notions around democratisation, particularly in the context of decentralisation. There are many interesting experiments happening around the world in different versions of more direct democratic processes (including many facilitated by the Internet), and there are interesting possibilities for cross-fertilisation here.


Krebs on SecurityRise of Darknet Stokes Fear of The Insider

With the proliferation of shadowy black markets on the so-called “darknet” — hidden crime bazaars that can only be accessed through special software that obscures one’s true location online — it has never been easier for disgruntled employees to harm their current or former employer. At least, this is the fear driving a growing stable of companies seeking technical solutions to detect would-be insiders.

Avivah Litan, a fraud analyst with Gartner Inc., says she’s been inundated recently with calls from organizations asking what they can do to counter the following scenario: A disaffected or disgruntled employee creates a persona on a darknet market and offers to sell his company’s intellectual property or access to his employer’s network.

A darknet forum discussion generated by a claimed insider at music retailer Guitar Center.

A darknet forum discussion generated by a claimed insider at music retailer Guitar Center.

Litan said a year ago she might have received one such inquiry a month; now Litan says she’s getting multiple calls a week, often from companies that are in a panic.

“I’m getting calls from lots of big companies, including manufacturers, banks, pharmaceutical firms and retailers,” she said. “A year ago, no one wanted to say whether they had or were seriously worried about insiders, but that’s changing.”

Insiders don't have to be smart or sophisticated to be dangerous.

Insiders don’t have to be smart or sophisticated to be dangerous, as this darknet forum discussion thread illustrates.

Some companies with tremendous investments in intellectual property — particularly pharmaceutical and healthcare firms — are working with law enforcement or paying security firms to monitor and track actors on the darknet that promise access to specific data or organizations, Litan said.

“One pharma guy I talked to recently said he meets with [federal agents] once a week to see if his employees are active on the darknet,” she said. “Turns out there are a lot of disgruntled employees who want to harm their employers. Before, it wasn’t always clear how to go about doing that, but now they just need to create a free account on some darknet site.”

Statistics and figures only go so far in illustrating the size of the problem. A Sept. 2015 report from Intel found that internal actors were responsible for 43 percent of data loss — but only about half of that was intended to harm the employer.

Likewise, the 2016 Data Breach Investigation Report (DBIR), an annual survey of data breaches from Verizon Enterprise, found insiders and/or the misuse of employee privileges were present in a majority of incident. Yet it also concluded that much of this was not malicious but instead appeared related to employees mailing sensitive information or loading it to a file-sharing service online.

Perhaps one reason insiders are so feared is that the malicious ones very often can operate for years undetected, doing major damage to employers in the process. Indeed, Verizon’s DBIR found that insider breaches usually take months or years to discover.

Noam Jolles, a senior intelligence expert at Diskin Advanced Technologies, studies darknet communities. I interviewed her last year in “Bidding for Breaches,” a story about a secretive darknet forum called Enigma where members could be hired to launch targeted phishing attacks at companies. Some Enigma members routinely solicited bids regarding names of people at targeted corporations that could serve as insiders, as well as lists of people who might be susceptible to being recruited or extorted.

Jolles said the proliferation of darkweb communities like Enigma has lowered the barriers to entry for insiders, and provided even the least sophisticated would-be insiders with ample opportunities to betray their employer’s trust.

“I’m not sure everyone is aware of how simple and practical this phenomena looks from adversary eyes and how far it is from the notion of an insider as a sophisticated disgruntled employee,” Jolles said. “The damage from the insider is not necessarily due to his position, but rather to the sophistication of the threat actors that put their hands on him.”

Who is the typical insider? According to Verizon’s DBIR, almost one third of insiders at breaches in 2015 were found to be end users who had access to sensitive data as a requirement to do their jobs.

“Only a small percentage (14%) are in leadership roles (executive or other management), or in roles with elevated access privilege jobs such as system administrators or developers (14%),” Verizon wrote, noting that insiders were most commonly found in administrative, healthcare and public sector jobs. “The moral of this story is to worry less about job titles and more about the level of access that every Joe or Jane has (and your ability to monitor them). At the end of the day, keep up a healthy level of suspicion toward all employees.”

If tech industry analysts like Litan are getting pinged left and right about the insider threat these days, it might have something to do with how easy it is to find company proprietary information or access on offer in darknet forums — many of which allow virtually anyone to register and join.

A darknet forum discussion about possible insiders at Vodafone.

A darknet forum discussion about possible insiders at Vodafone.

The other reason may be that there are a lot more companies looking for this information and actively notifying affected organizations. These notifications invariably become sales pitches for “dark web monitoring” or “threat intelligence services,” and a lot of companies probably aren’t sure what to make of this still-nascent industry.

How can organizations better detect insiders before the damage is done? Gartner’s Litan emphasized continuous monitoring and screening for trusted insiders with high privileges. Beyond that, Litan says there are a wide range of data-driven insider threat technology solutions. On the one end of the spectrum are companies that conduct targeted keyword searches on behalf of clients on social media networks and darknet destinations. More serious and expensive offerings apply machine learning to internal human resources (HR) records, and work to discover and infiltrate online crime rings.

What’s Verizon’s answer to the insider threat? “Love your employees, bond at the company retreat, bring in bagels on Friday, but monitor the heck out of their authorized daily activity, especially ones with access to monetizable data (financial account information, personally identifiable information (PII), payment cards, medical records).”


Additional reading: Insider Threats Escalate and Thrive in the Dark Web.

CryptogramFraudsters are Buying IPv4 Addresses

IPv4 addresses are valuable, so criminals are figuring out how to buy or steal them.

Hence criminals' interest in ways to land themselves IP addresses, some of which were detailed this week by ARIN's senior director of global registry knowledge, Leslie Nobile, at the North American Network Operators Group's NANOG 67 conference.

Nobile explained that criminals look for dormant ARIN records and try to establish themselves as the rightful administrator. ARIN has 30,556 legacy network records, she said, but a validated point of contact for only 54 per cent of those networks. The remaining ~14,000 networks are ripe for targeting by hijackers who Nobile said are only interested in establishing legitimacy with ARIN so they can find a buyer for unused IPv4 addresses possessed by dormant legacy networks.

Criminals do so by finding dormant ARIN records and Whois data to see if there is a valid contact, then ascertaining if IPv4 allocations are currently routed. If the assigned addresses are dark and no active administrator exists, hijackers can revive dormant domain names or even re-register the names of defunct companies in order to establish a position as legitimate administrators of an address space. If all goes well, the hijackers end up with addresses to sell.

Video presentation here.

Sociological ImagesThe Intersectionality of Hate: Violence Against LGBTQ People of Color

“It was ‘Latino night’ at a gay club,” Salvador Vidal-Ortiz wrote. As a sociologist who identifies as a queer Latino man, the intersection of race, gender, and sexual orientation itself was the central story of the Orlando massacre, even as liberal media pundits seemed to fixate on sexual orientation and conservative ones on the identity of the shooter.

In fact, research suggests that racial minorities are far more likely to be victims of anti-LGBTQ hate crimes than whites.

The National Coalition of Anti-Violence Program collected data on hate crimes against LGBTQ and HIV-affected people (and those perceived to be so). The 1,253 incidents were self-reports collected by local chapters in 12 states. The data isn’t national or representative, so their results should be considered tentative and exploratory and, for what it’s worth, it’s difficult to get good data on hate crimes, so there isn’t a perfect data set out there.

Still, if their data is anywhere close to accurate, the findings suggest that race and citizenship status are central to even an elementary understanding of hate crimes against (perceived) sexual minorities.

While only 38% of the US population identify as people of color (non-white and/or “Hispanic”), the NCAVP study found that 60% of survivors of anti-LGBTQ and anti-HIV hate crimes identified as such. And, while only about 3.5% of the US population is unauthorized, in the country without the required documentation, 17% of survivors reported being undocumented.

The NCAVP allowed the 752 survivors of color to choose more than one race for a total of 931 racial categories. The chart below features the responses (excluding white when white was mentioned alongside a non-white racial category). Latino/a was the racial identity most frequently reported, followed by Black or African American. These two groups made up the vast majority of victims.


Black and Latino/a Americans are the largest racial minorities in the US (at 13% and 17% respectively), which may account for much of the disparity among non-white victims, but probably not all. It’s hard to parse the disproportionality because survivors could choose more than one race. The under-representation of Asians is likely real because being able to choose multiple races would err on the side of over-representation. The federal government considers people who are Arab or Middle Eastern to be White, but that doesn’t throw off the numbers that much.

These statistics, as I said, are likely quantitatively imperfect, but they are likely not qualitatively wrong. Thanks to some combination of discrimination and structural vulnerability, people of color are more likely to be victims of anti-LGBTQ and HIV-status violence. “It was ‘Latino night’ at a gay club.” It matters.

Lisa Wade, PhD is a professor at Occidental College. She is the author of American Hookup, a book about college sexual culture, and Gender, a textbook. You can follow her on Twitter, Facebook, and Instagram.

(View original at

Planet DebianScarlett Clark: KDE: Debian: *ubuntu snappy: Reproducible builds, Randa! and much more…

#Randa2016 KDE Sprint

#Randa2016 KDE Sprint


I am very late on post due to travel, Flu, jetlag sorry!

For this I was able to come up with a patch for kconfig_compiler to encode generated files to utf-8.
Review request is here:
This has been approved and I will be pushing it as soon as I patch the qt5 frameworks version.

Both kde4libs and kf5 kconfig has been pushed upstream kde.


WIP this has been a steep learning curve, according to the notes it was an easy embedded kernel version, that was not the case! After grueling hours of
trying to sort out randomness in debug output I finally narrowed it down to cases where QStringLiteral was used and there were non letter characters eg. (” <") These were causing debug symbols to generate with ( lambda() ) which caused unreproducible symbol/debug files. It is now a case of fixing all of these in the code to use QString::fromUtf8 seems to fix this. I am working on a mega patch for upstream and it should be ready early in the week. This last week I spent a large portion making my through a mega patch for kxmlgui, when it was suggested to me to write a small qt app to test QStringLiteral isolated and sure enough two build were byte for byte identical. So this means that QStringLiteral may not be the issue at all. With some more assistance I am to expand my test app with several QStringLiterals of varying lengths, we have suspicion it is a padding issue, which complicates things.

I am still fighting with this one, will set aside to simmer for now, as I have no idea how to fix padding issues.

I am testing a patch to fix umask issues for anyone that uses the kapptemplate generation macro. Thank you Simon for pointing me to this.
known affected:

The kapptemplate generation users/groups and umask patch has been pushed upstream.

KDE Randa!:
Despite managing to get a terrible Flu I accomplished more than I would have at home without awesome devs to help me out!

  • I have delegated the windows backend to Hannah and Kevin, if emerge is successful with Windows we will implement it on OSX as well.
  • Android docker image is up and running.
  • Several snappy packages done. Improved the snapcraft.yaml creation automation scripts started by Harald. Got help from
    David ( he even made a patch! ) with some issues we were facing with kio.
  • KDE CI DSL adjustments for 5 new platforms
  • Port tools/* python scripts to python3


  • Python automation scripts can no longer find projects except qt5… Need to get help from Ben as these are originally his.
  • Finish yaml CI files

Randa as usual was an amazing experience. Yes it is very hard work, but you have the beauty of the Swiss Alps at your fingertips! Not to mention all the
friendly faces and collaboration. A big thank you to all supporters and the Randa team!

Please help make KDE better by supporting the very important Randa Sprint:

Have a great day.

Planet DebianPaul Wise: DebCamp16 day -1

Landed late due to technical delays. Mountains! Mountains are everywhere! Beautiful sunny day with clear blue skies. Ran into Valessio as I was shown to my room. Wandered around the campus for a bunch of hours. Ate an all you can eat yum buffet lunch at the pub. Wandered down the hill and ended up on the train and wandering around a lake with lilies in a park. Arriving back at UCT we ran into a beer mission along with some wonderful arriving folks. The warm DebConf nervous centre was quite inviting and soon had plentiful beer, pizza and discussion.

Planet DebianJoey Hess: twenty years of free software -- part 3 myrepos

myrepos is kind of just an elaborated foreach (@myrepos) loop, but its configuration and extension in a sort of hybrid between an .ini file and shell script is quite nice and plenty of other people have found it useful.

I had to write myrepos when I switched from subversion to git, because git's submodules are too limited to meet my needs, and I needed a tool to check out and update many repositories, not necessarily all using the same version control system.

It was called "mr" originally, but I renamed the package because it's impossible to google for "mr". This is the only software I've ever renamed.

Next: twenty years of free software -- part 4 ikiwiki-hosting

CryptogramCIA Director John Brennan Pretends Foreign Cryptography Doesn't Exist

Last week, CIA director John Brennan told a Senate committee that there wasn't any strong cryptography outside of the US.

CIA director John Brennan told US senators they shouldn't worry about mandatory encryption backdoors hurting American businesses.

And that's because, according to Brennan, there's no one else for people to turn to: if they don't want to use US-based technology because it's been forced to use weakened cryptography, they'll be out of luck because non-American solutions are simply "theoretical."

Here's the quote:

"US companies dominate the international market as far as encryption technologies that are available through these various apps, and I think we will continue to dominate them," Brennan said.

"So although you are right that there's the theoretical ability of foreign companies to have those encryption capabilities available to others, I do believe that this country and its private sector are integral to addressing these issues."

Is he actually lying there? I suppose it is possible that he's simply that ignorant. Strong foreign cryptography hasn't been "theoretical" for decades. And earlier this year, I released a survey of foreign cryptography products, listing 546 non-theoretical products from 54 countries outside the US.

I know Sen. Wyden knows about my survey. I hope he asks Brennan about it.

Slashdot thread. HackerNews thread.

EDITED TO ADD (6/22): Herb Lin comments.

Google AdsenseBoost your mobile performance with the right ad sizes

We’re paying special attention to improving the mobile ad experience to help empower content creators, news organizations, and publishers. As mobile continues to grow, choosing high-impact mobile ads are key for businesses to generate revenue from a mobile audience.

