Planet Russell

As for the race conditions, we had fantastic weather all week with temperatures up to the sixties and then all of a sudden a forecast of rain, snow and even sleet for the weekend. Luckily, and while yesterday was sucky, today was allright or better. A little chilly and damp, but neither rain nor snow --- or even wind. So the conditions were good, with the course challenging as usual.

The race itself went fine. I ran more or less steadily, never had to stop but was not particularly fast at 1:39:38 or a pace of 7:36.3. I had aimed for beating 1:40, had missed that target by miles 4 to 6 and was about 10 or 15 seconds behind but managed to get a negative split on the second half of the course to reach that goal. Which is nice, but the time is still the slowest I've ever run that race, and my slowest half-marathon since 2004.

Training had been sluggish all winter. Oddly enough, already in last year's post I stated pretty much the same and feared that Boston may become tough --- which it did. But this year may well be a lot worse as I had no spring in my step all winter long. No fire in the belly for training will make for a long race. We'll see how it goes. Four weeks to go.

Thanks to Olly Betts, libeatmydata now has Solaris support as of release-15. So for those of you living on Solaris and actually doing a real fsync() during your test runs… do not fret! Feedback much appreciated (even better in patch form).

I've started the transition of parted 2.2 to unstable. This is a major update needed for sensible support of newer hard disks with alignment requirements different from the archaic cylinder alignment tradition. I posted to debian-boot with a summary of the partman changes involved.

HAProxy is available as an addon module for pfSense 1.2.3. This makes it really easy to have pfSense control the gateway and load balancing. There are a couple of tricks to getting it all up and running.

Although everything looked good in the webgui HAProxy just wouldn't start. After logging in it seemed that there were 2 problems, firstly as mentioned in the forums the IP addresses must be an interface or CARP addresses not Virtual IPs for HAProxy to work and secondly the file descriptor limits have to be increased. To increase the file descriptor limits run the following commands from a shell on pfSense.

mount -o rw /dev/ufs/pfsense1  /
echo >> /etc/sysctl.conf
echo '# File descriptor limits for HAProxy' >> /etc/sysctl.conf
kern.maxfiles=2000011 >> /etc/sysctl.conf
kern.maxfilesperproc=2000011 >> /etc/sysctl.conf
sysctl kern.maxfiles=2000011
sysctl maxfilesperproc=2000011
mount -o ro /dev/ufs/pfsense1  /

The mount commands are only needed if running on embedded pfSense to make the CF card writeable while we make the changes then make it read only again once we are done. The echo commands add the new limits to /etc/sysctl.conf so the settings persist and the sysctl commands make them apply now.

I haven't tested to see if the file descriptor issue effects the non embedded version of pfSense, feel free to let me (and others know) via the comments.

Want to see a MEANINGFUL graphic, especially to those of us in Minneapolis and St. Paul right now? Flood Water Converging At St Paul. We're at 16.06 feet. Flood level is 14. And there's more water to come, when the Crow River, the Minnesota River, and the St. Croix all pass along their rising burdens to the Mississipi.

It's not just St. Paul, of course, and not just the Mississipi by any means. The region including Minnesota, North Dakota, and Manitoba has a history of some pretty impressive floods. As you may remember, Bob, the Red River and the Missouri River conspired to have some rather major flood action in 1997; I refer to the time Grand Forks burned, fell over, and sank into the swamp--OK, not exactly, but close.

Yup, I said "Manitoba." I live in a place where some rivers drain south to the Gulf of Mexico, and some drain north to Hudson's Bay. We've got the Mississippi and its tributaries including the Minnesota and Missouri and the St. Croix, and we've got la Rivière rouge, or the Red River -- which is often called the Red River of the North around here, to distinguish it from the Red River that flows into the Mississippi. (The MIssissipi is just called the Mississippi around here, even though there's a Mississippi River in Ontario.) And check out this excellent story with historical info and context, which mentions the facts that In 2009, flood level stayed above the official flood stage for 61 days, and that the Red River has reached flood stage for 18 consecutive years.

Meanwhile, back in St. Paul, folks are planning for the next few days, when the crest will reach us. It sounds like St. Paul is about as ready as we can get, according to the Pioness Press. There are various road closings and re-routes. Various fans of upcoming events, including Black Eyed Peas fans, might get their feet wet, but probably only if they do it on purpose by walking over to check out the flood zone and dipping a toe into it.

If you want to check out the flood zone without being in range of getting your feet wet, here: have a look at the live St. Paul floodcam.

Full transcript here.

