Planet Russell

,

Krebs on SecuritySpreading the Disease and Selling the Cure

When Karim Rattani isn’t manning the till at the local Subway franchise in his adopted hometown of Cartersville, Ga., he’s usually tinkering with code. The 21-year-old Pakistani native is the lead programmer for two very different yet complementary online services: One lets people launch powerful attacks that can knock Web sites, businesses and other targets offline for hours at a time; the other is a Web hosting service designed to help companies weather such assaults.

Grimbooter

Grimbooter

Rattani helps run two different “booter” or “stresser” services – grimbooter[dot]com, and restricted-stresser[dot]info. He also works on TheHosted[dot]me, a Web hosting firm marketed to Web sites looking for protection from the very attacks he helps to launch.

As part of an ongoing series on booter services, I reached out to Rattani via his Facebook account (which was replete with images linking to fake Youtube sites that foist malicious software disguised as Adobe’s Flash Player plugin). It turns out, the same Google Wallet is used to accept payment for all three services, and that wallet traced back to Rattani.

In a Facebook chat, Rattani claimed he doesn’t run the companies, but merely accepts Google Wallet payments for them and then wires the money (minus his cut) to a young man named Danial Rajput — his business partner back in Karachi. Rajput declined to be interviewed for this story.

The work that Rattani does for these booter services brings in roughly $2,500 a month — far more than he could ever hope to make in a month slinging sandwiches. Asked whether he sees a conflict of interest in his work, Rattani was ambivalent.

“It is kind of [a conflict], but if my friend won’t sell [the service], someone else will,” he said.

Rattani and his partner are among an increasing number of young men who sell legally murky DDoS-for-hire services. The proprietors of these services market them as purely for Web site administrators to “stress test” their sites to ensure they can handle high volumes of visitors.

But that argument is about as convincing as a prostitute trying to pass herself off as an escort. The owner of the attack services (the aforementioned Mr. Rajput) advertises them at hackforums[dot]net, an English language forum where tons of low-skilled hackers hang and out and rent such attack services to prove their “skills” and toughness to others. Indeed, in his own first post on Hackforums in 2012, Rajput states that “my aim is to provide the best quality vps [virtual private server] for ddosing :P”.

Damon McCoy, an assistant professor of computer science at George Mason University, said the number of these DDoS-for-hire services has skyrocketed over the past two years. Nearly all of these services allow customers to pay for attacks using PayPal or Google Wallet, even though doing so violates the terms of service spelled out by those payment networks.

“The main reason they are becoming an increasing problem is that they are profitable,” McCoy said. “They are also easy to setup using leaked code for other booters, increasing demand from gamers and other customers, decreasing cost of attack infrastructure that can be amplified using common DDoS attacks. Also, it is relatively low-risk to operate a booter service when using rented attack servers instead of botnets.”

The booter services are proliferating thanks mainly to free services offered by CloudFlare, a content distribution network that offers gratis DDoS protection for virtually all of the booter services currently online. That includes the Lizardstresser, the attack service launched by the same Lizard Squad (a.k.a. Loser Squad) criminals whose assaults knocked the Microsoft Xbox and Sony Playstation networks offline on Christmas Day 2014.

The sad truth is that most booter services probably would not be able to remain in business without CloudFlare’s free service. That’s because outside of CloudFlare, real DDoS protection services are expensive, and just about the only thing booter service customers enjoy attacking more than Minecraft and online gaming sites are, well, other booter services.

For example, looking at the (now leaked) back-end database for the LizardStresser, we can see that TheHosted and its various properties were targeted for attacks repeatedly by one of the Loser Squad’s more prominent members.

The Web site crimeflare.com, which tracks abusive sites that hide behind CloudFlare, has cataloged more than 200 DDoS-for-hire sites using CloudFlare. For its part, CloudFlare’s owners have rather vehemently resisted the notion of blocking booter services from using the company’s services, saying that doing so would lead CloudFlare down a “slippery slope of censorship.”

As I observed in a previous story about booters, CloudFlare CEO Matthew Prince has noted that while Cloudflare will respond to legal process and subpoenas from law enforcement to take sites offline, “sometimes we have court orders that order us to not take sites down.” Indeed, one such example was CarderProfit, a Cloudflare-protected carding forum that turned out to be an elaborate sting operation set up by the FBI.

I suppose it’s encouraging that prior to CloudFlare, Prince was co-creators of Project Honey Pot, which bills itself as the largest open-source community dedicated to tracking online fraud and abuse. In hacking and computer terminology, a honeypot is a trap set to detect, deflect or otherwise counteract attempts at unauthorized use or abuse of information systems.

It may well turn out to be the case that federal investigators are allowing these myriad booter services to remain in operation so that they can gather copious evidence for future criminal prosecutions against their owners and users. In the meantime, however, it will continue to be possible to purchase powerful DDoS attacks with little more than a credit card or prepaid debit card.

TED40 brilliant idioms that simply can’t be translated literally

Tomato_Eyes

What does it mean to “have tomatoes on your eyes?” Find out below…

By Helene Batt and Kate Torgovnick May

It’s a piece of cake. You can’t put lipstick on a pig. Why add fuel to the fire? Idioms are those phrases that mean more than the sum of their words. As our Open Translation Project volunteers translate TED Talks into 105 languages, they’re often challenged to translate English idioms into their language. Which made us wonder: what are their favorite idioms in their own tongue?

Below, we asked translators to share their favorite idioms and how they would translate literally. The results are laugh-out-loud funny.

From German translator Johanna Pichler:

The idiom: Tomaten auf den Augen haben.
Literal translation: “You have tomatoes on your eyes.”
What it means: “You are not seeing what everyone else can see. It refers to real objects, though — not abstract meanings.”

The idiom: Ich verstehe nur Bahnhof.
Literal translation: “I only understand the train station.”
What it means: “I don’t understand a thing about what that person is saying.’”

The idiom: Die Katze im Sack kaufen.
Literal translation: “To buy a cat in a sack.”
What it means: That a buyer purchased something without inspecting it first.
Other languages this idiom exists in: We hear from translators that this is an idiom in Swedish, Polish, Latvian and Norwegian. In English, the phrase is “buying a pig in poke,” but English speakers do also  “let the cat out of the bag,” which means to reveal something that’s supposed to be secret.

From Swedish translator Matti Jääro:

The idiom: Det är ingen ko på isen
Literal translation: “There’s no cow on the ice.”
What it means: “There’s no need to worry. We also use ‘Det är ingen fara på taket,’ or ‘There’s no danger on the roof,’ to mean the same thing.”

The idiom: Att glida in på en räkmacka
Literal translation: “To slide in on a shrimp sandwich.”
What it means: “It refers to somebody who didn’t have to work to get where they are.”

The idiom: Det föll mellan stolarna
Literal translation: “It fell between chairs.”
What it means: “It’s an excuse you use when two people were supposed to do it, but nobody did. It has evolved into the slightly ironic phrase, ‘It fell between the chair,’ which you use when you want to say,‘Yeah, I know I was supposed to do it but I forgot.’”

From Thai translator Kelwalin Dhanasarnsombut:

The idiom: เอาหูไปนา เอาตาไปไร่
Literal translation: “Take ears to the field, take eyes to the farm.”
What it means: “It means ‘don’t pay any attention.’ Almost like ‘don’t bring your eyes and ears with you.’ If that were possible.”

The idiom: ไก่เห็นตีนงู งูเห็นนมไก่
Literal translation: “The hen sees the snake’s feet and the snake sees the hen’s boobs.”
What it means: “It means two people know each other’s secrets.”

The idiom: ชาติหน้าตอนบ่าย ๆ
Literal translation: “One afternoon in your next reincarnation.”
What it means: “It’s never gonna happen.”
Other languages this idiom exists in: A phrase that means a similar thing in English: “When pigs fly.” In French, the same idea is conveyed by the phrase, “when hens have teeth (quand les poules auront des dents).” In Russian, it’s the intriguing phrase, “When a lobster whistles on top of a mountain (Когда рак на горе свистнет).” And in Dutch, it’s “When the cows are dancing on the ice (Als de koeien op het ijs dansen).”

From Latvian translator Ilze Garda and Kristaps Kadikis:

The idiom: Pūst pīlītes.
Literal translation: “To blow little ducks.”
What it means: “It means to talk nonsense or to lie.”
Other language connections: In Croatian, when someone is obviously lying to someone, you say that they are “throwing cream into their eyes (bacati kajmak u oči).”

The idiom: Ej bekot.
Literal translation: “‘Go pick mushrooms,’ or, more specifically, ‘Go pick mushrooms!'”
What it means: “Go away and/or leave me alone.”

From French translator Patrick Brault: 

The idiom: Avaler des couleuvres.
Literal translation: “To swallow grass snakes.”
What it means: “It means being so insulted that you’re not able to reply.” 

The idiom: Sauter du coq à l’âne.
Literal translation: “To jump from the cock to the donkey.”
What it means: “It means to keep changing topics without logic in a conversation.” 

The idiom: Se regarder en chiens de faïence.
Literal translation: “To look at each other like earthenware dogs.”
What it means: “Basically, to look at each other coldly, with distrust.” 

The idiom: Les carottes sont cuites!
Literal translation: “The carrots are cooked!”
What it means: “The situation can’t be changed.”
Other language connections: It’s bit like the phrase, “It’s no use crying over spilt milk,” in English.

From Russian translator Aliaksandr Autayeu:

The idiom: Галопом по Европам
Literal translation: “Galloping across Europe.”
What it means: “To do something hastily, haphazardly.”

The idiom: На воре и шапка горит
Literal translation: “The thief has a burning hat.”
What it means: “He has an uneasy conscience that betrays itself.”

The idiom: Хоть кол на голове теши
Literal translation: “You can sharpen with an ax on top of this head.”
What it means: “He’s a very stubborn person.”

The idiom: брать/взять себя в руки
Literal translation: “To take oneself in one’s hands.”
What it means: “It means ‘to pull yourself together.’”
Other languages this idiom exists in: Translators tell us that there is a German version of this idiom too: “Sich zusammenreißen,” which translates literally as “to tear oneself together.” And in Polish, the same idea is expressed by the phrase, “we take ourselves into our fist (wziąć się w garść).” 

From Portuguese translators Gustavo Rocha and Leonardo Silva: 

The idiom: Quem não se comunica se trumbica
Literal translation: “He who doesn’t communicate, gets his fingers burnt.”
What it means: “He who doesn’t communicate gets into trouble.”’

The idiom: Quem não tem cão caça com gato
Literal translation: “He who doesn’t have a dog hunts with a cat.”
What it means: “You make the most of what you’ve got.” Basically, you do what you need to do, with what the resources you have. 

The idiom: Empurrar com a barriga
Literal translation: “To push something with your belly.”
What it means: “To keep postponing an important chore.”

The idiom: Pagar o pato
Literal translation: “Pay the duck.”
What it means: “To take the blame for something you did not do.”

From Polish translator Kinga Skorupska:

The idiom: Słoń nastąpił ci na ucho?
Literal translation: “Did an elephant stomp on your ear?”
What it means: “You have no ear for music.”
Other languages this idiom exists in: Our translators tell us that in Croatian, there’s also a connection made between elephants and musical ability in the phrase, “You sing like an elephant farted in your ear (Pjevaš kao da ti je slon prdnuo u uho.).” But in the Latvian version, it’s a bear who stomps on your ear.

The idiom: Bułka z masłem.
Literal translation: “It’s a roll with butter.”
What it means: “It’s really easy.”

The idiom: Z choinki się urwałaś?
Literal translation: “Did you fall from a Christmas tree?”
What it means: “You are not well informed, and it shows.”

From Japanese translators Yasushi Aoki and Emi Kamiya:

The idiom: 猫をかぶる
Literal translation: “To wear a cat on one’s head.”
What it means: “You’re hiding your claws and pretending to be a nice, harmless person.”

The idiom: 猫の手も借りたい
Literal translation: “Willing to borrow a cat’s paws.”*
What it means: “You’re so busy that you’re willing to take help from anyone.” 

The idiom: 猫の額
Literal translation: “Cat’s forehead.”
What it means: “A tiny space. Often, you use it when you’re speaking humbly about land that you own.”

The idiom: 猫舌
Literal translation: “Cat tongue.”
What it means: “Needing to wait until hot food cools to eat it.”

*Yes, Japanese has quite a few cat idioms.

From Kazakh translator Askhat Yerkimbay:

The idiom: Сенің арқаңда күн көріп жүрмін
Literal translation: “I see the sun on your back.”
What it means: “Thank you for being you. I am alive because of your help.”

From Croatian translator Ivan Stamenkovic:

The idiom: Doće maca na vratanca
Literal translation: “The pussy cat will come to the tiny door.”
What it means: “Essentially, ‘What goes around comes around.’”

The idiom: Da vidimo čija majka crnu vunu prede
Literal translation: “We see whose mother is spinning black wool.”
What it means: “It’s like being the black sheep in the family.” 

The idiom: Muda Labudova
Literal translation: “Balls of a swan.”
What it means: “It means something that’s impossible.”

The idiom: Mi o vuku
Literal translation: “To talk about the wolf.”
What it means: “It’s similar to ‘speak of the devil.’”
Other language connections: In Polish, “O wilku mowa” is the equivalent.

From Tamil translator Tharique Azeez:

The idiom: தலை முழுகுதல் (Thalai Muzhuguthal)
Literal translation: “To take a dip or pour water over someone’s head.”
What it means: “To cut off a relationship.” 

The idiom: தண்ணீர் காட்டுதல் (Thanneer Kaattuthal)
Literal translation: “Showing water to someone.”
What it means: “It means to be someone’s nemesis.”

From Dutch translator Valerie Boor:

The idiom: Iets met de Franse slag doen
Literal translation: “Doing something with the French whiplash.”
What it means: “This apparently comes from riding terminology. It means doing something hastily.” 

The idiom: Iets voor een appel en een ei kopen
Literal translation: “Buying something for an apple and an egg.”
What it means: “It means you bought it very cheaply.”
Other language connections: Spanish translator Camille Martínez points out out that when something is expensive in English, you pay two body parts for it (“it cost me an arm and a leg”), whereas in Spanish you only pay one — either a kidney (“me costó un riñón”) or an eye (“me costó un ojo de la cara”).

From Korean translator Jeong Kinser:

The idiom: 똥 묻은 개가 겨 묻은 개 나무란다
Literal translation: “A dog with feces scolds a dog with husks of grain.”
What it means: “It’s a bit like, ‘People who live in glass houses shouldn’t throw stones.’”

The idiom: 오십보 백보
Literal translation: “50 steps are similar to 100 steps.”
What it means: “I think of it as, ‘Six of one, half a dozen of the other.’”

What are your favorite idioms? Share in the comments section.


Sociological ImagesAmericans Are Fleeing Religion and Republicans Are To Blame

Over the past 40 years, Americans have become increasingly likely to deny an affiliation with a religion. The graph below shows that people with “no religious preference” rose from about 5% of the population in 1972 to about 20% today. Overall, however, Americans do not report a corresponding decline in the a belief in God, life after death, or other religious ideas. What’s going on?

2

Sociologists Michael Hout and Claude Fischer — the guys who made the graph above — argue that the retreat from religious affiliation is essentially, a retreat from the political right. Religion has become strongly associated with conservative politics, so left-leaning people are choosing, instead, to identify as “spiritual but not religious.”

Here is some of their evidence. The data below represents the likelihood of rejecting a religious affiliation according to one’s political views. The more politically liberal one is, the more likely they have come to reject religion.

3

Using fancy statistical analyses, they explain: “generational differences in belief add nothing to explaining the cohort differences in affiliation.” That is, people haven’t lost their faith, they just disagree with religious leaders and institutions.  Hout and Fischer conclude:

Once the American public began connecting organized religion to the conservative political agenda — a connection that Republican politicians, abortion activists, and religious leaders all encouraged — many political liberals and moderates who seldom or never attended services quit expressing a religious preference when survey interviewers asked about it.

Democrats have wondered how to break the association of the right with religion and claim a little bit of moral authority for themselves. It looks like they may not need to or, even, that having failed to do so has a surprise advantage.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianTanguy Ortolo: Scale manufacturers…

Dear manufacturers of kitchen scales, could you please stop considering your clients as idiots, and start developing useful features?

Liquid measurement: this is one feature that is available on almost every electronic scale available. Except it is completely useless to people that use the metric system, as all it does is replace the usual display in grammes by centilitres and divide the number on display by ten. Thank you, but no person that has been to school in a country that uses the metric system needs electronic assistance to determine the volume corresponding to a given weight of water, and for people that have not, a simple note written on the scale, stating that “for water or milk, divide the weight in grammes by ten to get the volume in centilitres” should be enough.

Now, there is still one thing that an electronic scale could be useful for, which is determining the volume of liquids other than water (density 1 g/ml) or milk (density approx. equal to 1 g/ml), most importantly: oil (density approx. equal to .92 g/ml for edible oils like sunflower, peanut, olive and canola).

Sociological ImagesHappy Birthday to Angela Davis

Worse Than FailureWe're Not Gonna Pay It..Anymore

TWISTED SISTER!! DEE SNYDER!!!!In the world of software development, you have customers, who request and ultimately use the software, and development organizations, who build and test said software. Of course, it's never that simple. At some point, the customer has to try using the software in order to sign off on it.

At least in a sane business arrangement. Sometimes, things get all twisted around.

TS found himself in the middle of a mind-bending dispute with a client.

You see, the client provided specifications as to what the software should do. TS' developers built the software to do exactly that. Afterward, the developers and QA folks did assorted rounds of testing. The package was then provided to the client so that they could do UAT. If all was well, the product would be deployed for general use.

This normalcy continued for several releases of the product.

Until...

One day, after invoicing the client for the work. the client responds with a check, and an invoice of their own for the time they put in to perform UAT on the software!

Wait, wha? TS called the client and inquired WTF they were talking about. After all, who accepts custom software without at least making sure it does what it was requested to do? The conversation left TS befuddled...

  TS:  Why are you billing us for acceptance testing? Only the customer can accept
       the software!
  Clt: It's taking us all kinds of time to verify your software does what we requested
  TS:  We do testing too, but ultimately you need to verify we did our jobs properly 
  Clt: Irrelevant: if we have to put in this much time to verify that your software
       works properly, then we should be reimbursed
  TS:  Wait, let me get The Big Boss in on this...

At this point, TS sent an email to The Big Boss with the subject:

   Urgent: Client wants to bill us for time they spent doing UAT

Needless to say, The Big Boss was equally befuddled, and set up a call with the customer.

  TS:  Client, this is The Big Boss, Big Boss, this is the Client...
  TBB: I understand you want to bill us for time you spend doing UAT?
  Clt: That's right; it's taking a lot of our time. The software should just work!
       We have been paying the cost of doing this testing since the inception of this
       contract and feel that we shouldn't pay for it any more!
  TBB: Ok, no problem. We will no longer ask you to do UAT, as long as you agree,
       in writing, that you'll accept our testing as sufficient and definitive;
       Any issues that crop up will be considered changes and/or enhancements and will
       be billed accordingly
  Clt: Unacceptable! We need to make sure your software works before we will accept it
  TBB: That is responsible thinking. Of course, it's also your responsibility, which is
       why we will not pay you to do it

This went around and around for a while until the client finally saw the light and rescinded the invoice.

[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet Linux AustraliaAndrew McDonnell: Linux.conf.au 2015 catchup #1

At the conference in Auckland I had two presentations.

For the first time I managed to get a main conference talk accepted, actually it was a tutorial which goes for 90 minutes! It was a bit daunting beforehand, but after I finished, I realised I prefer the tutorial format over having to deliver a talk. I enjoy the interaction with the audience and the sharing of knowledge, and also not being the sole focus (and not having to remember exactly what to say so much!)

My tutorial was on Reverse Engineering with Radare2; the video (Youtube) and slides are linked from the conference presentation, and have the slides up on my personal landing page as well. Thanks to James for helping with a final practice run, its always good to have a typical candidate audience perspective beforehand.

I also did a shorter talk at the Open Hardware mini-conference, on hardening embedded Linux, using OpenWRT on devices like the carambola2 as an example. The video of the mini-conferences is a bit less polished due to resourcing, here I am on about 2/3 the way through. I was somewhat more flustered in my delivery due to late changes to some slides (see earlier blog article) and a problem with my laptop deciding to have thermal issues an hour before the talk. I managed to resolve these (thanks AndyK for your help!) but it put me off my mojo a bit unfortunately. The live demo I was quite happy with, it worked without issue, so perhaps the demo gods were appeased by my earlier mishaps… The final slides are here.

Planet Linux AustraliaTim Serong: A Brief Exercise in Shameless Self Promotion

At linux.conf.au the other week, a friend asked if I’d ever considered a career writing a web comic. I forget exactly how it came up, but it might have had something to do with the STONTIH Deathmatch t-shirt I was wearing at the time, or may have been due to someone mentioning the talk Florian Haas and I gave at LCA 2011 with the live cartooning.

Anyway, the answer was “no, not really”, largely because I sincerely enjoy my gig at SUSE (we’re hiring ATM, BTW), but also partly because I honestly don’t come up with enough interesting stuff often enough, and consider it unlikely I’ll ever make a living off it. Still, I have put a handful of bits and pieces up on Redbubble over the last few years, so I thought I’d engage in a bit of narcissism and promote it shamelessly and obviously. In chronological order then, from oldest to newest, I have produced:

Planet Linux AustraliaMichael Still: First jog, and a walk to Los Altos

Today was a busy day, not only did I foolishly go for a jog 5 minutes after sunrise...

Interactive map for this route. ...but then I went for a walk with James in the afternoon as well.

Interactive map for this route. Let's just say my fitbit is very impressed with me.

Tags for this post: blog walk california running
Related posts: Walking to work; Did I mention it's hot here?; Summing up Santa Monica; Noisy neighbours at Central Park in Mountain View; So, how am I getting to the US?; VTA station for the Santa Clara Convention Center

Comment

Planet DebianNOKUBI Takatsugu: Weak ssh public keys in github

A presentation slide, named ”Attacking against 5 millions SSH public keys – 偶然にも500万個のSSH公開鍵を手に入れた俺たちは” is published, it is a lightning talk in “Edomae security seminar” in Jan 24, 2015.

 He grabbed ssh public keys with  GitHub API (https://github.com/${user}.key), the API is obsoleted, but not closed.

He found short (<= 512 bit) DSA/RSA keys and can solve prime decomposition 256bit RSA key in 3 seconds.

And he repoted there are 208 weak ssh keys generated by Debian/Ubuntu (CVS-2008-0166). It was already announced  by GitHub.

On the other hand, such ssh keys couldn’t solve prime decomposition with fastgcd. It means almost ssh keys in GitHub has no bias in almost random number generators implementations, it is a good news.

Planet Linux AustraliaClinton Roy: clintonroy

Notwork, due to Australia day. Spending an inordinate amount of time trying to find some aircon so I don’t sweat all day long. I did get to pre-poll vote in the morning, so not all aircon hunting time was wasted.

My headphones have died in one ear, time for another set of consumables. The wirleless in the library is hopeless. This combination is making me very unproductive at both tasks I set myself for today.


Filed under: Uncategorized

,

Planet DebianRichard Hartmann: KDE battery monitor

Dear lazyweb,

using a ThinkPad X1 Carbon with Debian unstable and KDE 4.14.2, I have not had battery warnings for a few weeks, now.

The battery status can be read out via acpi -V as well as via the KDE widget. Hibernation via systemctl hibernate works as well.

What does not work is the warning when my battery is low, or automagic hibernation when shutting the lid or when the battery level is critical.

From what I gather, something in the communication between upower and KDE broke down, but I can't find what it is. I have also been told that Cinnamon is affected as well, so this seems to be a more general problem

Sadly, me and anyone else who's affected has been unable to fix this.

So, dear lazyweb, please help.

In loosely related news, this old status is still valid. UMTS is stable-ish now but even though I saved the SIM's PIN, KDE always displays a "SIM PIN unlock request" prompt after booting or hibernating. Once I enter that PIN, systemd tells me that a system policy prevents the change and wants my user password. If anyone knows how to get rid of that, I would also appreciate any pointers.

Planet DebianChris Lamb: Recent Redis hacking

I've done a bunch of hacking on the Redis key/value database server recently:

  • Lua-based maxmemory eviction scripts. (#2319)

    (This changeset was sponsored by an anonymous client.)

    Redis typically stores the entire data set in memory, using the operating system's virtual memory facilities if required. However, one can use Redis more like a cache or ring buffer by enabling a "maxmemory policy" where a RAM limit is set and then data is evicted when required based on a predefined algorithm.

    This change enables entirely custom control over exactly what data to remove from RAM when this maxmemory limit is reached. This is an advantage over the existing policies of, say, removing entire keys based on the existing TTL, Least Recently Used (LRU) or random eviction strategies as it permits bespoke behaviours based on application-specific requirements, crucially without maintaining a private fork of Redis.

    As an example behaviour of what is possible with this change, to remove the lowest ranked member of an arbitrary sorted set, you could load the following eviction policy script:

    local bestkey = nil
    local bestval = 0
    
    for s = 1, 5 do
       local key = redis.call("RANDOMKEY")
       local type_ = redis.call("TYPE", key)
    
       if type_.ok == "zset"
       then
           local tail = redis.call("ZRANGE", key, "0", "0", "WITHSCORES")
           local val = tonumber(tail[2])
           if not bestkey or val < bestval
           then
               bestkey = key
               bestval = val
           end
       end
    end
    
    if not bestkey
    then
        -- We couldn't find anything to remove, so return an error
        return false
    end
    
    redis.call("ZREMRANGEBYRANK", bestkey, "0", "0")
    return true
    
  • TCP_FASTOPEN support. (#2307)

    The aim of TCP_FASTOPEN is to eliminate one roundtrip from a TCP conversation by allowing data to be included as part of the SYN segment that initiates the connection. (More info.)

  • Support infinitely repeating commands in redis-cli. (#2297)

  • Add --failfast option to testsuite runner. (#2290)

  • Add a -q (quiet) argument to redis-cli. (#2305)

  • Making some Redis Sentinel defaults a little saner. (#2292)


I also made the following changes to the Debian packaging:

  • Add run-parts(8) directories to be executed at various points in the daemon's lifecycle. (e427f8)

    This is especially useful for loading Lua scripts as they are not persisted across restarts.

  • Split out Redis Sentinel into its own package. (#775414, 39f642)

    This makes it possible to run Sentinel sanely on Debian systems without bespoke scripts, etc.

  • Ensure /etc/init.d/redis-server start idempotency with --oknodo (60b7dd)

    Idempotency in initscripts is especially important given the rise of configuration managment systems.

  • Uploaded 3.0.0 RC2 to Debian experimental. (37ac55)

  • Re-enabled the testsuite. (7b9ed1)

Planet DebianDirk Eddelbuettel: RcppArmadillo 0.4.600.4.0

Conrad put up a maintenance release 4.600.4 of Armadillo a few days ago. As in the past, we tested this with number of pre-releases and test builds against the now over one hundred CRAN dependents of our RcppArmadillo package. The tests passed fine as usual, and results are as always in the rcpp-logs repository.

Changes are summarized below based on the NEWS.Rd file.

Changes in RcppArmadillo version 0.4.600.4.0 (2015-01-23)

  • Upgraded to Armadillo release Version 4.600.4 (still "Off The Reservation")

    • Speedups in the transpose operation

    • Small bug fixes

Courtesy of CRANberries, there is also a diffstat report for the most recent release. As always, more detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Geek FeminismA Heartbreaking Work of Staggering Linkspam

  • Feminist Bloggers Cannot Be Your Therapists | Brute Reason (January 11): “Why are people blaming feminism–the feminism of the 1970s or 80s, no less–for failing to cure what appeared to be a serious psychological issue? Why are people claiming that the solution now is simply for feminist writers and activists to be more compassionate and considerate towards male nerds like Aaronson, as though any compassion or consideration could have magically fixed such a deeply layered set of deeply irrational beliefs?”
  • Bringing back the Riot Grrrl | Marlena’s Blog (January 20): “What I found is that no matter how much I read and worked at not being an asshole or finding the “right way” to say things or get my opinions across, I could never be silent enough.”
  • Smash Bros. Community Boots Harassing Host of Their Largest Tournament | The Mary Sue (January 20): “Over the past day or so, the Smash Bros. community has come together in a big way to denounce years of harassment by the host of the largest Smash Bros. tournament around: Apex. With Apex 2015 rapidly approaching the last weekend of January, Jonathan “Alex Strife” Lugo has been forced to step down from his position at the tournament in a huge win for safety in the fighting game community.”
  • Infamous, Thoughtless, Careless, and Reckless | Mark Bernstein  (January 15): A series of posts discussing the Wikipedia Arbitration Committee’s decision to prohibit feminists from contributing to Wikipedia on issues related to gaming, gender, or sexuality. “The infamous draft decision of Wikipedia’s Arbitration Committee (ArbCom) on Gamergate is worse than a crime. It’s a blunder that threatens to disgrace the internet. “
  • Gaming while black: Casual racism to cautious optimism | Joystiq (January 16): “Freelance gaming and media writer Sidney Fussell summarized the pushback as follows: “I’ve been writing about blackness and games for about two years now and a huge majority of the negative feedback I get boils down to this: Race doesn’t belong in video games. White commenters tell me racism in games isn’t a problem. Only attention-starved reverse racists, dragging it up for clicks from white-guilt-addled gamers, still want to talk about racism. This is the burden of being a black gamer: I love games, but if I want to talk about them critically, my motives are questioned, my social ties are strained and suddenly I’m a member of the ‘PC Police’ who wants to go around ruining everyone’s fun.”
  • We’re going to keep talking about women in tech | The Daily Dot (January 14): “Here are 25 straightforward things you can do to create change – many of which won’t take more than two minutes of your time.”
  • Abusing Contributors is not okay | Curious Efficiency (January 22): “As the coordinator of the Python Software Foundation’s contribution to the linux.conf.au 2015 financial assistance program, and as someone with a deep personal interest in the overall success of the open source community, I feel it is important for me to state explicitly that I consider Linus’s level of ignorance around appropriate standards of community conduct to be unacceptable in an open source community leader in 2015.”
  • Support diversity in Linux by attending an Ally Skills Workshop at SCALE 13X | The Ada Initiative (January 21): “The Ally Skills Workshop teaches men how to support women in their workplaces and communities, by effectively speaking up when they see sexism, creating discussions that allow more voices to be heard, and learning how to prevent sexism and unwelcoming behavior in the first place. The changes that reduce sexism also make communities more welcoming, productive, and creative.”
  • The Elephant in the Keynote | Project Gus (January 19): “And while younger white male software developers are having their opinions panned by the respected older generation on stage, what does this mean for actual marginalised groups? If FOSS is ever going to achieve broad adoption, it has to appeal to more than a privileged few.”
  • OPW Successes and Succession Planning | The Geekess (January 15): “It’s been a busy winter for the FOSS Outreach Program for Women (OPW).  On October 13, 2014, seven (yes, seven!) of the former Linux kernel OPW interns presented their projects at LinuxCon Europe.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet Linux AustraliaMichael Still: A walk in the San Mateo historic red woods

TEDCould comets explain why there’s life on Earth? A lesson in chalk

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/EnnPJXbKt0U?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

When Justin Dowd worked as a food runner at a restaurant, he would sometimes doodle on the chalkboard in the kitchen. He had no idea that this skill — coupled with his ability to explain physics — would one day win him a trip to space.

The science writer and animator who created the TED-Ed lesson “Could comets be the source of life on Earth?” Dowd is known for illuminating concepts in physics — from Einstein’s discovery to black holes — using his own special brand of “chalkimation.” In 2012, his animated videos won him the Race for Space, a competition run by Metro to send a civilian astronaut on a short suborbital flight. Dowd will have a seat on-board the suborbital spaceplane XCOR Lynx and will chronicle his training and the flight for the newspaper.

We caught up with Dowd to talk about science, his upcoming trip to the cosmos and the wonders of creating this TED-Ed lesson out of nothing but chalk.

So, first of all, how did you pick the topic of comets for your TED-Ed lesson?

The lesson is about the discovery of amino acids and DNA-based pairs in the tails of comets, and the discovery that one out of five stars in our galaxy has a planet orbiting in it with a similar size and temperature to Earth. Those are two discoveries that have been made recently —  the amino acids discovery was made in 2004, and the Kepler study, which was the study that revealed about 40 million planets that are similar to Earth in our galaxy, came out about six months ago. These are both really, really recent discoveries that are indicating that the building blocks for proteins and DNA are common throughout our galaxy.

The last three years in physics have been the most exciting few years in, I’m guessing, about 20. There’s just been an extremely high density of amazing discoveries that people have been waiting for for decades. So it’s cool to pick these topics that have information in them that nobody has ever known before. That we know for the first time ever.

unnamed

A still from this lesson, drawn completely in chalk by Justin Dowd.

The lesson looks beautiful. Why were you drawn to chalk as a medium?

I’ve been doing chalk videos for about four years now. The first time I ever drew on a chalkboard was in the kitchen of a restaurant where I was a food runner. The restaurant had a unique chalkboard where it wasn’t slate — it was wallboard with chalkboard paint over it — and it had this texture which allows you to work the chalk with your fingers and get really bright colors out of it.

For some reason, chalk and I get along. It’s kind of like a finger painting that’s dry because every color and every chalk stroke is gone over with your hands. You can dip your fingers in the powder and use your hands as a brush. And you can also erase it with your hands and move an image around. So when you’re doing animation, instead of doing multiple pictures that are separate, you can draw one mural and just manipulate the mural so that the images on it are slowly moving. You take pictures as you go, and once you have around 1,000 pictures, you have a minute or two of animation. It’s kind of gritty, and I get a lot of depth in the images.

Untitled

A peek into Dowd’s method. From left to right: A drawn line of chalk, two lines of chalk shaded with a finger, a circle of chalk shaded with a finger, and chalk ground into powder for stars. Photo: Justin Dowd

Are there any challenges to keep in mind when working with chalk?

I tried to take this lesson up a notch from what I’ve done in the past. I wanted to go all-out. So I tried a lot of new, experimental techniques, and developing those was the hardest part. Pretty much everything that I’ve done in animation, the first idea looks good on paper, but then when you try and do it, it doesn’t work out. Some of the best things that I’ve learned how to do with chalk have been accidents.

For example, the stars that I use in the space images are chalk ground up into powder. You just pick up a little bit of chalk, snap your fingers, and tiny specks of it fall down on a chalkboard that’s laid horizontally, and it looks just like stars. The first time that I noticed that was when I was drawing on the chalkboard. I looked down at all these little specks, and it looked just like stars — and that’s something that I’d been trying to figure out. I’ve been using that technique ever since.

Untitled9

A look at Dowd’s home animation set-up. Photo: Justin Dowd

Speaking of space … you’re going to visit it soon. How did you hear about this contest?

I heard about it while I was doing a Sudoku on the T in Boston. They had an article about it in the Metro newspaper. I decided to enter, and to do something different, I decided to make animated videos using chalkboards explaining the basics of relativity. I didn’t expect to win. It was really a shot in the dark, but I’m extremely lucky to have been able to get a trip to space in the end.

The trip will be in about a year from now. They’re finishing the rocket in the Mojave Desert.  I can’t wait. I would fly tomorrow morning, if I could.

How long will you be in space?

It’s a short trip. It’s kind of like being shot out of a cannon, straight up. It takes four minutes to get about 65-70 miles up. It goes three times the speed of sound, and we float for about 15 minutes, and then re-enter the atmosphere, and the rocket becomes a glider and glides back and lands on a runway like a plane. It’ll take about an hour and a half. Most of it is gliding back down.

That’s going to be amazing. Any last thoughts you want to leave us with about your TED-Ed lesson?

My favorite fact in the lesson is the discovery that there are 40 million planets similar to Earth that likely have DNA base-pairs, and the building blocks of proteins are planted in all of them by comets. I’ll see shows on science channels where it’s like, “Comets: Apocalypse Doomsday” — all different things that make the solar system and galaxy seem hostile. But the more that we study the universe and the galaxy, the more these things like comets — which appear to be hostile — are actually factories for creating the raw materials of life. The laws of the universe give us little pockets of safety, and outside of these pockets, in space, are actually the perfect conditions to create the building blocks of life.

unnamed (1)

A still from the final animation of this lesson. Could comets be more than meets the eye?

This post originally ran on the TED-Ed Blog, where you can learn much more about our education initiative which uses animation to spark curiosity. Read more from the TED-Ed Blog:


TEDHow a TED Fellow’s mobile triage app could save lives around the world

Mohammed Dalwai shares his idea for a Mobile Triage App at TEDGlobal 2014. Photo: Ryan Lash/TED

Mohammed Dalwai shares his idea for a Mobile Triage App at TEDGlobal 2014. Photo: Ryan Lash/TED

Every day, emergency room workers use triage to prioritize patient care — but exhausted personnel in under-resourced hospitals can easily make deadly errors in diagnostic tests and symptom scoring. South African emergency room doctor Mohammed Dalwai witnessed such avoidable tragedy firsthand while working with Médicins sans Frontières in Pakistan. He resolved never to let it happen again.

Dalwai urged MSF to apply a standard triaging system — the paper-based South African Triage Scale —  in his emergency room in Pakistan. This led to an 86% improvement in successful triaging, and to MSF adopting this standard in emergency rooms around the world. It also led to a big idea for Dalwai. Now, with The Open Medicine Project (TOMPSA), he and his team have made an app that is freely available. They are planning to roll it out across many regions.

Here, Dalwai tells the TED Blog about the app’s development, and its possible future uses — including the ability to track realtime data of disease outbreak.

How did you end up joining Médicins sans Frontières and creating the Mobile Triage App?

I actually always wanted to be a biomechanical engineer! But then I started studying medicine, and fell in love with it after the third year, when I began seeing patients. That was it for me. I finished med school at Stellenbosch University, and afterwards went into rural medicine. I went into the bush to work at Manguzi Hospital, on the border of Mozambique and South Africa.

There, I met an MSF doctor, who told me about the organization. The idea of going into low-resource settings and helping to make an impact in the system appealed to me, and I wanted to experience medicine outside of South Africa. So I went on multiple missions with MSF — to Pakistan, Afghanistan, Libya, Syria, Haiti and Sierra Leone.

It was in Pakistan in 2011, on my first assignment, that I saw patients dying due to incorrect triaging. One day, I lost a patient. A young woman, 22 years old, came in with abdominal pain. She was incorrectly triaged, and she waited for eight hours. She had something called an ectopic pregnancy — a pregnancy outside the uterus — and she was bleeding internally. When I found her, she was barely alive, and we tried everything to resuscitate her. But she died — and it really affected me. She was a woman, she was sidelined, she was put in a corner — no one cared, no one did the triage properly. If she’d been triaged correctly, we would have realized she was pregnant, and we would have prioritized her.

From that day on, I became determined to sort out the triage problem. I was part of a team that implemented the South African Triage Scale in my emergency room, and it was the first time it had been used in an MSF hospital. It was the first time the South African Triage Scale was ever implemented in Southeast Asia.

Villagers from Hhohho, Swaziland, wait outside to get their vitals taken before seeing a physician or dentist. Photo: Air Force Staff Sgt. Lesley Waters

Villagers from Hhohho, Swaziland, wait outside to get their vitals taken before seeing a physician or dentist. Photo: Air Force Staff Sgt. Lesley Waters

What is the South African Triage Scale?

It’s a paper-based system based on a composite score — including complaints and vital signs — and one of the only triage scales made for the developing world to evaluate both adults and children. It was developed in a small but busy hospital in Cape Town in a low socio-economic area in response to massive patient loads, understaffing and high death rates. It was introduced in 2008, and shown to be effective when implemented.

MSF had never had a standard triage system in place before this. We lobbied hard for change and standardization. They let us try it, and we did a study that showed a successful implementation. It was at that point that MSF realized how valuable it was, and they started implementing it in every emergency center around the world.

But this is not necessarily a one-size-fits-all solution. The South African Triage Scale (SATS), being relatively new, has been tested extensively in South Africa, but not yet rigorously tested outside of the country. I’m now working on my PhD, documenting the SATS’s validity and reliability in other sectors and countries. For the last two years, I’ve been collecting data on the SATS and how it’s been implemented globally. We proved that it works in Pakistan, and we proved that it works in certain African countries. But Afghanistan and Haiti are different. What are those differences, and how can we adapt the system for local circumstances? In Sierra Leone, for instance, there was a massive malaria population, which has lower hemoglobin levels. Because of that, the triage scale wouldn’t pick up certain patients, so we would have to adjust one or two discriminators after research so that the triage scale is more sensitive for these people. Small things like that make a massive difference in patient care.

Why create a mobile app, when it sounds like the paper-based system works very well to correct the possibility of human error?

Even though the SATS works, it still needs to be implemented correctly across a variety of situations, so we need to standardize the format to further avoid human error. Health care workers are trained to various degrees across different countries. One of the easiest ways to standardize things is through technology. When I came home from Pakistan, I discussed my experiences with my friend Yaseen Khan. Together we decided we had to tackle health system problems using technology — and that’s how we formed The Open Medicine Project (TOMPSA).

When you look at the way the nurses or health care workers make mistakes, it’s usually one of two areas: it’s either they don’t understand the discriminator — so the first symptom that the patient comes in with. The paper-based version of the SATS offers no additional information, whereas a mobile app can. They also make mistakes in calculation. In the SATS, the vital signs are all linked to a composite score, and each one is different. So say, for example, you have a heart rate of 98 beats per minute, that’s zero point. If you have a heart rate of 101, that’s one point. It’s easy to make mistakes, and a massive number of errors are happening in that scoring system alone. So digitizing systems offers more information as prompts for medical care depending on the score. Nurses were forgetting to do pregnancy tests, for example.

The app is essentially a digital checklist. Checklists make massive differences in both the airline aviation industry as well as in medicine. You see the same thing with the WHO surgical checklist. It saves lives.

Can you, say, take someone’s blood pressure and have the reading go directly into the app for analysis?

We would love to do that, and that’s where we’re going with this in the future, as more devices become more integrated. At the moment, entering such information has to be manually based because we can’t afford the technology in our public hospitals. But as we move forward, or as we adapt it for the private sector or other markets, those are definitely technologies that can be added.

Nurse at Khayelitsha hospital, Cape Town, using the Mobile Triage App. Photo: Gregor Rohig

A nurse at Khayelitsha hospital, Cape Town, using the Mobile Triage App. Photo: Gregor Rohig

The app assumes that everybody’s holding a smartphone of some kind. Is this a barrier for hospitals in developing countries?

The Open Medicine Project has institutionalized it — so we actually put an iPad in hospitals, in the triage area, where all the patients stream past. All the nurses use that iPad. We do have an application that’s freely available, for use on your personal phone. But that’s more for training purposes, for people to get used to the application. The one in hospitals links to a printer. At the moment it prints out a little sticker so that it can integrate into a paper-based system. the next step is to send information to the hospital computer system.

The problem is that within the developing world, you can’t have a fully digital system. Everybody thinks you can, but to be honest with you, you can’t. Everything’s still paper-based, everything’s still analog. You have to accommodate for that in your solution. That’s where your big problems come in with these massive solutions that cost millions of dollars — they’re beautiful and they work really well, but they don’t work for us. It’s Africa. And for many other African countries, the key is: how do you combine the two? How do you mix technology with something that can easily integrate into a system that has already been there for years?

So really all you need for this is an iPad, the app, and a printer. You don’t even need the internet.

Yes. And we want to open source the code soon, so that we can have a massive collaboration of people in hospitals excited to build onto the app to meet their own needs — including finding ways to integrate the app with bigger hospital systems. Our goal is to scale this phenomenally across Africa.

What about MSF? Will they also use the mobile app to replace the paper SATS?

Yes, we hope they will. They can take advantage of the open source aspect as well. As long as developers have a base to work from, they will come up with some really cool ideas. One of the requests that came through was, “Can we have animations on the triage application to show the nurse when the patient is hemorrhaging?” That’s a brilliant idea — you can almost unify triage systems so that nurses from different regions learn a standard system.

Another thing that can be added is emergency guidelines from each country. The app can then become a knowledge base in any hospital that has an iPad. All these ideas are out there. It’s now, “OK, let’s put it out there, let’s get it up — then let’s go wild.”

TOMPSA's Mobile Triage App. Photo: TOMPSA

A look at TOMPSA’s Mobile Triage App. Photo: Makkia da Costa

Is the application already done?

It’s already done, and freely available on the Google Play store and for iPad on the App Store. But that’s a version without the printing function. We’re working on a mobile printing version where it can be made open source, and then we’ll see where to go from there.

You mentioned in your talk at TEDGlobal 2014 the possibility of using the app for epidemiology. Can you explain more?