When choosing the right mobile ad units for your business, it’s a best practice to ensure that each and every mobile impression receives the highest value possible, which can be determined by a mix of metrics like viewability, size, placement, and demand.

It’s also important to protect the user experience by choosing the right ad formats and placements for your site to engage mobile users so that you don’t interrupt their desired intent.

Start by choosing a high-impact mobile format: medium rectangle (300x250), large rectangle (336x280), large mobile banner (320x100), and rectangular responsive ad units tend to get the best results. Here’s why we recommend these formats:

  • Each format works well on both desktop and mobile (with the exception of the large mobile banner). This gives advertisers the opportunity to appear on a variety of screens which increases demand, upward auction pressure, and potentially even earnings. The large mobile banner will also allow 320x50 display ads to appear within this format, which increases competition. If the 320x50 ad unit wins the auction, it will always be vertically aligned to the top.
  • These formats are bigger and more engaging than smaller mobile units, so they'll grab user's’ attention. Here's an example of what the medium rectangle looks like placed above the fold, yet below the main content.

For additional changes for incremental revenue gains, you may want to consider trying link units. Link units are designed to be responsive, so they work with both mobile and desktop. You can add up to three link units in addition to the default limit of 3 ad units per page.

However critical mobile is to your business today, it will be more critical tomorrow. Energize your mobile strategy today by using high-impact mobile ads, they’re a great way for businesses to generate more revenue and engage your users. 

Be sure to follow us on Google+ and Twitter we’d love to hear what’s working for your mobile business. Until next time.

Posted by:

Denis Rodrigues,
AdSense Account Strategist

Planet DebianAndrew Cater: Why share / why collaborate? - Some useful sources outside Debian.

"We will encourage you to develop the three great virtues of a programmer: laziness, impatience, and hubris."
[Larry Wall, Programming Perl, O'Reilly Assoc. (and expanded at ]

Because "A mind is a terrible thing to waste"
 [The above copyright Young and Rubicam, advertisers, for UNC Fund, 1960s]

"Why I Must Write GNU

I consider that the Golden Rule requires that if I like a program I must share it with other people who like it. Software sellers want to divide the users and conquer them, making each user agree not to share with others. I refuse to break solidarity with other users in this way. I cannot in good conscience sign a nondisclosure agreement or a software license agreement. ... "
[rms, GNU Manifesto copyright 1985-2014 Free Software Foundation Inc.]

"La pédagogie, l’information, la culture et le débat d’opinion sont le seul fait des utilisateurs, des webmestres indépendants et des initiatives universitaires et associatives."
 Education, information, culture and debate can only come from users, independent webmasters, academic or associative organizations.
[le minirézo]

We value:
  1. Contributors and facilitators over ‘editors’ and ‘authors’
  2. Collaboration over indiviualised production
  3. Here and now production over sometime soon production
  4. Meaningful credit for all contributors over single author attribution - from whom much of the above quotations were abstracted - Manifestos for the Internet Age
Grayscale Press ISBN-13:978-2-940561-02-5]

[Note] Github repository is marked with licence of CC-Zero but explicitly states that licences of the individual pieces of writing should be respected

So - collaboration matters. Not repeating needless make-work that someone else has already done matters. Giving due credit: sharing: doing and "do-ocracy" matters above all

Perversely, Acknowledging prior work and prior copyright correctly is the beginning and end of the law. Only by doing this conscientiously and sharing in giving due credit can any of us truly participate.

It seems clear to me at least that contributing openly and freely, allowing others to make use of your expertise, opinions, prior experience can anyone progress in good conscience.

Accordingly, I recommend to my work colleagues and those I advise that they only consider FLOSS licences, that they do not make use of code snippets or random, unlicensed code culled form Github and that they contribute

Planet DebianAndrew Cater: "But I'm a commercial developer / a government employee"

Following on:

Having seen some posts about this elsewhere on the 'Net:

  • Your copyright remains your own unless you assign it
  • Establish what you are being paid for: are you being paid for :
  1. Your specific area of FLOSS expertise (or)
  2. Your time / hours in an area unrelated to your FLOSS expertise (or)
  3. A job that has no impact or bearing on your FLOSS expertise (or)
  4. Your time / hours only - and negotiate accordingly
Your employer may be willing to negotiate / grant you an opt-out clause to protect your FLOSS expertise /  accept an additional non-exclusive licence to your FLOSS code / be prepared to sign an assignment e.g.

"You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright
interest in the program `Gnomovision'
(which makes passes at compilers) written
by James Hacker.

signature of Ty Coon, 1 April 1989
Ty Coon, President of Vice"

If none of the above is feasible: don't contribute anything that crosses the streams and mingles commercial and FLOSS expertise, however much you're offered to do so.

Patents / copyrights

"In the 1980s I had not yet realized how confusing it was to speak of “the issue” of “intellectual property”. That term is obviously biased; more subtle is the fact that it lumps together various disparate laws which raise very different issues. Nowadays I urge people to reject the term “intellectual property” entirely, lest it lead others to suppose that those laws form one coherent issue. The way to be clear is to discuss patents, copyrights, and trademarks separately. See further explanation of how this term spreads confusion and bias."
 [ - footnote 8.]

If you want to assert a patent - it's probably not FLOSS. Go away :)

If you want to assert a trademark of your own - it's probably not FLOSS. Go away :)
 [Trademarks may ordinarily be outside the scope of normal FLOSS legal considerations - but should be acknowledged wherever they occur both as a matter of law and as a matter of courtesy]

Copyright gives legal standing (locus standi in the terminology of English common law) to sue for infringement - that's the basis of licence enforcement actions.

Employees of governments and those doing government work
  • Still have the right to own authorship and copyrights and to negotiate accordingly
  • May need to establish more clearly what they're being paid for
  • May be able to advise, influence or direct policy towards FLOSS in their own respective national jurisdiction
  • Should, ideally, be primariily acknowledged as individuals, holding and maintaining an individual reputation  and only secondarily as contractors/employees/others associated with government work.
  • Contribution to national / international standards, international agreements and shared working practices should be informed in the light of FLOSS work.
This is complex: some FLOSS contributors see a significant amount of this as immaterial to them in the same way that some indigenous populations do not acknowledge imposed colonial legal structures as valid - but both value systems can co-exist

Planet DebianAndrew Cater: How to share collaboratively

Following on:

When contributing to mailing lists and fora:
  • Contribute constructively - no one likes to be told "You've got a REALLY ugly baby there" or equivalent.
  • Think through what you post: check references and check that it reads clearly and is spelled correctly
  • Add value
 When contributing bug reports:
  •  Provide as full details of hardware and software as you have
  • Answer questions carefully: Ask questions the smart way:
  • Be prepared to follow up queries / provide sufficient evidence to reproduce behaviour or provide pathological test cases 
  • Provide a patch if possible: even if it's only pseudocode
When adding to / modifying FLOSS software:
  • Keep pristine sources that you have downloaded
  • Maintain patch series against pristine source
  • Talk to the originators of the software / current maintainers elsewhere
  • Follow upstream style if feasible / a consistent house style if not
  • Be generous in what you accept: be precise in what you put out
  • Don't produce licence conflicts - check and check again that your software can be distributed.
  • Don't apply inconsistent copyrights
When writing new FLOSS software / "freeing" prior commercial/closed code under a FLOSS licence
  • Make permissions explicit and publish under a well established FLOSS licence 
  • Be generous to potential contributors and collaborators: render them every assistance so that they can help you better
  • Be generous in what you accept: be precise in what you put out
  • Don't produce licence conflicts - check and check again that your software can be distributed.
  • Don't apply inconsistent copyrights: software you write is your copyright at the outset until you assign it elsewhere
  • Contribute documentation / examples
  • Maintain a bugtracker and mailing lists for your software
If you are required to sign a contributor license agreement [CLA]
  • Ensure that you have the rights you purport to assign
  • Assign the minimum of rights necessary - if you can continue to allow full and free use of your code, do so
  • Meet any  required code of conduct [CoC] stipulations in addition to the CLA
Always remember in all of this: just because you understand your code and your working practices doesn't mean that anyone else will.
There is no automatic right to contribution nor any necessary assumption or precondition that collaborators will come forward.
Just because you love your own code doesn't mean that it merits anyone else's interest or that anyone else should value it thereby
"Just because it scratches your itch doesn't mean that it scratches anyone else's - or that it's actually any good / any use to anyone else"

Google AdsenseLaunching AdSense Labs - the home for betas

Today we're launching AdSense Labs, a new subtab under the Optimization tab, where you’ll find new experimental features you are eligible to test.

AdSense Labs is the place to find, test, and provide us feedback on new features we're working on. To learn more about this new tab, please visit the Help Center.

The first two Labs we’ll be launching are Show fewer ads and Inline ads. Not all Labs are suitable for every site, so don’t worry if you don’t see a particular Lab you were expecting.

Show fewer ads 
Show fewer ads cuts down the number of ads that are shown to your users in exchange for a negligible drop in your revenue. It aims to remove at least 10% of the ads served on your site (1% or less of your revenue), by preventing low value ads from being shown to your users. To learn more about the details, visit the Help Center.

Inline ads 
Inline ads are 320x100 ad units which are automatically inserted within your mobile site as a user scrolls down the page. With this new ad format you’ll no longer need to write the logic to dynamically insert ad units on your page, we'll handle all that for you. For more information on Inline ads, check out the Help Center.

We'll be adding new Labs over time for you to try out, so be sure to check out Labs tab. 

We're keen to hear your ideas for more features you’d you like to test. Please leave your thoughts in the comments section.

Posted by Emma Burrows
Software Engineer

CryptogramIssues Regarding Lone-Wolf Terrorism Prevention

Amy Zegert has some good questions, comparing the Orlando Pulse massacre to the Fort Hood massacre from 2009.

Planet DebianSatyam Zode: GSoC 2016 Week 4 and 5: Reproducible Builds in Debian

This is a brief report on my last week work with Debian Reproducible Builds.

In week 4, I mostly worked on designing an interfaces and tackling different issues related to argument completion feature of diffoscope and in week 5 I worked on adding hiding .buildinfo from .changes files.

Update for last week’s activities

  • I researched different diffoscope outputs. In reproducible-builds testing framework only differences of .buildinfo files are given but I needed diffoscope outputs for .changes files. Hence, I had to build packages locally using our experimental tool chain. My goal was to generate different outputs and to see how I can hide .buildinfo files from .changes.
  • I updated argument completion patch as per suggestions given by Paul Wise (pabs). Patch has been reviewed by Mattia Rizzolo, Holger Levsen and merged by Reiner Herrmann (deki) into diffoscope master. This patch closes #826711. Thanks all for support.

  • For Ignore .buildinfo files when comparing .changes files, we finally decided to enable this by default and without having any command line option to hide.

  • Last week I researched more on .changes and .buildinfo files. After getting guidelines from Lunar I was able to understand the need of this feature. I am in the middle of implementation of this particular problem.

Goal for upcoming week:

  • Finish the implementation of hiding .buildinfo from .changes
  • Start thinking on interfaces and discuss about different use cases.

I am thankful to Shirish Agarwal for helping me through visa process. But, unfortunately I won’t get visa till 5th July. So I don’t think, I would make it to debconf this year. I will certainly attend Debconf 2017. Good news for me is I have passed mid-term evaluations of Google Summer of Code 2016. I will continue my work to improve Debian. Even, I have post GSoC plans ready for Debian project ;)

Have a nice day :)

Worse Than FailureCodeSOD: Built Up

In most languages, strings are immutable. As developers, we often need to manipulate strings- for example, constructing output through concatenation.

Constructs like foo += " and then I appended this"; “solve” this immutability issue by creating a new string instance. If you’re doing a long round of concatenation, especially if it happens inside of a loop, this could get very expensive, which is why most languages also have a StringBuilder type, which allows you to append without all that overhead of new instances. Often, the advice is that you should prefer StringBuilder objects to string.

Jonathan’s co-worker applied this advice without understanding why.

private static string PrivateValidateRequestAndGetReserve(string ProductCode, int TransactionType, string Username, string Password, ref string ReserveId)
    StringBuilder ReturnMessage = new StringBuilder();
    string TransactionCode = Enum.GetName(typeof(Common.Enums.TransactionCodesEnum), TransactionType);
    ReserveId = string.Empty;

    using (var AdminWS = new wsAdmin.AdminClient())
        if (!AdminWS.AuthenticateUser(Username, Password))
            ReturnMessage.Append("Error Logging on with the username and password supplied.");
            return ReturnMessage.ToString();

        if (!AdminWS.CanUserAccessProductAndTransaction(Username, ProductCode, TransactionCode))
            ReturnMessage.Append("You don't have access to this transaction.");
            return ReturnMessage.ToString();

        if (!(AdminWS.CheckBalanceForTransactionFromUsername(out ReserveId, Username, TransactionCode)))
            ReturnMessage.Append("Not Enough Credits to perform current transaction");
            return ReturnMessage.ToString();

    return ReturnMessage.ToString();

This isn’t the worst of it. First, note all those calls to AdminWS methods. The developers who wrote those did not believe in throwing exceptions, since an uncaught exception could cause the program to crash. Instead, they wrote every method to return a boolean value indicating success or failure. This meant if any function needed to return a value, that could only be done as an out or ref parameter.

But the real prize here is with the parameter int TransactionType. As you can see in the code, they convert the int into a string by pulling it through an enumerated type called TransactionCodesEnum. It makes you wonder, why is TransactionType an int, couldn’t they have just passed the enum into the method? There must be a good reason, right? Well, here’s the code that calls this method:

Enums.TransactionCodesEnum transactionEnum = getCurrentTransactionCode();
string validationText = Admin.ValidateRequestAndGetReserve(ProductName, (int) transactionEnum, username, password, ref reserveId);
[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Planet DebianAndrew Cater: Why I must use Free Software - and why I tell others to do so

My work colleagues know me well as a Free/Libre software zealot, constantly pointing out to them how people should behave, how FLOSS software trumps commercial software and how this is the only way forward. This for the last 20 odd years. It's a strain to argue this repeatedly: at various times,  I have been asked to set out more clearly why I use FLOSS, what the advantages are, why and how to contribute to FLOSS software.

