Planet Russell

,

Kelvin ThomsonGovernments Should Restrain Gas Prices

It is not fair to either Victorian consumers or manufacturers that gas prices should be allowed to go up beyond the CPI.<o:p></o:p>

The fact that Australia is now increasing its gas production should be a benefit for Victorian gas customers and Victorian manufacturers, not a hardship. But because most of our gas is now to be exported, rather than being sold locally, gas prices for eastern states manufacturers are now rising to international gas prices – from $4 to $5 a gigajoule to $10 a gigajoule.<o:p></o:p>

In New South Wales AGL and Origin Energy have asked the Independent Pricing and Regulatory Tribunal to let them increase retail gas prices by 20%. This kind of increase would pose massive hardship for pensioners and others on fixed incomes, and it should not be allowed.<o:p></o:p>

And the Federal Government has a role too. Every other large gas producing country puts measures in place to ensure domestic consumers benefit from rather than suffer from, their natural wealth. The US, home of the free market, barely lets gas producers export at all!<o:p></o:p>

Consumers are already struggling under the weight of electricity bills which have more than doubled in 10 years. Gas bills should not be allowed to do the same.<o:p></o:p>

XKCDPhone Alarm

Planet DebianClint Adams: Before the tweet in Grand Cayman

Jebediah boarded the airplane. It was a Bombardier CRJ900 with two turbofan jet engines. Run by SPARK, a subset of Ada. He sat down in his assigned seat and listened to the purser inform him that he was free to use his phone door-to-door on all Delta Connection flights. As long as the Airplane Mode was switched on. Jebediah knew that this was why Delta owned 49% of Virgin Atlantic.

On the plane ride, a woman in too much makeup asked Jebediah to get the man next to him so she could borrow his copy of the Economist. The man said she could keep it and that it was old. He had stubby little fingers. She was foreign.

At Terminal 2, they passed by Kids on the Fly, an exhibit of the Chicago Children's Museum at Chicago O'Hare International Airport. A play area. Jebediah thought of Dennis.

The Blue Line of the Chicago Transit Authority was disrupted by weekend construction, so they had to take a small detour through Wicker Park. Wicker Park is a neighborhood. In Chicago. Jebediah looked at Glazed & Infused Doughnuts. He wondered if they made doughnuts there. Because of the meeting, he knocked someone off a Divvy bike and pedaled it to the Loop.

Once he got to the Berghoff, he got a table for seven on the west wall. He eyed the electrical outlet and groaned. He had brought 3 cigarette lighter adapters with him, but nothing to plug into an AC outlet. How would he charge his device? An older gentleman came in. And greeted him.

“Hello, I'm Detective Chief Inspector Detweiler. Did you bring the evidence?” Said the man.

Jebediah coughed and said that he had to go downstairs. He went downstairs and looked at the doors. He breathed a sigh of relief. Seeing the word “washroom” in print reminded him of his home state of Canada. Back at the table he opened a bag, glared angrily at a cigarette lighter adapter, and pulled out a Palm m125. Running Palm OS 4.0.

“This has eight megabytes of RAM,” he informed the newcomer.

DCI Detweiler said, “I had a Handspring Visor Deluxe,” and pulled out a Samsung Galaxy Tab 3 8.0 eight-inch Android-based tablet computer running the Android 4.2.2 Jelly Bean operating system by Google. “This also has eight megabytes of RAM,” he continued. “As you requested, I brought the video of your nemesis at the Robie House.

Jebediah stared at the tablet. He could see a compressed video file, compressed with NetBSD compression and GNU encryption. It was on the tablet. “Some bridges you just don't cross,” he hissed.

Part 2

AUD:USD 1.0645

donuts:dozen 12

Gold $1318.60

Detective Seabiscuit sucked on a throat lozenge. “Who are you again?” he asked the toll-booth operator.

“I said my name is Rogery Sterling,” replied the toll-booth operator.

“Rajry what?”

“I said my name is Rogery Sterling,” replied the toll-booth operator. Again.

“Where am I?”

“Look, I'm telling you that that murder you're investigating was caused by software bugs in the software.”

“Are we on a boat?”

“Look at the diagram. This agency paid money to introduce, quite deliberately, weaknesses in the security of this library, through this company here, and this company here.”

“Library, oh no. I have overdue fees.”

“And they're running a PR campaign to increase use of this library. Saying that the competing options are inferior. But don't worry, they're trying to undermine those too.”

Detective Seabiscuit wasn't listening. He had just remembered that he needed to stop by the Robie House.

Planet Linux AustraliaColin Charles: Ubuntu 14.04 – some MySQL ecosystem notes

Following my previous post on the launch, I just rolled Ubuntu 14.04 LTS on an Amazon EC2 t1.micro instance (not something you expect to run a database server on, for sure – 1 vCPU, 0.613GiB RAM). If you do an apt-cache search mysql you get 435 return result sets with the default configuration (trusty: main & universe).

If you do apt-get install mysql-server, you get MySQL 5.5. You enter the password of choice, and before you know it, MySQL is installed (a SELECT VERSION() will return 5.5.35-1ubuntu1).

Next you decide to install MariaDB. I run an apt-get install mariadb-server. It pulls in libjemalloc (for TokuDB) and I expect future releases to ship this engine by default. You enter the password, and you get a new message (as pictured).

MariaDB Ubuntu 14.04 LTS
 

I verify my test database that I created exists. It does. A SELECT VERSION() returns 5.5.36-MariaDB-1. The innodb_version returns 5.5.36-MariaDB-33.0.

I’m curious about MySQL 5.6 now. So I run apt-get install mysql-server-5.6. Not so straightforward. 

start: Job failed to start
invoke-rc.d: initscript mysql, action "start" failed.
dpkg: error processing package mysql-server-5.6 (--configure):
 subprocess installed post-installation script returned error exit status 1
Setting up mysql-common-5.6 (5.6.16-1~exp1) ...
Processing triggers for libc-bin (2.19-0ubuntu6) ...
Errors were encountered while processing:
 mysql-server-5.6
E: Sub-process /usr/bin/dpkg returned an error code (1)

Looks like MySQL 5.6 is more memory hungry… I edited /etc/mysql/my.cnf to ensure that innodb_buffer_pool_size = 64M (I increased this to 128M and it worked too) was set (there was nothing in the default config) and re-ran apt-get install mysql-server-5.6 and it started. My test database was still around ;-)

I wanted to make sure that MySQL 5.6 isn’t more memory hungry just on that instance so I created yet another clean t1.micro instance and did an apt-get install mysql-server-5.6. Same error. Reported lp#1311387.

Nothing to report in particular about Percona – 5.5.34 Percona XtraDB Cluster (GPL), Release 31.1 (Ubuntu), wsrep_25.9.rXXXX. One thing is for sure – if you’re playing around with the ecosystem, installs and upgrades aren’t exactly straightforward.

Related posts:

  1. MariaDB 10.0.5 storage engines – check the Linux packages
  2. Using MariaDB on CentOS 6
  3. Testing Fedora 19

,

Kelvin ThomsonPurchase of Joint Strike Fighters

Why on earth are we spending $12 billion dollars on 54 planes when we are supposed to be in such a budget emergency that even pensioners face cuts to their support, and increased health care costs?<o:p></o:p>

Our trade and foreign ownership policy, and our defence policy, are based on utterly contradictory arguments. Our trade and foreign ownership policies are based on the view that everyone is our friend and we have nothing to fear from anybody.  But our defence policy is based on the view that the world is a dangerous place and that one of our trading partners might turn around and attack us. They can't both be right. In reality both policies are being driven by large corporations and they're both wrong – our foreign ownership policy is too naive and our defence policy is too suspicious.<o:p></o:p>

Instead of ramping up defence spending by billions of dollars the government should be pocketing the money and using it to balance the books. It should not be subjecting pensioners and retired Australians to financial hardship by either reducing their levels of support or increasing their health care costs.<o:p></o:p>

Planet Linux AustraliaColin Charles: MySQL Community Awards: Community Contributor of the Year 2014

MySQL Community Contributor of the Year 2014As one decompresses from the active month that April brings to the MySQL ecosystem, its worth noting that I received a MySQL Community Award – Community Contributor of the Year 2014 award at the Percona Live MySQL Conference & Expo 2014 in Santa Clara. I was extremely happy and thankful to receive such an award and I still am. Thank you MySQL Community.

My reason for winning, now immortalised:

Colin’s list of service to the MySQL Community goes back almost 10 years. He was a community engineer starting in 2005, chaired some of the O’Reilly MySQL conferences, ran the MySQL projects for Google Summer of Code. As a partner and Chief Evangelist for Monty program, he continues to promote and grow the MySQL ecosystem. Though it’s his job, he goes above and beyond, driven by his passion for open source and MySQL.

I was amongst very good company (congratulations to all the winners). Thank you to whom nominated me, and to the committee for vetting it. Frederic wrote a nice post with a little selfie. Tomas expresses heartfelt thanks from Oracle.

Anyway, not to rest on one’s laurels – while its great to be given an award after years of being involved in the community, I will work harder in the coming months to make things better in any way I can. Thank you again, MySQL Community.

(more pics of the award: #1, #2)

Related posts:

  1. O’Reilly MySQL Conference Awards 2010
  2. Percona Live MySQL Conference & Expo Santa Clara 2014
  3. New Year’s note, 2014

Planet DebianSteve Kemp: I've not commented on security for a while

Unless you've been living under a rock, or in a tent (which would make me slightly jealous) you'll have heard about the recent heartbleed attack many times by now.

The upshot of that attack is that lots of noise was made about hardening things, and there is now a new fork of openssl being developed. Many people have commented about "hardening Debian" in particular, as well as random musing on hardening software. One or two brave souls have even made noises about auditing code.

Once upon a time I tried to setup a project to audit Debian software. You can still see the Debian Security Audit Project webpages if you look hard enough for them.

What did I learn? There are tons of easy security bugs, but finding the hard ones is hard.

(If you get bored some time just pick your favourite Editor, which will be emacs, and look how /tmp is abused during the build-process or in random libraries such as tramp [ tramp-uudecode].)

These days I still poke at source code, and I still report bugs, but my enthusiasm has waned considerably. I tend to only commit to auditing a package if it is a new one I install in production, which limits my efforts considerably, but makes me feel like I'm not taking steps into the dark. It looks like I reported only three security isseus this year, and before that you have to go down to 2011 to find something I bothered to document.

What would I do if I had copious free time? I wouldn't audit code. Instead I'd write test-cases for code.

Many many large projects have rudimentary test-cases at best, and zero coverage at worse. I appreciate writing test-cases is hard, because lots of times it is hard to test things "for real". For example I once wrote a filesystem, using FUSE, there are some built-in unit-tests (I was pretty pleased with that, you could lauch the filesystem with a --test argument and it would invoke the unit-tests on itself. No separate steps, or source code required. If it was installed you could use it and you could test it in-situ). Beyond that I also put together a simple filesystem-stress script, which read/wrote/found random files, computes MD5 hashes of contents, etc. I've since seen similar random-filesystem-stresstest projects, and if they existed then I'd have used them. Testing filesystems is hard.

I've written kernel modules that have only a single implicit test case: It compiles. (OK that's harsh, I'd usually ensure the kernel didn't die when they were inserted, and that a new node in /dev appeared ;)

I've written a mail client, and beyond some trivial test-cases to prove my MIME-handling wasn't horrifically bad there are zero tests. How do you simulate all the mail that people will get, and the funky things they'll do with it?

But that said I'd suggest if you're keen, if you're eager, if you want internet-points, writing test-cases/test-harnesses would be more useful than randomly auditing source code.

Still what would I know, I don't even have a beard..

Planet DebianDaniel Pocock: Automatically creating repackaged upstream tarballs for Debian

One of the less exciting points in the day of a Debian Developer is the moment they realize they have to create a repackaged upstream source tarball.

This is often a process that they have to repeat on each new upstream release too.

Wouldn't it be useful to:

  • Scan all the existing repackaged upstream source tarballs and diff them against the real tarballs to catalog the things that have to be removed and spot patterns?
  • Operate a system that automatically produces repackaged upstream source tarballs for all tags in the upstream source repository or all new tarballs in the upstream download directory? Then the DD can take any of them and package them when he wants to with less manual effort.
  • Apply any insights from this process to detect non-free content in the rest of the Debian archive and when somebody is early in the process of evaluating a new upstream project?

Google Summer of Code is back

One of the Google Summer of Code projects this year involves recursively building Java projects from their source. Some parts of the project, such as repackaged upstream tarballs, can be generalized for things other than Java. Web projects including minified JavaScript are a common example.

Andrew Schurman, based near Vancouver, is the student selected for this project. Over the next couple of weeks, I'll be starting to discuss the ideas in more depth with him. I keep on stumbling on situations where repackaged upstream tarballs are necessary and so I'm hoping that this is one area the community will be keen to collaborate on.

Planet DebianRitesh Raj Sarraf: Basis B1

 

Starting yesterday, I am a happy user of the Basis B1 (Carbon Edition) Smart Watch

The company recently announced being acquired by Intel. Overall I like the watch. The price is steep, but if you care of a watch like that, you may as well try Basis. In case you want to go through the details, there's a pretty comprehensive review here.

Since I've been wearing it for just over 24hrs, there's not much data to showcase a trend. But the device was impressively precise in monitoring my sleep.

 

Pain points - For now, sync is the core of the pains. You need either a Mac or a Windows PC. I have a Windows 7 VM with USB Passthru, but that doesn't work. There's also an option to sync over mobile (iOS and Android). That again does not work for my Chinese Mobile Handset running MIUI.

AddThis: 

Categories: 

Keywords: 

Geek FeminismThe Hugo Ballot is Out!

The finalists for the 2014 Hugo Awards were announced over the weekend, and gee golly are there some exciting works on that slate. I’m especially excited to see Mary Robinette Kowal’s “The Lady Astronaut Of Mars” on the ballot (it was denied a place on last year’s ballot because it originally appeared as an Audiobook). It’s sharing the novelette category with Aliette de Bodard’s “The Waiting Stars,” which I’ve not read yet but am looking forward to checking out.

Ann Leckie’s Ancillary Justice, which is up for Best Novel, has been making a lot of shortlists this year, including the Hugo, Nebula, and Clarke awards. I’m also glad to see Sofia Samatar’s “Selkie Stories Are For Losers” up for the short story Hugo–it’s definitely worth a read if you haven’t seen it yet (Samatar is also in her second year of eligibility for the John W. Campbell Award for Best New Writer).

And I’m excited that my fellow Writing On The Fast Track alum and all-around good guy Mike Underwood is up for Best Fancast for The Skiffy and Fanty Show. The team behind it includes several other wonderful people, including authors and diversity advocates Julia Rios and Stina Leicht.

If you’re interested in checking out these and the other wonderful & deserving works on this year’s ballot and voting for this year’s Hugo awards, supporting memberships to this year’s WorldCon are available for 40$US. In addition to voting rights, supporting Members get a copy of the Hugo Voter Packet, which contains digital editions of most of the works on the ballot. This works out to a pretty great bargain if you’re excited about even a few of the nominated works–plus you get to vote on this year’s Hugos.

You may notice that there are a few surprising names on this year’s ballot. Theodore Beale (aka Vox Day, a writer whose hate speech got him drummed out of the SFWA last year) and Larry Correia encouraged their fans to nominate a particular ‘slate’ that included several vocal conservatives. Some of their fans have since been heard crowing about how they’ve succeeded in making some kind of political point by getting these folks on the ballot.

It’s unfortunate that they’ve chosen to politicize the Hugo awards in this way. But I would remind folks that are thinking about buying a membership that the Hugo Awards use “Instant Runoff Voting,” a system which allows voters to rank the candidates in each category. The system allows people to rank “No Award” higher than any or all candidates on the ballot. Indeed, in 1987, that very thing happened in the novel category: No Award came in ahead of L. Ron Hubbard’s Black Genesis.


Since invoking Beale’s name tends to cause some of the cesspools of the internet to backflow into the tubes, this is your reminder that we have a strictly-enforced comment policy. So if you’re here from Beale’s fan club: run along. Your comment will go straight to moderation and no one will see it.  There are plenty of places online where you can contribute to a net reduction in the worth and dignity of humanity. This is not one of them.

Planet DebianC.J. Adams-Collier: AD Physical to Virtual conversion… Continued!

So I wasn’t able to complete the earlier attempt to boot the VM. Something to do with the SATA backplane not having enough juice to keep both my 6-disk array and the w2k8 disk online at the same time. I had to dd the contents off of the w2k8 disk and send it to the SAN via nc. And it wouldn’t write at more than 5.5MB/s, so it took all day.

cjac@foxtrot:~$ sudo dd if=/dev/sdb | \
  pv -L 4M -bWearp -s 320G | \
  nc 172.16.9.80 4242
cjac@san0:~$ nc -l 4242 | \
  pv -L 4M -bWearp -s 320G | \
  sudo dd of=/dev/vg0/ad0

Anyway, I’ve got a /dev/vg0/ad0 logical volume all set up now which I’m exporting to the guest as USB.

Here’s the libvirt xml file: win2k8.xml

No indication as to how long this will take. But I’ll be patient. It will be nice to have the AD server back online.

Physical_to_Virtual_Win2k8-Startup_Repair

[edit 20140422T172033 -0700]
Physical_to_Virtual_Win2k8-Startup_Repair_Failure
… Well, that didn’t work …

[edit 20140422T204322 -0700]
Maybe if I use DISM…?

Physical_to_Virtual_Win2k8-Startup_Repair_DISM

[edit 20140422T204904 -0700]

Yup. That did ‘er!

Physical_to_Virtual_Win2k8-Login

LongNowSteven Johnson: The Long Zoom – A Seminar Flashback

In May 02007 author Steven Johnson spoke for Long Now about The Long Zoom, which is his take on how humans integrate perspectives at different scales for both pleasure and practical reasons. He explains this “zoom” in everything from computer games to ending the cholera epidemic in 19th century London. That last topic, the subject of his book The Ghost Map, serves as a leaping off point for this Seminar.

Twice a month we highlight a Seminar About Long-term Thinking (SALT) from our archives. Long Now members can watch this video here. The audio is free for everyone on the Seminar page and via podcast. Long Now members can see all Seminar videos in HD. Video of the 12 most recent Seminars is also free for all to view.

<iframe frameborder="no" height="166" scrolling="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/38164215&amp;color=ff5500&amp;auto_play=false&amp;hide_related=false&amp;show_artwork=true" width="100%"></iframe>

In his introduction Stewart Brand calls Johnson a polymath, and this talk is a truly polymathic display across disciplines, history, and literature. But it’s also easy to follow because much of it takes place in the realm of current pop culture: from the TV show Lost to the games SimCity and Spore. Even Johnson’s revisiting of London’s 01800′s brings with it insights into the history of infographics.

Steven Johnson

The talk itself is a zoom and Johnson shows implicitly that integrating perspectives is useful, and pleasurable, to the way human minds work today. New research on gaming and the brain, the history of detective fiction, and the UI of World of Warcraft are all side trips on Johnson’s guided tour to how the Long Zoom, both as a practical tool and an entertainment principle, can lead to consilience.

From Stewart’s summary of this Seminar (in full here):

Johnson proposed that another word for the long zoom perspective is “consilience”— a fine old word, revived by Edward O. Wilson, that links multiple disciplines and multiple levels into a whole body of knowledge with extra benefits the separate disciplines lack. Science and culture can blend rigorously. What is discovered in consilience is not just scales of distance or time but nested systems.

Steven Johnson is the author of eight books which cover topics in science, technology, history and popular culture including EmergenceEverything Bad Is Good for You and most recently Future Perfect.

The Seminars About Long-term Thinking series began in 02003 and is presented each month live in San Francisco. The series is curated and hosted by Long Now’s President Stewart Brand. Seminar audio is available to all via podcast.

Long Now members can watch the full video of this Seminar here—you must be logged in to the site. Membership levels start at $8/month and include lots of benefits. Join Long Now today.

Planet DebianAxel Beckert: GNU Screen 4.2.0 in Debian Experimental

About a month ago, on 20th of March, GNU Screen had it’s 27th anniversary.

A few days ago, Amadeusz Sławiński, GNU Screen’s new primary upstream maintainer, released the status quo of Screen development as version 4.2.0 (probably to distinguish it from all those 4.1.0 labeled development snapshots floating around in most Linux distributions nowadays).

I did something similar and uploaded the status quo of Debian’s screen package in git as 4.1.0~20120320gitdb59704-10 to Debian Sid shortly afterwards. That upload should hit Jessie soon, too, resolving the following two issues also in Testing:

  • #740301: proper systemd support – Thanks Josh Tripplett for his help!
  • #735554: fix for multiuser usage – Thanks Martin von Wittich for spotting this issue!

That way I could decouple these packaging fixes/features from the new upstream release which I uploaded to Debian Experimental for now. Testers for the 4.2.0-1 package are very welcome!

Oh, and by the way, that upstream comment (or ArchLinux’s according announcement) about broken backwards compatibility with attaching to running sessions started with older Screen releases doesn’t affected Debian since that has been fixed in Debian already with the package which is in Wheezy. (Thanks again Julien Cristau for the patch back then!)

While there are bigger long-term plans at upstream, Amadeusz is already working on the next 4.x release (probably named 4.2.1) which will likely incorporate some of the patches floating around in the Linux distributions’ packages. At least SuSE and Debian offered their patches explicitly for upstream inclusion.

So far already two patches found in the Debian packages have been obsoleted by upstream git commits after the 4.2.0 release. Yay!

Krebs on SecurityStates: Spike in Tax Fraud Against Doctors

An unusual number of physicians in several U.S. states are just finding out that they’ve been victimized by tax return fraud this year, KrebsOnSecurity has learned. An apparent spike in tax fraud cases against medical professionals is fueling speculation that the crimes may have been prompted by a data breach at some type of national organization that certifies or provides credentials for physicians.

taxfraudScott Colby, executive vice president of the New Hampshire Medical Society, said he started hearing from physicians in his state about a week ago, when doctors who were just filing their tax returns began receiving notices from the Internal Revenue Service that someone had already filed their taxes and claimed a large refund.

So far, Colby has heard from 111 doctors, physician assistants and nurse practitioners in New Hampshire who have been victims of tax fraud this year.

“I’ve been here four years and this is the first time this issue has come across my desk,” Colby said.

In this increasingly common crime, thieves steal or purchase Social Security numbers and other data on consumers, and then electronically fraudulently file tax returns claiming a large refund. The thieves instruct the IRS to send the refund to a bank account that is tied to a prepaid debit card, which the fraudster can then use to withdraw cash at an ATM (for more on how this works, see last week’s story, Crimeware Helps File Fraudulent Tax Returns).

Unlike the scam I wrote about last week — which involved the theft of credentials to third-party payroll and HR providers that are then used to pull W2 records and file bogus tax returns on all company employees — the tax fraud being perpetrated against the physicians Colby is tracking is more selective.

“We’ve done a broadcast to all of the hospital systems in the state, and I have yet to receive one [victim] name from a non-clinician,” Colby said. “And you would think if it was an HR or payroll issue that at least a couple of administrative, non-clinical folks would have been in the mix, but that is not the case.”

AN EPIDEMIC OF TAX FRAUD?

Colby said he’s heard similar reports from other states, including Arizona, Connecticut, Indiana, Maine, Michigan, North Carolina and Vermont.

Elaine Ellis Stone, director of communications at the North Carolina Medical Society, said her organization has been contacted by more than 100 individual doctors and medical practice managers complaining about tax fraud committed in the names of their doctors and other medical staff.

“We’ve been getting a lot of calls from people who’ve experienced this scam,” Ellis Stone said. “We don’t yet know exactly why this type of crime is surfacing so much this year, but we haven’t seen this kind of volume in years past.”

Ellis Stone said that initially, the medical society thought the tax fraud incidents might be related to a move last week by Medicare’s first-ever release of information on payments to some 880,000 medical providers nationwide. As part of that data dump, the Centers for Medicare and Medicaid Services listed the National Providers Identification (NPI) number of each doctor; NPI numbers are used by the federal government to keep track of physicians for Medicare and Medicaid billing purposes.

She said initially when her organization reached out the American Medical Association (AMA) to see if they had any theories about the source of the fraud, someone suggested that the recent release of so many NPI numbers may have allowed thieves to somehow look up Social Security numbers and other sensitive data on doctors. But according to Ellis Stone, those NPI numbers have long been available from the U.S. Centers for Medicare and Medicaid. 

Robert Mills, the AMA’s media relations coordinator, confirmed that the association is hearing from state medical societies that tax identity theft seems to be a greater problem this year that in the past. But he stressed that this scheme seems to be targeting professionals generally, not just physicians.

That’s my take on this as well: There may indeed have been some kind of breach of a physician database that fueled this year’s fraud surge against doctors, but my hunch is that we might also see the same sorts of stats being gathered by state organizations focused on other professions. In other words, the incidence of this type of crime is likely off the charts this year.

That said, a story I’m working on for later this week will examine tax fraud schemes committed by a crime gang that appears to be disproportionately targeting employees at several state healthcare organizations.

DOUBLE DIPPING

According to a 2013 report from the Treasury Inspector General’s office, the U.S. Internal Revenue Service (IRS) issued nearly $4 billion in bogus tax refunds in 2012. The money largely was sent to people who stole Social Security numbers and other information on U.S. citizens, and then filed fraudulent tax returns on those individuals claiming a large refund but at a different address.

Tax fraud is an especially insidious form of identity theft because thieves often also create new financial accounts in their victims’ names. That’s because the same information used to file tax returns on someone can be useful in opening up new credit card and loan accounts.

