Planet Russell


Planet DebianRudy Godoy: Apache Phoenix for Cloudera CDH

Apache Phoenix is a relational database layer over HBase delivered as a client-embedded JDBC driver targeting low latency queries over HBase data. Apache Phoenix takes your SQL query, compiles it into a series of HBase scans, and orchestrates the running of those scans to produce regular JDBC result sets.

What the above statement means for developers or data scientists is that you can “talk” SQL to your HBase cluster. Sounds good right? Setting up Phoenix on Cloudera CDH can be really frustrating and time-consuming. I wrapped-up references from across the web with my own findings to have both play nice.

Building Apache Phoenix

Because of dependency mismatch for the pre-built binaries, supporting Cloudera’s CDH requires to build Phoenix using the versions that match the CDH deployment. The CDH version I used is CDH4.7.0. This guide applies for any version of CDH4+.

Note: You can find CDH components version in the “CDH Packaging and Tarball Information” section for the “Cloudera Release Guide”. Current release information (CDH5.2.1) is available in this link.

Preparing Phoenix build environment

Phoenix can be built using maven or gradle. General instructions can be found in the “Building Phoenix Project” webpage.

Before building Phoenix you need to have:

  • JDK v6 (or v7 depending which CDH version are you willing to support)
  • Maven 3
  • git

Checkout correct Phoenix branch

Phoenix has two major release versions:

  • 3.x – supports HBase 0.94.x   (Available on CDH4 and previous versions)
  • 4.x – supports HBase 0.98.1+ (Available since CDH5)

Clone the Phoenix git repository

git clone

Work with the correct branch

git fetch origin
git checkout 3.2

Modify dependencies to match CDH

Before building Phoenix, you will need to modify the dependencies to match the version of CDH you are trying to support. Edit phoenix/pom.xml and do the following changes:

Add Cloudera’s Maven repository

+    <repository>
+        <id>cloudera</id>
+    </repository>

Change component versions to match CDH’s.

-    <hadoop-one.version>1.0.4</hadoop-one.version>
-    <hadoop-two.version>2.0.4-alpha</hadoop-two.version>
+    <hadoop-one.version>2.0.0-mr1-cdh4.7.0</hadoop-one.version>
+    <hadoop-two.version>2.0.0-cdh4.7.0</hadoop-two.version>
     <!-- Dependency versions -->
-    <hbase.version>0.94.19
+    <hbase.version>0.94.15-cdh4.7.0
-    <hadoop.version>1.0.4
+    <hadoop.version>2.0.0-cdh4.7.0
-    <protobuf-java.version>2.4.0</protobuf-java.version>
+    <protobuf-java.version>2.4.0a</protobuf-java.version>

Change target version, only if you are building for Java 6. CDH4 is built for JRE 6.

-            <source>1.7</source>
-            <target>1.7</target>
+            <source>1.6</source>
+            <target>1.6</target>

Phoenix building

Once, you have made the changes you are set to build Phoenix. Our CDH4.7.0 cluster uses Hadoop 2, so make sure to activate the hadoop2 profile.

mvn package -DskipTests -Dhadoop.profile=2

If everything goes well, you should see the following result:

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] Apache Phoenix .................................... SUCCESS [2.729s]
[INFO] Phoenix Hadoop Compatibility ...................... SUCCESS [0.882s]
[INFO] Phoenix Core ...................................... SUCCESS [24.040s]
[INFO] Phoenix - Flume ................................... SUCCESS [1.679s]
[INFO] Phoenix - Pig ..................................... SUCCESS [1.741s]
[INFO] Phoenix Hadoop2 Compatibility ..................... SUCCESS [0.200s]
[INFO] Phoenix Assembly .................................. SUCCESS [30.176s]
[INFO] ------------------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1:02.186s
[INFO] Finished at: Mon Dec 15 13:18:48 PET 2014
[INFO] Final Memory: 45M/1330M
[INFO] ------------------------------------------------------------------------

Phoenix Server component deployment

Since Phoenix is a JDBC layer on top of HBase a server component has to be deployed on every HBase node. The goal is to have Phoenix server component added to HBase classpath.

You can achieve this goal either by copying the server component directly to HBase’s lib directory, or copy the component to an alternative path then modify HBase classpath definition.

For the first approach, do:

cp phoenix-assembly/target/phoenix-3.2.3-SNAPSHOT-server.jar /opt/cloudera/parcels/CDH/lib/hbase/lib/

Note: In this case CDH is a synlink to the current active CDH version.

For the second approach, do:

cp phoenix-assembly/target/phoenix-3.2.3-SNAPSHOT-server.jar /opt/phoenix/

Then add the following line to /etc/hbase/conf/

export HBASE_CLASSPATH_PREFIX=/opt/phoenix/phoenix-3.2.3-SNAPSHOT-server.jar

Wether you’ve used any of the methods, you have to restart HBase. If you are using Cloudera Manager, restart the HBase service.

To validate that Phoenix is on HBase class path, do:

sudo -u hbase hbase classpath | tr ':' '\n' | grep phoenix

Phoenix server validation

Phoenix provides a set of client tools that you can use to validate the server component functioning. However, since we are supporting CDH4.7.0 we’ll need to make few changes to such utilities so they use the correct dependencies.

phoenix/bin/ is a wrapper for the JDBC client, it provides a SQL console interface to HBase through Phoenix.

index f48e527..bf06148 100755
--- a/bin/
+++ b/bin/
@@ -53,7 +53,8 @@ colorSetting = "true"
 if == 'nt':
     colorSetting = "false"
-java_cmd = 'java -cp "' + phoenix_utils.hbase_conf_path + os.pathsep + phoenix_utils.phoenix_client_jar + \
+java_cmd = 'java -cp ".' + os.pathsep + extrajars + os.pathsep + phoenix_utils.hbase_conf_path + os.pathsep + phoenix_utils.phoenix_client_jar + \
     '" -Dlog4j.configuration=file:' + \
     os.path.join(phoenix_utils.current_dir, "") + \
     " sqlline.SqlLine -d org.apache.phoenix.jdbc.PhoenixDriver \

phoenix/bin/ is a wrapper tool that can be used to create and populate HBase tables.

index 34a95df..b61fde4 100755
--- a/bin/
+++ b/bin/
@@ -34,7 +34,8 @@ else:
 # HBase configuration folder path (where hbase-site.xml reside) for
 # HBase/Phoenix client side property override
-java_cmd = 'java -cp "' + phoenix_utils.hbase_conf_path + os.pathsep + phoenix_utils.phoenix_client_jar + \
+java_cmd = 'java -cp ".' + os.pathsep + extrajars + os.pathsep + phoenix_utils.hbase_conf_path + os.pathsep + phoenix_utils.phoenix_client_jar + \
     '" -Dlog4j.configuration=file:' + \
     os.path.join(phoenix_utils.current_dir, "") + \
     " org.apache.phoenix.util.PhoenixRuntime " + args

After you have done such changes you can test connectivity by issuing the following commands:

./bin/ zookeeper.local
Setting property: [isolation, TRANSACTION_READ_COMMITTED]
issuing: !connect jdbc:phoenix:zookeeper.local none none org.apache.phoenix.jdbc.PhoenixDriver
Connecting to jdbc:phoenix:zookeeper.local
14/12/16 19:26:10 WARN conf.Configuration: dfs.df.interval is deprecated. Instead, use fs.df.interval
14/12/16 19:26:10 WARN conf.Configuration: hadoop.native.lib is deprecated. Instead, use io.native.lib.available
14/12/16 19:26:10 WARN conf.Configuration: is deprecated. Instead, use fs.defaultFS
14/12/16 19:26:10 WARN conf.Configuration: topology.script.number.args is deprecated. Instead, use net.topology.script.number.args
14/12/16 19:26:10 WARN conf.Configuration: dfs.umaskmode is deprecated. Instead, use fs.permissions.umask-mode
14/12/16 19:26:10 WARN conf.Configuration: topology.node.switch.mapping.impl is deprecated. Instead, use net.topology.node.switch.mapping.impl
14/12/16 19:26:11 WARN conf.Configuration: is deprecated. Instead, use fs.defaultFS
14/12/16 19:26:11 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
14/12/16 19:26:12 WARN conf.Configuration: is deprecated. Instead, use fs.defaultFS
14/12/16 19:26:12 WARN conf.Configuration: is deprecated. Instead, use fs.defaultFS
Connected to: Phoenix (version 3.2)
Driver: PhoenixEmbeddedDriver (version 3.2)
Autocommit status: true
Building list of tables and columns for tab-completion (set fastconnect to true to skip)...
77/77 (100%) Done
sqlline version 1.1.2
0: jdbc:phoenix:zookeeper.local>

Then, you can either issue SQL-commands or Phoenix-commands.

0: jdbc:phoenix:zookeeper.local> !tables
|                TABLE_CAT                 |               TABLE_SCHEM                |                TABLE_NAME                |                TABLE_TYPE |
| null                                     | SYSTEM                                   | CATALOG                                  | SYSTEM TABLE              |
| null                                     | SYSTEM                                   | SEQUENCE                                 | SYSTEM TABLE              |
| null                                     | SYSTEM                                   | STATS                                    | SYSTEM TABLE              |
| null                                     | null                                     | STOCK_SYMBOL                             | TABLE                     |
| null                                     | null                                     | WEB_STAT                                 | TABLE                     |

TEDA day of TEDx talks from people who dedicate their lives to the global good

TEDxPlaceDesNations took place inside the UN's General Assembly Hall, a historic room. Photo: Jean-Marc Ferré/UN

TEDxPlaceDesNations took place inside the UN’s General Assembly Hall. Photo: Jean-Marc Ferré/UN

On the day he was released from his cell, Vincent Cochetel sported a beard “that would be trendy today.” It was not a fashion decision. In 1998, Cochetel, the Director of the Bureau for Europe for the UN High Commission on Refugees, was kidnapped in Chechnya and held hostage for 317 days, most of that time chained to a bed. Last week, in a calm, measured and moving talk, Cochetel spoke for the first time in public about this harrowing experience.

Cochetel’s talk brought the crowd at TEDxPlacedesNations to its feet. “He captivated the audience,” says Melissa Fleming, who co-organized the event. “Sharing his vulnerability with such a large TED audience—it was perceived as daring.”

TEDxPlacedesNations was held on December 11, 2014, to surface unheard voices like Cochetel’s and others in international Geneva working hard for the global good. Held inside the UN’s Palais des Nations in Geneva, Switzerland, the event brought together speakers and attendees from the many international organizations headquartered in and around the city—which include, in addition to the UN, the Red Cross, the European Organization for Nuclear Research (CERN), the World Trade Organization (WTO) and the World Health Organization (WHO)—with residents of the city.

“As you walk around Geneva, you hear every foreign language you could imagine,” says Fleming. “French is the spoken language, but because there’s the seat of the United Nations, there’s this constant flow of airplanes arriving, diplomats coming and going. There are a large number of international organizations and a community of international business too.”

“It feels like an international place, but it feels a bit disconnected and transient,” she says. “We thought TEDx would be a great opportunity to pull everyone together, including the inhabitants of the city.”

The idea for TEDxPlacedesNations came about in an unusual way. Last year, Fleming, who is the head of communications for the UN’s High Commissioner for Refugees, contacted TED’s European director, Bruno Giussani, to talk about how someone from the UNHCR could give a TED Talk or connect with a local TEDx event. The two met for lunch. “It turned into quite an exchange—he was so well-informed on refugee issues,” says Fleming. “It was a Q&A session that went on for quite some time, and in the end I realized I had been tested. After that conversation, he asked me to speak [at TEDGlobal]. It was a surprise.”


Fleming accepted the invitation and began the long process of writing and rehearsing. (Watch her TED Talk: “Let’s help refugees thrive, not just survive.”) But at the same time, she started pursuing the idea of organizing a TEDx event with Corinne Momal-Vanian, the Director of UN Information Centres. “We’d had a conversation about just how little people know about International Geneva, and what it does around the world,” says Fleming.

While Fleming prepared to speak at TEDGlobal, she and Momal-Vanian worked on the speaker program for TEDxPlacedesNations. “I thought it was going to be more difficult than it turned out to be,” says Fleming. “We wanted to make sure that the representation was truly global and diverse—that was our biggest worry at the beginning. And it turned out that it wasn’t a difficulty at all. We had nationalities from Afghanistan to Nigeria, and many women speaking. We had a good diversity of topics. The whole spectrum was hugely varied — a big tapestry.”

Some of the speakers from TEDxPlacedesNations: Bruce Aylward, who works with the WHO and shared the latest thinking on ending the Ebola outbreak; Javier Serrano, from CERN, who talked about how open hardware is as important as open software in making sure that people can create local solutions for local problems; Maryanne Diamond, of the World Blind Union, who is pushing for a treaty to relax copyright and open up book publishing for the blind; and Elisabeth Decrey-Warner, of the NGO Geneva Call, which works with civilians in war zones. Says Fleming, “Her whole talk was about how it’s important to speak not just to the good guys but also to the bad guys if you want to save people’s lives.”

These speakers telegraphed their ideas to 1,900 attendees who filled the General Assembly Hall of the Palais des Nations, the oldest UN building in the world. “It’s iconic,” Fleming said of the hall, “the place where you’ve had all kinds of historical events and meetings and conferences and decisions. It’s never had anything like a TED event on its stage.”

Another of the day’s most beloved speakers was Fawzia Koofi, a parliamentarian in Afghanistan. “She ended her talk revealing that she often receives death threats, so she writes goodbye letters before leaving the house to her daughters,” says Fleming. “She said, ‘Giving up is not what we do. We fight, we live.’ That line turned into one of the most tweeted quotes from the conference.”


Fawzia Koofi, a parliamentarian in Afghanistan, gave a incredibly moving talk. Photo: Jean-Marc Ferré/UN

Fleming, with her own TED Talk under her belt, was uniquely positioned to help speakers deliver great talks. But while she and her team did Skype rehearsals with speakers, she still worried about how things would go on the day of the event.

“I think probably with every TEDx organizer, it’s not whether the stage is going to look great or whether you’re going to have a nice reception. You worry, basically, are the performers going to perform? That’s what keeps us awake at night,” said Fleming. “These speakers are extremely busy people — high-powered operators working in the far reaches of the earth. Will they understand that this is a different kind of talk from any other they’d given, that it involved rehearsing and removing all the formalities that they usually use?”

To Fleming, the most enjoyable part of TEDxPlacedesNations was having these fears melt away. “I was surprised to watch a real transformation of many speakers who were nervous and a bit shaky at their rehearsals,” she says. “They appeared highly confident and incredibly fluent on stage.”

People around the world were watching too, via a livestream and 22 viewing parties held in cities like New York, Washington D.C., London, Brussels, Bangalore, São Paulo and Kiev.

In the end, Fleming is thrilled that TEDxPlacedesNations allowed so many people to hear perspectives from people like Koofi and Cochetel. The latter was especially meaningful to her, as he is a co-worker at the UNHCR.

“I just came back from Syria, and saw 450 [members] of our staff risking their lives every day to help people in a war zone,” says Fleming. “He spoke on behalf of all humanitarians about why they risk their lives — and give up a lot of comfort and stability and safety — for the betterment of others.”


Vincent Cochetel spoke about his experience being kidnapped for 317 days in Chechnya. Photo: Jean-Marc Ferré/UN

Sociological ImagesFrom Our Archives: Christmas

2The History of Christmas

Christmas Across Cultures

The Economics of Christmas

Racializing Christmas

Christmas and Gender

Gift Guides and the Social Construction of Gender

Sexifiying Christmas

Christmas Marketing

On Discourse:

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

Planet Linux AustraliaAndrew Pollock: [life] Day 324: Christmas in the city

I got a bit of bonus time to myself in the morning, because Zoe had a late breakfast out with Sarah for her birthday, so I used the time to finish off another unit of my real estate licence course and get it into the mail.

After Sarah dropped Zoe off, she watched a bit of TV before we headed off to the doctor to have another go at freezing off the wart on her hand, and to follow up on the suspected chicken pox.

Zoe's fever had resolved itself, and her spots looked like they were starting to fade. The doctor thought she probably just had a viral rash, and it definitely wasn't chicken pox.

Armed with that good news, I definitely wanted to get out of the house in the afternoon, because Zoe had been watching far too much TV.

Zoe said she wanted to go to the park over at West End, and I wanted to take her into the city in the evening to look at the lights, so I thought a good way to achieve both goals would be to take public transport over to West End and then back to the city.

As the Hawthorne ferry terminal is closed for some upgrades, and I didn't fancy walking home with a tired Zoe from Bulimba late at night, we drove as close to the Bulimba ferry terminal as we could find a park, which was incidentally right next to the Love Street park. Zoe had a bit of a play there, before we walked to the Bulimba ferry terminal and took the cross river over to Teneriffe, and jumped on the CityGlider all the way to the park at West End.

Zoe had a great time playing in the park, which was nice and cool and shady, before we jumped on a CityCat back to the city. We got off at North Quay, and walked down to the Mall and into the Myer Centre to escape the heat.

I'd promised Zoe a bubble tea the next time we were in the Myer Centre, so we went to the bubble tea place and shared one of them.

After that we were just sitting on the Mall taking a break, and Anshu's Mum happened to wander past, so she hung out with us. We went and grabbed some sushi for dinner and then Anshu met up with us.

I wanted to catch the Myer Christmas Parade and Pantomime while we were in there, so we assumed a spot where the parade was due to turn right onto Albert Street and head to King George Square.

The Mall was absolutely packed by the time the parade made it up to where we were, and if Zoe hadn't been on my shoulders she wouldn't have seen anything. I'm glad she got to see though. It was pretty impressive, and even had a Santa sleigh with a couple of deer.

After that we headed over to King George Square with the intention of seeing the Christmas tree get lit up. First we had to sit through the pantomime, which wasn't really worth it. Visibility of the stage was poor, but we sat (or rather stood) through it. Then we had to watch the Gold Lotto City Hall Light Spectacular, which was actually pretty good. All sorts of stuff projected onto City Hall.

That all finished, and everyone started leaving, but the tree still didn't get lit up. Upon enquiry, it seemed that it hadn't survived the most recent storm or something. So that was a bit disappointing.

Anshu and her Mum had headed home during the pantomime, and we headed back to North Quay to get a CityCat back to Bulimba. There was quite a wait. I think the CityCat was running behind schedule or something, and Zoe was getting quite tired and having a bit of a meltdown. Then the fireworks started as a welcome distraction. I didn't even realise there were fireworks scheduled, so that was a pretty cool added bonus.

Zoe fell asleep on the CityCat when I was staring out the window. I had to wake her up when we got to Bulimba, and that didn't go terribly well either, and we had a messy trip back to the car.

We made it back home, and I managed to get Zoe into bed without too much more fuss.

Planet Linux AustraliaBinh Nguyen: Blogging, Music Production, and Experimentation - Part 4

A follow on from:

Have been struggling to come up with ideas for establishing myself within the music sector. Have been going through the possibilities and some of the following options look interesting.

When you are ready (have something worthy of selling to the public), submit your work to various music aggregators (and media outlets) for more advertising.

Hook up with relevant social groups to get you some interest.

Other options include the usual web specific blogs. 

I've sometimes seen MIDI files being sold online. Who's to say that up and coming artists can't do the same for themselves. Even if you are just a composer or soemthing who's beginining to learn the business you still need to create stems and samples that may be worthy of selling (sample some of the discs from some music magazines) and you'll understand what I mean. Besides, a lot of the time you need composition pieces to be able to audition for music school (if you ever intend to do so). The easiest way that I can think of at the moment to gather interest is to basically, stick the sample on loop and then stick it on YouTube. You can sell it via an online market or else via something like,

You may need to think about copyright difficulties if you decide to 'cover/copy' from another artist though.

Sell sound samples if you have anything worth sampling.

Sell synthesiser patch sets. Problem is that you often may not be able to sell anything if you don't have any music to be able to advertise your 'wares'. Stick the sample on loop on a group of notes and then run it through a presets at regular intervals to provide a sample of what the customer is being offered on YouTube.

Sell music making templates. Problem is that like a lot of other things there is a huge market to that you need to deal with. It's a bit of a chicken and egg problem here. You need music to have people want to purchase the template?

Another way is to simply make synthesiser software which is easily possible via Reaktor, create sample packs via Kontakt. A lot of the required documentation actually comes with the software to enable you to be able to create.

Have been having significant troubles with regards to running CPU load when running certain software synthesiser VSTs. 'Freezing' seems like the easiest option without having to upgrade hardware.

If you can't figure anything else for the moment try to monetise you're musical journey in the meantime.

Which reminds me there are some interesting options out there for those of you looking to simplify you're blogging environment (if you're running multiple blogs. Note that some of these options are no longer relevant and some services such as Tumblr and YouTube already have such facilities builtin).

Planet DebianCraig Small: WordPress 4.1 for Debian

Release 4.1 of WordPress came out on Friday so after some work to fit in with the Debian standards, the Debian package 4.1-1 of WordPress will be uploaded shortly.  WordPress have also updated their themes with a 14-day early theme called twentyfifteen.  This is the default theme for WordPress 4.1 on-wards.

I have also made some adjustments with the embedded code that WordPress ships. This is the usually JavaScript or PHP code that WordPress has in their release tarballs that comes from other projects. There is a fine line between keeping the WordPress install the same and having to deal with the maintenance of the embedded code. An example of a good one not to use embedded code is php-getid which the Debian maintainer has put in some additional patches for a better security fix while the alternative is jquery which is a little sad in the Debian-word being so many versions behind. php-snoopy got reverted to embedded code because its not exactly the same as upstream.

A significant (or invisible, depends on your browser) is the mediaelement components now don’t use the un-maintainable silverlight and flash plugins, which is the same how the libjs-mediaelement package works. In fact the code IS from that package.


As I was looking into the embedded js/php code in WordPress, I also had to look into how the previous maintainer kept all the versions in order without some horrible mess of patchfiles and symlinks. The answer was dh_linktree. This program plugs into the standard debhelper rules file and can basically use symlinks in the package to use the standard Debian versions of files. It a bit cleverer than symlinks in that you can say use the link always or only if the files are the same.

If you need to remove some of your embedded code out of Debian packages, have a look into it. It might save you a lot of agnst or hand-crafted rules files.

Geek FeminismDo You Wanna Build A Linkspam? (19 December 2014)

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Rondam RamblingsA cheesy warning label

So... does this mean that other food products are OK?


Krebs on SecurityStaples: 6-Month Breach, 1.16 Million Cards

Office supply chain Staples Inc. today finally acknowledged that a malware intrusion this year at some of its stores resulted in a credit card breach. The company now says some 119 stores were impacted between April and September 2014, and that as many as 1.16 million customer credit and debit cards may have been stolen as a result.

staplesKrebsOnSecurity first reported the suspected breach on Oct. 20, 2014, after hearing from multiple banks that had identified a pattern of credit and debit card fraud suggesting that several Staples office supply locations in the Northeastern United States were dealing with a data breach. At the time, Staples would say only that it was investigating “a potential issue” and had contacted law enforcement.

In a statement issued today, Staples released a list of stores (PDF) hit with the card-stealing malware, and the stores are not limited to the Northeastern United States.

“At 113 stores, the malware may have allowed access to this data for purchases made from August 10, 2014 through September 16, 2014,” Staples disclosed. “At two stores, the malware may have allowed access to data from purchases made from July 20, 2014 through September 16, 2014.”

However, the company did say that during the investigation Staples also received reports of fraudulent payment card use related to four stores in Manhattan, New York at various times from April through September 2014.

Aviv Raff, chief technology officer at Seculert, said the per-store minimum time to detect and respond to the breach was an average of 40 days.

“Once again, much like previous breaches, the statistics of the Staples’ breach shows the necessity of moving from trying to prevent an attack to try and detect and respond as quickly as possible,” Raff said.

Source: Seculert

Source: Seculert

It appears that the attackers responsible for the Staples break-in are not the same group thought to have hit Target and Home Depot. In November, I posted a story that cited sources close to the Staples investigation saying the breach at Staples impacted roughly 100 stores and was powered by some of the same criminal infrastructure seen in the intrusion disclosed earlier this year at Michaels craft stores.

Planet DebianWouter Verhelst: joytest.png

Planet DebianWouter Verhelst: joytest UI improvements

After yesterday's late night accomplishments, today I fixed up the UI of joytest a bit. It's still not quite what I think it should look like, but at least it's actually usable with a 27-axis, 19-button "joystick" (read: a PS3 controller). Things may disappear off the edge of the window, but you can scroll towards it. Also, I removed the names of the buttons and axes from the window, and installed them as tooltips instead. Few people will be interested in the factoid that "button 1" is a "BaseBtn4", anyway.

The result now looks like this:

If you plug in a new joystick, or remove one from the system, then as soon as udev finishes up creating the necessary device node, joytest will show the joystick (by name) in the treeview to the left. Clicking on a joystick will show that joystick's data to the right. When one pushes a button, the relevant checkbox will be selected; and when one moves an axis, the numbers will start changing.

I really should have some widget to actually show the axis position, rather than some boring numbers. Not sure how to do that.

CryptogramFriday Squid Blogging: Squid Beard


As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Planet DebianDirk Eddelbuettel: Rocker is now the official R image for Docker

big deal

Something happened a little while ago which we did not have time to commensurate properly. Our Rocker image for R is now the official R image for Docker itself. So getting R (via Docker) is now as simple as saying docker pull r-base.

This particular container is essentially just the standard r-base Debian package for R (which is one of a few I maintain there) plus a mininal set of extras. This r-base forms the basis of our other containers as e.g. the rather popular r-studio container wrapping the excellent RStudio Server.

A lot of work went into this. Carl and I also got a tremendous amount of help from the good folks at Docker. Details are as always at the Rocker repo at GitHub.

Docker itself continues to make great strides, and it has been great fun help to help along. With this post I achieved another goal: blog about Docker with an image not containing shipping containers. Just kidding.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

TEDEye phone: How a TED Fellow’s new app could help restore sight to millions


Andrew Bastawrous shares the idea behind Peek at TED2014. Photo: Ryan Lash/TED

Around 39 million people in the world are affected by blindness — 80% of which could be avoided if people had timely access to diagnosis and proper treatment. The problem is that in many developing countries, most eye care providers are in cities, while the majority of patients live in hard-to-reach rural areas. To bridge this gap, London-based opthalmologist Andrew Bastawrous created Peek — an app and adapter that turn a smartphone into a comprehensive, easy-to-use, accurate eye-exam tool. Peek makes eye tests affordable and easy to administer, bypassing the need for expensive, fragile equipment. (Watch his TED Talk, “Get your next eye exam on a smartphone.”)

Bastawrous developed and extensively road-tested Peek during a research expedition in Kenya, and has now launched an Indiegogo campaign to set up manufacturing process for the Peek Retina adapter, which allows health workers to peer into the eye and capture images for diagnosis. If successful, Peek will soon be rolled out worldwide with the help of eye NGOs. Here, he tells the TED Blog how his own childhood experiences with poverty, inequality and impaired vision led him to devote his life to restoring sight to the world.

How long has Peek been in development?

I’ve been working on it for around three years, and the team came together about two years ago. We’re now at the point where we’ve got a proven, tested prototype, and we want to make it available. We’ve had so much demand — over 4,000 eye organizations in 180 countries are asking to use it, and we want to make it available and keep the cost low. We evaluated options, and recently won the TED Mazda Rebels award. We’ve used the majority of that to fund set-up of the manufacturing pipeline to develop the adapter, and that takes us to about the halfway point.

You grew up in England. What made you want to practice in developing countries?

I was born in York, but my parents are both from Egypt, and I grew up between cultures. We spent most of our holidays in Egypt, and I always felt a little like I didn’t know where home was. When I visited Egypt, I witnessed things I didn’t see in the UK. My father’s a doctor, and he’d always visit the village where he grew up whenever we went back. He would be inundated with requests for medical attention.

It really inspired me, the way he never said no to anyone. Once a woman complained to him that she couldn’t have a child. My father, who is actually a bone doctor, did some general blood tests, and said, “Look, as far as I can see, everything’s okay.” When we went back the following year, she had a child with her — and everyone else in the region who couldn’t have babies started coming to see my dad to get it sorted out.

So I think seeing such things left me with a very deep sense of inequality. I also realized I’d had a very privileged upbringing. Within Egypt, my relatives are quite well off. But my grandma lived on the first floor, and the family that lived on the basement floor were effectively working for the apartment block. There was a kid there the same age as me, and every year we’d diverge more in terms of our opportunities. When we first met, we both just wanted to play football, but by the time we were 18, he’d had a kid, and his opportunities were very limited. Meanwhile, I had so many fantastic options for my university, career. It just seemed deeply unfair.

Peek healthcare worker examines patient in her own home. Photo: Peek

A Peek healthcare worker examines patient in her own home. Photo: Courtesy of Peek

But why eye care?

I grew up very short-sighted. I was at the bottom of my class until I was about 12, when my mum dragged me kicking and screaming to the optician’s and insisted I get some glasses. Suddenly I could suddenly see everything perfectly — and I don’t think I’ve ever forgotten that moment. So I’ve always been struck with the power of being able to have sight returned, the impact it can have. After that, I started to do well at school, and was better at sport. I looked a bit more geeky, but I was doing better in a lot of other ways.

So it had always been in my mind at medical school to go into ophthalmology. I spent my summer holidays traveling, visiting people who were doing eye care in resource-poor settings, and just really fell in love with the possibilities. There are so many people who are unnecessarily blind. Had they been living in the UK, they would have never have gotten to the point where their vision problems were anything more than a nuisance. I knew this would be how I’d spend my life.

Untreated eye disease must be a problem in many developing countries. Why did you choose to focus on Kenya?

I’d worked in various countries short term, from Uganda, Sierra Leone and Madagascar to Peru and Belize. I then got the opportunity to work at the International Center for Eye Health on a PhD program. We were to do a large trial in Kenya, for which we’d be required to take lots of expensive equipment to 100 different locations to try and work out why people were going blind. I was excited because I knew this research would result in change, as opposed to only lead to papers and publications.

The most common causes of blindness are the same everywhere in the world — with cataract the top cause. In developing countries, blindness is an issue of access to healthcare, not usually a result of weird and wonderful tropical diseases, although there are certain infectious diseases that are more prevalent in Africa.

Refractive error — simply the need for spectacles — is a major problem. We don’t even think about this in England, but had I been been born elsewhere, I’d have been classified as visually impaired. The World Health Organization classification of blindness is when you’re half the usual distance to the chart and you still can’t even see the top letter with your best eye. At that level, most people can’t function beyond basic navigation. I wear contact lenses now, and I can see perfectly. But without basic eye care, I wouldn’t have finished my education. I wouldn’t be working.

Other common conditions include diabetic retinopathy, where diabetes causes leaking of blood and fat inside the eye, and glaucoma, a disease where you slowly lose your peripheral vision. The leading cause of blindness by infectious disease is trachoma, which is on the way out. I think we’ll see that disease eradicated in the next few years.

Cataract testing outside patients home. Photo: Peek

Cataract testing outside patients home. Photo: Courtesy of Peek

What did you find in Kenya? Did you have your “aha” moment about Peek there?

The “aha” moment actually came before I moved to Kenya. While I was planning the research, I realized that it’s the kind of work that would be hard enough in England, where we have good roads and phone numbers and addresses. Where we were headed, we didn’t know where people lived, we didn’t know their names, we didn’t have road access or electricity. Yet we still had to get our team out there to find 5,000 specific people and provide them the kind assessment they’d get in a UK hospital, while hauling £100,000 worth of equipment. I thought, “This is crazy. There’s got to be a better way of doing this.”

That’s when I got the idea to harness the power of my smartphone. What if I could condense the diagnostic and mapping tools I needed into something portable and easy to use? I started to work out what was possible from what already existed, and realized I could make it work. An amazing team got together and we started building the software and hardware.

We still did have all that equipment in Kenya, so we took the opportunity to test Peek against it. We’d examine patients in their homes using Peek, and then again in the clinic. So we’re able to really compare David versus Goliath, one against the other. Doing that proved to us we had a device that really worked.

The Peek Retina adapter attaches to the lens of a smartphone, allowing examination of the lens, retina, and optic nerve. Image: Peek

The Peek Retina adapter attaches to a smartphone, allowing examination of the lens, retina and optic nerve. Image: Courtesy of Peek

What does Peek give access to?

Peek does several things. First, the phone is charged by a solar battery to make sure that there’s always a power source. The health care worker uses Peek to record the patient’s personal details, their GPS coordinates and contact details for the local village guide, who then becomes the follow-up person if we need to arrange treatment.

Once all that’s recorded, the healthcare worker uses Peek to perform all the usual eye diagnostic tests using the app. We’ve developed it so that the health worker can test in any language — you don’t need to be able to read English. If the patient’s vision is low, we can then go on to a series of other tests, including using our Peek Retina adapter, the low-cost hardware that sits over the phone and allows us to take pictures inside the eye. We use Peek Retina to examine the lens for cataract, and the back of the eye for nerve disease and retinal disease.

You said in your talk that our retinas can tell us a lot about our health. What can we learn about our well-being from looking at our eyes?

A huge amount. The nerves — the yellow circle that you see as a prominent feature on the back of the eye — is a direct extension of the brain. Certain brain diseases can be picked up by looking at patterns on the nerve. You can see glaucoma by the way the nerve changes shape. And all sorts of diseases show up within the retina, from certain cancers of the intestines, to diabetes, high blood pressure, HIV and malaria. If you go through a medical textbook for pretty much any disease, it will have some kind of eye manifestation.

Sometimes, Peek allows untrained health care personnel to find unexpected things. Once one of our health care workers, who doesn’t have a medical background, detected a retinal detachment. Typically this can only be detected by an ophthalmologist, but he picked up that something that wasn’t right. That’s the great thing with Peek — you can share that information immediately, so that a remote expert can analyze any anomalies. Part of what we’re doing is making decisions in the field. Does this person need treatment, and is it treatment that requires them to travel?

Retinal imaging on the gold standard camera against which Peek is compared. Photo: Peek

Retinal imaging on the gold standard camera against which Peek is compared. Photo: Courtesy of Peek

Once you’ve diagnosed someone, how do you get people from where they are to a clinic for further treatment?

In Kenya, many hospitals receive generous funding to treat people, and so they send their vehicle to a village to pick up patients. The problem is that only a small number of people requiring treatment will have been detected. Now, with Peek, hospitals will more efficiently locate patients that need treatment, saving on petrol and time.

Tell us about the financial model of this campaign. On Indiegogo, you’re asking people to buy one and donate it to health care organizations. Could I buy one for myself if I wanted to?

There are two models. You can either buy one for yourself because you’re a general practitioner or an optician and you would find it useful. Or you just want to help us, in which case you can buy one to be donated to a partner health care organization.

How will you decide who to roll out to first?

Right now, we’re partnered with the International Agency for the Prevention of Blindness, the umbrella organization for all eye NGOs worldwide. One of the things we need to make sure of is that if the organizations we’re giving Peek to start detecting a lot more patients requiring care, they’ll be able to provide treatment. At this stage, those are the kind of groups we want to support. And really, phones are never going to cure blindness. But if we can support the people who do, that’s how we’ll make a big impact.

Peek with solar charging rucksack. Photo: Peek

Peek with solar charging rucksack. Photo: Courtesy of Peek

Will these organizations also train the workers who go out into villages and administer the tests?

Yes. It’s been designed so that training is absolutely minimal. Normally, looking inside the eye is something that can take people weeks or months to master. But with this, everyone we’ve given it to has been able to image inside the eye on their first attempt.

Do you think Peek will be in demand outside of developing countries as well?

There is demand for it within the UK. The potential benefit is that a GP will be able to perform a more comprehensive eye assessment than they would have previously, and will better equipped to make decisions about whether to send patients on for secondary treatment.

What’s your favorite story about using Peek in the field?

There was a lady who was known as Mama Patrick who had been blind for over 20 years. She lived in a very small traditional mud hut, and her son Patrick lived in the next one across so that she could shout to him when she needed help. One of our health care workers went and examined her using Peek, and identified her being blind from cataract. We saw her in our mobile clinic the next day, which was part of the study, and we verified the diagnosis. We arranged for her to have sight restored to one eye. When people are blind in both eyes, and there are limited resources, we treat one eye first. It’s better to give sight to 10 eyes of 10 people than to 10 eyes of five people.

Using the GPS location from the Peek exam, a bus came from St. Mary’s Hospital a couple of weeks later to pick her up. When she got to the hospital, she became very agitated. It can be quite scary if you’ve been blind for a long time and you know one environment, and suddenly you’re in an alien place with different voices. They decided to give her a bit of sedation to do the operation, which took only five minutes, and she fell asleep for most of the evening. The next morning, when we came back and her patch had been removed, it was a completely different scene. She was sitting up, animated and talking to some of her old friends.

But the most powerful bit was when we took her home. She almost didn’t recognize where she lived, although it was completely unchanged in the years that she’d been blind. And there’s was a man standing outside her house, just staring at her, looking really quite concerned. It took a while, but then suddenly she said, “Is that Patrick?” “Yeah, mom, it’s me.” At that point both of them broke down crying — and then she commented on how old he now looked. Everyone else started coming out to see what the commotion was, and everyone could see that she was walking. Suddenly this lady who had been completely hidden away was now walking around and commenting on how old everyone was. And everyone started celebrating. It was really lovely.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src=";rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Above, watch an introduction to Peek and its work.


TEDHow do you find stillness? We asked TED speakers—as well as you—and the conclusions were very surprising


We all lead lives that move 1,000 miles per minute. In his TED Book, The Art of Stillness, Pico Iyer posits a bold idea: that in our chaotic time, the greatest luxury is actually the ability to go nowhere and do nothing. To Iyer, it’s this time for quiet, inward, still reflection that snaps all of our experiences into focus.

This got us curious: how do members of the TED community find time for stillness and reflection? Turns out that people had very different answers.

“I hike,” said our curator Chris Anderson. “Water, pine trees, cliffs, meadows… doesn’t matter. All nature will do. Walk a little, dream a little.”

Brené Brown (watch her TED Talk on the power of vulnerability) has a similar approach. “One of the most important practices in my life is swimming. It’s exercise, meditation, and therapy in one. It’s quiet and I’m completely unavailable,” she said. “I also love photography. I know that I’m moving so fast that I blow past extraordinary beauty everyday. When I have my camera in my hand I slow way down and pay attention to small things.”

For Dilip Ratha (watch his TED Talk which stole our hearts at TEDGlobal), it’s listening to music. “Mostly Hindi and Odia songs from the days I was growing up in India,” he says. “These songs take me back to the days of hopes and dreams and poetry. I also listen to boleros from Latin America and Western songs with good lyrics. ‘Poetry and friendship are the two greatest sources of sweetness,’ says an ancient Sanskrit proverb.”

And for Kelly McGonigal (watch her TED Talk on making stress your friend), yoga and meditation help, but she has another strategy too. “People-watching,” she explains. “I like to go out to the park or walk down the street when people are opening up shops, and watch people engaging in rituals of caring for people or places or objects. The morning street cleaners with their brooms; people walking dogs; parents attending to their children’s busy hands in line at the coffee shop. I find it incredibly calming and inspiring. It’s a meditation I do everyday.”

And then there’s another camp of TED community members who simply aren’t that fond of stillness at all. Hans Rosling (who has given 10 TED Talks) says, “I don´t bring stillness to my life, because there will be plenty of time for stillness after death, when there is nothing else to do.”

Ben Goldacre (watch his TED Talk about bad science) agrees. “I fight stillness every step of the way,” he says. “I wash up wearing a bluetooth headset for podcasts. I read my phone in the bathroom. Before proper technology, I read books while walking down the street. I want more data, more facts, more fun, and more life.”

This got us curious: what do YOU think? So we asked you to take a poll to let us know how stillness fits into your life.

The majority of you say that finding time for stillness is a priority—53.87% of the 878 people who answered the question called it “very important” and 37.7% said that it was “important.”

“For me, stillness is the key to health,” one respondent wrote. “I have fibromyalgia, and I’ve found that meditation is the best thing for managing my daily pain and chronic symptoms.”

Others of you painted a direct correlation between finding time for stillness and accomplishment. “I’ve realised that greater productivity comes from moments of stillness,” one of you shared. And another: “The busier and more stressed I am, the more important even short moments of stillness become. For me stillness is the space from which everything starts to flow again.”

But a slim minority are with Rosling and Goldacre. 5.58% of you say that finding time for stillness is “not too important,” and 2.25% say that it is “not important at all.” One of you sums it up beautifully: “There is too much I want to experience.”

More than half of you take time for reflection on the regular—51.81% of 608 respondents said they take it daily and 33.88% says that they take it weekly. For you, nature is the ultimate relaxer: 19.02% of you prefer to find stillness while sitting outdoors or watching a sunset, and an additional 16.25% say that stillness is most easily found while hiking, canoeing or otherwise being active outdoors. 16.16% say meditation is your favored way to find stillness, and reading also got high marks for 14.06% of you.

Some of you noted truly tranquil things as helping you find stillness: “Staring at the sky on a starry night, reminded of how small I am.” “Walking and stopping to observe the colors of nature.” “Being by water, be it a lake, a sound or ocean.” “I always fit in a nice hot bath with a favorite beverage and good music, even if it’s just for fifteen minutes.”

But several of you shared that you say that you find stillness in moments that don’t sound relaxing at all. “I’ve found peace sitting in traffic. The experience might not be the same, but you still get some insight about yourself and the things that matter,” wrote one of you. Another of you shared, “Crossword puzzles. My mind meditates as I sink into nothingness.” And yet another: “Deep brooding techno music whilst walking through countryside or sitting down with eyes closed on public transport. There’s something hypnotic about the beat which helps my mind become still, if that doesn’t sound like a complete contradiction.”

As for technology, many of you are at least trying to find ways to disconnect. 49.71% of the 505 people who voted say that they take a “technology sabbath” on a regular basis. Another 24.95% try to, but say that it simply doesn’t work. And for 14% of you, the idea just holds little appeal.

So, what do you find to be the biggest obstacle when it comes to finding time to be still and reflect? 20.33% says it’s the nonstop nature of their work while 17.84% says it’s the fact that they have familial obligations when they have downtime. But 47.72% say that the biggest obstacle is actually within yourself—the fact that you just push yourself too hard.

“I realize it is something important I need to give myself,” one of you summed it up. “But it’s hard to stop moving.”

In the end, you say that it’s not so much about what you do to find stillness—but how you approach the search. “Sometimes you just have to breathe and look around you with vulnerable eyes,” wrote one of you. “It doesn’t matter where you are, the only thing that matters is if you have the right mindset.”

<noscript>Take Our Poll</noscript><script type="text/javascript"> (function(d,c,j){if(!d.getElementById(j)){var pd=d.createElement(c),s;;pd.src='';s=d.getElementsByTagName(c)[0];s.parentNode.insertBefore(pd,s);} else if(typeof jQuery !=='undefined')jQuery(d.body).trigger('pd-script-load');}(document,'script','pd-polldaddy-loader')); </script>

<noscript>Take Our Poll</noscript><script type="text/javascript"> (function(d,c,j){if(!d.getElementById(j)){var pd=d.createElement(c),s;;pd.src='';s=d.getElementsByTagName(c)[0];s.parentNode.insertBefore(pd,s);} else if(typeof jQuery !=='undefined')jQuery(d.body).trigger('pd-script-load');}(document,'script','pd-polldaddy-loader')); </script>

<noscript>Take Our Poll</noscript><script type="text/javascript"> (function(d,c,j){if(!d.getElementById(j)){var pd=d.createElement(c),s;;pd.src='';s=d.getElementsByTagName(c)[0];s.parentNode.insertBefore(pd,s);} else if(typeof jQuery !=='undefined')jQuery(d.body).trigger('pd-script-load');}(document,'script','pd-polldaddy-loader')); </script>

<noscript>Take Our Poll</noscript><script type="text/javascript"> (function(d,c,j){if(!d.getElementById(j)){var pd=d.createElement(c),s;;pd.src='';s=d.getElementsByTagName(c)[0];s.parentNode.insertBefore(pd,s);} else if(typeof jQuery !=='undefined')jQuery(d.body).trigger('pd-script-load');}(document,'script','pd-polldaddy-loader')); </script>

<noscript>Take Our Poll</noscript><script type="text/javascript"> (function(d,c,j){if(!d.getElementById(j)){var pd=d.createElement(c),s;;pd.src='';s=d.getElementsByTagName(c)[0];s.parentNode.insertBefore(pd,s);} else if(typeof jQuery !=='undefined')jQuery(d.body).trigger('pd-script-load');}(document,'script','pd-polldaddy-loader')); </script>


TEDThe 10 weirdest things that have happened in TED Talks

Many unusual things have happened on the TED stage over the years. Our incredible speakers have done everything from perform magic tricks to attempt to set themselves on fire, all in the name of spreading their ideas. Although far from a complete list, here are some of the weirdest TED moments that we still haven’t stopped puzzling over. To many more in 2015.


1. Hans Rosling: data genius and… sword swallower? He’s given 10 TED talks about global progress, so we thought we had seen everything Hans Rosling was capable of. But at TED 2007, we learned that Rosling had a few tricks left up his sleeve. In this talk, he presented new data about developing nations with his usual enthusiasm and awesome graphics … but then things took a turn. At the 17-minute mark, Rosling unbuttoned his shirt to reveal a sequined tank top. He said to an off-stage assistant, “Bring me my sword!” To prove that the seemingly impossible is indeed possible, Rosling swallowed the solid steel bayonet. And we’ll never think about global development in the same way again.


2. This is what happens when you donate your brain to scienceNeuroanatomist Jill Bolte Taylor’s talk is stunning for many reasons—her story of what it was like to experience a massive stroke will make your heart stop. But she makes this list for her very notable prop choice. At 2:30, Taylor holds up an actual human brain, its still-attached spinal cord swinging merrily below. As she shows how it is positioned in the human body, she firmly makes the point that our amazing minds are also, and at the same time, kind of a blob of gray goo.


3. The story of a man and his dead duckOrnithologist Kees Moeliker won the Ig Nobel prize for inspiring future generations of scientists with a strange but serious paper about the mallard’s inclination toward homosexual necrophilia. During his talk at TED2013, Moeliker shared the odd story behind his research… and handed an audience member the stuffed dead duck that inspired it. Before leaving the stage, he politely asked for the duck back, as it is technically a museum specimen.


4. Elizabeth Pisani makes like a condom dispenserPeople in the front row during Pisani’s talk at TED2010 got some sweet freebies: the public health advocate threw a handful of condoms into the audience. As she criticized Pope Benedict’s discouragement of contraception use in nations struggling to slow the spread of HIV, she said, “I’ve got news for you, Benedict. I carry condoms all the time and I never get laid!” She then pulled a wad of the prophylactics out of her pocket and tossed them with flair. “Here, maybe you’ll have better luck.”


5. Mark Ronson remixes TED Talks. At TED2014, Ronson sampled clips from a bunch of TED Talks into a bizarre and catchy remix. He showed how sampling helps  musicians make something new out of a piece of media they love—injecting new layers into a story already in progress—and extended this concept to his favorite talks. “Sir Ken Robinson and I are not going to end up being the best of friends,” Ronson said regretfully, “but through the tools available to me… I can sort of bully our existences into a shared event.”


6. Eric Mead impales himself on stage… maybe? We know that magician Eric Mead did not actually stab himself in the arm with a hat pin—his talk was about the placebo effect and how people can believe anything if it seems real enough. But the blood dripping down his arm at the 8-minute mark of this talk looked pretty darn convincing. Be warned: this talk is not for the faint of heart.


7. Jae Rhim Lee redefines funeral fashion. Some TED speakers are known for dramatic wardrobe choices. But TED Fellow Jae Rhim Lee’s mushroom burial suit is perhaps the strangest ensemble to grace the TED stage. Covered with mushroom spores, the hooded black cloth suit encourages environmentally friendly decomposition of the human body after death. She lovingly refers to the suit as her “ninja pajamas.”