"We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth.
We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.
Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are all based on matter, and there is no matter here
 In our world, whatever the human mind may create can be reproduced and distributed infinitely at no cost. The global conveyance of thought no longer requires your factories to accomplish."
[John Perry Barlow - Declaration of the independence of cyberspace  1996]

That's some of it right there: I was seduced by a modem and the opportunities it gave. I've lived in this world since 1994, come to appreciate it and never really had the occasion to regret it.

I'm involved in the Debian community - which is very much  a "do-ocracy"  - and I've lived with Debian GNU Linux since 1995 and not had much cause to regret that either, though I do regret that force of circumstance has meant that I can't contribute as much as I'd like. Pretty much every machine I touch ends up running Debian, one way or the other, or should do if I had my way.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
Digging through my emails since then on the various mailing lists - some of them are deeply technical, though fewer these days: some are Debian political: most are trying to help people with problems / report successes or, occasionally thanks and social chit chat. Most people in the project have never met me - though that's not unusual in an organisation with a thousand developers spread worldwide - and so the occasional chance to talk to people in real life is invaluable.

The crucial thing is that there is common purpose and common intelligence - however crazy mailing list flame wars can get sometimes - and committed, caring people. Some of us may be crazy zealots, some picky and argumentative - Debian is what we have in common, pretty much.

It doesn't depend on physical ability. Espy (Joel Klecker) was one of our best and brightest until his death at age 21: almost nobody knew he was dying until after his death. My own physical limitations are pretty much irrelevant provided I can type.

It does depend on collaboration and the strange, dysfunctional family that is our community and the wider FLOSS community in which we share and in which some of us have multiple identities in working with different projects.
This is going to end up too long for Planet Debian - I'll end this post here and then continue with some points on how to contribute and why employers should let their employers work on FLOSS.

Planet DebianMartin-Éric Racine: Batch photo manipulation via free software tools?

I have a need for batch-processing pictures. My requirements are fairly simple:

  • Resize the image to fit Facebook's preferred 960 pixel box.
  • Insert Copyright, Byline and Bylinetitle into the EXIF data.
  • Optionally, paste my watermark onto a predefined corner of the image.
  • Optionally, adjust the white balance.
  • Rename the file according to a specific syntax.
  • Save the result to a predefined folder.

Until recently, I was using Phatch to perform all of this. Unfortunately, it cannot edit the EXIF data of my current Lumix camera, whose JPEG it claims to be MPO. I am thus forced to look for other options. Ideally, I would do this via a script inside gThumb (which is my main photo editing software), but I cannot seem to find adequate documentation on how to achieve this.

I am thus very interested in hearing about other options to achieve the same result. Ideas, anyone?

Planet DebianGunnar Wolf: Answering to a CACM «Viewpoint»: on the patent review process

I am submitting a comment to Wen Wen and Chris Forman's Viewpoint on the Communications of the ACM, titled Economic and business dimensions: Do patent commons and standards-setting organizations help navigate patent thickets?. I believe my comment is worth sharing a bit more openly, so here it goes. Nevertheless, please refer to the original article; it makes very interesting and valid points, and my comment should be taken as an extra note on a great text only!

I was very happy to see an article with this viewpoint published. This article, however, mentions some points I believe should be further stressed out as problematic and important. Namely, still at the introduction, after mentioning that patents «are intended to provide incentives for innovation by granting to inventors temporary monopoly rights», the next paragraph continues, «The presence of patent thickets may create challenges for ICT producers. When introducing a new product, a firm must identify patents its product may infringe upon.»

The authors continue explaining the needed process — But this simple statement should be enough to explain how the patent system is broken and needs repair.

A requisite for patenting an invention was originally the «inventive» and «non-obvious» characteristics. Anything worth being granted a patent should be inventive enough, it should be non-obvious to an expert in the field.

When we see huge bodies of awarded (and upheld) patents falling in the case the authors mention, it becomes clear that the patent applications were not thoroughly researched prior to their patent grant. Sadly, long gone are the days where the United States Patent and Trademarks Office employed minds such as Albert Einstein's; nowadays, the office is more a rubber-stamping bureaucracy where most patents are awarded, and this very important requisite is left open to litigation: If somebody is found in breach of a patent, they might choose to defend the issue that the patent was obvious to an expert. But, of course, that will probably cost more in legal fees than settling for an agreement with the patent holder.

The fact that in our line of work we must take care to search for patents before releasing any work speaks a lot about the process. Patents are too easily granted. They should be way stricter; the occurence of an independent developer mistakenly (and innocently!) breaching a patent should be most unlikely, as patents should only be awarded to truly non-obvious solutions.


Planet DebianMatthew Garrett: I've bought some more awful IoT stuff

I bought some awful WiFi lightbulbs a few months ago. The short version: they introduced terrible vulnerabilities on your network, they violated the GPL and they were also just bad at being lightbulbs. Since then I've bought some other Internet of Things devices, and since people seem to have a bizarre level of fascination with figuring out just what kind of fractal of poor design choices these things frequently embody, I thought I'd oblige.

Today we're going to be talking about the KanKun SP3, a plug that's been around for a while. The idea here is pretty simple - there's lots of devices that you'd like to be able to turn on and off in a programmatic way, and rather than rewiring them the simplest thing to do is just to insert a control device in between the wall and the device andn ow you can turn your foot bath on and off from your phone. Most vendors go further and also allow you to program timers and even provide some sort of remote tunneling protocol so you can turn off your lights from the comfort of somebody else's home.

The KanKun has all of these features and a bunch more, although when I say "features" I kind of mean the opposite. I plugged mine in and followed the install instructions. As is pretty typical, this took the form of the plug bringing up its own Wifi access point, the app on the phone connecting to it and sending configuration data, and the plug then using that data to join your network. Except it didn't work. I connected to the plug's network, gave it my SSID and password and waited. Nothing happened. No useful diagnostic data. Eventually I plugged my phone into my laptop and ran adb logcat, and the Android debug logs told me that the app was trying to modify a network that it hadn't created. Apparently this isn't permitted as of Android 6, but the app was handling this denial by just trying again. I deleted the network from the system settings, restarted the app, and this time the app created the network record and could modify it. It still didn't work, but that's because it let me give it a 5GHz network and it only has a 2.4GHz radio, so one reset later and I finally had it online.

The first thing I normally do to one of these things is run nmap with the -O argument, which gives you an indication of what OS it's running. I didn't really need to in this case, because if I just telnetted to port 22 I got a dropbear ssh banner. Googling turned up the root password ("p9z34c") and I was logged into a lightly hacked (and fairly obsolete) OpenWRT environment.

It turns out that here's a whole community of people playing with these plugs, and it's common for people to install CGI scripts on them so they can turn them on and off via an API. At first this sounds somewhat confusing, because if the phone app can control the plug then there clearly is some kind of API, right? Well ha yeah ok that's a great question and oh good lord do things start getting bad quickly at this point.

I'd grabbed the apk for the app and a copy of jadx, an incredibly useful piece of code that's surprisingly good at turning compiled Android apps into something resembling Java source. I dug through that for a while before figuring out that before packets were being sent, they were being handed off to some sort of encryption code. I couldn't find that in the app, but there was a native ARM library shipped with it. Running strings on that showed functions with names matching the calls in the Java code, so that made sense. There were also references to AES, which explained why when I ran tcpdump I only saw bizarre garbage packets.

But what was surprising was that most of these packets were substantially similar. There were a load that were identical other than a 16-byte chunk in the middle. That plus the fact that every payload length was a multiple of 16 bytes strongly indicated that AES was being used in ECB mode. In ECB mode each plaintext is split up into 16-byte chunks and encrypted with the same key. The same plaintext will always result in the same encrypted output. This implied that the packets were substantially similar and that the encryption key was static.

Some more digging showed that someone had figured out the encryption key last year, and that someone else had written some tools to control the plug without needing to modify it. The protocol is basically ascii and consists mostly of the MAC address of the target device, a password and a command. This is then encrypted and sent to the device's IP address. The device then sends a challenge packet containing a random number. The app has to decrypt this, obtain the random number, create a response, encrypt that and send it before the command takes effect. This avoids the most obvious weakness around using ECB - since the same plaintext always encrypts to the same ciphertext, you could just watch encrypted packets go past and replay them to get the same effect, even if you didn't have the encryption key. Using a random number in a challenge forces you to prove that you actually have the key.

At least, it would do if the numbers were actually random. It turns out that the plug is just calling rand(). Further, it turns out that it never calls srand(). This means that the plug will always generate the same sequence of challenges after a reboot, which means you can still carry out replay attacks if you can reboot the plug. Strong work.

But there was still the question of how the remote control works, since the code on github only worked locally. tcpdumping the traffic from the server and trying to decrypt it in the same way as local packets worked fine, and showed that the only difference was that the packet started "wan" rather than "lan". The server decrypts the packet, looks at the MAC address, re-encrypts it and sends it over the tunnel to the plug that registered with that address.

That's not really a great deal of authentication. The protocol permits a password, but the app doesn't insist on it - some quick playing suggests that about 90% of these devices still use the default password. And the devices are all based on the same wifi module, so the MAC addresses are all in the same range. The process of sending status check packets to the server with every MAC address wouldn't take that long and would tell you how many of these devices are out there. If they're using the default password, that's enough to have full control over them.

There's some other failings. The github repo mentioned earlier includes a script that allows arbitrary command execution - the wifi configuration information is passed to the system() command, so leaving a semicolon in the middle of it will result in your own commands being executed. Thankfully this doesn't seem to be true of the daemon that's listening for the remote control packets, which seems to restrict its use of system() to data entirely under its control. But even if you change the default root password, anyone on your local network can get root on the plug. So that's a thing. It also downloads firmware updates over http and doesn't appear to check signatures on them, so there's the potential for MITM attacks on the plug itself. The remote control server is on AWS unless your timezone is GMT+8, in which case it's in China. Sorry, Western Australia.

It's running Linux and includes Busybox and dnsmasq, so plenty of GPLed code. I emailed the manufacturer asking for a copy and got told that they wouldn't give it to me, which is unsurprising but still disappointing.

The use of AES is still somewhat confusing, given the relatively small amount of security it provides. One thing I've wondered is whether it's not actually intended to provide security at all. The remote servers need to accept connections from anywhere and funnel decent amounts of traffic around from phones to switches. If that weren't restricted in any way, competitors would be able to use existing servers rather than setting up their own. Using AES at least provides a minor obstacle that might encourage them to set up their own server.

Overall: the hardware seems fine, the software is shoddy and the security is terrible. If you have one of these, set a strong password. There's no rate-limiting on the server, so a weak password will be broken pretty quickly. It's also infringing my copyright, so I'd recommend against it on that point alone.

comment count unavailable comments

Planet DebianIan Wienand: Zuul and Ansible in OpenStack CI

In a prior post, I gave an overview of the OpenStack CI system and how jobs were started. In that I said

(It is a gross oversimplification, but for the purposes of OpenStack CI, Jenkins is pretty much used as a glorified ssh/scp wrapper. Zuul Version 3, under development, is working to remove the need for Jenkins to be involved at all).

Well some recent security issues with Jenkins and other changes has led to a roll-out of what is being called Zuul 2.5, which has indeed removed Jenkins and makes extensive use of Ansible as the basis for running CI tests in OpenStack. Since I already had the diagram, it seems worth updating it for the new reality.

OpenStack CI Overview

While previous post was really focused on the image-building components of the OpenStack CI system, overview is the same but more focused on the launchers that run the tests.

Overview of OpenStack CI with Zuul and Ansible
  1. The process starts when a developer uploads their code to gerrit via the git-review tool. There is no further action required on their behalf and the developer simply waits for results of their jobs.

  2. Gerrit provides a JSON-encoded "fire-hose" output of everything happening to it. New reviews, votes, updates and more all get sent out over this pipe. Zuul is the overall scheduler that subscribes itself to this information and is responsible for managing the CI jobs appropriate for each change.

  3. Zuul has a configuration that tells it what jobs to run for what projects. Zuul can do lots of interesting things, but for the purposes of this discussion we just consider that it puts the jobs it wants run into gearman for a launcher to consume. gearman is a job-server; as they explain it "[gearman] provides a generic application framework to farm out work to other machines or processes that are better suited to do the work". Zuul puts into gearman basically a tuple (job-name, node-type) for each job it wants run, specifying the unique job name to run and what type of node it should be run on.

  4. A group of Zuul launchers are subscribed to gearman as workers. It is these Zuul launchers that will consume the job requests from the queue and actually get the tests running. However, a launcher needs two things to be able to run a job — a job definition (what to actually do) and a worker node (somewhere to do it).

    The first part — what to do — is provided by job-definitions stored in external YAML files. The Zuul launcher knows how to process these files (with some help from Jenkins Job Builder, which despite the name is not outputting XML files for Jenkins to consume, but is being used to help parse templates and macros within the generically defined job definitions). Each Zuul launcher gets these definitions pushed to it constantly by Puppet, thus each launcher knows about all the jobs it can run automatically. Of course Zuul also knows about these same job definitions; this is the job-name part of the tuple we said it put into gearman.

    The second part — somewhere to run the test — takes some more explaining. To the next point...

  5. Several cloud companies donate capacity in their clouds for OpenStack to run CI tests. Overall, this capacity is managed by a customized management tool called nodepool (you can see the details of this capacity at any given time by checking the nodepool configuration). Nodepool watches the gearman queue and sees what requests are coming out of Zuul. It looks at node-type of jobs in the queue (i.e. what platform the job has requested to run on) and decides what types of nodes need to start and which cloud providers have capacity to satisfy demand.

