Planet Russell

,

Planet DebianBenjamin Mako Hill: More Community Data Science Workshops

Pictures from the CDSW sessions in Spring 2014Pictures from the CDSW sessions in Spring 2014

After two successful rounds in 2014, I’m helping put on another round of the Community Data Science Workshops. Last year, our 40+ volunteer mentorss taught more than 150 absolute beginners the basics of programming in Python, data collection from web APIs, and tools for data analysis and visualization and we’re still in the process of improving our curriculum and scaling up.

Once again, the workshops will be totally free of charge and open to anybody. Once again, they will be possible through the generous participation of a small army of volunteer mentors.

We’ll be meeting for four sessions over three weekends:

  • Setup and Programming Tutorial (April 10 evening)
  • Introduction to Programming (April 11)
  • Importing Data from web APIs (April 25)
  • Data Analysis and Visualization (May 9)

If you’re interested in attending, or interested in volunteering as mentor, you can go to the information and registration page for the current round of workshops and sign up before April 3rd.

Planet DebianLars Wirzenius: Obnam 4.1 released

It is with great pleasure and satisfaction that I release version 4.1 of Obnam, my backup program. This version includes a radically innovative approaches to data compression and de-duplication, as well as some other changes and bug fixes.

Major user-visible changes:

  • Obnam now recognises most common image types, and de-duplicates them by substituting a standard picture of a cat or a baby. Statistical research has shown that almost all pictures are of either cats of babies, and most people can't tell cats or babies apart. If you have other kinds of pictures, use the --naughty-pictures option to disable this new feature.

  • Obnam now compresses data by finding a sequence in the value of pi (3.14159...) that matches the data, and stores the offset into pi and the length of the data. This means almost all data can be stored using two BIGNUM integers, plus some computation time to compute the value of pi with necessary precision. The extreme compression level is deemed worth the somewhat slower speed. To disable this new feature, use the --i-like-big-bits-and-i-cannot-lie option.

  • Obnam now uses one-time pad encryption in the repository. It is a form of encryption that is guaranteed to be unbreakable. Given the large amounts of data Obnam users have, the infinitely long value of the mathematical constant e is used as the encryption pad, since it would be bad security practice to use a pad that's shorter than the data being encrypted. To disable this new feature and use the old style encryption using GnuPG, use --i-read-schneier.

Minor user-visible changes:

  • There is a new subcommand obnam resize-disk, which resizes the filesystem on which the backup repository resides. In this version, it works on LVM logical volumes and RAID-0, RAID-5, and RAID-6 drive arrays using mdadm. The subcommand optionally arranges more space by deleting live data files and reducing corresponding LV sizes to make more space for backups. If live data is deleted, the backup generations containing the data is tagged as un-removeable so it's not lost. In the future, the subcommand may get support for purchasing more disk space from popular online storage providers.

  • To reduce unnecessary bloat, the obnam restore subcommand has been removed. It was considered unnecessary, since nobody ever reported any problems with it.

  • Obnam now has a new repository option, --swap-in-repository, which starts a daemon process that holds all backup data in memory. Once the process grows enough, this will result in most of the data to be written to the swap partition. This makes excellent use of the excessively large swap partitions on many Linux systems. This feature does not work on Windows.

Bug fixes:

  • The obnam donate command to send the Obnam developers some money now again works with Bitcoin. There was a bug that broke Obnam's built-in Bitcoin mining software from working.

  • The obnam help command again speaks the user's preferred language (LC_MESSAGES locale setting), rather than Finnish, despite pressure from the Finnish government's office for language export.

,

Planet DebianZlatan Todorić: Fruit flies like a banana

I started working for Valve as a community manager.

CryptogramSurvey of Americans' Privacy Habits Post-Snowden

Pew Research has a new survey on Americans' privacy habits in a post-Snowden world.

The 87% of those who had heard at least something about the programs were asked follow-up questions about their own behaviors and privacy strategies:

34% of those who are aware of the surveillance programs (30% of all adults) have taken at least one step to hide or shield their information from the government. For instance, 17% changed their privacy settings on social media; 15% use social media less often; 15% have avoided certain apps and 13% have uninstalled apps; 14% say they speak more in person instead of communicating online or on the phone; and 13% have avoided using certain terms in online communications.

[...]

25% of those who are aware of the surveillance programs (22% of all adults) say they have changed the patterns of their own use of various technological platforms "a great deal" or "somewhat" since the Snowden revelations. For instance, 18% say they have changed the way they use email "a great deal" or "somewhat"; 17% have changed the way they use search engines; 15% say they have changed the way they use social media sites such as Twitter and Facebook; and 15% have changed the way they use their cell phones.

Also interesting are the people who have not changed their behavior because they're afraid that it would lead to more surveillance. From pages 22-23 of the report:

Still, others said they avoid taking more advanced privacy measures because they believe that taking such measures could make them appear suspicious:
"There's no point in inviting scrutiny if it's not necessary."

"I didn't significantly change anything. It's more like trying to avoid anything questionable, so as not to be scrutinized unnecessarily.

"[I] don't want them misunderstanding something and investigating me."

There's also data about how Americans feel about government surveillance:

This survey asked the 87% of respondents who had heard about the surveillance programs: "As you have watched the developments in news stories about government monitoring programs over recent months, would you say that you have become more confident or less confident that the programs are serving the public interest?" Some 61% of them say they have become less confident the surveillance efforts are serving the public interest after they have watched news and other developments in recent months and 37% say they have become more confident the programs serve the public interest. Republicans and those leaning Republican are more likely than Democrats and those leaning Democratic to say they are losing confidence (70% vs. 55%).

Moreover, there is a striking divide among citizens over whether the courts are doing a good job balancing the needs of law enforcement and intelligence agencies with citizens' right to privacy: 48% say courts and judges are balancing those interests, while 49% say they are not.

At the same time, the public generally believes it is acceptable for the government to monitor many others, including foreign citizens, foreign leaders, and American leaders:

  • 82% say it is acceptable to monitor communications of suspected terrorists
  • 60% believe it is acceptable to monitor the communications of American leaders.
  • 60% think it is okay to monitor the communications of foreign leaders
  • 54% say it is acceptable to monitor communications from foreign citizens

Yet, 57% say it is unacceptable for the government to monitor the communications of U.S. citizens. At the same time, majorities support monitoring of those particular individuals who use words like "explosives" and "automatic weapons" in their search engine queries (65% say that) and those who visit anti-American websites (67% say that).

[...]

Overall, 52% describe themselves as "very concerned" or "somewhat concerned" about government surveillance of Americans' data and electronic communications, compared with 46% who describe themselves as "not very concerned" or "not at all concerned" about the surveillance.

It's worth reading these results in detail. Overall, these numbers are consistent with a worldwide survey from December. The press is spinning this as "Most Americans' behavior unchanged after Snowden revelations, study finds," but I see something very different. I see a sizable percentage of Americans not only concerned about government surveillance, but actively doing something about it. "Third of Americans shield data from government." Edward Snowden's goal was to start a national dialog about government surveillance, and these surveys show that he has succeeded in doing exactly that.

More news.

Planet DebianZlatan Todorić: Interviews with FLOSS developers: Francesca Ciceri

Debian and FLOSS community don't only occupy coding developers. They occupy people who write news, who talk about FLOSS, who help on booths and conferences, who create artistic forms of the community and so many others that contribute in countless ways. A lady, that is doing many of that is Francesca Ciceri, known in Debian as MadameZou. She is non-packaging Debian Developer, a fearless warrior for diversity and a zombie fan. Although it sounds intimidating, she is deep caring and great human being. So, what has MadaZou to tell us?

Picture of MadameZou

Who are you?

My name is Francesca and I'm totally flattered by your intro. The fearless warrior part may be a bit exaggerated, though.

What have you done and what are you currently working on in FLOSS world?

I've been a Debian contributor since late 2009. My journey in Debian has touched several non-coding areas: from translation to publicity, from videoteam to www. I've been one of the www.debian.org webmasters for a while, a press officer for the Project as well as an editor for DPN. I've dabbled a bit in font packaging, and nowadays I'm mostly working as a Front Desk member.

Setup of your main machine?

Wow, that's an intimate question! Lenovo Thinkpad, Debian testing.

Describe your current most memorable situation as FLOSS member?

Oh, there are a few. One awesome, tiring and very satisfying moment was during the release of Squeeze: I was member of the publicity and the www teams at the time, and we had to pull a 10 hours of team work to put everything in place. It was terrible and exciting at the same time. I shudder to think at the amount of work required from ftpmaster and release team during the release. Another awesome moment was my first Debconf: I was so overwhelmed by the sense of belonging in finally meeting all these people I've been worked remotely for so long, and embarassed by my poor English skills, and overall happy for just being there... If you are a Debian contributor I really encourage you to participate to Debian events, be they small and local or as big as DebConf: it really is like finally meeting family.

Some memorable moments from Debian conferences?

During DC11, the late nights with the "corridor cabal" in the hotel, chatting about everything. A group expedition to watch shooting stars in the middle of nowhere, during DC13. And a very memorable videoteam session: it was my first time directing and everything that could go wrong, went wrong (including the speaker deciding to take a walk outside the room, to demonstrate something, out of the cameras range). It was a disaster, but also fun: at the end of it, all the video crew was literally in stitches. But there are many awesome moments, almost too many to recall. Each conference is precious on that regard: for me the socializing part is extremely important, it's what cements relationships and help remote work go smoothly, and gives you motivation to volunteer in tasks that sometimes are not exactly fun.

You are known as Front Desk member for DebConf's - what work does it occupy and why do you enjoy doing it?

I'm not really a member of the team: just one of Nattie's minions!

You had been also part of DebConf Video team - care to share insights into video team work and benefits it provides to Debian Project?

The video team work is extremely important: it makes possible for people not attending to follow the conference, providing both live streaming and recording of all talks. I may be biased, but I think that DebConf video coverage and the high quality of the final recordings are unrivaled among FLOSS conferences - especially since it's all volunteer work and most of us aren't professional in the field. During the conference we take shifts in filming the various talks - for each talk we need approximately 4 volunteers: two camera operators, a sound mixer and the director. After the recording, comes the boring part: reviewing, cutting and sometimes editing the videos. It's a long process and during the conference, you can sometimes spot the videoteam members doing it at night in the hacklab, exhausted after a full day of filming. And then, the videos are finally ready to be uploaded, for your viewing pleasure. During the last years this process has become faster thanks to the commitment of many volunteers, so that now you have to wait only few days, sometimes a week, after the end of the conference to be able to watch the videos. I personally love to contribute to the videoteam: you get to play with all that awesome gear and you actually make a difference for all the people who cannot attend in person.

You are also non-packaging Debian Developer - how does that feel like?

Feels awesome! The mere fact that the Debian Project decided - in 2009 via a GR - to recognize the many volunteers who contribute without doing packaging work is a great show of inclusiveness, in my opinion. In a big project like Debian just packaging software is not enough: the final result relies heavily on translators, sysadmins, webmasters, publicity people, event organizers and volunteers, graphic artists, etc. It's only fair that these contributions are deemed as valuable as the packaging, and to give an official status to those people. I was one of the firsts non-uploading DD, four years ago, and for a long time it was just really an handful of us. In the last year I've seen many others applying for the role and that makes me really happy: it means that finally the contributors have realized that they deserve to be an official part of Debian and to have "citizenship rights" in the project.

You were the leading energy on Debian's diversity statement - what gave you the energy to drive into it?

It seemed the logical conclusion of the extremely important work that Debian Women had done in the past. When I first joined Debian, in 2009, as a contributor, I was really surprised to find a friendly community and to not be discriminated on account of my gender or my lack of coding skills. I may have been just lucky, landing in particularly friendly teams, but my impression is that the project has been slowly but unequivocally changed by the work of Debian Women, who raised first the need for inclusiveness and the awareness about the gender problem in Debian. I don't remember exactly how I stumbled upon the fact that Debian didn't have a Diversity Statement, but at first I was very surprised by it. I asked zack (Stefano Zacchiroli), who was DPL at the time, and he encouraged me to start a public discussion about it, sending out a draft - and helped me all the way along the process. It took some back and forth in the debian-project mailing list, but the only thing needed was actually just someone to start the process and try to poke the discussion when it stalled - the main blocker was actually about the wording of the statement. I learned a great deal from that experience, and I think it changed completely my approach in things like online discussions and general communication within the project. At the end of the day, what I took from that is a deep respect for who participated and the realization that constructive criticism does require certainly a lot of work for all parts involved, but can happen. As for the statement in itself: these things are as good as you keep them alive with best practices, but I think that are better stated explicitly rather than being left unsaid.

You are involved also with another Front Desk, the Debian's one which is involved with Debian's New Members process - what are tasks of that FD and how rewarding is the work on it?

The Debian Front Desk is the team that runs the New Members process: we receive the applications, we assign the applicant a manager, and we verify the final report. In the last years the workflow has been simplified a lot by the re-design of the nm.debian.org website, but it's important to keep things running smoothly so that applicants don't have too lenghty processes or to wait too much before being assigned a manager. I've been doing it for a less more than a month, but it's really satisfying to usher people toward DDship! So this is how I feel everytime I send a report over to DAM for an applicant to be accepted as new Debian Developer:

Crazy pic

How do you see future of Debian development?

Difficult to say. What I can say is that I'm pretty sure that, whatever the technical direction we'll take, Debian will remain focused on excellence and freedom.

What are your future plans in Debian, what would you like to work on?

Definetely bug wrangling: it's one of the thing I do best and I've not had a chance to do that extensively for Debian yet.

Why should developers and users join Debian community? What makes Debian a great and happy place?

We are awesome, that's why. We are strongly committed to our Social Contract and to users freedom, we are steadily improving our communication style and trying to be as inclusive as possible. Most of the people I know in Debian are perfectionists and outright brilliant in what they do. Joining Debian means working hard on something you believe, identifying with a whole project, meeting lots of wonderful people and learning new things. It ca be at times frustrating and exhausting, but it's totally worth it.

You have been involved in Mozilla as part of OPW - care to share insights into Mozilla, what have you done and compare it to Debian?

That has been a very good experience: it meant have the chance to peek into another community, learn about their tools and workflow and contribute in different ways. I was an intern for the Firefox QA team and their work span from setting up specific test and automated checks on the three version of Firefox (Stable, Aurora, Nightly) to general bug triaging. My main job was bug wrangling and I loved the fact that I was a sort of intermediary between developers and users, someone who spoke both languages and could help them work together. As for the comparison, Mozilla is surely more diverse than Debian: both in contributors and users. I'm not only talking demographic, here, but also what tools and systems are used, what kind of skills people have, etc. That meant reach some compromises with myself over little things: like having to install a proprietary tool used for the team meetings (and getting crazy in order to make it work with Debian) or communicating more on IRC than on mailing lists. But those are pretty much the challenges you have to face whenever you go out of your comfort zone .

You are also volunteer of the Organization for Transformative Works - what is it, what work do you do and care to share some interesting stuff?

OTW is a non profit organization to preserve fan history and cultures, created by fans. Its work range from legal advocacy and lobbying for fair use and copyright related issues, developing and maintaining AO3 -- a huge fanwork archive based on open-source software --, to the production of a peer-reviewed academic journal about fanworks. I'm an avid fanfiction reader and writer, and joining the OTW volunteers seemed a good way to give back to the community - in true Debian fashion . As a volunteer, I work for the Translation Committee: we are more than a hundred people - divided in several language teams - translating the OTW website, the interface of AO3 archive, newsletter, announcements and news posts. We have a orga-wide diversity statement, training for recruits, an ever growing set of procedures to smooth our workflow, monthly meetings and movie nights. It's an awesome group to work with. I'm deeply invested in this kind of work: both for the awesomeness of OTW people and for the big role that fandom and fanworks have in my life. What I find amazing is that the same concept we - as in the FLOSS ecosystem - apply to software can be applied to cultural production: taking a piece of art you love and expand, remix, explore it. Just for the fun of it. Protect and encourage the right to play in this cultural sandbox is IMO essential for our society. Most of the participants in the fandom come from marginalised group or minorities whose point of view is usually not part of the mainstream narratives. This makes the act of writing, remixing and re-interpreting a story not only a creative exercise but a revolutionary one. As Elizabeth Minkel says: "My preferred explanation is the idea that the vast majority of what we watch is from the male perspective – authored, directed, and filmed by men, and mostly straight white men at that. Fan fiction gives women and other marginalised groups the chance to subvert that perspective, to fracture a story and recast it in her own way." In other words, "fandom is about putting debate and conversation back into an artistic process".

On a personal side - you do a lot of DIY, handmade works. What have you done, what joy does it bring to you and share with us a picture of it?

I like to think that the hacker in me morphs in a maker whenever I can actually manipulate stuff. The urge to explore ways of doing things, of create and change is probably the same. I've been blessed with curiousity and craftiness and I love to learn new DIY techniques: I cannot describe it, really, but if I don't make something for a while I actually feel antsy. I need to create stuff. Nowadays, I'm mostly designing and sewing clothes - preferably reproductions of dresses from the 40s and the 50s - and I'm trying to make a living of that. It's a nice challenge: there's a lot of research involved, as I always try to be historically accurate in design, sewing tecniques and material, and many hours of careful attention to details. I'm right in the process of make photoshoots for most of my period stuff, so I'll share with you something different: a t-shirt refashion done with the DebConf11 t-shirt! (here's the tutorial)

T-shirt pic

Planet DebianNiels Thykier: Jessie is coming the 2015-04-25

Indeed, we settled on a release date for Jessie – and pretty quick too.  I sent out a poll on the 28th of March and yesterday, it was clear that the 25th of April was our release date. :)

With that said, we still have some items left that needs to be done.

  • Finishing the release notes.  This is mostly pending myself and a few others.
  • Translation of the release-notes.  I sent out a heads up earlier today about what sections I believe to be done.
  • The d-i team got another release planned as well.
  • All the RC bugs you can manage to fix before the 18th of April. :)

Filed under: Debian, Release-Team

TEDAdvice for young writers and designers from Chip Kidd

Chip Kidd chats with a classroom of students in Australia thanks to the magic of Skype in the Classroom.  Photo: Ryan Lash/TED

Chip Kidd chats with a classroom of students in Australia thanks to the magic of Skype in the Classroom. Photo: Ryan Lash/TED

Tucked into the northeast corner of the Vancouver Convention Centre, a podium was set up for the duration of TED2015. A small camera captured what happened behind it, with a panorama of Vancouver’s mountains and harbor in the distance, complete with sea planes skimming across the water.

From this vantage point, classrooms around the world Skyped in to TED2015 for meet-and-greets with both new and veteran TED speakers. Second graders, middle schoolers and students applying to college came in early or stayed late after school for these Skype in the Classroom sessions, which gave the opportunity for them to ask speakers like Mark Ronson and Dan Pallotta about their personal experiences. One elementary schooler even made a very serious request to Sylvia Earle for permission to drive her submarine.

One of our favorite TED speakers, book jacket designer, Chip Kidd, spoke with a classroom in California along with one of TED’s in-house designers, Celia Berger. They had some smart tips for budding writers and designers that we thought were too good not to share.

Start with what you’re passionate about. “If you’re writing about something that you’re passionate about,” Kidd says, “it’s going to be easier to write. If you get stuck on what to write, think about, ‘What concerns me?’ or ‘What makes me happy?’ or ‘What gives me joy?’ And write about that.”

Write every day.  “Force yourself to write something every day,” Kidd commands the students. “Some days it’ll be like, ‘Aww, I don’t want to write anything.’ But, if you do, and you get some discipline, I guarantee it will not be a waste of your time.”

Write for you. Yes, Instagram can send your sketches across the globe instantly, but Kidd suggests designers start out by thinking close to home. “You don’t have to worry about the whole world seeing what you’re working on,” he says. “It can be just for you. I know really great artists, cartoonists, writers who keep journals that are just for themselves. It’s not for the rest of the world.”

Trust your intuition. How to turn a concept into a visual image? “It’s something that you can’t explain, and it comes with life experience,” Kidd told the group. “My responsibility is to combine the way something looks with what it says and the meaning it tries to convey to you.” When Kidd is drafting jacket designs for a new book, he thinks, “If I didn’t know anything about this particular book, and I saw this cover, how would I perceive it? What would make me want to pick up that book and read it?” 

Graphic design is a career for a generalist. “Get an education about everything,” Kidd advises a student asking about college degrees. “When I was in high school, I didn’t know what graphic design was, but I knew that I liked album covers; advertisements; combinations of images and words. That’s what graphic design is.” How to best prep for a career in graphic design? “It’s important to take all courses, not just art but science and philosophy. More knowledge is better than less.” TED’s graphic designer, Celia Berger, adds, “Math is really important for graphic design. For example, you have an 8.5-by-11 sheet of paper and you need to figure out how to divide it into three or accommodate folds in the paper. Even more so in web design. There are pixels, points, padding, size for fonts.” 

Embrace tech. Technology is TED’s first name, so no wonder Berger is a proponent when mapping out a career in design. It’s a window onto myriad creative endeavors, so study up. “Technology is a good way to get into anything creative that you want to do,” she says.

Keep it simple. Graphic design is for the big-picture concept, for paring down a complicated idea into a simple image. Good graphic design is about clarity and simplicity, says Berger. “You want to get the message across without thinking about the design. It should be easy to grasp.”

In addition to being a TED speaker, Kidd has also designed jackets for the TED Books series — a task he describes as akin to designing an image for a TED Talk. Will he tell us which is his favorite cover? Well, Kidd doesn’t play favorites, but he does note with a wink that his own TED Book will be out in June.


CryptogramChinese CA Issuing Fraudulent Certificates

There's a Chinese CA that's issuing fraudulent Google certificates. Yet another example of why the CA model is so broken.

TEDThe TED2015 conference in 30 quotes

TED2015 theater

TED2015 featured more than 90 speakers, and more than 20 hours of talks. We turned our perceptions inside-out, saw some new technology, traveled to space more than once, heard astounding life stories, learned about unusual materials, rethought artistic expression and contemplated the divides of society, with an eye toward ending injustice.

In the end, this collection of quotes seems to encapsulate the incredible breadth of this conference. Enjoy.

“Being a scientist is like being an explorer. You have this immense curiosity, this stubbornness, this resolute will that you will go forward no matter what other people say.” —Sara Seager

“I’ve learned about the poetry and the wisdom and the grace that can be found in the words of people all around us when we simply take the time to listen.”—Dave Isay

“I believe that beauty is a basic service.” —Theaster Gates

“We’re trapped on this very thin slice of perception … But even at that slice of reality that we call home, we’re not seeing most of what’s going on.” —David Eagleman

“Vision begins with the eyes, but it truly takes place in the brain.” —Fei-Fei Li

“Ignorance and fear are but matters of the mind — and the mind is adaptable.” —Daniel Kish

“You can always tell ambitious women by the shape of our heads. They’re flat on top from being patted patronizingly.” — Dame Stephanie Shirley

11062789_10155314706330652_1239096560947179079_o

“We’ll never arrest ourselves out of this situation.” —Rev. Jeffrey Brown

“We’re asking kids who live in the most disadvantaged neighborhoods, who have the least amount of family resources, who are attending the country’s worst schools, who are facing the toughest time in the labor market — we’re asking these kids to walk the thinnest possible line, to basically never do anything wrong. … Why are we offering only handcuffs and jail time?” —Alice Goffman

“In that period of history … they were called ‘ethnic groups’ or ‘races,’ as you’ll remember from Chapter 1.” —Sarah Jones

“If human history were a parade, America’s float would be a neon shrine to second chances. But America, generous with second chances for the children of other lands, today grows more miserly with first chances for the children of its own.” —Anand Giridharadas

“Could your medicine be a cell, not a pill? Could your medicine be an organ that’s created outside the body? Could your medicine be an environment?” —Siddhartha Mukherjee

“As far as our culture of humiliation goes, what we need is a revolution. Public shaming as a blood sport has to stop.” —Monica Lewinsky

“It’s okay that we’re not perfect. It’s okay that we all have problems. It’s okay to cry, to show emotions.” —Marina Abramovic

“When we seek the gaze of another, it isn’t always our partner we’re turning away from, but the person we have ourselves become.” —Esther Perel

“We’ve just started to scratch the surface of the true power of virtual reality. It’s not a video game peripheral — it connects humans to other humans in a profound way.” —Chris Milk

Stephen Petranek quote

“The Ebola epidemic can serve as an early warning wake-up call to get ready. If we start now, we can be ready for the next epidemic.” —Bill Gates

“We should not be confident in our ability to keep a super-intelligent genie locked up in its bottle forever.” —Nick Bostrom

“Working to prevent AI from turning evil is like disrupting the space program to prevent overpopulation on Mars.” —Oren Etzioni

“When it comes to taking genes from viruses and bacteria and putting them into plants, people say ‘Yuck! Why would scientists do that?’ Because sometimes it is the safest, cheapest and most effective technology to advance sustainable agriculture and enhance food security.” —Pamela Ronald

“We have ripped the humanity out of our companies…. It’s threatening the very underpinnings of our society.” — Paul Tudor Jones

“Our prosperity is no longer prosperity as long as it is pinned to other people’s pain.” —Noy Thrupkaew

“For centuries, we were taught that anger is bad. Our parents, teachers, priests, everyone taught us how to control and suppress our anger. But I ask: why can’t we convert our anger for the larger good of society?” —Kailash Satyarthi

“It is science that built our modern life, and it is science you would need to build again from scratch.” —Lewis Dartnell

“By segregating art from science, physics from music, biology from architecture, we are seriously inhibiting the alchemy of wonder and invention.” —Dustin Yellin

“If we could build an economy that would use things rather than use them up, we could build a future.” —Dame Ellen MacArthur

“We are social animals. Others’ suffering is ultimately your suffering; their happiness is ultimately your happiness.” —Dalai Lama

Chris Burkard quote poster


Planet DebianLaura Arjona: Upgrading my home server (HP Microserver N54L G7) to Debian Jessie

Note: this is a long overdue post. I upgraded some months ago… but I promised myself to blog about my selfhosting adventures, so here you are.

You may know the story… TL;DR

  • I wanted to self host my web services.
  • I bought a Microserver (N54L).
  • I installed Debian stable there, RAID1 (BIOS) + cryptsetup + LVM (/ and swap, /boot in another disk, unencrypted).
  • I installed GNU MediaGoblin, and it works!
  • When rebooting, the password to unencrypt the disk (and then, find the LVM volumes and mount the partitions), was not accepted. But it was accepted after I shutdown, unplug the electricity, replug, and turn on the machine.

After searching a bit for information about my problem and not finding anything helpful, I began to think that maybe upgrading to Jessie could fix it (recent versions of kernel and cryptsetup…). And the Jessie freeze was almost there, and I also thought that trying to make my MediaGoblin work in Jessie now that I still didn’t upload lots of content, would be a nice idea… And, I wanted to feel the adventure!

Whatever. I decided to upgrade to Jessie. This is the glory of “free software at home”: you only waste your time (and probably not, because you can learn something, at least, what not to do).

Upgrading my system to Jessie, and making it boot!

I changed sources.list, updated, did a safe-upgrade, and then upgrade. Then reboot… and the system didn’t boot.

What happened? I’m not sure, everything looked “ok” during the upgrade… But now, my system even was not asking for the passphrase to unlock the encrypted disk. It was trying to access the physical volume group as if it was in an unencrypted disk, and so, failing. The boot process left me in a “initramfs” console in which I didn’t know what to do.

I asked help from @luisgf, the system administrator of mipump.es (a Pump.io public server) and mijabber.es (an XMPP public server). We met via XMPP and with my “thinking aloud” and his patient listening and advice, we solved the problem, as you will see:

I tried to boot my rescue system (a complete system installed in different partitions in a different disk) and it booted. I tried then to manually unencrypt the encrypted disk (cryptsetup luksopen /dev/xxx), and it worked, and I could list the volume group and the volumes, and activate them, and mount the partitions. Yay! my (few) data was safe.

I rebooted and in the initramfs console I tried to do the same, but cryptsetup was not present in my initramfs.

Then I tried to boot in the old Wheezy kernel: it didn’t asked for the passphrase to unencrypt the disk, but in that initramfs console, cryptsetup was working well. So after manually unencrypt the system, activate the volumes and mount the partitions, I could exit the console and the system was booting #oleole!

So, how to tell the boot process to ask for the encryption password?

Maybe reinstalling the kernel was enough… I tried to reinstall the 3.16 kernel package. It (re)generated /boot/initrd.img-3.16.0-4-amd64 and then I restarted the system, and the problem was solved. It seems that the first time, the kernel didn’t generate the initrd image correctly, and I didn’t notice about that.

Well, problem solved. My system was booting again! No other boot problems and Jessie seemed to run perfectly. Thanks @luisgf for your help!

In addition to that, since then, my password has been accepted in every reboot, so it seems that the original problem is also gone.

A note on systemd

After all the noise of last months, I was a bit afraid that any of the different services that run on my system would not start with the migration to systemd.
I had no special tweaks, just two ‘handmade’ init scripts (for MediaGoblin, and for NoIP), but I didn’t write them myself (I just searched about systemd init scripts for the corresponding services), so if it was any problem there I was not sure that I could solve it. However, everything worked fine after the migration. Thanks Debian hackers to make this transition as smooth as possible!

Reinstalling MediaGoblin

My MediaGoblin was not working, and I was not sure why. Maybe it was just that I need to tune nginx or whatever, after the upgrade… But I was not going to spend time trying to know what part of the stack was the culprit, and my MediaGoblin sites were almost empty… So I decided to follow again the documentation and reinstall (maybe update would be enough, who knows). I reused the Debian user(s), the PostgreSQL users and databases, and the .ini files and nginx configuration files. So it was quick, and it worked.

Updating Jessie

I have updated my Jessie system several times since then (kernel updates, OpenSSL, PostgreSQL, and other security updates and RC bugs fixes, with the corresponding reboots or service restarts) and I didn’t experience the cryptsetup problem again. The system is working perfectly. I’m very happy.

Using dropbear to remotely provide the cryptsetup password

The last thing I made in my home server was setting up dropbear so I can remotely provide the encryption password, and then, remotely reboot my system. I followed this guide and it worked like a charm.

Some small annoyances and TODO list

  • I have some warnings at boot. I think they are not important, but anyway, I post them here, and will try to figure out what do they mean:
[    0.203617] [Firmware Bug]: ACPI: BIOS _OSI(Linux) query ignored
[    0.214828] ACPI: Dynamic OEM Table Load:
[    0.214841] ACPI: OEMN 0xFFFF880074642000 000624 (v01 AMD    NAHP     00000001 INTL 20051117)
[    0.226879] \_SB_:_OSC evaluation returned wrong type
[    0.226883] _OSC request data:1 1f 
[    0.227055] ACPI: Interpreter enabled
[    0.227062] ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S1_] (20140424/hwxface-580)
[    0.227067] ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S2_] (20140424/hwxface-580)
[    0.227070] ACPI Exception: AE_NOT_FOUND, While evaluating Sleep State [\_S3_] (20140424/hwxface-580)
[    0.227083] ACPI: (supports S0 S4 S5)
[    0.227085] ACPI: Using IOAPIC for interrupt routing
[    0.227298] HEST: Table parsing has been initialized.
[    0.227301] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug

And this one

[    1.635130] ERST: Failed to get Error Log Address Range.
[    1.645802] [Firmware Warn]: GHES: Poll interval is 0 for generic hardware error source: 1, disabled.
[    1.645894] GHES: APEI firmware first mode is enabled by WHEA _OSC.

And this one, about the 250GB disk (it came with the server, it’s not in the RAID):

[    3.320913] ata6: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
[    3.321551] ata6.00: failed to enable AA (error_mask=0x1)
[    3.321593] ata6.00: ATA-8: VB0250EAVER, HPG9, max UDMA/100
[    3.321595] ata6.00: 488397168 sectors, multi 0: LBA48 NCQ (depth 31/32)
[    3.322453] ata6.00: failed to enable AA (error_mask=0x1)
[    3.322502] ata6.00: configured for UDMA/100
  • It would be nice to learn a bit about benchmarching tools and test my system with the nonfree VGA Radeon driver and without it.
  • I need to setup an automated backup system…

A note about RAID

Some people commented about the benefits of the software RAID (mainly, not to depend on a particular, proprietary firmware, what happens if my motherboard dies and I cannot find a compatible replacement?).

Currenty I have a RAID 1  (mirror) using the capabilities of the motherboard.

The problem is that, frankly, I am not sure about how to migrate the current setup (BIOS RAID + cryptsetup + LVM + partitions) to the new setup (software RAID + cryptsetup + LVM + partitions, or better other order?).

  • Would it be enough to make a Clonezilla backup of each partition, wipe my current setup, boot with the Debian installer, create the new setup (software RAID, cryptsetup, LVM and partitions), and after that, stop the installation, boot with Clonezilla and restore the partition images?
  • Or even better, can I (safely) remove the RAID in the BIOS, boot in my system (let’s say, from the first disk), and create the software RAID with that 2nd disk that appeared after removing the BIOS RAID (this sounds a bit like science fiction, but who knows!).
  • Is it important “when” or in which “layer” do I setup the software RAID?

As you see, lots of things to read/think/try… I hope I can find time for my home server more often!

Comments?

You can comment on this pump.io thread.


Filed under: My experiences and opinion Tagged: Debian, encryption, English, Free Software, libre software, MediaGoblin, Moving into free software, N54L, selfhosting, sysadmin

Planet DebianJonathan McDowell: Shipping my belongings across the globe

I previously wrote about tracking a ship around the world, but never followed up with the practical details involved with shipping my life from the San Francisco Bay Area back to Belfast. So here they are, in the hope they provide a useful data point for anyone considering a similar move.

Firstly, move out. I was in a one bedroom apartment in Fremont, CA. At the time I was leaving the US I didn’t have anywhere for my belongs to go - the hope was I’d be back in the Bay Area, but there was a reasonable chance I was going to end up in Belfast or somewhere in England. So on January 24th 2014 I had my all of my belongings moved out and put into storage, pending some information about where I might be longer term. When I say all of my belongings I mean that; I took 2 suitcases and everything else went into storage. That means all the furniture for probably a 2 bed apartment (I’d moved out of somewhere a bit larger) - the US doesn’t really seem to go in for the concept of a furnished lease the same way as the UK does.

I had deliberately picked a moving company that could handle the move out, the storage and the (potential) shipping. They handed off to a 3rd party for the far end bit, but that was to be expected. Having only one contact to deal with throughout the process really helped.

Fast forward 8 months and on September 21st I contacted my storage company to ask about getting some sort of rough shipping quote and timescales to Belfast. The estimate came back as around a 4-6 week shipping time, which was a lot faster than I was expecting. However it turned out this was the slow option. On October 27th (delay largely due to waiting for confirmation of when I’d definitely have keys on the new place) I gave the go ahead.

Container pickup (I ended up with exclusive use of a 20ft container - not quite full, but not worth part shipment) from the storage location was originally due on November 7th. Various delays at the Port of Oakland meant this didn’t happen until November 17th. It then sat in Oakland until December 2nd. At that point the ETA into Southampton was January 8th. Various other delays, including a week off the coast of LA (yay West Coast Port Backups) meant that the ship finally arrived in Southampton on January 13th. It then had to get to Belfast and clear customs. On January 22nd 2015, 2 days shy of a year since I’d seen them, my belongings and I were reunited.

So, on the face of it, the actual time on the ship was only slightly over 6 weeks, but all of the extra bits meant that the total time from “Ship it” to “I have it” was nearly 3 months. Which to be honest is more like what I was expecting. The lesson: don’t forget to factor in delays at every stage.

The relocation cost in the region of US$8000. It was more than I’d expected, but far cheaper than the cost of buying all my furniture again (plus the fact there were various things I couldn’t easily replace that were in storage). That cost didn’t cover the initial move into storage or the storage fees - it covered taking things out, packing them up for shipment and everything after that. Including delivery to a (UK) 3rd floor apartment at the far end and insurance. It’s important to note that I’d included this detail before shipment - the quote specifically mentioned it, which was useful when the local end tried to levy an additional charge for the 3rd floor aspect. They were fine once I showed them the quote as including that detail.

Getting an entire apartment worth of things I hadn’t seen in so long really did feel a bit like a second Christmas. I’d forgotten a lot of the things I had, and it was lovely to basically get a “home in a container” delivered.

Geek FeminismLinkspam for people who hate links (31 March 2015)


We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Sociological ImagesThis Month in SocImages (March 2015)

SocImages Update:

I am so excited to share the news that the American Sociological Association has granted Sociological Images this year’s Distinguished Contributions to Teaching Award. I am thrilled that sociologists find the site useful and I am so grateful for all of the sociologists out there who keep doing fantastic and amazing research that I have the opportunity to share. To us!!!

I would also like to say a HUGE thanks to the Midwest Sociological Society for offering me the opportunity to share some SocImages behind-the-scenes, and to its members for being so supportive and complimentary. It was a wonderful experience and I was so happy to meet you all!

In the News:

The New Zealand Herald picked up on our article about how unpopular fish that haven’t yet been over harvested get new names to make them seem more appetizing.

You like!  Here are our most appreciated posts this month:

We had an especially fantastic month thanks in part to the fact that I appear to have developed the interests of a 12-year-old boy. Er, I mean my trying out some of the material I’m working up for The Society Pages’ next edited volume.

Thanks everybody!

Fav comic:

Editor’s pick:

Top post on Tumblr this month:

Follow us!

Finally…

A huge thank you to Kara McGhee and the whole crew at University of Missouri, Columbia. I’m having an amazing visit and am excited to deliver my talk tonight. Hopefully there’ll be lots of #overheardatmizzou!20150330_134004

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

CryptogramAustralia Outlaws Warrant Canaries

In the US, certain types of warrants can come with gag orders preventing the recipient from disclosing the existence of warrant to anyone else. A warrant canary is basically a legal hack of that prohibition. Instead of saying "I just received a warrant with a gag order," the potential recipient keeps repeating "I have not received any warrants." If the recipient stops saying that, the rest of us are supposed to assume that he has been served one.

Lots of organizations maintain them. Personally, I have never believed this trick would work. It relies on the fact that a prohibition against speaking doesn't prevent someone from not speaking. But courts generally aren't impressed by this sort of thing, and I can easily imagine a secret warrant that includes a prohibition against triggering the warrant canary. And for all I know, there are right now secret legal proceedings on this very issue.

Australia has sidestepped all of this by outlawing warrant canaries entirely:

Section 182A of the new law says that a person commits an offense if he or she discloses or uses information about "the existence or non-existence of such a [journalist information] warrant." The penalty upon conviction is two years imprisonment.

Expect that sort of wording in future US surveillance bills, too.

Planet DebianDirk Eddelbuettel: R / Finance 2015 Open for Registration

The annoucement below just went to the R-SIG-Finance list. More information is as usual at the R / Finance page.

Registration for R/Finance 2015 is now open!

The conference will take place on May 29 and 30, at UIC in Chicago. Building on the success of the previous conferences in 2009-2014, we expect more than 250 attendees from around the world. R users from industry, academia, and government will joining 30+ presenters covering all areas of finance with R.

We are very excited about the four keynote presentations given by Emanuel Derman, Louis Marascio, Alexander McNeil, and Rishi Narang.
The conference agenda (currently) includes 18 full presentations and 19 shorter "lightning talks". As in previous years, several (optional) pre-conference seminars are offered on Friday morning.

There is also an (optional) conference dinner at The Terrace at Trump Hotel. Overlooking the Chicago river and skyline, it is a perfect venue to continue conversations while dining and drinking.

Registration information and agenda details can be found on the conference website as they are being finalized.
Registration is also available directly at the registration page.

We would to thank our 2015 sponsors for the continued support enabling us to host such an exciting conference:

International Center for Futures and Derivatives at UIC

Revolution Analytics
MS-Computational Finance and Risk Management at University of Washington

Ketchum Trading
OneMarketData
RStudio
SYMMS

On behalf of the committee and sponsors, we look forward to seeing you in Chicago!

For the program committee:
Gib Bassett, Peter Carl, Dirk Eddelbuettel, Brian Peterson,
Dale Rosenthal, Jeffrey Ryan, Joshua Ulrich

See you in Chicago in May!

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Worse Than FailureThe Upgrade

James stood on the precipice of a significant upgrade to his company’s reporting capabilities. Purchasing had cut a deal with the vendor ÜberWarehouse to upgrade their warehouse inventory tracking system from a basic .NET application with limited functionality to a full-blown data warehousing system. He jokingly called it the “Warehousing the Warehouse Project”. He was the only one who found it funny.

ÜberWarehouse wasn’t about to give that upgrade away for free, though. They sent James an invoice that could have easily filled his Yoda piggy bank with all the change from the nickel-and-diming contained within. The total of the invoice was significantly over the budget of the project, and that was a problem. Of particular interest was something ÜberWarehouse called “Memory Database”. The line item listed it as a “required” component, and it came with a price tag of $5,500USD.

James wanted answers from ÛberWarehouse in person, with hopes that he could negotiate the price down to something more palatable. They agreed to send Spencer, their head architect and chief excitement-generator to give James a demo that would knock his socks off.

“Hey there, James! Glad to be here!” Spencer said. He shook James’ hand with the kind of enthusiasm that lead to muscle strains. “So, you are interested in upgrading your ÜberWarehouse solution.”

“That’s right,” James said. “We’re intrigued by your new web component; allowing 20 simultaneous users to run reports against our inventory data is a big win. The thing I’m not so sure about is the price. Our current solution works well enough, and it’s a fraction of the cost. This upgrade easily exceeds our budget. Our total budget is only $6,000, and your ‘memory database’ alone costs $5,500! Could you explain that to me?”

“Oh, sure!” Spencer brushed past James’s uncertainty and whipped out a glossy folder stuffed with marketing materials. “I get this question all the time. My answer is: you get what you pay for, don’t you James? You care about your company, don’t you? Once you implement our upgraded solution, you’ll forget all about the price. It’s that good!”

“Uh huh…” James pushed the folder back. “Could you tell me what this memory database thing actually is? Do we really need it?”

“Do you need it? Do you need it?” Spencer chuckled. “James, my friend, that’s the most important part! Would you rather have a report take 10 minutes to run, or one minute?! Our brilliant Memory Database design gets you the data you want 10 times faster than it does without!”

“That sounds good, I guess…” James mentally noted that waiting even one minute for a report was long. “How does it actually work, though? Why is there such a big time difference?”

Spencer frowned condescendingly, nodded, and smiled in one smooth movement. “Let’s just say in a couple of years from now, you have a lot of inventory updates. You want a lot of inventory updates, am I right? Good for business! So let’s say you have a BAJILLION records. That would be difficult to search, right? So what we do, and this is clever, we copy that important data to its own table, then we add this thing called an ‘index’, which gives everything a unique identifier, and voilà! Memory Database!”

James held a blank stare for a long moment before snapping out of the marketing-induced haze and back to the discussion. “Interesting… but if we have up to 20 users accessing this database at a time, aren’t we going to be stepping on each other’s ‘data toes’?”

“Of course not!” Spencer scoffed. “That comes down to communication, and everyone loves effective communication, right? If you want to run a long report, just let all the other users know you’re taking control of the Memory Database and there won’t be any issues! We even have a button in the user-interface to let people know.”

“Ok… so you said you have a demo loaded with our data, right? Let me try for myself.” James connected and fired up a report with a broad date range that would return roughly 750,000 rows. He sat with Spencer, in absolute silence. 5 minutes and 57 seconds later, he had his report.

“Now, this is just a demo computer!” Spencer reassured him. “Surely your beefy hardware will make it lightning fast!”

While Spencer got defensive, James logged into the back-end database. “Or, we could just do this,” he said. He quickly added a secondary index to the vaunted Memory Database, then ran the same report a second time. It returned in 3 seconds flat.

“Wow!” Spencer shouted in amazement. “You should come work for us!”

“Sure,” James said. “I’ll start working for you right after we finish deploying this upgrade to our environment.”

“Well, I can’t actually hire you… but when do you think you’d be finished deploying the upgrade?” James could see visions of commission dancing in his eyes.

“Never. We’re not buying this. Thank you for your time, Spencer.”

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet Linux AustraliaRichard Jones: PyCon Australia 2015 Call for Proposals is Open!

Closes Friday 8th May

PyCon Australia 2015 is pleased to announce that its Call for Proposals is now open!

The conference this year will be held on Saturday 1st and Sunday 2nd August 2015 in Brisbane. We'll also be featuring a day of Miniconfs on Friday 31st July.

The deadline for proposal submission is Friday 8th May, 2015.

PyCon Australia attracts professional developers from all walks of life, including industry, government, and science, as well as enthusiast and student developers. We’re looking for proposals for presentations and tutorials on any aspect of Python programming, at all skill levels from novice to advanced.

Presentation subjects may range from reports on open source, academic or commercial projects; or even tutorials and case studies. If a presentation is interesting and useful to the Python community, it will be considered for inclusion in the program.

We're especially interested in short presentations that will teach conference-goers something new and useful. Can you show attendees how to use a module? Explore a Python language feature? Package an application?

Miniconfs

Four Miniconfs will be held on Friday 31st July, as a prelude to the main conference. Miniconfs are run by community members and are separate to the main conference. If you are a first time speaker, or your talk is targeted to a particular field, the Miniconfs might be a better fit than the main part of the conference. If your proposal is not selected for the main part of the conference, it may be selected for one of our Miniconfs:

DjangoCon AU is the annual conference of Django users in the Southern Hemisphere. It covers all aspects of web software development, from design to deployment - and, of course, the use of the Django framework itself. It provides an excellent opportunity to discuss the state of the art of web software development with other developers and designers.

The Python in Education Miniconf aims to bring together community workshop organisers, professional Python instructors and professional educators across primary, secondary and tertiary levels to share their experiences and requirements, and identify areas of potential collaboration with each other and also with the broader Python community.

The Science and Data Miniconf is a forum for people using Python to tackle problems in science and data analysis. It aims to cover commercial and research interests in applications of science, engineering, mathematics, finance, and data analysis using Python, including AI and 'big data' topics.

The OpenStack Miniconf is dedicated to talks related to the OpenStack project and we welcome proposals of all kinds: technical, community, infrastructure or code talks/discussions; academic or commercial applications; or even tutorials and case studies. If a presentation is interesting and useful to the OpenStack community, it will be considered for inclusion. We also welcome talks that have been given previously in different events.

First Time Speakers

We welcome first-time speakers; we are a community conference and we are eager to hear about your experience. If you have friends or colleagues who have something valuable to contribute, twist their arms to tell us about it! Please also forward this Call for Proposals to anyone that you feel may be interested.

The most recent call for proposals information can always be found at: http://pycon-au.org/cfp

See you in Brisbane in July!

Important Dates

  1. Call for Proposals opens: Friday 27th March, 2015
  2. Proposal submission deadline: Friday 8th May, 2015
  3. Proposal acceptance: Monday 25 May, 2015

Planet DebianKonstantinos Margaritis: "Advanced Java® EE Development with WildFly" released by Packt (I was one of the reviewers!)

For the past months I had the honour and pleasure of being one of the reviewers of "Advanced Java® EE Development with WildFly" by Deepak Vohra. Today, I'm pleased to announce that the book has just been released by Packt:

https://www.packtpub.com/application-development/advanced-java-ee-development-wildfly

It was my first time being a reviewer and it was a very interesting experience. I would like to thank the two Project Coordinators from Packt, Aboli Ambardekar and Suzanne Coutinho, who guided me with the reviewing process, so that my review would be as accurate as possible and only related to technical aspect of the book. Looking at the process retrospectively I now begin to understand the complication of achieving a balance between the author's vision for the book and the scrutiny of the (many) reviewers.

And of course I would like to thank the author, Deepak Vohra, for writing the book in the first place, I'm looking forward to reading the actual physical book :)

Worse Than FailureAnnouncements: Another Tokyo Meet-up: Sakura Edition

I'll be in Japan once again, and figured it'd be the perfect opportunity to celebrate Hanami with Tokyo-area TDWTF readers:

Hanami (花見) roughly translates to, hangout with a group of friends and colleagues under a cherry blossom tree while drinking beer, sake, and possibly whisky, along with enjoying various snack foods. As the above picture above (courtesy of Ari Helminen on Flickr) depicts, it's pretty much the thing to do in Japan this time of year.

So, if you're up for getting together this Friday (possibly Saturday?) for Hanami, and likely an izikaya afterwards... please drop me a note via the contact form or direct, apapadimoulis/inedo.com.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Planet Linux AustraliaLinux Users of Victoria (LUV) Announce: LUV Main April 2015 Meeting: Storytelling for Digital Media / Deploying Microservices Effectively

Apr 7 2015 19:00
Apr 7 2015 21:00
Apr 7 2015 19:00
Apr 7 2015 21:00
Location: 

The Buzzard Lecture Theatre. Evan Burge Building, Trinity College, Melbourne University Main Campus, Parkville.

Speakers:

• Katherine Phelps: Storytelling for Digital Media
• Daniel Hall: Deploying Microservices Effectively

The Buzzard Lecture Theatre, Evan Burge Building, Trinity College Main Campus Parkville Melways Map: 2B C5

Notes: Trinity College's Main Campus is located off Royal Parade. The Evan Burge Building is located near the Tennis Courts. See our Map of Trinity College. Additional maps of Trinity and the surrounding area (including its relation to the city) can be found at http://www.trinity.unimelb.edu.au/about/location/map

Parking can be found along or near Royal Parade, Grattan Street, Swanston Street and College Crescent. Parking within Trinity College is unfortunately only available to staff.

For those coming via Public Transport, the number 19 tram (North Coburg - City) passes by the main entrance of Trinity College (Get off at Morrah St, Stop 12). This tram departs from the Elizabeth Street tram terminus (Flinders Street end) and goes past Melbourne Central Timetables can be found on-line at:

http://www.metlinkmelbourne.com.au/route/view/725

Before and/or after each meeting those who are interested are welcome to join other members for dinner. We are open to suggestions for a good place to eat near our venue. Maria's on Peel Street in North Melbourne is currently the most popular place to eat after meetings.

LUV would like to acknowledge Red Hat for their help in obtaining the Buzzard Lecture Theatre venue and VPAC for hosting.

Linux Users of Victoria Inc. is an incorporated association, registration number A0040056C.

April 7, 2015 - 19:00

read more

Planet Linux AustraliaRusty Russell: Lightning Networks Part I: Revocable Transactions

I finally took a second swing at understanding the Lightning Network paper.  The promise of this work is exceptional: instant reliable transactions across the bitcoin network. But the implementation is complex and the draft paper reads like a grab bag of ideas; but it truly rewards close reading!  It doesn’t involve novel crypto, nor fancy bitcoin scripting tricks.

There are several techniques which are used in the paper, so I plan to concentrate on one per post and wrap up at the end.

Revision: Payment Channels

I open a payment channel to you for up to $10

A Payment Channel is a method for sending microtransactions to a single recipient, such as me paying you 1c a minute for internet access.  I create an opening transaction which has a $10 output, which can only be redeemed by a transaction input signed by you and me (or me alone, after a timeout, just in case you vanish).  That opening transaction goes into the blockchain, and we’re sure it’s bedded down.

I pay you 1c in the payment channel. Claim it any time!

Then I send you a signed transaction which spends that opening transaction output, and has two outputs: one for $9.99 to me, and one for 1c to you.  If you want, you could sign that transaction too, and publish it immediately to get your 1c.