“Some of the docs I’ve spoken with also have received notification that someone is trying to set up new bank accounts in their name,” New Hampshire’s Scott Colby said.

What’s more, victims of tax fraud one year may also find they are targeted by thieves again the next tax season.

Gordon Smith, executive vice president of the Maine Medical Association, said his office has heard from approximately 30 physicians in his state about tax fraud over the past couple of weeks.

“Their stories are all very similar,” Smith said. “I talked to one [doctor] who had this happen to him two years in a row now.”

If you become the victim of identity theft, either because of tax fraud — or due to fraud outside of the tax system — you are encouraged to contact the IRS at the Identity Protection Specialized Unit, toll-free at 1-800-908-4490 so that the IRS can take steps to further secure your account.

That process is likely to involve the use of taxpayer-specific PINs for people that have had issues with identity theft. If approved, the PIN is required on any tax return filed for that consumer before a return can be accepted. To start the process of applying for a tax return PIN from the IRS, check out the steps at this link. You will almost certainly need to file an IRS form 14039 (PDF), and provide scanned or photocopied records, such a drivers license or passport.

Geek FeminismGo Ahead. Spam My Link. (22 April 2014)

  • Fake Geek Guys: A Message to Men About Sexual Harassment | Andy Khouri at ComicsAlliance (April 16): “”I think this woman is wrong about something on the Internet. Clearly my best course of action is to threaten her with rape.” [..] Men are the cure — but we are the cancer too. It is wholly and rightfully and crucially up to men in this society and especially in this subculture to speak out and watch out. To end the cycle of bullying, harassment and violence. To recognize the grotesque irony of degrading women over matters of heroic fictions whose lessons about fairness and decency we’ve supposedly been studying since we were just little boys, and to start putting those ideas into practice as grown-ass men.”
  • To the point of collapse, and beyond | Maria at Crooked Timber (April 8): “Collapse from nervous exhaustion and working too hard [...] somewhere in the late twentieth century we forgot about all this. With antibiotics and behaviourism and god knows what else, the mind body connection got disjointed. People stopped having a good excuse to say they were spent. When burnout and chronic fatigue were ‘discovered’ in the 1980s, the popular view was – and still is, for the most part – incredulity and a sense that people whose bodies had suddenly and seemingly inexplicably forgotten how to be well were somehow faking it. Or asking for it. [...] When something stops having a name, it gets harder to track and compare across generations. Nowadays, it seems easier to categorise fatigue or burnout as depression, as if it’s somehow anomalous and not something entirely to be expected.”
  • ‘Why can’t you just deal with it?’ ‘It’s a compliment!’ | s.e. smith at meloukhia (April 21): “Is it a compliment when a complete stranger says ‘hey, nice shoes!’? Yes, it is – I occasionally compliment fine shoes myself. Is it a compliment when a stranger says ‘nice ass!’? Well… not so much. Because one comment is about an accessory, an item someone deliberately chose as part of her presentation, something she can take on and off. She may have chosen to wear those shoes just for herself, with no one else in mind, but she might still appreciate hearing that someone thinks they’re excellent shoes. But her ass, well, that’s a different story. That’s not something that she can take on and take off. Now, she may have worked quite hard on her butt, and she could be stoked that someone thinks it looks good, but that’s an individual thing, not something generic to all women. The tone and delivery of a compliment about her butt might make a big impression in her perception of it. The fact of the matter is that a comment like ‘nice ass’ feels crude and unpleasant and threatening, because extended from ‘nice ass’ is something slimy and threatening and gross, something sinister.”
  • Pink Weights? (Guest Post) | Fit, Feminist, and (almost) Fifty (April 19): A little outside the usual topics, however, it is a feminist viewpoint on what can be a geeky topic. “I have a mild uterine prolapse, which is like a mild hernia with less reliable surgical options. This condition is quite common, but not talked about very much, perhaps because it involves female bits, or perhaps because it isn’t life threatening. It certainly was news to me. [...] It turns out that despite my level of fitness, I hadn’t been exercising properly. I did not know what “activate your core before lifting” actually meant. I thought it meant bracing your abdominal and back muscles. But that’s not enough, and bracing could actually be doing more harm than good.”
  • Look In the Mirror: Confronting the Contradictions of LGBT Organizations and Our “Leadership” | Christian Emmanuel Castaing at Black Girl Dangerous (April 17): “How dare you or your mission statement proclaim to speak for marginalized communities when, in actuality, you’re developing your career and using your personal definitions of “sex positivity,” “social justice,” and “human rights” to SPEAK OVER the needs of those you claim to speak for? How dare you call yourself an activist when you capitalize on unearned privileges to state “It Gets Better,” while reinforcing a system of “Us” and “Them”? How dare you capitalize on a movement, take the most space, and use the most resources to satisfy your desires over the needs of others? The contradictions in our organizations and within any leader are vast. Keeping a movement that has turned its back on its least protected members demands that we reclaim the movement and hold it responsible. Our leadership cannot avoid being held responsible for unethical behavior, and we should not be afraid to hold them accountable.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Sociological ImagesWill Women Take Whiskey? Male Flight from Feminizing Spirits

This is a Pink Lady: 15 oz. gin, 4 dashes of grenadine, and an egg white.

1

According to Shanna Farrell,  the Pink Lady was popularized in the ’50s.  Women were believed to have “dainty palates,” and so cocktails for women were designed to disguise any taste of alcohol.  In the ’70s, the Pink Lady was surpassed by the Lemon Drop and, in the ’80s, the Cosmopolitan.

Farrell asks “What does it mean to drink like a woman” today? Anecdotally, she finds that bartenders consistently expect her to order something “juicy or sweet” — “It’s pink; you’ll like it” — and respond with a favorable nod when she orders something “spirit forward.”

This is typical for America today: women are expected to perform femininity, but when they perform masculinity, they are admired and rewarded. This is because we still put greater value on men and the things we associate with them.

This phenomenon of valuing masculinity over femininity — what we call “androcentrism” — may be changing how women drink, since everyone likes that nod of approval.  Farrell reports that “women account for the fastest-growing segment of worldwide whiskey consumers.”  Well hello, Hilary.

LCHILLARY2 041208

I wonder how men will respond to women’s incursion into the whiskey market. Traditionally we’ve seen male flight.  As an activity, occupation, or product is increasingly associated with women, men leave.  In a society where women keep infiltrating more and more of men’s domains, this is a bad long-term strategy for maintaining dominance (see, for example, the feminization of education). As I ask in my forthcoming sociology of gender textbook: “What will happen when women are sipping from all the bottles?”

Thanks to the super-cool bartender Naomi Schimek for the tip!

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

RacialiciousBeyond the Politics of Voting

By Guest Contributor Alexandra Moffett-Bateau, cross-posted from The Feminist Wire

As a political scientist, during any given election year, I’m bombarded with questions about my assessment of the current electoral slate. The look of disappointment is always palatable when I tell folks that, that isn’t what I do. After all, what good is a black political scientist that doesn’t study black public opinion?

As a scholar, one of the things I’ve struggled with is pushing back against the dominance of voting based politics within black communities in our post-civil rights era, without minimizing the importance of showing up at the polling booth. After all, in a midterm election year, just like in presidential years, whether or not our communities show up can be a make or break for the services and programs that are desperately needed for our communities.

Yet, and still, political engagement cannot and should not, be only about politicians. We do a severe injustice to ourselves, and especially young people, when we insist that to be political, we must be limited to engaging with politicians in someway. To be clear, this is not to say that pushing against institutional structures and the people who populate them is not important. But it is to say that in order to politically empower marginalized populations, we have to identify, celebrate and make meaningful, the everyday resistance strategies present in our neighborhoods.

When I was interviewing women in a public housing development on the south side of Chicago over the course of the year, this became increasingly apparent to me. In particular, one example comes to mind.

During the fall of 2011, during the height of the Occupy movement, other “occupy” groups like Occupy the Hood, Occupy the South Side, and so forth, were beginning to spring up. In large part, this was because a lot of folks of color, particularly those living below the poverty line, just didn’t feel as though their particular set of needs were being addressed by the Occupy organizers downtown. While this began to change over time, initially, it was a major problem throughout the Occupy movement across the country.

As a result, the women at the development decided to begin their own Occupy movement. Except they weren’t protesting the banks, or local government institutions and bureaucracies, instead, their target was a local grocery store.

This particular grocery store is the only grocery store within 10 miles of the development. As a result, the markup on the prices of food (according to residents) was, in some instances, twice as much as other stores throughout the city. In addition, the grocery store refused to accept food stamps, which was another major barrier to many of the women I spoke with that needed to feed their families.

A resident-run environmental justice organization put together the Occupy action and was able to recruit women from all over the development to participate. For almost two weeks, the women stood on the sidewalk in front of the grocery store, flagging down cars and turning them away. They had huge colorful signs and loud voices. When a car would pull up, somebody would go over to the vehicle and explain what was happening. While they weren’t always successful, over the course of two weeks, the group was able to turn away almost 200 hundred cars from shopping at the small store.

Eventually, the storeowners were so frustrated by the loss of business that they asked for a meeting. According to organizers, the store agreed to start accepting food stamps, and to start lowering the prices on basics like dairy and poultry.

While this story still features a somewhat traditional style of political organizing, I share it here because I think it helps to make an important point that often gets missed in mainstream conversations about what constitutes political engagement. During my interviews when I asked women “what do you think of when I say the word ‘politics’” I wasn’t surprised when most said things like “white people,” or “the white house.” Even in my own life, most of my family and friends outside of the academy tend to think about institutions, politicians and voting when the word politics is mentioned.

What I think is important about this story is that it shows that every part of our lives, can and is political. Where you get your food (and whether or not you are able to access a grocery store), where you live (and what you can afford to rent), transportation, treatment in medical facilities, education, all of these things can be, and I would argue, should be, sites for political action, as well as resistance.

Scholars like Robin D.G. Kelley and James Scott have done important work in showing how everyday behaviors like refusing to pay rent, squatting, story-telling, social media, gossip, and cultural forms like music, all can be forms of political resistance and rebellion. While there is a temptation to exclude these things as “simply” part of political culture, they are in fact, important avenues for information transmission, reputation destruction and the diffusion of power.

Whether we are talking about the way women in hip-hop forever changed the way women and sexuality are thought about in the public eye, or the subtle erosion of a politician’s reputation after a rumor is spread. All of these day-to-day activities, that on the surface seem meaningless, matter a lot when we think about how populations empower themselves, and dis-empower those who behave badly.

These daily acts of resistance took on a variety of forms. For some women resistance against bureaucratic power structures looked like; painting walls in their apartments when they weren’t supposed to, owning dogs when the rules around animals were debatable and picking up trash around the development. This work mattered (and still matters), because it contributed to an internal sense of power that contributed to their confidence in dealing with power structures. For many, successfully pushing back in making their spaces beautiful, allowed them to face down other power structures in their lives, later.

Ultimately, what I am trying to argue here is that we need to be more expansive in our idea of what constitutes politics. As activists, organizers, loved ones, academics, and students, we stand to gain a lot by valuing the work and engagement of the people in our lives. By pointing out to someone that their communication on twitter is significant, or that their music could be powerful, we stand to politically empower a new generation (young and old) of socio-political minded folks.

At the end of the day, we have nothing to lose by affirming how others chose to show up in the world.

Alexandra Moffett-Bateau is a member of Echoing Ida, a project of Forward Together. She is a Ph.D Candidate in the Department of Political Science at the University of Chicago. Alexandra is currently in residence as a Pre-Doctoral Fellow in the Carter G. Woodson Institute at the University of Virginia. You can find Alex her at twitter, on her website, and Facebook.

The post Beyond the Politics of Voting appeared first on Racialicious - the intersection of race and pop culture.

Planet DebianErich Schubert: Kernel-density based outlier detection and the need for customization

Outlier detection (also: anomaly detection, change detection) is an unsupervised data mining task that tries to identify the unexpected.
Most outlier detection methods are based on some notion of density: in an appropriate data representation, "normal" data is expected to cluster, and outliers are expected to be further away from the normal data.
This intuition can be quantified in different ways. Common heuristics include kNN outlier detection and the Local Outlier Factor (which uses a density quotient). One of the directions in my dissertation was to understand (also from a statistical point of view) how the output and the formal structure of these methods can be best understood.
I will present two smaller results of this analysis at the SIAM Data Mining 2014 conference: instead of the very heuristic density estimation found in above methods, we design a method (using the same generalized pattern) that uses a best-practise from statistics: Kernel Density Estimation. We aren't the first to attempt this (c.f. LDF), but we actuall retain the properties of the kernel, whereas the authors of LDF tried to mimic the LOF method too closely, and this way damaged the kernel.
The other result presented in this work is the need to customize. When working with real data, using "library algorithms" will more often than not fail. The reason is that real data isn't as nicely behaved - it's dirty, it seldom is normal distributed. And the problem that we're trying to solve is often much narrower. For best results, we need to integrate our preexisting knowledge of the data into the algorithm. Sometimes we can do so by preprocessing and feature transformation. But sometimes, we can also customize the algorithm easily.
Outlier detection algorithms aren't black magic, or carefully adjusted. They follow a rather simple logic, and this means that we can easily take only parts of these methods, and adjust them as necessary for our problem at hand!
The article persented at SDM will demonstrate such a use case: analyzing 1.2 million traffic accidents in the UK (from data.gov.uk) we are not interested in "classic" density based outliers - this would be a rare traffic accident on a small road somewhere in Scotland. Instead, we're interested in unusual concentrations of traffic accidents, i.e. blackspots.
The generalized pattern can be easily customized for this task. While this data does not allow automatic evaluation, many outliers could be easily verified using Google Earth and search: often, historic imagery on Google Earth showed that the road layout was changed, or that there are many news reports about the dangerous road. The data can also be nicely visualized, and I'd like to share these examples with you. First, here is a screenshot from Google Earth for one of the hotspots (Cherry Lane Roundabout, North of Heathrow airport, which used to be a double cut-through roundabout - one of the cut-throughs was removed since):
Screenshot of Cherry Lane Roundabout hotspot
Google Earth is best for exploring this result, because you can hide and show the density overlay to see the crossroad below; and you can go back in time to access historic imagery. Unfortunately, KML does not allow easy interactions (at least it didn't last time I checked).
I have also put the KML file on Google Drive. It will automatically display it on Google Maps (nice feature of Drive, kudos to Google!), but it should also allow you to download it. I've also explored the data on an Android tablet (but I don't think you can hide elements there, or access historic imagery as in the desktop application).
With a classic outlier detection method, this analysis would not have been possible. However, it was easy to customize the method; and the results are actually more meaningful: instead of relying on some heuristic to choose kernel bandwidth, I opted for choosing the bandwidth by physical arguments: 50 meters is a reasonable bandwidth for a crossroad / roundabout, and for comparison a radius of 2 kilometers is used to model the typical accident density in this region (there should other crossroads within 2 km in Europe).
Since I advocate reproducible science, the source code of the basic method will be in the next ELKI release. For the customization case studies, I plan to share them as a how-to or tutorial type of document in the ELKI wiki; probably also detailing data preprocessing and visualization aspects. The code for the customizations is not really suited for direct inclusion in the ELKI framework, but can serve as an example for advanced usage.
Reference:
E. Schubert, A. Zimek, H.-P. Kriegel
Generalized Outlier Detection with Flexible Kernel Density Estimates
In Proceedings of the 14th SIAM International Conference on Data Mining (SDM), Philadelphia, PA, 2014.
So TLDR of the story: A) try to use more established statistics (such as KDE), and B) don't expect an off-the-shelf solution to do magic, but customize the method for your problem.
P.S. if you happen to know nice post-doc positions in academia:
I'm actively looking for a position to continue my research. I'm working on scaling these methods to larger data and to make them work with various real data that I can find. Open-source, modular and efficient implementations are very important to me, and one of the directions I'd like to investigate is porting these methods to a distributed setting, for example using Spark. In order to get closer to "real" data, I've started to make these approaches work e.g. on textual data, mixed type data, multimedia etc. And of course, I like teaching; which is why I would prefer a position in academia.

CryptogramDan Geer on Heartbleed and Software Monocultures

Good essay:

To repeat, Heartbleed is a common mode failure. We would not know about it were it not open source (Good). That it is open source has been shown to be no talisman against error (Sad). Because errors are statistical while exploitation is not, either errors must be stamped out (which can only result in dampening the rate of innovation and rewarding corporate bigness) or that which is relied upon must be field upgradable (Real Politik). If the device is field upgradable, then it pays to regularly exercise that upgradability both to keep in fighting trim and to make the opponent suffer from the rapidity with which you change his target.

The whole thing is worth reading.

Planet Linux AustraliaAndrew McDonnell: Booting a Windows7/Vista Recovery partition when Windows is broken

Even though I am “pretty much” an open source advocate, I still have to use Windows professionally when required, and of course am the IT support for extended family :-) In this case, I needed to rebuild a laptop for my mum from scratch. The laptop in question, a Benq Joybook A52 had previously been […]

Planet DebianSteve McIntyre: Linaro welcomes GSOC 2014 students

After several weeks of review and discussion, the application and selection period for the 2014 Google Summer of Code is over. 4,420 students proposed a total of 6,313 projects for this summer. From those, 1,307 students have been accepted (more details), and Linaro is one of the 190 Open Source projects that will be working with students this year.

In our first year as a GSOC mentoring organisation, we received 17 applications and Google allocated us 3 slots for student projects. It was quite a challenge to pick just 3 projects from the excellent field, and it's a shame that the limited number of slots meant we had no choice but to disappoint some people. Thanks to all those who applied!

I'm delighted to announce our 3 chosen interns for 2014:

  • Gaurav Minocha is a graduate student at the University of British Columbia, Vancouver, Canada. His project is Linux Flattened Device Tree Self-checking, mentored by Grant Likely from Linaro's Office of the CTO.
  • Ricardo de Freitas Gesuatto is a student at Federal University of São Carlos (UFSCar), Brazil. He will be working on a project entitled "Lightweight IP Stack on top of OpenDataPlane", mentored by Maxim Uvarov from the Linaro Networking Group.
  • Varad Gautam is a student at Birla Institute of Technology and Science, Pilani, India. He will be Porting UEFI to Low-Cost Embedded Platform (BeagleBoneBlack). Leif Lindholm from the Linaro Enterprise Group will be mentoring.

Please join me in welcoming these three new engineers to the Linaro team!

We have a GSOC wiki ready for our students to use at

https://gsoc.linaro.org/

and hopefully they will start adding content there soon about themselves and their projects (hint!). In the meantime, we have more information about our original proposals and the GSOC program in the main Linaro wiki.

Starting today, the next phase of the program is the so-called "bonding period". Students are encouraged to get to know people within Linaro (especially their mentors!) and prepare to start work on their projects, whatever is needed. The official start of the work period for GSOC is May 19th, and it runs through to August 18th. We will give updates on progress through the summer, and we're hoping to talk about our results at the next Linaro Connect in September.

Good luck, folks!

Worse Than FailureDesert Packet Storm

Jonathan D. was the system administrator for a school nestled in a war-ravaged city somewhere in the middle of the desert. What with bombings here, explosions there, and the odd RPG whizzing by, dealing with a converted bathroom as an office/datacenter just didn't seem to be all that big of a deal.

The school had roughly 100 computers split between two buildings, along with the laptops everyone used. His office, ...erm... converted bathroom housed all of the servers, and the main computer room for the high school/middle school (grades 6 and up) building was located right outside the door.

One morning, as the sun came up over the desert, he found that he was unable to connect to the internet. After trying to ping the gateway and getting no response, Jonathan tried pinging the data servers. Nada.

When he did a visual inspection of the servers which revealed that they looked fine, he thought that maybe the problem was with his desktop. While it was rebooting, he heard the volume of the students in the computer room explode. The computers in there were no longer able to see the server and had hung.

At this point, Jonathan knew the problem wasn't just with his desktop. If the computer room next door couldn't reach the servers right next to them, then the odds of any of the other computers further out being able to get through were pretty much nil. The network was down for the whole school. Had there been an attack?

Rebooting the (unmanaged) switches in his bathroom office yielded nothing useful. Finally, in desperation, he disconnected the servers and the computer room from the rest of the school. Shouts of victory arose from the computer room; they were able to work again!

Now he had to figure out where the problem was rooted. Jonathan isolated one switch at a time, working his way through the school until he had reached the computer room in the elementary building (grades 1-5). With some help from the technician in the computer room, he was able to identify one of the switches as being the cause of the problem.

He unplugged the ports in the switch, one at a time, until he noticed something strange. As he unplugged each port, both its light and the light below turned off. When he plugged it in again, both lights came back on.

"What's plugged into this port?" he asked the technician.

"Nothing! We don't have any computers plugged into that socket," he replied.

"Well something's plugged into it. Let's go take a look."

They walked over to the other end of the cable in the computer room and saw that a teacher had set up a little work area with a box of papers and some pens. When they moved the box out of the way, they found... a network cable plugged into the socket... and the other end plugged into the neighboring socket.

They talked with the teacher who had set up the work area, and found out that he normally brought in his laptop, along with a network cable. On this particular day he'd left the laptop at home, and he wanted to clean his workspace. He decided to tidy up the network cable by plugging both sides in, creating a feedback loop, which caused a network storm and wound up taking down the whole network.

Oops.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Planet DebianBits from Debian: Debian welcomes its 2014 GSoC students!

We're excited to announce that 19 students have been selected to work with Debian during the Google Summer of Code this year!

Here is the list of accepted students and projects:

As always, you will be able to follow their progress on the SoC coordination mailing-list

Congratulations to all the students and let's make sure we all have an amazing summer!

Planet DebianSimon Kainz: Valerie

This will be my one and only off-topic posting, but I just have to share all my joy and happiness with all of you!

On monday, April 14th 2014, our beautiful daughter Valerie was born. As we almost live next door to our midwife, we just grabbed our stuff and walked over to the midwife's house, as my wife told me "things are starting". My wife was very glad to be able to give birth in such a beautiful, cosy and comfortable place, with no hassle, no beeping machines and nervous hospital staff running around. This helped her to "let go", and she gave birth to our beautiful daughter after about 2 hours.

I took a 4 week break from work to support my wife and daughter. This is quite involving :-) , so please forgive me if I don't reply quickly to your mails.

Screenshot:

Valerie

Planet DebianBits from Debian: Debian welcomes its 2014 GSoC students!

We're excited to announce that 19 students have been selected to work with Debian during the Google Summer of Code this year!

Here is the list of accepted students and projects:

As always, you will be able to follow their progress on the SoC coordination mailing-list

Congratulations to all the students and let's make sure we all have an amazing summer!

Planet DebianAndrew Pollock: [life] Day 84: Kindergarten Term 2 starts, I collapse on the couch for the day

Zoe had her first day back at Kindy this morning for Term 2. I couldn't believe how fast Term 1 flew by, and how little I felt I accomplished on a personal front. The two weeks of school holidays certainly put the brakes on trying to get anything much more done for myself, but Zoe and I had a great time.

I was really happy with the variety of activities we were able to do, and it was nice that Zoe and Megan got to spend a reasonable amount of time together too. The weather cooperated for the majority of the time, which was the cherry on top.

Zoe only had Kindergarten today this week, but Sarah has the week off, so she's going to be taking Zoe for the next couple of days, which is really convenient timing, as it'll give me time to recover from some minor surgery tomorrow without having to run around after her. I might also manage to finalise my US tax return. I'm hoping to catch a few movies with Anshu too, who also has the week off work.

Zoe slept reasonably well last night. Two wake ups, but they were both quickly resolved, so we both got back to sleep quickly. I was absolutely exhausted last night, but felt positively chipper this morning.

We biked to Kindergarten, and I decided to leave the trailer there to make things a bit easier for myself in the afternoon.

I got home, and just felt like vegging on the couch. Then I remembered Anshu had the day off, so she came over and we hung out and had lunch. It was really nice to have a few hours during the day off.

I biked back to Kindergarten, wondering if I'd have to deal with waking up Zoe from a nap, but she hadn't had a nap. We'd had a bit of a talk at breakfast about napping at Kindergarten, and I have no idea if it helped or not, but it meant we could make an orderly departure.

Zoe wanted to participate in Megan's tennis class after Kindergarten, and they were down a kid, which made the warm up stuff not work so well, so the teacher was happy for Zoe to take part. I managed to extract her once the real nitty gritty of the class started. I did get a good opportunity to suss out place availability for term 3.

We biked home, and I wanted to take my bike in for a service while I'm on lifting restrictions, so we drove over to Cannon Hill to drop it off. The Gold Cross bike shop has now merged into the Super Amart store, so Zoe wanted to look at everything on the way back out. We eventually emerged without buying anything.

Next, we went over to Bunnings, because Zoe's been asking if we can grow some veggies and flowers from seed. That ended up being about an hour of trekking around the nursery section trying to find stuff. It was a good way to use up the afternoon. We made it out with a bag of potting mix and a few packets of seeds and a kit for growing stuff that requires a trellis. Unfortunately most of the climbing stuff (like tomatoes) are out of season now, so I'm not sure what we're going to be able to grow with the kit.

We got back home, and I put dinner on and we watched a bit of TV together while it cooked. Bath time and bed time went really smoothly, as I think she was pretty tired. Here's hoping she sleeps well tonight.

Planet DebianMartín Ferrari: DNSSEC, DANE, SSHFP, etc

While researching some security-related stuff for a post I am currently writing, I found some interesting bits here and there that I though I should share, as they were new to me, and probably for many others.