We set out to do a simple task, but then we started realizing the value that we can actually get from this — the diagnostic capability. You can start improving diagnosis by analyzing simple metrics like heart rate and blood pressure that can be used to calculate a shock index — an idea that a fellow emergency doctor gave us.

We also started looking at helping hospitals be more resource-efficient by analyzing data generated by their triage color system — sort of a surrogate marker for how sick a patient is. So if a patient is red, we know they’re going to use more resources. If they’re green, they’re not so sick, and will not use as many. Now, for the first time, because we have found an electronic format, we can actually analyze resource use. On a Friday night, the hospital has seen ten or eight red patients; on a Wednesday night, you only see one. But the staffing is exactly the same. Shouldn’t they change something to maximize effectiveness?

Taking it a step further, if you monitor certain alerts coming from hospitals in a region, simple algorithms can alert you to, say, a lot of children under five having diarrhea. Is it seasonal variation that’s normal, or is there something else going on? And then you can start looking at almost real-time epidemiology, which has never been done before.

Don’t we already monitor diseases in real time?

Yes, but it is based on mortality reports. If you monitor live trends, you can be proactive rather than reactive, and respond in time, before people die. Is there a water contamination issue, or a food poisoning outbreak? To me, that’s the key to public health, to medicine in the developing world. For too long, we’ve been only reactive. Only after hundreds of people die, we say, “Oh, I think there’s a problem here. Maybe we should go look at it.”

Wouldn’t this be also useful for the developed world?

It could. This is the nice thing — the technology can be translated for a lot of different purposes for different countries. Obviously the triage algorithms will be different in different countries, because there are four major systems in the world. But that can easily be sorted.

So if the triage system in Canada works fine, for example, we’d base the app on that. They have digitized systems already, but I don’t think they’ve ever understood the link to epidemiology. A lot of systems are also fragmented in the developed world. Electronic medical records don’t talk to each other. But if we link up anonymized, secure data to a central place to monitor the health of a nation or a population, epidemiologists could really start understanding and interpreting the data.

Does this mean that currently, epidemiologists only look at numbers of deaths rather than numbers of cases of symptoms coming through?

They do try to look at symptoms. For example, they look at how many patients contract TB per year, how many patients are HIV positive. But they look at diagnoses, not symptoms. That’s not bad, because diagnosis is what you need. But there’s no reliable way of actually recording that information.

For example, with TB notifications in South Africa, you have to fill in a form. You don’t know if that form ever gets to the post office, or to the places that they’re supposed to be, so numbers are underreported. And there’s no verification numbers that come in.

If you digitize the information, and make sure everything is recorded, you can see from which hospital — from which nurse — this information was sent. It’s an amazing verification mechanism. Improving the ability to report means you have better data. Better data means you can make better decisions. Better decisions mean better patient care, more lives saved. Boom.

Mohammed Dalwai provides a medical consultation to one of the 800–1000 migrants and refugees living amongst boats on an abandoned military base on the outskirts of Tripoli. Photo: MSF

Mohammed Dalwai provides a medical consultation to one of the 800–1000 migrants and refugees living amongst boats on an abandoned military base on the outskirts of Tripoli. Photo: MSF

Do you anticipate privacy issues?

I think that the biggest privacy issue is about patient data, and it’s an issue that’s always highly considered in our whole process. How do we ensure patient security of their data, and make sure that no one is compromised? In a way, the diagnosis is the sensitive issue. You don’t want to know if someone’s HIV positive, for example. But then, how do you secure the data?

You take certain steps to make sure that the data is secure, you take steps that comply with all the regulations, and then you try and do the best for the most people. Obviously there are going to be hackers that can hack into anything. But if you comply to all the regulations and you make sure that you have strict security, I think it’s important to be able to do that. We must also be careful to balance these issues with the good of what this can achieve.

How far are you prepared to take this vision? Is this something that you want to follow through alone, or would you like it to be fully open source?

It was never just me from the beginning. My co-founder and friend has walked this path with me, with many people joining us along the way. At the end of the day, I would like to see this as one of the triage systems or solutions that we can use across many developing countries, and even, if needed, in the developed world. The idea, for me, is I want to make sure my patient never has to die again. That I will never again experience what happened in Pakistan.

I want to see this kind of system help with the improvement of triage across the developing world. Even if others don’t use our solution, as long as there is a system that works, one that’s been validated, scientifically proven — let’s do this for our patients. Emergency medicine is growing as a field, and more and more people are accessing the health care system through the emergency room. That’s our gateway to hospital, and that’s why we need to make sure the gateway is effective. Triage is a vital component.


Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-01-19 to 2015-01-25

Sociological ImagesJust for Fun: The Folly of Two Data Points

Every year, at the first faculty meeting, representatives of the registrar tell us what percentage of the incoming class is [insert variable in which we are interested, such as American Indian, working class, international, etc].  They compare it to last year’s percentage.  This drives me crazy because they do so as if comparing the last two data points in a sequence is indicative of a trend. But to determine whether or not there is a trend, and therefore whether the increase or decrease in the percentage of [insert variable in which we are interested] significant relative to last year, depends on more than two data points!

xkcd does an excellent job of illustrating just how two data points can be utterly meaningless, even wildly fallacious:

extrapolating

Other great xkcd cartoons: attribution and the in group, on statistical significance, correlation or causation, and the minimal group paradigm.

Originally posted in 2009.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianJonathan Dowland: Frontier: First Encounters

Cobra mk. 3

Cobra mk. 3

Four years ago, whilst looking for something unrelated, I stumbled across Tom Morton's port of "Frontier: Elite II" for the Atari to i386/OpenGL. This took me right back to playing Frontier on my Amiga in the mid-nineties. I spent a bit of time replaying Frontier and its sequel, First Encounters, for which there exists an interesting family of community-written game engines based on a reverse-engineering of the original DOS release.

I made some scrappy notes about engines, patches etc. at the time, which are on my frontier page.

With the recent release of Elite: Dangerous, I thought I'd pick up where I left in 2010 and see if I could get the Thargoid ship. I'm nowhere near yet, but I've spent some time trying to maximize income during the game's initial Soholian Fever period. My record in a JJFFE-derived engine (and winning the Wiccan Ware race during the same period) is currently £727,800. Can you do better?

Planet Linux AustraliaClinton Roy: clintonroy

Finished the Learning to Learn MOOC course. I missed a few of the deadlines due to lca2015, so I’m not not bothering to do the written parts, which does make me feel rather like I haven’t finished the course. It’ll be interesting to see if I can apply the techniques going forward. I’m pretty sure I’ll chase up their book at some point as well.


Filed under: diary

Planet DebianJoey Hess: making propellor safer with GADTs and type families

Since July, I have been aware of an ugly problem with propellor. Certain propellor configurations could have a bug. I've tried to solve the problem at least a half-dozen times without success; it's eaten several weekends.

Today I finally managed to fix propellor so it's impossible to write code that has the bug, bending the Haskell type checker to my will with the power of GADTs and type-level functions.

the bug

Code with the bug looked innocuous enough. Something like this:

foo :: Property
foo = property "foo" $
    unlessM (liftIO $ doesFileExist "/etc/foo") $ do
        bar <- liftIO $ readFile "/etc/foo.template"
        ensureProperty $ setupFoo bar

The problem comes about because some properties in propellor have Info associated with them. This is used by propellor to introspect over the properties of a host, and do things like set up DNS, or decrypt private data used by the property.

At the same time, it's useful to let a Property internally decide to run some other Property. In the example above, that's the ensureProperty line, and the setupFoo Property is run only sometimes, and is passed data that is read from the filesystem.

This makes it very hard, indeed probably impossible for Propellor to look inside the monad, realize that setupFoo is being used, and add its Info to the host.

Probably, setupFoo doesn't have Info associated with it -- most properties do not. But, it's hard to tell, when writing such a Property if it's safe to use ensureProperty. And worse, setupFoo could later be changed to have Info.

Now, in most languages, once this problem was noticed, the solution would probably be to make ensureProperty notice when it's called on a Property that has Info, and print a warning message. That's Good Enough in a sense.

But it also really stinks as a solution. It means that building propellor isn't good enough to know you have a working system; you have to let it run on each host, and watch out for warnings. Ugh, no!

the solution

This screams for GADTs. (Well, it did once I learned how what GADTs are and what they can do.)

With GADTs, Property NoInfo and Property HasInfo can be separate data types. Most functions will work on either type (Property i) but ensureProperty can be limited to only accept a Property NoInfo.

data Property i where
    IProperty :: Desc -> ... -> Info -> Property HasInfo
    SProperty :: Desc -> ... -> Property NoInfo

data HasInfo
data NoInfo

ensureProperty :: Property NoInfo -> Propellor Result

Then the type checker can detect the bug, and refuse to compile it.

Yay!

Except ...

Property combinators

There are a lot of Property combinators in propellor. These combine two or more properties in various ways. The most basic one is requires, which only runs the first Property after the second one has successfully been met.

So, what's it's type when used with GADT Property?

requires :: Property i1 -> Property i2 -> Property ???

It seemed I needed some kind of type class, to vary the return type.

class Combine x y r where
    requires :: x -> y -> r

Now I was able to write 4 instances of Combines, for each combination of 2 Properties with HasInfo or NoInfo.

It type checked. But, type inference was busted. A simple expression like

foo `requires` bar

blew up:

   No instance for (Requires (Property HasInfo) (Property HasInfo) r0)
      arising from a use of `requires'
    The type variable `r0' is ambiguous
    Possible fix: add a type signature that fixes these type variable(s)
    Note: there is a potential instance available:
      instance Requires
                 (Property HasInfo) (Property HasInfo) (Property HasInfo)
        -- Defined at Propellor/Types.hs:167:10

To avoid that, it needed ":: Property HasInfo" appended -- I didn't want the user to need to write that.

I got stuck here for an long time, well over a month.

type level programming

Finally today I realized that I could fix this with a little type-level programming.

class Combine x y where
    requires :: x -> y -> CombinedType x y

Here CombinedType is a type-level function, that calculates the type that should be used for a combination of types x and y. This turns out to be really easy to do, once you get your head around type level functions.

type family CInfo x y
type instance CInfo HasInfo HasInfo = HasInfo
type instance CInfo HasInfo NoInfo = HasInfo
type instance CInfo NoInfo HasInfo = HasInfo
type instance CInfo NoInfo NoInfo = NoInfo
type family CombinedType x y
type instance CombinedType (Property x) (Property y) = Property (CInfo x y)

And, with that change, type inference worked again! \o/

(Bonus: I added some more intances of CombinedType for combining things like RevertableProperties, so propellor's property combinators got more powerful too.)

Then I just had to make a massive pass over all of Propellor, fixing the types of each Property to be Property NoInfo or Property HasInfo. I frequently picked the wrong one, but the type checker was able to detect and tell me when I did.

A few of the type signatures got slightly complicated, to provide the type checker with sufficient proof to do its thing...

before :: (IsProp x, Combines y x, IsProp (CombinedType y x)) => x -> y -> CombinedType y x
before x y = (y `requires` x) `describe` (propertyDesc x)

onChange
    :: (Combines (Property x) (Property y))
    => Property x
    => Property y
    => CombinedType (Property x) (Property y)
onChange = -- 6 lines of code omitted

fallback :: (Combines (Property p1) (Property p2)) => Property p1 -> Property p2 -> Property (CInfo p1 p2)
fallback = -- 4 lines of code omitted

.. This mostly happened in property combinators, which is an acceptable tradeoff, when you consider that the type checker is now being used to prove that propellor can't have this bug.

Mostly, things went just fine. The only other annoying thing was that some things use a [Property], and since a haskell list can only contain a single type, while Property Info and Property NoInfo are two different types, that needed to be dealt with. Happily, I was able to extend propellor's existing (&) and (!) operators to work in this situation, so a list can be constructed of properties of several different types:

propertyList "foos" $ props
    & foo
    & foobar
    ! oldfoo    

conclusion

The resulting 4000 lines of changes will be in the next release of propellor. Just as soon as I test that it always generates the same Info as before, and perhaps works when I run it. (eep)

These uses of GADTs and type families are not new; this is merely the first time I used them. It's another Haskell leveling up for me.

Anytime you can identify a class of bugs that can impact a complicated code base, and rework the code base to completely avoid that class of bugs, is a time to celebrate!

,

Planet DebianDaniel Pocock: Get your Github issues as an iCalendar feed

I've just whipped up a Python script that renders Github issue lists from your favourite projects as an iCalendar feed.

The project is called github-icalendar. It uses Python Flask to expose the iCalendar feed over HTTP.

It is really easy to get up and running. All the dependencies are available on a modern Linux distribution, for example:

$ sudo apt-get install python-yaml python-icalendar python-flask python-pygithub

Just create an API token in Github and put it into a configuration file with a list of your repositories like this:

api_token: 6b36b3d7579d06c9f8e88bc6fb33864e4765e5fac4a3c2fd1bc33aad
bind_address: ::0
bind_port: 5000
repositories:
- repository: your-user-name/your-project
- repository: your-user-name/another-project

Run it from the shell:

$ ./github_icalendar/main.py github-ics.cfg

and connect to it with your favourite iCalendar client.

Consolidating issue lists from Bugzilla, Github, Debian BTS and other sources

A single iCalendar client can usually support multiple sources and thereby consolidate lists of issues from multiple bug trackers.

This can be much more powerful than combining RSS bug feeds because iCalendar has built-in support for concepts such as priority and deadline. The client can use these to help you identify the most critical issues across all your projects, no matter which bug tracker they use.

Bugzilla bugtrackers already expose iCalendar feeds directly, just look for the iCalendar link at the bottom of any search results page. Here is an example URL from the Mozilla instance of Bugzilla.

The Ultimate Debian Database consolidates information from the Debian and Ubuntu universe and can already export it as an RSS feed, there is discussion about extrapolating that to an iCalendar feed too.

Further possibilities

  • Prioritizing the issues in Github and mapping these priorities to iCalendar priorities
  • Creating tags in Github that allow issues to be ignored/excluded from the feed (e.g. excluding wishlist items)
  • Creating summary entries instead of listing all the issues, e.g. a single task entry with the title Fix 2 critical bugs for project foo

Screenshots

The screenshots below are based on the issue list of the Lumicall secure SIP phone for Android.

Screenshot - Mozilla Thunderbird/Lightning (Icedove/Iceowl-extension on Debian)

Sociological ImagesChart of the Week: We Have Less Control Over Our Reproductive Bodies Than We Think

This week the New York Times published an interactive that illustrates the likelihood of pregnancy despite contraceptive use. Risk is divvied up by method, for perfect and typical use, and added up over ten years. The results are a little terrifying (click to see larger or go here to explore):

23

Somewhere around half of all pregnancies are unintended.  This is why. It’s hard enough to use contraceptives perfectly but, even when we do, the risk of failure is very real.

Male condoms are the safer sex favorite. But, even when used perfectly, almost one in five women will get pregnant over a ten year period. With typical use, more than four out of five. Withdrawal, one primary foil against which male condoms are usually recommended, is only slightly less effective at preventing pregnancy, as typically used.

The favorite of Americans — The Pill, as well as some other hormonal methods — is more effective than the condom, but not nearly as much as we think it is. Under ideal conditions, only three in 100 will get pregnant over ten years; in reality, almost two-thirds — 61 in 100 — will end up pregnant.

Only the most human-error resistant methods — the IUD, hormonal implants, and sterilization — near 100% effectiveness. These are permanent or semi-permanent and not real options for a large proportion of sexually active Americans during at least some parts of their lives.

Discussions of the right to an abortion and the ease with which they can be attained needs to be had with this information at the forefront of the discussion. Unintended pregnancies happen all the time to everyone.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Don MartiQoTD: Zoë Keating

It’s one thing for individuals to upload all my music for free listening (it doesn’t bother me). It’s another thing entirely for a major corporation to force me to. I was encouraged to participate and now, after I’m invested, I’m being pressured into something I don’t want to do.

Zoë Keating

Planet DebianDirk Eddelbuettel: Rcpp 0.11.4

A new release 0.11.4 of Rcpp is now on the CRAN network for GNU R, and an updated Debian package will be uploaded in due course.

Rcpp has become the most popular way of enhancing GNU R with C++ code. As of today, 323 packages on CRAN depend on Rcpp for making analyses go faster and further; BioConductor adds another 41 packages, and casual searches on GitHub suggests dozens mores.

This release once again adds a large number of small bug fixes, polishes and enhancements. And like the last time, these changes were made by a group of seven different contributors (counting code commits) plus three more providing concrete suggestions. This shows that the Rcpp development and maintenance rests a large number of (broad) shoulders.

See below for a detailed list of changes extracted from the NEWS file.

Changes in Rcpp version 0.11.4 (2015-01-20)

  • Changes in Rcpp API:

    • The ListOf<T> class gains the .attr and .names methods common to other Rcpp vectors.

    • The [dpq]nbinom_mu() scalar functions are now available via the R:: namespace when R 3.1.2 or newer is used.

    • Add an additional test for AIX before attempting to include execinfo.h.

    • Rcpp::stop now supports improved printf-like syntax using the small tinyformat header-only library (following a similar implementation in Rcpp11)

    • Pairlist objects are now protected via an additional Shield<> as suggested by Martin Morgan on the rcpp-devel list.

    • Sorting is now prohibited at compile time for objects of type List, RawVector and ExpressionVector.

    • Vectors now have a Vector::const_iterator that is 'const correct' thanks to fix by Romain following a bug report in rcpp-devel by Martyn Plummer.

    • The mean() sugar function now uses a more robust two-pass method, and new unit tests for mean() were added at the same time.

    • The mean() and var() functions now support all core vector types.

    • The setequal() sugar function has been corrected via suggestion by Qiang Kou following a bug report by Søren Højsgaard.

    • The macros major, minor, and makedev no longer leak in from the (Linux) system header sys/sysmacros.h.

    • The push_front() string function was corrected.

  • Changes in Rcpp Attributes:

    • Only look for plugins in the package's namespace (rather than entire search path).

    • Also scan header files for definitions of functions to be considerd by Attributes.

    • Correct the regular expression for source files which are scanned.

  • Changes in Rcpp unit tests

    • Added a new binary test which will load a pre-built package to ensure that the Application Binary Interface (ABI) did not change; this test will (mostly or) only run at Travis where we have reasonable control over the platform running the test and can provide a binary.

    • New unit tests for sugar functions mean, setequal and var were added as noted above.

  • Changes in Rcpp Examples:

    • For the (old) examples ConvolveBenchmarks and OpenMP, the respective Makefile was renamed to GNUmakefile to please R CMD check as well as the CRAN Maintainers.

Thanks to CRANberries, you can also look at a diff to the previous release As always, even fuller details are on the Rcpp Changelog page and the Rcpp page which also leads to the downloads page, the browseable doxygen docs and zip files of doxygen output for the standard formats. A local directory has source and documentation too. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet DebianDirk Eddelbuettel: RcppGSL 0.2.4

A new version of RcppGSL is now on CRAN. This package provides an interface from R to the GNU GSL using our Rcpp package.

This follows on the heels on the recent RcppGSL 0.2.3 release and extends the excellent point made by Qiang Kou in a contributed section of the vignette: We now not only allow to turn the GSL error handler off (to not abort() on error) but do so on package initialisation.

No other user-facing changes were made.

The NEWS file entries follows below:

Changes in version 0.2.4 (2015-01-24)

  • Two new helper function to turn the default GSL error handler off (and to restore it) were added. The default handler is now turned off when the package is attached so that GSL will no longer abort an R session on error. Users will have to check the error code.

  • The RcppGSL-intro.Rnw vignette was expanded with a short section on the GSL error handler (thanks to Qiang Kou).

Courtesy of CRANberries, a summary of changes to the most recent release is available.

More information is on the RcppGSL page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet DebianDirk Eddelbuettel: RcppAnnoy 0.0.5

A new version of RcppAnnoy is now on CRAN. RcppAnnoy wraps the small, fast, and lightweight C++ template header library Annoy written by Erik Bernhardsson for use at Spotify. RcppAnnoy uses Rcpp Modules to offer the exact same functionality as the Python module wrapped around Annoy.

This version contains a trivial one-character change requested by CRAN to cleanse the Makevars file of possible GNU Make-isms. Oh well. This release also overcomes an undefined behaviour sanitizer bug noticed by CRAN that took somewhat more effort to deal with. As mentioned recently in another blog post, it took some work to create a proper Docker container with the required compiler and subsequent R setup, but we have one now, and the aforementioned blog post has details on how we replicated the CRAN finding of an UBSAN issue. It also took Erik some extra efforts to set something up for his C++/Python side, but eventually an EC2 instance with Ubuntu 14.10 did the task as my Docker sales skills are seemingly not convincing enough. In any event, he very quickly added the right fix, and I synced RcppAnnoy with his Annoy code.

Courtesy of CRANberries, there is also a diffstat report for this release. More detailed information is on the RcppAnnoy page page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet Linux AustraliaCraige McWhirter: Craige McWhirter: A Little Vim Hack For Go

After LCA2015 I've starting playing with Go (I blame Sven Dowideit). If you already use VIM-YouCompleteMe) then you should be right for most things Go. However I tinker in a few languages and you'll never guess that they have different rules around style and formatting of code.

Go is one out for me requiring settings unique to Go among the languages I tinker in. I made the below changes to my ~/.vimrc to suit Go:

function! GoSettings()
    set tabstop=7
    set shiftwidth=7
    set noexpandtab
endfunction
autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings()

Now when I edit a file with the .go extension, my Vim session will be formatting the file correctly from the start.

You can also configure Vim to run gofmt but I preferred this approach.

Planet Linux AustraliaClinton Roy: clintonroy

Caught up with a friend in the morning.

Booked the local bowling place for my birthday celebration.

Caught up on the ‘learning to learn’ mooc. I’ve missed the deadline on the quiz and the written material, but I’m continuing through with everything else. I should be able to get through the final week of content tomorrow.

Watching more LCA2015 videos.


Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

Work.

A very wet day, I was drenched only about fifty metres from home.

Watching and noting on more lca2015 videos.


Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

Work.

Finished typing up my hand written LCA2015 notes into the humbug wiki. I’ve now started the videos of the talks that I’ve missed.

Went and saw the move “Birdman” and I felt like I was back at BIFF, what a lovely little film, that covers a range of themes, without being complicated.

Home at midnight though, which made for a short night’s sleep.


Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

Work.

Caught up with a close friend this evening. I may well lose her in the coming weeks, so I’m trying to organise a nice night out for her in a few weeks, under the guise of my birthday.


Filed under: diary

Planet DebianDiego Escalante Urrelo: Link Pack #05

Lever Rukhin Photographs Los Angeles From His Car
Lever Rukhin shoots the sketchiest parts of Los Angeles from his car, taking a really unique perspective that helps you perceive what LA looks like, if you were in a car… An experience that is apparently common to all LA people. People drive too much in the US :-).

It’s a very interesting interview that goes well with his full site: Lev Rukhin.

What I love about this, besides the whole premise, is that Lev went the extra mile and actually hacked his car to make the images he wanted:

Phoblographer: It looks like many of these images have artificial lighting in them. What’s your gear setup, and how do you introduce so much light into the scene from your car?

Lever: About 9 months ago, I affixed a Mola beauty dish onto the roof rack of my ’75 Volvo and juice it with a profoto bi-tube. This takes a bit of practice, as making a turn changes the light completely, which I always try to keep balanced. The Canon 5D3 with a 24mm f1.4 is set up on a tripod. The strobe has allowed me to capture more detail as well as creating a somewhat surreal feel to the sets.

Lev Rukhin Lev Rukhin http://www.levrukhin.com/

The Invisible Woman: A conversation with Björk
Björk is that Icelandic singer we all hear about but never really pay much attention to because her music is too smart for our simple ears. In this interview she goes over how her latest album is a very personal work, and unexpectedly (?) ends talking about how problematic it’s been to be a female auteur in her generation.

I have seen the same problem she denounces about people assuming that the male members of a team did all the work while the women just sticked to making coffee and sandwiches. I’ve worked with exceptional women that don’t get enough credit, but I’ve also worked with potentially exceptional women who don’t give themselves enough credit.

It’s a very interesting read, specially since it comes from someone who couldn’t be higher in the “art” food chain. Björk is god-damn Björk.

Only thing that bugs me is that Pitchfork decided to hold back most of the interview for publishing next month. I’ll try to go back and read it in full, but I wonder if the technique works for them or if perhaps they are missing the opportunity for a bigger impact. But I digress.

Pitchfork: The world has a difficult time with the female auteur.

B: I have nothing against Kanye West. Help me with this—I’m not dissing him—this is about how people talk about him. With the last album he did, he got all the best beatmakers on the planet at the time to make beats for him. A lot of the time, he wasn’t even there. Yet no one would question his authorship for a second. If whatever I’m saying to you now helps women, I’m up for saying it. For example, I did 80% of the beats on Vespertine and it took me three years to work on that album, because it was all microbeats—it was like doing a huge embroidery piece. Matmos came in the last two weeks and added percussion on top of the songs, but they didn’t do any of the main parts, and they are credited everywhere as having done the whole album. [Matmos’] Drew [Daniel] is a close friend of mine, and in every single interview he did, he corrected it. And they don’t even listen to him. It really is strange.

In Defense of the Selfie Stick
Miguel proposes a different take on the consequences of the selfies stick:

When you ask someone to take a picture of you, technically, they are the photographer, and they own the copyright of your picture.

(…)

All of a sudden, your backpacking adventure in Europe requires you to pack a stack of legal contracts.

Now your exchange goes from “Can you take a picture of us?” to “Can you take a picture of us, making sure that the church is on the top right corner, and also, I am going to need you to sign this paper”.

I don’t know what’s with the selfie stick hate. Let people have fun, it doesn’t hurt. If anything, it prevents them from asking you to take their photo, and if we already established you are the kind of people not a big fan of strangers, all the better, right?

Why Top Tech CEOs Want Employees With Liberal Arts Degrees
Here’s a small extra. When I decided to pursue a humanities/art formal training, I got many naysayers telling me that I was screwing up not specializing even more as a formal (titled) engineer. I argued then, and now, that if I was gonna pay for training, I might as well pay for training outside my comfort zone.

The result resonates perfectly with this article. Of course, it’s not like the thing is settled, but I can back the various quotes in there.

Working with purely technical/engineering types can be an echo chamber, and having trained myself in the humanities and arts I have become incredibly much more sensitive to the human factor of things. I used to think I was already good at this (because we hacker types have lots of confidence), but studying humanities like human communication, social conflict and development, film language, etc; it all has made me a much more capable hacker of things.

There’s also a nice argument to be made about joining the arts when you are already highly skilled on technical matters. Like Robert Rodríguez’s teacher (mentioned in his diary/book Rebel Without a Cause, which I also have to review soon) used to say (generous paraphrasing here): the world is of those who can be their own creative and their own technician.

Both Yi and Sheer recognize that the scientific method is valuable, with its emphasis on logic and reason, especially when dealing with data or engineering problems. But they believe this approach can sometimes be limiting. “When I collaborate with people who have a strictly technical background,” says Yi, “the perspective I find most lacking is an understanding of what motivates people and how to balance multiple factors that are at work outside the realm of technology.”

Interesting food for thought, specially if you know an engineer that ditches the arts as of little value for personal growth in their careers/life.


Read more Link Pack, you’ll love it

  • Link Pack #05 - Lever Rukhin Photographs Los Angeles From His Car Lever Rukhin shoots the sketchiest parts of Los Angeles from his car, taking a really unique perspective that helps you perceive what LA looks like, if you were in a car… An experience that is apparently common to all LA people. People drive too much in the…
  • Link Pack #04 - Writing Your Way to Happiness (nytimes.com) Researches believe that the way we think about, and remember, “our story” can be so powerful that it can actually influence our happiness and success. It’s a nice little article summarizing actual research. The main study referred put fresh university students to test: a group received tools to “rewrite”…
  • Link Pack #03 - What’s that? The third edition of Link Pack of course! Playing with Power (7 minutes, Vimeo) A super awesome story about a stop motion animator that turned a Nintendo Power Glove into the perfect animation tool. It’s a fun, inspiring video :-). I love the Power Glove, it’s so bad. The Power Glove – Angry…
  • Link Pack #02 - First sequel to my Link Pack “series” (I’ll remove the quotes when it’s LP#05): Link Pack #01. This time I’m going for fewer articles, to try to keep things less overwhelming. There’s no special theme, and I’m actually leaving out some nice things I read recently. On the plus side, that means I have good…
  • Link pack #01 - Following the lead of my dear friend Daniel and his fantastic and addictive “Summing up” series, here’s a link pack of recent stuff I read around the web. Link pack is definitely a terrible name, but I’m working on it. How to Silence Negative Thinking On how to avoid the pitfall of being a Negatron…

,

Planet DebianChris Lamb: Slack integration for Django

I recently started using the Slack group chat tool in a few teams. Wishing to add some vanity notifications such as sales and user growth milestones from some Django-based projects, I put together an easy-to-use integration between the two called django-slack.

Whilst you can use any generic Python-based method of sending messages to Slack, using a Django-specific integration has some advantages:

  • It can use the Django templating system, rather than constructing messages "by hand" in views.py and models.py which violates abstraction layers and often requires unwieldy and ugly string manipulation routines that would be trivial inside a regular template.
  • It can easily enabled and disabled in certain environments, preventing DRY violations by centralising logic to avoid sending messages in development, staging environments, etc.
  • It can use other Django idioms such as a pluggable backend system for greater control over exactly how messages are transmitted to the Slack API (eg. sent asynchronously using your queuing system, avoiding slowing down clients).

Here is an example of how to send a message from a Django view:

from django_slack import slack_message

@login_required
def view(request, item_id):
    item = get_object_or_404(Item, pk=item_id)

    slack_message('items/viewed.slack', {
        'item': item,
        'user': request.user,
    })

    return render(request, 'items/view.html', {
        'item': item,
    })

Where items/viewed.slack (in your templates directory) might contain:

{% extends django_slack %}

{% block text %}
{{ user.get_full_name }} just viewed {{ item.title }} ({{ item.content|urlize }}).
{% endblock %}

.slack files are regular Django templates — text is automatically escaped as appropriate and that you can use the regular template filters and tags such as urlize, loops, etc.

By default, django-slack posts to the #general channel, but it can be overridden on a per-message basis by specifying a channel block:

{% block channel %}
#mychannel
{% endblock %}

You can also set the icon, URL and emoji in a similar fashion. You can set global defaults for all of these attributes to avoid DRY violations within .slack templates as well.

For more information please see the project homepage or read the documentation. Patches and other contributions are welcome via the django-slack GitHub project.

Rondam RamblingsThe pope backpedals (sort of) on limits to offensive speech

Two days ago Pope Francis issued a clarification (which I would characterize more as a wishy-washy retraction) of his implicit endorsement of physical violence as an appropriate response to free speech that he made last week.  I enthusiastically endorse the excellent analysis by Jacob Sullum (thanks to regular commenter Luke for pointing me to that link!) and I encourage everyone to go read it in

Planet DebianRichard Hartmann: Release Critical Bug report for Week 04

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1117 (Including 191 bugs affecting key packages)
    • Affecting Jessie: 187 (key packages: 116) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 132 (key packages: 89) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 24 bugs are tagged 'patch'. (key packages: 15) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 4 bugs are marked as done, but still affect unstable. (key packages: 3) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 104 bugs are neither tagged patch, nor marked done. (key packages: 71) Help make a first step towards resolution!
      • Affecting Jessie only: 55 (key packages: 27) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 25 bugs are in packages that are unblocked by the release team. (key packages: 8)
        • 30 bugs are in packages that are not unblocked. (key packages: 19)

>How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92)
6 release! 212 (129+83)
7 release+1 194 (128+66)
8 release+2 206 (144+62)
9 release+3 174 (105+69)
10 release+4 120 (72+48)
11 release+5 115 (74+41)
12 release+6 93 (47+46)
13 release+7 50 (24+26)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

Geek FeminismWhere in the world is Linkspam Sandiego? (23 January 2015)

  • Hacker Mythologies and Mismanagement | Betsy Haibel at Model View Culture (20 January): “There’s nothing wrong with recognizing that some software engineers conform to nerd and/or hacker stereotypes. There’s also nothing wrong with recognizing that engineering is a discipline that requires concentration, or a creative profession in which work may sometimes come in difficult fits and starts. But the idea that engineering culture should map one-to-one to the existing and coherent nerd subculture is dangerous. Our myths about engineering become excuses for why someone is struggling. They discourage teamwork as a drag on productivity, rather than seeing it as a multiplier. They encourage coders to Other disfavored employees as “not real engineers,” creating clearly defined in- and out-groups. They encourage everyone to view coding ability as an innate orientation rather than as a trained capacity, which corrupts both hiring and professional development practices.”
  • Infamous | Mark Bernstein (15 January): [I found this site’s colours and text difficult to read, and it gave me a headache.] “GamerGate set out to writes its own story in Wikipedia – and to spread the dirt about the women who were its targets. These efforts were blocked by established editors under established Wikipedia policy. In retaliation, GamerGate planned an operation to get rid of its opponents – the “Five Horsemen” active in preserving objectivity and in keeping scurrilous sexual innuendo out of the encyclopedia.”
  • Gaming while black: Casual racism to cautious optimism | Jessica Conditt at joystiq (16 January): “”Gaming culture is a direct reflection of our society,” [Dr. Kishonna Gray] said. “The only reason racism and sexism run rampant in gaming is because racism and sexism run rampant in society. But in physical spaces, mostly, it’s not overt. It’s subtle. It’s covert. So, yes, these issues manifest in a similar manner in gaming, but I contend that they present themselves worse. It’s not subtle. It’s in-your-face racism. A black person may not be called a nigger to their face, but they can almost guarantee it will happen in virtuality.””
  • Male Allies Bingo Card | Karen Catlin, Cate Huston, Kathryn Rotondo (15 January): “As we look ahead to 2015, we’re hopeful that more men will show up as allies for women in the tech industry. That you will take a stand. That you will leverage your voices and your power to make real change to improve diversity. The tech industry desperately needs it. And here’s what we hope to hear from you.”
  • Call for Donations and Nominations to Wiscon Member Assistance Fund | Chris W at WisCon (2 December): “Every year, we try to help as many people as we can come to WisCon. It’s the time of year when we ask you to please consider contributing to the member assistance fund. […] All nominations need to be made by midnight, PST, February 15, 2015.”
  • C is Manly, Python is for “n00bs”: How False Stereotypes Turn Into Technical “Truths” | Jean Yang at Model View Culture (20 January): “Judgments about language use, despite being far from “objective” or “technical,” set up a hierarchy among programmers that systematically privileges certain groups. Software engineers sometimes deride statistical analysis languages like R or SAS as “not real programming.” R and SAS programmers, in turn, look down at spreadsheet developers. Software engineers also distinguish between front-end (client-facing) and back-end (server) code, perceiving writing server code to be more “real.””

A few links about Shanley Kane, co-founder of Model View Media, and the terrible retaliation for her criticism of the Linux community. [For all of these links: Warning for organized hate campaigns, sexual abuse, stalking, and domestic violence.]

  • My Statement | Shanley at Pastebin (20 January): “Last Thursday, I criticized the Linux community for continuing to support and center a leader with a years-long, documented history of unrepentant abusive behavior, someone who has actively and systematically nurtured a hostile, homogeneous technical community, and someone who has long actively chased people from marginalized groups out of open source. The retaliation has been terrifying.”
  • What it was like to co-found Model View Culture with Shanley Kane | Amelia Greenhall (20 January): “One year ago, in January 2014, I hit the enter key and launched Model View Culture, a new publication and media platform focused on technology, culture, and diversity. Later that month, I stood onstage in front of 200 people at our launch party with my business partner, Shanley Kane. Four months later I resigned. I put up a post on my blog titled “Leaving Model View Culture” that quietly stated that I had resigned due to irreconcilable differences with my business partner without going into much detail about why. I took the summer off to work on a few personal projects, and returned to working as a designer. Now I am ready to share more of the story.”
  • Brutal Optimization | Rachel Shadoan at Storify (20 January): “When you have to wade through an ocean of horror to participate in our communities, what are our communities optimizing for? […] Let’s examine our ideals, FOSS folks. Do we want to be a community where you can only participate if you can survive the brutal terrorizing?”
  • The Elephant in the Keynote (LCA 2015) | Project Gus (19 January): “In all three of these questions I see a common thread – people (particularly younger people) not wanting to engage with kernel development or the Linux community in general. It’s not even necessarily a diversity issue – Matthew Garrett & Thomi Richards are both younger white men, demographics traditionally over-represented in open source ranks. I’m in that same demographic, and with a background in systems programming and writing hardware-level code I’d be naturally interested in learning to contribute to the kernel. The major detractor for me is the community’s demeanor. […] I don’t mean to play down the importance of diversity in open source. I think these issues are also extremely important and I think Thomi and Matthew do as well. It’s just that even if you leave the (traditionally polarising) issue of diversity completely aside, the answers we heard on Friday are still problematic. Considering the diversity angle just compounds the problem with additional layers of alienation. […] And while younger white male software developers are having their opinions panned by the respected older generation on stage, what does this mean for actual marginalised groups? If FOSS is ever going to achieve broad adoption, it has to appeal to more than a privileged few.”
  • The Trouble With Heroes | Flower Horne (20 January): “If you only support abuse victims if they meet your standard of ‘deserving,’ then you don’t support abuse victims at all. You’re using abuse and your ability to withhold support as a means of manipulating and controlling vulnerable populations.That’s an abuser tactic.”

 


 

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

TEDThe week I look forward to all year long

A dance break at TEDActive 2014, also held at Whistler. Photo: Marla Aufmuth

A dance break at TEDActive 2014 in Whistler, BC. At this conference, you watch a full program of TED Talks, and get the opportunity to cut loose. Photo: Marla Aufmuth

We’re all looking for a tribe — a group of people we can talk with, bat around ideas with, make things happen with. And we’re all looking for inspiration — things to spark our imagination, send us off in new directions, and keep us buoyed when things get tough. One week each year, TED hosts a conference where both can be found in spades, against a backdrop TED Talks (and towering mountains). We’re talking about TEDActive.

TEDActive is an event held in parallel with the annual TED conference that features a simulcast of the full program of TED Talks, and lots of live speakers, while emphasizing connection, conversation and creation in the audience. TEDActive 2015 takes place March 16-20, in Whistler, Canada, and brings together thinkers and doers from more than 60 countries to explore the theme Truth & Dare. We’ll be questioning assumptions, searching for deeper truth and attempting to find richer understanding by asking better questions.

Each year, TEDActive veterans and newbies arrive at the conference to experience a week of TED Talks, workshops, activities, parties and conversations. We wanted to know from past attendees: how has TEDActive affected you? Below, three share their thoughts.

Vico

Vico Sharabani has attended TEDActive twice and is returning for 2015. The creative director and producer of The Artery, a visual effects studio, he has worked on projects featuring artists like Beyoncé, Bob Dylan and Nicki Minaj. He says that TEDActive has led to many meaningful connections—and given him creative fuel in his work. He says:

“TEDActive is nonstop stimulation, from 8am to 2am—like the best summer camp for adults. I’ve connected deeply with many attendees, and we’ve stayed friends. Some of us meet at events annually, and I’ve gotten together with others in countries around the world. Professional collaborations develop rapidly as well. I have worked with attendees Raghava KK and Marc Azoulay on art projects. Now, going back feels like an opportunity to reunite with everyone. TEDActive exposes you to people who both think and do things differently. When you are immersed in that for a whole week, you get the feeling that everything is possible, on a whole different level.” 

Grace Rodriguez went to TEDActive three times as an attendee—and loved the experience so much that she wanted to be a part of creating it. This year, she returns as TEDActive’s new creative director. For her, the best part of TEDActive are the moments that just wouldn’t happen in everyday life. She explains:

“My very first night by the fire pits at TEDActive was magical. It felt like I had gone home and found the other members of my tribe. We stayed up late and enjoyed deep, entertaining, and insightful conversations. Another year, some friends and I were playing ukulele, and we gathered other attendees around us to sing ‘Yoshimi’ by the Flaming Lips. TED speaker Reggie Watts recorded us on his cellphone and sent the video to Wayne Coyne, the Flaming Lips’ lead singer. Two days later, a couple dozen of us, led by a physicist and an architect, devoted our collective brain power to form a human pyramid in the pool. I, as the smallest person, climbed up to the top of the pyramid and stood up in a moment of victory. All of this to say: I’ve made lifelong friends at TEDActive, and the generous nature and creative spirit of the experience has influenced everything I do. It has taught me to embrace long-view strategy over just getting it done, and to savor incredible moments.”

Aaron-Tango

Aaron Tang has been attending TEDActive since 2009 and will be returning in 2015 for the seventh time. He is about to embark on an adventure around the world called I Said Go! and will be inviting other attendees to travel with him. Because, he says, TEDActive has helped him feel more comfortable getting lost:

“TEDActive is a pollination in diverse cultures and disciplines. It is fire pit conversations, crisp nights with blankets, impromptu music jams, and adventures. From attending year after year, I’ve learned to always have an open perspective about everything in life. One year, I realized, ‘My gosh! Lots of us are lost.’ Lost in a good way—we are constantly seeking, wandering and hoping to learn. This is why we are at TEDActive in the first place; you don’t learn if you are not lost, so you have to make the decision to be okay with feeling lost. I’ve been pretty laser-focused my entire life, so TED has been a great way to try something different. Being part of this community has eased my comfort in diving into the world. Now, I don’t feel too worried about finding a connection in every corner of the globe.”

Interested in attending TEDActive? We’d love to see you in Whistler. Find out more about how to apply »

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/SSmvlCk2AX0?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>


Geek FeminismQuick hit: Wikipedia begins purging feminist editors

It’s never been clearer that neutral point of view is a joke.

The Arbitration Committee (ArbCom) is the highest user-run body on Wikipedia, or “Wikipedia’s supreme court”. Contrary to its public image as a freewheeling, anarchic site where anyone can edit, Wikipedia actually is a bureaucracy to rival the IRS.

ArbCom’s latest decision: banning five editors who in their personal lives are feminists from editing feminism-related articles. Specifically, all five editors had been attempting to rewrite Wikipedia articles with a pro-Gamergate slate to have a more neutral point of view. No editors who’d expressed a pro-Gamergate point of view in their personal lives were banned; five feminists were.

I’ve previously written on my blog about how Wikipedia administrators decided I couldn’t be neutral because I identified at the time as genderqueer. But if this latest twist isn’t Wikipedia throwing down the gauntlet to declare that “neutral point of view” really means “point of view that soothes white, heterosexual, cis, abled men’s egos”, I don’t know what is.

The Guardian has the full story.

TED10 steps to tame your email inbox and keep chaos at bay

InboxZero

Just like you, we at TED get inundated with email. And just like you, many of us think of an overflowing inbox as a guilt-inducing, anxiety-laden reminder of things left undone.

As TED’s User Experience Architect, I like my inbox the same way I like my designs: simple, orderly, and communicating clearly what to do next. Many people have no problem with dozens, hundreds or even thousands of unread messages in their inbox; if that’s you, you can stop reading now. But if you’re like me, unread email gives you stress — and it pretty much ensures important things will fall through the cracks.

Here is how I keep my inbox at (or near) empty at all times. Be forewarned: this plan isn’t easy, but it works. I’ve been doing it for years with success, and I’ve helped others — in fact, many on TED’s tech team — do the same.

Step 1: Accept that your future self won’t have any more time than your current self.

I’ve noticed a trend among people with full inboxes: they don’t deal with emails as they arrive because they believe that, at some point in the near future, they’ll have time to be able to focus on each message and take appropriate action. Here’s the hard truth: the level of busy you feel right now? You’re likely to feel that next week, next month and next year. If you start from the premise that this mythical free-time unicorn doesn’t exist, you’ll find it a lot easier to make decisions as emails arrive rather than put them off for the future.

Step 2: Get a clean start.

There are two ways to do this, as I see it:

  1. Set aside a chunk of time and get caught up. Depending on how far behind you are, you’re going to need some time. And the time isn’t just going to appear—you need to schedule it. Set up a two-hour meeting for yourself during the day or dedicate an evening or a weekend to sit down and go through it all, the goal being to eliminate every email in your inbox. (Tips on that below.) Instead of playing Candy Crush, open your email app and play Email Crush.
    .
  2. Go nuclear. You need to start somewhere, and if you are so far behind that there’s no hope of catching up, I recommend an unthinkable approach. If you’ve got the guts: delete everything in your inbox right now. Next, send a generic email to anyone in your address book you deem important — bcc’ing the group, of course! — saying, “Hey, I just had some email issues. If you’re waiting for a response from me on anything important, please let me know.” If this seems too drastic, just delete anything over a month old and sort through the rest.