8. A TED Talk extends to The New York Times crossword puzzleDavid Kwong is a magician as well as a crossword puzzle constructor—but when he started his talk, we didn’t see his crazy trick coming. At the 4-minute mark, Kwong pulled a volunteer out of the audience and asked her to color in some farm animal cartoons. At 9:20, he revealed that he had correctly predicted which colors she would choose for which animal … and baked the answers into that day’s edition of The New York Times crossword. Never has hearing “But wait, there’s more!” been so satisfying. (And hear why Will Shortz decided to participate in this trick.)


9. Bart Knols gives his talk… in his underwear. What’s more annoying than a mosquito bugging you while you’re in bed? To remind us of this, malariologist Bart Knols started his TEDx talk from a bed onstage. He emerged from under the covers to share the details of his research on the spread of malaria … aaaand he never stopped to put on pants. Also notable: watching hundreds of mosquitoes feed on his arm in a metal box on stage, at the 8:09 mark.



10. This is what happens when your slides won’t load . Colin Robertson took the stage at TED2012 to plug his tech start-up in the field of solar technology, or so the audience thought. But when his slides froze, the next three minutes turned into colorful pandemonium — as Improv Everywhere pounced onstage in rainbow morph suits to produce a dancing tribute to the spinning wheel of doom.

Planet DebianGregor Herrmann: GDAC 2014/19

yesterday I learned that I can go to FOSDEM in early 2015 because a conflicting event was cancelled. that makes me happy because FOSDEM is great for seeing other debian folks, & especially for meeting friends.

this posting is part of GDAC (gregoa's debian advent calendar), a project to show the bright side of debian & why it's fun for me to contribute.

Krebs on SecurityFBI: North Korea to Blame for Sony Hack

The FBI today said it has determined that the North Korean government is responsible for the devastating recent hack attack against Sony Pictures Entertainment. Here’s a brief look the FBI’s statement, what experts are learning about North Korea’s cyberattack capabilities, and what this incident means for other corporations going forward.

In a statement released early Friday afternoon, the FBI said that its investigation — along with information shared by Sony and other U.S. government departments and agencies — found that the North Korean government was responsible.

The FBI said it couldn’t disclose all of its sources and methods, but that the conclusion was based, in part, on the following:

-“Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.”

-“The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.”

-“Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.”

The agency added that it was “deeply concerned” about the destructive nature of this attack on a private sector entity and the ordinary citizens who work there, and that the FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential information.

“Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States,” the FBI said. “Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.”

SPE was hit with a strain of malware designed to wipe all computer hard drives within the company’s network. The attackers then began releasing huge troves of sensitive SPE internal documents, and, more recently, started threatening physical violence against anyone who viewed the Sony movie “The Interview,” a comedy that involves a plot to assassinate North Korean leader Kim Jong Un. Not long after a number of top movie theater chains said they would not show the film, Sony announced that it would cancel the movie’s theatrical release.

Apparently emboldened by Sony’s capitulation, the attackers are now making even more demands. According to CNN, Sony executives on Thursday received an email apparently from the attackers said they would no longer release additional stolen Sony Pictures data if the company announced that it would also cancel any plans to release the movie on DVD, Netflix or elsewhere. The attackers also reportedly demanded that any teasers and trailers about The Interview online be removed from the Internet.


Little is publicly known about North Korea’s cyber warfare and hacking capabilities, but experts say North Korean leaders view cyber warfare capabilities as an important asymmetric asset in the face of its perceived enemies — the United States and South Korea. An in-depth report (PDF) released earlier this year by HP Security Research notes that in November 2013, North Korea’s “dear leader” Kim Jong Un referred to cyber warfare capabilities as a “magic weapon” in conjunction with nuclear weapons and missiles.

“Although North Korea’s limited online presence makes a thorough analysis of their cyber warfare capabilities a difficult task, it must be noted that what is known of those capabilities closely mirrors their kinetic warfare tactics,” HP notes. “Cyber warfare is simply the modern chapter in North Korea’s long history of asymmetrical warfare. North Korea has used various unconventional tactics in the past, such as guerilla warfare, strategic use of terrain, and psychological operations. The regime also aspires to create viable nuclear weapons.”

Sources familiar with the investigation tell KrebsOnSecurity that the investigators believe there may have been as many as several dozen individuals involved in the attack, the bulk of whom hail from North Korea. Nearly a dozen of them are believed to reside in Japan.

Headquarters of the Chongryon in Japan.

Headquarters of the Chongryon in Japan.

According to HP, a group of ethnic North Koreans residing in Japan known as the Chongryon are critical to North Korea’s cyber and intelligence programs, and help generate hard currency for the regime. The report quotes Japanese intelligence officials stating that “the Chongryon are vital to North Korea’s military budget, raising funds via weapons trafficking, drug trafficking, and other black market activities.” HP today published much more detail about specific North Korean hacking groups that may have played a key role in the Sony incident given previous such attacks.

While the United States government seems convinced by technical analysis and intelligence sources that the North Koreans were behind the attack, skeptics could be forgiven for having doubts about this conclusion. It is interesting to note that the attackers initially made no mention of The Interview, and instead demanded payment from Sony to forestall the release of sensitive corporate data. It wasn’t until well after the news media pounced on the idea that the attack was in apparent retribution for The Interview that we saw the attackers begin to mention the Sony movie.

In any case, it’s unlikely that U.S. officials relish the conclusion that North Korea is the aggressor in this attack, because it forces the government to respond in some way and few of the options are particularly palatable. The top story on the front page of the The Wall Street Journal today is an examination of what the U.S. response to this incident might look like, and it seems that few of the options on the table are appealing to policymakers and intelligence agencies alike.

The WSJ story notes that North Korea’s only connections to the Internet run through China, but that pressuring China to sever or severely restrict those connections is unlikely to work.

Likewise, engaging in a counter-attack could prove fruitless, or even backfire, the Journal observed, “in part because the U.S. is able to spy on North Korea by maintaining a foothold on some of its computer systems. A retaliatory cyberstrike could wind up damaging Washington’s ability to spy on Pyongyang…Another former U.S. official said policy makers remain squeamish about deploying cyberweapons against foreign targets.”


If this incident isn’t a giant wake-up call for U.S. corporations to get serious about cybersecurity, I don’t know what is. I’ve done more than two dozen speaking engagements around the world this year, and one point I always try to drive home is that far too few organizations recognize how much they have riding on their technology and IT operations until it is too late. The message is that if the security breaks down, the technology stops working — and if that happens the business can quickly grind to a halt. But you would be hard-pressed to witness signs that most organizations have heard and internalized that message, based on their investments in cybersecurity relative to their overall reliance on it.

A critical step that many organizations fail to take is keeping a basic but comprehensive and ongoing inventory of all the organization’s IT assets. Identifying where the most sensitive and mission-critical data resides (identifying the organization’s “crown jewels”) is another essential exercise, but too many organizations fail to take the critical step of encrypting this vital information.

Over the past several years, we’ve seen a remarkable shift toward more destructive attacks. Most organizations are accustomed to tackling malware infestations within their IT environments, but few are prepared to handle fast-moving threats designed to completely wipe data from storage drives across the network.

As I note in my book Spam Nation, miscreants who were once content to steal banking information and blast out unsolicited commercial email increasingly are using their skills to hold data for ransom using malware tools such as ransomware. I’m afraid that as these attackers become better at situational awareness — that is, gaining a better understanding of who their victims are and the value of the assets the intruders have under their control — these attacks and ransom demands will become more aggressive and costly in the months ahead.

CryptogramLessons from the Sony Hack

Earlier this month, a mysterious group that calls itself Guardians of Peace hacked into Sony Pictures Entertainment's computer systems and began revealing many of the Hollywood studio's best-kept secrets, from details about unreleased movies to embarrassing emails (notably some racist notes from Sony bigwigs about President Barack Obama's presumed movie-watching preferences) to the personnel data of employees, including salaries and performance reviews. The Federal Bureau of Investigation now says it has evidence that North Korea was behind the attack, and Sony Pictures pulled its planned release of "The Interview," a satire targeting that country's dictator, after the hackers made some ridiculous threats about terrorist violence.

Your reaction to the massive hacking of such a prominent company will depend on whether you're fluent in information-technology security. If you're not, you're probably wondering how in the world this could happen. If you are, you're aware that this could happen to any company (though it is still amazing that Sony made it so easy).

To understand any given episode of hacking, you need to understand who your adversary is. I've spent decades dealing with Internet hackers (as I do now at my current firm), and I've learned to separate opportunistic attacks from targeted ones.

You can characterize attackers along two axes: skill and focus. Most attacks are low-skill and low-focus -- people using common hacking tools against thousands of networks world-wide. These low-end attacks include sending spam out to millions of email addresses, hoping that someone will fall for it and click on a poisoned link. I think of them as the background radiation of the Internet.

High-skill, low-focus attacks are more serious. These include the more sophisticated attacks using newly discovered "zero-day" vulnerabilities in software, systems and networks. This is the sort of attack that affected Target, J.P. Morgan Chase and most of the other commercial networks that you've heard about in the past year or so.

But even scarier are the high-skill, high-focus attacks­ -- the type that hit Sony. This includes sophisticated attacks seemingly run by national intelligence agencies, using such spying tools as Regin and Flame, which many in the IT world suspect were created by the U.S.; Turla, a piece of malware that many blame on the Russian government; and a huge snooping effort called GhostNet, which spied on the Dalai Lama and Asian governments, leading many of my colleagues to blame China. (We're mostly guessing about the origins of these attacks; governments refuse to comment on such issues.) China has also been accused of trying to hack into the New York Times in 2010, and in May, Attorney General Eric Holder announced the indictment of five Chinese military officials for cyberattacks against U.S. corporations.

This category also includes private actors, including the hacker group known as Anonymous, which mounted a Sony-style attack against the Internet-security firm HBGary Federal, and the unknown hackers who stole racy celebrity photos from Apple's iCloud and posted them. If you've heard the IT-security buzz phrase "advanced persistent threat," this is it.

There is a key difference among these kinds of hacking. In the first two categories, the attacker is an opportunist. The hackers who penetrated Home Depot's networks didn't seem to care much about Home Depot; they just wanted a large database of credit-card numbers. Any large retailer would do.

But a skilled, determined attacker wants to attack a specific victim. The reasons may be political: to hurt a government or leader enmeshed in a geopolitical battle. Or ethical: to punish an industry that the hacker abhors, like big oil or big pharma. Or maybe the victim is just a company that hackers love to hate. (Sony falls into this category: It has been infuriating hackers since 2005, when the company put malicious software on its CDs in a failed attempt to prevent copying.)

Low-focus attacks are easier to defend against: If Home Depot's systems had been better protected, the hackers would have just moved on to an easier target. With attackers who are highly skilled and highly focused, however, what matters is whether a targeted company's security is superior to the attacker's skills, not just to the security measures of other companies. Often, it isn't. We're much better at such relative security than we are at absolute security.

That is why security experts aren't surprised by the Sony story. We know people who do penetration testing for a living -- real, no-holds-barred attacks that mimic a full-on assault by a dogged, expert attacker -- and we know that the expert always gets in. Against a sufficiently skilled, funded and motivated attacker, all networks are vulnerable. But good security makes many kinds of attack harder, costlier and riskier. Against attackers who aren't sufficiently skilled, good security may protect you completely.

It is hard to put a dollar value on security that is strong enough to assure you that your embarrassing emails and personnel information won't end up posted online somewhere, but Sony clearly failed here. Its security turned out to be subpar. They didn't have to leave so much information exposed. And they didn't have to be so slow detecting the breach, giving the attackers free rein to wander about and take so much stuff.

For those worried that what happened to Sony could happen to you, I have two pieces of advice. The first is for organizations: take this stuff seriously. Security is a combination of protection, detection and response. You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.

The time to start is before the attack hits: Sony would have fared much better if its executives simply hadn't made racist jokes about Mr. Obama or insulted its stars -- or if their response systems had been agile enough to kick the hackers out before they grabbed everything.

My second piece of advice is for individuals. The worst invasion of privacy from the Sony hack didn't happen to the executives or the stars; it happened to the blameless random employees who were just using their company's email system. Because of that, they've had their most personal conversations -- gossip, medical conditions, love lives -- exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now.

This could be any of us. We have no choice but to entrust companies with our intimate conversations: on email, on Facebook, by text and so on. We have no choice but to entrust the retailers that we use with our financial details. And we have little choice but to use cloud services such as iCloud and Google Docs.

So be smart: Understand the risks. Know that your data are vulnerable. Opt out when you can. And agitate for government intervention to ensure that organizations protect your data as well as you would. Like many areas of our hyper-technical world, this isn't something markets can fix.

This essay previously appeared on the Wall Street Journal CIO Journal.

Planet DebianRichard Hartmann: Release Critical Bug report for Week 51

Real life has been interesting as of late; as you can see, I didn't post bug stats last week. If you have specific data from last Friday, please let me know and I will update.

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1095 (Including 179 bugs affecting key packages)
    • Affecting Jessie: 189 (key packages: 117) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 134 (key packages: 90) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 32 bugs are tagged 'patch'. (key packages: 24) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 13 bugs are marked as done, but still affect unstable. (key packages: 9) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 89 bugs are neither tagged patch, nor marked done. (key packages: 57) Help make a first step towards resolution!
      • Affecting Jessie only: 55 (key packages: 27) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 29 bugs are in packages that are unblocked by the release team. (key packages: 11)
        • 26 bugs are in packages that are not unblocked. (key packages: 16)

How do we compare to the Squeeze release cycle?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99)
1 93 (60+33) 287 (171+116)
2 82 (46+36) 271 (162+109)
3 25 (15+10) 249 (165+84)
4 14 (8+6) 244 (176+68)
5 2 (0+2) 224 (132+92)
6 release! 212 (129+83)
7 release+1 194 (128+66)
8 release+2 206 (144+62)
9 release+3 174 (105+69)
10 release+4 120 (72+48)
11 release+5 115 (74+41)
12 release+6 93 (47+46)
13 release+7 50 (24+26)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

Chaotic IdealismAfter the Happy Ending

This entry contains spoilers for Disney's Tangled.

So what happens to Rapunzel after she gets her happy ending? She's out of the tower where she's spent her whole life. Mother Gothel is long-overdue dead and dusted. She finally gets to meet people. She gets to have her birth family. She finds out she's royalty. The guy she loves just proved how much he loved her. What could be better? Roll credits.... right?

But things aren't so rosy for the princess, are they? She's a sheltered child who's just been thrust into the monarchy. Her entire life, she's had parenting based around guilt and fear from a foster mother nearly as isolated as she was. Oh, sure, she's charismatic enough to talk an inn full of rogues into not killing her escort, but is she going to survive being the "lost princess" that everyone longed for? She's lost her specialness; the hair that heals people has been cut. Sure, her boyfriend cut it off to keep Mother Gothel from taking her away and, presumably, keeping her captive for the rest of her life; it's not like she was going to be able to heal anyone with it to begin with. But she still has to live with the fact that she's no longer a special, magical creature; she can't solve the pain of the world by wrapping it with her hair and singing a song. For Rapunzel, the world suddenly got a lot more complicated--and all the skills she learned to deal with her captivity are suddenly useless.

What now?

I couldn't help thinking about how very much this story is like my own, and like that of many people who have survived trying times. I survived an abusive childhood, a stint in a cult, two hospitalizations; I've been expelled from school, fired from my job, and been without a home to call my own. I too had a childhood built around guilt and fear, and I too have lost my specialness, which for me came from being a precocious, gifted child, now that I'm a thirty-one-year-old still trying to get a college degree. And even though I'm free now, with a new haircut, all the skills I learned growing up were skills that help a person survive captivity.

I took it for granted that I wouldn't be allowed to make my own decisions. Now that I'm free, I don't know how. I thought of "fun" only as something you snuck when your keepers weren't looking; now that I'm free, I can't enjoy myself without guilt. What I ate, when I slept, when I did chores, were all prescribed for me; now that I'm free, it's a full-time job just to remember to do all of those things. I learned how to pretend I wasn't disabled; now I don't know how to use the help I'm finally getting. I escaped bitterness as I learned how to care about others, but I never learned how to care about myself. I survived captivity, but can I survive freedom?

This happens to a lot of people--people who come out of institutions, out of prison, out of cults; people who get out of poverty or grow out of an abusive childhood. When you're trying to help people in captivity, it's not enough to just get them out of their respective jails. To really become free, a person has to learn how to live in freedom. It's a difficult lesson, one I haven't yet fully learned.

RacialiciousJanet Mock and Maria Teresa Kumar Launch MSNBC Shows

Following in the footsteps of trailblazer Melissa Harris Perry, two more braincrushes just launched shows on MSNBC’s Shift streaming media brand.

Maria Teresa Kumar, co-founder of Voto Latino with Rosario Dawson, is now anchoring “Changing America.

<iframe border="no" height="500" scrolling="no" src="" width="635"></iframe>

And Janet Mock, the queen of Redefining Realness, is set to launch her progressive pop culture show this week. We will update here when the clip is available.


The post Janet Mock and Maria Teresa Kumar Launch MSNBC Shows appeared first on Racialicious - the intersection of race and pop culture.

Cory DoctorowLISTEN: Wil Wheaton reads “Information Doesn’t Want to Be Free”

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="30" mozallowfullscreen="true" src="" webkitallowfullscreen="true" width="500"></iframe>

I've posted the first chapter (MP3) of Wil Wheaton's reading of my book Information Doesn't Want to Be Free (which sports introductions by Neil Gaiman and Amanda Palmer!), which is available as a $15 DRM-free audiobook, sweetened by samples from Amanda Palmer and Dresden Dolls' "Coin-Operated Boy."

In sharply argued, fast-moving chapters, Cory Doctorow’s Information Doesn’t Want to Be Free takes on the state of copyright and creative success in the digital age. Can small artists still thrive in the Internet era? Can giant record labels avoid alienating their audiences? This is a book about the pitfalls and the opportunities that creative industries (and individuals) are confronting today — about how the old models have failed or found new footing, and about what might soon replace them. An essential read for anyone with a stake in the future of the arts, Information Doesn’t Want to Be Free offers a vivid guide to the ways creativity and the Internet interact today, and to what might be coming next.

DRM-free audiobook

Sociological ImagesSexy Women as Food: A Collection

Flashback Friday.

In her now-classic books The Sexual Politics of Meat and The Pornography of Meat, Carol Adams analyzes similarities in the presentation of meat products (or the animals they come from) and women’s bodies.

She particularly draws attention to sexualized fragmentation — the presentation of body parts of animals in ways similar to sexualized poses of women — and what she terms “anthropornography,” or connecting the eating of animals to the sex industry. For an example of anthropornography, Adams presents this “turkey hooker” cooking utensil:

Adams also discusses the conflation of meat/animals and women–while women are often treated as “pieces of meat,” meat products are often posed in sexualized ways or in clothing associated with women. The next eleven images come from Adams’s website:

For a more in-depth, theoretical discussion of the connections between patriarchy, gender inequality, and literal consumption of meat and symbolic consumption of women, we highly encourage you to check out Adams’s website.

This type of imagery has by no means disappeared, so we’ve amassed quite a collection of our own here at Sociological Images.

IndianFeminist sent in this example from India for a Mango flavored drink called Slice. “The brand ambassador,” our reader writes, “is Katrina Kaif, undoubtedly India’s most popular actress.” The ad puts her inside the bottle and merges her with the liquid, then offers her as a date.

3 17_27 Banner

An ad I found for I Can’t Believe It’s Not Butter turns Spraychel into a female politician:

Blanca pointed us to Skinny Cow ice cream, which uses this sexualized image of a cow (who also has a measuring tape around her waist to emphasize that she’s skinny):

For reasons I cannot comprehend, there are Skinny Cow scrapbooking events.

Mustard and ketchup make up a “sexy” woman (from Las Vegas Living):

Are you hungry for some lovin’, er, lunchin’? Do you have an all-American appetite for chick(en)s? Or are you secretly ravenous for pig? We think we might have just the thing to satisfy your lust for breast, thigh, and rump:

(These ads were designed by a marketing firm in Thailand. Found via copyranter.)

Denia sent in this image of “Frankfurters” with sexy ladies on them. The text says “Undress me!” in Czech.

Finally, Teresa C. of Moment of Choice brought our attention to Lavazza coffee company’s 2009 calendar, shot by Annie Liebowitz (originally found in the Telegraph):

And this, of course:

Spanish-language ads for Doritos (here, via Copyranter):



Amanda C. sent in this sign seen at Taste of Chicago:


Dmitiriy T.M. sent us this perplexing Hardee’s French Dip “commercial.”  It’s basically three minutes of models pretending like dressing up as French maids for Hardees and pouting at the camera while holding a sandwich is a good gig:
<object codebase=",0,40,0" height="344" width="425"><param name="allowFullScreen" value="true"/><param name="allowscriptaccess" value="always"/><param name="src" value=";hl=en&amp;fs=1&amp;"/><param name="allowfullscreen" value="true"/><embed allowfullscreen="true" allowscriptaccess="always" height="344" src=";hl=en&amp;fs=1&amp;" type="application/x-shockwave-flash" width="425"></object>

Dmitriy also sent us this photo of Sweet Taters in New Orleans:


Jacqueline R. sent in this commercial for Birds Eye salmon fish sticks:

<object codebase=",0,40,0" height="340" width="560"><param name="allowFullScreen" value="true"/><param name="allowscriptaccess" value="always"/><param name="src" value=";hl=en&amp;fs=1&amp;"/><param name="allowfullscreen" value="true"/><embed allowfullscreen="true" allowscriptaccess="always" height="340" src=";hl=en&amp;fs=1&amp;" type="application/x-shockwave-flash" width="560"></object>

Crystal J. pointed out that a Vegas restaurant is using these images from the 1968 No More Miss America protest in advertisements currently running in the UNLV campus newspaper, the Rebel Yell. Here’s a photo from the protest:


And here’s the ad:

RY grind burger

Edward S. drew our attention to this doozy:

<object codebase=",0,40,0" height="344" width="425"><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><param name="src" value=";color1=0xb1b1b1&amp;color2=0xcfcfcf&amp;hl=en_US&amp;feature=player_embedded&amp;fs=1"/><param name="allowfullscreen" value="true"/><embed allowfullscreen="true" allowscriptaccess="always" height="344" src=";color1=0xb1b1b1&amp;color2=0xcfcfcf&amp;hl=en_US&amp;feature=player_embedded&amp;fs=1" type="application/x-shockwave-flash" width="425"></object>

Dmitriy T.M. sent us this example from Louisiana:

Haven’t had enough?  See this post, this post, and this post, too.

Originally posted in 2008.

Gwen Sharp is an associate professor of sociology at Nevada State College. You can follow her on Twitter at @gwensharpnv.

(View original at

Planet DebianSteve Kemp: Switched to using attic for backups

Even though seeing the word attic reminds me too much of leaking roofs and CVS, I've switched to using the attic backup tool.

I want a simple system which will take incremental backups, perform duplication-elimination (to avoid taking too much space), support encryption, and be fast.

I stopped using backup2l because the .tar.gz files were too annoying, and it was too slow. I started using obnam because I respect Lars and his exceptionally thorough testing-regime, but had to stop using it when things started getting "too slow".

I'll document the usage/installation in the future. For the moment the only annoyance is that it is contained in the Jessie archive, not the Wheezy one. Right now only 2/19 of my hosts are Jessie.

CryptogramSS7 Vulnerabilities

There are security vulnerability in the phone-call routing protocol called SS7.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes -- such as keeping calls connected as users speed down highways, switching from cell tower to cell tower -- that hackers can repurpose for surveillance because of the lax security on the network.

Those skilled at the myriad functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption. There also is potential to defraud users and cellular carriers by using SS7 functions, the researchers say.

Some details:

The German researchers found two distinct ways to eavesdrop on calls using SS7 technology. In the first, commands sent over SS7 could be used to hijack a cell phone's "forwarding" function -- a service offered by many carriers. Hackers would redirect calls to themselves, for listening or recording, and then onward to the intended recipient of a call. Once that system was in place, the hackers could eavesdrop on all incoming and outgoing calls indefinitely, from anywhere in the world.

The second technique requires physical proximity but could be deployed on a much wider scale. Hackers would use radio antennas to collect all the calls and texts passing through the airwaves in an area. For calls or texts transmitted using strong encryption, such as is commonly used for advanced 3G connections, hackers could request through SS7 that each caller's carrier release a temporary encryption key to unlock the communication after it has been recorded.

We'll learn more when the researchers present their results.

Planet Linux AustraliaAndrew Pollock: [life] Day 323: Another day of laying low and far too much TV watching

I started the day off with my last yoga class of the year. It was a really nice one.

Zoe still had a bit of a low-grade fever when Sarah dropped her off, but her spots didn't look any worse.

We watched Frosty the Snowman on Netflix, and then had some lunch and popped out to the library to refresh Zoe's library books. After we got home, we watched The Polar Express on QuickFlix.

Zoe then took another longish nap.

After she woke up, she watched a DVD from the library for a bit.

Sarah arrived to pick up Zoe just before the latest storm of the season was about the hit, so they made a hasty departure.

Planet DebianPetter Reinholdtsen: Of course USA loses in cyber war - NSA and friends made sure it would happen

So, Sony caved in (according to Rob Lowe) and demonstrated that America lost its first cyberwar (according to Newt Gingrich). It should not surprise anyone, after the whistle blower Edward Snowden documented that the government of USA and their allies for many years have done their best to make sure the technology used by its citizens is filled with security holes allowing the secret services to spy on its own population. No one in their right minds could believe that the ability to snoop on the people all over the globe could only be used by the personnel authorized to do so by the president of the United States of America. If the capabilities are there, they will be used by friend and foe alike, and now they are being used to bring Sony on its knees.

I doubt it will a lesson learned, and expect USA to lose its next cyber war too, given how eager the western intelligence communities (and probably the non-western too, but it is less in the news) seem to be to continue its current dragnet surveillance practice.

There is a reason why China and others are trying to move away from Windows to Linux and other alternatives, and it is not to avoid sending its hard earned dollars to Cayman Islands (or whatever tax haven Microsoft is using these days to collect the majority of its income. :)

Planet DebianPetter Reinholdtsen: Of course USA looses in cyber war - NSA and friends made sure it would happen

So, Sony caved in (according to Rob Lowe) and demonstrated that America lost its first cyberwar (according to Newt Gingrich). It should not surprise anyone, after the whistle blower Edward Snowden documented that the government of USA and their allies for many years have done their best to make sure the technology used by its citizens is filled with security holes allowing the secret services to spy on its own population. No one in their right minds could believe that the ability to snoop on the people all over the globe could only be used by the personnel authorized to do so by the president of the United States of America. If the capabilities are there, they will be used by friend and foe alike, and now they are being used to bring Sony on its knees.

I doubt it will a lesson learned, and expect USA to loose its next cyber war too, given how eager the western intelligence communities (and probably the non-western too, but it is less in the news) seem to be to continue its current dragnet surveillance practice.

There is a reason why China and others are trying to move away from Windows to Linux and other alternatives, and it is not to avoid sending its hard earned dollars to Cayman Islands (or whatever tax haven Microsoft is using these days to collect the majority of its income. :)

Planet Linux AustraliaDavid Rowe: GMSK Modem Simulation

Modems are an interface between theoretical physics and what can actually be built. The laws of physics set the limits of modem performance, and ultimately the amount of power you need for a certain bit error rate at a receiver. With the right algorithm, we can reach the limits of modem performance.

I think that’s kind of cool. There aren’t many fields where we can do the best the Universe can offer with 20th century technology. For example an internal combustion powered car is only about 15% efficient in converting chemical energy into motion. Solar cells on your roof are also about 15% efficient. We can’t do practical nuclear fusion. But 6 billion GSM mobile phones have a modem that is 100% efficient in converting received radio energy into bits. Unless you are my 16 year old son and keeping forgetting to charge it.

GMSK Demodulators

This week I’ve been getting my head around GSM modems, and have worked up an Octave simulation of a couple of GMSK modems called gmsk.m. I started with this commonly used, non-coherent algorithm for GSM demodulation:

It has the advantage of being compatible with data-port capable legacy FM radios. However the best I can do in my simulations is 4.5dB away from theoretical. So I went looking for a better (hopefully close to ideal) demodulator. After some reading about MSK and GMSK and several days of confusion I eventually managed to make this “coherent” demodulator work (from the 1981 Murota paper listed below):

The adders on the RHS operate on bits and are implemented as XORs. I don’t fully understand the processing steps, especially the XORs at the end. It’s derived from an interpretation of MSK as a form of Offset QPSK, and mysteriously the inphase and quadrature arms operate at half the bit rate. But it works really well, so that’s enough for now.

The term “coherent” means we know the phase and frequency of the received signal. Coherent PSK and FSK modems have ideal performance, and often have matched filter and “integrate and dump” stages. The integrator can be seen as summing all of the energy in the bit, that’s the “Eb” part in Eb/No.

Here are the performance curves for the two modems on Eb/No and C/No:

The non-coherent modem is a leaving a lot of bits on the floor. I also note my coherent demod outperforms the laws of physics at high Eb/No. I think I’ll build a warp drive next.

These simulations are some distance from a practical modem. The coherent demod needs clock and phase recovery and a lot of real word testing. However this is all quite possible (it’s in every mobile phone) and I’ve worked through similar steps for the HF FDMDV modem.

The non-coherent modem starts to perform (a BER of less than 1E-2) at a C/No of around 50dB. Curiously, this is where analog FM modulators start to get happy, from the recent post on FSK over FM:

So the non-coherent demod is a nice match to legacy FM radios. I’m not sure if analog FM demodulators would be effective at lower C/Nos, even when teamed with the coherent demod. So I’m not convinced it’s possible to retrofit the coherent demod to existing FM radios, but it’s certainly realisable with a $20 SDR dongle.

GMSK Demod Walk Through

This section has some screen shots of the two demodulators in action. First, here is (one half) of the GMSK signal spectrum:

The lower plot is the cumulative power, and 99% of the power is at the 2460 Hz point, making 4920 Hz bandwidth total. This gives a BW/Rs ratio of 1.02, close to the 1.04 expected for BT=0.5 GMSK at Rs=4800Hz. Nice.

Here is the “eye diagram” of the non-coherent demod:

This explains why the non coherent demod struggles. The low pass filter introduces significant inter-symbol interference. One symbol affects the next one as the LPF smears the symbols into each other. The eye is quiet narrow, even with no noise. A modest amount of noise can close the eye and we get bit errors. We can’t widen the filter as it will let more noise power in.

Here is the filter and integrator outputs from the coherent demod, one plot for the cos (real) and sin (imaginary) arms, with no channel noise:

Here are the integrator outputs with an Eb/No of 8dB:

It’s almost the same! Quite a lot of noise hardly bothers it, the BER is about 1E-3 (1 in 1 thousand)!

Ideas for VHF FreeDV

Now Codec 2 at 1200 bit/s sounds OK at an error rate of 1% (1E-2). Reading off the curves that’s a C/No of 42.5dBHz at 4800 bit/s or 42.5 – 10log10(4800/1200) = 36.5dBHz at 1200 bit/s. We need about 47dBHz for a 12dB SNR (ie scratchy) analog FM copy, or 50dBHz for a good FM copy. So that makes a proposed 1200 bit/s Codec 2 system 10dB ahead of analog FM. I can currently work the local repeater on 500mW with my $50 FM HT, so this proposed system could do it on 50mW. Cool.

Hard to say if people will actually like using Codec 2 over VHF. Quality expectations are different to HF SSB, and people are used to high SNR FM. If most FM signals are strong the extra low level performance of a new digital mode may not be useful.

However if speech quality is king with all that system gain we could user higher quality speech codecs at a higher bit rate. If we have a good C/No would can increase the bit rate and hence speech quality, push against the “digital ceiling” in speech quality. One disadvantage of GMSK is that we can’t scale the bit rate in high C/No channels without making the RF bandwidth wider. mPSK is better at this, we can raise the number of bits/symbol and get a greater data throughput in the same RF bandwidth.

The extra system gain allows us to to explore other options. For example two channel TDMA would let us build diplexer free repeaters. This would require running the modem at 2400 bit/s, to get an average of 1200 bit/s. The hardware complexity would be similar to a $50 HT. A 1 watt TDMA repeater based on SDR could be built for $100, and do all sorts of clever things like form mesh networks with adjacent repeaters. Sprinkle them about hill tops in a humanitarian disaster situation, they could be treated as disposable.

I do think a new VHF DV mode must have some significant advantages to gain traction. Here are my current ideas:

  1. An entry level implementation using freely downloadable software that runs on a PC, a sound card, and legacy FM radios through the mic/spkr ports. People get frustrated when told to upgrade all of their radio hardware to one particular brand to use DV.
  2. Be an open standard, with a high performance open source implementation. No annoying closed source components, license fees, and encouraging rather than prohibiting experimentation.
  3. Outperform legacy analog and digital modes.
  4. Diplexor less, trivially simple repeaters.
  5. Variable speech quality levels.

GMSK Modem Resources

Here is a good treatment of various Digital Modulation schemes from Atlanta RF. The Dsplog site has a good explanation and Octave simulation of MSK that helped me get my head around coherent (G)MSK demodulators. I implemented the demodulator from the 1981 IEEE Trans paper “GSM Modulation for Digital Radio Telephony” from Murota and friends. I think this paper originally proposed using GMSK for digital mobile phones.

Worse Than FailureError'd: Metro Card Jackpot!!

"I really need to look into a cash-out option," writes Alvin.


"There were evidently more DNS requests on my network last week than there are observable atoms in the universe," writes Elliot, "Maybe we should upgrade our name servers."


"The punch line? I'm expected to type all this in after having hand surgery," wrote Louise H.


"What do a Christmas tree base, a banana slicer, and a 4K Ultra-HD TV have in common? A whole lot according to Amazon," Roland wrote.


"Another developer at the company I work for committed some code, and I was reviewing," Jason D. writes, "Upon closer inspection, either the developer is ensuring job security, or he believes everyone needs to kill some time"


Lauren B. wrote, "So I downloaded VS SP1 and tried to install it, which would not install because it required VS SP1 to be installed before VS SP1 could be installed, which in turn of course requires..."


"I never thought I'd see CAPTCHA where I could just copy the text directly (source:,"Roman writes.


"I tried to pay my phone bill, but apparently Virgin Mobile thinks that's a problem, or at least their software does," Michael C. wrote.


[Advertisement] Release! is a light card game about software and the people who make it. Order the massive, 338-card Kickstarter Edition (which includes The Daily Wtf Anti-patterns expansion) for only $27, shipped!

Planet DebianKenshi Muto: smart "apt" command

During evaluating Jessie, I found 'apt' command and noticed it was pretty good for novice-usual users.

Usage: apt [options] command

CLI for apt.
Basic commands: 
 list - list packages based on package names
 search - search in package descriptions
 show - show package details

 update - update list of available packages

 install - install packages
 remove  - remove packages

 upgrade - upgrade the system by installing/upgrading packages
 full-upgrade - upgrade the system by removing/installing/upgrading packages

 edit-sources - edit the source information file

'apt list' is like a combination of 'dpkg -l' + 'apt-cache pkgnames'. 'apt search' is a bit slower than 'apt-cache search' but provides with useful information. 'apt show' formats bytesizes and hides some (for experts) fields. install/remove/upgrade/full-upgrade are mostly same as apt-get. 'apt edit-sources' opens a editor and checks the integrity.

So, I'd like to recommend 'apt' command to Debian users.

Well, why did I write this entry...? ;) I found a mistranslation I had made in ja.po of apt. Because it is critical mistranslation (Japanese users will confuse by it), I want to fix it strongly.

Dear apt deity maintainers, could you consider to update apt for Jessie? (#772678. FYI there are other translation updates also: #772913, #771982, and #771967)

Planet DebianEnrico Zini: upgrade-encrypted-cyanogenmod

Upgrade Cyanogenmod with an encrypted phone

Cyanogenmod found an update, it downloaded it, then it rebooted to install it and nothing happened. It turns out that the update procedure cannot work if the zip file to install is in encrypted media, so a workaround is to move the zip into unencrypted external storage.

As far as I know, my Nexus 4 has no unencrypted external storage.

This is how I managed to upgrade it, I write it here so I can find it next time:

  1. enable USB debugging
  2. adb pull /cmupdater/
  3. adb reboot recovery
  4. choose "install zip from sideload"
  5. adb sideload

Planet Linux AustraliaBinh Nguyen: Music Production and Experimentation - Part 3

A follow on from:

Have created 'Classical', 'Foreign Hip Hop and R&B', and 'Soundtrack' playlists on my YouTube profile. Not much there at the moment. I'll add more as time goes on.

I've been looking at doing a music course of some sort for a while now (short course or even a degree). Fees can range from several hundred to several thousand dollars.

There may be some government help but you must fit specific criteria.

There are, of course, some online options which will also provide certification of skills if you aren't keen on spending too much time on campus and/or don't have the time/dedication to go the other way. In most cases, you'll have to pass an audition of some sort though which involves a demonstration of proficiency, a portfolio, as well as possibly an academic pedigree (high school or private tuition).

There will be some websites which will often place there reference materials behind walls of some sort but with intelligent searching you can often find a way around these limitations without having to register/signup for further marketing material.

Some material on programming synthesisers.

A place where you can purchase parts to experiment with .

There are a lot of tablet based music making applications now .

Sometimes you don't have a vocalist nearby. An option is to try computerised vocals.

Sometimes, I have difficulties with getting the type of sound that I want and/or need. Here are some itneresting manuals.

Having being having some frustrations with sound libraries being built with later versions of Kontakt/Reaktor. Has been frustrating me to the point where I thought is there a way to bypass the checks (easily possible with many simple system checks. I only investigated as I'm on a mobile prepaid connection at the moment which means that I am trying limit my downloads.).

Some interesting tips with regards to 'House Music'.

Setup a new Tumblr account. Basically, a mirror of my Twitter account.

Cory DoctorowInterview with Radio New Zealand’s This Way Up

Radio New Zealand National's This Way Up recorded this interview with me, which airs tomorrow (Saturday), about my book Information Doesn't Want to Be Free (MP3).


TEDWhy the eff didn’t you watch these TED Talks? The 2014 edition

Eff-BlogHeaderAt the end of every December, we at the office get a little indignant that some of our favorite TED Talks from the year didn’t seem to do as well as we’d hoped. Some amazing talks, for whatever reason — whether they’re too absurd, niche or quirky, or simply were posted at a less than ideal time — don’t resonate at first blush with our audience. Below, my picks for the top 10 great talks you might have missed this year, with mild to medium spiciness.

1. A speaker drops the F bomb in one of TED’s best outfits of the year. Why the eff don’t you watch this talk? Kimberley Motley is a BAMF: A former beauty queen and the daughter of an African-American father and North Korean refugee mother, she’s Afghanistan’s first foreign litigator. For local girls like Nagma, who was sold by her father to their neighbor’s 21-year-old son at the age of 6, getting good legal counsel can mean everything; Motley helps many like her to learn their rights. I live in the United States, an over-litiginous country where some pretty silly legal stuff goes down, so it’s refreshing to know she’s out there fighting the good fight.


2. How often do you get to watch a worm crawl out of a cricket that killed itself? Effing watch this talk. A hilarious talk about parasites by science writer Ed Yong reminds us: Nature is both super cool and totally disgusting at the same time. It stars: a tapeworm that controls a sea monkey that gets a flamingo to eat it so the tapeworm can reproduce, a zombie caterpillar that defends the offspring of the creature that killed it, and many other gross, amusing things.


3. If you’ve ever said: Mo’ money, mo’ problems, you should watch this effing talk. Economist Dilip Ratha explains that, every year, a surprisingly hefty amount of money is sent by migrant workers back home to their families. In 2013, these remittances added up to $413 billion — nearly three times as much as the total amount spent on global foreign aid. This important, unsexy economic force has an even unsexier opponent: Unnecessary fees and regulations. Just watch: it’s an informative, surprising talk.


4. A talk about why the world’s most boring TV is a huge, overwhelming hit. Why the eff don’t you watch it? Thomas Hellum is creating “viral content” in Norway with a counterintuitive approach: Super slow and boring with no plot whatsoever. But 1.2 million Norwegians — that’s a full fifth of the country – tuned into his television program to watch a seven-hour train ride unfold in real time. Also featured: Eight hours of knitting. This talk is a celebration of the absurd, and shows that people can still be into truly slow, weird stuff.


5. Starting at 7:42, Vernā Myers cycles through dozens of photos of awesome black men. Why the eff don’t you watch this talk? This is an important talk for anyone troubled by Ferguson and Eric Garner and thinking, “But what can I do?” Vernā Myers urges us to fight racism within ourselves, starting with our unacknowledged biases. With an abundance of charm and self-deprecation, Myers delivers a necessary message for us all to walk boldly toward those who aren’t in our “safe” demographic.


6. If you can’t stay a kid forever, you can at least find one to lie to. And effing watch this talk. Mac Barnett lies to kids for a living. The children’s book author gives a sweet, funny talk about many of the fictions he’s told, one of which resulted in four years of voicemails to a whale named Randolph.


7. Includes gems like: “The major role of parents is to stop kids putting their fingers in poo.” Why the eff didn’t you watch this talk? Scientists know a lot about pheromones in the animal kingdom, but surprisingly far less when it comes to humans. Zoologist Tristram Wyatt gives an adorably nerdy talk on the history of pheromone research. Says Wyatt, there are two big obstacles to better research of human pheromones: One, we give off so many smells it’s hard to isolate the chemical, and two, what we find attractive, olfactorily speaking, is actually cultural. See: the extremely stinky English delicacy blue Stilton.


8. Norman Spack eases a potentially nightmarish few years for trans teenagers. Why the eff don’t you watch this talk? Puberty is the worst. But imagine, at 13, that your body started rapidly changing from the one you knew into one you felt utterly wrong in. For trans teens, who don’t identify with the sex they were born with, Norman Spack uses hormone replacement therapy to put a pause on puberty.


9. Leana Wen gets all flavor of threats for her ideas. Effing watch this talk and see whether you agree with her or not. Medical visits can be nerve-wracking. As physician Leana Wen suggests, one antidote is for doctors to be more transparent with their patients. In her research she’s found that, overwhelmingly, people want to know more about who their doctors are, especially their values — and who pays them. An intriguing proposal in the larger movement to view doctors more like actual humans.


10. This effing talk is about dictionaries. Watch it. In the fierce war between prescriptive and descriptive dictionary-making, Anne Curzan falls in the latter school. She introduces the adorkable lexicographers who have it out over words like “hangry” and “yolo.”


For more talks you might have missed, check out the 2013 and 2012 editions of “Why the eff didn’t you watch these talks?”

Planet DebianWouter Verhelst: Introducing libjoy

I've owned a Logitech Wingman Gamepad Extreme since pretty much forever, and although it's been battered over the years, it's still mostly functional. As a gamepad, it has 10 buttons. What's special about it, though, is that the device also has a mode in which a gravity sensor kicks in and produces two extra axes, allowing me to pretend I'm really talking to a joystick. It looks a bit weird though, since you end up playing your games by wobbling the gamepad around a bit.

About 10 years ago, I first learned how to write GObjects by writing a GObject-based joystick API. Unfortunately, I lost the code at some point due to an overzealous rm -rf call. I had planned to rewrite it, but that never really happened.

About a year back, I needed to write a user interface for a customer where a joystick would be a major part of the interaction. The code there was written in Qt, so I write an event-based joystick API in Qt. As it happened, I also noticed that jstest would output names for the actual buttons and axes; I had never noticed this, because due to my 10 buttons and 4 axes, which by default produce a lot of output, the jstest program would just scroll the names off my screen whenever I plugged it in. But the names are there, and it's not too difficult.

Refreshing my memory on the joystick API made me remember how much fun it is, and I wrote the beginnings of what I (at the time) called "libgjs", for "Gobject JoyStick". I didn't really finish it though, until today. I did notice in the mean time that someone else released GObject bindings for javascript and also called that gjs, so in the interest of avoiding confusion I decided to rename my library to libjoy. Not only will this allow me all kinds of interesting puns like "today I am releasing more joy", it also makes for a more compact API (compare joy_stick_open() against gjs_joystick_open()).

The library also comes with a libjoy-gtk that creates a GtkListStore* which is automatically updated as joysticks are added and removed to the system; and a joytest program, a graphical joystick test program which also serves as an example of how to use the API.

still TODO:

  • Clean up the API a bit. There's a bit too much use of GError in there.
  • Improve the UI. I suck at interface design. Patches are welcome.
  • Differentiate between JS_EVENT_INIT kernel-level events, and normal events.
  • Improve the documentation to the extent that gtk-doc (and, thus, GObject-Introspection) will work.

What's there is functional, though.

Update: if you're going to talk about code, it's usually a good idea to link to said code. Thanks, Emanuele, for pointing that out ;-)

Planet Linux AustraliaGary Pendergast: JSON Encoding in WordPress 4.1

Earlier in the year, we noticed a problem with JSON in WordPress. The JSON spec very explicitly notes that it only supports UTF-8, whereas WordPress can use any character set that MySQL supports. So, for sites that didn’t use MySQL’s utf8 or utf8mb4 character sets, this generally presented itself as json_encode() returning false; which resulted in either invalid JSON being returned from an Ajax request, or a JavaScript error in some embedded code.

To fix this, WordPress 4.1 now includes a shiny new function that we recommend for all plugins and themes:


Usage for wp_json_encode() is identical to json_encode(). It works by trying a json_encode(), then checking if that encoded properly. If it failed, wp_json_encode() will go through whatever lump of data you passed to it, convert it to UTF-8, then return it as JSON.

Have fun with WordPress 4.1, and see you next year for new and exciting functionality coming to a WordPress install near you!

Planet DebianGregor Herrmann: GDAC 2014/18

what constantly fascinates me in debian is that people sit at home, have an idea, work on it, & then suddenly present it to an unexpecting public; all without prior announcements or discussions, & totally apart from any hot discussion-de-jour. the last example I encountered & tried out just now is the option to edit source packages online & submit patches. - I hope we as a project can keep up with this creativity!

this posting is part of GDAC (gregoa's debian advent calendar), a project to show the bright side of debian & why it's fun for me to contribute.

TEDThe innovations that could improve our world, assorted thoughts for rethinking terror and a pair of year-end accolades

In Brief JR redo

JR’s signature eyes—this time of Eric Garner—proceed the Millions March in New York. Photo: JR/Instagram

TEDsters have been busy, as always, during the last two weeks. Below, just a few of the members of our global community with news to share.

Innovations poised to make a difference. Our friends over at Mashable created an excellent roundup of “14 innovations that improved the world in 2014.” It includes several innovations shared in TED Talks—like Manu Prakash’s 50-cent folding microscope, Miguel Nicolelis’ mind-controlled robotic exoskeleton, Mark Kendall’s needle-free vaccine patch, and Andrew Bastawrous’ smart-phone eye exam. 

It’s about time for overtime. Many Americans do get paid for the hours of overtime they put in at work. Nick Hanauer, the self-proclaimed 0.01 percent-er, writes a piece for PBS Newshour about how this lack of overtime pay is severely hindering progress for the American middle class. (Watch Nick’s TED Talk, “Beware, fellow plutocrats, the pitchforks are coming.”)

Eric Garner’s haunting eyes. On Saturday, citizens marched through the streets of New York City and Washington, D.C., calling attention to the issue of police brutality after grand juries opted not to indict the officers who killed Michael Brown and Eric Garner. Protestors on the front lines in New York held up a chilling banner — created by none other than TED Prize winner JR — of Eric Garner’s eyes. “Today we march,” JR wrote on Instagram, adding the image above to the hashtag #MillionsMarchNYC. (Watch JR’s talk on how art can turn the world inside out.)