DNSSEC

The first thing is DNSSEC. I knew about it, of course, but never bothered to dig much into it. While reading about many interesting applications of DNS for key distribution, and thinking of ways to use them, it is clear that DNSSEC is a precondition for any of that to work.

In case you don't know about it, it is an extension for the DNS service to make it safer, for example, to avoid the bad guys having you think that google.com points to sniffer.nsa.gov.

Apart from these über-cool applications I was thinking about, avoiding DNS-based attacks becomes more and more relevant these days. And I think Debian and the rest of the Free Software world should work on making this available to all end-users as easily as possible.

While adoption still looks pretty low, there are some good news.

First, Google claims its public DNS supports DNSSEC. Of course, you need to trust Google servers, and the path between your machine and them. But if your resolver supports DNSSEC, you can use their servers and validate the answers.

On the other side, I am not too sure about their implementation, as half of the time, it would return a valid answer to a query for an invalid record: dig +dnssec sigfail.verteiltesysteme.net @8.8.8.8). Also, they have not published DNSSEC records for google.com, which seems crazy.

Some packages included in Debian already take advantage of DNSSEC, if available (more on that later), but more importantly, there are a couple of DNSSEC-enabled recursive servers, including bind, unbound, and the more commonly-used dnsmasq (there is a wiki page summarising Debian's status). Sadly, the default configuration for dnsmasq does not enable DNSSEC, and most people will not use it, even if it installed, because DHCP-provided servers are usually preferred. It seems to me that it would be wise to have a package that would install dnsmasq with DNSSEC enabled, and make it the only valid resolver for the system.

If you want to check if your resolver is correctly validating DNSSEC, you can use this test web page.

Another good news is that many top-level domains already support DNSSEC, and in my case, Gandi.net has support in place to set it up. So I am going to look into enabling it for my own domain.

SSHFP

One useful and simple advantage of using DNSSEC, is that you can store information there, and then trust it to be correct.

One new DNS RR (resource record) that is useful in this context is the SSHFP RR, which allows the sysadmin of a host to publish the host SSH key fingerprint in the DNS zone.

The ssh client, when enabling the VerifyHostKeyDNS option, will use that information to trust unknown hosts. One downside to this, is that either if you set the option to ask, or if your resolver does not support DNSSEC, you get the same message, which does not warn you about the extra risk.

To help you create your DNS records, you can just run this command:

$ ssh-keygen -r brie.tincho.org
brie.tincho.org IN SSHFP 1 1 6ac93c63379828b5b75847bc37d8ab2b48983343
brie.tincho.org IN SSHFP 2 1 cf0d11515367e3aa7eeb37056688f11b53c8ef23

DANE, S/MIME and GPG

Recently, while at FOSDEM, I attended talks that mentioned DANE. This proposed IETF standard introduces a mechanism to use DNS as a secure key distribution system, which could completely override the CA oligopoly, a very attractive proposition for many people.

In short, it is very similar to the SSHFP mechanism, but it is not restricted to SSH host keys: it can be used to distribute public key information for any TLS-enabled service. So, instead (or in addition to) of having a CA sign your certificate, and relying on the chain of trust by means of having a local copy of all root CA certificates, you use the chain of trust embedded in DNSSEC to make sure that the DNS RRs you publish are valid. Then, the client application can trust the fingerprint published for the relevant service to verify that it is talking to the right server.

This is a very exciting development, and I hope it gets widespread adoption. It is already supported in Postfix, there seem to be some work going on in Mozilla, as well as in Prosody which is a great start.

Another exciting development of this, is the generalisation of DANE for other entities, like email addresses. There are two draft RFCs being worked on right now to deploy S/MIME and OpenPGP key material using DNSSEC. This could also change completely the way we manage the Web of Trust.

XKCD Whatif Windshield Raindrops

Windshield Raindrops

At what speed would you have to drive for rain to shatter your windshield?

Daniel Butler

Fast.

Raindrops are tiny. Even in the heaviest rainstorms, the water in the air weighs less than the air itself (which is one of several reasons you can't swim upward in a rainstorm). Even at very high speeds, they can't break a windshield via their momentum alone.

Under ordinary circumstances, raindrops don't damage car windshields at all. However, they can destroy the windows of supersonic aircraft.

Here's what happens when a raindrop hits a glass surface at high speed:

When the droplet makes contact with the surface, a shockwave travels back up through the droplet.

Normally, this shockwave would move at the speed of sound within the liquid—about 1300 m/s, four times faster than in air. However, at high impact speeds, this shockwave actually moves substantially faster than the speed of sound in water.

The water is squeezed between the incoming drop and the glass surface, which makes it squirt sideways in all directions. These jets of water can move even faster than the original (already supersonic) droplet, and even faster than the shockwaves we mentioned.

One paper ran a simulation of water droplets hitting a surface at 500 m/s (about Mach 1.5), and found that the water sprayed out from the point of contact at over 6000 m/s—Mach 18.[1]That's a pretty simple way to expel material at 6 km/s. I wonder if anyone's ever tried to come up with a spacecraft propulsion system using it ...

The sharp pulse from the shockwave can crack glass. The highest pressures are found in the ring around the edge of the droplet, and only exist for a tiny fraction of the impact.

In addition to the direct downward pressure, the water jetting sideways can cause damage, too. If the material has any microscopic holes, cracks, or bumps, those jets can strike them and create new cracks or widen existing ones.

Even at high speeds, a raindrop won't create a bullet hole on its own—but a long series of supersonic droplets would start to eat away at the glass, cracking and pitting it like sand.[2]This type of "erosion" can also cause damage to steam turbine blades. Eventually, the windshield could fail catastrophically.

Luckily, cars can't drive at Mach 1 without lifting off, so your windshield is safe from ordinary rain. On the other hand, if you're driving under a thunderstorm with strong updrafts ...

... the precipitation can smash your windshield at any speed.

,

TEDAt a babysitting service, TED Talk Tuesday changes the way business is done

Sitters-Studio-1

It’s TED Talk Tuesday time at Sitters Studio in midtown Manhattan. This weekly tradition is a vital part of the office culture. Photo: Ryan Lash

It’s 1pm at Sitters Studio, and seven people are gathered around a table while Adora Svitak’s “What adults can learn from kids” plays on a whiteboard in front of them.

Adora Svitak: What adults can learn from kidsAdora Svitak: What adults can learn from kidsOn video, the then-12-year-old begins, “When was the last time you were called childish?” Nods around the table. “For kids like me, it happens every time we make irrational demands, exhibit irresponsible behavior or display any other signs of being normal American citizens.” The group cracks up — this is a babysitting company, after all.

Welcome to TED Talk Tuesday, a tradition at this small business in midtown Manhattan that sets families up with artist babysitters. (The idea behind Sitters Studio: Kids get a dose of creativity from their sitters, while artists get reliable work as they build their careers.) Sitters Studio founder Kristina Wilson began TED Talk Tuesday years ago as a way to build a thoughtful, curious office culture. Every week, a different employee picks a talk for the group to watch. And, says Wilson, many talks have had an effect on how the studio does business.

Robby Sandler, who does customer relations for the studio, says TED Talk Tuesday is such an institution in the office that he heard about it on his first interview. “We just sit around and have a conversation about a talk, and see where it goes organically. Sometimes it will lead to people sharing stories about their own lives, sometimes it’s something which translates into the business,” he says. “It’s just exciting to be reminded that the people in our office are intelligent people who respond in very unique ways to the same interesting idea.”

For last week’s TED Talk Tuesday, Wilson chose Svitak’s talk, in hopes that it would resonate. But the room was chilly toward it.

“Her perspective is: listen to kids,” says one viewer. “Giving that message to sitters is not necessarily what parents want.”

“But her idea that if you lower expectations, kids will drop down to it—that’s valid,” says another.

“Kids do need to start learning what life is when they’re young and can bounce back,” says a third staffer. “It’s better to learn life lessons now than when they’re 30.”

The first employee pipes up again. “But this global idea of letting kids be in charge—it’s tough for us to advise that perspective. It’s really up to the parents. “

“Well, we encourage kids to use their voice in art projects,” someone else points out.

That idea excites Jaimie Van Dyke, Sitters Studio’s office manager. “Having an art sitter may be the only time that these kids get to have no expectations. They go to prestigious schools and do a lot of structured activities. This is a time where they don’t have so many rules.”

Sitters-Studio-2

Last week, the group watched a talk from Adora Svitak, who was 12 when she spoke on the TED stage. Photo: Ryan Lash

Some talks screened during TED Talk Tuesday have actually led to changes in Sitters Studio’s policies. Before watching Barry Schwartz’s “The paradox of choice,” for exampleBarry Schwartz: The paradox of choiceBarry Schwartz: The paradox of choice Sitters Studio would send parents the profiles of several sitters and ask them to choose one. After watching his talk, however, they started offering just one option.

“By sending a family five profiles of sitters who could cover the appointment, they’ll always wonder what might’ve been, and not necessarily have as great an experience as if we just said, ‘This sitter fits you perfectly,’” Sandler says. “I think that people’s response to our company has gotten better and better since we’ve been able to start implementing that successfully.”

Amy Cuddy’s “Your body language shapes who you are” also resonated with the groupAmy Cuddy: Your body language shapes who you areAmy Cuddy: Your body language shapes who you are—so much so that they decided to show the talk at a quarterly meeting with all the agency’s sitters to underline the importance of body language. This larger group also watched Drew Dudley’s “Everyday leadership” — the part where he describes handing out lollipops at his student union in college, and four years later, hearing from another student who told him that getting a lollipop that day helped her overcome her fear of starting college.

“It was a chance to talk about the impact that we all have on people that we don’t realize,” says Sandler, “and things that we can do to help maximize the possibility of lollipop moments.”

Wilson hopes her staffers will take lessons from TED Talks with them into their work and beyond. “I know that not everyone will work here forever,” she says. “In my head, I think it is also the job of a good boss to make sure that people’s lives are bettered during the time that they’re with you. This is one thing we do to accomplish that.”

Sitters-Studio-3

Director of Operations Jason Jeunnette and founder Kristina Wilson share their thoughts on the talk, coffee in hand. Photo: Ryan Lash


TEDYou found a planet!: Robert Simpson crowdsources scientific research and accelerates discovery at Zooniverse

Blog_FF_RobertSimpson

 

Scientific research is generating far more data than the average researcher can get through. Meanwhile, modern computing has yet to catch up with the superior discernment of the human eye. The solution? Enlist the help of citizen scientists. British astronomer and web developer Robert Simpson is part of the online platform Zooniverse, which lets more than one million volunteers from around the world lend a hand to a variety of projects — everything from mapping the Milky Way to hunting for exoplanets to counting elephants to identifying cancer cells — accelerating important research and making their own incredible discoveries along the way.

At TED2014, Simpson took us through a few of Zooniverse’s 20-plus projects (with more on the way), some of which have led to startling discoveries — including a planet with four suns. Below, an edited transcript of our conversation.

Are you a scientist?

Well, I’m a distracted astronomer. Yes, I’m an astronomer at University of Oxford. But I’m there to create crowdsourcing projects where we put data — usually images, but sometimes videos or sound — online, and ask the public to do research tasks that we used to ask postgrads to do. This helps us go through lots and lots and lots of data very quickly — which means scientists are free to concentrate on the hard, analytical parts of the problem.

So you’re giving volunteers the grunt work, basically?

Yeah, but what’s weird is that people love it. And not only do they enjoy it, and engage with each other online, they make discoveries, too. That’s what’s so special about it. We don’t just get the scientists’ science done. We open up the possibility for everyone to start participating in creating their own science projects using data.

We have really sophisticated computers. What can the human eye detect that a machine can’t?

A lot. I mean, a lot. With Zooniverse’s original project, Galaxy Zoo – which asked volunteers to discern between spiral galaxies versus elliptical galaxies — that was something that computers really couldn’t do at the time. Actually, they still really can’t do it unless we use the human data that we’ve gathered to train them. The computer can get it right maybe 85 percent of the time. But the 15 percent where it fails are the most interesting objects. So the reason it fails is they’re weird, funny shapes or funny colors. There’s something about them that’s slightly abnormal. These are the objects people can identify that the computer can’t — and those are precisely the ones that are scientifically interesting. So by definition, the computer isn’t doing the bit we want it to do.

Examples of the different types of galaxies Zooniverse volunteers help categorize. Image: GalaxyZoo.org

Examples of the different types of galaxies Zooniverse volunteers help categorize. Image: GalaxyZoo.org

Having said that, we’ve been able to train the computer to do a much better job based on the human answer, which is great news. But still, we want to ask for more — we want to cover weird, harder galaxies. So that project will just keep going, because people will always be looking at the harder set.

In another example, our project Planet Hunters has people looking through light curve data from stars, gathered using Kepler. So we stare at 150,000 stars, and watch the light from them. The whole point of doing this is to occasionally catch a planet passing in front of the star, and see a dip in light as it goes past. That dip can tell you how big the planet is, how often the planet’s going around the star, all sorts of stuff. You’ve just got to stare for long enough, and you’ve got to do it with a really, really, really good instrument.

Now, NASA and the Kepler team have used computer algorithms to look through this data for years, and they find lots of planets. But based on our experience with galaxies, we thought there must be stuff in this data that people will see that the computer can’t, because a computer is trained to look for certain things. It’s programmed by a person. Sure enough, we found planets that they didn’t find. And we found ones that are in weird, amazing configurations — some of which don’t make any physical sense — but they exist. For example, we found a planet in a seven-planet system around a sun-like star. That was an amazing discovery, because the more planets you have, the more crazy and chaotic all these dips get as they go back and forth.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="357" mozallowfullscreen="mozallowfullscreen" src="http://player.vimeo.com/video/78522803" title="Tour of the Seven-Planet System Around the Star Kepler-90" webkitallowfullscreen="webkitallowfullscreen" width="571"></iframe>

Do you give each volunteer one star to look at?

No, it’s a bit like the galaxies. There will be something like 10 or 15 people who look at each one. But we can email them and say, “You found a planet!” — which is quite a fun email to send. A lot of those people have become authors on papers, because we can’t offer the naming rights. But we can say, “You’re a planet discoverer, and without you, we wouldn’t know this planet exists.”

What’s the most extraordinary thing your volunteers have found?

With one of the first planets we found, there were two stars in the middle, orbiting around each other — and orbiting those was a planet. And then outside of all of that are two more stars that orbit each other, and orbit the entire thing, twisting around. So this planet has four suns — two of which go up and down together in the night sky, and are very bright. The other two are a bit fainter, and go around together on the outside. It’s an amazing idea, but it’s exactly the sort of system that a computer can’t find.

We also found a planet with two suns, like Tatooine. The Kepler team announced it, then we looked, and realized we had it too, we just hadn’t gotten there quick enough with the press release. So we’ve found weird and wonderful stuff.

When the human-generated data comes back, is there someone at Zooniverse that is responsible for analyzing it?

We rely on statistics to group and sort the crowd’s work. It used to be that we simply got everything looked at about 50 times, and the average or median answer was all we wanted. But now we’re a bit cleverer about it.

For example, Snapshot Serengeti is a biodiversity project about the interaction of species within Serengeti National Park. The researchers want to study the populations of lions, hyenas, cheetahs and leopards, so they placed 200 cameras in the park. Now, they knew this was a lot, but they never realized they’d end up with quite as much data as they did. The motion-triggered cameras go off because the sun comes up at a certain angle, hot-air balloons with tourists go past, the grass waves. They’re simply overwhelmed by the number of images generated. They have something like 1.7 million to go through — and two researchers. They can’t even try and do it on their own.

Examples of images from the Snapshot Serengeti project. Image: Zooniverse

Examples of images from the Snapshot Serengeti project. Image: Zooniverse

I think 60 percent of the data turned out to be waving grass. So we said, “Okay, well, if three out of five people see an image and say it’s grass, we’ll just remove that one from the system.” Then you end up with more and more animals to see as the grass photos get deleted. But after that, everything’s just statistical. Each image is viewed something like 20 times. From there, we structure the database. All right: here’s all the giraffes.

I actually have a poster in my office which is a big photo mosaic of a wildebeest — known as the “cheetah burgers” of the Serengeti, because they’re just eaten constantly by the cheetahs — made up of images of wildebeests, all identified by Zooniverse volunteers. We did the same with zebra, lions and elephants as well, just for fun. We’d suddenly realized we could just click a button and get 17,000 pictures of elephants.

What sorts of unusual things do human eyes detect on the Serengeti project?

In Snapshot Serengeti, we don’t ask people to tell us about the birds, because the researchers who are working on it don’t really care about them. So we just have a button called “bird.” There are a bunch of volunteers on the project who have said, well, we happen to know about birds. So they’ve been systematically tagging all the bird pictures, and because of their enthusiasm and participation, we’ve catalogued all the birds as well, for free.

And the bird data could be valuable to someone someday.

Exactly. They are really just adding another group of species to our list.

A good category is fire, actually. You get fire in the Serengeti a lot, and so people have been hashtagging fire as well. Humans is a fun one too, because there are humans in the pictures. There are the rangers who set the cameras up, do test shots with a clapperboard. The only time we’ve ever had to remove any data from a project was because some tourists set up camp, unwittingly, next to one of the cameras. Nothing too rude, but it was, you know, not dignified.

You should warn people.

We thought that no one would ever camp there. It’s in the middle of the Serengeti. It’s probably dangerous.

In the cancer research project Cell Slider, you mentioned that people are looking for patterns. What are these patterns made of?

Cell Slider takes data from anonymized medical research trials that were run out of Cambridge, UK, and they’ve been dyed certain colors. We ask people to look at the exact same images the researchers look at if they want to identify cancerous cells and tumors, or even size abnormalities in the tissue. We give examples to guide them, and there’s a brief tutorial. It’s just pattern recognition, but this one of those tasks that PhD students would have spent half their week doing. Now they have their whole week back, which is really is speeding up their work.

Examples of data to be classified on cellslider.net. Image: Zooniverse.com

Examples of data to be classified on CellSlider.net. Image: Zooniverse.com

We have another medical project, called Worm Watch Lab. We watch nematode worms that lay eggs in petri dishes. A computer can do a lot of clever recognition around these worms, but it cannot tell you when it lays the eggs. And so we show volunteers video clips of the worms, and they have to hit the “Z” key — like a game almost — when they see an egg being laid. I think it’s absolutely disgusting, and it creeps me out to even watch them. They’re so horrible, these tiny, horrible microscopic worms — but this is again cancer research. The worms have been given various genetic mutations, and one of the phenotypes for the genetic mutation that seems to correlate with cancer has to do with egg-laying capabilities.

You’ve learned a lot about lots of different kinds of science that you wouldn’t otherwise have been exposed to.

Yes, and this is the amazing thing — once we stepped out of astronomy, all these people come to us with all these amazing scientific stories, and we can help them speed it up. And I get to be published in journals that are nowhere near my expertise, which is quite fun as well.

One of the appealing aspects of Zooniverse is its social platform. How is community-based discussion built in?

There’s a discussion platform alongside all of our projects called Talk. Once volunteers are finished “classifying” an object, we ask, “Do you want to discuss this object?” You leap onto the discussion platform, we see the same picture, and you can make a comment on it. So you might say “Ah, this is very nice.” Or you might say, “Is this a spiral galaxy?” Maybe you’re not sure. Or “Is that an elephant in the corner?” Or “Hey, this is really interesting: there’s three birds on this elephant’s back. Why is that?”

The same platform is used by everyone in the system, so the scientists see the same thing, and can answer people’s questions. You’ll also see everything anyone’s ever said about the picture. So you can land on something strange and it turns out 25 other people also noticed it, and you can begin a conversation about it. It’s through this process that unusual things have been discovered.

How do you monitor the community forum? Aren’t the scientists too busy with research to watch the boards?

We allow volunteers to say if they’d like to be a moderator, so at the beginning of each project, a couple of scientists will choose moderators. After that, it starts to take care of itself. The scientists are generally in there answering questions when possible, if they are not too overwhelmed. But often, there are whole groups of scientists eager to help people.

This means that the scientists get to know a lot of the more of the dedicated users, the people who come back again and again. And they can ask them for specific help, say, “Hey, I’ve got this project where I’m looking for worms at the bottom of the ocean. If you see any, can you hashtag it with ‘worms?’” So there’s a second layer of science that can go on, based on relationships made on the platform.

There’ll always be a group of enthusiastic people to help. And the nice thing is, we’ve had people go from playing about on the web to getting so involved that they are published as scientists in papers. Hundreds of dedicated Zooniverse volunteers have had their names listed as author on academic papers because they gave so much of their time and got to know the scientists.

Can anyone at all join in? Do children participate, for example? 

Yes. I know for a fact that one of the people who obsessively categorized nearly a million galaxies was about 13 at the time, a home-schooled girl in the UK. She came and did work experience with us a couple of years ago and is awesome. All this stuff happened because she just got to know us. Anyone can participate: the sign-up requires an email address and a username, just to track people who are taking part, for user-weighting our statistical work, and so on.

It sounds like people are devoting an incredible amount of time to Zooniverse projects. In your talk, you contrasted time spent volunteering on Zooniverse to playing Angry Birds. But as Jane McGonigal famously points out, games alleviate stress, pain and so on. Do you think there’s something similar inherent in your system? What’s the reward?

Early on, we wondered the same thing: why does anyone give so much time? We’ve been doing this since 2007. In the first project, there were more than 900,000 galaxies that needed to be categorized. About 160,000 people took part in that, and of those, around 10 people categorized every single galaxy. That would have taken them months of effort, assuming they were working on it every day. But they did. We wondered why these people would make such an extraordinary effort.

Zooniverse's 1 million volunteers across the planet. Image: Zooniverse.com

Zooniverse’s one million volunteers across the planet. Image: Zooniverse.com

So we surveyed a lot of users. We gave them lots and lots of options. They could have said, “I like astronomy,” “I like to think about the universe,” “I like playing games.” All of these answers were available. But the one motivation common to nearly half the people involved was that they want to contribute to science. They want to be useful. We’ve taken that to heart and work very hard to ensure that the Zooniverse is always trying to be more efficient, and that every click helps.


TEDData researcher Jean-Baptiste Michel made his first piece of art … and the Whitney Museum acquired it

JBM-1

Jean-Baptiste Michel’s “I wish I could be exactly what you’re looking for” (2014). The words that appear in it are tweets that start with “I wish.” Photo: Courtesy of Jean-Baptiste Michel

Jean-Baptiste Michel has sold a small sculpture to the Whitney Museum of American Art. A major museum acquiring a piece—that’s a big moment for any artist. But this sculpture is the very first piece of art Michel ever created.

Jean-Baptiste Michel + Erez Lieberman Aiden: What we learned from 5 million booksJean-Baptiste Michel + Erez Lieberman Aiden: What we learned from 5 million booksMichel is the data researcher who showed what you can learn using Google’s Ngram Viewer at TEDxBoston in 2011, and who calculated the mathematics of history at TED2012. He credits one thing with inspiring him to take his love of data and turn it into art: joining the TED Fellows program.

“I’m not an artist. I never thought that I could do anything in that area,” says Michel, in the Brooklyn office space he shares with several other TED Fellows. “I really consider this a very direct consequence of my being a TED Fellow because I was not exposed to this kind of world before—I was in dry academia. The ability to just bring to life the other aspects of our creativity is something [I learned from] seeing what the Fellows were doing, and understanding their very down-to-earth, no-fuss approach to doing things. Just trying stuff and seeing if it works.”

The 10×15 sculpture acquired by the Whitney at first looks like a shiny square of hot pink lacquer. In the corner is a small screen, which flashes with sentences like, “I WISH I could record my dreams and watch them later” and “I WISH you could delete feelings.” These sentences are real-life tweets, starting with the words “I wish,” posted by people around the world. Michel says there are several thousand of these tweets every minute—a Raspberry Pi behind the display selects a small group every 30 seconds, and changes which ones are shown every five. Michel named the piece “I wish I could be exactly what you’re looking for,” after one of his favorite tweets it has displayed.

The idea behind the piece is to take a set of big data—all the tweets containing these words—and to create an intimate connection with its smallest pieces. “I was not expecting that [the tweets] would be so meaningful. It’s actual emotions, people’s inner desires on display,” says Michel. “What I was used to looking at before was the breadth—it’s big data, so you measure volumes, and what you see is patterns … What I was interested in here was the contrary—going back to that individual thing that this pattern came from. I wanted to show the original intent, the original thought itself.”

Michel got the idea for how to achieve this goal after seeing others in his office playing with Arduino and Raspberry Pi. Massimo Banzi: How Arduino is open-sourcing imaginationMassimo Banzi: How Arduino is open-sourcing imagination But creating a beautiful object—one embedded with electronics—was very new to him. Many people in his office space lent a hand to help him clarify the idea, order the right materials and figure out how to use tools. TED Fellow James Patten was especially helpful on all these fronts.

Excited by what he saw developing, Michel created several other pieces in line with the first: “I want to be your idea of perfect” (which displays on a long, thin screen akin to a stock ticker) and “I need to go away for a while” (set into a block of wood). Just last week, Michel made his newest piece, called “It’s time to try defying gravity,” which he built inside a vintage flip clock. As Michel walks by his desk, the piece displays the words, “IT’S TIME for another tattoo.”

Michel, who recently published the book Uncharted and is focusing on a new venture Quantified Labs, typically only displays his art at home and in his office. It was another TED connection that led to the Whitney purchasing “I wish I could be exactly what you’re looking for.” One day, Marc Azoulay—studio director for TED Prize winner JR—came by Michel’s apartment, and gravitated toward the piece. He suggested that Michel display it as part of his exhibit exploring the interplay between public and private at the SPRING/BREAK Art Show in New York. It was there that a curator at the Whitney saw the sculpture and brought it to the museum’s buying committee.