Update: now I pay you 2c via the payment channel.

Then a minute later, I send you a signed transaction which spends that same opening transaction output, and has a $9.98 output for me, and a 2c output for you. Each minute, I send you another transaction, increasing the amount you get every time.

This works because:

  1.  Each transaction I send spends the same output; so only one of them can ever be included in the blockchain.
  2. I can’t publish them, since they need your signature and I don’t have it.
  3. At the end, you will presumably publish the last one, which is best for you.  You could publish an earlier one, and cheat yourself of money, but that’s not my problem.

Undoing A Promise: Revoking Transactions?

In the simple channel case above, we don’t have to revoke or cancel old transactions, as the only person who can spend them is the person who would be cheated.  This makes the payment channel one way: if the amount I was paying you ever went down, you could simply broadcast one of the older, more profitable transactions.

So if we wanted to revoke an old transaction, how would we do it?

There’s no native way in bitcoin to have a transaction which expires.  You can have a transaction which is valid after 5 days (using locktime), but you can’t have one which is valid until 5 days has passed.

So the only way to invalidate a transaction is to spend one of its inputs, and get that input-stealing transaction into the blockchain before the transaction you’re trying to invalidate.  That’s no good if we’re trying to update a transaction continuously (a-la payment channels) without most of them reaching the blockchain.

The Transaction Revocation Trick

But there’s a trick, as described in the paper.  We build our transaction as before (I sign, and you hold), which spends our opening transaction output, and has two outputs.  The first is a 9.99c output for me.  The second is a bit weird–it’s 1c, but needs two signatures to spend: mine and a temporary one of yours.  Indeed, I create and sign such a transaction which spends this output, and send it to you, but that transaction has a locktime of 1 day:

The first payment in a lightning-style channel.

Now, if you sign and publish that transaction, I can spend my $9.99 straight away, and you can publish that timelocked transaction tomorrow and get your 1c.

But what if we want to update the transaction?  We create a new transaction, with 9.98c output to me and 2c output to a transaction signed by both me and another temporary address of yours.  I create and sign a transaction which spends that 2c output, has a locktime of 1 day and has an output going to you, and send it to you.

We can revoke the old transaction: you simply give me the temporary private key you used for that transaction.  Weird, I know (and that’s why you had to generate a temporary address for it).  Now, if you were ever to sign and publish that old transaction, I can spend my $9.99 straight away, and create a transaction using your key and my key to spend your 1c.  Your transaction (1a below) which could spend that 1c output is timelocked, so I’ll definitely get my 1c transaction into the blockchain first (and the paper uses a timelock of 40 days, not 1).

Updating the payment in a lightning-style channel: you sent me your private key for sig2, so I could spend both outputs of Transaction 1 if you were to publish it.

So the effect is that the old transaction is revoked: if you were to ever sign and release it, I could steal all the money.  Neat trick, right?

A Minor Variation To Avoid Timeout Fallback

In the original payment channel, the opening transaction had a fallback clause: after some time, it is all spendable by me.  If you stop responding, I have to wait for this to kick in to get my money back.  Instead, the paper uses a pair of these “revocable” transaction structures.  The second is a mirror image of the first, in effect.

A full symmetric, bi-directional payment channel.

So the first output is $9.99 which needs your signature and a temporary signature of mine.  The second is  1c for me.  You sign the transaction, and I hold it.  You create and sign a transaction which has that $9.99 as input, a 1 day locktime, and send it to me.

Since both your and my “revocable” transactions spend the same output, only one can reach the blockchain.  They’re basically equivalent: if you send yours you must wait 1 day for your money.  If I send mine, I have to wait 1 day for my money.  But it means either of us can finalize the payment at any time, so the opening transaction doesn’t need a timeout clause.

Next…

Now we have a generalized transaction channel, which can spend the opening transaction in any way we both agree on, without trust or requiring on-blockchain updates (unless things break down).

The next post will discuss Hashed Timelock Contracts (HTLCs) which can be used to create chains of payments…

Notes For Pedants:

In the payment channel open I assume OP_CHECKLOCKTIMEVERIFY, which isn’t yet in bitcoin.  It’s simpler.

I ignore transaction fees as an unnecessary distraction.

We need malleability fixes, so you can’t mutate a transaction and break the ones which follow.  But I also need the ability to sign Transaction 1a without a complete Transaction 1 (since you can’t expose the signed version to me).  The paper proposes new SIGHASH types to allow this.

[EDIT 2015-03-30 22:11:59+10:30: We also need to sign the other symmetric transactions before signing the opening transaction.  If we released a completed opening transaction before having the other transactions, we might be stuck with no way to get our funds back (as we don’t have a “return all to me” timeout on the opening transaction)]

,

Planet Linux AustraliaBlueHackers: Sleep: How to nap like a pro | BBC Future

Planet DebianJohn Goerzen: ssh suddenly stops communicating with some hosts

Here’s a puzzle I’m having trouble figuring out. This afternoon, ssh from my workstation or laptop stopped working to any of my servers (at OVH). The servers are all running wheezy, the local machines jessie. This happens on both my DSL and when tethered to my mobile phone. They had not applied any updates since the last time ssh worked. When looking at it with ssh -v, they were all hanging after:

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64@openssh.com none
debug1: kex: client->server aes128-ctr umac-64@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

Now, I noticed that a server on my LAN — running wheezy — could successfully connect. It was a little different:

debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

And indeed, if I run ssh -o MACs=hmac-md5, it works fine.

Now, I tried rebooting machines at multiple ends of this. No change. I tried connecting from multiple networks. No change. And then, as I was writing this blog post, all of a sudden it works normally again. Supremely weird! Any ideas what I can blame here?

Planet DebianCarl Chenet: Verify the backups of backup-manager

Follow me on Identi.ca  or Twitter  or Diaspora*diaspora-banner

Backup-manager is a tool creating backups and storing them locally. It’s really usefult to keep a regular backup of a quickly-changing trees of files (like a development environment) or for traditional backups if you have a NFS mount on your server. Backup-managers is also able to send backup itself to another server by FTP.

In order to verify the backups created by backup-manager, we will use also Backup Checker (stars appreciated :) ), the automated tool to verify backups. For each newly-created backup we want to control that:

  • the directory wip/data exists
  • the file wip/dump/db.sql exists and has a size greater than 100MB
  • the files wip/config/accounts did not change and has a specific md5 hash sum.
Installing what we need

We install backup-manager and backup checker. If you use Debian Wheezy, just use the following command:

apt-key adv --keyserver pgp.mit.edu --recv-keys 2B24481A \
&& echo "deb http://debian.mytux.fr wheezy main" > /etc/apt/sources.list.d/mytux.list \
&& apt-get update \
&& apt-get install backupchecker backup-manager

Backup Checker is also available for Debian Squeeze, Debian Sid, FreeBSD. Check out the documentation to install it from PyPi or from sources.

Configuring Backup-Manager

Backup-manager will ask what directory you want to store backups, in our case we choose /home/joe/dev/wip

In the configuration file /etc/backup-manager.conf, you need to have the following lines:

export BM_BURNING_METHOD="none"
export BM_UPLOAD_METHOD="none"
export BM_POST_BACKUP_COMMAND="backupchecker -c /etc/backupchecker -l /var/log/backupchecker.log"
Configuring Backup Checker

In order to configure Backup Checker, use the following commands:

# mkdir /etc/backupchecker && touch /var/log/backupchecker.log

Then write the following in /etc/backupchecker/backupmanager.conf:

[main]
name=backupmanager
type=archive
path=/var/archives/laptop-home-joe-dev-wip.%Y%m%d.master.tar.gz
files_list=/etc/backupchecker/backupmanager.list

You can see we’re using placeholders for the path value, in order to match each time the latest archive. More information about Backup Checker placeholders in the official documentation.

Last step, the description of your controls on the backup:

[files]
wip/data| type|d
wip/config/accounts| md5|27c9d75ba5a755288dbbf32f35712338
wip/dump/dump.sql| >100mb
Launch Backup Manager

Just launch the following command:

# backup-manager

After Backup Manager is launched, Backup Checker is automatically launched and verify the new backup of the day where Backup Manager stores the backups.

Possible control failures

Lets say the dump does not have the expected size. It means someone may have messed up with the database! Backup Checker will warn you with the following message in /var/log/backupchecker.log:

$ cat /var/log/backupchecker.log
WARNING:root:1 file smaller than expected while checking /var/archives/laptop-home-joe-dev-wip-20150328.tar.gz: 
WARNING:root:wip/dump/dump.sql size is 18. Should have been bigger than 104857600.

Other possible failures : someone created an account without asking anyone. The hash sum of the file will change. Here is the alert generated by Backup Checker:

$ cat /var/log/backupchecker.log
WARNING:root:1 file with unexpected hash while checking /var/archives/laptop-home-joe-dev-wip-20150328.tar.gz:
WARNING:root:wip/config/accounts hash is 27c9d75ba5a755288dbbf32f35712338. Should have been 27c9d75ba3a755288dbbf32f35712338.

Another possible failure: someone accidentally (or not) removed the data directory! Backup Checker will detect the missing directory and warn you:

$ cat /var/log/backupchecker.log
WARNING:root:1 file missing in /var/archives/laptop-home-joe-dev-wip-20150328.tar.gz: 
WARNING:root:wip/data

Awesome isn’t it? The power of a backup tool combined with an automated backup checker. No more surprise when you need your backups. Moreover you spare the waste of time and efforts to control the backup by yourself.

weneedyou

What about you? Let us know what you think of it. We would be happy to get your feedbacks. The project cares about our users and the outdated feature was a awesome idea in a feature request by one of the Backup Checker user, thanks Laurent!

 


LongNowUpcoming Events at The Interval with Stanford’s Center for Advanced Study in the Behavioral Sciences

D. Fox Harrell speaks at The Interval in May
D. Fox Harrell, Ph.D. — photo by Bryce Vickmark

Long Now is pleased to announce a new collaboration with the Center for Advanced Study in the Behavioral Sciences (CASBS) at Stanford University. Beginning in May, CASBS Fellows will appear regularly in our Conversations at The Interval series. The first two Fellows to speak will be D. Fox Harrell (MIT) on May 5, 02015 and Valentina Bosetti (Università Bocconi) on June 23. All upcoming Interval talks are listed here.

For over sixty years the Center has been a national and international locus for transformative thinking and research on the most important issues in social science. Their residential fellowship program attracts the finest scholars from psychology, sociology, economics, political science, anthropology, history, philosophy, linguistics, and related disciplines.

CASBS alumni include such renowned scholars as Kingsley Davis, Ruth Bader Ginsburg, and Wallace Stegner. CASBS Fellows have been recognized through the years with an impressive list of honors including 22 Nobel Prizes, 14 Pulitzers, 44 MacArthur Fellowships, and 20 National Book Awards, to mention only a few. Four previous Long Now SALT speakers have been Fellows at CASBS during their careers: Daniel Kahneman, Stephen Lansing, Paul Romer, and Philip Tetlock. Other notable alums include Henry Louis Gates Jr., Steven D. Levitt, Donald Norman, Norman Ornstein, and Edward Tufte.

D. Fox Harrell‘s talk is entitled Coding Ourselves/Coding Others: Imagining Social Identities Through Computing. In his talk at The Interval on May 5 he will discuss his studies of social networking, gaming, and virtual worlds; he’ll show examples of systems developed by his research group that are designed to enable creative expression, cultural analysis, and social empowerment.

<iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/jdvzQX2GGiI?rel=0" width="560"></iframe>

Dr. Harrell is a tenured Associate Professor of Digital Media in the Comparative Media Studies Program and the Computer Science and Artificial Intelligence Laboratory at MIT. He founded and directs the MIT Imagination, Computation, and Expression Laboratory (ICE Lab).

Valentina Bosetti speaks at The Interval on June 23, 02015. Her talk entitled “Life’s a Great Balancing Act” will include her work on climate change risk and uncertainty, how individuals perceive them, and how they affect the climate change policy making process. She was recently awarded a European Research Council grant with the objective of substantially advancing the way we conceptualize, model and frame climate change policy making under uncertainty.

Valentina Bosetti at TEDx Milano 02012
Valentina Bosetti, Ph.D. — photo TEDxMilano

Dr. Bosetti is associate professor at Bocconi University where she teaches environmental and climate change economics. She was a lead author of the IPCC Fifth Assessment Report (AR5) about the state of scientific, technical and socio-economic knowledge on climate change. She is also a senior researcher at Fondazione Enrico Mattei and Euro-Mediterranean Center on Climate Change.

The Ralph W. Tyler Collection at CASBS, Stanford University

Tyler collection books
Books from the Tyler Collection

In addition to talks by these and other CASBS Fellows, the Center’s director Margaret Levi will recommend a list of books for our Manual for Civilization. Her list will include selections from The Ralph W. Tyler Collection. The collection contains over 1,800 books written by CASBS Fellows since the program began in 01954. All the books in the collection were conceived, initiated or completed during the author’s fellowship.



The Ralph W. Tyler Collection at CASBS, Stanford University

photos by Mikl Em, unless otherwise noted

Tickets for Interval talks go on sale a few weeks beforehand. Long Now members and Interval donors always have the first chance to buy tickets for these events.

Planet DebianYves-Alexis Perez: 3.2.68 Debian/grsec kernel and update on the process

It's been a long time since I updated my repository with a recent kernel version, sorry for that. This is now done, the kernel (sources, i386 and amd64) is based on the (yet unreleased) 3.2.68-1 Debian kernel, patched with grsecurity 3.1-3.2.68-201503251805, and has the version 3.2.68-1~grsec1.

It works fine here, but as always, no warranty. If any problem occurs, try to reproduce using vanilla 3.2.68 + grsec patch before reporting here.

And now that Jessie release approaches, the question of what to do with those Debian/grsec kernel still arrise: the Jessie kernel is based on the 3.16 branch, which is not a (kernel.org) long term branch. Actually, the support already ended some times ago, and the (long term) maintainance is now assured by the Canonical Kernel Team (thus the -ckt suffix) with some help from the Debian kernel maintainers. So there's no Grsecurity patch following 3.16, and there's no easy way to forward-port the 3.14 patches.

At that point, and considering the support I got the last few years on this initiative, I don't think it's really worth it to continue providing those kernels.

One initiative which might be interesting, though, is the Mempo kernels. The Mempo team works on kernel reproducible builds, but they also include the grsecurity patch. Unfortunately, it seems that building the kernel their way involves calling a bash script which calls another one, and another one. A quick look at the various repositories is only enough to confuse me about how actually they build the kernel, in the end, so I'm unsure it's the perfect fit for a supposedly secure kernel. Not that the Debian way of building the kernel doesn't involves calling a lot of scripts (either bash or python), but still. After digging a bit, it seems that they're using make-kpkg (from the kernel-package package), which is not the recommended way anymore. Also, they're currently targeting Wheezy, so the 3.2 kernel, and I have no idea what they'll chose for Jessie.

In the end, for myself, I might just do a quick script which takes a git repository at the right version, pick the latest grsec patch for that branch, applies it, then run make deb-pkg and be done with it. That still leaves the problem of which branch to follow:

  • run a 3.14 kernel instead of the 3.16 (I'm unsure how much I'd lose / not gain from going to 3.2 to 3.14 instead of 3.16);
  • run a 3.19 kernel, then upgrade when it's time, until a new LTS branch appears.

There's also the config file question, but if I'm just using the kernels for myself and not sharing them, it's also easier, although if some people are actually interested it's not hard to publish them.

Planet DebianMatthias Klumpp: Limba Project: Another progress report

And once again, it’s time for another Limba blogpost :-)limba-small

Limba is a solution to install 3rd-party software on Linux, without interfering with the distribution’s native package manager. It can be useful to try out different software versions, use newer software on a stable OS release or simply to obtain software which does not yet exist for your distribution.

Limba works distribution-independent, so software authors only need to publish their software once for all Linux distributions.

I recently released version 0.4, with which all most important features you would expect from a software manager are complete. This includes installing & removing packages, GPG-signing of packages, package repositories, package updates etc. Using Limba is still a bit rough, but most things work pretty well already.

So, it’s time for another progress report. Since a FAQ-like list is easier to digest. compared to a long blogpost, I go with this again. So, let’s address one important general question first:

How does Limba relate to the GNOME Sandboxing approach?

(If you don’t know about GNOMEs sandboxes, take a look at the GNOME Wiki – Alexander Larsson also blogged about it recently)

First of all: There is no rivalry here and no NIH syndrome involved. Limba and GNOMEs Sandboxes (XdgApp) are different concepts, which both have their place.

The main difference between both projects is the handling of runtimes. A runtime is the shared libraries and other shared ressources applications use. This includes libraries like GTK+/Qt5/SDL/libpulse etc. XdgApp applications have one big runtime they can use, built with OSTree. This runtime is static and will not change, it will only receive critical security updates. A runtime in XdgApp is provided by a vendor like GNOME as a compilation of multiple single libraries.

Limba, on the other hand, generates runtimes on the target system on-the-fly out of several subcomponents with dependency-relations between them. Each component can be updated independently, as long as the dependencies are satisfied. The individual components are intended to be provided by the respective upstream projects.

Both projects have their individual up and downsides: While the static runtime of XdgApp projects makes testing simple, it is also harder to extend and more difficult to update. If something you need is not provided by the mega-runtime, you will have to provide it by yourself (e.g. we will have some applications ship smaller shared libraries with their binaries, as they are not part of the big runtime).

Limba does not have this issue, but instead, with its dynamic runtimes, relies on upstreams behaving nice and not breaking ABIs in security updates, so existing applications continue to be working even with newer software components.

Obviously, I like the Limba approach more, since it is incredibly flexible, and even allows to mimic the behaviour of GNOMEs XdgApp by using absolute dependencies on components.

Do you have an example of a Limba-distributed application?

Yes! I recently created a set of package for Neverball – Alexander Larsson also created a XdgApp bundle for it, and due to the low amount of stuff Neverball depends on, it was a perfect test subject.

One of the main things I want to achieve with Limba is to integrate it well with continuous integration systems, so you can automatically get a Limba package built for your application and have it tested with the current set of dependencies. Also, building packages should be very easy, and as failsafe as possible.

You can find the current Neverball test in the Limba-Neverball repository on Github. All you need (after installing Limba and the build dependencies of all components) is to run the make_all.sh script.

Later, I also want to provide helper tools to automatically build the software in a chroot environment, and to allow building against the exact version depended on in the Limba package.

Creating a Limba package is trivial, it boils down to creating a simple “control” file describing the dependencies of the package, and to write an AppStream metadata file. If you feel adventurous, you can also add automatic build instructions as a YAML file (which uses a subset of the Travis build config schema)

This is the Neverball Limba package, built on Tanglu 3, run on Fedora 21:

Limba-installed Neverball

Which kernel do I need to run Limba?

The Limba build tools run on any Linux version, but to run applications installed with Limba, you need at least Linux 3.18 (for Limba 0.4.2). I plan to bump the minimum version requirement to Linux 4.0+ very soon, since this release contains some improvements in OverlayFS and a few other kernel features I am thinking about making use of.

Linux 3.18 is included in most Linux distributions released in 2015 (and of course any rolling release distribution and Fedora have it).

Building all these little Limba packages and keeping them up-to-date is annoying…

Yes indeed. I expect that we will see some “bigger” Limba packages bundling a few dependencies, but in general this is a pretty annoying property of Limba currently, since there are so few packages available you can reuse. But I plan to address this. Behind the scenes, I am working on a webservice, which will allow developers to upload Limba packages.

This central ressource can then be used by other developers to obtain dependencies. We can also perform some QA on the received packages, map the available software with CVE databases to see if a component is vulnerable and publish that information, etc.

All of this is currently planned, and I can’t say a lot more yet. Stay tuned! (As always: If you want to help, please contact me)

Are the Limba interfaces stable? Can I use it already?

The Limba package format should be stable by now – since Limba is still Alpha software, I will however, make breaking changes in case there is a huge flaw which makes it reasonable to break the IPK package format. I don’t think that this will happen though, as the Limba packages are designed to be easily backward- and forward compatible.

For the Limba repository format, I might make some more changes though (less invasive, but you might need to rebuilt the repository).

tl;dr: Yes! Plase use Limba and report bugs, but keep in mind that Limba is still in an early stage of development, and we need bug reports!

Will there be integration into GNOME-Software and Muon?

From the GNOME-Software side, there were positive signals about that, but some technical obstancles need to be resolved first. I did not yet get in contact with the Muon crew – they are just implementing AppStream, which is a prerequisite for having any support for Limba[1].

Since PackageKit dropped the support for plugins, every software manager needs to implement support for Limba.


So, thanks for reading this (again too long) blogpost :) There are some more exciting things coming soon, especially regarding AppStream on Debian/Ubuntu!

 

[1]: And I should actually help with the AppStream support, but currently I can not allocate enough time to take that additional project as well – this might change in a few weeks. Also, Muon does pretty well already!

Falkvinge - Pirate PartySwarmwise Released In Czech!

Swarmwise in Czech

Swarm Management: The first translation of Swarmwise is officially here – and it’s in Czech! As of 20:00 on March 30, the electronic format of the book is downloadable in a multitude of formats. This is the first translation of Swarmwise to hit the release bar; there are several more in the pipeline.

Swarmwise is a leadership handbook about how to accomplish real change in the world on a shoestring budget (or more commonly, no budget at all). It gives the reader guidance and feet-on-ground leadership lessons from the point of launching a movement or community-based startup right up until the point where it goes international.

Today, as of right now, the Czech translation is available as PDF, EPUB, and XHTML. Creative Commons, just like the original.

There’s an enormous work that has gone into this translation. I’m particularly impressed by how the Czech translators — Martin Doucha, Adam Zábranský, and Pavel Císař — have gone to great lengths to replicate the look and feel of the original book in English, while still adapting it to Czech publishing standards.

The printed version of the Czech Swarmwise is scheduled for release at a conference mid-May.

Planet DebianDaniel Leidert: Prevent suspend/hibernate if system is remotely backed up via rdiff-backup

I usually use rdiff-backup to backup several of my systems. One is a workstation which goes to sleep after some time of idling around. Now having a user logged in running rdiff-backup (or rsync, rsnapshot etc for that matter) won't prevent the system from being put to sleep. Naturally this happens before the backup is complete. So some time ago I was looking for a resolution and recieved a suggestion to use a script in /etc/pm/sleep.d/. I had to modify the script a bit, because the query result always was true. So this is my solution in /etc/pm/sleep.d/01_prevent_sleep_on_backup now:


#!/bin/sh

. "${PM_FUNCTIONS}"

command_exists rdiff-backup || exit $NA

case "$1" in
hibernate|suspend)
if ps cax | grep -q rdiff-backup
then
exit 1
fi
;;
esac

exit 0

Currently testing ...

Update

The above works with pm-utils; but it fails with systemd. Seems I have to move and modify the script for my system.

Update 2

It doesn't work. In short: exit 1 doesn't prevent systemd from going to suspend. I can see, that the script itself leads to the results I want, so the logic is correct. But I cannot find a way to tell systemd, to stop suspend. Shouldn't it be doing this automtically in a case, where a remote user is logged in and runs a command?

Update 3

There is also a related bug report.

Planet DebianDimitri John Ledkov: Boiling frog, or when did we loose it with /etc ?

$ sudo find /etc -type f | wc -l
2794

Stateless

When was the last time you looked at /etc and thought - "I honestly know what every single file in here is". Or for example had a thought "Each file in here is configuration changes that I made". Or for example do you have confidence that your system will continue to function correctly if any of those files and directories are removed?

Traditionally most *NIX utilities are simple enough utilities, that do not require any configuration files what's so ever. However most have command line arguments, and environment variables to manipulate their behavior. Some of the more complex utilities have configuration files under /etc, sometimes with "layer" configuration from user's home directory (~/). Most of them are generally widely accepted. However, these do not segregate upstream / distribution / site administrator / local administrator / user configuration changes. Most update mechanisms created various ways to deal with merging and maintaining the correct state of those. For example both dpkg & RPM (%config) have elaborate strategies and policies and ways to deal with them. However, even today, still, they cause problems: prompting user for whitespace changes in config files, not preserving user changes, or failing to migrate them.

I can't find exact date, but it has now been something like 12 years since XDG Base directory specification was drafted. It came from Desktop Environment requirements, but one thing it achieves is segregation between upstream / distro / admin / user induced changes. When applications started to implement Base directory specification, I started to feel empowered. Upstream ships sensible configs in /usr, distribution integrators ship their overlay tweaks packaged in /usr, my site admin applies further requirements in /etc, and as I user I am free to improve or brake everything with configs in ~/. One of the best things from this setup - no upgrade prompts, and ease of reverting each layer of those configs (or at least auditing where the settings are coming from).

However, the uptake of XDG Base directory spec is slow / non-existing among the core components of any OS today. And at the same time /etc has grown to be a dumping ground for pretty much everything under the sun:
  • Symlink farms - E.g. /etc/rc*.d/*, /etc/systemd/system/*.wants/*, /etc/ssl/certs/*
  • Cache files - E.g. /etc/ld.so.cache
  • Empty (and mandatory) directories
  • Empty (and mandatory) "configuration" files. - E.g. whitespace & comments only
Let's be brutally honest and say that none of the above belongs in /etc. /etc must be for end-user configuration only, made by the end user alone and nobody else (or e.g. an automation tool driven by the end-user, like puppet).

Documentation of available configuration options and syntax to specify those in the config files should be shipped... in the documentation. E.g. man pages, /usr/share/doc, and so on. And not as the system-wide "example" config files. Absence of the files in /etc must not be treated as fatal, but a norm, since most users use default settings (especially for the most obscure options). Lastly compiled-in defaults should be used where possible, or e.g. layer configuration from multiple locations (e.g. /usr, /etc, ~/ where appropriate).

Above observations are not novel, and shared by most developers and users in the wider open source ecosystem. There are many projects and concepts to deal with this problem by using automation (e.g. puppet, chef), by migrating to new layouts (e.g. implementing / supporting XDG base dir spec), using "app bundles" (e.g. mobile apps, docker), or fully enumerating/abstracting everything in a generic manner (e.g. NixOS). Whilst fixing the issue at hand, these solutions do increase the dependency on files in /etc to be available. In other words we grew a de-facto user-space API we must not break, because modifications to the well known files in /etc are expected to take effect by both users and many administrator tools.

Since August last year, I have joined Open Source Technology Center at Intel, and have been working on Clear Linux* Project for Intel Architecture. One of the goals we have set out is to achieve stateless operation - that is to have empty /etc by default, reserved for user modification alone, yet continuing to support all legacy / well-known configuration paths. The premise is that all software can be patched with auto-detection, built-in defaults or support for layered configuration to achieve this. I hope that this work would interest everyone and will be widely adopted.

Whilst the effort to convert everything is still on going, I want to discuss a few examples of any core system.

Shadow

The login(1) command, whilst having built-in default for every single option exits with status 1, if it cannot stat(2) login.defs(5) file.

The passwd(1) command will write out the salted/hashed password in the passwd(5) file, rather than in shadow(5), if it cannot stat the shadow(5) file. There is similar behavior with gshadow. I found it very ironic, that upstream project "shadow" does not use shadow(5) by default.

Similarly, stock files manipulated by passwd/useradd/groupadd utilities are not created, if missing.

Some settings in login.defs(5) are not applicable, when compiled with PAM support, yet present in the default shipped login.defs(5) file.

Patches to resolve above issues are undergoing review on the upstream mailing list.

DBus

In xml based configuration, `includedir' elements are mandatory to exist on disk, that is empty directory must be present, if referenced. If these directories are non-existant, the configuration fails to load and the system or session bus are not started.

Similarly, upstream have general agreement with the stateless concept and patches to move all of dbus default configurations from /etc to /usr are being reviewed for inclusion at the bug tracker. I hope this change will make into the 1.10 stable release.

GNU Lib C

Today, we live in a dual-stack IPv4 and IPv6 world, where even the localhost has multiple IP addresses. As a slightly ageist time reference, the first VCS I ever used was git. Thus when I read below, I get very confused:
$ cat /etc/host.conf
# The "order" line is only used by old versions of the C library.
order hosts,bind
multi on
Why not simply do this:
--- a/resolv/res_hconf.c
+++ b/resolv/res_hconf.c
@@ -309,6 +309,8 @@ do_init (void)
   if (hconf_name == NULL)
     hconf_name = _PATH_HOSTCONF;

+  arg_bool (ENV_MULTI, 1, "on", HCONF_FLAG_MULTI);
+
   fp = fopen (hconf_name, "rce");
   if (fp)
     {

There are still many other packages that needed fixes similar to above. Stay tuned for further stateless observations about Glibc, OpenSSH, systemd and other well known packages.

In the mean time, you can try out https://clearlinux.org/ images that implement above and more already. If you want to chat about it more, comment on G+, find myself on irc - xnox @ irc.freenode.net #clearlinux and join our mailing list to kick the conversation off, if you are interested in making the world more stateless.

ps.
I am a professional Linux Distribution developer, currently employed by Intel, however the postings on this site are my own and don't necessarily represent Intel's or any other past/present/future employer positions, strategies, or opinions.

* Other names and brands may be claimed as the property of others


Cory DoctorowClean Reader is a free speech issue


My latest Guardian column, Allow Clean Reader to swap ‘bad’ words in books – it’s a matter of free speech expands on last week’s editorial about the controversial ebook reader, which lets readers mangle the books they read by programatically swapping swear-words for milder alternatives.

I agree with the writers who say that the app is offensive, and that it makes books worse. Where I part company with Clean Reader’s detractors is where they claim that it is — or
should be — illegal. If we don’t have the right to make our computers alter the things we show us, what happens to ad blockers, or apps that auto-annotate politicians’ claims, or warn you when you’re reading an article in a newspaper owned by Rupert Murdoch?

Free speech isn’t just the right to express yourself, it’s also the right not to listen. I disagree with the decision to use Clean Reader, and that’s why it’s a free speech issue. If you don’t support the legal right to utter speech you find offensive, you don’t support speech at all. That doesn’t mean we shouldn’t tell people not to use Clean Reader, or withhold our books from Clean Reader’s store. It means we can’t call for Clean Reader to be banned.

I want a future where readers get to decide how they read. I want to be able to make and share annotations to climate-denial bestsellers – even if that means deniers can mark up Naomi Klein’s This Changes Everything and share their notes. I want to be able to turn Oxford commas off and on. I want to be able to change the font, block the ads, and swap cliched passages for humorous alternatives. I want Bechdelware that let me choose to genderswap the characters. I want sentiment analysis that tries to sync a music playlist with the words I read.

I want people to be able to do stupid things with their computers. Because more than anything, I want computer users to have the final say about what their computers do.

That includes kids, by the way. It’s one thing for an adult to use Clean Reader to make her reading experience accord with her preferences. The same principle that says she should be allowed to dictate her computer’s behaviour means her kids should be able to decide for themselves how sweary the books they read are.

Allow Clean Reader to swap ‘bad’ words in books – it’s a matter of free speech [Cory Doctorow/The Guardian]

Sociological ImagesAnita Sarkeesian and the Workings of Power

Sociologists are interested in the workings of power. How is inequality produced and sustained? What discursive and institutional forces uphold it? How are obvious injustices made invisible or legitimized? Why is it so hard to change hearts, minds, and societies?

How does all this work?

Earlier this month, a sliver of insight was posted. It’s a clip of a speech by Anita Sarkeesian in which she reveals what it’s like for one person to be the target of sustained, online harassment.

In 2009, Sarkeesian launched Feminist Frequency, a series of web logs in which she made feminist arguments about representation of women in pop culture. In 2012, she launched a kickstarter to fund an ambitious plan to analyze the representation of women in video games. This drew the attention of gamers who opposed her project on principle and thus began an onslaught of abuse: daily insults and threats of rape and murder, photoshop harassment, bomb threats, and a video game in which her face can be beaten bloody, just to mention a few examples. Last fall she canceled a speech at Utah State University because someone threatened to commit “the deadliest school shooting in American history” if she went on. It’s been brutal and it’s never stopped.

So, is this power at work? Has she been silenced? And has her larger project – awareness of sexism and misogyny in video games – been harmed?

I’m not sure.

As an individual, Sarkeesian has continued to speak out about the issue, but how she does so and with what frequency has been aggressively curtailed by the harassment. In the four-and-a-half minute clip, with the theme “What I Couldn’t Say,” she talks about how the harassment has changed how she engages with the public. I offer some tidbits below, but here’s the full clip:

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="https://www.youtube.com/embed/fhgEuY64ECw" width="560"></iframe>

She explains:

I rarely feel comfortable speaking spontaneously in public spaces, I’m intentional and careful about the  media interviews I do, I decline  most invitations to be on podcasts or web shows, I carefully consider the wording of every tweet to make sure it is clear and can’t be misconstrued. Over the last several years, I’ve become hypervigilant. My life, my words, and my actions are placed under a magnifying glass. Every day I see my words scrutinized, twisted, and distorted by thousands of men hell bent on destroying and silencing me.

How she gets her message across has been affected as well:

[I cant’ say] anything funny… I almost never make jokes anymore on YouTube… I don’t do it because viewers often interpret humor and sarcasm as ignorance… You would not believe how often jokes are taken as proof that I don’t know what I’m talking about… even when those jokes rely on a deep knowledge of the source material.

And she feels that, above all, she’s not allowed to talk about the harm that her harassers are doing:

I don’t’ get to publicly express sadness, or rage, or exhaustion, or anxiety, or depression… I don’t get to express feelings of fear or how tiring it is to be constantly vigilant of my physical and digital surroundings… In our society, women are not allowed to express feelings without being characterized as hysterical, erratic bitchy, highly emotional, or overly sensitive. Our experiences of insecurity, doubt, anger, or sadness are all policed and often used against us.

A youtube search for the video reveals a slew of anti-Sarkeesian responses were published within days.

——————–

Sarkeesian’s revelations put an inspiring human face on the sacrifice individuals make to fight-the-good-fight, but also reveal that, in some ways, her harassers are winning.

That said, their grotesque display of misogyny has raised Sarkeesian’s profile and drawn attention to and legitimized her project and her message. That original kickstarter? The original call was for $6,000. Her supporters donated almost $159,000. The feminist backlash to the misogynist backlash was swift and monied.

Ever since, the abuse she’s suffered as an individual has made the issue of both sexism in video games and online harassment more visible. Her pain may have been good for the visibility of the movement. I wonder, though, what message it sends to other women and men who want to pursue similar social justice initiatives. It is a cautionary tale that may dampen others’ willingness to fight.

The battle is real. The gamers who oppose Sarkeesian and what she stands for have succeeded in quieting, if not silencing her and have probably discouraged others from entering the fray. But Sarkeesian’s cause and the problem of gamer misogyny is more visible than ever. The fight goes on.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Don MartiIt's not about freedom

Doc Searls writes:

We hold as self-evident that personal agency and independence matter utterly, that free customers are more valuable than captive ones, that personal data belongs more to persons themselves than to those gathering it, that conscious signaling of intent by individuals is more valuable than the inferential kind that can only be guessed at, that spying on people when they don’t know about it or like it is wrong, and so on.

I'm going to agree with Doc that these are all good and important principles.

But then I'm going to totally ignore them.

Yes, it is "self-evident" that it's important to behave as a decent human being in online interactions, and in marketing projects. (Complexity dilutes understanding of a system but not moral responsibility for participating in a system. Just because you don't understand how your marketing budget gets diverted to fraud does not mean that you aren't ultimately responsible when you end up funding malware and scams.) Thinking about user rights is important. 30 years ago, Richard Stallman released the GNU Manifesto, which got people thinking about the ethical aspects of software licensing, and we need that kind of work about information in markets, too.

But that's not what I'm on about here. Targeted Advertising Considered Harmful is just background reading for a marketing meeting. And I've been to enough marketing meetings to know that, no matter how rat-holed and digressed the discussion gets, Freedom is never on the agenda.

So I'm going to totally ignore the Freedom side of discussing the targeted ad problem. You don't have to worry about some marketing person clicking through to this site and saying, WTF is this freedom woo-woo? It's all pure, unadulterated, 100% marketing-meeting-compatible business material, with some impressive-looking citations to Economics papers to give it some class.

Big Data proponents like to talk about "co-creating value," so let's apply that expression to advertising. The advertiser offers signal, and the reader offers attention. The value is in the exchange. Here's the point that we need to pick up on, and the point that ad blocker stats are shoving in our face until we get it. When one side's ability to offer value goes away—when a targeted ad ceases to carry signal and becomes just a windshield flyer—there's no incentive for the other side to participate in the exchange. Freedom or no freedom. Homo economicus himself would run a spam filter, or hang up on a cold call, or block targeted ads.

The big problem for web sites now is to get users onto a publisher-friendly tracking protection tool that facilitates advertising's exchange of value for value, before web advertising turns into a mess of crappy targeted ads vs. general filters, the way email spam has.

Worse Than FailureAnnouncements: Would You Like to Take a Survey?

Our sponsor, Puppet Labs, wants to know what your DevOps needs look like. Take their survey, and be entered to win some valuable prizes.

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

CryptogramBrute-Forcing iPhone PINs

This is a clever attack, using a black box that attaches to the iPhone via USB:

As you know, an iPhone keeps a count of how many wrong PINs have been entered, in case you have turned on the Erase Data option on the Settings | Touch ID & Passcode screen.

That's a highly-recommended option, because it wipes your device after 10 passcode mistakes.

Even if you only set a 4-digit PIN, that gives a crook who steals your phone just a 10 in 10,000 chance, or 0.1%, of guessing your unlock code in time.

But this Black Box has a trick up its cable.

Apparently, the device uses a light sensor to work out, from the change in screen intensity, when it has got the right PIN.

In other words, it also knows when it gets the PIN wrong, as it will most of the time, so it can kill the power to your iPhone when that happens.

And the power-down happens quickly enough (it seems you need to open up the iPhone and bypass the battery so you can power the device entirely via the USB cable) that your iPhone doesn't have time to subtract one from the "PIN guesses remaining" counter stored on the device.

Because every set of wrong guesses requires a reboot, the process takes about five days. Still, a very clever attack.

More details.

Worse Than FailureCodeSOD: Rube Goldberg's Password Generator

One of the well-known rules of life is that the most straightforward solution is usually the best solution. Obviously it's not always possible to "keep it simple, stupid," but one should aim to make their creations as self-explanatory and to-the-point as possible- otherwise it's easy to end up with a nightmare in terms of both maintainability and performance.

Photo of the Week- More than One Way to Hammer a Nail (8722944827)

Some people, however, have chosen to defy that rule. One of them was Rube Goldberg. This engineer turned cartoonist became famous for inventing ridiculously complex contraptions to achieve the simplest tasks. And while Mr. Goldberg passed away in 1970, the concept of a "Rube Goldberg machine" outlived him, showing up in hundreds of cartoons, events, and comedy movies.

And, as Matt R. learned, it also made its way into his codebase. While refactoring and rewriting a 32,000-line long file, he came across this incredible machine:

private string GeneratePassword()
{
    string guid = Guid.NewGuid().ToString().ToUpper();
    while (guid.Contains("-"))
    guid = guid.Remove(guid.IndexOf("-"), 1);
    string guidInt = "";
    int i = 0;
    char c;
    while (i < guid.Length)
    {
        c = guid[i];
        if ((c < '0') || (c > '9'))
        {
            ++i;
            continue;
        }
        guidInt += c.ToString();
        ++i;
    }

    int seed = 0;
    if (guidInt != "")
    {
        try
        {
            guidInt = guidInt.PadRight(9, '0').Substring(0, 9);
            seed = System.Convert.ToInt32(guidInt);
        }
        catch
        {
        }
    }
    Random random = new Random(seed);
    string pwd = "";
    while (pwd.Length <= 8)
    {
        c = (char)random.Next(48, 123);
        if ((c < 48) || ((c > 57) && (c < 65)) || ((c > 90) && (c < 97)) || (c > 122))
            continue;
        pwd += c.ToString();
    }

    // 05.08.2014 sometimes the PW has no number in it and that is required, so add it here if needed
    i = 0 ;
    bool bNumberFound = false;
    while( i < pwd.Length )
    {
        char x = System.Convert.ToChar(pwd.Substring(i,1));
        if (Char.IsNumber(x))
        {
            bNumberFound = true;
            break ;
        }
        i++;
    }
    if (!bNumberFound) { pwd = pwd + "1"; } 

    return pwd;

}

Tracing the code, we see that first it generates a GUID and turns it into uppercase. In any normal code, this would merely be a warning sign. GUIDs aren't a good source of randomness, and as such don't belong anywhere near a function for generating random passwords. In this code, however, it's more of a sinister omen of things to come...

In the next step, all dashes are removed from the GUID. Of course, using String.Replace would be a simple solution, so instead, the programmer opted for another one: the while loop looks for a single dash, then if one is found, the string is searched again to determine where that dash is, and finally it's removed from the string, shifting all the following characters to the left. It's a good thing GUIDs are relatively short.

After that, the real fun begins. The GUID is used to seed a random number generator (since seeding with current time is, again, a simple solution). How does one do that? Well, of course, by extracting every numeric character from the GUID, collectng them into a string, padding the string with zeroes, trimming it to nine digits, converting the string to an integer, and finally using that to seed the generator. Whew! Oh, and if the conversion fails for some reason, or if the GUID contains no digits, you get a seed of 0.

After all that, finally a 9-character password is generated. Occasionally, however, it will fail to contain any numbers, so the code just checks whether that's the case, and slaps a "1" at the end if so- rendering the attempt of increasing password entropy entirely pointless.

With all the effort put into the solution, it's hard to know whether to be amused or terrified. Personally, I think this code warrants at least a commemorative real-life Rube Goldberg machine- preferably ending with an anvil hanging above the developer's cubicle.

<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script> <style>code { font-family: Consolas, monospace; } </style>
[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Krebs on SecuritySign Up at irs.gov Before Crooks Do It For You

If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process.

Screenshot 2015-03-29 14.22.55Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his most recent tax transcript with the Internal Revenue Service (IRS). Kasper said he sought the transcript after trying to file his taxes through the desktop version of TurboTax, and being informed by TurboTax that the IRS had rejected the request because his return had already been filed.

Kasper said he phoned the IRS’s identity theft hotline (800-908-4490) and was told a direct deposit was being made that very same day for his tax refund — a request made with his Social Security number and address but to be deposited into a bank account that he didn’t recognize.

“Since I was alerting them that this transaction was fraudulent, their privacy rules prevented them from telling me any more information, such as the routing number and account number of that deposit,” Kasper said. “They basically admitted this was to protect the privacy of the criminal, not because they were going to investigate right away. In fact, they were very clear that the matter would not be investigated further until a fraud affidavit and accompanying documentation were processed by mail.”

In the following weeks, Kasper contacted the IRS, who told him they had no new information on his case. When he tried to get a transcript of the fraudulent return using the “Get Transcript” function on IRS.gov, he learned that someone had already registered through the IRS’s site using his Social Security number and an unknown email address.

“When I called the IRS to fix this, and spent another hour on hold, they explained they could not tell me what the email address was due to privacy regulations,” Kasper recalled. “They also said they could not change the email address, all they could do was ban access to eServices for my account, which they did. It was something at least.”

FORM 4506

Undeterred, Kasper researched further and discovered that he could still obtain a copy of the fraudulent return by filling out the IRS Form 4506 (PDF) and paying a $50 processing fee. Several days later, the IRS mailed Kasper a photocopy of the fraudulent return filed in his name — complete with the bank routing and account number that received the $8,936 phony refund filed in his name.

“That’s right, $50 just for the right to see my own return,” Kasper said. “And once again the right hand does not know what the left hand is doing, because it cost me just $50 to get them to ignore their own privacy rules. The most interesting thing about this strange rule is that the IRS also refuses to look at the account data itself until it is fully investigated. Banks are required by law to report suspicious refund deposits, but the IRS does not even bother to contact banks to let them know a refund deposit was reported fraudulent, at least in the case of individual taxpayers who call, confirm their identity and report it, just like I did.”

Kasper said the transcript indicates the fraudsters filed his refund request using the IRS web site’s own free e-file website for those with incomes over $60,000. It also showed the routing number for First National Bank of Pennsylvania and the checking account number of the individual who got the deposit plus the date that they filed: January 31, 2015.

The transcript suggests that the fraudsters who claimed his refund had done so by copying all of the data from his previous year’s W2, and by increasing the previous year’s amounts slightly. Kasper said he can’t prove it, but he believes the scammers obtained that W2 data directly from the IRS itself, after creating an account at the IRS portal in his name (but using a different email address) and requesting his transcript.

“The person who submitted it somehow accessed my tax return from the previous year 2013 in order to list my employer and salary from that year, 2013, then use it on the 2014 return, instead,” Kasper said. “In addition, they also submitted a corrected W-2 that increased the withholding amount by exactly $6,000 to increase their total refund due to $8,936.”

MONEY MULING

On Wednesday, March 18, 2015, Kasper contacted First National Bank of Pennsylvania whose routing number was listed in the phony tax refund request, and reached their head of account security. That person confirmed a direct deposit by the IRS for $8,936.00 was made on February 9, 2015 into an individual checking account specifying Kasper’s full name and SSN in the metadata with the deposit.

“She told me that she could also see transactions were made at one or more branches in the city of Williamsport, PA to disburse or withdraw those funds and that several purchases were made by debit card in the city of Williamsport as well, so that at this point a substantial portion of the funds were gone,” Kasper said. “She further told me that no one from the IRS had contacted her bank to raise any questions about this account, despite my fraud report filed February 9, 2015.”

The head of account security at the bank stated that she would be glad to cooperate with the Williamsport Police if they provided the required legal request to allow her to release the name, address, and account details. The bank officer offered Kasper her office phone number and cell phone to share with the cops. The First National employee also mentioned that the suspect lived in the city of Williamsport, PA, and that this individual seemed to still be using the account.

Kasper said the local police in his New York hometown hadn’t bothered to respond to his request for assistance, but that the lieutenant at the Williamsport police department who heard his story took pity on him and asked him to write an email about the incident to his captain, which Kasper said he sent later that morning.

Just two hours later, he received a call from an investigator who had been assigned to the case. The detective then interviewed the individual who held the account the same day and told Kasper that the bank’s fraud department was investigating and had asked the person to return the cash.

“My tax refund fraud case had gone from stuck in the mud to an open case, almost overnight,” Kasper sad. “Or at least it seemed to be that simple. It turned out to be much more complex.”

For starters, the woman who owned the bank account that received his phony refund — a student at a local Pennsylvania university — said she got the transfer after responding to a Craigslist ad for a moneymaking opportunity.

Kasper said the detective learned that money was deposited into her account, and that she sent the money out to locations in Nigeria via Western Union wire transfer, keeping some as a profit, and apparently never suspecting that she might be doing something illegal.

“She has so far provided a significant amount of information, and I’m inclined to believe her story,” Kasper said. “Who would be crazy enough to deposit a fraudulent tax refund in their own checking account, as opposed to an untraceable debit card they could get at a convenience store. At the same time, wouldn’t somebody who could pull this off also have an explanation like this ready?”

The woman in question, whose name is being withheld from this story, declined multiple requests to speak with KrebsOnSecurity, threatening to file harassment claims if I didn’t stop trying to contact her. Nevertheless, she appears to have been an unwitting — if not unwilling — money mule in a scam that seeks to recruit the unwary for moneymaking schemes.

ANALYSIS

The IRS’s process for verifying people requesting transcripts is vulnerable to exploitation by fraudsters because it relies on static identifiers and so-called “knowledge-based authentication” (KBA)  — i.e., challenge questions that can be easily defeated with information widely available for sale in the cybercrime underground and/or with a small amount of searching online.

To obtain a copy of your most recent tax transcript, the IRS requires the following information: The applicant’s name, date of birth, Social Security number and filing status. After that data is successfully supplied, the IRS uses a service from credit bureau Equifax that asks four KBA questions. Anyone who succeeds in supplying the correct answers can see the applicant’s full tax transcript, including prior W2s, current W2s and more or less everything one would need to fraudulently file for a tax refund.

The KBA questions — which involve multiple choice, “out of wallet” questions such as previous address, loan amounts and dates — can be successfully enumerated with random guessing. But in practice it is far easier, said Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley.

“I did it twice, and the first time it was related to my current address, one old address question, and one ‘which credit card did you get’ question,” Weaver said. “The second time it was two questions related to my current address, and two related to a car loan I paid off in 2007.”

The second time round, Weaver said a few minutes on Zillow.com gave him all the answers he needed for the KBA questions. Spokeo solved the “old address” questions for him with 100% accuracy.

“Zillow with my address answered all four of them, if you just assume ‘moved when I bought the house’,” he said. “In fact, I NEEDED to use Zillow the second time around, because damned if I remember when my house was built.  So with Zillow and Spokeo data, it isn’t even 1 in 256, it’s 1 in 4 the first time around and 1 in 16 the second, and you don’t need to guess blind either with a bit more Google searching.”

If any readers here doubt how easy it is to buy personal data on just about anyone, check out the story I wrote in December 2014, wherein I was able to find the name, address, Social Security number, previous address and phone number on all current members of the U.S. Senate Commerce Committee. This information is no longer secret (nor are the answers to KBA-based questions), and we are all made vulnerable to identity theft as long as institutions continue to rely on static information as authenticators. See my recent story on Apple Pay for another reminder of this fact.

Unfortunately, the IRS is not the only government agency whose reliance on static identifiers actually makes them complicit in facilitating identity theft against Americans. The same process described to obtain a tax transcript at irs.gov works to obtain a free credit report from annualcreditreport.com, a Web site mandated by Congress. In addition, Americans who have not already created an account at the Social Security Administration under their Social Security number are vulnerable to crooks hijacking SSA benefits now or in the future. For more on how crooks are siphoning Social Security benefits via government sites, check out this story.

Kasper said he’s grateful for the police report he was able to obtain from the the Pennsylvania authorities because it allows him to get a freeze on his credit file without paying the customary $5 fee in New York to place and thaw a freeze.

Credit freezes prevent would-be creditors from approving new lines of credit in your name — and indeed from even being able to view or “pull” your credit file — but a freeze will not necessarily block fraudsters from filing phony tax returns in your name.

Unless, of course, the scammers in question are counting on obtaining your tax transcripts through the IRS’s own Web site. According to the IRS, people with a credit freeze on their file must lift the freeze (with Equifax, at least) before the agency is able to continue with the KBA questions as part of its verification process.

Update, 10:46 p.m., ET: The link included in the first paragraph of this story directing readers to create an account with the IRS is currently returning the message: “We are currently experiencing technical issues and unable to process new registrations.”

Planet DebianSteve McIntyre: UEFI Debian installer work for Jessie, part 6

One final update on my work for UEFI improvements in Jessie!

All of my improvements have been committed into the various Debian packages involved, and the latest release candidate for Jessie's debian-installer build (RC2) works just as well as my test builds on the Bay Trail system I've been using (Asus X205TA). Job done! :-)

I'm still hoping to maybe get more hardware support for this particular hardware included in Jessie, but I can't promise. The mixed EFI work has also improved things for a lot of Mac users, and I'm planning to write up a more comprehensive list of supported machines in the Debian wiki (for now).

There's now no need to use any of the older test installer images - please switch to RC2 for now. See http://cdimage.debian.org/cdimage/jessie_di_rc2/ for the images. If you want to install a 64-bit system with the 32-bit UEFI support, make sure you use the multi-arch amd64/i386 netinst or DVD. Otherwise, any of the standard i386 images should work for a 32-bit only system.