Step 3: Now, kickstart the vigilance.

This is one of the hardest parts of the plan, but it’s critical: you have to deal with your email regularly — several times a day. And by “deal with,” I mean “get it out of your inbox.” I like to think of each incoming email as a dirty little roach who’s found its way into my kitchen: I squash it the moment I see it. (Sorry entomologists.) If you find that overwhelming, maybe set a schedule to check your email only at appointed times, and only when you’ve budgeted the time to go through it. For example, set 15 minutes aside every four hours to do nothing but focus on your email.

Step 4: If it’s not important to you, delete it.

As I mentioned before, we often keep email messages with the thought that we’ll have time to pay attention to them later. In reality, “later” never comes. If it’s not important enough to look at right now, delete it. The forward from your cousin, the notification that someone just “liked” your post on Facebook — seriously, just delete it. It’s like those old pants you gave to the thrift store: it was hard to let go in the moment, but when was the last time you actually thought about them?

Step 5: Become a diligent unsubscriber.

Email subscriptions remind me of electronics cables: they seem useful in the moment, but eventually we just end up with a drawer full of useless wires. If you’re not reading a subscription when it arrives, unsubscribe from it. Trust me, you probably won’t miss Schnauzers Daily. Pro-tip: I recently signed up for unroll.me, a service that identifies all the email subscriptions associated with an email account and allows you to remain subscribed, unsubscribe, or compile selected subscriptions into a more manageable regular digest. So far it’s great!

Step 6: If an email is still in your inbox, read it.

If it passed the instant deletion and unsubscribe tests, open the email. If it’s short, read it — giving it your full attention. If it’s long and you really don’t have time to read it now, but you know you need to read it soon, create a folder in your inbox called “To read” and file it there. If you’re honest with yourself, I predict this folder will only contain a small percentage of the emails you get. And you’ll need to make a time to digest the contents of this folder — whether it’s during your commute or after the kids go to bed. Pro tips: Forward the email to an app like Instapaper or Pocket to read later. And if an email requires you to take action, forward it to a to do app like ToDoist or Omnifocus. Or if you simply want to keep an email for future reference, forward it to a note-taking app like Evernote. When you’re done, delete it!

Step 7: Respond to it.

If the email is something that only requires a quick response, send that response … now. Don’t wait. Respond while the sender’s request — and your thoughts — are still fresh. After you hit Send, delete it! (Are you seeing a theme here?) PS: Do your co-recipients a favor: remove anyone cc’d who doesn’t need to see your response. Now you’re helping others keep their inboxes clean as well.

Step 8: Forward it.

If you’re not the right person to deal with the email, forward it immediately with a brief explanation … then delete it! (Sometimes passing the buck can feel soooooo good.)

Step 9: File it.

Most email services like Gmail allow you to create subfolders in your inbox; this is a great way to move emails out of your inbox while keeping them around for later. For example, I have a folder called “Orders”  to store receipts for things I’ve ordered. I also have a “Projects” folder with nested subfolders labeled by project name. Be creative! But a note of caution: if you create folders with abandon, and if you don’t do occasional housekeeping to keep them tidy, subfolders can become your email’s cluttered basement, a place you know exists but never want to visit. Spooky.

Step 10: Pick the right app.

Over the years I’ve tried almost every email app available — from Outlook to Apple Mail, Thunderbird to AirMail, Sparrow to Postbox — in the hopes that one might help me take control of my inbox. Unfortunately, there are no magic bullets here. At the moment, however, my current favorite email app is Mailbox. It sports a minimal and utilitarian design, and features some very handy features including the ability to schedule emails to reappear in your inbox when you’re ready to deal with them. It’s free and available for iOS and Mac (beta).

.
In summary

Like the few diets or exercise regimens that actually work, there are no secret formulas or miraculous incantations required to tame your inbox, just some simple steps:

  • Accept that empty is better than full
  • Wipe out your current inbox
  • Take immediate action on each new email
  • Do periodic housekeeping
  • Unsubscribe with abandon

And just like any successful diet or exercise regimen, the most critical step is sticking with it.

What do you think? Tell us how you manage your inbox in the comments below, or let us know on Twitter.


TEDA real debate on artificial intelligence, Mark Ronson gets lyrical, plus a look at why diversity is important in tech

Susan-Blackmore-TED-Talk-CTAAs usual, the TED community has been very busy this past week. Below, some updates from TEDsters with news to share.

Fresh takes on artificial intelligence. Machines that think: the best thing since the discovery of fire or the biggest threat to humanity since the atomic bomb? Responding to the annual Edge question, almost 200 thinkers, including TED speakers such as Susan Blackmore and Mark Pagel, weigh in on the deceptively distant possibility of superintelligent machines, both from a technological stance and from a moral one. (Watch Susan’s TED Talk, “Memes and ‘temes’ “ and Mark’s, “How language transformed humanity”.)

Around the world in 150 days. Coming to a sky near you: an ultra-light, solar-powered aircraft on a quest to set a record. Bertrand Piccard and co-pilot Andre Borschberg plan to fly the Solar Impulse 2 around the world. They will take off from the United Arab Emirates in late February or early March, and this week they announced their flight plan, which will have them making stops in Myanmar, China and India, as well as in New York and Arizona in the United States. With this trip, the pilots hope to demonstrate what clean-energy technology can look like — and how much fun it can be to actually use. (Watch Bertrand’s TED Talk, “My solar-powered adventure” and read more about the Solar Impulse 2 in our story, “This plane? This plane is powered by the sun.”)

Mark Ronson’s lyrical adventure. Mark Ronson’s new album, Uptown Special, is in heavy rotation. One fun fact about it? Author Michael Chabon wrote the lyrics. In The New York Times Magazine, the two talk about how their collaboration arose and what it was like to work together. Ronson says, “I brought Michael in because I loved his characters: shadowy figures and antiheros that you become attached to and form a bond with.” (Watch Mark’s talk, “How sampling transformed music.”)

Mark-Ronson-TED-Talk-CTA

Saving trafficked animals. Illegal wildlife trafficking has the potential to extract 38 million animals from their natural habitats. TED Fellow Juliana Machado-Ferreira’s “fight for Brazil’s stolen species” was recently highlighted in a National Geographic Explorers Project video. The short film explores how Machado-Ferreira collaborates with law enforcement agents and uses her expertise in conservation biology to save stolen animals. (Read more about Juliana’s work in our Q&A, “Freebird: A TED Fellow leads the charge against Brazil’s illegal wildlife trade.”)

How diversity can improve technology. Diversity isn’t just important in the realms of politics and culture. In fact, Ayah Bdeir makes the case that diversity is an essential component in democratizing electronics. In a recent blog post, she explains how US president Barack Obama’s recent State of the Union address, in which he stressed that “we are a people who see our differences as a great gift,” reaffirmed littleBits’ mission to create tools that empower people of all backgrounds to engage with and contribute to our technological world. (Watch Ayah’s TED Talk, “Building blocks that blink, beep and teach.”)

Stepping down from 4Chan. With over 42,176,061,890 page views and 1,771,091,423 posts, Christopher “moot” Poole can rest assured that even with his recent retirement as 4Chan’s administrator, the work he and his team have done over the past 11 years has made a lasting impact on the internet. The site has been unofficially dubbed a “meme factory,” bringing favorites such as LOLcats, as well as some less family-friendly content, to newsfeeds worldwide. (Watch Poole’s TED Talk, “The case for anonymity online.”)

Where big data meets activism. TED Fellow Jon Gosier was recently named one of Time Magazine’s 12 New Faces in Black Leadership, for his work in bringing entrepreneurship and big data to social causes through projects that help activists resist government censorship. (Read more about Jon’s work in our Q&A, “By Africa, for Africa.”)

A stark warning about our oceans. Forty percent of coral reefs have died worldwide, Stephen Palumbi and colleagues reveal in an article in The New York Times about their recently published paper in Science. Palumbi warns that human-driven climate change and irresponsible industrial practices are major culprits in widespread habitat loss, and that some of the ocean’s species may be on the brink of mass extinction. He says, “If by the end of the century we’re not off the business-as-usual curve we are on now, I honestly feel there’s not much hope for normal ecosystems in the ocean.” But it’s not all doom and gloom, he says: “We do have a chance to do what we can. We have a couple more decades than we thought … so let’s please not waste it.” (Watch Stephen’s TED Talk, “The hidden toxins in the fish we eat – and how to stop them.”)

Stephen-Palumbi-TED-Talk-CTA

Have a news item to share? Write us at blog@ted.com and you may see it included in this weekly round-up.


Planet DebianEnrico Zini: mozilla-facepalm

Mozilla marketplace facepalm

This made me sad.

My view, which didn't seem to be considered in that discussion, is that people concerned about software freedom and security are likely to stay the hell away from such an app market and its feedback forms.

Also, that thread made me so sad about the state of that developer community that I seriously do not feel like investing energy into going through the hoops of getting an account in their bugtracker to point this out.

Sigh.

Sociological ImagesCheap Scots and Disappearing Stereotypes

Flashback Friday.

A website called Found in Mom’s Basement posted this vintage toilet paper ad that plays on the stereotype that Scottish people are cheap. From the post:

Although the stereotype of the cheap Scotsman isn’t as widely known in the U.S. today, going back a few decades it was an ethnic stereotype that was used freely, often making the Scots the butt of jokes.

6a00d83451ccbc69e20105370a813a970b-400wi

The post has links to other examples, such as the Studebaker Scotsman, a low-cost, minimal-options car:

275px-studebakerscotsman

As a commenter to that post pointed out, Safeway’s store brand cigarettes, advertised as being inexpensive, was “Scotch Buy” (found at Cigarettespedia):

scotch_buy_safeway_filter_cigaretess_lights_ks_20_s_usa

For a more recent example, we have McFrugal, a hardware site (now down):

picture-1

A reader, Julia, noted that Scotch tape was named that because:

it originally had adhesive only on the edges of the tape.  [An early user] told a 3M salesman to go back to his “Scotch bosses” (presumably too cheap to put adhesive all over the tape) and make it stickier.

The Scots-are-cheap stereotype is a great example of how ethnic stereotypes can lose their power. Maybe I’m just oblivious, but until a few years ago, I’d never heard of the stereotype that Scots were cheap. Without that context, the associations the ads are attempting to make would be meaningless to me — I would have just thought it was odd that McFrugal had a guy with bagpipes, but not understood that it might have any meaning. When I asked students in my race class about this, only a couple had ever heard this stereotype.

Obviously, though, it used to be a very common, widely-recognized notion. Much like the Irish and other European ethnic groups, as Scots became part of the larger “White” racial category, ethnic distinctiveness and stereotypes have become less prominent.

Originally posted in 2009.

Gwen Sharp is an associate professor of sociology at Nevada State College. You can follow her on Twitter at @gwensharpnv.

(View original at http://thesocietypages.org/socimages)

Cory DoctorowHow to fix copyright in two easy steps (and one hard one)


My new Locus column, A New Deal for Copyright, summarizes the argument in my book Information Doesn't Want to Be Free, and proposes a set of policy changes we could make that would help artists make money in the Internet age while decoupling copyright from Internet surveillance and censorship.

There are two small policy interventions that would make a huge differ­ence to the balance of commercial power in the arts, while safeguarding human rights and civil liberties.

1. Reform DRM law.

It should never be a crime to:

* Report a vulnerability in a DRM;

* Remove DRM to accomplish a lawful purpose.

With this simple reform, DRM would no longer turn our devices into long-lived reservoirs of pathogens (because bugs could be reported as soon as they were discovered), and would no longer give the whip-hand over publishing to tech companies (because re­moving DRM to do something legal, like moving a book between two different readers, would be likewise legal).

2. Reform intermediary liability.

* The DMCA ‘‘safe harbor’’ should require submission of evidence that the identified works are indeed infringing;

* If you file a DMCA takedown notice that ma­terially misrepresents the facts as you know them or should have known them, you should be liable to stiff, exemplary statutory damages, with both the intermediary and the creator of the censored work having a cause of action against you, and with the courts having the power to award costs to the victims’ lawyers.

By ensuring a minimum standard of care for censorship demands, and penalties for abuse, the practice of carelessly sending millions of slop­pily compiled takedowns would be stopped dead (last year, Fox perjured itself and had copies of my novel Homeland removed from sites that were authorized to host them, because it couldn’t be bothered to distinguish my novel from its TV show). Likewise, penalties for abuse with a loser-pays system of fees would give the victims of malicious censorship attempts grounds for punishing the wrongdoers who make a mockery of out the copyright holder’s toolkit to silence their opponents.

But so long as we’re making a wish-list, here’s the big policy change that would make all this stuff much less fraught: STOP APPLYING COPYRIGHT TO ANYONE EXCEPT THE ENTERTAINMENT INDUSTRY.

A New Deal for Copyright

Worse Than FailureError'd: Flying is Easier than Math

"I travel a lot for work and watch my 'premier (elite) qualification' with United fairly closely," writes Lincoln, "Imagine my surprise when I was looking at my account and United was showing 4,100 qualifying segments as my beginning balance. Sadly, like many aspects of the new United, 4100 plus 37 equals....78."

 

"Hmmm...I wonder if my eStatement is really ready though?" writes Dave T.

 

Gabriel wrote, "Gotta love strings...especially those that shouldn't happen."

 

"I don't care what anybody says. I think Ram-square-root-greater-than-or-equal-to-n is a great name for a baby boy!" writes Danny B.

 

"I wanted to know how to import settings into the new release of Opera. I didn't get an answer, but I'm comforted that Opera understands recursion, I suppose,"Rob H. writes.

 

"The Norwegian newspaper Osloby (Oslo city) have a webpage where you can submit stuff you want Oslo city to fix, like faulty street lights and so on... but when you try to use the web page (fiksdette.osloby.no) with Internet Explorer...," Philip O. wrote.

 

"Hmmm...I'm not a mechanic but I think that the bus needs a reboot," writes Marco.

 

Honestly, I'm surprised that Jack N.'s submission from League of Legends didn't result in a division by null error.

 

[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Cory DoctorowConsumerist on Information Doesn’t Want to Be Free


Consumerist's Kate Cox has turned in a long, excellent, in-depth review of my book Information Doesn't Want to Be Free, really nailing the book's thesis. Namely, that extremist copyright laws don't just mess up artists, but actually endanger all our privacy, freedom and whole digital lives.

Doctorow draws two bright lines connecting copyright law to other major issues: government surveillance, as shared by Edward Snowden; censorship by private companies; and the necessity of free expression to civil and human rights.

Copyright claims are often used as a silencing tactic, where a party with power issues a takedown claim to get content from a party with less power removed from the internet.

For example, Doctorow cites copyright takedown notices issued by police departments demanding to have videos of their officers committing illegal acts taken down on the grounds that the police, not the person with an iPhone who recorded them, have copyright on the videos. Or takedown notices issued by the Church of Scientology to have removed articles from opponents who used leaked internal documents to criticize the organization.

“There are almost never penalties for abusing the takedown process,” Doctorow notes. “It’s the measure of first resort for rich and powerful people and companies who are threatened by online disclosures of corruption and misdeeds.”

Likewise, intermediary companies become gatekeepers of what end users may and may not consume — because they don’t want to get sued. So they fall into the “notice and takedown” scheme, and pass it all along to you. And that includes possibly having your entire broadband connection throttled or hijacked if a copyright holder doesn’t like what a user of that connection has been doing.

Because they have the right, and the ability, to keep an eye on you if you’re anywhere in the ecosystem: using a computer, phone, or internet connection that you didn’t build out of string yourself.

4 Ways Copyright Law Actually Controls Your Whole Digital Life [Kate Cox/Consumerist]

Planet DebianJaldhar Vyas: Mini-Debconf Mumbai 2015

Last weekend I went to Mumbai to attend the Mini-Debconf held at IIT-Bombay. These are my impressions of the trip.

Arrival and Impressions of Mumbai

Getting there was a quite an adventure in itself. Unlike during my ill-fated attempt to visit a Debian event in Kerala last year when a bureaucratic snafu left me unable to get a visa, the organizers started the process much earlier at their end this time and with proper permissions. Yet in India, the wheels only turn as fast as they want to turn so despite their efforts, it was only literally at the last minute that I actually managed to secure my visa. I should note however that Indian government has done a lot to improve the process compared to the hell I remember from, say, a decade ago. It's fairly straightforward for tourist visas now and I trust they will get around to doing the same for conference visas in the fullness of time. I didn't want to commit to buying a plane ticket until I had the visa so I became concerned that the only flights left would be either really expensive or on the type of airline that flies you over Syria or under the Indian Ocean. I lucked out and got a good price on a Swiss Air flight, not non-stop but you can't have everything.

So Thursday afternoon I set off for JFK. With only one small suitcase getting there by subway was no problem and I arrived and checked in with plenty of time. Even TSA passed me through with only a minimal amount of indignity. The first leg of my journey took me to Zurich in about eight hours. We were only in Zurich for an hour and then (by now Friday) it was another 9 hours to Mumbai. Friday was Safala Ekadashi but owing to the necessity of staying hydrated on a long flight I drank a lot of water and ate some fruit which I don't normally do on a fasting day. It was tolerable but not too pleasant; I definitely want to try and make travel plans to avoid such situations in the future.

Friday evening local time I got to Mumbai. Chhattrapati Shivaji airport has improved a lot since I saw t last and now has all the amenities an international traveller needs including unrestricted free wifi (Zurich airport are you taking notes?) But here my first ominous piece of bad luck began. No sign of my suitcase. Happily some asking around revealed that it had somehow gotten on some earlier Swiss Air flight instead of the one I was on and was actually waiting for me. I got outside and Debian Developer Praveen Arimbrathodiyil was waiting to pick me up.

Normally I don't lke staying in Mumbai very much even though I have relatives there but that's because we usually went during July-August—the monsoon season—when Mumbai reverts back to the swampy archipelago it was originally built on. This time the weather was nice, cold by local standards, but lovely and spring-like to someone from snowy New Jersey. There have been a lot of improvements to the road infrastructure and people are actually obeying the traffic laws. (Within reason of course. Whether or not a family of six can arrange themselves on one Bajaj scooter is no business of the cops.)

The Hotel Tuliip (yes, two i's. Manager didn't know why.) Residency where I was to stay while not quite a five star establishment was adequate for my needs with a bed, hot water shower, and air conditioning. And a TV which to the bellhops great confusion I did not want turned on. (He asked about five times.) There was no Internet access per se but the manager offered to hook up a wireless router to a cable. Which on closer inspection turned out to have been severed at the base. He assured me it would be fixed tomorrow so I didn't complain and decided to do something more productive thank checking my email like sleeping.

The next day I woke up in total darkness. Apparently there had been some kind of power problem during the night which tripped a fuse or something. A call to the front desk got them to fix that and then the second piece of bad luck happened. I plugged my Thinkpad in and woke it up from hibernation and a minute later there was a loud pop from the power adapter. Note I have a travel international plug adapter with surge protector so nothing bad ought to have happened but the laptop would on turning on display the message "critical low battery error" and immediately power off. I was unable to google what that meant without Internet access but I decided not to panic and continue getting ready. I would have plenty of opportunity to troubleshoot at the conference venue. Or so I thought...

I took an autorickshaw to IIT. There also there have been positive improvements. Being quite obviously a foreigner I was fully prepared to be taken along the "scenic route." But now there are fair zones and the rickshaws all have (tamperproof!) digital fare meters so I was deposited at the main gate without fuss. After reading a board with a scary list of dos and don'ts I presented myself at security only to be inexplicably waved through without a second glance. Later I found out they've abandoned all the security theatre but not got around to updating the signs yet. Mumbai is one of the biggest, densely populated cities in the world but the IIT campus is an oasis of tranquility on the shores of Lake Powai. It's a lot bigger than it looked on the map so I had to wander around a bit before I reached the conference venue but I did make for the official registration time.

Registration

I was happy to meet several old friends (Such as Kartik Mistry and Kumar Appiah who along with Praveen and myself were the other DDs there,) people who I've corresponded with but never met, and many new people. I'm told 200+ people registered altogether. Most seemed to be students from IIT and elsewhere in Mumbai but there were also some Debian enthusiasts from further afield and most hearteningly some "civilians" who wanted to know what this was all about.

With the help of a borrowed Thinkpad adapter I got my laptop running again. (Thankfully, despite the error message, the battery itself was unharmed.) However, my streak of bad luck was not yet over. It was that very weekend that IIT had a freak campus-wide network outage something that had never happened before. And as the presentation for the talk I was to give had apparently been open when I hibernated my laptop the night before, the sudden forced shutdown had trashed the file. (ls showed it as 0 length. An fsck didn't help.) I possibly had a backup on my server but with no Internet access I had no way to retrieve it. I still remained cool. The talk was scheduled for the second day so I could recover it at the hotel.

Keynotes

Professor Kannan Maudgalya of the FOSSEE (Free and Open Source Software for Education) Project which is part of the central government Ministry for Human Resource Development spoke about various activities of his project. Of particular interest to us are:

  • A scheme to get labs and college engineering/computer science departments off proprietary software by helping them identify relevant free software (writing it if necessary.) and helping them transition to it. Similarly getting curricula away from textbooks that use proprietary software by rewriting exercises to use free equivalents.
  • A series of videos for self-instruction kind of like Khan Academy but geared to the challenges of being used in places where there might not be a net connection or even a trained teacher.
  • The Vidyut tablet. A very low cost (~5000 Rupees) ARM-based netbook that runs Linux or Android software. You may have heard about earlier plans for a cheap tablet like this. Vidyut is the next generation correcting some flaws in previous attempts. Not only the software but the hardware is free too. It is currently running a stripped down version of Ubuntu but there was a request to port it to Debian and I'm happy to report several Debian users have accepted the challenge.
FOSSEE is well funded, backed by the government and has enthusiastic staff so we should be seeing a lot more from them in the future.

Veteran Free Software activist Venky Hariharan spoke about his experiences in lobbying the government on tech issues. He noted that there has been a sea change in attitudes towards Linux and Open source in the bureacracy of late. Several states have been aggressively mandating the use of it as have several national ministries and agencies. We the community can provide a valuable service by helping them in the transition. They also need to be educated on how to work with the community (contributing changes back, not working behind closed doors etc.)

Debian History and Debian Cycle

Shirish Agarwal spoke about the Debian philosophy and foundational documents such as the social contract and DFSG and how the release cycle works. Nothing new to an experienced user but informative to the newcomers in the audience and sparked some questions and discussion.

Keysigning

One of my main missions in attending was to help get as many isolated people as possible into the web of trust. Unfortunately the keysigning was not adequately publicized and few people were ready. I would have led them through the process of creating a new key there and then but with the lack of connectivity that idea had to be abandoned. I did manage to sign about 8-10 keys during other times.

Future Directions for Debian-IN BOF

I led this one. Lots of spirited discussion and I found feedback from new users in particular to be very helpful. Some take aways are:

  • Some people said it is hard to find concise, easily digestible information about what Debian can do. (I.e. Can I surf the web? Can I play a certain game? etc.) Debian-IN's web presence in particular needs a lot of improvement. We should also consider other channels such as a facebook page. A volunteer stepped up to look into these issues.
  • Along these lines it was felt that we cannot just wait for people to come to us, we should do more outreach. I pointed out that one group that we need to reach out more to is the Debian Project at large. We need to do more publicity in debian-project, DWN, Planet etc. to let everyone know whats going on in India. I also felt that we have a strong base amongst CS/engineering students but should do more to attract other demographics.
  • Debian events have suffered from organizational problems. Partly this is because the people involved are not professional event planners. They are learning how to do it which is an ongoing process and execution is improving with each iteration so no worries there but problems also arise because Debian-IN is dependent on other entities for many things and those entities do not always have, shall we say, the same sense of urgency. Therefore we need legal standing of our own for accepting donations, inviting foreign guests etc. This doesn't necessarily have to be a separate organization. Affiliating with an existing group is an option providing they share our ideology. Swathanthra Malayalam Computing was one suggestion.
  • There is still not much Debian presence in the North and East of India. (Which includes large cities like Delhi and Kolkata.) Unfortunately until we can find volunteers in those areas to take the lead on organizing something there is not a lot we can do to rectify the situation.
  • We must have Debian-IN t-shirts.

Lil' Debi

Kumar Sukhani was a Debian GSoC student and his project which he demonstrated was to be able to install Debian on an Android phone. Why would you want to do this? Apart from the evergreen "Because I can", you can run server software such as sshd on your phone or even use it as an ARM development board. Unfortunately my phone uses Blackberry 10 OS which can run android apps (emulated under QNX) but wouldn't be able to use this. When I get a real Android phone I will try it out.

Debian on ARM

Siji Sunny gave this talk which was geared more towards hardware types which I am not but one thing I learned was thee difference between all the different ARM subarchitectures. I knew Siji first from a previous incarnation when he worked at CDAC with the late and much lamented Prof. R.K. Joshi. We had a long conversation about those days. Prof. Joshi/CDAC had developed an Indic rendering system called Indix which alas became the Betamax to Pango's VHS but he was also very involved in other Indic computing issues such as working with the Unicode Consortium and the preseration of Sanskrit manuscripts which is also an interest of mine. One good thing that cameout of Indix was some rather nice fonts. I had thought they were still buried in the dungeons of CDAC but apparently they were freed at one point. That's one more thing for me to look into.

Evening/Next morning<

My cousin met me and we had a leisurely dinner together. It was quite late by the time I got back to the hotel. FOSSEE had kindly lent me one of their tablets (which incidently are powerful enough to run LibreOffice comfortably.) so I thought I might be able to quickly redo my presentation before bedtime. Well, wouldn't you know it the wifi was not fixed. As I should have guessed but all the progress I'd had made me giddily optimistic. There was an option of trying to find an Internet cafe in a commercial area 15-20 minutes walk away. If this had been Gujarat I would have tried it but although I can more or less understand Hindi I can barely put together two sentences and Marathi I don't know at all. So I gave up that idea. I redid the slides from memory as best I could and went to sleep.

In the morning I checked out and ferried myself and my suitcase via rickshaw back to the IIT campus. This time I got the driver to take me all the way in to the conference venue. Prof. Maudgalya kindly offered to let me keep the tablet to develop stuff on. I respectfully had to decline because although I love to collect bits of tech the fact it is it would have just gathered dust and ought to go to someone who can make a real contribution with it. I transferred my files to a USB key and borrowed a loaner laptop for my talk.

Debian Packaging Workshop

While waiting to do my talk I sat in on a workshop Praveen ran taking participants through the whole process of creating a Debian package (a ruby gem was the example.) He's done this before so it was a good presentation and well attended but the lack of connectivity did put a damper on things.

Ask Me Anything

It turned out the schedule had to be shuffled a bit so my talk was moved later from the announced time. A few people had already showed up so I took some random questions about Debian from them instead.

GNOME Shell Accessibility With Orca

Krishnakant Mane is remarkable. Although he is blind, he is a developer and a major contributor to Open Source projects. He talked about the Accessibility features of GNOME and compared them (favorably I might add) with proprietary screen readers. Not a subject that's directly useful to me but I found it interesting nonetheless.

Rust: The memory safe language

Manish Goregaokar talked about one of the new fad programming languages that have gotten a lot of buzz lately. This one is backed by Mozilla and it's interesting enough but I'll stick with C++ and Perl until one of the new ones "wins."

Building a Mail Server With Debian

Finally I got to give my talk and, yup, the video out on my borrowed laptop was incompatible with the projector. A slight delay to transfer everything to another laptop and I was able to begin. I talked about setting up BIND, postfix, and of course dovecot along with spamassassin, clamav etc. It turned out I had more than enough material and I went atleast 30 minutes over time and even then I had to rush at the end. People said they liked it so I'm happy.

The End

I gave the concluding remarks. Various people were thanked (including myself) mementos were given and pictures were taken. Despite a few mishaps I enjoyed myself and I am glad I attended. The level of enthusiasm was very high and lessons were learned so the next Debian-IN event should be even better.

My departing flight wasn't due to leave until 1:20AM so I killed a few hours with my family before the flight. Once again I was stopping in Zurich, this time for most of a day. The last of my blunders was not to take my coat out of my suitcase and the temperature outside was 29F so I had to spend that whole time enjoing the (not so) many charms of Zurich airport. Atleast the second flight took me to Newark instead of JFK so I was able to get home a little earlier on Monday evening, exhausted but happy I made the trip.

Planet Linux AustraliaGary Pendergast: Indoor Skydiving

Dear Diary,

Today I went skydiving, whilst barely leaving the ground. It was a bunch of fun.

<3, Gary.

Planet Linux AustraliaAndrew Pollock: [life] Day 359: I guess I'm not a stay at home Dad any more

It's just occurred to me that this will be my last "stay at home Dad" post, because this morning was the last time I'll have Zoe until after she's started at school.

I woke to quite heavy rainfall. Zoe slept late, in think due to a combination of the cooler temperature, lack of direct sunlight, the rain, and the busy previous day and slightly later bedtime. I used the extra time to get ready for the day.

After a quick breakfast, we got straight in the car to get to Sarah's place, because I had to be back home again by 9:15am for a video interview with Google. It was tight, with the wet road conditions, but fortunately my interviewer was a few minutes later than me, so everything worked out okay.

Since then, I've been wandering around in a bit of a daze. I collected the last unit of my real estate licence course from my PO box. All I need now is the actual bit of paper saying I've achieved all of the requisite units of study, and I can go and apply for my licence. Oh, a business name will help too. Coming up with a name/domain name combination is proving phenomenally difficult.

I guess this lull in proceedings before a whole bunch of new stuff starts is a good time to stop and reflect.

I've had a fantastic year. This would have to be the sustained best year of my adult life. On a personal front, I've got to take a break from work, and go off and explore a bunch of other things. I did a barista course. I did a top rope climbing and abseiling course. I've finished my real estate licence course. I've had the opportunity to explore a few different startup ideas, and meet a bunch of different people.

My running has fallen off a bit, but I'm trying to fix that up again now. Maybe this year will be the year I do the Gold Coast Half Marathon. In fact I think I will actively work to that goal this year, since I shouldn't have any date conflicts like I ended up having last year.

On the fathering front, I had an irreplaceably wonderful year with Zoe. I have cemented my relationship with her, and I'm very confident in my capabilities as a single parent. I'm grateful that Zoe got to have the benefits of a proper Kindergarten program. It will give her a strong foundation entering Prep this year.

I'm also glad I managed to keep up the blogging for the whole year. It'll be nice to have this record to look back on.

As for 2015 for me, it's still a bit of a blank slate. I'm open to returning to Google, if that works out best for everyone. There's also a local job that I've found that I believe I'll be a good fit for, which I'm interviewing for next week. I could, if I was feeling really game, just freelance, and do a whole bunch of different things, but I think after a year of living off my savings, I'd prefer the security of a stable income for a while.

Right now, I think I'll try and clean up my desk, so I can start whatever comes next with a tidy desk.

Geek FeminismOn Getting Paid to Speak

In response to a thread on a private mailing list, a prominent woman in tech wrote this fantastic rundown of the details of getting paid to speak, including which speaker bureaus represent which kinds of speakers. We are re-posting an anonymized version of it with her permission in the hopes that with better information, more women will get paid fairly for their public speaking. Paying women fair wages for their work is a feminist act. This advice applies primarily to United States-based speakers; if you have information about international speaker bureaus, please share it in the comments!

Question: I’m interested in speaking with [members of the private mailing list] who either speak via a speaker bureau/agency, or otherwise get paid for their speaking gigs. I have done an absolute ton of speaking in the past few years (including several keynotes) and I know I’m at the level where I could be asking for money for my speaking, and I also need to reduce the amount I sign up for in order to focus on my own projects. So I’m on the market for an agency and would love to hear numbers from other folks who charge for giving talks. I know several women who ask for $1000-$2000 plus travel costs for engagement, but would love to know if that is typical or low as I definitely do know dudes who get much more.

Thanks!

PS this was a very scary email to write! Asking for others to value your work as work is really difficult!

Answer: I have a lot of experience with this & have done a lot of research. The main U.S. bureaus are:

  • The Leigh Bureau, which represents Nate Silver, Joi Ito, danah boyd, Tim Wu, Don Tapscott, Malcolm Gladwell, etc. Leigh tends to represent so-called public intellectuals, and to do a lot of work crafting the brand and visibility of their speakers in well-thought-out laborious campaigns. It tends to represent people for whom speaking is their FT job (or at least, it’s what pays their bills). Leigh does things like organize paid author tours when a new book comes out. Being repped by Leigh is a major time commitment.
  • The Washington Speakers Bureau: Jonathan Zittrain, Madeleine Albright, Tony Blair, Katie Couric, Lou Dobbs, Ezra Klein. These folks specialize in DC/public policy.
  • The Harry Walker Agency: Jimmy Wales, Bill Clinton, Larry Summers, Steve Forbes, Bono, Steven Levitt, Cass Sunstein. These folks tend to rep celebrities and DC types: busy people for whom speaking is a sideline.
  • The Lavin Agency: Jared Diamond, Anderson Cooper, Jonathan Haidt, Lewis Lapham, Steve Wozniak. Lavin does (sort of) generalist public intellectual think-y type people, but is way less commitment than e.g. Leigh. Lavin reps people whose main work is something other than speaking.

(There are probably lots of others including ones that are more specialized, but these are the ones I know.)

I went with Lavin and they’ve been fine. The primary benefits to me are 1) They bring me well-paying talks I wouldn’t otherwise get; 2) they take care of all the flakes so I don’t have to, and they vet to figure out who is a flake; 2) they negotiate the fee; and 3) they handle all the boring logistical details of e.g. scheduling, contractual stuff, reimbursements, etc. I mostly do two types of talks:

  1. The event organizers approach me, and I send them to Lavin. About 80% of these invitations are just [stuff] I would never do, because it pays nothing and/or the event sounds dubious, the expected audience is tiny, I have no idea why they invited me, or whatever. But, about 20% are people/events that I like or am interested in, like advocacy groups, museums, [technical standards bodies], [technical conferences]; TED-x. If I really like the organizers and they are poor, sometimes I will waive my fee and just have them pay expenses. (Warning: if there is no fee, the bureau bows out and I have to handle everything myself. Further warning: twice I have waived my fee and found out later that other speakers didn’t. Bah.) If I get paid for these events, it’s usually about 5K.
  2. The event organizers approach Lavin directly, requesting me. These tend to be professional conferences, where they’re staging something every year and need to come up with a new keynote annually. These are all organized by a corporation or an industry association with money — e.g., Penguin Books, Bain, McKinsey, the American Society of Public Relations Professionals, the Institute of E-Learning Specialists, etc. I do them solely for the money, and I accept them unless I have a scheduling conflict or I really cannot imagine myself connecting with the theme or the audience. These talks are way less fun than the #1 kind above, but they pay more: my fee is usually 25K but occasionally 50K.

For all my talks I get the base fee plus hotel and airfare, plus usually an expenses buyout of about $200 a day. A few orgs can’t do a buyout because of internal policies: that’s worse for me because it means I need to save receipts etc., which is a hassle. Lavin keeps half my fee, which I think is pretty typical. In terms of fees generally, I can tell you from working with bureaus from the other side that 5K is a pretty typical ballpark fee that would usually get a speaker with some public profile (like a David Pogue-level of celebrity) who would be expected to be somewhat entertaining. The drivers of speaker fees are, I think 1) fame, 2) entertainment value and 3) expertise/substance, with the last being the least important. The less famous you are, the more entertaining you’re expected to be. Usually for the high-money talks, there is at least one prep call, during which they tell me what they want: usually it’s a combination of “inspiration” plus a couple of inside-baseball type anecdotes that people can tell their friends about afterwards. The high-money talks are definitely less fun than the low-money ones: the audiences are less engaged, it’s more work for me to provide what they need, everybody cares less, etc.

When I spoke with [a guy at one agency] he told me some interesting stuff about tech conferences, most of which I sadly have forgotten :/ But IIRC I think he said tech conferences tend to pay poorly if at all, because the assumption is that the speaker is benefiting in other ways than cash — they’re consultants who want to be hired by tech companies, they’re pitching a product, trying to hire engineers, building their personal brand, or whatever. Leigh says they’re not lucrative and so they don’t place their people at them much. The real money is in the super-boring stuff, and in PR/social media conferences.

Hope this is useful!

We certainly found it useful. Here are some additional resources which came up in the mailing list thread:

Planet DebianMichael Prokop: check-mk: monitor switches for GBit links

For one of our customers we are using the Open Monitoring Distribution which includes Check_MK as monitoring system. We’re monitoring the switches (Cisco) via SNMP. The switches as well as all the servers support GBit connections, though there are some systems in the wild which are still operating at 100MBit (or even worse on 10MBit). Recently there have been some performance issues related to network access. To make sure it’s not the fault of a server or a service we decided to monitor the switch ports for their network speed. By default we assume all ports to be running at GBit speed. This can be configured either manually via:

cat etc/check_mk/conf.d/wato/rules.mk
[...]
checkgroup_parameters.setdefault('if', [])

checkgroup_parameters['if'] = [
  ( {'speed': 1000000000}, [], ['switch1', 'switch2', 'switch3', 'switch4'], ALL_SERVICES, {'comment': u'GBit links should be used as default on all switches'} ),
] + checkgroup_parameters['if']

or by visting Check_MK’s admin web-interface at ‘WATO Configuration’ -> ‘Host & Service Parameters’ -> ‘Parameters for Inventorized Checks’ -> ‘Networking’ -> ‘Network interfaces and switch ports’ and creating a rule for the ‘Explicit hosts’ switch1, switch2, etc and setting ‘Operating speed’ to ‘1 GBit/s’ there.

So far so straight forward and this works fine. Thanks to this setup we could identify several systems which used 100Mbit and 10MBit links. Definitely something to investigate on the according systems with their auto-negotiation configuration. But to avoid flooding the monitoring system and its notifications we want to explicitly ignore those systems in the monitoring setup until those issues have been resolved.

First step: identify the checks and their format by either invoking `cmk -D switch2` or looking at var/check_mk/autochecks/switch2.mk:

OMD[synpros]:~$ cat var/check_mk/autochecks/switch2.mk
[
  ("switch2", "cisco_cpu", None, cisco_cpu_default_levels),
  ("switch2", "cisco_fan", 'Switch#1, Fan#1', None),
  ("switch2", "cisco_mem", 'Driver text', cisco_mem_default_levels),
  ("switch2", "cisco_mem", 'I/O', cisco_mem_default_levels),
  ("switch2", "cisco_mem", 'Processor', cisco_mem_default_levels),
  ("switch2", "cisco_temp_perf", 'SW#1, Sensor#1, GREEN', None),
  ("switch2", "if64", '10101', {'state': ['1'], 'speed': 1000000000}),
  ("switch2", "if64", '10102', {'state': ['1'], 'speed': 1000000000}),
  ("switch2", "if64", '10103', {'state': ['1'], 'speed': 1000000000}),
  [...]
  ("switch2", "snmp_info", None, None),
  ("switch2", "snmp_uptime", None, {}),
]
OMD[synpros]:~$

Second step: translate this into the according format for usage in etc/check_mk/main.mk:

checks = [
  ( 'switch2', 'if64', '10105', {'state': ['1'], 'errors': (0.01, 0.1), 'speed': None}), # MAC: 00:42:de:ad:be:af,  10MBit
  ( 'switch2', 'if64', '10107', {'state': ['1'], 'errors': (0.01, 0.1), 'speed': None}), # MAC: 00:23:de:ad:be:af, 100MBit
  ( 'switch2', 'if64', '10139', {'state': ['1'], 'errors': (0.01, 0.1), 'speed': None}), # MAC: 00:42:de:ad:be:af, 100MBit
  [...]
]

Using this configuration we ignore the operation speed on ports 10105, 10107 and 10139 of switch2 using the the if64 check. We kept the state setting untouched where sensible (‘1′ means that the expected operational status of the interface is to be ‘up’). The errors settings specifies the error rates in percent for warnings (0.01%) and critical (0.1%). For further details refer to the online documentation or invoke ‘cmk -M if64′.

Final step: after modifying the checks’ configuration make sure to run `cmk -IIu switch2 ; cmk -R` to renew the inventory for switch2 and apply the changes. Do not forget to verify the running configuration by invoking ‘cmk -D switch2′:

Screenshot of 'cmk -D switch2' execution

,

TEDHave a fresh take on how body cameras are changing adventure? Apply to give a talk at TED2015

Give a TED Talk on wearable cameras

They’ve helped us experience the thrill of jumping from 128,000 feet above the earth, showed us what it’s like to be a fireman saving a kitten, and let us hang out with lions in South Africa.

TED is seeking a talk, to be delivered at our 2015 conference, about the increasingly common practice of documenting extreme sports and outdoor adventures via GoPro and other wearable cameras. The ideal talk will be heavy on jaw-dropping visuals and also cultural context: Why are these point-of-view videos so compelling? How are they changing professional and amateur athletics? Are they morphing our reasons for pursuing certain activities? Or how we feel while doing them? What are the personal and collective risks associated with filming our every (sometimes-crazy) move? Are those risks outweighed by the benefits? And what *are* those benefits, exactly, other than entertaining us?

The ideal speaker will be knowledgeable about sports, exploration, outdoor activities, and/or visual culture. But if you can prove to us that you can deliver an outstanding presentation, we don’t care whether you’re a journalist or an art critic or a snowboard enthusiast. You need not be a video-editing genius (we can help with that), but you do need to be able to select outstanding footage and weave it into a terrifically fun and thought-provoking narrative. You’ll be responsible for securing the rights to any footage you plan to use, but we’re happy to give advice and lend a hand where we can. Also, while we provide all speakers with rehearsal time and speaker coaching, you need to have something great to say, and you need to be excited to be on a stage.

TED2015 will be held from March 16-20 in Vancouver, Canada. The selected speaker will be provided with airfare, accommodations, and a conference pass. If you are interested, please submit a short proposal (no more than 300 words) describing your own background and the content and structure of your presentation. Please also include a link to a video of you speaking in public or a newly recorded 1-minute video (using a cell phone or webcam) describing your idea. All submissions must be received by 5pm EST on Friday, January 30, 2015.

Submit a talk proposal »

<iframe allowfullscreen="allowFullScreen" frameborder="0" height="270" mozallowfullscreen="mozallowfullscreen" src="http://giphy.com/embed/ouGiowEDpFa5W" webkitallowfullscreen="webkitAllowFullScreen" width="480"></iframe> <iframe allowfullscreen="allowFullScreen" frameborder="0" height="269" mozallowfullscreen="mozallowfullscreen" src="http://giphy.com/embed/jOtF2fD9sV4fS" webkitallowfullscreen="webkitAllowFullScreen" width="480"></iframe>

Photo courtesy of Adwriter/Flickr. GIFs courtesy of Giphy.


Kelvin ThomsonDavid Hicks Terrorism Conviction

I am very pleased to see reports this morning that the United States government has admitted that David Hicks conviction in 2007 for providing material support for terrorism is invalid.<o:p></o:p>

When I was Shadow Attorney-General in 2006 I campaigned for David Hicks to be given a fair trial. He was never given a fair trial. What happened was that David Hicks pleaded guilty to an offence which didn't exist when he was arrested, in exchange for being released from Guantanamo Bay and returned to Australia.<o:p></o:p>

I have always believed that David Hicks guilty plea did not make him a guilty man. He had been detained in Guantanamo Bay in solitary confinement for five and a half years with no recourse to a fair trial. I believe many people placed in such a situation would have acted similarly.<o:p></o:p>

I therefore welcome these developments. I regret that the Australian Government, and particularly the Foreign Minister of the time Alexander Downer, did so little for so long to try to get David Hicks a fair trial. Like that Government's meek compliance with the US Government's disastrous decision to invade Iraq, the consequences of which we are still living with today, it was weak and unworthy – more lapdog than national government.

Planet Linux AustraliaMichael Still: Harcourt and Rogers Trigs

I needed to visit someone in deepest darkest North Canberra yesterday, and there was an hour to kill between that meeting and the local Linux User's Group meeting. It seemed silly to have driven all that way and to not see a couple of trigs, so I visited these two. Both these trigs were easy to get to and urban. Frankly a little boring.

Harcourt trig is in what I will call a cow paddock -- it doesn't have a lot of trees happening and feels a bit like left over land. Access to the nature reserve wasn't very obvious to me from the suburban streets, but the KML file below might help others to work it out. It wasn't too bad once I'd navigated the maze of streets and weird paved areas.

             

Interactive map for this route.

Rogers was similar, except access was more obvious because it is in an older suburb. This is a nicer reserve than Harcourt's, with a nice peak and some walking opportunities around the base of the hill. I think I'll probably end up coming back to this one as my wife is nostalgic about growing up backing on to this reserve.

   

Interactive map for this route.