Mission: 007 antagonist. Stephen Hawking tells Wired UK about his dream on-screen role. The fame physicist would love to play a Bond villain. (Watch Stephen’s TED Talk, “Questioning the universe.”)

Comic books to combat terror. The New York Times has profiled TED Fellow Suleiman Bakhit, whose comic books are designed to invert terrorist ideologies. In the piece, Bakhit explains how terrorist organizations play on hero myths, a la Joseph Campbell. “What’s interesting is that Bin Laden emulated that journey to the letter,” he says. “This is the same message—the heroic message—that they push to all the terrorists in Western Europe who go join ISIS.” (Read about Suleiman’s work.)

Communities can help too. Lately, the news is full of reports of growing Islamic extremism. What’s not covered, according to Karima Bennoune: how communities of Muslims are standing up for peace worldwide. This is the topic of her book, Your Fatwa Does Not Apply Here, which has a new edition with a new afterword out this week. (Watch Karina’s TED Talk, “When people of Muslim heritage challenge fundamentalism.”)

And the faux news take on fundamentalism. Meanwhile, The Onion has released a hilarious piece of satire—a TED Talk from a terrorist. “We find ourselves in an ever-evolving, globally connected community that is confronted with numerous societal and economic obstacles every day,” he says. “The question is, and it’s a difficult one, how can we, as terrorist cells, overcome these roadblocks while staying true to our vision?” (Check out more TED spoofs.)

Why Google will never replace the magician. David Blaine writes a piece for The Economist, reassuring us us that—even in an age where the secrets behind magic tricks can be Googled in seconds—the craft of the magician will endure. At the end of the day, he says, it all comes down to engaging an audience on a deep emotional and psychological level. (Watch David’s TED Talk “How I held my breath for 17 minutes”)

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src=";rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

A flight over Dubai. Daredevil Yves Rossy has released a new video, that shows him and pal Veres Zoltán zipping over Dubai in looping, twisting corkscrew formations.

How TED really works. Zeynep Tufekci, who spoke at TEDGlobal this years, turns to out-of-fashion sociologist Émile Durkheim for an explanation for what makes speaking at TED so powerful: the fact that we have a team of specialists working hard to make each and every talk a success. She writes on Medium, “Behind the curtain was no single wizard, but a large team.” (Read about her talk.)

Ask an online security expert. Mikko Hypponen sat down for a Reddit AMA the week before last. Among the questions he answered: “Which of the many viruses/malwares you analysed was the most sophisticated?” And “Is Google doing a good job?” (Watch Mikko’s latest TED Talk, “How the NSA betrayed the world’s trust—time to act.”) 

Yes, pilgrimages are still a thing. Bruce Feiler has a new series on PBS which premieres on Tuesday, December 16. Called “Sacred Journeys,” it brings viewers along as Americans of different faiths travel to the places that are most meaningful to their faith. The series begins with a group of wounded veterans on a trek to the Catholic shrine of Lourdes in France to ask for healing. (Watch Bruce’s talk, “Agile programming—for your family.”)

From the 16th century to the present. Rare book scholar William Noel held an unusual event last week at the University of Pennsylvania. At this transcribathon, attendees got a lesson in the art of transcribing English manuscripts from the sixteenth and seventeenth centuries. (Watch Will’s TED Talk, “The lost codex of Archimedes.”)

A maximum security TEDx. A New York Times was on hand for TEDxSingSing on December 3rd, and reporter noted that education was an underlying theme of the day. “I left junior high school knowing how to carry a razor in my mouth, spit it out and catch it,” host Jermaine Archer is quoted as saying. “[But] I’m leaving [Sing Sing] with a master’s.” Another special moment in the day: when rapper Ice-T arrived to speak. (Read about the growth of TEDx events in prisons.)

Tiny submarines. TED Fellow David Lang has released the latest version of his OpenROV. The affordable submersible now has a better motor, brighter lights and improved durability, he tells Wired. (Watch David’s talk, “My underwater robot.”)

End-of-year accolades. TED’s Android app has been named one of Google Play’s Best of 2014. (Download it and give it a whirl). Meanwhile, TED Radio Hour was named one of iTune’s Best of 2014 classic podcasts. (Listen here.)

In Brief iTunes

TEDHow mega-landscaping might reshape the world

Bradley Cantrell TED Fellow

“I believe that this boundary we’ve created between humanity and our environment is artificial,” says Bradley Cantrell, a computational landscape architect. Photo: Ryan Lash/TED

Picture a spillway gate that doesn’t just release water from an overflowing river, but manipulates sediments to create new streams, islands and wetlands. And imagine that the gate does this autonomously, guided by ecological data and shifting needs — essentially allowing nature to “evolve.” Computational landscape architect Bradley Cantrell is figuring how to do this by applying environmental sensing, machine learning, predictive modeling and robotics to environmental engineering.

The TED Blog asked Cantrell to talk to us about his ideas, how they would work, and how computational landscaping may change the relationship between human beings, machines, and nature.

What is our current relationship to the natural environment, and how do you envision changing it?

Right now, human beings are really good at saying, “We want this river to move very quickly, and we want it to always be predictable.” So we can engineer a predictable river. Take the Los Angeles River, which is a simple example. It’s basically a concrete channel. We’ve taken all the unpredictability out of it because it used to jump its banks and flood a large part of the Los Angeles River basin. We said, “We want it to be within this 20-meter-wide zone and to never move, and we want it to always run at the same velocity so it never backs up and floods anything.”

But that’s not the way an ecosystem or river works. It actually has a whole range of behaviors. We currently don’t allow these systems to have a range of behaviors. I would like to change this so that our infrastructures allow the creation of evolving and changing ecosystems.

Landscape monitoring and synthesis. Image: Joshua Brooks, Devon Boutte, Martin Moser, Kim Nguyen

A diagram of landscape monitoring and synthesis. Image: Joshua Brooks, Devon Boutte, Martin Moser, Kim Nguyen

Where does the idea of computational landscape architecture fit in?

Computational landscape architecture is the idea that, using computing and machine learning, we can build physical infrastructures and natural landscapes that relate symbiotically with our cities and natural systems.

In theory, what we’re doing is embedding the complexity that exists in natural ecological systems into our own manmade environments. We do this by feeding computers data from natural historical records. So, for example, you might have a set of records about how a particular ecosystem performed, such as the behavior of a river’s water levels and velocity. Then you might have a series of predictive models, about how sea-level rise due to climate change will affect this local ecosystem, for instance. These predictive models are used to develop a computational logic which allows them to make autonomous decisions about how it uses infrastructure — like spillway gates — to prevent possible problems.

This means that computers end up having a life of their own, within our design goals. Machine learning can be compared to how we make decisions: we make choices for the future based on data from experiences we’ve had in the past.

In your talk, you offered the example of the Mississippi River, for which you’ve prototyped a computational infrastructure. Walk us through the process of how it would work.

The example I most often give is a system of spillway gates that, instead of simply allowing river water to flood a lake when it gets too high, precisely controls the flow of water to create landscapes that benefit biodiversity or protect cities from storms — and does so in an automated way.

A prototype of the robotic spillway gate, which automatically distributes sediments according to computational instructions. Project: Bradley Cantrell, Justine Holzman, Prentiss Darden

The Mississippi River has always jumped its banks. If you look at the shape of Louisiana, its shape is the result of the sediments in the floodwater building out land. Left to its own devices, once the river finds its longest route, it jumps its bank and tries to find a shorter route. Rivers naturally do this kind of cycling.

In the last 100 years or so, we’ve built levees all the way down the river. If you look on a map, you’ll see the Mississippi River now has this really long route, and it’s just continued to build and build and now its dumping dirt off the continental shelf into deep ocean water. There’s actually a shorter route for the Mississippi river: it naturally wants to jump its banks and go down what’s called the Atchafalaya Basin. The US Army Corps of Engineers built a structure where it wants to jump, forcing it to go the long way.

Why? Is it because people are there?

No. The Atchafalaya Basin could easily be flooded, with few consequences. But New Orleans sits further downstream, and if you change the route of the Mississippi River, suddenly New Orleans becomes completely irrelevant in terms of a city. It would be sitting out in this exposed area with no river next to it. So for the sake of commerce, we still want ships to come through. There’s all kinds of mega-engineering going on to keep that river the way we want it to be.

The problem was, in the past the levee would just break down in certain areas and start to flood out into the bayous. This happens whenever the river is very high. It breaks free in certain areas and it just floods, and all of this dirt carried down from Iowa and St Louis dumps out into the area, basically replenishing the land there. People have said, “Well, we should just begin to build massive gates on the river, and whenever the river gets to be too high, we’ll relieve the pressure by flooding these areas.” So the safety aspect is already in place. There are two spillways: one of them floods the whole Atchafalaya Basin, and the other one floods Lake Pontchartrain, north of New Orleans.

Those projects were both built in the ’50s and ’60s, right after they forced the river into its current configuration. But these solutions haven’t been about pushing water into land we want to build. They’re pushing it into places that we then have to go back and dredge out so that the Ponchartrain can still be a lake, and the Atchafalaya Basin can still be a river.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="" title="sediment printing analysis" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

Above: Watch Bradley Cantrell’s spillway gate “print” a landscape by controlling the flow of sediment-laden water.

With your solution, what would happen?

I’m adding a layer to this. Let’s say we go ahead and open up these spillways in a range of new locations that are already being proposed. What if each of those spillways had a whole range of things it could do, rather than simply flooding or not flooding? And how can we speed up or slow down the velocity of the water coming through? The answer is by opening these gates in different sequences. Think of the way you put your finger over a water hose. When we slow the flow down, sediments fall out of it, and by speeding it up, it carries sediments further, or breaks obstacles down and pushes beyond them.

So just using those two mechanisms, we plan to push the water and the dirt to go where we want it to go. If we have control over the land-formation process alone, we can start making choices about whether ecosystems should evolve in a certain way, and we can help nudge things in that direction. Once the system is fully functioning, it would form landscapes on its own, but it will have had our curatorial help.

Can you give us an example?

If we know, for example, storms have come into Louisiana in a certain way 80% of the time throughout history, it’s logical and possible that we could form that land so that it provides the greatest barrier to such storms. Or if we know sea-level rise is happening at a certain rate, the system could respond by forming the land in such a way that we’re future-proofing that area for, say, the next 25 years or so.

What about plants and animals in this ecosystem? How would you control the health of biodiversity and habitats? Is this really controllable?

Ideally, as these systems are being built, habitat formation and biodiversity protection would be given equal weight to protection from storms, climate change, and so on. So we ask, “What are the sizes of the habitats for certain animals? What are the soil depths and soil compositions we need for specific plant material?”

Does this mean you’d actually go out there and plant things?

No, ideally plants would be naturally seeded. There’s not a lot you have to do in the Delta to get plants to grow. They’ll just pop up if there’s any land that forms. But you can take into account that certain grasses need to be a particular depth out of the water, for example, or there are certain trees that only take root at particular depths because they have to be dry at certain times of year. By engineering the soil profile, you basically set the canvas up for those plants to come in and have a place to grow. We’re building a scaffolding for these habitats to take over naturally.

So we’re changing the relationship between spillways that act only as a safety valve, to actually curating and managing a whole ecosystem as part of the natural extension of the river.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="" title="diversion scale animation 1280x720" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

Above: Watch an animated visualization of how a sediment gate would work. Credit: Louisiana State University Coastal Sustainability Studio 

This project is huge in scale. Is this all theory at this point?

At the moment, I’m working only with digital or physical simulations. But these next steps really are coming online for the Mississippi River. For example, they’re already thinking about the way sediment gates are sequenced, how they open and close. While it’s not yet completely autonomous and robotic, that type of logic is already being considered. And there’s a whole set of things that come up with that, in terms of do we just say this is the landscape we want on the other side of this gate, and then we force it — or do we try to develop more complex relationships within the ecosystem?

Are you working on any other case studies?

There are some interesting things coming out of student projects we’ve done. Two students recently modeled a solution for particulate matter in West Oakland, California. One of the big issues in this area is that idling diesel trucks on the freeway, which runs along the edge of West Oakland. The trucks create a huge amount of diesel particulate matter. At the same time, there’s a breeze coming in across the San Francisco Bay, which takes all of that pollution and dumps it in West Oakland. Because it’s so dry there, the particulate matter actually floats much further than it would in many other places.

As a solution, the students designed an irrigation device — something that looks like a light post, but which sprays a mist of water. They proposed to “plant” these in a series of very narrow strips in disused areas of the city. Making the air very humid in those strips would stop the particulate matter and allow it to drop in place, rather than getting blown over people’s homes. At the same time, the moisture would allow trees and other vegetation to grow, which would help absorb the pollution. These filters could also be cycled off and on, so once the plant material is overloaded with pollutants in one strip, you could bring the humidity down, allowing another filter further inland to do the job, and allowing the plants to recover.

An analysis of particulate matter traveling over West Oakland. Image: Prentiss Darden, Silvia Cox

An analysis of particulate matter traveling over West Oakland. Image: Prentiss Darden, Silvia Cox

What was your way into this line of innovation? Did it grow out of a passion in engineering? Architecture?

My undergraduate education was actually very long — longer than it should have been, as I tried to figure out what I was going to do! I started in painting and illustration, and then I went into computer science for many years, and then I got into landscape architecture when I started studying plant biology and developed an understanding about environments and ecosystems. But I always had this background in visualizing, painting, making imagery, as well as the computational background, so those two came together.

When I ended up at Harvard to get a post-professional degree in landscape architecture, I studied interactive spaces and data visualization. This concept of interactive spaces — which we now call responsive environments — really helped to develop methods to understand how computation and the environment could communicate to each other. That got my interest piqued. I started asking what these new technologies were, and how we were using them. How could they be applied to landscape? And what would it mean to embed computation in landscape? After all, it’s in our phones, it’s in our architecture, it’s in our cars. What might happen if it started to drive our landscapes and natural environments?

If this idea takes off, we could have computers evolving what we consider our “natural” environment. Have you thought much about how this blurs the line between nature and the built environment? Are there down sides?

I believe that this boundary we’ve created between humanity and our environment is artificial. It’s a construct that we use because we place ourselves at the center in our perception of the world. Our goal should be to erase this line and to consider ourselves as equal actors within the environment. This actually requires us to back away slightly and consider a range of environmental influences — not just human needs.

Our current attempts are typically about conservation which cripples us and sets up a confrontational atmosphere of humans and the “natural.” This also creates methods of construction which force us to remediate rather than work with the environment and learn from it over time. We also have to come to terms with the fact that ecosystems evolve and change. We can’t be in love with their current state. What we can fall in love with is their richness — and then design and curate this, in new and varied forms of novel ecological systems.

Having said that, there are certainly negative possibilities. The more we embed our technologies within the environment, the more control we grant ourselves, which can often turn out badly. In many ways, it requires us to evolve intellectually. If we can take a more humble approach to the planet, we’ll find ways to not only surpass our current limits of construction and evolution, but bring a rich and evolving ecosystem with us.

A metabolic forest -- narrow strips of disused land planted with vegetation and water misters -- would act as a filter against air pollution floating over West Oakland from nearby freeways. Image: Prentiss Darden, Silvia Cox

A metabolic forest — narrow strips of disused land planted with vegetation and water misters — would act as a filter against air pollution floating over West Oakland from nearby freeways. Image: Prentiss Darden, Silvia Cox

TEDKid President gives an adorable TED, er KID, Talk

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src=";rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Kid President warms hearts anytime he speaks. So what happens when he gives a “KID Talk”? A great opening line, tiny top hats for dogs and, of course, a dance. This talk gets a standing ovation from us—and we have a feeling it will send you off to the weekend in the right spirit.

Watch Kid President’s breakthrough moment on »

And see what happens when the TED staff had to choose between a Webby for us, or one for Kid President’s Soul Pancake »

RacialiciousWhat’s the Verdict? Racism and the Case Against Serial

By Guest Contributor Priya R. Chandrasekaran, special to Racialicious

A month or so ago, I got into a debate with a friend at work about racism in the podcast Serial.

Serial, a widely popular production of WBEZ Chicago, follows journalist Sarah Koenig week to week as she investigates a fifteen-year old case in which an eighteen year-old Korean American girl was found strangled after she went missing. Her then eighteen year-old Pakistani American ex-boyfriend was charged with first-degree murder and kidnapping. He has been in prison since 2000, all the while maintaining his innocence.

Specifically, my friend and I had different responses to an article by Jay Caspain Kang accusing Koenig of “white reporter privilege.” She felt that Kang was too quick to read an exoticizing impulse into Koenig’s reactions when, for example, Koenig was probably startled by how “normal” a young woman’s diary seemed on the eve of its author meeting a violent death. Also, she said, Koenig the storyteller has to make her characters relatable to her listeners. But “relatability” is precisely what Kang problematizes, I replied, it assumes an underlying “colorblind ideal” that “reads ‘white.’” I brought up Julia Carrie Wong’s charge that Koenig “fail[s] to draw an distinctions between…. a first-generation Korean immigrant [experience] and [a] second-generation life in a Pakistani-American family,” and that she gives her subjects “model minority treatment.” But then… the descriptions Koenig uses were offered by the people she interviewed, not ones she coined.

So is she accountable for them?

A colleague joined in: Koenig probably assumes her audience has racial sensitivity.

I disagreed: Kang is right that the journalist comes “from the same demographic as her ‘intended audience’” in a context where “staffs of radio stations, newspapers, and magazines tend to be overwhelmingly white.”

But if being white is the fact of her experience, this colleague said, do we hold it against her?

As I walked home in the Brooklyn cold, I was thinking about this, and thinking hard. I thought about it when I passed a block away from the hospital where I was born. It was where my parents first worked when they immigrated to this country in the early 1970s, and it played an important role in the once poor neighborhood that was mostly African American, Dominican, and Puerto Rican until it was shut down because of urban disinvestment; now it’s an apartment building housing mostly white tenants on a block with skyrocketing rents. And I kept thinking about it throughout that week.

Then at a conference on the Black Radical Tradition and Cultures of Liberation, Cedric Robinson, historian and author of Black Marxism, said he believed that just because playwright Eugene O’Neill was white didn’t mean he couldn’t write about African Americans because “race is a fiction [though racism is not], while humans are incredibly complex.” In other words, questions of ethics or solidarity might have less to do with categories of identity than with what activist-scholars Gina Dent and Angela Davis suggested the next day – how you go about your work, the “questions you ask,” and your positional “reflexivity.”

The conversation with my friend made me consider Koenig as a person with a daunting project and good intentions. But I also remembered how, years ago, this same friend sent me a speech called “To Hell with Good Intentions.” It was almost fifty years ago when Ivan Illich had stood before an audience of US Peace Corps volunteers and students in Mexico and basically said, come to learn or to face yourselves, but don’t come to help. Remembering Illich made me realize that what is troubling about Serial is only partially encompassed by Kang’s and Wong’s critiques. Illich was disrupting a narrative that appeared innocuous and good even as it perpetuated social and economic hierarchies. On a far smaller scale, Serial is such a narrative.

It’s not the details in Serial per se, but how these details function in combination with what is left unsaid that unsettles. Koenig and her team do not play a thoughtful role in mediating the effects of their production on their audience and their subjects. Koenig seems largely unaware that people’s observations aren’t just objective or subjective, but shaped by ways they have internalized circulating stereotypes.

This brings me back to a few years before the tragic events of this podcast, to a suburban high school in Long Island, New York, and to a sociology teacher calling a brown girl – me — to the front of the room. He then asked the mostly white class, “Who’s her closest friend?” With hardly any debate the class came to consensus that it was another South Asian girl. Someone I couldn’t stand.

My teacher’s using me to illustrate his point made a bigger impression than his subsequent lecture about stereotypes. Or rather: together these two elements comprised a masterful lesson on how to use someone’s “difference” while simultaneously speaking about equality and “sameness.” I don’t think my teacher meant to humiliate me. He was trying to create a narrative and, in his mind I guess, needed to insert me into it to move along the plot. But that he chose me out of everyone in the class and didn’t ask me beforehand is no coincidence. And his having chose me had consequences.

In Serial, even initial observations of friends, acquaintances, and teachers were likely shaped by model minority tropes; but Koenig doesn’t acknowledge that. If my teacher used me as a kind of teaching tool, it feels like Koenig uses a teenage girl who died as the necessary victim in her mystery plot. The problem isn’t that Koenig doesn’t tell the audience more about her (she does try to pepper in a few details), but that she doesn’t lead the audience to imagine that there is. As countless writers, musicians, artists, directors, journalists, etc. have shown: rendering someone human isn’t about making them “relatable” through sameness; it’s about tapping into the complex, contradictory, fullness of someone’s being.

The “model minority” myth to which Wong alludes didn’t appear out of thin air, and it was a sharp turn from how, for example, Chinese factory and railroad laborers of earlier eras were racialized.

The term itself began to circulate in media and political discourse just around the passage of the 1965 Immigration Act, which wedged open a door to immigrants from the “darker nations.” That this legislation even came into being had to do with the tremendous effect of the Civil Rights Movement on challenging and broadening who could be deemed “American” and what it meant to claim that identity.

However, it wasn’t just motivated by progressive thought, but also by “professional” labor shortages (particularly in urban areas in part due to white flight into suburbs after desegregation) and efforts to forge geopolitical alliances with countries like Pakistan during the Cold War years. In the initial waves, many new immigrants had class or social privilege in their home countries and institutional connections here. My parents, for example, were given labor contracts to be medical residents and their flights were paid for as a salary advance; if they started on the ground and without money in their pockets, they were also given a ladder and the security of a paycheck. Like my parents, many post-1965 immigrants initially lived in close proximity to minorities who came from lineages of slavery, segregation, lynchings, exploitation, subjugation, and/or exclusion within the US only to find that hard-won battles like school desegregation wouldn’t initiate change without more struggle ( the Baltimore Superintendent maintained de facto segregation after the mid-1950s through districting). If democratic antiracist and antiwar upsurges within the US connected with anticolonial struggles in some of the very countries from which new immigrants came, racial divisions could also be exploited by harnessing the various prejudices and insecurities new immigrants brought with them (in part an effect of colonialism) and the way in which the Korean and Vietnam Wars, Japanese internment, and decades of excluding Asians from entering the US imprinted the psyche of differently positioned Americans just as national, state, and municipal governments were setting on devastating course of disinvestment from public infrastructures and launching a highly racialized “War on Drugs” (consider here, the main witness’s fear about being arrested).

In this churning cauldron, “model minorities” became a foil for “bad minorities.” Media promulgated “success stories” insinuated that class mobility was the product of hard work and the right attitude – not made in the trenches of history.

I don’t expect Serial to take all this on. But – dates, names, and a few exceptions aside – it’s like the podcast could have happened almost anywhere. Been about almost anyone. Taken place at almost any time. It portrays a world of relationships that don’t have social and historical density, a world in which these aforementioned events never happened – but for the way the consequences of their having happened surface unreflexively.

Moreover, in Serial, “model minority” descriptions are also “good girl” images, with unexamined misogynistic undertones. What does it mean that our shock about a murder of a teenage girl depends upon her seeming “normal” (to an imagined white middle/upper middle class audience)? Women and girls, as well as people who contest boundaries of gender and sexual “norms” in this country and beyond are habitually persecuted for acts of violence perpetrated on them. This is why it’s dangerous to hitch your audience’s sense of injustice to tropes of “relative innocence” – to borrow a term from Geographer Ruth Wilson Gilmore. At one point, Koenig uses a clip to illustrate a potential juror’s prejudicial beliefs about how Muslim men treat women. But she never touches the fact that violence against women and intimate murders such as this happen all the time in the United States across every kind of demographic; it is as “American” as pie.

What Kang calls “white reporter privilege” I call weak storytelling. This weakness is accompanied by ethical oversights. I have wondered many times what it’s like for this girl’s loved ones to be subjected to widespread serial speculation about her death by people who don’t really care about her. Or what it would be like for them to walk by someone wearing a tee shirt from the subreddit Serial “community?” No doubt, addressing miscarriages of justice can hurt victims’ families, and this is not a reason to turn the other way. But it can and should frame how we take on such projects – both content and form. I stopped listening to Serial a while ago, in part because of my discomfort with how my sense of suspense and entertainment was predicated on (and simultaneously dissassociated from) people’s real pain. (I recently listened to the last few episodes in one stretch in order to update this commentary).

In our conversation, my friend had reminded me that the UVA Innocence Project is now investigating the case (friends and family of the accused attempted to solicit them earlier and failed) and that there are literally thousands of people who have signed an online petition to “free” the convicted ex-boyfriend. Now there is also a crowd source webpage to solve the crime. And listeners on reddit are raising funds for a scholarship in the victim’s name (without asking her family about using her name). I will be heartened if good comes out of these campaigns, but I am not heartened by what compels them.

Obsessive scrutiny of whether or not this young man is “guilty” of this crime circumscribes a paper thin vision of justice. It hinges on how Koenig, her team, and their listeners should stand in judgment of a Muslim American man in a post-September 11, 2001 era of rampant surveillance of Muslim Americans. It articulates with representations of dark people as strangers who white people (or “good Americans” of all fabricated “races”) must recognize, fear, or save. It depoliticizes and individualizes major social problems, and suggests the relationship between truth and justice is simply subjective at a time when private prisons are expanding exponentially and more people are caged in the United States than anywhere else on earth.

And they are predominantly people of color.

An article in Bloomberg Business Week estimates that Koenig probably paid about $2500 in phone bills to Global Tel-Link, a company which preys on incarcerated people and their families to make a profit. She doesn’t once contexualize her calls in this reality, and yet every episode opens with a recording that states the company’s name, in essence giving it free advertising. The problem isn’t that Serial centers on an individual case but the myopic manner in which it does so. When Koenig, to her credit, finally gives examples of how racism, Islamaphobia, and problems with the defense might have led to a false conviction, she brackets these details with a statement (at the beginning) that she doesn’t “buy” that racism was a determining issue even if it “crept in” and the comment (at the end) that “maybe he’s a sociopath.” In this episode, she chooses interview clips that reinforce Islamaphobic stereotypes without doing the work necessary to destabilize them.

Moreover, an episode that “deals with race” in a series whose metanarrative relies on using, scrutinizing, individualizing, and judging people who aren’t white is kind of like the difference between my teacher’s words and his real lesson.

The limitations of Serial’s narrative-ethical scope has led listeners to dig intrusively into other people’s Facebook accounts and posit speculations. The impulse to free someone might seem like an uncomplicatedly good thing.

But, many of recipients of humanitarian “aid” have spoken about the negative consequences of “good intentions” when givers don’t understand the social situation into which they are intervening. Furthermore, Michael Brown’s parents in Ferguson, Missouri or the parents of a fourteen-year old child killed in by US drones in Zowi Sidgi, Pakistan might remind us that just knowing who did it – who killed the child you raised — does not mean you get justice.

It might mean you get more injustice.

What can we make of Serial’s incredible fanfare at this particular moment in the history of race in the US? On the one hand, the non-indictment charges for policemen Darren Wilson in Ferguson, Missouri and Daniel Pantaleo in Staten Island, New York have sparked protests throughout the country about state violence on black and brown bodies, as well as a wider public conversation about the need for systematic change. On the other hand, “Band Aid 30” has just put out a new version of “Do They Know It’s Christmas?” that presents an image of black people and “Africans” as frightening, contagious, and deathly in order to raise funds to stop the spread of ebola in Sierra Leone, Guinea, and Liberia (thirty years ago it was about famine and “poverty” in Ethiopia): “There’s a world outside your window – and it’s a world of dread and fear/Where a kiss of love can kill you – and there’s death in every tear.”

In the midst of this – as a subsequent conversation with my friend helped me to see – Serial has seized upon a general disillusionment in this country with the (political, economic, justice) system and the desire of people with privilege to keep that world “of dread and fear” outside their windows. After all, change is hard.

So I guess it’s not a surprise that Serial has been hailed as innovative. Most truly innovative things today are labeled crazy, impractical, or too…something. That is, if they rise above the economic impediments to see the light of day. “Innovative” has somehow come to mean a new way of packaging what writer Amiri Baraka called the “changing same.”

Serial is innovative in how it invites listeners to feel sympathy, antipathy, and the desire to prove what they have figured out.

But innovations in ethical thought and action reside elsewhere – as theorist Judith Butler reminds us in the movie Imagined Life – in sites of discomfort, uncertainty, and internal struggle.

The post What’s the Verdict? Racism and the Case Against Serial appeared first on Racialicious - the intersection of race and pop culture.

Planet Linux News: Speaker Feature: Andrew Tridgell, Daniel Vetter, Zane Gilmore

Andrew Tridgell

Andrew Tridgell

Flying with Linux

1:20 pm Friday 16 January 2015

Andrew is a Linux addict who has become obsessed with autopilots. When not coding he is testing (and sometimes crashing!) search and rescue aircraft in an attempt to bring affordable search and rescue UAVs to the world.

For more information on Andrew and his presentation, see here.

Daniel Vetter

Daniel Vetter

Botching up IOCTLs

3:40 pm Friday 16 January 2015

Daniel Vetter started to contribute to the linux kernel a few years ago when the graphics stack rewrite broke his old laptop and all the developers were busy fixing newer machines. From then on it went all downhill and since 2011 he's enjoying the fun and frustration of working on the Linux graphics driver stack professionally at Intel's OTC. Since 2012 he is also the kernel maintainer of the Intel graphics driver.

As the i915 maintainter Daniel managed to get the quality issues under control and the driver off the infamous No. 1 spot on the kernel's regression list - where it beat entire subsystems. He established solid testing procedures, created an entire new testsuite for the kernel and enforced strict requirements for merging patches.

Additionally Daniel spent a lot of time improvimg the drm (direct rendering manager) subsystem. Daniel was a major driver behind the effort to write documentation for all driver interfaces. He removed lots of old cruft and separated the new-world modesetting driver from the horror show of the legacy drivers and reducing the rather hapzardous ioctl interface surface for drivers.

For more information on Daniel and his presentation, see here.

You can follow him as @danvet and don’t forget to mention #lca2015.

Zane Gilmore

Zane Gilmore

FLOSSing in the lab – What Plant and Food Research does with FLOSS

3:40pm Thursday 15th January 2015

Zane is a developer and computer consultant for scientists working for the Plant and Food Research Institute. He writes software (mostly in Python) and advises scientists on how to facilitate their science. He has worked as a developer since 2000 after he got a degree in Computer Science at University of Canterbury.

For more information on Zane and his presentation, see here.

LongNowLong Now’s Nevada and Artists with Lasers: January 02015 at The Interval

Scotty Strachan speaks at The Interval - January 6, 02015

We have just announced our lineup of upcoming events at The Interval for 02015. The first four months of the year will feature talks on art, science, history, technology and long-term thinking. Tickets are on sale now for the first two:

January 6, 02015
Scotty Strachan: The Great Basin in the Anthropocene
environmental researcher at University Nevada-Reno
Scotty will talk about his scientific research in the Great Basin region including the Long Now owned site on Mount Washington in Nevada

January 20, 02015
Mathieu Victor: Artists with Lasers
artist, technology consultant (formerly of Jeff Koons studio)
first in a series on art, time, and technology talks produced with ZERO1

Space is limited at these events and tickets will sell out. So get yours early. If you make a tax-deductible donation to The Interval you’ll be added to our list for early notice about Interval event tickets. More information on these events below.

When we opened The Interval in June 02014 one of our goals was to host great events in our cafe/bar/museum space at Fort Mason in San Francisco. It was important that these talks complement our larger format Seminars About Long-term Thinking series which we produce for audiences of several hundred in San Francisco each month and are enjoyed around the world via podcast.

So The Interval’s “salon talk” series events are more frequent (2 or 3 times a month) and intimate: fewer than 100 people attend and have the chance to meet and converse with our speaker afterward. So far we’ve produced 14 events in this series and all of them have sold out. They are being recorded and will eventually become a podcast of their own. But we don’t yet have a timeline for that, so your best bet is to attend in person.

Scotty Strachan speaks at The Interval on January 6, 02015
Scotty Strachan speaks at The Interval - January 6, 02015

Tuesday January 6, 02015:
Scotty Strachan: Long Now’s Nevada: the Great Basin in the Anthropocene

Our first Interval salon talk of 02015 features geographer Scotty Strachan discussing the Great Basin region of eastern Nevada. Amonst his other work Scotty conducts research on Long Now’s Mount Washington property. Scotty has done extensive work with bristlecone pine trees which are amongst the oldest organisms on the planet often living for several thousand years. He will discuss his work in eastern Nevada and put it in perspective with climate science efforts worldwide.

Mathieu Victor speaks at The Interval on January 20, 02015
Mathieu Victor speaks at The Interval - January 20, 02015

Tuesday January 20, 02015:
Mathieu Victor: Artists with Lasers. Art, Tech, & Craft in the 21st Century

A creator, art historian and technologist, Mathieu Victor has worked for artists, galleries, and leading design studios. Mathieu’s study of past practice matched with his experience in executing extraordinary contemporary projects give him a unique perspective on how art in the physical world benefits from the digital age.

Other highlights of the 02015 salon talk schedule that we’ve announced: The Interval’s architect/design team Because We Can and Jason Scott of the Internet Archive will speak in February; and Pulitzer Prize winner Richard Rhodes will talk about his new book on the Spanish Civil War in March. More talks will be announced soon. We hope you’ll join us at The Interval soon.

Planet DebianJohn Goerzen: Aerial Photos: Our Little House on the Prairie


This was my first attempt to send up the quadcopter in winter. It’s challenging to take good photos of a snowy landscape anyway. Add to that the fact that the camera is flying, and it’s cold, which is hard on batteries and motors. I was rather amazed at how well it did!



CryptogramISIS Cyberattacks

Citizen Lab has a new report on a probable ISIS-launched cyberattack:

This report describes a malware attack with circumstantial links to the Islamic State in Iraq and Syria. In the interest of highlighting a developing threat, this post analyzes the attack and provides a list of Indicators of Compromise.

A Syrian citizen media group critical of Islamic State of Iraq and Syria (ISIS) was recently targeted in a customized digital attack designed to unmask their location. The Syrian group, Raqqah is being Slaughtered Silently (RSS), focuses its advocacy on documenting human rights abuses by ISIS elements occupying the city of Ar-Raqah. In response, ISIS forces in the city have reportedly targeted the group with house raids, kidnappings, and an alleged assassination. The group also faces online threats from ISIS and its supporters, including taunts that ISIS is spying on the group.

Though we are unable to conclusively attribute the attack to ISIS or its supporters, a link to ISIS is plausible. The malware used in the attack differs substantially from campaigns linked to the Syrian regime, and the attack is focused against a group that is an active target of ISIS forces.

News article.

Krebs on SecurityComplex Solutions to a Simple Problem

My inbox has been flooded of late with pitches for new technologies aimed at making credit cards safer and more secure. Many of these solutions are exceedingly complex and overwrought — if well-intentioned — responses to a problem that we already know how to solve. Here’s a look at a few of the more elaborate approaches.

A promotion for the Siren Swipe technology.

A promotion for the Siren Swipe technology.

Some of these ideas may have benefited from additional research into where financial institutions actually experience most of their fraud losses. Hint: Lost-and-stolen fraud is minuscule compared to losses from other types of fraud, such as counterfeit cards and online fraud. Case in point: A new product called Safe Swipe. From their pitch:

“The basic premise of our solution, Safe Swipe…is a technology which ‘marries’ your smart mobile device, phone, tablet and or computer to your credit/debit card(s). We’ve developed a Geo-Locator software program which triangulates your location with the POS device and your mobile phone so that if your phone and credit card are not within a certain predetermined range of one another the purchase would be challenged. In addition, we incorporated an ON/OFF type switch where you can ‘Lock Down’ your credit/debit card from your mobile device making it useless should it ever be stolen.”

The truth is that you can “lock down” your credit card if it’s lost or stolen by calling your credit card company and reporting it as such.  Along these lines, I received multiple pitches from the folks who dreamed up a product/service called “Siren Swipe.” Check it out:

“The SIREN SWIPE system immediately notifies local police (via the local 911 center) of a thief’s location (ie merchant address) once heswipes a card that has already been reported stolen,” the folks at this company said in an email pitch to KrebsOnSecurity. “SIREN SWIPE has the potential to drastically impact the credit card fraud landscape because although card credentials being stolen is a forgone conclusion, which cards thieves decide to actually use is not.  For a thief browsing a site like Rescator, the knowledge that using certain banks’ cards could result in an immediate police response can make thieves avoid using these banks’ stolen cards over and over again.  And in the best case scenario, a carder site admin could just decide not to sell subscribing banks’ cards in the interest of customer service.”

The sad truth is that, for the most part, cops generally have more important things to do than chase around the street urchins who end up using stolen credit and debit cards, and they’re not going to turn on the dome lights and siren over something like this. Also, the signals for fraud are all backwards here: The fraudsters know to use criminal card-checking services before buying and/or using stolen cards, so they don’t generally end up using a pile of cards that have already been cancelled.

A diagram explaining Quantum Secure Authentication.

A diagram explaining Quantum Secure Authentication.

My favorite overwrought solution to making credit cards more secure comes from researchers in the Netherlands, who recently put out a paper announcing a card security idea they’re calling Quantum-Secure Authentication. According to its creators, this approach relies on “the unique quantum properties of light to create a secure question-and-answer exchange that cannot be spoofed or copied. From their literature:

“Traditional magnetic-stripe-only cards are relatively simple to use but simple to copy. Recently, banks have begun issuing so-called ‘smart cards’ that include a microprocessor chip to authenticate, identify & enhance security. But regardless of how complex the code or how many layers of security, the problem remains that an attacker who obtains the information stored inside the card can copy or emulate it. The new approach…avoids this risk entirely by using the peculiar quantum properties of photons that allow them to be in multiple locations at the same time to convey the authentication questions & answers. Though difficult to reconcile with our everyday experiences, this strange property of light can create a fraud-proof Q&A exchange, like those used to authorize credit card transactions.”

The main reason so many of these newfangled technologies are even being proposed is that the United States lags 20 years behind Europe and the rest of the world in adopting chip/smartcard technology in credit and debit cards. This is starting to change on both the card-issuing side (the banks) and the merchant side. Most of the biggest banks are already issuing chip cards, with smaller institutions following suit next year. In October 2015, merchants that haven’t yet installed card swipe terminals that accept chip cards will be liable for all of the fraud costs on any fraudulent transaction involving a chip card.

It’s unclear how much appetite there is for new technology to help banks fight card fraud, when so many financial institutions have yet to roll out chip cards. A payments fraud survey released this week by the Federal Reserve Bank of Minneapolis found that “high percentages of surveyed financial institutions report that fraud prevention costs exceed actual losses for many types of payments, especially wire, cash, and ACH payments. This trend is even more striking for non-financial respondents. In every payment category, a higher percentage of such firms responded that prevention costs exceed fraud losses.”

The Fed survey (PDF), which quizzed both banks and corporations, found that about half of the financial institutions that experienced payment fraud losses reported increases in those losses, while three quarters of the non-financial firms responded that loss rates had remained about the same over the prior year.

“In keeping with previous surveys, signature debit transactions are the payment type cited by the largest number of financial institutions as accounting for high levels of payments fraud losses (92% of financial service companies), while checks are cited by 75% of non-financial companies,” the Fed concluded. “While this finding could suggest that companies are overcompensating in prevention vis-à-vis likely losses, it is also possible that risk mitigation strategies and fraud prevention investments have indeed been effective.”

Sociological ImagesWhy I Called it “The Family” and What That Has To Do with Cosby

First, a note on language

In American English books from 1910 to 1950, about 25% of the uses of “family” were preceded by “the.” Starting about 1950, however, “the family” started falling out of fashion, finally dropping below 16% of “family” uses in the mid-2000s. This trend coincides with the modern rise of family diversity.

In her classic 1993 essay, “Good Riddance to ‘The Family’,” Judith Stacey wrote,

no positivist definition of the family, however revisionist, is viable. … the family is not an institution, but an ideological, symbolic construct that has a history and a politics.

The essay was in Journal of Marriage and the Family, published by the National Council on Family Relations. In 2001, in a change that as far as I can tell was never announced, JMF changed its name to Journal of Marriage and the Family, which some leaders of NCFR believed would make it more inclusive. It was the realization of Stacey’s argument.

I decided on the title very early in the writing of my book: The Family: Diversity, Inequality, and Social Change. I agreed with Stacey that the family is not an institution. Instead, I think it’s an institutional arena: the social space where family interactions take place. I wanted to replace the narrowing, tradition-bound term, with an expansive, open-ended concept that was big enough to capture both the legal definition and the diversity of personal definitions. I think we can study and teach the family without worrying that we’re imposing a singular definition of what that means.

It takes the unique genius that great designers have to capture a concept like this in a simple, eye-catching image. Here is how the artists at Kiss Me I’m Polish did it:


What goes in the frame? What looks like a harmless ice-breaker project — draw your family! — is also a conceptual challenge. Is it a smiling, generic nuclear family? A family oligarchy? Or a fictional TV family providing cover for an abusive, larger-than-life father figure who lectures us about morality while concealing his own serial rape behind a bland picture frame?

Whose function?

Like any family sociologist, I have great respect for Andrew Cherlin. I have taught from his textbook, as well as The Marriage Go-Round, and I have learned a lot from his research, which I cite often. But there is one thing in Public and Private Families that always rubbed me the wrong way when I was teaching: the idea that families are defined by positive “functions.”

Here’s the text box he uses in Chapter 1 (of an older edition, but I don’t think it’s changed), to explain his concept:


I have grown more sympathetic to the need for simplifying tools in a textbook, but I still find this too one-sided. Cherlin’s public family has the “main functions” of child-rearing and care work; the private family has “main functions” of providing love, intimacy, and emotional support. Where is the abuse and exploitation function?

That’s why one of the goals that motivated me to finish the book was to see the following passage in print before lots of students. It’s now in Chapter 12: Family Violence and Abuse:

We should not think that there is a correct way that families are “supposed” to work. Yes, families are part of the system of care that enhances the lived experience and survival of most people. But we should not leap from that observation to the idea that when family members abuse each other, it means that their families are not working. … To this way of thinking, the “normal” functions of the family are positive, and harmful acts or outcomes are deviations from that normal mode.

The family is an institutional arena, and the relationships between people within that arena include all kinds of interactions, good and bad. … And while one family member may view the family as not working—a child suffering abuse at the hands of a trusted caretaker, for example—from the point of view of the abuser, the family may in fact be working quite well, regarding the family as a safe place to carry out abuse without getting caught or punished. Similarly, some kinds of abuse—such as the harsh physical punishment of children or the sexual abuse of wives—may be expected outcomes of a family system in which adults have much more power than children and men (usually) have more power than women. In such cases, what looks like abuse to the victims (or the law) may seem to the abuser like a person just doing his or her job of running the family.

Huxtable family secrets

Which brings us to Bill Cosby. After I realized how easy it was to drop photos into my digital copy of the book cover, I made a series of them to share on social media — and planning to use them in an introductory lecture — to promote this framing device for the book. On September 20th of this year I made this figure and posted it in a tweet commemorating the 30th anniversary of The Cosby Show:


Ah, September. When I was just another naïve member of the clueless-American community, using a popular TV family to promote my book, blissfully unaware of the fast-approaching marketing train wreck beautifully illustrated by this graph of internet search traffic for the term “Cosby rape”:


I was never into The Cosby Show, which ran from my senior year in high school through college graduation (not my prime sitcom years). I love lots of families, but I don’t love “the family” any more than I love “society.” Like all families, the Huxtables would have had secrets if they were real. But now we know that even in their fictional existence they did have a real secret. Like some real families, the Huxtables were a device for the family head’s abuse of power and sexuality.

So I don’t regret putting them in the picture frame. Not everything in there is good. And when it’s bad, it’s still the family.

Philip N. Cohen is a professor of sociology at the University of Maryland, College Park. He is the author of The Family: Diversity, Inequality, and Social Change and writes the blog Family Inequality. You can follow him on Twitter or Facebook.

(View original at

TEDThe first TEDx in Cuba: An event in Habana, two years in the making

A rooftop view of Habana, Cuba, which just welcomed its first TEDx event. Photo: Courtesy of Andres Levin

A rooftop view of Habana, Cuba, which just welcomed its first TEDx event. Photo: Courtesy of Andres Levin

By Jenny Groza

Habana, Cuba, which was called “the rich man’s playground” before World War II, now evokes an air of mystery—a giant question mark. Are there still midcentury cars roaming the streets? Blighted neighborhoods with broken windows and collapsing roofs? Citizens eking out a living after years of oppression?

These, says Andres Levin, the organizer of TEDxHabana, are common misconceptions about what life in Cuba is actually like. “There’s a thriving arts and music scene, and people are figuring out how to use technology, considering the obvious limitations,” he says. “The TEDx format is allowing us to bring these like-minded people together.”

In 2012, Levin and and his wife, CuCu Diamantes, applied for a TEDx license to hold an event in Habana, Cuba — the first TEDx event in the island country. Because Diamantes is from Cuba — and because the two have traveled there frequently — Levin hoped to bring forward-thinking Cubans together to spread ideas and ignite new partnerships. “My inspiration came from the idea that TEDx offers a platform that, for Cuba, will go beyond any political and social boundaries,” says Levin. “Also, I liked the idea that I could bring together both American and Cuban speakers on the TEDx stage that potentially touch on different views on subjects.”

Levin and Diamantes’ TEDx application was accepted, and they were granted the license to hold the first-ever TEDxHabana. But because Levin lives in New York City, he had to apply for a special event license through the US State Department, as all foreign-planned conferences of a certain size must do. After sending off the application for that license, he waited. And waited. Then he waited some more.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src=";rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Two years after his application was submitted, Levin was granted permission to hold an event in Cuba — as long as it took place within the next six months.

Levin had just six months to organize a TEDx event in a country where many people had never heard of TED, let alone seen a TED Talk. Six months to find speakers and curate a diverse lineup of talks that represented the breadth and diversity of the people of Cuba. Six months to confirm a venue. Six months to let people know the event was happening and that they should attend. 

Those six months were full of excitement and unexpected solutions to even more unexpected problems. The biggest challenge that Levin, Diamantes, and fellow organizer Jorge Perugorria faced was educating speakers who had never heard about TED. “We ended up taking DVDs of TED Talks on the road with us and showing them to speakers to teach them the format of a TED Talk,” says Levin. “Some speakers had spoken in front of huge audiences before, but still hadn’t done anything like a TED-style talk. But they totally got it.”

Another challenge posed to the TEDxHabana organizing team was the lack of high-speed Internet in Cuba. There’s Internet in Cuba, but it’s dial-up and not available on smartphones. ”It’s uncomfortable when you’re trying to get things done quickly,” says Levin, “but there’s more human and quality communication. For this event we were able to reach thousands of people instantly via a mass text message — the equivalent of an e-blast.”

A speaker onstage at TEDxHabana. Photo: Courtesy of Andrew Levin

A speaker onstage at TEDxHabana. Photo: Courtesy of Andrew Levin

Yet another challenge: As the day of the event approached, the 300-person venue that Levin had confirmed suddenly became unavailable. He and his team had 72 hours to find a new venue for the crowd they expected — and they weren’t completely clear on how many people would be walking through the door. It was a free event and they had distributed 10,000 flyers around Habana, in addition to sending out that mass text message.

Less than three days before the event, Levin was able to find a new venue — this time, one that held 1,000 people. Turns out the larger venue was an absolute necessity: the theater was packed, and stayed full for all three sessions of the day-long event. 

After two and a half years, TEDxHabana finally came to fruition on November 15, 2014.

The theme: “inCUBAndo!,” or “InCUBAte.” The talks and performances all encouraged the audience to think outside of the box in some way and push their expectations of what Cuba can and will be. “I didn’t want every speaker to give a TED-style talk,” says Levin. “I wanted to give TED a Cuban flavor.”