Upstreaming

My kernel patch to add the new /sys file was accepted upstream a while back, and has been in Linus' master branch for some time. It'll be in 4.0 unless something goes horribly wrong, and as it's such a tiny piece of code it's trivial to backport to anything remotely recent too.

I've also just seen that my patch for grub2 to use this new /sys file has been accepted upstream this week. Again, the change is small and self-contained so should be easy to copy across into other trees too.

Mixed EFI systems should now have better support across all distros in the near future, I hope.

Geek FeminismTake the Linkspam and Run (29 March 2015)

  • On Being a Badass | New York Magazine – The Cut (March 1): “It strikes me that as women continue to break into traditionally masculine professions and defend their right to exist in unsafe spaces, the rest of us have a responsibility to do more than cheer them from the sidelines. We should also make clear that we understand this work is hard, that it often takes an emotional toll, that there are no easy answers, and that, when they acknowledge their feelings and admit their struggles, they’re all the more badass for it.”
  • Robot-Building 6-Year-Old Girls Talking Tech With Obama Is the Best Thing You’ll See All Week | Mother Jones (March 24): “The 6-year-olds from Tulsa’s Girl Scout Troup 411 were the youngest inventors selected to present at this year’s fair. Inspired by conversations with a librarian and one of the girls’ grandmas, they built a mechanical Lego contraption that can turn pages, to help patients with mobility issues read books.”
  • A Comics Creator Harassed Me On Twitter and I Don’t Want to Say His Name | Women Write About Comics (March 21): “I have a history with stalking, or rather, stalking has a history with me. He couldn’t have known that, our unnamed comic creator, when he decided to make my Twitter life as miserable as his own pathetic heart. He couldn’t have known much about me, or what hurts me, besides the obvious things that hurt all of us. But equally, he couldn’t have known that I DIDN’T have a stalker, a past that, like so many women, includes abuse. He did know, you know, that I am human. That every. Last. Person. You interact with on the internet, is human too.”
  • The divine witches of cyberspace | Boing Boing Offworld (March 24): “There is also a uniquely feminist layer to the digital fortunetelling space—it can offer a safe haven in the technology world, where smooth futures are far less certain for some as for others. Stone suggests that astrology and witchcraft have always, throughout history, offered ways for marginalized people to understand the world, even while white patriarchy, capitalism and their associated religious movements rutted up alongside and over them.”
  • Content warning: descriptions of sexual assault and harassment Sexism in Tech: Don’t Ask Me Unless You’re Ready To Call Somebody a Whistleblower | @katylevinson on Medium (March 8): “You’re tired of hearing about this “women in tech” stuff, and we’re tired of living it, but there are some big issues here, and we’re not going to solve them by pretending they don’t exist because we’re bored or afraid of them. We need serious discussions, and we have to have educated opinions about what’s wrong and how to fix it. We need to mull these ideas around until we come to some combination of hard data and cultural consensus before we can get meaningful change.”
  • The 5 Biases Pushing Women Out of STEM | Harvard Business Review (March 24): “We conducted in-depth interviews with 60 female scientists and surveyed 557 female scientists, both with help from the Association for Women in Science. These studies provide an important picture of how gender bias plays out in everyday workplace interactions. My previous research has shown that there are four major patterns of bias women face at work. This new study emphasizes that women of color experience these to different degrees, and in different ways. Black women also face a fifth type of bias.”
  • How Silicon Valley Can Change Its Culture to Attract More Women | The New Yorker (March 26): “She also sees value in talking about her own experiences as a woman engineer who presents in a “feminine” manner—not to suggest that all female engineers should wear floral dresses and speak softly, like she does, but to promote it as no less valid than turning up at work in a hoodie and jeans and using a loud voice.”
  • A Note on Call-Out Culture | Briarpatch Magazine (March 2): “There are ways of calling people out that are compassionate and creative, and that recognize the whole individual instead of viewing them simply as representations of the systems from which they benefit. Paying attention to these other contexts will mean refusing to unleash all of our very real trauma onto the psyches of those we imagine to only represent the systems that oppress us. Given the nature of online social networks, call-outs are not going away any time soon. But reminding ourselves of what a call-out is meant to accomplish will go a long way toward creating the kinds of substantial, material changes in people’s behaviour – and in community dynamics – that we envision and need.”
  • Salesforce CEO Says Company Is ‘Canceling All Programs’ In Indiana Over LGBT Discrimination Fears | CBS San Francisco (March 26): “Salesforce CEO Marc Benioff says he doesn’t want his employees subjected to discrimination as part of their work for the San Francisco-based company, and he is cancelling all required travel to the state of Indiana following the signing of a religious freedom law that some say allows business to exclude gay customers.”
  • A Fish Is the Last to Discover Water: Impressions From the Ellen Pao Trial | Re/code (March 26): “I can imagine that as the little injustices built up, she compartmentalized and moved on. That’s the easier path. It might not have occurred to her in real time that there should be a policy in place, for example. I know many women in high-powered positions who have not reported incidents or didn’t want to rock the boat. It can be the benefit of reflection on the totality of the situation that provides clarity.”
  • CASSIUS – Issue #1 | Kickstarter “Inspired by Shakespeare’s Julius Caesar and the events of history, Cassius is set in a Roman-esque universe centered around the collection of states know as Latium. The story follows our heroine Junia, who belongs to the Latium state of Cyrentha, and believes herself to be no more than ordinary. But one single act of violence suddenly thrusts Junia into a world of politics, betrayal, greed, bloodshed, and fate – and Junia must overcome it all if she is to survive.”
  • Philosophy has to be about more than white men | The Guardian (March 23): “Imagine a future where a student interested in, say, humanism, encounters a global range of thinking on the topic and not a narrow, regional one. Such a creative, fertile environment is not only possible but it is the only one that can return philosophy to its worthy purpose, namely the investigation of all human existence.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

,

Chaotic IdealismYou're Not Like My Child... My Child is Severely Disabled.

I get this sometimes. People look at me; they see I can talk, I can take care of myself, I live on my own with no more than a case manager checking in weekly (thank goodness, by the way; it was long overdue and I'm very pleased to finally be able to depend on someone to help me figure out the little unexpected bits of daily life)...

And they say, "You're not like my child. My child is severely disabled. He can't go to college. He can't talk. He won't live on his own. He can't..."

I've brought this up with various people, and many times, the response is, "But you've come a long way." Which is true. As a kid I threw tantrums because I didn't want to take my coat off. I didn't realize "hell" was a swear word until I was eleven. I had to go to the hospital when I was fifteen because I'd put unpopped popcorn kernels in my ears and had to get them taken out again (they fit so nicely I couldn't help myself). I don't think I've ever been "severe", but I don't think I'm "mild" either. I'm in the middle, somewhere. Intelligent, but disabled.

The people who make this point are trying to say, "You can't predict what a child's future is going to be like. People learn. The child who's wearing diapers today may be going to college tomorrow--maybe while still wearing diapers. Autistic people are often a lot smarter than they seem, anyway. He might not be able to talk, but what if he can learn to read?"

I get this. It's true. Quite a lot of autistic people do things that they aren't expected to ever be able to do, simply because their skills have been stereotyped by others to be at some low level, when in reality, they have talents nobody thought they could have because they didn't have the prerequisites. Many of us walk before we can crawl, read before we can speak, do algebra before we learn our multiplication tables. And it's good to remind parents that a child with autism can have these talents, that he will learn as he grows older, will benefit from therapy and from schooling and from a reliable, welcoming environment. The child who can't, often grows up to be an adult who can, whether in the typical way or in his own way.

And yet... it troubles me. Why are we telling these parents, "You have hope; your child may not actually be severely disabled; or, your severely disabled child may have talents you don't expect him to have"? Why is it encouraging to tell parents that a disability probably isn't as severe as they think it is? It's true, in many, perhaps most cases, that improvement and learning are inevitable. But where does that leave the parents? They are basing their hope on whether their child improves, and the fact is, some children don't. Say the child has Rett syndrome, or Heller syndrome. Both of those are degenerative. These kids will lose skills. Rett's girls often die young. Or, say that their child is one of the unlucky ones for whom learning is not permanent--who learns a skill, and then loses it. Or perhaps they are one of the ones with multiple disabilities, health problems that limit their energy and ability to focus. Say their child really is severely disabled, and will remain so for their lifetime. That is always a possibility. Even for neurotypical, healthy children, there is the possibility that they will suffer a brain injury or an illness, and be severely disabled in adulthood.

To tell a parent, "Your child is probably not as severely disabled as it seems," in an attempt to encourage them, is not productive because it does not challenge the notion that disability causes someone to live a worthless, vulnerable, unhappy life. It implies that the parent's fears--of the child growing up to be dependent, unable to speak for himself, unable to provide for himself--are justifiably frightening because living like this would be intrinsically bad.

Instead, we should take into account the possibility that a child will grow up to be severely disabled--and that this is still okay.

What does a good parent want for a child, really? Deep down, they want their child to be happy, to have useful things to do, to be accepted, to feel loved, to be safe. All the superficial things--job, schooling, marriage, independence both financial and physical--are just ways to get those basic needs met. They're the ways that neurotypical people meet those needs, and they're legitimate goals. But there are other ways to meet those basic needs. There are ways for anyone, ever, no matter how disabled, to meet them.

Maybe it's because I have a history of depression, but one of the best ways I've found to face things that I fear, is to accept that they can happen--and then think about how I will deal with them. If a tornado threatens my apartment, I will stuff my cats into their carriers and huddle in the bathroom. If someone breaks down my door, I will escape out the back window. If I can't work, I'll volunteer.

Say you are a parent with a young child, and your child has autism, and it's still unclear what they will be like when they are grown. Or maybe you can see even at this stage that the child will have problems in adulthood. My primary approach would not be, "Your child may well grow up to be like me," even though that is a possibility. It would be, "And what if your child does grow up to be severely disabled? What do you really want for your child--beyond the superficialities? And if he grows up to be severely disabled, isn't it true that he can still get those things?"

Many parents facing a child's diagnosis for the first time are frightened of things like, "How will I keep my child from being mistreated?" That's why they're so afraid of institutions. They're afraid that their child will be hurt, neglected, or dismissed if he needs ADL help in adulthood. And they think that this means they are afraid of disability... But in reality, they are afraid of the way other people react to disability. They're afraid that their child will be abused for being disabled, much the way the parents of a gay child might be afraid that their child will be beaten up for being gay. The problem here isn't the disability--it's the prejudice. And that can be changed.

Other people say, "I'm afraid that my child won't be able to work when he grows up. He will just be forced to sit around with nothing to do." Well, I don't work, and I do have useful things to do; but let's say your child is Not Like Me at all, in the most extreme way... say he's not able to volunteer or write essays for a blog or read books. Why do you want your child to be able to work? Because you want him to be financially independent, and because you want him to be a part of his community. Financial independence means the ability to decide for yourself that you will live in a safe place, with the things you need, and some of the things you want. And being a part of your community allows you to be treated with respect and seen as human. But all of those things can be done by a person with a severe disability.

And then there's the disability itself. There's often distress associated with it. What if a child doesn't grow out of meltdowns and has to deal with them as a 200-pound adult? What if they have chronic pain? What if those seizures can't be controlled? What if showers are always as terrible as they are when the child is five? All of those things can be unpleasant and they can stay until adulthood, but let's put it in perspective: Neurotypical people, non-disabled people, have unpleasant parts of their lives, too. Unpleasantness associated with a disability is not a thing apart from general unpleasantness. Is it worse to have a meltdown, or to have to wait in line at the bank? Is it worse to live with chronic back pain or to have to work in a stressful job for a boss you despise? Is it worse to suddenly discover that the milk in your coffee has gone bad, or to be unable to eat breakfast because you have run out of your favorite cereal and cannot switch to oatmeal? Just like you learn to deal with the everyday annoyances of your normal life, disabled people learn to deal with the everyday annoyances of their own lives. Yes, even things like chronic pain or paralysis or fatigue. People with all of those things have reported being happy. Is that surprising? Well, could you find happiness in a life where you had to work that stressful job? Probably. So can your disabled child find happiness in their own life.

I am not trivializing the difficulties faced by people with severe disabilities, nor am I trivializing the fears of their parents. Those difficulties are real, and the fear is real. But don't see it as an insurmountable cliff that you can't climb. You're too far away from it right now to see, but once you get close, you will see that there are handholds, and that other people further up are anchoring ropes for you to grab hold of. And slowly but surely, the disability rights movement is eroding that cliff into a more gentle hill. Our grandchildren won't even need handholds. A world that used to kill the disabled will be turned into a world where the disabled are friends and neighbors, where severe disability is no longer feared.

It's a lot easier to deal with something you fear when you have an action plan. If you have a child, and you fear your child will be severely disabled, think about that possibility and let yourself plan for that child to have a happy, fulfilling future as an adult. Don't make it contingent on your child learning (though he probably will) or showing unique talents (though he probably has them). Don't think, "Oh, if he can only learn to speak, everything will be okay." Think, "Everything can be okay whether he learns to speak or not." Whatever does happen, your child can have a future--a good future, one where he's happy, and safe, and loved, and gets to do things he likes to do. The only thing left to find out is precisely how that is going to happen.

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-03-23 to 2015-03-29

Planet DebianEddy Petrișor: HOWTO: Disassemble a big endian Arm raw memory dump with objdump

This is trivial and very useful for embedded code dumps, but in case somebody (including future me) needs this, here it goes:
arm-none-eabi-objdump -D -b binary -m arm -EB dump.bin | less
The options mean:
  • -D - disassemble
  • -b binary - input file is a raw file
  • -m arm - arm architecture
  • -EB - big endian
By default, endianness is assumed to be little endian, or at least that's happened with my toolchain.

Planet Linux AustraliaAndrew McDonnell: Challenge for 2015: hackaday prize competition

So the 2015 Hackaday prize is happening, until at least August.

Somehow I’ve currently ended up involved with not one, but two entries!  The good thing is that with four months to go until the first round submission, I have been careful not to bite off more that can be chewed in the time available on weekends, or after the kids go to bed, etc. with other commitments. Along the way though it should be educational and fun, and with any luck I might at least win a T-shirt or something (some electronics test gear would be nice) … I’m under no illusion we will get anywhere near winning a trip to space!

The themes this year are is “Build Something that Matters”, around environment, agriculture and energy, with the related facet of solving a problem, and not necessarily a world-scale problem.

So my first project, of which I am making good progress, is a farm crop monitoring system for Australian conditions.  This utilises the ESP8266 wifi module and will exercise its deep sleep mode, and solar power, along with a yet to be determined Linux module for a local base station, and hopefully ISM band telemetry over long distances. I will also be helped by my neighbour who is a farmer who can use this system.

The second project, which is not my idea but that of a close friend, (but for which I am presently responsible for maintaining the hackaday.io page), is an Algorithmic Composting machine built out of repurposed parts and cheap electronics.  I’ll probably end up assisting with the embedded electronics, as well as keeping the documentation up to date.

I wont be posting here in a lot of detail as the contest progresses, as there is a project log built into the hackaday.io site intended for that purpose.  So follow along at http://hackaday.io/project/4758 and http://hackaday.io/project/4991  instead! (And please like our projects if you have a hackaday account!)

 

Planet DebianZlatan Todorić: Its all about fun

The percentage that women in Debian occupy as DDs is ~2%. Yes, just ~2% ladies that are DDs! So that means ~98% of DDs are gentelmen.

some picture with rage meme

I know there are more of ladies in Debian, so I firstly urge you, for love of Debian, to apply if you are contributing to this project, love its community and want to see Debian taking over the universe (okay, it seems that we conquered outer space so we need a help on Earth).

So why is the number this low? Well maybe it's too precious to us currently inside that we want to prevent it being spoiled from outside. Also there seems to be not that much of younger DDs. Why is that important - well, young people like to do it and not to think about it. Many time they just break it, but many time they also do a breakthrough. Why is difference important and why should we embrace it? It's very important because it breaks a monopoly on view and behavior. It brings views not just from a larger number of people, but also from people from different backgrounds, and in constructive conversation it can put even more pluses on current workflow or it can counter it with good arguments. In a project of its size and worldwide geolocation of its developers, this is true for Debian more then any other projects I know. We need more women so we can balance our inner workings and have a better understanding of humanity and how is it moving, what and why does it need and where is it steering. That way we can produce a community which will improve quality of OS that we produce - because of sheer number of different people working on the same thing bringing to it its own personal touch. So, ladies and youth all over the world, unite and join in Debian because without diversity Debian can't grow beyond its current size. Also, no, Debian is not about code only, it needs painters, musicians, people that want to talk about Debian, people that share love and happiness, people that want to build better communities, UI/UX designers, makers, people who know how to repair a bike, athletes, homebrew beer producers, lawyers (just while world gets rid of laws, then we don't need you), actors, writters... Why, well because world and communities are made up from all that diversity and that's what makes it a better and not a monotone place.

But I just use Debian. Well, do you feel love towards Debian and its work? Would you like to feel more as integral part of community? If the answer is big fat YES, then you should be a DD too. Every person that feels it's part of Debians philosophy about freedom and behaving in good manner should join Debian. Every person that feels touched and enhanced by Debian's work should become part of community and share its experience how Debian touched their soul, impacted their life. If you love Debian, you should be free to contribute to it in whatever manner and you should be free to express your love towards it. If you think lintian is sexy, or shebang is a good friends of yours, or you enjoy talking to MadameZou about Debian and zombies (yeah, we do have all kinds of here), or you like Krita, or you hate the look of default XFCE theme, or you can prove that you a more crazy developer then paultag - just hop into community and try to integrate in it. You will meet great folks, have a lot of conversation about wine and cheese, play some dangerous card games and even learn about things like bokononism (yeah I am looking at you dkg!).

Now for the current Debian community - what the hell is packaging and non-packaging Debian Developer? Are one better then others? Do others stink? They don't know to hug? WHAT? Yes I know that inexperienced person shouldn't have a permission to access Debian packaging infrastructure, but I have the feeling that even that person knows that. Every person should have a place in Debian and acknowledge other fields. So yes, software developers need access to Debian packaging infrastructure, painters don't. I think we can agree on this. So lets abolish the stupid term and remove the difference in our community. Lets embrace the difference, because if someone writes a good poem about Debian heroism I could like it more then flashplugin-nonfree! Yep, I made that comparison on purpose so you can give a thought about it.

Debian has excellent community regarding operating system that it's producing. And it's not going away, not at least anytime soon. But it will not go forward if we don't give additional push as human beings, as people who care about their fellow Debianites. And we do care, I know that, we just need to push it more public. We don't hide bugs, we for sure shouldn't hide features. It will probably bring bad seeds too, but we have mechanisms and will to counter that. If we, on average 10 bad seeds, get some crazy good hacker or crazy lovely positive person like this lady, we will be on right path. Debian is a better place, it should lead in effort to bring more people into FLOSS world and it should allow people to bring more of diversity into Debian.

draw a picture where it says next year 3 dpl candidates should be only women and at least one of them not involved in packaging

,

Sam VargheseMyths about Dhoni shown to be just that

As the Indian cricket team was slowly moving towards defeat against Australia in the World Cup semi-final, many commentators, the normally erudite Allan Border among them, were still convinced that Indian captain M.S. Dhoni would explode at some point and carry India to victory.

It looks like Border and all the others of his ilk were dreaming earlier in the summer when Dhoni called time on his Test career, indicating that he was unable to handle that job any more. He did not step down from the captaincy, he quit Tests altogether.

Quite simply, Dhoni has lost it. He is past it and his sticking on for the World Cup was a typical reaction from a cricketer in a country where the selectors do not pick people on form alone. The same applies to Sri Lanka’s Mahela Jayawardene and Tillakaratne Dilshan, and Pakistan’s Shahid Afridi. All are past it, yet were allowed to play on by their respective countries’ selectors, for so-called sentimental reasons.

Dhoni may have been the best finisher in one-day cricket for a long time. But that ability has gone. He cannot do it any more. The myth persists and that’s all it is — a myth.

Dhoni’s hanging on is not unusual in India; Kapil Dev, the captain under whom India won its first World Cup title, hung on and on, just so he could break Ian Botham’s record for most Test wickets. Sachin Tendulkar, Virender Sehwag, V.V.S. Laxman and Rahul Dravid all continued playing beyond the point when it was painfully obvious that they were no longer being picked on form. A lot of other good prospects were dudded of their chance of playing for the national team as a result.

In Australia, at times, that kind of sentimentality does not come into play. Ian Healy was denied a last Test in Brisbane in 1999, after he had shown that his talents were on the wane by dropping Brian Lara during a tense run chase in the third Test in the Caribbean. Adam Gilchrist made his debut when Pakistan arrived for the first Test of the Australian summer. But at times, Australia also looks the other way, a classic case being that of Matthew Hayden.

So the fact that Dhoni could not do anything except run himself out later on in the Indian innings did not come as a surprise. He gave an indication that he is no longer capable of captaining the team by letting things drift during the Australian innings: after David Warner had been dismissed early, Dhoni just sat back and let Steve Smith and Aaron Finch settle in. By the time he realised that the two spinners, Ravichandran Ashwin and Ravindra Jadeja, were being picked off for singles without showing any indication that they would take a wicket, it was too late. Finch, not in the greatest form, and Smith added 180-odd and ensured that Australia would cross 300.

Taking wickets later in the innings did ensure that Australia did not go on to 350-plus but the 328 that they got was at least 40 too much for any team to chase at the SCG. History teaches us many things, and one look at the totals chased successfully at the SCG in one-day matches would have told Dhoni that.

Whether the word foolish is politically correct or not, it is the one which fits the dismissals of both Indian openers Shikhar Dhawan and Rohit Sharma. At a time when India was cruising and scoring at six an over, Dhawan hit the ball straight to a fielder — just after he taken 16 runs off a James Faulkner over. Rohit did something equally stupid, attempting an aggressive stroke off Mitchell Johnson just after he had clobbered that bowler into the stands.

And all the commentators did not consider one thing — only Dhawan and Rohit had scored consistently for India in the tournament. Every one of the other batsman had got just one decent score. It was not surprising that every one of them failed.

In the end, India failed when it had to step up. That is not surprising, it has happened on innumerable occasions in the past. And it will happen again unless selection policies change.

Planet Linux AustraliaGlen Turner: Fedora 21: automatic software updates

The way Fedora does automatic software updates has changed with the replacement of yum(8) with dnf(8).

Start by disabling yum's automatic updates, if installed:

# dnf remove yum-cron yum-cron-daily

Then install the dnf automatic update software:

# dnf install dnf-automatic

Alter /etc/dnf/automatic.conf to change the "apply_updates" line:

apply_updates = yes

Instruct systemd to run the updates periodically:

# systemctl enable dnf-automatic.timer
# systemctl start dnf-automatic.timer

Planet DebianLeo 'costela' Antunes: Go linear programming library

After a way too long hiatus, I finally got back to working on some side-projects and wrote a small go library for solving linear programming problems. Say hi to golp!

Since I’m no LP expert, golp makes use of GLPK to do the actual weight-lifting. Unfortunately, GLPK currently isn’t reentrant, so it can’t really be used with go’s great goroutines. Still, works well enough to be used for a next little project.

Now, if only I could get back to working on Debian…

Planet DebianMatt Zimmerman: What I think about thought

Only parts of us will ever
touch o̶n̶l̶y̶ parts of others –
one’s own truth is just that really — one’s own truth.
We can only share the part that is u̶n̶d̶e̶r̶s̶t̶o̶o̶d̶ ̶b̶y̶ within another’s knowing acceptable t̶o̶ ̶t̶h̶e̶ ̶o̶t̶h̶e̶r̶—̶t̶h̶e̶r̶e̶f̶o̶r̶e̶ so one
is for most part alone.
As it is meant to be in
evidently in nature — at best t̶h̶o̶u̶g̶h̶ ̶ perhaps it could make
our understanding seek
another’s loneliness out.

– unpublished poem by Marilyn Monroe, via berlin-artparasites

This poem inspired me to put some ideas into words this morning, an attempt to summarize my current working theory of consciousness.

Ideas travel through space and time. An idea that exists in my mind is filtered through my ability to express it somehow (words, art, body language, …), and is then interpreted by your mind and its models for understanding the world. This shifts your perspective in some way, some or all of which may be unconscious. When our minds encounter new ideas, they are accepted or rejected, reframed, and integrated with our existing mental models. This process forms a sort of living ecosystem, which maintains equilibrium within the realm of thought. Ideas are born, divide, mutate, and die in the process. Language, culture, education and so on are stable structures which form and support this ecosystem.

Consciousness also has analogues of the immune system, for example strongly held beliefs and models which tend to reject certain ideas. Here again these can be unconscious or conscious. I’ve seen it happen that if someone hears an idea they simply cannot integrate, they will behave as if they did not hear it at all. Some ideas can be identified as such a serious threat that ignoring them is not enough to feel safe: we feel compelled to eliminate the idea in the external world. The story of Christianity describes a scenario where an idea was so threatening to some people that they felt compelled to kill someone who expressed it.

A microcosm of this ecosystem also exists within each individual mind. There are mental structures which we can directly introspect and understand, and others which we can only infer by observing our thoughts and behaviors. These structures communicate with each other, and this communication is limited by their ability to “speak each other’s language”. A dream, for example, is the conveyance of an idea from an unconscious place to a conscious one. Sometimes we get the message, and sometimes we don’t. We can learn to interpret, but we can’t directly examine and confirm if we’re right. As in biology, each part of this process introduces uncountable “errors”, but the overall system is surprisingly robust and stable.

This whole system, with all its many minds interacting, can be thought of as an intelligence unto itself, a gestalt consciousness. This interpretation leads to some interesting further conclusions:

  • The notion that an individual person possesses a single, coherent point of view seems nonsensical
  • The separation between “my mind” and “your mind” seems arbitrary
  • The attribution of consciousness only to humans, or only to living beings, seems absurd

Naturally, this is by no means an original idea (can such a thing exist?). It is my own take on the subject, informed both consciously and unconsciously by my own study, first-hand experience, conversations I’ve had with others, and so on. It’s informed by the countless thinkers who have influenced me. Its expression is limited by my ability to write about it in a way that makes sense to other people.
Maybe some of this makes sense to you, and maybe I seem insane, or maybe both. Hopefully you don’t find that you have an inexplicable unconscious desire to kill me!


Sociological ImagesA Quarter of College Students Think that Love Brainwashes Women

According to a survey of 1,387 students in Sociology 101 classes at a large west coast university,  25.8% of college students “somewhat” or “strongly agree” that romantic love brainwashes women. Another 20% could be convinced.  Interestingly, the numbers were similar for men and women, though women were a bit more likely to agree.

8

Data from “Hey God, is that You in my underpants?” by Roger Friedland and Paolo Gardinali, published in Intimacies: A New World of Relational Life.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

TED5 tips for conducting an interview with someone you care about, using StoryCorps’ new app

<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="https://embed-ssl.ted.com/talks/dave_isay_everyone_around_you_has_a_story_the_world_needs_to_hear.html" webkitallowfullscreen="webkitAllowFullScreen" width="585"></iframe>

Anybody with a smartphone can now be a part of the StoryCorps movement. As TED Prize Winner Dave Isay reveals in today’s talk, you no longer have to travel to a StoryCorps mobile booth to capture an interview with a friend, family member or stranger — because StoryCorps has created a free app. Now, if you can find a quiet place and 45 minutes, you can interview someone whose story has never been heard and immediately upload the discussion to the American Folklife Center at the Library of Congress.

The app itself is easy to use, with step-by-step guidance on how to pick interview questions, record the interview, select an excerpt to highlight, and upload the full conversation for posterity. More than 250 interviews have already been uploaded since Isay gave his talk in Vancouver on Tuesday. Your participation is key to the success of Isay’s audacious wish for StoryCorps: 

“Help me spark a global movement to record and preserve meaningful conversations with one another that results in an ever-growing digital archive of the collective wisdom of humanity.”

Isay, a radio documentary maker, has conducted thousands of interviews. But even if it’s your first time interviewing someone, you can still have a meaningful conversation. Below, five interview tips from Isay to help you maximize the experience.

  1. Ask the big life questions. Facts are much less interesting than questions regarding love, life challenges, influences and regret. Some key questions to ask: Who is the person who has been kindest to you in your life? What do you feel most grateful for? What is your happiest memory? What are you proudest of? Can you remember a time when you’ve felt alone? If you were to die suddenly this evening, what would you most regret having not told someone? “The best stories come from asking open-ended questions,” says Isay. “For StoryCorps, the thing you don’t want to do is recite your CV. We want the aspects of a person that can’t be written down easily, that haven’t been said before. The big life questions are the best.”
    .
  2. Pour your attention into the interview. “The most important things about listening is to be very present,” says Isay. “To have all your devices off, and to genuinely connect and actively listen to whoever it is you’re talking to. When I used to do radio interviews, I’d sit forward, and it was almost like a laser beam between me and the person I was talking to. It was often very intense, present, active, concentrated listening. It is counterintuitive, but it should feel draining to you. At the end of the 40 minutes, as the person doing the listening, you should be more tired than the person doing the talking.”
    .
  3. Be an active participant in the conversation. Just because you’re listening, doesn’t mean you can’t engage. “Active listening doesn’t stop you from participating in the conversation. You can laugh, cry and ask follow-up questions. But what you’re not doing is bringing it back to yourself. Be generous. Try not to think about your kids or what movie you’re going to see that night.”
    .
  4. Remember it’s not the “story” that matters. “When you’re doing a StoryCorps interview, you are creating a sense of who a human being is. You are capturing your interaction with them and who they are as a person. The “truth” of a story is maybe more important than the drama of a story. It is the interview experience itself that matters.”
    .
  5. Say thank you. Conducting a StoryCorps interview is simultaneously about giving the gift of listening, and being grateful for being entrusted with the gift of a person’s story. Isay notes that, during an interview, a person’s back will literally straighten as they talk, and that you’ll notice your own perspective shifting as they speak. And that’s why a heartfelt thank you is vital at the end. Ultimately, StoryCorps is about recognizing that each life matters “equally and infinitely.” Says Isay: “We’re always grateful.”

    The newly launched StoryCorps apps helps you pick questions, time your interview, and upload it to the Library of Congress.

    The newly launched StoryCorps apps helps you pick questions, time your interview, and upload it to the Library of Congress.


Planet DebianJoachim Breitner: An academic birthday present

Yesterday, which happened to be my 30th birthday, a small package got delivered to my office: The printed proceedings of last year's “Trends in Functional Programming” conference, where I published a paper on Call Arity (preprint). Although I doubt the usefulness of printed proceedings, it was a nicely timed birthday present.

Looking at the rather short table of contents – only 8 papers, after 27 presented and 22 submitted – I thought that this might mean that, with some luck, I might have chances to get the “Best student paper award”, which I presumed to be announced at the next iteration of the conference.

For no particular reason I was leisurely browsing through the book, and started to read the preface. And what do I read there?

Among the papers selected for these proceedings, two papers stood out. The award for Best Student Paper went to Joachim Breitner for his paper entitled Call Arity, and the award for Best Paper Overall went to Edwin Brady for his paper entitled Resource-dependent Algebraic Effects. Congratulations!

Now, that is a real nice birthday present! Not sure if I even would have found out about it, had I not have thrown a quick glance at page V...

I hope that it is a good omen for my related ICFP'15 submission.

Planet Linux AustraliaClinton Roy: clintonroy

PyCon Australia 2015 is pleased to announce that its Call for Proposals is now open!
The conference this year will be held on Saturday 1st and Sunday 2nd August 2015 in Brisbane. We’ll also be featuring a day of Miniconfs on Friday 31st July.

The deadline for proposal submission is Friday 8th May, 2015.

PyCon Australia attracts professional developers from all walks of life, including industry, government, and science, as well as enthusiast and student developers. We’re looking for proposals for presentations and tutorials on any aspect of Python programming, at all skill levels from novice to advanced.

Presentation subjects may range from reports on open source, academic or commercial projects; or even tutorials and case studies. If a presentation is interesting and useful to the Python community, it will be considered for inclusion in the program.

We’re especially interested in short presentations that will teach conference-goers something new and useful. Can you show attendees how to use a module? Explore a Python language feature? Package an application?

Miniconfs

Four Miniconfs will be held on Friday 31st July, as a prelude to the main conference. Miniconfs are run by community members and are separate to the main conference. If you are a first time speaker, or your talk is targeted to a particular field, the Miniconfs might be a better fit than the main part of the conference. If your proposal is not selected for the main part of the conference, it may be selected for one of our Miniconfs:

DjangoCon AU is the annual conference of Django users in the Southern Hemisphere. It covers all aspects of web software development, from design to deployment – and, of course, the use of the Django framework itself. It provides an excellent opportunity to discuss the state of the art of web software development with other developers and designers.

The Python in Education Miniconf aims to bring together community workshop organisers, professional Python instructors and professional educators across primary, secondary and tertiary levels to share their experiences and requirements, and identify areas of potential collaboration with each other and also with the broader Python community.

The Science and Data Miniconf is a forum for people using Python to tackle problems in science and data analysis. It aims to cover commercial and research interests in applications of science, engineering, mathematics, finance, and data analysis using Python, including AI and ‘big data’ topics.

The OpenStack Miniconf is dedicated to talks related to the OpenStack project and we welcome proposals of all kinds: technical, community, infrastructure or code talks/discussions; academic or commercial applications; or even tutorials and case studies. If a presentation is interesting and useful to the OpenStack community, it will be considered for inclusion. We also welcome talks that have been given previously in different events.

Full details: http://2015.pycon-au.org/cfp


Filed under: Uncategorized

Planet Linux AustraliaSimon Lyall: Parallel Importing vs The Economist

Simpson-economistFor the last few years I have subscribed to the online edition of  The Economist magazine. Previously I read it via their website but for the last year or two I have used their mobile app. Both feature the full-text of each week’s magazine. Since I subscribed near 15 years ago I have paid:

Launched Jun 1997   US$ 48
Jun 1999            US$ 48
Oct 2002            US$ 69
Oct 2003            US$ 69
Dec 2006            US$ 79
Oct 2009            US$ 79
Oct 2010            US$ 95
Oct 2011            US$ 95
Mar 2014            NZ$ 400 (approx US$ 300) 

You will note the steady creep for a few years followed by the huge jump in 2014.

Note: I reviewed by credit card bill for 2012 and 2013 and I didn’t see any payments, it is possible I was getting it for free for two years :) . Possibly this was due to the transition between using an outside card processor (Worldpay) and doing the subscriptions in-house.

Last year I paid the bill in a bit of a rush and while I was surprised at the amount I didn’t think to hard. This year however I had a closer look. What seems to have happened is that The Economist has changed their online pricing model from “cheap online product” to “discount from the printed price”. This means that instead of online subscribers paying the same everywhere they now pay slightly less than it would cost to get the printed magazine delivered to the home.

Unfortunately the New Zealand price is very high to (I assume) cover the cost of shipping a relatively small number of magazines via air all the way from the nearest printing location.

econ_nzecon_us

 

 

 

 

 

 

 

 

 

 

 

 

 

 

So readers in New Zealand are now charged NZ$ 736 for a two-year digital subscription while readers in the US are now charged US$ 223 ( NZ$ 293) for the same product. Thus New Zealanders pay 2.5 times as much as Americans.

Fortunately since I am a globe-trotting member of the world elite® I was able to change my subscription address to my US office and save a bunch of cash. However for a magazine that publishes the Big Mac Index comparing prices of products around the world the huge different in prices for the same digital product seems a little weird.

,

CryptogramFriday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products

More research.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Planet DebianRichard Hartmann: Release Critical Bug report for Week 13

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1039 (Including 155 bugs affecting key packages)
    • Affecting Jessie: 97 (key packages: 65) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 77 (key packages: 51) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 13 bugs are tagged 'patch'. (key packages: 9) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 4 bugs are marked as done, but still affect unstable. (key packages: 1) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 60 bugs are neither tagged patch, nor marked done. (key packages: 41) Help make a first step towards resolution!
      • Affecting Jessie only: 20 (key packages: 14) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 11 bugs are in packages that are unblocked by the release team. (key packages: 7)
        • 9 bugs are in packages that are not unblocked. (key packages: 7)

How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92) 175 (124+51)
6 release! 212 (129+83) 161 (109+52)
7 release+1 194 (128+66) 147 (106+41)
8 release+2 206 (144+62) 147 (96+51)
9 release+3 174 (105+69) 152 (101+51)
10 release+4 120 (72+48) 112 (82+30)
11 release+5 115 (74+41) 97 (68+29)
12 release+6 93 (47+46) 87 (71+16)
13 release+7 50 (24+26) 97 (77+20)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

TEDThe mind of a murderer, saving the earth’s soil and how we might be shaping human evolution

Jim Fallon TED TalkThe stars of your favorite TED Talks have been busy over the past week. Below, a few newsy highlights.

Inside the mind of a murderer. What makes murderers do what they do? A BBC piece revealed that some murderers have reduced activity in their prefrontal cortex, which controls emotional impulses, and over-activity in their amygdala, which generates emotion. Also, if a person lacks a gene that produces MAOA, an enzyme involved in impulse control, they too are at a higher risk of violent behavior. Offering an additional perspective, neurologist Jim Fallon highlighted environmental factors, “If you’ve the high-risk form of the gene and you were abused early on in life, your chances of a life of crime are much higher.” (Watch Jim’s TED Talk, “Exploring the mind of a killer.”)

“My disability is not a curse.” Maysoon Zayid was featured in this week’s episode of “ In Deep Shift with Jonas Elrod” on OWN. She shares how, growing up in small-town New Jersey, she was never made to feel different for having cerebral palsy. Years later, she got her big break as a comedian when she landed a guest spot on Countdown with Keith Olbermann — and faced the harsh reality of cyberbullying, “There were people saying that I was disgusting, distracting…that they couldn’t even watch me.” To cope, she leaned on encouragement from her father, “He was the one who taught me that my disability’s not a curse. It’s a gift from God.” (Watch Maysoon’s TED Talk, “I got 99 problems…palsy is just one.”)

Stop treating soil like dirt. We can’t feed ourselves without it, and yet soil destruction is rampant worldwide. In a piece for The Guardian, George Monbiot argues that there are many farms where contractors “rip their fields to shreds for the sake of a quick profit.” We are losing agricultural land at an alarming rate — nearly 12 million hectares a year. Over 90 percent of our food is grown in soil. Thus, the challenge of protecting one of our most precious resources is more important than ever. (Watch George’s talk, “For more wonder, rewild the world.”)

War’s lasting impact. In 2011, photographer Giles Duley set off to document the lasting impacts of war, years after peace treaties were signed. After a tragic accident in Afghanistan put his project on hold, he is now traveling to 14 countries to finish “Legacy of War.”  In an interview with Time, he shared how he is capturing the poignant effects of Agent Orange in Vietnam, of sexual violence in the DRC — places where “whole generations of civilians have been traumatized by conflict.” His work shines a light on the trauma that can endure, even decades later. (Watch Giles’ talk, “When the reporter becomes the story.”)

A government for the people, even in the 21st century. Code for America released its 2014 annual report, where founder Jennifer Pahlka reflects on progress made: “I believe government can work for the people, by the people, in the 21st century. Now, five years in, we’ve seen what this remarkable community is capable of.” Going forward, she stresses that with the help of innovative technology, governments can truly work for everyone, including families applying for food assistance and budding business owners trying to secure a permit. (Watch Jennifer’s talk, “Coding a better government.”)

Ethics and an uncensored pursuit of truth. Historian Alice Dreger released a new book this month called Galileo’s Middle Finger. Exploring the world of scientific controversy, the book makes a case for an uncensored search for truth that still upholds ethics and patients’ rights.  Much of the book uses Dreger’s own work researching intersex individuals as a case study. (Watch Alice’s talk, “Is anatomy destiny?”)

Are our lifestyles contributing to human evolution? This month, Juan Enriquez and co-author Steve Gullens release a new book called Evolving Ourselves. It takes a deeper look at how our lifestyle, amid increasing life expectancies and rising rates of conditions such as allergies and obesity, may affect not only our children, but many generations after. What does it mean for human evolution? What would Darwin say about all of this? (Watch Juan’s talk, “Will our kids be a different species.”)

Data v. Ebola. This week, global health expert Hans Rosling gave a presentation on Ebola for the BBC World Service. Marked by impressive visualizations, he tracked the start and spread of the disease through West African countries such as Guinea, Sierra Leone and Liberia. The outbreak began with a few scattered cases, then catapulted into catastrophe when it reached urban slums. He also highlighted the heroic collaborations between local medical doctors and international volunteers, using data to fight a rampant virus, even in the face of frequent electricity blackouts: “What was lacking in technology was added in motivation.” (Watch Hans’ talk, “Insights on HIV, in stunning data visuals”.)

My space twin. On Friday, astronaut Scott Kelly will head up to the International Space Station to spend almost a year in space, while his identical twin brother, astronaut Mark Kelly, stays on Earth. They’re the subject of a fascinating experiment to study the effects of space on the human body. Mark is the husband of former US Rep. Gabby Giffords, and together they gave a moving talk at TED2014: Be passionate. Be courageous. Be your best.

Have a news item to share? Write us at blog@ted.com and you may see it included in this weekly round-up.


TEDPowerful films from 5 young people: What health inequality looks like in the US

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/videoseries?list=PLqF-bKPCi6CoWaHUgR598ui6ivFfnhKsU&amp;hl=en_US" type="text/html" width="586"></iframe>

By Michael Painter. 

For some of us, it’s easy to choose to be healthy. We can’t control whether disease or accidents strike, but we can decide where we live and what we eat, as well as if, when and how much we’ll exercise. Some of us live in a culture of health — a time and place where, for the most part, we have the real hope and opportunity to live a healthy life.

But for many more of us, it isn’t — we don’t have that choice. We live in unsafe neighborhoods. We don’t have strong families to help us through life’s challenges. We can’t readily get nutritious food. We don’t have easy ways to exercise. It’s difficult — or even impossible — to keep our children safe.

The Robert Wood Johnson Foundation was at TED2015 in Vancouver last week, where the theme was Truth & Dare. And we took that challenge, and held a workshop with TED attendees to have a frank, open discussion about health inequity. To kickstart the discussion, we first asked young people across America to reveal the health challenges in their own lives, from their perspective.

In a few weeks, five young filmmakers created powerful videos about their communities and lives. Lily Yu, 19, reflected on growing up in West Oakland, California, “fenced in by freeways,” with poor air quality and limited food choices. Tyson Sanford-Griffin, 18, shared what it’s like to free-run through his neighborhood in Baltimore. “I think about what life would be like if my city was safer,” he says. “Can you imagine waking up every morning knowing that nothing bad would happen when you walk out your front door?”

Ricardo Amparo, 17, lives there too, and echoed, “Violence is all around me … As a young black man in Baltimore, I’m trying to be a positive person, but I often feel trapped in a negative environment.” Meanwhile, Jasmine Barclay, 19, revealed what it’s like to be one of the 1 in 28 young people in America who grew up with an incarcerated parent — and to have lived in nine different homes so far. And Julia Retzlaff, 18, of San Francisco shares how her fear of sexual assault and harassment on the street has been paralyzing to her and friends.

These young filmmakers believe, like I do, that everyone deserves a chance to live the healthiest life possible. But what they see is the truth for many people who are struggling with inequities in their communities. The problems are big and complex. We need the best thinking — and help from everyone — to solve them.

The world needs everyone’s creativity, ingenuity, innovation and compassion to help fix health equity. When it comes to building a future with a culture of health for all, there is no “they.” We are all in this struggle for a better future together.

We hope you enjoy these videos. And if you have a great idea to build that future, jump on Twitter and add it to the #TED2015 #CultureofHealth conversation.


TEDThe red TED letters go out to play: Building TED2015’s logo photobooth (now with tech details)

TED2015 Photo Booth

Six hard-working registration desk staffers take a break to play with the TED letters, at a photo op built by our in-house tech team.

A funny thing happens at the end of every TED — after the show wraps, first one brave person, and then duos and groups, rush the stage to get their picture taken with the red TED letters. So at TED2015, our tech team thought, why not bring the letters out to the conference floor and let everyone play? In a nights-and-weekends project, our engineers built a self-service photobooth that encouraged all TEDsters — attendees, staff and more — to strike a pose. By the end of the conference, 1,296 photos had been taken with the booth.

“A lot of people wanted to get jump shots,”says software engineer Joshua Warchol, who helped conceptualize and build the booth. “Some groups would spend 10 minutes trying to get the perfect aerial moment. And I also had not anticipated that people would feel an unstoppable compulsion to climb the letters. We had to get them repainted mid-week because of nicks and scuffs.”

The idea for this booth came out of the TED tech team’s Hack Week, where staffers work on projects that fascinate them. Warchol wasn’t quite sure what he wanted to do, and TED’s CTO, Gavin Hall, suggested creating something to work with the near-field communication chips in our conference badges. Warchol’s idea: set up a camera that uses a badge scanner to initiate the shot and then email the photo afterward.

Setting up the booth onsite was tricky. “We had to balance restrictions to get the best shot,” says Warchol. To keep the shot clear, they decided to hang the camera from the ceiling, rather than use a tripod. “We weren’t allowed to hang our equipment below 10 feet, which meant we needed to move back from the letters to get the shot. And to keep the camera stable on the mountings, we had to hang it upside-down and rotate the images when we displayed them.”

Warchol assembled a simple waist-height stand to scan the badges, with an Adafruit circuit board to read the badge NFC tags, and a Raspberry Pi hidden inside to communicate with our attendee database. Then he plugged away at coding the reader experience to make it ever snappier, and automating the image processing to flip, crop and watermark each photo. (All this while remembering to change the batteries on the Raspberry Pi  every day.)

“As attendees were lining up at registration on Monday morning, we were literally still coding the functionality,” says Warchol. “But when the first person came up and used the system without our guiding them at all — it felt great.”

Get the technical details, including materials list and setup photos >>

Below, some of our favorite shots, starring folks who worked behind the scenes at TED2015.

TED's dynamic press relations team, led by Margaret Sullivan, center, jump for joy.

Team members from Group SJR, TED’s press relations team, led onsite by Margaret Sullivan, center.

TED's onsite tech volunteers, many of whom have been coming to TED for more than a decade, working behind the scenes to keep the conference wired.

TED’s onsite tech volunteers, many of whom have been coming to TED for more than a decade, working behind the scenes to keep the conference wired.

The TED2015 photo team -- Jason Redmond, James Duncan Davidson, Emily Pidgeon, Bret Hartman, Stacie McChesney, Ryan Lash -- surround TED's design director, Mike Femia.

The TED2015 photo team — Jason Redmond, James Duncan Davidson, Emily Pidgeon, Bret Hartman, Stacie McChesney, Ryan Lash — surround TED’s design director, Mike Femia.


Google AdsenseGrow your traffic and revenue with the Long-term Revenue Framework

We hear from publishers around the world that they are looking to grow their site traffic and increase revenue. To help you accomplish these goals, we'd like to share the Long-term Revenue Framework—a tool often used by our AdSense optimization experts.

The Long-term Revenue Framework below is a simple, but powerful framework to help you understand the four levers that can help you to grow your site. With this framework, consider your site optimization efforts in terms of the four levers outlined below.
At the highest level, to help grow your site's revenue, try focusing on attracting more unique users and/or increasing the value of the users already visiting your site. To earn more from your existing users, you can maximize the value of each page view, get visitors to look at more pages and visit your site more often. Let’s look at each of these levers in more detail.

1. Number of users


Growing the number of unique users starts with understanding your site’s traffic. Check your Google Analytics reports to see where your visitors are coming from and what content on your site drives the most traffic. You can use these insights to create compelling content that users can find and share.

2. Revenue per page view (RPM)


To help maximize the value of each page view, try focusing on two areas.  First, make sure your ads get seen by placing them near the content users are paying attention to. Next, increase competition for the ads on your website by following these best practices:


3. Page views per visit (Depth of visit)

To encourage visitors to look at more pages and spend more time on your site, clearly demonstrate the value of your content. Create a great first impression by making sure the information your visitors are looking for is the first thing they see.

You can further increase your site’s page views per visit by showing your visitors that you have more great content they’d be interested in. You can achieve this by showcasing related or popular content near the end of the main content of the page.

4. Visits per user (Loyalty)

Creating a loyal user base is all about conveying to users that your site is regularly updated with new and interesting content. You can build loyalty by asking your visitors to subscribe to your email newsletter or social media channels.

We hope this framework is useful when thinking about how to grow your website’s traffic and revenue. Let us know what you plan to do using the Long-term Revenue Framework in the comments section below.

Posted by Adam Coelho - User Experience Strategist
Was this blog post useful? Share your feedback with us.

Geek FeminismA Big Ball of Wibbly-Wobbly Timey-Wimey Linkspam

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet DebianMichal Čihař: Porting python-gammu to Python 3

Over the time I started to get more and more requests to have python-gammu working with Python 3. Of course this request makes sense, but I somehow failed to find time for that.

Also for quite some time python-gammu has been distributed together with Gammu sources. This was another struggle to overcome when supporting Python 3 as in many cases users will want to build the module for both Python 2 and 3 (at least most distributions will want to do so) and with current CMake based build system this did not seem to be easy to achieve.

So I've decided it's time to split python module out of the library. The reasons for having that together are no longer valid (libGammu has quite stable API these days) and having standard module which can be installed by pip is a nice thing.

Once the code has been put into separate git module, I've slowly progressed on porting to Python 3. Most of the problems were on the C side of the code, where Python really does not make it easy to support both Python 2 and 3. So the code ended up with many #ifdefs, but I see no other way. While doing these changes, many points in the API were fixed to accept unicode stings in Python 2 as well.

Anyway, today we have first successful build of python-gammu working on both Python 2 and 3. I'm afraid there is still some bug leading to occasional segfaults on Travis, but not reproducible locally. But hopefully this will be fixed in upcoming weeks and we can release separate python-gammu module again.

Filed under: English Gammu python-gammu Wammu | 0 comments | Flattr this!

Sociological ImagesWhat is Creole?

Flashback Friday.

In his book, Authentic New Orleans, sociologist Kevin Fox Gotham explains that originally, and as late as the late 1800s, the term meant “indigenous to Louisiana.”  It was a geographic label and no more.

But, during the early 1900s, the city of New Orleans racialized the term. White city elites, in search of white travel dollars, needed to convince tourists that New Orleans was a safe and proper destination. In other words, white. Creole, then, was re-cast as a white identity and mixed-race and black people were excluded from inclusion in the category.

Today most people think of creole people as mixed race, but that is actually a rather recent development. The push to re-define the term to be more inclusive of non-whites began in the 1960s, but didn’t really take hold until the 1990s.  Today, still racialized, the term now capitalizes on the romantic notions of multiculturalism that pervade New Orleans tourism advertising, like in this poster from 2011:

12

Like all other racial and ethnic designations, creole is an empty signifier, ready to be filled up with whatever ideas are useful at the time. In fact, the term continues to be contested. For example, this website claims that it carries cultural and not racial meaning:

Capture4

This book seems to define creole as free people of color (and their descendants) in Louisiana:

7711139

Whereas this food website identifies creole as a mix of French, Spanish, African, Native American, Chinese, Russian, German, and Italian:

Capture3

In short, “creole” has gone through three different iterations in its short history in the U.S., illustrating both the social construction of race and the way those constructions respond to political and economic expediency.