Tags for this post: blog pictures 20150122-harcourt_and_rogers photo canberra gungahlin belconnen bushwalk trig_point urban_trig
Related posts: A quick walk to Tuggeranong Trig; A walk around Mount Stranger; Taylor Trig; Urambi Trig; Walk up Tuggeranong Hill; Wanniassa Trig

Comment

Planet Linux AustraliaAndrew Pollock: [life] Day 358: Doctor, class lists, shopping, swimming, haircuts, dinner

Yesterday was a rather jam packed day. I'm not surprised Zoe's sleeping in, although the rain is probably helping.

We got going in the morning, and first off was the weekly wart freezing at the doctor. We're going to have to take a different approach once school starts next week.

After that, I checked my PO box, and got back one more unit of my real estate licence course (marked competent). So I'm just waiting for one I had to resubmit then I've officially completed everything. Hopefully that will come through early next week.

After that, we popped over to Chloe's place so we could all walk around to the school together to check the class lists, which were published.

Zoe did really well. She got the teacher that I'd wanted her to get, and Chloe is in her class, along with a boy, Flynn, she got to know through the Poppet program they ran last year. I met the mother of another little girl, Milla, who will be in Zoe's class too, and introduced the girls to each other. I'm very excited to see how Zoe's going to go at school next week. I think she's going to do really well.

After that, we went out to Carindale to do some birthday present related shopping for Eva and Layla's upcoming birthday, and some other general shopping. We also bumped into Mackensie's dad.

We ended up at Carindale for quite a while, so by the time we were done, we had enough time to race home, make a batch of hummus for dinner, and race out again to swim class.

Straight after swim class, we had haircuts, so we had to hurry over to the hairdresser, and then head back to Chloe's place for dinner.

Zoe had a great time playing with Chloe and her older sister, and I got to put my feet up for a bit and hang out with Kelley and Mark. It was a nice evening.

We got home to a welcome letter in the mail from Zoe's new teacher, which was nice. We made that the bedtime reading, as it was getting late.

Planet DebianErich Schubert: Year 2014 in Review as Seen by a Trend Detection System

We ran our trend detection tool Signi-Trend (published at KDD 2014) on news articles collected for the year 2014. We removed the category of financial news, which is overrepresented in the data set. Below are the (described) results, from the top 50 trends (I will push the raw result to appspot if possible due to file limits).
I have highlighted the top 10 trends in bold, but otherwise ordered them chronologically.

January
2014-01-29: Obama's State of the Union address
February
2014-02-05..23: Sochi Olympics (11x, including the four below)
2014-02-07: Gay rights protesters arrested at Sochi Olympics
2014-02-08: Sochi Olympics begins
2014-02-16: Injuries in Sochi Extreme Park
2014-02-17: Men's Snowboard cross finals called of because of fog
2014-02-19: Violence in Ukraine and Kiev
2014-02-22: Yanukovich leaves Kiev
2014-02-23: Sochi Olympics close
2014-02-28: Crimea crisis begins
March
2014-03-01..06: Crimea crisis escalates futher (3x)
2014-03-08: Malaysia Airlines MH-370 machine missing in South China Sea (2x)
2014-03-18: Crimea now considered part of Russia by Putin
2014-03-28: U.N. condemns Crimea's secession
April
2014-04-17..18: Russia-Ukraine crisis continues (3x)
2014-04-20: South Korea ferry accident
May
2014-05-18: Cannes film festival
2014-05-25: EU elections
June
2014-06-13: Islamic state Camp Speicher massacre in Iraq
2014-06-16: U.S. talks to Iran about Iraq
July
2014-07-17..19: Malaysian Airlines MH-17 shot down over Ukraine (3x, 2x top 10)
2014-07-20: Israel shelling Gaza kills 40+ in a day
August
2014-08-07: Russia bans EU food imports
2014-08-20: Obama orders U.S. air strikes in Iraq against IS
2014-08-30: EU increases sanctions against Russia
September
2014-09-04: NATO summit at Celtic Manor
2014-09-23: Obama orders more U.S. air strikes against IS
Oktober
2014-10-16: Ebola case in Dallas
2014-10-24: Ebola patient in New York is stable
November
2014-11-02: Elections: Romania, and U.S. rampup
2014-11-05: U.S. Senate elections
2014-11-25: Ferguson prosecution
Dezember
2014-12-08: IOC Olympics sport additions
2014-12-11: CIA prisoner center in Thailand
2014-12-15: Sydney cafe hostage siege
2014-12-17: U.S. and Cuba relations improve unexpectedly
2014-12-19: North Korea blamed for Sony cyber attack
2014-12-28: AirAsia flight QZ-8501 missing

As you can guess, we are really happy with this result - just like the result for 2013 it mentiones (almost) all the key events.
There is one "false positive" there: 2014-11-02 has a lot of articles talking about "president" and "elections", but not all refer to the same topic (we did not do topic modeling yet).
There are also some events missing that we would have liked to appear. For example the Chile/Peru earthquake. But I looked at the data: there were not many reports on this in the data source. Also, there is little about the Islamic State terror - but it has been going on throughout the year. Also Facebook bought Whatsapp on February 19 - which was a very visible trend on Twitter; but likely this was filtered out via the financials category in this data set.

Krebs on SecurityFlash Patch Targets Zero-Day Exploit

Adobe today released an important security update for its Flash Player software that fixes a vulnerability which is already being exploited in active attacks. Compounding the threat, the company said it is investigating reports that crooks may have developed a separate exploit that gets around the protections in this latest update.

brokenflash-aEarly indicators of a Flash zero-day vulnerability came this week in a blog post by Kafeine, a noted security researcher who keeps close tabs on new innovations in “exploit kits.” Often called exploit packs — exploit kits are automated software tools that help thieves booby-trap hacked sites to deploy malicious code.

Kafeine wrote that a popular crimeware package called the Angler Exploit Kit was targeting previously undocumented vulnerability in Flash that appears to work against many different combinations of the Internet Explorer browser on Microsoft Windows systems.

Attackers may be targeting Windows and IE users for now, but the vulnerability fixed by this update also exists in versions of Flash that run on Mac and Linux as well. The Flash update brings the media player to version 16.0.0.287 on Mac and Windows systems, and 11.2.202.438 on Linux.

While Flash users should definitely update as soon as possible, there are indications that this fix may not plug all of the holes in Flash for which attackers have developed exploits. In a statement released along with the Flash update today, Adobe said its patch addresses a newly discovered vulnerability that is being actively exploited, but that there appears to be another active attack this patch doesn’t address.

“Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player,” Adobe said. “Additionally, we are investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists in the wild.”

To see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash, although as of this writing it seems that the latest version of Chrome (40.0.2214.91) is still running v. 16.0.0.257

The most recent versions of Flash are available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

I am looking forward to day in which far fewer sites require Flash Player to view content, and instead rely on HTML5 for rendering video content. For now, it’s probably impractical for most users to remove Flash altogether, but there are in-between options to limit automatic rendering of Flash content in the browser. My favorite is click-to-play, which is a feature available for most browsers (except IE, sadly) that blocks Flash content from loading by default, replacing the content on Web sites with a blank box. With click-to-play, users who wish to view the blocked content need only click the boxes to enable Flash content inside of them (click-to-play also blocks Java applets from loading by default).

Windows users also should take full advantage of the Enhanced Mitigation Experience Toolkit (EMET), a free tool from Microsoft that can help Windows users beef up the security of third-party applications.

Update 11:05 p.m. ET: Adobe just issued a bulletin confirming that this latest patch does not protect Flash users against all current, active attacks. The company says it plans to release an update the week of Jan. 26 to address this other security issue.

Don Martimobile ad revenue fail

Arel Lidow has a look at Mary Meeker's Internet Trends report and writes, Each year, the gap between dollars spent on mobile advertising versus time spent on mobile devices increases: in 2011, the implied gap was about $14 billion; in 2013, it was about $28 billion. So why is the gap in mobile ad spend so damn large? And when will those billions of dollars come flooding in?

I plotted the same data, and and put the numbers for print, web, and mobile, across several years, on the same graph.

Clearly, Lidow is right. Mobile is remarkably disappointing, compared to web. But what is going on with print?

Even as the fraction of user time spent on print falls, it's worth more to advertisers than mobile is.

This isn't much of a surprise, if you look at advertising history. More targetable ad media such as junk fax and email spam tend to fall in value, while non-targetable ad media tend to hold or gain value. (Seems paradoxical until you look at the economics behind it.)

But here's Lidow's recommendation: If you could wave a magic wand and provide a perfect attribution system with widespread usage by marketers and agencies, the mobile ad landscape would change quickly, and ad spend would increase.

So wait a minute. Take the a low-value ad medium and make it more valuable by doing more of what makes it less valuable? Wouldn't you want to figure out how to go the other way?

I don't get it. More and more I'm starting to think that this whole surveillance marketing trend is more about selling Marketing to the rest of the company than about selling stuff to customers.

Sociological ImagesWorking Conditions in Modern Agriculture

If you are worried about the abuse and exploitation of non-human animals, you can become a vegetarian or a vegan. But if you worry about the abuse and exploitation of humans, there is no morally upright consumer choice you can make, short of growing 100% of your food yourself.

This is the main message of journalist Eric Schlosser in this 4min video produced by BigThink. In it, he summarizes the extent of the exploitation of poor people, mostly immigrants, in the restaurant industry, the meatpacking industry, and the production of fresh fruits and vegetables in the U.S.

Especially for the people who pick our produce, he insists, the working conditions “are more reminiscent of the mid-nineteenth century than they are with the twenty-first century.” It is “literally slavery.”

Watch here:

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,47,0" height="360" id="flashObj" width="640"><param name="movie" value="http://c.brightcove.com/services/viewer/federated_f9?isVid=1&amp;isUI=1"/><param name="bgcolor" value="#FFFFFF"/><param name="flashVars" value="videoId=3909580445001&amp;playerID=1187410652001&amp;playerKey=AQ~~,AAAAGuNzXFE~,qu1BWJRU7c2zPXB5pnS6ytF42ALvFXD6&amp;domain=embed&amp;dynamicStreaming=true"/><param name="base" value="http://admin.brightcove.com"/><param name="seamlesstabbing" value="false"/><param name="allowFullScreen" value="true"/><param name="swLiveConnect" value="true"/><param name="allowScriptAccess" value="always"/><embed allowfullscreen="true" allowscriptaccess="always" base="http://admin.brightcove.com" bgcolor="#FFFFFF" flashvars="videoId=3909580445001&amp;playerID=1187410652001&amp;playerKey=AQ~~,AAAAGuNzXFE~,qu1BWJRU7c2zPXB5pnS6ytF42ALvFXD6&amp;domain=embed&amp;dynamicStreaming=true" height="360" name="flashObj" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" seamlesstabbing="false" src="http://c.brightcove.com/services/viewer/federated_f9?isVid=1&amp;isUI=1" swliveconnect="true" type="application/x-shockwave-flash" width="640"></object>

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Krebs on SecurityPassword Re-use Fuels Starwood Fraud Spike

Two different readers have written in this past week to complain about having their Starwood Preferred Guest loyalty accounts hijacked by scammers. The spike in fraud appears to be tied to a combination of password re-use and the release of a tool that automates the checking of account credentials at the Web site for the popular travel rewards program.

spgThe mass compromise of Starwood accounts began in earnest less than a week ago. That roughly coincides with a Starwoods-specific account-checking tool that was released for free on Leakforums[dot]org, an English-language forum dedicated to helping (mostly low-skilled) misfits monetize compromised credentials from various online services, particularly e-retailers, cloud-based services and points or rewards accounts.

The tool is little more than a bit of code that automates the checking of account credentials stolen from other data breaches, to see if the stolen credentials also work at Starwoods.com. These types of account checking tools work because — despite constant advice to the contrary — a fair number of Internet users will rely on the same email address (username) and password pair for accounts at multiple sites.

The release of the account checking tool caused numerous Leakforums denizens to run the tool against various username and password lists stolen in previous data breaches. In less than 24 hours after its release, there were more than a half dozen Leakforums members selling compromised accounts. One seller advertised a Starwood account with 70,000 points for sale at just $3, while accounts with about 40,000 points sold for $1.50.

The release of an account checking tool for Starwood credentials has prompted dozens of  miscreants to sell and cash out hijacked Starwood reward points.

The release of an account checking tool for Starwood credentials has prompted dozens of miscreants to sell and cash out hijacked Starwood reward points.

According to a tutorial posted on the forum, hijacked account buyers “cash out” their purchases by creating new Starwood accounts and then forcing the hijacked account to transfer its account balance to the new account. The reward points are then exchanged for gift cards that can be used as cash.

Starwood does offer customers the option to receive email or text message alerts when account changes are made. But the tutorial on Leakforums encourages buyers to change the email address, password and other contact information on the victim’s account, effectively locking out the legitimate user.

Chris Holdren, senior vice president of global and digital at Starwood Preferred Guest, said the attacks of the past week track closely to the fraud patterns that have hit other loyalty programs in recent months, including Hilton Honors.

“They appear to be using credentials from elsewhere and seeing how many of those match up to Starwood accounts to see how many hits they can get,” Holdren said.

Holdren added that Starwood users who have had their accounts hijacked will not lose points due to fraud, a claim that was backed up by at least one of the two readers who initially contacted KrebsOnSecurity about being victimized by fraudsters.

“Not one guest is going to lose even a single Starwood point through this activity,” Holdren said. “We have a very large team globally mobilized to combat it.”

Could companies like Starwood be doing a lot more to facilitate safer login procedures, such as 2-step authentication? Absolutely. Even so, far too many people re-use the same passwords at multiple sites that hold either their credit card information or points that can easily be redeemed for cash.

Planet Linux AustraliaChris Samuel: Mount Burnett Observatory Open Day and Third Birthday – Saturday 24th January 2015

As some of you know I’m involved with the Mount Burnett Observatory, a community run astronomical observatory in the Dandenong Ranges of Victoria near Emerald to the south-east of Melbourne. Originally built by Monash University in the early 1970’s it’s 3 years since a small group of people formed a community association, took over the site and starting resurrecting it as an observatory by and for the people. It’s now three years on and by the end of last year we were the second largest astronomical association in Victoria!

DSC_7143_v1

This Saturday (24th January) is our third birthday celebration so we’re having an open day running from 1pm through to 6pm with tours, activities, a solar telescope and components from the Murchison Widefield Array (MWA), one of the precursor telescopes to the massive Square Kilometer Array telescope project!

At 6pm we have a barbecue and then at 7pm there will be a talk by Perry Vlahos on what there will be to see in the sky over the coming month. After that we’ll be socialising and, if the weather behaves itself, viewing the stars through the many observatory telescopes.

MBO_open_day_2015_flyer

This item originally posted here:

Mount Burnett Observatory Open Day and Third Birthday – Saturday 24th January 2015

Worse Than FailureCodeSOD: Backwards Interview

There are a lot of different schools of thought on administering programming tests to new hires. On one hand, you’re hiring them to program, so it might be nice to see if they can actually do it. On the other hand, given the time constraints of most interviews <script src="http://www.cornify.com/js/cornify.js" type="text/javascript"></script>, it’s nearly impossible to give them a meaningful test.

Rot a renegade, wed a generator

From that conflict grows tests like FizzBuzz. Greg Q’s company uses the old “reverse a string” method. Neither of these is a good test of an experienced programmer, but it’s a quick way to weed out the worst incompetents.

Like, for example, this applicant for a Senior Developer position:

<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script>
private void button1_Click(object sender, EventArgs e)
{
        string a = "A";
        string b = "B";
        string c = "C";
        string d = "D";
        string f = "E";

        MessageBox.Show(a + ", " + b + ", " + c + ", " + d + ", " + f + ", \n"
                + f + ", " + d + ", " + c + ", " + b + ", " + a);
        }
}
[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet Linux Australialinux.conf.au News: Thank you all for being awesome!

Just over a year ago in Perth, we invited you to a party at our place, and we feel as if that is exactly what #lca2015 has been.

You have Been Awesome guests, and it's been a great party.

We had fantastic feedback from our event venues. MOTAT told us that their volunteer enthusiasts who were staffing the exhibits really enjoyed the intelligent conversations that they had with you. The staff at Sweat Shop said that you were all extremely well behaved which was why they were happy to keep the bar open for as long as you wanted.

We couldn't have asked for more from our guests.

We had a great time, and now it's time to relax for a little while. The videos of the presentations and keynotes are now online, and we're uploading the slides as they come in.

Our Thanks To

  • Linux Australia for trusting us with this amazing event
  • Our Speakers, Miniconf Organisers and Keynote / Plenary presenters
  • Linus, Bdale, Andrew and Rusty for the Q&A Session on Friday
  • The delegates for joining us in Auckland for #lca2015
  • The Sponsors for their contributions to linux.conf.au
  • AV, Video and Network Team
  • Rego Desk
  • Partners Program Team
  • Room Runners
  • Our Drivers
  • Graphics and design team for our website, logos and associated swag
  • The ghosts of conferences past
  • ...and the team who have spent so much of the last year putting this event together

Some Numbers

As part of our closing session we provided some numbers regarding LCA 2015.
  • 0 - Unclaimed badges or bags at rego desk
  • 1 - Virtual session
  • 3 - Official social events for our attendees
  • 8 - Years since Cherie and Steven first attended #lca2007 in Sydney
  • 9 - Participants in our Keynote, Plenary and Q&A Sessions
  • 13 - Miniconfs
  • 89 - Main Program talks / tutorials
  • 470 - Days from being notified that Auckland would host #lca2015 until our closing ceremony
  • 650 - Average number of distinct devices on the conference delegate WiFi network
  • 715 - Days from the #lca2015 BoF held at #lca2013 in Canberra until the close of #lca2015
  • 3113 - Coffees served up by Tuihana Cafe
  • 3GB/s - Typical daily peak data utilisation on the conference WiFi network

To the future

The whole #lca2015 Auckland team wish the best of luck to the #lca2016 Geelong team...

Haere rā

Cherie and Steven Ellis

Planet DebianMJ Ray: Outsourcing email to Google means SPF allows phishing?

I expect this is obvious to many people but bahumbug To Phish, or Not to Phish? just woke me up to the fact that if Google hosts your company email then its Sender Policy Framework might make other Google-sent emails look legitimate for your domain. When combined with the unsupportive support of the big free webmail hosts, is this another black mark against SPF?

Planet DebianDiego Escalante Urrelo: Link Pack #04

Writing Your Way to Happiness (nytimes.com)
Researches believe that the way we think about, and remember, “our story” can be so powerful that it can actually influence our happiness and success. It’s a nice little article summarizing actual research. The main study referred put fresh university students to test: a group received tools to “rewrite” their memory and story of their academic performance, another group didn’t. The first group improved their grades and had only 1 student drop school within a year, the other group had 4 drop outs and no specific improvement.

I’ve been thinking about this as I recently rewrote my About page and also started writing down some past Travel journals. Looking back and rewriting your own story is incredibly empowering, it’s a fantastic rush of confidence and self-assertion. Memory is always betraying us, and remembering our success is not particularly high on the list of things to keep.

The concept is based on the idea that we all have a personal narrative that shapes our view of the world and ourselves. But sometimes our inner voice doesn’t get it completely right. Some researchers believe that by writing and then editing our own stories, we can change our perceptions of ourselves and identify obstacles that stand in the way of better health.

It may sound like self-help nonsense, but research suggests the effects are real.

Students who had been prompted to change their personal stories improved their grade-point averages and were less likely to drop out over the next year than the students who received no information. In the control group, which had received no advice about grades, 20 percent of the students had dropped out within a year. But in the intervention group, only 1 student — or just 5 percent — dropped out.

Old Masters at the Top of Their Game (nytimes.com)
Fantastic read on how these artists defy the conventions of old meaning useless. Masters at their art, they haven’t quit nor have laid to rest and cash their reputation. They keep making, they stay alive (physically and metaphorically) through art.

No rush to get to their age, but still a really interesting “letter from the future”. Full of cheat codes, read this now.

Now I am 79. I’ve written many hundreds of essays, 10 times that number of misbegotten drafts both early and late, and I begin to understand that failure is its own reward. It is in the effort to close the distance between the work imagined and the work achieved wherein it is to be found that the ceaseless labor is the freedom of play, that what’s at stake isn’t a reflection in the mirror of fame but the escape from the prison of the self.

T. H. White, the British naturalist turned novelist to write “The Once and Future King,” calls upon the druid Merlyn to teach the lesson to the young prince Arthur:

“You may grow old and trembling in your anatomies, you may lie awake at night listening to the disorder of your veins, you may miss your only love, you may see the world about you devastated by evil lunatics, or know your honour trampled in the sewers of baser minds. There is only one thing for it then — to learn. Learn why the world wags and what wags it. That is the only thing which the mind can never exhaust, never alienate, never be tortured by, never fear or distrust, and never dream of regretting.”

A Life with a View (ribbonfarm.com)
A somewhat tricky read, but with a nice payback. Take your time, and savor it slowly. It’s a very interesting look into how we keep wanting new stuff, and how we shield from ourselves by looking for the “place with no yearns”, the place where we won’t want anything anymore doesn’t exist.

Chains very well into the reads I shared a few days ago on practical contentment.

The arrival fallacy is about seeking a life from which one can look with a complacent equanimity upon the rest of reality, without yearning. It is an ideal of a life that is defined primarily by blindness to itself. You yearn while you see your life as others see it, until you arrive at a situation where you can disappear into the broader background, and see comfortably without being seen discomfittingly, especially by yourself.

Once you’re there, the yearning stops, so the theory goes. Of course it is a laughably bad theory.

How To Escape From A Moving Car (mrporter.com)
By Adam Kirley, stunt double for Daniel Craig in the crazy crane scene of Casino Royale (where 007 jumps from monkey nuts high to donkey bonkers high, a badger bum crazy distance). Really funny, and one of those things I always find myself thinking… Almost as much as what to do in case of a Post Office Showdown (xkcd.com)

Everyone’s first instinct is to put their hands or legs down first. That’s the worst thing you can do: you will break something. The pointy parts of your body hurt – elbows, knees, hips, ankles. Put your fists under your chin, and bring your elbows together. Keep your chin tucked in to your chest to protect your head. The best point of impact is the back of the shoulder and your back. If you dive out directly onto your shoulder you’ll break it.

What the World Looks Like with Social Anxiety (collegehumor.com)
Funny vignettes about how the world looks like when you are socially anxious. I can only really identify with the last one:

cfd04d22a6dfa4fb858dee8d3d5592afShea Strauss.

Helsinki Bus Station Theory (fotocommunity.com)
Don’t get off the bus. Art comes to those who wait and persevere. At first, you replicate the same route others have done, but only if you stay long enough in such path you begin to find your own path. Although perhaps a little more classic in conception, this is an interesting text advising artists to don’t give up just because they don’t compare well to the masters of their current art or genre. Only those who persevere will catch up and diverge from the masters.

You could say that diverging early is also a way to find your path, but there’s still a case to be made for learning from those who came before. Whether you want to imitate them, or rebel against them, you still need to know them.

My take: it doesn’t hurt to pick up some biographies or works from past masters and see what made them masters. Create your master genealogy, kinda like in Steal Like an Artist (which I recently read but haven’t got around to write about yet).

Georges Braque has said that out of limited means, new forms emerge. I say, we find out what we will do by knowing what we will not do.

And so, if your heart is set on 8×10 platinum landscapes in misty southern terrains, work your way through those who inspire you, ride their bus route and damn those who would say you are merely repeating what has been done before. Wait for the months and years to pass and soon your differences will begin to appear with clarity and intelligence, when your originality will become visible, even the works from those very first years of trepidation when everything you did seemed so done before.

At 90, She’s Designing Tech For Aging Boomers (npr.org)
The inspiring tale of a 90 year old woman who joined IDEO to contribute a unique point of view to the design process. You can never stop learning, life never ceases to be interesting. It’s short, and not incredibly shocking, but that this has happened somewhere as referenced and revered as IDEO says a lot.

And for the bulging demographic of baby boomers growing old, Beskind has this advice: Embrace change and design for it.


Previously on Link Pack

  • Link Pack #05 - Lever Rukhin Photographs Los Angeles From His Car Lever Rukhin shoots the sketchiest parts of Los Angeles from his car, taking a really unique perspective that helps you perceive what LA looks like, if you were in a car… An experience that is apparently common to all LA people. People drive too much in the…
  • Link Pack #04 - Writing Your Way to Happiness (nytimes.com) Researches believe that the way we think about, and remember, “our story” can be so powerful that it can actually influence our happiness and success. It’s a nice little article summarizing actual research. The main study referred put fresh university students to test: a group received tools to “rewrite”…
  • Link Pack #03 - What’s that? The third edition of Link Pack of course! Playing with Power (7 minutes, Vimeo) A super awesome story about a stop motion animator that turned a Nintendo Power Glove into the perfect animation tool. It’s a fun, inspiring video :-). I love the Power Glove, it’s so bad. The Power Glove – Angry…
  • Link Pack #02 - First sequel to my Link Pack “series” (I’ll remove the quotes when it’s LP#05): Link Pack #01. This time I’m going for fewer articles, to try to keep things less overwhelming. There’s no special theme, and I’m actually leaving out some nice things I read recently. On the plus side, that means I have good…
  • Link pack #01 - Following the lead of my dear friend Daniel and his fantastic and addictive “Summing up” series, here’s a link pack of recent stuff I read around the web. Link pack is definitely a terrible name, but I’m working on it. How to Silence Negative Thinking On how to avoid the pitfall of being a Negatron…

,

Planet DebianTomasz Buchert: Expired keys in Debian keyring

A new version of Stellarium was recently released (0.13.2), so I wanted to upload it to Debian unstable as I usually do. And so I did, but it was rejected without me even knowing, since I got no e-mail response from ftp-masters.

It turns out that my GPG key in the Debian keyring expired recently and so my upload was rightfully rejected. Not a big deal, actually, since you can easily move the expiration date (even after its expiration!). I did it already and the updated key is already propagated, but be aware that Debian keyring does not synchronize with other keyservers! To update your key in Debian (if you are a Debian Developer or Mantainer) you must send your updated keys to keyring.debian.org like that (you should replace my ID with your own):

$ gpg --keyserver keyring.debian.org --send-keys 24B17D29

Debian keyring is distributed as a standard DEB package and apparently it may take up to a month to have your updated key in Debian. It seems that I may be unable to upload packages for some time.

But the whole story made me thinking: am I the only one who forgot to update his key in Debian keyring? To verify it I wrote the following snippet (works in Python 2 and 3!) which shows keys expired in the Debian keyring (well, two of them). As a bonus, it also shows keys that have non-UTF8 characters in UIDs – see #738483 for more information.

#
# be sure to do "apt-get install python-gnupg"
#

import gnupg
import datetime

def check_keys(keyring, tab = ""):
    gpg = gnupg.GPG(keyring = keyring)
    gpg.decode_errors = 'replace' # see: https://bugs.debian.org/738483
    keys = gpg.list_keys()
    now = datetime.datetime.now()
    for key in keys:
        uids = key['uids']
        uid = uids[0]
        if key['expires'] != '':
            expire = datetime.datetime.fromtimestamp(int(key['expires']))
            diff = expire - now
            if diff.days < 0:
                print(u'{}EXPIRED: Key of {} expired {} days ago.'.format(tab, uid, -diff.days))
        mangled_uids = [ u for u in uids if u'\ufffd' in u ]
        if len(mangled_uids) > 0:
            print(u'{}MANGLED: Key of {} has some mangled uids: {}'.format(tab, uid, mangled_uids))

keyrings = [
    "/usr/share/keyrings/debian-keyring.gpg",
    "/usr/share/keyrings/debian-maintainers.gpg"
]

for keyring in keyrings:
    print(u"CHECKING {}".format(keyring))
    check_keys(keyring, tab = "    ")

I’m not going to show the output of this code, because it contains names and e-mail adresses which I really shouldn’t post. But you can run it yourself. You will see that there is a small group of people with expired keys (including me!). Interestingly, some keys have expired a long time ago: there is one that expired more than 7 years ago!

The outcome of the story is: yes, you should have an expiration date on your key for safety reasons, but be careful - it can surprise you at the worst moment.

Krebs on SecurityJava Patch Plugs 19 Security Holes

Oracle this week released its quarterly patch update for Java, a widely-installed program that for most casual users has probably introduced more vulnerability than utility. If you have Java installed and require it for some application or Web site, it’s time to update it. If you’re not sure you have Java on your computer or are unsure why you still have it, read on for advice that could save you some security headaches down the road.

javamessOracle’s update brings Java 7 to Update 75 and Java 8 to Update 31, and fixes at least 19 security vulnerabilities in the program. Security vendor Qualys notes that 13 of those flaws are remotely exploitable, with a CVSS score of 10 (the most severe possible score).

Java 7 users should know that Oracle plans to start using the auto-update function built into the program to migrate those users to Java 8 this week.

According to a new report (PDF) from Cisco, online attacks that exploit Java vulnerabilities have decreased by 34 percent in the past year. Cisco reckons this is thanks to security improvements in the program, and to bad guys embracing new attack vectors — such Microsoft Silverlight flaws (if you’re a Netflix subscriber, you have Silverlight installed). Nevertheless, my message about Java will remain the same: Patch it, or pitch it.

The trouble with Java is that it has a very broad install base, but many users don’t even know if they have it on their systems. There are a few of ways to find out if you have Java installed and what version may be running. Windows users can check for the program in the Add/Remove Programs listing in Windows, or visit Java.com and click the “Do I have Java?” link on the homepage. Updates also should be available via the Java Control Panel or from Java.com.

If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. In the past, updating via the control panel auto-selected the installation of third-party software, so be sure to look for any pre-checked “add-ons” before proceeding with an update through the Java control panel.

Otherwise, seriously consider removing Java altogether. I have long urged end users to junk Java unless they have a specific use for it (this advice does not scale for businesses, which often have legacy and custom applications that rely on Java). This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants.

If you have an affirmative use or need for Java, there is a way to have this program installed while minimizing the chance that crooks will exploit unknown or unpatched flaws in the program: unplug it from the browser unless and until you’re at a site that requires it (or at least take advantage of click-to-play, which can block Web sites from displaying both Java and Flash content by default). The latest versions of Java let users disable Java content in web browsers through the Java Control Panel. Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java.

For Java power users — or for those who are having trouble upgrading or removing a stubborn older version — I recommend JavaRa, which can assist in repairing or removing Java when other methods fail (requires the Microsoft .NET Framework).

Many people confuse Java with  JavaScript, a powerful scripting language that helps make sites interactive. Unfortunately, a huge percentage of Web-based attacks use JavaScript tricks to foist malicious software and exploits onto site visitors. For more about ways to manage JavaScript in the browser, check out my tutorial Tools for a Safer PC.

Sociological ImagesDog Movies Powerfully Influence Dog Ownership

Most Americans, when asked if they are affected by advertising, will say “not really.” They think other people are influenced by cultural messages, but that they are somehow immune.

Whether people are shaped by the media they consume seems to be a perpetual question. The fact that billions of dollars are spent every year attempting to influence us is probably a sign that advertisers know it works. Scientists get in on the action, asking pressing questions like: Do violent video games increase violence in real life? Do sexy, thin models hurt girls’ self-esteem? We do the studies and the answers are often inconclusive, probably because of how complicated the relationships are.

Psychologist Stefano Ghirlanda and his colleagues asked a slightly simpler question: Do celebrity dogs influence the popularity of dog breeds? They looked at 100 movies with prominent dog characters from 1939 to 2003 and compared the release date to breed registrations. The answer seems to be: with the exception of box office flops, yes.

2

Given that many dog movies are made for kids, I’d be interested in the mediating role of parenthood. Companies that make children’s products like sugary cereal know that they can get the parent to buy their product if the kid is annoying enough about it. So, they market to children directly. I’d love to see if people with and without small children were equally affected by the breed of dog in this year’s movie.

The researchers method of popularity, moreover, was registration with the American Kennel Club. Pure bred dogs are expensive. So, I wonder if the power of these trends varies by social class. If a family can’t afford a “Beethoven,” they may be more likely to just adopt a mutt from a neighbor’s litter.

In any case, though, this seems like incontrovertible evidence that we’re influenced by mass media. But you already knew everyone else was, didn’t you?

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Worse Than FailureFAP it Good

Francis was at the start of what was sure to be a challenging and rewarding journey towards a degree in Computer Science. One of his first classes was a group study course built around cross-departmental education. It forced together a Business major named Suzanna to play the role of Project Manager, Francis and Carlos, another CS student, as developers, and a Music major named Johann, as a tester. Assignments and interaction with the instructor were all online, but the group met in person to work on their project.

The parameters were simple: over a semester, the group would develop a fully functional Public Administration website for a fake city to allow its fake citizens to pay their fake utility bills with fake money. The biggest wrinkle was that they had to use a home-grown application framework the professor built called the Framework Application Provider, or FAP. FAP was supposed to be easy to get a handle on, and would allow n00bs like Francis to easily crank out whatever they wanted, whenever they wanted. The problem was that FAP was actually a big, sticky mess.

Francis’ instructor, Doctor Wacker, forced them to buy FAP licenses as part of their course materials, which promised extensive documentation and demos for all things FAP. This “extensive” documentation took the form of a single tutorial video on creating a FAP object which had all the quality of a scrambled cable TV channel, circa 1996.

Francis tried emailing Doctor Wacker about the lack of assistance, and got no response for two weeks. When a response arrived, it was a brief, “You shouldn’t need me to hold your hand! FAP is so easy to use, it practically does everything for you! I expect a working demo by mid-terms.” While Suzanna typed away at dull requirements documents, Francis and his fellow programmer were left to dig through the FAP source and try and understand it with their limited experience.

“I don’t even…” Francis said. He tried to run his sample programming inside of FAP. “I’m sure I understand the syntax, but these functions don’t do what they’re supposed to do.”

“Oh, I know,” Carlos said. “You know commitDataChanges? It opens a print dialog.”

“Doctor Wacker is a real jerk.”

As the semester wore on, Francis and Carlos beat FAP around and eventually figured out how to get FAP to turn input into output that wasn’t total garbage. Their progress wasn’t much: a login page and a basic account page. Bill Pay was just a fantasy. The week before the demo was due, they handed it off to their tester Johann, who was so busy tuning his g-string that he couldn’t be troubled to show up for their group meetings.

Francis and Carlos emailed a URL to Johann with explicit instructions on how to access their demo site and test it. Ten minutes later, he surprised them with a “works fine” response. Clearly, Johann hadn’t tested anything, because “works fine” would never have been uttered by anyone who actually used the site.

Suzanna set up a meeting for Francis and Carlos to submit their mid-term demo to Doctor Wacker, along with her carefully handcrafted requirements. She insisted they read them over first. The requirements were 200 pages of promises of functionality that would never be delivered and weren’t close to what the program actually did. Francis and Carlos were just learning to be developers, but Suzanna had already mastered the fine art of project management.

“Whatever,” Francis muttered to Carlos. “I don’t give a FAP anymore. Let’s turn this in and spend the rest of the semester to polish it up.” Off it went to the professor, requirements bible and all, to be judged.

Two weeks later, the group received feedback. “Off to a good start! This really shows the power of what FAP can do for you! B+ work. Add in all the features listed in the requirements, and it becomes an A for your final.”

Suzanna took Wacker’s response as a mandate that her requirements document was golden, and now it was only up to her developers to make it happen. Francis and Carlos knew that it wasn’t going to happen, so they spent the rest of the semester hacking away at FAP and whacking out the handful of requirements they could meet from the list. What they wound up with was exactly what they set out to make- a website where John Fakington could create an account and pay any bills associated with his account number. It wasn’t pretty, but it worked.

Doctor Wacker wasn’t pleased. Upon receiving the final project, he called it, “sloppy and an embarrassment to FAP.” Suzanna screamed at them over the grade, Johann complained that "C is such a dull key," but Francis and Carlos were perfectly happy to live with the C- they got, only because it meant they were done with FAP forever. At least until they registered for their next semester. The university had rolled out a new registration website with online payments, that allowed any student to create an account and pay any outstanding bills with their account number. It wasn’t pretty, but it worked.

At the bottom was a prominent banner, “Powered by Doctor Wacker’s FAP.” Wacker happily stole their work to stroke his own ego, and it left a bitter taste in their mouths.

Image from “Batman: Beyond”

[Advertisement] Release! is a light card game about software and the people who make it. Order the massive, 338-card Kickstarter Edition (which includes The Daily Wtf Anti-patterns expansion) for only $27, shipped!

Planet DebianChris Lamb: Sprezzatura

Wolf Hall on Twitter et al:

He says, "Majesty, we were talking of Castiglione's book. You have found time to read it?"

"Indeed. He extrolls sprezzatura. The art of doing everything gracefully and well, without the appearance of effort. A quality princes should cultivate."

"Yes. But besides sprezzatura one must exhibit at all times a dignified public restraint..."

Planet DebianEnrico Zini: miniscreen

Playing with python, terminfo and command output

I am experimenting with showing progress on the terminal for a subcommand that is being run, showing what is happening without scrolling away the output of the main program, and I came out with this little toy. It shows the last X lines of a subcommand output, then gets rid of everything after the command has ended.

Usability-wise, it feels like a tease to me: it looks like I'm being shown all sorts of information then they are taken away from me before I managed to make sense of them. However, I find it cute enough to share:

#!/usr/bin/env python3
#coding: utf-8
# Copyright 2015 Enrico Zini <enrico@enricozini.org>.  Licensed under the terms
# of the GNU General Public License, version 2 or any later version.

import argparse
import fcntl
import select
import curses
import contextlib
import subprocess
import os
import sys
import collections
import shlex
import shutil
import logging

def stream_output(proc):
    """
    Take a subprocess.Popen object and generate its output, line by line,
    annotated with "stdout" or "stderr". At process termination it generates
    one last element: ("result", return_code) with the return code of the
    process.
    """
    fds = [proc.stdout, proc.stderr]
    bufs = [b"", b""]
    types = ["stdout", "stderr"]
    # Set both pipes as non-blocking
    for fd in fds:
        fcntl.fcntl(fd, fcntl.F_SETFL, os.O_NONBLOCK)
    # Multiplex stdout and stderr with different prefixes
    while len(fds) > 0:
        s = select.select(fds, (), ())
        for fd in s[0]:
            idx = fds.index(fd)
            buf = fd.read()
            if len(buf) == 0:
                fds.pop(idx)
                if len(bufs[idx]) != 0:
                    yield types[idx], bufs.pop(idx)
                types.pop(idx)
            else:
                bufs[idx] += buf
                lines = bufs[idx].split(b"\n")
                bufs[idx] = lines.pop()
                for l in lines:
                    yield types[idx], l
    res = proc.wait()
    yield "result", res

@contextlib.contextmanager
def miniscreen(has_fancyterm, name, maxlines=3, silent=False):
    """
    Show the output of a process scrolling in a portion of the screen.

    has_fancyterm: true if the terminal supports fancy features; if false, just
    write lines to standard output

    name: name of the process being run, to use as a header

    maxlines: maximum height of the miniscreen

    silent: do nothing whatsoever, used to disable this without needing to
            change the code structure

    Usage:
        with miniscreen(True, "my process", 5) as print_line:
            for i in range(10):
                print_line(("stdout", "stderr")[i % 2], "Line #{}".format(i))
    """
    if not silent and has_fancyterm:
        # Discover all the terminal control sequences that we need
        output_normal = str(curses.tigetstr("sgr0"), "ascii")
        output_up = str(curses.tigetstr("cuu1"), "ascii")
        output_clreol = str(curses.tigetstr("el"), "ascii")
        cols, lines = shutil.get_terminal_size()
        output_width = cols

        fg_color = (curses.tigetstr("setaf") or
                    curses.tigetstr("setf") or "")
        sys.stdout.write(str(curses.tparm(fg_color, 6), "ascii"))

        output_lines = collections.deque(maxlen=maxlines)

        def print_lines():
            """
            Print the lines in our buffer, then move back to the beginning
            """
            sys.stdout.write("{} progress:".format(name))
            sys.stdout.write(output_clreol)
            for msg in output_lines:
                sys.stdout.write("\n")
                sys.stdout.write(msg)
                sys.stdout.write(output_clreol)
            sys.stdout.write(output_up * len(output_lines))
            sys.stdout.write("\r")

        try:
            print_lines()

            def _progress_line(type, line):
                """
                Print a new line to the miniscreen
                """
                # Add the new line to our output buffer
                msg = "{} {}".format("." if type == "stdout" else "!", line)
                if len(msg) > output_width - 4:
                    msg = msg[:output_width - 4] + "..."
                output_lines.append(msg)
                # Update the miniscreen
                print_lines()

            yield _progress_line

            # Clear the miniscreen by filling our ring buffer with empty lines
            # then printing them out
            for i in range(maxlines):
                output_lines.append("")
            print_lines()
        finally:
            sys.stdout.write(output_normal)
    elif not silent:
        def _progress_line(type, line):
            print("{}: {}".format(type, line))
        yield _progress_line
    else:
        def _progress_line(type, line):
            pass
        yield _progress_line

def run_command_fancy(name, cmd, env=None, logfd=None, fancy=True, debug=False):
    quoted_cmd = " ".join(shlex.quote(x) for x in cmd)
    log.info("%s running command %s", name, quoted_cmd)
    if logfd: print("runcmd:", quoted_cmd, file=logfd)

    # Run the script itself on an empty environment, so that what was
    # documented is exactly what was run
    proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env)

    with miniscreen(fancy, name, silent=debug) as progress:
        stderr = []
        for type, val in stream_output(proc):
            if type == "stdout":
                val = val.decode("utf-8")
                if logfd: print("stdout:", val, file=logfd)
                log.debug("%s stdout: %s", name, val)
                progress(type, val)
            elif type == "stderr":
                val = val.decode("utf-8")
                if logfd: print("stderr:", val, file=logfd)
                stderr.append(val)
                log.debug("%s stderr: %s", name, val)
                progress(type, val)
            elif type == "result":
                if logfd: print("retval:", val, file=logfd)
                log.debug("%s retval: %d", name, val)
                retval = val

    if retval != 0:
        lastlines = min(len(stderr), 5)
        log.error("%s exited with code %s", name, retval)
        log.error("Last %d lines of standard error:", lastlines)
        for line in stderr[-lastlines:]:
            log.error("%s: %s", name, line)

    return retval


parser = argparse.ArgumentParser(description="run a command showing only a portion of its output")
parser.add_argument("--logfile", action="store", help="specify a file where the full execution log will be written")
parser.add_argument("--debug", action="store_true", help="debugging output on the terminal")
parser.add_argument("--verbose", action="store_true", help="verbose output on the terminal")
parser.add_argument("command", nargs="*", help="command to run")
args = parser.parse_args()

if args.debug:
    loglevel = logging.DEBUG
elif args.verbose:
    loglevel = logging.INFO
else:
    loglevel = logging.WARN
logging.basicConfig(level=loglevel, stream=sys.stderr)
log = logging.getLogger()

fancy = False
if not args.debug and sys.stdout.isatty():
    curses.setupterm()
    if curses.tigetnum("colors") > 0:
        fancy = True

if args.logfile:
    logfd = open("output.log", "wt")
else:
    logfd = None

retval = run_command_fancy("miniscreen example", args.command, logfd=logfd)

sys.exit(retval)

Planet DebianJonathan McDowell: Moving to Jekyll

I’ve been meaning to move away from Movable Type for a while; they no longer provide the “Open Source” variant, I’ve had some issues with the commenting side of things (more the fault of spammers than Movable Type itself) and there are a few minor niggles that I wanted to resolve. Nothing has been particularly pressing me to move and I haven’t been blogging as much so while I’ve been keeping an eye open for a replacement I haven’t exerted a lot of energy into the process. I have a little bit of time at present so I asked around on IRC for suggestions. One was ikiwiki, which I use as part of helping maintain the SPI website (and think is fantastic for that), the other was Jekyll. Both are available as part of Debian Jessie.

Jekyll looked a bit fancier out of the box (I’m no web designer so pre-canned themes help me a lot), so I decided to spend some time investigating it a bit more. I’d found a Movable Type to ikiwiki converter which provided a starting point for exporting from the SQLite3 DB I was using for MT. Most of my posts are in markdown, the rest (mostly from my Blosxom days) are plain HTML, so there wasn’t any need to do any conversion on the actual content. A minor amount of poking convinced Jekyll to use the same URL format (permalink: /:year/:month/:title.html in the _config.yml did what I wanted) and I had to do a few bits of fix up for some images that had been uploaded into MT, but overall fairly simple stuff.