    Nodepool will start fresh virtual machines (from images built daily as described in the prior post), monitor their start-up and, when they're ready, put a new "assignment job" back into gearman with the details of the fresh node. One of the active Zuul launchers will pick up this assignment job and register the new node to itself.

  6. At this point, the Zuul launcher has what it needs to actually get jobs started. With an fresh node registered to it and waiting for something to do, the Zuul launcher can advertise its ability to consume one of the waiting jobs from the gearman queue. For example, if a ubuntu-trusty node is provided to the Zuul launcher, the launcher can now consume from gearman any job it knows about that is intended to run on an ubuntu-trusty node type. If you're looking at the launcher code this is driven by the NodeWorker class — you can see this being created in response to an assignment via LaunchServer.assignNode.

    To actually run the job — where the "job hits the metal" as it were — the Zuul launcher will dynamically construct an Ansible playbook to run. This playbook is a concatenation of common setup and teardown operations along with the actual test scripts the jobs wants to run. Using Ansible to run the job means all the flexibility an orchestration tool provides is now available to the launcher. For example, there is a custom console streamer library that allows us to live-stream the console output for the job over a plain TCP connection, and there is the possibility to use projects like ARA for visualisation of CI runs. In the future, Ansible will allow for better coordination when running multiple-node testing jobs — after all, this is what orchestration tools such as Ansible are made for! While the Ansible run can be fairly heavyweight (especially when you're talking about launching thousands of jobs an hour), the system scales horizontally with more launchers able to consume more work easily.

    When checking your job results on you will see a _zuul_ansible directory now which contains copies of the inventory, playbooks and other related files that the launcher used to do the test run.

  7. Eventually, the test will finish. The Zuul launcher will put the result back into gearman, which Zuul will consume (log copying is interesting but a topic for another day). The testing node will be released back to nodepool, which destroys it and starts all over again — nodes are not reused and also have no sensitive details on them, as they are essentially publicly accessible. Zuul will wait for the results of all jobs for the change and post the result back to Gerrit; it either gives a positive vote or the dreaded negative vote if required jobs failed (it also handles merges to git, but that is also a topic for another day).

Work will continue within OpenStack Infrastructure to further enhance Zuul; including better support for multi-node jobs and "in-project" job definitions (similar to the model); for full details see the spec.

CryptogramSituational Awareness and Crime Prevention

Ronald V. Clarke argues for more situational awareness in crime prevention. Turns out if you make crime harder, it goes down. And this has profound policy implications.

Whatever the benefits for Criminology, the real benefits of a greater focus on crime than criminality would be for crime policy. The fundamental attribution error is the main impediment to formulating a broader set of policies to control crime. Nearly everyone believes that the best way to control crime is to prevent people from developing into criminals in the first place or, failing that, to use the criminal justice system to deter or rehabilitate them. This has led directly to overuse of the system at vast human and economic cost.

Hardly anyone recognizes--whether politicians, public intellectuals, government policy makers, police or social workers--that focusing on the offender is dealing with only half the problem. We need also to deal with the many and varied ways in which society inadvertently creates the opportunities for crime that motivated offenders exploit by (i) manufacturing crime-prone goods, (ii) practicing poor management in many spheres of everyday life, (iii) permitting poor layout and design of places, (iv) neglecting the security of the vast numbers of electronic systems that regulate our everyday lives and, (v) enacting laws with unintended benefits for crime.

Situational prevention has accumulated dozens of successes in chipping away at some of the problems created by these conditions, which attests to the principles formulated so many years ago in Home Office research. Much more surprising, however, is that the same thing has been happening in every sector of modern life without any assistance from governments or academics. I am referring to the security measures that hundreds, perhaps thousands, of private and public organizations have been taking in the past 2-3 decades to protect themselves from crime.

Sociological ImagesQueer-Orlando-América

It was “Latino night” at a gay club. When the story finally broke, that’s all I heard. Orlando’s tragedy at the Pulse puts Latina/o, Latin American, Afro-Latinos, and Puerto Ricans and other Caribbean LGBT people front and center. Otherness mounts Otherness, even in the Whitewashing of the ethno-racial background of those killed by the media, and the seemingly compassionate expressions of love by religious folk. The excess of difference—to be Black or Brown (or to be both) and to be gay, lesbian, bisexual, or transgender (or queer, as some of us see ourselves) serves to shock, through difference, how news are reported. Difference – the very basis of feminist and ethnic politics in the 20th century – has been co-opted and ignored, sanitized even, to attempt to reach a level of a so-called “humanity” that is not accomplishable. We know this, but we don’t talk about it.



Don’t get me wrong: empathy is essential for most social codes of order to functionally sustain any given society. To pay one’s respects for others’ losses, however, does not mean that we think of those lost as equals. Liberal people demanding that sexuality be less important in the news (and thus removed from the coverage) is an inherent violence toward those who partied together because there was real love among them, in that club, for who they were – and are. Religious righters may spread hate while trying to give the illusion of compassion, but they do so in a clear hierarchical, paternalistic way – that is hypocrisy, and we must call it out every chance we get. But this goes beyond liberal notions and conservative hypocrisy – even while Anderson Cooper wept when reading the list of those killed, he knows the distance between himself and many of those at the club is enough to build a classed, raced, and social wall between them. Clearly, empathy is not enough.

To be Latina/o in the US – increasingly another Latin American country, again – is to breathe in hate, to face retaliation, to be questioned at every turn about our allegiances, tested on our sense of citizenship, pushed in our capacity to love the nation and thus hate “like the rest” (a testament to the masculinity of the nation). At a minimum, to be Latina/o guarantees one to be looked at oddly, as if one was out of place, misplaced, inappropriately placed. Simply by being, Latinas/os rupture the logics of normalcy in USAmerica. To be Latina/o and LGBT is to disrupt the logics of racial formation, of racial purity, of the Black and White binary still ruling this country – all while de-gendering and performing an excess (of not only gender, but sexuality) that overflows and overwhelms “America.” In being Latino and queer, some of us aim to be misfits that disrupt a normalcy of regulatory ways of being.

A break between queer and América erupted this past weekend – in Orlando, a city filled with many Latin Americans; a city that, like many others, depends on the backs of Brown folk to get the work done. Put another way, Orlando’s tragedy created a bridge between different countries and newer readings of queerness – Orlando as in an extension of Latin América here. Queer-Orlando-América is an extension of so many Latin American cities as sites of contention, where to be LGBT is both celebrated and chastised – no more, or less, than homophobia in the US.

Enough has been said about how the Pulse is a place where people of color who desired others like themselves, or are trans, go to dance their fears away, and dream on hope for a better day. Too little has been said about the structural conditions faced by these Puerto Ricans, these immigrants, these mixed raced queer folks – some of whom were vacationing, many of whom lived in Florida. Many were struggling for a better (financial, social, political – all of the above) life. Assumptions have also been made about their good fortune as well. Do not assume that they left their countries seeking freedom – for many who might have experienced homophobia back home, still do here; though they have added racism to their everyday lived experience. Of course, there are contradictions on that side of queer-Orlando-América, too; yet same sex marriage was achieved in half a dozen countries before the US granted it a year ago. This is the world upside down, you say, since these advances – this progress – should have happened in the US first.Wake up. América is in you and you are no longer “America” but América.

You see, this is how we become queer-Orlando-América: we make it a verb, an action. It emerges where the tongues twist, where code switching (in Spanish/English/Spanglish) is like a saché-ing on the dance floor, where gender and race are blurry and yet so clear, where Whiteness isn’t front and center – in fact it becomes awkward in this sea of racial, gendered, and sexual differences. This queer-Orlando-América (a place neither “here,” nor “there,” where belonging is something you carry with you, in you, and may activate on some dance floor given the right people, even strangers, and real love – especially from strangers) was triggered – was released – by violence. But not a new violence, certainly not a Muslim-led violence. Violence accumulated over violence – historically, ethnically, specific to transgender people, to Brown people, to effeminate male-bodied people, to the power of femininity in male and female bodies, to immigrants, to the colonized who speak up, to the Spanglish that ruptures “appropriateness,” to the language of the border. And in spite of this, queer-Orlando-América has erupted. It is not going down to the bottom of the earth. You see us. It was, after all, “Latino night” at a gay club. You can no longer ignore us.

As the week advanced, and fathers’ day passed us by, I have already noticed the reordering of the news, a staged dismissal so common in media outlets. Those queer and Brown must continue to raise this as an issue, to not let the comfort of your organized, White hetero-lives go back to normal. You never left that comfort, you just thought about “those” killed.  But it was “Latino night” at a gay club. I do not have that luxury. I carry its weight with me. Now the lives of those who are queer and Latina/o have changed – fueled with surveillance and concerns, never taking a temporary safe space for granted. Queer-Orlando-América is thus a “here and now” that has changed the contours of what “queer” and “America” were and are. Queer has now become less White – in your imaginary (we were always here). América now has an accent (it always had it – you just failed to notice).  Violence in Orlando did this. It broke your understanding of a norm and showed you there is much more than the straight and narrow, or the Black and White “America” that is segmented into neatly organized compartments. In that, Orlando queers much more than those LGBT Latinas/os at the club. Orlando is the rupture that bridges a queer Brown United States with a Latin America that was always already “inside” the US – one that never left, one which was invaded and conquered. Think Aztlán. Think Borinquen. Think The Mission in San Francisco. Or Jackson Heights, in NYC. Or the DC metro area’s Latino neighborhoods. That is not going away. It is multiplying.

I may be a queer Latino man at home, at the University, at the store, and at the club. That does not mean that the layered account of my life gets acknowledged (nor celebrated) in many of those sites – in fact, it gets fractured in the service of others’ understandings of difference (be it “diversity,” “multiculturalism” or “inclusion”). But it sure comes together on the dance floor at a club with a boom-boom that caters to every fiber of my being. It is encompassing. It covers us. It is relational. It moves us – together. So, even if I only go out once a year, I refuse to be afraid to go out and celebrate life. Too many before me have danced and danced and danced (including those who danced to the afterlife because of AIDS, hatred, and homophobia), and I will celebrate them dancing – one night at a time.

We are not going away – in fact, a type of queer-Orlando-América is coming near you, if it hasn’t arrived already, if it wasn’t there already—before you claimed that space. No words of empathy will be enough to negotiate your hypocrisy, to whitewash our heritage, or make me, and us, go away. If anything, this sort of tragedy ignites community, it forces us to have conversations long overdue, it serves as a mirror showing how little we really have in common with each other in “America” – and the only way to make that OK is to be OK with the discomfort difference makes you experience, instead of erasing it.

We must never forget that it was “Latino night” at a gay club. That is how I will remember it.

Salvador Vidal-Ortiz, PhD, is associate professor of sociology at American University; he also teaches for their Women’s, Gender, and Sexuality Studies program. He coedited The Sexuality of Migration: Border Crossings and Mexican Immigrant Men and Queer Brown Voices: Personal Narratives of Latina/o LGBT Activism. He wrote this post, originally, for Feminist Reflections.

(View original at

CryptogramSecurity Behavior of Pro-ISIS Groups on Social Media


Since the team had tracked these groups daily, researchers could observe the tactics that pro-ISIS groups use to evade authorities. They found that 15 percent of groups changed their names during the study period, and 7 percent flipped their visibility from public to members only. Another 4 percent underwent what the researchers called reincarnation. That means the group disappeared completely but popped up later under a new name and earned more than 60 percent of its original followers back.

The researchers compared these behaviors in the pro-ISIS groups to the behaviors of other social groups made up of protestors or social activists (the entire project began in 2013 with a focus on predicting periods of social unrest). The pro-ISIS groups employed more of these strategies, presumably because the groups were under more pressure to evolve as authorities sought to shut them down.

Research paper.

Worse Than FailurePutting the "No" in "Novell"

In the late 90's, Gregg was hired to administer a small Novell network at EduLoans, a student loan processing company. What it amounted to though was a toxic waste cleanup at a Superfund site. To say his predecessor, Loretta, was underqualified was a blunt understatement. The company wanted a network on the cheap, which included elevating a receptionist with slight technical skills to the ranks of Novell administrator. They figured the only training she would ever need was a two week hands-on Novell CNA course. Novell Netware login screen circa 1997

Loretta returned from training with tons of free swag in tow. This included a CD-ROM beta version of Netware 3.12, with bold text printed across its face reading NOT FOR USE IN A PRODUCTION ENVIRONMENT. Ignoring that, she convinced the President of EduLoans that they could get by with this great free version so there would be more money to spend on hardware - and her raise.

Fast-forward a couple years and the EduLoans network was barely functional. Things were fouled up so bad that the Administrator account could do nothing except delete existing user accounts, manage - but not create or delete - print queues, and setup automatic backups which the system would not actually run. Administrator could not even change its own password, nor could any of the other user accounts.

Around the same time, Loretta was ready to start a family and decided to leave EduLoans just before having her first child. Thus, the need for Gregg arose. He was brought in to fix the mess, and do it in a very budget-conscious manner. So obviously having Novell technicians come in to help was out of the question.

Combined with the Netware disarray was the crappy loan processing software EduLoans ran its entire business through. It had originally been written in COBOL then ported to MS-DOS batch files thousands of lines long. These mammoth batch files had to be run from a workstation, which resulted in pulling the entire million-dollar database over a 10 megabit Ethernet connection. The workstation would then process the transactions, send them back to the server, and print the results on 15" greenbar.

Strapped for cash and not sure what else to do, Gregg unhatched a bold plan. He would personally take an upcoming three day weekend to wipe every hard drive at EduLoans to remove the scourge Loretta had setup. He would then use an existing Netware 4.11 license he personally owned the rights to from his last job and set up a fresh Novell network, re-install everything on the workstations, and connect it to the new clean network. From there he would take the backed-up application and database and set it up in a manner that it could run from a server. It might take him the entire 72 hours of the weekend, but it should work and he'd be hailed as a hero.