 

Cross-posted at A Nerd’s Guide to New Orleans

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

CryptogramYet Another Computer Side Channel

Researchers have managed to get two computers to communicate using heat and thermal sensors. It's not really viable communication -- the bit rate is eight per hour over fifteen inches -- but it's neat.

Planet DebianOlivier Berger: New short paper : “Designing a virtual laboratory for a relational database MOOC” with Vagrant, Debian, etc.

Here’s a short preview of our latest accepted paper (to appear at CSEDU 2015), about the construction of VMs for the Relational Database MOOC using Vagrant, Debian, PostgreSQL (previous post), etc. :

Designing a virtual laboratory for a relational database MOOC

Olivier Berger, J Paul Gibson, Claire Lecocq and Christian Bac

Keywords: Remote Learning, Virtualization, Open Education Resources, MOOC, Vagrant

Abstract: Technical advances in machine and system virtualization are creating opportunities for remote learning to
provide significantly better support for active education approaches. Students now, in general, have personal
computers that are powerful enough to support virtualization of operating systems and networks. As a conse-
quence, it is now possible to provide remote learners with a common, standard, virtual laboratory and learn-
ing environment, independent of the different types of physical machines on which they work. This greatly
enhances the opportunity for producing re-usable teaching materials that are actually re-used. However, con-
figuring and installing such virtual laboratories is technically challenging for teachers and students. We report
on our experience of building a virtual machine (VM) laboratory for a MOOC on relational databases. The
architecture of our virtual machine is described in detail, and we evaluate the benefits of using the Vagrant tool
for building and delivering the VM.

TOC :

  • Introduction
    • A brief history of distance learning
    • Virtualization : the challenges
    • The design problem
  • The virtualization requirements
    • Scenario-based requirements
    • Related work on requirements
    • Scalability of existing approaches
  • The MOOC laboratory
    • Exercises and lab tools
    • From requirements to design
  • Making the VM as a Vagrant box
    • Portability issues
    • Delivery through Internet
    • Security
    • Availability of the box sources
  • Validation
    • Reliability Issues with VirtualBox
    • Student feedback and evaluation
  • Future work
    • Laboratory monitoring
    • More modular VMs
  • Conclusions

Bibliography

  • Alario-Hoyos et al., 2014
    Alario-Hoyos, C., Pérez-Sanagustın, M., Kloos, C. D., and Muñoz Merino, P. J. (2014).
    Recommendations for the design and deployment of MOOCs: Insights about the MOOC digital education of the future deployed in MiríadaX.
    In Proceedings of the Second International Conference on Technological Ecosystems for Enhancing Multiculturality, TEEM ’14, pages 403-408, New York, NY, USA. ACM.
  • Armbrust et al., 2010
    Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., and Zaharia, M. (2010).
    A view of cloud computing.
    Commun. ACM, 53:50-58.
  • Billingsley and Steel, 2014
    Billingsley, W. and Steel, J. R. (2014).
    Towards a supercollaborative software engineering MOOC.
    In Companion Proceedings of the 36th International Conference on Software Engineering, pages 283-286. ACM.
  • Brown and Duguid, 1996
    Brown, J. S. and Duguid, P. (1996).
    Universities in the digital age.
    Change: The Magazine of Higher Learning, 28(4):11-19.
  • Bullers et al., 2006
    Bullers, Jr., W. I., Burd, S., and Seazzu, A. F. (2006).
    Virtual machines – an idea whose time has returned: Application to network, security, and database courses.
    SIGCSE Bull., 38(1):102-106.
  • Chen and Noble, 2001
    Chen, P. M. and Noble, B. D. (2001).
    When virtual is better than real [operating system relocation to virtual machines].
    In Hot Topics in Operating Systems, 2001. Proceedings of the Eighth Workshop on, pages 133-138. IEEE.
  • Cooper, 2005
    Cooper, M. (2005).
    Remote laboratories in teaching and learning-issues impinging on widespread adoption in science and engineering education.
    International Journal of Online Engineering (iJOE), 1(1).
  • Cormier, 2014
    Cormier, D. (2014).
    Rhizo14-the MOOC that community built.
    INNOQUAL-International Journal for Innovation and Quality in Learning, 2(3).
  • Dougiamas and Taylor, 2003
    Dougiamas, M. and Taylor, P. (2003).
    Moodle: Using learning communities to create an open source course management system.
    In World conference on educational multimedia, hypermedia and telecommunications, pages 171-178.
  • Gomes and Bogosyan, 2009
    Gomes, L. and Bogosyan, S. (2009).
    Current trends in remote laboratories.
    Industrial Electronics, IEEE Transactions on, 56(12):4744-4756.
  • Hashimoto, 2013
    Hashimoto, M. (2013).
    Vagrant: Up and Running.
    O’Reilly Media, Inc.
  • Jones and Winne, 2012
    Jones, M. and Winne, P. H. (2012).
    Adaptive Learning Environments: Foundations and Frontiers.
    Springer Publishing Company, Incorporated, 1st edition.
  • Lowe, 2014
    Lowe, D. (2014).
    MOOLs: Massive open online laboratories: An analysis of scale and feasibility.
    In Remote Engineering and Virtual Instrumentation (REV), 2014 11th International Conference on, pages 1-6. IEEE.
  • Ma and Nickerson, 2006
    Ma, J. and Nickerson, J. V. (2006).
    Hands-on, simulated, and remote laboratories: A comparative literature review.
    ACM Computing Surveys (CSUR), 38(3):7.
  • Pearson, 2013
    Pearson, S. (2013).
    Privacy, security and trust in cloud computing.
    In Privacy and Security for Cloud Computing, pages 3-42. Springer.
  • Prince, 2004
    Prince, M. (2004).
    Does active learning work? A review of the research.
    Journal of engineering education, 93(3):223-231.
  • Romero-Zaldivar et al., 2012
    Romero-Zaldivar, V.-A., Pardo, A., Burgos, D., and Delgado Kloos, C. (2012).
    Monitoring student progress using virtual appliances: A case study.
    Computers & Education, 58(4):1058-1067.
  • Sumner, 2000
    Sumner, J. (2000).
    Serving the system: A critical history of distance education.
    Open learning, 15(3):267-285.
  • Watson, 2008
    Watson, J. (2008).
    Virtualbox: Bits and bytes masquerading as machines.
    Linux J., 2008(166).
  • Winckles et al., 2011
    Winckles, A., Spasova, K., and Rowsell, T. (2011).
    Remote laboratories and reusable learning objects in a distance learning context.
    Networks, 14:43-55.
  • Yeung et al., 2010
    Yeung, H., Lowe, D. B., and Murray, S. (2010).
    Interoperability of remote laboratories systems.
    iJOE, 6(S1):71-80.

Kelvin ThomsonVale Frank Cox

Frank Cox was a remarkable man who passionately served the community of Moreland for 33 years as Councillor of the former City of Coburg. He was elected Mayor on three occasions.<o:p></o:p>

His passing last Friday March 20 at the grand age of 99 leaves behind a legacy which will remain for future generations to enjoy and from which we all can learn. He was a traditional Labor community minded civic representative who worked tirelessly for the community he represented. He was awarded the OAM in the Order of Australia in 1980 in recognition of his selfless and indefatigable efforts for the Coburg community. He was a Life Member of the Australian Labor Party and to the end he was clear minded and an active member of the local RSL. <o:p></o:p>

Frank was a veteran of the Second World War, serving in the Signals Corp. It was his love of motorbikes that had him pointed out as ‘you’re it’ for the job of delivering messages between camps.  He never wanted to speak of that experience. When drawn into a conversation and asked about his service in the war, he would only say that he ‘could not repeat man’s inhumanity towards man’. He was a prisoner of war, captured in Greece and taken to Germany where he remained as a POW until the end of the war. <o:p></o:p>

The community of the now City of Moreland owes much to this man, who took a personal hands on role in the realisation of numerous community projects, such as the Jackson Reserve Sporting Complex, the Coburg Basketball Stadium, the establishment of the Newlands Seniors Citizens’ club, and the Newlands Colts Junior Football Club. <o:p></o:p>

Frank had an extensive involvement with the Melbourne and Metropolitan Board of Works. He was a great representative and advocate for Newlands, and served on its Kindergarten, Primary School, and High School Committees. He was a foundation member of the Disabled Motorists Association of Victoria.<o:p></o:p>

I had the great pleasure of serving with Frank on the Coburg Council. He was a natural leader, strong willed and relentlessly energetic. He had disagreements with me and with other Councillors often enough, but he was always focussed on the issue, never on the personality, and he was always able to move on to the next challenge. We were friends for the next 25 years, and I regret being deprived by a matter of a few months of the opportunity to present him with 100thBirthday Congratulations.<o:p></o:p>
<o:p> </o:p>
He was a major figure in Coburg for decades, and he will be greatly missed. I extend my condolences to his wife Clarice and to his children and extended family.

Planet DebianMichal Čihař: Spring is here

Finally winter seems to be over and it's time to take out camera and make some pictures. Out of many areas where you can see spring snowflakes, we've chosen area Čtvrtě near Mcely, village which is less famous, but still very nice.

Filed under: English Photography Travelling | 0 comments | Flattr this!

Worse Than FailureError'd: We'll Take All the Help We Can Get

"I was casually browsing Bingo games and this one asked me to finish developing their site for them," writes Steven W.

 

Mike Rippon wrote, "As much as I want to use Google Earth, I'm not sure that I want to install what it's asking."

 

"I was searching for a camera lens and, well, I found one with some interesting features...including a slight vinegar scent," writes Joshua Armstrong.

 

"Apparently, availability is merely an illusion," writes Alex H.

 

Aaron wrote, "A car that produces a gallon of gas for every 25 miles it travels?! Wow!"

 

"I was short one string of rope lights that I had bought last year, so I turned to Google for help in finding a matching set," Dean C. writes, "I'm not sure if the diapers will fit my snowman as well as the lights would, but hey, what the heck!"

 

Dan S. wrote, "Thanks {3}, I'll get my {4} all over this {5} right away!"

 

Traver writes, "My user name had to be seven, too, and when I did enter a seven-digit password I got a "Not a password field" dialog, just to rub it in."

 

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

,

Planet DebianDaniel Pocock: WebRTC: DruCall in Google Summer of Code 2015?

I've offered to help mentor a Google Summer of Code student to work on DruCall. Here is a link to the project details.

The original DruCall was based on SIPml5 and released in 2013 as a proof-of-concept.

It was later adapted to use JSCommunicator as the webphone implementation. JSCommunicator itself was updated by another GSoC student, Juliana Louback, in 2014.

It would be great to take DruCall further in 2015, here are some of the possibilities that are achievable in GSoC:

  • Updating it for Drupal 8
  • Support for logged-in users (currently it just makes anonymous calls, like a phone box)
  • Support for relaying shopping cart or other session cookie details to the call center operative who accepts the call

Help needed: could you be a co-mentor?

My background is in real-time and server-side infrastructure and I'm providing all the WebRTC SIP infrastructure that the student may need. However, for the project to have the most impact, it would also be helpful to have some input from a second mentor who knows about UI design, the Drupal way of doing things and maybe some Drupal 8 experience. Please contact me ASAP if you would be keen to participate either as a mentor or as a student. The deadline for student applications is just hours away but there is still more time for potential co-mentors to join in.

WebRTC at mini-DebConf Lyon in April

The next mini-DebConf takes place in Lyon, France on April 11 and 12. On the Saturday morning, there will be a brief WebRTC demo and there will be other opportunities to demo or test it and ask questions throughout the day. If you are interested in trying to get WebRTC into your web site, with or without Drupal, please see the RTC Quick Start guide.

Rondam RamblingsThe difference between science and religion, take 2

In the comments section of an earlier post I advanced the following theory of the difference between science and relgion: My definition of religion is the acceptance of claims on faith, i.e. without evidence. To which commenter Publius responded: I would make that "without scientific evidence." There are other forms of evidence - testimonial, personal knowledge, etc. My knee-jerk reaction to

Planet DebianZlatan Todorić: Random bits

Gogs

I installed today Gogs and configured it with mysql (yes, yes, I know - use postgres you punk!). I will not post details of how I did it because:

  • It still has "weird" coding as pointed already by others
  • It doesn't have fork and pull request ability yet

And there was end of journey. When they code in fork/PR , I will close my eyes on other coding stuff and try it again because Gitlab is not close to my heart and installing their binary takes ~850MB of space which means a lot of ruby code that could go wrong way.

It would be really awesome to have in archive something to apt install and have github-like place. It would be great if Debian infrastructure would have the possibility to have that.

Diaspora*

Although I am thrilled about it finally reaching Debian archive, it still isn't ready. Not even closely. I couldn't even finish installation of it and it's not suitable for main archive as it takes files from github repo of diaspora. Maybe poking around Bitnami folks about how they did it.

The power of Free software

Text Secure is was an mobile app that I thought it could take on Viber or WhatsUp. Besides all its goodies it had chance to send encrypted SMS to other TS users. Not anymore. Fortunate, there is a fork called SMSSecure which still has that ability.

Trolls

So there is this Allwinner company that does crap after crap. Their latest will reach wider audience and I hope it gets resolved in a matter how they would react if some big proprietary company was stealing their code. It seems Allwinner is a pseudo for Alllooser. Whoa, that was fun!

A year old experiment

So I had a bet with a friend that I will run for a year Debian Unstable mixed with some packages from experimental and do some random testings on packages of interest to them. Also I promised to update aggressively so it was to be twice a day. This was my only machine so the bet was really good as it by theory could break very often. Well on behalf of Debian community, I can say that Debian hasn't had a single big breakage. Yay!

The good side: on average I had ~3000 packages installed (they were in range from 2500-3500). I had for example xmonad, e17, gnome, cinnamon, xfce, systemd from experimental, kernels from experimental, nginx, apache, a lot of heavy packages, mixed packages from pip, npm, gems etc. So that makes it even more incredible that it stayed stable. There is no bigger kudos to people working on Debian, then when some sadist tries countless of ways to break it and Debian is just keeps running. I mean, I was doing my $PAID_WORK on this machine!

The bad side: there were small breakages. It's seems that polkit and systemd-side of gnome were going through a lot of changes because sometimes system would ask password for every action (logout, suspend, poweroff, connect to network etc), audio would work and would not work, would often by itself just mute sound on every play or it would take it to 100% (which would blow my head when I had earplugs), bluetooth is almost de facto not working in gnome (my bluetooth mice worked without single problem in lenny, squeeze, in wheezy it maybe had once or twice a problem, but in this year long test it's almost useless). System would also have random hangs from time to time.

The test: in the beginning my radeon card was too new and it was not supported by FLOSS driver so I ended up using fglrx which caused me a lot of annoyance (no brightness control, flickering of screen) but once FLOSS driver got support I was on it, and it performed more fluid (no glitches while moving windows). So as my friends knew that I have radeon and they want to play games on their machines (I play my Steam games on FLOSS driver) they set me the task to try fglrx driver every now end then. End result - there is no stable fglrx driver for almost a year, it breaks graphical interface so I didn't even log into DE with it for at least 8 months if not more. On the good side my expeditions in flgrx where quick - install it, boot into disaster, remove it, boot into freedom. Downside seems to be that removing fglrx driver, leaves a lot of its own crap on system (I may be mistaking but it seems I am not).

Debian with love

Well, that's all for today. I think so. You can never be sure.

Krebs on SecurityWho Is the Antidetect Author?

Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video for Antidetect showing the software being used to buy products online with stolen credit cards. Today, we’ll take a closer look at clues to a possible real-life identity of this tool’s creator.

The author of Antidetect uses the nickname “Byte Catcher,” and advertises on several crime forums that he can be reached at the ICQ address 737084, and at the jabber instant messaging handles “byte.catcher@xmpp.ru” and “byte.catcher@0nl1ne.at”. His software is for sale at antidetect[dot]net and antidetect[dot]org.

Antidetect is marketed to fraudsters involved in ripping off online stores.

Antidetect is marketed to fraudsters involved in ripping off online stores.

Searching on that ICQ number turns up a post on a Russian forum from 2006, wherein a fifth-year computer science student posting under the name “pavelvladimirovich” says he is looking for a job and that he can be reached at the following contact points:

ICQ: 737084

Skype name: pavelvladimirovich1

email: gpvx@yandex.ru

According to a reverse WHOIS lookup ordered from Domaintools.com, that email address is the same one used to register the aforementioned antidetect[dot]org, as well as antifraud[dot]biz and hwidspoofer[dot]com (HWID is short for hardware identification, a common method that software makers use to ensure a given program license can only be used on one computer).

These were quite recent registrations (mid-2014), but that gpvx@yandex.ru email also was used to register domains in 2007, including allfreelance[dot]org and a domain called casinohackers[dot]com. Interestingly, one of the main uses that Byte Catcher advertises for his Antidetect software is to help beat fraud detection mechanisms used by online casinos. As we can see from this page at archive.org, a subsection of casinohackers.com was at one time dedicated to advertising Antidetect Patch — a version that comes with its own virtual machine.

That ICQ number is tied to a user named “collisionsoftware” at the Russian cybercrime forum antichat[dot]ru, in which the seller is advertising software that routes the user’s Internet connection through hacked PCs. He directs interested buyers to the web site cn[dot]viamk[dot]com, which is no longer online. But an archived version of that page at archive.org shows the same “collision” name and the words “freelance team.” The contact form on this site also lists the above-referenced ICQ number and email gpvx@yandex.ru, and even includes a résumé of the site’s owner.

Another domain connected to that antichat profile is cnsoft[dot]ru, the now defunct domain for Collision Software, which bills itself as a firm that can be hired to write software. The homepage lists the same ICQ number (737084).

The ICQ.com profile page for that number includes links to accounts on Russian fraud forums that are all named “Mysterious Killer.” In one of those accounts, on the fraud forum exploit[dot]in, Mysterious Killer lists the same Jabber and ICQ addresses, and offers a variety of services, including a tool to mass-check PayPal account credentials, as well as a full instructional course on click-fraud.

Antidetect retails for between $399 and $999, and includes live support.

Antidetect retails for between $399 and $999, and includes (somewhat unreliable) live support.

Both antifraud[dot]biz and allfreelance[dot]org were originally registered by an individual in Kaliningrad, Russia named Pavel V. Golub. Note that this name matches the initials in the email address gpvx@yandex.ru. KrebsOnSecurity has yet to receive a response to inquiries sent to that email and to the above-referenced Skype profile. Update, 1:05 p.m.: Pavel replied to my email, denying that he produced the video selling his software. “My software was cracked few years ago and then it as spreaded, selled by other people,” he wrote. Meanwhile, someone has started deleting photos and other items linked in this story.

Original story:

A little searching turns up this profile on Russian social networking giant Odnoklassniki.ru for one Pavel Golub, a 29-year-old male from Koenig, Russia. Written in Russian as “Кениг,” this is Russian slang for Kaliningrad and refers to the city’s previous German name.

One of Pavel’s five friends on Odnoklassniki is 27-year-old Vera Golub, also of Kaliningrad. A search of “Vera Golub, Kaliningrad” on vkontakte.com — Russia’s version of Facebook — reveals a vk.com group in Kaliningrad about artificial fingernails that has two contacts: Vera Ivanova (referred to as “master” in this group), and Pavel Vladimirovich (listed as “husband”).

The Vkontakte profile linked to Pavel’s name on that group has been deleted, but “Vera Ivanova” is the same face as Vera Golub from Pavel’s Odnoklassniki profile.

A profile of one of Vera’s friends – one Natalia Kulikova – shows some photos of Pavel from 2009, where he’s tagged as “Pavel Vladimirovich” and with the link to Pavel’s deleted Vkontakte profile.  Also, it shows his previous car, which appears to be a Mitsubishi Galant.

Pavel, posing with his Mitsubishi Galant

Pavel, posing with his Mitsubishi Galant in 2008.

A search on the phone number “79527997034,” referenced in the WHOIS site registration records for Pavel’s domains — antifraud[dot]biz and hwidspoofer[dot]com — turns up a listing on a popular auto sales Web site wherein the seller (from Kaliningrad) is offering a 2002 Mitsubishi Galant. That same seller sold a 2002 BMW last year.

On one level, it’s amusing that a guy who sells software to help Web criminals evade detection is so easily found on the Internet. Then again, as my Breadcrumbs series demonstrates, many individuals involved in writing malware or selling fraud tools either do not care or don’t take too many precautions to hide their identities — probably because they face so little chance of getting into trouble over their activities as long as they remain in Russia.

The above photo of Pavel in his Mitsubishi isn’t such a clear one. Here are a couple more from Kulikova’s Vkontakte pictures.

Vera and Pavel Golub in April 2012.

Vera and Pavel Golub in April 2012.

Pavel V. Golub, in 2009.

Pavel V. Golub, in 2009.

CryptogramNew Zealand's XKEYSCORE Use

The Intercept and the New Zealand Herald have reported that New Zealand spied on communications about the World Trade Organization director-general candidates. I'm not sure why this is news; it seems like a perfectly reasonable national intelligence target. More interesting to me is that the Intercept published the XKEYSCORE rules. It's interesting to see how primitive the keyword targeting is, and how broadly it collects e-mails.

The second really important point is that Edward Snowden's name is mentioned nowhere in the stories. Given how scrupulous the Intercept is about identifying him as the source of his NSA documents, I have to conclude that this is from another leaker. For a while, I have believed that there are at least three leakers inside the Five Eyes intelligence community, plus another CIA leaker. What I have called Leaker #2 has previously revealed XKEYSCORE rules. Whether this new disclosure is from Leaker #2 or a new Leaker #5, I have no idea. I hope someone is keeping a list.

Sociological ImagesSouthern States Lead Nation in Consumption of Gay Porn, But Why?

According to data released by Pornhub, 5.6% of porn users in Mississippi seek out gay porn, compared to 2.8% in North Dakota.

4

On average, gay porn is more heavily consumed in states where same-sex marriage is legal than in states where it’s illegal, but every single state in the South has a gay porn use that exceeds the average in states with same-sex marriage.

1aFor me, this raises questions about what’s driving sentiment against same-sex marriage and porn use and if and why it’s related. I can think of at least three theories:

1. There is the (barely) repressed homosexuality theory, of course. This is the idea that some people express homophobic attitudes because they fear being non-heterosexual themselves. So, out of fear of exposure, or fear of their own feelings, they are vocally anti-LGBT rights. There’s data that backs this up in at least some cases.

2. Another possibility is that both homosexual inclinations and anti-gay hatred are high in Southern states, but not in the same people. This is one version of the contact hypothesis: the presence and visibility of gay, lesbian, and bisexual people threatens the norm of heterosexuality, increasing opposition. This is consistent with data showing, for example, that white racial resentment is higher in counties with larger populations of black folk.

3. Or, it may be that politicians in Southern states stoke anti-gay attitudes in order to win elections. They may be doing so as a simple strategy. Or, it may be part of that notorious “culture war,” a politics that supposedly distracts poor and working class people from their own economic interests by getting them to focus on so-called social issues like abortion and same-sex marriage.

As fun as it is to snicker at the fact that the part of the country that claims a moral high ground on homosexuality is over-represented in pursuing it (at least digitally), there’s also probably some pretty interesting social/psychology sociology here.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Worse Than FailureA Petite Change Request

Robert ran a web service used to store legal file data for a number of clients. One day, he received an email from his biggest client, Excédent, asking to meet about a new requirement.

"We've purchased new accounting software that requires us to track an additional piece of data," Philippe, Robert's contact from Excédent, explained over the conference call a few days later. "Each of our cases must now have a ‘cost center' associated with it. There are a lot of these cost centers, so when our employees enter case data, we'd like for them to be able to pick the one they need from a list."

Robert frowned in thought. "Well, you guys already use every available field in my database. This would require me to add a new field to the database and web forms." A database change on a web service used by many clients wasn't horrible, but not exactly a prospect Robert relished either.

"Is that a problem?" Philippe asked. "We're getting a lot of pressure from above on this. We really need it as soon as possible."

Robert couldn't refuse his largest client. Besides, it was one measly field. "No, it should be OK. I'll figure out the nitty-gritty details myself. In the meantime, can you put your cost centers in a spreadsheet and send them to me? I'll import them into the database when I'm ready."

"Sure!" Philippe said.

It didn't take Robert long to create the new cost center table (VARCHAR(100) seemed safe), link it to the case data tables, and update his web forms with a new dropdown field. However, the spreadsheet from Philippe took longer. Much longer.

Where the heck is this thing? Robert wondered. Wasn't this supposed to be "urgent?"

Over the following several weeks, Robert sent a few gentle prodding emails. Finally, Philippe responded. Sorry for the delay! I was cleaning up the data. The list is about half as long as it used to be. Thanks!

Robert smiled. That was nice of him, whittling down the list to, what a couple hundred or so? Time to import them and test everything out…

He opened up the spreadsheet- and froze in horror.

Spreadsheet screenshot

Robert realized he'd made one of those terrible assumptions we all make from time to time: believing a client's simple request was just as simple as it sounded. There were nearly 1800 "Cost centers" in Philippe's spreadsheet, each one with 17 fields (four of which aren't visible in the screenshot).

Excédent employed 3600 people. Philippe claimed to have whittled the list down by half- meaning that before he'd scrubbed the data, there'd been nearly one cost center per employee.

Robert scrolled up and down the spreadsheet in mute horror for several minutes before grabbing the phone and ringing Philippe's desk. "This is kind of a lot of data to put into a dropdown," he explained, heart pounding. "Is there any way to simplify this further?"

"No, sorry," Philippe said. "That's the best I could do."

Who's going to scroll through 1800 cost centers every time they log a case? Robert wondered. Panic transitioned to desperation. "I think we need another call."

A week later, Robert met with the client to explain that the "cost center" ""field"" was simply too complex for him to accommodate. They decided not to import the list after all, and to have employees manually enter cost centers into a text field (ex. "345 Water Distribution"). Not optimal, but it worked.

To Robert's complete lack of surprise, a quick browse of those values manually entered over time showed that only a tiny handful of the 1800 cost centers had ever been used.

[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet Linux AustraliaLev Lafayette: The Cloud : An Inferior Implementation of HPC

The use of cloud computing as an alternative implementation for high performance computing (HPC) initially seems to be appealing, especially to IT managers and to users who may find the jump from their desktop application to the command line interface challenging. However a careful and nuanced review of metrics should lead to a reconsideration of these assumptions.

read more

Planet DebianPatrick Matthäi: More wheezy-backports work

Hello,

now you can install the following package versions from wheezy-backports:

  • apt-dater-host (Source split, 0.9.0-3+wheezy1 => 1.0.0-2~bpo70+1)
  • glusterfs (3.2.7-3+deb7u1 => 3.5.2-1~bpo70+1)
  • geoip-database (20141009-1~bpo70+1 => 20150209-1~bpo70+1)

geoip-database introduces a new package geoip-database-extra, which includes the free GeoIP City and GeoIP ASNum databases.

glusterfs will get an update in a few days ago to fix CVE-2014-3619.

Planet Linux AustraliaSam Watkins: sswam

Job control is a basic feature of popular UNIX and Linux shells, such as “bash”.
It can be very useful, so I thought I’d make a little tutorial on it…

^C    press Ctrl-C to interrupt a running job (you know this one!)
^\    press Ctrl-\ (backslash) to QUIT a running job (stronger)
^Z    press Ctrl-Z to STOP a running job, it can be resumed later
jobs  type jobs for a list of stopped jobs (and background jobs)
fg    type fg to continue a job in the foreground
bg    type bg to continue a job in the background
kill  kill a job, e.g. kill %1, or kill -KILL %2
wait  wait for all background jobs to finish

You can also use fg and bg with a job number, if you have several jobs in the list.

You can start a job in the background: put an &-symbol at the end of the command. This works well for jobs that write to a file, but not for interactive jobs. Things might get messy if you have a background job that writes to the terminal.

If you forget the % with kill, it will try to kill by process-id instead of job number.  You don’t want to accidentally kill PID 1!

An example:

vi /etc/apache2/vhosts.d/ids.conf
^Z
jobs
find / >find.out &
jobs
fg 2
^Z
jobs
bg 2
jobs
kill %2
fg

,

Planet DebianMatthew Garrett: Python for remote reconfiguration of server firmware

One project I've worked on at Nebula is a Python module for remote configuration of server hardware. You can find it here, but there's a few caveats:
  1. It's not hugely well tested on a wide range of hardware
  2. The interface is not yet guaranteed to be stable
  3. You'll also need this module if you want to deal with IBM (well, Lenovo now) servers
  4. The IBM support is based on reverse engineering rather than documentation, so who really knows how good it is

There's documentation in the README, and I'm sorry for the API being kind of awful (it suffers rather heavily from me writing Python while knowing basically no Python). Still, it ought to work. I'm interested in hearing from anybody with problems, anybody who's interested in getting it on Pypi and anybody who's willing to add support for new HP systems.

comment count unavailable comments

TEDSketched takeaways from TED2015

At Moleskine's #IdeasNoted exhibit at TED2015, illustrator Brad Ovenell-Carter took image-focused notes on the conference in a Smart Notebook that makes digital sharing of the written word easy. Photo: TED

At Moleskine’s #IdeasNoted exhibit at TED2015, illustrator Brad Ovenell-Carter took image-focused notes on the conference in a “Smart Notebook” that makes digital sharing of the written word easy. Photo: TED

When it comes to note-taking, it’s easy to try to get it all instead of just the important takeaways. Sketchnoting, a process that favors the use of image, forces you to look for the big picture.

At this year’s TED, sketchnoters crossed the digital line in a big way. Over at Moleskine’s exhibit, Brad Ovenell-Carter took crib notes on the conference, demoing a Moleskine Smart Notebook made of paper optimized for digital sharing. While it feels like a traditional leather-bound notebook in the hand, it connects to Creative Cloud for digital rendering.

Meanwhile, veteran TED attendee and Ford’s Futurist Sheryl Connelly shared her sketchnotes publically via Microsoft OneNote, which published daily from her Surface 3 Pro. Her entire sketchbook can be accessed here.

Both of Ovenell-Carter and Connelly follow a practice of looking for the overarching idea, versus falling prey to the desire to transcribe every word.

“When I sketchnote,” says Ovenell-Carter, “I only write down what I don’t know and not something I could look up in a textbook or online. There’s way too much here to actually walk away with. You have to try to get one thing. It’s a bit of an exercise in ‘what do I want to take away at the end of the day?’”

We’ve included some of our favorite sketchnotes from both artists below.

Brad Ovenell-Carter boils down Monica Lewinsky's TED2015 talk into a single, telling image paired with a powerful quote.

Brad Ovenell-Carter boils down Monica Lewinsky’s TED2015 talk into a single, telling image paired with a powerful quote.

Sheryl Connelly gives her spin on Theaster Gates' talk, about how he created community spaces that helped to reboot his neighborhood in Chicago.

Sheryl Connelly gives her spin on Theaster Gates’ talk, about how he created community spaces that helped to reboot his neighborhood in Chicago.

Brad Ovenell-Carter represents a powerful quote from Daniel Kish's TED Talk

Brad Ovenell-Carter represents a powerful quote from Daniel Kish’s TED Talk

Sheryl Connelly takes notes on a talk about flag design from speaker Roman Mars.

Sheryl Connelly takes notes on a talk about flag design from speaker Roman Mars.

Sculptor Dustin Yellin shares how he aims to create movies that don't move in his work. Here, Brad Ovenell-Carter interprets that.

Dustin Yellin gave a talk about how he layers objects in resin to create sculptures that feel alive. Here, Brad Ovenell-Carter interprets that.

Connelly was also taken by Elora Hardy's talk, about how she uses a single material — bamboo — to create incredible houses in Bali.

Connelly was also taken by Elora Hardy’s talk, about how she uses a single material — bamboo — to create incredible houses in Bali.

And finally, Brad Ovenell-Carter gives hi takeaway from Chris Milk's talk about how virtual reality can create empathy.

And finally, Brad Ovenell-Carter gives his takeaway from Chris Milk’s talk about how virtual reality can create empathy.


Planet DebianYves-Alexis Perez: LXCs upgrade to Jessie

So I started migrating some of my LXCs to Jessie, to test the migration in advance. The upgrade itself was easy (the LXC is mostly empty and only runs radicale), but after the upgrade I couldn't login anymore (using lxc-console since I don't have lxc-attach, the host is on Wheezy). So this is mostly a note to self.

auth.log was showing:

Mar 25 22:10:13 lxc-sync login[1033]: pam_loginuid(login:session): Cannot open /proc/self/loginuid: Read-only file system
Mar 25 22:10:13 lxc-sync login[1033]: pam_loginuid(login:session): set_loginuid failed
Mar 25 22:10:13 lxc-sync login[1033]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Mar 25 22:10:13 lxc-sync login[1033]: Cannot make/remove an entry for the specified session

The last message isn't too useful, but the first one gave the answer. Since LXC isn't really ready for security stuff, I have some hardening on top of that, and one measure is to not have rw access to /proc. I don't really need pam_loginuid there, so I just disabled that. I just need to remember to do that after each LXC upgrade.

Other than that, I have to boot using SystemV init, since apparently systemd doesn't cope too well with the various restrictions I enforce on my LXCs:

lxc-start -n sync
Failed to mount sysfs at /sys: Operation not permitted

(which is expected, since I drop CAP_SYS_ADMIN from my LXCs). I didn't yet investigate how to stop systemd doing that, so for now I'm falling back to SystemV init until I find the correct customization:

lxc-start -n sync /lib/sysvinit/init   
INIT: version 2.88 booting
[info] Using makefile-style concurrent boot in runlevel S.
hostname: you must be root to change the host name
mount: permission denied
mount: permission denied
[FAIL] udev requires a mounted sysfs, not started ... failed!
 failed!
mount: permission denied
[info] Setting the system clock.
hwclock: Cannot access the Hardware Clock via any known method.
hwclock: Use the --debug option to see the details of our search for an access method.
[warn] Unable to set System Clock to: Wed Mar 25 21:21:43 UTC 2015 ... (warning).
[ ok ] Activating swap...done.
mount: permission denied
mount: permission denied
mount: permission denied
mount: permission denied
[ ok ] Activating lvm and md swap...done.
[....] Checking file systems...fsck from util-linux 2.25.2
done.
[ ok ] Cleaning up temporary files... /tmp.
[ ok ] Mounting local filesystems...done.
[ ok ] Activating swapfile swap...done.
mount: permission denied
mount: permission denied
[ ok ] Cleaning up temporary files....
[ ok ] Setting kernel variables ...done.
[....] Configuring network interfaces...RTNETLINK answers: Operation not permitted
Failed to bring up lo.
done.
[ ok ] Cleaning up temporary files....
[FAIL] startpar: service(s) returned failure: hostname.sh udev ... failed!
INIT: Entering runlevel: 2
[info] Using makefile-style concurrent boot in runlevel 2.
dmesg: read kernel buffer failed: Operation not permitted
[ ok ] Starting Radicale CalDAV server : radicale.
Yes, there are a lot of errors, but they seem to be handled just fine.

TEDDark roast for the daring: TEDsters play truth and dare on coffee sleeves

Target-dare-sleeve-2“Harumph,” one TEDster smiled. “Get into a boxing ring.”

“Moonwalk into the theater,” his partner grinned back.

TEDsters don’t usually communicate in commands. But in a lounge on the north side of the theater, where white cushioned couches and espresso machines gleamed over the harbor below, the Target Daring Truth Cafe has turned the latte line into a time for TEDsters to cheekily and anonymously nudge their fellow attendees outside their comfort zones.

Each coffee cup sleeve has a dare written on it. The kicker? The text is written by TEDsters, with a livescribe pen, for unsuspecting cafe visitors to come. Their dare is printed onto the next batch of coffee sleeves, which are stacked next to the milk steamer.

We picked some of our favorites to share:

Target-dare-sleeve-1 Target-dare-sleeve-5Target-dare-sleeve-3 Target-dare-sleeve-4 Target-dare-sleeve-6 Target-dare-sleeve-7 Target-dare-sleeve-8 Target-dare-sleeve-9 Target-dare-sleeve-10 Target-dare-sleeve-11


Planet DebianEnrico Zini: google-ics-evil

Work around Google evil .ics feeds

I've happily been using 2015/akonadi-install for my calendars, and yesterday I added an .ics feed export from Google, as a URL file source. It is a link in the form: https://www.google.com/calendar/ical/person%40gmail.com/private-12341234123412341234123412341234/basic.ics

After doing that, I noticed that the fan in my laptop was on more often than usual, and I noticed that akonadi-server and postgres were running very often, and doing quite a lot of processing.

The evil

I investigated and realised that Google seems to be doing everything they can to make their ical feeds hard to sync against efficiently. This is the list of what I have observed Gmail doing to an unchanged ical feed:

  • Date: headers in HTTP replies are always now
  • If-Modified-Since: is not supported
  • DTSTAMP of each element is always now
  • VTIMEZONE entries appear in random order
  • ORGANIZER CN entries randomly change between full name and plus.google.com user ID
  • ATTENDEE entries randomly change between having a CN or not having it
  • TRIGGER entries change spontaneously
  • CREATED entries change spontaneously

This causes akonadi to download and reprocess the entire ical feed at every single poll, and I can't blame akonadi for doing it. In fact, Google is saying that there is a feed with several years worth of daily appointments that all keep being changed all the time.

The work-around

As a work-around, I have configured the akonadi source to point at a local file on disk, and I have written a script to update the file only if the .ics feed has actually changed.

Have a look at the script: I consider it far from trivial, since it needs to do a partial parsing of the .ics feed to throw away all the nondeterminism that Google pollutes it with.

The setup

The script needs to be run periodically, and I used it as an opportunity to try systemd user timers:

    $ cat ~/.config/systemd/user/update-ical-feeds.timer
    [Unit]
    Description=Updates ical feeds every hour
    # Only run when on AC power
    ConditionACPower=yes

    [Timer]
    # Run every hour
    OnActiveSec=1h
    # Run a minute after boot
    OnBootSec=1m
    Unit=update-ical-feeds.service

    $ cat ~/.config/systemd/user/update-ical-feeds.service
    [Unit]
    Description=Update ICal feeds

    [Service]
    # Use oneshot to prevent two updates being run in case the previous one
    # runs for more time than the timer interval
    Type=oneshot
    ExecStart=/home/enrico/tmp/calendars/update

    $ systemctl --user start update-ical-feeds.timer
    $ systemctl --user list-timers
    NEXT                         LEFT       LAST                         PASSED UNIT                    ACTIVATES
    Wed 2015-03-25 22:19:54 CET  59min left Wed 2015-03-25 21:19:54 CET  2s ago update-ical-feeds.timer update-ical-feeds.service

    1 timers listed.
    Pass --all to see loaded but inactive timers, too.

To reload the configuration after editing: systemctl --user daemon-reload.

Further investigation

I wonder if ConditionACPower needs to be in the .timer or in the .service, since there is a [Unit] section is in both. Update: I have been told it can be in the .timer.

I also wonder if there is a way to have the timer trigger only when online. There is a network-online.target and I do not know if it is applicable. I also do not know how to ask systemd if all the preconditions are currently met for a .service/.timer to run.

Finally, I especially wonder if it is worth hoping that Google will ever make their .ics feeds play nicely with calendar clients.

TEDName that story, in four images: A game

StoryCorps booth

There’s a quiet corner at TED, with two comfortable chairs, a table with some paper and pencils, and a well-placed box of tissues. And on Wednesday night, after Dave Isay of StoryCorps shared his TED Prize wish, TEDsters flooded into Citi Ventures’ The Art of Listening exhibit. This social space was an homage to Isay’s oral history project — which he announced on the TED stage that he’d be taking global with a new app.

“A lot of people who came by knew StoryCorps from NPR,” said Kris Kowal, of the experience design agency Sub Rosa, which created the exhibit. “But for some people, this was the first time they were hearing about StoryCorps. We wanted to give them an introduction.”

The exhibit had three components. First, a booth, where attendees could pull in someone they wanted to honor with an interview. Speaker Amanda Palmer interviewed Esther Perel;  speaker BJ Miller interviewed his father. On the walls of the booth hung quotes from classic StoryCorps interviews: “Being married is like having a color television set,” “I wanted a picture of the person who had allowed me to live.” Nearby, four consoles allowed attendees to listen to excerpts of 10 powerful stories, and see how the story affected their physiology thanks to a heart-rate monitor.

A third element, created by Kowal and his Sub Rosa colleague Chris Tino, was called “Wordless Stories.” On eight iPads built into a wooden console, attendees got to play a game. They were given 60 seconds to identify movies and classic novels from distillations of their plots into four graphic images. “So E.T. becomes an alien, a bicycle, a moon and a boy,” says Kowal. “We’ve got a leaderboard for the week.”

Want to play a quick round? See if you can correctly identify the stories below.

Wordless-Stories-Moby-Dick Wordless-Stories-Forrest-Gumo Wordless-Stories-Hamlet Wordless-Stories-Back-to-Future


TEDImagine walking a mile in someone else’s headline: Monica Lewinsky speaks at TED2015

Monica-Lewinsky-TED-Talk-CTA

Monica Lewinsky is one of very few people over the age of 40 who has no interest in being 22 again.

“At the age of 22, I fell in love with my boss,” she says bluntly as she begins her talk on the TED2015 stage, her hands clasped in front of her. “At the age of 24, I learned the devastating consequences. “

Lewinsky asks for a show of hands: “Who didn’t make a mistake at 22?”

“Not a day goes by that I am not reminded of my mistake, and I regret that mistake deeply,” she continues. “In 1998, after having been swept up in an improbable romance, I was then swept up into the eye of a political, legal and media maelstrom like we had never seen before.”

The media landscape of the mid 1990s was, of course, very different from what it is today. Lewinsky points out that news at the time was consumed from three sources: reading a newspaper or magazine, listening to the radio, or watching television. But her affair with a sitting president?

“This scandal was brought to you by the digital revolution,” she says. “It was the first time traditional news was usurped by the Internet, a click that reverberated around the whole world.”

Lewinsky said that she had very little understanding of what was happening at the time. “Overnight, I went from being a completely private figure to a publicly humiliated one worldwide,” she says.

“I was Patient Zero of losing a personal reputation on a global scale almost instantaneously.”

If you close your eyes and go back to that moment, you can probably remember the tiny number of images that fueled this scandal: a headshot of Lewinsky with her swooping hair; a slow-motion video of Lewinsky in black beret, reaching out of the crowd to hug President Clinton; a freeze frame of her with her right hand raised being sworn in for her deposition in Clinton’s impeachment trial.

What was different about this scandal was the focus on her.

“Now I admit I made mistakes — especially wearing that beret — but the attention and judgment that I received — not the story, but that I personally received — was unprecedented,” she says. “I was branded as a tramp, tart, slut, whore, bimbo and, of course, ‘that woman.’ I was known by many, but actually known by few. I get it. It was easy to forget ‘that woman’ was dimensional and had a soul.”

While Lewinsky doesn’t say it, it should also be noted that ‘that woman’ has a voice — one that is calm and clear. Lewinsky was hardly heard from at the time of the scandal, aside from a Barbara Walters 20/20 interview in 1999 that launched the sale of a thousand Club Monaco lipsticks. Few in the audience would have been able to identify her voice before she stepped on the stage today. And while she wrote an essay for Vanity Fair last year, this is only the second time she’s spoken in public since disappearing from the public eye in 2005 and moving to London to study social psychology at the London School of Economics. She also spoke at Forbes’ 30 Under 30 Summit in October.

“In 1998, I lost my reputation and my dignity. … I lost my sense of self,” Lewinsky continues. “When this happened to me, 17 years ago, there was no name for it. Now we call it cyber-bullying.”

Lewinsky describes in detail one of the hardest parts of the scandal from her perspective: when, after the Starr Report was released to Congress, transcripts of her private conversations, secretly recorded by Linda Tripp, went public. Soon afterward, clips aired on television and were posted online. Lewinsky calls the content of those tapes “the worst version of myself” and says that they made her feel “deeply, deeply ashamed.” She says that she could not believe the things she’d said, or that others were forming an impression of her based on it.

“This was not something that happened with regularity back then in 1998,” she says. “And by ‘this,’ I mean the stealing of people’s private words, actions conversations or photos and then making them public. Public without consent, public without context and public without compassion.”

Of course, it happens with extreme regularity now. Take for example, in the past year: the leak of nude photos of Jennifer Lawrence and other celebrities; the Sony hack, in which the most embarrassing personal emails traveled far and wide; the release of 100,000 Snapchat images and videos on the website SnapChatLeaked.com.

But in 2010, a case of stolen actions hit Lewinsky in the gut. Tyler Clementi was a freshman at Rutgers University whose roommate set up a webcam and captured video of him being romantic with another man. Online harassment kicked in. Days later, Clementi jumped from the George Washington Bridge.

“Tyler’s tragic, senseless death was a turning point for me,” says Lewinsky. “It served to recontextualize my experiences. I began to look at the world of humiliation and bullying around me and see something different … Every day online, people — especially young people who are not developmentally equipped to handle this — are so abused and humiliated that they can’t imagine living to the next day.”

Humiliation has a personal price, notes Lewinsky, but it has a cultural one as well, she says.

“For nearly two decades now, we have slowly been sowing the seeds of shame and public humiliation in our cultural soil,” she says. “Gossip websites, paparazzi, reality programming, politics, news outlets and sometimes hackers traffic in shame.”

She brings up Nicolaus Mills’ concept of a “culture of humiliation.”

“A marketplace has emerged where public humiliation is a commodity and shame is an industry,” she asks. “How is the money made? Clicks. The more shame, the more clicks; the more clicks, the more advertising dollars … We are in a dangerous cycle: the more we click on this kind of gossip, the more numb we get to the human lives behind it. And the more numb we get, the more we click.”

So how do we move forward?

“With every click we make a choice,” says Lewinsky. She wants to see a “cultural revolution.”

“Public humiliation as a blood sport has to stop,” she says. “We need to return to a long-held value of compassion and empathy.”

Lewinsky quickly quotes another TED speaker, Brené Brown, who researches shame. As Brown said in a Twitter conversation in 2014, “Shame can’t survive empathy.”

Lewinsky asks that every person become an “upstander” instead of a bystander when it comes to public humiliation. “I’ve seen some very dark days in my life. It was empathy and compassion from friends, family, coworkers, even strangers that saved me. Empathy from one person can make a difference,” she says. “Compassionate comments help abate the negativity.”

The Internet is the superhighway for the id,” she says, “but online showing empathy to others benefits us all … Just imagine walking a mile in someone else’s headline.”

Lewinsky says that there is one question she has gotten constantly about her re-emergence over the past year: why now? She stresses that her decision to step back out into the spotlight on her own terms is not politically motivated.

“The top-note answer was and is: Because it’s time. Time to stop tiptoeing around my past … Time to take back my narrative,” she says. “Anyone who is suffering from shame and public humiliation needs to know one thing: you can survive it. I know it’s hard. It may not be painless, quick or easy, but you can insist on a different ending to your story.”


TEDBehind-the-scenes gallery: TED2015 comes to a close

Neri Oxman wows the audience with the "first wearable digestive system." Read more about her talk. Photo: Bret Hartman/TED http://blog.ted.com/creative-ignition-a-recap-of-the-fiery-talks-in-session-10-of-ted2015/

Neri Oxman wows the audience with the “first wearable digestive system.” Read more about her talk. Photo: Bret Hartman/TED

Bill Gates tries on an Ebola suit, in a replica Ebola field treatment center. Read about this exhibit. Photo: Ryan Lash/TED http://ideas.ted.com/how-we-treat-ebola-and-why-we-must-do-better/

An attendee tries on a full Ebola treatment suit, which takes up to 11 minutes to put on. The Gates Notes brought the suits to TED2015 to powerfully underscore the point that the tools, treatments and systems we have in place are not enough for the next epidemic. Read about this exhibit. Photo: Ryan Lash/TED

Suki Kim shares the incredible experience of living undercover in North Korea for six months. Read an excerpt of her book. Photo: Bret Hartman/TED http://ideas.ted.com/what-i-learned-from-teaching-english-in-north-korea/

Suki Kim shares the experience of living undercover in North Korea for six months. Read an excerpt of her book. Photo: Bret Hartman/TED

TED2015 attendees enjoy a talk in a simulcast lounge.