Next I had to think about comments. My initial thought was to just ignore them for the moment; they weren’t really working on the MT install that well so it’s not a huge loss. I then decided I should at least see what the options were. Google+ has the ability to embed in your site, so I had a play with that. It worked well enough but I didn’t really want to force commenters into the Google ecosystem. Next up was Disqus, which I’ve seen used in various places. It seems to allow logins via various 3rd parties, can cope with threading and deals with the despamming. It was easy enough to integrate to play with, and while I was doing so I discovered that it could cope with importing comments. So I tweaked my conversion script to generate a WXR based file of the comments. This then imported easily into Disqus (and also I double checked that the export system worked).

I’m sure the use of a third party to handle comments will put some people off, but given the ability to export I’m confident if I really feel like dealing with despamming comments again at some point I can switch to something locally hosted. I do wish it didn’t require Javascript, but again it’s a trade off I’m willing to make at present.

Anyway. Thanks to Tollef for the pointer (and others who made various suggestions). Hopefully I haven’t broken (or produced a slew of “new” posts for) any of the feed readers pointed at my site (but you should update to use feed.xml rather than any of the others - I may remove them in the future once I see usage has died down).

(On the off chance it’s useful to someone else the conversion script I ended up with is available. There’s a built in Jekyll importer that may be a better move, but I liked ending up with a git repository containing a commit for each post.)

Geek FeminismLinkspams on a plane (20 January 2015)

  • Gamergate Target Zoe Quinn Launches Anti-Harassment Support Network | Wired: “Co-founded by Quinn and fellow game developer Alex Lifschitz, the Crash Override network provides advice, resources, and support from survivors with personal experience to those facing harassment. The network, which officially launched Friday, also offers access to “experts in information security, whitehat hacking, PR, law enforcement, legal, threat monitoring and counseling.””
  • Beautiful Illustrations Empowering All Women Part 2 | GeekXGirls: “Artist Carol Rossetti created these beautiful reminders for all women, and now we’ve even got some geek specific ones relating to cosplay harassment and the “fake gamer girl” witchhunt.”
  • Belief that some fields require ‘brilliance’ may keep women out | Science/AAAS | News: “The authors suggest that faculty members and graduate student instructors convey their attitudes to undergraduates, who internalize them before making career decisions. Given the prevailing societal view that fewer women than men have special intellectual abilities, they speculate, female students may feel discouraged from pursuing advanced degrees in fields that consider brilliance crucial. Male students, on the other hand, will not experience this same feedback, leading to a gender disparity in the discipline.”
  • Representation of women and the genius myth | mathbabe: “If you think about it, it’s actually a pretty reasonable roadmap for how to attract a more diverse group of people to mathematics or other subjects. You just need to create an environment of learning that emphasizes practice over genius. Actively dispel the genius myth.”
  • On Tone Policing Linus Torvalds, or…| Many machines on Ix. : “What Linus undoubtedly sees as some sort of confident swagger in the way he writes, he comes across as acting like a child.  ”I care about the technology,” he told Ars Technica. But when he talks about other people’s work, the technical details are buried under a thick layer of lazy rhetorical flourishes that just Linus trying to show off… It’s the bluster of a bully, someone who can’t or won’t discuss a disagreement on equal terms, because he think he doesn’t have to.”
  • My boyfriend in Dragon Age: Inquisition broke my heart when he told me he was gay | Technology | The Guardian: “Consent is sexy. Consent is cool. Consent is a very important thing, for women and men, and now it’s in big blockbuster video games. Dragon Age: Inquisition is easily the most personal, well-designed relationship system I’ve ever seen – and if we learn anything at all from the media we consume, then our awkward, virtual sexual encounters in games like this could maybe shape us all into better, more respectful people.”
  • How crowdfunding helps haters profit from harassment | Boing Boing: [CW: misogynist speech highlighted in header image, harassment] “Crowdfunding services have the duty not only to be aware of who they are doing business with, but also to care when their rules are flaunted. If they don’t, ruining a woman’s life will remain gainful self-employment for these professional victimizers.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet Linux AustraliaAndrew McDonnell: Linux.conf.au – so much all the things!

Well, I’ve said it before and not followed through, but I am intending to blog about various stuff from last weeks LCA over the next month or two.

One things about LCA of course is how much you learn. Especially when you stand up in front of a room to share something and discover errors in your own understanding! In my own case, I had a talk at the Open Hardware miniconf about some security things related to embedded devices. Literally an hour before I had a ping on twitter alterting me to a factual error in my blog, which was also loudly proclaimed in the talk I was about to deliver. Luckily it was only one slide, and the misunderstanding did not impact the rest of the talk (or for that matter, most of the offending blog article.) So I have updated the original blog article with a correction.

Sociological ImagesLanguage and Presidential Addresses: We, Free, and the Public Good

What do we mean when we say “we”? Or more to the point, what does the president mean when he uses that word?

The Atlantic has an interactive graphic (here) showing the relative frequencies of words in State of the Union addresses. (“Addresses” because I’m choosing my words carefully. These were not “speeches” until Wilson. Before that, it was written text only.) Here “we” is.

The rise of “we” seems to parallel the rise of big government, starting with Wilson and our entry into a world war, followed by a brief (10-year) decline. Then FDR changes everything.  “We,” i.e., the people as represented by the government, are doing a lot more.

Sorting the data by frequency shows that even in the big-We era, big-government Democrats use it more than do Republicans.  (JFK used We less frequently than did the GOP presidents immediately before and after him. But then, it was JFK who said not to ask what the government could do for us.)

Other words are less puzzling. Freedom is a core American value, but of late (the last five or six presidents), it’s the Republicans who really let it ring.

As with We, Freedom gets a big boost with FDR, but Freedom for Reagan and the Bushes is not exactly FDR’s four freedoms – Freedom of speech, Freedom of religion, Freedom from want, Freedom from fear – especially the last two. Nor is it the kind of freedom LBJ might have spoken of in the civil rights era, a freedom that depended greatly on the actions of the federal government.  Instead, for conservatives since Reagan, freedom means the freedom to do what you want, especially to make as much money as you can, unbothered by government rules, and to pay less in taxes.

Freedom in this sense is what Robert Bellah calls “utilitarian individualism.”  As the word count shows, freedom was not such a central concern in the first 150 years of the Republic. Perhaps it became a concern for conservatives in recent years because they see it threatened by big government.  In any case, for much of our history, that tradition of individualism was, according to Bellah, tempered by another tradition – “civic republicanism,” the assumption that a citizen has an interest not just in individual pursuits but in public issues of the common good as well.

That sense of a public seems to have declined. Even the “collectivist” Democrats of recent years use the term only about one-tenth as much as did the Founding Fathers. Washington, Adams, Jefferson, Madison – their SOTUs had more than ten publics for every freedom.

I checked one other word because of its relevance to the argument that the U.S. is “a Christian nation,” founded on religious principles by religious people, and that God has always been an essential part of our nation.

The Almighty, at least in State of the Union addresses, is something of a Johnny-come-lately. Like We, He gets a big boost with the advent of big government. FDR out-Godded everybody before or since, except of course, the Bushes and Reagan.

Thank you and God bless you, and God bless the United States of America.

—————

Update: I just noticed that the two “Gods” in that sentence work out to a rate of 200-300 per million. If tag lines like that are included as part of the text, that accounts for the higher rate since FDR. It’s not about big government, it’s about radio. Prior to radio, the audience for the SOTU was Congress. Starting with FDR, the audience was the American people. Unfortunately, I don’t know whether these closing lines, which have now become standard, are included in the database. If they are included, the differences among presidents in the radio-TV era, may be more a matter of the denominator of the rate (length of speeches) than of the numerator (God). FDR averaged about 3500 per SOTU. Reagan and the Bushes are in the 4000-6000 range. Clinton and Obama average about 7000. So it’s possible that the difference that looks large on the graph is merely the difference between a single God-bless closing and a double.

Jay Livingston is the chair of the Sociology Department at Montclair State University. You can follow him at Montclair SocioBlog or on Twitter.

(View original at http://thesocietypages.org/socimages)

Planet DebianJo Shields: mono-project.com Linux packages, January 2015 edition

The latest version of Mono has released (actually, it happened a week ago, but it took me a while to get all sorts of exciting new features bug-checked and shipshape).

Stable packages

This release covers Mono 3.12, and MonoDevelop 5.7. These are built for all the same targets as last time, with a few caveats (MonoDevelop does not include F# or ASP.NET MVC 4 support). ARM packages will be added in a few weeks’ time, when I get the new ARM build farm working at Xamarin’s Boston office.

Ahead-of-time support

This probably seems silly since upstream Mono has included it for years, but Mono on Debian has never shipped with AOT’d mscorlib.dll or mcs.exe, for awkward package-management reasons. Mono 3.12 fixes this, and will AOT these assemblies – optimized for your computer – on installation. If you can suggest any other assemblies to add to the list, we now support a simple manifest structure so any assembly can be arbitrarily AOT’d on installation.

Goodbye Mozroots!

I am very pleased to announce that as of this release, Mono users on Linux no longer need to run “mozroots” to get SSL working. A new command, “cert-sync”, has been added to this release, which synchronizes the Mono SSL certificate store against your OS certificate store – and this tool has been integrated into the packaging system for all mono-project.com packages, so it is automatically used. Just make sure the ca-certificates-mono package is installed on Debian/Ubuntu (it’s always bundled on RPM-based) to take advantage! It should be installed on fresh installs by default. If you want to invoke the tool manually (e.g. you installed via make install, not packages) use

cert-sync /path/to/ca-bundle.crt

On Debian systems, that’s

cert-sync /etc/ssl/certs/ca-certificates.crt

and on Red Hat derivatives it’s

cert-sync /etc/pki/tls/certs/ca-bundle.crt

Your distribution might use a different path, if it’s not derived from one of those.

Windows installer back from the dead

Thanks to help from Alex Koeplinger, I’ve brought the Windows installer back from the dead. The last release on the website was for 3.2.3 (it’s actually not this version at all – it’s complicated…), so now the Windows installer has parity with the Linux and OSX versions. The Windows installer (should!) bundles everything the Mac version does – F#, PCL facades, IronWhatever, etc, along with Boehm and SGen builds of the Mono runtime done with Visual Studio 2013.

An EXPERIMENTAL OH MY GOD DON’T USE THIS IN PRODUCTION 64-bit installer is in the works, when I have the time to try and make a 64-build of Gtk#.

Planet DebianDimitri John Ledkov: Python 3 ports of launchpadlib & ubuntu-dev-tools (library) are available

I'm happy to announce that Python 3 ports of launchpadlib & ubuntu-dev-tools (library) are available for consumption.

These are 1.10.3 & 0.155 respectfully.

This means that everyone should start porting their reports, tools, and scriptage to python3.

ubuntu-dev-tools has the library portion ported to python3, as I did not dare to switch individual scripts to python3 without thorough interactive testing. Please help out porting those and/or file bug reports against the python3 port. Feel free to subscribe me to the bug reports on launchpad.

For the time being, I believe some things will not be easy to port to python3 because of the elephant in the room - bzrlib. For some things like lp-shell, it should be easy to move away from bzrlib, as non-vcs things are used there. For other things the current suggestion is to probably fork to bzr binary or a python2 process. I ponder if a minimal usable python3-bzrlib wrapper around python2 bzrlib is possible to satisfy the needs of basic and common scripts.

On a side note, launchpadlib & lazr.restfulclient have out of the box proxy support enabled. This makes things like add-apt-repository work behind networks with such setup. I think a few people will be happy about that.

All of these goodies are available in Ubuntu 15.04 (Vivid Vervet) or Debian Experimental (and/or NEW queue).

,

LongNowDavid Keith Seminar Tickets

 

The Long Now Foundation’s monthly

Seminars About Long-term Thinking

David Keith presents Patient Geoengineering

David Keith on “Patient Geoengineering”

TICKETS

Tuesday February 17, 02015 at 7:30pm SFJAZZ Center

Long Now Members can reserve 2 seats, join today! General Tickets $15

 

About this Seminar:

The main arguments against geo-engineering (direct climate intervention) to stop global warming are: 1) It would be a massive, irreversible, risky bet; 2) everyone has to agree to it, which they won’t; 3) the unexpected side effects might be horrific; 4) once committed to, it could never be stopped.

What if none of those need be true?

Harvard climate expert David Keith has a practical proposal for an incremental, low-cost, easily reversible program of research and eventual deployment that builds on local research and is designed from the beginning for eventual shutdown. All it attempts is to reduce the rate of global warming to a manageable pace while the permanent solutions for excess greenhouse gases are worked out. Global rainfall would not be affected. The system is based on transparency and patience—each stage building adaptively only on the proven success of prior stages, deployed only as needed, and then phased out the same way.

One of Time magazine’s “Heroes for the Environment,“ David Keith is a Professor of Applied Physics in Harvard’s School of Engineering and Applied Sciences and Professor of Public Policy in the Harvard Kennedy School. He is also executive chairman of the Calgary-based company, Carbon Engineering, which is developing air capture of carbon dioxide.

Planet DebianJonathan Wiltshire: Never too late for bug-squashing

With over a hundred RC bugs still outstanding for Jessie, there’s never been a better time to host a bug-squashing party in your local area. Here’s how I do it.

  1. At home is fine, if you don’t mind guests. You don’t need to seek out a sponsor and borrow or hire office space. If there isn’t room for couch-surfers, the project can help towards travel and accommodation expenses. My address isn’t secret, but I still don’t announce it – it’s fine to share it only with the attendees once you know who they are.
  2. You need a good work area. There should be room for people to sit and work comfortably – a dining room table and chairs is ideal. It should be quiet and free from distractions. A local mirror is handy, but a good internet connection is essential.
  3. Hungry hackers eat lots of snacks. This past weekend saw five of us get through 15 litres of soft drinks, two loaves of bread, half a kilo of cheese, two litres of soup, 22 bags of crisps, 12 jam tarts, two pints of milk, two packs of chocolate cake bars, and a large bag of biscuits (and we went out for breakfast and supper). Make sure there is plenty available before your attendees arrive, along with a good supply of tea and coffee.
  4. Have a work plan. Pick a shortlist of RC bugs to suit attendees’ strengths, or work on a particular packaging group’s bugs, or have a theme, or something. Make sure there’s a common purpose and you don’t just end up being a bunch of people round a table.
  5. Be an exemplary host. As the host you’re allowed to squash fewer bugs and instead make sure your guests are comfortable, know where the bathroom is, aren’t going hungry, etc. It’s an acceptable trade-off. (The reverse is true: if you’re attending, be an exemplary guest – and don’t spend the party reading news sites.)

Now, go host a BSP of your own, and let’s release!


Never too late for bug-squashing is a post from: jwiltshire.org.uk | Flattr

Planet DebianSven Hoexter: Heads up: possible changes in fonts-lyx

Today the super nice upstream developers of LyX reached out to me (and pelle@) as the former and still part time lyx package maintainers to inform us of an ongoing discussion in http://www.lyx.org/trac/ticket/9229. The current aproach to fix this bug might result in a name change of all fonts shipped in fonts-lyx with the next LyX release.

Why is it relevant for people not using LyX?

For some historic reasons beyond my knowledge the LyX project ships a bunch of math symbol fonts converted to ttf files. From a seperate source package they moved to be part of the lyx source package and are currently delivered via the fonts-lyx package.

Over time a bunch of other packages picked this font package up as a dependency. Among them also rather popular packages like icedove, which results in a rather fancy popcon graph. Drawback as usual is that changes might have a visible impact in places where you do not expect them.

So if you've some clue about fonts, or depend on fonts-lyx in some way, you might want to follow that issue cited above and/or get in contact with the LyX developers.

If you've some spare time feel also invited to contribute to the lyx packaging in Debian. It really deserves a lot more love then what it seldomly gets today by the brave Nick Andrik, Per and myself.

Planet DebianDaniel Pocock: Quantifying the performance of the Microserver

In my earlier blog about choosing a storage controller, I mentioned that the Microserver's on-board AMD SB820M SATA controller doesn't quite let the SSDs perform at their best.

Just how bad is it?

I did run some tests with the fio benchmarking utility.

Lets have a look at those random writes, they simulate the workload of synchronous NFS write operations:

rand-write: (groupid=3, jobs=1): err= 0: pid=1979
  write: io=1024.0MB, bw=22621KB/s, iops=5655 , runt= 46355msec

Now compare it to the HP Z800 on my desk, it has the Crucial CT512MX100SSD1 on a built-in LSI SAS 1068E controller:

rand-write: (groupid=3, jobs=1): err= 0: pid=21103
  write: io=1024.0MB, bw=81002KB/s, iops=20250 , runt= 12945msec

and then there is the Thinkpad with OCZ-NOCTI mSATA SSD:

rand-write: (groupid=3, jobs=1): err= 0: pid=30185
  write: io=1024.0MB, bw=106088KB/s, iops=26522 , runt=  9884msec

That's right, the HP workstation is four times faster than the Microserver, but the Thinkpad whips both of them.

I don't know how much I can expect of the PCI bus in the Microserver but I suspect that any storage controller will help me get some gain here.

Planet DebianSven Hoexter: python-ipcalc bumped from 0.3 to 1.1.3

I've helped a friend to get started with Debian packaging and he has now adopted python-ipcalc. Since I've no prior experience with packaging of Python modules and there were five years of upstream development in between, I've uploaded to experimental to give it some exposure.

So if you still use the python-ipcalc package, which is part of all current Debian releases and the upcoming jessie release, please check out the package from experimental. I think the only reverse dependency within Debian is sshfp, that one of course also requires some testing.

RacialiciousDenying Racism in Cape Town Is About Lack of Empathy

by Guest Contributor Luso Mnthali, originally published at AfriPop

I was on radio the other day, trying to explain to Shado Twala, well-known radio and television personality here in South Africa, how racism personally affects me. I had this great chance to finally tell a wider audience what it feels like to live in a city that denies you so much because you’re black. But I focused too much on how I’d been getting hostile looks from strangers, and being shoved and bumped into a couple of times while walking in my predominantly white neighbourhood.

I felt like I blew it.

Gone was the experience I had on my first date with the man who would later become my boyfriend. It was here in Cape Town, years ago, when another white man lunged at me and spat out some ugly racist words at me. I won’t say publicly what they are, not now anyway. Because he wasn’t aware of it at the time, I only told my man this had happened years later. It’s not something I want to remember, or talk about, but it’s been on my mind a lot lately. Possibly because there have been so many incidents of racism in the Cape in recent months. And it’s happened not only when the tourists flood in during the month we all lovingly call Dezemba. Even though, during my conversation with uMam’Shado, we were slightly glib about how the tourists from other provinces annually bring with them a spate of complaints about the ‘Mother City’ as it is known to some. My black South African friends have asked: “Mother to whom, this city? Who does it mother and who is the mother?”

So I felt that, during that conversation, gone were the experiences of friends trying to rent apartments, but being disappointed because of race-based selection or denial. Of friends leaving their jobs and packing up to go back to Joburg after a year or two. Gone were the stories of how even academia works to keep black people out. Gone were the myriad instances of microagression and hostility in a place that renders you both visible and invisible. You’re visible when you’ve clearly transgressed – how dare you walk around with a white man who clearly adores you? What are you doing with him? Or, as some women from a white-owned mainly white-staffed media house asked my friend about me – “How did she get a white guy?”

You’re invisible when you are the street cleaner, or the domestic worker who has now changed out of her servant’s uniform and is chatting with other domestic workers on the bus or in the cramped taxi for the long trip heading home. Or when you’re the black nanny meeting up with other black nannies as you push the strollers and prams of your white charges up the hill, so you can take them to the park with the water feature and guinea fowl running around in the mountain neighbourhood. Your own children, where do they play?

When you’ve been explaining what it is that ails you, what really troubles you about a place, for years and years, it gets hard to do so in a radio interview. It’s what you’ve been talking about for so long that you almost don’t know how to put into words so that they get it. And finally people are listening and seem to understand what’s been going on. It’s in all the papers for heavens sake, you’re not making things up. Finally people believe you. Or do they?

With all the gaslighting that goes on, that sense that the abuse you thought was real all along actually isn’t, because someone can make you doubt it – the real toll it can take has yet to be thoroughly examined. And it is not easy to talk about. So I need people to understand this – the racism we experience in Cape Town as black people is real. We are not making it up. So stop gaslighting us. Stop denying that these experiences happen. Stop placing doubt on our experiences every time an incident occurs. The solution to racism is simple – stop being racist.

As a black woman, an immigrant from Malawi, I have faced countless challenges. One that stands clearly in my mind is when after being told it was ready and had my new permit in it, the man behind the desk at Home Affairs wouldn’t give it to me. I had to have my tall blond German-accented boyfriend stride in and demand my passport back from the person because that person swore at me (yes, swore at me. the F word was used by a male government official dealing with a woman who merely wanted her passport back.)

I was so ashamed. To be black in a country that respects white people’s authority over the actual black owner of a passport. To have had to call on my white boyfriend to help me in that instance. I was ashamed, saddened, disgusted and scared that I would have to live in a place that would constantly ask me to go through such humiliations. And it did. Many times over, in many other ways. We won’t talk about the bullying in the workplace, the being followed around a shop, meanwhile the white person this black security guard has left alone is beeping at the shop entrance. We won’t talk about the things people say as I walk past them, holding hands with a white man. Not just ugly looks sometimes, but also ugly comments. We won’t talk about the concert at Kirstenbosch Gardens where a white gay couple seated in front of us on the lawn, instead of facing the stage, stared back at us directly for five long minutes until we started talking about them: “look at these guys, so lacking inner beauty they must just stare at us” “these people have everything, yet they won’t share a simple lawn with black people” (ja, neh. they ended up turning around, defeated, and we enjoyed the concert without further incident) (but still, hey)

We won’t talk about the many instances of racism and the microaggressions which I have had to scream about alone at home, or rant about on Twitter, or also hear of from friends. And sometimes see those friends leave, go back to Joburg after a couple of years, in sadness and disgust over a place that is so unwelcoming. Where even the Premier can call black people refugees. We won’t talk about it because it is as droplets of water are in an ocean we see every day here in Koloni, the other name for Cape Town.

So here I was on radio being asked to have a larger conversation about the things I and many others experience in this city. As black people we are constantly asked for proof of this racism we talk about. To be asked for proof assumes that I don’t know my own mind, or that this thing isn’t in the news constantly, not just in December. It assumes that there must automatically be a distrust of the message and the messenger. To be honest I’ve talked enough. Many have also talked. And some keep talking in very nuanced, intelligent ways. They are better at explaining what ails us all than I am. There are also those that have enough empathy or self-reflection to say that things must change, and that the responsibility lies with them. Some can surprise you. But isn’t that the whole point of this exercise? To not throw people away as hopelessly mired in a system of thought, in a greedy and odious, rejecting and exclusive, backward mindset that results in treating other humans as lesser beings.

We as black people everywhere, and as media practitioners, keep writing about our condition. But I always wonder who is listening. Some are playing to the gallery, but some are seriously trying to make a difference with their cerebral, well-researched and considerably more erudite arguments. We talk of racism as a global phenomenon, we see people are being killed in the US, denied jobs and opportunities there, denied the right to live in dignity, to own the spaces they simply walk in – simply because, they are told, that by virtue of being black, they don’t belong. In the US the young people in the movement are trying to figure out new tools with which to dismantle the hold of racism there, but in the local context we have not tried to use new tools with which to dismantle it.

When we get emotional it feeds into an outrage loop, losing impact. It is as though we’re supposed to be unemotional, clinical, scientific and data-driven even about something that affects us not only psychologically, but economically, physically and emotionally. It affects where we live, how we live and love, and who we are as human beings. I realise that those racism denialists care not a jot about this, so they ask for proof and data, clinically and coldly, as though they themselves are involved in great scientific analyses of their own lives, especially as lay persons. Their experiences are said to be valid just because they breathe, or say they feel pain. We are there, black women and men in Cape Town, and until someone dons blackface to caricature us, urinates on us, klaps us or beats, or pangas us or denies us a seat at a table in a restaurant somewhere, and the media picks it up, we apparently have not actually experienced what we are experiencing. It is the most frustrating thing to be told you are not in pain, or you have not been affected, or are being tormented by something, when in reality you are. This is called gaslighting, and it is a tool of oppressors the world over. When we are told the city doesn’t have a race problem, this is gaslighting – denying racism and denying the pain that this causes the people who live in this city. Because it’s not only black people who feel this pain, it’s white people also who know that there is a problem here, and who are in solidarity and who also do not want to be accused or also seen to be in league with the racists. All this racism, yet there are no racists? How is that possible?

And that is the heart of the matter. We have a general lack of sympathy for others, and more importantly a lack of empathy, in this country. However, in Cape Town there’s an acute case of this ailment. An admission that these things occur, and at too frequent a rate and too high a volume, shows empathy. Not guilt – empathy.

The conversation we should continue to have is one that includes those who exclude us. One that says the people who are the problem have to be part of the solution. Black people may not have entirely forgiven, and nor will they ever forget and shouldn’t ever be asked to forget. That is also a problem in this country – white people telling black people to forget what was clearly a crime against humanity. This certainly makes it seem that enough white people have little empathy for those who do not look like them. They need to do better. Can we have that discussion about greater empathy, not only of whites for blacks, but of all of us for all of us?

About Luso Mnthali: Born in Malawi, grew up in Gaborone, Botswana. Called the US home for a decade, currently live in Cape Town, South Africa. Books and travel, arts and culture addict.

The post Denying Racism in Cape Town Is About Lack of Empathy appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesFive Reasons Why Gendered Products are a Problem

Our Pointlessly Gendered Products Pinterest board is funny, no doubt. When people make male and female versions of things like eggs, dog shampoo, and pickles, you can’t help but laugh. But, of course, not it’s not just funny. Here are five reasons why.

1. Pointlessly gendered products affirm the gender binary.

Generally speaking, men and women today live extraordinarily similar lives. We grow up together, go to the same schools, and have the same jobs. Outside of dating — for some of us — and making babies, gender really isn’t that important in our real, actual, daily lives.

These products are a backlash against this idea, reminding us constantly that gender is important, that it really, really matters if you’re male and female when, in fact, that’s rarely the case.

2

But if there were no gender difference, there couldn’t be gender inequality; one group can’t be widely believed to be superior to the other unless there’s an Other. Hence, #1 is important for #3.

Affirming the gender binary also makes everyone who doesn’t fit into it invisible or problematic. This is, essentially, all of us. Obviously it’s a big problem for people who don’t identify as male or female or for those whose bodies don’t conform to their identity, but it’s a problem for the rest of us, too. Almost every single one of us takes significant steps every day to try to fit into this binary: what we eat, whether and how we exercise, what we wear, what we put on our faces, how we move and talk. All these things are gendered and when we do them in gendered ways we are forcing ourselves to conform to the binary.

2. Pointlessly gendered products reinforce stereotypes.

Pointlessly gendering products isn’t just about splitting us into two groups, it’s also about telling us what it means to be in one of those boxes. Each of these products is an opportunity to remind us.

3

3. Pointlessly gendered products tell us explicitly that women should be subordinate to or dependent on men.

All too often, gender stereotypes are not just about difference, they’re about inequality. The products below don’t just affirm a gender binary and fill it with nonsense, they tell us in no uncertain terms that women and men are expected to play unequal roles in our society.

Girls are nurses, men are doctors:

4

Girls are princesses, men are kings:

12

4. Pointlessly gendered products cost women money.

Sometimes the masculine and feminine version of a product are not priced the same. When that happens, the one for women is usually the more expensive one. If women aren’t paying attention — or if it matters to them to have the “right” product — they end up shelling out more money.  Studies by the state of California, the University of Central Florida, and Consumer Reports all find that women pay more. In California, women spent the equivalent of $2,044 more a year (the study was done in 1996, so I used an inflation calculator).

This isn’t just something to get mad about. This is real money. It’s feeding your kids, tuition at a community college, or a really nice vacation. When women are charged more it harms our ability to support ourselves or lowers our quality of life.

5. Pointlessly gendered products are stupid. There are better ways to deliver what people really need.

One of the most common excuses for such products is that men and women are different, but most of the time they’re using gender as a measure of some other variable. In practice, it would be smarter and more efficient to just use the variable itself.

For example, many pointlessly gendered products advertise that the one for women is smaller and, thus, a better fit for women. The packaging on these ear buds, sent in by LaRonda M., makes this argument.

2

Maybe some women would appreciate smaller earbuds, but it would still be much more straightforward to make ear buds in different sizes and let the user decide which one they wanted to use.

Products like these make smaller men and larger women invisible. They also potentially make them feel bad or constrain their choices. When the imperative for women is to be small and dainty, how do women who don’t use smaller earbuds feel?  Or, maybe the small guy who wants to learn how to play guitar never will because men’s guitars don’t fit him and he won’t be caught dead playing this:

1b

14

In sum, pointlessly gendered products aren’t just a gag. They’re a ubiquitous and aggressive ideological force, shaping how we think, what we do, and how much money we have. Let’s keep laughing, but let’s not forget that it’s serious business, too.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Mark ShuttleworthSmart things powered by snappy Ubuntu Core on ARM and x86

“Smart, connected things” are redefining our home, work and play, with brilliant innovation built on standard processors that have shrunk in power and price to the point where it makes sense to turn almost every “thing” into a smart thing. I’m inspired by the inventors and innovators who are creating incredible machines – from robots that might clean or move things around the house, to drones that follow us at play, to smarter homes which use energy more efficiently or more insightful security systems. Prooving the power of open source to unleash innovation, most of this stuff runs on Linux - but it’s a hugely fragmented and insecure kind of Linux. Every device has custom “firmware” that lumps together the OS and drivers and devices-specific software, and that firmware is almost never updated. So let’s fix that!

Ubuntu is right at the heart of the “internet thing” revolution, and so we are in a good position to raise the bar for security and consistency across the whole ecosystem. Ubuntu is already pervasive on devices – you’ve probably seen lots of “Ubuntu in the wild” stories, from self-driving cars to space programs and robots and the occasional airport display. I’m excited that we can help underpin the next wave of innovation while also thoughtful about the responsibility that entails. So today we’re launching snappy Ubuntu Core on a wide range of boards, chips and chipsets, because the snappy system and Ubuntu Core are perfect for distributed, connected devices that need security updates for the OS and applications but also need to be completely reliable and self-healing. Snappy is much better than package dependencies for robust, distributed devices.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/SugRYxEtEKQ" width="560"></iframe>

Transactional updates. App store. A huge range of hardware. Branding for device manufacturers.

In this release of Ubuntu Core we’ve added a hardware abstraction layer where platform-specific kernels live. We’re working commercially with the major silicon providers to guarantee free updates to every device built on their chips and boards. We’ve added a web device manager (“webdm”) that handles first-boot and app store access through the web consistently on every device. And we’ve preserved perfect compatibility with the snappy images of Ubuntu Core available on every major cloud today. So you can start your kickstarter project with a VM on your favourite cloud and pick your processor when you’re ready to finalise the device.

If you are an inventor or a developer of apps that might run on devices, then Ubuntu Core is for you. We’re launching it with a wide range of partners on a huge range of devices. From the pervasive Beaglebone Black to the $35 Odroid-C1 (1Ghz processor, 1 GB RAM), all the way up to the biggest Xeon servers, snappy Ubuntu Core gives you a crisp, ultra-reliable base platform, with all the goodness of Ubuntu at your fingertips and total control over the way you deliver your app to your users and devices. With an app store (well, a “snapp” store) built in and access to the amazing work of thousands of communities collaborating on Github and other forums, with code for robotics and autopilots and a million other things instantly accessible, I can’t wait to see what people build.

I for one welcome the ability to install AI on my next camera-toting drone, and am glad to be able to do it in a way that will get patched automatically with fixes for future heartbleeds!

Worse Than FailureCodeSOD: Images...Why Settle for Just One?

Grab a handful...you know you want to!We've all seen folks who have trouble dealing with for-switch statements, exception handling, dates/times and so forth. As such, it should come as no surprise that people have at least as much trouble dealing with images.

In practice, there are only so many things you can do with an image. You can load it from a file or URL. You can calculate its size. You can stuff it into some buffer. You can even display it in a variety of ways. As long as you have a graphics library handy, one would think that these things would be fairly straightforward tasks.

One would think.

Thomas works on a system that extracts images from a PDF, uses a third-party product to process them, and them puts the processed images back into the original PDF.

Of the many tasks involved in this process, he encountered two that stuck out as particularly well-designed...

First is the complex task of determining the number of bytes in an image. While:

  return Imgbyte.Length;

...would make most people happy, the author of this ingenuity decided that a whole lot more was required:

private static int GetPhysicalFileSize(byte[] Imgbyte, string InputObject, string OutFolder) {
  int PhysicalFileSize = 0;
  try {
      ExtractImage(Imgbyte, "Photo_" + InputObject + ".jpg", OutFolder);
      var Outfile = OutFolder + "\\Photo_" + InputObject + ".jpg";
      if (File.Exists(Outfile)) {
         FileInfo fi2 = new FileInfo(Outfile);
         PhysicalFileSize = (int)fi2.Length;
      }
      if (File.Exists(Outfile)) {
         File.Delete(Outfile);
      }
  } catch (Exception ex) {
    Trace.WriteError(ex);
  }
  return PhysicalFileSize;
}

Of course, When this developer went to actually process the image, he went a little bit further off the deep end, and passed an image by ref, copied it into another bitmap, read it into a memory stream, saved it on disk, and then copied it into a byte array...

private static byte[] ProcessImage(Bitmap bm, int Imageid, out bool processResult) {
  byte[] bmpBytes = null;
  // [snip]
  EncoderParameters eps = new EncoderParameters(1);
  eps.Param[0] = new EncoderParameter(Encoder.Quality, Config.CompressionRatio);
  var jpegCodecInfo = GetEncoderInfo("image/jpeg");
  try {
      using (Bitmap bmp = new Bitmap(bm)) {
        using (MemoryStream ms = new MemoryStream()) {
          bmp.Save(ms, jpegCodecInfo, eps);
          if (Config.ImplementEnhancedImage) {
             bmp.Save(Config.TempImageProcessing + 
                      "\\Output from Perfect Clear_" + 
                      Imageid + ".jpg",
                      jpegCodecInfo, 
                      eps);
          }
          bmpBytes = ms.GetBuffer();
        }
      }
  } catch (Exception ex) {
    processResult = false;
  }
  return bmpBytes;
}
[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet Linux AustraliaClinton Roy: clintonroy

Slowly getting back into the swing of things, walked into work at stupid o’clock in the morning. Spending the afternoon at The Edge. Catching up on a few days of this diary.

Gearing up for the LCA debrief at Humbug, trying to not do it so off-the-cuff this year, organising the notes online in our wiki.


Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

Waking up in a stupidly muggy Brisbane. Realised how happy I should be at having avoided this weather for a week.

Bussed to work, had to take have a shower when I got into work!


Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

Windy Wellington!

Breaky and fancy coffee at..the coffee hangar I think? Then trooped back for the free Air New Zealand exhibit at Te Papa.

Headed to the airport quite early as I was completely drained by this point. The temperature and humidity levels back in Brisbane were quite confronting, I got very little sleep this night.


Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

New Zealand!

Partook in Geeks On A Train today, from Auckland down to Wellington, quite happy with how it all went. Just about all of the photos in my LCA2015 album are taken on the train.

It was nice disconnecting from the conference and technology for a bit. And I have a feeling that the trip will be quite an important one to remember in the future.


Filed under: diary

Planet Linux AustraliaMichael Still: Another lunch time walk

My arm still hurts, so no gym again. Instead, another lunch time walk although this one was shorter. The skies were dramatic, but no rain unfortunately. I found GC1DEFB during this walk.

   

Interactive map for this route.

Tags for this post: blog pictures 20150120-geocaching photo canberra tuggeranong bushwalk geocaching
Related posts: Lunchtime geocaching; A walk around Mount Stranger; Taylor Trig; Urambi Trig; Walk up Tuggeranong Hill; A quick walk to William Farrer's grave

Comment

Planet Linux AustraliaClinton Roy: clintonroy

Auckland!

The morning keynote really did feel like a kick in the guts to all the work that we’ve been doing, and is a horrible tail end to a conference that started with the wonderful community leadership summit. I later quipped that keynotes should be at the end of the day in case the only rational response was drinking.

Fortunately there was a light hearted Paul McKenny talk later in the day that lifted my spirits.

And on an even better note, the main organiser for Geelong is not going to put up with such shit from Linus.


Filed under: diary

Planet DebianRaphael Geissert: Edit Debian, with iceweasel

Soon after publishing the chromium/chrome extension that allows you to edit Debian online, Moez Bouhlel sent a pull request to the extension's git repository: all the changes needed to make a firefox extension!

After another session of browser extensions discovery, I merged the commits and generated the xpi. So now you can go download the Debian online editing firefox extension and hack the world, the Debian world.

Install it and start contributing to Debian from your browser. There's no excuse now.

Planet Linux AustraliaTim Serong: ‘Sup With The Tablet?

As I mentioned on Twitter last week, I’m very happy SUSE was able to support linux.conf.au 2015 with a keynote giveaway on Wednesday morning and sponsorship of the post-conference Beer O’Clock at Catalyst:

For those who were in attendance, I thought a little explanation of the keynote gift (a Samsung Galaxy Tab 4 8″) might be in order, especially given the winner came up to me during the post-conference drinks and asked “what’s up with the tablet?”

To put this in perspective, I’m in engineering at SUSE (I’ve spent a lot of time working on high availabilitydistributed storage and cloud software), and while it’s fair to say I represent the company in some sense simply by existing, I do not (and cannot) actually speak on behalf of my employer. Nevertheless, it fell to me to purchase a gift for us to provide to one lucky delegate sensible enough to arrive on time for Wednesday’s keynote.

I like to think we have a distinct engineering culture at SUSE. In particular, we run a hackweek once or twice a year where everyone has a full week to work on something entirely of their own choosing, provided it’s related to Free and Open Source Software. In that spirit (and given that we don’t make hardware ourselves) I thought it would be nice to be able to donate an Android tablet which the winner would either be able to hack on directly, or would be able to use in the course of hacking something else. So I’m not aware of any particular relationship between my employer and that tablet, but as it says on the back of the hackweek t-shirt I was wearing at the time:

Some things have to be done just because they are possible.
Not because they make sense.

 

,

Planet DebianDaniel Pocock: jSMPP project update, 2.1.1 and 2.2.1 releases

The jSMPP project on Github stopped processing pull requests over a year ago and appeared to be needing some help.

I've recently started hosting it under https://github.com/opentelecoms-org/jsmpp and tried to merge some of the backlog of pull requests myself.

There have been new releases:

  • 2.1.1 works in any project already using 2.1.0. It introduces bug fixes only.
  • 2.2.1 introduces some new features and API changes and bigger bug fixes

The new versions are easily accessible for Maven users through the central repository service.

Apache Camel has already updated to use 2.1.1.

Thanks to all those people who have contributed to this project throughout its history.

Geek FeminismInternet freedom and the EFF’s anti-harassment statement

Today we’re featuring two separate guest posts about online harassment: Dr. Alice Marwick’s post about her research proposal for studying why men harass women online — with a link to a site where you can vote for this proposal to be funded! — and this one, taking a closer look at the EFF‘s recent anti-harassment statement.

This is a guest post from Jem Yoshioka, a writer and illustrator from New Zealand. She grew up on the internet, connecting with people all around the world who like to draw and write. She uses the internet constantly, like many other people on the planet. However, a part of loving something means knowing when it’s a bit broken, and the internet is definitely that. Jem’s illustration work is available online and you can follow her on Twitter.

I’d love to say that the statement EFF made on the 8th of January was anything but a disappointment, but it is. The fervent devotion to free speech over everything else ends up alienating me (and many others, I’m sure). Yes, I believe in the vital importance of freedom of the press and the freedom from being censored, prosecuted or incarcerated by governments based on the expression of thoughts. But I also believe that harmful and dangerous abusive behaviour by individuals and hate groups needs to be identified and actively stamped out. It needs to be the responsibility of us all, not just the people who find themselves targeted. This is the responsibility that we take on as members of a community. We’re watching people’s lives burn to the ground and the EFF brings a watering can filled with weak platitudes.

The Internet isn’t built for everyone

Internet freedom. It sounds pretty good on paper. An open and uncapturable internet with truly utopian beliefs and ideals about equality. In our rosiest narratives, the internet is one of the most incredible and liberating human inventions in recent history, and it’s certainly changing how we all live our lives. However, this utopian internet — a place where we can all live, work, socialise and act harmoniously together — has never and most likely will never exist. This is because the internet is largely built with the same patriarchal, cis, white male structures that “real world” societies are built with. It’s built from the same essential building blocks, and those blocks’ stresses, cracks and faults continue to harm the same people.

The internet is designed by and for straight, white, cis dudes. If you look at any of the startups currently vying for your valuable time and attention, you will see numbers of far, far more men than women and almost every single one of them will be white. The higher up you go, the whiter and more male it gets. If you follow the money that’s funding these ventures, you’ll notice a lot of them bear a striking resemblance to each other and also to a tall glass of milk.

White, hetero, cis male privilege is unaware of itself, but this is in part because it’s unaware of everyone else. And if these people are building our infrastructure, then there’s an awful lot of essential tools they’re missing because of their ignorance.

The places these people build are becoming increasingly more essential to our businesses, our work and our social lives, whether we like it or not. The dominance of platforms like Twitter and Facebook is strongly influencing we all use the internet and who can safely use the internet. When push comes to shove, the system protects the people who designed it for their own use; but everyone else is constantly placed at risk both in their online activities and in their physical space.

The thorny topic of harassment

Harassment was the hot-button word of 2014. It seemed like things reached some magical media tipping point and all of a sudden, women receiving rape and death threats online counted as proper “real world” news. But as many of us who are the targets (or potential targets) of this kind of harassment know, this behaviour isn’t something that’s just sprung up magically in the last year. It’s the festering muck that’s been lingering at the bottom of potentially every page, probably since the comment section was invented.

Being a woman on the internet is like playing with a ticking time bomb where you can’t see the timer. It could go off any second, or never, or in five years. It could go off because of something you said or someone else, or something completely unrelated to you. It could be because you like a hobby mostly boys like, or you’ve written that you’re fed up with inequality and sexism, or you’d just like a woman’s face to be on a bank note. It’s all stuff that it’s well within our rights as humans to discuss and have opinions about. But if you do so as a woman, you risk being hit with a harassment bomb.

When a harassment bomb detonates, it ruins lives. Private information is shared, companies boycotted, parents’ phone numbers called. Death threats are sent to conventions where victims plan to speak. Victims are blamed and accused of being “professional victims” all the while, the harassers push for their own financial and social profit.

It’s a constant struggle to write, share, and operate normally in the face of constant harassment. Not all of us are strong enough to stand against a tsunami of verbal and visual effluence day after day, and still manage time to build, construct, run, and manage a business. It’s exhausting even to witness from a safe distance, let alone live through. (Those that do manage, let me just say that I love you and everything you bring us, and your voice means the entire world to me. But I do wish you didn’t have to spend so much of your brilliance keeping your safety watertight.)

Since the targets of online harassment are most often marginalised people, this means we are losing voices. Targets are more likely to be women, of colour, trans, disabled, poor, or informally educated. Usually a mix of things because humans don’t tend to sit nicely in categorised boxes. Not everyone who faces this harassment can cut it, and they shouldn’t have to in order to do a simple thing like be active on the internet. We have no idea how many people have quit or won’t even start down this path because of harassment.

What’s wrong with the EFF’s picture

The EFF as an organisation stands up for a lot of the same things that I want to stand up for. Removal of restrictive DRM, power to people instead of governments, critical looks at spying laws and tackling issues of security. But when it comes to matters that involve harassment or the internet’s own structural biases, they are comparatively quiet. Since harassment silences and self-censors so many of our most marginalised voices, I would assume that an organisation like the EFF would jump onto the issue with all guns blazing. They have commented in the past in small doses, but they often take a relatively conservative approach in order to protect the “real” issue of actual proper free speech.

I’d love to say that the statement EFF made on the 8th of January was anything but a disappointment, but it is. The fervent devotion to free speech over everything else ends up alienating me (and many others, I’m sure). Yes, I believe in the vital importance of freedom of the press and the freedom from being censored, prosecuted or incarcerated by governments based on the expression of thoughts. But I also believe that harmful and dangerous abusive behaviour by individuals and hate groups needs to be identified and actively stamped out. It needs to be the responsibility of us all, not just the people who find themselves targeted. This is the responsibility that we take on as members of a community. We’re watching people’s lives burn to the ground and the EFF brings a watering can filled with weak platitudes.

What we are seeing with online abuse can’t be mistaken for a disagreement of opinion. It’s not a couple of people having a swear-off or even just one person losing their cool at another. It’s constant, structured campaigns of active and malicious behaviour, much of it already illegal under existing law. I’m confused as to why it’d even be controversial to take a strong stand against it.