Last week, Michel visited the Whitney to make sure all parts of the piece were working properly. “This continues to baffle me day in and day out,” he says. “This is the first piece that I made—I’m just still very surprised. It’s extremely lucky.”

Jean-Baptiste Michel's latest work, "It's time to try defying gravity" (2014). For it, he built into a vintage clock. Photo: Courtesy of Jean-Baptiste Michel

Jean-Baptiste Michel’s latest work, “It’s time to try defying gravity” (2014), which he built into a vintage clock. Photo: Courtesy of Jean-Baptiste Michel

A closer look at "I wish I could be exactly what you're looking for" (2014). Photo: Courtesy of Jean-Baptiste Michel

A closer look at “I wish I could be exactly what you’re looking for” (2014). Photo: Courtesy of Jean-Baptiste Michel

Another in the series, called "I need to go away for a while" (2014). Photo: Courtesy of Jean-Baptiste Michel

Another in the series, called “I need to go away for a while” (2014). Photo: Courtesy of Jean-Baptiste Michel

Find out more about these works »


TEDIs math the language of the universe? A bilingual TED-Ed Club explores

LFNY1

Student Pierre Hirschler gives a TED-Ed Club presentation, exploring math as a universal language.

In New York City, it’s common to hear ten different languages just on your walk to work in the morning. For the students at Lycée Français de New York, that kind of multicultural exposure doesn’t stop at the schoolhouse doors. With a combination French-English curriculum, this PreK-12 school educates students who represent more than 50 nationalities. And when the LFNY TED-Ed Club chose a topic for their final presentation, the students were drawn to language — more specifically, the possibility of a universal one.

LFNY’s presentation, titled “Math Universe,” is a collaboration that combines individual research presentations from each member of the club into a larger final piece, which was presented by club member Pierre Hirschler. Marie De Azevedo, a senior at LFNY, explains it: “We found a wider question — which was ‘Is math the language of the universe?’ — and we broke it into multiple parts. We looked at the history of wanting to unify math as one whole system or one whole concept, and we looked at why people want this, and how it works or doesn’t work.”

LFNY3

The TED-Ed Club at Lycée Français de New York.

When asked about his favorite discovery during his research, club member Grégoire Gindrey said, “I like the fact that there are different models in physics — relativity, Newton’s model, etc. — and we tend to think that one’s wrong and one’s right, but it actually just happens that they’re all right, but in their respective point of reference.”

The students’ daily exposure to many cultures helped give them insight into this idea. Gindrey continued, “Since we’re in a French high school, but in an American city — and especially in New York — we’re in contact with different cultures. I think we understand in some ways the notion of not having just one unified model, but different models; that helped us in our comprehension of the problem.”

Along with learning quite a bit of math, the students also honed their research and presentation skills. Gindrey says, “It was great being able to do research with others, so that if someone had a different point of view, they could always join the discussion. We could find a completely different conclusion because there were a lot of different points of view.”

Check out Lycée Français de New York’s insights on unity in math by watching their full presentation here:

<iframe class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/WkDJs97n3Bk?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

This post first ran on the TED-Ed Blog. Read much more about TED’s education initiative TED-Ed »

Find out more about TED-Ed Clubs » 


TEDA $5 million challenge to help community college students graduate

<iframe class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/NcmdoL4Smh8?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Ani Okkasian was the first in her family to go to college. “My parents escaped a communist country and got to the States with $700 in their pocket,” she says. And so, when she joined a TEDActive 2014 workshop held by the Robin Hood Foundation to brainstorm ways to help community college students graduate, she offered an insight from her own college experience: These students may feel like they’re floating on their own.

Community colleges offer access to higher education for more than 8 million students a year in the United States, many of them from low-income backgrounds and, like Okkasian, the first in their family to go to college. Robin Hood has identified a pattern at play on community college campuses; a large number of students require remedial classes before moving on, but only 28% of students who take them earn their degree, even 8.5 years later. Hoping to change this, Robin Hood has launched a $5 million College Success Prize—a venture capital-sized award for a technology solution to keep community college students on track to graduate in three years. The solution could help students improve their writing and problem solving, or could focus on building social and behavioral skills that are also a part of success.

It’s in the space of the social where Okkasian, who is now an adjunct professor at Woodbury University and the Marketing and Communications Manager for the Los Angeles Area Chamber of Commerce, saw an opportunity. “On a fundamental level, I identify with the type of students that Robin Hood is trying to help,” she says. “I felt it was my responsibility to participate in [the TEDActive] workshop and provide insights from firsthand experience.”

The workshop began with attendees thinking about who students in remedial classes are: How old are they? What do their lives look like outside of school? What kind of access do they have to mentorship? From there, they broke into three groups for rapid-fire brainstorming, each group scrawling an intricate tangle of Post-It notes before them.

Okkasian liked that her team brought together thinkers from different backgrounds, and noticed that everyone seemed to agree on one core idea: that letting students know they are not alone could make a difference. “We chose to focus on the idea of a small learning network for the students most at risk of dropping out,” she says. “We realized that social connections could be the conduit for content that will enable these students to succeed.”

Her team’s excitement for the idea has continued, even after TEDActive. “We have some Google hangouts scheduled,” she says. “We’re excited to put the final touches on our idea and submit it for consideration.”

They have time to polish it. The College Success Prize works something like an incubator—there are three rounds, starting with an application process that’s open through the end of June 2014. Semi-finalists will receive $40,000 in funding to get their idea rolling and, in January, three finalists will be picked to receive $60,000 more in development money, along with help from consultants ideas42. These three solutions will then be tested starting in the fall of 2015 on a sample of 2,000 CUNY community college students. Over the course of a three-year trial, finalists will receive cash as they reach target goals. Any team whose solution leads to a 15 percent increase in students graduating in three years will split a grand prize of $3.5 million.

Robin Hood’s senior vice president says the idea of the challenge is to get people with interesting insights, like Okkasian, working on the problem. “Education is the silver bullet when it comes to fighting poverty, and we want the biggest thinkers, and the most innovative developers and designers to step up to the challenge,” he says.

TEDActive attendees deep in thought at the Robin Hood College Success workshop. Photo: Sarah Nickerson

TEDActive attendees deep in thought at the Robin Hood College Success workshop. Photo: Sarah Nickerson

Just a bit of the Post-It sprawl that ensued. Photo: Sarah Nickerson

Just a bit of the Post-It sprawl that ensued. Photo: Sarah Nickerson

A group presents its ideas to the rest of the workshop. Photo: Sarah Nickerson

A group presents its ideas to the rest of the workshop. Photo: Sarah Nickerson

Read more about the remedial course problem »

Read more about the Robin Hood College Success Prize »

Read more about the Robin Hood TEDActive workshop »


TEDWhat makes a TED Fellow? Tom Rielly tells all

TEDFellows Retreat 2013. August 17 - 21, 2013, Whistler, BC. Photo: Ryan Lash

Twice a year, we select 20 unconventional change-makers to join the TED Fellows program, a global network of innovators from a wide spectrum of disciplines. Last year’s TED Fellows class included an eye surgeon using low-cost mobile phone technology to make eye care more accessible across Kenya; photojournalists documenting conflicts in Palestine and Bosnia; a biological anthropologist researching cancer in ancient skeletal remains; a biomechatronics engineer making prosthetics more comfortable; a journalist investigating fragile post-9/11 civil liberties; an astrophysicist investigating the origins of our universe – and many more.

Are you thinking about applying to be a TEDGlobal 2014 Fellow? You’ve got an extra week to get your application in — the deadline is extended through Friday, April 25. In this final stretch, we asked program director Tom Rielly: “What do you look for in a TED Fellow?” Here, he lists the qualities that make TED Fellows stand out, his evolving vision for the Fellowship program, and why you (yes, you) should apply immediately.

The TED Fellows come from a zillion different backgrounds and are experts in a vast array of fields. Yet they all seem to have a personality streak that lets them interact with an almost kinetic energy, on an emotional as well as intellectual level. It’s hard to put into words—how would you describe this quality?

I’ll take a stab at it: intellectual, energetic, social and emotional fluency. Pick at least two or three. Add a porous-membrane attitude to collaboration, genuine optimism and a love for playing idea-jazz alone and in bands.

Twice a year, you go through applications from hundreds of extraordinary people. Give us the scoop: what are the initial factors that tell you someone will make it through the process? What are some of the deciding factors as you home in on the final set?

Succinctly put, we’re looking for achievement and character — that is, amazing people who’ve made major breakthroughs or have achieved outstanding output. But that’s not enough. We’re looking for certain kinds of people with strong character. Kind, genuine, generous, plus a certain je ne sais quoi. Quirky is just fine. We’re interested in people in the first half of their careers, usually between the ages of 21 and 45.

Towards the end of the process, we are curating a class of 20 Fellows. Can we create a group that is geographically diverse, from diverse disciplines, with complementary personalities? Think of it as putting together a college class. You want athletes, actors, engineers and so on. The mix is very important.

Has it become any easier to identify what kind of person you want as a Fellow over the past several years and 300+ Fellows?

Without question, it’s easier. We’ve evaluated thousands of submissions, and by trial and error, we’ve learned what makes a stellar Fellow and correlated these qualities to their applications. We look at every application submitted, but it’s nearly at the point to where I can glance at an application and know when I’m excited to read further.

How has your vision for the Fellowship changed from 2009 to now? What is your ambition for the Fellows?

When we started the program, our vision was to bring extraordinary young people to the TED community, people who could not otherwise afford to participate. Today, it’s clear that the program’s largest value is the other Fellows. So we now think about the Fellows as a powerful network, where each node can profoundly influence each other node, and the group as a whole functions kind of like a supercomputer. We haven’t lost our focus on the amazing individuality of each Fellow, but now we look at each person in the context of a robust group that collaborates, communicates and achieves things together across disciplines, in a way they never could have alone. Don’t worry, it’s not the Borg. It’s just that each individual in a strong community benefits from that community.

The good kind of ambition is about striving toward a difficult goal. Our goal is that each of our Fellows and the group can use the Fellows program as a platform to reach seemingly impossible goals. Our focus is on the Fellows and their growth, not on the program per se.

A lot of Fellows speak of having felt lonely and isolated in their work before joining the Felllowship. While passionate about what they do, they weren’t convinced that anyone out there cared. Given this, many incredibly talented folks out there might be talking themselves out of applying for TED Fellows. What would you say to them?

It’s true – many Fellows are such mavericks they have not yet been recognized by their peers or received much validation for their work. That is one of the most amazing things about the Fellows program: it’s an instant peer group of people who understand and value you, who understand what it’s like to be on the bleeding edge, who appreciate unusual things. The Fellowship experience is transformative for so many Fellows.

If I can convey only one message in this whole conversation it’s this: If in doubt about whether you should apply, apply anyway. We hear frequently of people who haven’t clicked on the link because they don’t think they’re good enough, strong enough, haven’t done enough. But some we’ve heard about and encouraged to apply have been accepted. If you’re not sure, apply! It’s free to apply, and only good could come of it. This is not the time to let doubt, loneliness, self-esteem issues or anything else keep you from a great opportunity. Applying is free! As they would say in a late-night American infomercial: Don’t wait – act now!

Apply to be a TEDGlobal 2014 Fellow »

Read more about the TED Fellows program »


Planet DebianJohn Goerzen: A Dry Spring

Spring in the prairie is a bit of an odd thing this year. Here and there, near ditches and creeks, a short, soft blanket of lush green grass covers the ground. A few feet away, patches of green are visible between the brown shoots of last year’s grass. Some trees are already turning green, purple, red, and white, while others stand still and brown, stubbornly insisting that spring is not here yet. To look at the thermometer may not be much guide either; two days after the temperature was nearly 90, we woke to see a dusting of snow on the ground.

It’s been dry, terribly try in Kansas. Grass next to a gravel driveway or road often has a chalkish layer of dust on it, kicked up by passing cars or even a stiff wind. The earth thirsts.

It is somehow fitting to celebrate Easter, that spring holiday, in the midst of the dry ground, to remember that water is not the only thing that can quench thirst.

Easter morning began sleepily, as we got up early to head to a sunrise service. It was in a pasture just outside a small Kansas town, and we gathered there at about 6:15, wearing only light jackets against the breeze. A fire was burning, and there was water on hand to quickly douse any grass that caught first that wasn’t supposed to — and it was occasionally used.

I was doing the prelude for the service, playing on my penny whistle. I enjoyed being able to do that, and was glad that the wind was calm enough that it didn’t interfere too much with the music.

We sang some hymns, listened to some Bible readings, and just stood in silence, listening to the crackle of the fire, some country dogs playing, and watching the sky to the east transform as the sun came up.

Then it was on to church for breakfast, and a break before the Easter service — the pipe organ ringing, piano playing with it, and deep trombone and full sanctuary of people singing our 4-part Easter hymns celebrating the day. Laura had the idea of pinning carnations onto the cross, and we got to watch everyone come up and add theirs.

Jacob and Oliver enjoyed the sunrise service. They decided they would keep a watchful eye on the first and the dogs, they enjoyed muffins at breakfast and playing in the church after that. But if you are 4 or 7, what is Easter without an Easter egg hunt? And they got in several.

Laura and I hid some eggs around the yard. Jacob asked me to use a radio to tell them when the eggs were ready. Here they are, bounding out the door to begin the hunt!

And, of course, if you are 4 or 7 and have a geek for a dad, you will naturally think to bring radios with you to the next hunt. To tell your brother what you’re finding, of course.

It was a good weekend, and in fact, Jacob even volunteered to put up a “wet floor” sign after he spilled some water:

On the last car ride of the day, Jacob decided he would write a story about his Easter. He decided he would publish a big book, and be a famous author and make other children happy. Oliver, of course, decided he needed an Easter story also. We couldn’t very well publish a book in the car, but I did manage to use my phone to capture their stories.

It’s been a long and busy week, but there is much to be joyful about, even when tired.

Sociological ImagesThe Sinking of Quicksand

“For many of us, quicksand was once a real fear,” write the producers at Radio Lab:

It held a vise-grip on our imaginations, from childish sandbox games to grown-up anxieties about venturing into unknown lands. But these days, quicksand can’t even scare an 8-year-old.

Interviewing a class of fourth graders, writer Dan Engber discovered that most understood the concept, but didn’t find it particularly worrisome.  ”I usually don’t think about it,” said one.  They were more afraid of things like aliens, zombies, ghosts, and dinosaurs.  But they understood that it was something that people used to be afraid of: ”My dad told me that when he was little his friends always said ‘look out that could be quicksand!’”

Engber became fascinated with what happened to quicksand.  He found a source of data — compiled by, of all things, quicksand sexual fetishists — that included every movie scene that involved quicksand from the 1900s to the 2000s.  Comparing this number to the total number of movies produced allowed him to show that quicksand had a lifecourse.  It rose in the ’40s, skyrocketed in the ’60s, and then fell out of favor.

1.jpg

Why?

Engber found a pattern in the data.  In quicksand’s early years, the movie scenes featured quicksand as a very serious threat.  But, after quicksand peaked, it became a  joke.  In the ’80s, quicksand even made it into My Little Pony and Perfect Strangers.  Later, in discussions about plot lines for Lost, the idea of quicksand was dismissed as ridiculous.

I guess it’s fair to say that quicksand “jumped the shark.”

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="315" width="420"><param name="allowFullScreen" value="true"/><param name="allowscriptaccess" value="always"/><param name="src" value="//www.youtube.com/v/gXB1rmIDk9U?version=3&amp;hl=en_US"/><param name="allowfullscreen" value="true"/><embed allowfullscreen="true" allowscriptaccess="always" height="315" src="//www.youtube.com/v/gXB1rmIDk9U?version=3&amp;hl=en_US" type="application/x-shockwave-flash" width="420"></object>

In sociology, we call this the social construction of social problems: the fact that our fears don’t perfectly correlate with the hazards we face.  In this case, media is implicated. What is it making us fear today?

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

RacialiciousIn His Own Words: Gabriel Garcia Marquez (1927-2014)

<iframe allowfullscreen="" frameborder="0" height="345" src="http://www.youtube.com/embed/UzHWZKZXZwI" width="545"></iframe>

Solidarity with our dreams will not make us feel less alone, as long as it is not translated into concrete acts of legitimate support for all the peoples that assume the illusion of having a life of their own in the distribution of the world.

Latin America neither wants, nor has any reason, to be a pawn without a will of its own; nor is it merely wishful thinking that its quest for independence and originality should become a Western aspiration. However, the navigational advances that have narrowed such distances between our Americas and Europe seem, conversely, to have accentuated our cultural remoteness. Why is the originality so readily granted us in literature so mistrustfully denied us in our difficult attempts at social change? Why think that the social justice sought by progressive Europeans for their own countries cannot also be a goal for Latin America, with different methods for dissimilar conditions? No: the immeasurable violence and pain of our history are the result of age-old inequities and untold bitterness, and not a conspiracy plotted three thousand leagues from our home. But many European leaders and thinkers have thought so, with the childishness of old-timers who have forgotten the fruitful excess of their youth as if it were impossible to find another destiny than to live at the mercy of the two great masters of the world. This, my friends, is the very scale of our solitude.

Nobel Prize acceptance speech, Dec. 8, 1982

When I became a professional writer the biggest problem I had was my schedule. Being a journalist meant working at night. When I started writing full-time I was forty years old, my schedule was basically from nine o’clock in the morning until two in the afternoon when my sons came back from school. Since I was so used to hard work, I felt guilty that I was only working in the morning; so I tried to work in the afternoons, but I discovered that what I did in the afternoon had to be done over again the next morning. So I decided that I would just work from nine until two-thirty and not do anything else. In the afternoons I have appointments and interviews and anything else that might come up. I have another problem in that I can only work in surroundings that are familiar and have already been warmed up with my work. I cannot write in hotels or borrowed rooms or on borrowed typewriters. This creates problems because when I travel I can’t work. Of course, you’re always trying to find a pretext to work less. That’s why the conditions you impose on yourself are more difficult all the time. You hope for inspiration whatever the circumstances. That’s a word the romantics exploited a lot. My Marxist comrades have a lot of difficulty accepting the word, but whatever you call it, I’m convinced that there is a special state of mind in which you can write with great ease and things just flow. All the pretexts—such as the one where you can only write at home—disappear. That moment and that state of mind seem to come when you have found the right theme and the right ways of treating it. And it has to be something you really like, too, because there is no worse job than doing something you don’t like.

Interview with Paris Review, published Winter 1981

The letters I find most interesting are from people who ask me where I got this theme or that passage or such and such a character. Because they feel it is about something or someone they know. They will say: So and so is just like my aunt. Or: I have an uncle just like him. And: that episode happened exactly like that in my village. How did you know about it? People from all over Latin America wrote such things, especially after ”One Hundred Years of Solitude.” They felt it was part of their lives.

Interview with The New York Times, published April 10, 1988

If I were to choose a country which had politics that I like, I would not live anywhere.

Interview with The Atlantic, published Jan. 1, 1973

The Cafe de la Parroquia could be in Cartagena perfectly well. The fact that it isn’t is purely incidental, because al1 the conditions exist in Cartagena for it to be there. As a matter of fact, the very same Cafe de la Parroquia of Veracruz would be in Cartagena if the Spaniard who built it had immigrated to Cartagena instead of to Veracruz. It’s just a matter of chance, the way it is was for my wife’s grandfather, who was an Egyptian who left for New York and ended up in Magangue. Well, that was quite a case of the poetization of space–a bit of an exaggerated one. Cartagena still needs a cafe 1ike the Cafe de la Parroquia in Veracruz, so I took the one from Veracruz, which I needed in Cartagena for my novel.

When I’m in Cartagena I sometimes suddenly feel the desire to go to a place like the Cafe de la Parroquia in Veracruz. I have to go to the bars in hotels and places like that, and I feel something is missing. How marvelous to have the freedom to be a writer who says, “Well, I’m going to put the Cafe de la Parroquia where I want it to be” Every day I’m writing I say to myself how marvelous it is to invent life, which is what you do, although within the bounds of some very strict laws because characters don’t die when you want them to, nor are they born when you want.

Interview conducted by Raymond Leslie Williams, University of Colorado-Boulder, 1987.

According to my mother’s version, the two of them met at a wake for a child. She was singing in the courtyard with her friends, following the popular custom of singing love songs to pass the time through the nine nights of mourning for innocents. Out of nowhere, a man’s voice joined the choir. All the girls turned to look at the man who was singing and were stunned by his good looks. “He is the one we’re going to marry,” they chanted, and clapped their hands in unison. He did not, however, impress my mother. “He was,” she said, “just another stranger.” And he was. His name was Gabriel Eligio Garcia, and after having abandoned his medical and pharmaceutical studies in Cartagena de Indias, owing to a lack of funds, he’d found work in some of the nearby towns in the more mundane profession of telegraph operator. A photograph from that time shows him distinguished by the equivocal bearing of impoverished gentility. He wore a suit of dark taffeta, with a four-button jacket, very close-fitting, in the style of the day, and a high, stiff collar, wide tie, and flat-brimmed straw hat. He also wore fashionable round spectacles with thin wire frames. He had a reputation as a hard-living, womanizing bohemian, but he never had a cigarette or a glass of alcohol in his long life.

– From “Serenade,” as published in The New Yorker, February 2001.

In reality, I don’t know anyone who, on a certain level, does not feel alone. This is the meaning of loneliness that interests me. I’m afraid that it may be metaphysical and that it may be reactionary and that it might look like the opposite of what I am, of what I want to be in reality, but I think that man is completely alone. I think it’s an essential part of nature.

– Interview conducted in 1967 by fellow Nobel Prize winner Mario Vargas Llosa, republished by El Comercio, Dec. 12, 2010

[Top image via CBC.ca]

The post In His Own Words: Gabriel Garcia Marquez (1927-2014) appeared first on Racialicious - the intersection of race and pop culture.

CryptogramInfo on Russian Bulk Surveillance

Good information:

Russian law gives Russia’s security service, the FSB, the authority to use SORM (“System for Operative Investigative Activities”) to collect, analyze and store all data that transmitted or received on Russian networks, including calls, email, website visits and credit card transactions. SORM has been in use since 1990 and collects both metadata and content. SORM-1 collects mobile and landline telephone calls. SORM-2 collects internet traffic. SORM-3 collects from all media (including Wi-Fi and social networks) and stores data for three years. Russian law requires all internet service providers to install an FSB monitoring device (called “Punkt Upravlenia”) on their networks that allows the direct collection of traffic without the knowledge or cooperation of the service provider. The providers must pay for the device and the cost of installation.

Collection requires a court order, but these are secret and not shown to the service provider. According to the data published by Russia’s Supreme Court, almost 540,000 intercepts of phone and internet traffic were authorized in 2012. While the FSB is the principle agency responsible for communications surveillance, seven other Russian security agencies can have access to SORM data on demand. SORM is routinely used against political opponents and human rights activists to monitor them and to collect information to use against them in “dirty tricks” campaigns. Russian courts have upheld the FSB’s authority to surveil political opponents even if they have committed no crime. Russia used SORM during the Olympics to monitor athletes, coaches, journalists, spectators, and the Olympic Committee, publicly explaining this was necessary to protect against terrorism. The system was an improved version of SORM that can combine video surveillance with communications intercepts.

Worse Than FailureCodeSOD: You Can't Handle the True!

We've all had that feeling before. We see something happening in front of us, yet because the sight doesn't conform to the worldview held within our brain, we just can't believe our own eyes. Dogs playing poker. Cats wearing panty hose. Politicians telling the truth. You get the idea. And depending on your personal threshold for incredulity, you might experience this feeling as a double take, a spit take or a psychotic break. If you happen to be prone to psychotic episodes, then I'm going to have to ask you to move on. Wait for tomorrow's WTF. Or maybe pet some kittens. Here's a picture to help you get started.

Incredibly cute kitten...sorry you can

Feeling calm and relaxed? Good. Now let me tell you a story about Steve. Steve is what you call a 'skeptic' (which is scarily close to septic, but I digress). He questions absolutely everything he encounters. He walks with overly firm footfalls to make sure that the ground won't open up under him. He carries two watches to act as verification for the clock on his smartphone. He even checks his own pulse to make sure he's alive.

What's worse is that Steve carries this tendency into his job as a developer. He writes if statements with a true block, a false block and an else block. And when comparing strings? The equality operator just won't cut it. Consider the following code.

public static void setDelay(String delay) {
   String yes = "YES";
   if ((delay.hashCode()) == yes.hashCode()) Scenario.delay= 10000; 
}

Passing a string as a parameter instead of a Boolean is something that, possibly, could be forgiven. But when it comes to checking for the value of the string, Steve is way too skeptical to just use an equal sign (or two). Instead, the hash code for both incoming value and the test value are generated and compared. Because, as everybody knows, the equality operator is not trustworthy for strings, but has no problem when comparing long integers.

Ironically (and not in the Alanis Morisette sense), by using the hashCode method, Steve has actually changed a simple comparison that was pretty certain to be accurate into one that actually could fail. After all, hashCode is not guaranteed to be unique for each string (that is, a <italic>perfect hash</italic>). So out there, somewhere, may be another string whose hashCode value actually matches the hashCode for "YES". And there are hackers working hard to find unanticipated ways to delay the scenario.