TED2015 attendees watch Steven Wise’s talk in a simulcast lounge. Photo: TED

Lewis Dartnell shows his "gasifier stove," which could help society rebuild after an apocalypse. Read more about his talk. Photo: Bret Hartman/TED http://blog.ted.com/how-to-rebuild-our-world-from-scratch-using-science-lewis-dartnell-at-ted2015/

Lewis Dartnell shows a tin-can gasifier stove, one of the tools that could help society rebuild after an apocalypse. Read more about his talk. Photo: Bret Hartman/TED

Kelly Stoetzel and Jay Herratti host TEDActive 2015, held in parallel to TED in Whistler. Photo: Marla Aufmuth/TED

Kelly Stoetzel and Jay Herratti host TEDActive 2015, held in parallel to TED in Whistler. Photo: Marla Aufmuth/TED

At a "speed meeting" session, TED2015 attendees get to know each other. Photo: Ryan Lash/TED

At a “speed meeting” session, TED2015 attendees get to know each other. Photo: Ryan Lash/TED

The Kitchen Sisters tell the story of "Wall Street," a prisoner at San Quentin who is a natural at trading stocks, during Session 8. Read more. Photo: Bret Hartman/TED  http://blog.ted.com/pop-up-magazine-the-engrossing-talks-of-session-8-of-ted2015/

The Kitchen Sisters tell the story of Wall Street, a prisoner at San Quentin who is a natural at trading stocks. Read more. Photo: Bret Hartman/TED

A view of Whistler, from TEDActive. Photo: Marla Aufmuth/TED

A view of Whistler, from TEDActive. Photo: Marla Aufmuth/TED

In his wrap-up of TED2015, Baratunde Thurston unveiled the "TED Flag." It breaks every single rule for flag design laid out in Roman Mars' TED Talk earlier in the week. Photo: Bret Hartman/TED

In his wrap-up of TED2015, Baratunde Thurston unveiled the “TED Flag.” It breaks every single rule for flag design laid out in Roman Mars’ TED Talk earlier in the week. Photo: Bret Hartman/TED

Nobel Peace Prize winner Kailash Satyarthi didn't talk about peace—he talked about anger. Read more about his talk. Photo: Bret Hartman/TED http://blog.ted.com/im-urging-you-to-be-angry-kailash-satyarthi-live-at-ted2015/

Nobel Peace Prize winner Kailash Satyarthi didn’t talk about peace—he talked about anger. Read more about his talk. Photo: Bret Hartman/TED

Author Pico Iyer signs a copy of his TED Book for a fan. Read Iyer's travel tips. Photo: Ryan Lash/TED http://blog.ted.com/travel-tips-from-pico-iyer/

Author Pico Iyer signs a copy of his TED Book for a fan. Read Iyer’s travel tips. Photo: Ryan Lash/TED

Thinking hard in the Robert Wood Johnson Foundation The Culture of Health Café. Photo: Ryan Lash/TED

Thinking hard in the Robert Wood Johnson Foundation The Culture of Health Café. Photo: Ryan Lash/TED

The speakers in Pop-Up Magazine's session line up for a bow. Read about Pop-Up Magazine's curation strategy. Photo: Bret Hartman/TED http://blog.ted.com/the-pages-of-a-magazine-brought-to-life/

The speakers in Pop-Up Magazine’s session line up for a bow. Read about Pop-Up Magazine’s curation strategy. Photo: Bret Hartman/TED h

Chris Burkard made the audience chilly with his beautiful images of arctic surfing. Read more about his talk. Photo: Bret Hartman/TED http://blog.ted.com/passion-and-consequence-the-inspiring-talks-in-session-11-of-ted2015/

Chris Burkard shows the audience his beautiful images of arctic surfing. Read more about his talk. Photo: Bret Hartman/TED

TEDActive 2015 attendees enjoy their bean bag seats. Photo: Marla Aufmuth/TED

TEDActive 2015 attendees enjoy their bean bag seats. Photo: Marla Aufmuth/TED

In an exhibit about the TED Prize, Larry Brilliant shares an object that inspired his wish: a statue of Shitala-ma, the "smallpox goddess." Photo: Ryan Lash/TED

In an exhibit about the TED Prize, Larry Brilliant shares an object that inspired his wish: a statue of Shitala-ma, the “smallpox goddess.” Photo: Ryan Lash/TED

Sri Lankan opera singer Tharanga Goonetilleke, a TED Fellow, takes the stage. Photo: Bret Hartman/TED

Sri Lankan opera singer Tharanga Goonetilleke, a TED Fellow, takes the stage. Photo: Bret Hartman/TED

Mexican guitar duo Rodrigo y Gabriela rock out with an electrifying acoustic performance. Photo: Bret Hartman/TED

Mexican guitar duo Rodrigo y Gabriela rock out with an electrifying acoustic performance. Photo: Bret Hartman/TED

Attendees got an unusual look at their personality via beautiful designs, in Target's The Daring Truth Café. Photo: Ryan Lash/TED

Attendees got an unusual look at their personality via design, in Target’s The Daring Truth Café. Photo: Ryan Lash/TED

A late night lip-sync event at TEDActive 2015. Photo: Marla Aufmuth/TED

Aloe Blacc and wife Maya Jupiter perform at the TEDActive Top of the Mountain party. Photo: Marla Aufmuth/TED

At The Engagement Center powered by IBM, attendees could see incredible data on TED2015, visualized for easy understandability. Photo: Ryan Lash/TED

At The Engagement Center powered by IBM, attendees could see incredible data on TED2015, visualized for understandability. Photo: Ryan Lash/TED

In Session 11, fashion designer Hussein Chalayan shared his unusual take on fashion. He shoed how a table can become a skirt and how this he makes a motif of speed. Photo: Bret Hartman/TED http://blog.ted.com/passion-and-consequence-the-inspiring-talks-in-session-11-of-ted2015/

In Session 11, fashion designer Hussein Chalayan shared his take on the intersection of fashion, commerce and high art. Read more about his talk. Photo: Bret Hartman/TED

At the Synthetic Gecko Adhesive Exhibit, attendees got to play with the stuff that lets geckos climb up walls. Photo: Ryan Lash/TED

At the Synthetic Gecko Adhesive Exhibit, attendees got to play with the stuff that lets geckos climb up walls. Photo: Ryan Lash/TED

BJ Miller spoke on how we can design for a better end of life—and how 11,000 volts of electricity in college first got him thinking about this. Read more. Photo: Bret Hartman/TED

BJ Miller spoke on how we can design for a better end of life—and how 11,000 volts of electricity in college first got him thinking about this. Read more. Photo: Bret Hartman/TED

Chris Anderson, TED's Curator, hosts a chilling session, "Just and Unjust." Read a full recap of it. Bret Hartman/TED http://blog.ted.com/just-and-unjust-a-recap-of-the-powerful-talks-of-session-9-at-ted2015/

Chris Anderson, TED’s Curator, hosts a chilling session, “Just and Unjust.” Read a full recap of it. Bret Hartman/TED

Our TED2015 speakers become art. Photo: Ryan Lash/TED

Our TED2015 speakers become art. Photo: Ryan Lash/TED


Krebs on SecurityTax Fraud Advice, Straight from the Scammers

Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires. And few topics so reliably generate discussion on crime forums around this time of year as tax return fraud, as we’ll see in the conversations highlighted in this post.

File 'em Before the Bad Guys Can

File ‘em Before the Bad Guys Can

As several stories these past few months have noted, those involved in tax refund fraud shifted more of their activities away from the Internal Revenue Service and toward state tax filings. This shift is broadly reflected in discussions on several fraud forums from 2014, in which members lament the apparent introduction of new fraud “filters” by the IRS that reportedly made perpetrating this crime at the federal level more challenging for some scammers.

One outspoken and unrepentant tax fraudster — a ne’er-do-well using the screen name “Peleus” — reported that he had far more luck filing phony returns at the state level last year. Peleus posted the following experience to a popular fraud forum in February 2014:

“Just wanted to share a bit of my results to see if everyone is doing so bad or it just me…Federal this year has been a pain in the ass. I have about 35 applications made for federal with only 2 paid refunds…I started early in January (15-20) on TT [TurboTax] and HR [H&R Block] and made about 35 applications on Federal and State..My stats are as follows:

Federal: 35 applications (less than 10% approval rate) – average per return $2500

State: 35 apps – 15 approved (average per return $1600). State works just as great as last year, their approval rate is nearly 50% and processing time no more than 10 – 12 days.

I know that the IRS has new check filters this year but federals suck big time this year, i only got 2 refunds approved from 35 applications …all my federals are between $2300 – $2600 which is the average refund amount in the US so i wouldn’t raise any flags…I also put a small yearly salary like 25-30k….All this precautions and my results still suck big time compared to last year when i had like 30%- 35% approval rate …what the fuck changed this year? Do they check the EIN from last year’s return so you need his real employer information?”

A seasoned tax return fraudster discusses strategy.

A seasoned tax return fraudster discusses strategy.

Several seasoned members of this fraud forum responded that the IRS had indeed become more strict in validating whether the W2 information supplied by the filer had the proper Employer Identification Number (EIN), a unique tax ID number assigned to each company. The fraudsters then proceeded to discuss various ways to mine social networking sites like LinkedIn for victims’ employer information.

GET YER EINs HERE

A sidebar is probably in order here. EINs are not exactly state secrets. Public companies publish their EINs on the first page of their annual 10-K filings with the Securities and Exchange Commission. Still, EINs for millions of small companies here in the United States are not so easy to find, and many small business owners probably treat this information as confidential.

Nevertheless, a number of organizations specialize in selling access to EINs. One of the biggest is Dun & Bradstreet, which, as I detailed in a 2013 exposé, Data Broker Giants Hacked by ID Theft Service, was compromised for six months by a service selling Social Security numbers and other data to identity thieves like Peleus.

Last year, I heard from a source close to the investigation into the Dun & Bradstreet breach who said the thieves responsible made off with more than six million EINs. In December 2014, I asked Dun &Bradstreet about the veracity of this claim, and received a blanket statement that did not address the six million figure, but stressed that EINs are not personally identifiable information and are available to the public.

THE PREPAID MESS

By May of 2014, Peleus reported that he’d more or less worked out the best ways to avoid the IRS’s fraud filters, and was finding great success at the state level. The key, he said, was having the bogus refund sent to a unique prepaid debit card account for each filing. In this case, he found success with Green Dot — a widely-used prepaid card.

“The season is over, and my stats improved A LOT once I used one Greendot for one refund, instead of 1 checking account for 10 refunds,” he wrote.

The prepaid card industry has been an indispensable tool of tax fraudsters for several years, and remains one of the favorite means of cashing out phony refunds — as well as the proceeds from a broad range of other cybercrime activity.

At a March 12, 2015 hearing on the tax refund fraud epidemic, Utah State Tax Commission Chairman John Valentine told the U.S. Senate Finance Committee that all of the suspicious returns it has seen so far this year had the direct deposit information changed from the previous year’s bank account to prepaid debit cards — often Green Dot brand debit cards.

Once the funds are transferred to such cards, they cannot easily be traced or recovered, a perfect vehicle to commit fraud,” Valentine told the panel. “Prepaid debit cards appear to be preferable to fraudsters because the identity thief doesn’t have to bother with banks, credit unions or check-cashing stores that may become suspicious when one person starts bringing in multiple tax refund checks to be cashed or deposited.”

Valentine said one problem his state ran into when trying to isolate filings involving prepaid cards was that there is currently no uniformity in numbering that distinguishes traditional checking and savings accounts from prepaid debit cards.

“For example, a prepaid reloadable debit card sold by Green Dot appears to be linked to a bank account even though the debit card had no actual checking or savings account associated with it,” he said in his prepared remarks (PDF). “A simple fix would be to require a different series, letter or additional numbers to distinguish these cards from cards connected to bank or credit union checking and savings accounts.”

SAFE MONEY & FREQUENT FILERS

Judging from his fraud forum postings, our tax scammer Peleus was having more luck filing bogus refund requests with both the IRS and the states in this year’s tax season, which appears to have started in mid- to late January for phony filers.

Peleus’ 2015 tax tips for fellow fraudsters center around which payment instruments and banks to use and which to avoid like the plague. Peleus said prepaids are great, but getting your phony refunds deposited in a Suntrust account remains the safest option, while certain banks — particularly Wells Fargo — are to be avoided like the plague.

“Wells Fargo is old news and sucks big time,” Peleus wrote in a January 14, 2015 post. “It is one of the strictest banks and I do not recommend it. Try and get Suntrust. If Suntrust works like last year, you should have 5-7 refunds per account easy. They don’t seem to give a fuck.”

Peleus and other fraudsters continue to report strong success filing phony tax refund requests through TurboTax, the largest of the online tax preparation services — with nearly 30 million customers. Peleus urges like-minded crooks to consider asking TurboTax to credit the fraudulent refund amount as an Amazon gift code, which is apparently all the rage this year:

“You don’t even need your own bank accounts, you can use company checking accounts from Google or checking accounts from your older spam,” Peleus enthuses. “Basically, you need just an email to receive the Amazon code. Sure, it’s hard to sell it on eBay or Craigslist, but it works and they never get blocked, so it’s safe money.”

[In case you missed my recent series on how lax security and adherence to “know-your-customer” basics at TurboTax has contributed to the tax fraud epidemic, check out these stories.]

While the states and the IRS are becoming more vigilant about filtering out phony refund requests, the fraudsters are clearly responding by upping the volume of bogus filings. At least, that’s according to our virtual Virgil of the tax underworld:

“People, the secret still stays in numbers, so file as many applications as you can,” Peleus advises his fraudster friends. “No matter how accurate your tax info is, if you fly under the radar with small refunds (e.g. the average US refund was $2400 last year) you will be making money. Stop asking for $9k per refund you should make 3 of 3k, more refunds is better. Next year it will be harder I am sure, but we will all be smarter and fewer.”

ANALYSIS

Given the amount of cyber fraud that is committed with the help of the anonymity afforded to prepaid card users,  the Utah State Tax Commissioner’s suggestion about requiring a unique identifier for prepaid card account numbers seems like a sound one. Certainly, the prepaid card and tax preparation industries can up their game. As I’ve noted in previous stories, both industries probably need more encouragement from federal lawmakers and/or regulators to proactively institute more robust and effective “know-your-customer” policies.

Even so, tax refund fraud is a complex problem, with many core weaknesses contributing to the overall epidemic. Not least of which is that the IRS is required to process refund requests within a very short period of receiving the filing. Very often, the IRS has to make this decision even before companies finish sending out W2 information.

In an August 2014 report to Congress on the tax refund fraud epidemic, the Government Accountability Office said that for 2014, the IRS informed taxpayers that it would generally issue refunds in less than 21 days after receiving a tax return — primarily because the IRS is required by law to pay interest if it takes longer than 45 days after the due date of the return to issue a refund.

According to a January 2015 GAO report (PDF), the IRS estimated it prevented $24.2 billion in fraudulent identity theft refunds in 2013.  Unfortunately, the IRS also paid $5.8 billion that year for refund requests later determined to be fraud. The GAO noted that because of the difficulties in knowing the amount of undetected fraud, the actual amount could far exceed those estimates.

Further reading:

What Tax Fraud Victims Can Do.

All KrebsOnSecurity stories about tax refund fraud.

Update, Mar. 26, 4:56 p.m. ET: A previous version of this story incorrectly stated that Green Dot was managed by GE Money Bank. The latter sold part of its pre-praid business (Wal-Mart Money Card) to Green Dot back in 2013.

Sociological ImagesAre Economics Majors Anti-Social?

Yep. Economics majors are more anti-social than non-econ majors. And taking econ classes also makes people more anti-social than they were before. It turns out, there’s quite a bit of research on this, nicely summarized here.  Econ majors are less likely to share, less generous to the needy, and more likely to cheat, lie, and steal.

In one study, for example, economists Yoram Bauman and Elaina Rose noted the consistent finding that econ majors were less generous and asked whether the effect was do to selection (people who are anti-social choose to take econ classes) or indoctrination (taking econ classes makes one more anti-social). They found that both play a role.

Students at their institution — University of Washington — were asked at registration each semester if they’d like to donate to WashPIRG (a left-leaning public interest group) and ATN (a non-partisan group that lobbies to reduce tuition rates).  Bauman and Elaina crunched the data along with students’ chosen majors and classes. They found that econ majors were less likely to donate to either cause (the selection hypothesis) and that non-econ majors who had taken econ classes were less likely to donate than non-majors who hadn’t (the indoctrination hypothesis).

1c 2

What should we make of these findings?

Sociologist Amitai Etzioni takes a stab at an answer. He argues that neoclassical economics isn’t a problem in itself. Instead, the problem may be that there are no “balancing” classes, ones that present a different kind of economics. In other part of the academy, he argues — specifying social philosophy, political science, and sociology– there is “a great variety of approaches are advanced, thereby leaving students with a consolidated debasing exposure and a cacophony of conflicting pro-social views.”

Being exposed to a variety of views, including ones that question the premises of neoclassical economics, may be one way to make economists more honest and kind. And doing so isn’t just about sticking one to econ, it’s an issue of grave seriousness, as the criminal and immoral behavior of our financial leaders is exactly what triggered a Great Recession once… and could again.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianBits from Debian: Hewlett-Packard Platinum Sponsor of DebConf15

HPlogo

We are very pleased to announce that HP has committed support of DebConf15 as Platinum sponsor.

"The hLinux team is pleased to continue HP's long tradition of supporting Debian and DebConf," said Steve Geary, Senior Director at Hewlett-Packard.

Hewlett-Packard is one of the largest computer companies in the world, providing a wide range of products and services, such as servers, PCs, printers, storage products, network equipment, software, cloud computing solutions, etc.

Hewlett-Packard has been a long-term development partner of Debian, and provides hardware for port development, Debian mirrors, and other Debian services (HP hardware donations are listed in the Debian machines page).

With this additional commitment as Platinum Sponsor, HP contributes to make possible our annual conference, and directly supports the progress of Debian and Free Software, helping to strengthen the community who continue to collaborate on their Debian projects throughout the rest of the year.

Thank you very much, Hewlett-Packard, for your support of DebConf15!

Become a sponsor too!

DebConf15 is still accepting sponsors. Interested companies and organizations may contact the DebConf team through sponsors@debconf.org, and visit the DebConf15 website at http://debconf15.debconf.org.

CryptogramCapabilities of Canada's Communications Security Establishment

There's a new story about the hacking capabilities of Canada's Communications Security Establishment (CSE), based on the Snowden documents.

Worse Than FailureCodeSOD: Are You Down With PHP?

Who’s Down With PHP?

PHP often gets a bad rap. A lot of the time, that’s because it’s used by developers that don’t know what they’re doing, just like there’s nothing inherently wrong with spandex, but there are times, places and people where it is inappropriate. And don’t get me wrong, the language has made big strides in recent years (good luck finding a web server hosting one of those versions, though). But there are just uses of PHP that reinforce that reputation. Robert Osswald provides this example from the contact-form editing code of a domain registrar database.

Let’s say you have some JSON data from an AJAX request, and it looks like this:

	array(13) {
		["controller"]=>
		string(7) "account"
		["action"]=>
		string(10) "changedata"
		["module"]=>
		string(7) "default"
		["data"]=>
		string(314) "[{"name":"adAddress","value":"Address 123"},{"name":"adCity","value":"MyCity"},{"name":"adZip","value":"12345"},{"name":"adState","value":"RS"},{"name":"adTelephone","value":"0112323555"},{"name":"adJMBG","value":"1706987782831"},{"name":"check[]","value":"domain_adminperson"},{"name":"cp_osobaid","value":"156"}]"
		["ajax"]=>
		string(15) "json_serialized"
		["adAddress"]=>
		string(11) "Address 123"
		["adCity"]=>
		string(6) "MyCity"
		["adZip"]=>
		string(5) "12345"
		["adState"]=>
		string(2) "RS"
		["adTelephone"]=>
		string(10) "0112323555"
		["adJMBG"]=>
		string(13) "1706987782831"
		["check"]=>
		array(1) {
			[0]=>
			string(18) "domain_adminperson"
		}
		["cp_osobaid"]=>
		string(3) "156"
	}

You want to turn the fields in that check[] array into an object, like this:

	object(stdClass)#208 (1) {
		["AdministrativniKontakt"]=>
	 object(stdClass)#207 (6) {
	 	["Adresa"]=>
	 	string(11) "Address 123"
	 	["Grad"]=>
	 	string(6) "MyCity"
	 	["PostanskiBroj"]=>
	 	string(5) "12345"
	 	["Drzava"]=>
	 	string(2) "RS"
	 	["Tel"]=>
	 	string(10) "0112323555"
	 	["MaticniBroj"]=>
	 	string(13) "1706987782831"
	 }
	}

To map one to the other, you also have an .ini file like this:

	form.domain_adminperson.prefix = ad
	form.domain_adminperson.object = AdministrativniKontakt
	form.domain_adminperson.field.adName = Ime
	form.domain_adminperson.field.adLastname = Prezime
	form.domain_adminperson.field.adEmail = Email
	form.domain_adminperson.field.adAddress = Adresa
	form.domain_adminperson.field.adCity = Grad
	form.domain_adminperson.field.adState = Drzava
	form.domain_adminperson.field.adTelephone = Tel
	form.domain_adminperson.field.adJMBG = MaticniBroj
	form.domain_adminperson.field.adZip = PostanskiBroj

Once you’ve mapped the request array to the defined object, you want to persist it and return the object in the JSON response. Would you do it… like this?

	class RequestToRegObjectMapper
	{
		public static function parseRequestToObj($request, $saveInSession = false)
		{
			$iniFile = new Zend_Config_Ini(APP_FS_ROOT.&apos/lib/spec/formtoservice.ini&apos,&aposdefault&apos, true);

			if($saveInSession == true){
				$sessionHandler = new Zend_Session_Namespace(&aposdomainreg&apos); 
			}

			$response = new stdClass();

			foreach($request[&aposcheck&apos] as $elem){

				$elemIniData = $iniFile->form->{$elem};
				$elemObjectName = $elemIniData->object;
				$response->{$elemObjectName} = new stdClass();
				$response->{$elemObjectName} = $sessionHandler->{$elemObjectName};

				foreach($request as $k=>$v){
					$key = isset($elemIniData->field->{$k}) ? $elemIniData->field->{$k} : null;
					if(!is_null($key) && !empty($v)){
						$response->{$elemObjectName}->{$key} = $v;
					}
				}

				if($saveInSession == true){
					if(!isset($sessionHandler->{$elemObjectName}))
						$sessionHandler->{$elemObjectName} = $response->{$elemObjectName};
					else{
						foreach (get_object_vars($response->{$elemObjectName}) as $key => $value) {
							$sessionHandler->{$elemObjectName}->{$key} = $value;
						}
					}
				}  
			}

			return $response;
		}
	}

	public function changedataAction(){

		$this->_helper->layout->disableLayout();
		$this->_helper->viewRenderer->setNoRender(true); 
		$request = RequestToRegObjectMapper::parseRequestToObj($this->REQPARAMS, false);

		if(in_array("domain_dns", $this->REQPARAMS["check"])){

			$requestParams = new stdClass();
			$requestParams->IdDomena = $this->REQPARAMS["cp_domenid"];
			if (!empty($request->DNS->Nazivservera1)) {
				$requestParams->NazivServera1 = $request->DNS->Nazivservera1;
			}
			if (!empty($request->DNS->Ipadresa1)) {
				$requestParams->IPAdresa1 = $request->DNS->Ipadresa1;
			}
			if (!empty($request->DNS->Nazivservera2)) {
				$requestParams->NazivServera2 = $request->DNS->Nazivservera2;
			}
			if (!empty($request->DNS->Ipadresa2)) {
				$requestParams->IPAdresa2 = $request->DNS->Ipadresa2;
			}

			$response = $this->serviceClient->call(&aposizmeniDNSServereZaDomen&apos, $requestParams);
			echo json_encode($response);
			die();
		}

		if(in_array("domain_regperson", $this->REQPARAMS["check"])){

			$requestParams = new stdClass();
			$requestParams = $request->Registrant;
			$requestParams->Id = $this->REQPARAMS["Id"];

			$response = $this->serviceClient->call(&aposizmeniRegistranta&apos, $requestParams);
			if($response->status == 0){
				$this->redirectToActionController(&aposindex&apos, &aposaccount&apos);
			}
		}

		if(in_array("domain_adminperson", $this->REQPARAMS["check"]) || in_array("domain_payperson", $this->REQPARAMS["check"])){
			$requestParams = new stdClass();
			if(in_array("domain_adminperson", $this->REQPARAMS["check"]))
				$requestParams = $request->AdministrativniKontakt;
			else if(in_array("domain_payperson", $this->REQPARAMS["check"]))
				$requestParams = $request->KontaktZaPlacanje;
			$requestParams->Id = $this->REQPARAMS["cp_osobaid"];

			$response = $this->serviceClient->call(&aposizmeniOsobu&apos, $requestParams);
			echo json_encode($response);
			die();
		}
	}

There are lots of reasons to use PHP on your next project! Alas, brevity and readability aren’t two of them.

<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Planet DebianRichard Hartmann: Visiting Hongkong and Shenzhen

TSDgeos had a good idea:

Lazyweb travel recommodations.

So, dear lazyweb: What are things to do or to avoid in Hongkong and Shenzhen if you have one and a half week of holiday before and after work duties? Any hidden gems to look at? What electronic markets are good? Should I take a boat trip around the waters of Hongkong?

If you have any decent yet affordable sleeping options for 2-3 nights in Hongkong, that would also be interesting as my "proper" hotel stay does not start immediately. Not much in ways of comfort is needed as long as I have a safe place to lock my belongings.

In somewhat related news, this Friday's bug report stats may be early or late as I will be on a plane towards China on Friday.

Planet DebianFrancois Marier: Keeping up with noisy blog aggregators using PlanetFilter

I follow a few blog aggregators (or "planets") and it's always a struggle to keep up with the amount of posts that some of these get. The best strategy I have found so far to is to filter them so that I remove the blogs I am not interested in, which is why I wrote PlanetFilter.

Other options

In my opinion, the first step in starting a new free software project should be to look for a reason not to do it :) So I started by looking for another approach and by asking people around me how they dealt with the firehoses that are Planet Debian and Planet Mozilla.

It seems like a lot of people choose to "randomly sample" planet feeds and only read a fraction of the posts that are sent through there. Personally however, I find there are a lot of authors whose posts I never want to miss so this option doesn't work for me.

A better option that other people have suggested is to avoid subscribing to the planet feeds, but rather to subscribe to each of the author feeds separately and prune them as you go. Unfortunately, this whitelist approach is a high maintenance one since planets constantly add and remove feeds. I decided that I wanted to follow a blacklist approach instead.

PlanetFilter

PlanetFilter is a local application that you can configure to fetch your favorite planets and filter the posts you see.

If you get it via Debian or Ubuntu, it comes with a cronjob that looks at all configuration files in /etc/planetfilter.d/ and outputs filtered feeds in /var/cache/planetfilter/.

You can either:

  • add file:///var/cache/planetfilter/planetname.xml to your local feed reader
  • serve it locally (e.g. http://localhost/planetname.xml) using a webserver, or
  • host it on a server somewhere on the Internet.

The software will fetch new posts every hour and overwrite the local copy of each feed.

A basic configuration file looks like this:

[feed]
url = http://planet.debian.org/atom.xml

[blacklist]

Filters

There are currently two ways of filtering posts out. The main one is by author name:

[blacklist]
authors =
  Alice Jones
  John Doe

and the other one is by title:

[blacklist]
titles =
  This week in review
  Wednesday meeting for

In both cases, if a blog entry contains one of the blacklisted authors or titles, it will be discarded from the generated feed.

Tor support

Since blog updates happen asynchronously in the background, they can work very well over Tor.

In order to set that up in the Debian version of planetfilter:

  1. Install the tor and polipo packages.
  2. Set the following in /etc/polipo/config:

     proxyAddress = "127.0.0.1"
     proxyPort = 8008
     allowedClients = 127.0.0.1
     allowedPorts = 1-65535
     proxyName = "localhost"
     cacheIsShared = false
     socksParentProxy = "localhost:9050"
     socksProxyType = socks5
     chunkHighMark = 67108864
     diskCacheRoot = ""
     localDocumentRoot = ""
     disableLocalInterface = true
     disableConfiguration = true
     dnsQueryIPv6 = no
     dnsUseGethostbyname = yes
     disableVia = true
     censoredHeaders = from,accept-language,x-pad,link
     censorReferer = maybe
    
  3. Tell planetfilter to use the polipo proxy by adding the following to /etc/default/planetfilter:

     export http_proxy="localhost:8008"
     export https_proxy="localhost:8008"
    

Bugs and suggestions

The source code is available on repo.or.cz.

I've been using this for over a month and it's been working quite well for me. If you give it a go and run into any problems, please file a bug!

I'm also interested in any suggestions you may have.

Planet Linux AustraliaSonia Hamilton: Devops and Old Git Branches

A guest blog post I wrote on managing git branches when doing devops.

When doing Devops we all know that using source code control is a “good thing” — indeed it would be hard to imagine doing Devops without it. But if you’re using Puppet and R10K for your configuration management you can end up having hundreds of old branches lying around — branches like XYZ-123, XYZ-123.fixed, XYZ-123.fixed.old and so on. Which branches to cleanup, which to keep? How to easily cleanup the old branches? This article demonstrates some git configurations and scripts  that make working with hundreds of git branches easier…

Go to Devops and Old Git Branches to read the full article.

Planet DebianSteinar H. Gunderson: GCC 5 and AutoFDO

Buried in the GCC 5 release notes, you can find this:

A new auto-FDO mode uses profiles collected by low overhead profiling tools (perf) instead of more expensive program instrumentation (via -fprofile-generate). SPEC2006 benchmarks on x86-64 improve by 4.7% with auto-FDO and by 7.3% with traditional feedback directed optimization.

This comes from Google, with some more information at this git repository and the GCC wiki, as far as I can tell. The basic idea is that you can do feedback-directed optimization by low-overhead sampling of your regular binaries instead of a specially instrumented one. It is somewhat less effective (you get approx. half the benefit of full FDO, it seems), but it means you don't need to write automated, representative benchmarks—you can just sample real use and feed that into the next build.

Now, question: Would it be feasible to do this for all of Debian? Have people volunteer running perf in the background every now and then (similar to popularity-contest), upload (anonymized) profiles to somewhere, and feed it into package building. (Of course, it means new challenges for reproducible builds, as you get more inputs to take care of.)

Planet DebianSteinar H. Gunderson: GCC 5 and AutoFDO

Buried in the GCC 5 release notes, you can find this:

A new auto-FDO mode uses profiles collected by low overhead profiling tools (perf) instead of more expensive program instrumentation (via -fprofile-generate). SPEC2006 benchmarks on x86-64 improve by 4.7% with auto-FDO and by 7.3% with traditional feedback directed optimization.

This comes from Google, with some more information at https://github.com/google/autofdo and https://gcc.gnu.org/wiki/AutoFDO, as far as I can tell. The basic idea is that you can do feedback-directed optimization by low-overhead sampling of your regular binaries instead of a specially instrumented one. It is somewhat less effective (you get approx. half the benefit of full FDO, it seems), but it means you don't need to write automated, representative benchmarks—you can just sample real use and feed that into the next build.

Now, question: Would it be feasible to do this for all of Debian? Have people volunteer running perf in the background every now and then (similar to popularity-contest), upload (anonymized) profiles to somewhere, and feed it into package building. (Of course, it means new challenges for reproducible builds, as you get more inputs to take care of.)

Geek FeminismThe vessel with the pestle has the Linkspam that is true (24 March 2015)

  • Every woman in every Disney/Pixar movie in the past decade has the same face: “Apparently every Disney woman is a clone/direct descendant of some primordial creature with huge round cheeks and a disturbingly small nose, because there is no other explanation (yes there is(it’s lazy sexism)) for the incredible lack of diversity among these female faces.”
  • Beyond: An anthology of queer SFF comics, coming in spring 2015. Currently fundraising.
  • Former Facebook Employee, Chia Hong, Sues for Sex Discrimination | Re/code: “A former Facebook employee is suing the company for a number of claims, including sex discrimination, harassment and race/national origin discrimination, according to a lawsuit filed with the San Mateo County Superior Court Monday.”
  • Robyn Launches Festival Promoting Women in Technology | News | Pitchfork: “In a press release, Robyn said she wanted to use the platform to inspire girls aged 11-to-18 who might be intrigued about technology—a historically male-dominated industry. ‘Tekla is a festival for girls, in which they get to sample different areas of future technology in what I believe will be a fun and imaginative environment,’ she wrote.”
  • New feminist Thor is selling way more comic books than the old Thor | Fusion: “While the audience breakdown is not available and there’s no way to know if the new Thor is bringing in more female readers, it is clear that she’s outselling the last series by A LOT. The first five new Thor books are currently selling more copies than the last five Thor books from 2012 by close to 20,000 copies per month, not including digital copies.”
  • Lighten Up — The Nib | Medium: Powerful comic about skin tone in comics coloring.
  • Chapter Three | Follow the Geeks: Profile of Lifehacker founder Gina Trapani. “Her skills as a programmer, leader, and writer are often overlooked, because she works so quietly. She flies under the radar, outshined by ideas shouted from the rooftops by Silicon Valley braggadocios. But Gina did something no other tech entrepreneur did, though most of them became big fans of it. She founded Lifehacker, the standard by which all productivity-enhancing web publications—now a dime a dozen—are judged. “
  • You can choose who submits talks to your conference | Julia Evans: “If you ask someone specifically to consider speaking at your conference, they’re WAY more likely to consider submitting a talk than if you don’t. If you then actively work with some talk submitters to help them focus and improve the talk they submit, their proposals will get better! And if you choose to focus your energies to work with (for instance) non-white people more than white people, then you’ll get more and better proposals from people who aren’t white.”
  • Doxxing to Defend Student Privacy | Hack Education: “If doxxing is the tactic – and “a primer” sure might indicate that it’s a-okay – then we have much more to do to prepare students about the implications of their online profiles, safety, surveillance, and discipline. Seriously, we have to think about what it means when political groups decide to use social media mechanisms not just to observe and monitor but to stifle dissent and quite literally to destroy their opposition.”
  • How This Young, Female and Latina Investor Broke Into a Middle-Aged, Male and White Industry | Hunter Walk: An interview with Ana Diaz-Hernandez of Kapor Capital. “I take my relationships very seriously: I believe deep, systemic issues require multi-disciplinary minds coming together. I work hard to bring together people who are taking radically different paths to address similar problems. It’s in those unconventional settings that amazing innovation happens. If you’re a driver of meaningful connections, people will want to work with you and you’ll be sure to have a place at the venture table.”
  • Art+Feminism Events on International Women’s Day « Wikimedia blog: “The Art+Feminism Campaign organized a global drive to host edit-a-thons on the weekend of International Women’s Day, to improve Wikipedia articles about women in the arts, feminism, and gender — as well as to raise awareness of the Wikipedia gender gap. Over 75 events took place around the world, bringing together about 1,500 participants — ranging from small gatherings of friends to large groups at significant cultural institutions like LACMA, the Walker Art Center, and the Stedelijk Museum. As a result, at least 400 new articles were created, and another 500 articles were significantly improved.”
  • Lawsuit: The 10 ways Twitter denies equal job opportunities for women | Mashable: “A software engineer suing Twitter for sex discrimination says the company’s mysterious promotions policy denies equal job opportunities for qualified women, according to court papers obtained Friday by Mashable — a document that handily alleges 10 personnel problems and five ways to fix them.”
  • Why I Don’t Want to Talk About ‘Women in Tech’ | Life as I Know It: “This week, I got an email from a local journalist asking if I wanted to participate in a focus group on writing about women in tech… here is the reply I sent.”
  • 24 Thoughts on Sexism, Feminism, YA, Reading, and The Publishing Industry | Stacked: A good summary for many situations. Women don’t get points for experimenting. They have to get it right the whole way through. Men are right when they try, even if they fail.

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

,

Planet Linux AustraliaLev Lafayette: Skill Improvements versus Interface Designs for eResarchers

The increasing size of datasets acts a critical issue for eResearch, especially given that they are expanding at a rate greater than improvements in desktop application speed, suggesting that HPC knowledge is requisite. However knowledge of such systems is not common.

read more

Planet DebianSimon Josefsson: Laptop indecision

I wrote last month about buying a new laptop and I still haven’t made a decision. One reason for this is because Dell doesn’t seem to be shipping the E7250. Some online shops claim to be able to deliver it, but aren’t clear on what configuration it has – and I really don’t want to end up with Dell Wifi.

Another issue has been the graphic issues with the Broadwell GPU (see the comment section of my last post). It seems unlikely that this will be fixed in time for Debian Jessie. I really want a stable OS on this machine, as it will be a work-horse and not a toy machine. I haven’t made up my mind whether the graphics issue is a deal-breaker for me.

Meanwhile, a couple of more sub-1.5kg (sub-3.3lbs) Broadwell i7’s have hit the market. Some of these models were suggested in comments to my last post. I have decided that the 5500U CPU would also be acceptable to me, because some newer laptops doesn’t come with the 5600U. The difference is that the 5500U is a bit slower (say 5-10%) and lacks vPro, which I have no need for and mostly consider a security risk. I’m not aware of any other feature differences.

Since the last round, I have tightened my weight requirement to be sub-1.4kg (sub-3lbs), which excludes some recently introduced models, and actually excludes most of the models I looked at before (X250, X1 Carbon, HP 1040/810). Since I’m leaning towards the E7250, with the X250 as a “reliable” fallback option, I wanted to cut down on the number of further models to consider. Weigth is a simple distinguisher. The 1.4-1.5kg (3-3.3lbs) models I am aware that of that is excluded are the Asus Zenbook UX303LN, the HP Spectre X360, and the Acer TravelMate P645.

The Acer Aspire S7-393 (1.3kg) and Toshiba Kira-107 (1.26kg) would have been options if they had RJ45 ports. They may be interesting to consider for others.

The new models I am aware of are below. I’m including the E7250 and X250 for comparison, since they are my preferred choices from the first round. A column for maximum RAM is added too, since this may be a deciding factor for me. Higher weigth is with touch screens.

Toshiba Z30-B 1.2-1.34kg 16GB 13.3″ 1920×1080
Fujitsu Lifebook S935 1.24-1.36kg 12GB 13.3″ 1920×1080
HP EliteBook 820 G2 1.34-1.52kg 16GB 12.5″ 1920×1080
Dell Latitude E7250 1.25kg 8/16GB? 12.5″ 1366×768
Lenovo X250 1.42kg 8GB 12.5″ 1366×768

It appears unclear whether the E7250 is memory upgradeable, some sites say max 8GB some say max 16GB. The X250 and 820 has DisplayPort, the S935 and Z30-B has HDMI, and the E7250 has both DisplayPort/HDMI. The E7250 does not have VGA which the rest has. All of them have 3 USB 3.0 ports except for X250 that only has 2 ports. The E7250 and 820 claims NFC support, but Debian support is not given. Interestingly, all of them have a smartcard reader. All support SDXC memory cards.

The S935 has an interesting modular bay which can actually fit a CD reader or an additional battery. There is a detailed QuickSpec PDF for the HP 820 G2, haven’t found similar detailed information for the other models. It mentions support for Ubuntu, which is nice.

Comparing these laptops is really just academic until I have decided what to think about the Broadwell GPU issues. It may be that I’ll go back to a fourth-gen i7 laptop, and then I’ll probably pick a cheap reliable machine such as the X240.

TEDReflections on TED2015: What people are saying around the web

David Rothkopf was a huge TED skeptic—until he attended TED2015. "I was wrong about TED,' he says. Photo: Bret Hartman/TED

David Rothkopf was a huge TED skeptic—until he attended TED2015. “I was wrong about TED. In a big way,” he says. Photo: Bret Hartman/TED

With TED2015 wrapped, attendees, speakers and journalists alike are sharing their reflections on the experience. Below, some highlights:

David Rothkopf was an open critic of TED, calling our talks “chicken nuggets for the brain.” But the experience of attending TED2015 and speaking during Session 1 changed his mind. The Washington icon now writes, “I was wrong about TED. In a big way. … Not only did I find TED to be an exceptional event attended by remarkable people  … on several occasions, listening to some of the scientists and technologists who were presenting talks about their work, I was actually moved to near tears. Actually it was more like an existential gut punch.” Read his full essay on Foreign Policy »

Over at Re/Code, journalist Ina Fried recaps TED2015 by sharing nine less-publicized ideas that she took with her from the conference, from “plugging in new senses” to “learning anger from a Nobel Peace Prize winner.” Read her recap, “Flour Made From Coffee and Eight More Things to Chew On” »

“What I love about the annual TED gathering in Vancouver is the way science coexists along with art, social justice, popular song and the rest of TED’s eclectic mix,” writes Fred Guterl of Scientific American. Check out his take on “The Science of TED2015” »

Meanwhile, at Wired, Marcus Wohlsen was bowled over by Chris Milk’s prediction that virtual reality entertainment will become a tool for empathy. “I assure you, the prediction doesn’t mean as much until you have the VR experience for yourself. When you do, you can physically feel its inevitability,” he says. “In my case, that feeling came after the steam train heading straight toward me exploded into a flock of birds and I suddenly found myself airborne.” Read the full story »

Virtual reality as a tool for empathy? It's an idea from TED2015 that may well be spot-on. Photo: Ryan Lash/TED

Virtual reality as a tool for empathy? It’s an idea from TED2015 that may well be spot-on. Photo: Ryan Lash/TED

Bill Gross, who gave a short talk on what makes a good startup during the TED University session, shares the 10 things he learned at the conference. Some highlights: you’re 30 times more likely to laugh if you’re with someone else than if you’re on your own, and more than six billion minutes are wasted in traffic every day. Read his learnings over at LinkedIn »

Monica Lewinsky’s talk was easily the most written-about of the conference, from The New York Times story Monica Lewinsky Is Back, but This Time It’s on Her Terms to Salon’s Monica Lewinsky is right about public shaming. One of the more unusual takes? Over at Forbes, Lisa Earle McLeod pulled three key leadership lessons from Monica’s talk. Check them out » 

Journalist Steven Levy gives his highlights of the conference via Medium. In addition to talking to Marina Abramović about the nerves she felt before going on stage, he recaps the conference as such: “Sitting through [TED] makes your brain feel like a mushy piñata, whacked by one mind-blowing idea after another. Did you know that babies use sophisticated data analysis to guide the way they use squeeze toys? Meet the Frank Gehry of the rainforest, who creates bamboo edifices in Bali. Believe it or not, when adulterers say to their betrayed spouses ‘It’s not about you,’ they’re telling the truth. Oh, and here’s a guy who landed a spaceship on an asteroid.” Read the full piece »

Maryn McKenna, who talked about the danger of losing antibiotic efficacy in Session 6, turned her attention to another health crisis that was front and center during the conference: the Ebola epidemic. Read her story, “We are not ready”: Ebola analysis from the front-line workers (and Bill Gates) »

Meanwhile, Jody Martinson of CBC News picked her five favorite talks from the conference, which range from Monica Lewinsky on public humiliation to Abe Davis’ demo of how an empty bag of chips can become a microphone. Read her picks »

Of course, this is only a small fraction of the reflections on the conference. Share more in the comments.

Speaker Maryn McKenna spoke about the problem of antibiotic resistance, but found herself intrigued by what speakers at the conference had to say about Ebola. Photo: Bret Hartman/TED

Speaker Maryn McKenna spoke about the problem of antibiotic resistance, but found herself intrigued by what others at the conference had to say about Ebola. Photo: Bret Hartman/TED


Planet DebianDaniel Pocock: The easiest way to run your own OpenID provider?

A few years ago, I was looking for a quick and easy way to run OpenID on a small web server.

A range of solutions were available but some appeared to be slightly more demanding than what I would like. For example, one solution required a servlet container such as Tomcat and another one required some manual configuration of Python with Apache.

I came across the SimpleID project. As the name implies, it is simple. It is written in PHP and works with the Apache/PHP environment on just about any Linux web server. It allows you to write your own plugin for a user/password database or just use flat files to get up and running quickly with no database at all.

This seemed like the level of simplicity I was hoping for so I created the Debian package of SimpleID. SimpleID is also available in Ubuntu.

Help needed

Thanks to a contribution from Jean-Michel Nirgal Vourgère, I've just whipped up a 0.8.1-14 package that should fix Apache 2.4 support in jessie. I also cleaned up a documentation bug and the control file URLs.

Nonetheless, it may be helpful to get feedback from other members of the community about the future of this package:

  • Is it considered secure enough?
  • Have other people found it relatively simple to install or was I just lucky when I tried it?
  • Are there other packages that now offer such a simple way to get OpenID for a vanilla Apache/PHP environment?
  • Would anybody else be interested in helping to maintain this package?
  • Would anybody like to see this packaged in other distributions such as Fedora?
  • Is anybody using it for any online community?

Works with HOTP one-time-passwords and LDAP servers

One reason I chose SimpleID is because of dynalogin, the two-factor authentication framework. I wanted a quick and easy way to use OTP with OpenID so I created the SimpleID plugin for dynalogin, also available as a package.

I also created the LDAP backend for SimpleID, that is available as a package too.

Works with Drupal

I tested SimpleID for login to a Drupal account when the OpenID support is enabled in Drupal, it worked seamlessly. I've also tested it with a few public web sites that support OpenID.

TEDWatch TED Talks on your Apple TV

On our Apple TV app, you can play a talk or opt to "watch later." All talks saved for future viewing are synced with your TED.com account.

On our new Apple TV app, you can play a talk or opt to “watch later.” All talks that you save for future viewing are synced with your TED.com account, so you can watch them on your desktop or on your television screen.

A cure for those what-do-I-watch-now moments: starting today, TED is on Apple TV. In our beautifully designed new Apple TV channel, you can watch TED’s full library of talks (1900+ of them and counting) and our expanding collection of playlists (more than 200 of them, from “Architectural inspiration” to “Talks to watch when every conceivable bad thing has just happened to you”). When you finish a talk or playlist, another is instantly queued up for you, for proper binge-ability.

Perhaps the coolest feature: Apple TV now links with your TED.com profile, so you can queue up talks you want to watch later. Let’s say you see our TED Talk of the Day online while you’re at work, but you don’t have time to check it out. Hit the “Watch later” button (it looks like a little watch face), and it will be waiting for you on your Apple TV when you get home.

On our new Apple TV app, browse our 200+ playlists. We add new lists every week.

On our new Apple TV app, browse our 200+ playlists. We add new lists every week.

There are lots of ways to discover new talks on our Apple TV app—you can browse the most recent talks, trending talks, or talks by topics.

There are lots of ways to discover new talks on our Apple TV app—you can browse the most recent talks, trending talks, or talks by topic as shown here.

The TED programming was designed in-house to be a smooth and entertaining way to watch TED Talks on your HDTV. You can browse talks and playlists by title or topic (like “technology,” “design” or “happiness”) or by the kind of talks you’d like to watch (like “funny,” “jaw-dropping” or “beautiful”). All talks come with subtitles, some in as many as 105 languages.


Sociological ImagesPower and the Gaze: What Does Resistance Look Like?

In 1975, Mulvey conceptualized the gaze as the power derived by the viewer when they cast their glance upon a hierarchized, usually female, body. This idea perfectly captures the way a subject on film is both frozen in a time and space, and consumed. I want to turn that around, in a more kyriarchal and postmodern fashion, and allot power to the subject.

Refinery 29 has a series of photographs by Blaise Cepis. Through them, women discuss and display their body hair.  In a beautifully hued array, these women speak of personal choice, empowerment and acceptance in ways that act as a counternarrative to the Brazilian-plucked-chicken-prepubescent-non-mammal-landscaping construct that is currently in vogue.

And yet. Yet. Among this abundance of hairy joy – there is no direct gaze. Among the 21 slides there are faces in profile, lower portions of faces, averted glances with pupils looking away. There is only one woman directly glancing at the viewer, and even as her defiant brows dominate her face she is neither fully seen nor subsequently fully known.

5

Also, nowhere in the 21 slides does the women’s whole body occupy the visual frame. The pictures show a bushy underarm with barely a chest wall or breast, a lushly forested pudenda without whole legs or torso, or a lightly furred arm without a hand attached.

Counter this power and gaze conundrum with Kim Kardashian’s photoessay for Paper’s Winter issue where she appears, full frontal, body hair free, and fully faced. With the hashtag #breaktheinternet, the intent of the shoot is clear. Neither during the photoshoot’s extended video interview or the accompanying print piece does Kardashian invoke feminism’s ideals of choice, power or acceptance. Yet, in her direct gaze and whole body there is a definitive power of being fully present in the visual medium.

Censored to be safe for work, but you can see the original here:5

In his classic Disidentifications, Munoz interrogates the intersections between queer theory and life as performance to illustrate the ways hegemony is constructed. All the women in the photoessay above are performing: to disrupt a gaze by capturing the consumer; to deliver through visual imagery a counternarrative to normed assumptions; to shine a spotlight upon their bodies so that other stories can be told about them that subsequently reflect the world. These are all photos of “naked women”, but they are not equal in power.

Make no mistake, Kardashian’s photoshoot does not aspire to be anything but  performance – a denuded spectacle that we can believe – illustrating her power to create reverberating social narratives. But the theme of empowered, hirsuit women who embrace the social, sexual, and personal repercussions of their decision is undercut by the disembodied visual presentation. The power of these women has no whole body in which to reside. They are intended to be read as both brave and everyday, but they are visually reduced to decontextualized hair clumps; the performances of pride do not ring true because the viewer does not witness the incorporation of their body pride into a fully human landscape. Frankly, if women are going to “grow hair there” – we need to fully embody it.

Kerrita K. Mayfield, PhD is an experienced social justice oriented educator and teacher trainer, with over 20 years working in urban and rural classrooms and alternative educational settings. Currently teaching ESL at UMass Amherst to liminal non-benefitted workers, she was the first student to earn a graduate minor in Women’s Studies at the University of Wyoming.

(View original at http://thesocietypages.org/socimages)

CryptogramReforming the FISA Court

The Brennan Center has a long report on what's wrong with the FISA Court and how to fix it.

At the time of its creation, many lawmakers saw constitutional problems in a court that operated in total secrecy and outside the normal "adversarial" process.... But the majority of Congress was reassured by similarities between FISA Court proceedings and the hearings that take place when the government seeks a search warrant in a criminal investigation. Moreover, the rules governing who could be targeted for "foreign intelligence" purposes were narrow enough to mitigate concerns that the FISA Court process might be used to suppress political dissent in the U.S. -- or to avoid the stricter standards that apply in domestic criminal cases.

In the years since then, however, changes in technology and the law have altered the constitutional calculus. Technological advances have revolutionized communications. People are communicating at a scale unimaginable just a few years ago. International phone calls, once difficult and expensive, are now as simple as flipping a light switch, and the Internet provides countless additional means of international communication. Globalization makes such exchanges as necessary as they are easy. As a result of these changes, the amount of information about Americans that the NSA intercepts, even when targeting foreigners overseas, has exploded.

Instead of increasing safeguards for Americans' privacy as technology advances, the law has evolved in the opposite direction since 9/11.... While surveillance involving Americans previously required individualized court orders, it now happens through massive collection programs...involving no case-by-case judicial review. The pool of permissible targets is no longer limited to foreign powers -- such as foreign governments or terrorist groups -- and their agents. Furthermore, the government may invoke the FISA Court process even if its primary purpose is to gather evidence for a domestic criminal prosecution rather than to thwart foreign threats.

...[T]hese developments...have had a profound effect on the role exercised by the FISA Court. They have caused the court to veer off course, departing from its traditional role of ensuring that the government has sufficient cause to intercept communications or obtain records in particular cases and instead authorizing broad surveillance programs. It is questionable whether the court's new role comports with Article III of the Constitution, which mandates that courts must adjudicate concrete disputes rather than issuing advisory opinions on abstract questions. The constitutional infirmity is compounded by the fact that the court generally hears only from the government, while the people whose communications are intercepted have no meaningful opportunity to challenge the surveillance, even after the fact.

Moreover, under current law, the FISA Court does not provide the check on executive action that the Fourth Amendment demands. Interception of communications generally requires the government to obtain a warrant based on probable cause of criminal activity. Although some courts have held that a traditional warrant is not needed to collect foreign intelligence, they have imposed strict limits on the scope of such surveillance and have emphasized the importance of close judicial scrutiny in policing these limits. The FISA Court's minimal involvement in overseeing programmatic surveillance does not meet these constitutional standards.

[...]

Fundamental changes are needed to fix these flaws. Congress should end programmatic surveillance and require the government to obtain judicial approval whenever it seeks to obtain communications or information involving Americans. It should shore up the Article III soundness of the FISA Court by ensuring that the interests of those affected by surveillance are represented in court proceedings, increasing transparency, and facilitating the ability of affected individuals to challenge surveillance programs in regular federal courts. Finally, Congress should address additional Fourth Amendment concerns by narrowing the permissible scope of "foreign intelligence surveillance" and ensuring that it cannot be used as an end-run around the constitutional standards for criminal investigations.

Just Security post -- where I copied the above excerpt. Lawfare post.

Planet DebianVincent Fourmond: Release 0.12 of ctioga2

Out is the new version of ctioga2, which brings:
  • a much better handling of heterogeneous x,y coordinates in heat maps: ctioga2 now automatically splits the data into homogeneous segments;
  • control on the properties of the fill and the stroke of symbols (image)
  • decent improvement of error messages
  • and some bug fixes and other minor improvements
As usual, the new release is available as a gem:
~ gem update ctioga2
The website has also been decently improved, with now a search box for finding images in the gallery

Planet DebianDebConf team: Working towards a child-friendly DebConf (Posted by Martin Krafft)

The Debian Project will celebrate its 22nd birthday during DebConf15 in Heidelberg in August 2015. At this age, it’s unsurprising that children of Debian contributors have attended our developer conference for several years.

Going with the times, we would like to work further towards making DebConf15 a child-friendly (parents-friendly) conference. The conference venue is far away from traffic, self-contained, and there is a dedicated children’s play room. There are green areas around, and the Heidelberg Zoo is literally within sight of the venue. We haven’t yet discussed deals with them, but we could.

In short: if you’d like to attend DebConf, but you are yet unsure what to do with your children… bring your kids along!

The hostel has a number of 3 and 4 bed-rooms with en-suite bathrooms, plus a good supply of cots available for the very little ones. We will allocate such rooms to families exclusively for your privacy (subject to availability, so please register yourself ASAP, and include a note about your kids).