In order to execute this plan, he would need signoff from Bob, EduLoans' Vice President and the only rung of the ladder Gregg ever had to run his ideas up to. Bob wasn't the most technical person, so it didn't usually take Gregg much effort to convince him. "Seems like a solid enough plan," he said. "If you're willing to burn up this glorious long weekend doing it, that is. Me, I'll be out of state on a golf course somewhere, so I am not to be bothered!" Bob thrust his index finger in to the air to drive home the point. "I'll see you on Tuesday once this mess is sorted out!"

For Gregg, the 3 day weekend seemed like one long, never-ending day. He had all the workstations wiped and reloaded by Saturday night but the rest of the time was a total nightmare. The new network was more difficult to set up and configure than he originally anticipated. Once that was done, none of the workstations would talk to it until he found some obscure setting in the wee hours of Monday.

After a power nap, he got to work configuring the server to run EduLoans' application. He came to find the documentation he was planning to use to help set it up hadn't been updated since the time Zubaz were cool. That led to a lot of guesswork and missteps, which eventually led to the sun coming up on Tuesday morning and a non-functional environment that EduLoans depended on for business.

Bob strolled in an hour late, looking lobster-ish from too much sun on the golf course. "Gregg! Good morning. I forgot all about you being here this weekend. How'd it go?" Bob's tone suggested he expected everything went well and Gregg had worked a miracle. But the answer he got made him turn an even deeper shade of red. "We need to go explain this to the President, pronto!"

Gregg was prepared to fess up to what he did, but did not anticipate the proverbial bus Bob was about to toss him under. "He acted alone! I told him this was a bad idea that could damage our business! But did he listen? NO!" Bob blathered on as Gregg sat there stunned. "I even tried calling him several times to see if he had any other ideas! I will not be held responsible in any way for this disaster!"

If looks could kill, The Prez's icy stare would have struck Gregg down. Instead, he calmly spoke, "Gregg, I'm afraid your services are no longer needed here. Bob, please escort him out. After that, get on the phone to Loretta and tell her we will spare no expense to bring her back to get our network back to the way she had it!"

[Advertisement] Otter, ProGet, BuildMaster – robust, powerful, scalable, and reliable additions to your existing DevOps toolchain.

Rondam RamblingsApple bricked my MacBook and there's nothing I can do about it

About two months ago my wife tried to use the MacBook Air that we keep in our kitchen and found that it was displaying a screen that neither of us had ever seen before.  It was showing a message that said: "Locking down temporarily pending investigation.  Please contact the iCloud account the Mac is linked to." And it was asking for a PIN code. Many calls to Apple Technical Support and one


Cory DoctorowVideo: Guarding the Decentralized Web from its founders’ human frailty

Earlier this month, I gave the afternoon keynote at the Internet Archive’s Decentralized Web Summit, speaking about how the people who are building a new kind of decentralized web can guard against their own future moments of weakness and prevent themselves from rationalizing away the kinds of compromises that led to the centralization of today’s web.

The talk was very well-received — it got a standing ovation — and I’ve heard from a lot of people about it since. The video was heretofore only available as a slice of a 9-hour Youtube archive of the day’s proceeding, but thanks to Jeff Kaplan and the Internet Archive, I’ve now got a cut of just my talk, which is on the Internet Archive for your downloading pleasure and mirrored at Youtube (There’s also an MP3).

Krebs on SecurityCiting Attack, GoToMyPC Resets All Passwords

GoToMyPC, a service that helps people access and control their computers remotely over the Internet, is forcing all users to change their passwords, citing a spike in attacks that target people who re-use passwords across multiple sites.

gtpcOwned by Santa Clara, Calif. based networking giant Citrix, GoToMyPC is a popular software-as-a-service product that lets users access and control their PC or Mac from anywhere in the world. On June 19, the company posted a status update and began notifying users that a system-wide password update was underway.

“Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack,” reads the notice posted to “To protect you, the security team recommended that we reset all customer passwords immediately. Effective immediately, you will be required to reset your GoToMYPC password before you can login again. To reset your password please use your regular GoToMYPC login link.”

John Bennett, product line director at Citrix, said once the company learned about the attack it took immediate action. But contrary to previous published reports, there is no indication Citrix or its platforms have been compromised, he said.

“Citrix can confirm the recent incident was a password re-use attack, where attackers used usernames and passwords leaked from other websites to access the accounts of GoToMyPC users,” Bennett wrote in an emailed statement. “At this time, the response includes a mandatory password reset for all GoToMyPC users. Citrix encourages customers to visit the  GoToMyPC status page to learn about enabling two-step verification, and to use strong passwords in order to keep accounts as safe as possible. ”

Citrix’s GoTo division also operates GoToAssist, which is geared toward technical support specialists, and GoToMeeting, a product marketed at businesses. The company said it has no indication that user accounts at other GoTo services were compromised, but assuming that’s true it’s likely because the attackers haven’t gotten around to trying yet.

It’s a fair bet that whoever perpetrated this attack had help from huge email and password lists recently leaked online from older breaches at LinkedIn, MySpace and Tumblr to name a few. Re-using passwords at multiple sites is a bad idea to begin with, but re-using your GoToMyPC remote administrator password at other sites seems like an exceptionally lousy idea.

Sociological ImagesWhite Supremacy and the Intractability of the Fight Over the Redsk*ns

Last month the Washington Post released the results of a poll of self-identified Native Americans. It asked respondents whether they found the Washington Redsk*ns mascot offensive and 90% responded that they did not.

Dr. Adrienne Keene responded at Native Appropriations, where she has been blogging about Native issues, and the mascot issue, for years. She questioned the methods and her discussion is worth a read. It’s both a great example of uninformed/biased polling and an introduction to the politics of Native identity and citizenship.

She also questioned the logic behind doing the survey at all and that’s what I’d like to talk about here. “I just don’t understand why WaPo felt the need to do this poll,” Keene wrote. “We’ve got psychological studies, tribal council votes, thousands of Native voices, and common decency and respect on our side, yet that was not enough.” What is there left to understand?

“This is just an investment in white supremacy, plain and simple,” she concluded.

It’s hard to parse motivations, especially institutional ones, but it’s arguable that the effect of the poll was to shore up white supremacy by undermining decades of Native activism against the mascot, validating white people’s defense of it, and weakening challenges.

The owner of the Redsk*ins, Daniel Snyder, who strongly defends the use of the term, immediately pounced on the poll, writing in a statement:

The Washington Redskins team, our fans and community have always believed our name represents honor, respect and pride. Today’s Washington Post polling shows Native Americans agree. We are gratified by this overwhelming support from the Native American community, and the team will proudly carry the Redskins name.

By mid-afternoon the day the poll was released, Keene noted that there were already over 100 articles written about it, alongside repeated images of the Redsk*ns logo, an anachronistic depiction of an Indian wearing braids and feathers that portrays Native people as historical instead of contemporary.


And the poll very well might be used in the ongoing court battle over whether the Redsk*ns trademark can be pulled (federal law does not allow for trademarking racial slurs, so the fight is over whether the word is a slur or not).

Keene asks, “Who does this serve?”

It’s a good question, but questioning the motivation for the poll is just part of a larger and even more absurd question that anti-Redsk*ns activists are forced to ask: “Why is this even a fight?”

“We just want respect as human beings,” Keene implores. It would be easy to change the name. Quite easy. It just takes a decision to do it. Not even a democratic one. It wouldn’t even be particularly expensive. And fans would get over it. Why is it necessary to keep the name? Who does it serve? There is no doubt that the word redsk*ns is arguably offensive. Many Natives are and have been saying so. Why isn’t that enough? The fact that Snyder and other supporters defend the name so vociferously — the fact that this is even a conversation — is white supremacy, “plain and simple,” too.

Lisa Wade, PhD is a professor at Occidental College. She is the author of American Hookup, a book about college sexual culture, and Gender, a textbook. You can follow her on Twitter, Facebook, and Instagram.

(View original at

CryptogramNude Photos as Loan Collateral

The New York Times is reporting that some women in China are being forced to supply nude photos of themselves as collateral for getting a loan. Aside from the awfulness of this practice, it's really bad collateral because it's impossible to ever get it back.

CryptogramFriday Squid Blogging: Not Finding a Giant Squid on Google Earth

The Internet is buzzing -- at least, my little corner of the Internet -- about finding a 120-meter-long giant squid on Google Earth. It's a false alarm.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Worse Than FailureCodeSOD: Now There's a Switch…

You know what’s awful? If-then-elseif conditions. You have this long, long chain of them, and then what? If only there were a shorter, clearer way to write a large number of conditions.

Oh, what’s that? There is? It’s called a switch statement? But doesn’t a switch statement only work on equality comparisons? I’d really like something that works on any condition.

Fortunately for me, Sergej’s boss has found a way.

clients.findById( req.authUser._doc._id).then( function( client, error ){
        switch( true ) {
                case client == null:
                        res.send( { success: false, message: 'Your profile has not been found. Try it again or logout and then login again' });

                case client.password != req.body.profile.password:
                        res.send( { success: false, message: 'Profile has not been updated. Password is wrong.' });

                        var updateObj = {};
                        switch( true ) {
                                case client.firstname != req.body.profile.firstname:
                                        updateObj.firstname = req.body.profile.firstname;
                                case client.lastname != req.body.profile.lastname:
                                        updateObj.lastname = req.body.profile.lastname;
                                case client.username != req.body.profile.username:
                                        updateObj.username = req.body.profile.username;
                                case client.companyName != req.body.profile.companyName:
                                        updateObj.companyName = req.body.profile.companyName;
                                case client.companyAddress != req.body.profile.companyAddress:
                                        updateObj.companyAddress = req.body.profile.companyAddress;
                                case client.companyCity != req.body.profile.companyCity:
                                        updateObj.companyCity = req.body.profile.companyCity;
                                case client.companyCountry != req.body.profile.companyCountry:
                                        updateObj.companyCountry = req.body.profile.companyCountry;
                                case client.registrationNumber != req.body.profile.registrationNumber:
                                        updateObj.registrationNumber = req.body.profile.registrationNumber;
                                case client.vatNumber != req.body.profile.vatNumber:
                                        updateObj.vatNumber = req.body.profile.vatNumber;
        clients.update({_id: client._id},{$set: updateObj})
                typeof err != 'undefined'
                        ? res.send({success:false, message: 'Your profile could not be updated.'})
                        : res.send({success:true, message: 'Your profile has been updated.'});

All the functionality of an if-then-else, but it’s even more flexible, because it’s got fall-through! Why does anybody use regular if statements when they’ve got this efficient and easy-to-read construct?

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!


Sam VargheseCollingwood has a sexism issue right at the top

AT A TIME like this, when sexists rise like vermin to the surface, we need writers like the late Sam de Brito, a man who died tragically young.

I still remember how De Brito gave it to Collingwood president Eddie McGuire with both barrels in 2013 after the latter had made his infamous King Kong remarks about the Sydney Swans legend Adam Goodes.

McGuire’s ugliness surfaces periodically, and he was at his brilliant best on the birthday of the British monarch, with atrocious comments about Caroline Wilson, the chief AFL writer for Fairfax Media.

McGuire was joined by others from the blokey football crowd, with Danny Frawley, a former coach of senior AFL club Richmond, no less, and the president of the North Melbourne AFL club, James Brayshaw, chiming in. Also adding his two cents was Wayne Carey, probably the greatest AFL player ever but a seriously flawed human being.

The comments are indicative of the insecurity felt among males who feel challenged when a woman excels in a field which they have traditionally controlled.

McGuire and his buddies must be feeling half-castrated now that the AFL has done the long overdue thing and instituted a women’s league which will start from 2017.

But how many people who matter will stand up and call McGuire for what he is — a closet racist, a closet sexist, a man who has serious doubts abouts his masculinity, a man who cannot bear to live in a democracy where other people — like Wilson, for example — have opinions that differ with his?

Wilson is the best AFL writer in the country, bar none. She calls it as she sees it, is not beholden to man or beast, and McGuire, who likes the fawning kind of journalist, cannot stand her kind.

If Wilson had been a man, it is unlikely that McGuire would be so cavalier. No, he would be his loathful self, for the simple reason that he would fear a boot in the groin.

There is a sickness in Australian society and McGuire is one of the symbols of this disease. It is a disease called sexism, the good old-fashioned variety, where men join hands to keep women down for fear that they will lose control.

De Brito had it down pat after McGuire’s racist outburst: “I’ll take a guess at why your casual-Eddie-McGuire-type-racism persists in this country – because you don’t get killed for it and you certainly don’t get punished if you’re rich and white,” he wrote.

“You give a press conference. You get suspended pending an internal enquiry. You move on in a week or two and things go on as they always have.”

Someone should give McGuire a dose of his own medicine but I doubt that anyone will. Australia is far too male-dominated to knock down one of its tall poppies.


TEDA redesign for death, a monument hidden in plain sight and the intelligence of a bird brain


A design competition to reimagine death. 100 percent of the human population will die, and yet, why don’t we design for this inevitable outcome? OpenIDEO, design and innovation firm IDEO’s online innovation platform, has launched a new public design challenge to “reimagine the end of life experience.” BJ Miller is an advisor on the project and with the first stage completed, read a conversation between Miller and IDEO partner Dana Cho on the stories collected thus far. (Watch BJ’s TED Talk)

Women should have the right to get angry. Anger is unladylike, unfeminine and unattractive. This is not only a double standard but also hinders progress when women who speak up about injustice are seen as merely complaining. In The New York Times, author Roxane Gay asks who gets to be angry — and why should this essential human emotion fall along racial and gender lines? “When women are angry, we are wanting too much or complaining or wasting time or focusing on the wrong things or we are petty or shrill or strident or unbalanced or crazy or overly emotional. Race complicates anger. Black women are often characterized as angry simply for existing, as if anger is woven into our breath and our skin.” (Watch Roxane’s TED Talk)

A monument hiding in plain sight at Petra. If you saw Indiana Jones and the Last Crusade, then you’ve seen the stunning sandstone buildings of Petra, built by the ancient Nabataeans. Archaeologists have been studying this World Heritage Site for more than 200 years. And yet, using satellite and drone imagery, TED Prize winner Sarah Parcak and fellow archaeologist Christopher A. Tuttle have found a large monumental platform — about as long as an Olympic swimming pool and twice as wide — half a mile to the south of the city. ”It’s this very large platform that many of us have walked over for years, and probably didn’t even realize we were walking on,” Parcak told the AP. The report on the finding was published in the Bulletin of the American Schools of Oriental Research and got coverage in publications around the world — but Parcak gave students at TEDYouth a preview of the find last fall. (Watch Sarah’s TED Talk, and sign up for updates on her TED Prize wish.)