Sorry for the inconvenience folks. I was annoyed by having to mark so many comments as spam, but the plugin interface was so klugy that I had no idea how to find the users who would contribute useful posts. So. Feel free to comment… Nao!

Have you been following news on the upcoming Microsoft operating system for Windows Mobile, the Windows Phone 7? Owners of the current popular HTC HD2 have been hoping that somehow their phones can be fully upgraded to Windows Phone 7.

Apparently, according to a post by the guys over at Engadget, it’s been confirmed by Microsoft that the HTC HD2 will not be upgradeable (at least officially) to Windows Phone 7. The reason is because the HTC HD2 is not compliant with the Windows 7 Phone series specifications.

That’s what they all say but wait til those ROM Chefs over at XDA developers forum have a hand on the operating system. Who knows I can even install the Android Operating System on my HTC Touch Pro 2 if I want to, thanks to those brilliant guys. I might even have the chance of installing Windows 7 Phone on my Touch Pro 2. At this stage though, I’m not too excited over it, especially looking at the interface. It’s just not my cup of tea. Hope it’ll be improved before it goes final.

Now with all these Google Nexus One, iPhones, BlackBerrys, and HTC phones around, I’m a bit worried with the other vendors. I’ve been a fan of Nokia phones in the past before all these hi-tech gadgets came along. Hope Nokia can make a new break through one day.

Dear New Yorkers,

I'm going to speak at Free Culture NYU about my current project, OpenHatch.

Please come out! To get there:

• 8 PM, Monday 3/22
• Kimmel 904 at NYU (map)
• More info

If you need help finding the place, call my cell phone. (Visit the freeculture.org contact page for that.)

Free network services – A discussion session led by Bradley Kuhn, Mako & Matt Lee : Libre.fm encouraged last.fm to write an API so they didn’t need to screen scrape; outcome of the network services story still unknown – netbooks without local productivity apps might now work, most users of network office apps are using them because of collaboration. We have a replacement for twitter – status.net, distributed system, but nothing like facebook [yet?]. Bradley says – like the original GNU problem, just start writing secure peer to peer network services to offer the things that are currently proprietary. There is perhaps a lack of an architectural vision for replacing these proprietary things: folk are asking how we will replace ‘the cloud’ aspects of facebook etc – tagging photos and other stuff around the web, while not using hosted-by-other-people-services. I stopped at this point to switch sessions – the rooms were not in sync session time wise.

Mentoring in free software – Leslie Hawthorne: Projector not working, so Leslie carried on a discussion carried on from the previous talk about the use of sexual themes in promoting projects/talk content and the like. This is almost certainly best covered by watching the video. A few themes from it though:

• for anyone considering joining a community, they are assessing whether that community is ‘people like us’ – and for many people, including both women *and* men, blatant sexuality, isn’t something that fits the ‘people like us’ assessment. Note that this is in addition to offensive and inappropriate aspects of the issue.
• respect is a key element here: respect your community, respect potential contributors, and don’t endorse (even silently) disrespectful behaviour
• Codes of conduct might be a good idea
• The lack of support in the community has for at least one project led to a complete loss of the women contributors to that project – and they are still largely lacking many years later.

We then got Leslies actual talk. Sadly I missed the start of it – I was outside organising security guards because we had (and boy it was ironic) a very loud, confrontational guy at the front who was replying to every statement and the tone in the room had gotten to the point that a fight was brewing.

From where I got back:

• Check your tone
• help people be productive in your community
• cultivate creativity
• know yourself
• do not get caught up in perfectionism
• communicate – both big stuff, but also just take the time to talk – how are you going, etc.
• Share your mistakes
• Guide don’t order
• Recognition = Retention
• Recognition = Delegation – its ok to let other people be responsible for stuff
• http://bit.ly/MentorGuide
• http://bit.ly/MentoringArticle

Chris Ball, Hanna Wallach, Erinn Clark and Denise Paolucci — Recruiting/retaining women in free software projects. Not a unique problem to women – things that make it better for women can also increase the recruitment and retention of men. Make a lack of diversity a bug; provide onramps – small easy bugs in the bug tracker (tagged as such), have a dedicated womens sub project – and permit [well behaved ] men in there – helps build connections into the rest of the project. Make it clear that mistakes are ok. On retention… recognise first patches, first commits in newsletters and the like. Call out big things or long wanted features – by the person that helped. Regular discussion of patches and fixes – rather than just the changelog. CMU did a study on undergrad women participation in CS : ‘Lack of confidence preceeds lack of interest/partipation’. Engagement with what they are doing is a key thing too. ‘Women are consistently undervaluing their worth to the free software community’. ‘Its the personal touch that seems to make a huge difference’. ‘More projects should do a code of conduct – kudos to Ubuntu for doing it’ — Chris Ball.