<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Planet Linux AustraliaClinton Roy: clintonroy

There’s less than a week left to get your proposal in for PyCon Australia 2014, Australia’s national Python Conference. We focus on first time speakers so please get in touch if you have any questions. The full details are available at http://2014.pycon-au.org/cfp

 

 

 


Filed under: Uncategorized Tagged: pyconau

Planet DebianRuss Allbery: Review: Hyperbole and a Half

Review: Hyperbole and a Half, by Allie Brosh

Publisher: Touchstone
Copyright: November 2013
ISBN: 1-4767-6459-X
Format: Graphic novel
Pages: 373

It's fundamentally pointless to write this review.

Some number of you have already heard of Hyperbole and a Half. Most of that group already own this book and are only reading this review so that you can remember how much fun you had reading it. But, even better, you could just stop reading this review and go read the book again.

Some of you who have heard of Hyperbole and a Half didn't know that Allie Brosh had published a book. If that's you, you're probably not reading this review any more, since you're now at your favorite book seller buying a copy of the book, rendering the review somewhat pointless.

For those of you who have not heard of Hyperbole and a Half, there's no need to read a review, because it's a blog. So, rather than reading this review, you can just follow that link and read it for yourself. If you find yourself laughing uncontrollably (and occasionally crying) and going "where can I get more of this?", well, there's a book. Which you could have also found out from the blog itself. Like I said, not much point.

If you read the blog and don't particularly care for it, well, I greatly respect your position. The diversity of taste in the human race is what leads to our wonderful variety of culture, philosophy, and art, and I appreciate your substantial contribution to that diversity. However, you should now make a mental note to never trust my humor recommendations, and you shouldn't let this review change your mind.

But, since I'm here, I may as well write a review anyway.

Hyperbole and a Half is, as mentioned, a blog by Allie Brosh. Most of the posts are quite long and substantial and in the form of cartoons mixed with text, usually (but not always) telling some sort of story. The cartoon style is what is often called "MS Paint," meaning that it looks like something drawn in Microsoft Paint with its most basic tools. (Other examples of this style are the Oatmeal and Homestuck, although Brosh stays consistently with a rawer art style than either of those.) It looks extremely simple, like child drawings (and early childhood inspires much of Brosh's material), but once one gets used to it, one realizes that Brosh gets amazing expressiveness and character out of the art style.

As an aside, yes, I am wholeheartedly recommending a book that is full of material about young children. Brosh is that good.

The subtitle of this book is "unfortunate situations, flawed coping mechanisms, mayhem, and other things that happened," and it's mostly based on (exaggerated) incidents that occurred in Brosh's life. Most of them are hilarious. Some of them are both hilarious and stunning psychological insights. She has an amazing knack for storytelling and for exaggerating just the right moments of the story, or summing up emotions in a wonderful turn of phrase or a picture. She's also amazingly good at telling embarrassing stories about herself in a way that makes you empathize rather than just cringe, and then come away feeling like you understand both her and yourself better.

If you've wandered around the Internet much, you have probably run across the phrase "clean ALL the things!" and the corresponding picture. That's from Hyperbole and a Half (specifically, "This is Why I'll Never Be an Adult") and is included in this book (improved; see below). It's even better in context.

But, beyond storytelling, the other thing Brosh is amazingly good at is capturing internal mental states and emotions in a way that the reader understands and those who have experienced the emotion immediately go "yes, THAT." The apex of this is her two-part post on depression, which is hands-down the best description of depression that I've ever read. That judgment has been echoed by multiple friends of mine with depression. And yes, both of those posts are included in the book as well, although you can also read them on the web.

As you've probably noticed, this book is partly a collection of material that's freely available on the web. Unlike some web comics collections, it's not entirely a reprint collection; there are entirely new stories here (which for me was enough by itself to buy the book). Brosh's post on the book says that it's about 50% new material. But the ones that aren't original have been edited and improved, sometimes substantially. For example, I did a quick comparison of the book version with the web version of "This is Why I'll Never be an Adult" and found Brosh redrew all of the cartoons for the story. The book is also gorgeous, if you care about such things like I do: high quality paper, thick pages, vibrant colors, and a comfortable heft to the hardcover version. It's the sort of book that feels like it will survive for decades, which is good since I intend to re-read it for decades.

Brosh has a lot of material on-line, so obviously only a small fraction made it into the book and there's more to discover on the blog. I can particularly recommend "The Alot is Better Than You at Everything" and "Boyfriend Doesn't Have Ebola. Probably.". The latter, which is mostly about creating a better pain scale, is my favorite from the blog that didn't make it into the book. And there are two more examples of the sort of thing that you'll getting here.

So ends the probably pointless review. I absolutely adore Hyperbole and a Half. It is my favorite web comic, even surpassing XKCD, which is saying something. Even if there were no material, I would have bought this book in hardcover to support Brosh and to have a high-quality printing of the blog posts. The reworkings and improvements of the republished material and the brand new additions are just bonuses. But there's no need to take my word for it; the best possible advertisement for Brosh's work is on-line, from which you can easily determine if you'll enjoy this book as much as I did.

Even the back cover and the inside flaps are awesome.

Rating: 10 out of 10

Planet Linux AustraliaDavid Rowe: Natural and Gray Coding

After writing up the Variable Power Quantiser work I added another function to my fuzzy_gray.m Octave simulation to compare natural and Gray coded binary.

Here are some results for 3,4, and 5 bit quantisers over a range of errors:

Curiously, the natural binary results are a little better (about 1dB less Eb/No for the same SNR). Another surprise is that at low Eb/No (high BERs) the SNRs are about the same for each quantiser. For example around 9dB SNR at Eb/No = -2dB, for 5,4 and 3 bits.

Here is a plot of 2 to 7 bit natural binary quantisers over a wide Eb/No range. Up to about Eb/No of 4dB (a BER of 1%), the 3-7 bit quantisers all work about the same! At lower BER (higher Eb/No), the quantisation noise starts to dominate and the higher resolutions quantisers work better. Each extra bit adds about 6dB of improved SNR.

Channel errors dominate the SNR at BER greater than 1% (Eb/No=4dB). In some sense the extra quantiser bits are “wasted”. This may not be true in terms of subjective decoded speech quality. The occasional large error tends to drag the SNR measure down, as large errors dominate the noise power. Subjectively, this might be a click, followed by several seconds of relatively clean speech. So more (subjective) testing is required to determine if natural or Gray coding is best for Codec 2 parameters. The SNR results suggest there is not much advantage either way.

Here is a plot of the error from the natural and Gray coded quantisers at Eb/No=-2dB. Occasionally, the Gray coded error is very large (around 1.0), compared to the natural coded error which has a maximum of around 0.5.

This example of a 3 bit quantiser helps us understand why. The natural binary and Gray coding is listed below the quantiser values:

Quantised Value 0.0 0.125 0.25 0.375 0.5 0.625 0.75 0.875
Natural Binary Code 000 001 010 011 100 101 110 111
Gray Code 000 001 011 010 110 111 101 100

Although Gray codes are robust to some bit errors (for example 000 and 001), they also have some large jumps, for example the 000 and 100 codes are only 1 bit error apart but jump the entire quantiser range. Natural binary has an exponentially declining error step for each bit.

Planet DebianC.J. Adams-Collier: Windows is *still* loading files

I’m moving the active directory server off of hardware on to the hypervisor. I think if I boot the drive as USB I can install the virtio disk drivers on the system. Fingers crossed!

Only thing is that this first boot off of a USB device takes *sooooo* long!

Windows_is_STILL_loading_files

Krebs on SecurityAn Allegation of Harm

In December 2013, an executive from big-three credit reporting bureau Experian told Congress that the company was not aware of any consumers who had been harmed by an incident in which a business unit of Experian sold consumer records directly to an online identity theft service for nearly 10 months. This blog post examines the harm allegedly caused to consumers by just one of the 1,300 customers of that ID theft service — an Ohio man the government claims used the data to file fraudulent tax returns on dozens of Americans last year.

Defendant Lance Ealy.

Defendant Lance Ealy.

In February, I was contacted via Facebook by 28-year-old Lance Ealy from Dayton, Ohio. Mr. Ealy said he needed to speak with me about the article I wrote in October 2013 — Experian Sold Consumer Data to ID Theft Service. Ealy told me he’d been arrested by the U.S. Secret Service on Nov. 25, 2013 for allegedly using his email account to purchase Social Security numbers and other personal information from an online identity theft service run by guy named Hieu Minh Ngo.

“I really need to speak with u about this case because the US attorney assigned to this case and the Secret Service agent are trying to cover up Experian involvement in this case,” Ealy said, without elaborating on his theory about the alleged cover-up.

Ngo is a Vietnamese national who for several years ran an online identity theft service called Superget.info. Shortly after my 2011 initial story about his service, Ngo tauntingly renamed his site to findget.me. The Secret Service took him up on that challenge, and succeeded in luring him out of Vietnam into Guam, where he was arrested and brought to New Hampshire for trial. He pleaded guilty earlier this year to running the ID theft service, and the government has been working on rounding up his customers ever since.

Mr. Ealy appears to be one of several individuals currently battling charges of identity theft after allegedly buying data from Ngo’s service, which relied in part on data obtained through a company owned by Experian.

According to the complaint (PDF) against Ealy, government investigators obtained a search warrant for Ngo’s email account in March 2013. Going through that email, investigators found that a customer of Ngo’s who used the address lanceealy123@yahoo.com had already purchased from Ngo some 363 “fullz” — a term used in the underground to describe a package of everything one would need to steal someone’s identity, including their Social Security number, mother’s maiden name, birth date, address, phone number, email address, bank account information and passwords.

The Justice Department alleges that between Jan. 28, 2013 and Oct. 17, 2013, Ealy filed at least 150 fraudulent tax returns on Americans, instructing the IRS to send the refund money to prepaid credit card accounts he controlled. The government claims that about 50 of those bogus claims were made with Social Security numbers and other data obtained from Ngo’s ID theft service.

For his part, Mr. Ealy says he’s not guilty of the crimes the government is trying to pin on him, and that prosecutors have yet to turn over any evidence as required.

“They still failed to turn over any evidence or discovery,” Ealy said in a Facebook conversation. “When I get my discovery packet I will like you to publish a story about me in connection with the Vietnam individual and can you also see who else has a case in connection with Ngo. Also they keep trying to pressure me to cooperate with them but I don’t want to until they turn over all evidence in this case.”

Initially, Ealy was facing a single-count indictment (PDF) in connection with the investigation. But when Ealy declined to agree to a plea agreement with prosecutors, the government appears to have thrown the book at him — lodging a superseding, 42-count indictment (PDF). Ealy said he recently filed a motion to fire his attorney and is currently representing himself, although he says he is looking for another lawyer.

According to local Ohio news site whio.com, Ealy is the son of a candidate running for Ohio governor. WHIO says Lance Ealy’s father — Larry Ealy – is embroiled in an ongoing investigation of allegations that he and three others who passed nominating petitions for him turned in fraudulent signatures to local board of elections.

In addition to the tax fraud charges, the younger Ealy also is accused of opening bank accounts to electronically deposit the fraudulent tax returns. If convicted, he faces up to 20 years in prison and fines of up to $250,000.

Messages discovered in Ngo's inbox from lanceealy123@yahoo.com, which the government claims was used by the accused.

Messages discovered in Ngo’s inbox from lanceealy123@yahoo.com, which the government claims was used by the accused.

Planet Linux AustraliaDavid Rowe: Variable Power Quantisation

A common task in speech coding is to take a real (floating point) number and quantise it to a fixed number of bits for sending over the channel. For Codec 2 a good example is the energy of the speech signal. This is sampled at a rate of 25Hz (once every 40ms) and quantised to 5 bits.

Here is an example of a 3 bit quantiser that can be used to quantise a real number in the range 0 to 1.0:

Quantised Value 0.0 0.125 0.25 0.375 0.5 0.625 0.75 0.875
Binary Code 000 001 010 011 100 101 110 111

The quantiser has 8 levels and a step size of 0.125 between levels. This introduces some quantisation “noise”, as the quantiser can’t represent all input values exactly. The quantisation noise reduces as the number of bits, and hence number of quantiser levels, increases. Every additional bit doubles the number of levels, so halves the step size between each level. This means the signal to noise ratio of the quantiser increases by 6dB per bit.

We use a modem to send the bits over the channel. Each bit is usually allocated the same transmit power. In poor channels, we get bit errors when the noise overcomes the signal and a 1 turns into a 0 (or a 0 into a 1). These bit errors effectively increases the noise in the decoded value, and therefore reduce the SNR. We now have errors from the quantisation process and bit errors during transmission over the channel.

However not all bits are created equal. If the most significant bit is flipped due to an error (say 000 to 100), the decoded value will be changed by 0.5. If there is an error in the least significant bit, the change will be just 0.125. So I decided to see what would happen if I allocated a different transmit power to each bit. I chose the 5 bits used in Codec 2 to transmit the speech energy. I wrote some Octave code to simulate passing these 5 bits through a simple BPSK modem at different Eb/No values (Eb/No is proportional to the the SNR of a radio channel, which is different to the SNR of the quantiser value).

I ran two simulations, first a baseline simulation where all bits are transmitted with the same power. The second simulation allocates more power to the more significant bits. Here are the amplitudes used for the BPSK symbol representing each bit. The power of each bit is the amplitude squared:

Bit 4 3 2 1 0
Baseline 1.0 1.0 1.0 1.0 1.0
Variable Power 1.61 1.20 0.80 0.40 0.40

Both simulations have the same total power for each 5 bit quantised value (e.g 1*1 + 1*1 + 1*1 + 1*1 + 1*1 = 5W). Here are some graphs from the simulation. The first graph shows the Bit Error Rate (BER) of the BPSK modem. We are interested in the region on the left, where the BER is higher than 10%.

The second graph shows the quantiser SNR performance for the baseline and variable power schemes. At high BER the variable power scheme is about 6dB better than the baseline.

The third figure shows the histograms of the quantiser errors for Eb/No = -2dB. The middle bar on both histograms is the quantisation noise, which is centred around zero. The baseline quantiser has lots of large errors (outliers) due to bit errors, however the variable power scheme has more smaller errors near the centre, where (hopefully) it has less impact on the decoded speech.

The final figure shows a time domain plot of the errors for the two schemes. The baseline quantiser has more large value errors, but a small amount of noise when there are no errors. The variable power scheme look a lot nicer, but you can see the amplitude of the smaller errors is higher than the baseline.

I used the errors from the simulation to corrupt the 5 bit Codec 2 energy parameter. Listen to the results for the baseline and variable power schemes. The baseline sample seems to “flutter” up and down as the energy bounces around due to bit errors. I can hear some “roughness” in the variable transmit power sample, but none of the flutter. However both are quite understandable, even though the bit error rates are 13.1% (baseline) and 18.7% (variable power)! Of course – this is just the BER of the energy parameters, in practice with all of the Codec bits subjected to that BER the speech quality would be significantly worse.

The simple modem simulation used here was BPSK modem over an AWGN channel. For FreeDV we use a DQPSK modem over a HF channel, which will give somewhat poorer results at the same channel Eb/No. However it’s the BER operating point that matters – we are aiming for intelligible speech over a channel between 10 and 20%, this is equivalent to a 1600 bit/s DQPSK modem on a “CCIR poor” HF channel at around 0dB average SNR.

Running Simulations

octave:6> fuzzy_gray
octave:7> compare_baseline_varpower_error_files
 
codec2-dev/src$  ./c2enc 1300 ../raw/ve9qrp.raw - | ./insert_errors - - ../octave/energy_errors_baseline.bin 56 | ./c2dec 1300 - - | play -t raw -r 8000 -s -2 -
 
codec2-dev/src$ ./c2enc 1300 ../raw/ve9qrp.raw - | ./insert_errors - - ../octave/energy_errors_varpower.bin 56 | ./c2dec 1300 - - | play -t raw -r 8000 -s -2 -

Note the 1300 bit/s mode actually used 52 bits per frame but c2enc/c2dec works with an integer number of bytes so for the purposes of simulating bit errors we round up to 7 bytes/frame (56 bits).

As I wrote this post I realised the experiments above used natural binary code, however Codec 2 uses Gray code. The next post looks into the difference in SNR performance between natural binary and Gray code.

Planet DebianRussell Coker: Sociological Images 2014

White Trash

The above poster was on a bridge pylon in Flinders St in 2012. It’s interesting to see what the Fringe Festival people consider to be associated with “white trash”. They claim homophobia is a “white trash” thing however lower class people have little political power and the fact that we still don’t have marriage equality in Australia is clear evidence that homophobia is prevalent among powerful people.

Toys vs Fairies

Fairies look pretty while boys toys do things

I took the above photo at Costco in 2012. I think it’s worth noting the way that the Disney Fairies (all female and marketed to a female audience) are standing around looking pretty while the Toy Story characters (mostly male and marketed to a male audience) are running out to do things. Having those items side by side on the shelf was a clear example of a trend in toys towards girls being encouraged to be passive while boys are doing things. The Toy Story pack has one female character, so it could be interpreted as being aimed at both boys and girls. But even that interpretation doesn’t remove the clear gender difference.

It seems ironic to me that the descriptions on the boxes are “Read, Play, and Listen” for the Toy Story pack and “Read, Play, and Colour” on the Fairies pack. Colouring is more active than listening so the pictures don’t match the contents.

Make Up vs Tools

Girls chocolate is make-up and boys chocolate is tools

I took the above photo in an Aldi store in early 2013, today I was in Aldi and noticed that the same chocolate is still on sale. A clear and pointless gender difference. Rumor has it that some of the gender difference in kids clothing is so that a child can’t wear the clothes of an older sibling of different gender, but chocolate only gets eaten once so there is no reason for this.

Oath

The above poster was inside the male toilet at Melbourne University in 2013. It would probably be good to have something like that on display all the time instead of just for one event.

Locks

Locks with inscriptions on a bridge on the Yarra River in Melbourne

I took the above picture early this year, it shows hundreds of padlocks attached to a bridge across the Yarra River in Melbourne. Each padlock has a message written or inscribed in it, mostly declarations of love. I first noticed this last year, I’m not sure how long it’s been up. There was nothing formal about this (no signs about it), people just see it and decide that they want to add to it. I guess that the council cuts some of them off periodically as the number of locks doesn’t seem to be increasing much in recent times.

It would be interesting to do some research into how many locks are needed to start one of these. It would also be interesting to discover whether the nature of the inscriptions determines the speed at which it takes off, would a bunch of padlocks with messages like “I Love Linux” inspire others as well as messages declaring love for random people? All that is required is some old locks and an engraving tool.

I wonder what the social norm might be regarding messing with those locks. If I was to use those padlocks to practice the sport of lock-picking (which I learned when in Amsterdam) I wonder whether random bystanders would try to discourage me. It seems likely that picking the locks and taking them away would get a negative reaction but I wonder whether picking them one at a time and replacing them (or maybe moving them to another wire) would get a reaction.

Blackface for Schoolkids

teachers choice blackface and yellowface masks

A craft shop at the Highpoint shopping center in Melbourne is selling “Teacher’s Choice” brand “Multicultural Face Masks”. “Multicultural” is a well regarded term in education, teaching children about other cultures is a good concept but can be implemented really badly. When I was in high school the subject “Social Studies” seemed to have an approach of “look how weird people are in other places” instead of teaching the kids anything useful.

Sociological Images has an informative article on the Australian Hey Hey it’s Saturday blackface incident in 2009 [1].

The idea of these masks seems to involve students dressing up as caricatures of other races. The mask which looks like someone’s idea of a Geisha is an even bigger WTF, mixing what the package calls “culture” (really race) with sex work. When I visited Tokyo I got the impression that “French maids” fill a similar niche to Geisha for younger Japanese men and the “maid cafe” thing is really popular there. I think it’s interesting to consider the way that a French maid costume is regarded differently to a Geisha costume. I expect that “Teacher’s Choice” doesn’t sell French maid costumes.

Delicious Cow

picture of a bovine named Delicious

Usually meat is advertised in a way that minimises the connection to living animals. Often adverts just show cuts of meat and don’t make any mention of animals and when animals are shown they are in the distance. The above picture was on the wall at a Grill’d burger restaurant in Point Cook. It shows a bovine (looks like a bull even though I believe that cows are the ones that are usually eaten) with a name-tag identifying it as “Delicious”. The name tag personalises the animal which is an uncommon thing to do when parts of an animal are going to be eaten.

Of the animals that are commonly eaten it seems that the general trend is to only show fish as complete live animals, presumably because people can identify with mammals such as cattle in a way that they can’t identify with fish. Fish are also the only complete animals that are shown dead, adverts for fish that are sold as parts (EG salmon and tuna) often show complete dead fish. But I’ve never seen a meat advert that shows a complete dead cow or sheep.

Planet DebianAxel Beckert: Xen: Running a Sid DomU with PyGrub on a Squeeze Dom0

I’m running one Debian Sid and one Jessie (Testing) Xen guest domain on a Debian Squeeze (Oldstable) Xen 4.0 running host server.

Recently I had to reboot one these virtual machines after more than a year of uptime. But the new 3.14 kernel from Debian Experimental didn’t boot. Neither did 3.13 from Debian Unstable. Nor did any other kernel image newer then the 3.5-trunk (from Debian Experimental back than) work.

Everytime pygrub bailed out with this error message:

Error: (2, 'Invalid kernel', 'xc_dom_find_loader: no loader found\n')

(Yes, the parentheses and the “\n” were part of the error message.)

After some searching on the web I found hints that this message may be caused by an unsupported compression type in the kernel image.

And indeed, if I unpack the “vmlinuz” with the extract-vmlinux tool which is part of Linux’ source code (but not yet part of any binary package in Debian), and use the extract file in grub’s menu.lst (which is then read by pygrub) instead, the DomU boots Linux kernel 3.14 again, even on a Squeeze-running Dom0.

Planet DebianMatthew Garrett: Home entertainment implementations are pretty appalling

I picked up a Panasonic BDT-230 a couple of months ago. Then I discovered that even though it appeared fairly straightforward to make it DVD region free (I have a large pile of PAL region 2 DVDs), the US models refuse to play back PAL content. We live in an era of software-defined functionality. While Panasonic could have designed a separate hardware SKU with a hard block on PAL output, that would seem like unnecessary expense. So, playing with the firmware seemed like a reasonable start.

Panasonic provide a nice download site for firmware updates, so I grabbed the most recent and set to work. Binwalk found a squashfs filesystem, which was a good sign. Less good was the block at the end of the firmware with "RSA" written around it in large letters. The simple approach of hacking the firmware, building a new image and flashing it to the device didn't appear likely to work.

Which left dealing with the installed software. The BDT-230 is based on a Mediatek chipset, and like most (all?) Mediatek systems runs a large binary called "bdpprog" that spawns about eleventy billion threads and does pretty much everything. Runnings strings over that showed, well, rather a lot, but most promisingly included a reference to "/mnt/sda1/vudu/vudu.sh". Other references to /mnt/sda1 made it pretty clear that it was the mount point for USB mass storage. There were a couple of other constraints that had to be satisfied, but soon attempting to run Vudu was actually setting a blank root password and launching telnetd.

/acfg/config_file_global.txt was the next stop. This is a set of tokens and values with useful looking names like "IDX_GB_PTT_COUNTRYCODE". I tried changing the values, but unfortunately made a poor guess - on next reboot, the player had reset itself to DVD region 5, Blu Ray region C and was talking to me in Russian. More inconveniently, the Vudu icon had vanished and I couldn't launch a shell any more.

But where there's one obvious mechanism for running arbitrary code, there's probably another. /usr/local/bin/browser.sh contained the wonderful line:
export LD_PRELOAD=/mnt/sda1/bbb/libSegFault.so
, so then it was just a matter of building a library that hooked open() and launched inetd and dropping that into the right place, and then opening the browser.

This time I set the country code correctly, rebooted and now I can actually watch Monkey Dust again. Hurrah! But, at the same time, concerning. This software has been written without any concern for security, and it listens on the network by default. If it took me this little time to find two entirely independent ways to run arbitrary code on the device, it doesn't seem like a stretch to believe that there are probably other vulnerabilities that can be exploited with less need for physical access.

The depressing part of this is that there's no reason to believe that Panasonic are especially bad here - especially since a large number of vendors are shipping much the same Mediatek code, and so probably have similar (if not identical) issues. The future is made up of network-connected appliances that are using your electricity to mine somebody else's Dogecoin. Our nightmarish dystopia may be stranger than expected.

comment count unavailable comments

,

Rondam RamblingsEvidence that religion is a drug

Five years ago I advanced the hypothesis that religion is essentially a drug that works through the placebo effect.  Today I happened to stumble across a data point to support the theory: I've been feeling down enough that I considered suicide. But today the reverend said something that got to me "Easter takes you away from despair because you yourself are also resurrected with Jesus". That

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2014-04-14 to 2014-04-20

Planet Linux AustraliaArjen Lentz: Dolphins In The Blue-2 (Finally!)

2

 

I started to swim away as fast as I could when I heard a sad, scared and quiet voice, ‘wait,’ I squeaked in relief, I saw that the shadow was only a seal. ‘ Sorry for startling you, I suppose you can’t get to sleep either?’ It asked ‘no, yes, well, lets just say that I can’t sleep easily.’ I replied. The seal seemed to be happier about this and asked ‘what’s your name anyway?’ ‘Apollo and yours?’ I asked ‘Pearl, and do you know what makes you say OI?’ ‘no wha-?’ but I never finished the question because Pearl smacked me playfully on the flipper and raced off ‘OI!’ I squealed. I swam after her trying not to click too loudly and using my echolocation. Pearl was using her excellent hearing and her sensitive whiskers to make sure I didn’t get too close.