A dance break during TEDxHabana. Photo: Courtesy of Andres Levin

A dance break during TEDxHabana. Photo: Courtesy of Andres Levin

With a cross-disciplinary speaker lineup, Levin covered all the bases. A documentary filmmaker was followed on stage by a cybernetics engineer who was followed by a social worker campaigning against teen alcohol consumption. Talks were given in both Spanish and English, with live translation headsets available to the audience.

A trend that ran throughout the course of the day: the importance, and challenges, of farming without pesticides, as Cuba is completely organic. “They use practices that more developed countries are trying to get back to — but out of necessity,” says Levin. On the TEDxHabana stage, Miguel Salcines spoke about his work as the creator of the largest vegetable garden in Cuba — a 25-acre farm in one of Cuba’s most densely populated urban areas. Closing out the event, a group of farmers freestyle rapped about the day’s ideas. 

The varied speaker lineup was matched by an equally diverse audience, which is one of the things Levin says he’s most proud of about TEDxHabana. “Our speakers were diverse and came from different parts of Cuba, and we encouraged them to bring their friends and families,” says Levin. “So our audience wasn’t just university students, and it wasn’t just artists. It was everyone coming together to talk and listen in one place.”

Most exciting of all, says Levin, is that there’s already enthusiasm for TEDxHabana to take place next year. He says that many members of the audience have reached out to him asking to get involved. And he is excited to start planning. Especially with President Barack Obama announcing on Wednesday, December 17, that he was moving to reopen up diplomatic ties between the United States and Cuba, Levin has high hopes that the next event won’t include a two-year wait and six-month organizing timeline.


A lacquered ‘x’ at TEDxHabana. Photo: Courtesy of Andres Levin


CryptogramThe Limits of Police Subterfuge

"The next time you call for assistance because the Internet service in your home is not working, the 'technician' who comes to your door may actually be an undercover government agent. He will have secretly disconnected the service, knowing that you will naturally call for help and -- ­when he shows up at your door, impersonating a technician­ -- let him in. He will walk through each room of your house, claiming to diagnose the problem. Actually, he will be videotaping everything (and everyone) inside. He will have no reason to suspect you have broken the law, much less probable cause to obtain a search warrant. But that makes no difference, because by letting him in, you will have 'consented' to an intrusive search of your home."

This chilling scenario is the first paragraph of a motion to suppress evidence gathered by the police in exactly this manner, from a hotel room. Unbelievably, this isn't a story from some totalitarian government on the other side of an ocean. This happened in the United States, and by the FBI. Eventually -- I'm sure there will be appeals -- higher U.S. courts will decide whether this sort of practice is legal. If it is, the country will slide even further into a society where the police have even more unchecked power than they already possess.

The facts are these. In June, Two wealthy Macau residents stayed at Caesar's Palace in Las Vegas. The hotel suspected that they were running an illegal gambling operation out of their room. They enlisted the police and the FBI, but could not provide enough evidence for them to get a warrant. So instead they repeatedly cut the guests' Internet connection. When the guests complained to the hotel, FBI agents wearing hidden cameras and recorders pretended to be Internet repair technicians and convinced the guests to let them in. They filmed and recorded everything under the pretense of fixing the Internet, and then used the information collected from that to get an actual search warrant. To make matters even worse, they lied to the judge about how they got their evidence.

The FBI claims that their actions are no different from any conventional sting operation. For example, an undercover policeman can legitimately look around and report on what he sees when he invited into a suspect's home under the pretext of trying to buy drugs. But there are two very important differences: one of consent, and the other of trust. The former is easier to see in this specific instance, but the latter is much more important for society.

You can't give consent to something you don't know and understand. The FBI agents did not enter the hotel room under the pretext of making an illegal bet. They entered under a false pretext, and relied on that for consent of their true mission. That makes things different. The occupants of the hotel room didn't realize who they were giving access to, and they didn't know their intentions. The FBI knew this would be a problem. According to the New York Times, "a federal prosecutor had initially warned the agents not to use trickery because of the 'consent issue.' In fact, a previous ruse by agents had failed when a person in one of the rooms refused to let them in." Claiming that a person granting an Internet technician access is consenting to a police search makes no sense, and is no different than one of those "click through" Internet license agreements that you didn't read saying one thing and while meaning another. It's not consent in any meaningful sense of the term.

Far more important is the matter of trust. Trust is central to how a society functions. No one, not even the most hardened survivalists who live in backwoods log cabins, can do everything by themselves. Humans need help from each other, and most of us need a lot of help from each other. And that requires trust. Many Americans' homes, for example, are filled with systems that require outside technical expertise when they break: phone, cable, Internet, power, heat, water. Citizens need to trust each other enough to give them access to their hotel rooms, their homes, their cars, their person. Americans simply can't live any other way.

It cannot be that every time someone allows one of those technicians into our homes they are consenting to a police search. Again from the motion to suppress: "Our lives cannot be private -- ­and our personal relationships intimate­ -- if each physical connection that links our homes to the outside world doubles as a ready-made excuse for the government to conduct a secret, suspicionless, warrantless search." The resultant breakdown in trust would be catastrophic. People would not be able to get the assistance they need. Legitimate servicemen would find it much harder to do their job. Everyone would suffer.

It all comes back to the warrant. Through warrants, Americans legitimately grant the police an incredible level of access into our personal lives. This is a reasonable choice because the police need this access in order to solve crimes. But to protect ordinary citizens, the law requires the police to go before a neutral third party and convince them that they have a legitimate reason to demand that access. That neutral third party, a judge, then issues the warrant when he or she is convinced. This check on the police's power is for Americans' security, and is an important part of the Constitution.

In recent years, the FBI has been pushing the boundaries of its warrantless investigative powers in disturbing and dangerous ways. It collects phone-call records of millions of innocent people. It uses hacking tools against unknown individuals without warrants. It impersonates legitimate news sites. If the lower court sanctions this particular FBI subterfuge, the matter needs to be taken up -- ­and reversed­ -- by the Supreme Court.

This essay previously appeared in The Atlantic.

Worse Than FailureCodeSOD: A Perfect 10

two-hands-equals-10-fingersAndrew found this code on the product pages of a fairly popular automotive e-commerce website. It's called whenever an 'attribute' of a product (size, color, etc.) is selected or changed by the user.

The main focus of this code is to update a concatenation of the values of all currently selected attributes which are stored in a hidden form input field. Once it has done that, it hands off to another function to make an AJAX request with this concatenated value as a parameter.

Sounds simple, right? Well, it is, assuming you've ever heard of basic JavaScript concepts like arrays, loops and accessing an object's properties as if it were a keyed array. However, if you haven't, your code might take the long way around.

var ao0, ao1, ao2, ao3, ao4, ao5, ao6, ao7, ao8, ao9; function updateAttrib(node, pg, index){

  var j;
  var aa = document.ProductForm.attribs.value;
  var attribs = aa.split("@");

  if(index == 0){
    var a = document.ProductForm.attrib0.value;
    var as = a.split("~");

    if(a == 'select'){
      var io = aa.indexOf(ao0);
      if(io != -1)
        aa = aa.replace(ao0 + "@", '');
      var found = false;
      for(j = 0; j < attribs.length; j++){
        var split = attribs[j].split("~");
        if(split[0] == as[0]){
          aa = aa.replace(ao0 + "@", a + "@");
          found = true;

        aa = aa + a + "@";
      ao0 = a;
  }else if(index == 1){
    a = document.ProductForm.attrib1.value;
    as = a.split("~");

    if(a == 'select'){
      io = aa.indexOf(ao1);
      if(io != -1)
        aa = aa.replace(ao1 + "@", '');
      found = false;
      for(j = 0; j < attribs.length; j++){
        split = attribs[j].split("~");
        if(split[0] == as[0]){
          aa = aa.replace(ao1 + "@", a + "@");
          found = true;

        aa = aa + a + "@";
      ao1 = a;
  }else if(index == 2){
    a = document.ProductForm.attrib2.value;
    as = a.split("~");

    if(a == 'select'){
      io = aa.indexOf(ao2);
      if(io != -1)
        aa = aa.replace(ao2 + "@", '');
      found = false;
      for(j = 0; j < attribs.length; j++){
        split = attribs[j].split("~");
        if(split[0] == as[0]){
          aa = aa.replace(ao2 + "@", a + "@");
          found = true;

        aa = aa + a + "@";
      ao2 = a;
  }else if(index == 3){
    a = document.ProductForm.attrib3.value;
    as = a.split("~");

    if(a == 'select'){
      io = aa.indexOf(ao3);
      if(io != -1)
        aa = aa.replace(ao3 + "@", '');
      found = false;
      for(j = 0; j < attribs.length; j++){
        split = attribs[j].split("~");
        if(split[0] == as[0]){
          aa = aa.replace(ao3 + "@", a + "@");
          found = true;

        aa = aa + a + "@";
      ao3 = a;
  }else if(index == 4){
    a = document.ProductForm.attrib4.value;
    as = a.split("~");

    if(a == 'select'){
      io = aa.indexOf(ao4);
      if(io != -1)
        aa = aa.replace(ao4 + "@", '');
      found = false;
      for(j = 0; j < attribs.length; j++){
        split = attribs[j].split("~");
        if(split[0] == as[0]){
          aa = aa.replace(ao4 + "@", a + "@");
          found = true;

        aa = aa + a + "@";
      ao4 = a;
  }else if(index == 5){
    a = document.ProductForm.attrib5.value;
    as = a.split("~");

    if(a == 'select'){
      io = aa.indexOf(ao5);
      if(io != -1)
        aa = aa.replace(ao5 + "@", '');
      found = false;
      for(j = 0; j < attribs.length; j++){
        split = attribs[j].split("~");
        if(split[0] == as[0]){
          aa = aa.replace(ao5 + "@", a + "@");
          found = true;

        aa = aa + a + "@";
      ao5 = a;
  }else if(index == 6){
    a = document.ProductForm.attrib6.value;
    as = a.split("~");

    if(a == 'select'){
      io = aa.indexOf(ao6);
      if(io != -1)
        aa = aa.replace(ao6 + "@", '');
      found = false;
      for(j = 0; j < attribs.length; j++){
        split = attribs[j].split("~");
        if(split[0] == as[0]){
          aa = aa.replace(ao6 + "@", a + "@");
          found = true;

        aa = aa + a + "@";
      ao6 = a;
  }else if(index == 7){
    a = document.ProductForm.attrib7.value;
    as = a.split("~");

    if(a == 'select'){
      io = aa.indexOf(ao7);
      if(io != -1)
        aa = aa.replace(ao7 + "@", '');
      found = false;
      for(j = 0; j < attribs.length; j++){
        split = attribs[j].split("~");
        if(split[0] == as[0]){
          aa = aa.replace(ao7 + "@", a + "@");
          found = true;

        aa = aa + a + "@";
      ao7 = a;
  }else if(index == 8){
    a = document.ProductForm.attrib8.value;
    as = a.split("~");

    if(a == 'select'){
      io = aa.indexOf(ao8);
      if(io != -1)
        aa = aa.replace(ao8 + "@", '');
      found = false;
      for(j = 0; j < attribs.length; j++){
        split = attribs[j].split("~");
        if(split[0] == as[0]){
          aa = aa.replace(ao8 + "@", a + "@");
          found = true;

        aa = aa + a + "@";
      ao8 = a;
  }else if(index == 9){
    a = document.ProductForm.attrib9.value;
    as = a.split("~");

    if(a == 'select'){
      io = aa.indexOf(ao9);
      if(io != -1)
        aa = aa.replace(ao9 + "@", '');
      found = false;
      for(j = 0; j < attribs.length; j++){
        split = attribs[j].split("~");
        if(split[0] == as[0]){
          aa = aa.replace(ao9 + "@", a + "@");
          found = true;

        aa = aa + a + "@";
      ao9 = a;

  document.ProductForm.attribs.value = aa;
  var image = document.ProductForm.iid.value;

  var q = document.ProductForm.quantity.value;
  doAjax("/" + node + "&g=" + pg + "&a=" + aa + "&i=" + image + "&q=" + q + "&uid=" + new Date().getTime(), setProdAttrib); }


Here's to hoping that at least their server-side stuff isn't hard-coded to 10 attributes per product...

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet DebianMario Lang: deluXbreed #2 is out!

The third installment of my crossbreed digital mix podcast is out!

This time, I am featuring Harder & Louder and tracks from Behind the Machine and the recently released Remixes.

  1. Apolloud - Nagazaki
  2. Apolloud - Hiroshima
  3. SA+AN - Darksiders
  4. Im Colapsed - Cleaning 8
  5. Micromakine & Switch Technique - Ascension
  6. Micromakine - Cyberman (Dither Remix)
  7. Micromakine - So Good! (Synapse Remix)

How was DarkCast born and how is it done?

I always loved 175BPM music. It is an old thing that is not going away soon :-). I recently found that there is a quite active culture going on, at least on BandCamp. But single tracks are just that, not really fun to listen to in my opinion. This sort of music needs to be mixed to be fun. In the past, I used to have most tracks I like/love as vinyl, so I did some real-world vinyl mixing myself. But these days, most fun music is only available digitally, at least easily. Some people still do vinyl releases, but they are actually rare.

So for my personal enjoyment, I started to digitally mix tracks I really love, such that I can listen to them without "interruption". And since I am an iOS user since three years now, using the podcast format to get stuff onto my devices was quite a natural choice.

I use SoX and a very small shell script to create these mixes. Here is a pseudo-template:

sox --combine mix-power \
"|sox \"|sox 1.flac -p\" \"|sox 3.flac -p speed 0.987 delay 2:28.31 2:28.31\" -p" \
"|sox \"|sox 2.flac -p delay 2:34.1 2:34.1\" -p" \

As you can imagine, it is quite a bit of fiddling to get these scripts to do what you want. But it is a non-graphical method to get things done. If you know of a better tool, possibly with a bit of real-time controls, to get the same job done, wihtout having to resort to a damn GUI, let me know.

Kelvin ThomsonAustralia's Rapid Population Growth Continues

Australian Bureau of Statistics figures show Australia's population reached 23 and a half million at the end of 2013/14, having increased by around 365,000 during the past year.<o:p></o:p>

The natural increase in population – the number of births minus the number of deaths – was over 150,000 for the eighth year in a row, again making a nonsense of claims that without migration Australia's population would stop growing.<o:p></o:p>

Net overseas migration was over 212,000. This is consistent with the average for this decade so far, which is nearly 50,000 higher than the average of 165,000 during the previous decade, and two and a half times the 80,000 average of the 1990s.<o:p></o:p>

There is no precedent for Australia running such a migration program at a time of 6 per cent plus unemployment. It is a certain recipe for rising unemployment, long-term unemployment and job insecurity, with all the personal misery and social problems which arise from that.<o:p></o:p>

Rapid population growth also leads to wildlife habitat destruction, increasing carbon emissions, rising cost of living, and makes it harder to balance the books. It is a short-sighted and greedy drive for profit from the big end of town which prejudices the future of our young people.<o:p></o:p>

Planet Linux News: Python Software Foundation Outreach Programme

AUCKLAND, New Zealand – Thursday 18th December 2014 – 2015 organisers are proud to announce an update to our funding programme!

Python Software Foundation Outreach Programme

LCA 2015 and the Python Software Foundation are proud to support our community. To supplement the existing InternetNZ Diversity fund the PSF have donated additional funds for candidates within the Python community.

The Python Software Foundation appreciates LCA 2015's commitment to diversity, and is proud to add its own contribution in the form of the Python Software Foundation Outreach Fund. Much system software for Linux is written in Python (including both distro level tools and open source system management projects like OpenStack, Salt and Ansible), and Linux is often the default choice for deployment of Python web services and other networked applications. This contribution is intended to strengthen ties between the Python and Linux communities by assisting under-represented delegates who participate in the Python community in the region but, without financial assistance, would not be able to attend LCA 2015.

For more information please see our funding registration page.

About is one of the world's best conferences for free and open source software! The coming; LCA 2015 will be held at the University of Auckland, New Zealand from Monday 12 January to Saturday 16 January 2015. LCA 2015 will be fun, informal and seriously technical, bringing together Free and Open Source developers, users and community champions from around the world. LCA 2015 is the third time has been held in New Zealand. The first was in Dunedin in 2006 and the second was in Wellington in 2010.

For more information please visit our website

About Linux Australia

Linux Australia is the peak body for Linux User Groups (LUGs) around Australia, and as such represents approximately 5000 Australian Linux users and developers. Linux Australia facilitates the organisation of this international Free Software conference in a different Australasian city each year.

For more information see:

Emperor Penguin Sponsors

LCA 2015 is proud to acknowledge the support of our Emperor Penguin Sponsors, Catalyst IT, HP and IBM, and our diversity sponsor Internet NZ.

For more information about our sponsors click below -


Planet Linux AustraliaAndrew Pollock: [life] Day 322: Suspected chicken pox and laying low

At bath time last night, Zoe had some spots on her torso. Interestingly, he first reaction upon seeing them in the mirror was "Chicken!". I was more sceptical, because she's been vaccinated for chicken pox, and wasn't showing other symptoms. I thought it may have been from crawling along the tree branch. So I put her to bed and said we would check them in the morning.

After a good night's sleep, but a ridiculously early start at 5am, she still had spots, but was otherwise fine, so I decided to make a doctor's appointment. I managed to get one for 12:15am, so we just hung out at home in the morning, and Zoe watched some TV. It was ridiculously hot, so it was a good day to be indoors with the air conditioning cranked up.

After an early lunch, we went to the doctor. She said that Zoe had a slight fever, but she was also doubtful if it looked like chicken pox. She said to give it 48 hours to see what happened. She said if it was chicken pox, it'd be a mild case, given she's vaccinated.

I guess the school holidays is as good a time as any to be out of commission. Hopefully we both won't go too stir crazy.

She also said that given how Zoe was presenting we didn't need to go too overboard on isolation, so we made a quick trip out to Westfield Carindale to pick up some birthday cards, before heading home again.

Zoe's temperature got a bit higher in the afternoon, and she ended up taking a long, late nap on the couch. I used the time to work on the next unit of my real estate licence course, and made some good progress.

I pretty much had to wake her up when it was time for Sarah to pick her up, and she still had a low grade fever, but was otherwise in good spirits.

LongNowJesse Ausubel Seminar Tickets


The Long Now Foundation’s monthly

Seminars About Long-term Thinking

Jesse Ausubel presents Nature is Rebounding: Land- and Ocean-sparing through Concentrating Human Activities

Jesse Ausubel presents “Nature is Rebounding: Land- and Ocean-sparing through Concentrating Human Activities”


Tuesday January 13, 02015 at 7:30pm SFJAZZ Center

Long Now Members can reserve 2 seats, join today! General Tickets $15


About this Seminar:

Jesse Ausubel is an environmental scientist and program manager of a number of global biodiversity and ecology research programs. Ausubel serves as Director and Senior Research Associate of the Program for the Human Environment at Rockefeller University.

He was instrumental in organizing the first UN World Climate Conference which was held in Geneva in 01979, and is one of the founders of the field of Industrial Ecology.


Kelvin ThomsonSenator Leyonhelm's Gun Madness

Senator Leyonhelm's opposition to John Howard's gun laws, and his view that the world would be a safer place if we all carried arms, is plain madness.<o:p></o:p>

After 35 people, including small children, were killed at Port Arthur in 1996, the Australian Police Ministers Council agreed to a national plan for the regulation of firearms.<o:p></o:p>

Since these laws were enacted Australia has not had a repeat of the massacres we had before they came into effect. The number of gun deaths in all categories – homicides, suicides, and accidental shootings – has declined dramatically since 1996, and thousands of Australian lives have been saved as a result.<o:p></o:p>

Australia's deaths by firearms homicides dropped by 59 percent in the decade after the gun laws were tightened. Britain also achieved a decline in murders involving firearms after banning all private ownership of automatic weapons and virtually all handguns in 1996, after 16 children and their teacher were killed by a gunman in Dunblane, Scotland. Japan has very strict laws about guns – in 2008 only 11 people were killed with guns in Japan, while 12,000 people were killed by firearms in the United States!<o:p></o:p>

In Australia people going for a jog are not at risk of being murdered by young thrill seekers, as happened to my former constituent Chris Lane, shot in the back in the United States last year. The United States has the lax gun laws that Senator Leyonholm admires, and it has one hundred times as many gun deaths each year as we do.<o:p></o:p>

This is because, as research on the matter has shown, when you own or carry a gun, you are more likely to be the victim, perpetrator or accessory to a crime that wouldn't take place without it in the first place.<o:p></o:p>

Before Adam Lanza killed 20 little schoolchildren and six teachers at Sandy Hook primary school, he killed his mother with a gun she had bought to enhance her safety. When Aaron Alexis killed 13 people in the Washington Navy Yard rampage last year, he killed a security guard with a shotgun he had purchased legally, took the guard's weapon and killed another victim with that after his shotgun ran out of ammunition. <o:p></o:p>

The fewer guns there are in Australia, the safer we all are.<o:p></o:p>

TEDThe TED Gift Guide

tedgiftguideBuying gifts? It is HARD. Especially when so many gift guides offer up ideas for what to get your dad, co-worker or sister without taking into account what actually interests those specific people in your life. A better way to locate the perfect gift? Think about what captures a person’s curiosity, and then seek ideas from people in that field. To get you started, we asked 10 members of the TED community — in a wide variety of fields — to share what they’d love to unwrap this season. Below, their gift-giving recommendations.


Gifts for travelers

Gift-Guide-travelerCurated by travel writer Pico Iyer, whose TED Book The Art of Stillness invites you to slow down, disconnect and reflect.

  1. “I’d love a year’s subscription to Monocle magazine.”
  2. “A bottle of verbena-scented spray to help me feel at home — and fresh — wherever I happen to be.”
  3. “ A relatively portable paperback edition of Shakespeare’s complete works.”
  4. “A set of 10 unlined mini-notebooks that are small enough to fit in a pocket. I personally like AnalogBooks.”
  5. “A good pair of RBH headphones.”
  6. The splurge: “The ultimate traveler’s gift is a paid trip to Lhasa, Tibet. The place has changed dramatically since I first visited in 1985 and, of course, something of its spirit has been lost and obscured in an onslaught of highrises, theme parks, nightclubs and hotels. But no place is most affecting, inspiring and uplifting than Tibet — all the more so as it’s so imperiled. I’d want it as a present this year because each passing season brings new threats to the Tibet that has stirred and moved so many for so long.”


Gifts for scientists

Gift-Guide-scienceCurated by Ed Yong, of the incredible blog Not Exactly Rocket Science over at National Geographic. His TED Talk explains what a zombie roach is.

  1. These stuffed toys are probably the only way you can give chlamydia, herpes and Ebola to your friends and family without them resenting you for it. There’s even a common cold virus in a Santa hat.”
  2. A timeless collection of superb natural history documentaries, by the owner of that voice.”
  3. “In 1837, Darwin sketched this tree of life in a notebook. It perfectly symbolises the shared origin that connects the most miniscule microbe to the most high-falutin’ human. I like it on a t-shirt.”
  4. The Forest Unseen is the best science book I can remember reading. It’s suffused with poetry, flair and transcendent observations of a world that often skips us by.”
  5. “In the right hands, microbes, neurons and other cells can be strikingly beautiful. Artologica’s versions are nice enough to hang on your wall or wear around your neck.”
  6. The splurge: “The astronomical price of this $245,000 planetarium watch will make your friends starry-eyed while burning a black hole in your wallet. (I’m not even sorry.)”


Gifts for photographers

Gift-Guide-PhotographyCurated by TED Fellow Laura Boushnak, a Kuwaiti-born Palestinian photographer whose images focus on literacy and education reform among women in the Arab world.

  1. “I’d love a Pocket Spotlight. This continuous light source can either be mounted on your phone or handheld. It’s useful for low-light situations.”
  2. “A selfie stick is a good way to include all your friends in your shot! It also works as a monopod and can help you shoot from unusual angles.”
  3. “Arnold Newman pioneered the environmental portrait, and is a big inspiration for me. This book covers Newman’s early documentary work and collage photographs, then proceeds to his portraits of painters, composers, architects, scientists, writers, political and religious leaders.”
  4. “I find online photography courses very useful — that’s how I first studied photography almost 18 years ago. I recommend the New York Institute of Photography.”
  5. “I love to get a pack of five Quick Snap waterproof disposable cameras. They’re fun to give away to kids!”
  6. The splurge: “This digital medium-format Pentax 645z — which I’d love paired with the 55mm 2.8 lens! — makes large-megapixel files. That translates to extremely high-resolution, exhibition quality prints. Very important for the kind of work I do.”


Gifts for sports enthusiasts

TED-Gift-Guide-sportsCurated by David Epstein, author of The Sports Gene, whose TED Talk looks at whether athletes are really getting better, faster and stronger.

  1. “In Brazil, you might be surprised to see kids playing not football (a.k.a. soccer), but futsal, a miniaturized form. The futsal ball is small and less bouncy, so the game is frantically paced and requires serious improvisational footwork.”
  2. “For those who can’t believe they ever had to snowboard without knowing their precise rate of vertical descent or pulse rate and airtime during that last jump, the Recon Instruments Snow2 ski goggles give you a display inside your goggles.”
  3. “Invented by a NASA scientist, the AlterG Anti-Gravity treadmill allows the user to modify the air pressure around their lower body, reducing the amount of body weight being carried. I used one while rehabbing a knee injury, and it allowed me to thrash myself in a cardio workout without making the injury worse. The treadmill costs $35,000 — but you can purchase sessions for $25 a pop or $50 for three.”
  4. “I often give copies of Why We Run to fellow endurance enthusiasts. The author is a biologist and explores endurance throughout the animal kingdom, then applies what he learns to his own training.”
  5. Wiffle Ball is fun. And experimenting with the aerodynamics of the ball — which has openings on one side — can produce pitches that move in astounding and hilarious ways. Humans don’t have a visual system capable of tracking a fast-moving ball as its angular position changes (the advice to “keep your eye on the ball” is nonsense; can’t do it), so if your pitch moves late in its flight, you’ll literally be unhittable.”
  6. The splurge: “A hotel room in Rio during the 2016 Olympics. But since a few things on my list are pricey, here’s something free: the Vintage Royal Canadian Air Force 5BX Fitness Plan. In the 1950s, concerned about the fitness of pilots, the RCAF created a plan that could be done in the smallest of spaces (I’m looking at you, hotel room), in as little as 11 minutes a day. It holds up today.”


Gifts for the eco-conscious

Gift-Guide-Eco-ConsciousCurated by sustainability designer Adital Ela, a TED Fellow who makes beautiful and functional pieces that are made from natural materials and friendly to the environment.

  1. “Ragbags are upcycled from plastic bags, tea sacks and cotton rags in India. I would love one.”
  2. “The LifeStraw water filter now comes in a sports bottle, making it easy to have a supply of safe water on the go. Bonus: LifeStraw gives a child in Africa clean water for a year with each filter purchased.”
  3. “If you want to wash your hair but don’t have time or are nowhere near water, Alder New York’s Natural Hair Powder does the trick. It’s made of rice powder, kaolin clay, organic horsetail powder and essential oils.”
  4. “This simple rack by Swedish designer Karl Mikael Ling is made from just six components. It’s designed to simultaneously store and show off a bicycle in a small apartment.”
  5. “If the ones you love already have everything, give the gift of giving. The items available in the Heifer catalog offer gifts that help support sustainable farming and provide basic necessities, like clean water, for those in need.”
  6. The splurge: “Grow your own produce — year round! This hydroculture system was developed at MIT Media Lab and uses automated growth management and network communications. This one is on my perpetual wish list, even though it’s currently in the beta phase.”


Gifts for film buffs

Guft-Guide-FilmCurated by Yoruba Richen, who made the documentary film The New Black and gave the TED Talk, “What the gay rights movement learned from the civil rights movement.”

  1. “I’d love two tickets to the film Selma, which opens on December 25. It’s about the Selma to Montgomery voting marches that launched Martin Luther King, Jr. to fame. It’s directed by the amazing Ava DuVarney, who may become the first black female director nominated for an Oscar.”
  2. “Can’t wait to read Martin Short’s new memoir, I Must Say: My Life As a Humble Comedy Legend. He’s great comedian and I love a dishy Hollywood tell-all as much as the next person.”
  3. The Public Theater in New York City has been an innovative, exciting theater for decades and the work they present continues to provoke, excite and inspire me. Tickets please!”
  4. “The book The New Jim Crow. Never before has the issue of the criminalization of black folks in this country been more relevant to examine and understand historically.”
  5. A subscription to Film Comment. A classic for a reason.
  6. The splurge: “A C100 Cinema Camera is fast becoming the doc standard. It combines the beauty of the DSLR cameras, yet corrects for some of the DSLR shortcomings, like being able to record sound.”


Gifts for design lovers

Gift-Guide-designCurated by architect and TED Fellow Xavier Vilalta, who adapts traditional design elements into modern buildings that work in harmony with the environment.

  1. “Whether as fruit bowls or folding sculptures, I want to have many of these around me at home.”
  2. “Oliberté’s awesome, quality leather products, designed and produced in Ethiopia, are fair trade. Designs for men and women include shoes and bags.”
  3. The Pantone mug! Choose a different color every morning according to your mood.
  4. Marco Mahler’s metal mobiles are inspired by Alexander Calder’s designs. Their lightness makes my mind fly away just looking at them.”
  5. “If you decide to spend your holidays in warm latitudes, deck yourself out in this colorful African-print beachwear.”
  6. The splurge: “This wooden lampshade is a classic Barcelona design that creates beautiful, filtered light, and brings elegant cosiness to any space.”


Gifts for technologists

Gift-Guide-technologistsCurated by Jorge Soto, whose TED Talk demos a test for early signs of cancer that runs on a smartphone. Warning: some of his suggestions are like Tickle Me Elmo for adults—extremely hard to get your hands on this season, as several are Kickstarter projects or are temporarily sold out.

  1. “Sometimes you just need to share an idea out loud or talk through an algorithm that is failing. Sometimes it just gets lonely late at the office. I’d love to have a Jibo robot as a lab companion, to take notes and pictures, and track where I’ve made a mistake. Or to play great Bob Dylan music while I’m working.”
  2. “I believe innovation comes when people with both knowledge and naiveté in different fields have the tools to look at old problems with new approaches. Projects like the Open qPCR is a good start to democratize biotech. I’d love to try it out.”
  3. I’m interested in this universal remote, the Harmony Home. The way it works is pretty cool. There’s a device that you put somewhere in your room that sends out the IR signal to all your devices. You can then use the remote or any smartphone to control anything you want.
  4. Keyboards can get very, very dirty. These colorful gels keep it clean without doing damage.
  5. “I’m curious about Xiaomi Mi 5, a smartphone that will be released in 2015 in China and that may come to the US after. They say it will have a 40+ megapixel camera and a battery that last 24 hours. I don’t even know what that looks like.”
  6. “One problem I continually see in the lab is that each experiment still requires a lot of manual intervention. I’d love to try the OpenTrons out and let Fay (our chief scientist) take a rest from pipetting once in a while.”


Gifts for musicians

Gift-Guide-music-redoCurated by composer, community builder and TED Fellow Dan Visconti.

  1. “The home speaker system by SONOS is the most comprehensive solution for wirelessly streaming music from computers and mobile devices. The speakers are modular, so users can start with a single small one and eventually fill their entire home with a system. Mozart in the living room while someone else works out to Bon Jovi in another room? No problem!”
  2. “This music notebook by Moleskine is the gold standard for professional songwriters and dabblers alike. It has a durable exterior, quality paper, and its blank pages face pages of music staff, which leaves room for lyrics and other notes.”
  3. “The Airturn Bluetooth page-turner is essential equipment for 21st century musicians! Keep all your sheet music on an iPad, and use the Airturn to turn the page with a tap of the foot.”
  4. Lexicon of Musical Invective by Nicholas Slominksy. This eminent musicologist compiled an anthology of extremely negative reviews of classical composers from Beethoven to today. It’s a great ego-boost!”
  5. Bose noise-cancelling headphones. Still the gold standard, these babies will keep you happy on long flights with or without music. I don’t travel anywhere without them.”
  6. The splurge: “I’ve found that some of the best gifts are concert tickets or concert venue subscription packages. Cover a season’s subscription at their favorite venue, or invite them to dinner and a special concert you know they’d love to see.”


Gifts for altruists

Gift-Guide-philanthropyCurated by Peter Singer, author of the upcoming book The Most Good You Can Do who gave a TED Talk about effective altruism. He’d like you to try something this year. “Think about spreading your generosity to include some of the world’s poorest people, for whom your gift could make a life-changing difference,” he says. Donate to the organizations below on your own, or in the name of a big-hearted friend.

  1. The Against Malaria Foundation saves lives by distributing bed nets to protect children against malaria.”
  2. The Fistula Foundation performs simple surgery that can repair obstetric fistulas and give a young woman her life back.”
  3. “I also love GiveDirectly, which will transfer 90% of your donation directly to an impoverished rural family in East Africa, so that they can choose to buy what they most need. The most common purchase is a corrugated iron roof to replace a thatched roof that leaks.”
  4. “If you go to, you’ll find more information on my favorite charities — all of which have been shown by rigorous research to be highly effective.”
  5. “And if you want a gift for a special person, why not give a year’s great writing, not to mention terrific cartoons, via a subscription to The New Yorker. Not only will your friend be better informed about the world in which we live, you’ll be helping to keep serious journalism alive and well in the internet age.”

If someone on your list is especially hard to shop for and you still have no idea what to get them, may we make a modest suggestion? How about a TED Live membership to watch the conference from wherever they wish? You can give them a membership to the upcoming TED2015 conference full program for $500. Or for $100, gift them a full on-demand membership for the whole program, to watch at their leisure right after the conference wraps.

Planet DebianGregor Herrmann: GDAC 2014/17

my list of IRC channels (& the list of people I'm following on micro-blogging platforms) has a heavy debian bias. a thing I noticed today is that I had read (or at least: seen) messages in 6 languages (English, German, Castilian, Catalan, French, Italian). – thanks guys for the free language courses :) (& the opportunity to at least catch a glimpse into other cultures)

this posting is part of GDAC (gregoa's debian advent calendar), a project to show the bright side of debian & why it's fun for me to contribute.

Rondam RamblingsThe terrorists have won

Sony Pictures has cancelled the release of "The Interview".  :-(

TEDMeet the 2015 class of TED Fellows and Senior Fellows

We are thrilled to announce the new class of Fellows for TED2015. These 21 game-changing thinkers represent 15 countries—including, for the first time in our program, Vietnam, Romania and Tunisia. They work across disciplines, at the forefront of their fields. They include a South African physicist using lasers to target HIV and cancer; a German/Moroccan paleontologist who discovered the first semi-aquatic dinosaur, the spinosaurus; a Vietnamese entrepreneur who is helping rice farmers use biowaste to earn a living growing mushrooms; and many more.

Below, meet the new group of Fellows who will join us at TED2015, March 16-20 in Vancouver.

Trevor_Aaronson Trevor Aaronson (USA)
An investigative journalist who reports on the FBI’s misuse of informants in counterterrorism operations, Trevor asks the question: Is the United States catching terrorists or creating them?
Benedetta_Berti_headshot Benedetta Berti (Israel + Italy)
A Middle East policy analyst, Benedetta researches political violence, focusing on issues of human security and conflict resolution.
Laura_Boykin_headshot1 Laura Boykin (USA + Australia)
Laura is a biologist who uses genomics and supercomputing to tackle food security in sub-Saharan Africa. She’s especially interested in figuring out what to do about whiteflies, which are devastating local cassava crops, a staple food in many countries.
Camille A. Brown Headshot - Photo by Ra-Re Valverde Camille A. Brown (USA)
Camille, a choreographer, explores and exposes cultural, gender and social-justice issues through contemporary dance, musical theater, arts education and community outreach.
Camille Brown uses dance to prompt change. Photo: Matt Karas

Camille A. Brown uses dance to tell stories from a black female perspective. Photo: Matt Karas

Tal Danino Tal Danino (USA)
Tal is a bioengineer who uses genetically programmed bacteria to create a cancer diagnostic tool. After it is ingested, this bacteria changes the color of urine to signal the presence of a tumor in the body.
Jost_Franko_headshot Jost Franko (Slovenia)
A 21-year-old documentary photographer who focuses on forgotten populations, Jost Franko is interested in the loss of traditional values in the modern world and the often-unseen consequences of conflict and war.
LaToya Ruby Frazier portrait by Aubrey Kaufaman 2013 LaToya Ruby Frazier (USA)
LaToya uses photography to investigate issues like Rust Belt renewal, environmental justice, communal history and the line between private and public space. Her works often blur the lines between self-portraiture and documentary.
Tharanga Goonetilleke Tharanga Goonetilleke (Sri Lanka + USA)
A Juilliard-trained Sri Lankan opera singer, Tharanga has sung internationally — including with the New York City Opera and the Symphony Orchestra of Sri Lanka. She is committed to sparking love of opera in both South Asia and the United States.
Gastromotiva_Davi_Angelo Dal Bó_032 David Hertz (Brazil)
A popular chef, David is the founder of Brazil’s first socio-gastronomic organization, Gastromotiva, which brings culinary education to favela residents, to create employment and empower communities.
Chef David Hertz in the kitchen. Photo: Angelo Dal Bó

Chef David Hertz in the kitchen at University Anhembi Morumbi, one of Gastromotiva’s partners, where classes of favela residents are trained in culinary practices. Photo: Angelo Dal Bó

Jonathan_Home_headshot Jonathan Home (Switzerland)
Jonathan is a physicist working to build a quantum computer, attempting to achieve high-precision control of individual atoms in order to build up quantum systems, atom by atom.
Nizar Ibrahim Nizar Ibrahim (Germany + Morocco)
Paleontologist Nizar scours the Sahara Desert and Northern Africa for clues to what things were like there in the Cretaceous period. He has spearheaded the search for the semi-aquatic dinosaur spinosaurus.
Jedidah Isler Portrait Jedidah Isler (USA)
Jedidah is an astrophysicist who studies blazars — the hyperactive supermassive black holes at the center of massive galaxies. She is also working to make science, technology, engineering and math accessible to new communities.
Matt Kenyon Matt Kenyon (USA)
Matt uses sculpture and a wide range of media to explore the effects of global corporations, military-industrial complexes and the line between human and artificial life.
Spore 1.1, a piece by Matt Kenyon and Doug Easterly, known as the collective SWAMP (Studies of Work Atmospheres and Mass Production). Photo: Luke Hoverman

Matt Kenyon’s “Spore 1.1″ is an ecosystem for a rubber tree plant bought at Home Depot, and a commentary on the contracts made between consumers and big stores. Created for: SWAMP (Studies of Work Atmospheres and Mass Production). Co-creator: Doug Easterly. Photograph: Luke Hoverman

Danielle Lee Danielle N Lee (USA)
This behavioral biologist researches the ecological and evolutionary behaviors of African giant pouched rats. A popular blogger for Scientific American, she uses hip hop to teach science.
SONY DIGITAL CAMERA Cosmin Mihaiu (Romania + UK)
The CEO and co-founder of MIRA Rehab, Cosmin has developed a software platform that engages patients in interactive, therapeutic games. The goal: to make physical rehabilitation fun.
Lerato Mokobe Lerato Mokobe (South Africa)
Lerato is a 19-year-old slam poet who explores social injustice and gender identity issues through fast-flung words. She is the founder of Vocal Revolutionaries, a volunteer-run literary organization that empowers African youth.
Patience_Mthunzi_headshot-redo Patience Mthunzi (South Africa)
A “biophotonics” physicist, Patience is working to discover medical applications of laser technology, including the targeted treatment of HIV and cancer.
Patience Mthunzi at the microscope. Photo: Courtesy of Patience Mthunzi

Patience Mthunzi in her lab in South Africa working in the rapidly evolving field of biophotonics. Photo: Brenda Biddulph/Monsoon Photography

Sarah Sandman Sarah Sandman (USA)
Sarah uses design to create social experiences that bring people together. Take for example, the Gift Cycle project, through which she helped neighboring communities exchange gifts of art.
Profil_eLSeed eL Seed (Tunisia + France)
el Seed blends the modern art of graffiti with the ancient art of Arabic calligraphy, all with an eye to encouraging peaceful expression and social change.
Aomawa_Shields_griffith_hires Aomawa Shields (USA)
This astronomer and astrobiologist studies the climate and habitability of planets around low-mass stars. A classically trained actor, Aomawa also engages young girls in astronomy using theater and writing.
Trang_Tran_headshot Trang Tran (Vietnam)
A social entrepreneur, Trang is the co-founder of Fargreen, which empowers local rice farmers to use biowaste to grow high quality mushrooms. The goal: reduce greenhouse gas emissions and improve livelihoods.
Trang Tran in the field.

Trang Tran’s team in the testing greenhouse of their production lab. Fargreen helps Vietnamese rice farmers use biowaste waste to grow mushrooms. Photo: Courtesy of Trang Tran

We’re also excited to share our new class of Senior Fellows for TED2015. We honor our Senior Fellows with an additional two years of engagement in the TED community, offering continued support to their work while they in turn give back and mentor new Fellows and enrich the community as a whole. They perfectly embody the values of the TED Fellows program.

Negin Farsad. Photo: Ryan Lash Negin Farsad (USA + Iran)
An Iranian-American stand-up comedian, Negin is the director of The Muslims Are Coming!, a film that follows Muslim-American comedians on the road as they perform, meet locals and counter Islamophobia. She’s just finished her fourth film, 3rd Street Blackout, and is already working on a new one, as well as a book and a project to turn dilapidated phone booths in New York City into #NewStereotype generators.
Somi Somi (Rwanda | Uganda + USA)
Somi is an East African soul-jazz vocalist and songwriter, as well as the founder of New Africa Live, a cultural space for contemporary African artists. She released her latest album, The Lagos Music Salon, on Sony Music and is working on producing the first Modern African Music & Arts Festival (MAMAfest) in New York City.
Christine "CK" Sun Kim. Photo: Ryan Lash Christine Sun Kim (USA)
Christine uses the medium of sound through technology to investigate and rationalize her relationship with noise and spoken language. A Korean-American artist and educator, she is working on a number of new sound installations, as well as a new listening device in which your speed of walking affects the audio you hear.
David Lang. Photo: Ryan Lash David Lang (USA)
The co-founder of OpenROV, which makes low-cost, open-source underwater robots, David has created a community of DIY ocean explorers. He has just launched OpenExplorer, a platform for citizen-powered exploration and conservation.
Kristen_Marhaver Kristen Marhaver (USA + Curaçao)
Kristen is a coral reef biologist and science communicator based in Curaçao, who studies the reproductive biology of threatened Caribbean corals. She’s currently developing bacterial probiotics, engineered settlement surfaces, and preservation methods for corals while continuing her advocacy work in marine conservation.
A close-up look at one of the corals that Kristen studies, Montastraea faveolata (Mountainous star coral) . Photo: Courtest of Kristen

At night, a tiny shrimp sits on the surface of the threatened Caribbean star coral Orbicella faveolata. Photo: Courtesy of Kristen Marhaver

Ed Ou Ed Ou (Canada + Taiwan)
An award-winning Canadian documentary journalist, Ed focuses on stories from the Middle East, the former Soviet Union, Africa and the Americas. Recently he’s covered unrest in Ukraine and Egypt, and is now working with indigenous groups in the Arctic, capturing their relationship with a shifting geopolitical landscape, food security and global warming.
WillPotter Will Potter (USA)
Will covers the animal rights and environmental movements. An investigative journalist, he examines how whistleblowers and nonviolent protesters have come to be treated as “terrorists” in post-9/11 America. He’s working on a project to use drones to document factory farms in defiance of ag-gag laws.
Safwat Saleem Safwat Saleem (Pakistan + USA)
A Pakistani graphic designer, filmmaker and artist, Safwat uses humor to tell stories of people (and creatures) who have the odds stacked against them. Safwat’s work has recently gotten distribution in Europe, and he is now working on two major art installations exploring race and identity in America.
Shivani Siroya. Photo: Ryan Lash Shivani Siroya (USA + India)
Shivani is the Indian-American founder and CEO of InVenture, a mobile technology and data science company that upends the traditional credit-scoring system by putting power into the hands of consumers via their mobile phone. She is now working to launch and test a new application that instantly scores applicants and delivers real-time credit to individuals who lack access to formal financial services.
Christopher_Soghoian Christopher Soghoian (USA)
A privacy researcher and activist, Christopher focuses on government surveillance and cybersecurity. He is the Principal Technologist with the ACLU’s Speech, Privacy and Technology Project.
ChristopherSoghoian's TED Talk has been viewed more than 600,000 times. Photo: James Duncan Davidson/TED

Christopher Soghoian’s TED Talk warns that we are only seeing the beginning of government surveillance. Photo: James Duncan Davidson/TED

Planet Linux News: Speaker Feature: Brenda Wallace, David Airlie, Dirk Hohndel

Brenda Wallace

Brenda Wallace

EQNZ – crisis response, open source style

1:20pm Wednesday 14th January 2015

Brenda Wallace is an Open Source contibutor from Wellington. She likes all the programming languages, but especially the ones beginning with P. Brenda works with the mighty wonderful people at Rabid Tech. Also, she's not a werewolf.

For more information on Brenda and her presentation, see here.

David Airlie

David Airlie

Displayport MST: why do my laptop dockoutputs not work?

2:15pm Wednesday 14th January 2015

David Airlie is the upstream kernel graphics maintainer and work for Red Hat out of their Brisbane office. He is part of the maintainer team for Red Hat Enterprise Linux graphical components. He recently branched into virtualisation for graphics project and is trying to create a fully open source virtualised 3D graphics device capable of supporting modern operating-system requirements. He also gets distracted from this task my many random other graphics projects, of which support for Displayport MST is one.

For more information on David and his presentation, see here.

Dirk Hohndel

Dirk Hohndel

Sustaining Momentum - or the Gap Between User Request and Developer Capacity

3:40pm Friday 16th January 2015

Dirk is Intel's Chief Linux and Open Source Technologist. He has been an active developer and contributor in the Linux space since its earliest days, among other roles, he worked as Chief Technology Officer of SuSE and as Unix Architect at Deutsche Bank. Dirk joined Intel in 2001 and since then has been working in the Software and Services Group with a focus on the technology direction of Intel's Open Source Technology Center and Intel's engagements in open source. His interests range from kernel to user interaction, from massively scalable cloud services to mobile operating systems. He is an active contributor in many open source projects and organizations, various program committees and advisory boards and currently maintains the Subsurface dive log project. Dirk holds a Diploma in Mathematics and Computer Science from the University of Würzburg, Germany. He lives in Portland, OR, USA.

For more information on Dirk and his presentation, see here.

Debian Administration A brief introduction to publish-subscribe queuing with redis

In this brief article we'll demonstrate using Redis for a publish/subscribe system. There are dedicated publish-subscribe platforms out there, but Redis is reasonably performant and essentially configuration-free.

Geek FeminismQuick hit: #ThisTweetCalledMyBack

Who gets to claim the title “activist”, and who quietly does the work that’s needed for activist movements to succeed while getting simultaneously derided and appropriated from?

A collective of, in their own words, “Black Women, AfroIndigenous and women of color” have issued a statement on how they’re being treated by white feminism, academia, the mainstream media, and the rest of the social-justice-industrial complex:

As an online collective of Black, AfroIndigenous, and NDN women, we have created an entire framework with which to understand gender violence and racial hierarchy in a global and U.S. context. In order to do this however, we have had to shake up a few existing narratives, just like K. Michelle and her infamous table rumble on Love & Hip Hop.