I found the mentoring and women-in-free-software talks to have extremely similar themes – which is perhaps confirmation or something – but it wasn’t surprising to me. They were both really good talks though!

And thats my coverage of LibrePlanet – I’m catching a plane after lunch . Its a good low-key conference, and well put together.

We haven’t done much work on keeping the continuous integration (CI) machines online, and there haven’t been any new builds since November of ‘09. I should set Nagios to remind us when things get off track or something. The recent acceptance of the DLR into Debian and our intention to get the next release produced has inspired me (and maybe others) to get things back up.

Ivan and I put a couple of Hudson instances up recently that you can reach via hudson-windows.colliertech.org and hudson-linux.colliertech.org. The linux instance is dropping new builds of IronRuby to http://dlrci.colliertech.org/ironruby/. I expect we can tweak the build script a bit and have it also produce IronPython builds. This would hypothetically drop the builds to http://dlrci.colliertech.org/ironpython/.

Ivan mentioned that we may get CNAME records which would activate the windows-builds.ironruby.net and linux-builds.ironruby.net hosts as well.

Note that these builds are being produced from the linux branch of git://github.com/casualjim/ironruby.git

Thanks for your work on this, Ivan!

According to the contents of my mailbox, Amazon appear to be cancelling pre-orders of "The Fuller Memorandum".

Do not panic if you have pre-ordered this book. It's still due for publication on July 1st (in the UK, from Orbit) or July 6th (US, from Ace). Amazon are just having one of their periodic database glitches, and re-setting the title to "unavailable" rather than "due out on July 1st". It does not imply the book has been cancelled, or that Amazon won't be selling it when it's published. You might want to re-order it elsewhere, or wait until May/June (by which time Amazon's database might have realized that the book is, in fact, going to come into stock at some forseeable date).

A Guest Post by Kosmo from The Casual Observer.

I am the founder and editor-in-chief of The Casual Observer, a site that has the goal of bringing an eclectic mix of fresh content to its readers every day.  We currently have ten authors contributing on a regular basis, with a handful of others writing an occasional article.  In a blogosphere dominated by niche-oriented, single author blogs, what makes The Casual Observer tick?

Why Multiple Authors?

When I started the site, I had no intention of involving multiple authors.  While I always intended for the site to contain an eclectic mix of content, I originally anticipated that I would write all the content.  The site took a slow turn toward being team written when a friend of mine mentioned that he was taking a trip to the 2009 Masters golf tournament.  I liked the idea of allowing the readers to see what goes on at Augusta, so I asked him to write a guest article.  I liked it so much that I asked him to come on board and write a weekly sports column.  This was in spite of the fact that I am a sports fanatic.  I liked what Johnny brought to the table in terms of writing talent, and his sports interests varied enough from mine to be complementary.

Over the course of the last year, I have approached other authors (or had them approach me) to write on various topics.  This has allowed me to move closer to my goal of provide diversity of content similar to that of a newspaper or magazine rather than the niche content that most blogs contain.  I knew from the start that this would be an uphill climb for readership, but my own varied interests made this more fun than a niche site.

Another reason for having multiple authors is the ability to produce more frequent content.  From day one, I have wanted to publish a new article every day, allowing readers to find a new edition of The Casual Observer at their virtual front door, much as they found the printed newspaper at their physical door.  With a full time job and two kids under the age of 3, this would be extremely difficult if I was the sole author.

How it Works

Very quickly, I laid out a document detailing the relationship between The Casual Observer and authors.  The basics were that the authors were considered independent contractors rather than employees (an important distinction in US tax law), that they retained copyright to their works, and that they should refrain from content that could be construed as defamation of character.

At the same time, I created a profit sharing agreement.  The gist of the profit sharing agreement is that after overhead costs (such as hosting) are deducted, advertising revenue would be shared proportionally, based on the number of articles an author wrote.

Am I putting the cart ahead of the horse by having a profit sharing agreement before there are actual profits?  My thought process was that it was better to have an agreement in place up front than to try to hammer one out three years down the road.  It’s much easier to get an agreement on how to split potential future income than actual current income.

Bumps in the Road

Has the path been smoothly paved and lined with fresh flowers?  Not always.  There are some problems that go along with multiple author blogs.