We are maintaining answers to commonly-asked questions on the wiki. Please let us know if anything is missing, and feel free to update the page yourself.

We would also like to explore additional possibilities to make it easier for parents to participate in the conference. At the moment, we’re still scouting for ideas and there are already a number of promising leads.

To help us figure out what we’d best offer, we need to know about the demand. If you are planning to bring your children, or if you’re thinking about it, please drop a short note with number and ages and any other relevant information to kids@debconf.org. Your mail will be read by a few parents involved in the organisation of DebConf15 and we will obviously keep your data private.

We also created a (publicly archived) mailing list to discuss options and keep people updated on our plans. Please subscribe yourself to the list, if interested, and feel free to write to debconf-kids@lists.debian.org with any questions or ideas you might have.

Worse Than FailureThe A(nti)-Team

In the 1980’s, there was a TV show called The A-Team. There was the scrounger, who could scam anyone out of anything. He would make promises that were sort of true to get what he wanted (sound like marketing?) There was the tough guy who could intimidate anyone into doing anything. He knew how to get things done, but underneath it all, was a nice guy. There was the leader, who could always come up with a plan to save the day. And there was the one guy who was a little crazy (the good kind of crazy), but who you could count on in a pinch. There was also the occasional outside helper who would run interference and recon. This was a group of folks who worked as a well-oiled machine to get the job done. Failure was not an option! They were a team!

The A-Team never filed a project methodology document. No wonder they were wanted criminals.

Alex had taken a job on a new greenfield development effort to replace an aging and unsupportable birds-nest-o-wtf™. Naturally, the position was advertised as “we intend to do things right!” The project is fully funded. We will have the proper equipment and team personnel to get this job done. We have the full support of six layers of management plus all of the users. Alex was optimistic.

The first thing they did was spend several months wrapped in those numerous layers of management, end users, support folks, senior people who used to support the project (to explain the problems that plagued the old system), and the three architects of the new system. The new architecture was heavily documented, presented to and signed off on by all of the above. It was even reviewed with a critical eye by an independent third party regulatory auditing agency to ensure that the overseeing authorities were confident that the correct approach was being taken.

An 8 page document detailing development coding guidelines (e.g.: code formatting settings, naming conventions, unit tests, code coverage and other such team-wide items) was created, reviewed and decreed to be followed by all who worked on the project.

The project was off to a good start.

Job one was to hire the development part of the team. For this, they looked (very far) offshore to find the cheapest possible talent. After all, anyone can be trained, right? A team of 11 developers who collectively had 13 years of experience, and a team leader with 5 years of experience were hired and put in place.

The next major decision was which database should be used. There were three in widespread use at the company. Since all of the databases were hosted on centralized servers, one was immediately ruled out because the hardware that hosted the data servers was insufficiently powerful to handle the expected load in a reasonable time frame. Of the other two, one was widely used by everyone on the team. They knew its syntax, quirks and limits. The the third was mis-configured to have a reputation as being flaky. However, that one also was the corporate standard. In spite of the objections of the team, they used the third one.

Project management decided that QA folks could be brought in later.

Finally, it was time to begin doing detailed design. The offshore lead decided that a lot of time could be saved by doing design on-the-fly as required. Of course, the architects objected, but the project manager agreed to it.

And so the architects started working on building the controller engine and other such mainstays of the project. The junior team, which was to query numerous remote systems for input data, merge, filter and pre-process it, decided that they knew better than what was specified in the architecture document, and started designing their own way of doing things. Without telling the architects or management.

Come time for the first sprint check-in and all sorts of red flags flew up during code reviews. The junior lead decreed that the architecture document was only a suggestion that could be ignored in favor of the developers desires. Naturally, this spawned lots of are-you-f’g-kidding-me’s and emails up the chain. The project manager and above seemed disinterested, saying that the junior developers shouldn’t be doing that, but we trust them to do the right thing.

This went on, with the architects pointing out implementation flaws and shortcomings that would not support the requirements. All suggestions were ignored, because the offshore lead said “Google fosters an environment of innovation and creativity; we should too!” He was reminded that Google is (in large part) a think-tank, and that this was a highly regulated project within a highly regulated industry. The architecture, which had been signed off by more than 40 managers, was not optional or a suggestion, but mandatory. This was not kindergarten, where creativity is fostered; you had to stick to the approved plan! Now, we’re not talking about how to write a subroutine, or encapsulate an object; we’re talking about using threading incorrectly and in the wrong places, doing database accesses and interprocess communication in such ways that would not be scalable, or provide enough throughput to finish daily runs by regulatory deadlines. Spawning multiple processes instead of just using threads. Using files to act as semaphores, because that’s how they did it in school. The list goes on.

None of that mattered. The junior developers resented that they were not consulted on the architecture, and so were bent on ignoring it - with the blessing of their lead. The project manager continued to acknowledge the problems, but didn’t do anything about them. The problems were reported up the chain, and nothing was done. Everyone on the team should have an equal say in things.

In the real world, if a student thinks the teacher is wrong, he doesn’t get to change his grade. The surgical resident cuts where the surgeon says and not the other way around. The general doesn’t discuss strategy with the privates. If you join a union, and as the new guy demand to have equal say on policy with the union bosses, you’ll be bunking with Jimmy Hoffa. Experience speaks with exclamation points. Inexperience speaks with question marks.

Except on this “team”.

The junior developers continued to do what they thought was best, ignoring the architects at every turn. Much of their code was written and rewritten several times over because the designs by the juniors didn’t take things into account. Things more experienced folks know to plan for. By the time 8 months had passed, so much damage had been done that some of the more complex requirements simply couldn’t be hooked in, and more than a month of back-pedaling had to be done on a greenfield development project.

About this time, management acquiesced and asked some of the business users to write business-level tests (e.g.: via a spreadsheet that would be fed into JBehave to JUnit test things). The developers would provide the underlying code and some sample entries in the spreadsheets. The architects said that QA folks should be hired because business folks rarely know how to deal with edge cases, precision issues, etc. But the money was not to be spent. After six months of effort, the business users proudly decreed that all the tests for the entire application (e.g.: the entire requirements document) had been set up. A five minute glance showed that they didn’t handle edge cases, null cases, precision cases, or most of the other things that usually require tests. In fact, they had put all of the records that could possibly be processed (at least in their minds) into one giant pass-fail test. Of course, when something changed and it inevitably failed, there was no way to know what failed.

Finally, it got so bad that the architects built a physical wall in the code between the setup code (written by the offshore folks) and main engine (written by the architects) sections of the application. Immediately before the main engine began to grind the data, every single variable in the system would be flushed to a state table in the database, so that when something would inevitably be challenged, they could show the inputs that were provided and send the fix-it work to the offshore team. At least this way, they could insulate the main engine from the debris.

The department saved a lot of money by using cheap labor, no QA folks and the politically expedient database. Of course, all of the code of the setup portion done by the offshore team was a disaster, and for the most part, very difficult to learn, support, debug and enhance.

The product hadn’t even been deployed yet, and the users were already complaining that it took too long to diagnose and fix problems (one of the main reasons the whole rewrite project was authorized), that perhaps the rewrite wasn’t satisfying the main purpose of the rewrite, and that perhaps something might be wrong…

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Krebs on SecurityKreditech Investigates Insider Breach

Kreditech, a consumer finance startup that specializes in lending to “unbanked” consumers with little or no credit rating, is investigating a data breach that came to light after malicious hackers posted thousands of applicants’ personal and financial records online.

A screen shot of the Tor site that links to the documents stolen from Kreditech.

A screen shot of the Tor site that links to the documents stolen from Kreditech.

Earlier this month, a source pointed KrebsOnSecurity to a Web site reachable only via Tor, a software package that directs Internet traffic through a free, global network of relays. That page, pictured in screen shot to the right, included links to countless documents, scanned passports, drivers licenses, national IDs and credit agreements apparently taken from Kreditech’s servers.

The site announced that a group of hackers calling itself “A4″ put the information online after finding “hundreds of gigabytes” of Kreditech’s documents, including what appear to be configuration files from the company’s Intranet and internal servers.

“The company, getting multimillion investments, probably decided to spend them for anything but security of their clients’ data,” the hacker group wrote. “As explain by a member of A4, not that the company’s security is at a low level, it is absent as such.All data to which the group А4 got access will be put online in open access although its curb price is rather considerable.”

Anna Friedrich, head of communications at the Hamburg, Germany-based lender, acknowledged that the company had an “isolated internal security incident” in November 2014, and that Hamburg police are investigating.

Friedrich said Kreditech believes the data was stolen not from customers but only from credit applicants. She added that Kreditech believes the information was leaked from within by someone who worked at the company — although she declined to say whether the suspect was a current or former employee.

“There is no access to any customer data,” Friedrich said. “This incident stemmed from a form on our Web site that was stored data in a caching system that deleted data every few days. What happened was that a subset of application data was affected. We are collaborating with the police, but unfortunately there is no more further information that I have to share. ”

Corey Wells, the 19-year-old security researcher from West Virginia who alerted this author to the compromise, said he discovered the breach after building a crawler to identify and index Web sites on the Tor network.

The hacker group didn’t say how it obtained the documents. Wells said the leaked data includes raw logs from a system that appears to have been running MongoDB, a cross-platform document-oriented database. Those logs include a date and time stamp of Aug. 19. 2014, suggesting the breach may have started seven months ago.

Wells said he doesn’t buy Kreditech’s version of events, and that files leaked from the company and posted for download from the Tor Web site suggest at least some were from existing customers.

“There are bank sums, amounts that are in the transaction and the amount left in the accounts,” Wells said. “Some of these look like people who already have accounts with them.”

Unlike traditional lenders, which rely heavily the applicant’s payment and credit history, Kreditech is one of several lenders tapping into social networking data to determine the risk of lending to people who have a tough time getting credit. Kreditech says it uses up to 15,000 data points when assessing an application for a loan.

The company recently secured some credit of its own, receiving a $200 million credit line from Victory Park Capital. According to a January 2015 story at TechCrunch, that deal was one of the largest in the history of online lending services.

While Victory Park Capital is a private investment firm based in Chicago, Kreditech doesn’t appear to operate in the United States, nor in Germany where it is based. According to a cursory overview of the documents leaked online, the bulk of Kreditech’s customers/applicants are from Brazil, the Czech Republic, Dominican Republic, Mexico, Poland, Russia, Spain and Romania.

Update, Mar. 28, 9:40 a.m.: Kreditech’s lawyers sent me a letter (PDF) demanding an immediate correction on several aspects of the story. Mostly, the letter disagrees with statements made not by this author but by others quoted in the story. The company does dispute that any data from applicants in the Dominican Republic could have been compromised because the company did not start operations there until after the breach occurred. Kreditech also said it has not launched operations yet in Brazil or Romania.

Planet DebianRuss Allbery: Review: Fukushima

Review: Fukushima, by David Lochbaum, et al.

Author: David Lochbaum
Author: Edwin Lyman
Author: Susan Q. Stranahan
Author: Union of Concerned Scientists
Publisher: The New Press
Copyright: 2014
ISBN: 1-59558-927-9
Format: Kindle
Pages: 320

This is a very interesting book, and I can recommend it, but there are two things you should be aware of up-front. The packaging does not necessarily make clear what expectations you should have of it going in.

First, the subtitle (The Story of a Nuclear Disaster) should have appended to it And Its Implications for US Nuclear Power Policy. This book is very concerned with the impact of the Fukushima disaster on US policy and nuclear regulation, to the point where I think more than half of the book is about US agencies, nuclear regulatory history, and US reaction. There's nothing wrong with that, of course: the US should take a hard look at its own nuclear energy policy given the events at Fukushima, and it's a worthy topic for a book. But if you go into this book expecting a broader perspective, you will be disappointed. For example, I think the fact that France has a lot of nuclear power was mentioned maybe twice in the whole book, and French reaction was never discussed at all. There is a very detailed examination of exactly what happened at Fukushima (more on that in a moment), but most of the policy implications are examined purely from a US perspective. Even Japanese nuclear policy gets somewhat short shrift.

Second, note that the fourth listed co-author is the Union of Concerned Scientists. For those not familiar with US environmental groups, the UCS has a reputation as an anti-nuclear advocacy organization. I don't think that's entirely fair; I think the UCS's position on nuclear power is better summarized as holding that it is theoretically possible to run a nuclear power plant safely, but the actual US nuclear power industry is not very close to that standard, and it would require much tighter regulation and more investment in safety systems to reach that standard. But be aware that the authors of this book have a clear position on the adequacy of current nuclear power safety standards, namely that they aren't. And they don't try to conceal that position in this book. Personally, I prefer authors to be open about their perspective in books like this, but your mileage may vary.

There, disclaimers out of the way. I bought this book for a specific reason: I had followed some of the news coverage at the time of the earthquake and tsunami, and then (like many people, I suspect) lost track of the final outcome as the story fell out of the news and I started ignoring people who didn't understand how large the Pacific Ocean is. Now that we've had the benefit of several years of analysis and thoughtful reconstruction of events, I wanted to know what had actually happened. I'm happy to say that this book delivers quite well on that front. Roughly the first half of the book is a detailed blow-by-blow description of exactly what happened at Fukushima, at least as well as we've been able to reconstruct, told as an engrossing and dramatic narrative. There may be a little too much interleaving of reactions within the US government, which I suspect will particularly annoy non-US readers, but the level of factual detail is excellent, clear, and well-explained.

What I wasn't expecting, but was pleasantly surprised by, is that it's also a great story. There's tension, conflict, heroism, hard choices, and moral quandries, and the authors do a great job conveying factual information while still giving the reader the sense of being in the middle of the unfolding drama. They resist the urge to disclose all the results of later analysis in the middle of the story, which may provide a slightly less clear view of the disaster, but which makes the telling far more compelling. I usually read non-fiction more slowly than fiction, but Fukushima dragged me in. I found myself grabbing moments to read just another few pages.

Unfortunately, this is only about half the book. The other half is a mix of other things that won't have as broad of appeal: an analysis of the challenges of US nuclear regulation, a history of the US nuclear power industry, and a presentation of the authors' opinions about the best path forward for regulation of nuclear power in the US. Since I'm a US citizen and resident with an interest in both nuclear power and regulation of nuclear power in my country, I found this interesting, if not as engrossing as the rest of the book. But it felt a bit oddly tacked on, and I think it's a stretch to say that it's part of the story of Fukushima.

The authors try to draw that link by presenting the Japanese nuclear power industry as heavily influenced by their US counterparts, and their regulatory problems as similar to the problems in the US, but there is nowhere near enough detail about Japanese regulatory practices here to support that conclusion. I think the largest weakness, and the most obvious gap, in this book is the lack of detailed analysis of the history and players in the Japanese nuclear regulatory environment. This is an odd miss. If one is concerned about regulatory inadequacy, Japanese government policy is far more obviously part of the story of Fukushima than US policy. I can only speculate that the authors had inside sources for the US policy discussions but not for the Japanese policy discussions (and, sadly, fall back on painting with a rather broad brush and making unsupported generalizations about Japanese regulatory approaches in a few spots). The result feels like two partly-unrelated books stacked and partly shuffled together.

So, there are parts of Fukushima that are rather disappointing, particularly for non-US readers. But I still recommend it as a great detailed history of the actual incident and a summary of what we now think happened. That summary is unfortunately sketchy and still very unclear, but I don't think that's the fault of the authors. The inside of a nuclear power plant during a meltdown is a very difficult environment to measure or analyze, and there's a lot of data that we will probably never have. Some details may never be known. But what we do know, and how that knowledge unfolded, is told very well.

This is the only book-length treatment on Fukushima I've read, so I can't compare it against other books on the same topic. But it satisfied my curiousity nicely. If you have a similar curiosity, I recommend this book to your attention, although be aware of its approach and its US-centric analysis going in so that you're not surprised by a mismatch of expectations.

Rating: 8 out of 10

Kelvin ThomsonLiberal Party Double Standards on East West Link Contract

The Victorian Liberal Party carried out a disgraceful act of bastardry prior to the last State Election by entering into a secret contract with the East West Link Consortium purporting to guarantee them hundreds of millions of dollars in the event that the project did not proceed.<o:p></o:p>

The Victorian Labor Government was elected with an express commitment not to proceed with this project, in an election described by the Prime Minister as a Referendum on the East West Link. Now the Liberal Party and its cheer squad say the Labor Government must honour this dodgy deal, at massive cost to Victorian taxpayers.<o:p></o:p>

But the Liberal cheer squad is nowhere to be seen when the ACT Liberal Opposition says it won't be honouring contracts to build a $783 million light rail in Canberra. The ACT Liberals say they have let voters know they would not proceed with the light rail project (so did Victorian Labor) and that they are willing "to work with the contractor to try and re scope the project to something far more beneficial" (as did Victorian Labor).<o:p></o:p>

So where is the Federal Liberal Party demand that the ACT Liberals abandon their opposition to the light rail project and agree to implement any contracts the ACT government enters into?<o:p></o:p>

,

Planet DebianCarl Chenet: Unverified backups are useless. Automatize the controls!

Follow me on Identi.ca  or Twitter  or Diaspora*diaspora-banner

Unverified backups are useless, every sysadmins know that. But manually verifying a backup means wasting time and resources. Moreover it’s boring. You should automatize it!

charlot

Charlie Chaplin Modern Times

Backup Checker is a command line software developed in Python 3.4 on GitHub (stars appreciated :) ) allowing users to verify the integrity of archives (tar, gz, bz2, lzma, zip, tree of files) and the state of the files inside an archive in order to find corruptions or intentional of accidental changes of states or removal of files inside an archive.

github-logo

Backup Checker on github

The new feature of the latest version 1.4 is the control of outdated archives with the new outdated parameter. Lots of data are outdated quite fast, because they are dependent of other data, or because they are only useful in a specific context.

Hey, this database dump is 6 months old, it’s useless today!

Backup Checker now controls the expiration duration and triggers a warning if the given duration starting from the last modification of the archive (mtime) is expired. Short examples of the warning:

WARNING:root:/backups/backups-12022015.tar.gz is outdated. Was good until 01/03/15 00:00:00 – now 22/03/15 21:38:20

You won’t be surprized any more by outdated useless data in your backups.

Backup Checker also offers lots of other controls. Check the features list!

Installing Backup Checker

Backup Checker is available from PyPI using the following command:

# pip3.4 install backupchecker

It’s also available for your Debian Squeeze or Debian Wheezy. Check how to get it for your specific distributions.

weneedyou

What about you? How and what for do you use Backup Checker? We would be happy to get your feedbacks. The project cares about our users and the outdated feature was a awesome idea in a feature request by one of the Backup Checker user, thanks Laurent!

 


Planet Linux AustraliaMichael Still: A quick walk through Curtin

What do you do when you accidentally engaged a troll on twitter? You go for a walk of course.

I didn't realize there had been a flash flood in Canberra in 1971 that killed seven people, probably because I wasn't born then. However, when I ask people who were around then, they don't remember without prompting either, which I think is sad. I only learnt about the flood because of the geocache I found hidden at the (not very well advertised) memorial today.

       

Interactive map for this route.

Tags for this post: blog pictures 20150323-curtin photo canberra bushwalk
Related posts: Goodwin trig; Big Monks; Geocaching; Confessions of a middle aged orienteering marker; Narrabundah trig and 16 geocaches; Cooleman and Arawang Trigs

Comment

Planet DebianMartin-Éric Racine: This and That

I haven't blogged anything in months and figured that now might be a good time to get around that. Here it goes:


Free Software


While I occasionally upgrade the packaging of the software I maintain at Debian to keep up with best practices, my activity downsizing goes on. Simply put: I never had any ambition to become a Debian Developer. My involvement has always remained pragmatic and mostly from the perspective of packaging software that I found useful. Even then, my motivation for doing that keeps on dwindling into nothingness, because key pieces of software keep on breaking, whenever someone upstream decides to reinvent the wheel.


For instance, GNOME no longer works at all on Geode chipsets and it barely works on Nouveau chipsets. This happened as soon as GNOME 3.14 was uploaded into unstable, right before the freeze started. Then again, I wouldn't jump to a conclusion that GNOME itself might be at fault, since Plymouth also stopped working on the same two video platforms at the same time. For all we know, this could be caused by some changes in the X.Org server code. Bugs were filed, additional information was provided, but no fix has taken place.


Given how Geode and Nouveau represent 80% of my hardware investment (my Intel laptop being the sole exception), it essentially means that the upcoming Debian "stable" is useless for me. Now try and remain motivated, even just as a mere Free Software end-user. At this point, I'm done.


Politics


Finland is holding national elections this April. I still have no idea who I'll vote for this time. The guy I voted for last time has become a career politician with an inflated ego and zero connection to the average Finn's aspirations and worries. Meanwhile, two friends are standing as candidates: one who is a razor-sharp fact finder and who is a proven pragmatic decision-maker, but whose values are slightly off with mine, and one whose actions come straight from the heart but whose concept of today's Finnish reality leaves a lot to be desired.


National Defence


There's been a lot of recent articles about how former hardware and locations of the Finnish defence forces and border guards have been sold, often for peanuts, to Russian interests. In some cases, we're only talking about buildings formerly used for on-site staff accommodations. In other cases, former patrol boats and navy harbours changed hands. Now, to top it all, it appears that our north-western neighbour, Norway, has sold a former submarine base to German investors who, in turn, leased it to – you guessed it – Russian interests.


Looking at Russian actions in Ukraine, I cannot help but feel great concern that strategic locations are falling into potentially dangerous hands. Just seeing the picture of a former navy harbour with a handful of patrol boats on standby, right on the Finnish coastline, half-way between Helsinki and Turku, was a sobering experience. While the whole idea of shooting at people – even invading armies – gives me the creeps, at this point, I cannot help but start pondering whether defending this country might in fact be an occupation worth training for.


Employment


It has now been 6 years since I held my last dayjob. Since then, the only thing I've found is an unpaid training in the national bureaucracy. I've also freelanced as an actor and model, but that barely brought me pocket change, if even that. Seeing my face on posters advertising a movie I participated in last year was indeed nice, getting some media attention in connection to that too, but it hasn't lead to additional gigs. As far as I can tell, this was just my Warholian 15 minutes of fame.


However, there's a larger issue at stake. Newspapers recently published an employment statistics map for Nordic countries and the truth couldn't be more bleak: while Norway and Sweden's employment figures are nearly spotless for almost every province, those of Finland are – save for a couple of mildly successful provinces – outright catastrophic. Given this and despite feeling relatively happy living in Finland and having developed a will to defend this country from an eventual Russian assault, I've come to the conclusion that I would be better off going West, with a strong preference for Norway.


Now, the main question is, doing what? 6 years later, I have strong doubts that I would be remotely considered for any high-tech job. Besides, come to think of it, I wouldn't want any new office job. Off the top of my head, my idea of a cool job that would allow me to stay physically fit would be working as a tourist guide in Lapland. However, if Norway is anything like Finland, someone probably needs a dozen of permits of all sorts (first aid certification, C or even D class driving license, college degree in tourism, etc.) that I cannot afford. What then?

TEDSigns of friendship: A conversation between Christine Sun Kim & Renée Hlozek

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="315" src="http://www.youtube.com/embed/gVSYsKH2AJA?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="560"></iframe>

Above, Christine Sun Kim and Renée Hlozek share a snippet of conversation using American Sign Language and the Big Words app. Christine has been teaching Renée American Sign Language so they can communicate more directly.

Renée Hlozek is a cosmologist from South Africa who studies the cosmic microwave background, radiation left over from the Big Bang. Christine Sun Kim is a deaf artist who investigates the relationships between sound and silence. What could they possibly have to talk about?

When the two TED Senior Fellows first met at TED2013, the pair decided to try and communicate with each other directly as much as possible using American Sign Language (ASL). Kim attends TED with ASL interpreters and often relies on text, such as the app Big Words, to communicate. In the last two years, Hlozek has continued learning ASL to better communicate with Kim. Here at TED2015, we asked them to let us in on their friendship — and to tell us more about how Hlozek’s insistence on learning ASL has affected their relationship. Read the interview below, then watch the videos above for some simple ASL lessons between the two.

Renée Hlozek: When I met CK, I wanted to be able to communicate better on my own, like if the interpreter wasn’t around” But the more I got to know her, and thought about it. I realized:  if I don’t learn sign language, how involved am I in our relationship? Or rather, how am I communicating that involvement in our relationship? It became much more of an imperative for me, rather than a fun thing to do.

Christine Sun Kim: That’s why I appreciate our relationship and what’s it’s evolved into. You serve as a reminder for me that ASL is fundamental to my being. In the art world I’m often interacting with people that don’t know ASL, so I rely on textual communication, be it BIG words or email and electronic communication. But I’m signing less in my everyday life, and that’s a pity.

RH: I think it’s really important that the tools improve your ability to interact with random strangers and make your access to the world much larger. But at the same time, it makes it much easier for hearing people to pretend you’re not deaf and pretend you don’t sign.

I have the technology to type to you. It’s easy – but then I’m always looking at the screen, not at you — and there’s a delay because you have to read and then type in the response. I much prefer when you sign, because it’s all your personality, all the time, and it’s very visible. That’s why I like ASL. Even though the interpreters are fantastic — it’s different for me when you and I sign. It’s different, right? Do you feel isolated sometimes, behind the texting and the interpreters?

CSK: I’m not sure if I would say isolated… maybe I feel a bit less connected on interaction level, but that’s reality. I can’t expect that everyone will learn ASL.

RH: I’m militant. THEY MUST!

CSK:  That’s right. You’re fighting for me! <laughs> But the reason I focus on textual means of communication is that it makes it easier for hearing people to interact with me. Especially in the art world, I feel I can go to places far and wide if I meet them where they’re at, rather than them meeting me where I’m at.

RH: I kind of want to be an ally. Sometimes I see it’s difficult for you to see your interpreter, or someone doesn’t appreciate that if they slow down when they speak it will help you. Just little things. People are lazy, because they know if they mess up, YOU can get out the Big Words app, and it will be okay. But that’s not fair, because you do all the work.

CSK: I think I also have this messed-up idea about how the world should perceive me. I want the world to treat me as “normal,” but sometimes that comes at a cost. But sometimes when people treat me just like everyone else, I’m actually losing information, or denied access to information.

For example, when the interpreter is present, I’m treated as just another person at an event. People view that accommodation as “filling in the gap” — but that’s not enough, because placement of the interpreters, and thus where I can sit, is restricted. I do need some flexibility in terms of accommodation that allow me to access the environment.

RH: I like what you just said about redefining “normal.” Why is it not normal that I learn to sign? If you were French and I wanted to talk to you, I would learn French. I would think about it. But because you’re Deaf it’s a BIG thing that I’m doing. People say to me, “Why are you learning ASL?” and I say, “Because my friend speaks ASL.” It’s a no-brainer.

CSK: Yeah, what is normal anyway? One great thing is that you are very active in asking for signs, “What’s the sign for this?” Sometimes I’ll remind you to sign when we’re out. But also it’s become the norm that if you don’t know a sign, you will ask for it.

I think my attitude has changed in terms of how I interact with people because of your willingness to learn ASL. Because you are so assertive in your learning I have to learn to put the phone away to make sure I’m signing with you. And I appreciate that, even if it takes a bit longer to get through a conversation. So much more information get across, and it helps us connect better because we are looking at each other.

RH: Sometimes I feel shy because it’s super slow and you’re very patient. Like when I’m spelling… you’re like…ugh… and you wait for me, but I like it because it forces me to learn.

CSK: You always say, “Thank you for being patient.” But you are also patient when you’re communicating with me, so it’s a two-way street.

I’ve noticed that when I text with someone for four or five days at a conference, our relationship is temporary and can be superficial. But when I sign with someone like you, someone motivated to learn ASL, I develop a deeper and more meaningful relationship and friendship because you took the time to connect with me on my level.

Rooming with you has given me the opportunity to learn about myself, too. Sometimes we have opposite schedules, so I’ll be coming into the room after you’re already asleep. And I had warned you to bring earplugs because of my snoring.

RH: One funny thing is, you are very considerate about making noise. You sent me an email saying, “I snore a bunch,” so I brought earplugs. But I’ve never needed to use them. Also you woke up really early one morning but were typing super softly. It’s interesting because I think your understanding is that any noise will wake me — or you just entrenched consideration about not wanting to make noise.

CSK: It’s because I’m obsessed with the range and volume of sound. I don’t know if something is loud or something is quiet. But at the same time, how people hear and perceive sound vary. So I don’t know if that typing sound wouldn’t bother you, but might bother another hearing person. I have to figure out how to accommodate your sound needs. … I just wanna be a good hotel roommate!

It’s interesting — David Eagleman just spoke [watch his talk,  “Can we create new senses for humans?”] about the advancements that have been made with sensory technology, and now there’s a vest that can translate sound (or speech) into vibration patterns. Which was really cool. And I have to say, I fell for it. Then I looked at you and said “That’s a politically smart move.” Because with cochlear implants, the Deaf community can be vocal about their opposition of the device. But now, David Eagleman, has shifted the focus from the ear to sense of touch and these vibration patterns. But then you came in with your observations.

RH: I said no. It’s making it the Deaf person’s problem. “You must perceive sound.” So that means a hearing person has even less reason to learn ASL.

CSK: Right. And then I caught myself. Why should I receive training on how to recognize speech through vibration patterns? I’m falling into that same behavioral trap again. The vest is mediating communication, but the problem is that it’s only mediating it one way, making the hearing person understood by me. Still, I was thinking that vest could be a cool tool in terms how to localize sound. For example, if someone came in from behind me making a sound, I could receive a vibration pattern alerting me to that, and I would be able to localize.

RH: That’s actually why I subtitle videos. I want to make sure all people can watch my science videos. I want everyone to have access to them by default. We often talk about “helping” Deaf people. But I don’t want to help you. I want to include you. I want you and other Deaf people to learn science. And astronomy.

CSK: But also I mean, both Deaf people and hearing people have privilege. And all people benefit from accessible design.

RH: True.

CSK: [teaching Renee how to sign TRUE]

RH: And false is?

CSK: [teaches Renee how to sign FALSE]


Sociological ImagesBeliefs About Brilliance and the Demography of Academic Fields

A new study led by philosopher Sarah-Jane Leslie challenges the idea that women are underrepresented in STEM fields. They first note that there are some STEM fields where women do well (they are 54% of molecular biologists, for example) and some humanities fields where they don’t (they are only 31% of philosophers). Something else, they gathered, must be going on.

They had a hunch. They asked 1,820 U.S. academics what it took to be successful in their field. They were particularly interested in answers that suggested hard work and ones that invoked brilliance.

Their results showed a clear relationship between the presence of women in a field and the assumption that success required brilliance.  The downward sloping line represents the proportion of female PhDs in stem fields (top) and social science and humanities fields (bottom) as they become increasingly associated with brilliance:

5

Interviewed at Huffington Post, Leslie says:

Cultural associations link men, but not women, with raw intellectual brilliance… consider, for example, how difficult it is to think of even a single pop-cultural portrayal of a woman who displays that same special spark of innate, unschooled genius as Sherlock Holmes or Dr. House from the show “House M.D.,” or Will Hunting from the movie “Good Will Hunting.”

In contrast, accomplished women are often portrayed as very hard working (and often having given up on marriage and children, I’ll add). She continues:

In this way, women’s accomplishments are seen as grounded in long hours, poring over books, rather than in some special raw effortless brilliance.

They extended their findings to race, testing whether the relationship held for African Americans, another group often stereotyped as less intelligent, and Asians, a group that attracts the opposite stereotype. As hypothesized, they found the relationship for the first group, but not the second (note the truncated y-axis).

6

The long term solution to this problem, of course, is to end white and Asian men’s claim on brilliance. In the meantime, the research team suggests, it may be a good idea to stop talking about some fields as if they’re the rightful home of the naturally brilliant and start advocating hard work for everyone.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

CryptogramBIOS Hacking

We've learned a lot about the NSA's abilities to hack a computer's BIOS so that the hack survives reinstalling the OS. Now we have a research presentation about it.

From Wired:

The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually scanned by them, spies can plant malware that remains live and undetected even if the computer's operating system were wiped and re-installed.

[...]

Although most BIOS have protections to prevent unauthorized modifications, the researchers were able to bypass these to reflash the BIOS and implant their malicious code.

[...]

Because many BIOS share some of the same code, they were able to uncover vulnerabilities in 80 percent of the PCs they examined, including ones from Dell, Lenovo and HP. The vulnerabilities, which they're calling incursion vulnerabilities, were so easy to find that they wrote a script to automate the process and eventually stopped counting the vulns it uncovered because there were too many.

From ThreatPost:

Kallenberg said an attacker would need to already have remote access to a compromised computer in order to execute the implant and elevate privileges on the machine through the hardware. Their exploit turns down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed.

The devious part of their exploit is that they've found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure operating systems such as Tails in the line of fire of the implant.

From the Register:

"Because almost no one patches their BIOSes, almost every BIOS in the wild is affected by at least one vulnerability, and can be infected," Kopvah says.

"The high amount of code reuse across UEFI BIOSes means that BIOS infection can be automatic and reliable.

"The point is less about how vendors don't fix the problems, and more how the vendors' fixes are going un-applied by users, corporations, and governments."

From Forbes:

Though such "voodoo" hacking will likely remain a tool in the arsenal of intelligence and military agencies, it's getting easier, Kallenberg and Kovah believe. This is in part due to the widespread adoption of UEFI, a framework that makes it easier for the vendors along the manufacturing chain to add modules and tinker with the code. That's proven useful for the good guys, but also made it simpler for researchers to inspect the BIOS, find holes and create tools that find problems, allowing Kallenberg and Kovah to show off exploits across different PCs. In the demo to FORBES, an HP PC was used to carry out an attack on an ASUS machine. Kovah claimed that in tests across different PCs, he was able to find and exploit BIOS vulnerabilities across 80 per cent of machines he had access to and he could find flaws in the remaining 10 per cent.

"There are protections in place that are supposed to prevent you from flashing the BIOS and we've essentially automated a way to find vulnerabilities in this process to allow us to bypass them. It turns out bypassing the protections is pretty easy as well," added Kallenberg.

The NSA has a term for vulnerabilities it think are exclusive to it: NOBUS, for "nobody but us." Turns out that NOBUS is a flawed concept. As I keep saying: "Today's top-secret programs become tomorrow's PhD theses and the next day's hacker tools." By continuing to exploit these vulnerabilities rather than fixing them, the NSA is keeping us all vulnerable.

Two Slashdot threads. Hacker News thread. Reddit thread.

EDITED TO ADD (3/31): Slides from the CanSecWest presentation. The bottom line is that there are some pretty huge BIOS insecurities out there. We as a community and industry need to figure out how to regularly patch our BIOSes.

RacialiciousAn Empty Panel: On The Nightly Show’s Diversity In Comics Discussion

By Arturo R. García

You would think that a discussion of comics and diversity on The Nightly Show would be a home run.

You would be wrong.

We hate to call into question fine sites like Remezcla and The Mary Sue. But after watching the episode twice, it’s hard to imagine what show they were watching this past Thursday.

Larry Wilmore’s introduction sets the uneven tone for the rest of the episode. While he rightly describes the crux of the discussion — race, gender and pop culture — he refuses to do so without regurgitating the most played-out stereotypes about people with geeky interests, with lines like, “Hey basement dwellers, tell mom she can tuck you in later” and a banner reading Dork Diversity behind him.

On the bright side, panelist and renowned artist Phil Jimenez inadvertently(?) undermines Wilmore’s material during the discussion.

“It seems strange to me that we would partition race, gender and nerd, as if they were distinct things. All human beings are this combination of experiences and ideologies,” Jimenez says. “The idea that somehow being a nerd is separate from one’s religious or moral or political beliefs is strange to me. We all bring everything to our decision-making on a daily basis.”

Wilmore’s Othering of fandom bigots/misogynists hurts the discussion on multiple levels. His insistence on attributing their violence to “fear of change,” for example, minimizes the very real threats and abuse levied against fans who are not cis-white hetero males — like Batgirl fans, most recently, Batgirl fans. As Vox reported, it’s tough to describe offenders as outliers when white people in the U.S. already think race is discussed “too much.”

Marvel Content and Character Development Director Sana Amanat runs with the “fear of change” theory during the discussion.

“They don’t like it when their toys are played with,” she explains. “I don’t. I like my Barbies. I still have them. I’m okay with that … We’re just trying to show that we’re not trying to take away your toys, we’re just trying to show them in a different light.”

While the successes of not only Ms. Marvel, but the new woman Thor are commendable, it must be pointed out: one of the reasons white fans feel entitled to keeping “their toys” intact is because Amanat’s company, along with DC Comics, chose to build their part of the comics industry by making the white toys seem more important.

For decades, white characters, creators and executives have been placed at the forefront of both companies. And when called on it, the company line went something like this:

Without acknowledging that context, corporate comics makers can’t be trusted to lead discussions on race any more than, say, coffee-making conglomerates

To be fair, the episode didn’t seem built to handle this. With roughly 7 minutes of panel time to spread among four guests plus Wilmore, there was no chance to follow up on Jean Grae’s remarks on being introduced to comics by her older brother, emphasis mine:

“I didn’t really get to see anyone who looked like me or represented me,” Grae said. “I’m from South Africa, so everyone was like, ‘Right, right, Storm, Africa,’ which is kind of the reason why I didn’t choose that as my name.”

That’s a great starting point for talking about why that matters to fans of any age and any community. But it gets lost as the show transitions to the “Keep It 100″ segment, which took it easy on the panel, compared to other installments.

At the same time, Wilmore provided the show’s strongest moment early on when he takes down Michelle Rodríguez’s decision to join the Patricia Arquette Corps, as well as her laughable attempt to claim she was taken “out of context” when she said POC should “stop stealing all white peoples’ superheroes.”

“I do see your point,” Wilmore says. “Minorities should come up with original projects, instead of relying on lazy franchises. And by the way, make sure you catch Michelle in the seventh installment of the Fast & Furious franchise, Furious 7.

At a time when race-related panels at conventions can get awfully 101 awfully fast, some of that kind of justifiable bite might have boosted Thursday’s discussion and forced the Big Two to truly Keep It 100 regarding some of their past choices. Let’s hope that, like anything fandom-related, we get a sequel to Thursday’s show that’s closer to Wrath of Khan than Into Darkness.

The panel discussion can be seen in its entirety below.

<iframe frameborder="0" height="288" src="http://media.mtvnservices.com/embed/mgid:arc:video:comedycentral.com:66035e8e-c605-43ab-9af6-648cd675dc59" width="512"></iframe>

Get More: Comedy Central,Funny Videos,Funny TV Shows

The post An Empty Panel: On The Nightly Show’s Diversity In Comics Discussion appeared first on Racialicious - the intersection of race and pop culture.

Planet Linux AustraliaBinh Nguyen: Mee (noodle) and Nasi (rice) Goreng Recipe/s

This is based on recipes online and an interpretation by a local restaurants that I used to frequent. While there are other alternative recipes that possibly taste better, I find that this is the quickest and easiest version.
- sugar
- curry powder
- chilli sauce
- soy sauce
- tomato sauce
- eggs
- chicken, prawns, and/or seafood mix
- egg noodles (any kind)
- lemon juice (optional)
- oyster sauce (optional)
- garlic (optional)
- ginger (optional)
- onion (optional)
- tomatoes (optional)
- tofu (optional)
- vegetables (optional, type is your choice)
Coat chicken with bicarbonate soda if desired (meat tenderiser. This step is not required at all if chicken is diced into small enough pieces and cooked well) and then wash off in cold water. Marinade chicken in fish sauce, sugar, garlic, pepper (optional step). Fry off chicken, tofu, onion, garlic, ginger, etc... in pan. Create sauce by using tomato sauce, soy sauce, chill sauce, curry powder, sugar, etc... Cook sauce and add noodles/rice when ready. Garnish everything with chopped lettuce and fried shallots if desired.

The following is what it looks like.
http://indaily.com.au/food-and-wine/2014/09/23/adam-liaws-mee-goreng/

Worse Than FailureCodeSOD: Regularly Expressing Hate

Perl is jokingly referred to as a “write-only language”. This is because Perl’s primary solution to any problem is to throw a regular expression <script src="http://www.cornify.com/js/cornify.js" type="text/javascript"></script> at it. Regexes are powerful, but cryptic.

Metamucil

Imagine RJ’s joy at starting a new contract for an OCR/document-management system that makes heavy use of regexes. Even better, the system doesn’t use widely implemented “Perl-compatible regular expressions” syntax, but instead, uses its own, slightly tweaked version.

So, for example, when the system needs to pick the document ID out of the scanned document, it uses this regex:

([:-.,;/\\(]{0,2}(( [C|c][P|p][K,<|k,<][0-9]{11} )||([:#.$",&apos#-/|][C|c][P|p][K,<|k,<][0-9]{11} )||( [C|c][P|p][K,<|k,<][0-9]{11}[:.$",&apos#-/|l\\])||([:.$",&apos#-/|][C|c][P|p][K,<|k,<][0-9]{11}[:.$",&apos#-/|l\\])||( 01[A|a|C|c|D|d|E|e|R|r][0-9]{7} )||([:#.$",&apos#-/|]01[A|a|C|c|D|d|E|e|R|r][0-9]{7} )||(01[A|a|C|c|D|d|E|e|R|r][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]01[A|a|C|c|D|d|E|e|R|r][0-9]{7}[:#.$",&apos#-/|l\\])||( 02[A|a|B|b|C|c|D|d|E|e|F|f][0-9]{7} )||([:#.$",&apos#-/|]02[A|a|B|b|C|c|D|d|E|e|F|f][0-9]{7} )||( 02[A|a|B|b|C|c|D|d|E|e|F|f][0-9]{7}[:#.$",&apos#-/|l\\])||([:#-/|]02[A|a|B|b|C|c|D|d|E|e|F|f][0-9]{7}[:#.$",&apos#-/|l\\])||( 04[C|c|D|d|F|f|V|v][0-9]{7} )||([:#.$",&apos#-/|]04[C|c|D|d|F|f|V|v][0-9]{7} )||( 04[C|c|D|d|F|f|V|v][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]04[C|c|D|d|F|f|V|v][0-9]{7}[:#.$",&apos#-/|l\\])||( 05[M|m|A|a][0-9]{7} )||([:#.$",&apos#-/|]05[M|m|A|a][0-9]{7} )||( 05[M|m|A|a][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]05[M|m|A|a][0-9]{7}[:#.$",&apos#-/|l\\])||( 06[B|b|C|c|G|g|H|h|J|j|K|k|L|l|M|m|S|s|U|u|Y|y][0-9]{7} )||([:#.$",&apos#-/|]06[B|b|C|c|G|g|H|h|J|j|K|k|L|l|M|m|S|s|U|u|Y|y][0-9]{7} )||( 06[B|b|C|c|G|g|H|h|J|j|K|k|L|l|M|m|S|s|U|u|Y|y][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]06[B|b|C|c|G|g|H|h|J|j|K|k|L|l|M|m|S|s|U|u|Y|y][0-9]{7}[:#.$",&apos#-/|l\\])||( 07[U|u][0-9]{7} )||([:#.$",&apos#-/|]07[U|u][0-9]{7} )||( 07[U|u][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]07[U|u][0-9]{7}[:#.$",&apos#-/|l\\])||( 08[A|a][0-9]{7} )||([:#.$",&apos#-/|]08[A|a][0-9]{7} )||( 08[A|a][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]08[A|a][0-9]{7}[:#.$",&apos#-/|l\\])||( 09[A|a|B|b|C|c|D|d|F|f][0-9]{7} )||([:#.$",&apos#-/|]09[A|a|B|b|C|c|D|d|F|f][0-9]{7} )||( 09[A|a|B|b|C|c|D|d|F|f][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]09[A|a|B|b|C|c|D|d|F|f][0-9]{7}[:#.$",&apos#-/|l\\])||( 10[M|m|F|f][0-9]{7} )||([:#.$",&apos#-/|]10[M|m|F|f][0-9]{7} )||( 10[M|m|F|f][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]10[M|m|F|f][0-9]{7}[:#.$",&apos#-/|l\\])||( 13[A|a][0-9]{7} )||([:#.$",&apos#-/|]13[A|a][0-9]{7} )||( 13[A|a][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]13[A|a][0-9]{7}[:#.$",&apos#-/|l\\])||( 14[A|a][0-9]{7} )||([:#.$",&apos#-/|]14[A|a][0-9]{7} )||( 14[A|a][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]14[A|a][0-9]{7})||( 15[D|d|E|e|R|r|T|t][0-9]{7} )||([:#.$",&apos#-/|]15[D|d|E|e|R|r|T|t][0-9]{7} )||( 15[D|d|E|e|R|r|T|t][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]15[D|d|E|e|R|r|T|t][0-9]{7}[:#.$",&apos#-/|l\\])||( 17[A|a|E|e|L|l|M|m|P|p|S|s|U|u|W|w][0-9]{7} )||([:#.$",&apos#-/|]17[A|a|E|e|L|l|M|m|P|p|S|s|U|u|W|w][0-9]{7} )||( 17[A|a|E|e|L|l|M|m|P|p|S|s|U|u|W|w][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]17[A|a|E|e|L|l|M|m|P|p|S|s|U|u|W|w][0-9]{7}[:#.$",&apos#-/|l\\])||( 18[A|a][0-9]{7} )||([:#.$",&apos#-/|]18[A|a][0-9]{7} )||( 18[A|a][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]18[A|a][0-9]{7}[:#.$",&apos#-/|l\\])||( 21[A|a|C|c|D|d][0-9]{7} )||([:#.$",&apos#-/|]21[A|a|C|c|D|d][0-9]{7} )||( 21[A|a|C|c|D|d][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]21[A|a|C|c|D|d][0-9]{7}[:#.$",&apos#-/|l\\])||( 23[A|a|B|b|C|c|D|d|L|l|M|m][0-9]{7} )||([:#.$",&apos#-/|]23[A|a|B|b|C|c|D|d|L|l|M|m][0-9]{7} )||(23[A|a|B|b|C|c|D|d|L|l|M|m][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]23[A|a|B|b|C|c|D|d|L|l|M|m][0-9]{7}[:#.$",&apos#-/|l\\])
||( 24[A|a|B|b|C|c|F|f|K|k|M|m|T|t][0-9]{7} )||([:#.$",&apos#-/|]24[A|a|B|b|C|c|F|f|K|k|M|m|T|t][0-9]{7} )||( 24[A|a|B|b|C|c|F|f|K|k|M|m|T|t][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]24[A|a|B|b|C|c|F|f|K|k|M|m|T|t][0-9]{7}[:#.$",&apos#-/|l\\])
||( 25[A|a][0-9]{7} )||([:#.$",&apos#-/|]25[A|a][0-9]{7} )||( 25[A|a][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]25[A|a][0-9]{7}[:#.$",&apos#-/|l\\])||( 32[A|a|F|f|H|h|X|x|Y|y|Z|z][0-9]{7} )||([:#.$",&apos#-/|]32[A|a|F|f|H|h|X|x|Y|y|Z|z][0-9]{7} )||( 32[A|a|F|f|H|h|X|x|Y|y|Z|z][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]32[A|a|F|f|H|h|X|x|Y|y|Z|z][0-9]{7}[:#.$",&apos#-/|l\\])||( 34[A|a][0-9]{7} )||([:#.$",&apos#-/|]34[A|a][0-9]{7} )||( 34[A|a][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]34[A|a][0-9]{7}[:#.$",&apos#-/|l\\])
||( 35[A|a|B|R|r|S|s|T|t|U|u][0-9]{7} )||([:#.$",&apos#-/|]35[A|a|B|R|r|S|s|T|t|U|u][0-9]{7} )||( 35[A|a|B|R|r|S|s|T|t|U|u][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]35[A|a|B|R|r|S|s|T|t|U|u][0-9]{7}[:#.$",&apos#-/|l\\])||( 39[C|c|P|p][0-9]{7} )||([:#.$",&apos#-/|]39[C|c|P|p][0-9]{7} )||( 39[C|c|P|p][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]39[C|c|P|p][0-9]{7}[:#.$",&apos#-/|l\\])||( 40[A|a|C|c|D|d|S|s][0-9]{7} )||([:#.$",&apos#-/|]40[A|a|C|c|D|d|S|s][0-9]{7} )||( 40[A|a|C|c|D|d|S|s][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]40[A|a|C|c|D|d|S|s][0-9]{7}[:#.$",&apos#-/|l\\])||( 46[A|a|B|b][0-9]{7} )||([:#.$",&apos#-/|]46[A|a|B|b][0-9]{7} )||( 46[A|a|B|b][0-9]{7}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]46[A|a|B|b][0-9]{7}[:#.$",&apos#-/|l\\])
||( 01[A|a|C|c|D|d|E|e|R|r][0-9]{9} )||([:#.$",&apos#-/|]01[A|a|C|c|D|d|E|e|R|r][0-9]{9} )||(01[A|a|C|c|D|d|E|e|R|r][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]01[A|a|C|c|D|d|E|e|R|r][0-9]{9}[:#.$",&apos#-/|l\\])||( 02[A|a|B|b|C|c|D|d|E|e|F|f][0-9]{9} )
||([:#.$",&apos#-/|]02[A|a|B|b|C|c|D|d|E|e|F|f][0-9]{9} )||( 02[A|a|B|b|C|c|D|d|E|e|F|f][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]02[A|a|B|b|C|c|D|d|E|e|F|f][0-9]{9}[:#.$",&apos#-/|l\\])
||( 04[C|c|D|d|F|f|V|v][0-9]{9} )||([:#.$",&apos#-/|]04[C|c|D|d|F|f|V|v][0-9]{9} )||( 04[C|c|D|d|F|f|V|v][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]04[C|c|D|d|F|f|V|v][0-9]{9}[:#.$",&apos#-/|l\\])||( 05[M|m|A|a][0-9]{9} )||([:#.$",&apos#-/|]05[M|m|A|a][0-9]{9} )||( 05[M|m|A|a][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]05[M|m|A|a][0-9]{9}[:#.$",&apos#-/|l\\])||( 06[B|b|C|c|G|g|H|h|J|j|K|k|L|l|M|m|S|s|U|u|Y|y][0-9]{9} )||([:#.$",&apos#-/|]06[B|b|C|c|G|g|H|h|J|j|K|k|L|l|M|m|S|s|U|u|Y|y][0-9]{9} )||( 06[B|b|C|c|G|g|H|h|J|j|K|k|L|l|M|m|S|s|U|u|Y|y][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]06[B|b|C|c|G|g|H|h|J|j|K|k|L|l|M|m|S|s|U|u|Y|y][0-9]{9}[:#.$",&apos#-/|l\\])||( 07[U|u][0-9]{9} )||([:#.$",&apos#-/|]07[U|u][0-9]{9} )||( 07[U|u][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]07[U|u][0-9]{9}[:#.$",&apos#-/|l\\])||( 08[A|a][0-9]{9} )||([:#.$",&apos#-/|]08[A|a][0-9]{9} )||( 08[A|a][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]08[A|a][0-9]{9}[:#.$",&apos#-/|l\\])||( 09[A|a|B|b|C|c|D|d|F|f][0-9]{9} )||      ([:#.$",&apos#-/|]09[A|a|B|b|C|c|D|d|F|f][0-9]{9} )||( 09[A|a|B|b|C|c|D|d|F|f][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]09[A|a|B|b|C|c|D|d|F|f][0-9]{9}[:#.$",&apos#-/|l\\])||( 10[M|m|F|f][0-9]{9} )||([:#.$",&apos#-/|]10[M|m|F|f][0-9]{9} )||( 10[M|m|F|f][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]10[M|m|F|f][0-9]{9}[:#.$",&apos#-/|l\\])||( 13[A|a][0-9]{9} )||([:#.$",&apos#-/|]13[A|a][0-9]{9} )||( 13[A|a][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]13[A|a][0-9]{9}[:#.$",&apos#-/|l\\])||( 14[A|a][0-9]{9} )||
([:#.$",&apos#-/|]14[A|a][0-9]{9} )||( 14[A|a][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]14[A|a][0-9]{9}[:#.$",&apos#-/|l\\])|| ( 15[D|d|E|e|R|r|T|t][0-9]{9} )||([:#.$",&apos#-/|]15[D|d|E|e|R|r|T|t][0-9]{9} )||( 15[D|d|E|e|R|r|T|t][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]15[D|d|E|e|R|r|T|t][0-9]{9}[:#.$",&apos#-/|l\\])||( 17[A|a|E|e|L|l|M|m|P|p|S|s|U|u|W|w][0-9]{9} )||([:#.$",&apos#-/|]17[A|a|E|e|L|l|M|m|P|p|S|s|U|u|W|w][0-9]{9} )||( 17[A|a|E|e|L|l|M|m|P|p|S|s|U|u|W|w][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]17[A|a|E|e|L|l|M|m|P|p|S|s|U|u|W|w][0-9]{9}[:#.$",&apos#-/|l\\])||( 18[A|a][0-9]{9} )||([:#.$",&apos#-/|]18[A|a][0-9]{9} )||( 18[A|a][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]18[A|a][0-9]{9}[:#.$",&apos#-/|l\\])
||( 21[A|a|C|c|D|d][0-9]{9} )||([:#.$",&apos#-/|]21[A|a|C|c|D|d][0-9]{9} )||( 21[A|a|C|c|D|d][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]21[A|a|C|c|D|d][0-9]{9}[:#.$",&apos#-/|l\\])||( 23[A|a|B|b|C|c|D|d|L|l|M|m][0-9]{9} )||([:#.$",&apos#-/|]23[A|a|B|b|C|c|D|d|L|l|M|m][0-9]{9} )||( 23[A|a|B|b|C|c|D|d|L|l|M|m][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]23[A|a|B|b|C|c|D|d|L|l|M|m][0-9]{9}[:#.$",&apos#-/|l\\])||( 24[A|a|B|b|C|c|F|f|K|k|M|m|T|t][0-9]{9} )||([:#.$",&apos#-/|]24[A|a|B|b|C|c|F|f|K|k|M|m|T|t][0-9]{9} )||( 24[A|a|B|b|C|c|F|f|K|k|M|m|T|t][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]24[A|a|B|b|C|c|F|f|K|k|M|m|T|t][0-9]{9}[:#.$",&apos#-/|l\\])||( 25[A|a][0-9]{9} )||([:#.$",&apos#-/|]25[A|a][0-9]{9} )||( 25[A|a][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]25[A|a][0-9]{9}[:#.$",&apos#-/|l\\])
||( 32[A|a|F|f|H|h|X|x|Y|y|Z|z][0-9]{9} )||([:#.$",&apos#-/|]32[A|a|F|f|H|h|X|x|Y|y|Z|z][0-9]{9} )||( 32[A|a|F|f|H|h|X|x|Y|y|Z|z][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]32[A|a|F|f|H|h|X|x|Y|y|Z|z][0-9]{9}[:#.$",&apos#-/|l\\])||( 34[A|a][0-9]{9} )||([:#.$",&apos#-/|]34[A|a][0-9]{9} )||( 34[A|a][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]34[A|a][0-9]{9}[:#.$",&apos#-/|l\\])||( 35[A|a|B|b|R|r|S|s|T|t|U|u][0-9]{9} )||([:#.$",&apos#-/|]35[A|a|B|b|R|r|S|s|T|t|U|u][0-9]{9} )||( 35[A|a|B|b|R|r|S|s|T|t|U|u][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]35[A|a|B|b|R|r|S|s|T|t|U|u][0-9]{9}[:#.$",&apos#-/|l\\])||( 39[C|c|P|p][0-9]{9} )||([:#.$",&apos#-/|]39[C|c|P|p][0-9]{9} )||( 39[C|c|P|p][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]39[C|c|P|p][0-9]{9}[:#.$",&apos#-/|l\\])
||( 40[A|a|C|c|D|d|S|s][0-9]{9} )||([:#.$",&apos#-/|]40[A|a|C|c|D|d|S|s][0-9]{9} )||( 40[A|a|C|c|D|d|S|s][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]40[A|a|C|c|D|d|S|s][0-9]{9}[:#.$",&apos#-/|l\\])||( 46[A|a|B|b][0-9]{9} )||([:#.$",&apos#-/|]46[A|a|B|b][0-9]{9} )||( 46[A|a|B|b][0-9]{9}[:#.$",&apos#-/|l\\])||([:#.$",&apos#-/|]46[A|a|B|b][0-9]{9}[:#.$",&apos#-/|l\\]))[-.,;:Il|/\\]{0,2} )

RJ added, “Given the scale of WTF in this place, I was only mildly surprised such an abomination existed. I share it for your amusement.” If this is only a mild surprise, RJ, may the gods have mercy on your soul.