The response has been sometimes loving, but in most cases we’ve faced nothing but pushback in the form of trolls, stalking. We’ve, at separate turns, been stopped and detained crossing international borders and questioned about our work, been tailed and targeted by police, had our livelihoods threatened with calls to our job, been threatened with rape on Twitter itself, faced triggering PTSD, and trudged the physical burden of all of this abuse. This has all occurred while we see our work take wings and inform an entire movement. A movement that also refuses to make space for us while frequently joining in the naming of us as “Toxic Twitter.”

Read the statement from @tgirlinterruptd, @chiefelk, @bad_dominicana, @aurabogado, @so_treu, @blackamazon, @thetrudz, as well as #ThisTweetCalledMyBack on Twitter, for a critical perspective on the role of intersecting racism and sexism in how activist work is valued. If you’ve ever been dismissed as “just an Internet activist” or told to get off your computer and out in the streets, then you need to read this essay. If you’ve ever dismissed someone else as all talk, and no action, not like those real activists who are running big street protests, then you need to read this essay. And if both are true for you, then you need to read this essay.

RacialiciousQuoted: Carvell Wallace on Run-D.M.C. and Personal Revolution

Something else happened that day. I realized that I really liked being an anonymous kid on a street corner in L.A. I realized that I really liked not giving a solitary fuck about what anyone was doing, not even myself. I realized that in some way it was my natural state.

Two days later, I started dressing differently.

I cut my own hair into a weird nappy mushroom top. I took this goofy trench coat I had and sliced it at the waist with a pair of scissors. On the chest I sewed the patch that I earned in a middle school spelling bee. I wrote graffiti on the sleeve in Sharpie. I took to wearing pajama bottoms and black chucks.

In short, the combination of Parliament and Hollywood had instantly funked me out.

And it worked, because the first time I left the house in this new uniform, I experienced something that I never had before. You might call it freedom. Abandon. Cultural immunity. I had a self. It was adolescent and awkward and trying too hard. But it was my very own self. It was a me that was all mine. It didn’t matter what anyone thought about it. For a brief moment in time, I simply didn’t give a fuck.

And that’s an important thing. When you have come to regard your very skin color as an insufferable disease, when you have to punch other people in the mouth just so you can be ok with who you are, not giving a fuck is the single most divine experience you can ever have.

- Carvell Wallace, “How to Raise Hell in Three Steps: on RUN-D.M.C, Parliament, Blackness and Revolution,” Pitchfork

The post Quoted: Carvell Wallace on Run-D.M.C. and Personal Revolution appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesMedicare vs. National Health Care: How U.S. Seniors Do in Cross-National Perspective

“We need to get rid of Obamacare,” says Ed Gillispie in a NYT op-ed. The reason: Obamacare’s “gravitational pull toward a single-payer system that would essentially supplant private insurance with a government program.”

Gillespie, who lays out his credentials at the start of the article – he ran for Senate in Virginia and lost – notes that Obamacare is unpopular. But he omits all mention of a government-run single-payer system that happens to be very popular – Medicare. No Republican dare run on a platform of doing away with it. Gillespie himself accused Obamacare of cutting Medicare, a statement that Politifact found “Mostly False.”

So how are seniors doing? Compared to their pre-Medicare counterparts, they are  probably healthier, and they’re probably shelling out less for health care. But compared to seniors in other countries, not so well. A Commonwealth Fund survey of eleven countries finds that seniors (age 65 and older) in the U.S. are the least healthy – the most likely to suffer from chronic illnesses.* 

Over half the U.S. seniors say that they are taking four or more prescription drugs; all the other countries were below 50%:

And despite Medicare, money was a problem. Nearly one in five said that in the past year they “did not visit a doctor, skipped a medical test or treatment that a doctor recommended, or did not fill a prescription or skipped doses because of cost.” A slightly higher percent had been hit with $2,000 or more in out-of-pocket expenses. 

In those other countries, with their more socialistic health care systems, seniors seem to be doing better, physically and financially.  One reason that American seniors are less healthy is that our universal, socialized medical care doesn’t kick in until age 65. People in those other countries have affordable health care starting in the womb. 

Critics of more socialized systems claim that patients must wait longer to see a doctor. The survey found some support for that. Does it take more than four weeks to get to see a specialist? U.S. seniors had the highest percentage of those who waited less than that. But when it came to getting an ordinary doctor’s appointment, the U.S. lagged behind seven of the other ten countries.

There was one bright spot for U.S. seniors. They were the most likely to have developed a treatment plan that they could carry out in daily life. And their doctors  “discussed their main goals and gave instructions on symptoms to watch for” and talked with them about diet and exercise.

Gillespie and many other Republicans want to scrap Obamacare and substitute something else. That’s progress I suppose. Not too long ago, they were quite happy with the pre-Obamacare status quo. Throughout his years in the White House, George Bush insisted that “America has the best health care system in the world.” Their Republican ideology precludes them from learning from other countries. As Marco Rubio put it, we must avoid “ideas that threaten to make America more like the rest of the world, instead of helping the world become more like America.”

But you’d think that they might take a second look at Medicare, a program many of them publicly support.

* Includes hypertension or high blood pressure, heart disease, diabetes, lung problems, mental health problems, cancer, and joint pain/arthritis.

Jay Livingston is the chair of the Sociology Department at Montclair State University. You can follow him at Montclair SocioBlog or on Twitter.

(View original at

CryptogramHow the FBI Unmasked Tor Users

Kevin Poulson has a good article up on Wired about how the FBI used a Metasploit variant to identify Tor users.

Planet Linux AustraliaDanielle Madeley: Running Django on Docker: a workflow and code

It has been an extremely long time between beers (10 months!). I’ve gotten out of the habit of blogging and somehow I never blogged about the talk I co-presented at PyCon AU this year on Pallet and Forklift the standard and tool we’ve developed at Infoxchange to help make it easier to develop web-applications on Docker1.

Infoxchange is one of the few places I’m aware of that runs Docker in prod. If you’re looking at using Docker to do web development, it’s worth checking out what we’ve been doing over on the Infoxchange devops blog.

  1. There’s also Straddle Carrier, a set of Puppet manifests for loading Docker containers on real infrastructure, but they’ve not been released yet as they rely too much on our custom Puppet config.

Worse Than FailurePass By NullPointer

Maxime was having difficulty viewing a website with the NoScript add-on installed to her web browser. It wasn't a huge surprise - some websites just don't work right with NoScript running, but it was a surprise when her browser displayed Java exceptions. Enabling JavaScript made the error page go away, but what? Lack of JavaScript causing Java exceptions!?

She viewed the page source and found that the server expects an "innerCHK" parameter, perhaps some kind of session or security token, to be passed in via URL query string. If it isn't provided, the server returns an error page displaying a java.lang.NullPointerException. Fortunately the front-end developers concocted this brillant snippet of JavaScript to resolve this issue:

// Error check
if (document.body.innerHTML.indexOf('java.lang'+'.NullPointerException') != -1){   
   if (document.location.href.indexOf('innerCHK=') == -1){    
        document.location.href = document.location.href + "&innerCHK=" + Math.random()*10000 ;
// End of check

That only scratches the tip of the iceberg; the page is loaded with anti-patterns, reinvented wheels, spare reinvented wheels, and flat reinvented wheels, all held on with duct tape. For a taste of some bizarre string conventions and the developers' pet anti-pattern of closing scripts only to open a new one on the next line, look at how Dojo is imported. Please take note that Dojo's cookie library is imported.

<script type="text/javascript">
    if (typeof dojo== "undefined") {        
        document.writeln('<scr'+'ipt src="' + '/wps/themes/./dojo/portal_dojo/dojo/dojo.js' + '"></scr'+'ipt>');
    if (typeof dijit == "undefined") {      
        document.writeln('<scr'+'ipt src="' + '/wps/themes/./dojo/portal_dojo/dijit/dijit.js' + '"></scr'+'ipt>');
 <script type="text/javascript">     

Some, but not all, of the CSS references are handled in this manner which I found at least three (identical) times in the source. Yet again, Dojo.cookie is imported.

<script name="DojoEnable_script" language="JavaScript">if (typeof dojo == "undefined") {
    djConfig = { parseOnLoad: false, isDebug: false};
    document.write("<script src='http://www.****************.com:80/ps/PA_WPF/factory/dojo/dojo/dojo.js'> </" + "script>");
    document.write("<link rel='stylesheet' type='text/css' href='http://www.****************.com:80/ps/PA_WPF/factory/dojo/dojo/resources/dojo.css' />");
    document.write('<link rel="stylesheet" type="text/css" href="http://www.****************.com:80/ps/PA_WPF/factory/dojo/dijit/themes/tundra/tundra.css"/>');
    document.write('<link rel="stylesheet" type="text/css" href="http://www.****************.com:80/ps/PA_WPF/factory/dojo/dijit/themes/tundra/tundra_rtl.css"/>');
    dojo.addOnLoad(function() { if (!document.body.className) document.body.className = 'tundra'});

It was once said that if you solve a problem with regular expressions, you now have two problems. I think two is an underestimate.

var locale = 'en'.replace(/_/, '-').replace(/iw/, 'he').toLowerCase();

Remember, children, always use well-named constants! Magic numbers are bad. Except for 2008, that one is okay.

if(typeof (MONTHS_IN_YEAR) == 'undefined')
    MONTHS_IN_YEAR = 12;

if (typeof (isDisableDate) == 'undefined') {
    var isDisableDate = function (date, year, month, iday)
        if(date.getFullYear() == 2008)
            return true;
        return false;

No poorly-implemented application is complete without its own poorly-implemented DateTime library. There ought to be a scientific law about this.

var month=new Array(12);

if(typeof (MONVALUE) == 'undefined')
    MONVALUE = new Array

//function convert date from str to Num
function Month2Num(month)
    if(month=="JAN")return "01";if(month=="FEB")return "02";if(month=="MAR")return "03";if(month=="APR")return "04";if(month=="MAY")return "05";
    if(month=="JUN")return "06";if(month=="JUL")return "07";if(month=="AUG")return "08";if(month=="SEP")return "09";if(month=="OCT")return "10";
    if(month=="NOV")return "11";if(month=="DEC")return "12";

There are a number of (often duplicate) CSS styles defined, such as this not very blue style.

    background: #F6F9FC; 
    padding: 10px; 
/*---- Blue panel ----*/ 
    background: #F6F9FC; 
    padding: 10px; 

Next up are two identical arrays, only one of which is ever used.

var arr_location_001 = new Array();
var arr_location_002 = new Array();

arr_location_001['AU'] = {value:'AU', title:'australia', text:'Australia'};
arr_location_002['0'] = {value:'AU', title:'australia', text:'Australia'};

arr_location_001['CA'] = {value:'CA', title:'canada', text:'Canada'};
arr_location_002['1'] = {value:'CA', title:'canada', text:'Canada'};

arr_location_001['CN'] = {value:'CN', title:'china', text:'China'};
arr_location_002['2'] = {value:'CN', title:'china', text:'China'};

arr_location_001['FR'] = {value:'FR', title:'france', text:'France'};
arr_location_002['3'] = {value:'FR', title:'france', text:'France'};

arr_location_001['HK'] = {value:'HK', title:'hong_kong', text:'Hong Kong'};
arr_location_002['4'] = {value:'HK', title:'hong_kong', text:'Hong Kong'};

/*  snip many, many lines of similar code */

Here's a nice little script which escaped a lot of things, including its own script tags! Bonus points if the developer wrote it while tied up in a straitjacket and locked in a coffin full of scorpions suspended over the Hudson river by a helicopter. (Actually, that might be the sanest explanation for a lot of this code.)

<SPAN name="onloadScript"><input type="hidden">function onSelectInfo(calendar, date, elem_date) { 
    elem_date = document.getElementById(&quot;Day_NArr&quot;);       
    elem_mon_year = document.getElementById(&quot;Month_NArr&quot;); 
    hidden_elem = document.getElementById(&quot;temp_date_NArr&quot;); 
    doOnSelect(calendar, date, elem_date, elem_mon_year, hidden_elem); 

        inputField : &quot;temp_date_NArr&quot;,// ID of the input field 
        ifFormat : &quot;%b, %e, %Y&quot;, 
        onSelect: onSelectInfo, 
        range : [currentYear, nextYear], 
        dateStatusFunc : dateStatusHandler, 
        button : &quot;cal_dep&quot; // ID of the button 


var _InfoVerAccurateFunc = clone(accurateDate); 
initializeDate(new Array('Month_NArr', 'Day_NArr'), _InfoVerAccurateFunc);">
<script type="text/javascript">

Remember all the dojo.cookie imports earlier on? Someone made sure to include a library function for reading cookies. Still, someone else found it necessary to write copy-paste from the Internet a Get_Cookie function, not once, but four times throughout the page source!

function Get_Cookie(check_name) {
    // first we'll split this cookie up into name/value pairs
    // note: document.cookie only returns name=value, not the other components
    var a_all_cookies = document.cookie.split( ';' );
    var a_temp_cookie = '';
    var cookie_name = '';
    var cookie_value = '';
    var b_cookie_found = false;

    for (i = 0; i < a_all_cookies.length; i++) {
        // now we'll split apart each name=value pair
        a_temp_cookie = a_all_cookies[i].split( '=' );

        // and trim left/right whitespace while we're at it
        cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, '');

        // if the extracted name matches passed check_name
        if (cookie_name == check_name) {
            b_cookie_found = true;
            // we need to handle case where cookie has no value but exists (no = sign, that is):
            if ( a_temp_cookie.length > 1 ) {
                cookie_value = unescape(a_temp_cookie[1].replace(/^\s+|\s+$/g, ''));
            // note that in cases where cookie is initialized but no value, null is returned
            return cookie_value;
        a_temp_cookie = null;
        cookie_name = '';
    if (!b_cookie_found) {
        return null;

I think the software development method used by this team was a new-fangled system called "Mash the CTRL-C and CTRL-V keys!!!!!!11!!!!11!11" It's sure to overtake Agile in the coming years.

[Advertisement] Release! is a light card game about software and the people who make it. Order the massive, 338-card Kickstarter Edition (which includes The Daily Wtf Anti-patterns expansion) for only $27, shipped!

Planet DebianKeith Packard: MST-monitors

Multi-Stream Transport 4k Monitors and X

I'm sure you've seen a 4k monitor on a friends desk running Mac OS X or Windows and are all ready to go get one so that you can use it under Linux.

Once you've managed to acquire one, I'm afraid you'll discover that when you plug it in, you're limited to 30Hz refresh rates at the full size, unless you're running a kernel that is version 3.17 or later. And then...

Good Grief! What Is My Computer Doing!

Ok, so now you're running version 3.17 and when X starts up, it's like you're using a gigantic version of Google Cardboard. Two copies of a very tall, but very narrow screen greets you.

Welcome to MST island.

In order to drive these giant new panels at full speed, there isn't enough bandwidth in the display hardware to individually paint each pixel once during each frame. So, like all good hardware engineers, they invented a clever hack.

This clever hack paints the screen in parallel. I'm assuming that they've got two bits of display hardware, each one hooked up to half of the monitor. Now, each paints only half of the pixels, avoiding costly redesign of expensive silicon, at least that's my surmise.

In the olden days, if you did this, you'd end up running two monitor cables to your computer, and potentially even having two video cards. Today, thanks to the magic of Display Port Multi-Stream Transport, we don't need all of that; instead, MST allows us to pack multiple cables-worth of data into a single cable.

I doubt the inventors of MST intended it to be used to split a single LCD panel into multiple "monitors", but hardware engineers are clever folk and are more than capable of abusing standards like this when it serves to save a buck.

Turning Two Back Into One

We've got lots of APIs that expose monitor information in the system, and across which we might be able to wave our magic abstraction wand to fix this:

  1. The KMS API. This is the kernel interface which is used by all graphics stuff, including user-space applications and the frame buffer console. Solve the problem here and it works everywhere automatically.

  2. The libdrm API. This is just the KMS ioctls wrapped in a simple C library. Fixing things here wouldn't make fbcons work, but would at least get all of the window systems working.

  3. Every 2D X driver. (Yeah, we're trying to replace all of these with the one true X driver). Fixing the problem here would mean that all X desktops would work. However, that's a lot of code to hack, so we'll skip this.

  4. The X server RandR code. More plausible than fixing every driver, this also makes X desktops work.

  5. The RandR library. If not in the X server itself, how about over in user space in the RandR protocol library? Well, the problem here is that we've now got two of them (Xlib and xcb), and the xcb one is auto-generated from the protocol descriptions. Not plausible.

  6. The Xinerama code in the X server. Xinerama is how we did multi-monitor stuff before RandR existed. These days, RandR provides Xinerama emulation, but we've been telling people to switch to RandR directly.

  7. Some new API. Awesome. Ok, so if we haven't fixed this in any existing API we control (kernel/libdrm/, then we effectively dump the problem into the laps of the desktop and application developers. Given how long it's taken them to adopt current RandR stuff, providing yet another complication in their lives won't make them very happy.

All Our APIs Suck

Dave Airlie merged MST support into the kernel for version 3.17 in the simplest possible fashion -- pushing the problem out to user space. I was initially vaguely tempted to go poke at it and try to fix things there, but he eventually convinced me that it just wasn't feasible.

It turns out that all of our fancy new modesetting APIs describe the hardware in more detail than any application actually cares about. In particular, we expose a huge array of hardware objects:

  • Subconnectors
  • Connectors
  • Outputs
  • Video modes
  • Crtcs
  • Encoders

Each of these objects exposes intimate details about the underlying hardware -- which of them can work together, and which cannot; what kinds of limits are there on data rates and formats; and pixel-level timing details about blanking periods and refresh rates.

To make things work, some piece of code needs to actually hook things up, and explain to the user why the configuration they want just isn't possible.

The sticking point we reached was that when an MST monitor gets plugged in, it needs two CRTCs to drive it. If one of those is already in use by some other output, there's just no way you can steal it for MST mode.

Another problem -- we expose EDID data and actual video mode timings. Our MST monitor has two EDID blocks, one for each half. They happen to describe how they're related, and how you should configure them, but if we want to hide that from the application, we'll have to pull those EDID blocks apart and construct a new one. The same goes for video modes; we'll have to construct ones for MST mode.

Every single one of our APIs exposes enough of this information to be dangerous.

Every one, except Xinerama. All it talks about is a list of rectangles, each of which represents a logical view into the desktop. Did I mention we've been encouraging people to stop using this? And that some of them listened to us? Foolishly?

Dave's Tiling Property

Dave hacked up the X server to parse the EDID strings and communicate the layout information to clients through an output property. Then he hacked up the gnome code to parse that property and build a RandR configuration that would work.

Then, he changed to RandR Xinerama code to also parse the TILE properties and to fix up the data seen by application from that.

This works well enough to get a desktop running correctly, assuming that desktop uses Xinerama to fetch this data. Alas, gtk has been "fixed" to use RandR if you have RandR version 1.3 or later. No biscuit for us today.

Adding RandR Monitors

RandR doesn't have enough data types yet, so I decided that what we wanted to do was create another one; maybe that would solve this problem.

Ok, so what clients mostly want to know is which bits of the screen are going to be stuck together and should be treated as a single unit. With current RandR, that's some of the information included in a CRTC. You pull the pixel size out of the associated mode, physical size out of the associated outputs and the position from the CRTC itself.

Most of that information is available through Xinerama too; it's just missing physical sizes and any kind of labeling to help the user understand which monitor you're talking about.

The other problem with Xinerama is that it cannot be configured by clients; the existing RandR implementation constructs the Xinerama data directly from the RandR CRTC settings. Dave's Tiling property changes edit that data to reflect the union of associated monitors as a single Xinerama rectangle.

Allowing the Xinerama data to be configured by clients would fix our 4k MST monitor problem as well as solving the longstanding video wall, WiDi and VNC troubles. All of those want to create logical monitor areas within the screen under client control

What I've done is create a new RandR datatype, the "Monitor", which is a rectangular area of the screen which defines a rectangular region of the screen. Each monitor has the following data:

  • Name. This provides some way to identify the Monitor to the user. I'm using X atoms for this as it made a bunch of things easier.

  • Primary boolean. This indicates whether the monitor is to be considered the "primary" monitor, suitable for placing toolbars and menus.

  • Pixel geometry (x, y, width, height). These locate the region within the screen and define the pixel size.

  • Physical geometry (width-in-millimeters, height-in-millimeters). These let the user know how big the pixels will appear in this region.

  • List of outputs. (I think this is the clever bit)

There are three requests to define, delete and list monitors. And that's it.

Now, we want the list of monitors to completely describe the environment, and yet we don't want existing tools to break completely. So, we need some way to automatically construct monitors from the existing RandR state while still letting the user override portions of it as needed to explain virtual or tiled outputs.

So, what I did was to let the client specify a list of outputs for each monitor. All of the CRTCs which aren't associated with an output in any client-defined monitor are then added to the list of monitors reported back to clients. That means that clients need only define monitors for things they understand, and they can leave the other bits alone and the server will do something sensible.

The second tricky bit is that if you specify an empty rectangle at 0,0 for the pixel geometry, then the server will automatically compute the geometry using the list of outputs provided. That means that if any of those outputs get disabled or reconfigured, the Monitor associated with them will appear to change as well.

Current Status

Gtk+ has been switched to use RandR for RandR versions 1.3 or later. Locally, I hacked libXrandr to override the RandR version through an environment variable, set that to 1.2 and Gtk+ happily reverts back to Xinerama and things work fine. I suspect the plan here will be to have it use the new Monitors when present as those provide the same info that it was pulling out of RandR's CRTCs.

KDE appears to still use Xinerama data for this, so it "just works".

Where's the code

As usual, all of the code for this is in a collection of git repositories in my home directory on fd.o:

git:// master
git:// master
git:// master
git:// randr-monitors

RandR protocol changes

Here's the new sections added to randrproto.txt


1.5. Introduction to version 1.5 of the extension

Version 1.5 adds monitors

 • A 'Monitor' is a rectangular subset of the screen which represents
   a coherent collection of pixels presented to the user.

 • Each Monitor is be associated with a list of outputs (which may be

 • When clients define monitors, the associated outputs are removed from
   existing Monitors. If removing the output causes the list for that
   monitor to become empty, that monitor will be deleted.

 • For active CRTCs that have no output associated with any
   client-defined Monitor, one server-defined monitor will
   automatically be defined of the first Output associated with them.

 • When defining a monitor, setting the geometry to all zeros will
   cause that monitor to dynamically track the bounding box of the
   active outputs associated with them

This new object separates the physical configuration of the hardware
from the logical subsets  the screen that applications should
consider as single viewable areas.

1.5.1. Relationship between Monitors and Xinerama

Xinerama's information now comes from the Monitors instead of directly
from the CRTCs. The Monitor marked as Primary will be listed first.


5.6. Protocol Types added in version 1.5 of the extension

          primary: BOOL
          automatic: BOOL
          x: INT16
          y: INT16
          width: CARD16
          height: CARD16
          width-in-millimeters: CARD32
          height-in-millimeters: CARD32
          outputs: LISTofOUTPUT }


7.5. Extension Requests added in version 1.5 of the extension.

    window : WINDOW
    timestamp: TIMESTAMP
    monitors: LISTofMONITORINFO
    Errors: Window

    Returns the list of Monitors for the screen containing

    'timestamp' indicates the server time when the list of
    monitors last changed.

    window : WINDOW
    Errors: Window, Output, Atom, Value

    Create a new monitor. Any existing Monitor of the same name is deleted.

    'name' must be a valid atom or an Atom error results.

    'name' must not match the name of any Output on the screen, or
    a Value error results.

    If 'info.outputs' is non-empty, and if x, y, width, height are all
    zero, then the Monitor geometry will be dynamically defined to
    be the bounding box of the geometry of the active CRTCs
    associated with them.

    If 'name' matches an existing Monitor on the screen, the
    existing one will be deleted as if RRDeleteMonitor were called.

    For each output in 'info.outputs, each one is removed from all
    pre-existing Monitors. If removing the output causes the list of
    outputs for that Monitor to become empty, then that Monitor will
    be deleted as if RRDeleteMonitor were called.

    Only one monitor per screen may be primary. If 'info.primary'
    is true, then the primary value will be set to false on all
    other monitors on the screen.

    RRSetMonitor generates a ConfigureNotify event on the root
    window of the screen.

    window : WINDOW
    name: ATOM
    Errors: Window, Atom, Value

    Deletes the named Monitor.

    'name' must be a valid atom or an Atom error results.

    'name' must match the name of a Monitor on the screen, or a
    Value error results.

    RRDeleteMonitor generates a ConfigureNotify event on the root
    window of the screen.


Kelvin ThomsonLiberal Government Wimps Out on Multinational Tax Avoidance

Today's reports that Treasurer Joe Hockey has backed away from action to tackle companies that avoid tax by shifting billions of dollars in profits between Australia and their international subsidiaries are remarkable for a number of reasons.<o:p></o:p>

First, the Government said it would act to stop tax avoidance by profit shifting across international borders – though given the mountainous pile of broken promises perhaps a gap between promise and performance is no longer remarkable.<o:p></o:p>

Second, the issue of global corporations loading up subsidiaries with debt so they can claim to have made all their profits in low tax jurisdictions was a major topic of discussion at the G20 Conference, where countries were urged by civil society to stop global tax avoidance. Australia needs to be part of the international effort to combat this.<o:p></o:p>

Third, only this week the government was crying poor in releasing its MYEFO estimates and saying it had suffered a revenue downturn and would have to cut spending. The projected benefit to the revenue from abolishing deductions under Section 25-90 of the Income Tax Assessment Act is $600 million. Before the government attacks students, pensioners and the unemployed it should enact this measure and make sure multinational corporations are paying their fair share of tax.


LongNowFerreting the Genome

Revive & Restore Unveils Open Genomics for Conservation Initiative

Revive & Restore is embarking on its first open-access science initiative – Ferreting the Genome: Open Genomics for Conservation. The initiative will enlist the help of the public to understand how the black-footed ferret gene pool has changed from the founding population to the current generation. The goal is to determine, through this understanding, how genetic rescue techniques might be applied to conserve the species.

The black-footed ferret is a model species for this research; information from this initiative will aid the designs of captive breeding programs worldwide. From the website anyone can link to the first fully sequenced black-footed ferret nuclear genomes and participate in the analysis and interpretation of the data.

If open-access science for genetic rescue emerges as a successful method for gaining relevant insight into a large genomic dataset, it too could become a model method for finding genomic conservation solutions for endangered species.

Why the Black-footed Ferret?

Photo by J. Michael Lockhart, USFWS

The past 25 years of captive breeding have led to a loss of genetic diversity. Genetic diversity has been shown in conservation to be directly related to the health, or long-term survival/adaptability, of a species. For the black-footed ferret, genetic rescue means finding ways to bring back the diversity lost from inbreeding. The Black-footed Ferret Recovery Program has already pioneered genetic rescue techniques with advanced reproductive technologies, producing ferrets from “cryogenic artificial insemination” using 20-year-old cryopreserved spermatozoa to fertilize living females. These ferrets, born from parents spanning 20 years of generations, may bring back lost genetic diversity. The continuing decline of genetic variability in the black-footed ferret’s gene pool urgently needs a solution.

Dr. Oliver Ryder, Adjunct Professor of Behavior and Evolution at UC San Diego and Director of Genetics, Kleberg Chair at the San Diego Zoo Global will blog from time to time about the progress of this exciting initiative and respond to comments. Read his blog here.

Cryogenic artificial insemination is a powerful tool, but may be aided by other advanced reproductive strategies and de-extinction techniques; the first stage in diversifying genetic rescue methods lies in the genomes of ferrets both present and past – this is where our initiative begins. DNA samples of two living ferrets born in captivity – Cheerio and Balboa – were provided by the Black-footed Ferret Recovery Team and cell cultures from two additional ferrets – an unnamed male wild-caught at Meeteetse between 1985-1987 and Willa, wild-caught at Meeteetse between 1985-1987 – were provided by the San Diego Frozen Zoo.

Cofactor Genomics, sponsored by Revive & Restore, sequenced the DNA samples provided by the US Fish & Wildlife Service and the San Diego Frozen Zoo. The closely related domestic ferret is used extensively for human medical research, and its genome has been thoroughly sequenced and analyzed by the Broad Institute. That data is linked from the website and offers an excellent reference genome for the black-footed ferret material: as much as 92% of the black-footed ferret genome can be mapped and analyzed with the domestic ferret genome.

Please join us to conserve this endangered species. Send your comments or questions to

Planet DebianGregor Herrmann: GDAC 2014/16

today I met with a young friend (attending the final year of technical high school) for coffee. he's exploring free software since one or two years, & he's running debian jessie on his laptop since some time. it's really amazing to see how exciting this travel into the free software cosmos is for him; & it's good to see that linux & debian are not only appealing to greybeards like me :)

this posting is part of GDAC (gregoa's debian advent calendar), a project to show the bright side of debian & why it's fun for me to contribute.

Krebs on SecurityBanks: Park-n-Fly Online Card Breach

Multiple financial institutions say they are seeing a pattern of fraud that indicates an online credit card breach has hit Park-n-Fly, an Atlanta-based offsite airport parking service that allows customers to reserve spots in advance of travel via an Internet-based reservation system. The security incident, if confirmed, would be the latest in a string of card breaches involving compromised payment systems at parking services nationwide.

park-n-flyIn response to questions from KrebsOnSecurity, Park-n-Fly said it recently engaged multiple outside security firms to investigate breach claims made by financial institutions, but so far has been unable to find a breach of its systems.

“We have been unable to find any specific issues related to the cards or transactions reported to us and by the financial institutions,” wrote Michael Robinson, the company’s senior director of information technology, said in an emailed statement. “While this kind of incident is rare for us based on our thousands of daily transactions, we do take every instance very seriously. Like any reputable company involved in e-commerce today we recognize that we must be constantly vigilant and research every claim to root out any vulnerabilities or potential gaps.”

Park-n-Fly’s statement continues:

“While we believe that our systems are very secure, including SLL encryption, we have recently engaged multiple outside security firms to identify and resolve any possible gaps in our systems and as always will take any action indicated. We have made all necessary precautionary upgrades and we just upgraded on 12/9 to the latest EV SSL certificate from Entrust, one of the leading certificate issuers in the industry.”

Nevertheless, two different banks shared information with KrebsOnSecurity that suggests Park-n-Fly — or some component of its online card processing system — has indeed experienced a breach. Both banks saw fraud on a significant number of customer cards that previously  — and quite recently — had been used online to make reservations at a number of more than 50 Park-n-Fly locations nationwide.

Unlike card data stolen from main street retailers, which can be encoded onto new plastic and used to buy stolen goods in physical retail stores — cards stolen from online transactions can only be used by thieves for fraudulent online purchases. However, most online carding shops that sell stolen card data in underground stores market both types of cards, known in thief-speak as “dumps” and “CVVs,” respectively.

The CVVs stolen that bank sources traced back to Park-and-Fly are among thousands currently for sale in four large batches of card data (dubbed “Decurion”) being peddled at Rescator[dot]cm, the same crime shop that first moved cards stolen in the retail breaches at Home Depot and Target. The card data ranges in price from $6 to $9 per card, and include the card number, expiration date, 3-digit card verification code, as well as the cardholder’s name, address and phone number.

Cards that banks traced back to Park-n-Fly were all for sale at Rescator's shop.

Cards that banks traced back to Park-n-Fly were all for sale at Rescator’s shop.

Last month, SP Plus — a Chicago-based parking facility provider — said payment systems at 17 parking garages in Chicago, Philadelphia and Seattle that were hacked to capture credit card data after thieves installed malware to access credit card data from a remote location. Card data stolen from those SP+ locations ended up for sale on a competing cybercrime store called Goodshop.

In Missouri, the St. Louis Parking Company recently disclosed that it learned of breach involving card data stolen from its Union Station Parking facility between Oct. 6, 2014 and Oct. 31, 2014.

CryptogramFake Cell Towers Found in Norway

In yet another example of what happens when you build an insecure communications infrastructure, fake cell phone towers have been found in Oslo. No one knows who has been using them to eavesdrop.

This is happening in the US, too. Remember the rule: we're all using the same infrastructure, so we can either keep it insecure so we -- and everyone else -- can use it to spy, or we can secure it so that no one can use it to spy.

Tom LimoncelliThis is so egotistical but I had to say it somewhere...

3 months and still doesn't mention the new book (by the way, wikipedia policy prohibits me from editing that page)

Sociological ImagesThe Paradox of Women’s Sexuality in Breast Feeding Advocacy and Breast Cancer Campaigns

My sister-in-law Charlotte was recently loudly admonished by a flight attendant on an international flight for allowing her “breast to fall out” after she fell asleep while nursing her baby. A strong advocate for breastfeeding, Charlotte has shared with me her own discomfort with public breastfeeding because it is considered gross, matronly, and “unsexy.”

I heard this over and over again from women I have interviewed for my research:  Women who breastfed often feel they have to cover and hide while breastfeeding at family functions. As one mom noted, “Family members might be uncomfortable so I leave room to nurse—but miss out on socializing.”  This brings on feelings of isolation and alienation. Because of the “dirty looks” and clear discomfort by others, women reported not wanting to breastfeed in any situation that could be considered “public.”

Meanwhile, I flip through the June 2012 issue of Vanity Fair and see this ad:


We capitalize on the sexualization of the breast to raise awareness about breast cancer. Yet, we cringe at the idea of a woman nursing her child on an overnight flight.

What’s happening here? These campaigns send contradictory messages to women about their breasts and the way women should use them, but they have something in common as well: both breastfeeding advocacy and breast cancer awareness-raising campaigns tend to reduce women to body parts that reflect the social construction of gender and sexuality.

Breast cancer awareness campaigns explicitly adopt a sexual stance, focusing on men’s desire for breasts and women’s desire to have breasts to make them attractive to men. Breast milk advocates focus on the breast as essential for good motherhood. Breastfeeding mothers sit at the crossroads: Their breasts are both sexualized and essential for their babies, so they can either breastfeed and invoke disgust, or feed their child formula and attract the stigma of being a bad mother.

Both breastfeeding advocacy programs and breast cancer awareness-raising campaigns demonstrate how socially constructed notions of ownership and power converge with the sexualization and objectification of women’s breasts. And, indeed, whether breast feeding or suffering breast cancer, women report feeling helpless and not in control of their bodies. As Jazmine Walker has written, efforts to “help” women actually “[pit] women against their own bodies.”

Instead, we need to shift away from a breast-centered approach to a women-centered approach for both types of campaigns. We need to, as Jazmine Walker advocates, “teach women and girls how to navigate and control their experiences with health care professionals,” instead of pushing pink garb and products and sexualizing attempts to raise awareness like “save the ta-tas.”  Likewise, we need to support women’s efforts to breastfeed, if they choose to, instead of labeling “bad moms” if they do not or cannot. Equipped with information and bolstered by real sources of support, women will be best able to empower themselves.

Jennifer Rothchild, PhD is in the sociology and gender, women, & sexuality studies departments at the University of Minnesota, Morris. She is the author of Gender Trouble Makers: Education and Empowerment in Nepal and is currently doing research on the politics of breastfeeding.

(View original at

Planet Linux AustraliaAndrew Pollock: [life] Day 321: Some tide pooling and tree climbing, park fun and a haircut

Zoe slept all night and even slept in a little bit, which was nice, given her late night.

I thought that given it was a nice day and the tide times were well suited for it, that we could go out to Wellington Point again, and walk out to King Island. I suspect the school holidays are going to be a bit of a "best of" things that we've done throughout the year.

I whipped up a quick picnic lunch after breakfast, and we made it out there in good time for low tide. We didn't end up walking all the way out to King Island. Zoe had a great time looking at all the baby crabs running around and went fossicking for shells instead. After a while doing that and not making a lot of progress towards King Island, she'd had enough, so we turned around and had a bit of a play in the park, which included some climbing on the big climbing tree. Zoe wasn't particularly confident this time around, and was resorting to shimmying along the tree, which wasn't terribly compatible with her choice of clothing.

After that, we pulled out the picnic blanket and had a lovely picnic in the shade. The weather really was beautiful today. Not a cloud in the sky, not too hot, and a nice cool breeze.

After lunch, we went back to the playground, and Zoe had another go climbing the tree. This time, after I pointed out that it was just like the balance beam at Tumble Tastics, she veritably charged up the tree walking upright.

She was actually a little too confident, and once she reached the trunk headed up the higher branch running perpendicular to the long low one. I lost my nerve once she got about 10 metres above the ground and out over the concrete and picnic tables, and asked her to come back down. She was doing fine, but I was more worried about how she was going to turn around, and if she was going to lose her nerve and get stuck up there.

I was glad when she made it back down safe and sound. I'm proud to have such a confident and capable daughter, but sometimes it's hard being a free range parent.

We headed home after that, and did a spot of grocery shopping for dinner on the way home. Zoe wanted to go to the park, so after we got home and unpacked, we biked back to the park for a little while, before biking to our haircut appointment.

After that, it was dinner and bed time. I'm hoping we'll have another good night's sleep.

Worse Than FailureCodeSOD: JSON at Crystal Lake

Trevor found an unusual bug. Every customer had a GUID, but for some reason, their JSON API failed if there were ever more that 75 results.

He checked the web layer, only to find that it didn’t actually build the JSON- it just returned a string. The string itself came from their Oracle database. That’s where this procedure came from:

  InCustomerGuid IN VARCHAR2,
  OutCustomerGuidArray OUT VARCHAR2,
  OutResult OUT NUMBER,
  OutResultMessage OUT VARCHAR2
) AS
  vCustomerGuidArray VARCHAR2(4000);
  vCustomerGuid VARCHAR2(40);
  OutResult := 0;
  OutResultMessage := NULL;

  vCustomerGuid := UPPER(RTRIM(LTRIM(InCustomerGuid, &apos{&apos), &apos}&apos));
  IF( InCustomerGuid IS NOT NULL )
    SELECT &apos{"keys":[{"key":"&apos || Customer_Guid || &apos","type":"CUSTOMER"}]}&apos
    INTO vCustomerGuidArray
    FROM Customers
    WHERE Customer_Guid = vCustomerGuid;      
    vCustomerGuidArray := &apos{"keys":[&apos;

    FOR Customer_Item IN (SELECT Customer_Guid FROM Customers) LOOP
      vCustomerGuidArray := vCustomerGuidArray || &apos{"key":"&apos || Customer_Item.Customer_Guid || &apos","type":"CUSTOMER"},&apos;

    vCustomerGuidArray := RTRIM(vCustomerGuidArray, &apos,&apos);
    vCustomerGuidArray := vCustomerGuidArray || &apos]}&apos;
  OutCustomerGuidArray := vCustomerGuidArray;

      OutCustomerGuidArray := NULL;
    OutResult := 20000;
    OutResultMessage := &apostoo many customer guids to send back to caller&apos;


Like the Nintendo game, somebody’s missing the point of JSON

Pick your WTF: generating JSON in the database, generating JSON by string concatenation <script src="" type="text/javascript"></script>, not being more careful about sizing a VARCHAR2 variable, or using Oracle.

<link href="" rel="stylesheet"/> <script src=""></script> <script>hljs.initHighlightingOnLoad();</script>

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet Linux AustraliaAndrew Pollock: [life] Day 320: Home handyman stuff and visiting relatives

The screws had pulled out of the door frame on the bottom hinges of Zoe's door. I'd found a pretty straightforward looking Instructable on how to repair the situation. As I had a lot of dowel left over from when I built a couple of clothes lines for Zoe, I cut a few short pieces from the long length I had.

Unfortunately getting an exact length was impossible, so I had a bit of dowel sticking out that I needed to sand down, so after Sarah dropped Zoe off, we headed over to Bunnings to get a small drill-mounted sanding disc so I could sand them flush with the door frame.

After I successfully fixed the door, I thought we should go visit Bryce, since it's been quite a while since we've seen him. He wasn't feeling up for an outing, so we just visited him in the Masonic Centre at Sandgate and took him some mince pies.

Since we were relatively close to my parents, we dropped in on them for lunch afterwards, and we watched the photo slideshow DVD that Zoe's Kindergarten had given me on her second-last day, and flicked through her "yearbook" and portfolio.

Zoe napped in the car on the way home, and based on some behaviour in the morning, I figured she could do with it, so I let her nap a bit longer and we drove into the city to pick up her lunchbox from Biome. I probably blew the benefit of shaving on shipping by using their "click and collect" option by paying to park in the Myer Centre, but Zoe was certainly perkier after her nap.

After that, we went home, and I made a quick dinner. I wasn't going to attend my final Thermomix branch meeting because I had Zoe, but I decided in the morning, that given it wasn't a "school night", and the meeting was closer to home than usual. that I might try getting her all ready for bed and bringing her with me.

Fortunately I still had her Trunki all packed with amusements from our US trip in July, so I brought that with us, and that kept her sufficiently amused. She came up for a few cuddles at various points, but was otherwise happy to play quietly at the back of the room. She was really well behaved, and my Group Leader again complimented her on how well behaved she was.

That made for a bit of a late bedtime, but she did well. The nap in the car definitely helped.

Planet Linux News: Speaker Feature: Jonathan Corbet, Josh Berkus, Mark McClain

Jonathan Corbet

Jonathan Corbet

The kernel report

11:35am Wednesday 14th January 2015

Jonathan Corbet is the lead editor of, co-author of Linux Device Drivers, a member of the Linux Foundation's Technical Advisory Board, and a occasional kernel contributor.

For more information on Jonathan and his presentation, see here.

Josh Berkus

Josh Berkus

PostgreSQL Replication Tutorial

1:20pm Wednesday 14th January 2015

Josh Berkus is best known as a core team member of the global PostgreSQL database project. He's also CEO of PostgreSQL Experts Inc., and sits on the board of several database startups. As well as PostgreSQL, Josh dabbles Python, Perl, Redis, and Docker these days, but ask him for an update when you see him. He's had a Linux desktop since 1998.

For more information on Josh and his presentation, see here.

Mark McClain

Mark McClain

Tunnels and bridges: A drive through OpenStack Networkings

1:20pm Thursday 15th January 2015

Mark McClain is a Senior Principal Architect at Yahoo!, member of the OpenStack Technical Committee, and is a core reviewer of the the OpenStack Networking Project. He served as the Technical Lead for Neutron during the Havana and Icehouse cycles. Mark has 14 years of software development experience and OpenStack Networking combines two of his favorite interests: networking and Python.

For more information on Mark and his presentation, see here.

Planet DebianRaphael Geissert: Editing Debian online with

How cool would it be to fix that one bug you just found without having to download a source package? and without leaving your browser?

Inspired by github's online code editing, during Debconf 14 I worked on integrating an online editor on debsources (the software behind Long story short: it is available today, for users of chromium (or anything supporting chrome extensions).

After installing the editor for extension, go straight to and enjoy!

Go from simple debsources:

To debsources on steroids:

All in all, it brings:
  • Online editing of all of Debian
  • In-browser patch generation, available for download
  • Downloading the modified file
  • Sending the patch to the BTS
  • Syntax highlighting for over 120 file formats!
  • More hidden gems from Ace editor that can be integrated thanks to patches from you

Clone it or fork it:
git clone

For example, head to apt's source code, find a typo and correct it online: open, click on edit, make the changes, click on email patch. Yes! it can generate a mail template for sending the patch to the BTS: just add a nice message and your patch is ready to be sent.

Didn't find any typo to fix? how sad, head to codesearch and search Debian for a spelling mistake, click on any result, edit, correct, email! you will have contributed to Debian in less than 5 minutes without leaving your browser.

The editor was meant to be integrated into debsources itself, without the need of a browser extension. This is expected to be done when the requirements imposed by debsources maintainers are sorted out.

Kudos to Harlan Lieberman who helped debug some performance issues in the early implementations of the integration and for working on the packaging of the Ace editor.


Planet DebianGustavo Noronha Silva: Web Engines Hackfest 2014

For the 6th year in a row, Igalia has organized a hackfest focused on web engines. The 5 years before this one were actually focused on the GTK+ port of WebKit, but the number of web engines that matter to us as Free Software developers and consultancies has grown, and so has the scope of the hackfest.

It was a very productive and exciting event. It has already been covered by Manuel RegoPhilippe Normand, Sebastian Dröge and Andy Wingo! I am sure more blog posts will pop up. We had Martin Robinson telling us about the new Servo engine that Mozilla has been developing as a proof of concept for both Rust as a language for building big, complex products and for doing layout in parallel. Andy gave us a very good summary of where JS engines are in terms of performance and features. We had talks about CSS grid layouts, TyGL – a GL-powered implementation of the 2D painting backend in WebKit, the new Wayland port, announced by Zan Dobersek, and a lot more.

With help from my colleague ChangSeok OH, I presented a description of how a team at Collabora led by Marco Barisione made the combination of WebKitGTK+ and GNOME’s web browser a pretty good experience for the Raspberry Pi. It took a not so small amount of both pragmatic limitations and hacks to get to a multi-tab browser that can play youtube videos and be quite responsive, but we were very happy with how well WebKitGTK+ worked as a base for that.

One of my main goals for the hackfest was to help drive features that were lingering in the bug tracker for WebKitGTK+. I picked up a patch that had gone through a number of iterations and rewrites: the HTML5 notifications support, and with help from Carlos Garcia, managed to finish it and land it at the last day of the hackfest! It provides new signals that can be used to authorize notifications, show and close them.

To make notifications work in the best case scenario, the only thing that the API user needs to do is handle the permission request, since we provide a default implementation for the show and close signals that uses libnotify if it is available when building WebKitGTK+. Originally our intention was to use GNotification for the default implementation of those signals in WebKitGTK+, but it turned out to be a pain to use for our purposes.

GNotification is tied to GApplication. This allows for some interesting features, like notifications being persistent and able to reactivate the application, but those make no sense in our current use case, although that may change once service workers become a thing. It can also be a bit problematic given we are a library and thus have no GApplication of our own. That was easily overcome by using the default GApplication of the process for notifications, though.

The show stopper for us using GNotification was the way GNOME Shell currently deals with notifications sent using this mechanism. It will look for a .desktop file named after the application ID used to initialize the GApplication instance and reject the notification if it cannot find that. Besides making this a pain to test – our test browser would need a .desktop file to be installed, that would not work for our main API user! The application ID used for all Web instances is org.gnome.Epiphany at the moment, and that is not the same as any of the desktop files used either by the main browser or by the web apps created with it.

For the future we will probably move Epiphany towards this new era, and all users of the WebKitGTK+ API as well, but the strictness of GNOME Shell would hurt the usefulness of our default implementation right now, so we decided to stick to libnotify for the time being.

Other than that, I managed to review a bunch of patches during the hackfest, and took part in many interesting discussions regarding the next steps for GNOME Web and the GTK+ and Wayland ports of WebKit, such as the potential introduction of a threaded compositor, which is pretty exciting. We also tried to have Bastien Nocera as a guest participant for one of our sessions, but it turns out that requires more than a notebook on top of a bench hooked up to   a TV to work well. We could think of something next time ;D.

I’d like to thank Igalia for organizing and sponsoring the event, Collabora for sponsoring and sending ChangSeok and myself over to Spain from far away Brazil and South Korea, and Adobe for also sponsoring the event! Hope to see you all next year!

Web Engines Hackfest 2014 sponsors: Adobe, Collabora and Igalia

Web Engines Hackfest 2014 sponsors: Adobe, Collabora and Igalia

Falkvinge - Pirate PartyBitcoin Is To Credit Cards What The Internet Was To The Fax Machine: So Much More

Bitcoin concept

Civil Liberties: Many are still seeing bitcoin as just a currency, as just a transaction mechanism. Its underlying technology is far more than that. It has the ability to reduce governments to spectators rather than arbiters, the power to make wars cost-inefficient, and the power to decentralize power itself.

The past three weeks have carried a bitcoin special on Liberties Report, starting out with examining the bitcoin currency itself, moving on to looking at the power of the underlying blockchain technology, and finally discussing how much power in society rests with controlling the ledger and the implications of disrupting that.