First and foremost, the other authors will miss deadlines.  It is a foregone conclusion that life events will sometimes prevent an author from getting an article submitted.  An author may even go on hiatus for a while when their life gets busier than usual.  When this happens, I try to put myself in the author’s shoes.  A non-paying writing gig is going to take a backseat at times.  It’s important to be able to fill these content voids when necessary.

Much more disturbing is the potential for plagiarism.  I was actually forced to sever the relationship with a former writer when I found evidence of plagiarism.  I was reviewing the current submission when I had a sudden case of déjà vu.  Where had I read this before?  Ah,yes.  CNN.  Multiple paragraphs had simply been copied and pasted.  A quick review of previous articles quickly found that they too had been copied from other sources.  At that point, I realized that I was probably a bit naïve to have complete trust in the honestly of my writers.  I now have a policy of randomly checking articles for originality – even when the author is a close friend.  I hate doing this, but it’s necessary to protect myself from copyright infringement claims.

What’s next?

I have been very pleased with the way The Casual Observer has progressed.  We currently have nearly 500 articles in our repository – ranging from sports to fiction to Middle East politics.  While I don’t anticipate a surge in the number of authors, I remain on the lookout for writers who could provide fresh content that would further enhance the reader’s enjoyment of the site.

Post from: Blog Tips at ProBlogger.

The Casual Observer: Anatomy of a Multi-Author Blog

Share This

One of the XP systems I look after had a trojan this month — looks like it came from a fake “UPS package” mail with a zipped attachment that got clicked on, then stuck its tendrils into the registry and all over the place, and started popping warnings about viruses and instructions on how to pay for a fix. After a couple of attempts at removing the infection and finding it just coming back, looks like a reinstall is going to be easier.

Of course, on a free operating system it’s at least theoretically reasonable to know what everything on the system is supposed to be doing, so it should be possible to fix that sort of problem. There’s been a bit of discussion this past month about the md5sums control files which goes some of the way to handling that for Debian — but of course, that assumes your md5sum files aren’t compromised along with the rest of your system.

Ultimately you want two things to cope with potential compromises like this — one is to detect them as early as possible, and the other is to work out what’s infected and what’s recoverable. Which basically means you need a description of how things should be and the ability to compare that to how things actually are.

In some respects, that’s difficult to do: “how a system should work” is hard to define, and tends to change over time — and often people don’t think their systems work as they “should” even when they’re freshly installed and completely uncompromised. But if you aim a little lower, you can at least get somewhere. You could say “my system should be built from the latest Debian testing packages” and verify that, for example. Or you could keep a running tally of packages installed and removed, and say “each entry in my running tally should say what happened and be dated and match my recollection, and the packages from that tally should be Debian packages, and the files on my system should match those packages”.

Knowing what packages you’re meant to have is probably the first challenge — maybe you’re running puppet or similar and have an easy answer to that, but if you just run apt-get and aptitude whenever you want something, it’s a bit harder to tell. Are you running an ircd because you thought one day it’d be a fun thing to do, or because some warez kiddies are using it to control their botnet?

Once you know you’re meant to be have, say, python-llvm installed, you need to know which version it’s meant to be. You could say “the last version I installed, of course” — except of course your only record of that might be on your compromised system. You might say “well, I follow testing, so the latest version in that”, except that there might have been an update to that package in testing while you were compromised, or you might have installed something from unstable or experimental (or backports, or compiled it from scratch). You certainly want to know the architecture, version number and whether it was from Ubuntu, Debian or somewhere else.

Going from that step to knowing what the contents of the package is meant to be is slightly harder. If you happen to know you’re looking for the current version of python-llvm in Debian testing, then you can establish a trusted path to verify what its contents should be by downloading test testing Release, Release.gpg and Packages.gz files which will give you a verified download of a deb file (assuming you trust gpg and sha256, which is reasonable for the moment at least).