We we need more data on women. Today in much of the developing world, there are entire generations of women who have no record of their lives — no birth or death certificates, records showing they went to school, employment records, medical documents — nothing. As Melinda Gates writes in The Huffington Post, this vacuum of data on women’s well-being, or lack thereof, makes it extremely difficult to know how to start lowering the number of preventable deaths women face each year. (Watch Melinda’s TED Talk)
How, exactly, should you follow your passion? Graduation day comes, pictures are taken, farewells given, and commencement speeches move you to tears. Now that it’s time for the “real world,” many grads want to immediately find their passion. But how do you do that? Angela Duckworth is a psychologist who studies people and their passions, and in The New York Times, she reminds students that following your passion rarely offers a straightforward path. She focuses instead on fostering your passion: moving toward what interests you, seeking purpose and finishing strong. (Watch Angela’s TED Talk)

Bird brains: a bit dense, aren’t they? Bird-brained — new research published by Suzana Herculano-Houzel and team in the Proceedings of the National Academy of Sciences suggests that the saying may not mean what we think. While commonly thought of as stupid, scientists have long wondered at the ability of birds to perform advanced cognitive feats, like making tools and solving complex problems, and the new study may explain how: their brains are dense, packing in more neurons per square inch than mammalian brains. While this helps explain an old mystery, it also raises a new one. Their results show that there is more than one way to build a complex brain, but the question is, which way evolved first? (Watch Suzana’s TED Talk)

A financial reality check. When it comes to money, we’re not always as smart as we think we are. In Scientific American, Dan Ariely, Kristen Berman and Wendy de la Rosa use a handful of different research findings to show how “we have a natural bias towards ‘earning’ rather than ‘saving’ when we’re in financial distress—not because we don’t know how to save money or we aren’t trying to save money, but because we perceive earning money as a more productive way to increase financial well-being.” But it turns out that our predisposition may lead us astray and hurt rather than help. (Watch Dan’s TED Talk)

What makes a great sequel? At TED2012, Andrew Stanton shared the lessons that helped him craft stories to captivate the hearts and imaginations of millions of moviegoers, in films like WALL-E and Toy Story. On June 17, he put those lessons to the test again with Finding Dory, the highly anticipated (and long-denied) sequel to Finding Nemo. “We all love stories,” said Stanton at TED; “we’re born for them. Stories affirm who we are. We all want affirmations that our lives have meaning. And nothing does a greater affirmation than when we connect through stories. It can cross the barriers of time, past, present and future, and allow us to experience the similarities between ourselves and through others, real and imagined.” (Watch Andrew’s TED Talk)


LongNowKevin Kelly Seminar Tickets


The Long Now Foundation’s monthly

Seminars About Long-term Thinking

Kevin Kelly on The Next 30 Digital Years

Kevin Kelly on “The Next 30 Digital Years”


Thursday July 14, 02016 at 7:30pm Herbst Theater

Long Now Members can reserve 2 seats, join today! General Tickets $15


About this Seminar:

Since the mid-01980s Kevin Kelly has been creating, and reporting on, the digital future. His focus is the long-term trends and social consequences of technology. Kelly’s new book, THE INEVITABLE: Understanding the 12 Technological Forces That Will Shape Our Future, is a grand synthesis of his thinking on where technology is heading in the next few decades, and how we can embrace it to maximize its benefits, and minimize its harms.

Kevin Kelly is the founding executive editor of Wired magazine and is a founding board member of The Long Now Foundation.


TEDInside our rebuilt Android app, for TED’s next billion fans

TED's rebuilt-from-the-ground-up Android app offers, from left: Browsing and search in 24 languages (here's Japanese); regional highlights, like this talk on Zika, highlighted for our Brazilian audience; and the library of TED Radio Hour audio podcasts.

TED’s rebuilt-from-the-ground-up Android app offers, from left: Browsing and search in 24 languages (here’s Japanese); regional highlights, like this talk on Zika, curated and translated for our Brazilian audience; and a library of TED Radio Hour audio podcasts to download or stream.

A TED Talk might contain a brilliant idea, but if it’s only available in English, well, it can only go so far. That’s why the TED Translator program encourages thousands of volunteer translators worldwide to subtitle TED Talks in more than 100 languages. So far, they’ve created 90,000 subtitled talks!

Now we’ve completely rebuilt the TED Talks Android app to help our global audience search, find and watch talks in their local languages. The rebuilt-from-the-ground-up Android app works natively in 24 languages, so if your phone setting is in native Japanese, you’ll now get the full TED experience with a Japanese interface and more than 2,000 TED Talks subtitled in Japanese — and even multi-language search.

New translations are happening all the time, and as new TED Talks are subtitled into each of the 24 featured languages, the Android app will feature those new translations on the front page, so local TED fans can see them first.

And it’s not just language translations on the app that make the talks more relevant – we’re curating playlists and homepage features based on regional trending topics and news of the moment. European app users might see talks about the ongoing refugee crisis, while viewers in South America might see something relevant about Zika. We know that the more relevant a talk – both in terms of cultural context and native language – the more likely it is to resonate.

Oh, and it has some other awesome new features too: The app now features TED Radio Hour, a co-production with NPR. Listen to every new episode, and catch up on all four seasons of our popular audio podcast.

And the whole app has been given a fresh redesign, featuring the classic TED Red.

Other features:

  • Custom playlists to fit your mood and available time
  • Downloads for talks and full playlists, to watch on the go
  • Cast support, so you can play talks from your phone through your Chromecast
  • Bookmarks to remember talks you want to watch later

The 24 supported languages in the TED Android app are: Arabic, Chinese (simplified), Chinese (traditional), Croatian, Czech, Dutch, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Kazakh, Korean, Polish, Portuguese, Portuguese (Brazilian), Romanian, Russian, Serbian, Spanish, Swedish and Turkish.

And of course, beyond those 24 languages, every TED Talk translation, all 90,000 of them in all 112 languages, can be found with the click of a button in the Android app.

When it comes to sharing talks with global audiences, we’re really just getting started. Watch for native language support in in the next version of TED’s iOS app — and in fact, the TED viewer for Apple TV already supports translations. And stay tuned for more …

Want to contribute a translation in your own language? Learn more about our volunteer TED Translators program.

CryptogramApple's Differential Privacy

At the Apple Worldwide Developers Conference earlier this week, Apple talked about something called "differential privacy." We know very little about the details, but it seems to be an anonymization technique designed to collect user data without revealing personal information.

What we know about anonymization is that it's much harder than people think, and it's likely that this technique will be full of privacy vulnerabilities. (See, for example, the excellent work of Latanya Sweeney.) As expected, security experts are skeptical. Here's Matt Green trying to figure it out.

So while I applaud Apple for trying to improve privacy within its business models, I would like some more transparency and some more public scrutiny.

EDITED TO ADD (6/17): Adam Shostack comments. And more commentary from Tom's Guide.

EDITED TO ADD (6/17): Here's a slide deck on privacy from the WWDC.

Krebs on SecurityAdobe Update Plugs Flash Player Zero-Day

Adobe on Thursday issued a critical update for its ubiquitous Flash Player software that fixes three dozen security holes in the widely-used browser plugin, including at least one vulnerability that is already being exploited for use in targeted attacks.

brokenflash-aThe latest update brings Flash to v. for Windows and Mac users alike. If you have Flash installed, you should update, hobble or remove Flash as soon as possible.

The smartest option is probably to ditch the program once and for all and significantly increase the security of your system in the process. I’ve got more on that approach (as well as slightly less radical solutions ) in A Month Without Adobe Flash Player.

If you choose to update, please do it today. The most recent versions of Flash should be available from this Flash distribution page or the Flash home page. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). Chrome and IE should auto-install the latest Flash version on browser restart (I had to manually check for updates in Chrome an restart the browser to get the latest Flash version).

For some reason that probably has nothing to do with security, Adobe has decided to stop distributing direct links to its Flash Player software. According to the company’s Flash distribution page, on June 30, 2016 Adobe will decommission direct links to various Flash Player downloads. This will essentially force Flash users to update the program using its built-in automatic updates feature (which sometimes takes days to notice a new security update is available), or to install the program from the company’s Flash Home page — a download that currently bundles McAfee Security Scan Plus and a product called True Key by Intel Security.

Anything that makes it less likely users will update Flash seems like a bad idea, especially when we’re talking about a program that often needs security fixes more than once a month.

Sociological ImagesThe Sociology of Father’s and Mother’s Day Gifts

It’s time to go buy your dad a tie! What are you getting your father for Father’s Day this year? One Father’s Day when I had no money, I decided to concoct some homemade barbecue sauce on the stovetop for my dad. I don’t even remember what ingredients I used, but for years afterward, Dad would bring up how good that jar of barbecue sauce was and ask if I could make it again (I was never able to recreate it, for some reason). Barbecue and men just seem to go together, don’t they?

The gifts that are promoted on Mother’s Day and Father’s Day often reflect society’s conception of what roles mothers and fathers are supposed to serve within the stereotypical heterosexual nuclear family. There are perhaps no other holidays that are quite so stereotypically gendered. Hanukkah, Christmas, birthdays, and anniversaries have us seeking out unique gifts that are tailored to the recipient’s particular personality, likes, or hobbies. But Mother’s Day and Father’s Day gift ideas appear to fall back on socially constructed family roles.

Examining the most popular types of gifts to give can help us see how society (helped by marketers) conceptualizes mothers and fathers. Google Image searches, while unscientific, can allow us to see at a glance what types of gifts are considered most appropriate for mothers and fathers in our society. This type of content analysis is based on Goffman’s (1978) examination of magazine advertisements. Goffman encouraged social scientists to more critically examine what appears to be everyday common sense, especially those images presented in popular culture.

I began looking at the differences between gifts for Mother’s Day and Father’s Day by typing in “gifts for Mother’s Day” on Google Images. Mothers are apparently obsessed with their children, as the majority of gifts reflect the children that she is responsible for. These types of child-centered gifts tend to emphasize the number of children, names of children, or birthdates of her children. Mothers also apparently drink copious amounts of tea and want flowers. In addition, the color scheme on a Google Image search for gifts for moms is predominantly pink and lilac.


When I searched for “gifts for Father’s Day” the color scheme changed to blue, orange, and black. Gifts for dad assume that a father grills, fishes, has money, and has a fantastic sense of humor. I saw few gifts emphasizing the number of children or names of children.


The Google Image search emphasizes several differences between mothers and fathers. For mothers, the day should be all about their children. Motherhood is no laughing matter, as it was difficult to find “gag” or “funny” Mother’s Day gifts (as was so easily found for Father’s Day gifts). Images of Mother’s Day gifts reflect quiet contemplation of a serious and weighty job.

For fathers, the day should be outdoorsy with grilled steaks and funny aprons that give credit to the theory that men grill but do not cook. One of the more interesting finds from this Google Search was the preponderance of the dad money clip phenomenon. There is simply no equivalent for mothers. While women carry purses and theoretically do not need money clips, purses do not appear. This suggests that fathers are still thought of as the breadwinners. Gifts to fathers often emphasize the idea that it is the fathers who financially support children, while the mothers emotionally support children.

Theories on Motherhood and Fatherhood

According to sociologist Sharon Hays (1998), contemporary beliefs posit motherhood as intensive and sacred. Motherhood is based on the assumption that all women need to be mothers in order to be fulfilled. The gifts promoted for Mother’s Day certainly reflect this theory.

On the other side of the heterosexual parental unit, anthropologist Nicholas Townsend (2002) argues that masculinity today is now a “package deal” that includes marriage, fatherhood, employment, and home ownership.

In other words, motherhood is the primary identity for women who become mothers, but fatherhood is merely one facet of what it means to be a man. (Note: these theorists are clearly situating idealized parenthood within a middle-class context.)

This quick comparison of Google Image search results supports the idea that when we celebrate Mother’s Day and Father’s Day we reinforce societal ideas of motherhood and fatherhood. Instead of tailoring our gifts/cards to the unique interests of the individual father or mother, we are pressed to celebrate the generic role fathers and mothers are supposed to play in stereotypical heterosexual, middle class nuclear families.

Cross-posted at Sociology in Focus.

Ami E. Stearns is in the sociology and women’s and gender studies programs at the University of Oklahoma. She studies sociology and popular literature.

(View original at

CryptogramComputer Science Education Is Security Education

This essay argues that teaching computer science at the K-12 level is a matter of national security.

I think the argument is even broader. Computers, networks, and algorithms are at the heart of all of our complex social and political issues. We need broader literacy for all sorts of political and social reasons.

Worse Than FailureError'd: Pirates, Your Days are Numbered

"If you pirate Windows 10, watch out," Norman D. wrote, "One week and 100 years from now, Microsoft is going to catch you."


"The experience of 3D navigating a tape drive just can't be beat," writes McKay S.


Sam writes, "Seeing a Windows error on an ATM isn't a huge surprise. Seeing one on a video game though is just sad."


"Orion SolarWinds threw its hands up, and then threw up, from the looks of it," writes Charles R.


Steffen M. wrote, "There was an internal error so bad that it shook Eclipse to its very core!"


"I was looking for a ATX power supply tester, on the same page it linked me to this cosy looking POST diagnostic tool," writes Dave L., "And you wouldn't know it, but it has a built-in speaker too!"


[Advertisement] Infrastructure as Code built from the start with first-class Windows functionality and an intuitive, visual user interface. Download Otter today!