Parts one, two, and three –

<object data="" height="376" type="application/x-shockwave-flash" width="621" wmode="transparent"><param name="movie" value=""/></object>

<object data="" height="376" type="application/x-shockwave-flash" width="621" wmode="transparent"><param name="movie" value=""/></object>

<object data="" height="376" type="application/x-shockwave-flash" width="621" wmode="transparent"><param name="movie" value=""/></object>


Part One

Good evening, and welcome to Liberties Report week 47. Tonight’s a bitcoin special, the first of three parts, where we’ll go over why most people are focusing on the wrong thing with regards to the nascent cryptocurrency.

Most people, when they discuss bitcoin, appear to discuss its exchange rate. And sure – it has been an excellent investment, increasing its value by five orders of magnitude since 2009. Whatever amount you put in then, now has five more zeroes after it. There are few – if any – investments that can match.

And yet, bitcoin’s relevance as an investment pales for its relevance in every other aspect. The exchange rate frankly doesn’t matter. Not any more than its ability to provide enough value to the people who want to use its value.

What matters is that one person or a group of people using a Japanese-sounding name solved a very hard problem in 2008 that made it unnecessary to have a trusted party – like a bank – to keep track of the economy. Instead, the economy could be a group knowledge, the same way a language works – a phenomenon where nobody and everybody is responsible for maintaining the group knowledge of its changing nature.

So they built a bank that had no central point of control, but where everybody was aware of all the accounts all the time instead – just like everybody speaking a language share the knowledge of the words and their meanings.

I did my first bitcoin transaction early 2011. It was: – on a Sunday, – value of cup of coffee, – to a friend on the other side of the planet, – instant, – no fees, – nobody able to track, prevent, seize, – no blockades applied, – did not log on to a bank; did not identify at all.

When you use bitcoin for the first time like this, that’s when the penny really drops. You feel like you’ve just jumped 40 years into the future.

When you do this, you realize that the notion of a distributed economy is going to just dropkick today’s financial sector and banking as a concept. Bitcoin is going to do to banks what email did to the postal services.

And in such a system, just like you can’t point a gun at somebody and have them change the meaning of a word in a language, you can’t point a gun at somebody and have them change what or how much somebody owns – and that’s entirely regardless of whether that gun is legal or illegal.

Yes, that means law enforcement can no longer seize money. Nor prevent transactions. Nor apply any kind of blockade on the national or individual level.

Some people in law enforcement have complained to me that our elected representatives are unable to make laws that regulate such an economic system. I counter with the observation that a parliament is equally unable to legislate about a language, and yet, a language is arguably very democratic. How could it be seen as undemocratic if the state of the economy shifts from one form – the commandable – to another – the state of a language, the shared group knowledge?

I predict that this will be a hard pill to swallow for many – that it’s not a matter of whether bitcoin is legal or illegal, but that it’s already outside the realm of what can be described as legal or illegal, just like a language.

The next step, of course, is the realization that if the government can’t see or seize funds or transactions, they can’t see or seize an individual’s wealth or income. That means future taxation is completely up in the air at this point.

And when taxation is up in the air, or even jeopardized, that’s when the heavy government boots come in. But the government is used to fighting against single actors; this time, it’s fighting against an agreement. The government is going to try to apply violence against something as elusive as a language.

It won’t be successful, but it won’t be pretty, either. And besides, it’s just the first step in the developments to come. To be continued in parts two and three.

I’m Rick Falkvinge, and this is Liberties Report. Visit our sponsor, Private Internet Access. Good night.

Part Two

Good evening, and welcome to Liberties Report week 48 – part two of our bitcoin special series.

In part 1, we discussed how bitcoin is decentralized, and what that means in terms of not being able to regulate it by force. Like a language, bitcoin is effectively an agreement between millions of people – and agreements do not have a central point of control, nor a single point of failure, which a nation-state government could exploit to attack it in order to safeguard its own central-bank currency as preferential.

In effect, we are seeing another war of planned economy vs. market economy play out, only in the currency sphere. On one side, we have central banks who insist on running a planned economy; on the other side, we have a nascent market economy where there is no such thing as a central point of control for a store of value and unit of exchange.

We have seen multiple times in history how well planned economies are able to compete with market economies, and the answer in short is “not at all”. The difference in perspective would be that central banks would not consider themselves a planned economy; it’s just the people who have become aware of an alternative who realize that they are.

However, in this second part, let’s take a closer look at the underlying technology of bitcoin – the so-called blockchain. In 2008, a person or a group of people using the name Satoshi Nakamoto published a paper, which solved a very difficult problem – how to make a group of people agree on a set of continuously changing data, like a set of accounts with changing balances. The solution was to have 51% of the involved people agree on the dataset, and communicate that 51% were in agreement by showing superior processing capability over the minority. This may sound like an obvious solution, but technically, it was a really hard nut to crack.

And so, blockchain technology was used to create a decentralized currency. However, that was – is – just one application of blockchain technology. It can be used to track any asset, and it’s easy to predict that it will be used to track all assets because of the technology’s cost-efficiency and accuracy in doing so.

This has enormous implications.

Let’s look at the origins of the nation-state government. Its first function was civil arbitration – to settle disputes, and do so by right of force, by the “might makes right” principle. Soon, it was established that the nation-state government owned and controlled the ledger of assets – it was controlling who owned what, and importantly, was therefore also able to change who owned what. While the initial function of this would have been to enforce civil arbitration, it rapidly expanded to collecting taxes without consent – after all, if the nation-state government can move assets from one citizen to another citizen, it also capable of moving assets from one citizen to itself.

With assets tracked by blockchain technology instead, the nation-state governments are about to lose this ability. They are about to lose control of the ledgers – they are being reduced to spectators of the ledger, just like everybody else has been a spectator of the ledgers under control of the governments for the past couple of centuries.

After all, if you control who owns what in society, you effectively control that society. You could change ownership of everything and anything, including changing ownership of things to yourself. Coincidentally, this is exactly what governments have been doing with taxation.

With blockchain technology, the concept of taxation is therefore completely up in the air. Governments are no longer able to see somebody’s income nor wealth, and therefore, can’t base taxes on those factors. More importantly, they can’t seize money by authority or force for taxation – seizing funds and assets requires cooperation by their rightful owner, which is a complete game-changer.

(Specifically, a government can no longer go to a citizen’s bank and seize funds straight out of their bank account. They can’t get resources by approaching a complicit third party, like a bank. They actually need to seize funds straight from the owner in question, and can’t do so without that owner’s cooperation – voluntary or forced.)

Let’s look at Cyprus as one example of this, where the government didn’t even collect taxes this way – it simply confiscated bank savings to save itself. That’s another lesson right there, by the way: a government will always save itself before it saves its citizens, and given a choice, the government itself always comes first.

What happened on Cyprus was that the government was effectively looking down from the top of a cliff; they were at the end of their road. It needed a way to save itself, but would not get emergency loans unless it showed some effort to fix the problem in part by itself. So what it did was to swoop in to one of the country’s banks and just take – confiscate – a rather large portion of people’s savings if they exceeded a minimum amount. You’ll see this rewritten as a “tax”, a “levy”, or other nicer words; it wasn’t. Taxes and levies follow laws established by a legislative body. This was an executive decision, better known as a confiscation, or if you like, a lawful theft. Or rather robbery, actually, since it was backed by threat of violence if you didn’t comply. Lawful robbery, mind you. Which goes to show a number of the many, many problems with such a procedure.

Nevertheless, world leaders applauded the Cyprus initiative rather than being rightfully horrified, and it’s now being established as a template for dealing with future crises of that type.

Of course, bitcoin users were not affected by the Cyprus confiscations, nor will they be affected when the Cyprus confiscations are used as a template elsewhere in the future. This should be more of a concern to today’s governments than they’re letting on.

For let’s look at what’s in the pipeline with blockchain technology:

We have self-arbitrating contracts with Ethereum technology. Normally, when you draft a contract, if you later disagree with the other party, you would go to a judge and ask them to settle the dispute. Imagine if the contract was able to automatically and independently settle that dispute for you? That’s Ethereum, built on blockchain technology.

You’ll notice that this strikes directly at the heart of the nation-state government. As already noted, civil arbitration is the foundation that the entire modern nation-state rests on, and that function is now seeing itself getting outcompeted on its home field by somebody else that simply does the job better.

Next, we have incorporation and equity with Counterparty technology. Obviously, you’d hear people snicker about which courts would possibly recognize incorporation with a technology they can’t even spell – but that’s before you remember that these companies don’t use the governmental courts in the first place: they use self-arbitrating contracts.

Third in the pipeline, you can find things like land registry and social services with the future BitNation technology.

We can see that these are services that compete head-on with services that are provided by governments today, which is why the mid-term future will be very interesting. Things we have taken for granted will turn out to be not so at all.

If bitcoin forces the question why we needed a central bank in the first place – as it has done – then blockchain technology as a larger concept is starting to force the question exactly why we need a central government. That’s a question that hasn’t been asked, that hasn’t even been possible to ask. It’s necessary to be able to answer that question, and more importantly, to do so with credibility. We’re in for a lot of changes.

In part three of this bitcoin analysis, we will take a closer look at how the power is all about the ledger, and how blockchain technology changes that dynamic completely.

I’m Rick Falkvinge, and this is Liberties Report. Visit our sponsor, Private Internet Access. Good night.

Part Three

Good evening, and welcome to Liberties Report week 49, part three in our three-part series explaining why Bitcoin and the Blockchain are so thoroughly disruptive.

In part one, we looked at bitcoin as such, as a market meta-economy rather than a planned meta-economy: when the tokens that maintain the economy are themselves subjected to market forces, that gives such a meta-economy the same structural advantage as market vs. planned has demonstrated in all other areas.

In part two, we looked closer at bitcoin’s underlying blockchain technology, and how it can be used to maintain a ledger of public accounts – not just financial accounts, but any accounts, and how this will challenge the nation-state governments at their core business in pure market cost-efficiency. We also observed that governments, having lost control of the financial ledger, will no longer be able to seize funds without the owner’s cooperation – voluntary or forced – and what a game-changer that is.

In this part three, we will take a closer look at just how central to power this concept of a ledger really is, and what profound effects it will have when nobody is able to command and control it as they have been.

When you abstract the concept of a ledger a bit, and step away to see the big picture, you can see that it’s about control. And most conflicts in humanity have been about that control.

Take land registry, for example, like we’ve discussed. Imagine for a moment that land registry is maintained on the blockchain – who owns what plot of land, and that there’s general consensus, even between nations, that this is the authoritative ledger. Imagine so much was built on this assumption that it was simply the holder of truth.

Such a development, which is likely in the long term, has quite a few implications. For one, you would not see an abuse of the governmental court system by interested parties trying to seize land – say, for fossil fuel extraction purposes. Courts would not have authority over the blockchain, or at least not the authority they hold today, as blockchain does not lend itself to changing ownership of a token by somebody else than that token’s previous owner.

But it goes far beyond courts. Remember how we established that control of the ledger was crucial to power? Most conflicts have been about not just control of a particular ledger, but fights about which ledger to use. In the past, when a country invaded a neighbor, that government’s ledgers became null and void overnight as a new government was established with blank ledgers – or more commonly, ledgers filled in to benefit the invading nation and its citizens rather than whomever the previous government supported as rightful owner.

Thus, we can observe that most conflicts – from the small neighborhoodly all the way up to wars among nations – can be described as control of the ledger.

Now, then, imagine what happens when the ledger does not lend itself anymore to being be controlled by force or threat of force as it is today, due to a fundamentally changed nature, when it is a shared agreement – and that agreement has so much else built on top of it, that you just can’t yank that agreement away – sort of like how a language works, as we observed before?

The consequence of that is that a plot of land doesn’t change owner because your belligerent neighbor parks a squadron of tanks on the plot of land. Warfare as we know it, using violence to fight over which ledger to use, becomes not cost-efficient. (And just for the record, warfare has almost always been about financial advantage or resource advantage – demonizing the enemy has been the scapegoat and the superficial reason to convince teenagers to go out and die.) It’s when these pieces fall into place that you start to realize the scale of the long-term consequences of bitcoin technology.

It’s hard to see really disruptive technologies for how they can be used to their potential. The generation inventing a new technology tend to be restricted in their mindset to seeing what thing of old it replaces, rather than seeing the new technology on its own merits. It’s usually the next generation, the people who grew up without even seeing the thing of old, that take full advantage of the new technology. Sometimes even the generation after that, as was the case with electricity, for example.

When the Internet arrived at scale, there were people who were expressing concerns it might replace the fax machine. It turned out to be a little more than that, once it was seen on its own merits rather than on the merits of what it replaced.

When bitcoin arrived, it was seen as a better banking system and a cheaper credit card. It has the potential to be a little more than that, once it is seen on its own merits rather than what it’s replacing. And yet – the things mentioned in this series: self-arbitrating contracts, replacing courts, even replacing wars – that’s just technologies that are in the pipeline already. That’s the Internet technology equivalent of 1992.

This is the promise of bitcoin technology – or even a small part of the promise of bitcoin technology. It goes far, far beyond being a simpler credit card.

I’m Rick Falkvinge, and this is Liberties Report. Visit our sponsor, Private Internet Access. Good night.

Planet DebianGregor Herrmann: GDAC 2014/15

nothing exciting today in my debian life. just yet another nice example of collaboration around an RC bug where the bug submitter, the maintainer & me investigated via the BTS, & the maintainer also got support on IRC from others. – now we just need someone to come up with an actual fix for the problem :)

this posting is part of GDAC (gregoa's debian advent calendar), a project to show the bright side of debian & why it's fun for me to contribute.

Planet DebianHolger Levsen: 20121214-not-everybody-is-equal

We ain't equal in Debian neither and wishful thinking won't help.

"White people think calling them white is racist." - "White people think calling them racist is racist."

(Thanks to and via 2damnfeisty and blackgirlsparadise!)

Posted here (in this white male community...) as a food for thought. What else is invisible for whom? Or hardly visible or distorted or whatever shade of (in)visible... - and how can we know about things we cannot (yet) see...

Krebs on SecurityIn Damage Control, Sony Targets Reporters

Over the weekend I received a nice holiday letter from lawyers representing Sony Pictures Entertainment, demanding that I cease publishing detailed stories about the company’s recent hacking and delete any company data collected in the process of reporting on the breach. While I have not been the most prolific writer about this incident to date, rest assured such threats will not deter this reporter from covering important news and facts related to the breach.

A letter from Sony's lawyers.

A letter from Sony’s lawyers.

“SPE does not consent to your possession, review, copying, dissemination, publication, uploading, downloading, or making any use of the Stolen information, and to request your cooperation in destroying the Stolen Information,” wrote SPE’s lawyers, who hail from the law firm of Boies, Schiller & Flexner.

This letter reminds me of one that I received several years back from the lawyers of Igor Gusev, one of the main characters in my book, Spam Nation. Mr. Gusev’s attorneys insisted that I was publishing stolen information — pictures of him, financial records from his spam empire “SpamIt” — and that I remove all offending items and publish an apology. My lawyer in that instance called Gusev’s threat a “blivit,” a term coined by the late, great author Kurt Vonnegut, who defined it as “two pounds of shit in a one-pound bag.”

For a more nuanced and scholarly look at whether reporters and bloggers who write about Sony’s hacking should be concerned after receiving this letter, I turn to an analysis by UCLA law professor Eugene Volokh, who posits that Sony “probably” does not have a legal leg to stand on here in demanding that reporters refrain from writing about the extent of SPE’s hacking in great detail. But Volokh includes some useful caveats to this conclusion (and exceptions to those exceptions), notably:

“Some particular publications of specific information in the Sony material might lead to a successful lawsuit,” Volokh writes. “First, disclosure of facts about particular people that are seen as highly private (e.g., medical or sexual information) and not newsworthy might be actionable under the ‘disclosure of private facts’ tort.”

Volokh observes that if a publication were to publish huge troves of data stolen from Sony, doing so might be seen as copyright infringement. “The bottom line is that publication of short quotes, or disclosure of the facts from e-mails without the use of the precise phrasing from the e-mail, would likely not be infringement — it would either be fair use or the lawful use of facts rather than of creative expression,” he writes.

Volokh concludes that Sony is unlikely to prevail — “either by eventually winning in court, or by scaring off prospective publishers — especially against the well-counseled, relatively deep-pocketed, and insured media organizations that it’s threatening,” he writes. “Maybe the law ought to be otherwise (or maybe not). But in any event this is my sense of the precedents as they actually are.”

This is actually the second time this month I’ve received threatening missives from entities representing Sony Pictures. On Dec. 5, I got an email from a company called Entura, which requested that I remove a link from my story that the firm said “allowed for the transmission and/or downloading of the Stolen Files.” That link was in fact not even a Sony document; it was a derivative work — a lengthy text file listing the directory tree of all the files stolen and leaked (at the time) from SPE. Needless to say, I did not remove that link or file.

Here is the full letter from SPE’s lawyers (PDF).

Sociological ImagesInequality in the Skies: Applying the Gini Index to Airplanes

I’m on a plane right now, flying from Sacramento back to Albany. And sitting here I’m reminded of how air travel itself reflects the growing inequality of society in a trivial, but suggestive, way.

Planes have always had first-class and passenger cabins, at least as far as I know. If the Titanic had this distinction, I’m guessing it was in place from the beginning of commercial aviation.

But for most of my adult life, planes — at least the ones I usually fly on, from one U.S. city to another — looked something like this:

1 (3) - Copy

Just roughing it out here, this means that 7% of the passengers used about 15% of the room, with the other 93% using 85% of the cabin space. Such a plane would have a Gini index of about 8. The Gini index is measure of inequality, a fancy statistical way of representing inequality in the income distribution of a country’s population. For reference, the U.S. Gini is about 48, and the global one is around 65.

Domestic airlines have pretty much moved to a three-tier system now, in which the traditional first-class seating is supplemented by “Economy Plus,” in which you get an extra three or four inches of legroom over the standard “Economy” seats. I, as usual, am crammed into what should really be called “Sardine Class” — where seats now commonly provide a pitch of 31”, a few inches down from what most planes had a decade ago.

In today’s standard U.S. domestic configuration, the 12% of people in first class use about 25% of the passenger space, the 51 people in Economy Plus use another 30%, leaving the sardines — the other 157 people — with 45%. That gives us a Gini index of about 16.

1 (3)

Transatlantic flights, however, are increasingly taking this in-the-air distinction to new heights. Take, for example, the below United configuration of the Boeing 777. It boasts seats that turn into beds on which one can lie fully horizontal. United calls this new section of bed-seats “BusinessFirst.”

1 (4) - Copy

Unsurprisingly, though, these air-beds take up even more space than a nice comfy first class seat. So if we look again at how the space is distributed, we now have 19% of the people using about 35% of the plane, 27% using another 25%, and the final 52% using the last 40%. The Gini index has now increased to 25.

It’s not often you see such a clear visual representation of our collective acceptance of the right of a small fraction of people to consume a very disproportionate percentage of resources. I wonder how much of the shift is actually driven by increased inequality, as opposed to improved capacity for price discrimination.

And it’s also worth noting that the plane above, while unequal relative to the old-fashioned three-rows-of-first-class-and-the-rest-economy layout, is still nowhere near the inequality of the U.S., or the world.

Elizabeth Popp Berman, PhD is an associate professor of sociology at the University at Albany.  She is the author of Creating the Market University: How Academic Science Became an Economic Engine and regularly blogs at OrgTheory, where this post originally appeared.

(View original at

CryptogramOver 700 Million People Taking Steps to Avoid NSA Surveillance

There's a new international survey on Internet security and trust, of "23,376 Internet users in 24 countries," including "Australia, Brazil, Canada, China, Egypt, France, Germany, Great Britain, Hong Kong, India, Indonesia, Italy, Japan, Kenya, Mexico, Nigeria, Pakistan, Poland, South Africa, South Korea, Sweden, Tunisia, Turkey and the United States." Amongst the findings, 60% of Internet users have heard of Edward Snowden, and 39% of those "have taken steps to protect their online privacy and security as a result of his revelations."

The press is mostly spinning this as evidence that Snowden has not had an effect: "merely 39%," "only 39%," and so on. (Note that these articles are completely misunderstanding the data. It's not 39% of people who are taking steps to protect their privacy post-Snowden, it's 39% of the 60% of Internet users -- which is not everybody -- who have heard of him. So it's much less than 39%.)

Even so, I disagree with the "Edward Snowden Revelations Not Having Much Impact on Internet Users" headline. He's having an enormous impact. I ran the actual numbers country by country, combining data on Internet penetration with data from this survey. Multiplying everything out, I calculate that 706 million people have changed their behavior on the Internet because of what the NSA and GCHQ are doing. (For example, 17% of Indonesians use the Internet, 64% of them have heard of Snowden and 62% of them have taken steps to protect their privacy, which equals 17 million people out of its total 250-million population.)

Note that the countries in this survey only cover 4.7 billion out of a total 7 billion world population. Taking the conservative estimates that 20% of the remaining population uses the Internet, 40% of them have heard of Snowden, and 25% of those have done something about it, that's an additional 46 million people around the world.

It's probably true that most of those people took steps that didn't make any appreciable difference against an NSA level of surveillance, and probably not even against the even more pervasive corporate variety of surveillance. It's probably even true that some of those people didn't take steps at all, and just wish they did or wish they knew what to do. But it is absolutely extraordinary that 750 million people are disturbed enough about their online privacy that they will represent to a survey taker that they did something about it.

Name another news story that has caused over ten percent of the world's population to change their behavior in the past year? Cory Doctorow is right: we have reached "peak indifference to surveillance." From now on, this issue is going to matter more and more, and policymakers around the world need to start paying attention.

Related: a recent Pew Research Internet Project survey on Americans' perceptions of privacy, commented on by Ben Wittes.

This essay previously appeared on Lawfare.

EDITED TO ADD (12/15): Reddit thread.

EDITED TO ADD (12/16): SlashDot thread.

Worse Than FailureWoulda...Coulda...Shoulda

Have you ever done something that seemed like a good idea at the time? Then looked back upon it much later and had second and third thoughts about the wisdom of what you had done?

A long time ago, Jack worked for a company that had built a goods-declarations system for freight-forwarders so that they could get the blessing of the government to import/export their goods.

Those were the days when DOS was the latest and greatest thing available for anyone who wanted quick development turnaround time. No big-iron, with all their rules, regulations and procedures for these guys. They needed their software written to their specifications to solve their problem in short order.

To this end, they had built a framework around the features available in DOS. One particular item in their framework was a "text box" into which one could type, ahem, text. Of course, like everything else in computer science, there was a practical limit on how big things could be. Since the screen was pretty full, the biggest number you could enter into this particular field was 99,999.99 (mostly as a limit of the maximum number of characters you could fit on a monitor).

Now this may have been fine and dandy for schooners and other such sailing ships. But, as ships got bigger, they could carry far more freight. The shippers made repeated requests to enlarge the input-field to enable them to enter bigger numbers.

Of course, this would involve several significant efforts:

  • Make the text box scroll so that bigger numbers could be entered
  • Change the size of the quantity field in the data file(s) to handle bigger numbers

The initial response back to the shippers was No; you can split that shipment of goods into multiple lots, and do separate customs-clearances for each lot.

After a while, the shippers got tired of doing multiple copies of the all of the customs paperwork for every shipment and insisted demanded that they be allowed to enter bigger numbers.

Rather than just do the work to allow bigger numbers to be entered, the managers came up with a scheme to enable bigger numbers to be represented in the same number of digits; they would create new units of measurement:

   1000 KGM = 1KK (Kilograms)
   1000 LTR = 1KL (Liters)
   1000 MTR = 1KM (Meters)
   1000 UNT = 1KU (Units)
   1000 PKG = 1KP (Packages)
   ...and so on

A convenient side effect of this was that since the names of all of the new units were exactly 3 characters long, they fit into the existing database units column.

The management proudly displayed their new capability to their customers, who promptly inquired WTF?!, which led to all sorts of time-consuming training to get them used to the new home-grown unit systems.

Once the shippers got used to it, things settled down. Until...

By multiplying everything by 1,000, some accuracy was lost as the numbers got bigger. For example, for a client to enter 12,345,675 litres of fuel, they had to enter 12,345.68 and change the units to 1KL. Naturally, the shippers were concerned about the extra 5 litres of fuel that were just added. It's a big ship; no one will worry about it! But then we'll need to pay duty on those extra 5 litres. In that case, do two customs entries, one for 12,345.67 x 1KL and one for 5 x LTR.

Again, the customers groaned about having to do multiple sets of paperwork.

But the customers didn't have the worst of it. The developers needed to write routines to convert those new units back to the real numbers before displaying them in reports.

Thus, after the countless hours wasted writing thousands of lines of code to handle custom units and convert back to normal units for reports, it would have been far more efficient time-wise, and substantially less effort to just make the original text box scroll and enlarge the field in the data files.

But it seemed like a good idea at the time.


Photo credit: trekkyandy / Foter / CC BY-SA

[Advertisement] Release! is a light card game about software and the people who make it. Order the massive, 338-card Kickstarter Edition (which includes The Daily Wtf Anti-patterns expansion) for only $27, shipped!

Planet DebianThomas Goirand: Supporting 3 init systems in OpenStack packages

tl;dr: Providing support for all 3 init systems (sysv-rc, Upstart and systemd) isn’t hard, and generating the init scripts / Upstart job / systemd using a template system is a lot easier than I previously thought.

As always, when writing this kind of blog post, I do expect that others will not like what I did. But that’s the point: give me your opinion in a constructive way (please be polite even if you don’t like what you see… I had too many times had to read harsh comments), and I’ll implement your ideas if I find it nice.

History of the implementation: how we came to the idea

I had no plan to do this. I don’t believe what I wrote can be generalized to all of the Debian archive. It’s just that I started doing things, and it made sense when I did it. Let me explain how it happened.

Since it’s clear that many, and especially the most advanced one, may have an opinion about which init system they prefer, and because I also support Ubuntu (at least Trusty), I though it was a good idea to support all the “main” init system: sysv-rc, Upstart and systemd. Though I have counted (for the sake of being exact in this blog) : OpenStack in Debian contains currently 64 init scripts to run daemons in total. That’s quite a lot. A way too much to just write them, all by hand. Though that’s what I was doing for the last years… until this the end of this last summer!

So, doing all by hand, I first started implementing Upstart. Its support was there only when building in Ubuntu (which isn’t the correct thing to do, this is now fixed, read further…). Then we thought about adding support for systemd. Gustavo Panizzo, one of the contributors in the OpenStack packages, started implementing it in Keystone (the auth server for OpenStack) for the Juno release which was released this October. He did that last summer, early enough so we didn’t expect anyone to use the Juno branch Keystone. After some experiments, we had kind of working. What he did was invoking “/etc/init.d/keystone start-systemd”, which was still using start-stop-daemon. Yes, that’s not perfect, and it’s better to use systemd foreground process handling, but at least, we had a unique place where to write the startup scripts, where we check the /etc/default for the logging configuration, configure the log file, and so on.

Then around in october, I took a step backward to see the whole picture with sysv-rc scripts, and saw the mess, with all the tiny, small difference between them. It became clear that I had to do something to make sure they were all the same, with the support for the same things (like which log system to use, where to store the PID, create /var/lib/project, /var/run/project and so on…).

Last, on this month of December, I was able to fix the remaining issues for systemd support, thanks to the awesome contribution of Mikael Cluseau on the Alioth OpenStack packaging list. Now, the systemd unit file is still invoking the init script, but it’s not using start-stop-daemon anymore, no PID file involved, and daemons are used as systemd foreground processes. Finally, daemons service files are also activated on installation (they were not previously).


So I took the simplistic approach to use always the same template for the sysv-rc switch/case, and the start and stop functions, happening it at the end of all debian/* scripts. I started to try to reduce the number of variables, and I was surprised of the result: only a very small part of the init scripts need to change from daemon to daemon. For example, for nova-api, here’s the init script (LSB header stripped-out):

DESC="OpenStack Compute API"

That is it: only 3 lines, defining only the name of the daemon, the name of the project it attaches (eg: nova, cinder, etc.), and a long description. There’s of course much more complicated init scripts (see the one for neutron-server in the Debian archive for example), but the vast majority only needs the above.

Here’s the sysv-rc init script template that I currently use:

# The content after this line comes from openstack-pkg-tools
# and has been automatically added to a script, which
# contains only the descriptive part for the daemon. Everything
# else is standardized as a single unique script.

# Author: Thomas Goirand <>

# PATH should only include /usr/* if it runs after the script

if [ -z "${DAEMON}" ] ; then
if [ -z "${SCRIPTNAME}" ] ; then
if [ -z "${SYSTEM_USER}" ] ; then
if [ -z "${SYSTEM_USER}" ] ; then
if [ "${SYSTEM_USER}" != "root" ] ; then
if [ -z "${CONFIG_FILE}" ] ; then

# Exit if the package is not installed
[ -x $DAEMON ] || exit 0

# If ran as root, create /var/lock/X, /var/run/X, /var/lib/X and /var/log/X as needed
if [ "x$USER" = "xroot" ] ; then
	for i in lock run log lib ; do
		mkdir -p /var/$i/${PROJECT_NAME}
		chown ${SYSTEM_USER} /var/$i/${PROJECT_NAME}

# This defines init_is_upstart which we use later on (+ more...)
. /lib/lsb/init-functions

# Manage log options: logfile and/or syslog, depending on user's choosing
[ -r /etc/default/openstack ] && . /etc/default/openstack
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
[ "x$USE_SYSLOG" = "xyes" ] && DAEMON_ARGS="$DAEMON_ARGS --use-syslog"
[ "x$USE_LOGFILE" != "xno" ] && DAEMON_ARGS="$DAEMON_ARGS --log-file=$LOGFILE"

do_start() {
	start-stop-daemon --start --quiet --background ${STARTDAEMON_CHUID} --make-pidfile --pidfile ${PIDFILE} --chdir /var/lib/${PROJECT_NAME} --startas $DAEMON \
			--test > /dev/null || return 1
	start-stop-daemon --start --quiet --background ${STARTDAEMON_CHUID} --make-pidfile --pidfile ${PIDFILE} --chdir /var/lib/${PROJECT_NAME} --startas $DAEMON \
			-- $DAEMON_ARGS || return 2

do_stop() {
	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE
	rm -f $PIDFILE
	return "$RETVAL"

do_systemd_start() {

case "$1" in
	init_is_upstart > /dev/null 2>&1 && exit 1
	log_daemon_msg "Starting $DESC" "$NAME"
	case $? in
		0|1) log_end_msg 0 ;;
		2) log_end_msg 1 ;;
	init_is_upstart > /dev/null 2>&1 && exit 0
	log_daemon_msg "Stopping $DESC" "$NAME"
	case $? in
		0|1) log_end_msg 0 ;;
		2) log_end_msg 1 ;;
	status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
	init_is_upstart > /dev/null 2>&1 && exit 1
	log_daemon_msg "Restarting $DESC" "$NAME"
	case $? in
		case $? in
			0) log_end_msg 0 ;;
			1) log_end_msg 1 ;; # Old process is still running
			*) log_end_msg 1 ;; # Failed to start
	*) log_end_msg 1 ;; # Failed to stop
	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload|systemd-start}" >&2
	exit 3

exit 0

Nothing particularly fancy here… You’ll noticed that it’s really OpenStack centric (see the LOGFILE and CONFIGFILE things…). You may have also noticed the call to “init_is_upstart” which is needed for upstart support. I’m not sure if it’s at the correct place in the init script. Should I put that on top of the script? Was I right with the exit values for it? Please send me your comments…

Then I thought about generalizing all of this. Because not only the sysv-rc scripts needed to be squared-up, but also Upstart. The approach here was to source the sysv-rc script in debian/*, and then generate the Upstart job accordingly, using the above 3 variables (or more as needed). Here, the fun is that, instead of taking the approach of calculating everything at runtime with the sysv-rc, for Upstart jobs, many things are calculated at build time. For each debian/* script that the debian/rules finds, pkgos-gen-upstart-job is called. Here’s pkgos-gen-upstart-job:


UPSTART_FILE=`echo ${INIT_TEMPLATE} | sed 's/'`

# Get the variables defined in the init template

## Find out what should go in After=
#SHOULD_START=`cat ${INIT_TEMPLATE} | grep "# Should-Start:" | sed 's/# Should-Start://'`
#if [ -n "${SHOULD_START}" ] ; then
#	AFTER="After="
#	for i in ${SHOULD_START} ; do
#		AFTER="${AFTER}${i}.service "
#	done

if [ -z "${DAEMON}" ] ; then
if [ -z "${SCRIPTNAME}" ] ; then
if [ -z "${SYSTEM_USER}" ] ; then
if [ -z "${SYSTEM_GROUP}" ] ; then
if [ "${SYSTEM_USER}" != "root" ] ; then
if [ -z "${CONFIG_FILE}" ] ; then

echo "description \"${DESC}\"
author \"Thomas Goirand <>\"

start on runlevel [2345]
stop on runlevel [!2345]

chdir /var/run

pre-start script
	for i in lock run log lib ; do
		mkdir -p /var/\$i/${PROJECT_NAME}
		chown ${SYSTEM_USER} /var/\$i/${PROJECT_NAME}
end script

	[ -x \"${DAEMON}\" ] || exit 0
	[ -r /etc/default/openstack ] && . /etc/default/openstack
	[ -r /etc/default/\$UPSTART_JOB ] && . /etc/default/\$UPSTART_JOB
	[ \"x\$USE_SYSLOG\" = \"xyes\" ] && DAEMON_ARGS=\"\$DAEMON_ARGS --use-syslog\"
	[ \"x\$USE_LOGFILE\" != \"xno\" ] && DAEMON_ARGS=\"\$DAEMON_ARGS --log-file=${LOGFILE}\"

	exec start-stop-daemon --start --chdir /var/lib/${PROJECT_NAME} \\
		${STARTDAEMON_CHUID} --make-pidfile --pidfile ${PIDFILE} \\
		--exec ${DAEMON} -- --config-file=${CONFIG_FILE} \${DAEMON_ARGS}
end script

The only thing which I don’t know how to do, is how to implement the Should-Start / Should-Stop in an Upstart job. Can anyone shoot me a mail and tell me the solution?

Then, I wanted to add support for systemd. Here, we cheated, since we only just called the sysv-rc script from the systemd unit, however, the systemd-start target uses exec, so the process stays in the foreground. It’s also much smaller than the Upstart thing. However, here, I could implement the “After” thing, corresponding to the Should-Start:


SERVICE_FILE=`echo ${INIT_TEMPLATE} | sed 's/'`

# Get the variables defined in the init template

if [ -z "${SCRIPTNAME}" ] ; then
if [ -z "${SYSTEM_USER}" ] ; then
if [ -z "${SYSTEM_GROUP}" ] ; then

# Find out what should go in After=
SHOULD_START=`cat ${INIT_TEMPLATE} | grep "# Should-Start:" | sed 's/# Should-Start://'`

if [ -n "${SHOULD_START}" ] ; then
	for i in ${SHOULD_START} ; do
		AFTER="${AFTER}${i}.service "

echo "[Unit]

ExecStartPre=/bin/mkdir -p /var/lock/${PROJECT_NAME} /var/log/${PROJECT_NAME} /var/lib/${PROJECT_NAME}
ExecStartPre=/bin/chown ${SYSTEM_USER}:${SYSTEM_GROUP} /var/lock/${PROJECT_NAME} /var/log/${PROJECT_NAME} /var/lib/${PROJECT_NAME}
ExecStart=${SCRIPTNAME} systemd-start


As you can see, it’s calling /etc/init.d/${SCRIPTNAME} sytemd-start, which isn’t great. I’d be happy to have comments from systemd user / maintainers on how to fix it to make it better.

Integrating in debian/rules

To integrate with the Debian package build system, we only need had to write this:

	# Create the init scripts from the template
	for i in `ls -1 debian/*` ; do \
		MYINIT=`echo $$i | sed s/` ; \
		cp $$i $$MYINIT.init ; \
		cat /usr/share/openstack-pkg-tools/init-script-template >>$$MYINIT.init ; \
		pkgos-gen-systemd-unit $$i ; \
	# If there's an file, use that one instead of the generated one
	for i in `ls -1 debian/*` ; do \
		MYPKG=`echo $$i | sed s/` ; \
		cp $$ $$MYPKG.upstart ; \
	# Generate the upstart job if there's no already existing
	for i in `ls debian/*` ; do \
		MYINIT=`echo $$i | sed s/` ; \
		if ! [ -e $$MYINIT ] ; then \
			pkgos-gen-upstart-job $$i ; \
		fi \
	dh_installinit --error-handler=true
	# Generate the systemd unit file
	# Note: because dh_systemd_enable is called by the
	# dh sequencer *before* dh_installinit, we have
	# to process it manually.
	for i in `ls debian/*` ; do \
		pkgos-gen-systemd-unit $$i ; \
		MYSERVICE=`echo $$i | sed 's/debian\///'` ; \
		MYSERVICE=`echo $$MYSERVICE | sed 's/'` ; \
		dh_systemd_enable $$MYSERVICE ; \

As you can see, it’s possible to use a debian/* and not use the templating system, in the more complicated case (I needed it mostly for neutron-server and neutron-plugin-openvswitch-agent).


I do not pretend that what I wrote in the openstack-pkg-tools is the ultimate solution. But I’m convince that it answers our own need as the OpenStack maintainers in Debian. There’s a lot of room for improvements (like implementing the Should-Start in Upstart jobs, or stop calling the sysv-rc script in the systemd units), but that this is a very good move that we did to use templates and generated scripts, as the init scripts are a way more easy to maintain now, in a much more unified way. As I’m not completely satisfied for the systemd and Upstart implementation, I’m sure that there’s already a huge improvements on the sysv-rc script maintainability.

Last and again: please send your comments and help improving the above! :)

Kelvin ThomsonMid-Year Economic Forecast

There are five points that ought to be made about Australia's deteriorating budget position. <o:p></o:p>

First, Joe Hockey and the Liberal Government must never be allowed to forget the standards they applied when the Labor Government's predictions of a Budget Surplus did not eventuate due to declining revenue. They insisted this was no excuse, and accused the Government of incompetence and worse – Joe Hockey talked about people going to jail over such matters. They said there would be no excuses.<o:p></o:p>

Second, the big end of town and their Liberal Party and media cheer squad will try to use the deteriorating Budget position to promote their ideological agenda of cutting back Government spending, jobs and services. No matter what the state of the economy they always advance this agenda. But Joe Hockey's Budget has damaged consumer confidence and contributed to the rising Budget Deficit and rising unemployment we now see. It was a shock, not a shock absorber. Austerity measures in Europe following the GFC made those economies worse. They didn't work there and they won't work here.<o:p></o:p>

Third, it is possible to balance the books without taking the axe to health, education, or pensions. The Liberal Government has chosen to greatly increase Australia's defence spending to 2 per cent of GDP. This is an arbitrary figure and an increase which will not make Australia a safer place. We could do much more to close tax breaks both offshore and onshore, which have increased substantially in recent years. We don't need to continue negative gearing, which costs taxpayers dearly and pushes up the cost of housing at the expense of young Australian homebuyers who can't afford to buy a home.<o:p></o:p>

Fourth, we have pursued policies for years now of globalisation and free trade which have promoted mining and damaged manufacturing. This was very short-sighted. For years I and others have pointed out that we should be doing more to spread the benefits of the mining boom, and that it was foolish to put all our eggs in the mining basket, and allow the dollar to rise and kill off manufacturing. Our economy has become too narrow, and we are way too vulnerable to things like a fall in commodity prices. The free trade fundamentalists have left us vulnerable and exposed.<o:p></o:p>
<o:p> </o:p>
Finally, we have lost interest in the current account deficit and the national debt. There was a time when the Liberal Party rolled out a "Debt Truck" to draw public attention to our trade imbalance and our overseas debt. But while the current account deficit and the overseas debt turned the Debt Truck into a metaphorical Road Train or Ocean Liner, they lost interest in this. Instead of encouraging household saving and investment by Australian owned companies or superannuation funds, they think foreign debt is not a problem provided it is turned into equity – selling off the farm. Again this is an incredibly short-sighted view and a recipe for Budget Deficits as far as the eye can see.

Google AdsenseAdSense now speaks Hindi

We're proud to announce that AdSense now supports Hindi, one of India's most widely spoken languages.

With over 500 million speakers around the world*, a wealth of quality Hindi content is available on the web.  We’re excited to launch AdSense Hindi language support today to help fuel even more quality content creation on the web, and to help advertisers connect with a rapidly growing online audience.

If you have a website in Hindi, you'll now be able to earn money by displaying Google AdSense ads on your website. To get started:
  1. Make sure your website is compliant with the AdSense program policies.
  2. Sign up for an AdSense account by enrolling your Hindi website.
  3. Once your AdSense account has been approved, simply add the AdSense code to start displaying relevant ads to your users.
ऐडसेंस कार्यक्रम में आपका स्वागत है!
Welcome to AdSense!

Posted by Emanuele Brandi, Product Sales Lead on behalf of the AdSense Internationalization Team

* Source: Encyclopedia Britannica
Was this blog post useful? Share your feedback with us.

Planet Linux AustraliaMichael Still: Ghost

ISBN: 9781416520870
Trigger warning, I suppose.

This like a Tom Clancy book, but with weirder sex, much of it non-consensual. Also, not as well thought through or as well researched or as believable. I couldn't bring myself to finish it.

Tags for this post: book john_ringo terrorism nuclear
Related posts: Citadel; Hell's Faire; Princess of Wands; East of the Sun, West of the Moon; Watch on the Rhine; Cally's War
Comment Recommend a book


Planet Linux AustraliaMichael Still: How are we going with Nova Kilo specs after our review day?

Time for another summary I think, because announcing the review day seems to have caused a rush of new specs to be filed (which wasn't really my intention, but hey). We did approve a fair few specs on the review day, so I think overall it was a success. Here's an updated summary of the state of play:



  • Expand support for volume filtering in the EC2 API: review 104450.
  • Implement tags for volumes and snapshots with the EC2 API: review 126553 (fast tracked, approved).


  • Actively hunt for orphan instances and remove them: review 137996 (abandoned); review 138627.
  • Check that a service isn't running before deleting it: review 131633.
  • Enable the nova metadata cache to be a shared resource to improve the hit rate: review 126705 (abandoned).
  • Implement a daemon version of rootwrap: review 105404.
  • Log request id mappings: review 132819 (fast tracked).
  • Monitor the health of hypervisor hosts: review 137768.
  • Remove the assumption that there is a single endpoint for services that nova talks to: review 132623.

Block Storage

  • Allow direct access to LVM volumes if supported by Cinder: review 127318.
  • Cache data from volumes on local disk: review 138292 (abandoned); review 138619.
  • Enhance iSCSI volume multipath support: review 134299.
  • Failover to alternative iSCSI portals on login failure: review 137468.
  • Give additional info in BDM when source type is "blank": review 140133.
  • Implement support for a DRBD driver for Cinder block device access: review 134153.
  • Refactor ISCSIDriver to support other iSCSI transports besides TCP: review 130721 (approved).
  • StorPool volume attachment support: review 115716.
  • Support Cinder Volume Multi-attach: review 139580 (approved).
  • Support iSCSI live migration for different iSCSI target: review 132323 (approved).


Containers Service


Hypervisor: Docker

Hypervisor: FreeBSD

  • Implement support for FreeBSD networking in nova-network: review 127827.

Hypervisor: Hyper-V

Hypervisor: Ironic

Hypervisor: VMWare

  • Add ephemeral disk support to the VMware driver: review 126527 (fast tracked, approved).
  • Add support for the HTML5 console: review 127283.
  • Allow Nova to access a VMWare image store over NFS: review 126866.
  • Enable administrators and tenants to take advantage of backend storage policies: review 126547 (fast tracked, approved).
  • Enable the mapping of raw cinder devices to instances: review 128697.
  • Implement vSAN support: review 128600 (fast tracked, approved).
  • Support multiple disks inside a single OVA file: review 128691.
  • Support the OVA image format: review 127054 (fast tracked, approved).

Hypervisor: libvirt

Instance features


  • A lock-free quota implementation: review 135296.
  • Automate the documentation of the virtual machine state transition graph: review 94835.
  • Fake Libvirt driver for simulating HW testing: review 139927 (abandoned).
  • Flatten Aggregate Metadata in the DB: review 134573 (abandoned).
  • Flatten Instance Metadata in the DB: review 134945 (abandoned).
  • Implement a new code coverage API extension: review 130855.
  • Move flavor data out of the system_metadata table in the SQL database: review 126620 (approved).
  • Move to polling for cinder operations: review 135367.
  • PCI test cases for third party CI: review 141270.
  • Transition Nova to using the Glance v2 API: review 84887.
  • Transition to using glanceclient instead of our own home grown wrapper: review 133485 (approved).


  • Enable lazy translations of strings: review 126717 (fast tracked).



  • Dynamically alter the interval nova polls components at based on load and expected time for an operation to complete: review 122705.


  • A nested quota driver API: review 129420.
  • Add a filter to take into account hypervisor type and version when scheduling: review 137714.
  • Add an IOPS weigher: review 127123 (approved, implemented); review 132614.
  • Add instance count on the hypervisor as a weight: review 127871 (abandoned).
  • Allow extra spec to match all values in a list by adding the ALL-IN operator: review 138698 (fast tracked, approved).
  • Allow limiting the flavors that can be scheduled on certain host aggregates: review 122530 (abandoned).
  • Allow the remove of servers from server groups: review 136487.
  • Convert get_available_resources to use an object instead of dict: review 133728 (abandoned).
  • Convert the resource tracker to objects: review 128964 (fast tracked, approved).
  • Create an object model to represent a request to boot an instance: review 127610 (approved).
  • Decouple services and compute nodes in the SQL database: review 126895 (approved).
  • Enable adding new scheduler hints to already booted instances: review 134746.
  • Fix the race conditions when migration with server-group: review 135527 (abandoned).
  • Implement resource objects in the resource tracker: review 127609.
  • Improve the ComputeCapabilities filter: review 133534.
  • Isolate Scheduler DB for Filters: review 138444.
  • Isolate the scheduler's use of the Nova SQL database: review 89893.
  • Let schedulers reuse filter and weigher objects: review 134506 (abandoned).
  • Move select_destinations() to using a request object: review 127612 (approved).
  • Persist scheduler hints: review 88983.
  • Refactor allocate_for_instance: review 141129.
  • Stop direct lookup for host aggregates in the Nova database: review 132065 (abandoned).
  • Stop direct lookup for instance groups in the Nova database: review 131553 (abandoned).
  • Support scheduling based on more image properties: review 138937.
  • Trusted computing support: review 133106.



  • Make key manager interface interoperable with Barbican: review 140144 (fast tracked, approved).
  • Provide a reference implementation for console proxies that uses TLS: review 126958 (fast tracked, approved).
  • Strongly validate the tenant and user for quota consuming requests with keystone: review 92507.

Service Groups


  • Add soft affinity support for server group: review 140017 (approved).

Tags for this post: openstack kilo blueprint spec nova
Related posts: Specs for Kilo; One week of Nova Kilo specifications; Compute Kilo specs are open; Specs for Kilo; Juno nova mid-cycle meetup summary: slots; Juno nova mid-cycle meetup summary: nova-network to Neutron migration


Planet Linux AustraliaMichael Still: Soft deleting instances and the reclaim_instance_interval in Nova

I got asked the other day how the reclaim_instance_interval in Nova works, so I thought I'd write it up here in case its useful to other people.

First off, there is a periodic task run the nova-compute process (or the computer manager as a developer would know it), which runs every reclaim_instance_interval seconds. It looks for instances in the SOFT_DELETED state which don't have any tasks running at the moment for the hypervisor node that nova-compute is running on.