If you’re running an outdated version of the package, you’ve got more problems. You could find the original .changes file uploaded with the package to verify it based on the developer’s signature — but that will only tell you that that developer built that package, not that it was uploaded to Debian, distributed far and wide, and installed on your machine. You could find the Release/Packages files that were current when you downloaded it, and verify them, but that’s something of a chore in and of itself. You could make a note of the name, version, location and sha256sum of every package you install and keep it somewhere secure, but that’s a chore too. The easiest solution I can think of is just to treat “outdated” as “potentially compromised”, and install the current version of the package anyway. (For locally generated packages, you should presumably be able to either find an uncompromised version to compare against easily enough, or you’ll have to rebuild it from scratch as part of your recovery anyway)

Once you’ve downloaded the deb file, it’s a relatively simple matter to verify the package is correctly unpacked; a good approximation is something like:

HASHES='python-llvm.hash'
CKSUM='md5sum'
DEB_PATH="/var/cache/apt/archives/python-llvm_0.5+svn85-1+b1_i386.deb"
TAR_CMD='printf "%s%s\n" "$($CKSUM - | sed s/-$//)" "${TAR_FILENAME#./}"'
export CKSUM
ar p "${DEB_PATH}" data.tar.gz | tar --to-command="$TAR_CMD" -xzf - > "$HASHES"
(cd / && $CKSUM -c) < "$HASHES"

(Caveats: assumes data.tar.gz, some debs have data.tar.bz2 instead; the extraction command above takes about 7m on my netbook (HP mini 2133) for the 420 or so debs that happen to be in my /var/cache/apt/archives (about 480MB worth); the above assumes that you have a trustworthy ar, GNU tar, gzip (or bzip2), md5sum (or sha1sum etc), and filesystem, as well as copy of the .deb; the above includes conffiles in /etc many of which will have be intentionally modified; some, but very few, .debs expect some of their distributed files outside /etc to be modified too)

You can skip the first command in that sequence if you use the md5sums files shipped with debs, but that comes with a few drawbacks, in that you're forced to rely on the md5sums files, which can be lost, not present, incomplete or, if you're using the local cache of the hashed files that dpkg keeps in /var/lib/dpkg/info, potentially compromised along with the rest of your system. The upside is there's an existing tool to verify them (debsums).

Personally, I'm now running a patched version of dpkg that generates its own .hashes files as packages are installed. That doesn't do anything about lost or compromised files, but it does ensure they're complete and at least initially present.

But even if all the files that are meant to be installed are exactly as they should be, that's not enough. You've also got to worry about extra files -- maybe your "ls" command isn't invoking "/bin/ls" but "/usr/local/bin/ls" which has been compromised. To some extent that's easy enough with tools like cruft, but there are quite a few places where extra files can screw you over.

Probably the hardest part is checking your configuration files are correct. On both Linux and Windows, you can do a great job of taking over a system just by messing with configuration files, whether that be zeroing a password field, or adding a preload so that every time you run a program a trojan starts up as well, or a timed job to start your trojan back up if it gets disabled. If there's enough configuration data, you might be able to hide a copy of your trojan in their, so that it'll be re-extracted even if the rest of the system is completely cleaned up.

I'm not really sure what the solution here is. For Windows and its registry (and other configuration scattered about the place) I don't think its solvable; there's just too much of it, that's changed in too many ways to really control. So as far as I can see, it's a matter of scrubbing everything, and reinstalling from scratch there.

For Debian and Linux in general, things still probably aren't great, but there's at least a few things you can do. You can probably rely on /etc not changing too much, which means you can do things like track changes with something like etckeeper and review the diffs to make sure they're sensible. Unfortunately reviewing configuration diffs is probably something of a chore, but with distributed version control and a remote append-only repository you've got a chance of that being at least feasible to leave until you're looking to recover your system.

That doesn't help you with dot-files in your home directory though, and honestly I'm not sure anything will. Compared to 10MB in /etc on my netbook, there's 86MB in ~/.mozilla alone for me, often in inscrutable XML and binary files. Worse, applications feel free to create their own dot files at any time, and also to hide them underneath other directories (.config/gnome-session, .gnome2/evince, .kde/share/apps/ScanImages etc). Some need to be per-machine, others don't.

You could imagine having a .bashrc that sets LD_PRELOAD to include some file in .mozilla/firefox/194653e1.default/Cache/36A45162d01, which then checks every now and then to see if it can run "sudo" without needing a password to give itself root permissions, for example. Perhaps a .bashrc and LD_PRELOAD would be noticable (though I think not to many people), but there's also .xsession and a myriad of other bits of configuration that'll let you get a trojan started up that way.

On the other hand, the amount of valuable configuration in dotfiles isn't that large -- manually deciding which dotfiles are interesting and keeping them in version control, while scrubbing the rest every now and then (when things break, when you switch computers, once a week, whatever) could be feasible.

Another place to worry about stuff is /var. It's usually a little safer in that it's generally full of data, so it won't spontaneously launch software quite so much, but not completely so. Adding something to /var/spool/cron/crontabs/root could get you into trouble pretty quickly, eg. If you modified /bin/ls to do evil things, and someone tried reinstalling with apt-get, if you'd also added some code to /var/lib/dpkg/info/coreutils.prerm you could make sure /bin/ls was reinfected immediately.