The EFF blames victims. The focus of their suggestions is on potential victims and users needing to learn self-protection, rather than addressing the very clear underlying systemic and cultural elements that allow harassment to flourish. They discount that many victims do already protect themselves — as much as online systems can possibly allow. Even with significant amounts of filtering, muting and blocking, their time and energy is being diverted from enjoying their time online to a constant battle for space and safety.

The EFF say that if only Twitter unlocked its API, third party creators could develop better tools to protect users. And yes, that’s a possibility. But for this possibility to be viable, someone needs to devote an awful lot of their time, skill and energy just to ensure a platform becomes marginally safer, which Twitter should be doing for its users in the first place.

Companies that profit from our data should be doing more to keep us as users safe. We should be able to have systems in place to protect us, built by full-time staff who are paid a living wage. We shouldn’t have to donate our own time to build such systems for ourselves, on top of whatever other work we need to do to keep ourselves and our families safe, fed, and sheltered. It’s your system that’s broken; you need to fix it. Pay someone to fix it. Put it in your business roadmaps. Hire people who know about this stuff. Stop building on top of the same structures that punish marginalised people.

It seems to be the EFF’s position that harassment needs to be condoned to some extent if we want free speech. If we get too tough on harassment, it’ll mostly end up getting used to punish free speech by governments instead of harassment at all. This idea that censorship trickles down is ridiculous, because marginalised people are already facing self-censorship of their work on a daily basis out of fear of harassment. It’s already happening, and we’re not being helped or protected except by each other.

The internet is white. The internet is male. Most of the internet speaks English. If you aren’t or don’t do these things, you are actively and continuously put under pressure to ensure conformity. If you continuously fail to conform, you are sent harassing messages, death and rape threats, and have your whole life twisted upside down for you and then blamed for it.

I love the internet. It’s my home. It’s where I’ve met most of my friends and how I keep connected with my family. It helps me to connect with new clients and keeps me informed of current events. It’s been a teacher, a friend, and my external memory component (effectively making me a cyborg). It improves my life in little and incalculable ways every day. However, the dark, hostile side can’t be ignored or tolerated. In order for the internet to be the best internet it can be, it needs to be better for everyone. We need to all be safe online, not just those of us who know how to protect ourselves or are lucky enough to never be targets. We need it to be a priority of the bigger fish, of our governments and of our advocacy organisations. We deserve to be safe.

RacialiciousReddit AMA: James Mickens on Being Black and STEM

Enjoying MLK Day? Please join us over at Reddit at 2 PM ET where we will talk to James Mickens:

On MLK Day (1/19) at 2 p.m. computer scientist James Mickens will be doing a Reddit “Ask Me Anything” (AMA), where he’ll field questions about his work, how he got into STEMs, and what it’s like to be a person of color in computer science.

The post Reddit AMA: James Mickens on Being Black and STEM appeared first on Racialicious - the intersection of race and pop culture.

Krebs on SecurityHow Was Your Credit Card Stolen?

Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a close eye on their card statements and report any fraud. But it occurred to me recently that I’ve never published a primer on the types of card fraud and the likelihood with each of the cardholder ever learning how their account was compromised. This post is an effort to remedy that.

carddominoesThe card associations (Visa, MasterCard, et. al) very often know which merchant was compromised before even the banks or the merchant itself does. But they rarely tell banks which merchant got hacked. Rather, in response to a breach, the card associations will send each affected bank a list of card numbers that were compromised.

The bank may be able to work backwards from that list to the breached merchant if the merchant in question is not one that a majority of their cardholders shop at in a given month anyway. However, in the cases where banks do know which merchant caused a card to be compromised and/or replaced, the banks rarely share that information with their customers.

Here’s a look at some of the most common forms of credit card fraud:

Hacked main street merchant, restaurant:
Most often powered by malicious software installed on point-of-sale devices remotely.

Distinguishing characteristic: Most common and costly source of card fraud. Losses are high because crooks can take the information and produce counterfeit cards that can be used in big box stores to buy gift cards and/or expensive goods that can be easily resold for cash.

Chances of consumer learning source of fraud: Low, depending on customer card usage.

Processor breach:
A network compromise at a company that processes transactions between credit card issuing banks and merchant banks.

Distinguishing characteristic: High volume of card accounts can be stolen in a very short time.

Chances of consumer learning source of fraud: Virtually nil. Processor breaches are rare compared to retail break-ins, but it’s also difficult for banks to trace back fraud on a card to a processor. Card associations/banks generally don’t tell consumers when they do know.

Hacked point-of-sale service company/vendor:

Distinguishing characteristic: Can be time-consuming for banks and card associations to determine vendor responsible. Fraud is generally localized to a specific town or geographic region served by vendor.

Chances of consumer learning source of fraud: Low, given that compromised point-of-sale service company or vendor does not have a direct relationship with the card holder or issuing bank.

Hacked E-commerce Merchant:
A database or Web site compromise at an online merchant.

Distinguishing characteristic: Results in online fraud. Consumer likely to learn about fraud from monthly statement, incorrectly attribute fraud to merchant where unauthorized transaction occurred. Bank customer service representatives are trained not to give out information about the breached online merchant, or address information associated with the fraudulent order.

Chances of consumer learning source of fraud: Nil to low.

A Bluetooth enabled gas pump skimmer lets thieves retrieve stolen card and PIN data wirelessly while they gas up.

A Bluetooth enabled gas pump skimmer lets thieves retrieve stolen card and PIN data wirelessly while they gas up.

ATM or Gas Pump Skimmer:
Thieves attach physical fraud devices to ATMs and pumps to steal card numbers and PINs. For more on skimmers, see my All About Skimmers series.

Distinguishing characteristic: Fraud can take many months to figure out. Often tied to gang activity.

Chances of consumer learning source of fraud: High. Bank should disclose to cardholder the source of the fraud and replace stolen funds.

Crooked employee:
Uses hidden or handheld device to copy card for later counterfeiting.

Distinguishing characteristic: Most frequently committed by restaurant workers. Often tied to a local crime rings, or seasonal and transient workers.

Chances of consumer learning source of fraud: Nil to low.

Lost/Stolen card:

Distinguishing characteristic: The smallest source of fraud on cards. Consumer generally knows immediately or is alerted by bank to suspicious transactions, which often involve small test transactions to see if the card is still active — such as at automated gas station pumps.

Chances of consumer learning source of fraud: High.

Malware on Consumer PC

Distinguishing characteristic: Malicious software that hooks into the victim’s browser, and records all data submitted into Web site forms, including credit card information. Leads to authorized online charges.

Chances of consumer learning source of fraud: Discovering the infection? Fairly good. Definitively tying card-not-present card fraud to a malware infection? Very low.

Physical record theft:
Merchant, government agency or some other entity charged with storing and protecting card data improperly disposes of card account records.

Distinguishing characteristic: Usually not high-volume. Less common form of fraud than it used to be.

Chances of consumer learning source of fraud: Nil to low.

I hope it’s clear from the above that most consumers are unlikely to discover the true source or reason for any card fraud. It’s far more important for cardholders to keep a close eye on their statements for unauthorized charges, and to report that activity as quickly as possible.

Geek FeminismLet’s Talk to the Men This Time: Combating Online Harassment

Today we’re featuring two separate guest posts, both about online harassment. Stay tuned for the second one!

This is a guest post from Alice Marwick, PhD. Dr. Marwick is the Director of the McGannon Center for Communication Research and is an Assistant Professor of Communication and Media Studies at Fordham University.

Over the last two years, gendered online harassment has finally been recognized as a significant issue. High-profile cases of women doxed, attacked, or shamed in public, often those speaking out about sexism, highlight the ways in which the technical affordances of the internet enable systemic persecution. The same technologies which allow for positive collaboration and creativity can—and are—used to threaten, provoke, and hector journalists, bloggers, software developers, activists, or even just random people online with disturbing regularity.

This is a difficult problem to solve. The desire to harass women is not a virus spread by the internet that strikes individuals at random. Instead, it’s fueled by very real, and very complicated, underpinnings of structural misogyny (and, often, racism, homophobia, and classism as well) that affect who gets harassed. During the panic over cyberbullying a few years ago, LGBT activists implored the press to remember that implementing anti-bullying campaigns without addressing larger issues of trans- and homophobia ignored the underlying issues. I’m currently working to do something similar with gendered online harassment.

Many well-meaning people are proposing a host of legal and technical solutions, from eliminating online anonymity, to reinforcing anti-harassment statutes currently on the books, to increasing moderation in online communities. Some of these solutions may work, and some may not. But I share the EFF’s concerns; we shouldn’t use gendered online harassment, as awful as it is, to chip away at protections for online speech. Online anonymity is frequently used by activists, domestic violence survivors, and sexual minorities as a protective tactic. And companies like Facebook and Reddit, who are not legally required to actively patrol harassment on their platforms, have shown themselves unwilling to invest in greater moderation or content regulation.

Even given all these suggestions, we still have very little information both about why people choose to harass others—and, more broadly—why men adopt, adhere to, and spread sexist and misogynist views. You’d think the latter would have been extensively researched in the 1970s, but it seems to have been barely studied at all. I (and two PhD-level research assistants) have been unable to find any major studies identifying motivations for men adopting sexist views, let alone motivations for harassing women, whether that be sexual harassment, street harassment, or online harassment. (I would be extremely happy if you could comment with any studies you may know of and I can be proven wrong). But this is the missing piece. Without understanding why people are harassing others online, we cannot accurately solve this problem.

So I’m posting this to ask for a favor. A project I’m involved with is currently up for a People’s Choice Award in the fifth Digital Media and Learning grant competition (called the Trust Challenge). Together with another professor at Fordham, Gregory Donovan—who’s worked extensively with diverse groups of young people in NYC on other participatory research projects—we’re hoping to study harassers with the collaboration of young women who’ve been harassed. We think it’s extremely important to involve victims of online harassment to avoid the paternalism that often comes into play when creating solutions to help young women. The information and expertise provided by a focus group of young, diverse New York City area women will help us understand where this harassment takes place, what it looks like, and how to combat it. It will also inform the second half of the project. We hope to identify, contact, and interview people online who have harassed others. From these people, we want to understand motivations. Is it for the lulz? Do they identify as trolls? Is it because they subscribe to a Men’s Rights ideology? Is it a way to let out aggression? With the information we learn from both groups, we hope to create best practices for tech companies and legislators to design any strategies to combat harassment. We hope to include not solely harassment for being feminist, but harassment for merely existing as a woman online—especially a woman of color, a queer woman, or someone with an intersectional perspective.

Please vote for our project on the DML website. It takes a second—just click the heart—and it gets us one step closer to getting this project fully funded. We’re asking for money to support summer funding for both of us, a semester off for Gregory so he can devote himself to the project, incentives for our participants, and a grad student to help out with the project. We hope that you’ll agree that this project is worth funding.

(We also encourage you to check out FemTechNet’s project which focuses on creating educational content to combat harassment of feminists specifically).

RacialiciousAre You Ready for #TheTalk?

MTV’s Look Different campaign is doing a full multiscreen take over for Martin Luther King Jr. Day,

According to a 2014 MTV study*, 73% of Millennials believe having more open constructive conversations about bias would help people become less prejudiced.

“Millennials believe strongly in fairness, but they can also find it difficult to talk openly about race – to be not simply ‘color blind’ but ‘color brave,’ said Stephen Friedman, President of MTV. “Our audience is looking for a way to bring the national conversation on race into their homes and this campaign will give them a forum to express true color bravery.”

#TheTalk will begin at 9:00 a.m. ET/PT on Martin Luther King, Jr. Day when MTV will kick off a 12-hour period in which all programming will air in black and white for the first time in the network’s history. Every commercial block will begin with personal reflections on race from luminaries including Kendrick Lamar, Common, Big Sean, Ava DuVernay, David Oyelowo, Penn Badgley, Jordin Sparks, Pete Wentz, Sen. Rand Paul, Rep. John Lewis, Sen. Cory Booker and more.

One of the ideas they referenced, “color brave,” is from Melody Hobson’s TED Talk:

<iframe allowfullscreen="allowFullScreen" frameborder="0" height="360" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="https://embed-ssl.ted.com/talks/mellody_hobson_color_blind_or_color_brave.html" webkitallowfullscreen="webkitAllowFullScreen" width="640"></iframe>

Read MTV’s study on Millennials and Bias here.

Share your experiences with #TheTalk here.

(Easter Egg: I’m in the “activist” video on the site.)

The post Are You Ready for #TheTalk? appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesMartin Luther King Jr., Sociology Major

B.A. in Sociology, Morehouse College, Class of 1948. 

Our annual Martin Luther King Jr. Day post, courtesy of The King Center.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianDaniel Pocock: Storage controllers for small Linux NFS networks

While contemplating the disk capacity upgrade for my Microserver at home, I've also been thinking about adding a proper storage controller.

Currently I just use the built-in controller in the Microserver. It is an AMD SB820M SATA controller. It is a bottleneck for the SSD IOPS.

On the disks, I prefer to use software RAID (such as md or BtrFs) and not become dependent on the metadata format of any specific RAID controller. The RAID controllers don't offer the checksumming feature that is available in BtrFs and ZFS.

The use case is NFS for a small number of workstations. NFS synchronous writes block the client while the server ensures data really goes onto the disk. This creates a performance bottleneck. It is actually slower than if clients are writing directly to their local disks through the local OS caches.

SSDs on an NFS server offer some benefit because they can complete write operations more quickly and the NFS server can then tell the client the operation is complete. The more performant solution (albeit with a slight risk of data corruption) is to use a storage controller with a non-volatile (battery-backed or flash-protected) write cache.

Many RAID controllers have non-volatile write caches. Some online discussions of BtrFs and ZFS have suggested staying away from full RAID controllers though, amongst other things, to avoid the complexities of RAID controllers adding their metadata to the drives.

This brings me to the first challenge though: are there suitable storage controllers that have a non-volatile write cache but without having other RAID features?

Or a second possibility: out of the various RAID controllers that are available, do any provide first-class JBOD support?

Observations

I looked at specs and documentation for various RAID controllers and identified some of the following challenges:

Next steps

Are there other options to look at, for example, alternatives to NFS?

If I just add in a non-RAID HBA to enable faster IO to the SSDs will this be enough to make a noticeable difference on the small number of NFS clients I'm using?

Or is it inevitable that I will have to go with one of the solutions that involves putting a vendor's volume metadata onto JBOD volumes? If I do go that way, which of the vendors' metadata formats are most likely to be recognized by free software utilities in the future if I ever connect the disk to a generic non-RAID HBA?

Thanks to all those people who provided comments about choosing drives for this type of NAS usage.

Related reading

Geek FeminismHappy Martin Luther King, Jr. Day

Letter from a Birmingham Jail, Martin Luther King, Jr.

16 April 1963
My Dear Fellow Clergymen:
While confined here in the Birmingham city jail, I came across your recent statement calling my present activities “unwise and untimely.” Seldom do I pause to answer criticism of my work and ideas. If I sought to answer all the criticisms that cross my desk, my secretaries would have little time for anything other than such correspondence in the course of the day, and I would have no time for constructive work. But since I feel that you are men of genuine good will and that your criticisms are sincerely set forth, I want to try to answer your statement in what I hope will be patient and reasonable terms.

I think I should indicate why I am here in Birmingham, since you have been influenced by the view which argues against “outsiders coming in.” I have the honor of serving as president of the Southern Christian Leadership Conference, an organization operating in every southern state, with headquarters in Atlanta, Georgia. We have some eighty five affiliated organizations across the South, and one of them is the Alabama Christian Movement for Human Rights. Frequently we share staff, educational and financial resources with our affiliates. Several months ago the affiliate here in Birmingham asked us to be on call to engage in a nonviolent direct action program if such were deemed necessary. We readily consented, and when the hour came we lived up to our promise. So I, along with several members of my staff, am here because I was invited here. I am here because I have organizational ties here.

But more basically, I am in Birmingham because injustice is here. Just as the prophets of the eighth century B.C. left their villages and carried their “thus saith the Lord” far beyond the boundaries of their home towns, and just as the Apostle Paul left his village of Tarsus and carried the gospel of Jesus Christ to the far corners of the Greco Roman world, so am I compelled to carry the gospel of freedom beyond my own home town. Like Paul, I must constantly respond to the Macedonian call for aid.

Moreover, I am cognizant of the interrelatedness of all communities and states. I cannot sit idly by in Atlanta and not be concerned about what happens in Birmingham. Injustice anywhere is a threat to justice everywhere. We are caught in an inescapable network of mutuality, tied in a single garment of destiny. Whatever affects one directly, affects all indirectly. Never again can we afford to live with the narrow, provincial “outside agitator” idea. Anyone who lives inside the United States can never be considered an outsider anywhere within its bounds.

You deplore the demonstrations taking place in Birmingham. But your statement, I am sorry to say, fails to express a similar concern for the conditions that brought about the demonstrations. I am sure that none of you would want to rest content with the superficial kind of social analysis that deals merely with effects and does not grapple with underlying causes. It is unfortunate that demonstrations are taking place in Birmingham, but it is even more unfortunate that the city’s white power structure left the Negro community with no alternative.

In any nonviolent campaign there are four basic steps: collection of the facts to determine whether injustices exist; negotiation; self purification; and direct action. We have gone through all these steps in Birmingham. There can be no gainsaying the fact that racial injustice engulfs this community. Birmingham is probably the most thoroughly segregated city in the United States. Its ugly record of brutality is widely known. Negroes have experienced grossly unjust treatment in the courts. There have been more unsolved bombings of Negro homes and churches in Birmingham than in any other city in the nation. These are the hard, brutal facts of the case. On the basis of these conditions, Negro leaders sought to negotiate with the city fathers. But the latter consistently refused to engage in good faith negotiation.

Then, last September, came the opportunity to talk with leaders of Birmingham’s economic community. In the course of the negotiations, certain promises were made by the merchants–for example, to remove the stores’ humiliating racial signs. On the basis of these promises, the Reverend Fred Shuttlesworth and the leaders of the Alabama Christian Movement for Human Rights agreed to a moratorium on all demonstrations. As the weeks and months went by, we realized that we were the victims of a broken promise. A few signs, briefly removed, returned; the others remained. As in so many past experiences, our hopes had been blasted, and the shadow of deep disappointment settled upon us. We had no alternative except to prepare for direct action, whereby we would present our very bodies as a means of laying our case before the conscience of the local and the national community. Mindful of the difficulties involved, we decided to undertake a process of self purification. We began a series of workshops on nonviolence, and we repeatedly asked ourselves: “Are you able to accept blows without retaliating?” “Are you able to endure the ordeal of jail?” We decided to schedule our direct action program for the Easter season, realizing that except for Christmas, this is the main shopping period of the year. Knowing that a strong economic-withdrawal program would be the by product of direct action, we felt that this would be the best time to bring pressure to bear on the merchants for the needed change.

Then it occurred to us that Birmingham’s mayoral election was coming up in March, and we speedily decided to postpone action until after election day. When we discovered that the Commissioner of Public Safety, Eugene “Bull” Connor, had piled up enough votes to be in the run off, we decided again to postpone action until the day after the run off so that the demonstrations could not be used to cloud the issues. Like many others, we waited to see Mr. Connor defeated, and to this end we endured postponement after postponement. Having aided in this community need, we felt that our direct action program could be delayed no longer.

You may well ask: “Why direct action? Why sit ins, marches and so forth? Isn’t negotiation a better path?” You are quite right in calling for negotiation. Indeed, this is the very purpose of direct action. Nonviolent direct action seeks to create such a crisis and foster such a tension that a community which has constantly refused to negotiate is forced to confront the issue. It seeks so to dramatize the issue that it can no longer be ignored. My citing the creation of tension as part of the work of the nonviolent resister may sound rather shocking. But I must confess that I am not afraid of the word “tension.” I have earnestly opposed violent tension, but there is a type of constructive, nonviolent tension which is necessary for growth. Just as Socrates felt that it was necessary to create a tension in the mind so that individuals could rise from the bondage of myths and half truths to the unfettered realm of creative analysis and objective appraisal, so must we see the need for nonviolent gadflies to create the kind of tension in society that will help men rise from the dark depths of prejudice and racism to the majestic heights of understanding and brotherhood. The purpose of our direct action program is to create a situation so crisis packed that it will inevitably open the door to negotiation. I therefore concur with you in your call for negotiation. Too long has our beloved Southland been bogged down in a tragic effort to live in monologue rather than dialogue.

One of the basic points in your statement is that the action that I and my associates have taken in Birmingham is untimely. Some have asked: “Why didn’t you give the new city administration time to act?” The only answer that I can give to this query is that the new Birmingham administration must be prodded about as much as the outgoing one, before it will act. We are sadly mistaken if we feel that the election of Albert Boutwell as mayor will bring the millennium to Birmingham. While Mr. Boutwell is a much more gentle person than Mr. Connor, they are both segregationists, dedicated to maintenance of the status quo. I have hope that Mr. Boutwell will be reasonable enough to see the futility of massive resistance to desegregation. But he will not see this without pressure from devotees of civil rights. My friends, I must say to you that we have not made a single gain in civil rights without determined legal and nonviolent pressure. Lamentably, it is an historical fact that privileged groups seldom give up their privileges voluntarily. Individuals may see the moral light and voluntarily give up their unjust posture; but, as Reinhold Niebuhr has reminded us, groups tend to be more immoral than individuals.

We know through painful experience that freedom is never voluntarily given by the oppressor; it must be demanded by the oppressed. Frankly, I have yet to engage in a direct action campaign that was “well timed” in the view of those who have not suffered unduly from the disease of segregation. For years now I have heard the word “Wait!” It rings in the ear of every Negro with piercing familiarity. This “Wait” has almost always meant “Never.” We must come to see, with one of our distinguished jurists, that “justice too long delayed is justice denied.”

We have waited for more than 340 years for our constitutional and God given rights. The nations of Asia and Africa are moving with jetlike speed toward gaining political independence, but we still creep at horse and buggy pace toward gaining a cup of coffee at a lunch counter. Perhaps it is easy for those who have never felt the stinging darts of segregation to say, “Wait.” But when you have seen vicious mobs lynch your mothers and fathers at will and drown your sisters and brothers at whim; when you have seen hate filled policemen curse, kick and even kill your black brothers and sisters; when you see the vast majority of your twenty million Negro brothers smothering in an airtight cage of poverty in the midst of an affluent society; when you suddenly find your tongue twisted and your speech stammering as you seek to explain to your six year old daughter why she can’t go to the public amusement park that has just been advertised on television, and see tears welling up in her eyes when she is told that Funtown is closed to colored children, and see ominous clouds of inferiority beginning to form in her little mental sky, and see her beginning to distort her personality by developing an unconscious bitterness toward white people; when you have to concoct an answer for a five year old son who is asking: “Daddy, why do white people treat colored people so mean?”; when you take a cross county drive and find it necessary to sleep night after night in the uncomfortable corners of your automobile because no motel will accept you; when you are humiliated day in and day out by nagging signs reading “white” and “colored”; when your first name becomes “nigger,” your middle name becomes “boy” (however old you are) and your last name becomes “John,” and your wife and mother are never given the respected title “Mrs.”; when you are harried by day and haunted by night by the fact that you are a Negro, living constantly at tiptoe stance, never quite knowing what to expect next, and are plagued with inner fears and outer resentments; when you are forever fighting a degenerating sense of “nobodiness”–then you will understand why we find it difficult to wait. There comes a time when the cup of endurance runs over, and men are no longer willing to be plunged into the abyss of despair. I hope, sirs, you can understand our legitimate and unavoidable impatience. You express a great deal of anxiety over our willingness to break laws. This is certainly a legitimate concern. Since we so diligently urge people to obey the Supreme Court’s decision of 1954 outlawing segregation in the public schools, at first glance it may seem rather paradoxical for us consciously to break laws. One may well ask: “How can you advocate breaking some laws and obeying others?” The answer lies in the fact that there are two types of laws: just and unjust. I would be the first to advocate obeying just laws. One has not only a legal but a moral responsibility to obey just laws. Conversely, one has a moral responsibility to disobey unjust laws. I would agree with St. Augustine that “an unjust law is no law at all.”

Now, what is the difference between the two? How does one determine whether a law is just or unjust? A just law is a man made code that squares with the moral law or the law of God. An unjust law is a code that is out of harmony with the moral law. To put it in the terms of St. Thomas Aquinas: An unjust law is a human law that is not rooted in eternal law and natural law. Any law that uplifts human personality is just. Any law that degrades human personality is unjust. All segregation statutes are unjust because segregation distorts the soul and damages the personality. It gives the segregator a false sense of superiority and the segregated a false sense of inferiority. Segregation, to use the terminology of the Jewish philosopher Martin Buber, substitutes an “I it” relationship for an “I thou” relationship and ends up relegating persons to the status of things. Hence segregation is not only politically, economically and sociologically unsound, it is morally wrong and sinful. Paul Tillich has said that sin is separation. Is not segregation an existential expression of man’s tragic separation, his awful estrangement, his terrible sinfulness? Thus it is that I can urge men to obey the 1954 decision of the Supreme Court, for it is morally right; and I can urge them to disobey segregation ordinances, for they are morally wrong.

Let us consider a more concrete example of just and unjust laws. An unjust law is a code that a numerical or power majority group compels a minority group to obey but does not make binding on itself. This is difference made legal. By the same token, a just law is a code that a majority compels a minority to follow and that it is willing to follow itself. This is sameness made legal. Let me give another explanation. A law is unjust if it is inflicted on a minority that, as a result of being denied the right to vote, had no part in enacting or devising the law. Who can say that the legislature of Alabama which set up that state’s segregation laws was democratically elected? Throughout Alabama all sorts of devious methods are used to prevent Negroes from becoming registered voters, and there are some counties in which, even though Negroes constitute a majority of the population, not a single Negro is registered. Can any law enacted under such circumstances be considered democratically structured?

Sometimes a law is just on its face and unjust in its application. For instance, I have been arrested on a charge of parading without a permit. Now, there is nothing wrong in having an ordinance which requires a permit for a parade. But such an ordinance becomes unjust when it is used to maintain segregation and to deny citizens the First-Amendment privilege of peaceful assembly and protest.

I hope you are able to see the distinction I am trying to point out. In no sense do I advocate evading or defying the law, as would the rabid segregationist. That would lead to anarchy. One who breaks an unjust law must do so openly, lovingly, and with a willingness to accept the penalty. I submit that an individual who breaks a law that conscience tells him is unjust, and who willingly accepts the penalty of imprisonment in order to arouse the conscience of the community over its injustice, is in reality expressing the highest respect for law.

Of course, there is nothing new about this kind of civil disobedience. It was evidenced sublimely in the refusal of Shadrach, Meshach and Abednego to obey the laws of Nebuchadnezzar, on the ground that a higher moral law was at stake. It was practiced superbly by the early Christians, who were willing to face hungry lions and the excruciating pain of chopping blocks rather than submit to certain unjust laws of the Roman Empire. To a degree, academic freedom is a reality today because Socrates practiced civil disobedience. In our own nation, the Boston Tea Party represented a massive act of civil disobedience.

We should never forget that everything Adolf Hitler did in Germany was “legal” and everything the Hungarian freedom fighters did in Hungary was “illegal.” It was “illegal” to aid and comfort a Jew in Hitler’s Germany. Even so, I am sure that, had I lived in Germany at the time, I would have aided and comforted my Jewish brothers. If today I lived in a Communist country where certain principles dear to the Christian faith are suppressed, I would openly advocate disobeying that country’s antireligious laws.

I must make two honest confessions to you, my Christian and Jewish brothers. First, I must confess that over the past few years I have been gravely disappointed with the white moderate. I have almost reached the regrettable conclusion that the Negro’s great stumbling block in his stride toward freedom is not the White Citizen’s Counciler or the Ku Klux Klanner, but the white moderate, who is more devoted to “order” than to justice; who prefers a negative peace which is the absence of tension to a positive peace which is the presence of justice; who constantly says: “I agree with you in the goal you seek, but I cannot agree with your methods of direct action”; who paternalistically believes he can set the timetable for another man’s freedom; who lives by a mythical concept of time and who constantly advises the Negro to wait for a “more convenient season.” Shallow understanding from people of good will is more frustrating than absolute misunderstanding from people of ill will. Lukewarm acceptance is much more bewildering than outright rejection.

I had hoped that the white moderate would understand that law and order exist for the purpose of establishing justice and that when they fail in this purpose they become the dangerously structured dams that block the flow of social progress. I had hoped that the white moderate would understand that the present tension in the South is a necessary phase of the transition from an obnoxious negative peace, in which the Negro passively accepted his unjust plight, to a substantive and positive peace, in which all men will respect the dignity and worth of human personality. Actually, we who engage in nonviolent direct action are not the creators of tension. We merely bring to the surface the hidden tension that is already alive. We bring it out in the open, where it can be seen and dealt with. Like a boil that can never be cured so long as it is covered up but must be opened with all its ugliness to the natural medicines of air and light, injustice must be exposed, with all the tension its exposure creates, to the light of human conscience and the air of national opinion before it can be cured.

In your statement you assert that our actions, even though peaceful, must be condemned because they precipitate violence. But is this a logical assertion? Isn’t this like condemning a robbed man because his possession of money precipitated the evil act of robbery? Isn’t this like condemning Socrates because his unswerving commitment to truth and his philosophical inquiries precipitated the act by the misguided populace in which they made him drink hemlock? Isn’t this like condemning Jesus because his unique God consciousness and never ceasing devotion to God’s will precipitated the evil act of crucifixion? We must come to see that, as the federal courts have consistently affirmed, it is wrong to urge an individual to cease his efforts to gain his basic constitutional rights because the quest may precipitate violence. Society must protect the robbed and punish the robber. I had also hoped that the white moderate would reject the myth concerning time in relation to the struggle for freedom. I have just received a letter from a white brother in Texas. He writes: “All Christians know that the colored people will receive equal rights eventually, but it is possible that you are in too great a religious hurry. It has taken Christianity almost two thousand years to accomplish what it has. The teachings of Christ take time to come to earth.” Such an attitude stems from a tragic misconception of time, from the strangely irrational notion that there is something in the very flow of time that will inevitably cure all ills. Actually, time itself is neutral; it can be used either destructively or constructively. More and more I feel that the people of ill will have used time much more effectively than have the people of good will. We will have to repent in this generation not merely for the hateful words and actions of the bad people but for the appalling silence of the good people. Human progress never rolls in on wheels of inevitability; it comes through the tireless efforts of men willing to be co workers with God, and without this hard work, time itself becomes an ally of the forces of social stagnation. We must use time creatively, in the knowledge that the time is always ripe to do right. Now is the time to make real the promise of democracy and transform our pending national elegy into a creative psalm of brotherhood. Now is the time to lift our national policy from the quicksand of racial injustice to the solid rock of human dignity.

You speak of our activity in Birmingham as extreme. At first I was rather disappointed that fellow clergymen would see my nonviolent efforts as those of an extremist. I began thinking about the fact that I stand in the middle of two opposing forces in the Negro community. One is a force of complacency, made up in part of Negroes who, as a result of long years of oppression, are so drained of self respect and a sense of “somebodiness” that they have adjusted to segregation; and in part of a few middle-class Negroes who, because of a degree of academic and economic security and because in some ways they profit by segregation, have become insensitive to the problems of the masses. The other force is one of bitterness and hatred, and it comes perilously close to advocating violence. It is expressed in the various black nationalist groups that are springing up across the nation, the largest and best known being Elijah Muhammad’s Muslim movement. Nourished by the Negro’s frustration over the continued existence of racial discrimination, this movement is made up of people who have lost faith in America, who have absolutely repudiated Christianity, and who have concluded that the white man is an incorrigible “devil.”

I have tried to stand between these two forces, saying that we need emulate neither the “do nothingism” of the complacent nor the hatred and despair of the black nationalist. For there is the more excellent way of love and nonviolent protest. I am grateful to God that, through the influence of the Negro church, the way of nonviolence became an integral part of our struggle. If this philosophy had not emerged, by now many streets of the South would, I am convinced, be flowing with blood. And I am further convinced that if our white brothers dismiss as “rabble rousers” and “outside agitators” those of us who employ nonviolent direct action, and if they refuse to support our nonviolent efforts, millions of Negroes will, out of frustration and despair, seek solace and security in black nationalist ideologies–a development that would inevitably lead to a frightening racial nightmare.

Oppressed people cannot remain oppressed forever. The yearning for freedom eventually manifests itself, and that is what has happened to the American Negro. Something within has reminded him of his birthright of freedom, and something without has reminded him that it can be gained. Consciously or unconsciously, he has been caught up by the Zeitgeist, and with his black brothers of Africa and his brown and yellow brothers of Asia, South America and the Caribbean, the United States Negro is moving with a sense of great urgency toward the promised land of racial justice. If one recognizes this vital urge that has engulfed the Negro community, one should readily understand why public demonstrations are taking place. The Negro has many pent up resentments and latent frustrations, and he must release them. So let him march; let him make prayer pilgrimages to the city hall; let him go on freedom rides -and try to understand why he must do so. If his repressed emotions are not released in nonviolent ways, they will seek expression through violence; this is not a threat but a fact of history. So I have not said to my people: “Get rid of your discontent.” Rather, I have tried to say that this normal and healthy discontent can be channeled into the creative outlet of nonviolent direct action. And now this approach is being termed extremist. But though I was initially disappointed at being categorized as an extremist, as I continued to think about the matter I gradually gained a measure of satisfaction from the label. Was not Jesus an extremist for love: “Love your enemies, bless them that curse you, do good to them that hate you, and pray for them which despitefully use you, and persecute you.” Was not Amos an extremist for justice: “Let justice roll down like waters and righteousness like an ever flowing stream.” Was not Paul an extremist for the Christian gospel: “I bear in my body the marks of the Lord Jesus.” Was not Martin Luther an extremist: “Here I stand; I cannot do otherwise, so help me God.” And John Bunyan: “I will stay in jail to the end of my days before I make a butchery of my conscience.” And Abraham Lincoln: “This nation cannot survive half slave and half free.” And Thomas Jefferson: “We hold these truths to be self evident, that all men are created equal . . .” So the question is not whether we will be extremists, but what kind of extremists we will be. Will we be extremists for hate or for love? Will we be extremists for the preservation of injustice or for the extension of justice? In that dramatic scene on Calvary’s hill three men were crucified. We must never forget that all three were crucified for the same crime–the crime of extremism. Two were extremists for immorality, and thus fell below their environment. The other, Jesus Christ, was an extremist for love, truth and goodness, and thereby rose above his environment. Perhaps the South, the nation and the world are in dire need of creative extremists.

I had hoped that the white moderate would see this need. Perhaps I was too optimistic; perhaps I expected too much. I suppose I should have realized that few members of the oppressor race can understand the deep groans and passionate yearnings of the oppressed race, and still fewer have the vision to see that injustice must be rooted out by strong, persistent and determined action. I am thankful, however, that some of our white brothers in the South have grasped the meaning of this social revolution and committed themselves to it. They are still all too few in quantity, but they are big in quality. Some -such as Ralph McGill, Lillian Smith, Harry Golden, James McBride Dabbs, Ann Braden and Sarah Patton Boyle–have written about our struggle in eloquent and prophetic terms. Others have marched with us down nameless streets of the South. They have languished in filthy, roach infested jails, suffering the abuse and brutality of policemen who view them as “dirty nigger-lovers.” Unlike so many of their moderate brothers and sisters, they have recognized the urgency of the moment and sensed the need for powerful “action” antidotes to combat the disease of segregation. Let me take note of my other major disappointment. I have been so greatly disappointed with the white church and its leadership. Of course, there are some notable exceptions. I am not unmindful of the fact that each of you has taken some significant stands on this issue. I commend you, Reverend Stallings, for your Christian stand on this past Sunday, in welcoming Negroes to your worship service on a nonsegregated basis. I commend the Catholic leaders of this state for integrating Spring Hill College several years ago.

But despite these notable exceptions, I must honestly reiterate that I have been disappointed with the church. I do not say this as one of those negative critics who can always find something wrong with the church. I say this as a minister of the gospel, who loves the church; who was nurtured in its bosom; who has been sustained by its spiritual blessings and who will remain true to it as long as the cord of life shall lengthen.

When I was suddenly catapulted into the leadership of the bus protest in Montgomery, Alabama, a few years ago, I felt we would be supported by the white church. I felt that the white ministers, priests and rabbis of the South would be among our strongest allies. Instead, some have been outright opponents, refusing to understand the freedom movement and misrepresenting its leaders; all too many others have been more cautious than courageous and have remained silent behind the anesthetizing security of stained glass windows.

In spite of my shattered dreams, I came to Birmingham with the hope that the white religious leadership of this community would see the justice of our cause and, with deep moral concern, would serve as the channel through which our just grievances could reach the power structure. I had hoped that each of you would understand. But again I have been disappointed.

I have heard numerous southern religious leaders admonish their worshipers to comply with a desegregation decision because it is the law, but I have longed to hear white ministers declare: “Follow this decree because integration is morally right and because the Negro is your brother.” In the midst of blatant injustices inflicted upon the Negro, I have watched white churchmen stand on the sideline and mouth pious irrelevancies and sanctimonious trivialities. In the midst of a mighty struggle to rid our nation of racial and economic injustice, I have heard many ministers say: “Those are social issues, with which the gospel has no real concern.” And I have watched many churches commit themselves to a completely other worldly religion which makes a strange, un-Biblical distinction between body and soul, between the sacred and the secular.

I have traveled the length and breadth of Alabama, Mississippi and all the other southern states. On sweltering summer days and crisp autumn mornings I have looked at the South’s beautiful churches with their lofty spires pointing heavenward. I have beheld the impressive outlines of her massive religious education buildings. Over and over I have found myself asking: “What kind of people worship here? Who is their God? Where were their voices when the lips of Governor Barnett dripped with words of interposition and nullification? Where were they when Governor Wallace gave a clarion call for defiance and hatred? Where were their voices of support when bruised and weary Negro men and women decided to rise from the dark dungeons of complacency to the bright hills of creative protest?”

Yes, these questions are still in my mind. In deep disappointment I have wept over the laxity of the church. But be assured that my tears have been tears of love. There can be no deep disappointment where there is not deep love. Yes, I love the church. How could I do otherwise? I am in the rather unique position of being the son, the grandson and the great grandson of preachers. Yes, I see the church as the body of Christ. But, oh! How we have blemished and scarred that body through social neglect and through fear of being nonconformists.

There was a time when the church was very powerful–in the time when the early Christians rejoiced at being deemed worthy to suffer for what they believed. In those days the church was not merely a thermometer that recorded the ideas and principles of popular opinion; it was a thermostat that transformed the mores of society. Whenever the early Christians entered a town, the people in power became disturbed and immediately sought to convict the Christians for being “disturbers of the peace” and “outside agitators.”‘ But the Christians pressed on, in the conviction that they were “a colony of heaven,” called to obey God rather than man. Small in number, they were big in commitment. They were too God-intoxicated to be “astronomically intimidated.” By their effort and example they brought an end to such ancient evils as infanticide and gladiatorial contests. Things are different now. So often the contemporary church is a weak, ineffectual voice with an uncertain sound. So often it is an archdefender of the status quo. Far from being disturbed by the presence of the church, the power structure of the average community is consoled by the church’s silent–and often even vocal–sanction of things as they are.

But the judgment of God is upon the church as never before. If today’s church does not recapture the sacrificial spirit of the early church, it will lose its authenticity, forfeit the loyalty of millions, and be dismissed as an irrelevant social club with no meaning for the twentieth century. Every day I meet young people whose disappointment with the church has turned into outright disgust.

Perhaps I have once again been too optimistic. Is organized religion too inextricably bound to the status quo to save our nation and the world? Perhaps I must turn my faith to the inner spiritual church, the church within the church, as the true ekklesia and the hope of the world. But again I am thankful to God that some noble souls from the ranks of organized religion have broken loose from the paralyzing chains of conformity and joined us as active partners in the struggle for freedom. They have left their secure congregations and walked the streets of Albany, Georgia, with us. They have gone down the highways of the South on tortuous rides for freedom. Yes, they have gone to jail with us. Some have been dismissed from their churches, have lost the support of their bishops and fellow ministers. But they have acted in the faith that right defeated is stronger than evil triumphant. Their witness has been the spiritual salt that has preserved the true meaning of the gospel in these troubled times. They have carved a tunnel of hope through the dark mountain of disappointment. I hope the church as a whole will meet the challenge of this decisive hour. But even if the church does not come to the aid of justice, I have no despair about the future. I have no fear about the outcome of our struggle in Birmingham, even if our motives are at present misunderstood. We will reach the goal of freedom in Birmingham and all over the nation, because the goal of America is freedom. Abused and scorned though we may be, our destiny is tied up with America’s destiny. Before the pilgrims landed at Plymouth, we were here. Before the pen of Jefferson etched the majestic words of the Declaration of Independence across the pages of history, we were here. For more than two centuries our forebears labored in this country without wages; they made cotton king; they built the homes of their masters while suffering gross injustice and shameful humiliation -and yet out of a bottomless vitality they continued to thrive and develop. If the inexpressible cruelties of slavery could not stop us, the opposition we now face will surely fail. We will win our freedom because the sacred heritage of our nation and the eternal will of God are embodied in our echoing demands. Before closing I feel impelled to mention one other point in your statement that has troubled me profoundly. You warmly commended the Birmingham police force for keeping “order” and “preventing violence.” I doubt that you would have so warmly commended the police force if you had seen its dogs sinking their teeth into unarmed, nonviolent Negroes. I doubt that you would so quickly commend the policemen if you were to observe their ugly and inhumane treatment of Negroes here in the city jail; if you were to watch them push and curse old Negro women and young Negro girls; if you were to see them slap and kick old Negro men and young boys; if you were to observe them, as they did on two occasions, refuse to give us food because we wanted to sing our grace together. I cannot join you in your praise of the Birmingham police department.

It is true that the police have exercised a degree of discipline in handling the demonstrators. In this sense they have conducted themselves rather “nonviolently” in public. But for what purpose? To preserve the evil system of segregation. Over the past few years I have consistently preached that nonviolence demands that the means we use must be as pure as the ends we seek. I have tried to make clear that it is wrong to use immoral means to attain moral ends. But now I must affirm that it is just as wrong, or perhaps even more so, to use moral means to preserve immoral ends. Perhaps Mr. Connor and his policemen have been rather nonviolent in public, as was Chief Pritchett in Albany, Georgia, but they have used the moral means of nonviolence to maintain the immoral end of racial injustice. As T. S. Eliot has said: “The last temptation is the greatest treason: To do the right deed for the wrong reason.”

I wish you had commended the Negro sit inners and demonstrators of Birmingham for their sublime courage, their willingness to suffer and their amazing discipline in the midst of great provocation. One day the South will recognize its real heroes. They will be the James Merediths, with the noble sense of purpose that enables them to face jeering and hostile mobs, and with the agonizing loneliness that characterizes the life of the pioneer. They will be old, oppressed, battered Negro women, symbolized in a seventy two year old woman in Montgomery, Alabama, who rose up with a sense of dignity and with her people decided not to ride segregated buses, and who responded with ungrammatical profundity to one who inquired about her weariness: “My feets is tired, but my soul is at rest.” They will be the young high school and college students, the young ministers of the gospel and a host of their elders, courageously and nonviolently sitting in at lunch counters and willingly going to jail for conscience’ sake. One day the South will know that when these disinherited children of God sat down at lunch counters, they were in reality standing up for what is best in the American dream and for the most sacred values in our Judaeo Christian heritage, thereby bringing our nation back to those great wells of democracy which were dug deep by the founding fathers in their formulation of the Constitution and the Declaration of Independence.

Never before have I written so long a letter. I’m afraid it is much too long to take your precious time. I can assure you that it would have been much shorter if I had been writing from a comfortable desk, but what else can one do when he is alone in a narrow jail cell, other than write long letters, think long thoughts and pray long prayers?

If I have said anything in this letter that overstates the truth and indicates an unreasonable impatience, I beg you to forgive me. If I have said anything that understates the truth and indicates my having a patience that allows me to settle for anything less than brotherhood, I beg God to forgive me.

I hope this letter finds you strong in the faith. I also hope that circumstances will soon make it possible for me to meet each of you, not as an integrationist or a civil-rights leader but as a fellow clergyman and a Christian brother. Let us all hope that the dark clouds of racial prejudice will soon pass away and the deep fog of misunderstanding will be lifted from our fear drenched communities, and in some not too distant tomorrow the radiant stars of love and brotherhood will shine over our great nation with all their scintillating beauty.

Yours for the cause of Peace and Brotherhood, Martin Luther King, Jr.
Published in:
King, Martin Luther Jr.