Planet Linux AustraliaBinh Nguyen: Religious Conspiracies, Is Capitalism Collapsing 2?, and More

This is obviously a continuation of my past post, You're probably wondering how on earth we've moved on to religious conspiracies. You'll figure this out in a second: - look back far enough and you'll realise that the way religion was practised and embraced in society was very different a long time ago and now. In fact,

Planet Linux AustraliaChris Smart: Booting Fedora 24 cloud image with KVM

Fedora 24 is on the way, here’s how you can play with the cloud image on your local machine.

Download the image:

Make a new local backing image (so that we don’t write to our downloaded image) called my-disk.qcow2:
qemu-img create -f qcow2 -b Fedora-Cloud-Base-24-1.2.x86_64.qcow2 my-disk.qcow2

The cloud image uses cloud-init to configure itself on boot which sets things like hostname, usernames, passwords and ssh keys, etc. You can also run specific commands at two stages of the boot process (see bootcmd and runcmd below) and output messages (see final_message below) which is useful for scripted testing.

Create a file called meta-data with the following content:
instance-id: FedoraCloud00
local-hostname: fedoracloud-00

Next, create a file called user-data with the following content:
password: password
chpasswd: { expire: False }
ssh_pwauth: True
 - [ sh, -c, echo "=========bootcmd=========" ]
 - [ sh, -c, echo "=========runcmd=========" ]
# add any ssh public keys
  - ssh-rsa AAA...example...SDvZ
# This is for pexpect so that it knows when to log in and begin tests
final_message: "SYSTEM READY TO LOG IN"

Cloud init mounts a CD-ROM on boot, so create an ISO image out of those files:
genisoimage -output my-seed.iso -volid cidata -joliet -rock user-data meta-data

If you want to SSH in you will need a bridge of some kind. If you’re already running libvirtd then you should have a virbr0 network device (used in the example below) to provide a local network for your cloud instance. If you don’t have a bridge set up, you can still boot it without network support (leave off the -netdev and -device lines below).

Now we are ready to boot this!
qemu-kvm -name fedora-cloud \
-m 1024 \
-hda my-disk.qcow2 \
-cdrom my-seed.iso \
-netdev bridge,br=virbr0,id=net0 \
-device virtio-net-pci,netdev=net0 \
-display sdl

You should see a window pop up and Fedora loading and cloud-init configuring the instance. At the login prompt you should be able to log in with the username fedora and password that you set in user-data.


TEDWhat if the coolest thing about a 21st-century school wasn’t technology?

At TED2016, a room of TEDsters convened by the Robert Wood Johnson Foundation brainstormed the school of the future -- a surprisingly low-tech affair.

At TED2016, a room of TEDsters convened by the Robert Wood Johnson Foundation brainstormed the school of the future — a surprisingly low-tech affair.


Sometimes technology isn’t the answer to every problem. Even at the TED conference.

At TED2016, TED partnered with the Robert Wood Johnson Foundation to run a blue-sky workshop session on creating a new healthy school from scratch, imagining new solutions to problems that plague educators, students, schools, and the communities that surround them.

A diverse group filled the room, including a university president, a child psychiatrist, an architect, a hotel CEO and a venture capitalist. The group tapped into both what they experienced as children and what they envision for all schools.

The suggestions we got surprised us a bit.

At TED2016, producer Richard Yu brainstorms ideas for future schools at a conversation supported by the Robert Wood Johnson Foundation. Photo: TED

At TED2016, producer Richard Yu brainstorms ideas for future schools at a conversation supported by the Robert Wood Johnson Foundation. Photo: TED

While the group came up with some interesting concepts that tapped into technology, the most compelling ideas were founded on innovative ways to inject schools with a better quality of life, building the modern-day skill set — and mindset. Imagine a school that:

  • bakes a makers-and-doers function right into the curriculum. Hands-on activities would offer context for concepts — and build collaboration and creative skills.
  • addresses the lack of nutritious foods and healthy meals not with meal cards, but with a garden on the roof, sparking a vibrant community connections.
  • adds mindfulness to the typical triplet of reading, writing and arithmetic; it’s a skill never more in demand in today’s relentlessly media-saturated lives.
  • integrates families into schools, not just for conferences with teachers, but for family nights in school that connect them to the larger community.
  • injects wisdom into schools with a free and often neglected resource: connecting senior citizens with students. An idea that delivers equally compelling value to both young and old.

This team of dreamers united their diverse expertise and collaborated on a dream school with a surprisingly back-to-basics approach. The secret to a healthy school? Reconnecting with our bodies, with nature, and with each other.

Below, a video that captures additional insights on health and our ever-evolving relationship with technology from TED and the Robert Wood Johnson Foundation:



Worse Than FailureAnnouncements: Our Next Kickstarter: Lairs Board Game

I've been a board/tabletop gamer for as long as I can remember, even before writing my first program (obviously, 10 PRINT "ALEX IS COOL" / 20 GOTO 10). After seeing how much you supported the Release! game, it turned out that a lot of you are into games, too.

But since then, I've learned that games came be more than just a fun activity for us to do off-hours with our friends and family. They can also serve as a great team-building activity for developers and engineers.

And it's not just the social aspect. Understanding and applying a set of fixed rules to achieve a desired outcome describes both writing software and playing games, and seeing how other team members think and apply these rules can create a better understanding, and facilitate better communication. That, and it's a bit more fun than most corporate team-building activities.

Of course, this wasn't exactly the driver behind my next Kickstarter Project (or the other two games we've since launched), but it's one of the reasons I wanted to share it with you today.

Here's a the short story on how the game works:

In Lairs, players take on the roles of powerful creatures that each build their homes in The Mountain.

Deep in The Mountain lie powerful artifacts, ancient sorceries, and untold riches. These Legacies, when claimed, will grant great power.

At the start game, players compete to excavate and build their Lairs to the center of the mountain to claim one of these prizes.

Once one player has taken the Legacy, they become the Enemy of the other players, who are not content to let one soul hold such power.

The remaining players band together as the Allies and fight their way through each chamber of the Enemy’s lair, and eventually confront them in a climatic finale.

The project is live, and I'd love to get your feedback!

I'm putting this up here right at launch time so you can can score an early bird copy of the game for just $22! There are plenty of other rewards too, but you folks gave me a lot of support in past projects so I wanted to give you the first shot at Lairs. Thanks all!

[Advertisement] Incrementally adopt DevOps best practices with BuildMaster, ProGet and Otter, creating a robust, secure, scalable, and reliable DevOps toolchain.

Krebs on SecurityFBI Raids Spammer Outed by KrebsOnSecurity

Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email artist currently flagged by anti-spam activists as one of the world’s Top 10 Worst Spammers, was reportedly raided by the FBI in connection with a federal spam investigation.

atballAccording to a June 9 story at ABC News, on April 27, 2016 the FBI raided the San Diego home of Persaud, who reportedly has been under federal investigation since at least 2013. The story noted that on June 6, 2016, the FBI asked for and was granted a warrant to search Persaud’s iCloud account, which investigators believe contained “evidence of illegal spamming’ and wire fraud to further [Persaud’s] spamming activities.”

Persaud doesn’t appear to have been charged with a crime in connection with this investigation. He maintains his email marketing business is legitimate and complies with the CAN-SPAM Act, the main anti-spam law in the United States which prohibits the sending of spam that spoofs that sender’s address or does not give recipients an easy way to opt out of receiving future such emails from that sender.

The affidavit that investigators with the FBI used to get a warrant for Persaud’s iCloud account is sealed, but a copy of it was obtained by KrebsOnSecurity. It shows that during the April 2016 FBI search of his home, Persaud told agents that he currently conducts internet marketing from his residence by sending a million emails in under 15 minutes from various domains and Internet addresses.

The affidavit indicates the FBI was very interested in the email address In my 2014 piece Still Spamming After All These Years, I called attention to this address as the one tied to Persaud’s Facebook account — and to 5,000 or so domains he was advertising in spam. The story was about how the junk email Persaud acknowledged sending was being relayed through broad swaths of Internet address space that had been hijacked from hosting firms and other companies.

persaud-fbFBI Special Agent Timothy J. Wilkins wrote that investigators also subpoenaed and got access to that account, and found emails between Persaud and at least four affiliate programs that hire spammers to send junk email campaigns.

A spam affiliate program is a type of business or online retailer — such as an Internet pharmacy — that pays a third party (known as affiliates or spammers) a percentage of any sales that they generate for the program (for a much deeper dive on how affiliate programs work, check out Spam Nation).

When I wrote about Persaud back in 2014, I noted that his spam generally advertised the types of businesses you might expect to see pimped in junk email: payday loans, debt consolidation services, and various “nutraceutical” products.

Persaud did not respond to requests for comment. But in an email he sent to KrebsOnSecurity in November 2014, he said:

“I can tell you that my company deals with many different ISPs both in the US and overseas and I have seen a few instances where smaller ones will sell space that ends up being hijacked,” Persaud wrote in an email exchange with KrebsOnSecurity. “When purchasing IP space you assume it’s the ISP’s to sell and don’t really think that they are doing anything illegal to obtain it. If we find out IP space has been hijacked we will refuse to use it and demand a refund. As for this email address being listed with domain registrations, it is done so with accordance with the CAN-SPAM guidelines so that recipients may contact us to opt-out of any advertisements they receive.”

Persaud is currently listed as #10 on the World’s 10 Worst Spammers list maintained by Spamhaus, an anti-spam organization. In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. In 2001, the San Diego District Attorney’s office filed criminal charges against Persaud, alleging that he and an accomplice crashed a company’s email server after routing their spam through the company’s servers.

Worse Than FailureCodeSOD: Trained Developer

ASP.NET, like any other web development system, has a “role provider” system to handle authorization. With a small quantity of code, you can hook your custom security settings into this API and get authorization essentially for “free”. Not every organization uses it, because it’s not sufficient for every security situation, but it’s a good starting point, and it’s guaranteed that it’ll be covered in any ASP.NET training course.

Paul’s employer recently found a new hiring strategy. Instead of hiring expensive, well qualified people, they hire completely inexperienced people on the cheap, and send them to training classes. That’s likely where this code started its life- cribbed from notes in a training class.

private void AddUserToRole(List<NewAlumUser> users, int r)
        if (!Roles.RoleExists("Level" + users[r].Accesslevel))
                Roles.CreateRole("Level" + users[r].Accesslevel);

//checks if they are in the role... GOOD
        if (!(Roles.IsUserInRole(users[r].User_name, "Level" + users[r].Accesslevel)))
                string[] rolesforuser = Roles.GetRolesForUser(users[r].User_name);
                string[] userroles = Roles.GetUsersInRole("Level" + users[r].Accesslevel);
                int count = rolesforuser.GetUpperBound(0);
                string currentrole = "";

                for (int i = 0; i <= count; i++)
                        currentrole = rolesforuser[i].ToUpper() + currentrole;
                if (!(currentrole.Contains("LEVEL" + users[r].Accesslevel.ToUpper())))
                                Roles.AddUserToRole(users[r].User_name, "Level" + users[r].Accesslevel);
                        catch (Exception ex)
                                createfile("AddUserToRole", users[r].User_name + "\r\n" + users[r].Accesslevel + "\r\n" + ex.Message + "\r\n" + ex.Source + "\r\n" + ex.StackTrace);

        //if (Roles.IsUserInRole(users[r].User_name.ToLower()) == false && Roles.IsUserInRole(users[r].User_name.ToUpper()) == false)

Now, there are a few obvious problems with this code. The for loop in the middle is an incredibly special snowflake. Beyond that, this code is in-line in the code-behind for a SharePoint page , and is called every time the page is rendered.

The real kicker, though, is that Paul’s organization uses a custom membership provider that doesn’t implement RoleExists, meaning this code just throws an exception every time it’s called anyway.

[Advertisement] Scale your release pipelines, creating secure, reliable, reusable deployments with one click. Download and learn more today!

CryptogramRussians Hacking DNC Computers

The Washington Post is reporting that Russian hackers penetrated the network of the Democratic National Committee and stole opposition research on Donald Trump. The evidence is from CrowdStrike:

The firm identified two separate hacker groups, both working for the Russian government, that had infiltrated the network, said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer. The firm had analyzed other breaches by both groups over the last two years.

One group, which CrowdStrike had dubbed Cozy Bear, had gained access last summer and was monitoring the DNC's email and chat communications, Alperovitch said.

The other, which the firm had named Fancy Bear, broke into the network in late April and targeted the opposition research files. It was this breach that set off the alarm. The hackers stole two files, Henry said. And they had access to the computers of the entire research staff -- an average of about several dozen on any given day.

This seems like standard political espionage to me. We certainly don't want it to happen, but we shouldn't be surprised when it does.

Slashdot thread.

EDITED TO ADD (6/16): From the Washington Post article, the Republicans were also hacked:

The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some Republican political action committees, U.S. officials said. But details on those cases were not available.

EDITED TO ADD (6/16): These leaks might be from this hack, or from another unrelated hack. They don't seem to be related to the Russian government at all.


Google AdsenseEarn more from mobile: 3 rules and 6 best practices

However important mobile is to your business today, it will become even more critical tomorrow.

That's true whether you’re blogging about your favorite sports team, building the site for your community theater, or selling products to potential customers. Your visitors simply must have a great experience when they visit your site on their mobile devices.

Research has found that 61% of users will leave a mobile site if they don’t see what they are looking for right away. 

Sites that are not mobile-friendly expect users to pinch, slide, and zoom in order to consume content. It’s a frustrating experience when users expect to find the information they’re looking for right away, but are presented with obstacles to obtain that information. This is what causes users to abandon sites. 

To create a mobile-friendly site, follow these three rules:

  1. Make it fast. Research shows that 74% of people will abandon a mobile site that takes more than 5 seconds to load.
  2. Make it easy. Research shows that 61% of users will leave a mobile site if they don’t find what they're looking for straight away.
  3. Be consistent across screens. Make it easy for users to find what they need no matter what device they're using.