[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet DebianMario Lang: Why is Qt5 not displaying Braille?

While evaluating the cross-platform accessibility of Qt5, I stumbled across this deficiency:

#include <QApplication>
#include <QTextEdit>

int main(int argv, char **args)
{
  QApplication app(argv, args);

  QTextEdit textEdit;
  textEdit.setText(u8"\u28FF");
  textEdit.show();

  return app.exec();
}

(compile with -std=c++11).

On my system, this "application" does not show the correct glyph always. Sometimes, it renders a a white square with black border, i.e., the symbol for unknown glyph. However, if I invoke the same executable several times, sometimes, it renders the glyph correctly.

In other words: The glyph choosing mechansim is apparently non-deterministic!!!

UPDATE: Sune Vuorela figured out that I need to set QT_HARFBUZZ=old in the environment for this bug to go away. Apparently, harfbuzz-ng from Qt 5.3 is buggy.

Planet DebianJonathan Dowland: Linux music players, 2015 edition

Now I'm back to Linux on the Desktop for my dayjob, I was slightly nervous about checking out the state of the art for Linux music players; an area I've never felt the Linux desktop was very strong on.

However for the time being I've largely side-stepped the issue by listening to BBC 6 Music for most of the day. For better or worse, I scrobble, and somebody has written a neat web app for scrobbling along to radio stations. When I want to listen to something different for a change, I've been trying out a trial of Google Play Music, for which somebody has written a Chrome extension to scrobble. On the rare occasions I listen to local music, I'm using VLC.

Google Play Music seems pretty good, but I'm not getting a lot from my trial because 6 Music is generally fantastic.

Scrobbling 6 Music has revealed a bit of a disconnect for how I use last.fm, and how website thinks you should use it. Within a day or two, my "music compability" with 6 Music was (predictably) "SUPER". Looking at my "Top artists", right near the top are 6 Music's current playlist favourites Courtney Barnett and Nadine Shah, who I can (at least) recall the songs that have been played; just below them are Young Fathers, who I cannot. A little lower are Hot Chip and Slaves: both artists who have current singles out which I enjoyed for a while, but the relentless BBC playlist policy is overdoing them and I'm inclined to switch over when they come on now. If I listen to a whole album in a given week, then the artist will likely (and rightly) be sat at the top of "last 7 days"; if I don't, then it could be something I can't even remember listening to.

Planet DebianJan Wagner: Wordpress dictionary attack

Today early in the morning my monitoring system notified me about unusual high outgoing traffic on my hosting plattform. I traced the problem down the webserver which is also hosting this abondened website.

Looking into this with iptraf revealed that this traffic is coming only from one IP. At first I thought anybody might grabbing my Debian packages from ftp.cyconet.org. But no, it was targeting my highly sophisticated blogging plattform.

$ grep 46.235.43.146 /var/log/nginx/vhosts/access_logs/blog.waja.info-access.log | tail -2
46.235.43.146 - - [23/Mar/2015:08:20:12 +0100] "POST /wp-login.php HTTP/1.0" 404 22106 "-" "-"
46.235.43.146 - - [23/Mar/2015:08:20:12 +0100] "POST /wp-login.php HTTP/1.0" 404 22106 "-" "-"
$ grep 46.235.43.146 /var/log/nginx/vhosts/access_logs/blog.waja.info-access.log | wc -l
83676
$ grep 46.235.43.146 /var/log/nginx/vhosts/access_logs/blog.waja.info-access.log | wc -l
83782
$ grep 46.235.43.146 /var/log/nginx/vhosts/access_logs/blog.waja.info-access.log | grep -v wp-login.php | wc -l
0

It makes me really sad to see, that dictionary attacks are smashing with such a high power these days, even without evaluating the 404 response.

Krebs on SecurityHilton Honors Flaw Exposed All Accounts

Hospitality giant Hilton Hotels & Resorts recently started offering Hilton HHonors Awards members 1,000 free awards points to those who agreed to change their passwords for the online service prior to April 1, 2015, when the company said the change would become mandatory. Ironically, that same campaign led to the discovery of a simple yet powerful flaw in the site that let anyone hijack a Hilton Honors account just by knowing or guessing its valid 9-digit Hilton Honors account number.

Until it was notified by KrebsOnSecurity about a dangerous flaw in its site, Hilton was offering 1,000 points to customers who changed their passwords before April 1, 2015.

Until it was notified by KrebsOnSecurity about a dangerous flaw in its site, Hilton was offering 1,000 points to customers who changed their passwords before April 1, 2015.

The vulnerability was uncovered by Brandon Potter and JB Snyder, technical security consultant and founder, respectively, at security consulting and testing firm Bancsec. The two found that once they’d logged into a Hilton Honors account, they could hijack any other account just by knowing its account number. All it took was a small amount of changing the site’s HTML content and then reloading the page.

After that, they could see and do everything available to the legitimate holder of that account, such as changing the account password; viewing past and upcoming travel; redeeming Hilton Honors points for travel or hotel reservations worldwide; or having the points sent as cash to prepaid credit cards or transferred to other Hilton Honors accounts. The vulnerability also exposed the customer’s email address, physical address and the last four digits of any credit card on file.

I saw this vulnerability in action after giving Snyder and Potter my own Hilton Honors account number, and seconds later seeing screen shots of them logged into my account. Hours after this author alerted Hilton of the discovery, the Hilton Honors site temporarily stopped allowing users to reset their passwords. The flaw they discovered now appears to be fixed.

“Hilton Worldwide recently confirmed a vulnerability on a section of our Hilton HHonors website, and we took immediate action to remediate the vulnerability,” Hilton wrote in an emailed statement. “As always, we encourage Hilton HHonors members to review their accounts and update their online passwords regularly as a precaution. Hilton Worldwide takes information security very seriously and we are committed to safeguarding our guests’ personal information.”

Snyder said the problem stemmed from a common Web application weakness called a cross-site request forgery (CSRF) vulnerability, a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.

The CSRF flaw was doubly dangerous because Hilton’s site didn’t require logged-in users to re-enter their current passwords before picking a new one.

“If they have so much personal information on people, they should be required to do Web application testing before publishing changes to the internet,” Snyder said. “Especially if they have millions of users like I’m sure they do.”

Snyder said attackers could easily enumerate Hilton Honors account numbers using the company’s Web site, which relies on a PIN reset page that will tell you whether any 9-digit number is a valid account.

“There are a billion combinations, but this testing on the PIN reset page could be easily automated,” Snyder said.

Hilton no longer allows users to pick a PIN as a password, and those who try to reset their password after logging in with the their PIN are told to pick a password of at least eight characters in length, containing at least one uppercase letter and a number or special character. Subsequent password changes, however, still do not require users to enter their existing password.

It is likely that the offer of 1,000 points for customers who voluntarily changed their passwords before April 1, 2015 was an effort to get more customers to ditch their 4-digit PINs. Hilton’s reliance on a 4-digit PIN to secure customer loyalty accounts was blamed last year for a spike in account takeovers in which customers logged in to find that thieves had cashed out or otherwise stolen their award points.

Many airlines that offer awards programs also still allow customers to log in with nothing more than a member number and a PIN, including Qantas and United.

TEDPop-Up Magazine: The engrossing talks of Session 8 of TED2015

Dawn Landes performs at TED2015 - Truth and Dare, Session 8. Photo: Bret Hartman/TED

Dawn Landes performs a song from her new musical, about a woman who rowed the Atlantic Ocean solo. Photo: Bret Hartman/TED

Pop-Up Magazine is “something like a reading,” only not. This unique show brings the glossy pages of a general interest magazine to life, telling real-life stories in a vortex of sight, sound and spectacle. And they have curated Session 8 of TED2015. A tour of the 11 stories woven on the TED stage:

Believe in Magik*. The lights went up, bringing the stage and audience out of darkness, as Minna Choi + Magik*Magik opened Pop-Up Magazine’s session. The violins and cello began with a steady, elegant hum. Meanwhile, the piano added a low yet hopeful quality. Then one violin struck out in an excited, spiraling solo, leading the way for the accompanying violin to match. The strings then departed and dropped several octaves, creating a somewhat frenzied, ominous sound. In a drastic shift, the piano switched from a supporting role to a lead, engaging the violin in a light, whimsical tip-toe throughout a new melody. Finally, with one musician strumming his violin like a mandolin, the orchestra coalesced into a final surge that was two parts elegant, one part structured chaos. With this, Minna Choi + Magik*Magik set a beautiful tone for the session.

So, how did you meet? Photographer Alec Soth and New York Times photo editor Stacey Baker kick off this session with moving photographs of love and relationships. In their work together, they look at singles and couples — from longtime spouses at a retirement home to single people at the world’s largest speed-dating event. In Las Vegas. On Valentine’s Day. (Stacey was in the hot seat.) In his photographs, Alec hopes to capture an element of vulnerability, as a “physical exterior reveals a crack to the more fragile interior.” Soth and Baker were fascinated by the quality of endurance they saw in all of their subjects. “The world is hard, and the singles were out there trying to connect with other people. And the couples were holding onto each other after all these decades.” One of the last couples Alec photographed for their project at the retirement home both carried the same photo of their wedding day in their wallets. What’s more beautiful: the two people young and happy in this photo, or the two people still holding onto this image decades later?

The birth of a bee. We’ve all heard that bees are in peril. But for his upcoming story in National Geographic, “I wanted to explore what this looks like,” says photographer Anand Varma, as he shows us a thrilling time-lapse of the first 21 days of a bee’s life, as it goes from a clear blob to a furry bee. Crawling around the hive are mites, called varroa destructor, which prey on the developing young bees, making them vulnerable to disease. Most beekeepers fight these mites by treating the hive with chemicals, which also isn’t great for the bees. “Researchers are working on finding alternative methods to control those mites,” says Varma, talking us through an experiment to breed bees for mite resistance, with tough side effects: “The bees started to lose traits like gentleness and the ability to store honey,” essentially, some of the qualities that make them bees. (The photos will appear in the April issue of Nat Geo.)

Anand Varma speaks at TED2015 - Truth and Dare, Session 8. Photo: Bret Hartman/TED

Anand Varma shares astonishing macro photos of bees — and the challenges they face right now. Photo: Bret Hartman/TED

A misunderstood spectrum. Steve Silberman takes us through decades-old history of misinformation and misunderstanding about autism. It started in 1943 with child psychologist Leo Kanner, who was the world’s leading authority on autism at the time. Kanner believed autism was very rare, and indeed his definition was incredibly narrow: He classified it as an “infantile psychosis caused by cold and unaffectionate parents” and wrote off special abilities that he saw in children with autism. “As a result,” says Silberman, “autism became a source of shame and stigma, and two generations shipped off to institutions ‘for their own good.’” English psychiatrist Lorna Wing would later uncover research from 1944 by Hans Asperger that showed a much more progressive view of autism. Asperger saw it “as a diverse continuum that spans an astonishing range of giftedness and disability.” Today the CDC estimates that one in 68 children in the US are on the autism spectrum, and indeed as Silberman shows, there’s no benefit to the stigma. After all, he says, “We can’t afford to waste a single brain.”

A man named Wall Street. For our next story, The Kitchen Sisters — radio producers Davia Nelson and Nikki Silva — take us to San Quentin to meet “Wall Street,” an inmate who buys and trades stocks from the inside. His real name is Curtis Carol — he grew up in Oakland with a mom, and grandmother, addicted to crack. He committed his first crime at age 12. He’s 37 now; he has been in prison for 20 years, The Kitchen Sisters tell us. One day in prison, he picked up the financial section of a newspaper. “A guy asked if I played the stock market. I was like, ‘What’s that?’” remembers Wall Street, his voice heard clearly in the teleplay. “It’s where white people keep their money,” the guy responded. Wall Street was intrigued and found that he was a natural. He has set up an office in San Quentin, and uses the vast spare time that prison affords him to read an estimated 500 articles a week to inform his trades. Wall Street not only advises correctional officers, he helps his fellow inmates make investments, as you don’t exactly build up a retirement plan in jail, working for 15 cents an hour. That’s why, when he gets out, say The Kitchen Sisters, he plans to teach a stock program. “The goal is to give back to the community,” he says. “I learned that Bill Gates and Warren Buffet give 90 percent of their wealth away, and I thought what better way to help the things that I’ve destroyed.”

The human world of bots. One afternoon in 2013, a high school student named Olive noticed something strange in her Twitter account: 30 scantily-clad women had followed her at once. Soon it was hundreds, then thousands. She became something of a hero in school. Journalist Alexis Madrigal explains what happened: these weren’t actual people, they were bots, or “little pieces of code running on the internet using made-up names, stolen pictures and computer-generated bios.” Something in their algorithm was causing these bots to follow Olive. Madrigal introduces us to a few other bots: @pentametron (which looks for tweets in iambic pentameter); @lowpolybot (which creates custom art from photos sent to it); and the powerful @every3minutes (which sends a tweet every 3 minutes to remind us, before the US Civil War, a slave was sold in the US every 3 minutes, by one estimate). “On the one hand these bots are not sophisticated at all. They’re not even Siri,” says Madrigal, “but what they show is that computers don’t need to be as smart as us to do some human-ish things and have very real effects on our lives.” Now, for fun, try tweeting at Madrigal’s @truthdarebot designed for TED2015, and ask it for a “truth” or a “dare.”

Alexis Madrigal speaks at TED2015 - Truth and Dare, Session 8. Photo: Bret Hartman/TED

Alexis Madrigal shares his favorite twitterbots — and a few not-so-favorites. Photo: Bret Hartman/TED

The ocean would hold me. Singer-songwriter Dawn Landes took the audience back to June 1998, when Tori Murden left her job as a project manager in Louisville, Kentucky, and embarked on what no woman had ever done: row across the Atlantic. She set out with her homemade vessel, The American Pearl, a small boat that had no motor or sail. To track her journey, she made videos along the way, even when she lost all radio connection with the outside world. She covered over 1,000 miles and rowed over 200,00 strokes. But she unknowingly rowed into he heart of Hurricane Danielle. After being pummeled by 7-story waves, she was rescued and returned home, miles short of her goal. Tori’s journey inspired Dawn to write a musical called Row. On the TED stage, she shared a song from that musical called “Dear Heart.” With an acoustic guitar in hand, Dawn sang the audience through the quiet frustration Tori felt as she tried but failed to adjust back to normal life, “When I was out there, the ocean would hold me, rock me and throw me light as a child. Now I’m so heavy, nothing consoles me.” In this moving performance, Dawn Landes brings the audience full circle, celebrating Tori’s eventual return to the Atlantic and the realization of her dream.

Letters to North Korea. During the final 6 months of Kim Jong Il’s life, writer Suki Kim lived undercover as a teacher in an all-male evangelical Christian university in Pyongyang. Why? To write about North Korea with any meaning, to “understand the place beyond the regime’s propoganda,” the only option was total immersion. And so she lived with 270 young men who were expected to be the future leaders of the “most isolated and brutal dictatorship in existence. North Korea is a gulag posing as a nation.” As she says: “Everything there is about the great leader. Every book, newspaper article, song, TV program, there is one subject. Flowers named after him, mountains carved with his slogans.” Many of her students were computer science majors, but did not know about the Internet, let alone Facebook or Twitter. “I went there looking for truth. But where do you start when a nation’s ideology, a student’s day-to-day reality, and even my own position at the university were all built on lies?”

Virtual reality as a tool for empathy. Chris Milk was obsessed with Evel Knievel as a kid. “I felt so connected to this world,” he says, “I didn’t want to be a storyteller, I wanted to be a stuntman.” Of course, he didn’t. He became a filmmaker. “It’s an incredible medium,” he says. “But it’s a group of rectangles that are played in a sequence. Is there a way that I could use modern and developing technologies to tell stories in different ways?” This thought has now led him to virtual reality. He shares with us a collaboration between the UN and his virtual reality-focused production company, VRSE.works, called Clouds Over Sidra. This immersive experience brings you to a Syrian refugee camp in Jordan, Za’atari, where you meet 12-year-old Sidra. The film is shot in 360 degrees. “When you’re sitting there in the room, you are not watching through a screen or window, you’re with her. When you look down, you’re sitting on the ground she’s sitting on,” he says. “You feel her humanity in a deeper way.” Milk sees great potential for virtual reality. “It’s a machine, but through this machine we become more compassionate, more empathetic, more connected,” he says. “Ultimately, we become more human.”

Latif Nasser speaks at TED2015 - Truth and Dare, Session 8. Photo: Bret Hartman/TED

Latif Nasser retells the life story of a circus strongman who invented the field of pain medicine. Photo: Bret Hartman/TED

A painful history. After Latif Nasser’s mother was diagnosed with rheumatoid arthritis, he set out to find out more about pain. In his research, he came upon John Bonica, a medical student who moonlighted as a professional wrestler and a circus strongman to pay his tuition. He kept his lives separate, says Nasser, and no one at the circus knew he was a doctor. After all he was “supposed to be a brute and a villain, not a nerdy do-gooder.” The pains and aches of Bonica’s secret life informed his medical career: He became an anesthesiologist, developed the epidural, and even wrote The Management of Pain, known as the “bible of pain,” after realizing that in the medical literature of the time, pain itself was rarely mentioned. Says Nasser, “[Bonica] recast the very purpose of medicine. The goal wasn’t to make patients better; it was to make patients feel better.”

Art and grief. Next up is journalist and poet Dana Goodyear, who tells a heartbreaking story of love, art and mourning. The tale starts with Margaret Kilgallen, an artist with auburn hair and vivid blue eyes who liked to paint and play the banjo. She lived in the Mission in San Francisco with her husband, Barry McGee, and the two of them painted side by side, exploring new art forms like graffiti and old-timey sign painting. As Margaret and Barry’s art-world success grew, they developed a pen-pal relationship with Clare Rojas, a fellow artist and musician. But when Margaret, unexpectedly, died soon after giving birth to a daughter, Clare’s life became more entwined with the husband and child Margaret left behind. Clare eventually married Barry, and adopted their daughter, Asha. Was she simply filling the void Margaret’s death had created in their lives, “living a life that didn’t belong to her, painting a lie, somehow to blame?”

Tape head. Documentary filmmaker Sam Green closes out the session by diving deep into Louis Armstrong’s personal audio-tape archives. The beloved jazz trumpeter was a huge tape recorder enthusiast — he recorded thousands of hours of his life, 750 tapes in all, at a time when hardly anyone used tape recorders. At times the tapes are bawdy, full of talk about sex and drugs and dirty jokes.( In a sense, Armstrong was the prototype for today’s guy who is constantly Instagramming and tweeting.) In one tape, Armstrong tapes a dinner with his wife, Lucille, and Slim Thompson. After Thompson leaves at 5 a.m., Armstrong and Lucille have a flirty argument, Lucille goes to sleep and Armstrong pours himself a drink. For the next five minutes, the tape records silence, of Louis just sitting there. For Green, accustomed to a constant inundation of images and videos, this silence made him feel more connected to Armstrong than ever before.

Sam Green speaks at TED2015 - Truth and Dare, Session 8. Photo: Bret Hartman/TED

Sam Green listened to the private audiotapes of Louis Armstrong — bawdy, funny and personal. Photo: Bret Hartman/TED

You can watch this session, uncut and as it happened, via TED Live’s on-demand conference archive. A fee is charged to help defray our storage and streaming cost. Sessions start at $25. Learn more.


TEDJust and Unjust: A recap of the powerful talks of Session 9 at TED2015

Session 9 speakers: Rev. Jeffrey Brown, Sarah Jones, Alice Goffman, Clint Smith, Monica Lewinsky, and Gary Haugen, TED2015 - Truth and Dare, Session 9. Photo: Bret Hartman/TED

The Session 9 speakers — Rev. Jeffrey Brown, Sarah Jones, Alice Goffman, Clint Smith, Monica Lewinsky, and Gary Haugen — pose for a group photo on stage. Photo: Bret Hartman/TED

Questions of justice and injustice are the most difficult of our world. There’s no app that can fix these things; simple solutions just don’t exist. And yet, we have to try. In these six talks, speakers share their thoughts on large-scale injustices and give their thoughts on how we can start to dismantle them.

The echo of humiliation. “I was Patient Zero of losing a personal reputation on a global scale almost instantaneously,” Monica Lewinsky boldly declares on the TED stage. She shares what she went through after her affair with President Bill Clinton came to public light — not to ask for pity, but to show the personal cost of public shaming, something that many others have experienced in the years since 1998. “Not a day goes by that I am not reminded of my mistake, and I regret that mistake deeply,” she says. But the attention and judgment that I received — not the story, but that I personally received — was unprecedented.” There is a cultural cost of public shaming too, she says. She sees her story as the start of something sinister in our culture: humiliation as entertainment. “For nearly two decades now, we have slowly been sowing the seeds of shame and public humiliation in our cultural soil,” she says. To hear more of what she had to say, read our beat-by-beat recap of Lewinsky’s talk. Or watch Monica Lewinsky’s powerful TED Talk »

Simple failures of compassion. In the early 1980s, 40,000 kids died a day because of poverty; today, that number is down to 17,000. Our success in fighting global poverty, says civil rights lawyer Gary Haugen, is a testament to what we can do when we exercise our collective compassion. Great, right? Says Haugen: Yes, the number of people who live on less than $1.25 is down from 50 percent to 15 percent over the past three decades – but if you move that number up to just $2, nearly the same number of people are living in poverty. So what’s the problem? Violence and its constant companion: lack of effective law enforcement. “Poor women and girls between 15 and 44,” he says, “are victims of everyday domestic abuse and sexual violence that account for more death and disability than malaria, car accidents and war combined.” In Bolivia, says Haugen, if a man sexually assaults a poor child he has a higher chance of slipping in the shower and dying than ever going to jail for that crime. And to make matters worse, the very people with a vested interest in keeping these areas safe are pouring their money into private security rather than public, further exacerbating the problem. “We have to start making stopping violence indispensable to the fight against poverty,” says Haugen. Anything else isn’t serious.

5 takes on sex work. Next, monologue master Sarah Jones gives the TED audience a tease of her one-woman-play Sell/Buy/Date. She transforms into a British school teacher giving a lesson “from that period of history, starting in 2016.” She instructs her students to pay close attention as they access the memories, thoughts and feelings of real people back in that time to understand how they thought about sex work. First we meet a witty grandma, complete with thick, boxy glasses, who talks about watching “dirty movies”; next Bella, a valley girl-ish college freshman who is Sex Work Studies major with a minor in YouTube memes; a nanny from Trinidad who says, “If I have to touch another white man’s backside, I might as well get paid a lot of money”; and Maureen Fitzroy from Ireland, a nun turned prostitute. All of these characters are played by Jones herself, of course.

Monica Lewinsky speaks at TED2015 - Truth and Dare, Session 9. Photo: James Duncan Davidson/TED

Monica Lewinsky gets a standing ovation for a brave talk at TED2015. Photo: James Duncan Davidson/TED

Prison: the other college? “On the path that American children travel to adulthood, two institutions oversee the journey: the first one we hear a lot about, college,” says sociologist Alice Goffman. The second? Prison. “Young people on this journey are meeting with probation officers instead of teachers, going to court dates instead of class, their junior year abroad is a trip to state correctional facility … They’re emerging from their 20s with criminal records.” In the past 40 years, the incarceration rate in the United States has grown by 700%, says Goffman, and so more young people — mostly from African American and Latino communities — are on this path. For six years while getting her undergrad and grad degrees at the University of Pennsylvania, Goffman lived in a troubled Philly neighborhood. She saw firsthand just how easily the little mistakes of youth land people in these communities on the path to prison. “We are asking kids who live in the most disadvantaged neighborhoods, who are facing the toughest times … we are asking them to never do anything wrong,” says Goffman. “Why are we offering only handcuffs and jail time?” Goffman is happy to see a movement building toward the end of mass incarceration, and urges us to continue to see incarceration as a civil rights issue.

Alice Goffman speaks at TED2015 - Truth and Dare, Session 9. Photo: Bret Hartman/TED

Alice Goffman moved into a poor neighborhood of Philadelphia to get a first-hand look at the way the criminal justice system treats young black men. Photo: Bret Hartman/TED

Kids not caskets. “My parents raised my siblings in an armor of advice, so we could be kids not casket or concrete.” In a powerful talk, poet and teacher Clint Smith reflects on growing up as a young black man in America. He recalls being an inquisitive child and wondering (like all kids do) why he always had to listen to his parents. But one night crystalized for him that his parents had to be extra careful: On an overnight field trip, Smith and his friends bought Super Soakers to have a water fight in the hotel parking lot. Smith’s father grabbed him by the arm with “an unfamiliar force,” and told his upset and bewildered son, “I’m sorry, but you can’t act the same as your white friends. You can’t pretend to shoot guns.” Smith realizes as an adult how frustrating it must have been for his parents, to want to give him a real childhood, while also realizing how dangerous it could be just for him to wear a hoodie at night. For young black kids, says Smith, “Someone’s implicit bias might be the reason you don’t wake up in the morning.” So when we say black lives matter, he says, “It’s not because others don’t; it’s simply to affirm that we are worth existing without fear.”

A heartfelt aria. Tharanga Goonetilleke, a soprano opera singer from Sri Lanka and a 2015 TED Fellow, stepped into the single spotlight. Accompanied by a light piano melody, she began with a steady aria, whose heartfelt sincerity was felt with every note. The immensity of her voice filled with room in a soothing, peaceful way. Tharanga’s performance was moving in its powerful simplicity and grace.

How to end violence in cities. Rev. Jeffrey Brown starts his talk with a counterintuitive statement: “I learned some of my most important life lessons from drug dealers, gang members and prostitutes and had some of my most profound theological conversations on a street corner.” When he first graduated from seminary, Brown wanted to start a megachurch, but that’s not how things worked out. He was working in Boston as homicide rates spiked. “Young people were killing themselves for reasons I thought were very trivial,” he says. “The social structures in inner cities were sagging under the weight of all this violence.” He started programs at his church to reach at-risk youth. But he soon realized that wasn’t enough; he needed to work with those committing the acts of violence. And thus, Brown started walking the streets at night and listening. “We said, ‘We don’t understand our community from 9pm to 5am … Help us,” he says. He found that people on the streets weren’t hard or uncaring, and he began to see them as potential collaborators. He became a part of the “Boston Miracle,” a massive effort to bring people together in the city; it’s credited with leading to a 79% decline in violent crime. Brown’s message to the TED audience? “We’ll never arrest our way out of this situation,” he says. “I believe we can end the era of violence in our cities. People are doing it even now… and they need your support.”

You can watch this session, uncut and as it happened, via TED Live’s on-demand conference archive. A fee is charged to help defray our storage and streaming cost. Sessions start at $25. Learn more.


,

TEDBehind-the-scenes at TED2015: The midway point

The Truth and Dare stairs at the entrance of TED2015. Photo: Ryan Lash/TED

The Truth and Dare stairs at the entrance of TED2015. Photo: Ryan Lash/TED

Bill Gates speaks on what we learned from the ebola epidemic—and how we can actually be prepared for the next one. Read about this session. Photo: Bret Hartman/TED

Bill Gates talks about what we learned from the Ebola epidemic — and how we can actually be prepared for the next one. Read about this session. Photo: Bret Hartman/TED

TED Fellow Camille Seaman signs her book Melting Away, about the personality of glaciers. Book signings took place throughout the week at the TED Bookstore. Photo: Ryan Lash/TED

TED Fellow Camille Seaman signs her book Melting Away, about the personality of glaciers. Book signings took place throughout the week at the TED Bookstore. Photo: Ryan Lash/TED

For Marina Abramović's TED Talk, she had the audience wear blindfolds for a full five minutes. Photo: Bret Hartman/TED

For Marina Abramović’s TED Talk, the audience wore blindfolds for the first three minutes as she told a harrowing story from her performance art career. Read our Q&A with her. Photo: Bret Hartman/TED

Dave Isay of StoryCorps shared his TED Prize Wish in Session 5: to take his oral history project global with an app. Read Isay's journal. Photo: Bret Hartman/TED

Dave Isay of StoryCorps shared his TED Prize Wish in Session 5: to take his oral history project global with an app. Read Isay’s journal. Photo: Bret Hartman/TED

At the Robert Wood Johnson Foundation The Culture of Health Café, attendees rethink healthcare. Photo: Ryan Lash/TED

At the Robert Wood Johnson Foundation’s Culture of Health Café, attendees rethink healthcare. Photo: Ryan Lash/TED

David Eagleman asked the question: Can we expand our perception? Watch this first talk released from TED2015. Photo: Bret Hartman/TED

David Eagleman asked the question: Can we expand our perception? Watch this first talk released from TED2015. Photo: Bret Hartman/TED

An attendee takes a ride on a Harmonograph Swingset. Read more about it. Photo: James Duncan Davidson/TED

An attendee takes a ride on the Harmonograph Swingset. Read more about it. Photo: James Duncan Davidson/TED

TED Fellow Aomawa Shields . Photo: Ryan Lash/TED

TED Fellow Aomawa Shields talks about the hunt for other planets where life might exist. Read more about the Fellows talks. Photo: Ryan Lash/TED

Car2Go teamed up with students at the Emily Carr University of Art and Design to wrap vehicles with art inspired by TED2015’s theme, Truth and Dare. These cars shuttled attendees to events. Photo: James Duncan Davidson/TED

Car2Go teamed up with students at the Emily Carr University of Art and Design to wrap vehicles with art inspired by TED2015’s theme, Truth and Dare. These cars shuttled attendees to events. Photo: James Duncan Davidson/TED

Adventurer Chuck Berry spoke about the impact of wearable sports cameras, while wearing two on the TED stage. Photo: Bret Hartman/TED

Adventurer Chuck Berry spoke about the impact of wearable sports cameras, while wearing two on the TED stage. Photo: Bret Hartman/TED

Attendees chat at a TED prize dinner, celebrating Dave Isay. Photo: Ryan Lash/TED

Attendees chat at the TED prize dinner celebrating Dave Isay. Photo: Ryan Lash/TED

An attendee listens to a StoryCorps story at Citi's The Art of Listening exhibit. Photo: TED

And an attendee listens to a StoryCorps story at Citi’s Art of Listening exhibit. Photo: TED

Daniel Kish demonstrates how humans can use echolocation. Read our interview with Kish. Photo: Bret Hartman/TED

Daniel Kish demonstrates how humans can use echolocation. Read our interview with Kish. Photo: Bret Hartman/TED

At a booth designed by TED engineer Josh Warchol lets attendees snap a candid with the TED letters. Photo: Ryan Lash/TED

At a booth designed by TED engineer Josh Warchol, attendees can snap a candid with the TED letters. Photo: Ryan Lash/TED

The audience hops to its feet for a standing ovation. Photo: Bret Hartman/TED

The audience hops to its feet for a standing ovation. Photo: Bret Hartman/TED

Attendees explore Osmo by Loop.pH, a map of more than 3,000 stars and planets etched into a membrane. Photo: TED

Attendees explore Osmo by Loop.pH, a map of more than 3,000 stars and planets etched into a membrane. Photo: TED

Fei-Fei Li talks about the quest to teach computers to understand what they see. Read why it's so hard. Photo: Bret Hartman/TED

Fei-Fei Li talks about the quest to teach computers to understand what they see. Read why it’s so hard. Photo: Bret Hartman/TED

One of the treats at TED2015? Miniature ice cream cones. Photo: Ryan Lash/TED

One of the treats at TED2015? Miniature ice cream cones. Photo: Ryan Lash/TED

Fred Jansen, manager of the Rosetta mission, reveals all that was involved with landing on a comet. Photo: Bret Hartman/TED

Fred Jansen, manager of the Rosetta mission, reveals all that was involved with landing on a comet. Photo: Bret Hartman/TED

Laura Schulz talks about how science draws conclusions from small samples—a task that humans learn to do quite well as infants. Photo: Bret Hartman/TED

Laura Schulz talks about how science draws conclusions from small samples—a task that humans learn to do quite well as infants. Photo: Bret Hartman/TED

TED Fellow Joshua Roman on his cello. Photo: Bret Hartman/TED

TED Fellow Joshua Roman on his cello. Photo: Bret Hartman/TED

Martine Rothblatt (right) and wife Bina Aspen  (left) on how they hope that their love story will carry on — thanks to a mind clone. Read more about this talk. Photo: Bret Hartman/TED

Martine Rothblatt (right) and wife Bina Aspen (left) on how they hope that their love story will carry on — thanks to a mind clone. Photo: Bret Hartman/TED

June Cohen hosts a session on space, called "Out of This World." Photo: Bret Hartman/TED

June Cohen hosts a session on space, called “Out of This World.” Read a recap. Photo: Bret Hartman/TED

Neil Gaiman asked four science fiction writers to share stories of what the future will be like. Photo: Ryan Lash/TED

Neil Gaiman asked four science fiction writers to share stories of what the future will be like. Photo: Ryan Lash/TED

Alan Eustace demonstrates a clever feature on his stratosphere suit, a cord that forms a tube as it's pulled. This little design feature made sure he didn't get tangled in his parachute as he beat Felix Baumgartner's record. Photo: James Duncan Davidson/TED

Alan Eustace demonstrates a clever feature on his stratosphere suit, a cord that forms a tube as it is pulled. This little design feature made sure he didn’t get tangled in his drogue parachute as he beat Felix Baumgartner’s space jump record. Photo: James Duncan Davidson/TED

At TEDActive, attendees watch the conference program on bean bags, amidst a host of other activities. Photo: Marla Aufmuth/TED

At TEDActive, attendees watch the conference program on beanbags, amid a host of other activities. Photo: Marla Aufmuth/TED


Falkvinge - Pirate PartyCoding Freedom; Can Blockchain Technology Help Build A Foundation For Real Democracy?

Earth view taken by US Astronaut Terry Virts, Flight Engineer for Expedition 42 on the International Space Station Jan. 30, 2015 by NASA/Terry Virts.

Civil Liberties – Nozomi Hayase: The 2008 financial meltdown and disclosures of secret documents in recent years exposed widespread government overreach and corporate fraud and abuse. As trust in traditional institutions began to sag, global uprisings were spawned to find solutions outside of electoral politics. In the midst of these deep systemic breakdowns of governance, a decentralized solution emerged with a breakthrough in computer science. As the revolutions on the streets began to wind down, perhaps nobody expected the rise of the blockchain. Bitcoin’s enormous potential for disruption is beginning to be felt in the realm of finance. Yet, currency is just its first application. The core of this invention is distributed trust that enables a platform for decentralized consensus at a large scale. Can this technology help lift us out of the crumbling old world and build a foundation for real democracy?

The ongoing global crisis of legitimacy signals a significant decay of Western liberal democracy. The seeds of this corruption go way back to the very founding of the United States. Political philosopher Sheldon S. Wolin (2008) identified “the framers of the Constitution” as “the first founders of modern managed democracy” and described how the Founding Fathers created a system that favored elite rule, giving exclusive rights to white male property owners. He pointed out how in drafting a new constitution, “they treated as axiomatic that a modern political system had to make concessions to democratic sentiments without conceding governance to ‘the people’ ” (p. 155).

Despite the founders’ success in helping throw off the yoke of royalty, this was a closed system that operated with its own inherent bias to protect privilege and power. The economic imbalance prevalent then was not addressed and was directly used to recreate age-old lever points of control. This translated into unequal political power, creating a wide gap between the Constitutional mandate as governing structure and the aspirations for rule by the people that was indicated in the preamble; “We the People”.

The highest law of the land in the U.S. was said to free the source of legitimacy from the authority of the church and the British Crown, placing it instead in the common man, with the principle of equality under the law. Yet, this attempt to embody the spirit of equality enshrined in the ideals of the Declaration of Independence faltered right from the beginning. In the often unacknowledged hypocrisy manifested in the founders’ denial of rights to Africans, indigenous people and women, this unredeemed colonial domination carried on. Contrary to the idea of consent of the governed, the reality was subjugation of blacks through slavery and natives through violence. With any sovereignty achieved through conquest, governments don’t require the consent of the conquered.

This unchallenged economic power as the engine behind the experiment of American democracy was exercised to manufacture consent of those afforded rights to participate in the political process. Although the First Amendment asserted the separation of church and state, this declaration of rights didn’t acknowledge the necessity to check and balance state control over money and thus failed to explicitly indicate the people’s right to freely express themselves financially with the currency of their choice. People didn’t have power to restrict Congress in money creation. Whether one was a descendent of slaves or of the owner class, individual liberty remained tied to this newly constituted governance.

Tyranny of Central Banks

What really lurks behind central command in this supposed land of the free? In tracing the history of money creation in the United States, attorney and author Ellen Brown (2007) revealed that the real trigger for the Revolutionary War was King George’s ban on the printing of local money in the American colonies. She described how after independence was won, the King’s economic subservience was not achieved by force but instead by the British bankers persuading the American people to take their paper money. Brown noted how the founder’s subsequent disillusionment with paper money led them to leave it out of the Constitution and that as a result “Congress was given the power only to ‘coin money, regulate the value thereof,’ and ‘to borrow money on the credit of the United States” (p. 48).

The founding father’s failure to define exactly what money was along with the lack of healthy parameters around its creation and control left a loophole within this system of representation for the shadowy forces to penetrate and later subvert the Constitution and further betray the ideals in the Declaration. The amorphous centralized creation of money has become a single point of failure that makes the entire system vulnerable to counter-party risk. This was seen especially in the Wall Street hijack of the monetary system with the passing of the Federal Reserve Act in 1913.

Former Goldman Sachs banker and author of the book All the President’s Bankers Nomi Prins described how the creation of the Federal Reserve was initiated at the turn of the 20th century to preserve American corporate supremacy, while creating stability and hegemony of major banks with deep ties to Washington. Ironically, in the home of the brave, the tyranny of the old world continued with central banks as the new Kings. Since then, every time new money was created, the people were now being charged with leverageable debt and interest. Fiat as legal tender by government decree created a kind of hidden rent-seeking royalty to maintain this throne of power.

Financialization of Everyday Life

As the authority of the church weakened over time, the merger of the state with private banks created a new state sponsored religion of market fundamentalism. This market theology, based on worshiping the gods of capital and wealth accumulation became the dominant logic dictating human interaction and expression. The financialization of everyday life has stifled the First Amendment; the flow of information as the currency of democracy. Corporate consolidation of the media created a monopoly of content production and distribution. With commercial interests hijacking electoral politics, the idea of unlimited growth bypassed democratic consensus and a doctrine of profit at any cost came to shape incentive structures for mainstream society.

In Democracy, Inc. Professor of journalism, David S. Allen (2005) astutely pointed to this conflation of corporate and civic values that undermines the public sphere. Professionals have become a new class that guards access to patronage networks of single-minded corporate power. Corporatist incentive structures have become an invisible force of governance to regulate people’s actions through enforcing self-censorship, making acts of dissent more difficult. One’s rights under the First Amendment in the U.S. have increasingly come to require implicit permission from what has now become a corporate state, exercised only on their terms.

The unruly cowboy economy has then morphed into rabid corporatism in its crusade for the ‘New American Century’. First it was railroads and oil companies. Then came drug cartels, arms manufacturers and investment banks like Goldman Sachs. Now in the digital age, companies like IBM, Apple and Google have gained significant political power. This insidious growth of corporate mergers with nation-state apparatus has reached a tipping point, expanding out into the world in the form of corporate led globalization.

The Creation of a Perfect Market

What can check this seemingly unaccountable power? Bitcoin as the countenance of the blockchain has entered the belly of the beast of predatory capital and is beginning to break the bond of the interlocking power of corporations and state. With its essence of digital scarcity and distributed computing, this innovative technology performs the production of money and clearing of transactions that traditionally have been handled by central banks.

With unprecedented currency crises and BRICS countries moving away from dollar hegemony, the illusory world of the fiat house of cards now teeters on the verge of collapse. The world’s most powerful computing system corrects the erroneous math of inflated Proof-of-Government Decree and can increasingly become a safe haven for those in places like Argentina whose currency is subject to rampant hyperinflation. The frictionless flow of this stateless currency offers a way out of the oligarchic incentive structures paved by the parasitic rent-seeking petrodollar.

What is this disruptive force that challenges the monopolized markets? Bitcoin’s unprecedented autonomous flow is enabled through its algorithmic consensus. This was put into practice through a spontaneously emerging computer network around the world, harnessing massive hashing power.

What instigated this swarm of miners? Silicon Valley tech entrepreneur and author Andreas Antonopoulos acknowledged how the creator of this technology Satoshi Nakamoto not only invented new currency, but gave us the world’s first perfect market. Antonopoulos described how Bitcoin mining is built around a valuable currency and the basic economic principle of risk and reward. He also explained how it is designed with an incentive to work honestly. Based on the principle of game theory to create fairness, miners engage in a broadcast math competition known as ‘proof of work’. Each 10 minutes, problems are solved by chance and whoever solves the problem wins a fixed number of bitcoins. Difficulty is adjusted according to demand with a tight feedback loop every 2 weeks, keeping the mining always profitable.

No one entity controls this Satoshi market and what governs it is the underlying operating system of mining software that generates unpredictable, unrepeatable random numbers. It is through the chaos created in the hashing that each new bitcoin is conceived and the life of the ecosystem is sustained. The protocol of algorithmic consensus is enabled through the miners’ willingness to let go of the urge to control and place the outcome at the mercy of the Satoshi dice. Through each player’s commitment to subordinate their will to this spontaneous force of the market, the underlying core of the technology becomes operational and the blockchain’s distributed trust provides a new foundation for equality that is fundamentally different than existing models of representation.

The Descent and Ascent of Man

The founders of American democracy conceived the idea of governance based on a particular vision of man. Philosopher Jacob Needleman (2003) described how in the underlying creation of law and the American Constitution, “the meaning of democracy was rooted in a vision of human nature as both fallen and inwardly perfectible” (p. 9). This was true to the conception of man’s nature put forward by naturalist Charles Darwin. Most are familiar with Darwin’s theory of genetic mutation, natural selection and the survival of the fittest from his work, The Origin of Species. But his second work, The Descent of Man was largely ignored, in which he argued for the higher nature of man based on innate altruism and love.

With this understanding, they installed their own security code of checks and balance of power. Through distributing power among the three branches of government, the creators of constitutional government aimed to safeguard the system from potential tyranny of man’s fallen nature; unbridled greed, personal bias and interests of select groups. Yet history has shown that from the beginning, this system of governance was launched on a fragile foundation.

The major bug within this form of representative government that caused a fatal system error was basing systemic accountability on trust in select individuals. To a large extent, this made the promise of the Declaration of “All men are created equal” hollow words not able to match up with reality. With government secrecy in the form of over-classification and corporate propaganda, those in power can conceal not only motives but also their actions, making the system of checks and balances virtually ineffective. Here Bitcoin’s distributed trust offers a new form of accountability and a better way to secure the system.

Accountability through Distributed Trust

The core invention of the blockchain addresses the inherent weakness of this trust model by making corruptible human nature accountable through cryptographic proof. All men are inherently corruptible and instead of trusting a handful of elected officials and particular institutions, Bitcoin’s trust by computation places accountability within the rule of consensus and guarantees the integrity of the system by removing the necessity of trusting any one group or individual.

The algorithmic rules that bind the bitcoin miners are built and maintained through incentive structures based on a realistic assessment of man’s potential to act non-altruistically. Pursuit for self-interest is not itself a bad thing. It only becomes destructive when it loses relationship to the whole and individual actions are carried out without consideration of others and society at large.

In the mining competition, all players can act out of self-interest. Yet, the reward for playing by the rules is higher than potential gains one may achieve by attacking the network, so each one learns to self-regulate their personal desires and work so to not unduly benefit from the altruism of everyone else. Whenever the system begins to centralize and people act with a narrow sighted pursuit without consideration of the whole ecosystem, they quickly come to realize they might kill the goose that lays the golden eggs. So far, each time miners get close to a concentration of a mining pool known as 51% attack, they voluntarily move away to keep the system healthy and decentralized.

This distributed trust provides a better system of accountability where there is no need for any one person or group to hold another accountable. All who choose to join simply commit to the rule of consensus and through each playing honestly, undue self-interests are naturally regulated.

Taming the Beast

In the kleptocracy of the current global empire, naked greed seems to have dragged much of the world into a rogue state of despotism. Man’s unaccounted fallen nature that creates and grabs for levers of power has crystallized into a dragon of the world. With never-ending military intervention in the Middle East, cheap sweatshop labor exploitation in Southeastern Asia, and corporate government hijack bills like TPP and TISA trade agreements, unredeemed Anglo-American imperial power continues its legacy of colonization. The genius of the blockchain’s distributed accountability offers a creative solution to the growing problem of this voracious beast.

In a decentralized organism, one’s self-interests cannot easily remain isolated. With the distributed ledger, they are placed in an interdependent context where individual’s actions tend to bring benefits to the whole network. What appears at first glance as self-serving acts of investors and speculators actually contribute to the development of the system at its early stages. Contrary to criticism, the perceived expensive mining is providing crucial checks and balances for transactions and the global level security of the system.

Honest account and acknowledgment of individual pursuit for personal gain within this system mitigates potentially destructive forces such as greed and desire that tend to careen out of control and compromise entire systems. Instead of trying to deny or eradicate man’s lower attributes, by maintaining a conscious relationship to the potentially dark side of human nature, those wild unruly beasts that are socially destructive can be tamed. Characteristics that are often considered negative in society such as risk taking, calculated selfish acts and profit motives are guided to serve a shared vision of larger society.

Through individuals freely choosing to work honestly in the Bitcoin ecosystem, the beast within each one of us can be placed inside the cage of the mining ring and accounted for in each transaction. The global mind of the world’s largest supercomputer network takes charge of the drive for competition with complex abstract calculation, digesting many ruthless and callous aspects of human nature. This in return can free humanity from forces of aggression and the logic of conquest and creates a space for people to work altruistically. Out of the torrents created through globally spread computers, the torus of the new heart grows and with every beat helps expand the collective good will of the people throughout the entire network.

Rule of Democracy

The pure flow unleashed through Bitcoin’s perfect market begins to free the will of individuals from the rule of a small minority who claim authority over entire populations. As a result, it could release the First Amendment right that was locked by corporate proprietary. This technology beyond borders can empower individuals by placing the source of legitimacy with the common people. With Bitcoin as the new First Amendment app, people can freely exchange, transact and financially associate with one another without asking permission from anyone. This helps revitalize values and ideas that have been devoured by corporatism.