TEDCould you build your own house, car or tractor? A TED Fellow on his adventures in extreme manufacturing

unnamed-1What if you could build a civilization from scratch, using tools that could also be built from scratch? In his talk “Open-sourced blueprints for civilization” at TED2011, Marcin Jakubowski introduced the Global Village Construction Set, open-source blueprints that would essentially allow anyone with a heap of scrap metal — and a few production tools — to make 50 machines covering all the needs of a basic civilization: agriculture, energy, transportation and production.

In the last two years, this TED Fellow has been working to make this radical idea a reality on Factor e Farm — a community based on 30 acres near Kansas City, Missouri. The TED Blog caught up with him to find out how the project is going, and to hear how his marriage to fellow Fellow (and open-source scholar) Catarina Mota (watch her talk, “Play with smart materials“) has brought domestic bliss into the construction equation.

It’s been a couple of years since you gave your talk on the Global Village Construction set. It generated a lot of excitement and about $1 million in funding. How has the project developed since then?

Machines that are ready for viral replication are the brick press, the hydraulic power unit and the soil pulverizer. The tractor needs some work. We’ve built a number of other prototypes — like the CNC torch table, a backhoe, an ironworker machine for cutting slabs of steel, a circuit mill and a trencher. We have an early prototype of a microcar and a 3D printer.

As we continue to prototype and develop more tools in the set, we are working to both develop a community and generate revenue, because our foundation funding has run out. To do this, we’ve experimented with a workshop model, where we teach interested people how to build the tools in a three-day immersion learning course. People paid a fee to take a weekend-long workshop, and we also sold the completed equipment. We’ve done a total of four microhouse workshops, one brick press workshop, one Power Cube workshop and one microcar workshop. Take the brick press, for example. It costs $5,000, we earned about $5,000 in tuition fees, and we sold the press for $10,000. It’s an education/production revenue model. The person who bought the brick press even came to the workshop and participated in the build. The general feedback was that people were really excited to build things that they didn’t think they could before the workshop.

Backhoe manufacture at Factor E Farms. Photo: Open Source Ecology

A backhoe manufacture in progress at Factor E Farms. Photo: Open Source Ecology

How has your perspective on this project changed since your talk?

I’m seeing that this work takes a long time to develop, so it’s more like a two-decade project than the two-year project I initially imagined. So I’ve revised my timeline and am planning for the long haul. I’ve realized that to make the Global Village Construction Set tools feasible, we need to explore what’s known as extreme manufacturing, which means rapid parallel building of the technologies. That means we have to get full infrastructure for rapid development in place — rapid prototyping, collaborative design — and a massive parallel development effort. The key to this is producing excellent, comprehensive, open documentation that anyone can access, and thus join the project rapidly. The workshop/funding model is a part of this plan.’

We have shown that we can build a brick press in a single day, for example. Now we’re focusing on building multiple machines and structures at the same time with different groups of people. Recently, we got that to the level of housing. We built a house in five days using compressed blocks from our Compressed Earth Block Press, plus standard modular construction techniques. Our next goal is to build a 3,000-square-foot electronics workshop in two days with 100 people.

In essence, what we’ll attempt is parallel group builds via workshops happening simultaneously. We are creating a process that’s social, educational and productive all at once. We just need to scale it and make it highly replicable. If we can hire people to teach, we could have a number of these revenue-generating workshops going on all at once. Meanwhile, I could carry on developing machines.

The missing link is people. That’s the perennial issue. We are in real need of diversely-skilled people who are both organizers and builders. However, we’ve had a couple of workshop attendees that later became workshop leaders. They had enough skill that they could actually pull it off.

Workshop participants at Factor E Farm are given crash courses in such manufacturing skills as using a cutting torch. Photo: Open Source Ecology.

Workshop participants at Factor E Farm are given crash courses in manufacturing skills such as using a cutting torch. Photo: Open Source Ecology.

What kind of person is motivated to do this?

A maker, a creator, a DIY-type of person. People interested in self-sufficiency, regenerative development, as well as survivalists. A person who does it because it’s possible. Our goal is to bring the barriers way down to do this.

In fact, one new insight we’ve gained is that we’re able to lead unskilled teams of people through a process of a complex machine build. At the workshops, we had people who’d never welded before. And even myself — without prior experience in fabrication, I taught myself to do it. If you have the willingness, the technology is accessible. But you do need the open-source design blueprints and detailed instructions.

And then there are motivated entrepreneurs. One of our guys is now selling our Power Cubes, the hydraulic power units, as a business.

What can a Power Cube be used for outside the context of the Farm?

It’s got a 27-horsepower engine that produces hydraulic power — power in the form of hydraulic fluid that you connect to some other machine through hoses. So, for example, you can drive a tractor with it. I had a two-hour discussion with [TED Fellow and environmental engineer] Francis de los Reyes about how to use the Power Cube to power his latrine-emptying auger, for example, which I’m very excited about. We just shipped the cube to him.

An engine module, for use with the Power Cube, which generates hydraulic power.   Photo: Open Source Ecology

An engine module, for use with the Power Cube, which generates hydraulic power. Photo: Open Source Ecology

You and TED Fellow Catarina Mota met at TEDGlobal 2012 and married in December 2013. She’s now joined you at the Factor e Farm. How has that changed things for you? 

Yes, she’s living out there, and we’re talking about creating a residency program for open-source development. We’ve got some crazy plans as far as how to take all this work to the next level.

You two are the prototype couple of the microhouse.

Yeah. As a single guy, I could tolerate a lot of stuff. But getting married pushed me to accelerate the development of family-friendly housing. Catarina and I now live in a comfortable, 1,300 square foot house that consists of several modules that we built through our Extreme Manufacturing training workshops. Our experimental design includes earth brick walls, a meeting room and in-floor heating. We are planning additions — such as a food- and heat-producing greenhouse.

The goal is a model, zero energy, state-of-art-house that will be affordable for everyone. Through integrated, open-source design, we aim to build a simple but advanced, replicable zero-energy house model that will cost 1/3 that of the standard stick-build home.

Testing the house firsthand gives us important feedback for future designs. When someone can hire Open Source Ecology — trained builders to build our high-performance house for them — it will put the house within reach of anyone, not just eco-elites or DIY builders who download our plans. The house could become our killer app.

Marcin and Catarina's prototype microhouse, built in a day. Photo: Open Source Ecology

Marcin and Catarina’s prototype microhouse — built in five days. Photo: Open Source Ecology

Home sweet home: the interior of the open source microhouse. Photo: Open Source Ecology

Home sweet home: the interior of the open source microhouse. Photo: Open Source Ecology

In the big picture, where do you see this all headed?

To me, there is huge news in the extreme manufacturing aspect. We’re taking the build time of every single one of our machines down to a single day — including the house, which is pretty remarkable. A lot of people don’t pay attention to that, but it’s critical when you talk about the economic significance of open-source appropriate technology. I’ve looked at some of the numbers, and I believe our tractor is a factor of several more efficient and lower cost than the biggest tractor manufacturers. They can’t build a tractor in a day.

But do you really believe open-source tractors could compete with the major manufacturers?

Absolutely. If you can deliver lower cost and equivalent performance — while addressing lifetime design — it’s absolutely going to do that. I think it’s a matter of time before modular design, which means the end of the throwaway society, has a significant presence across all sectors of production. This is starting to happen with modular phones such as Project Ara by Google. We’re doing this for heavy machinery.

I’m envisioning a new model of open-source, social production as the next industrial revolution. People are hungry for meaning and authenticity in today’s world. Part of such meaning comes only from seizing one’s raw productive power. Picture this: you go for a weekend workshop with your friends, and you build a thing — like a car — for yourself, because you’ve got the blueprints, advanced tools, and guidance.

Right now people might say, “I’m not going to build my own car! That’s insane!” But I think this is inevitable as tools of production are becoming more advanced and accessible. Manufacturing will be much more hands-on in the future. Small-scale distributed production — and efficient manufacturing at the quantity of one — are big news that most people don’t believe is possible. Social production also happens to address such fundamental issues as sweatshop labor and wealth inequality.

Marcin-TED-Talk-CTA


RacialiciousDr. King on Optimism, Pessimism, and Race Relations

“There are three basic attitudes that one can take toward the question of progress in the area of race relations. And the first attitude that can be taken is that of extreme optimism. Now the extreme optimist would argue that we have come a long, long way in the area of race relations. He would point proudly to the marvelous strides that have been made in the area of civil rights over the last few decades. From this he would conclude that the problem is just about solved, and that we can sit comfortably by the wayside and wait on the coming of the inevitable.

The second attitude that one can take toward the question of progress in the area of race relations is that of extreme pessimism. The extreme pessimist would argue that we have made only minor strides in the area of race relations. He would argue that the rhythmic beat of the deep rumblings of discontent that we hear from the Southland today is indicative of the fact that we have created more problems than we have solved. He would say that we are retrogressing instead of progressing. He might even turn to the realms of an orthodox theology and argue that hovering over every man is the tragic taint of original sin and that at bottom human nature cannot be changed. He might even turn to the realms of modern psychology and seek to show the determinative effects of habit structures and the inflexibility of certain attitudes that once become molded in one’s being.

From all of this he would conclude that there can be no progress in the area of race relations.

Now you will notice that the extreme optimist and the extreme pessimist have at least one thing in common: they both agree that we must sit down and do nothing in the area of race relations. The extreme optimist says do nothing because integration is inevitable. The extreme pessimist says do nothing because integration is impossible. But there is a third position, there is another attitude that can be taken, and it is what I would like to call the realistic position. The realist in the area of race relations seeks to reconcile the truths of two opposites while avoiding the extremes of both.

So the realist would agree with the optimist that we have come a long, long way. But, he would go on to balance that by agreeing with the pessimist that we have a long, long way to go. And it is this basic theme that I would like to set forth this evening. We have come a long, long way but we have a long, long way to go.”

- Dr. Martin Luther King, Jr., “A Realistic Look at the Question of Progress in the Area of Race Relations,” delivered April 10, 1957 in St. Louis, MO

The post Dr. King on Optimism, Pessimism, and Race Relations appeared first on Racialicious - the intersection of race and pop culture.

Worse Than FailureThe Backend

Andrei had just moved to a new country, and was looking for work. With the ideal job not immediately forthcoming, he jumped when an interesting opportunity opened at a small tech company: OldIsNewCo.

OldIsNewCo was one of the pioneers bridging the gap between old methods of communication (e.g. paper) and new methods of communication (i.e. the Internet), and was looking to overhaul their entire infrastructure. Their existing backend was built in C++, and according to The Big Boss: “C++ developers are expensive and hard to find. PHP developers are plentiful and cheap. Therefore, we need to re-implement everything in PHP.”

This seemed fishy to Andrei right from the start, but he figured it would be a good opportunity to brush up on his C++ and PHP skills and experience, and “a job’s a job”. So he accepted the position and met with his development tour guide to start diving into the sources and seeing how the backend applications worked.

Or, he tried - only to quickly discover Problem #1: There wasn’t a complete version of the source code in any single location. The sources for the backend were spread out over different production machines (i.e. the machines running the compiled code). Because these machines had variations, building was done on each machine locally, since the code might not build on a different machine with different software or configuration. This contributed to Problem #2: Making modifications to some of the backend was done by editing code on the same machine where that component ran.

As Andrei wrapped his head around those concerns, he began to wonder how the developers tested their changes. His development tour guide responded: “Oh, we don’t have a testing environment. We just deploy the new version to the live servers.” Deploying to production consisted of: waiting until the night when the system was mostly free of clients, compiling the code on the same machine it would then run, and hoping for the best. If the new build crashed the next morning when users returned, they would just revert to the old build and repeat the attempt the next evening.

But project organization, testing and deployment were far from the only concerns. As he finally began to dig into the code and architecture itself, Andrei discovered that the existing C++ backend had a few problems of its own:

  • The core backend app simply operated on files - it read them in, processed the contents, and output data to a database and other machines via the network. But this was implemented in the most complicated way possible, with numerous multithreading issues that resulted in the deployed application crashing frequently
  • It crashed so frequently, in fact, that it was one employee’s main job to watch the servers, wait for the app to crash, and manually restart it.

  • All database synchronization was done in the application’s own C++ code, instead of using the built-in synchronization tools that were part of the database engine (i.e. no database transactions or locks were used). Combined with poor database design, this part of the system would also overload and deadlock quickly. As such, it was another employee’s main job to monitor for this, kill all the processes, clean up the databases by hand (because they’d likely have incomplete or corrupt data), and manually restart everything.

  • Access to the database itself had enough pieces hard-coded in the C++ code that each time anything database-related was modified the C++ code had to be searched and modified extensively too. And if everything that a change affected wasn’t updated, everything would crash the next day when the untested code was deployed to production.

  • The database was supposed to be replicated, but actually was not. This was discovered when the main database server crashed and the replicated database responded with errors and missing data.

  • To meet the “new requirements” of The Big Boss, many of the latest features were allegedly implemented in PHP code but were actually coded as a series of thousands of system calls from PHP. (Apparently no one knew how to perform file management or monitoring tasks from either C++ or PHP code.)

  • The existing code-base was written using ancient libraries running on an already-set-to-be-imminently-discontinued version of a Linux distribution. So the servers couldn’t be upgraded without extensive rewrites anyway.

Shocked by the state of everything, Andrei decided to kick off his rewrite project on the right track, and work up a proposal to take a reasonable number of days to collect and centralize the sources, create development / test / deployment environments and scripts, and otherwise organize the existing project. But his development tour guide quickly took him aside:

“I made the same exact proposal, and it wasn’t just denied - it’s the reason I’m being let go in two weeks. According to the boss, I proposed: ‘doing nothing for 2 weeks’.”

It was then that Andrei learned the underlying reason for a lot of the problems: The Big Boss deemed useful only those developers who could meet his demands immediately. Any other proposed steps or actions were seen as potentially fireable “wastes of time”. Fellow employees were so afraid of The Big Boss that they gave up on all “time wasting” tasks, including organizational upkeep, sensible deployment or testing practices, or even sometimes coding things the proper way (because the deadline was whatever The Big Boss deemed doable).

So Andrei sighed and kept his head down. Piece by piece, he ripped out chunks of the old C++ code and replaced them with lightweight modules written in PHP that were considerably faster, simpler, smaller, and actually stable. When he had extra time within the deadlines assigned to him, he even set up his own private development, testing, and source code versioning environment to make his task easier (but he couldn’t tell anyone else - let alone The Big Boss). Meanwhile, every 2–3 weeks a developer or new-hire who couldn’t implement the boss’s whims quickly enough was fired, especially those who dared to propose spending time on testing or documentation or other “wastes of time”.

When Andrei finished the rewrite a month early, the backend system’s codebase was several times smaller, ran several times faster, and required 1/4 of the servers to run without crashing. The Big Boss was pleased and asked him to “take a quick look at the databases - you know, tune them up, make them run a little faster”, but Andrei had already found another job, and quit OldIsNewCo - eager to leave the memories of their Horrible Software in his past. After all, with a new job on the line, staying would have just been a “waste of time”.

Image source: 1, 2

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet Linux AustraliaMichael Still: Lunchtime geocaching

Woke up this morning with a sore left arm, which ruled out going to the gym. Instead, I decided to go for a geocaching walk at lunch time. I found these caches: GC235FM; GC56N78; GC5B9WT; GC5F6G3; and GC5F0PE. A nice walk.

         

Interactive map for this route.

Tags for this post: blog pictures 20150119-geocaching photo canberra tuggeranong bushwalk geocaching
Related posts: Another lunch time walk; A walk around Mount Stranger; Taylor Trig; Urambi Trig; Walk up Tuggeranong Hill; A quick walk to William Farrer's grave

Comment

Planet Linux AustraliaGlen Turner: Fedora: easy recovery from corrupt root partition

When you boot Fedora with a corruption which is not automatically repaired when systemd runs fsck -a then you are asked on the console if to enter single user mode, or if to continue. If you choose to enter single user mode then you'll find that you can't run fsck /dev/md0 as the root filesystem is mounted.

Dracut has a debugging mode with named breakpoints: it will boot up to the break-point, and then dracut will drop the console into a shell.

This is useful for solving a corrupted root filesystem, we can boot up to just before the disk is mounted, breakpoint into the Dracut shell, and then run fsck on the yet-to-be-mounted root filesystem. To do this temporarily add the Dracut breakpoint parameter

dracut.break=pre-mount

to the Linux kernel.

In Fedora you do can temporarily modify the Linux kernel parameters by pressing e at the Grub bootloader prompt, arrow-ing down to the "linux" command, adding the parameter to the end of that line, and pressing F10 to run the Grub command list you see on the screen.

Dracut will load the logical volumes, assemble any RAID, and then present a shell on the console. Say fsck /dev/md0 (or whereever /etc/fstab says your / filesytem lives) and then reboot. This is a world easier than booting from a CD or USB and working out which partitions are on what logical volumes, and which logical volumes are in which RAID devices.

Breakpoints are a very fine feature of Dracut and, as this blog posting shows, very useful for solving problems which appear during the early stages of booting the machine.

Planet Linux AustraliaJonathan Adamczewski: The Growth of Modern C++ Support

 

Completing what I started here, I’ve charted the numbers from Christophe’s data for C++11, C++11 Concurrency, C++14 and C++17.

The data is taken entirely from the linked pdf with one exception: N3664 is a clarification that permits optimization, not a requirement for compliance. Compilers that do not perform this optimization are no less compliant with C++14. I’ve recomputed the percentages for all compiler versions to take this into account.

In addition to the references from the previous post, the approval date of C++14 was taken from http://en.wikipedia.org/wiki/C++14

,

Planet Linux AustraliaAndrew Pollock: [life] Day 352: Camping again, beach time and visitors

We were camping underneath a wattle tree, and this wattle tree seemed very popular with the rainbow lorikeets, so we were up at 5:30am, literally with the birds. Zoe was still very excited about camping.

We had a shower first, and then I cooked some bacon and eggs for breakfast before heading down to the beach. Eva and Layla were coming to visit us for the day, so I thought we could just meet them on the beach before coming back to the camp site for lunch.

Zoe had a great time playing around in the waves, and then we did some sand play, making sand castles. I showed her how she could dig down to the sea water in the sand above the wave, and we found heaps of small bivalves. Zoe thought they were pretty cool.

Eva and Layla were running a bit late, so we finished up at the beach and met them at the caravan park, where we cooked some hotdogs for lunch, before having a swim in the pool and then heading back to the beach. It was a really nice afternoon.

After they left, we took it easy for a while before going out for fish and chips for dinner and then calling it a night. Zoe was fast asleep by 7pm, despite the light outside the tent.

Planet DebianJonathan Wiltshire: Alcester BSP, day three

We have had a rather more successful weekend then I feared, as you can see from our log on the wiki page. Steve reproduced and wrote patches for several installer/bootloader bugs, and Neil and I spent significant time in a maze of twist zope packages (we have managed to provide more diagnostics on the bug, even if we couldn’t resolve it). Ben and Adam have ploughed through a mixture of bugs and maintenance work.

I wrongly assumed we would only be able to touch a handful of bugs, since they are now mostly quite difficult, so it was rather pleasant to recap our progress this evening and see that it’s not all bad after all.


Alcester BSP, day three is a post from: jwiltshire.org.uk | Flattr

Planet DebianGregor Herrmann: RC bugs 2014/51-2015/03

I have to admit that I was a bit lazy when it comes to working on RC bugs in the last weeks. here's my not-so-stellar summary:

  • #729220 – pdl: "pdl: problems upgrading from wheezy due to triggers"
    investigate (unsuccessfully), later fixed by maintainer
  • #772868 – gxine: "gxine: Trigger cycle causes dpkg to fail processing"
    switch trigger from "interest" to "interest-noawait", upload to DELAYED/2
  • #774584 – rtpproxy: "rtpproxy: Deamon does not start as init script points to wrong executable path"
    adjust path in init script, upload to DELAYED/2
  • #774791 – src:xine-ui: "xine-ui: Creates dpkg trigger cycle via libxine2-ffmpeg, libxine2-misc-plugins or libxine2-x"
    add trigger patch from Michael Gilbert, upload to DELAYED/2
  • #774862 – ciderwebmail: "ciderwebmail: unhandled symlink to directory conversion: /usr/share/ciderwebmail/root/static/images/mimeicons"
    use dpkg-maintscript-helper to fix symlink_to_dir conversion (pkg-perl)
  • #774867 – lirc-x: "lirc-x: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE"
    use dpkg-maintscript-helper to fix symlink_to_dir conversion, upload to DELAYED/2
  • #775640 – src:libarchive-zip-perl: "libarchive-zip-perl: FTBFS in jessie: Tests failures"
    start to investigate (pkg-perl)

Planet DebianMark Brown: Heating the Internet of Things

Internet of Things seems to be trendy these days, people like the shiny apps for controlling things and typically there are claims that the devices will perform better than their predecessors by offloading things to the cloud – but this makes some people worry that there are potential security issues and it’s not always clear that internet usage is actually delivering benefits over something local. One of the more widely deployed applications is smart thermostats for central heating which is something I’ve been playing with. I’m using Tado, there’s also at least Nest and Hive who do similar things, all relying on being connected to the internet for operation.

The main thing I’ve noticed has been that the temperature regulation in my flat is better, my previous thermostat allowed the temperature to vary by a couple of degrees around the target temperature in winter which got noticeable, with this the temperature generally seems to vary by a fraction of a degree at most. That does use the internet connection to get the temperature outside, though I’m fairly sure that most of this is just a better algorithm (the thermostat monitors how quickly the flat heats up when heating and uses this when to turn off rather than waiting for the temperature to hit the target then seeing it rise further as the radiators cool down) and performance would still be substantially improved without it.

The other thing that these systems deliver which does benefit much more from the internet connection is that it’s easy to control them remotely. This in turn makes it a lot easier to do things like turn the heating off when it’s not needed – you can do it remotely, and you can turn the heating back on without being in the flat so that you don’t need to remember to turn it off before you leave or come home to a cold building. The smarter ones do this automatically based on location detection from smartphones so you don’t need to think about it.

For example, when I started this post this I was sitting in a coffee shop so the heating had been turned off based on me taking my phone with me and as a result the temperature gone had down a bit. By the time I got home the flat was back up to normal temperature all without any meaningful intervention or visible difference on my part. This is particularly attractive for me given that I work from home – I can’t easily set a schedule to turn the heating off during the day like someone who works in an office so the heating would be on a lot of the time. Tado and Nest will to varying extents try to do this automatically, I don’t know about Hive. The Tado one at least works very well, I can’t speak to the others.

I’ve not had a bill for a full winter yet but I’m fairly sure looking at the meter that between the two features I’m saving a substantial amount of energy (and hence money and/or the environment depending on what you care about) and I’m also seeing a more constant temperature within the flat, my guess would be that most of the saving is coming from the heating being turned off when I leave the flat. For me at least this means that having the thermostat internet connected is worthwhile.

Planet DebianDirk Eddelbuettel: Running UBSAN tests via clang with Rocker

Every now and then we get reports from CRAN about our packages failing a test there. A challenging one concerns UBSAN, or Undefined Behaviour Sanitizer. For background on UBSAN, see this RedHat blog post for gcc and this one from LLVM about clang.

I had written briefly about this before in a blog post introducing the sanitizers package for tests, as well as the corresponding package page for sanitizers, which clearly predates our follow-up Rocker.org repo / project described in this initial announcement and when we became the official R container for Docker.

Rocker had support for SAN testing, but UBSAN was not working yet. So following a recent CRAN report against our RcppAnnoy package, I was unable to replicate the error and asked for help on r-devel in this thread.

Martyn Plummer and Jan van der Laan kindly sent their configurations in the same thread and off-list; Jeff Horner did so too following an initial tweet offering help. None of these worked for me, but further trials eventually lead me to the (already mentioned above) RedHat blog post with its mention of -fno-sanitize-recover to actually have an error abort a test. Which, coupled with the settings used by Martyn, were what worked for me: clang-3.5 -fsanitize=undefined -fno-sanitize=float-divide-by-zero,vptr,function -fno-sanitize-recover.

This is now part of the updated Dockerfile of the R-devel-SAN-Clang repo behind the r-devel-ubsan-clang. It contains these settings, as well a new support script check.r for littler---which enables testing right out the box.

Here is a complete example:

docker                              # run Docker (any recent version, I use 1.2.0)
  run                               # launch a container 
    --rm                            # remove Docker temporary objects when dome
    -ti                             # use a terminal and interactive mode 
    -v $(pwd):/mnt                  # mount the current directory as /mnt in the container
    rocker/r-devel-ubsan-clang      # using the rocker/r-devel-ubsan-clang container
  check.r                           # launch the check.r command from littler (in the container)
    --setwd /mnt                    # with a setwd() to the /mnt directory
    --install-deps                  # installing all package dependencies before the test
    RcppAnnoy_0.0.5.tar.gz          # and test this tarball

I know. It is a mouthful. But it really is merely the standard practice of running Docker to launch a single command. And while I frequently make this the /bin/bash command (hence the -ti options I always use) to work and explore interactively, here we do one better thanks to the (pretty useful so far) check.r script I wrote over the last two days.

check.r does about the same as R CMD check. If you look inside check you will see a call to a (non-exported) function from the (R base-internal) tools package. We call the same function here. But to make things more interesting we also first install the package we test to really ensure we have all build-dependencies from CRAN met. (And we plan to extend check.r to support additional apt-get calls in case other libraries etc are needed.) We use the dependencies=TRUE option to have R smartly install Suggests: as well, but only one level (see help(install.packages) for details. With that prerequisite out of the way, the test can proceed as if we had done R CMD check (and additional R CMD INSTALL as well). The result for this (known-bad) package:

edd@max:~/git$ docker run --rm -ti -v $(pwd):/mnt rocker/r-devel-ubsan-clang check.r --setwd /mnt --install-deps RcppAnnoy_0.0.5.tar.gz 
also installing the dependencies ‘Rcpp’, ‘BH’, ‘RUnit’

trying URL 'http://cran.rstudio.com/src/contrib/Rcpp_0.11.3.tar.gz'
Content type 'application/x-gzip' length 2169583 bytes (2.1 MB)
opened URL
==================================================
downloaded 2.1 MB

trying URL 'http://cran.rstudio.com/src/contrib/BH_1.55.0-3.tar.gz'
Content type 'application/x-gzip' length 7860141 bytes (7.5 MB)
opened URL
==================================================
downloaded 7.5 MB

trying URL 'http://cran.rstudio.com/src/contrib/RUnit_0.4.28.tar.gz'
Content type 'application/x-gzip' length 322486 bytes (314 KB)
opened URL
==================================================
downloaded 314 KB

trying URL 'http://cran.rstudio.com/src/contrib/RcppAnnoy_0.0.4.tar.gz'
Content type 'application/x-gzip' length 25777 bytes (25 KB)
opened URL
==================================================
downloaded 25 KB

* installing *source* package ‘Rcpp’ ...
** package ‘Rcpp’ successfully unpacked and MD5 sums checked
** libs
clang++-3.5 -fsanitize=undefined -fno-sanitize=float-divide-by-zero,vptr,function -fno-sanitize-recover -I/usr/local/lib/R/include -DNDEBUG -I../inst/include/ -I/usr/local/include    -fpic  -pipe -Wall -pedantic -
g  -c Date.cpp -o Date.o

[...]
* checking examples ... OK
* checking for unstated dependencies in ‘tests’ ... OK
* checking tests ...
  Running ‘runUnitTests.R’
 ERROR
Running the tests in ‘tests/runUnitTests.R’ failed.
Last 13 lines of output:
  +     if (getErrors(tests)$nFail > 0) {
  +         stop("TEST FAILED!")
  +     }
  +     if (getErrors(tests)$nErr > 0) {
  +         stop("TEST HAD ERRORS!")
  +     }
  +     if (getErrors(tests)$nTestFunc < 1) {
  +         stop("NO TEST FUNCTIONS RUN!")
  +     }
  + }
  
  
  Executing test function test01getNNsByVector  ... ../inst/include/annoylib.h:532:40: runtime error: index 3 out of bounds for type 'int const[2]'
* checking PDF version of manual ... OK
* DONE

Status: 1 ERROR, 2 WARNINGs, 1 NOTE
See/tmp/RcppAnnoy/..Rcheck/00check.logfor details.
root@a7687c014e55:/tmp/RcppAnnoy# 

The log shows that thanks to check.r, we first download and the install the required packages Rcpp, BH, RUnit and RcppAnnoy itself (in the CRAN release). Rcpp is installed first, we then cut out the middle until we get to ... the failure we set out to confirm.

Now having a tool to confirm the error, we can work on improved code.

One such fix currently under inspection in a non-release version 0.0.5.1 then passes with the exact same invocation (but pointing at RcppAnnoy_0.0.5.1.tar.gz):

edd@max:~/git$ docker run --rm -ti -v $(pwd):/mnt rocker/r-devel-ubsan-clang check.r --setwd /mnt --install-deps RcppAnnoy_0.0.5.1.tar.gz
also installing the dependencies ‘Rcpp’, ‘BH’, ‘RUnit’
[...]
* checking examples ... OK
* checking for unstated dependencies in ‘tests’ ... OK
* checking tests ...
  Running ‘runUnitTests.R’
 OK
* checking PDF version of manual ... OK
* DONE

Status: 1 WARNING
See/mnt/RcppAnnoy.Rcheck/00check.logfor details.

edd@max:~/git$

This proceeds the same way from the same pristine, clean container for testing. It first installs the four required packages, and the proceeds to test the new and improved tarball. Which passes the test which failed above with no issues. Good.

So we now have an "appliance" container anybody can download from free from the Docker hub, and deploy as we did here in order to have fully automated, one-command setup for testing for UBSAN errors.

UBSAN is a very powerful tool. We are only beginning to deploy it. There are many more useful configuration settings. I would love to hear from anyone who would like to work on building this out via the R-devel-SAN-Clang GitHub repo. Improvements to the littler scripts are similarly welcome (and I plan on releasing an updated littler package "soon").

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Geek FeminismEvery Little Thing She Does Is Linkspam (18 January 2015)

  • What Happened to All of the Women in Computer Science? | Pacific Standard (January 12): “having a personal computer as a kid was a strong predictor of choosing the major, and that parents were much more likely to buy a PC for their sons than they were for their daughters.”
  • On Sexism and Awards | Justine Larbalestier (January 13): “If you’re a man and you write a realist YA novel you’re more likely to win an award for it than a woman is.” YA fiction is more diverse in stories and authors than awards reveal.
  • An Old Fogey’s Analysis of a Teenager’s View on Social Media | The Message | Medium (January 12): “teens’ use of social media is significantly shaped by race and class, geography and cultural background.” “The fact that professionals prefer anecdotes from people like us over concerted efforts to understand a demographic as a whole is shameful. More importantly, it’s downright dangerous. It shapes what the tech industry builds and invests in, what gets promoted by journalists, and what gets legitimized by institutions of power. This is precisely why and how the tech industry is complicit in the increasing structural inequality that is plaguing our society.”
  • How to Edit Wikipedia: Lessons from a Female Contributor | Anita Borg Institute (January 13): “Beware editors who only want to talk about content; who feel that civility is not a problem on Wikipedia; who dismiss other editors or tell others to ignore problems; and who constantly derail discussions.”
  • And now, a guest performance by the Bogglemen | Rosemary For Remembrance (January 15): In reaction to the Anita Borg link above: “I am bitter and tired, I admit this, but I genuinely don’t see why women should invest their scarce time and resources in contributing to a public resource, no matter how valuable, that tolerates the behavior described.”
  • The ‘strong female character’ is dead. All hail the complicated woman. | The Washington Post (January 13): “What was best in film and television last year was the stripping away of the requirement that female characters have to be “strong” to be interesting or admirable.”
  • Agent Carter’s ‘Feminism’ Is More About Making Money Than Gender Equality | In These Times (January 13): “Given Marvel’s influence, yes, it’s good that Agent Carter has feminist ambitions, a strong female lead, even some understanding of women’s history. And that should be the standard for all Marvel movies, because, like it or not, they’re one of the most powerful cultural forces in the world. This is what the “representation” part of feminist analysis is good at demanding: If these entertainments are going to be ubiquitous, they had better not be harmful.
    But let us not confuse a corporation adjusting its marketing strategy with “feminism.” Let us not assume Marvel wishes to do anything but acquire a new revenue stream, and let us not, dear Lord, commit the sin of gratitude for the bare minimum.”
  • “It’s [Not] Okay”: How Women Die In Comic Book Movies | The Mary Sue (January 12): “Comic books and their adaptations, which we are thankfully getting a whole lot more of, can be a powerful tool in shaping our culture’s perception of women, and it’s time that script writers quit relying on the deaths of women to make their stories appear more interesting.”
  • YC Demographics | YCombinator (January 14): “Based on analyzing a random sample of 5% of YC winter 2015 applicants, 11.8% of the founders who applied were women and around 3% percent of the founders were either Black or Hispanic.
    Of the founders we funded in our most recent batch, 11.1% of the founders are women (about 23% of the startups have one or more female founders), 3.7% of the founders are Hispanic, and 4% of the founders are Black.”
  • Announcing AdaCamp Montreal: apply now to join us in Montreal in April! | Ada Initiative (January 14): “AdaCamp Montreal, our seventh AdaCamp, will be held in downtown Montreal, Quebec, Canada. on April 13th–14th, 2015, just after PyCon. The event will involve an unconference held over the two days, along with evening social events.” “Deadline for applications requesting travel assistance is Friday, February 13 2015; all other applications are due February 27th or earlier depending on demand. (we recommend you apply ASAP)”
  • Corporate social responsibility and open source volunteering | Growstuff (January 15): “Does your company have a corporate social responsibility (CSR) program? Do your staff volunteer on community projects as part of it? Do your software engineers or other technical staff offer their skills to community organisations or other good causes? If you run an open source project, especially one related to a social cause, have you ever invited companies to participate in your project as part of their CSR efforts? How do you make it easy for CSR volunteers to help out?…Here are some of my tips for successfully matching corporate volunteers with open source projects, and working productively together.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet DebianEvolvisForge blog: Debian/m68k hacking weekend cleanup

OK, time to clean up ↳ tarent so people can work again tomorrow.

Not much to clean though (the participants were nice and cleaned up after themselves ☺), so it’s mostly putting stuff back to where it belongs. Oh, and drinking more of the cool Belgian beer Geert (Linux upstream) brought ☻

We were productive, reporting and fixing kernel bugs, fixing hardware, swapping and partitioning discs, upgrading software, getting buildds (mostly Amiga) back to work, trying X11 (kdrive) on a bare metal Atari Falcon (and finding a window manager that works with it), etc. – I hope someone else writes a report; for now we have a photo and a screenshot (made with trusty xwd). Watch the debian-68k mailing list archives for things to come.

I think that, issues with electric cars aside, everyone liked the food places too ;-)

Planet DebianAndreas Metzler: Another new toy

Given that snow is yet a little bit sparse for snowboarding and the weather could be improved on I have made myself a late christmas present: Torggler TS 120 Tourenrodel Spezial

It is a rather sporty rodel (Torggler TS 120 Tourenrodel Spezial 2014/15, 9kg weight, with fast (non stainless) "racing rails" and 22° angle of the runners) but not a competition model. I wish I had bought this years ago. It is a lot more comfortable than a classic sled ("Davoser Schlitten"), since one is sitting in instead of on top of the sled somehow like in a hammock. Being able to steer without putting a foot into the snow has the nice side effect that the snow stays on the ground instead of ending up in my face. Obviously it is also faster which is a huge improvement even for recreational riding, since it makes the difference between riding the sledge or pulling it on flattish stretches. Strongly recommended.

FWIW I ordered this via rodelfuehrer.de (they started with a guidebook of luge tracks, which translates to "Rodelführer"), where I would happily order again.

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-01-12 to 2015-01-18

Planet Linux AustraliaSonia Hamilton: SaltStack Ubuntu Hostname

SaltStack currently doesn’t set the hostname correctly on Debian/Ubuntu. For example, this won’t work:

system:
    network.system:
      - enabled: True
      - hostname: server1.example.com

Here’s a little shell script I wrote, to get around this problem:

% cat set_hostname.sh 
#!/bin/bash

hn=$1
hostname $hn
echo $hn > /etc/hostname
sed -i "1s/.*/127.0.0.1 localhost $hn/" /etc/hosts

Then apply it using cmd.script, for example:

foo-hostname:
  cmd.script:
    - source: salt://soe/set_hostname.sh
    - args: foo.bar.com
    - unless: grep -q "foo.bar.com" /etc/hosts

Planet DebianChris Lamb: Adjusting a backing track with SoX

Earlier today I came across some classical sheet music that included a "playalong" CD, just like a regular recording except it omits the solo cello part. After a quick listen it became clear there were two problems:

  • The recording was made at A=442, rather than the more standard A=440.
  • The tempi of the movements was not to my taste, either too fast or too slow.

SoX, the "Swiss Army knife of sound processing programs", can easily adjust the latter, but to remedy the former it must be provided with a dimensionless "cent" unit—ie. 1/100th of a semitone—rather than the 442Hz and 440Hz reference frequencies.

First, we calculate the cent difference with:

https://d1icoid1cnixnp.cloudfront.net/yadt/blog.Image/image/original/24.jpeg

Next, we rip the material from the CD:

$ sudo apt-get install ripit flac
[..]
$ ripit --coder 2 --eject --nointeraction
[..]

And finally we adjust the tempo and pitch:

$ apt-get install sox libsox-fmt-mp3
[..]
$ sox 01.flac 01.mp3 pitch -7.85 tempo 1.00 # (Tuning notes)
$ sox 02.flac 02.mp3 pitch -7.85 tempo 0.95 # Too fast!
$ sox 03.flac 03.mp3 pitch -7.85 tempo 1.01 # Close..
$ sox 04.flac 04.mp3 pitch -7.85 tempo 1.03 # Too slow!

(I'm converting to MP3 at the same time it'll be more convenient on my phone.)

Planet Linux AustraliaAndrew Pollock: [life] Day 351: Camping set up

Today was the big day. Pack up and drive to Bribie Island for two nights camping. This was the first time I've attempted camping since moving back to Australia (and being on my own). I like camping, and Zoe absolutely loves it, but I've found the idea of trying to do it all on my own a bit daunting, and it's taken me this long to get around to tackling it.

We managed to get the car packed up and be on the road by about 9:30am. Zoe was really helpful, and was able to help carry some of the lighter, less bulky stuff down to the car for me, that that was an unexpected bonus. Everything fit reasonably well with half of the back seats folded down.

We made good time getting there, and arrived at the caravan park by about 10:45am, but check in wasn't until 1:30pm, so we pottered around, and ended up back on the calm side of the island and had some lunch in the park there. After lunch, we caught up with Zoe's Great Aunty Pam for an ice cream before returning to the caravan park to check in.

We'd just started pegging down the tent when it became apparent that the very large caravan that was trying to maneuver into the site next to ours wasn't going to fit, so I offered to do a swap with them before I got any further invested in our site, so we had to pull up the tent and start over on the site next door.

This was the first time I'd put up this tent, so there was all the attendant trial and error of putting it up. I've learned all the lessons now, so I'll be better next time. Zoe was again super helpful, and we were able to put the tent up together successfully. It was ridiculously hot, and very sweaty work.

After we got the tent up, we went for a swim in the pool to cool off, before I started on dinner. The first night's dinner was just some spaghetti bolognaise. I'd pre-made the bolognaise at home and frozen it, so I just had to reheat it on the stove. The caravan park had a pretty decent camp kitchen, but I was trying to see how much I could be self-sufficient, so I did all the cooking on the gas stove I'd brought with me.

I got Zoe to bed a little bit later than normal, but she slept pretty well, despite the heat. It took me hours to get to sleep, despite being exhausted, because I found the tent uncomfortably hot. I was really happy with how the set up day had gone though, and Zoe had an absolute ball. It was totally worth all the effort.

Planet Linux AustraliaAndrew Pollock: [life] Day 350: Doctor, laying low, camping preparation

We didn't have a lot planned for the day, and given that we were embarking on a camping trip the following day, I decided to keep it that way. As it was, we still managed to have a pretty busy day.

I started the day off with a run, and managed to do 10 kilometres for the first time in ages. It was a dreadful time, but I was going for progress over perfection.

I didn't realise I had a chiropractic adjustment, so I had to go straight to the chiropractor after my run and sweat all over everything. I felt so bad, but I haven't had an adjustment since before Christmas, so it was great.

Then Sarah dropped Zoe off, and I finally got to have a shower and some breakfast. After that, we headed over to the doctor for the obligatory weekly wart freezing appointment. I think it's been the production it has been because the doctor hasn't been able to give it a really decent hit with the liquid nitrogen, but it's definitely shrinking. She was super brave and even let the doctor give it a bit of a scrape with a scalpel to take off some of the top layers of dead skin. I'm grateful that we have the relationship that we do, because she was a bit scared, but she trusted me anyway, and it all worked out fine.

On the way home, we picked up some mail from the post office. I have to resubmit one unit of my real estate licence course, because I made a mistake, but I passed the other one. I think I'm waiting for one more unit to come back.

After that, we just hung out at home until after lunch, and then went to Woolworths to do some grocery shopping. We ran into Lachlan there, and Zoe and Lachlan had a great time hanging out while we did the grocery shopping.

Instead of getting ready for camping, I decided to have a crack at baking one of the things I want to put in Zoe's school lunchbox, some Hidden Veggie Lunchbox Scrolls. They turned out pretty good, like something you'd get from Baker's Delight. The challenge now is to make space for them in the freezer.

Planet DebianIan Campbell: Using Grub 2 as a bootloader for Xen PV guests on Debian Jessie

I recently wrote a blog post on using grub 2 as a Xen PV bootloader for work. See Using Grub 2 as a bootloader for Xen PV guests over on https://blog.xenproject.org.

Rather than repeat the whole thing here I'll just briefly cover the stuff which is of interest for Debian users (if you want all full background and the stuff on building grub from source etc then see the original post).

TL;DR: With Jessie, install grub-xen-host in your domain 0 and grub-xen in your PV guests then in your guest configuration, depending on whether you want a 32- or 64-bit PV guest write either:

kernel = "/usr/lib/grub-xen/grub-i386-xen.bin"

or

kernel = "/usr/lib/grub-xen/grub-x86_64-xen.bin"

(instead of bootloader = ... or other kernel = ..., also omit ramdisk = ... and any command line related stuff (e.g. root = ..., extra = ..., cmdline = ... ) and your guests will boot using Grub 2, much like on native.

In slightly more detail:

The forthcoming Debian 8.0 (Jessie) release will contain support for both host and guest pvgrub2. This was added in version 2.02~beta2-17 of the package (bits were present before then, but -17 ties it all together).

The package grub-xen-host contains grub binaries configured for the host, these will attempt to chainload an in-guest grub image (following the Xen x86 PV Bootloader Protocol) and fall back to searching for a grub.cfg in the guest filesystems. grub-xen-host is Recommended by the Xen meta-packages in Debian or can be installed by hand.

The package grub-xen-bin contains the grub binaries for both the i386-xen and x86_64-xen platforms, while the grub-xen package integrates this into the running system by providing the actual pvgrub2 image (i.e. running grub-install at the appropriate times to create an image tailored to the system) and integration with the kernel packages (i.e. running update-grub at the right times), so it is the grub-xen which should be installed in Debian guests.

At this time the grub-xen package is not installed in a guest automatically so it will need to be done manually (something which perhaps could be addressed for Stretch).

Planet DebianGuido Günther: whatmaps 0.0.9

I have released whatmaps 0.0.9 a tool to check which processes map shared objects of a certain package. It can integrate into apt to automatically restart services after a security upgrade.

This release fixes the integration with recent systemd (as in Debian Jessie), makes logging more consistent and eases integration into downstream distributions. It's available in Debian Sid and Jessie and will show up in Wheezy-backports soon.

This blog is flattr enabled.

Planet Linux AustraliaMichael Still: Taylor Trig

At the top of Mount Taylor lies the first trig point defeated by a group walk I've been on. Steve * 3, Erin, Michael *2, Andrew, Cadell, Maddie, Mel, Neill and Jenny all made it to the top of this one, so I'm super proud of us as a group. A nice walk and Mount Taylor clearly has potential for other walks as well, so I am sure I'll return here again.

                 

Interactive map for this route.

Tags for this post: blog pictures 20150118-mount_taylor photo canberra tuggeranong bushwalk trig_point
Related posts: A walk around Mount Stranger; Urambi Trig; Walk up Tuggeranong Hill; A quick walk to Tuggeranong Trig; Wanniassa Trig; Another lunch time walk

Comment

Rondam RamblingsOpen mic night on Rondam Ramblings

Whew, I have just spent an inordinate amount of time responding to various dangling comment threads.  Despite my best efforts, I fear I may have left some points or questions unanswered.  If I did, I apologize.  If there's anything you'd like me to respond to that I haven't, please post it in the comments section of this post.  (If you're picking up a thread from another post, please include a

Planet DebianRogério Brito: Uploading SICP to Youtube

Intro

I am not alone in considering Harold Abelson and Gerald Jay Sussman's recorded lectures based on their book "Structure and Interpretation of Computer Programs" is a masterpiece.