I'm honestly not to sure what there is to be done about that either. It might be feasible to monitor just the "risky" parts of /var in a useful way, but it would be pretty easy to miss things. It might be possible to classify great swathes of /var as "not-risky" and treat the other bits similarly to /etc, but I don't think there are tools to do that at present. It might be possible to get programs to move the risky bits into /etc, /usr or users' home directories, but I know people were talking about some of those things over a decade ago, so it's not likely to happen soon.

Finally, there's the disk and filesystem in general -- having /etc/shadow be world readable or having a misplaced setuid bit can ruin your whole day, and you can put a fair bit of information in extended attributes these days if you're looking to hide it from the suspicious admin. You also want to make sure your boot isn't compromised -- perhaps your bootloader is jumping to code other than the kernel you thought you were pointing at, or your BIOS firmware has some code to setup a timer and a ring-0 trap that'll take control of your kernel a little while after it's booted. On the upside, there's nothing inherently difficult with dealing with that: just reflash your system and your bootloader; all your configuration should be elsewhere in the filesystem, so that should be easy. (Whether it is or not is just a matter of how good your tools are)

• Grrr #xCAT upgrade blows away customised compute.tmpl in /opt/xcat, badly documented solution is use /install/custom/.. #hpc #
• #CSIRO chief defends #climate #science – http://bit.ly/b5FXuu #
• Oh I wish #SuperMicro had a way to configure their BIOS settings from Linux, doing an entire #hpc cluster by hand isn't fun! #
• .@abciview why stop people viewing legitimately with your SWF verification? It's not copy protection, it's client lockin #
• The EFA @efa_oz nicely refute Senator @stephenconroyau's attacks on them http://bit.ly/aRUlwN #nocleanfeed #censorship #
• Oh #xCAT gurus of the twitterverse, how do I add an extra PXE boot target like memtest86+ to nodeset ? #linux #hpc #
• Thanks to @vallard for solving my #xcat and memtest86+ query – answer was here http://bit.ly/9JRPkL – my google fu was weak! #
• Consecutive tweets by @LEIGHSALES on noodle of the beast + @Atlantean7001 listening to the I.M. song, I've got to join in! #
• Fabulous image of cold dust in our galaxy by @Planck http://bit.ly/d6rhQq (via @astronomyblog) #astronomy #space #
• ABC says scientists will present evidence that effects of climate change in SE Australia are worse than the models predict #
• Apparently rainfall in SE Australia has fallen by 20% over the last decade. #
• Yay, 114TB of #Panasas storage up on our #SGI cluster #hpc #
• Trying to find #HPC and #Grid job leads in the #UK for friend (dual national) with lots of experience + about to go there #
• Catherine Crawford architect of #IBM #LANL Roadrunner #HPC one of 2010 Women to Watch http://bit.ly/9a9sns (@insidehpc) #
• Well argued (and written) piece by Joe Landman (@sijoe) on #Linux and #Windows on #HPC http://bit.ly/a853k6 #
• Open Source rocks – #Oracle killed off a #Sun SSO project but now resurrected by a Norwegian company http://bit.ly/9Isxlr #
• Ooh, Kubuntu 10.04 is now in beta – perhaps now it's the time to upgrade? http://bit.ly/bibufX #ubuntu #linux #kde #
• Just back from dinner at Honey Thai in #Belgrave very nice (as always)! #
• Professor Peter Taylor appointed as #VLSCI Director at the University of #Melbourne http://bit.ly/970LDE #hpc #lifescience #
• ARGH! #Vodafone haven't cancelled the unsolicited $50 a month data plan they put me on after promising to! Idiots! #
• The Global Atheist Convention, Richard Dawkins and bad journalism: http://bit.ly/bKbaLw #atheism #journalism #

Powered by Twitter Tools

This item originally posted here:

Twitter Weekly Updates for 2010-03-21

Today was the Dairy Goat Society of Australia Tasmanian Branch Southern Kid and Goatling Show at the Royal Hobart Showgrounds. We only took along Jesse-Belle and Basil to this show, making for a light goat handling day :)

Jesse-Belle brought home:

• 1st Place, Toggenburg Goatling 12-24 months un-kidded
• Reserve Champion, Junior Doe

This was Jesse-Belle's second show and the second time she has brought home both 1st place in the Toggenburgs and Reserve Champion. We're happy with her showings so far and hopefully she'll continue her run as she matures.