It's also important to think about your ads when you're designing or fine-tuning your mobile-friendly site. Focus on creating a flow between your content and your ads for the ultimate user experience and maximum viewability. Consult your analytics data and set events to track and understand where your users are most receptive to ads.

Here are some mobile-friendly ad best practice tips:

  1. Swap out the 320x50 ad units for 320x100 for a potential RPM increase.
  2. Place a 320x100 ad unit just above the fold or peek the 300x250 -- that is, place a portion of the ad unit just above the fold (ATF).
  3. Use the 300x250 ad unit below the fold (BTF) mixed in with your content.
  4. Prevent accidental clicks on enhanced features in text ads by moving ad units 150 pixels away from your content.
  5. Consider using responsive ad units, which optimize ad sizes to screen sizes and work seamlessly with your responsive site.  
  6. Test your site. Pick the metrics that matter most to you – then experiment with them.

The ad experience on your site should be designed with your mobile users in mind, just like the site itself. 

There are many ways to improve your users’ mobile experience on your site. Download the AdSense Guide to Mobile Web Success today, and find out more on how to make mobile a major asset to your business.

Posted by: 
Chiara Ferraris 
Publisher Monetization Specialist

CryptogramInfecting Systems by Typosquatting Programming Language Libraries

Typosquatting is an old trick of registering a domain name a typo away from a popular domain name and using it for various nefarious purposes. Nikolai Philipp Tschacher just published a bachelor's thesis where he does the same trick with the names of popular code libraries, and tricks 17,000 computers into running arbitrary code.

Ars Technica article.

Worse Than FailureComing of Age

When you discover the truth about Santa and the Easter Bunny, you die a little inside as you leave some innocence behind and begin to grow up.

When you get your first pay check at your first real job and discover that the government gets the first bite, you get a little disenchanted as you grow up.

Santa and the Ice Cream Bunny

When you realize that the prettiest members of the opposite sex aren't always as nice and sweet as you might fantasize, you face a reality of life and grow up.

None of that holds a candle to the coming-of-age you experience as you find out about management in the workplace...

D.H. was a student pursuing a degree in Computer Games Programming. The program required a year of work in the real-world workplace. He thought he was pretty lucky to find a job at a massive Consultancy and IT company. Unlike most of the 20 interns in the group, D.H. wound up with some actual hands-on experience as a developer.

Toward the end of the stint, D.H. had developed a healthy fear of Management Stupidity©

From the get-go, he discovered that real-world programming was vastly different from university homework problems. What he hadn't expected however, was for common sense to have been replaced entirely with "business sense", and for all coding practices to be thrown out of the window.

When someone raised a defect because you could only select one out of several radio buttons on screen, management forced him to break functionality. There were radio buttons assigned to the question "Would you like to review your answers?" Yes, No, followed by two buttons: "Review" and "Continue". After the change, you could click no to review and then review anyway.

We all know that you shouldn't trust user input. He discovered that a field that took 3 characters for a promotion code brought the application crashing down around it if the data was entered incorrectly.

Or if someone has a surname with a space.

Or if you share a house with someone with the same birth date and surname (twins, or a coincidental marriage spring to mind).

Or if you need to handle international phone numbers.

Or street addresses.

And then he found this:

if (foo || !foo) {
} else {
   /*same code as above*/

D.H. felt violated that such foolishness could be perpetrated by so-called professionals.

Welcome to the wonderful world of IT!

[Advertisement] Incrementally adopt DevOps best practices with BuildMaster, ProGet and Otter, creating a robust, secure, scalable, and reliable DevOps toolchain.

Planet Linux Australiasthbrx - a POWER technical blog: Introducing snowpatch: continuous integration for patches

Continuous integration has changed the way we develop software. The ability to make a code change and be notified quickly and automatically whether or not it works allows for faster iteration and higher quality. These processes and technologies allow products to quickly and consistently release new versions, driving continuous improvement to their users. For a web app, it's all pretty simple: write some tests, someone makes a pull request, you build it and run the tests. Tools like GitHub, Travis CI and Jenkins have made this process simple and efficient.

Let's throw some spanners in the works. What if instead of a desktop or web application, you're dealing with an operating system? What if your tests can only be run when booted on physical hardware? What if instead of something like a GitHub pull request, code changes were sent as plain-text emails to a mailing list? What if you didn't have control the development of this project, and you had to work with an existing, open community?

These are some of the problems faced by the Linux kernel, and many other open source projects. Mailing lists, along with tools like git send-email, have become core development infrastructure for many large open source projects. The idea of sending code via a plain-text email is simple and well-defined, not reliant on a proprietary service, and uses universal, well-defined technology. It does have shortcomings, though. How do you take a plain-text patch, which was sent as an email to a mailing list, and accomplish the continuous integration possibilities other tools have trivially?

Out of this problem birthed snowpatch, a continuous integration tool designed to enable these practices for projects that use mailing lists and plain-text patches. By taking patch metadata organised by Patchwork, performing a number of git operations and shipping them off to Jenkins, snowpatch can enable continuous integration for any mailing list-based project. At IBM OzLabs, we're using snowpatch to automatically test new patches for Linux on POWER, skiboot, snowpatch itself, and more.

snowpatch is written in Rust, an exciting new systems programming language with a focus on speed and safety. Rust's amazing software ecosystem, enabled by its package manager Cargo, made development of snowpatch a breeze. Using Rust has been a lot of fun, along with the practical benefits of (in our experience) faster development, and confidence in the runtime stability of our code. It's still a young language, but it's quickly growing and has an amazing community that has always been happy to help.

We still have a lot of ideas for snowpatch that haven't been implemented yet. Once we've tested a patch and sent the results back to a patchwork instance, what if the project's maintainer (or a trusted contributor) could manually trigger some more intensive tests? How would we handle it if the traffic on the mailing list of a project is too fast for us to test? If we were running snowpatch on multiple machines on the same project, how would we avoid duplicating effort? These are unsolved problems, and if you'd like to help us with these or anything else you think would be good for snowpatch, we take contributions and ideas via our mailing list, which you can subscribe to here. For more details, view our documentation on GitHub.

Thanks for taking your time to learn a bit about snowpatch. In future, we'll be talking about how we tie all these technologies together to build a continuous integration workflow for the Linux kernel and OpenPOWER firmware. Watch this space!

This article was originally posted on IBM developerWorks Open. Check that out for more open source from IBM, and look out for more content in their snowpatch section.

Planet Linux AustraliaRusty Russell: Minor update on transaction fees: users still don’t care.

I ran some quick numbers on the last retargeting period (blocks 415296 through 416346 inclusive) which is roughly a week’s worth.

Blocks were full: median 998k mean 818k (some miners blind mining on top of unknown blocks). Yet of the 1,618,170 non-coinbase transactions, 48% were still paying dumb, round fees (like 5000 satoshis). Another 5% were paying dumbround-numbered per-byte fees (like 80 satoshi per byte).

The mean fee was 24051 satoshi (~16c), the mean fee rate 60 satoshi per byte. But if we look at the amount you needed to pay to get into a block (using the second cheapest tx which got in), the mean was 16.81 satoshis per byte, or about 5c.

tl;dr: It’s like a tollbridge charging vehicles 7c per ton, but half the drivers are just throwing a quarter as they drive past and hoping it’s enough. It really shows fees aren’t high enough to notice, and transactions don’t get stuck often enough to notice. That’s surprising; at what level will they notice? What wallets or services are they using?


Krebs on SecurityMicrosoft Patches Dozens of Security Holes

Microsoft today released updates to address more than three dozen security holes in Windows and related software. Meanwhile, Adobe — which normally releases fixes for its ubiquitous Flash Player alongside Microsoft’s monthly Patch Tuesday cycle — said it’s putting off today’s expected Flash patch until the end of this week so it can address an unpatched Flash vulnerability that already is being exploited in active attacks.

brokenwindowsYes, that’s right it’s once again Patch Tuesday, better known to mere mortals as the second Tuesday of each month. Microsoft isn’t kidding around this particular Tuesday — pushing out 16 patch bundles to address at least 44 security flaws across Windows and related software.

The usual suspects earn “critical” ratings: Internet Explorer (IE), Edge (the new, improved IE), and Microsoft Office. Critical is Microsoft’s term for a flaw that allows the attacker to remotely take control over the victim’s machine without help from the victim, save for perhaps getting him to visit a booby-trapped Web site or load a poisoned ad in IE or Edge.

Windows home users aren’t the only ones who get to have all the fun: There’s plenty enough in today’s Microsoft patch batch to sow dread in any Windows system administrator, including patches that fix serious security holes in Windows SMB Server, Microsoft’s DNS Server, and Exchange Server.

I’ll put up a note later this week whenever Adobe releases the Flash update. For now, Kaspersky has more on the Flash vulnerability and its apparent use in active espionage attacks. As ever, if you experience any issues after applying any of today’s updates, please drop a note about it in the comments below.

Other resources: Takes from the SANS Internet Storm CenterQualys and Shavlik.

Google Adsense[VIDEO] Understand your AdSense reporting

Want to know more about AdSense Reporting? Good news: That's the topic of the fourth video in our #AdSense101 series.

Knowing how to analyze your AdSense reports is essential to improving your ad performance – they're loaded with insights and data that can help you grow your business and your strategies. AdSense reports and graphs are a quick and easy way for you to learn which of your ad units perform best or where most of your traffic is coming from.

Watch this video for more on what your AdSense reports can show you.

Stay tuned for other #AdSense101 videos and if there’s something else you’d like to learn more about let us know in the comments below.  

Check out YouTube playlist #AdSense101 to learn more about...

  • AdSense payment process
  • Control the ads displayed on your site
  • Monetizing for Multi-Screen
Have a topic you'd like to see covered? Leave us a comment on the YouTube video page.

Posted by:
Barbara Sarti
Google AdSense team

CryptogramWaze Data Poisoning

People who don't want Waze routing cars through their neighborhoods are feeding it false data.

It was here that Connor learned that some Waze warriors had launched concerted campaigns to fool the app. Neighbors filed false reports of blockages, sometimes with multiple users reporting the same issue to boost their credibility. But Waze was way ahead of them.

It's not possible to fool the system for long, according to Waze officials. For one thing, the system knows if you're not actually in motion. More important, it constantly self-corrects, based on data from other drivers.

"The nature of crowdsourcing is that if you put in a fake accident, the next 10 people are going to report that it's not there," said Julie Mossler, Waze's head of communications. The company will suspend users they suspect of "tampering with the map," she said.

Planet Linux AustraliaBen Martin: Terry & ROS

After a number of adventures I finally got a ROS stack setup so that move_base, amcl, and my robot base all like each other well enough for navigation to function. Luckily I added some structural support to the physical base as the self driving control is a little snappier than I normally tend to drive the robot by hand.

There was an upgrade from Indigo to Kinetic in the mix and the coupled update to Ubuntu Xenial to match the ROS platform update. I found a bunch of ROS packages that I used are not currently available for Kinetic, so had an expanding catkin ws for self compiled system packages to complete the update. Really cool stuff like rosserial wasn't available. Then I found that a timeout there caused a bunch of error messages about mismatched read sizes. I downgrade to the indigo version of rosserial and the error was still there, so I assume it relates to the various serial drivers in the Linux kernel doing different timing than they did before. Still, one would have hoped that rosserial was more resilient to multiple partial packet delivery. But with a timeout bump all works again. FWIW I've seen similar in boost, you try to read 60 bytes and get 43 then need to get that remaining 17 and stuff the excess in a readback buffer for the next packet read attempt. The boost one hit me going from 6 to 10 channel io to a rc receiver-to-uart arduino I created. The "joy" of low level io.

I found that the issues stopping navigation from working for me out of the box on Indigo were still there in Kinetic.  So I now have a very cool bit of knowledge to tell if somebody has navigation working or is just assuming that what one reads equals what will work out of the box.

Probably the next ROS thing will be trying to get a moveit stack for the mearm. I've got one of these cut and so will soon have it built. It seems like an ideal thing to work on MoveIt for because its a simple low cost arm that anybody can cut out and servo up. I've long wanted a simple tutorial on MoveIt for affordable arms. It might be that I'm the one writing that tutorial rather than just reading it.

Video and other goodness to follow. As usual, persistence it the key^TM.

Worse Than FailureCodeSOD: Simulated Congealing

Simulated Annealing is a class of algorithms from moving through a search space to find a solution, balancing “good enough” results against a computational budget.

John L has a co-worker that has taken this logic and applied it to writing code. Whenever code needs to change, he “randomly” changes the function in small increments until it works. The result is code that looks like this:

        private void handleDoubleClickTreeNode(object sender, FormTreeNodeArgs e)
            if ( e.FormTreeNode.FormElement != null)
            else if (e.FormTreeNode.FormElement == null)
                if (e.FormTreeNode != null)
                    if (!string.IsNullOrEmpty(e.FormTreeNode.Name))

This code does work, but some of the conditionals make it clear that it works more through an accident than any intentional design.

[Advertisement] Infrastructure as Code built from the start with first-class Windows functionality and an intuitive, visual user interface. Download Otter today!

Planet Linux AustraliaOpenSTEM: Celebrating explorers!

Nellie BlyWe continue publishing resources on explorers, a very diverse range from around the world and throughout time.  Of course James Cook was an interesting person, but isn’t it great to also offer students an opportunity to investigate some other people that they hadn’t yet heard the name of?  It is good to show the diversity and how it wasn’t just Europeans who explored.

And did you spot our selection of female explorers? Unfortunately there aren’t that many, but they did awesome work. Nellie Bly is my personal favourite (pictured on the right). Such fabulous initiative.

As small introductory gift this month for those who haven’t yet got a subscription, use this special link to our Explorers category page  to get 50% off the price of one explorer resource PDF, some will then be only $1. If you have come to the site via the link, the discount will automatically be applied to your cart on checkout, to the most expensive item from the Explorer category.Alternatively you can use coupon code NL1606EXPL. This offer is only valid until end June 2016.

Which one will you choose? You can write a comment on this post: tell us which explorer, and why!