There are many things to like about the content of the lectures, beginning with some pearls and wisdom about the craft of writing software (even though this is not really a "software enginneering" book), the clarity with which the concepts are described, the Freedom-friendly aspects of the authors regarding the material that they produced and much, the breadth of the subjects covered and much more.

The videos, their length, and splitting them

The course consists of 20 video files and they are all uploaded on Youtube already.

There is one thing, though: while the lectures are naturally divided into segments (the instructors took a break in after every 30 minutes or so worth of lectures), the videos corresponding to each lecture have all the segments concatenated.

To better watch them, accounting for the easier possibility to put a few of the lectures in a mobile device or to avoid fast forwarding long videos from my NAS when I am watching them on my TV (and some other factors), I decided to sit down, take notes for each video of where the breaks where, and write a simple Python script to help split the videos in segments, and, then, reencode the segments.

I decided not to take the videos from Youtube to perform my splitting activities, but, instead, to operate on one of the "sources" that the authors once had in their homepage (videos encoded in DivX and audio in MP3). The videos are still available as a torrent file (with a magnet link for the hash 650704e4439d7857a33fe4e32bcfdc2cb1db34db), with some very good souls still seeding it (I can seed it too, if desired). Alas, I have not found a source for the higher quality MPEG1 videos, but I think that the videos are legible enough to avoid bothering with a larger download.

I soon found out that there are some beneficial side-effects of splitting the videos, like not having to edit/equalize the entire audio of the videos when only a segment was bad (which is understandable, as these lectures were recorded almost 30 years ago and technology was not as advanced as things are today).

So, since I already have the split videos lying around here, I figured out that, perhaps, other people may want to download them, as they may be more convenient to watch (say, during commutes or whatever/whenever/wherever it best suits them).

Of course, uploading all the videos is going to take a while and I would only do it if people would really benefit from them. If you think so, let me know here (or if you know someone who would like the split version of the videos, spread the word).

,

Planet DebianJonathan Wiltshire: Alcester BSP, day two

Neil has abandoned his reputation as an RM machine, and instead concentrated on making the delayed queue as long as he can. I’m reliably informed that it’s now at a 3-year high. Steve is delighted that his reigning-in work is finally having an effect.


Alcester BSP, day two is a post from: jwiltshire.org.uk | Flattr

Planet DebianTim Retout: CPAN PR Challenge - January - IO-Digest

I signed up to the CPAN Pull Request Challenge - apparently I'm entrant 170 of a few hundred.

My assigned dist for January was IO-Digest - this seems a fairly stable module. To get the ball rolling, I fixed the README, but this was somehow unsatisfying. :)

To follow-up, I added Travis-CI support, with a view to validating the other open pull request - but that one looks likely to be a platform-specific problem.

Then I extended the Travis file to generate coverage reports, and separately realised the docs weren't quite fully complete, so fixed this and added a test.

Two of these have already been merged by the author, who was very responsive.

Part of me worries that Github is a centralized, proprietary platform that we now trust most of our software source code to. But activities such as this are surely a good thing - how much harder would it be to co-ordinate 300 volunteers to submit patches in a distributed fashion? I suppose you could do something similar with the list of Debian source packages and metadata about the upstream VCS, say...

Planet DebianUlrike Uhlig: Updating a profile in Debian’s apparmor-profiles-extra package

I have gotten my first patch to the Pidgin AppArmor profile accepted upstream. One of my mentors thus suggested that I’d patch the updated profile in the Debian package myself. This is fairly easy and requires simply that one knows how to use Git.

If you want to get write access to the apparmor-profiles-extra package in Debian, you first need to request access to the Collaborative Maintenance Alioth project, collab-maint in short. This also requires setting up an account on Alioth.

Once all is set up, one can export the apparmor-profiles-extra Git repository.
If you simply want to submit a patch, it’s sufficient to clone this repository anonymously.
Otherwise, one should use the “–auth” parameter with “debcheckout”. The “debcheckout” command is part of the “devscripts” package:

debcheckout --auth apparmor-profiles-extra

Go into the apparmor-profiles-extra folder and create a new working branch:

git branch workingtitle
git checkout workingtitle

Get the latest version of profiles from upstream. In “profiles”, one can edit the profiles.

Test.

The debian/README.Debian file should be edited: add what relevant changes one just imported from upstream.

Then, one could either push the branch to collab-maint:

git commit -a
git push origin workingtitle

or simply submit a patch to the Debian Bug Tracking System against the apparmor-profiles-extra package.

The Debian AppArmor packaging team mailing list will receive a notification of this commit. This way, commits can be peer reviewed and merged by the team.

Planet Linux AustraliaChris Smart: Creating a DMZ in OpenWRT

In computing, a DMZ (demilitarized zone) is a method for separating untrusted traffic from a trusted network. One of the most common implementations of this would be for supporting a publicly accessible server (such as web) on a local internet connection. The server sits in the DMZ and can be accessed from the Internet, but it cannot access the trusted network.

OpenWRT probably needs no introduction, the brilliant open source and community driven Linux based embedded router stack. I run it on my Netgear WNDR3800.

Netgear WNDR3800 running OpenWRT

Netgear WNDR3800 running OpenWRT

I have an ODRIOD-U3 (little ARM box) running Fedora, which runs a web server. This is what I want to make publicly available in my DMZ.

So, how to create a DMZ in OpenWRT? Some commercial routers have a single button “make a DMZ” and everything is handled behind the scenes for you. Not so with OpenWRT; it’s powerful, transparent, and only does what you tell it to, so we have to create it manually.

Physical devices

My router has a bunch of physical interfaces:

  • eth0 (switch)
  • eth1 (ethernet)
  • wlan0 (wireless card)
  • wlan1 (5GHz wireless card)

The eth1 device maps to the physical WAN port on the back of the router. It’s important to note that the physical interfaces may differ from router to router, depending on the chipsets.

The Switch

The switch (eth0) includes a number of ports, including the four physical ones on the back of the router, a fifth one that’s not used, as well as one that connects to the CPU.

The switch supports VLANs (virtual LANs), and by default OpenWRT puts all of those ports into VLAN 1. This means that physical connections in those four ports at the back are on the same virtual switch and are able to communicate with each other. You can imagine that if I changed the VLAN of one of those ports to VLAN 10, that the device plugged into that port would no-longer be able to communicate with other devices on the switch. This is the basis for our DMZ.

That VLAN 1 actually creates a new interface on the router:

  • eth0.1 (VLAN 1)

The configuration of the switch (including the mapping of ports to VLANs) is available under the switch menu, Network -> Switch.

Note: The port numbers on the switch in OpenWRT do not necessarily map in the right direction to the back of the router. In my case, port 0 on the switch is port 4 on the back of the router.

Creating a new VLAN

The first thing we want to do is create VLAN 10 and then assign one of the ports to that VLAN, removing it from VLAN 1.

  • Browse to Network -> Switch
  • Click Add to make a new VLAN entry
  • Set this new entry’s VLAN ID to 10
  • In the VLAN 1 row, change Port 0 to off
  • In the VLAN 10 row, change Port 0 to untagged
  • In the VLAN 10 row, change CPU port to tagged
Create VLAN

Create VLAN

Setting VLAN to untagged tells the switch to add the appropriate VLAN tag to each ethernet frame as the traffic exits that port. The setting tagged means that the switch should expect that traffic leaving the port has already been tagged, perhaps by the operating system running on the device which is attached to the port.

Port 0 (port 4 on the back of the router) is now in VLAN 10, while the remaining three ports are in VLAN 1 and so it is now isolated from the others. The CPU is also in VLAN 10, else we would not be able to pass any traffic to port 0.

That new VLAN 10 creates a new interface on the router:

  • eth0.10 (VLAN 10)

Interfaces

In OpenWRT you create virtual network interfaces which map to physical devices on the router. These are available under the Network -> Interfaces menu.

For example, my router has:

  • LAN (for my internal local area network)
  • WAN (for the external Internet connection)

One or more physical devices are attached to these zones, for example in my case:

  • LAN (bridges VLAN 1 eth0.1, wlan1 and wlan0 together)
  • WAN (eth1)

The LAN bridge creates a new interface on the router:

  • br-lan (bridged LAN)

Creating a new interface

Once we have created our new VLAN, we want to create a new a interface for the DMZ. In the same way that the VLAN 1 device, eth0.1, is attached to the LAN interface, we will attach VLAN 10 device, eth0.10, to our new DMZ interface.

  • Browse to Network -> Interfaces
  • Click Add New Interface to make a new DMZ zone
  • Set the name of the new interface to DMZ
  • Leave the protocol of the new interface to static
  • Ensure bridge over multiple interfaces remains unchecked
  • For the interface, select only VLAN Interface: “eth0.10″
  • Click Submit
Create Interface

Create Interface

You should be presented with a new configuration screen for this interface.

  • Set IPv4 address to something in a new range different to LAN, e.g. if your LAN is 192.168.1.1 then set DMZ to 192.168.0.1
  • Leave the rest of the settings blank, you do not need to set routes, or IPv6 if you don’t want to
Interface Configuration

Interface Configuration

  • Click on the Advanced Settings tab
  • Ensure Bring up on boot is ticked
  • If you don’t want IPv6, untick Use builtin IPv6-management
Interface Configuration - Advanced

Interface Configuration – Advanced

  • Click on the Physical Settings tab, should already be set to eth0.10
Interface Configuration - Physical

Interface Configuration – Physical

  • Click on the Firewall Settings tab
  • Under Create / Assign firewall-zone select unspecified -or- create and type dmz
  • Click Save and Apply
Interface Config - Firewall

Interface Config – Firewall

  • If you want to run DHCP on your DMZ, then under DHCP Server click Setup DHCP Server button, leave default settings
Interface Config - DHCP

Interface Config – DHCP

We now have a new interface or zone called for the DMZ that’s set to use out DMZ VLAN. It has a new firewall policy assigned to it, dmz, which we now need to configure.

Firewall

Now we need to configure the firewall to do a few things:

  • Allow the DMZ to talk to the WAN zone, so that devices can access the Internet
  • Allow the LAN zone to talk to the DMZ, but not the other way around
  • Add some traffic rules opening ports 53 and 67, so that devices from the DMZ can access DNS and DHCP services on the router’s DMZ IP address
  • Finally, forward the HTTP port (80) from external internet WAN interface onto a device in the DMZ

Let’s do zone settings first.

  • Browse to Network -> Firewall
  • Under the Zones section on General Settings page, edit the dmz zone
  • Leave the name set to dmz
  • Set input to reject, so that we drop all incoming packets by default
  • Leave output as accept, although you could set this to reject by default but you’ll require specific outgoing rules as required (like for Yum updates)
  • Leave Masquerading and MSS clamping disabled
  • Under Covered networks ensure that only dmz is selected
Firewall

Firewall

  • Under the section Inter-Zone Forwarding, ensure Allow forward to destination zones is set only to WAN
  • ensure Allow forward from source zones is set only to LAN
Zone Forwarding

Zone Forwarding

  • Click Advanced Settings tab
  • If you don’t want IPv6, you can set Restrict to address family to IPv4 only
  • Tick Enable logging on this zone, so that we can see what’s happening
Firewall Configuration - Advanced

Firewall Configuration – Advanced

Now let’s do port forwards.

  • Click on the Port Forwards tab
  • Under New port forward section, give a name, such as dmz-http
  • Set Protocol to TCP
  • Set External zone to WAN
  • Set External port to 80
  • Set Internal zone to DMZ
  • Set Internal IP address to your DMZ server, e.g. 192.168.0.100
  • Set Internal port to 80
  • Click Add when you’re happy
  • Repeat for HTTPS port 443 if you want to run a secure server
Port Forwarding

Port Forwarding

Finally, let’s finish with traffic rules.

  • Click on the Traffic Rules tab
  • Under Open ports on router, set a name like dhcp-dns
  • Under Protocol, select UDP
  • Under Port, set 53
  • Click Add
  • Find your new rule in the list and click edit
  • Set Destination address to your router’s DMZ IP address
  • Repeat for DHCP port 67 UDP if you want to use router’s DHCP server, but don’t set the destination address as DHCP is broadcast
Firewall Traffic - DHCP & DNS

Firewall Traffic – DHCP & DNS

If you want to be able to ping the router from the DMZ clients, do this.

  • Set a name like ping-dmz
  • Set protocol to Other
  • Click Add
  • In the new configuration page, set Protocol to ICMP
  • Set Match ICMP type to echo reply
  • Set Source zone to dmz
  • Leave Destination zone to Device (input)
  • Set Destination address to your router’s DMZ IP address
  • Click Save
Firewall Traffic - Ping

Firewall Traffic – Ping

Checking the logs

Remember we told the router to log the DMZ? Well now we can monitor the firewall rules by browsing to Status -> Kernel Log. Here you should be able to see any rejects that are happening, which is useful to work out why something isn’t happening as you expect on the DMZ.

For example, disable the dmz-ping rule and then try to ping the router from your DMZ server. Refresh the Kernel Log and you should see entries appear.

Testing

Plug in a device, see if it gets an IP address. Try to ping 8.8.8.8 (Google DNS server), then try to ping google.com.

Set up a web server on your DMZ box, or use netcat to listen on port 80. Get your external IP address from the router, or Google “my ip”. Now get a friend to browse to your IP and see if you see your web server.

Nice.

Falkvinge - Pirate PartyPutin’s Unreported Genius On Ukraine: Currency Warfare

Putin-dancing-lighter

Europe: Putin did not invade Ukraine to invade Ukraine, but as a genius invasion against the U.S. Dollar. Almost all media have missed the high-level geopolitical chess at play and focused so narrowly on the individual moves, that they’re completely missing the big picture. There’s currently a war about what reserve currency the world should use – and the U.S. is poised to lose.

We can see this in how biased the reporting is toward Western political actions being favorable and working. The sanctions are not only not working, they were a trap for the U.S. Dollar in the first place. Putin has been the one in control of the situation for the past decade and more, and he’s playing a long-term game.

Any reporter who regurgitates the oft-repeated statement that Western sanctions are the cause of Russian economic problems is 100% wrong. Not just wrong on details or nuance, but wrong in the worst “politicians-are-right-because-they-said-so-themselves” type of way.

Background

Putin is trying to unsettle the U.S. Dollar’s reserve-currency status. If that succeeds, the U.S. Empire will collapse like a house of cards. Today, if you live in Germany and want to buy something from China, you must first purchase U.S. Dollars from the U.S., and then exchange those USD for the goods you want from China. This means that the U.S. is literally in a position to print as much money as they want, and the world is supporting consumption levels in the U.S. that go way beyond their means – not to mention a military that is vastly overstretched.

The key to maintaining this reserve-currency status lies in the vital energy trade. As long as energy (oil, gas, uranium, coal) is traded in USD, the USD is a reserve currency for all other trade. The usual term for this lock-in arrangement is the “petrodollar” – the connection between the USD and oil trade which reinforces the USD’s de-facto status as default trade currency.

Putin has spent the past 15 years making the world’s largest economy – Europe – completely dependent on Russian energy: oil, natural gas, and uranium. Europe cannot do without Russian energy at this point in time.

However, it is still traded in US Dollars. And Russia is not in a position to demand that its customers start paying in Rubles or something else than USD at this point. It needed to get its customers to demand the ability to pay for Russian energy in something else than USD. If Russia could make her own energy trade happen in something else than USD, the United States’ overstretched empire would collapse in short order.

So what could Russia possibly do to cause its energy customers to demand settlement for Russian energy to happen in something else than USD?

Russia needed its customers to ban trade in US Dollars – or needed the US to ban Russian customers from using the US Dollar when buying energy from Russia.

Russia needed sanctions from the United States, so its energy supply to Europe couldn’t be denominated in US dollars anymore.

So how do you willingly cause the US to invoke sanctions? You need to provoke the international community in a way that goes well beyond acceptable behavior, but does not meet the bar for a military response. That’s a very delicate dance to perform.

Putin needed a non-NATO country to harass in order to lay the intended trap for the U.S. Dollar.

Invading Ukraine

Hence the invasion of Ukraine, a series of moves that have defied any normal military routine. It has been constant and consistent provocation, but has equally consistently not met the bar for a military response from the West.

And Obama took the bait hook, line and sinker, and issued the sanctions in question against the Russian economy. Western media has falsely and parrotly portrayed these sanctions as successful, when they were the desired outcome all along from the Russian side.

Putin’s invasion of Ukraine was not an invasion of Ukraine. It was a trap for the US Dollar, a trap that sprung perfectly.

And in the months that have followed, Russia has successfully withdrawn from the petrodollar, which has negative exports for the first time in 18 years. The trap is working perfectly, despite the current fall (crash) in oil price that has other causes entirely.

So now, when the largest French energy company Total is looking to exploit a new large Russian natural gas project in Yamal, a joint venture with Russia’s Novatek and China’s CNPC, it is going to invest “yuan, euros, rubles… anything but the US Dollar”. And it doesn’t care that it’s not using the USD. It’s not allowed to and it doesn’t care. This is the company with the CEO that went on record saying there’s no reason to uphold the petrodollar, and who died in a plane crash shortly after making that statement.

This is geopolitics at high levels, where laws do not apply.

In effect, Putin has successfully defeated the US Empire by defeating the petrodollar, unless Obama has a last-ditch ace up his sleeve at this point.

Finally, there is an impression in Western media that Putin would be “incapable” of sophisticated schemes like this – that Vladimir Putin would be an unsophisticated simpleton. That image doesn’t pass the simplest of smell tests.

Putin is the president of Russia. Russian power is cutthroat to unimaginable levels. To not just reach the top, but also stay at the top, you need to be long-term, cynical, and results-oriented to levels not even understood in the West. Long-term as in taking 15 years to set the bait by making Europe dependent on Russian energy. That’s why Putin comes across as “mad and irrational” to Western policymakers; the Russian thought processes are more ruthless than anything relatable in the West.

But “mad and irrational” doesn’t make somebody a Russian president. “Mad and irrational” makes somebody a Russian homeless. Therefore, Western media are either painting a propagandistic picture of Putin on purpose, or not understanding the utterly pragmatic way of thinking. Therefore, claims that Putin is unpredictable and irrational don’t pass the simplest of smell tests. To the contrary, he’s genius and he’s a very very skilled power player.

Shale Oil and the Ruble

Now, the Russian economy and the Ruble are failing short-term, but not because Russia is locked out from access to the dollar; that part is helping the Russian economy. The reason the Russian economy is failing is because half of their GDP is based on fossil fuels, and that U.S. domestic oil production has halved the cost of oil.

But that’s a different story, and one that hurts the United States almost as much as it hurts Russia. That’s primarily Saudi Arabia flexing its muscles and also trying to outcompete the United States and Russia and Iran, which is another problem entirely.

Planet DebianGuido Günther: krb5-auth-dialog 3.15.4

To keep up with GNOMEs schedule I've released krb5-auth-dialog 3.15.4. The changes of 3.15.1 and 3.15.4 include among updated translations, the replacement of deprecated GTK+ widgets, minor UI cleanups and bug fixes a header bar fix that makes us only use header bar buttons iff the desktop environment has them enabled:

krb5-auth-dialog with header bar krb5-auth-dialog without header bar

This makes krb5-auth-dialog better ingtegrated into other desktops again thanks to mclasen's awesome work.

This blog is flattr enabled.

Geek FeminismWhat to expect when you’re linkspamming (16 January 2015)

  • The Top 10 (%) Tech Rules by Leslie Miley | Model View Culture: “This process is so biased it’s amazing it still exists. Every step along the way, exclusionary hurdles are introduced to limit the candidate pool. Sourcers are directed to specific companies and instructed to focus on certain schools. Recruiters are told by hiring managers that they prefer certain companies and schools over others. By the time candidates are in the on-site interview it’s clear they went to the right school, worked at the right companies and in the case of employee referrals, know the right people. They are shepherded through the process much like a child is taken to their first day at preschool.”
  • “Misogyny in the Valley”| Consulting Adult: “Women need space to be themselves at work. Until people who have created their success by worshipping at the temple of male behavior, like Sheryl Sandberg, learn to value alternate behaviors, the working world will remain a foreign and hostile culture to women. And if we do not continuously work to build corporate cultures where there is room for other behaviors, women will be cast from or abandoned in a world not of our making, where we continuously ‘just do not fit in,’ but where we still must go to earn our livings.”
  • Adam Grant and Sheryl Sandberg on Why Women Stay Quiet at Work | NYTimes.com: “Suspecting that powerful women stayed quiet because they feared a backlash, Professor Brescoll looked deeper. She asked professional men and women to evaluate the competence of chief executives who voiced their opinions more or less frequently. Male executives who spoke more often than their peers were rewarded with 10 percent higher ratings of competence. When female executives spoke more than their peers, both men and women punished them with 14 percent lower ratings. As this and other research shows, women who worry that talking “too much” will cause them to be disliked are not paranoid; they are often right.”
  • Preliminary Results From WIGI, The Wikipedia Gender Inequality Index | notconfusing: “WIGI is the Wikipedia Gender Inequality Index, a project whose purpose is to attempt to gain insight into the gender gap through understanding which humans are represented in Wikipedia. Professor Piotr Konieczny, and myself thought that, whereas some gender gap research focuses on the editors of Wikipedia directly, we would view the content and metadata of articles as a proxy measure for those editing.”
  • Quinnspiracy Blog – 2015: Zoe Quinn checks in at the start of 2015.
  • Stop Centering the Majority in Minority Space | Julie Pagano: “Underrepresented groups get so few spaces where they are the focus. Spaces where they get to see people like themselves on stage and learn from them. Spaces where people like them are prioritized. Seeing someone from the majority in a position of prominence in that space is demoralizing. It means that yet again the majority is given priority, even in a space that isn’t supposed to be about them. It’s especially a punch to the gut when someone you actually want to hear from is on the stage as a glorified prop — an interviewer to ask questions.”
  • She Makes Comics: A New Documentary Explores the History of Women in Comics | Bitch Magazine: “Marisa Stotter is the director of She Makes Comics, a self-described feminist and geek who moved to Los Angeles to work in the film industry in 2013. After She Makes Comics was released last month, we talked on the phone about her experience directing a film for the first time, her hope that more people begin to participate in comic culture, and the importance of celebrating women’s achievements in the comics scene. Watch the trailer below.”
  • Is ‘SimCity’ Homelessness a Bug or a Feature? | Motherboard: “For Bittanti, it’s impossible not to see the connections between the homeless problem in the Bay Area and the way it’s portrayed in SimCity. ‘That is, can we fix homelessness in SimCity, or because we haven’t fixed homelessness as a problem in real life, therefore we are bound to lose?’ Bittanti asked. ‘Is SimCity a reflection of what’s happening in reality, and therefore is very realistic, or is it a programming issue?'”
  • Dalhousie turns down formal faculty complaint against Facebook ‘Gentlemen’: [CW: rape; use of drugs to facilitate rape; medical abuse] Apparently, half the male students at the Dalhousie dental school made jokes on Facebook about raping sedated women. The university administration, unsurprisingly, isn’t handling it well.
  • “scott aaronson has dug himself into a bit of a hole”: “scott aaronson has dug himself into a bit of a hole, and it’s picking at scabs of mine, so i’m going to try to do a bit of a response from the perspective of a woman in STEM who has for a long time admired aaronson’s work… i haven’t yet seen a response from someone who a) is within STEM, who knows exactly what it’s like to have people like scott as colleagues and mentors, and b) has commented on the mental illness/neuro-atypicality aspect of things that scott describes as an affliction unique to male nerds.”
  • How People You’ve Never Heard of Got To Be the Most Powerful Users on Pinterest | Backchannel — Medium: “The story of how these (mostly) women won a jackpot they never entered is one that reveals how conference room strategizing in a social media startup’s early years can have lasting and meaningful consequences for its members’ lives. What might have been for Pinterest a temporary experiment — a way of recommending accounts to solve an onboarding headache or high bounce rate — has, for some Pinterest users, persisted for years as a source of income, bewildering attention and uncertainty.”
  • “To anthology editors”, a corollary | Epiphany 2.0: “Anthology editors, if you really don’t understand why reading a diverse range of authors for your anthology is a good idea, don’t try to fake it. Don’t try to do it anyway just to avoid controversy. Do some reading — starting with her essay — have difficult conversations with your friends, push the boundaries of your comfort zones, do whatever you have to do to get it. Then? Then we can talk.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet DebianDiego Escalante Urrelo: Link Pack #03

What’s that? The third edition of Link Pack of course!


Playing with Power (7 minutes, Vimeo)
A super awesome story about a stop motion animator that turned a Nintendo Power Glove into the perfect animation tool. It’s a fun, inspiring video :-). I love the Power Glove, it’s so bad.

The Power Glove – Angry Video Game Nerd – Episode 14 (12 minutes, YouTube)
On the topic of the Power Glove, here’s the now classic Angry Video Game Nerd video about it. James Rolfe is funny.

Ship Your Enemies Glitter
A rising star in the internet business landscape. You pay them $9.99 and they send an envelope full of glitter to your worst enemy. They promise it will jump into everything, as usual. Damn you glitter.

A Guide to Practical Contentment
Be happy with what you have, but understand why:

(…) if you start in this place of fixing what’s wrong with you, you keep looking for what else is wrong with you, what else you need to improve. So maybe now feel like you don’t have enough muscles, or six pack abs, or you think your calves don’t look good, or if it’s not about your body, you’ll find something else.

So it’s this never-ending cycle for your entire life. You never reach it. If you start with a place of wanting to improve yourself and feeling stuck, even if you’re constantly successful and improving, you’re always looking for happiness from external sources. You don’t find the happiness from within, so you look to other things.

The Comments Section For Every Video Where Someone Does A Pushup
Comments. From YouTube. Enough said.

“These are dips. Not pushups. In the entire history of the world, no one has ever successfully performed a pushup. They’re all just dips.”

“STOP DRIVING WITH YOUR HIPS. IF YOU’RE DOING A PUSHUP CORRECTLY, YOUR HIPS SHOULD CEASE TO EXIST.”

“You could do 100 pushups like this and it wouldn’t improve your strength at all. You’re just bending your arms.”

Self-Taught Chinese Street Photographer Tao Liu Has an Eye for Peculiar Moments
This Chinese photog uses his lunch break to snap interesting street photography. Funny selection by PetaPixel, his Flickr page has even more stuff. Even more in his photoblog.

From https://www.flickr.com/photos/58083590@N05/14613273495/By Liu Tao. https://www.flickr.com/photos/58083590@N05/14613273495/

Enrique Castro-Mendivil’s Agua Dulce photo set
Another interesting photo link. This time it’s the most popular beach in Lima, with most people coming from low income neighborhoods, it shows how fragmented the city is.

By Enrique Castro-Mendivil. http://www.castromendivilphoto.com/index.php/component/content/article/11-work/69-agua-dulceBy Enrique Castro-Mendivil. http://www.castromendivilphoto.com/index.php/component/content/article/11-work/69-agua-dulce

Also on Link Pack

  • Link Pack #05 - Lever Rukhin Photographs Los Angeles From His Car Lever Rukhin shoots the sketchiest parts of Los Angeles from his car, taking a really unique perspective that helps you perceive what LA looks like, if you were in a car… An experience that is apparently common to all LA people. People drive too much in the…
  • Link Pack #04 - Writing Your Way to Happiness (nytimes.com) Researches believe that the way we think about, and remember, “our story” can be so powerful that it can actually influence our happiness and success. It’s a nice little article summarizing actual research. The main study referred put fresh university students to test: a group received tools to “rewrite”…
  • Link Pack #03 - What’s that? The third edition of Link Pack of course! Playing with Power (7 minutes, Vimeo) A super awesome story about a stop motion animator that turned a Nintendo Power Glove into the perfect animation tool. It’s a fun, inspiring video :-). I love the Power Glove, it’s so bad. The Power Glove – Angry…
  • Link Pack #02 - First sequel to my Link Pack “series” (I’ll remove the quotes when it’s LP#05): Link Pack #01. This time I’m going for fewer articles, to try to keep things less overwhelming. There’s no special theme, and I’m actually leaving out some nice things I read recently. On the plus side, that means I have good…
  • Link pack #01 - Following the lead of my dear friend Daniel and his fantastic and addictive “Summing up” series, here’s a link pack of recent stuff I read around the web. Link pack is definitely a terrible name, but I’m working on it. How to Silence Negative Thinking On how to avoid the pitfall of being a Negatron…

Planet DebianJonathan Wiltshire: Alcester BSP, day one

Perhaps I should say evening one, since we didn’t get going until nine or so. I have mostly been processing unblocks – 13 in all. We have a delayed upload and a downgrade in the pipeline, plus a tested diff for Django. Predictably, Neil had the one and only removal request so far.


Alcester BSP, day one is a post from: jwiltshire.org.uk | Flattr

,

Rondam RamblingsApparently the Pope needs to read the Bible more carefully

Pope Francis showed his true colors the other day: “If my good friend Dr Gasparri says a curse word against my mother, he can expect a punch,” Francis said while pretending to throw a punch in his direction.  He added: “It’s normal. You cannot provoke. You cannot insult the faith of others. You cannot make fun of the faith of others.” So... the pope just endorsed the use of violence against

Planet Linux AustraliaJonathan Adamczewski: The Growth of C++11 Support

Update: This chart has been updated and I’ve added charts for C++11 Concurrency, C++14, and C++17 here.
 

A few days ago, Christophe Riccio tweeted a link to a pdf that shows the level of support for “Modern C++” standards in four C++ compilers: Visual C++, GCC, Clang, and ICC.

One of the things I wanted to see was not just how support had advanced between versions of each compiler, but how compilers had changed relative to one another over time. I extracted the numbers for C++11 from Christophe’s document, found the release dates for each compiler, and created a chart that puts it all together.

It’s interesting to see how far behind Clang starts in comparison to the others, and that it ends up in a close dance with GCC on the way to full C++11 support. It also highlights how disappointing VC++ has been in terms of language feature advancement — particularly when VS2010 was ahead of Clang and ICC for C++11 features.

Creating the chart also served as an opportunity to play around with data visualization using Bokeh. As such, you can click on the chart above and you’ll see a version that you can zoom, pan, and resize (which is only a small part of what Bokeh offers). I intend to write about my experiences with Bokeh at a later date.

 

Release dates for each compiler were taken from the following pages:

The date used to mark the approval of the C++11 standard is taken from http://en.wikipedia.org/wiki/C++11

Krebs on SecurityAnother Lizard Arrested, Lizard Lair Hacked

Several media outlets are reporting that authorities in the United Kingdom early this morning arrested an 18-year-old in connection with the denial-of-service attacks on Sony Playstation and Microsoft Xbox systems over Christmas. The arrest is one of several tied to a joint U.K. and U.S. law enforcement investigation into a group calling itself the “Lizard Squad,” and comes as the group’s attack-for-hire online service was completely compromised and leaked to investigators.

A BBC story does not name the individual, saying only that the youth was arrested at an address in Southport, near Liverpool, and that he was accused of unauthorized access to computer material and knowingly providing false information to law enforcement agencies in the United States. The notice about the arrest on the Web site of the Southeast Regional Organized Crime Unit states that this individual has been actively involved in several “swatting” incidents — phoning in fake hostage situations or bomb threats to prompt a police raid at a targeted address.

U.K. police declined to publicly name the individual arrested. But according to the Daily Mail, the youth is one Jordan Lee-Bevan. Known online variously as “Jordie,” “EvilJordie” and “GDKJordie,” the young man frequently adopts the persona of an African American gang member from Chicago, as evidenced in this (extremely explicit) interview he and other Lizard Squad members gave late last year. Jordie’s Twitter account also speaks volumes, although it hasn’t been saying much for the past 13 hours.

Update: Added link to Daily Mail story identifying Jordie as Lee-Bevan.

Original post:

An individual using variations on the “Jordie” nickname was named in this FBI criminal complaint (PDF) from Sept. 2014 as one of three from the U.K. suspected in a string of swatting attacks and bomb threats to schools and universities across the United States in the past year. According to that affidavit, Jordie was a member of a group of males aged 16-18 who called themselves the “ISISGang.”

In one of their most appalling stunts from September 2014, Jordie and his ISIS pals allegedly phoned in a threat to Sandy Hook Elementary — the site of the 2012 school massacre in Newtown, Ct. in which 20 kids and 6 adults were gunned down. According to investigators, the group told the school they were coming to the building with an assault rifle to “kill all your asses.”

In an unrelated development, not long after this publication broke the news that the Lizard Squad’s attack infrastructure is built on a network of thousands of hacked home Internet routers, someone hacked LizardStresser[dot]su, the Web site the group uses to coordinate attacks and sell subscriptions to its attacks-for-hire service. As I noted in a previous story, the attacks on Microsoft and Sony were merely meant to be commercials for this very “stresser” (a.k.a. “booter”) service, which allows paying customers to knock any Web site or individual offline for a small fee.

A copy of the LizardStresser customer database obtained by KrebsOnSecurity shows that it attracted more than 14,241 registered users, but only a few hundred appear to have funded accounts at the service. Interestingly, all registered usernames and passwords were stored in plain text. Also, the database indicates that customers of the service deposited more than USD $11,000 worth of bitcoins to pay for attacks on thousands of Internet addresses and Web sites (including this one).

One page of hundreds of support ticket requests filed by LizardStresser users.

One page of hundreds of support ticket requests filed by LizardStresser users.

Two other Lizard Squad members also have been rounded up by police since the initial Christmas Day attacks. In late December, U.K. police arrested 22-year-old Vincent “Vinnie” Omari, in connection with the investigation. Additionally, authorities in Finland questioned a 17-year-old named Julius “Ryan/Zeekill” Kivimäki, after he and Omari gave an interview to Sky News about the attacks. Sources say Kivimäki has been arrested and jailed several times in Finland on charges related to credit card theft, although he is currently not in custody.

Sources say the 18-year-old arrested this morning operates only on the fringes of the group responsible for the Christmas day attacks, and that the core members of the Lizard Squad remain at large.

Nevertheless, individuals involved in swatting need to face serious consequences for these potentially deadly stunts. Swatting attacks are not only extremely dangerous, they divert emergency responders away from actual emergencies, and cost taxpayers on average approximately $10,000 (according to the FBI).

In most states, the punishment for calling in a fake hostage situation or bomb threat is a fine and misdemeanor akin to filing a false police report. Having been the victim of a swatting attack myself, allow me to suggest an alternative approach: Treat all of those charged with the crime as an adult, and make the charge attempted murder.

Rondam RamblingsMy parents neglected me when I was a child

I wasn't aware of this until today, but my parents apparently neglected me when I was a child.  Every week day from the age of six until ten I walked to school by myself. And back.  0.8 miles each way according to Google Maps.  I even walked in the rain and the snow (though I have to confess it was not uphill both ways). Well, OK, I wasn't actually alone.  There were lots of other kids walking

Planet DebianErich Schubert: Year 2014 in Review as Seen by a Trend Detection System

We ran our trend detection tool Signi-Trend (published at KDD 2014) on news articles collected for the year 2014. We removed the category of financial news, which is overrepresented in the data set. Below are the (described) results, from the top 50 trends (I will push the raw result to appspot if possible due to file limits). The top 10 trends are highlighted in bold.
January
2014-01-29: Obama's State of the Union address
February
2014-02-05..23: Sochi Olympics (11x, including the four below)
2014-02-07: Gay rights protesters arrested at Sochi Olympics
2014-02-08: Sochi Olympics begins
2014-02-16: Injuries in Sochi Extreme Park
2014-02-17: Men's Snowboard cross finals called of because of fog
2014-02-19: Violence in Ukraine and Kiev
2014-02-22: Yanukovich leaves Kiev
2014-02-23: Sochi Olympics close
2014-02-28: Crimea crisis begins
March
2014-03-01..06: Crimea crisis escalates futher (3x)
2014-03-08: Malaysia Airlines machine missing in South China Sea (2x)
2014-03-18: Crimea now considered part of Russia by Putin
2014-03-28: U.N. condemns Crimea's secession
April
2014-04-17..18: Russia-Ukraine crisis continues (3x)
2014-04-20: South Korea ferry accident
May
2014-05-18: Cannes film festival
2014-05-25: EU elections
June
2014-06-13: Islamic state fighting in Iraq
2014-06-16: U.S. talks to Iran about Iraq
July
2014-07-17..19: Malaysian airline shot down over Ukraine (3x)
2014-07-20: Israel shelling Gaza kills 40+ in a day
August
2014-08-07: Russia bans EU food imports
2014-08-20: Obama orders U.S. air strikes in Iraq against IS
2014-08-30: EU increases sanctions against Russia
September
2014-09-04: NATO summit
2014-09-23: Obama orders more U.S. air strikes against IS
Oktober
2014-10-16: Ebola case in Dallas
2014-10-24: Ebola patient in New York is stable
November
2014-11-02: Elections: Romania, and U.S. rampup
2014-11-05: U.S. Senate elections
2014-11-25: Ferguson prosecution
Dezember
2014-12-08: IOC Olympics sport additions
2014-12-11: CIA prisoner center in Thailand
2014-12-15: Sydney cafe hostage siege
2014-12-17: U.S. and Cuba relations improve unexpectedly
2014-12-19: North Korea blamed for Sony cyber attack
2014-12-28: AirAsia flight 8501 missing

Sociological ImagesWouldn’t A Wife Be Great!?

Flashback Friday.

Heather L. sent us a link to a business called The Occasional Wife. It’s slogan: “The Modern Solution To Your Busy Life.” The store sells products that help you organize your home and office, and provides all kinds of helpful services to support your personal goals.

capturea1captured

There are two things worth noting here:

First, the business relies on and reproduces the very idea of “wife.”  As the website makes clear, wives are people who (a) make your life more pleasurable by taking care of details and daily life-maintenance (such as running errands), (b) organize special events in your life (such as holidays), and (c) deal with work-intensive home-related burdens (such as moving), all while perfectly coiffed and in high heels.

But, the business only makes sense in a world where “real” wives are obsolete.  Prior to industrialization, most men and women worked together on home farms.  With industrialization, all but the wealthiest of families relied on (at least) two breadwinners. In the 1950s, the era to which this business implicitly harkens, Americans were bombarded with ideological propaganda praising stay-at-home wives and mothers (in part to pressure women out of jobs that “belonged” to men after the war).  Since then, women have increasingly participated in wage labor.  Today, the two parent, single-earner family is only a minority of families.

So, in our “modern” world, even when there is a wife in the picture, there’s rarely a “wife.”  But, as the founder explains, it’d sure be nice to have one:captureb

See, she was his wife, but not a wife.

Of course, this is nothing new.  Tasks performed by wives have been increasingly commodified (that is, turned into services for which people pay): for example, house cleaning, cooking, and child care.  This business just makes the transition in reality explicit by referencing the ideology.  The fact that the use of the term “wife” works in this way (i.e., brings to mind the 1950s stereotype) in the face of a reality that looks very different, just goes to show how powerful ideology can be.

Originally posted in 2009; the business has grown from one location to four.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet Linux AustraliaBinh Nguyen: Building Reaktor Synthesisers, Download Scripts, and Re-Spin Revenue

After a bit of fiddling I've figured out how to build non-trivial Reaktor software synthesisers. By the looks of things, you can do quite a lot but there seems to be some gaps in the software which makes building a full blown synthesiser ready for sale to the public (which they will want to buy) a non-option for the moment (unless there is some information that I'm missing which is likely the case)...

For the lazy among you the easiest Reaktor Synthesisers that can be built can be made as so. Right click in the workspace, Instrument -> Synthesizers -> Option and then hook up to correct/relevant Voice Combiner. My designs obviously start from scratch though, as I'd like to be able to design some both for educational purposes, for resale, and if that's not possible simply to give away.

You can download my updated experiments from here:

I've been looking to build some Android software applications for a while now (curious to know whether this is a viable long term option). It's interesting how many people actually Open Source their software on the various web stores.
http://en.wikipedia.org/wiki/List_of_free_and_open-source_Android_applications
https://github.com/psaravan/JamsMusicPlayer
http://www.alexdantas.net/projects/kmp/

I recently wanted to download al the applications/archives from a particular website, http://www.vst4free.com/ so I looked at various website download programs (HTTrack, Teleport Pro, wget, curl, etc...). In spite of the filters/wildcards that were available they were too slow to be realistic.

####Start Quote####
Use wildcards to exclude or include URLs or links. You can put several scan strings on the same line. Use spaces as separators. Example: +*.zip -www.*.com -www.*.edu/cgi-bin/*.cgi

+*.png +*.gif +*.jpg +*.css +*.js -ad.doubleclick.net/*

+*.zip +*.exe +*.msi +*.tar.gz +*.tar +*.rar
+*.css +*.js -ad.doubleclick.net/*
####End Quote#####

https://www.httrack.com/html/filters.html
http://httrack.kauler.com/help/Catch_all_files_of_certain_type

What did I do? I built something because I noticed patterns in the way files were encoded.

####Start Quote####
Range for Instrument VSTs
http://www.vst4free.com/free_vst.php?id=160
http://www.vst4free.com/free_vst.php?id=362

http://www.vst4free.com/free_vst.php?id=160
was the same as
http://www.vst4free.com/free_vst.php?plugin=Advanced_MIDI_Gate&id=160
which converted to
http://www.vst4free.com/get_plugin.php?win32=drumatic_3_02.zip
which could then be parsed for automated download.

Range for Effects VSTs
http://www.vst4free.com/free_vst.php?id=401
http://www.vst4free.com/free_vst.php?id=479

http://www.vst4free.com/free_vst.php?id=401
was the same as
http://www.vst4free.com/free_vst.php?plugin=Advanced_MIDI_Gate&id=401
which converted to
http://www.vst4free.com/get_plugin.php?win32=microrock.zip
which could then be parsed for automated download.

Range for Midi VSTs
http://www.vst4free.com/free_vst.php?plugin=Hyperion&id=1401
http://www.vst4free.com/free_vst.php?plugin=Hyperion&id=1421
####End Quote#####

You can download my script from here:

As I've stated previously I've been thinking of re-spinning some versions of Linux for fun and possibly profit. The irony is that it's actually much easier to go down than it is go up. Namely, the smaller distributions such as DamnSmall don't really lend themselves to customisation going up because there are too many dependencies that need to be remedied prior to being able to come up with something workable. This has led me to work on scripts to achieve the exact opposite on smaller (but large such as Knoppix) DVD/CD based live distributions. They work based on class of program based on yum or apt package information. It'll be interesting to see what we can do.


Several of the ways in which I was thinking about making revenue was:
  • distributing/re-sale on chosen media such as USB, CD, DVD, etc... http://damnsmalllinux.org/usb.html
  • creating custom versions for who ever wants them. After all, if I'm currently building the code to allow for this why not? (You need to send a portion of payment now and rest on delivery.) Working perferably only on smaller distributions at this point unless the project is really interesting.
  • donations
  • figuring out what the public wants and then attempting to build that for them
  • figuring out what the best possible distribution is and attempting to build that for the public
  • support via of these distributions
Interesting stuff in general I came across during the week.



Worse Than FailureError'd: For Those Who Insist on Zapping Their Tongues

"Cool! Amazon now apparently offers a battery that comes in various flavors to enhance the experience," writes Evan C.

 

Niels R. wrote, "Finally. A website for when you absolutely, positively need a mouse that rates 2.1428571428 stars out of 5."

 

"With many systems that get butchered over the days/weeks/months/years certain columns, once used solidly for single responsibility, get hacked and overtaken by sales people. So instead of just having an error message, they started to report on a confirmation status because the Status of OK wasn't enough. A Bit like when people press a button that is already lit. (You never know it really might be broken)," writes Simon M., "Anyway, I found this gem of a status update on one of the schedules."

 

"I sense quite a bit of irony in this error," wrote TJ S.

 

"I was looking at the specs of a DVI extender when I noticed that the operating humidity of the device was 'Mozilla 1.4 or later',"Peter W. writes, "I'm not really sure that the air conditioner in our server room can provide that."

 

"Just saw this latest build result on my CI server. Apparently the test results come and go as they please," Tom C. wrote.

 

"I followed an ad link in http://www.smithsonianmag.com/ with the promising headline 'Non-existent Code Doesn't Crash'," Vince writes, "Unfortunately I ended up with some real code which (though it didn't actually crash if I'm being fair) certainly didn't work."

 

Aaron wrote, "Woo hoo! Check it out. My phone has a direct link to the CLOUD, baby!,"

 

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!