Basil is only three months old and this was his first show. Basil managed to snag:

• 3rd Place, Buck Kid under 6 months, any breed

The judge had some fine words regarding Basil, particularly as he was half the age of the other buck kids. We're fairly excited about this little Austrlian Brown's future.

Below are a few happy snaps from the day, click one for the gallery:

read more

Sitting at my hotel room in Tijuana, about to hit the bed, quite tired because of a nice, long walk I will write more about tomorrow, I have been listening for at least five minutes to a long, stupid infomerciative spam in the History Channel: A fountain pen, a five-point pen, and three other pen-like implements (plus extra and extra and extra things... They are listing a case with 63 implements now!)

Now, what is the hook into getting somebody to call for a classy pen? Elegance, of course! Just for the sake of this exercise, the spam continues to be played. And yes, it's only been two short paragraphs. But believe me, I am very tired, and trying to get some coherent English out of my brain is not as easy as it could.

Elegance, I said, right? Good. How do you convey elegance to TV spam/infomercials? Well, what's more classy and refined than a 30 second sample of Haydn? Man, Haydn is *so* classy that the viewer will not even notice the snippets of blabber have incoherent redaction.

Anyway... Spam goes on. I cannot stand any more repetitions of this 30 Haydn seconds. They are stronger than me. And that old lady says that anybody is writing in their computer now… I will only write with my fountain pen from now on! — I will surely follow her wise advise!

(STOP IT WITH THE STUPID HORN!)

A meme that has been going around is that you can’t cite Wikipedia.

You can’t Cite Wikipedia Academically

Now it’s well known and generally agreed that you can’t cite Wikipedia for a scientific paper or other serious academic work. This makes sense firstly because Wikipedia changes, both in the short term (including vandalism) and in the long term (due to changes in technology, new archaeological discoveries, current events, etc). But you can link to a particular version of a Wikipedia page, you can just click on the history tab at the top of the screen and then click on the date of the version for which you want a direct permanent link.

The real reason for not linking to Wikipedia articles in academic publications is that you want to reference the original research not a report on it, which really makes sense. Of course the down-side is that you might reference some data that is in the middle of a 100 page report, in which case you might have to mention the page number as well. Also often the summary of the data you desire simply isn’t available anywhere else, someone might for example take some facts from 10 different pages of a government document and summarise them neatly in a single paragraph on Wikipedia. This isn’t a huge obstacle but just takes more time to create your own summary with references.

When Wikipedia is Suitable

The real issue however is how serious the document you are writing is and how much time you are prepared to spend on it. If I’m writing a message to a mailing list or a comment on a blog post then I probably won’t bother reading all the primary sources of Wikipedia pages, it would just waste too much of my time. Wikipedia is adequate for the vast majority of mailing list discussions.

If I’m discussing several choices for software with some colleagues we will probably start by reading the Wikipedia pages, if one option doesn’t appear to have the necessary features (according to Wikipedia) then we may ask the vendor if those features are really missing and if so whether they will be added in the next version – but we may decide that we don’t really need the features in question and modify our deployment plans. Many business decisions are made with incomplete data, time is money and there often isn’t time to do everything you want to do. Using Wikipedia as a primary source for business decisions is a way of trading off a little accuracy for a huge time saving. This is significantly better than the old fashioned approach of comparing products by reading their brochures – companies LIE in their advertising!

When writing blog posts the choice of whether to use Wikipedia as a reference depends on the point that you are trying to make and how serious the post is. If the post isn’t really serious or contentious or if the Wikipedia reference is for some facts that are not likely to be disputed then Wikipedia will probably do. For some posts a reference to a primary source will be better.

A blog post that references data that is behind a pay-wall (such as a significant portion of academic papers and news articles) is practically of less use than a post that cites Wikipedia. In most cases Wikipedia references free primary sources on the Internet (although it does sometimes refer to dead tree products and data that is behind a pay-wall). In the minority of cases where the primary references for a Wikipedia page are not available for free on the Internet there will be people searching for freely available references to replace the non-free ones. So if you refer to a Wikipedia page with non-free references a future reader might find that someone has added free references to it.

The Annoying People

One thing that often happens is that an Internet discussion contains no references for anything – it’s all just unsupported assertions. Then if anyone cites Wikipedia someone jumps in with “you can’t cite Wikipedia“. If you want to criticise Wikipedia references then please first start by criticising people who state opinions as fact and people who provide numbers without telling anyone where they came from! The Guinness Book of Records (now known as “Guinness World Records”) was devised as a reference to cite in debates in pubs [1]. It seems that most of the people who dismiss references to Wikipedia on the net would prefer that Internet debates have lower requirements for references than a pub debate.