For each instance it finds, it checks if the instance has been soft deleted for at least reclaim_instance_interval seconds. This has the side effect from my reading of the code that an instance needs to be deleted for at least reclaim_instance_Interval seconds before it will be removed from disk, but that the instance might be up to approximately twice that age (if it was deleted just as the periodic task ran, it would skip the next run and therefore not be deleted for two intervals).

Once these conditions are met, the instance is deleted from disk.

Tags for this post: openstack nova instance delete
Related posts: One week of Nova Kilo specifications; Specs for Kilo; Juno nova mid-cycle meetup summary: nova-network to Neutron migration; Juno Nova PTL Candidacy; Juno nova mid-cycle meetup summary: scheduler; Juno nova mid-cycle meetup summary: ironic


Geek FeminismYou Can’t Hurry Linkspam (14 December 2014)

  • Margaret Hamilton, lead software engineer, Project Apollo | Medium (December 8): Margaret Hamilton “was all of 31 when the Apollo 11 lunar module landed on the moon, running her code. (Apollo 11 was able to land at all only because she designed the software robustly enough to handle buffer overflows and cycle-stealing.)”
  • Pick Up Artist Simulator Web Game Is Surprisingly the Greatest Thing | The Mary Sue (December 12): “The game is a tongue-in-cheek look at how slimy and transparent these dumb tactics are and that some of them might get you f***ing maced—and you’d deserve it.”
  • On Interviewing as a Junior Dev | Liz Rush (December 8): “I wanted to share my interviewing and job hunting story with you along with what I’ve learned about good hiring. My peers and I have become a de facto curiosity as the first women to graduate Ada. While we all had different experiences interviewing for our first real dev roles, we are also a great subject to reflect on what it’s like to try to get a job as women, as alternative learners, as minorities, and as new talent.”
  • Women In Science Postcards | Etsy: Gift idea
  • Encyclopedia Frown | Slate (December 11): CW: Discussion of harassment “With the Arbitration Committee opting only to ban the one woman in the dispute despite her behavior being no worse than that of the men, it’s hard not to see this as a setback to Wikipedia’s efforts to rectify its massive gender gap.”
  • Walter Lewin, the art of teaching, and physics’ gender problem | Medium (December 10): “I suspect, though I cannot prove, that as soon as you decide that performance in your field is due mostly to some kind of innate ability, you stop respecting diversity in many ways. You stop respecting diversity of thought, because you’ve just picked one learning style and decided that it’s the only one worth teaching to. And I suspect — although, again, I cannot prove — that you stop respecting diversity of gender or race. After all, if success is all about some kind of innate ability, then there must be some reason why everyone who exhibits it looks the same.”
  • Solidarity against online harassment | Tor (December 12): “We do high-profile work, and over the past years, many of us have been the targets of online harassment. The current incidents come at a time when suspicion, slander, and threats are endemic to the online world. They create an environment where the malicious feel safe and the misguided feel justified in striking out online with a thousand blows. Under such attacks, many people have suffered — especially women who speak up online. Women who work on Tor are targeted, degraded, minimized and endure serious, frightening threats.
    This is the status quo for a large part of the internet. We will not accept it.”
  • How to Uphold White Supremacy by Focusing on Diversity and Inclusion | Model View Culture (December 10): “Liberalism as an ideology deems equal rights and equal treatment as a higher priority than  material justice, or as an effective means towards  it. Its presumptions of equality are false, as individualist equality may be written into law and policy while material inequality thrives. It effectively abstracts and obscures power dynamics along lines of race, class, and gender.”
  • Codes of Conduct: When Being Excellent is Not Enough | Model View Culture (December 10): “the most common argument from organizers who opposed codes of conduct ran something like this: since we are all professionals sharing mutual respect for one another, there is no need to add layers of bureaucracy to enforce standards that already exist informally.”
  • You Are What You Wear: The Dangerous Lessons Kids Learn From Sexist T-Shirts | Huff Post Women (December 3): “Even subtle messaging about girls’ and boys’ roles — in the media, in society and on clothing — affects the way kids see themselves.”
  • At a geek feminist meet-up in Ballarat | Elephant Woman (December 12): “the magic of the weekend wasn’t so much in the ideas as it was about the alchemy of the whole experience. Women coming together to talk about problems and coming up with solutions; women who identified as being feminists as well as being geeks of various kinds.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet DebianGregor Herrmann: GDAC 2014/14

I just got a couple of mails from the BTS. like almost every day, several times per day. now it made me realize how much I like the BTS, & how happy I am that it works so well & even gets new features. – thanks to the BTS maintainers for their continuous work!

this posting is part of GDAC (gregoa's debian advent calendar), a project to show the bright side of debian & why it's fun for me to contribute.

Planet DebianMario Lang: Data-binding MusicXML

My long-term free software project (Braille Music Compiler) just produced some offspring! xsdcxx-musicxml is now available on GitHub.

I used CodeSynthesis XSD to generate a rather complete object model for MusicXML 3.0 documents. Some of the classes needed a bit of manual adjustment, to make the client API really nice and tidy.

During the process, I have learnt (as is almost always the case when programming) quite a lot. I have to say, once you got the hang of it, CodeSynthesis XSD is really a very powerful tool. I definitely prefer having these 100k lines of code auto-generated from a XML Schema, instead of having to implement small parts of it by hand.

If you are into MusicXML for any reason, and you like C++, give this library a whirl. At least to me, it is what I was always looking for: Rather type-safe, with a quite self-explanatory API.

For added ease of integration, xsdcxx-musicxml is sub-project friendly. In other words, if your project uses CMake and Git, adding xsdcxx-musicxml as a subproject is as easy as using git submodule add and putting add_subdirectory(xsdcxx-musicxml) into your CMakeLists.txt.

Finally, if you want to see how this library can be put to use: The MusicXML export functionality of BMC is all in one C++ source file: musicxml.cpp.

Planet DebianGregor Herrmann: RC bugs 2014/49-50

it's getting harder to find "nice" RC bugs, due to the efforts of various bug hunters & the awesome auto-removal-from-testing feature. – anyway, here's the list of bugs I worked on in the last 2 weeks:

  • #766740 – gamera: "gamera FTBFS on arm64, testsuite failure."
    sponsor maintainer upload
  • #766773 – irssi-plugin-xmpp: "irssi-plugin-xmpp: /query <JID> fails with "Irssi: critical query_init: assertion 'query->name != NULL' failed""
    add some speculation to the bug report, request binNMU after submitter's confirmation, close this bug afterwards
  • #768127 – dhelp: "Fails to build the index when invalid UTF-8 is met"
    apply patch from Daniel Getz, upload to DELAYED/5
  • #770672 – src:gnome-packagekit: "gnome-packagekit: FTBFS without docbook: reference to entity "REFENTRY" for which no system identifier could be generated"
    provide information, ask for clarification, severity lowered by maintainer
  • #771496 – dpkg-cross: "overwrites user changes to configuration file /etc/dpkg-cross/cross-compile on upgrade (violates 10.7.3)"
    tag confirmed and add information, later downgraded by maintainer, then set back to RC by submitter …
  • #771500 – darcsweb: "darcsweb: postinst uses /usr/share/doc content (Policy 12.3): /usr/share/doc/darcsweb/examples/darcsweb.conf"
    install config sample into /usr/share/<package>, upload to DELAYED/5
  • #771501 – pygopherd: "pygopherd: postinst uses /usr/share/doc content (Policy 12.3): /usr/share/doc/pygopherd/examples/gophermap"
    sponsor NMU from Cameron Norman, upload to DELAYED/5
  • #771727 – fex: "fex: postinst uses /usr/share/doc content (Policy 12.3)"
    propose patch, installing config templates under /usr/share/<package>, upload to DELAYED/5 later, patch then integrated into maintainer upload
  • #772005 – libdevice-cdio-perl: "libdevice-cdio-perl: Debian patch causes Perl crashes in Device::Cdio::ISO9660::IFS's readdir: "Error in `/usr/bin/perl': realloc(): invalid next size: 0x0000000001f05850""
    reproduce the bug (pkg-perl)
  • #772159 – ruby-moneta: "ruby-moneta: leaves mysqld running after build"
    apply patch from Colin Watson, upload to DELAYED/2

Planet DebianEnrico Zini: html5-sse

HTML5 Server-sent events

I have a Django view that runs a slow script server-side, and streams the script output to Javascript. This is the bit of code that runs the script and turns the output into a stream of events:

def stream_output(proc):
    Take a subprocess.Popen object and generate its output, line by line,
    annotated with "stdout" or "stderr". At process termination it generates
    one last element: ("result", return_code) with the return code of the
    fds = [proc.stdout, proc.stderr]
    bufs = [b"", b""]
    types = ["stdout", "stderr"]
    # Set both pipes as non-blocking
    for fd in fds:
        fcntl.fcntl(fd, fcntl.F_SETFL, os.O_NONBLOCK)
    # Multiplex stdout and stderr with different prefixes
    while len(fds) > 0:
        s =, (), ())
        for fd in s[0]:
            idx = fds.index(fd)
            buf =
            if len(buf) == 0:
                if len(bufs[idx]) != 0:
                    yield types[idx], bufs.pop(idx)
                bufs[idx] += buf
                lines = bufs[idx].split(b"\n")
                bufs[idx] = lines.pop()
                for l in lines:
                    yield types[idx], l
    res = proc.wait()
    yield "result", res

I used to just serialize its output and stream it to JavaScript, then monitor onreadystatechange on the XMLHttpRequest object browser-side, but then it started failing on Chrome, which won't trigger onreadystatechange until something like a kilobyte of data has been received.

I didn't want to stream a kilobyte of padding just to work-around this, so it was time to try out Server-sent events. See also this.

This is the Django view that sends the events:

class HookRun(View):
    def get(self, request):
        proc = run_script(request)
        def make_events():
            for evtype, data in utils.stream_output(proc):
                if evtype == "result":
                    yield "event: {}\ndata: {}\n\n".format(evtype, data)
                    yield "event: {}\ndata: {}\n\n".format(evtype, data.decode("utf-8", "replace"))

        return http.StreamingHttpResponse(make_events(), content_type='text/event-stream')

    def dispatch(self, *args, **kwargs):
        return super().dispatch(*args, **kwargs)

And this is the template that renders it:

{% extends "base.html" %}
{% load i18n %}

{% block head_resources %}
<style type="text/css">
.out {
    font-family: monospace;
    padding: 0;
    margin: 0;
.stdout {}
.stderr { color: red; }
.result {}
.ok { color: green; }
.ko { color: red; }
{# Polyfill for IE, typical... #}
<script src="{{ STATIC_URL }}js/EventSource.js"></script>
<script type="text/javascript">
$(function() {
    // Manage spinners and other ajax-related feedback

    var out = $("#output");

    var event_source = new EventSource("{% url 'session_hookrun' name=name %}");
    event_source.addEventListener("open", function(e) {
      //console.log("EventSource open:", arguments);
    event_source.addEventListener("stdout", function(e) {
      out.append($("<p>").attr("class", "out stdout").text(;
    event_source.addEventListener("stderr", function(e) {
      out.append($("<p>").attr("class", "out stderr").text(;
    event_source.addEventListener("result", function(e) {
      if ( == 0)
          out.append($("<p>").attr("class", "result ok").text("{% trans 'Success' %}"));
          out.append($("<p>").attr("class", "result ko").text("{% trans 'Script failed with code' %} " +;
    event_source.addEventListener("error", function(e) {
      // There is an annoyance here: e does not contain any kind of error
      // message.
      out.append($("<p>").attr("class", "result ko").text("{% trans 'Error receiving script output from the server' %}"));
      console.error("EventSource error:", arguments);
{% endblock %}

{% block content %}

<h1>{% trans "Processing..." %}</h1>

<div id="output">

{% endblock %}

It's simple enough, it seems reasonably well supported besides needing a polyfill for IE and, astonishingly, it even works!

Planet DebianDaniel Leidert: Issues with Server4You vServer running Debian Stable (Wheezy)

I recently acquired a vServer hosted by Server4You and decided to install a Debian Wheezy image. Usually I boot any device in backup mode and first install a fresh Debian copy using debootstrap over the provided image, to have a clean system. In this case I did not and I came across a few glitches I want to talk about. So hopefully, if you are running the same system image, it saves you some time to figure out, why the h*ll some things don't work as expected :)

Cron jobs not running

I installed unattended-upgrades and adjusted all configuration files to enable unattended upgrades. But I never received any mail about an update although looking at the system, I saw updates waiting. I checked with

# run-parts --list /etc/cron.daily

and apt was not listed although /etc/cron.daily/apt was there. After spending some time to figure out, what was going on, I found the rather simple cause: Several scripts were missing the executable bit, thus did not run. So it seems, for whatever reason, the image authors have tempered with file permissions and of course, not by using dpkg-statoverride :( It was easy to fix the file permissions for everything beyond /etc/cron*, but that still leaves a very bad feeling, that there are more files that have been tempered with! I'm not speaking about customizations. That are easy to find using debsums. I'm speaking about file permissions and ownership.

Now there seems no easy way to either check for changed permissions or ownership. The only solution I found is to get a list of all installed packages on the system, install them into a chroot environment and get all permission and ownership information from this very fresh system. Then compare file permissions/ownership of the installed system with this list. Not fun.

init from testing / upstart on hold

Today I've discovered, that apt-get wanted to update the init package. Of course I was curious, why unattended-upgrades didn't yet already do so. Turns out, init is only in testing/unstable and essential there. I purged it, but apt-get keeps bugging me to update/install this package. I really began to wonder, what is going on here, because this is a plain stable system:

  • no sources listed for backports, volatile, multimedia etc.
  • sources listed for testing and unstable
  • only packages from stable/stable-updates installed
  • sets APT::Default-Release "stable";

First I checked with aptitude:

# aptitude why init
Unable to find a reason to install init.

Ok, so why:

# apt-get dist-upgrade -u
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/4674 B of archives.
After this operation, 29.7 kB of additional disk space will be used.
Do you want to continue [Y/n]?

JFTR: I see a stable system bugging me to install systemd for no obvious reason. The issue might be similar! I'm still investigating. (not reproducible anymore)

Now I tried to debug this:

# apt-get -o  Debug::pkgProblemResolver="true" dist-upgrade -u
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Starting
Starting 2
Investigating (0) upstart [ amd64 ] < 1.6.1-1 | 1.11-5 > ( admin )
Broken upstart:amd64 Conflicts on sysvinit [ amd64 ] < none -> 2.88dsf-41+deb7u1 | 2.88dsf-58 > ( admin )
Conflicts//Breaks against version 2.88dsf-58 for sysvinit but that is not InstVer, ignoring
Considering sysvinit:amd64 5102 as a solution to upstart:amd64 10102
Added sysvinit:amd64 to the remove list
Fixing upstart:amd64 via keep of sysvinit:amd64
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/4674 B of archives.
After this operation, 29.7 kB of additional disk space will be used.
Do you want to continue [Y/n]?

Eh, upstart?

# apt-cache policy upstart
Installed: 1.6.1-1
Candidate: 1.6.1-1
Version table:
1.11-5 0
500 testing/main amd64 Packages
500 sid/main amd64 Packages
*** 1.6.1-1 0
990 stable/main amd64 Packages
100 /var/lib/dpkg/status
# dpkg -l upstart
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
hi upstart 1.6.1-1 amd64 event-based init daemon

Ok, at least one package is at hold. This is another questionable customization, but in case easy to fix. But I still don't understand apt-get and the difference to aptitude behaviour? Can someone please enlighten me?

Customized files

This isn't really an issue, but just for completion: several files have been customized. debsums easily shows which ones:

# debsums -ac
I don't have the original list anymore - please check yourself

Planet Linux AustraliaAndrew McDonnell: Experiments with hardening OpenWRT: applying the grsecurity patches

A well known set of security enhancements to the Linux kernel is the grsecurity patch.  The grsecurity patch is a (large) patch that applies cleanly against selected supported stock Linux kernel versions. It brings with it PAX, which protects against various well known memory exploits, plus  a number of other hardening features including logging time and mount changes. In particular it enables features such as Non-executable stack (NX) on platforms that do not provide NX in hardware, such as MIPS devices and older x86.

OpenWRT hardening

OpenWRT is a widely adopted embedded / router Linux distribution. It would benefit greatly from including grsecurity, in particular given most MIPS platforms do not support NX protection in hardware. However for a long time the differences between the OpenWRT kernel and the kernel revisions that grsecurity is supported on have been significant and would likely have taken an extreme effort to get working, let alone get working securely.

This is a shame, because there is malware targeted at consumer embedded routers, and it must only be a matter of time before OpenWRT is targeted.  OpenWRT is widely regarded as relatively secure compared to many consumer devices, at least if configured properly,  but eventually some bug will allow a remote binary to be dropped. It would be helpful if the system can be hardened and stay one step ahead of things.

The OpenWRT development trunk (destined to become the next release, ‘Chaos Calmer’ in due course) has recently migrated most devices to the 3.14 kernel tree.  Serendipidously this aligns with the long term supported grsecurity revision 3.14.  When I noticed this I figured I’d take a look at whether it was feasible to deploy grsecurity with OpenWRT.

Applying grsecurity – patch

In late November I pulled the latest OpenWRT sources and the kernel version was 3.14.25, which I noticed matched the current grsecurity stable branch 3.14.25

The grsecurity patch applies cleanly against a stock kernel, and OpenWRT starts with a stock kernel and then applies a series of patches designed to extend hardware support to many obscure embedded things not present in the mainline kernel, along with patches that reduce the memory footprint. Some of the general patches are pushed upstream but may not yet have been accepted, and some could be backports from later kernels.  Examples of generic patches  include a simplified crash report.

Anyway, I had two choices, and tried them both: apply grsecurity, then the OpenWRT patches; or start with the OpenWRT patched kernel.  In both cases there were a number of rejects, but there seemed to be less when I applied grsecurity last. I also decided this would be easier for me to support for myself going forward, a decision later validated successfully.

OpenWRT kernel patches are stored in two locations; generic patches applying against any platform, then platform specific patches.  My work is tested against the Carambola2, an embedded MIPS board supported by the ‘ar71xx’ platform in OpenWRT, so for my case, there were ar71xx patches.

To make life easy I wrote a script that would take a directory of OpenWRT kernel patches, apply to a git kernel repository and auto-commit. This allowed me to use gitg and git difftool to examine things efficiently.  It also worked well with using an external kernel tree to OpenWRT so I didnt have to worry yet about integrating patches into OpenWRT. This script is on github, it should be easily adaptable for other experiments.

(Note: to use an external tree, managed by git, use config options like the following:


There were four primary rejects that required fixing.  This involved inspecting each case and working out what OpenWRT had changed in the way. Generally, this was caused because one or the other had modified the end of the same structure or macro, but luckily it turned out nothing significant and I was able to easily reconcile things. The hardest was because OpenWRT modifies vmstat.c for MIPS and the same code was modified by grsecurity to add extra memory protections.  At this point I attempted to build the system, and discovered three other minor cases that broke the build. These mispatches essentially were due to movements in one or two lines, or new code using internal kernel API modified by grsecurity, and were also easily repaired.  The most difficult mispatch to understand was where OpenWRT rewrites the kernel module loader code, apparently to make better use of MIPS memory structures and it took me a little while to understand how to try and fix things.

The end result is on github at

Applying grsecurity – OpenWRT quirks

One strange bug that had to be worked around was some new dependency in the kernel build process, where extra tools that grsecurity adds were not being built in the correct order with other kernel prerequisites.

In the end I had to patch how OpenWRT builds the kernel to perform an extra ‘make olddefconfig‘ to sort things out.

I also had to run ‘make kernel_menuconfig‘ and turn on grsecurity.

As the system built, I eventually hit another problem area: building packages. This was a bit of an ‘OH-NO’ moment as I thought it had the potential to become a big rabbit hole. Luckily as it turned out, only one package was affected in the end: compat-wireless.  This package builds some extra user space tools and wifi drivers, and used a macro, ACCESS_ONCE, that was changed by grsecurity to be more secure; and required use of a new macro to make everything work again, ACCESS_ONE_RW. There were rather a number of calls to this macro, but luckily it turned out to be fixable using sed!

Booting OpenWRT with grsecurity – modules not loading

I was able to then complete an INITRAMFS image that I TFTP’d into my carambola2 via uboot.

Amazingly the system booted and provided me with a prompt.

U-Boot 1.1.4-g33f82657-dirty (Sep 16 2013 - 16:09:28)

CARAMBOLA2 v1.0 (AR9331) U-boot


Starting kernel ...

[ 0.000000] Linux version 3.14.26-grsec (andrew@atlantis4) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r43591) ) #3 Sun Dec 14 18:08:52 ACDT 2014

I then discovered that no kernel modules were loading. A bit of digging and it turns out that a grsecurity option, CONFIG_GRKERNSEC_RANDSTRUCT  will auto-enable CONFIG_MODVERSIONS. One thing I learned at this point is that OpenWRT does not support CONFIG_MODVERSIONS=y, due to the way it packages modules with its packaging system. So an iteration later with the setting disabled, and everything appeared to be “working”

Testing OpenWRT with grsecurity

Of course, all this work is moot if we cant prove it works.

Easy to check is auditing. For example, we now had these messages:

[ 4.020833] grsec: mount of proc to /proc by /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper:0] uid/euid:0/0 gid/egid:0/0
[ 4.020833] grsec: mount of sysfs to /sys by /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper:0] uid/euid:0/0 gid/egid:0/0
[ 4.041666] grsec: mount of tmpfs to /dev by /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0, parent /[swapper:0] uid/euid:0/0 gid/egid:0/0

However, the acid test would be enforcement of the NX flag. Here I used the code from to test incorrect memory protections. Result:

[19111.666360] grsec: denied RWX mmap of &lt;anonymous mapping&gt; by /tmp/bad[bad:1497] uid/euid:0/0 gid/egid:0/0, parent /bin/busybox[ash:467] uid/euid:0/0 gid/egid:0/0
mmap failed: Operation not permitted


Revisiting Checksec, and tweaking PAX

In an earlier blog I wrote about experimenting with checksec.  Here I used it to double-check that the binaries were built with NX protection. MOst were, due to a patch I previously submitted to OpenWRT for MIPS. However, openssl was missing NX. It turns out that OpenSSL amongst everything else it has been discussed for this year, uses assembler in parts of the encryption code! I was able to fix this by adding the relevant linker ‘.note.GNU-stack‘ directive.

The PAX component can be tweaked using the paxctl command, so I had to build that with the OpenWRT toolchain to try it out. I discovered that it doesnt work for files on the JFFS2 partition, only in the ramdisk. Further to enable soft mode, you need to add a kernel boot command line argument. To do this for OpenWRT, edit a file called target/linux/$KERNEL_PLATFORM/generic/config-default where in my case, $KERNEL_PLATFORM is ar71xx

Moving Targets

Right in the middle of all this, OpenWRT bumped the kernel to 3.14.26. So I had to exercise a workflow in keeping the patch current.  As it happened the grsecuroty patch was also updated to 3.14.26 so I presume this made life easier.

After downloading the stock kernel and pulling the latest OpenWRT, I again re-created the patch series, then applied grsecurity 3.14.26.  The same four rejects were present again, so fingers crossed I cherry-picked all my work from 3.14.25 onto 3.14.26. As luck would have it this was one smooth rebase!

Recap of OpenWRT grsecurity caveats

  • CONFIG_GRKERNSEC_RANDSTRUCT is not compatible with the OpenWRT build system; using it will prevent modules loading
  • Some packages may need to be modified to support NX – generally, if these use assembly language and don’t use the proper linker directive.
  • For some reason paxctl only seems to work on files in /tmp not in the JFFS overlay. This is probably only a problem when debugging
  • Your experience with the debugger gdb will probably be sub-optimal unless you put the debug target on /tmp and use paxctl to mark it with exceptions


After concluding the above, I converted the change set from my local Linux working copy into a set of additional patches on OpenWRT and rebuilt everything to double check.

The branch ‘ar71xx-3.14.26-grsecurity’ in has all the work, along with some extra minor fixes I made to some other packages related to checksec scan results.

THIS MAY EXPLODE YOUR COMPUTER AND GET YOU POWNED! This has been working for me on one device with minimal testing and is just a proof of concept.

Cory DoctorowInterview with The Command Line podcast

I just appeared on the Command Line podcast (MP3) to talk about Information Doesn't Want to Be Free -- Thomas and I really had a wide-ranging and excellent conversation:

In this episode, I interview Cory Doctorow about his latest book, “Information Doesn’t Want to be Free: Laws for the Internet Age.” If you are interested in learning more about the topics we discuss and that that book covers, you can also check out books by the scholars we mention: Lawrence Lessig, James Boyle and William Patry. I compared Cory’s book to “The Indie Band Survival Guide” the authors of which are friends of the show whom I have also interviewed.

The audiobook version of the book is already available. Check Cory’s site, the free download and electronic editions should be available soon.

Rondam RamblingsTake it from me: all dogs go to heaven

Apparently garments are being rent (by journalists if not by pet owners) over the revelation that Pope Francis never said pets go to heaven.  Maybe the pope won't say it, but you can take it from me: if you should ever find yourself in heaven in the afterlife, I promise that your beloved fido will be there too.  So sleep soundly.

Krebs on SecuritySpamHaus, CloudFlare Attacker Pleads Guilty

A 17-year-old male from London, England pleaded guilty this week to carrying out a massive denial-of-service attack last year against anti-spam outfit SpamHaus and content delivery network CloudFlare, KrebsOnSecurity has learned.

narko-stophausIn late March 2013, a massive distributed denial-of-service (DDoS) attack hit the web site of SpamHaus, an organization that distributes a blacklist of spammers to email and network providers. When SpamHaus moved its servers behind CloudFlare, which specializes in blocking such attacks — the attackers pelted CloudFlare’s network. The New York Times called the combined assault the largest known DDoS attack ever on the Internet at the time; for its part, CloudFlare dubbed it “the attack that almost broke the Internet.”

In April 2013, an unnamed then-16-year-old male from London identified only by his hacker alias “Narko,” was arrested and charged with computer misuse and money laundering in connection with the attack.

Sources close to the investigation now tell KrebsOnSecurity that Narko has pleaded guilty to those charges, and that Narko’s real name is Sean Nolan McDonough. A spokesman for the U.K. National Crime Agency confirmed that a 17-year-old male from London had pleaded guilty to those charges on Dec. 10, but noted that “court reporting restrictions are in place in respect to a juvenile offender, [and] as a consequence the NCA will not be releasing further detail.”

During the assault on SpamHaus, Narko was listed as one of several moderators of the forum Stophaus[dot]com, a motley crew of hacktivists, spammers and bulletproof hosting providers who took credit for organizing the attack on SpamHaus and CloudFlare.


It is likely that McDonough/Narko was hired by someone else to conduct the attack. So, this seems as good a time as any to look deeper into who’s likely the founder and driving force behind the Stophaus movement itself. All signs point to an angry, failed spammer living in Florida who runs an organization that calls itself the Church of Common Good.

cocg-fbNot long after McDonough’s arrest, a new Facebook page went online called “Freenarko,” which listed itself as “a solidarity support group to help in the legal defense and media stability for ‘Narko,’ a 16-yr old brother in London who faces charges concerning the Spamhaus DDoS attack in March.”

Multiple posts on that page link to Stophaus propaganda, to the Facebook page for the Church of the Common Good, and to a now-defunct Web site called “” (an eye-opening and archived copy of the site as it existed in early 2013 is available at; for better or worse, the group’s Facebook page lives on).

The Church of Common Good lists as its leader a Gulfport, Fla. man named Andrew J. Stephens, whose LinkedIn page says he is a “media mercenary” at the same organization (hours after this story was posted, large chunks of text were deleted from Stephens’ profile; a PDF of the original profile is here).

Stephens’ CV lists a stint in 2012 as owner of an email marketing firm variously called Digital Dollars and IBT Inc, moneymaking schemes which Stephens describes as a “beginner to intermediate level guide to successful list marketing in today’s email environment. It incorporates the use of both white hat and some sketchy techniques you would find on black hat forums, but has avoided anything illegal or unethical…which you would also find on black hat forums.”

More recent entries in Andrew’s LinkedIn profile show that he now sees his current job as a “social engineer.” From his page:

“I am a what you may call a “Social Engineer” and have done work for several information security teams. My most recent operation was with a research team doing propaganda analysis for a media firm. I have a unique ability to access data that is typically inaccessible through social engineering and use this ability to gather data for research purposes. I have a knack for data mining and analysis, but was not formally trained so am able to think outside the box and accomplish goals traditional infosec students could not. I am proficient at strategic planning and vulnerability analysis and am often busy dissecting malware and tracking the criminals behind such software. There’s no real title for what I do, but I do it well I am told.”

Turns out, Andrew J. Stephens used to have his own Web site — Here, the indispensable helps out again with a cache of his site from back when it launched in 2011 (oddly enough, the same year that Stophaus claims to have been born). On his page, Mr. Stephens lists himself as an “internet entrepreneur” and his business as “IBT.” Under his “Featured Work” heading, he lists “The Stophaus Project,” “Blackhat Learning Center,” and a link to an spamming software tool called “Quick Send v.1.0.”

Stephens did not return requests for comment sent to his various contact addresses, although a combative individual who uses the Twitter handle @Stophaus and has been promoting the group’s campaign refused to answer direct questions about whether he was in fact Andrew J. Stephens.

Helpfully, the cached version of lists a contact email address at the top of the page: (“Stephensboy” is the short/informal name of the Andrew J. Stephens LinkedIn profile). A historic domain registration record lookup purchased from shows that same email address was used to register more than two dozen domains, including and Other domains and businesses registered by that email include (hyperlinked domains below link to versions of the site):

-“” (“BP” is a common abbreviation for “bulletproof hosting” services sold to -spammers and malware purveyors);
-“” (another spam software product produced and marketed by Stephens);
-“” (tools to scrub spam email lists of dummy or decoy addresses used by anti-spam companies);

The physical address on many of the original registration records for the site names listed above show an address for one Michelle Kellison. The incorporation records for the Church of Common Good filed with the Florida Secretary of State list a Michelle Kellison as the registered agent for that organization.

Andrew's Skype profile, where he uses another of his favorite nicknames, "eDataKing"

Andrew’s Skype profile, where he uses another of his favorite nicknames, “eDataKing”

Putting spammers and other bottom feeders in jail for DDoS attacks may be cathartic, but it certainly doesn’t solve the underlying problem: That the raw materials needed to launch attacks the size of the ones that hit SpamHaus and CloudFlare last year are plentiful and freely available online. As I noted in the penultimate chapter of my new book — Spam Nation (now a New York Times bestseller, thank you dear readers!), the bad news is that little has changed since these ultra-powerful attacks first surfaced more than a decade ago.

Rodney Joffe, senior vice president and senior technologist at Neustar –a security company that also helps clients weather huge online attacks — estimates that there are approximately 25 million misconfigured or antiquated home and business routers that can be abused in these digital sieges. From the book:

Most of these are home routers supplied by ISPs or misconfigured business routers, but a great many of the devices are at ISPs in developing countries or at Internet providers that see no economic upside to spending money for the greater good of the Internet.

“In almost all cases, it’s an option that’s configurable by the ISP, but you have to get the ISP to do it,” Joffe said. “Many of these ISPs are on very thin margins and have no interest in going through the process of protecting their end users— or the rest of the Internet’s users, for that matter.”

And therein lies the problem. Not long ago, if a spammer or hacker wanted to launch a massive Internet attack, he had to assemble a huge botnet that included legions of hacked PCs. These days, such an attacker need not build such a huge bot army. Armed with just a few hundred bot- infected PCs, Joffe said, attackers today can take down nearly any target on the Internet, thanks to the millions of misconfigured Internet routers that are ready to be conscripted into the attack at a moment’s notice.

“If the bad guys launch an attack, they might start off by abusing 20,000 of these misconfigured servers, and if the target is still up and online, they’ll increase it to 50,000,” Joffe said. “In most cases, they only need to go to 100,000 to take the bigger sites offline, but there are 25 million of these available.”

If you run a network of any appreciable size, have a look for your Internet addresses in the Open Resolver Project, which includes a searchable index of some 32 million poorly configured or outdated device addresses that can be abused to launch these very damaging large-scale attacks.

Planet DebianDirk Eddelbuettel: rfoaas

A new version of rfoaas is now on CRAN. The rfoaas package provides an interface for R to the most excellent FOAAS service -- which provides a modern, scalable and RESTful web service for the frequent need to tell someone to eff off.

The FOAAS backend gets updated in spurts, and yesterday a few pull requests were integrated, including one from yours truly. So with that it was time for an update to rfoaas. As the version number upstream did not change (bad, bad, practice) I appended the date the version number.

CRANberries also provides a diff to the previous release. Questions, comments etc should go to the GitHub issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


Planet Linux AustraliaDavid Rowe: FSK over FM

I’m interested in developing a VHF mode for FreeDV. One intriguing possibility is to connect a modem to legacy analog FM radios, which would allow them to be re-purposed for digital voice. One candidate is FSK at 1200 bit/s, which is often used over FM for APRS. This operates through FM radios using the mic/speaker ports on $50 HTs, no special data ports required.

So I want to know the performance of FSK over FM in terms of Bit Error Rate (BER) for a given SNR. That got me thinking. When you send FSK through a SSB radio, it faithfully mixes the tones up to RF and you get FSK over the channel. The SSB radio just adds a frequency translation step. So we can model FSK like this:

However sending a FSK modem signal through a FM radio is very different:

FSK over FM is not FSK when you look at the over the air waveform. The spectrum is no longer two tones bouncing back and forth. So what is it?

I wrote a simulation called fsk.m to find out. This involved building up a FSK modem, and an analog FM radio simulation. The modem took me only a few hours but I was struggling with the analog FM simulation for a week! In particular making my FM demodulator get the same results as the theory. FM is a bit old school for me, so I had to hit the ARRL handbook and do a bit of research.

FSK Modem

It’s a BEL202 simulation (as used for the APRS physical layer); 1200/2200 Hz tones, 1200 bit/s. I’m using the integrate and dump demodulation method and it matches the theoretical curves for non-coherent BFSK. Here is the FSK modem in action. First the FSK time domain signal and spectrum. The spectrum is a bunch of energy between 1200 and 2200 Hz. Makes sense as the modulator keeps moving back and forth between those two frequencies.

The next figure shows the sames signals with a 10dB SNR. Although the time domain signal looks bad, it actually has a BER one error in every 1000 bits (1E-3). The reason it looks so bad is that in the time domain we are seeing the noise from the entire bandwidth (our sample rate is Fs=96kHz). The demod effectively filters most of that out.

This next plot shows the output from the 1200 and 2200Hz integrators in the FSK demodulator for the 10dB SNR case. The height measures the energy of the tone during that bit period. As we would expect, they are mirror images. When one detects a large amount of energy, the other detects a small amount of the other tone.

Analog FM

The next step was to build a simulation of the modulator and demodulator in an analog FM radio. I wrote some code to test the input Carrier to Noise Ratio (CNR) versus output SNR. The test signal was a 1000 Hz tone, and the modulator had a maximum deviation of 5kHz, and a maximum input audio frequency of 3 kHz. After the demodulator I notched out the 1000 Hz tone so I could measure the noise power, the input to the notch filter was signal plus noise.

Here is the spectrum at the FM demodulator input for a 1000 Hz test tone:

The top plot is the tx signal centred on a 24 kHz carrier, in the bottom plot it has been mixed down to baseband and filtered. The FM signal is 16 kHz wide, as per Carsons rule. Here is the output of the FM demodulator:

At the top is a nice sine wave, and the bottom also shows the sine wave. You can see the effect of the output 3kHz low pass filter used to limit the noise bandwidth of the demod output.

When tested over a range of CNR inputs, I achieved output SNRs (red) in line with the text books (green):

At about 9dB the demodulator falls away from theory as the FM demodulator falls over, this is pretty typical. The theoretical model I have used is only valid above this 9dB threshold. You often hear this threshold effect in FM. The blue line is SSB for comparison. Over a certain threshold FM does quite a bit better in terms of output SNR for the same input CNR.

FSK over FM

OK so lets combine the simulations and look at the BER performance:

Oh dear. If my simulations are accurate, it appears FSK over FM is a lemon. About 7dB worse than regular FSK for the same BER. So using a FSK modem over a SSB radio would allow you to use 7dB less power than running the same modem through a FM radio. Coherent PSK is 3dB better again that FSK so that would get you a 10dB improvement. Simple FSK or PSK transmitters are easy to build too, and needing 7-10dB less output power would simplify them again (e.g. 100mW versus 1W).

Here is the spectrum at the FM demodulator input when sending FSK:

Note the FM spectrum looks nothing like regular FSK “over the air”, which looks like this:

So What went Wrong?

Given the plot of analog FM performance (say compared to SSB) above I had expected better results from FSK over FM.

I think I know where the problem lies. The input CNR is a measure of carrier power to noise power in the input bandwidth of the demodulator. Another way of looking at the VHF channel noise is a “floor”, which can be modelled as the average noise power per 1 Hz of bandwidth, called No.

So the Universe has given us a fixed “noise floor”, which will be the same for any modem. The FM demod input bandwidth is much wider, so it’s sucking up much more noise from the channel, which the poor demodulator has to deal with.

Lets plot the analog FM demod performance again, this time against C/No rather than C/N:

This takes into account the noise bandwidth, everything is “normalised” to the noise floor. When the C/No is beneath 48dB SSB looks much better. We can see a 7dB improvement over FM at low C/No values. This also explains why the microwave guys prefer SSB for their long shots.

Here is the BER curve scaled for C/No:


It appears the key to good modem performance is the RF bandwidth of the signal. Given a constant noise floor No, the signal bandwidth sets the total noise power N=NoB the demodulator has to deal with.

This has put me off the idea of a FreeDV VHF mode based on BEL202 FSK through legacy FM radios. I’d really like to come up with a mode that has sparkling BER versus SNR performance. I haven’t spent years making Codec 2 operate at low bit rates just to throw those gains away in the modem!

Couple of ways forward:

  • Take a look at GMSK.
  • Consider developing a version of the SM1000 into an (open source) VHF SDR radio that can do PSK. Not as crazy as it seems. We are already planning a HF SDR version. Radio hardware is getting simple now the signal processing is all moving to software. We can make the modem so efficient that the PA can be modest (100s of mW).
  • Dream up waveforms that can pass through legacy FM radios and have a low over-the air bandwidth. For example FSK that shifts between 300 and 400 Hz. In the past I’ve dreamed up new Codec 2 modes (1300 and 450 bit/s) to suit the properties of HF channels. So why not design a modem waveform to suit us? Go open source!
  • Cop the performance hit and use BEL202 FSK. It might still be useful to use legacy FM radios for DV even with a 7dB loss in modem performance. It seems to work fine for APRS. If your C/No is high (as is often the case) then FSK over FM will have zero errors.

Planet DebianGregor Herrmann: GDAC 2014/13

not sure if it it's me or debian but today was a quiet day. time to look back & see what has happened this year … & this brings up memories of this year's & earlier debconfs, with their pkg-perl BOFs & their outdoor hacklabs. – looking through these photos of past events makes me grateful, both to the tireless organizers of debconf, & to the people who can share a bench with me for hours :)

this posting is part of GDAC (gregoa's debian advent calendar), a project to show the bright side of debian & why it's fun for me to contribute.

Don MartiLook who's beating the advertising business at the BS game.

I read Bob Hoffman's blog, and, fine, I have to agree that advertising has a certain amount of bullshit in it. But the sad news is that old-fashioned brand bullshit is losing out to web-scale Big Data bullshit. Seriously, ad people, you're getting beat by a bunch of computer programmers. That's weak. Our idea of bullshitting is stuff like Look at the the ROI to the company if you buy me a faster computer! We're just tech people, no formal training in any of this stuff. We shouldn't be able to out-bullshit anybody. But I guess that as soon as you throw TECHNOLOGY and STATISTICS into the mix, ad people are all, whatever you say!

Bwah ha ha.

How about a simple example of the kind of thing that gets through?

I'll start a used car lot, and hire a statistician. She stands around with a clipboard and watches the people who walk in. 20% of the people kick at least one tire. Out of the tire-kickers, 10% end up buying a car. Out of the rest of the people, only 1% end up buying a car. So, out of every 1000 visitors:

20: kick a tire and buy a car.

180: kick a tire and don't buy a car.

8: don't kick a tire, buy a car anyway.

798: neither kick a tire nor buy a car.

What do I do with this information besides sell 28 cars? Maybe, not much. But let's say I need to hire my nephew. So he comes in to work and starts handing a live rat to everyone who kicks a tire. Now, half of the people who get a rat just run away.

100: kick a tire, get a rat, run away.

10: kick a tire, get a rat, buy a car.

90: kick a tire, get a rat, don't run away but don't buy a car.

8: don't kick a tire, buy a car anyway.

798: neither kick a tire nor buy a car.

Now, are the rats a good idea? If you want to go by common sense, probably not. I'm selling 18 cars instead of 28. But let's say the nephew and the statistician work together to justify the rats. The statistican can do multi-touch attribution on car sales. How does that work?

Simply speaking, channels that appear more often in converting paths than to no-converting paths receive a higher weight, which in turn allows them to claim more conversion credits and thus revenue.

By multi-touch attribution, the rat plan is a huge win. There are 18 converting paths and there's a rat on 10 of them.

So, did I convince you that we should be handing out rats to more customers? Probably not. But use real-world messy data, dress it up with a few more graphs and some more mathematical-sounding language, and make the rats digital? Hell yeah.

TEDA class of medical students thinks “upstream,” thanks to the gift of a book

Rishi Manchanda gives a talk in the TED office, about how doctors can think upstream to the real roots of illness. Photo: Ryan Lash/TED

Rishi Manchanda has a message for doctors: that the real roots of illness are often “upstream” from the exam room, in patients’ home and work lives. Photo: Ryan Lash/TED

Before Jackie Hodges arrived for orientation at Tufts University School of Medicine, she got a gift from her soon-to-be med school: a free download of the e-book The Upstream Doctors by Rishi Manchanda.

In this book, Manchanda — who has worked for a decade as a doctor in community clinics around South Central Los Angeles — offers a bold idea for healthcare practitioners.

Check out The Upstream Doctors.

Check out the book, The Upstream Doctors.

He asks doctors and nurses not just to treat the symptoms of illness that bring a patient to their exam room, but to look upstream toward the factors in their home, workplace and community that might be the root cause: factors like stress, poor housing, polluted air, poverty. 

This idea resonated for Hodges. “At the time, I was pretty anxious to start school,” she says. “I was nervous about how unfamiliar I was with all of the complicated, clinical aspects of the years of training ahead of me. Getting the book gave me a chance to step back and think about why I wanted to enter this field in the first place.” 

For the past four years, Tufts has sent new medical students a “common book” before they arrive on campus, designed to get them thinking over the summer and talking during orientation week. Jennifer Greer-Morrissey, the medical school’s Community Service Learning Coordinator, chose this year’s book along with a group of deans and faculty members.

“I saw Rishi speak at a conference last fall and he mentioned the book,” she says. “I knew that he was a [Tufts] alum, and he was on my radar because of the work he had done with Rx Democracy. [His book] sounded perfect for our common book program.”

“It’s of interest to people who want to do family medicine, and to people who want to be trauma surgeons,” she says. “It speaks to people in different specialties. People gravitated toward it because it dovetails so nicely with our school’s focus.”

Tufts has a long tradition of training doctors to engage with the community, says Alan Solomont, Dean of Tufts’ Tisch College of Citizenship and Public Service, which works closely with the medical school. In the 1960s, faculty members set up two of the first community health centers in the United States—one in Mound Bayou, Mississippi, and another in Boston, Massachusetts, where the school is based. Beginning with the class of 2014, the medical school has launched a Community Service Learning program that requires all students to do 50 hours of service with a community-based organization, or to create a community service project that inspires them.

Rishi Manchanda socializes with students after speaking on Tufts campus. Photo: Kelvin Ma/Tufts University

Rishi Manchanda socializes with students after speaking on Tufts campus, to a room filled with med students among others. Photo: Kelvin Ma/Tufts University

“We want to incorporate into the education of our future doctors an appreciation for their responsibilities to the community, to the nation, to the world,” says Solomont. “What Rishi talks about is the unfortunate reality that our healthcare system is not doing as good a job at treating both the needs of individual patients and the larger healthcare needs of communities.”

And that’s why The Upstream Doctors felt like a good choice: “The whole purpose of this program is to get students upstream — to get them into communities in a way that helps them understand more about social determinants of health,” says Greer-Morrissey. “There’s so much more to medicine than what students can learn in the lecture hall and lab.”

“Since the book came out,” says Manchanda, “I’ve learned that it has become ‘required reading’ in some university courses. I’m humbled and pleased to know that the idea is resonating,” he says. “But Tufts is my alma mater — it played such a formative role in my career — so the news was especially meaningful.” 

During orientation, new Tufts med students split into groups of 10 to talk about the ideas in The Upstream Doctors. Second-year student Emi Serrell led one of these discussion groups. “It made me feel excited about medical school,” she says. “The first two years of medical school are mostly about the chemical and biological aspects of medicine — we learn the human body inside and out. The Upstream Doctors made me appreciate that, in order to be successful in medicine, doctors have to understand patients as human — and not just biological beings.”

In October, Manchanda visited Tufts campus to speak, and, says Greer-Morrissey, the auditorium was packed with med students — as well as dental students, nutrition students and physician assistant students. After the lecture, says Manchanda, “Most of the questions that came my way from students were along the lines of, ‘I’m an upstreamist at heart. Do you have career advice to help me do this kind of work?’ “

“They reacted most to the stories,” he said. “Stories of frustration, of patients whose illnesses are direct results of unhealthy social and environmental conditions, and of weary providers, who feel like they have the tools or support they need. But they also engaged with stories of hope—of providers who made a difference when they redesigned their clinic systems.”

Rishi Manchanda gives a lecture to medical students at more at Tufts University. Photo: Kelvin Ma/Tufts University

Manchanda lectures to students about his idea at Tufts University. Photo: Kelvin Ma/Tufts University


Interested in reading more about the intersection of healthcare and community? Here, the Tufts University School of Medicine common books from the past three years:

TEDAs TEDWomen 2015 registration opens, a look at the top 15 TEDWomen talks

TEDWomen_mainThe only way to get things done—set your eyes on the goal, tilt forward, start running, and build momentum. That is the wisdom behind the theme for TEDWomen 2015: Momentum. TEDWomen 2015 will be held May 27-29, 2015, in Monterey, California, and will bring together a community of thinkers, doers and dreamers from around the world to hear talks on ideas that are creating ripples in our world.

Registration for TEDWomen 2015 has just opened. Thinking about applying? To get you in the spirit, browse the top 15 TEDWomen talks (so far), from mighty, fascinating women and men.

These talks are from people of all ages, from 13 to 76, with wildly different life experiences, working in many different fields. In fact, perhaps these speakers have just one thing in common— they offer a fresh, inspiring idea to TEDWomen’s warm and vibrant community.