A spontaneous swarm is created through aligning self-interests with the principle of consensus. Out of the creative chaos of this autonomous movement of individuals, new social forms are organically emerging, based on voluntary consent of all participants in the system. This creates the rule of true democracy, where the lines between those who govern and the governed flatten, and to represent comes to mean to serve. In the blockchain’s decentralized world, miners and developers who take their place in traditionally understood positions of representation are directly tied to the interests of users, as their satisfaction is manifested in wider adoption that creates more value. By taking an oath to algorithmic consensus, they hold themselves accountable to the demands of a more humanized market.

The Declaration of Independence was a promise and the Constitution was meant to be its fulfillment. Now, as the shredding of the Bill of Rights continues, there is an urgent need to create a better system. Necessity is the mother of invention and builders of the new world are rising to the occasion, striving to meet the challenge by coding freedom. The Founding Mothers of this breakthrough innovation were the accumulated efforts of the many embodied in the anonymous creator Satoshi Nakamoto. Satoshi represents the wisdom of the common people. Upon an open source code that can be checked and modified, transparency of governance is ensured, while lack of ownership allows the system to stay open with equal access to apps for all end users.

With objective laws of mathematics that can be applied and amended through peer-to-peer review and decentralized consensus, this system can be perfected to realize the ideal of the Declaration; that all nodes are created equal. Upon this robust decentralized platform, new apps are built and seemingly insurmountable problems can be solved through people around the world working together.

The blockchain revolution has already begun changing the world as we know it. A tsunami of innovations from Silicon Valley are creating new jobs and resuscitating the dying economy of a fiat world. Creative non-violent acts of a growing global network can redeem true enlightenment ideals of freedom, equality, and fraternity, which are at the same time universal democratic virtues.

The founders of the Constitution conceived it as a system that allows individuals to struggle with two opposing impulses working within. In the eyes of Thomas Jefferson, government was to be “a shell, an armor, a protective structure that would allow and perhaps, in subtle ways, even support the growth of moral power within the individual members of the society” (Needleman, 2003, p. 166).

A piece of mathematics enshrined in computer code can become the foundation stone for real democracy. This creates a sanctuary for individual liberty against the tyranny of states, of corporations or any other third party that tries to break the circle of distributed trust. This liberty is not understood simply as free markets, but as the freedom of each person to choose their own path of self-determination and let their inner conscience guide their lives.

Bitcoin flows, splitting into ever more divisible bits across borders wherever there is a thirst for freedom, becoming the electric cord that links all liberty-loving men and women around the world. Wider adoption furthers decentralization and can lead to creation of a free society where each strives toward higher ideals of altruism and self-fulfillment.

Earth view taken by US Astronaut Terry Virts, Flight Engineer for Expedition 42 on the International Space Station Jan. 30, 2015 by NASA/Terry Virts.

Geek FeminismDamn, I Wish I Was Your Linkspam (22 March 2015)

  • Greg Pak Is Making Book Diversity Into A Reality | Black Girl Nerds (March 18): “with The Princess Who Saved Herself, I was initially attracted to the story because Jonathan’s song so beautifully explodes the passive princess myth and creates this amazing, non-stereotypical hero princess. I kind of imagined parents and caregivers reading this book to girls and boys alike, and those kids getting a kick out of it and imagining themselves as the proactive heroes of their own stories.”
  • Beyond Bossy or Brilliant: Gender Bias in Student Evaluations | The Society Pages (March 18): “Men are sexualized when they teach in fields culturally associated with “femininity” and women are sexualized when they teach in fields culturally associated with “masculinity.””
  • The Woman Speaker Slot | Accidentally in Code (March 11): “It is frankly amazing how many organisers think I will be willing to come and be a token women at their event for the sake of “exposure”. It is appalling how many of them think that I will cover my own travel costs to do so. It is particularly jarring when these organisers are large, profitable, tech companies.”
  • Making it easier to report threats to law enforcement | Twitter (March 17): “While we take threats of violence seriously and will suspend responsible accounts when appropriate, we strongly recommend contacting your local law enforcement if you’re concerned about your physical safety. We hope that providing you with a summary of your report will make that process easier for you.”
  • The Most Dangerous Meme in the Pao/Kleiner Trial: ‘Now, No One Will Hire Women’ | re/code (March 16): “No matter which side wins, what would be a positive outcome of this trial? If it were to help crack open a discourse that leads to more diversity, not less.”
  • Criticism and Ineffective Feedback | Kate Heddleston “Critical feedback is an aspect of engineering cultures (and work-​cultures, in general) that is damaging to both employee performance and diversity efforts. Critical feedback is bad for a myriad of reasons. First, people have strong, negative reactions to criticism regardless of their gender, race, or age. Additionally, people’s performance worsens when they are given critical feedback. They also end up resenting the person criticising them, even if the criticism is technically corre…, “Critical feedback is an aspect of engineering cultures (and work-​cultures, in general) that is damaging to both employee performance and diversity efforts. Critical feedback is bad for a myriad of reasons. First, people have strong, negative reactions to criticism regardless of their gender, race, or age. Additionally, people’s performance worsens when they are given critical feedback. They also end up resenting the person criticising them, even if the criticism is technically correct or kindly meant. Finally, criticism is disproportionately given to women and minorities during performance reviews, resulting in an uneven distribution of critical feedback in the workplace that harms diversity. “
  • This Democratic Congresswoman Wants the FBI to Take on Gamergate | Mother Jones (March 12): “On Tuesday Rep. Katherine Clark (D-Mass.), backed by the National Organization for Women and the Human Rights Campaign, asked her House colleagues to join her in demanding tighter enforcement of cyber-stalking and online harassment laws.”
  • The church of the hacker, or, fake geek girls and outside agitators | Tim’s journal (March 15): “To say, “It doesn’t have to be this way” is to expose yourself and your reputation and credibility to every kind of attack possible, because “it doesn’t have to be this way” are dangerous words. They inspire fear in those who find it more comfortable to believe that it does have to be this way, that all women should stay indoors at night (instead of men learning not to rape), that people who don’t like being verbally abused should “just grow a thicker skin” (instead of everyone learning not to be abusive), that children should patiently wait until they’re big enough to hurt smaller people (instead of parents respecting their children’s boundaries). What those using the “outside agitator” / “fake geek girl” defense wish for is making “it does have to be this way” a self-fulfilling prophecy by scaring everyone who can imagine a different reality into silence and submission. But as long as we recognize that, they won’t get their wish.”
  • How Our Small Startup Affords to Offer Paid Maternity Leave | Fast Company Magazine (March 18): “we mapped out a budget for how we would cover her time away, including an increased allowance for outsourcing some tasks to freelancers. We determined that we could comfortably provide her with seven weeks of fully paid maternity leave, plus several weeks of part-time work at her full salary before and after her leave.
    This exercise also confirmed our hunch that the cost of paying for Lee’s maternity leave was much more cost-effective than losing and trying to replace a vital employee.”
  • This App Makes Your Phone Buzz When You Approach Places Where Women Made History | Good Magazine (March 13): “Now, when app users log into Field Trip and switch on the history notifications, they are alerted when they are approaching the exact location where a woman made history at one point in time, and can then read a bit about her and her achievements.”
  • We are not colonists | Boing Boing (March 20): “When marginalized voices come to take their seat at the table, there will always be an outcry that they are invaders, colonists, inferior versions of their straight, white male counterparts. But rather than killing artforms, the addition of marginalized voices often helps ensure that they stay alive.”
  • Man Hands | Motherboard (March 17): “When a woman puts on a foot or a knee or an arm, she often finds that it’s not quite right. Knees are too tall and too stiff, feet don’t fit into shoes, hands are big, ankles don’t bend to accommodate heels. Every step a female amputee takes puts them face to face with the fact that prosthetics is still a male dominated industry.”

 

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

TED“Love brings self-confidence”: 7 quotes from His Holiness the Dalai Lama at TED2015

Dalai Lama in conversation with Chris Anderson.

Dalai Lama in conversation with Chris Anderson.

On the final day of TED2015, Curator Chris Anderson reveals an exclusive video conversation between him and his Holiness the Dalai Lama, filmed in Vancouver in October 2014. In their talk, the Dalai Lama speaks about two kinds of happiness, how all humans can coexist, and the cooperation between science and Buddhism. And most important, that he is extremely hopeful about peace in the next century. Here are seven quotes we loved from him:

1. “Our very existence is very much based on hope.”

2. “Love brings self-confidence. Anger brings fear.”

3. “Real gun control must take place here [in the heart].”

4. “We are social animals. My future depends on [others]. Their suffering is ultimately your suffering.”

5. “In all major world religious traditions, their real message is same: the message of love.”

6. “The scientific way is the best way.”

7. “We need enthusiasm, determination and vision. There’s no other choice.”

Bonus: These 7 simple, beautiful visualizations of the Dalai Lama’s quotes, from Mike Birchall, community lead at Wakelet.com. Thanks, Mike!

 


Planet DebianRhonda D'Vine: Yasmo

Friday the 13th was my day. In so many different ways. I received a package which was addressed to Rhonda D'Vine with a special hoodie in it. The person at the post office desk asked me whether it was for my partner, my response was a (cowardly) "no, it's my pseudonym" but that settled any further questions and I got my package.

Later I received an email which made me hyper happy (but which I can't share right now, potentially later).

In the evening there was the WortMacht FemSlam (WordMight FemSlam) poetry slam to which the host asked me to attend just the day before. I was hyper nervous about it. The room was fully packed, there were even quite some people who didn't have a place to sit and were standing at the side. I presented Mermaids because I wasn't able to write anything new on the topic. One would think I am attached enough to the poem by now to not be nervous about it, but it was the environment that made my legs shake like hell while presenting. Gladly I hope it wasn't possible to see it enough under my skirt, but given that it was the first time that I presented it in my home town instead of the "anonymous" internet made me extra anxious. In the end I ended up in place 5 of 7 attendees, which I consider a success given that it was the only text presented in English and not in typical poetry slam style.
(Small addition to the last part: I've been yesterday to the Free Hugs Vienna event at the Schloss Schönbrunn, and one of the people I hugged told me I know you, I've seen you at the FemSlam!. That was extra sweet. :))

I'm happy that I was notified about the FemSlam on such short notice, it was a great experience. So today's entry goes out to the host of that event. This is about Yasmo. One can just be envious about what she already accomplished in her still young life. And she is definitely someone to watch out for in the years to come. I have to excuse to my readers who don't understand German yet again, but I'll get back to something English next time, I promise. :)

  • Kein Platz für Zweifel: The title track from her last album.
  • Wer hat Angst vorm weißen Mann: Most straight-to-the-point line of the lyrics is Wie kann es sein, dass es immer noch diesen Jolly-Buntstift gibt, der "Hautfarbe" heißt?" (How is it possible that there is still this jolly crayon called "colour of the skin"?)
  • Wo kommst du her?: Not a song but one of her great slam poetry texts that I love since I first heard it.

Like always, enjoy!

/music | permanent link | Comments: 0 | Flattr this

Geek FeminismOpen thread: Tell us about a women-in-computing recruiting gaffe!

So, this older maternity leave graphic from Thinkprogress has been making the rounds on Twitter…

Graphic shows a ring with the weeks of paid maternity leave for various countries, highlighting the fact that the United States lags behind at 0 weeks.   Full description of the numbers here: http://thinkprogress.org/health/2012/05/24/489973/paid-maternity-leave-us/

Graphic shows a ring with the weeks of paid maternity leave for various countries, highlighting the fact that the United States lags behind at 0 weeks. Full description of the numbers here: http://thinkprogress.org/health/2012/05/24/489973/paid-maternity-leave-us/

And it reminded me of a story…

Many years ago, I won an women in computing scholarship that helped support my PhD research. It was from a large US-based company who puts a lot of work into supporting women in computing, and I owe them great thanks, but I won’t name them because this story is a bit embarrassing to them. Even a group doing their best by women in computing can make a funny mis-step!

The setting: Their team had organized a scholars retreat at their office in a major US city, including a series of interesting talks from women at the company, including both technical and more social talks. It was an amazing trip, except for one moment: One of the ladies speaking to us started extolling the virtues of their generous 6-week maternity leave policy. At least, as you can see from the graphic above, it’s generous by US standards…

But we were a group of young women from Canada. The scholarship winners started looking at each other. Should we say something? Finally, one of the students put up her hand: “You should probably know that Canada has a 50 week maternity leave policy…”

What followed was a highly amusing few minutes where a whole lot of women at this tech company learned a fascinating new thing about parenting in Canada. And an adorably awkward recovery of “well, I guess maybe those of you planning to have kids soon will be excited to know about our new Canadian office!”

I’m sure I’m not the only one who’s heard stuff like this at recruiting events, so tell me: what amusing (or not so amusing!) gaffes have you heard from companies eager to recruit more women?

And, as the subject says, this is an open thread, so feel free to add comments on any subject at all, including past posts, things we haven’t posted on, what you’ve been thinking or doing, etc as long as they follow our comment policy.

Planet DebianLars Wirzenius: Obnam 1.9 released (backup software)

I have just released version 1.9 of Obnam, my backup program. See the website at http://obnam.org for details. The new version is available from git (see http://git.liw.fi) and as Debian packages from http://code.liw.fi/debian. Due to the freeze of Debian for the jessie release, I've not uploaded this version to Debian yet (not experimental and not backports).

This is the first Obnam release since May 13, 2014, 313 days ago. That's a long time. I make no excuses: Obnam is a hobby project, which I work on when I have the time and energy. The past year has been very /interesting/ year for me, in all sorts of stressful ways: I've changed jobs, moved to another country, and dealt with the loss of a close relative. Because of this, I've not been able to spend as much time on Obnam as I'd like.

The NEWS file extract below gives the highlights of what has happened to Obnam during this time. There's been a lot of things, actually.

My plans for Obnam next are mainly centered around performance. This will require developing a new repository format, to allow things that are not possible with the current format. For example, the current format stores each data chunk in its own file in the repository, and that is quite wasteful when live data files (and therefore their chunks) are quite small.

As preparation for this work, the silly-looking "simple" format has been added, mostly to make sure the internal code infrastructure is ready to support multiple repository formats in the same Obnam version.

Those interested in discussing ways to make Obnam fast should join the obnam-dev mailing list.

Version 1.9, released 2015-03-22

New features:

  • James Vasile changed Obnam so it can backup an individual file, instead of an entire directory.

  • James Vasile added the --include option to Obnam, allowing one to include files that would otherwise be excluded (see --exclude).

  • Carlo Teubner changed obnam fsck to remove unused chunks, if the --fsck-fix or --fsck-rm-unused settings are used. He also made it not check for unused chunks when it's useless to do so, because of various --fsck-skip settings are used.

  • A start of a French translation of the manual by pedrito2.

  • Ian Cambell provided a new Obnam command, obnam kdirstat, which makes the KDE k4dirstat utility be able to show graphically which parts of a backup generation use most space.

  • Lars Wirzenius added the simple repository format, which is for demonstration only. It is much too simplistic to be used for real.

Minor changes:

  • The manual page and obnam --help are now clearer that the --root setting and command line arguments to obnam backup can be SFTP URLs. Thanks to Simone Piccardi for reporting the issue.

  • David Fries filled in the displayed file permission mode bits.

  • Grammar and typo fixes for the obnam.1 manual page, from Jean Jordaan.

  • Tom Chiverton suggested a clarification to the manual page for "obnam mount" to say that each generation is a subdirectory.

  • David Fries changed restore to set the group ownership if possible even when not root. No warnings are issued if the attempt fails.

  • Jan Niggemann added a little to the German translation of the Obnam manual.

  • Lars Wirzenius added the path to the error message about a missing chunk (R43272X).

  • Lars Wirzenius made the message at the end of a backup report more statistics about transfers during the backup.

Bug fixes:

  • The Obnam SFTP plugin would loop infinitely if it lost the connection to the SSH server while creating a temporary file. Itamar Turner-Trauring provided a fix for this.

  • Will Dyson fixed a bug about locking while removing checkpoint generations.

  • Michel Alexandre Salim fixed a Python 2.6 compatibility problem in the unit tests (use of assertRaises as a context manager).

  • Lars Kruse fixed a bug with backing up of overlapping backup roots (e.g., / and /boot), given a test case by Adrien Clerc.

  • Thomas Eschenbacher fixed a bug in the format 6 repository code that would crash when there is an obscure problem and a B-tree code can't be found in the tree.

  • Tom Chiverton pointed out that the manual page was using "obnam restore" instead of "obnam mount" in an example for "obnam mount".

  • The yarn test suite now runs FUSE tests (obnam mount) when fusermount is available, rather than checking for membership in the group fuse. The latter is a Debianism (fixed in Debian jessie).

  • Thomas Waldmann noticed that obnam verify didn't notice that a file had new data, when the modification time was the same. Obnam now notices this.

  • Thomas Waldmann fixed many typos and minor bugs in the source code.

  • Laurence Perkins reported that the Tahoe-LAFS SFTP server returned some stat fields as None. Fixed to change those to be 0 instead.

  • Lars Wirzenius fixed double-downloading of chunks during restores.

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-03-16 to 2015-03-22

Sociological ImagesJust For Fun: The Secret to a Perfect Body…

…genetics!

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="https://www.youtube.com/embed/_zO2wFkl46g" width="560"></iframe>

From College Humor.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianMehdi Dogguy: Running for DPL

Every year, Debian organizes a DPL election. Around end of March, one waits for the beginning of the DPL campaign. Everyone can ask questions to nominated candidates on debian-vote. This year, and for the first time, I nominated myself as a candidate for the 2015 DPL election. You can read my platform here.

Over the past few years, I've followed DPL campaigns on debian-vote reading questions and replies from candidates. It didn't seem easy to keep up with flood of questions and find the right wording while replying. Intuitively, you may think that a question is the first mail of every thread and replies follow... but, not at all :-) Questions can be asked in any mail. So candidates have to read every single mail posted to the list :-) The campaign ends within a week (or so) and it is still time to ask more questions.

Following discussions on debian-vote is a very good opportunity for newcomers to understand, for example, how Debian works and where help is needed. It is also a good place to see what are the main current issues (as perceived by contributors) and read a list of proposals to fix them. I invite anyone interested in Debian in reading debian-vote's archives.

While preparing my platform, I've also realized how much writing down thoughts and ideas was important. It really helps to put things into perspective and re-evaluate priorities. It may sound obvious but I think we are not used to do this often. I really recommend everyone to do this as an exercise, and for any perimeter (personal, team, project-wide, ...).

Last but not least, I'd like to thank all those who helped me to polish my platform and to prepare my candidacy. I am sure they will recognize themselves :-) (whatever the outcome of the election may be)

,

Planet Linux AustraliaMichael Still: Narrabundah trig and 16 geocaches

I walked to the Narrabundah trig yesterday, along the way collecting 15 of the 16 NRL themed caches in the area. It would have been all 16, except I can't find the last one for the life of me. I'm going to have to come back.

I really like this area. Its scenic, has nice trails, and you can't tell you're in Canberra unless you really look for it. It seemed lightly used to be honest, I think I saw three other people the entire time I was there. I encountered more dogs off lead than people.

 

Interactive map for this route.

Tags for this post: blog pictures 20150321-narrabundah photo canberra bushwalk trig_point
Related posts: Goodwin trig; Big Monks; Cooleman and Arawang Trigs; A walk around Mount Stranger; Forster trig; Two trigs and a first attempt at finding Westlake

Comment

Planet Linux AustraliaDonna Benjamin: A more accessible online world will benefit everyone.

An empty wheelchair at the bottom of the stairs

PSA: If you are a web professional, work in a digital agency or build mobile apps, please read this article now: Taking the social model of disability online

Done? Great.

"The social model of disability reframes discussion of disability as a problem of the world, rather than of the individual. The stairs at the train station are the problem, rather than using a wheelchair."

El Gibbs has reminded me of question time during Gian Wild's keynote at Drupal Downunder in 2012. Gian asserts that accessibility guidelines are a legal requirement for everyone, not just Government. There was an audible gasp from the audience.

It's true that our physical environment needs to include ramps, lifts, accessible toilets, reserved parking spaces, etc in order to accommodate those with mobility needs. Multi-lingual societies require multi-lingual signage. There are hearing loops - but for some reason, this "social model" of accessibility doesn't seem to have extended online.

Making the digital world accessible, and counteracting the systemic discriminatory impact of failing to do so is something we must take seriously. We must build this in during planning and design, we must make it easy for content editors to maintain WCAG compliance AFTER a site or app is delivered.

Building accessibility features in from the beginning also means it costs less to implement, and delivers a double win of making the whole team more mindful of these issues to begin with. It should be part of the acceptance criteria, it should be part of the definition of done.

I'd like to see us tackle these issues directly in Drupal core. If you're interested in keeping track of accessibility issues in Drupal, you might like to follow drupala11y on twitter, and check out issues on drupal.org that have been tagged with "accessibility"

Accessibility traps might not affect you now, but they will. This is probably affecting people you know right now. People who silently struggle with small font sizes, poor contrast, cognitive load, keyboard traps, video without captions. 

My own eyesight and hearing is not what it was.  My once able parents now require mobility aids. My cousin requires an electric wheelchair. A friend uses a braille reader, and yet I still forget.  It's not front and centre for me, but it should be. Let's all take a moment to think about how we can focus on making our online and digital world more accessible for everyone. It really does benefit us all.

TEDPassion and Consequence: The inspiring talks in Session 11 of TED2015

Chris Burkard speaks at TED2015 - Truth and Dare, Session 11. Photo: Bret Hartman/TED
Cold-water surf photographer Chris Burkard shares the joy of being really, really, really cold. Photo: Bret Hartman/TED

Passion. It is that thing that we crave, that thing which pushes us forward. In this session, speakers with passion to spare:

Surfing in the ice. “If shivering is a form of meditation, then I consider myself a monk,” says Chris Burkard, before playing a soaring video that shows him surfing waves amidst snowfall and ice drifts, with white-topped mountain peaks in the background. See, Chris Burkard is a surf photographer who found himself burnt out on tropical locations. “I began craving wild open spaces,” he says, “so I set out to find the places people had written off as too cold, too remote, too dangerous to surf.” Getting to these remote locations? Well, that’s half the fun. Only a third of the earth’s oceans are warm, he points out, showing photos snapped while on a surfing trip to Norway, on a fjord with a greater population of sheep than people, where he found himself in the water when a blizzard hit. “Every photo, I was forced to earn,” he says. “All this shivering taught me something: in life, there are no shortcuts to joy. Anything worth pursuing requires us to suffer just a tiny bit.”

Sculptural fashion. Designer Hussein Chalayan is an “immigrant between disciplines,” a “misfit in the fashion industry.” To him, this is a creative gift. As an outsider, he embraces the dualities — between art and commerce, film and future — that lead to mindbending creations. Examples include Lady Gaga’s outfits, remote-controlled dresses, and tables that telescope into skirts. For Chalayan, who moves fluidly between the art gallery, the high-fashion runway, and the shop, one thought can lead to three forms of expression. “I’ve learned to think that outsider status is a privilege allowing us to develop new disciplines altogether,” he says. And the role of art, in his mind? “It’s important to feel something. It is not always important to understand.”

The injustice of the everyday. The way we talk about human trafficking is wrong, says journalist Noy Thrupkaew. While we may imagine violent men forcing young women into prostitution, this makes up only 22 percent of human trafficking, compared to 68 percent made up by exploitation of forced laborers — who also account for fewer than 10 percent of trafficking convictions. This kind of trafficking is “the use of force, fraud and coercion to compel another person’s labor,” says Thrupkaew,  and “is embedded in our everyday lives” across agriculture, domestic work and construction. It’s a story close to Thrupkaew’s heart: On stage she reveals that her caretaker until she was three years old was a distant relative from Thailand … and a victim of human trafficking. So what can we do to help these workers, who are often tricked, beaten, threatened, forced to work inhumane hours? Well, it’s not easy, says Thrupkaew — there isn’t a simple answer, a fair-trade peach that can absolve us of the struggles of forced laborers that support our products and lifestyles and our cheap plates of shrimp. What we need is to be aware of how much we are really culpable in a broken system – and give our solidarity to those fighting back.

Teitur performs at TED2015 - Truth and Dare, Session 11. Photo: Bret Hartman/TED
Teitur plays “Home,” a simple tune: “Home is the sound of birds early in the morning / Home is the song I always remembered.” Photo: Bret Hartman/TED

And a song break. “I had never meant to be a singer/ but I’m slowly getting use to the idea,” sings Teitur with a clear voice that gently fills the TED theater. And it turns out that this is true. He hails from the Faroe Islands, a small country between Denmark and Scotland with a population of less than 50,000, and after writing many bad songs, he wrote a good one for a girlfriend. His friends kept asking him to play it. He plays it for us; it’s called “I Was Just Thinking,” the kind of simple, honest guitar song that makes it feel like someone is playing your heart. “Singing is sharing,” he says, “Be prepared to give away a piece of yourself.” And with that, he sits down at a piano and plays “Home.”

Surviving infidelity. Therapist Esther Perel is used to answering questions like: Why do happy people cheat? Is an affair always the end of a relationship? And when we say infidelity, what exactly do we mean? “Adultery has existed since marriage was invented, and so too has the taboo against it,” says Perel. Yet if there’s single act of transgression that can rob couples of their relationship, their happiness and their very identity, it’s an affair. Infidelity has a tenacity that marriage can only envy, she notes. So much so, “that it is the only commandment that is repeated twice in Bible — once for doing it and once just for thinking it.” How do we reconcile what is universally forbidden yet universally practiced? Perel tells couples that if they bring into relationships one tenth of the imagination and verve they put into an affair, they might never have to see her. “Every affair will redefine a relationship, and every couple will determine what the legacy of the affair will be.” After an affair, some couples will turn crisis into opportunity within their original relationship. The question they must ask themselves is simple, says Perel. “Your first marriage is over. Would you like to create a second one?”

Esther Perel speaks at TED2015 - Truth and Dare, Session 11. Photo: Bret Hartman/TED
Esther Perel unpacks the ancient taboo of infidelity — “the only commandment repeated twice in the Bible.” Photo: Bret Hartman/TED

LongNowLewis Dartnell at The Interval: How to Rebuild Our World From Scratch on March 24 02015

The Knowledge paperback by Lewis Dartnell

Tuesday, March 24, 02015
Lewis Dartnell
(University of Leicester / European Space Agency)

The Knowledge: Rebuilding Our World From Scratch
at The Interval

Tickets on sale now
advanced tickets suggested

This Tuesday in San Francisco Long Now welcomes British astrobiologist Lewis Dartnell to our Conversations at The Interval series to discuss his latest book The Knowledge. This book is a guide to rebuilding key features of civilization like agriculture, communication, transportation and medicine in the aftermath of a global catastrophe.

The Knowledge will be on sale at the talk, and Lewis will sign books and chat more with the audience afterwards

Far from a doomsday prediction, Dartnell’s book reveals the potential resiliency of humanity if we approach challenges with an awareness of the natural sciences and understanding of how contemporary technology works. The Knowledge brings a lot of this fundamentally useful information into one place; and it’s bibliography points to deeper resources for a wide range of subjects. Lewis has previously shared his expertise with Long Now for our Manual for Civilization project.

The Knowledge is a fascinating look at the basic principles of the most important technologies undergirding modern society… full of optimism about human ingenuity”
  — The Wall Street Journal

The videos below show two examples of tips you’ll find in The Knowledge. The first draws on insights into how our world works today (manufacturing) to reveal an ideal solution. There are many ways to open a can, but this is probably the best. The second is more sophisticated: how to use a scavenged battery to drive electrolysis and isolate useful elements like oxygen and chlorine. That requires a better understanding of chemistry than you will get studying TV plotlines, but it’s mostly high school level science. And it hints that the best solutions actually create more tools to help us more rapidly recover.

<iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/zSbb1orWFUk?rel=0" width="560"></iframe>
<iframe allowfullscreen="" frameborder="0" height="315" src="https://player.vimeo.com/video/89726980?byline=0&amp;portrait=0" width="560"></iframe>

Often Dartnell’s advice relies on a combination of scientific knowledge and scavenged resources. Both industrial detritus (a golf cart battery) and common household items (steel wool) are useful in resuscitating features of modern society. This kind of ingenuity is familiar in pop culture: television shows in particular from MacGyver to Breaking Bad feature protagonists whose expertise with the periodic table and access to a junkyard or various consumer packaged goods help save the day time after time. It’s the same principle: when the stakes are high we are capable of ingenuity, even if we aren’t geniuses.

We hope you can join us for Lewis Dartnell’s talk at The Interval on March 24, 02015

The Knowledge by Lewis Dartnell hardcover

Sociological ImagesChart of the Week: The Breadth of European Colonization

This is a map of the countries Europe colonized, controlled, or influenced between 1500 and 1960. The purple is Europe. The orange countries are ones never under European rule. Almost the entire rest of the map — all the green, blue, and yellow — were dominated by Europe to some extent. “Influenced” is pretty much a euphemism and often not all that different than outright domination.

15

Max Fisher, writing at Vox, summarizes:

There are only four countries that escaped European colonialism completely. Japan and Korea successfully staved off European domination, in part due to their strength and diplomacy, their isolationist policies, and perhaps their distance. Thailand was spared when the British and French Empires decided to let it remained independent as a buffer between British-controlled Burma and French Indochina…

Then there is Liberia, which European powers spared because the United States backed the Liberian state, which was established in the early 1800s by freed American slaves who had decided to move to Africa.

More details and discussion at here.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet Linux AustraliaLev Lafayette: An Introduction to Supercomputers

Very much a minor update to the presentation I gave in 2013, this talk provides a definition of supercomputers, high performance computing, and parallel programming, their use and current metrics, the importance and dominance of the Linux operating system in these areas, as well as some practical hands-on examples.

An Introduction to Supercomputers. Presentation to Linux Users of Victoria Beginners Workshop, 21st March, 2015

TEDTED2015’s short film festival

Watching more than seventy live, perspective-changing TED Talks back to back for five days straight is nothing to scoff at. Let’s be honest: Your brain gets tired. That’s why TED’s curators program each session with short video breaks to give the mind a rest before the next set of talks. Funny, inspiring, silly, beautiful, here’s all the videos shown this year at the conference. Think of it as TED’s short film festival.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/93175979" title="Pinnipèdes" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Pinnipèdes
, by Victor Caire. Two fat, sleepy animated seals fight and love each other.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="244" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/80601897" title="Wiggly Things" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Wiggly Things
, by Rogier van der Zwaag. An animated interpretation of philosopher Alan Watts’ lectures, about how we humans like to “break down the wiggliness of the world.”

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/65529665" title="Reach" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Reach
, by Luke Randall. A robot that needs to be plugged in in order to survive dreams of life outside his window.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/108205983" title="moving images" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Moving images
, by Lorne Resnick. Lorne Resnick makes five-second video clips that are actually single images that he pulls apart and animates.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/RyBEUyEtxQo?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Put that there, MIT Media Lab. Footage from 1979 of an early speech interface project by MIT Media Lab’s Chris Schmandt.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/c5aRlPa5WJw?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Cat gives a dog hypnotherapy, by Chris Cohen. A cat rather absurdly tries to get a dog to give up all its treats.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/118738368" title="unconditional rebel - siska" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Unconditional Rebel – Siska
, by Guillaume Panariello. A single shot of a strange cast of characters moving in slow mo, set to “Unconditional Rebel” by Siska. Includes an angel with an empty bottle of Jack Daniels and a girl under a shower of alarm clocks.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/LTp9c9bsY_Q?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

100 Years of Beauty in 1 Minute, by Cut. A video series that shows a century of hair and makeup trends, broken out by decade. Shown with sister videos Nina and Sabrina.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/112491662" title="Free Fall" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Free fall
, by Les films engloutis. A breath-taking underwater video of base jumper Guillaume Nery descending into Dean’s Blue Hole in the Bahamas.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/1yD7NC2Urdw?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Unicorns, by BETC Paris. In the narrative of this video, unicorns are in fact real, and we finally find out why we’ve never seen any.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/soDn2puEuL8?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Trombone silliness, by David Finlayson. A GoPro attached to the end of a trombone results in this aptly named video.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/EWEl8-PHhMI?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Submarine sandwich, by PES. A stop-motion animation of a sandwich created from unlikely materials.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/77485589" title="Fight!" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Fight! 
Two felt friends beat each other up.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/111525842" title="WAITING - New York at night in 3,454 oil paintings - THE SEA THE SEA" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Waiting
, by The Sea The Sea. A portrait of New York at night through 3,454 oil paintings.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/S89QMqCMZ98?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Albuquerque Balloon Fiesta 2014, by Knate Myers. A timelapse video of hot air balloons partying in the sky.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/6JLWQEuz2gA?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Did You Read … ? from Portlandia. A classic from the sketch show Portlandia, about our insatiable need to consume.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/87445930" title="Li Hongbo: Statues in Motion" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Statues in motion
, by Li Hongbo. Incredible paper works by artist Li Hongbo makes classical sculptures appear to stretch and move.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/cPgpoPUhztU?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Dog vs. tater tot, by Chris Cohen. A dog rather absurdly tries to reach a tater tot across the table.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/58291553" title="A bird ballet" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Bird ballet
, by Neels Castillon. A murmuration of starlings do their thing.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/112208320" title="Light Motif" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Light Motif
, by Frédéric Bonpapa. A CGI monkey in a world of constant change.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/05gPzM7OJ34?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Dancing paper, by Ugoita T. Gold origami cranes dance to electro music.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/77111226" title="SHAKE" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Shake
, by Variable. Dogs shake off water in slow motion.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/96645782" title="Carolyn" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Carolyn
, by Matt Lenski. A man is sad because he’s alone.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/62263587" title="Pollop" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Pollop
, by Leslie Murard. Bunnies at sea do the nasty.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/114881884" title="Thinkbox - Harvey &amp; Harmony" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Harvey and harmony
, by Chris Barrett and Luke Taylor. Two dogs meet in speed dating.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="322" mozallowfullscreen="mozallowfullscreen" src="https://player.vimeo.com/video/15958532" title="Ralf Hildenbeutel - The Feast" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

.
Ralf Hildenbeutel’s “The Feast,”
by Boris Seewald. Music by composer Ralf Hildenbeutel renders show-tunes-era dancing contemporary.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/JYuOZnAqQCY?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Zeppelin! by the Louisville Leopard Percussionists. A band of kids play (Led) Zeppelin on xylophone.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/m86ae_e_ptU?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Music video for OK Go’s “The Writing’s On the Wall.” The band famous for its complex single-shot music videos released this one full of optical illusions for their single “The Writing’s On the Wall.”

<fb:post href="https://www.facebook.com/video.php?v=967446766629515&amp;set=vb.354522044588660&amp;type=2&amp;theater"></fb:post>

Love has no labels, by Love has no labels. Couples embrace each other behind an x-ray machine to make a statement about love and bias.


,

TEDEndgame: A recap of the emotional final session of TED2015

Aloe Blacc performs at TED2015 - Truth and Dare, Session 12. Photo: Bret Hartman/TED

Aloe Blacc performs at TED2015 – Truth and Dare, Session 12. Photo: Bret Hartman/TED

It is hard to believe that this is final session of TED2015. Luckily Session 12, “Endgame,” is our longest ever — with two full hours of talks that took us on a journey through the human experience, from anger to laughter and back again. Read a recap of these inspiring talks.

An ode to anger. Kailash Satyarthi was awarded the Nobel Peace Prize along with Malala Yousafzai in 2014. But he’s not here to talk about world peace. “Today, I’m going to talk about anger,” he says. Satyarthi felt anger as a child seeing the ravages of inequality; at age 27, talking to a father whose daughter was about to be sold to a brothel; at age 35, locked in a prison cell; and at age 50, lying in a pool of blood in the street with his son. “For centuries, we were taught that anger is bad. Our parents teachers, priests, everyone taught us how to control and suppress our anger,” he says. “But I ask: can’t we convert our anger for the larger good of society?” Satyarthi’s anger became an idea — a consumer campaign to create demand for child-labor free products — and then action that resulted in an 80% decrease in child labor in South Asian countries, he says. And later it led, to raid and rescue campaigns. “I am so lucky and proud to say that not 1, 10, 20 — my colleagues and I have liberated 83,000 children and handed them back to their mother.” In the last 15 years, the number of child laborers has gone down by a third, says Satyarthi. “Anger has a power and energy,” he says. Read much more about his talk.

Stories of the underdog. Grammy-nominated musician Aloe Blacc stepped on stage, hands peacefully at his sides, and looked out with clear, full eyes. A cappella, his low, resonate voice sang the hopeful yearnings of a child in need, “I don’t want to die young because I feel my life has just begun … I don’t want to die in vain.” In between songs, he shared how after a life in the corporate world, he pursued music in order to create positive social change and “tell the stories of the underdog.” Next came “The Man,” a song about taking your place in the world, despite making mistakes in the past. He closed with a stripped down, acoustic version his hit, “Wake Me Up.” This brought both the TED and TEDActive crowds to their feet, as they danced and clapped along.

Why we laugh. “I’m going to play you some sounds of laughter,” says neuroscientist Sophie Scott. “Consider what a very strange noise it is. Notice how primitive laughter is — it’s much more like an animal call than speech.” Laughter, she explains, is associated with interactions. “You’re 30 times more likely to laugh if you’re with someone else than if you’re on your own,” she says, pointing out that laughter is behaviorally contagious. “And you’re more likely to laugh if know someone.” In other words, laughter does social work for us. Scott is researching two types of laughter: real, uproarious involuntary laughter and polite social laughter. “Turns out that people are phenomenally nuanced in terms of how we use laughter,” says Scott. She shares a study done by Robert Levenson in which married couples are put in a stressful situation. “What he finds is that the couples who manage that feeling of stress with positive emotions like laughter immediately become less stressed,” he says. “They are also the couples that report high levels of satisfaction in their relationships and they stay together for longer.” And it doesn’t just modulate relationships, it helps us deal with embarrassment and simply makes us feel better, too.

Sophie Scott at TED2015 - Truth and Dare, Session 12. Photo: Bret Hartman/TED

Sophie Scott at TED2015 – Truth and Dare, Session 12. Photo: Bret Hartman/TED

How the global economy is like a boat. Dame Ellen MacArthur remembers stepping on a boat for the first time. “I will never forget the feeling of adventure,” she says. At 17, she left school to sail, and four years later — in 1997 — she designed a boat to sail solo nonstop around the world in the Mini Transat transatlantic race. She came in second. But she wanted to do something even more bold: to break the world record for the fastest solo circumnavigation. As she was about to set off, another sailor completed the journey, taking the record from 93 to 72 days. MacArthur went forth anyway, on a trek through oceans so vast that the nearest people to her were those manning the European Space Station above. “We know what it’s like driving a car, 20, 30, 40 mph,” says MacArthur. “At 100 mph, you have white knuckles. But remove road, remove the windshield wipers, remove the windscreen, remove the headlights, remove the brakes. That’s what it’s like in the southern ocean.” But MacArthur succeeded. “As I stepped off the boat at the finishing line, having broken record, suddenly I connected the dots,” she says. She realized that the world is like her boat — remarkably finite. She made the unconventional decision to leave sailing behind and focus on the global economy. “The framework within which we live is fundamentally flawed,” she says. “We take material out of ground, make something out of it, ultimately that product gets thrown away … It’s an economy that fundamentally can’t run in the longterm.” In 2010, she founded the Ellen MacArthur Foundation to work on how to create a circular economy, one that plans for reuse from the very beginning. The foundation works with universities, businesses and governments to make this happen.

A message of hope. Curator Chris Anderson reveals an exclusive video conversation between him and His Holiness the Dalai Lama, filmed late last year. In their talk, the Dalai Lama speaks about two kinds of happiness, how all humans can coexist, and the cooperation between science and Buddhism. He has a happy message: “Our very existence is very much based on hope.”

BJ Miller speaks at TED2015 - Truth and Dare, Session 12. Photo: Bret Hartman/TED

BJ Miller speaks at TED2015 – Truth and Dare, Session 12. Photo: Bret Hartman/TED

Rethink death with design-thinking. In college, a train accident nearly took BJ Miller’s life. 11,000 volts later, this near-death experience gave him a new outlook on how to live life with the eventual certainty of death. As a physician and palliative caregiver at the Zen Hospice Project, he explained to the TED audience why we need to bring design thinking to how we care for the dying. We need to make care patient-centered, not disease-centered. To do this, we first must accept that for most people, the scariest thing about death isn’t being dead, but the suffering of dying. This distinction between necessary and unnecessary suffering can allow care to become a more generative act. At the same time, concentrating on the aesthetic realm can help elevate patients experiences. “One of the most tried and true interventions is just to bake cookies,” he says. “As long as we have our senses, even just one, we have the possibility of accessing what makes us feel human and connected.” If we commit ourselves to designing toward death in a thoughtful way — accepting its inevitability but not being limited by it — we realize, “that you can always find a shock of beauty in what you have left.”

Baby coral and Bill Gates: A week in review. “In the history of comedy no one has had to follow ‘redesigning death,’” says the very funny Baratunde Thurston in the annual conference wrap-up. After ninety presenters, twenty hours of main stage presentations, and five pounds of vegan snack foods per sitting, Thurston gives us a final run down of the scary, amazing, baller talks from the preceding days. “Only at TED,” he jokes, you’ll hear, “You all saw the Economist cover a few weeks ago,” “for those of you who are zoning junkies,” “Bill Gates is going to be available to meet you at the Ebola room,” and massive applause for a photo of baby coral.

Baratunde Thurston speaks at TED2015 - Truth and Dare, Session 12. Photo: Bret Hartman/TED

Baratunde Thurston speaks at TED2015 – Truth and Dare, Session 12. Photo: Bret Hartman/TED


CryptogramFriday Squid Blogging: Squid Pen

Neat.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

CryptogramNew Paper on Digital Intelligence

David Omand -- GCHQ director from 1996-1997, and the UK's security and intelligence coordinator from 2000-2005 -- has just published a new paper: "Understanding Digital Intelligence and the Norms That Might Govern It."

Executive Summary: This paper describes the nature of digital intelligence and provides context for the material published as a result of the actions of National Security Agency (NSA) contractor Edward Snowden. Digital intelligence is presented as enabled by the opportunities of global communications and private sector innovation and as growing in response to changing demands from government and law enforcement, in part mediated through legal, parliamentary and executive regulation. A common set of organizational and ethical norms based on human rights considerations are suggested to govern such modern intelligence activity (both domestic and external) using a three-layer model of security activity on the Internet: securing the use of the Internet for everyday economic and social life; the activity of law enforcement -- both nationally and through international agreements -- attempting to manage criminal threats exploiting the Internet; and the work of secret intelligence and security agencies using the Internet to gain information on their targets, including in support of law enforcement.

I don't agree with a lot of it, but it's worth reading.

My favorite Omand quote is this, defending the close partnership between the NSA and GCHQ in 2013: "We have the brains. They have the money. It's a collaboration that's worked very well."

TED“I’m urging you to be angry”: Kailash Satyarthi live at TED2015

Kailash Satyarthi speaks at TED2015 - Truth and Dare, Session 12. Photo: Bret Hartman/TED

Kailash Satyarthi was awarded the 2014 Nobel Peace Prize, along with Malala Yousafzai, for his work helping children. Photo: Bret Hartman/TED

“All my best ideas were born of anger,” says children’s rights activist Kailash Satyarthi. As the first speaker in the closing session of TED2015, Satyarthi shows how fury can be an underestimated power to make change.

It’s the energy that’s informed his entire career — and led to his winning the Nobel Peace Prize in 2014. Says Satyarthi, when he was eleven, he saw his friends forced to leave school when their parents couldn’t afford textbooks – and that made him angry. When he was twenty-seven, he heard a slave’s plight at his daughter being sold into a brothel – and that too made him angry. At the age of fifty, he says, lying in the street in a pool of blood with his son, he was really, really angry.

“For centuries,” says Satyarthi, “We were taught that anger is bad.” “Our parents, teachers and priests — everyone taught us how to control and suppress our anger.” But why? As Satyarthi has found, some of his best ideas have come from rage.

This was crystallized in the way Satyarthi got his name. For Mahatma Gandhi’s birth centenary in 1969, a fifteen-year-old Satyarthi wanted to celebrate in his honor – with members of the untouchable class in his community, which was completely taboo. His town leaders were already speaking out against the caste system, so Satyarthi suggested a dinner together with members of the lowest caste as a way of setting an example.

Satyarthi persuaded all involved parties until they all finally agreed. On the day of the dinner, five members of the untouchable class came in their nicest clothes. At seven o’clock they sat down with Satyarthi, and … they waited. The leaders didn’t show up. At eight, Satyarthi rode his bicycle to the homes of the several leaders to remind them of the dinner, and was sent away.

“That made me angry,” he says with intensity on stage.

Later that night when Satyarthi came home, exhausted, several members of the high caste were waiting for him. They threatened to out-caste his family, “the biggest social punishment.” At last they agreed on a punishment just for Satyarthi: purification, a 600-mile walk to the Ganges, after which he would have to wash the elders’ feet and drink from the dirty water. “It was total nonsense,” says Satyarthi. His anger coursing deep, he “decided to outcaste the entire caste system.”

So he left his high-caste surname and adopted the name Satyarthi, which means “seeker of truth.” And in his capacity as truth-seeker, he has had a lifetime of astounding social good.

Drawing on his anger, he has helped bring about the fall of child labor in South Asia by 80 percent; he and his group have physically freed 83,000 children from slavery. “I’m urging you to become angry,” Satyarthi tells a rapt audience. “Because the angriest among others is the one who can transform his anger into idea and action.”


TEDThe top 10 words of TED2015

Erin McKean shares the top 10 words of TED2015. Her #6: placemaking, from Theaster Gates' TED Talk. Photo: Bret Hartman/TED

Erin McKean shares the top 10 words of TED2015. Her #6: placemaking, from Theaster Gates’ TED Talk. Photo: Bret Hartman/TED

TED is about ideas worth spreading, and these often come wrapped up in words worth knowing. Here are some of the great words from TED2015:

10. Neurodiversity. From Steve Silberman’s talk on the history of the autism spectrum. It’s a word that began popping up in 1998, and it means “the variety of configurations of the brain, especially with regard to autism.” A word all neurotypical people should know.

9. Kinetic attack. From David Rothkopf’s talk on the global threat of cyberattacks. Kinetic attacks involve moving parts — think bullets and bombs. This phrase is an example of a retronym.

8. Court-scraper. Heard at a lunch to celebrate the publication of The Future of Architecture in 100 Buildings by Marc Kushner. The context: “But not, of course, when it comes to W57 — Bjarke Ingels‘ very pyramid-y addition to the street he calls a ‘court-scraper’ for its combination of the European courtyard building with a New York skyscraper.”

7. Photoclinometry. From Fred Jansen’s talk on the Rosetta mission to land on a comet. The Rosetta lander that Jansen talked about used photoclinometry — essentially, looking at patterns of light and dark in a photograph and figuring out the terrain from that — to discover where on the comet to land.

6. Placemaking. From Theaster Gates’s talk about building community spaces. Placemaking is “both a process and a philosophy” that deals with the planning and management of public spaces, and with the idea that public spaces are the heart of any community. This word wasn’t actually spoken in the talk — it appeared in his slides. Always take note of the slides — they are full of great words.

5. Wide pin. From Rajiv Maheyswaran’s talks on modeling the movements of basketball players. You really need a diagram to figure out this basketball term! It turns out that basketball is full of interesting jargon, such as kill area, pop to the wing, and Hurley curl-pop-fade.

4. Vexillologist. From Roman Mars’ talk on flag design. Someone who studies flags. Although we’ve had flags for hundreds of years, the first citation for this word in the OED dates only from 1959. Lesson: it’s never too late to make up the word you need.

3. Umwelt. From David Eagleman’s talk on perception. The umwelt is “the outer world as perceived by organisms within it.” There is a whole world of other related -welt words, many from the field of biosemiotics, including Merkwelt, Innenwelt, and Wirkungswelt.

2. Frass. From Pamela Ronald’s talk on plant genes. Frass is, essentially, bug poop. The word comes from the past tense of a German word meaning ‘to gobble,’ and so gives us the odd (but logical) idea that excreting is the past tense of eating.

1. Upstander. From Monica Lewinsky’s talk on the price of shame. An upstander is someone who stands up for something, as contrasted to a bystander who remains inactive. We should all be upstanders in the fight against bullying, harassment and online violence.

Thanks to everyone who sent word suggestions, especially Gordon Garb, who topped the leaderboard with the most word sightings!


Sociological ImagesWhere Do Young People Get Knowledge About the Clitoris?

Flashback Friday.

The D.C. Council’s Committee on Health released a report after surveying high school students about sex education. One of their questions was about the source of sexual health information. The pie chart below shows that students name, in order, their parents or guardians, health workers, teachers, friends, and boyfriends or girlfriends as the most common sources of information.

Capture

I asked a similar question in a study I did with college students (full text). The students in my sample rated their friends, secondary school teachers, books, their sexual partners, and the media as their most important sources. Men also included pornography. Very few students counted parents among their most valued sources. (Significance indicators are for sex difference.)

Capture1

My co-authors and I were interested in how those sources correlated with actual knowledge, specifically knowledge about the clitoris. And so we gave them a “cliteracy test,” we had them answer a set of true/false questions about the clitoris and find it on a diagram of the vulva.

We then compared their scores on the test to their reported sources of knowledge. The table below is a regression showing which sources of knowledge were most predictive of a high score. The findings were interesting: only two sources predicted significantly higher scores on the test: media (for men and women) and self-exploration (for women).

Capture2

So, only one of the most frequently used sources of information, media, actually translated into real knowledge. And, ironically, the best source of information for women, their own bodies, was among the least often cited source of information for women, beating out only pornography and parents.

In other words, the best source of information about the clitoris is probably the… clitoris, but female college students would rather read books to learn about it.

This puts the D.C. study into some perspective.  The high school students in that study reported that their parents or guardians, health workers, teachers, friends, and boyfriends or girlfriends were sources of sexual information, but that doesn’t mean that they are good sources. It could be that they’re giving them misinformation or good information only about certain things.

Originally posted in 2009. You can see a summary of our findings on the correlation (or lack thereof) between knowledge about the clitoris and orgasm for women here.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

CryptogramCisco Shipping Equipment to Fake Addresses to Foil NSA Interception

Last May, we learned that the NSA intercepts equipment being shipped around the world and installs eavesdropping implants. There were photos of NSA employees opening up a Cisco box. Cisco's CEO John Chambers personally complained to President Obama about this practice, which is not exactly a selling point for Cisco equipment abroad. Der Spiegel published the more complete document, along with a broader story, in January of this year:

In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. The call back provided us access to further exploit the device and survey the network. Upon initiating the survey, SIGINT analysis from TAO/Requirements & Targeting determined that the implanted device was providing even greater access than we had hoped: We knew the devices were bound for the Syrian Telecommunications Establishment (STE) to be used as part of their internet backbone, but what we did not know was that STE's GSM (cellular) network was also using this backbone. Since the STE GSM network had never before been exploited, this new access represented a real coup.

Now Cisco is taking matters into its own hands, offering to ship equipment to fake addresses in an effort to avoid NSA interception.

I don't think we have even begun to understand the long-term damage the NSA has done to the US tech industry.

Slashdot thread.