When Wikipedia is cited in an online discussion it is usually a matter of one mouse click to check the references for the data in question. If Wikipedia happens to be wrong then anyone who cares can correct it. Saying “the Wikipedia page you cited had some transcription errors in copying data from primary sources and some of the other data was not attributed, I’ve corrected the numbers and noted that it contains original research” would be a very effective rebuttal to an argument that relies on data in Wikipedia. Saying “you can’t cite Wikipedia” means little, particularly if you happen to be strongly advocating an opposing position while not providing any references.

If one person cites an academic paper and someone else cites Wikipedia then it seems reasonable to assume that the academic paper is the better reference. But when it’s a choice between Wikipedia and no reference then surely Wikipedia should win! Also references to non-free data are not much good for supporting an argument, that’s really just unverified claims as far as most people can determine – therefore the issue becomes how much the person citing the non-free reference can be trusted to correctly understand and summarise the non-free data.

Also it has to be considered that not all primary sources are equal. Opinion pieces should be considered to have a fairly low value and while they are authoritative for representing the opinion of the person who wrote them they often prove little else – unless they happen to cite good references which brings them to the same level as Wikipedia. The main benefit for linking to opinion pieces is that it saves time typing and gives a better product for the readers – it’s sometimes easier to find someone else expressing an opinion well than to express it yourself.

So please, don’t criticise me for citing Wikipedia unless others in the discussion are citing better references. If most people are not citing any references or only citing opinion pieces then a Wikipedia page may be the best reference that is being provided!

• [1] http://en.wikipedia.org/wiki/Guinness_book_of_records

Author : Jacqueline Brasfield

I was 18 years old when they’d captured the first howlers.

Mom and I stayed up to see the first footage of them flash across the TV screen on the 11 O’clock news, blurry images of hollow-eyed men and women wearing orange jumpsuits, their arms hanging limply and obediently at their sides. I felt a pang of disappointment. From all her stories I expected them to be fierce, savage, proud creatures struggling and straining at their chains. I expected them to be warriors. They looked no more savage than my science teacher at school. Mom said I shared a connection to them. I didn’t know what she meant.

On the screen, three figures stood proudly at a podium adorned with microphones from various news agencies. My mother spit down at her feet when the camera panned over their faces – two men, one woman, all impeccably groomed. One of the men wore a military uniform decorated with medals, and it was he who spoke to the camera.

“We’ve prepared a small statement regarding the hybrids and then we’ll move to your questions.”

My mother spit again and took a long swallow of gin straight out of the small glass bottled held in her hand. I’d never seen her drink before.

“It is with great pleasure that we can confirm we have successfully located and retrieved all of the hybrids. The last remaining rogue tribes were identified and brought into protective custody for their integration into the United States Military Evolutionary Hybrid Unit. The success of the device used to free these hybrids from their condition continues to prove effective and provide a stability and peace of mind these individuals will not have ever known. All of them have been offered training and assistance and the opportunity to serve this great nation, and we can confirm we have 100% uptake on this offer. The public is safe once again – if not safer. We believe these hybrids will make the finest soldiers in the history of the United States military forces. My colleagues and I will take your questions now, on the understanding we cannot reveal information that is classified.”

Immediately, a flurry of questions came from the mob of journalists off camera. My mother turned off the TV before I could hear any of the replies.

“Why’d you turn it off?”

She sat there in the dark for several long seconds before answering me.

“Because they’re lying, Ben. About everything. All the stories I’ve told you. All of their history. Does any of that suggest to you that they would willingly give in to slavery and bondage? That they would agree to serve those who rape the land, and poison the water and kill the innocent?”

I opened my mouth to speak, to tell her no I did not think they would, but she was quick to interject.

“And do you think they’ve really caught all of them?”

She looked over my shoulder as she said the words, eyes fixed on something behind me. And that something began to move, causing the hairs on the back of my neck to stand up like orderly soldiers.

“Mom?”

I turned quickly to look behind and stood frozen at the sight before me. A woman more bone than skin prowling forward on bare feet. Her movements were alien and animalistic and savage. She spat haughty words at me in Russian that I didn’t understand.

I thought her the most beautiful thing I’d seen in my life.

“Meet the resistance Ben,” my mother murmured. “Meet Katja, your mate.”