  1. Maysoon Zayid: I got 99 problems … palsy is just one (5.6 million views)
  2. Sheryl Sandberg: Why we have too few women leaders (4.9 million views)
  3. Arianna Huffington: How to succeed? Get more sleep (2.8 million views)
  4. Diana Nyad: Never, ever give up (2.6 million views)
  5. iO Tillett Wright: Fifty shades of gay (2.0 million views)
  6. Hans Rosling: The magic washing machine (1.9 million views)
  7. Jane Fonda: Life’s third act (1.9 million views)
  8. Caroline Casey: Looking past limits (1.7 million views)
  9. Tony Porter: A call to men (1.6 million views)
  10. Sue Austin: Deep sea diving … in a wheelchair (1.6 million views)
  11. Rufus Griscom + Alisa Volkman: Let’s talk parenting taboos (1.6 million views)
  12. Sheryl Sandberg + Pat Mitchell: So we leaned in … now what? (1.6 million views
  13. Boyd Varty: What I learned from Nelson Mandela (1.3 million views)
  14. Amber Case: We are all cyborgs now (1.2 million views)
  15. Maya Penn: Meet a young entrepreneur, cartoonist, designer, activist (1.1 million views)

TED7 more ways to watch TED on your TV

TED's logo is live in Times Square, on a billboard for Google's Nexus Player. Photo: Ryan Lash/TED

TED’s logo is live in Times Square, on a billboard for Google’s Nexus Player. Photo: Ryan Lash/TED

The biggest billboard in Times Square right now belongs to Google, announcing the new Nexus Player. A hockey puck-size device, it runs Android TV, which plays movies, TV and music — as well as to games, apps and, ahem, TED Talks — on your television screen. Bonus: Because you can find TED Talks on Android TV, you can also see our name and logo pop up occasionally on this massive billboard in Times Square. Whoo!

Our Android TV app shows the full library of TED Talks — all 1,800+ of them, with subtitles — and offers a cool little feature: Watch Anything, which picks a great TED Talk for you at random. Or you can use voice search within the app to find a talk that interests you.

This reminded us: There are actually several ways to curl up in your living room with TED on TV, using gadgets you already own or might be asking for or giving during the holiday season. For those who’d rather go big and stay home, here are some options for your TED viewing pleasure.

Xbox One
On the Xbox One, you can play a TED Talk with a wave of your hand—you control our app with Kinect’s gesture recognition. (Voice commands work, too.) You have access to our library of talks, and you can also check out our playlists, like “How does my brain work?” and the new “Unsolved mysteries.”

Samsung Smart TV
You don’t need to plug in a new piece of hardware for Samsung Smart TV—it’s built in. And TED is one of the many apps on offer. Through Samsung Smart TV, you can watch our full library of talks, with subtitles, and veg out while absorbing ideas.

The Roku streaming player has an impressive variety of channels. Look for TED under the Science & Tech category—but do not fear, you can watch all of our talks on any topic you like.

Google Chromecast
The Chromecast dongle is handy and cheap—just $35. You plug it into an HD TV and control it with your smartphone, tablet or computer. TED just released Chromecast support too — so if you update your iOS or Android app, you can zap TED Talks from your device to your television and enjoy them there.

Apple TV
Similarly, for those who have Apple TV, you can zip a talk—or a playlist—from your iOS phone or tablet to your television screen using the AirPlay feature.

This is for our TED fans in Canada (hey guys, see you in Vancouver and Whistler for TED2015!). Tune in to TED Talks on demand through the Optik app. Enjoy.

Amazon Fire TV
Amazon’s streaming media player—which has big specs and connects to your Amazon account— has just started offering access to apps. You can expect TED to be among its offerings very soon. 

And of course, if you’re a Netflix user, you’re already tuned in to TED Talks on Netflix — curated collections of talks on topics like “Crime & Punishment” and “Space Trek.”

Coming soon: a few more gadget surprises. Stay tuned.



Sociological ImagesChart of the Week: Gender Segregation of Toys Is On the Rise

Some nice news has come out lately that the occasional toy store is taking the words boy and girl off of their aisle signs — mostly in Sweden, I say half-jokingly — but Google ngrams suggests that we’re nowhere near backing off of separating children’s toys by sex.

Sociologist Philip Cohen graphed the frequency of “toys for boys” and “toys for girls” relative to “toys for children.” This is just language, and it’s just American English, but it’s one indication that the consciousness raising efforts of organizations like Let Toys Be Toys is still on the margins of mainstream society.

As you can see from the graph, the extent to which children are actively talked about as gendered subjects varies over time.

One explanation for why companies resist androgynous toys and clothes for children — an arguably adults, too — has to do with money. If parents with a boy and a girl could get away with one set of toys, they wouldn’t need to buy a second. And if they could hand down clothes from girls to boys and vice versa, they would buy less clothes. The same could be said for borrowing and trading between family members and friends.

It would really cut into the profits of these companies if we believed that all items for children were interchangeable. They work hard to sustain the lie that they are not.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

Planet DebianKeith Packard: present-compositor

Present and Compositors

The current Present extension is pretty unfriendly to compositing managers, causing an extra frame of latency between the applications operation and the scanout buffer. Here's how I'm fixing that.

An extra frame of lag

When an application uses PresentPixmap, that operation is generally delayed until the next vblank interval. When using X without composting, this ensures that the operation will get started in the vblank interval, and, if the rendering operation is quick enough, you'll get the frame presented without any tearing.

When using a compositing manager, the operation is still delayed until the vblank interval. That means that the CopyArea and subsequent Damage event generation don't occur until the display has already started the next frame. The compositing manager receives the damage event and constructs a new frame, but it also wants to avoid tearing, so that frame won't get displayed immediately, instead it'll get delayed until the next frame, introducing the lag.

Copy now, complete later

While away from the keyboard this morning, I had a sudden idea -- what if we performed the CopyArea and generated Damage right when the PresentPixmap request was executed but delayed the PresentComplete event until vblank happened.

With the contents updated and damage delivered, the compositing manager can immediately start constructing a new scene for the upcoming frame. When that is complete, it can also use PresentPixmap (either directly or through OpenGL) to queue the screen update.

If it's fast enough, that will all happen before vblank and the application contents will actually appear at the desired time.

Now, at the appointed vblank time, the PresentComplete event will get delivered to the client, telling it that the operation has finished and that its contents are now on the screen. If the compositing manager was quick, this event won't even be a lie.

We'll be lying less often

Right now, the CopyArea, Damage and PresentComplete operations all happen after the vblank has passed. As the compositing manager delays the screen update until the next vblank, then every single PresentComplete event will have the wrong UST/MSC values in it.

With the CopyArea happening immediately, we've a pretty good chance that the compositing manager will get the application contents up on the screen at the target time. When this happens, the PresentComplete event will have the correct values in it.

How can we do better?

The only way to do better is to have the PresentComplete event generated when the compositing manager displays the frame. I've talked about how that should work, but it's a bit twisty, and will require changes in the compositing manager to report the association between their PresentPixmap request and the applications' PresentPixmap requests.

Where's the code

I've got a set of three patches, two of which restructure the existing code without changing any behavior and a final patch which adds this improvement. Comments and review are encouraged, as always!

git:// present-compositor

Planet Linux AustraliaAndrew Pollock: [life] Day 317: Doctor again, final Tumble Tastics, a good deed and general fun

Zoe slept solidly until 6:48am. It was overcast and cooler, so I dare say that helped. Uninterrupted sleep is always nice. We had a nice snuggle in bed before we started the day.

First up, we had another doctor's appointment so the doctor could have another go at freezing off the wart on her hand. Despite some initial uncertainty, Zoe was much braver this time, and the doctor got to really hit it this time. Zoe was very proud of herself.

After the obligatory Freddo Frog for bravery, we headed home via the Valley to clear my PO box.

After a little bit of TV, we scootered to Tumble Tastics for her final class.

Tumble Tastics has been really great for Zoe. Zoe's always enjoyed gymnastics, and has definitely enjoyed this. She was very fond of Mr Fletcher, her teacher (she seems to really like male teachers) and especially loved the rope swing they had in the classroom. I was personally impressed by the theme that they did each week, and their ability to keep the activities in the relatively small room fresh and varied each week. They use the limited space that they have quite effectively. The fact that it was an easy distance from home was a bonus.

On our way back home, we discovered a stray dog on the side of Hawthorne Road. I checked its collar, and it had a mobile phone number on it, so I gave it a call. It turned out the owner was down at the supermarket, and his wife was at home with a baby, so I offered to return the dog for him.

It was only about a 500 metre walk, but it was very back-breaking, as the dog was pretty dumb and wouldn't follow us, so I head to lead it by the collar all the way, which involved me having to walk bent over all the way. Zoe wanted to help, but he was a bit to big and heavy for her to lead.

He was an interesting cross-breed. He had the markings of a blue heeler, but the head and general body shape of a terrier of some sort.

Due to some ambiguous letterboxes, we ended up at the the wrong house (off by one) and this house had a black Siamese cat that emerged from a boat parked in the front yard when I knocked on the door. Of course the dog decided to chase off after the cat, and I thought all was lost at that point, but he came back after having chased the cat away.

We then proceeded to the right house, returned the dog and went home for a well earned lunch.

After lunch, we went for a walk in the rain to post a letter. Zoe had a great time puddle jumping in her rain boots. We also made an opportunistic Christmas present purchase, and then went home again.

We had an unplanned afternoon of silly play for a while, with lots of running around and tickles and laughter. It was nice. Our downstairs neighbour, Deana, popped up to hang out for a bit as well, which was nice.

Zoe watched a bit of TV after that, and then Sarah arrived to pick her up.


Planet DebianThorsten Glaser: WTF is Jessie; PA4 paper size

My personal APT repository now has a jessie suite – currently just a clone of the sid suite, but so, people can get on the correct “upgrade channel” already.

Besides that, the usual small updates to my metapackages, bugfixes, etc. – You might have noticed that it’s now on a (hopefully permanent) location. I’ve put a donated eee-pc from my father to good use and am now running a Debian system at home. (Fun, as I’m emeritus now, officially, and haven’t had one during my time as active uploading DD.) I’ve created a couple of cowbuilder chroots (pbuilderrc to achieve that included in the repo) and can build packages, but for i386 only (amd64 is still done on the x32 desktop at work), but, more importantly, I can build, sign and publish the repo, so it may grow. (popcon data is interesting. More than double the amount of machines I have installed that stuff on.)

Update: I’ve started writing a NEWS file and cobbled together an RSS 2.0 feed from that… still plaintext content, but at least signalling in feedreaders upon updates.

Installing gimp and inkscape, I’m asked for a default paper size by libpaper1. PA4 is still not an option, I wonder why. I also haven’t managed to get MirPorts GNU groff and Artifex Ghostscript to use that paper size, so the various PDF manpages I produce are still using DIN ISO A4, rendering e.g. Mexicans unable to print them. Help welcome.

Rondam RamblingsThe cure for ebola

Remember, you heard it here first, folks.  The cure for ebola is described in this paper, published in the World Journal of Critical Care Medicine last May. So why hasn't anybody noticed?  Well, for starters, it's not just a cure for ebola, but a host of other conditions that kill a lot more people than ebola, including septic shock.  That puts is squarely in the too-good-to-be-true category

Planet DebianDaniel Kahn Gillmor: a10n for l10n

The abbreviated title above means "Appreciation for Localization" :)

I wanted to say a word of thanks for the awesome work done by debian localization teams. I speak English, and my other language skills are weak. I'm lucky: most software I use is written by default in a language that I can already understand.

The debian localization teams do great work in making sure that packages in debian gets translated into many other languages, so that many more people around the world can take advantage of free software.

I was reminded of this work recently (again) with the great patches submitted to GnuPG and related packages. The changes were made by many different people, and coordinated with the debian GnuPG packaging team by David Prévot.

This work doesn't just help debian and its users. These localizations make their way back upstream to the original projects, which in turn are available to many other people.

If you use debian, and you speak a language other than english, and you want to give back to the community, please consider joining one of the localization teams. They are a great way to help out our project's top priorities: our users and free software.

Thank you to all the localizers!

(this post was inspired by gregoa's debian advent calendar. i won't be posting public words of thanks as frequently or as diligently as he does, any more than i'll be fixing the number of RC bugs that he fixes. This are just two of the ways that gregoa consistently leads the community by example. He's an inspiration, even if living up to his example is a daunting challenge.)

CryptogramFriday Squid Blogging: Recreational Squid Fishing in Washington State

There is year-round recreational squid fishing from the Strait of Juan de Fuca to south Puget Sound.

A nighttime sport that requires simple, inexpensive fishing tackle, squid fishing-or jigging-typically takes place on the many piers and docks throughout the Puget Sound region

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

CryptogramIncident Response Webinar on Thursday

On 12/18 I'll be part of a Co3 webinar where we examine incident-response trends of 2014 and look ahead to 2015. I tend not to do these, but this is an exception. Please sign up if you're interested.

Planet DebianGregor Herrmann: GDAC 2014/12

debian is again taking part in the OPW, & this afternoon I happened to read the backlog of the first weekly IRC meeting (in #debian-qa) between the mentors & the mentee for one of the projects. it was great to see that the participant's first patch is already merged & deployed, & that she closed her first bug report & is really getting into this debian world. – yay to great mentoring & increasing diversity!

this posting is part of GDAC (gregoa's debian advent calendar), a project to show the bright side of debian & why it's fun for me to contribute.

Krebs on Security‘Security by Antiquity’ Bricks Payment Terminals

Last week, several thousand credit card payment terminals at various retailers across the country suddenly stopped working, their LCD displays showing blank screens instead of numbers and letters. Puzzled merchants began to worry that this was perhaps part of some sophisticated hacker attack on their cash registers. It turns out that the incident was indeed security-related, but for once it had nothing to do with cyber thieves.

Hypercom L4250 payment terminal.

Hypercom L4250 payment terminal.

On Dec. 7, 2014, certain older model payment terminals made by Hypercom stopped working due to the expiration of a cryptographic certificate used in the devices, according to Scottsdale, Ariz.-based Equinox Payments, the company that owns the Hypercom brand.

“The security mechanism was triggered by the rollover of the date and not by any attack on or breach of the terminal,” said Stuart Taylor, vice president of payment solutions at Equinox. “The certificate was created in 2004 with a 10 year expiry date.”

Taylor said Equinox is now working with customers, distributors and channel partners to replace the certificate to return terminals to an operational state. The company is pointing affected customers who still need assistance to this certificate expiry help page.

“Many of these terminals have been successfully updated in the field,” Taylor said. “Unfortunately, a subset of them can’t be fixed in the field which means they’ll need to be sent to our repair facility.  We are working with our customers and distribution partners to track down where these terminals are and will provide whatever assistance we can to minimize any disruption as a result of this matter.”

According to two different merchants impacted by the incident that reached out to KrebsOnSecurity, the bricking of these payment terminals occurs only after the affected devices (in the 4x version of the terminals) are power-cycled or rebooted, which some merchants do daily.

Michael Rochette, vice president at Spencer Technologies, a Northborough, Mass.-based technology installation and support company, said his firm heard last week from an East Coast supermarket chain that opened for business on Monday morning only to find all of their payment terminals unresponsive. Rochette said that the supermarket chain and other retailers impacted by the incident across the country were immediately worried that the incident was part of a hacker attack on their payment infrastructure.

“Not all stores power cycle overnight, but for those that do, they came up all blank and inoperative,” Rochette said. “If that’s something that a retail chain does as a matter of policy across a whole chain of stores, that can be pretty damaging.”

One retailer that contacted KrebsOnSecurity but asked to remain anonymous said technicians at its locations had spent three days trying without success to restore the devices.

“I use two different generations of their terminals and have spent the last three days trying to understand completely why I had zero impact,” a reader from the retailer said. “Mass extinction of my POS devices at the manufacturer level was never on my list of scenarios that would wreck my day at retail.  It is now.”

While designing your products so that they fail after 10 years seems like a less than brilliant idea, this incident is a reminder of just how much of the payments infrastructure in the United States relies on rapidly aging technology.

According to Rochette, at least one of the affected Hypercom devices is no longer allowed to be used in retail installations after 2014, per sunset provisions set out by the PCI Council, an industry group that sets security standards for payment systems. Other Hypercom models affected by this incident are perfectly acceptable to use for years to come.

As for why Equinox failed to warn its customers of the impending meltdown of these payment terminals? Rochette posits that it might have something to do with Hypercom’s rocky corporate history.

“I’ve never seen this before where a particular product all crashed on the same day, and as far as I can tell there was no advance warning about this from Equinox,” Rochette said. “Over the last few years, they were Hypercom, then part of Equinox, then part of Verifone for a while, so I suspect there’s been a lot of turnover in personnel there, and frankly they just lost sight of the fact that they had a pretty important expiration date coming.”

Geek FeminismDigital Millenium Linkspam Act (12 December 2014)

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

CryptogramWho Might Control Your Telephone Metadata

Remember last winter when President Obama called for an end to the NSA's telephone metadata collection program? He didn't actually call for an end to it; he just wanted it moved from an NSA database to some commercial database. (I still think this is a bad idea, and that having the companies store it is worse than having the government store it.)

Anyway, the Director of National Intelligence solicited companies who might be interested and capable of storing all this data. Here's the list of companies that expressed interest. Note that Oracle is on the list -- the only company I've heard of. Also note that many of these companies are just intermediaries that register for all sorts of things.

Planet DebianJingjie Jiang: Week1

Down the rabbit hole

Starting from this week, my OPW period officially begins.
I am thankful and very grateful to this chance. One for the reason I can get an opportunity to contribute to a beneficial, working, meaningful, real-world software. The other seemingly reason is, I can learn much experience and design philosophy from my mentors zack and matthieu. :)

This week my fix is on, bug #763921. It’s basically making the folder page rendering providing more information, specifically the ls -l format. This offers information such as filetype, permission, size, etc.

I learned some new knowledge about “man 2 stat”, and also got more familiar(actually confident) with front end stuff, namely css.

I also get myself familiar with the python test (coverage). Next week, I will try to increase the test coverage a bit. Tests is an essential part of software. It ensures the correctness and robustness. And more importantly, by making tests, we can easily debug the software. The so called, 磨刀不误砍柴工。

The trello cards of next week is interesting. (in case you dunno the site, it’s here:

Let’s see it.

Sociological ImagesAgainst the Idea that Sex Selection is Culturally “Asian”

Flashback Friday.

New York Times article broke the story that a preference for boy children is leading to an unlikely preponderance of boy babies among Chinese-Americans and, to a lesser but still notable extent, Korean- and Indian-Americans.


Explaining the trend, Roberts writes:

In those families, if the first child was a girl, it was more likely that a second child would be a boy, according to recent studies of census data. If the first two children were girls, it was even more likely that a third child would be male.

Demographers say the statistical deviation among Asian-American families is significant, and they believe it reflects not only a preference for male children, but a growing tendency for these families to embrace sex-selection techniques, like in vitro fertilization and sperm sorting, or abortion.

The article explains the preference for boy children as cultural, as if Chinese, Indian, and Korean cultures, alone, expressed a desire to have at least one boy child.  Since white and black American births do not show an unlikely disproportion of boy children, the implication is that a preference for boys is not a cultural trait of the U.S.

Actually, it is.

In 1997 a Gallup poll found that 35% of people preferred a boy and 23% preferred a girl (the remainder had no preference). In 2007 another Gallup poll found that 37% of people preferred a boy, while 28% preferred a girl.

I bring up this data not to trivialize the preference for boys that we see in the U.S. and around the world, but to call into question the easy assumption that the data presented by the New York Times represents something uniquely “Asian.”

Instead of emphasizing the difference between “them” and “us,” it might be interesting to try to think why, given our similarities, we only see such a striking disproportionality in some groups.

Some of the explanation for this might be cultural (e.g., it might be more socially acceptable to take measures to ensure a boy-child among some groups), but some might also be institutional. Only economically privileged groups have the money to take advantage of sex selection technology (or even abortion, as that can be costly, too). Sex selection, the article explains, costs upwards of $15,000 or more. Perhaps not coincidentally, Chinese, Korean, and Indian Asians are among the more economically privileged minority groups in the U.S.

Instead of demonizing Asian people, and without suggesting that all groups have the same level of preference for boys, I propose a more interesting conversation: What enables some groups to act on a preference for boys, and not others?

Originally posted in 2009.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

Planet Linux AustraliaGlen Turner: USB product IDs for documentation - success


In a previous posting I reported a lack of success when enquiring of the USB Implementors' Forum if a Vendor ID had been reserved for documentation.

To recap my motivation, a Vendor ID -- or at least a range of Product IDs -- is desirable to:

  • Avoid defamation, such as using a real VID:PID to illustrate a "workaround", which carries the implication that the product is less-than-perfect. Furthermore, failing to check if a VID:PID has actually been used is "reckless defamation".

  • Avoid consumer law, such as using a real VID:PID to illustrate a a configuration for a video camera, when in fact the product is a mouse.

  • Avoid improper operation, as may occur if a user cuts-and-pastes an illustrative example and that effects a real device.

  • Avoid trademark infringment.

For these reasons other registries of numbers often reserve entries for documentation: DNS names, IPv4 addresses, IPv6 addresses.

Allocation of 256 Product IDs, thanks to OpenMoko

OpenMoko has been generous enough to reserve a range of Product IDs for use by documentation:

0x1d50:0x5200 through to 0x1d50:0x52ff

Note carefully that other Product IDs within Vendor ID 0x1d50 are allocated to actual physical USB devices. Only the Product IDs 0x1d50:0x5200 through to 0x1d50:0x52ff are reserved for use by documentation.

My deep thanks to OpenMoko and Harald Welte.

Application form

The application form submitted to OpenMoko read:

  • a name and short description of your usb device project

    Documentation concerning the configuration of USB buses and devices.

    For example, documentation showing configuration techniques for Linux's udev rules.

    The meaning of "documentation" shall not extend to actual configuration of a actual device. It is constrained to showing methods for configuration. If an VID:PID for an actual device is required then these can be obtained from elsewhere.

    OpenMoko will not assign these "Documentation PIDs" to any actual device, now or forever.

    Operating systems may refuse to accept devices with these "documentation VID:PIDs". Operating systems may refuse to accept configuration which uses these "documentation VID:PIDs".

  • the license under which you are releasing the hardware and/or software/firmware of the device

    The documentation may use any license. Restricting use to only free documentation is problematic: the definition of "free" for documents is controversial; and it would be better if the PID:VIDs were well known and widely used by all authors of technical documentation.

  • a link to the project website and/or source code repository, if any

    Nil, one can be created if this is felt to be necessary (eg, to publicise the allocation).

  • if you need multiple Product IDs, please indicate + explain this at the first message, rather than applying for a second ID later

    Approximately 10.

Worse Than FailureError'd: Good Help is Hard to Find

Daniel writes, "Looking for world class talent? won't be finding it here."


"Got this error message this morning after a fresh start up. It's Mozilla's crash reporter, but the details are secret," writes Dan.


I was looking for support for a crappy piece of kit that we use - so I searched for their forums. I was met with this," writes Lewis.


"When engineers were trying to diagnose a rare BSOD, they discovered that the bug check had shuffled off this mortal coil," wrote Matthew.


"Apparently Chrome is amazed by the Java update I was about to install," wrote Ruud B.


Collin wrote, "Local news station during the weather. The weatherman did well though, he announced that there was an error and they and he laughed and smiled until they went to commercial."


"I ordered a phone from the Verizon store a little while ago and noticed this on the order confirmation page. I recognized it as my home IP address," Nick writes, "Clicking the link did what you might expect - opened a new tab with the IP address as its address."


"I was trying to set up a Rails app on a VM and wanted to install the Mongo adapter and I got the wrong Mongo?" a puzzled Jordan R. wrote.


[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet DebianEvolvisForge blog: Tip of the day: don’t use –purge when cross-grading

A surprise to see my box booting up with the default GRUB 2.x menu, followed by “cannot find a working init”.

What happened?

Well, grub:i386 and grub:x32 are distinct packages, so APT helpfully decided to purge the GRUB config. OK. Manual boot menu entry editing later, re-adding “GRUB_DISABLE_SUBMENU=y” and “GRUB_CMDLINE_LINUX=”syscall.x32=y”” to /etc/default/grub, removing “quiet” again from GRUB_CMDLINE_LINUX_DEFAULT, and uncommenting “GRUB_TERMINAL=console”… and don’t forget to “sudo update-grub”. There. This should work.

On the plus side, nvidia-driver:i386 seems to work… but not with boinc-client:x32 (why, again? I swear, its GPU detection has been driving me nuts on >¾ of all systems I installed it on, already!).

On the minus side, I now have to figure out why…

tglase@tglase:~ $ sudo ifup -v tap1
Configuring interface tap1=tap1 (inet)
run-parts –exit-on-error –verbose /etc/network/if-pre-up.d
run-parts: executing /etc/network/if-pre-up.d/bridge
run-parts: executing /etc/network/if-pre-up.d/ethtool
ip addr add broadcast peer dev tap1 label tap1
Cannot find device “tap1″
Failed to bring up tap1.

… this happens. This used to work before the cktN kernels.

Planet DebianJoey Hess: a brainfuck monad

Inspired by "An ASM Monad", I've built a Haskell monad that produces brainfuck programs. The code for this monad is available on hackage, so cabal install brainfuck-monad.

Here's a simple program written using this monad. See if you can guess what it might do:

import Control.Monad.BrainFuck

demo :: String
demo = brainfuckConstants $ \constants -> do
        add 31
        forever constants $ do
                add 1

Here's the brainfuck code that demo generates: >+>++>+++>++++>+++++>++++++>+++++++>++++++++>++++++++++++++++++++++++++++++++<<<<<<<<[>>>>>>>>+.<<<<<<<<]

If you feed that into a brainfuck interpreter (I'm using hsbrainfuck for my testing), you'll find that it loops forever and prints out each character, starting with space (32), in ASCIIbetical order.

The implementation is quite similar to the ASM monad. The main differences are that it builds a String, and that the BrainFuck monad keeps track of the current position of the data pointer (as brainfuck lacks any sane way to manipulate its instruction pointer).

newtype BrainFuck a = BrainFuck (DataPointer -> ([Char], DataPointer, a))

type DataPointer = Integer

-- Gets the current address of the data pointer.
addr :: BrainFuck DataPointer
addr = BrainFuck $ \loc -> ([], loc, loc)

Having the data pointer address available allows writing some useful utility functions like this one, which uses the next (brainfuck opcode >) and prev (brainfuck opcode <) instructions.

-- Moves the data pointer to a specific address.
setAddr :: Integer -> BrainFuck ()
setAddr n = do
        a <- addr
        if a > n
                then prev >> setAddr n
                else if a < n
                        then next >> setAddr n
                        else return ()

Of course, brainfuck is a horrible language, designed to be nearly impossible to use. Here's the code to run a loop, but it's really hard to use this to build anything useful..

-- The loop is only entered if the byte at the data pointer is not zero.
-- On entry, the loop body is run, and then it loops when
-- the byte at the data pointer is not zero.
loopUnless0 :: BrainFuck () -> BrainFuck ()
loopUnless0 a = do

To tame brainfuck a bit, I decided to treat data addresses 0-8 as constants, which will contain the numbers 0-8. Otherwise, it's very hard to ensure that the data pointer is pointing at a nonzero number when you want to start a loop. (After all, brainfuck doesn't let you set data to some fixed value like 0 or 1!)

I wrote a little brainfuckConstants that runs a BrainFuck program with these constants set up at the beginning. It just generates the brainfuck code for a series of ASCII art fishes: >+>++>+++>++++>+++++>++++++>+++++++>++++++++>

With the fishes^Wconstants in place, it's possible to write a more useful loop. Notice how the data pointer location is saved at the beginning, and restored inside the loop body. This ensures that the provided BrainFuck action doesn't stomp on our constants.

-- Run an action in a loop, until it sets its data pointer to 0.
loop :: BrainFuck () -> BrainFuck ()
loop a = do
    here <- addr
    setAddr 1
    loopUnless0 $ do
        setAddr here

I haven't bothered to make sure that the constants are really constant, but that could be done. It would just need a Control.Monad.BrainFuck.Safe module, that uses a different monad, in which incr and decr and input don't do anything when the data pointer is pointing at a constant. Or, perhaps this could be statically checked at the type level, with type level naturals. It's Haskell, we can make it safer if we want to. ;)

So, not only does this BrainFuck monad allow writing brainfuck code using crazy haskell syntax, instead of crazy brainfuck syntax, but it allows doing some higher-level programming, building up a useful(!?) library of BrainFuck combinators and using them to generate brainfuck code you'd not want to try to write by hand.

Of course, the real point is that "monad" and "brainfuck" so obviously belonged together that it would have been a crime not to write this.

Planet DebianDirk Eddelbuettel: RProtoBuf 0.4.2

A new release 0.4.2 of RProtoBuf is now on CRAN. RProtoBuf provides R bindings for the Google Protocol Buffers ("Protobuf") data encoding library used and released by Google, and deployed as a language and operating-system agnostic protocol by numerous projects.

Murray and Jeroen did almost all of the heavy lifting. Many changes were triggered by two helpful referee reports, and we are slowly getting to the point where we will resubmit a much improved paper. Full details are below.

Changes in RProtoBuf version 0.4.2 (2014-12-10)

  • Address changes suggested by anonymous reviewers for our Journal of Statistical Software submission.

  • Make Descriptor and EnumDescriptor objects subsettable with "[[".

  • Add length() method for Descriptor objects.

  • Add names() method for Message, Descriptor, and EnumDescriptor objects.

  • Clarify order of returned list for descriptor objects in as.list documentation.

  • Correct the definition of as.list for EnumDescriptors to return a proper list instead of a named vector.

  • Update the default print methods to use cat() with fill=TRUE instead of show() to eliminate the confusing [1] since the classes in RProtoBuf are not vectorized.

  • Add support for serializing function, language, and environment objects by falling back to R's native serialization with serialize_pb and unserialize_pb to make it easy to serialize into a Protocol Buffer all of the more than 100 datasets which come with R.

  • Use normalizePath instead of creating a temporary file with file.create when getting absolute path names.

  • Add unit tests for all of the above.

CRANberries also provides a diff to the previous release. RProtoBuf page which has a draft package vignette, a a 'quick' overview vignette, and a unit test summary vignette. Questions, comments etc should go to the GitHub issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Kelvin ThomsonRegister of Foreign Land Ownership Delay

I am concerned that the Australian Government's Register of Foreign Land Ownership has been delayed. This is something Australian people tell me they want, and Australian Governments regularly promise, but which never seems to happen.<o:p></o:p>

Recently I visited Colac to discuss with Colac dairy farmers their concern at the prospect of foreign large scale purchases of dairy farms in South-West Victoria. The point they made to me was that if a foreign company buys Victorian farmland, brings in foreign workers to produce the milk, exports the product to foreign consumers, and the profits also go offshore, how do Victorian communities benefit? What kind of future does this provide for our young people?<o:p></o:p>

I have also raised in the Parliament the use of holding companies to disguise the real levels of foreign ownership. Until a proper Register is put into place, I doubt that we will know the real levels of foreign ownership of Australian land. <o:p></o:p>
<o:p> </o:p>
I am not opposed to foreign investment. But there is a world of difference between investment, where the investor shares the risks and rewards with local businesses and employees, and ownership, where Australia loses control over its own destiny. We need real transparency about foreign ownership of Australian land, and we need it sooner rather than later.


Kelvin ThomsonAppointment of Former Liberal and National MPs

Attorney General Senator Brandis has continued the Labor Government's tradition of appointing former Liberal and National Party MPs to government positions.<o:p></o:p>

Senator Brandis has appointed former Nationals MP Paul Neville to the National Film and Sound Archive Board, former Liberal Senator Gary Humphries as a Deputy President of the Administrative Appeals Tribunal, and former Liberal Minister Ian Campbell and former NSW Liberal leader Peter Collins to the Council of the National Maritime Museum.<o:p></o:p>

Senator Brandis has also appointed right-wing columnist Janet Albrechtsen to the council of the National Museum of Australia.<o:p></o:p>

Former Liberal and National MPs Bruce Baird, Brendan Nelson, Peter Costello, Warwick Smith, Margaret Reid, John Fahey, Ross Cameron, Chris Puplick, Russell Trood, Paul Calvert, Nick Minchin, Peter Rae, Trish Worth, Sandy McDonald and Alexander Downer received Government positions during the period of the Rudd and Gillard Governments.<o:p></o:p>

LongNow“Wanderers” Short Film Gives Glimpse of Our Possible Future in Space

<iframe allowfullscreen="" frameborder="0" height="234" src=";byline=0&amp;portrait=0&amp;badge=0&amp;color=ffffff" width="550"></iframe>

Wanderers“, a short film by director Erik Wernquist, depicts a not-so-far future in which humanity has expanded throughout the solar system. The film starts with a panorama of humans 10,000 years ago at the dawn of civilization, a key point of reference in Long Now’s own intellectual ecosystem.


There are two specific aspects that set the video apart: the carefully researched hard science behind each shot of the video and the generally optimistic depiction of the future. To make the video, director Erik Wernquist made composite shots from images from different space missions and then filled in the rest. This image gallery gives a breakdown of the sources and science behind each shot in the film.

The generally optimistic tone of the film is in contrast with much of contemporary science fiction, which as a general rule shows dystopian scenarios in our near future. The call for more optimistic visions of our future has become a major point of discussion in the science fiction community, with author (and Interval donor) Neil Stephenson launch of Project Hieroglyph, an initiative that challenges science fiction authors to imagine optimistic hard-science futures.

Planet DebianGregor Herrmann: GDAC 2014/11

is enthusiasm contagious? I think so. a recent example: another advent posting. – ¡gracias!

this posting is part of GDAC (gregoa's debian advent calendar), a project to show the bright side of debian & why it's fun for me to contribute.

CryptogramComments on the Sony Hack

I don't have a lot to say about the Sony hack, which seems to still be ongoing. I want to highlight a few points, though.

  1. At this point, the attacks seem to be a few hackers and not the North Korean government. (My guess is that it's not an insider, either.) That we live in the world where we aren't sure if any given cyberattack is the work of a foreign government or a couple of guys should be scary to us all.

  2. Sony is a company that hackers have loved to hate for years now. (Remember their rootkit from 2005?) We've learned previously that putting yourself in this position can be disastrous. (Remember HBGary.) We're learning that again.

  3. I don't see how Sony launching a DDoS attack against the attackers is going to help at all.

  4. The most sensitive information that's being leaked as a result of this attack isn't the unreleased movies, the executive emails, or the celebrity gossip. It's the minutiae from random employees:

    The most painful stuff in the Sony cache is a doctor shopping for Ritalin. It's an email about trying to get pregnant. It's shit-talking coworkers behind their backs, and people's credit card log-ins. It's literally thousands of Social Security numbers laid bare. It's even the harmless, mundane, trivial stuff that makes up any day's email load that suddenly feels ugly and raw out in the open, a digital Babadook brought to life by a scorched earth cyberattack.

    These people didn't have anything to hide. They aren't public figures. Their details aren't going to be news anywhere in the world. But their privacy has been violated, and there are literally thousands of personal tragedies unfolding right now as these people deal with their friends and relatives who have searched and read this stuff.

    These are people who did nothing wrong. They didn't click on phishing links, or use dumb passwords (or even if they did, they didn't cause this). They just showed up. They sent the same banal workplace emails you send every day, some personal, some not, some thoughtful, some dumb. Even if they didn't have the expectation of full privacy, at most they may have assumed that an IT creeper might flip through their inbox, or that it was being crunched in an NSA server somewhere. For better or worse, we've become inured to small, anonymous violations. What happened to Sony Pictures employees, though, is public. And it is total.

    Gizmodo got this 100% correct. And this is why privacy is so important for everyone.

I'm sure there'll be more information as this continues to unfold.

EDITED TO ADD (12/12): There are two comment threads on this post: Reddit and Hacker News.

Krebs on Security‘Poodle’ Bug Returns, Bites Big Bank Sites

Many of the nation’s top banks, investment firms and credit providers are vulnerable to a newly-discovered twist on a known security flaw that exposes Web site traffic to eavesdropping. The discovery has prompted renewed warnings from the U.S. Department of Homeland Security advising vulnerable Web site owners to address the flaw as quickly as possible.

chasepoodleIn mid-October, the world learned about “POODLE,” an innocuous acronym for a serious security flaw in a specific version (version 3.0) of Secure Sockets Layer (SSL), the technology that most commercial Web sites use to protect the privacy and security of communications with customers.

When you visit a site that begins with “https://” you can be sure that the data that gets transmitted between that site and your browser cannot be read by anyone else. That is, unless those sites are still allowing traffic over SSL 3.0, in which case an attacker could exploit the POODLE bug to decrypt and extract information from inside an encrypted transaction — including passwords, cookies and other data that can be used to impersonate the legitimate user.

On Dec. 8, researchers found that the POODLE flaw also extends to certain versions of a widely used SSL-like encryption standard known as TLS (short for Transport Layer Security).

“The impact of this problem is similar to that of POODLE, with the attack being slightly easier to execute,” wrote Ivan Ristic, director of engineering at security firm Qualys, which made available online a free scanning tool that evaluates Web sites for the presence of the POODLE vulnerability, among other problems. “The main target are browsers, because the attacker must inject malicious JavaScript to initiate the attack.”

A cursory review using Qualys’s SSL/TLS scanning tool indicates that the Web sites for some of the world’s largest financial institutions are vulnerable to the new POODLE bug, including Bank of AmericaChase.comCitibankHSBC, Suntrust — as well as retirement and investment giants and Vanguard (click links to see report). Dozens of sites offering consumer credit protection and other services run by Experian also are vulnerable, according to SSL Labs. Qualys estimates that about 10 percent of Web servers are vulnerable to the POODLE attack against TLS.

According to an advisory from the U.S. Computer Emergency Readiness Team (US-CERT), a partnership run in conjunction with the U.S. Department of Homeland Security, although there is currently no fix for the vulnerability SSL 3.0 itself, disabling SSL 3.0 support in Web applications is the most viable solution currently available. US-CERT notes that some of the same researchers who discovered the Poodle vulnerability also developed a fix for the TLS-related issues.

Until vulnerable sites patch the issue, there isn’t a lot that regular users can do to protect themselves from this bug, aside from exercising some restraint when faced with the desire to log in to banking and other sensitive sites over untrusted networks, such as public Wi-Fi hotspots.


Planet DebianEnrico Zini: ssl-protection

SSL "protection"

In my experience with my VPS, setting up pretty much any service exposed to the internet, even a simple thing to put a calendar in my phone requires an SSL certificate, which costs money, which needs to be given to some corporation or another.

When the only way to get protection from a threat is to give money to some big fish, I feel like I'm being forced to pay protection money.

I look forward to this.

Sociological ImagesScience News Fail: How NOT to Illustrate Your Story

Mainstream media outlets such as the Today ShowMarie Claire, and Huffington Post have been reporting on a new scientific study that claims “women talk more than men.” These media outlets report there’s new “biological evidence to support the idea that women are more talkative than men.”

Not quite! The results from the actual scientific study published in The Journal of Neuroscience have found the brain protein responsible for the difference between girls’ and boys’ language acquisition. The study is entitled, “Foxp2 Mediates Sex Difference in Ultrasonic Vocalization by Rat Pups and Directs Order of Maternal Retrieval.”

Admittedly, it doesn’t quite have the ring of “Women Talk More Than Men.” Additionally, the aforementioned media outlets have also been referencing (with no scientific citation) the statistic that on average women speak 20,000 words per day compared to the mere 7,000 words spoken my men. A study from 2007 published in the journal Science contradicts these findings. The researchers found that men and women actually speak about the same number of words per day.

But that didn’t stop Today from running this image from Getty Images to go along with their story: 2 The researchers do not mention anything about women talking more than men throughout the paper, but rather why girls tend to start speaking earlier and with greater complexity than boys of the same age. The researchers started to analyze the levels of Foxp2 protein in the brains of male and female rats. The protein levels were higher in males than females in brain areas associated with cognition, emotion, and vocalization and male rats made more noises. The researchers extended their findings to analyzing human brain tissue from girls and boys in a preliminary study of Foxpt2 protein. They found boys had lower levels of the Foxpt2 protein than girls in the brain region associated with language.

Therefore, the broader conclusion that can be drawn from this study is not that women talk more than men, but rather a possible origin as to why there are language differences between the sexes. The findings help to explain why girls may exhibit consistent advantages in early language acquisition and development compared to boys.

And the conclusion to be drawn from the media coverage is that our science news has a long way to go.

Mandi N. Barringer is a doctoral student in sociology at the University of Central Florida. Her primary areas of research include social inequalities, sexuality, and gender. Mandi is also the Research Coordinator for NeuroNet Learning, where this post originally appeared.

(View original at

Falkvinge - Pirate PartyThanks To All Heroes Of Freedom Who Have Kept The Pirate Bay Running


Civil Liberties – Christian Engström:The file-sharing site The Pirate Bay is down following a raid by Swedish Police. The organization Rights Alliance, previously named the Anti-Pirate Bureau and representing the giant movie and record corporations, is behind the raid. It’s a dark day for freedoms online.

“The raid on The Pirate Bay shows how law enforcement prioritize their resources. They’re guarding special interests. They are no longer taking the individual’s side against the system”, says Gustav Nipe, the chairman of Young Pirate Sweden.

The Pirate Bay have made themselves famous through more than ten years of existence as a guiding star on the Internet sky, against all odds, despite all attacks from the copyright industry. That’s made them into one of the most important symbols of freedom in our time, rightly celebrated worldwide.

But The Pirate Bay is also an important part of the fundamental infrastructure of the free internet, all in itself. Before it vanished from the net recently, it was ranked among the most-visited sites globally. If The Pirate Bay should disappear forever, it’s a given that other sites will fill the void over time. File-sharing cannot be stopped, it’s a global grassroots movement. But to make it work in practice, we need search engines like The Pirate Bay, capable of handling traffic from millions of people worldwide.

It’s possible the operators keeping The Pirate Bay alive have been far too skilled and dedicated in their work. Us ordinary users of the Internet have become complacent to the fact that The Pirate Bay is always there, always ready. We’ve come to take The Pirate Bay for something as granted as the sun rising in the east every morning, regardless of what Hollywood lawyers and what the governments and authorities who run the United States’ errands do. But it’s a far from trivial task to keep one of the world’s largest sites running. And it’s even harder when most of the work needs to be covert, to avoid attacks from those who seek to limit the free and open internet by any and all means necessary.

“A world without The Pirate Bay would be a poorer, duller, and worse off place”, according to Henrik Alexandersson. That’s the truth. The Pirate Bay has helped millions of people all over the world to find culture and knowledge they would otherwise have lost, and has helped countless creators to find an audience without having to sell their soul to the commercial distribution monopolies. It would be a tragedy if this cultural airhole would be lost.

Obviously, I hope that The Pirate Bay will soon be back online, as it always has before. It’s not called “the world’s most resilient bittorrent tracker” without reason. I’m deeply impressed by the technical labor by hundreds of volunteers through the years that have gone into making sure The Pirate Bay keeps running. So no matter what the future holds, I’d like to take this opportunity to express my deeply heartfelt thanks to everybody who has, in one way or another, helped keep The Pirate Bay running.

Thanks, all heroes of The Pirate Bay! You’ve already ensured your place in records of history, as good guys who stuck up for freedom in a time when it was under threat. Now, it’s up to all of us to make sure it’s not a story of a temporary blooming of freedom before it vanished for good. We must combine our efforts to make sure that the bigger story will be about how thousands of activists, on every scale, managed to defend the free and open Internet, and the free and open society.

Long live The Pirate Bay! The efforts continue! Sharing is Caring!

Translated without permission, as it should be, from original piece in Swedish. Photo: Simon “The Liberator” Bolivar by dbking/Flickr (CC-BY).

CryptogramNot Enough CISOs to Go Around

This article is reporting that the demand for Chief Information Security Officers far exceeds supply:

Sony and every other company that realizes the need for a strong, senior-level security officer are scrambling to find talent, said Kris Lovejoy, general manager of IBM's security service and former IBM chief security officer.

CISOs are "almost impossible to find these days," she said. "It's a bit like musical chairs; there's a finite number of CISOs and they tend to go from job to job in similar industries."

I'm not surprised, really. This is a tough job: never enough budget, and you're the one blamed when the inevitable attacks occur. And it's a tough skill set: enough technical ability to understand cybersecurity, and sufficient management skill to navigate senior management. I would never want a job like that in a million years.

Here's a tip: if you want to make your CISO happy, here's her holiday wish list.

"My first wish is for companies to thoroughly test software releases before release to customers...."

Can we get that gift wrapped?

Planet DebianRaphaël Hertzog: Freexian’s fourth report about Debian Long Term Support

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In November 42.5 work hours have been equally split among 3 paid contributors. Their reports are available:

  • Thorsten Alteholz did his share as usual.
  • Raphaël Hertzog worked 18 hours (catching up the remaining 4 hours of October).
  • Holger Levsen did his share but did not manage to catch up with the backlog of the previous months. As such, those unused work hours have been redispatched among other contributors for the month of December.

New paid contributors

Last month we mentioned the possibility to recruit more paid contributors to better share the work load and this has already happened: Ben Hutchings and Mike Gabriel join the list of paid contributors.

Ben, as a kernel maintainer, will obviously take care of releasing Linux security updates. We are glad to have him on board because backporting kernel fixes really need some skills that nobody else had within the team of paid contributors.

Evolution of the situation

Compared to last month, the number of paid work hours has almost not increased (we are at 45.7 hours per month) but we are in the process of adding a few more sponsors: Roche Diagnostics International AG, Misal-System, Bitfolk LTD. And we are still in contact with a couple of other companies which have announced their willingness to contribute but which are waiting the new fiscal year.

But even with those new sponsors, we still have some way to go to reach our minimal goal of funding the equivalent of a half-time position. So consider asking your company representative to join this project!

In terms of security updates waiting to be handled, the situation looks better than last month: the dla-needed.txt file lists 27 packages awaiting an update (6 less than last month), the list of open vulnerabilities in Squeeze shows about 58 affected packages in total. Like last month, we’re a bit behind in terms of CVE triaging and there are still many packages using SSLv3 where we have no clear plan (in response to the POODLE issues).

The good side is that even though the kernel update spent a large chunk of time to Holger and Raphaël, we still managed to further reduce the backlog of security issues.

Thanks to our sponsors

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Planet Linux AustraliaAndrew Pollock: [life] Day 316: Bike riding play date and picnic

Zoe woke up at around 1:30am. I think the fact that her nightlight had gotten unplugged didn't help matters, and despite fixing that up, she jumped into bed with me at 1:50am.

We had a slow start to the day, but that said, I did manage to bake a batch of mince pies and make pastry for a quiche before we headed out at 9:30am, so it wasn't an unproductive morning.

I'd organised with Kelley to have a bike riding play date with Chloe at the Minnippi Parklands. I figured that since Chloe can already ride a bike, it might encourage Zoe.

It was a pretty hot morning, and not a lot of attempted bike riding happened before Zoe had had enough. No major breakthroughs happened, but it was very handy having a second adult. I think I need to put Zoe's bike seat up, as she's grown a bit since she first started trying to learn.

After we gave up on the bikes, the girls went and played on the pretend aeroplane and air traffic control tower for the rest of the morning, and we watched a storm roll in.

By early afternoon, the storm was looking a bit ominous, and Kelley had to be back at school, so we dropped them back home, and Zoe played for a bit at Chloe's place before we headed home to get ready for swim class.

In the mean time, the storm hit and appeared to pass, so we drove to swim class, but there was still lightning around, so swim class was canceled.

We headed back home so I could finish making dinner. Zoe was pretty tired from the day's activities, so I'm hoping she has a good sleep tonight.

Worse Than FailureCodeSOD: Polynomial Optimization

Marlschlag falsch&Schlingen

Rayer S’s co-worker exploded into his cube, beaming. “I’ve just optimized our processing loop. I’ve gone from O(n2) to O(n)!”

“That’s amazing <script src="" type="text/javascript"></script>!” The processing loop in question was easily the most expensive part of the application, and Rayer had been spending too much time finding ways to squeeze a little performance out of it. “How did you do it?”

The original code looked something like this:

for(int i = 0; i < m; ++i) {
    for(int j = 0; j < n; ++j) {
    	process(target[i][j]); //this is really expensive

It was a fairly standard nested loop operation.

Radar pulled the new version from source control to see his co-worker’s genius.

for(int i = 0; i < m * n; ++i) {
    process(*((target*)(&target) + i)); 

Radar complimented his co-worker on his understanding of C++ pointers, but had some negative things to say about his understanding of basic arithmetic.

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!