In the end I ended up clicking, ‘ok, ok I agree and give up ok? Oh and Pearl, could you come with me to sleep with my pod? I will be pretty lonely without you.’ ‘Sure and… could you introduce me to your friends?’ she asked, ‘sure,’ I replied and with that we swam side by side back to where the pod was. When we got back we swam a quietly as we could back to where I was sleeping before. In moments I fell asleep, surprisingly, probably because of all the rushing around.

The next day came too soon and when I got shaken awake from Flipper I was confused and tired. ‘Wha? Wait, no, give me five more minutes Mum…’ I murmured, ‘wake UP Apollo, you’ve been asleep for half of the day already!’ Clicked Flipper loudly, that was when I squealed, ‘WHAT!? HALF THE DAY!?’ and woke up completely.

 

We had been swimming with the pod for two hours when we felt vibrations in the water. ‘Uhh Mum… whats happening? I’m scared’ clicked, ‘thats just a boat, don’t worry. Tell you what, how about we go ask Slash if we can do some bow riding?’ She replied ‘Yeah sure, but one question what is bow riding?’ but she never really answered my question because Slash swam over to us and said, ‘did I hear you two talking about bow riding? What a great idea!’ and he clicked without waiting for an answer and called a meeting right then and there.

 

Soon the whole pod were swimming towards the boat ,which ended up to be a cruise boat, all excited of the thought of going bow riding. We got there faster than I thought we would and everyone rushed forwards to the front of the boat and I followed hesitantly not knowing what to do. I soon found out though because everyone was jumping out of the water with the wave and I joined in and found out it was really easy and fun! ‘Wee!’ I squealed for about the hundredth time with Bubs and Flip on either side of me. I slowed down and looked up at the humans and they looked back at me with grins on their faces. ‘Come in, the water’s great!’ I squealed to them, even though I knew they couldn’t understand me.

 

One girl smiled and nodded at me as though she understood me though, she said something to her mum in human language and her mum looked thoughtful. Then they walked up the boat with me following them, the girl was looking at me all the while.

 

We soon reached where they were going and the mum walked over to this person with a hat saying “captain” on it, whatever that means. The mother talked to him and he nodded to her and the girl seemed really happy and ran somewhere else on the boat where I couldn’t see. The girl soon came back wearing something black with polka dots which I assume they use to be like us and swim. She got lowered down a ladder and as soon as the other kids saw what was happening they ran off too.

 

In no time at all there was a lot of kids in the water all trying to keep up with us so we had a bit of fun by going close to them and darting off again. It was so funny to see them swimming really slowly trying to catch us. The girl that first got in seemed to stick as close to me as she could. Somehow she got to me and she looked at my dorsal fin in surprise so I turned around and saw, for the first time, that I had a scar running all the way down it in the shape of an ‘A’.

 

I turned around in the water twice before remembering along time ago, when I was younger, playing with a sharp rock and batted it with my tail and then a lot of pain in my dorsal fin. I squealed loudly in surprise and the girl laughed. I looked closer on her swimsuit thing and saw that it had her name on it, well at least I think it was her name and I read Genevieve in yellow. She smiled at me and started swimming towards me muttering things in her human language.

 

I’m not sure what she said but she seemed to be trying to calm me down. She was coming closer to me so I darted away ready to play, but, Genevieve seemed to get sad so I slowly swam towards her and she smiled again. I dived under her and she squealed with excitement. I came back up again and splashed her. She splashed me back and soon we were having a water fight.

 

Soon mum came and immediately I knew it was time to go. I didn’t want to so I hid behind the human girl. ‘Come on now Apollo it’s time to go,’ she clicked, ‘aww but I was playing with this human…’ I clicked back. ‘Come Apollo, now! No excuses.’ She said, so, of course, I followed her back to the pod but not before I nudged Genevieve a “bye” hug.

 

As I looked at the sunset, I saw the boat disappear into the distance, and, as I settled down to sleep, I wondered if i would ever see the human girl again.

Related Posts:

  • No related posts

Planet DebianRussell Coker: Sociological Images 2012

In 2011 I wrote a post that was inspired by the Sociological Images blog [1]. After some delay here I’ve written another one. I plan to continue documenting such things.

Playground

gender segregated playground in 1918

In 2011 I photographed a plaque at Flagstaff Gardens in Melbourne. It shows a picture of the playground in 1918 with segregated boys and girls sections. It’s interesting that the only difference between the two sections is that the boys have horizontal bars and a trapeze. Do they still have gender segregated playgrounds anywhere in Australia? If so what is the difference in the sections?

Aborigines

The Android game Paradise Island [2] has a feature where you are supposed to stop Aborigines from stealing, it plays on the old racist stereotypes about Aborigines which are used to hide the historical record that it’s always been white people stealing from the people that they colonise.

Angry face icons over AboriginesAborigines described as thieves

There is also another picture showing the grass skirts. Nowadays the vast majority of Aborigines don’t wear such clothing, the only time they do is when doing some sort of historical presentation for tourists.

I took those pictures in 2012, but apparently the game hasn’t changed much since then.

Lemonade

lemonade flavored fizzy drink

Is lemonade a drink or a flavour? Most people at the party where I took the above photo regard lemonade as a drink and found the phrase “Lemonade Flavoured Soft Drink” strange when it was pointed out to them. Incidentally the drink on the right tastes a bit like the US version of lemonade (which is quite different from the Australian version). For US readers, the convention in Australia is that “lemonade” has no flavor of lemons.

Not Sweet

maybe gender queer people on bikes

In 2012 an apple cider company made a huge advertising campaign featuring people who might be gender queer, above is a picture of a bus stop poster and there were also TV ads. The adverts gave no information at all about what the drink might taste like apart from not being “as sweet as you think”. So it’s basically an advertising campaign with no substance other than a joke about people who don’t conform to gender norms.

Also it should be noted that some women naturally grow beards and have religious reasons for not shaving [3].

Episode 2 of the TV documentary series “Am I Normal” has an interesting interview of a woman with a beard.

Revolution

communist revolution Schweppes drinks

A violent political revolution is usually a bad thing, using such revolutions to advertise sugar drinks seems like a bad idea. But it seems particularly interesting to note the different attitudes to such things in various countries. In 2012 Schweppes in Australia ran a marketing campaign based on imagery related to a Communist revolution (the above photo was taken at Southern Cross station in Melbourne), I presume that Schweppes in the US didn’t run that campaign. I wonder whether global media will stop such things, presumably that campaign has the potential to do more harm in the US than good in Australia.

Racist Penis Size Joke at Southbank

racist advert in Southbank paper

The above advert was in a free newspaper at Southbank in 2012. Mini Movers thought that this advert was a good idea and so did the management of Southbank who approved the advert for their paper. Australia is so racist that people don’t even realise they are being racist.

Sam VargheseGerard Henderson shows why he should never be on TV

One of Australia’s self-styled conservatives, Gerard Henderson, is always whining about how people from his side of politics do not get a fair run on the government-funded Australian Broadcasting Corporation.

On April 16, Henderson demonstrated clearly why he should be kept as far as possible from television. Appearing on a current affairs programme, Lateline, as a guest to talk about the resignation of the premier of NSW, Barry O’Farrell, Henderson displayed the churlishness and cant for which he is known, berating the other guest, journalist Kate McClymont of the Sydney Morning Herald, and trying to force his views on those present. He was obnoxious, rude, boorish, uncivilised, and intemperate.

Henderson is a former chief of staff to John Howard, and the self-styled executive director of The Sydney Institute – formerly known as the Institute of Public Affairs. This is an organisation that seeks to make money off corporations and individuals by championing certain right-wing causes and plugging them in the media. Strangely, Henderson has managed to get many lucrative media gigs and currently writes a column for The Australian.

One thing that Henderson refuses to do is disclose from where he gets his funding to run what he describes as a think-tank. It is one of these many factories for massaging public opinion and lobbying for conservative causes. Henderson has an obsession about a couple of things – Catholicism and the alleged lack of conservative presenters on the ABC – and he repeats himself ad infinitum about these any chance he gets. Information has leaked out that he is funded by the tobacco giant Philip Morris, the asbestos seller James Hardie and the Adler group.

O’Farrell resigned because he had been caught lying to the state’s Independent Commission Against Corruption – inadvertently, by his claims – over receiving a gift of a $3000 bottle of wine from the chief executive of a company that was looking to obtain business from a state-owned company. O’Farrell denied knowing anything about the wine and an associated telephone call on the 15th; the next day, when a note of thanks in his own handwriting for said bottle surfaced, he had no option but to wind up his term in office abruptly.

Henderson stoutly tried to defend O’Farrell; he did not wish to even hear what McClymont had to say – she had, by the way, been attending the ICAC hearings and was thus that bit better informed – but kept interrupting her and hectoring her to keep quiet. It showed everyone why Henderson should visit a psychiatrist to be treated for what my late father called the Sultan Complex – a mental disease.

Henderson averred that this was not the reason why the ICAC was set up; it was not meant to entrap politicians who had hardly put a foot wrong. But the ICAC has also entrapped a number of politicians like Eddie Obeid of the NSW Labor Party, who have been involved in large-scale corruption. Henderson’s claim was that the party itself had got rid of Obeid, hence the ICAC was not needed, something that was patently incorrect.

When the Lateline presenter Steve Canane asked Henderson why he had not thought of advancing these arguments about the ICAC in the last six months since the commission started its hearings, the 68-year-old came back with the petulant answer that he had not been invited to appear on the ABC for the last six months.

But this is no argument; Henderson has had a column in the Sydney Morning Herald for a long time and he switched to The Australian in December. He has always had a platform from which to spout his insidious views. Why did he not make these astute observations some time back?

Henderson contributed nothing of any value to this discussion. He was on his usual track – “I am right and the rest of the world must shut up and listen.” Why does the ABC invite idiots like him to participate when he clearly only wants to hear the sound of his own voice?

P.S. When it comes to TV, Henderson is so desperate to display his unsmiling visage, that he even accepts invitations from someone who once called him a smart arse.

,

Planet DebianSteve Kemp: I was beaten to the punch, but felt nothing

A while back I mented github-backed DNS hosting.

Turns out NameCast.net does that already, and there is an interesting writeup on the design of something similar, from the same authors in 2009.

Fun to read.

In other news applying for jobs is a painful annoyance.

Should anybody wish to employ an Edinburgh-based system administrator, with a good Debian record, then please do shout at me. Remote work is an option, as is a local office, if you're nearby.

Now I need to go hide from the sun, lest I get burned again...

Good news? Going on holiday to Helsinki in a week or so, for Vappu. Anybody local who wants me should feel free to grab me, via the appropriate channels.

Sociological ImagesSaturday Stat: The U.S. is a “Low Tax Country”

This chart comes from Chuck Marr at the Center on Budget and Policy Priorities.  As Marr explains:

The United States is a relatively low-tax country, as the chart shows.  When measured as a share of the economy, total government receipts (a broad measure of revenue) are lower in the United States than in any other member of the Organization for Economic Co-operation and Development (OECD), even after accounting for the modest revenue increases in the 2012 “fiscal cliff” deal and the taxes that fund health reform.

1 (2) - Copy

Martin Hart-Landsberg is a professor of economics at Lewis and Clark College. You can follow him at Reports from the Economic Front.

(View original at http://thesocietypages.org/socimages)

Falkvinge - Pirate PartySweden Goes Full Retard, Requires Registration Of Every Individual Playing Lottery

Dice

Privacy: Sweden, like most European countries, has a number of governmentally-run state lotteries that are an efficient extra tax on the people who can’t math properly. Because of the jackpot sizes (nine-figure euro or dollar amounts), they are still hugely popular. From June 1, the Swedish state lottery requires people who want to buy a simple lottery ticket to identify and register.

For some time, the Swedish governmental lottery has allowed people to identify and register, in which case, the lottery will perform the service of checking each lottery ticket for winnings and depositing any winnings directly into the winner’s bank account. This has been a provided and convenient service.

However, as of June 1, this service instead goes full mandatory surveillance, requiring people to show proof of identity and be entered into a “register of gamblers” with the lottery – and since the lottery is a governmental monopoly, register with the government.

The governmental lottery is trying to spin this with all the usual words like “responsibility”, but in reality, what is happening here is yet another large stride into a full-blown surveillance state. This is not taking responsibility; this is absconding it and going full retard.

UPDATE: As pointed out, the registration can also be denied pretty much at the state lottery’s discretion. Therefore, this is more than a registration; this is a lottery playing permit.

We’re already required to apply for permits to exercise the most mundane rights like freedom of assembly and freedom of speech in public – this is a red flag. Another. (For the record, if you need a permit to exercise a freedom, it isn’t a freedom at all.)

LongNowThe Knowledge

The-Knowledge-Full-Cover_lowres

One of the early inspirations for creating the Manual for Civilization was an email I received from Lewis Dartnell in London asking me for information on a book he was writing inspired by James Lovelock’s “Book for all Seasons”.  The idea was a kind of reboot manual for humanity, and it coincided well with some other conversations we had been having at Long Now about making a collection of books that could do something similar.

Fast forward to 02014 and Lewis has finished his book “The Knowledge: How to Rebuild Our World From Scratch” which comes out today, and he was kind enough to send us a copy for our Manual for Civilization library collection. Since this is a single volume you might be wondering how much practical knowledge a book like this could actually impart. This book gives the reader a basic strategy for rebooting civilization – not every detail. For instance if you wanted to get a certain technology up and running again, which method should you employ given what we now know about modern and historical methods? Dartnell goes over the basic principle for each fundamental technology, and then discusses best options for how to rebuild it with scavenged materials (always easier), or how you might do it from scratch. He starts with the most critical and fundamental, and then builds on each of these as the book progresses. So in a way the book kind of boot straps itself from chapter to chapter. The overall goal, it seems, is to make the “hole” referred to in the graph below smaller and recover faster than the one left after the fall of Rome. (yes I know there are lots of issues with that graph but it illustrates the point of a loss of technology in civilizations)

darkages

The Knowledge is not another survival guide for gun toting doomsday “preppers”, or those excited for the zombie apocalypse, but both crowds might get something out of it. It is also not a standalone book, Lewis has published his chapter by chapter further reading list and bibliography alongside it that contains the nitty gritty details for each of the technologies discussed. You should consider The Knowledge a primer and table of contents for that larger reading list. We are happy to have The Knowledge in our collection for this reason.

Dartnell has also been following The Manual for Civilization project and has submitted his own list of books for our collection, which we include below. He considers these to be the most useful from his bibliography.  You can also follow updates and new information around the book via twitter @KnowledgeCiv.

Planet DebianJoey Hess: propellor-driven DNS and backups

Took a while to get here, but Propellor 0.4.0 can deploy DNS servers and I just had it deploy mine. Including generating DNS zone files.

Configuration is dead simple, as far as DNS goes:

     & alias "ns1.example.com"
        & Dns.secondary hosts "joeyh.name"
                & Dns.primary hosts "example.com"
                        (Dns.mkSOA "ns1.example.com" 100)
                        [ (RootDomain, NS $ AbsDomain "ns1.example.com")
            , (RootDomain, NS $ AbsDomain "ns2.example.com")
                        ]

The awesome thing is that propellor fills in all the other information in the zone file by looking at the properties of the hosts it knows about.

 , host "blue.example.com"
        & ipv4 "192.168.1.1"
        & ipv6 "fe80::26fd:52ff:feea:2294"

        & alias "example.com"
        & alias "www.example.com"
        & alias "example.museum"
        & Docker.docked hosts "webserver"
            `requres` backedup "/var/www"
        
        & alias "ns2.example.com"
        & Dns.secondary hosts "example.com"

When it sees this host, Propellor adds its IP addresses to the example.com DNS zone file, for both its main hostname ("blue.example.com"), and also its relevant aliases. (The .museum alias would go into a different zone file.)

Multiple hosts can define the same alias, and then you automaticlly get round-robin DNS.

The web server part of of the blue.example.com config can be cut and pasted to another host in order to move its web server to the other host, including updating the DNS. That's really all there is to is, just cut, paste, and commit!

I'm quite happy with how that worked out. And curious if Puppet etc have anything similar.


One tricky part of this was how to ensure that the serial number automtically updates when changes are made. The way this is handled is Propellor starts with a base serial number (100 in the example above), and then it adds to it the number of commits in its git repository. The zone file is only updated when something in it besides the serial number needs to change.

The result is nice small serial numbers that don't risk overflowing the (so 90's) 32 bit limit, and will be consistent even if the configuration had Propellor setting up multiple independent master DNS servers for the same domain.


Another recent feature in Propellor is that it can use Obnam to back up a directory. With the awesome feature that if the backed up directory is empty/missing, Propellor will automcatically restore it from the backup.

Here's how the backedup property used in the example above might be implemented:

backedup :: FilePath -> Property
backedup dir = Obnam.backup dir daily
    [ "--repository=sftp://rsync.example.com/~/webserver.obnam"
    ] Obnam.OnlyClient
    `requires` Ssh.keyImported SshRsa "root"
    `requires` Ssh.knownHost hosts "rsync.example.com" "root"
    `requires` Gpg.keyImported "1B169BE1" "root"

Notice that the Ssh.knownHost makes root trust the ssh host key belonging to rsync.example.com. So Propellor needs to be told what that host key is, like so:

 , host "rsync.example.com"
        & ipv4 "192.168.1.4"
        & sshPubKey "ssh-rsa blahblahblah"

Which of course ties back into the DNS and gets this hostname set in it. But also, the ssh public key is available for this host and visible to the DNS zone file generator, and that could also be set in the DNS, in a SSHFP record. I haven't gotten around to implementing that, but hope at some point to make Propellor support DNSSEC, and then this will all combine even more nicely.


By the way, Propellor is now up to 3 thousand lines of code (not including Utility library). In 20 days, as a 10% time side project.

Planet DebianRussell Coker: Swap Space and SSD

In 2007 I wrote a blog post about swap space [1]. The main point of that article was to debunk the claim that Linux needs a swap space twice as large as main memory (in summary such advice is based on BSD Unix systems and has never applied to Linux and that most storage devices aren’t fast enough for large swap). That post was picked up by Barrapunto (Spanish Slashdot) and became one of the most popular posts I’ve written [2].

In the past 7 years things have changed. Back then 2G of RAM was still a reasonable amount and 4G was a lot for a desktop system or laptop. Now there are even phones with 3G of RAM, 4G is about the minimum for any new desktop or laptop, and desktop/laptop systems with 16G aren’t that uncommon. Another significant development is the use of SSDs which dramatically improve speed for some operations (mainly seeks).

As SATA SSDs for desktop use start at about $110 I think it’s safe to assume that everyone who wants a fast desktop system has one. As a major limiting factor in swap use is the seek performance of the storage the use of SSDs should allow greater swap use. My main desktop system has 4G of RAM (it’s an older Intel 64bit system and doesn’t support more) and has 4G of swap space on an Intel SSD. My work flow involves having dozens of Chromium tabs open at the same time, usually performance starts to drop when I get to about 3.5G of swap in use.

While SSD generally has excellent random IO performance the contiguous IO performance often isn’t much better than hard drives. My Intel SSDSC2CT12 300i 128G can do over 5000 random seeks per second but for sustained contiguous filesystem IO can only do 225M/s for writes and 274M/s for reads. The contiguous IO performance is less than twice as good as a cheap 3TB SATA disk. It also seems that the performance of SSDs aren’t as consistent as that of hard drives, when a hard drive delivers a certain level of performance then it can generally do so 24*7 but a SSD will sometimes reduce performance to move blocks around (the erase block size is usually a lot larger than the filesystem block size).

It’s obvious that SSDs allow significantly better swap performance and therefore make it viable to run a system with more swap in use but that doesn’t allow unlimited swap. Even when using programs like Chromium (which seems to allocate huge amounts of RAM that aren’t used much) it doesn’t seem viable to have swap be much bigger than 4G on a system with 4G of RAM. Now I could buy another SSD and use two swap spaces for double the overall throughput (which would still be cheaper than buying a PC that supports 8G of RAM), but that still wouldn’t solve all problems.

One issue I have been having on occasion is BTRFS failing to allocate kernel memory when managing snapshots. I’m not sure if this would be solved by adding more RAM as it could be an issue of RAM fragmentation – I won’t file a bug report about this until some of the other BTRFS bugs are fixed. Another problem I have had is when running Minecraft the driver for my ATI video card fails to allocate contiguous kernel memory, this is one that almost certainly wouldn’t be solved by just adding more swap – but might be solved if I tweaked the kernel to be more aggressive about swapping out data.

In 2007 when using hard drives for swap I found that the maximum space that could be used with reasonable performance for typical desktop operations was something less than 2G. Now with a SSD the limit for usable swap seems to be something like 4G on a system with 4G of RAM. On a system with only 2G of RAM that might allow the system to be usable with swap being twice as large as RAM, but with the amounts of RAM in modern PCs it seems that even SSD doesn’t allow using a swap space larger than RAM for typical use unless it’s being used for hibernation.

Conclusion

It seems that nothing has significantly changed in the last 7 years. We have more RAM, faster storage, and applications that are more memory hungry. The end result is that swap still isn’t very usable for anything other than hibernation if it’s larger than RAM.

It would be nice if application developers could stop increasing the use of RAM. Currently it seems that the RAM requirements for Linux desktop use are about 3 years behind the RAM requirements for Windows. This is convenient as a PC is fully depreciated according to the tax office after 3 years. This makes it easy to get 3 year old PCs cheaply (or sometimes for free as rubbish) which work really well for Linux. But it would be nice if we could be 4 or 5 years behind Windows in terms of hardware requirements to reduce the hardware requirements for Linux users even further.

Planet DebianRussell Coker: Phone Based Lectures

Early this month at a LUV meeting I gave a talk with only my mobile phone to store notes. I used Google Keep to write the notes as it’s one of the easiest ways of writing a note on a PC and quickly transferring it to a phone – if I keep doing this I will find some suitable free software for this task. Owncloud seems promising [1], but at the moment I’m more concerned with people issues than software.

Over the years I’ve experimented with different ways of presenting lectures. I’m now working with the theory that presenting the same data twice (by speaking and text on a projector) distracts the audience and decreases learning.

Editing and Viewing Notes

Google Keep is adequate for maintaining notes, it’s based on notes that are a list of items (like a shopping list) which is fine for lecture notes. It probably has lots of other functionality but I don’t care much about that. Keep is really fast at updating notes, I can commit a change on my laptop and have it visible on my phone in a few seconds over 3G.

Most of the lectures that I’ve given have involved notes on a laptop. My first laptop was a Thinkpad 385XD with a 12.1″ display and all my subsequent laptops have had a bigger screen. When a laptop with a 12″ or larger screen is on a lectern I can see the notes at a glance without having to lean forward when 15 or fewer lines of text are displayed on the screen. 15 lines of text is about the maximum that can be displayed on a slide for the audience to read and with the width of a computer display or projector is enough for a reasonable quantity of text.

When I run Keep on my Galaxy Note 2 it displays about 20 rather short lines of text in a “portrait” orientation (5 points for a lecture) and 11 slightly longer lines in a “landscape” orientation (4 points). In both cases the amount of text displayed on a screen is less than that with a laptop while the font is a lot smaller. My aim is to use free software for everything, so when I replace Keep with Owncloud (or something similar) I will probably have some options for changing the font size. But that means having less than 5 points displayed on screen at a time and thus a change in the way I present my talks (I generally change the order of points based on how well the audience seem to get the concepts so seeing multiple points on screen at the same time is a benefit).

The Samsung Galaxy Note 2 has a 5.5″ display which is one of the largest displays available in a phone. The Sony Xperia X Ultra is one of the few larger phones with a 6.44″ display – that’s a large phone but still not nearly large enough to have more than a few points on screen with a font readable by someone with average vision while it rests on a lectern.

The most obvious solution to the problem of text size is to use a tablet. Modern 10″ tablets have resolutions ranging from 1920*1080 to 2560*1600 and should be more readable than the Thinkpad I used in 1998 which had a 12″ 800*600 display. Another possibility that I’m considering is using an old phone, a Samsung Galaxy S weighs 118 to 155 grams and is easier to hold up than a Galaxy Note 2 which weighs 180g. While 60g doesn’t seem like much difference if I’m going to hold a phone in front of me for most of an hour the smaller and lighter phone will be easier and maybe less distracting for the audience.

Distributing URLs

When I give a talk I often want to share the addresses of relevant web sites with the audience. When I give a talk with the traditional style lecture notes I just put the URLs on the final page (sometimes using tinyurl.com) for people to copy during question time. When I use a phone I have to find another way.

I did a test with QR code recognition and found that a code that takes up most of the width of the screen of my Galaxy Note 2 can be recognised by a Galaxy S at a distance of 50cm. If I ran the same software on a 10″ tablet then it would probably be readable at a distance of a meter, if I had the QR code take up the entire screen on a tablet it might be readable at 1.5m away, so it doesn’t seem plausible to hold up a tablet and allow even the first few rows of the audience to decode a QR code. Even if newer phones have better photographic capabilities than the Galaxy S that I had available for testing there are still lots of people using old phones who I want to support. I think that if QR codes are to be used they have to be usable by at least the first three rows of the audience for a small audience of maybe 50 people as that would allow everyone who’s interested to quickly get in range and scan the code at the end.

Chris Samuel has a photo (taken at the same meeting) showing how a QR code from a phone could be distributed to a room [2]. But that won’t work for all rooms.

One option is to just have the QR code on my phone and allow audience members to scan it after the lecture. As most members of the audience won’t want the URLs it should be possible for the interested people to queue up to scan the QR code(s).

Another possibility I’m considering is to use a temporary post on my documents blog (which isn’t syndicated) for URLs. The WordPress client for Android works reasonably well so I could edit the URL list at any time. That would work reasonably well for talks that have lots of URLs – which is quite rare for me.

A final option is to use Twitter, at the end of a talk I could just tweet the URLs with suitable descriptions. A good portion of the Tweets that I have written is URLs for web sites that I find interesting so this isn’t a change. This is probably the easiest option, but with the usual caveat of using a proprietary service as an interim measure until I get a free software alternative working.

Any suggestions?

Please comment if you have any ideas about ways of addressing these issues.

Also please let me know if anyone is working on a distributed Twitter replacement. Please note that anything which doesn’t support followers on multiple servers and re-tweets and tweeting to users on other servers isn’t useful in this regard.

Planet DebianThomas Goirand: OpenStack 2014.1, aka Icehouse, is out

The new version of OpenStack is out, and I have just finished uploading it all into Debian Sid. With a total of 38 packages that I uploaded yesterday (which was exhausting!), most, if not all, were only moving from Experimental to Sid with only tiny updates, and this represents the achievement of 6 months of packaging work. The new feature list is impressive, and I would like to highlight some part of it:

  • New Ironic bare metal service.
  • New Designate DNS as a Service project.
  • Trove (DB as a Service) graduated from incubation and should work well now.
  • TripleO (OpenStack On OpenStack) is now fully in Debian, together with Tuskar and Tuskar-UI.
  • OpenStack now has VXLAN support through the new version of OVS and kernel >= 3.13. This solves the scalability issues with GRE tunnels.

For the moment, I haven’t packaged Sahara (eg: Hadoop as a service), but it might come later as a customer of us might require it.

There’s a lot less unit tests issues in the packages I uploaded to Sid: all SQLAlchemy issues have been dealt with. I wasn’t confident with the Havana release that Sid / Testing would be a good environment for OpenStack, but this time with Icehouse, I think it should be much better. Please test this brand new release and report issues on the BTS. As always, the packages are available also as Wheezy backports through the usual channels (see the official install guide).

Planet Linux AustraliaGabriel Noronha: Solar 1 year on

this time last year we had the solar installed well by this time it was well on the roof … this date last year we had the meter replaced and the solar turned on.

The statistics:

  • kWh Imported 4295.3
  • kWh Exported 3199.9
  • kWh generated according to the inverter 4936
  • Fit Collected at 8c kWh $255.99
  • kWh not purchased or sold 1736.1

I’m currently on a flat rate of 29.084 c/kWh (note my rate has gone up since solar was installed) minus 10% discount  plus 5.5  c /kWh for green energy = 31.94 c /kWh. So the amount not purchased or sold is what I saved by not buying 1736.1*31.94c = $554.51 + the money I got from Fit $255.99 so in a year it’s saved me ~$810.5.

Has the solar been a good investment no…the capital cost was around $8.5k so with the amount saved it’ll take 10 years to pay back. The main reason for this is that we export way too much and the fit is so low if we got paid what it costs us it would of saved us ~$1500 a year and only 5.5 years to pay back.  Do I care if it was a solid investment not really.

If we look at how green it is if we take imported – exported (1095 kWh)  that’s how much power I’ve used from other generators which for my area is black coal, but that has been offset by my green power money purchasing green power from wind and biogass. so does my house run emissions free when it comes to electricity according to an accountant yes, because every kWh of power I’ve used has been purchased from a green source  but maybe not according to an engineer.

Other interesting notes on the power bill:

average kWh used per day including solar from April to may 2013 before purchasing the EV was 12.1 kwh

average kWh used per day including solar from July 2013 to April 2014 post purchasing the EV is 16.5 kwh

so the effect of owning an EV on our power bills is about 4.4 kwh per day $1.40 increased cost. Note: this would also include seasonal cost extras like summertime air con and winter time heating so I won’t have a clear picture until we 1 year of EV ownership.

Planet Linux AustraliaGabriel Noronha: Getting ClearOS to work with Atheros Communications AR8151 v2.0 Gigabit Ethernet (rev c0)

ClearOS formally Clarkconnect based of Centos…

Start by enabling the Tim S repo

To install the repo first install the public key (yes all RPM’s will now be signed) :-)
rpm --import ftp://timburgess.net/RPM-GPG-KEY-TimB.txt

Then install the release RPM (by default the ‘timb’ and ‘timb-testing’ repo’s will be disabled)

wget ftp://timburgess.net/repo/clearos/5.2/os/timb-release-1-0.noarch.rpm
rpm -Kv timb-release-1-0.noarch.rpm
rpm -Uvh timb-release-1-0.noarch.rpm

ref http://www.clearfoundation.com/docs/howtos/adding_tim_s_repo

yum --enablerepo=timb install kmod-atl1e

ref http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,28/func,view/id,24438/limit,10/limitstart,50/

last you need to edit the /etc/modprobe.conf
it need to contain an alias for every network card in my case I have a TP-link installed as well so

alias eth0 r8169
alias eth1 atl1e

if you fail to get this to work ifconfig -a will have a odd tmp interface.

Planet DebianBen Hutchings: Linux kernel update for Debian 7.5; new Intel Ethernet drivers

Debian 7.5 will include an update to the Linux kernel, based on Linux 3.2.57. Package version 3.2.57-2 is currently available in the wheezy-proposed-updates suite. I would appreciate any testing people can do to find regressions in the next few days.

In addition to bug fixes, this version updates the e1000e and igb drivers. The drivers are now based on the versions found in Linux 3.13, which support several newer chips (i210, i211, i217, i218, i354). Please consider testing this new kernel if you have an Intel gigabit Ethernet controller, even if it was already supported in Linux 3.2.

Planet DebianPaul Tagliamonte: Hy at PyCon 2014

I gave a talk this year at PyCon 2014, about one of my favorite subjects: Hy. Many of my regular readers will have no doubt explored Hy's thriving GitHub org, played with try-hy, or even installed it locally by pip installing it. I was lucky enough to be able to attend PyCon on behalf of Sunlight, with a solid contingint of my colleagues. We put together a writeup on the Sunlight blog if anyone was interested in our favorite talks.

Tons of really amazing questions, and such an amazingly warm reception from so many of my peers throughout this year's PyCon. Thank you so much to everyone that attended the talk. As always, you should Fork Hy on GitHub, follow @hylang on the twitters, and send in any bugs you find!

Hopefully I'll be able to put my talk up in blog-post form soon, but until then feel free to look over the slides or just watch the talk.

An extra shout-out to @akaptur for hacking on Hy during the sprints, and giving the exception system quite the workthrough. Thanks, Allison!

,

Planet DebianThorsten Glaser: Stay off my computer, puppet!

I was out, seeing something that wasn’t there yet when I was at school (the “web” was not ubiquitous, back then), and decided to have a look:

pageok

Ugh. Oh well, PocketIE doesn’t provide a “View Source” thingy, so I asked Natureshadow (who got the same result on his Android, and had no “View Source” either apparently, so he used cURL to see it). We saw (here, re-enacted using ftp(1)):

	tg@blau:~ $ ftp -Vo - http://www.draitschbrunnen.de/
	<!-- pageok -->
	<!-- managed by puppet -->
	<html>
	<pre>pageok</pre>
	</html>
 

This is the final straw… after puppet managed to trash a sudoers(5) at work (I warned people to not introduce it) now it breaks websites. ☺

(Of course, tools are useful, but at best to the skill of their users. Merely dumbly copying recipes from “the ’net” without any understanding just makes debugging harder for those of us with skills.)

ObQuestion: Does anyone have ⓐ a transcript (into UTF-8) and ⓑ a translation for the other half of the OpenBSD 2.8 poster? (I get asked this regularily.)
Update: One person sent me the Kanji and Kana for it in UTF-8 「俺のマシンに手を出すな!」, and they and one more person told me it’s “Hands off my machine!” or “Don’t lay a hand on my machine!”. Now I’m not studying Japanese, but it LGTM in FixedMisc [MirOS], and JMdict from MirPorts says: ore no mashin ni te (w)o dasu na (roughly: my machine; particle; hands; particle; put out; prohibition) ☺ Thanks all, now I know what to tell visitors who wonder about that poster on my wall.

ObTip: I can install a few hundred Debian VMs at work manually before the effort needed to automate d-i would amortise. So I decided not to. Coworkers are shocked. I keep flexibility (can decide to have machines differ), and the boss accepts my explanations. Think before doing automation just for the sake of automation!

CryptogramFriday Squid Blogging: Squid Jigging

Good news from Malaysia:

The Terengganu International Squid Jigging Festival (TISJF) will be continued and become an annual event as one of the state's main tourism products, said Menteri Besar Datuk Seri Ahmad Said.

He said TISJF will become a signature event intended to enhance the branding of Terengganu as a leading tourism destination in the region.

"Beside introducing squid jigging as a leisure activity, the event also highlights the state's beautiful beaches, lakes and islands and also our arts, culture and heritage," he said.

I assume that Malaysian squid jigging is the same as American squid jigging. But I don't really know.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

CryptogramMetaphors of Surveillance

There's a new study looking at the metaphors we use to describe surveillance.

Over 62 days between December and February, we combed through 133 articles by 105 different authors and over 60 news outlets. We found that 91 percent of the articles contained metaphors about surveillance. There is rich thematic diversity in the types of metaphors that are used, but there is also a failure of imagination in using literature to describe surveillance.

Over 9 percent of the articles in our study contained metaphors related to the act of collection; 8 percent to literature (more on that later); about 6 percent to nautical themes; and more than 3 percent to authoritarian regimes.

On the one hand, journalists and bloggers have been extremely creative in attempting to describe government surveillance, for example, by using a variety of metaphors related to the act of collection: sweep, harvest, gather, scoop, glean, pluck, trap. These also include nautical metaphors, such as trawling, tentacles, harbor, net, and inundation. These metaphors seem to fit with data and information flows.

The only literature metaphor used is the book 1984.

This is sad. I agree with Daniel Solove that Kafka's The Trial is a much better literary metaphor. This article suggests some other literary metaphors, most notably Philip K. Dick. And this one suggests the Eye of Sauron.

Planet Linux AustraliaColin Charles: Congratulations Ubuntu, for the wide choice!

Inspired by Yngve Svendsen’s post, I too think it makes absolute sense to congratulate Ubuntu on the 14.04 LTS release (some server notes - MySQL has a section dedicated to it). Ubuntu users have a lot of server choice today (that’s from all major MySQL ecosystem vendors):

  • MySQL 5.5.35 ships in main. It is the default MySQL. Oracle has committed to providing updates to 5.5 throughout the LTS release cycle of Ubuntu (which is longer than the planned EOL for 5.5). This is why the grant of a Micro Release Exception (MRE).
  • MySQL 5.6.16 ships in universe
  • MariaDB 5.5.36 ships in universe.
  • Percona XtraDB Cluster 5.5.34 ships in universe

Ubuntu’s pitch is being the cloud platform of choice, with OpenStack support. This explains why Percona XtraDB Cluster (the only shipping Galera Cluster variant — no upstream Codership release, and no MariaDB Galera Cluster) is critical infrastructure as its used widely in OpenStack deployments. 451Research estimates that the OpenStack distributions market is worth $82 million in 2014 and $119 million in 2015.

Press release had a choice quote from Percona CEO, Peter Zaitsev:

“We are very pleased that Percona XtraDB Cluster is included in Ubuntu 14.04 LTS. Many organisations that use MySQL need high availability solutions to ensure that their applications meet the expectations of their users. Percona XtraDB Cluster is an easy to use, open source solution for MySQL clustering which addresses these high availability needs. We continue to see growth in Ubuntu usage by our customers and our open source software users so we are confident that the inclusion of Percona XtraDB Cluster in Ubuntu 14.04 will help spread the adoption of cost-effective, high availability MySQL.” Peter Zaitsev, Co-Founder and CEO at Percona

 

Related posts:

  1. Ubuntu 10.04 LTS released, MariaDB 5.1.44/5.2-BETA VM’s available
  2. OpenSUSE users have a choice of database now!
  3. Communications, Ubuntu 6.06 LTS & MySQL downloads

Geek FeminismTake arms against a sea of links, and by spamming, end them (18 April 2014)

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Oreilly Linux PlanetKali Linux Assuring Security by Penetration Testing

In Detail

Kali Linux is a comprehensive penetration testing platform with advanced tools to identify, detect, and exploit the vulnerabilities uncovered in the target network environment. With Kali Linux, you can apply appropriate testing methodology with defined business objectives and a scheduled test plan, resulting in a successful penetration testing project engagement.

Kali Linux - Assuring Security By Penetration Testing is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques with a coherent, step-by-step approach. This book offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today’s digital age.

Starting with lab preparation and testing procedures that explain the basic installation and configuration set up, this guide then focuses on discussing types of penetration testing (black-box and white-box), uncovering open security testing methodologies, and proposing the Kali Linux specific testing process. A number of security assessment tools are discussed, including those necessary to conduct penetration testing in their respective categories, following the formal testing methodology. Each of these tools have been annotated with real-world examples in context of highlighting their practical usage and proven configuration techniques. Extra weaponry treasure is also provided, and key resources that may be crucial to any professional penetration tester are cited in this book.

The authors’ experience and expertise has led to reveal the industry’s best approach for penetration testing in a logical and systematic process. This book serves as a single professional, practical, and expert guide to develop hardcore penetration testing skills from scratch. You will be trained to make the best use of Kali Linux either in a commercial environment or an experimental testbed.

Approach

Written as an interactive tutorial, this book covers the core of Kali Linux with real-world examples and step-by-step instructions to provide professional guidelines and recommendations for you. The book is designed in a simple and intuitive manner that allows you to explore the whole Kali Linux testing process or study parts of it individually.

Who this book is for

If you are an IT security professional who has a basic knowledge of Unix/Linux operating systems, including an awareness of information security factors, and want to use Kali Linux for penetration testing, then this book is for you.

Sociological ImagesThe Commodification of Easter Festivities

Flashback Friday.

The word commodification refers to the process by which something that is not bought and sold becomes something that is.  As capitalism has progressed, more and more parts of our lives have become commodified.  Restaurants are the commodification of preparing and cleaning up meals; day care and nannying is the commodification of child raising; nursing homes is the commodification of caring for elders.

We sometimes post instances of commodification that tickle us.  Previously I posted about a company that will now put together and deliver a care package to your child at camp.  A parent just goes to the site, chooses the items they want included, and charge their credit card.  As I wrote in that post: “The ‘care’ in ‘care package’ has been, well, outsourced.”

I was equally tickled by a photograph, taken by sociologist Tristan Bridges, of pre-dyed Easter eggs:

This is a delicious example of commodification.  If you don’t have the time or inclination to dye eggs as part of your Easter celebration, the market will do it for you.  No matter that this is one of those things (e.g., a supposedly enjoyable holiday activity that promotes family togetherness) that is supposed to be immune to capitalist imperatives.

While we might raise our eyebrows at this example, newly commodified goods and services often elicit this reaction.  We usually get used to the idea and, later, have a hard time imagining life any other way.

For more on commodification, peruse our tag by that name. This post originally appeared in 2012.

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Google Adsense20(14) Publisher Stories: Total Race revs up their success using Google AdSense

Time sure does fly - we’ve now reached the end of our ‘20(14) publisher stories’ blog series. Thanks for following the series and for sharing your own stories. Read on to meet this week’s featured publisher and check back soon for more publisher stories.

Total Race was created by five friends and racing enthusiasts. Covering Formula 1, stock car racing and IndyCar, the site receives 135,000 monthly visitors and employs a team of 15 editors and reporters.

Total Race partners, Ivan and Erick, were already familiar with Google AdSense and using it as a monetization solution for their other web projects. The decision to also choose it for totalrace.com.br was an easy one says Erick and today “AdSense earnings represent around 70% of our total advertising income”.

<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/KthRI6Yq4TA" width="560"></iframe>
(Don’t forget to enable english captions using the Captions button under the YouTube video)

The team also partnered with DoubleClick for Publishers (DFP) Small Business to manage their advertising and save them time. Erick is pleased with this decision stating “the process from start to finish is very fast and easy to use. I’d highly recommend this tool for publishers seeking more detail and control of their advertising campaigns”.

According to Erick, these products have been fundamental in the growth of the site. With the structure they bring, he’s ready to focus further on taking his passion for racing to an even wider audience.

Posted by Barbara Sarti - Inside AdSense Team
Was this blog post useful? Share your feedback with us.

CryptogramReverse Heartbleed

Heartbleed can affect clients as well as servers.

CryptogramOverreacting to Risk

This is a crazy overreaction:

A 19-year-old man was caught on camera urinating in a reservoir that holds Portland's drinking water Wednesday, according to city officials.

Now the city must drain 38 million gallons of water from Reservoir 5 at Mount Tabor Park in southeast Portland.

I understand the natural human disgust reaction, but do these people actually think that their normal drinking water is any more pure? That a single human is that much worse than all the normal birds and other animals? A few ounces distributed amongst 38 million gallons is negligible.

Another story.

Planet DebianRichard Hartmann: higher security

Instant classic

Trusted:

NO, there were errors:
The certificate does not apply to the given host
The certificate authority's certificate is invalid
The root certificate authority's certificate is not trusted for this purpose
The certificate cannot be verified for internal reasons

Signature Algorithm: md5WithRSAEncryption
    Issuer: C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Certificate Authority, CN=Snake Oil CA/emailAddress=ca@snakeoil.dom
    Validity
        Not Before: Oct 21 18:21:51 1999 GMT
        Not After : Oct 20 18:21:51 2001 GMT
    Subject: C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Webserver Team, CN=www.snakeoil.dom/emailAddress=www@snakeoil.dom
...
            X509v3 Subject Alternative Name: 
            email:www@snakeoil.dom

For your own pleasure:

openssl s_client -connect www.walton.com.tw:443 -showcerts

or just run

echo '
-----BEGIN CERTIFICATE-----
MIIDNjCCAp+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx
FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG
A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv
cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz
bmFrZW9pbC5kb20wHhcNOTkxMDIxMTgyMTUxWhcNMDExMDIwMTgyMTUxWjCBpzEL
MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h
a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl
cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN
AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQC554Ro+VH0dJONqljPBW+C72MDNGNy9eXnzejXrczsHs3Pc92Vaat6CpIEEGue
yG29xagb1o7Gj2KRgpVYcmdx6tHd2JkFW5BcFVfWXL42PV4rf9ziYon8jWsbK2aE
+L6hCtcbxdbHOGZdSIWZJwc/1Vs70S/7ImW+Zds8YEFiAwIDAQABo24wbDAbBgNV
HREEFDASgRB3d3dAc25ha2VvaWwuZG9tMDoGCWCGSAGG+EIBDQQtFittb2Rfc3Ns
IGdlbmVyYXRlZCBjdXN0b20gc2VydmVyIGNlcnRpZmljYXRlMBEGCWCGSAGG+EIB
AQQEAwIGQDANBgkqhkiG9w0BAQQFAAOBgQB6MRsYGTXUR53/nTkRDQlBdgCcnhy3
hErfmPNl/Or5jWOmuufeIXqCvM6dK7kW/KBboui4pffIKUVafLUMdARVV6BpIGMI
5LmVFK3sgwuJ01v/90hCt4kTWoT8YHbBLtQh7PzWgJoBAY7MJmjSguYCRt91sU4K
s0dfWsdItkw4uQ==
-----END CERTIFICATE-----
' | openssl x509 -noout -text

At least they're secure against heartbleed.

Worse Than FailureError'd: Social Insecurity Number

"Adding an account on Mint.com, it asks for the last 4 digits of my SSN and for the first 3 digits," John A. wrote, "Seriously? There are only 100 combinations left to guess the full SSN!"

 

"I was messing around with Nvidia's Linux Settings program when I came across this less than helpful tool-tip," Brendan writes.

 

"So much for my goal of answering 8 out of 10 questions correctly," writes Jan B..

 

Kyle wrote, "Visual Studio 2013 is self aware? Yeah, I'd call that a problem too."

 

Tink writes, "Apple created iBooks to help people enjoy reading, but I think I'd get bored with this line-up pretty quickly!"

 

"I don't understand how my license can have expired over 40 years ago, and yet I still have é( days to renew," Menno wrote.

 

David G. writes, "I guess CareerBuilder and I will just have to agree to disagree as to what constitutes a valid date or not."

 

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Planet Linux AustraliaGlen Turner: Unix holey files

Unix has sparse files. If you write a byte at a seek()ed location to a file then all unwritten bytes prior to that seek()ed-and-write()n byte have value zero when read. Those zeroed bytes take no storage space on the disk (although the accounting for the storage does take some space). You can think of the file as having a "hole".

Sparse files are useful for network testing, as they allow the performance of the storage and I/O hardware to be taken out of the test, leaving the performance of the operating system and the network.

Sparse files for testing are conveniently created using dd(1). For example, to create a 10GiB test file named ‘test-10gibyte.bin’:

$ dd if=/dev/zero of=test-10gibyte.bin bs=1 count=1 seek=$(( (10 * 1024 * 1024 * 1024) - 1))

and to create a 10GB file named ‘test-10gbyte.bin’:

$ dd if=/dev/zero of=test-10gbyte.bin bs=1 count=1 seek=$(( (10 * 1000 * 1000 * 1000) - 1))
Aside: Units for networking and units for RAM

Networking uses SI units for bandwidth, due to the close relationship of bandwidth with signalling frequencies, measured in SI's Hertz. The error between (103)n and (210)n increases with n; becoming concerning when n=3 (GB versus GiB); and being unsustainably large when n≥4 (TB versus TiB).

Networking also uses bits as the basic unit rather than bytes, again due to the closer relationship of bits to signalling frequencies. In networking there are 8 bits per byte. Care is taken to distinguish Gbps (gigabits per second) and GBps (gigabytes per second) due to the eight-fold difference. Incorrect casing of the ‘b’ leads to exasperated coworkers.

,

Krebs on Security3 Million Customer Credit, Debit Cards Stolen in Michaels, Aaron Brothers Breaches

Nationwide arts and crafts chain Michaels Stores Inc. said today that two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards.

michaelsThe disclosure, made jointly in a press release posted online and in a statement on the company’s Web site, offers the first real details about the breach since the incident was first disclosed by KrebsOnSecurity on January 25, 2014.

The statements by Irving, Texas-based Michaels suggest that the two independent security firms it hired to investigate the break-ins initially found nothing.

“After weeks of analysis, the Company discovered evidence confirming that systems of Michaels stores in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms,” the statement reads.

The Michaels breach first came to light just weeks after retail giant Target Corp. said that cyber thieves planted malware on cash registers at its stores across the nation, stealing more than 40 million credit and debit card numbers between Nov. 27 and Dec. 15, 2013. That malware was designed to siphon card data when customers swiped their cards at the cash register.

According to Michaels, the affected systems contained certain payment card information, such as payment card number and expiration date, about both Michaels and Aaron Brothers customers. The company says there is no evidence that other customer personal information, such as name, address or debit card PIN, was at risk in connection with this issue.

The company’s statement says the attack on Michaels’ targeted “a limited portion of the point-of-sale systems at a varying number of stores between May 8, 2013 and January 27, 2014.”

“Only a small percentage of payment cards used in the affected stores during the times of exposure were impacted by this issue,” the statement continues. “The analysis conducted by the security firms and the Company shows that approximately 2.6 million cards may have been impacted, which represents about 7% of payment cards used at Michaels stores in the U.S. during the relevant time period. The locations and potential dates of exposure for each affected Michaels store are listed on www.michaels.com.”

Regarding Aaron Brothers, Michaels Stores said it has confirmed that between June 26, 2013 and February 27, 2014, 54 Aaron Brothers stores were affected by this malware, noting that the locations for each affected Aaron Brothers store are listed on www.aaronbrothers.com.

“The Company estimates that approximately 400,000 cards were potentially impacted during this period. The Company has received a limited number of reports from the payment card brands and banks of fraudulent use of payment cards potentially connected to Michaels or Aaron Brothers.”

This incident marks the second time in three years that Michaels Stores has wrestled with a widespread compromise of its payment card systems. In May 2011, Michaels disclosed that crooks had physically tampered with some point-of-sale devices at store registers in some Chicago locations, although further investigation revealed compromised POS devices in stores across the country, from Washington, D.C. to the West Coast.

Michaels says that while the Company has received limited reports of fraud, it is offering identity protection, credit monitoring and fraud assistance services through AllClear ID to affected Michaels and Aaron Brothers customers in the U.S. for 12 months at no cost to them. Details of the services and additional information related to the ongoing investigation are available on the Michaels and Aaron Brothers websites at www.michaels.com and www.aaronbrothers.com.

Incidentally, credit monitoring services will do nothing to protect consumers from fraud on existing financial accounts — such as credit and debit cards — and they’re not great at stopping new account fraud committed in your name. The most you can hope for with these services is that they alert you as quickly as possible after identity thieves have opened or attempted to open new accounts in your name.

As I noted in a recent story about the credit monitoring industry, the offering of these services has become the de facto public response for companies that experience a data breach, whether or not that breach resulted in the loss of personal information that could lead to actual identity theft (as opposed to mere credit card fraud). For more information about the limitations of credit monitoring services and more proactive steps that you can take to better protect your identity and credit file, check out this story.

CryptogramTails

Nice article on the Tails stateless operating system. I use it. Initially I would boot my regular computer with Tails on a USB stick, but I went out and bought a remaindered computer from Best Buy for $250 and now use that.

Planet Linux AustraliaColin Charles: SSL and MariaDB/MySQL

With the recent Heartbleed bug, people are clearly more interested in their MariaDB/MySQL running with SSL and if they have problems. First up, you should read the advisory notes: MariaDB, Percona Server (blog), and MySQL (blog).

Next, when you install MariaDB (or a variant) you are usually dynamically linked to the OpenSSL library that the system provides. Typically on startup of MariaDB 10.0.10 on CentOS 6.5 (packages from the MariaDB repository), you can check what your status of SSL is.

MariaDB [(none)]> show variables like 'have_ssl';
+---------------+----------+
| Variable_name | Value    |
+---------------+----------+
| have_ssl      | DISABLED |
+---------------+----------+
1 row in set (0.00 sec)

This means that SSL options are compiled, but mysqld didn’t start with it. You can verify SSL is linked dynamically:

ldd `which mysqld` | grep ssl
	libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007ff82d1b1000)

If you are running with SSL enabled (some documentation at MySQL) you will have different options naturally. You can do this via: /etc/init.d/mysql start --ssl. Output now changes:

MariaDB [(none)]> show variables like 'have_ssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_ssl      | YES   |
+---------------+-------+
1 row in set (0.00 sec)

The value NO will be displayed if the server is not compiled with SSL support. See SSL Server System Variables for more.

Related posts:

  1. MySQL 5.6 system variables in the MariaDB 10 server
  2. Using MariaDB on CentOS 6
  3. MariaDB 10.0.5 storage engines – check the Linux packages

Planet DebianSiri Reiter: That goddamned perfection again

Since the MiniDebConf Jonas and I have been travelling in Spain, France and finally staying in Belgium for a week, getting some work done. It's been harder than imagined to work during travel. I haven't exercised either, and regained at least three of four kilos I spent much time and effort getting rid in the year preceding. I thrive in my home and find it hard to keep my own time and focus when I am deprived of my own space.

It was challenging to give a talk, "Why aren't more designers using Debian or working for Debian", my first public talk. I've been working to recapture my points in writing, to make a stronger statement, but I seem to blur my own views with conflicting ones, and I'm loosing momentum every day.

One of my reasons for speaking up was to do it even though I'm not at trained speaker and have "nothing" to contribute but my opinions from the angle of a user that happens to be a designer. Not claiming to be a superior designer, but one that would like to contribute if it was easier to figure out how. And since the community wants to encourage designers to contribute to the Debian project, I figured it to be a good idea to talk about how this has been challenging to me as a dedicated user and completely out of the question for any other designer I know - or knew before the minidebconf. No reseach, no scientific proofs, just my wiew from my "dumb user" and designer's perspective.

I saw one single attendant rolling his eyes during my talk. I didn't care at that time, but I've given that look more consideration than the people approaching me after the talk, saying thank you for voicing their opinions and thoughts. I think that's absolutely astonishing and at the same time it's just typically me. It makes me angry, first with myself for not speaking to this man's perception of things, then with myself for not just letting go of that image. I'm really glad that so many seemed to listen with curiosity and interest. What if one more - or half of the auditorium - had rolled their eyes? I don't like to feel that vulnerable.

The truth is, though, that I'm really not. I gave the talk against my fear of failure and public humiliation and I'm convinced that my thoughts and actions matter, just as anybody's does, if we dare to say what's on our minds and to take action. I believe it's in anybody's power to "make a difference" and even "change the world" - at least in a small way. I guess that's one of the underlying reasons to be a designer in the first place. That is quite a strong position to take.

I've created the wikipage http://wiki.debian.org/Design - well knowing that design is a word with many meanings. Everything is design. Since the talk I've been in doubt about that page. About the project, my aim with it, what to do about it, how to move on with just a tiny babystep, and I realise that I'm simply afraid to be disturbing someone's peace, making people angry or roll their eyes at my fumbling attempts to figure out in public what can be done to make a thriving community of designers collaborating with coders to make better, more usable and attractive software in the free, wide world. I'm starting a design process, not presenting a perfect, finished solution.

Now, having put these thoughts into words, perhaps, my mind will be somewhat appeaced and let me move on with my intended tasks of cultivating that acclaimed space in the Debian information jungle into a friendly and welcoming place with info that makes it easier to be a contributing designer in Debian.

Planet DebianElena 'valhalla' Grandi: DUCC-IT

There is exactly one month left before DUCC-IT, the Debian Ubuntu Community Conference Italia: a great chance to meet your free software developing neighborhoods.

This year it will be just one day, in Cesena, and it will include events targeted to both the community and a wider public.

The Call for Paper is still open, but only for a few days, so if you want to propose a talk/session hurry up!

#duccit14 @Debian

LongNowNeal Stephenson’s Selected Books for the Manual for Civilization

 NealReads

Best-selling author Neal Stephenson has added a couple dozen books to the Manual for Civilization. Long Now is assembling a corpus of 3,500 volumes that would help sustain or rebuild civilization. This collection will be featured at The Interval, our new public space, as a floor-to-ceiling library available to our visitors. The collection will comprise books suggested by Long Now members and charter donors to the Interval project. We’ve also invited a select group of eminent friends of Long Now, including archivists, artists, authors, educators, scientists and more, to submit lists of the books they believe are essential to Civilization.

Neal Stephenson is an author of speculative fiction whose ground-breaking novels include Snow Crash, Cryptonomicon, and Anathem, a book based in a world of 10,000 Year Clocks inspired by our own Clock of the Long Now. In fact, Neal is both a Long Now member and a charter donor to The Interval. You can join him by making a tax-deductible gift before we open in May. Every donation helps now when we need it most, and we have some wonderful ways to thank you at every level. 

For thirty years Neal Stephenson’s writing has been distinguished by how he weaves minutely detailed historical and technical information into his complex stories, usually with a wicked sense of humor. Whether it’s fashion in Victorian England or World War II era cryptography, his dedication to detailed research is readily apparent. The Baroque Cycle novels perhaps most exemplify this, as they focus on key people and events in the development of science across many cultures in the 17th and 18th centuries. We knew his recommendations would be invaluable for this project.

Many of the research sources for his novels can be found in his home library. And it was an honor and privilege that Neal walked me through his library and thoughtfully selected the list of books below for the Manual for Civilization. You can see from his selections that he believes understanding history is essential to creating the best possible future.

NealStephensonBk

Many thanks to Neal Stephenson for taking the time and care to recommend these books for our collection. His list adds to suggestions from Kevin Kelly, Maria Popova, Violet Blue, Stewart Brand, Brian Eno and dozens of other Long Now members and supporters.

Starting in late May you can visit the Manual yourself at The Interval, Long Now’s new public venue in San Francisco’s Fort Mason Center. The Interval will also feature Long Now artifacts and prototypes, sound and light art installations by Brian Eno, a cocktail menu designed on the theme of time, fine coffee and tea, and small scale events on long-term thinking and related topics.

Check back for lists from Danny Hillis and Neil Gaiman, amongst others. And for details on The Interval’s May 02014 public opening, as well as pre-opening events for charter donors. Your gifts help us pay for construction, acquire the books for the Manual for Civilization, build the A/V system to present Brian Eno’s art, and everything else that will make The Interval a one-of-a-kind venue worthy of Long Now’s mission to inspire and extol long-term thinking. Thanks for considering a gift.

Manual for Civilization Shelf level

Racialicious[Thursday Throwback] Brown and Out of Town: a POC Traveler’s Guide to Racism

by Racialicious special correspondent Wendi Muse

Author’s note: Before anyone jumps all over me, I use “brown” here as a general term for people of African or indigenous American descent, not solely South Asians or Central Americans, though the article discusses issues for all POC travelers, not just the ones with darker skin.

Ah, Madrid.

I had decided that for spring break in 2005, instead of going to Memphis as planned, I’d take a week-long trip to Paris and Madrid instead. After all, in a weird twist of fate, the plane tickets to Europe were only about 100 dollars more than those I had bought to go to the place Elvis and I both called home. I figured as I could speak, read, and understand Spanish and French, I’d be fine. I’d been to Paris before, and loved it, and had heard awesome things about Madrid from my friends, so I thought, “Why not? Just breathe, and take a chance.” So I did, though I wasn’t exactly prepared for the less than warm reception in one of the liveliest cities in the Iberian Peninsula.

Paris was no problem, possibly due in part to the city’s expressed love (read: borderline fetishizing) of black folks (Josephine Baker, anyone?) or the running assumption that I was Moroccan/generally North African and not a black American. Most people just treated me like I was French, before I opened my mouth, of course (despite my perfect French accent, my occasional pause to find vocabulary words from my high school French mental database was a dead give-a-way). No one was rude to me or my friend with whom I went out on occasion (who is half white American, half indigenous Mexican, and clearly “of color”).

Madrid, on the other hand, completely did me in.

On a super basic level, I wasn’t a big fan of the traditional Spanish food, and, instead, flocked to the numerous Middle Eastern restaurants like water in a desert mirage. And though I was only there for three days, these little hole-in-the-wall, family-run eateries ended up being my surrogate safe havens as walking around on the street proved, well, difficult. I would say the city, overall, was far from receptive. While I understood having a pride in being Spanish, or a Mardileño, to be more specific, what I did not understand was why that translated into racism. I faced constant stares, and I mean constant, many of which were steeped in anger or confusion, despite my more than proper attire (I was not one of those fanny pack-wearing, head buried in a map, incapable-of-speaking-the-native-language types of tourists, trust me). I was cat-called, a lot, and though I was conditioned to that from having lived in NYC for four years at that point, what I hadn’t been exposed to was the overtly sexual racist epithets thrown my way (none of which I will repeat here). I tried to search the eyes of other people of color for an explanation. People of Asian descent seemed happy, even moreso there than in Paris. And people clearly from Africa also seemed OK, though I am sure their black skin proved problematic at times (look no further than the Madrid soccer related racism or even the recent Formula One racing incident in Barcelona). It was the somewhat racially ambiguous brown folks who seemed to run into trouble.

El Salvadorans, Guatemalans, Mexicans, and other phentoypically outcast Latin American immigrants (along with black Africans) held lower-echelon jobs and noticeably received stares and a little street harassment as well. Their spoken Spanish was a reminder of Spain’s colonial past that history had erased, glossed over, or simply euphemized, much like textbooks of Japan, the United States, or any nation, and their appearance even more so—typically indigenous and/or African features blending with those of the Spanish conquistadores and settlers of yore rendering many of the Latin American immigrants who had come to Spain in search of work easy to spot. I noticed that Caribbean Latinos and mulatos caught hell too, receiving the same sets of glaring eyes that I did when on public transportation or simply andando a pié.

To put it nicely, it was an awkward existence I led, at best, ceasing my outdoor activities more or less once the sun set because I had been propositioned more than once in the day time, and didn’t want to risk full on sexual assault at night due to my having been assumed to be a prostitute on account of my skin color. The hostel employees (all of Latin American descent) and the falafel bar owners loved me, but they were about the only ones in Madrid who made me feel somewhat human. On the cab ride to the airport, a place where I would later be racially profiled (read: separated from a line of a ton of other people, searched, forced to weigh my carry-on, a small backpack, and made to pay 60 Euros for it being a few kilos overweight on account of an art book I had bought for a friend from the Museo del Prado!), I vowed never to come back and counted down the minutes until I’d return to Paris for my departure to New York.

But during this cab ride, I learned a few things to which I was not initially privy prior to going to Madrid. The cab driver asked me how I liked Madrid, to which I replied, “I liked it, but I don’t think it liked me too much,” which led to our discussing (no kidding) race relations in Spain. The driver, born and raised in Spain, offered a perspective I had not fully considered. He mentioned the abject poverty and limited knowledge of Spanish that plagued African immigrant communities, and in many Spaniards’ minds, the state, as they were paying taxes to support unwelcome refugees. He also discussed the cause for my frequent run-ins with men who had less than Puritan intentions in their approach: that many women from the Dominican Republic and North Africa became prostitutes in Madrid to make ends meet. His explanation for the differing treatment of Asians vs. people of indigenous or African descent boiled down to the ability to assimilate.

“They come here already speaking Spanish,” he said. “. . . and with money” he added. He didn’t agree with how I was treated, and noted that I “seemed fine,” but was sure to note that “a lot of Madrileños aren’t ready for that kind of change. The young people, maybe, but their parents and people my age, not so much. They think they are pure, and forget about the years the Moors were here. They want things to stay the same. Come back in ten years, and maybe things will be better.”

Though I was back in Paris a few hours later, I thought about what he said for a while after that. While comfortably nestled in the plush leather-upholstered seats of the Swiss Air flight back to New York, I wondered if my little trip to Spain would have been different if I possessed a lower level of melanin, or even if I looked noticeably more African instead of bearing an appearance that confused people. Upon returning to the United States, the same friends who had recommended Madrid felt a tinge of regret for not having mentioned “the racism thing” or at least not having forewarned how it may have affected me. In retrospect, they all noted, as whites, they had never thought about it. They had only heard stories, those they had selectively compartmentalized in a place far away in the back of their brains because they didn’t really have to worry about it in Europe or in the United States in the same way, say, someone visually different from the majority would.

The experience and the discussions I had in the aftermath of my time in Madrid made me reflect on the privileges, or lack thereof, we have while traveling. Though I had a bad experience in Madrid, that is not to say every person of color has a comparable story. In fact, I know a few black women who loved Madrid and who have gone back several times, stating that they experienced a few incidents of racism, but mainly that it was more an issue of mistaken national identity than anything else. I think, too, of what the cab driver expressed in relation to his (and, arguably, the city’s) impression of Asians. Even my white friends had expressed a considerable sense of alienation in Madrid at times, not due to language, but mainly in relation to cultural differences or even physical ones (being super tall or Nordic in appearance, you name it). In looking back on the experience and after hearing those of others, I was able to put things more into perspective.

Even I am “privileged” (in a physical sense) in some locations, notably northern and central Brazil, where my appearance did not garner unreasonable attention, many assuming that I was just “one of them.” I even thought of my experiences in the United States. I didn’t feel as if my physically assigned racial characteristics made me stand out in some Brooklyn neighborhoods, whereas my white or Asian-American friends expressed extreme discomfort on account of stares and even statements geared toward them. I find myself losing sight of how powerful my appearance can be at the right place and at the right time, but never forget how much of a burden it can be in other situations.

In reflecting on my previous travel experiences as I prepare for an upcoming trip to Portugal, I began thinking about how many additional things I have to consider as a woman, and, in particular, a person of color before I travel. It’s amazing how many things travel guides leave out when it comes to the treatment a person of color may receive in a certain country, how to react to incidents of racism, or even whether or not what you are experiencing has nothing to do with race and all to do with cultural miscommunication. Though maybe I should expect it by now as many of the travel guide writers are white. Then again, only white people travel, right? (kidding, though on average, whites DO travel more widely and frequently than blacks, at least.. . though, given, this could be due to a series of factors that would lead me into an entirely new post, so I’ll shelve this for now).

Besides consulting the Minority Travel Forum on Rick Steve’s Graffiti Wall with posts from travelers of color (including people involved in interracial relationships, who have adopted children of a different race/ethnicity from their own, etc), which I highly recommend, it’s worth considering the following:

1. The travel guide will most likely leave out information about the reception, or lack thereof, you may experience as a person of color. This includes common words/sayings with which you may not be familiar, but that are actually not racist (i.e. if someone in the Dominican Republic were to call you “negrito” or “indio,” it would not be meant as a racial slur, rather a term of endearment based on your skin color and/or heritage).

2. Expect the unexpected, and don’t go into the situation assuming your experience will match those of your white peers and/or friends and family of color. Your command of the native language, body language, familiarity with the culture, style of dress, etc can alter how you are perceived and treated.

3. Don’t always assume racism is at play. As a result of the history of the United States, people of color and whites alike have been rendered into sensitivity machines, often analyzing things at a level of sociological sophistication that may not be of issue in some other countries. Also, bear in mind that every nation has its own respective history and deals with race and ethnicity accordingly. Don’t attempt to color their history with your own. Think of these things before you jump the gun.

4. Find out what you can do if you ARE a victim of racism. There are several anti-racist groups (i.e. SOS Racismo in Spain and Portugal) that hold workshops and do outreach based on race-related issues. Sites like this may be worth checking out prior to taking a trip.

5. Reconcile your prior experiences with those of the present. The United States and/or your home country more likely than not has witnessed acts of racism, many of which continue. Don’t assume that it’s only the country you are visiting that has problems. If we think of the Amadou Diallo case or the Jena 6 or Vincent Chin, the U.S. is a scary and ugly place for POC too. It doesn’t make racism here or elsewhere any better, but it definitely makes you realize that every country has its problems, so you can’t let a few instances of racism frighten you away.

6. If traveling by yourself and feel threatened as a result of your race/ethnicity, try to remove yourself from the situation, if possible and find a place where you feel more welcome. You may even want to try to get to know other people like yourself in that country, depending on the duration of your stay, to get tips on places to avoid, how to behave in the case of a threat, etc.

7. Do your homework. Before traveling anywhere, ask around and look up information detailing the experiences of people like yourself. As I mentioned before, their experience may not entirely mirror the one in which you are about to partake, but it may offer some helpful advice.

8. Have a good time, despite any adversity you may encounter. If anything, I learned to laugh at the experience in Madrid in retrospect, and in a weird case of Stockholm syndrome, have considered going back one day, though with a friend this time. If you have spent the money to go somewhere else, you might as well try to get as much out of it as you can!

The post [Thursday Throwback] Brown and Out of Town: a POC Traveler’s Guide to Racism appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesHow to Lie with Statistics: Stand Your Ground and Gun Deaths

At Junk Charts, Kaiser Fung drew my attention to a graph released by Reuters.  It is so deeply misleading that I loathe to expose your eyeballs to it.  So, I offer you this:

1The original figure is on the left.  It counts the number of gun deaths in Florida.  A line rises, bounces a little, reaches a 2nd highest peak labeled “2005, Florida enacted its ‘Stand Your Ground’ law,” and falls precipitously.

What do you see?

Most people see a huge fall-off in the number of gun deaths after Stand Your Ground was passed.  But that’s not what the graph shows.  A quick look at the vertical axis reveals that the gun deaths are counted from top (0) to bottom (800).  The highest peaks are the fewest gun deaths and the lowest ones are the most.  A rise in the line, in other words, reveals a reduction in gun deaths.  The graph on the right — flipped both horizontally and vertically — is more intuitive to most: a rising line reflects a rise in the number of gun deaths and a dropping a drop.

The proper conclusion, then, is that gun deaths skyrocketed after Stand Your Ground was enacted.

This example is a great reminder that we bring our own assumptions to our reading of any illustration of data.  The original graph may have broken convention, making the intuitive read of the image incorrect, but the data is, presumably, sound.  It’s our responsibility, then, to always do our due diligence in absorbing information.  The alternative is to be duped.

Cross-posted at Pacific Standard.

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Cory DoctorowVideo: Bart Gellman and me opening for Ed Snowden at SXSW

<iframe class="youtube-player" frameborder="0" height="390" src="http://www.youtube.com/embed/mltClsxsJw4?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="640"></iframe>

Last month, Barton Gellman and I opened for Edward Snowden's first-ever public appearance, at the SXSW conference in Austin. The kind folks at SXSW have put the video online (the Snowden video itself was already up). I think we did a good job of framing the big questions raised by the Snowden leaks.

Worse Than FailureCoded Smorgasbord: Sweet Mysteries of Life

When you read a lot of bad code, you start to get a sense of why the code exists. Often, it’s ignorance- of the language, of the functional requirements, of basic logic. Sometimes, it’s management interference, and the slavish adherence to policy over practicality. Other times, it’s just lazy or sloppy work.

And sometimes, the mysterious logic that gave birth to a WTF is just that- a mystery.

Timo can’t help but wonder why this method exists:

public DataModel getEditionModel() {
   if ( true )
       throw new IllegalArgumentException( "You shouldn&apost be here" );
   return editionModel;
}

Angela is still puzzling over this one:

String timeStampLength = "                          ";
int lengthOfTimeStamp = timeStampLength.length();

Can you imagine a clearer way to express a numeric length?

Dennis found some code that needs to check the length of an array, so it does this:

function countDocuments() {
    var count = 0;

    for ( var i = 0; i < user.documents.length; i++) {
        count++;
    }

    return count;
}

If only there were a built-in method that could tell us the length of an array...

And finally, Andrew sends us this example of defensive programming, that’s about as safe as we can make it:

Private Sub ImageList_DataBound(ByVal sender As Object, ByVal e As System.EventArgs) Handles ImageList.DataBound
    Try

    Catch ex As Exception
        If TypeOf ex Is ArgumentOutOfRangeException Then
            Throw New Exception("item not found in the list...")
        End If
    End Try
End Sub
<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Planet DebianAndrew Pollock: [life] Day 79: Magic, flu shots, and play dates and dinner

Zoe slept until 7:45am this morning, which is absolutely unheard of in our house. She did wake up at about 5:15am yelling out for me because she'd kicked her doona off and lost Cowie, but went back to sleep once I sorted that out.

She was super grumpy when she woke up, which I mostly attributed to being hungry, so I got breakfast into her as quickly as possible and she perked up afterwards.

Today there was a free magic show at the Bulimba Library at 10:30am, so we biked down there. I really need to work on curbing Zoe's procrastination. We started trying to leave the house at 10am, and as it was, we only got there with 2 minutes to spare before the show started.

Magic Glen put on a really good show. He was part comedian, part sleight of hand magician, and he did a very entertaining show. There were plenty of gags in it for the adults. Zoe started out sitting in my lap, but part way through just got up and moved closer to the front to sit with the other kids. I think she enjoyed herself. I'd have no hesitation hiring this guy for a future birthday party.

Zoe had left her two stuffed toys from the car at Megan's house on Tuesday after our Port of Brisbane tour, and so after the magic show we biked to her place to retrieve them. It was close to lunch by this stage, so we stayed for lunch, and the girls had a bit of a play in the back yard while Megan's little sister napped.

It was getting close to time to leave for our flu shots, so I decided to just bike directly to the doctor from Megan's place. I realised after we left that we'd still left the stuffed toys behind, but the plan was to drive back after our flu shots and have another swim their neighbour's pool, so it was all good.

We got to the doctor, and waited for Sarah to arrive. Sarah and I weren't existing patients at Zoe's doctor, but we'd decided to get the flu shot as a family to try and ease the experience for Zoe. We both had to do new patient intake stuff before we had a consult with Zoe's doctor and got prescriptions for the flu shot.

I popped next door to the adjacent pharmacy get the prescriptions filled, and then the nurse gave us the shots.

For the last round of vaccinations that Zoe received, she needed three, and she screamed the building down at the first jab. The poor nurse was very shaken, so we've been working to try and get her to feel more at ease about this one.

Zoe went first, and she took a deep breath, and she was winding up to freak out when she had her shot, but then it was all over, and she let the breath go, and looked around with a kind of "is that it?" reaction. She didn't even cry. I was so proud of her.

I got my shot, and then Sarah got hers, and we had to sit in the waiting room for 10 minutes to make sure we didn't turn into pumpkins, and we were on our way.

We biked home, I grabbed our swim gear, and we drove back to Megan's place.

The pool ended up being quite cold. Megan didn't want to get in, and Zoe didn't last long either. Megan's Mum was working back late, so I invited Megan, her Dad and her sister over for dinner, and we headed home so I could prepare it. One of Zoe's stuffed toys had been located.

We had a nice dinner of deviled sausages made in the Thermomix, and for a change I didn't have a ton of leftovers. Jason had found the other stuffed toy in his truck, so we'd finally tracked them both down.

After Megan and family went home, I got Zoe to bed without much fuss, and pretty much on time. I think she should sleep well tonight.

,

Geek FeminismGeekfeminism.org statement on rape allegations and transmisogyny

This morning as I was about to get on a plane back from a conference I found out that Dana McCallum, aka Dana L. Contreras, a software engineer at Twitter as well as a feminist activist, was arrested in late January and charged with several felonies including rape, false imprisonment, and domestic violence. Some details of the charges are described on SFgate: SF Women’s Rights Advocate Accused of Raping Wife.

Many of us associated with geekfeminism.org and its sister organizations would like to make a statement in response.

This is horrifying and came as a shock to many of us in feminist communities, as McCallum has been a fellow feminist activist for some time. The bloggers at geekfeminism.org would like to express our empathy and support for the victim/survivor and her family.

Another aspect of this case is that the media coverage of the rape and assault charges are almost universally misogynist and transphobic both in their perpetuation of rape culture (for one, by providing an uncritical platform for McCallum’s lawyer) and in their misgendering and obsessive focus on McCallum’s gender identity and history.  Some radical feminist activists (and their many obvious sockpuppets) have also been writing hateful “trans panic” or TERF articles and tweets. We strongly repudiate such responses.

Rape is a horrible violent crime no matter who the rapist is.

The National Center for Transgender Equality director Mara Keisling says on a comment on a post by Nitasha Tiku,

“Rape is a horrific crime. Sexual violence is never okay. But this isn’t a transgender story. We can’t speak to the specifics of this case but sexual assault knows no gender. That’s why the FBI recently revised their definition of rape. As this case gains more attention, we must avoid using it as a reason to misrepresent transgender people.”

For anyone who has experienced abuse or sexual assault, it can be helpful to turn to local or broader resources. Here is a list of trans-friendly and inclusive rape survivor organizations and resources.  In San Francisco,  San Francisco Women Against Rape is a good resource;  WOMAN Inc, the Cooperative Restraining Order Clinic, and GLIDE also provide many resources for people in the SF Bay Area who have experienced domestic violence. Please don’t go through this on your own; reach out to people around you — you’re not alone.

- Liz Henry

cosigned:

Leigh Honeywell

Valerie Aurora

Brenda Wallace

Tim Chevalier

Annalee Flower Horne

Beth Flanagan

TEDOf masks & magic: Uldus Bakhtiozina makes images that poke fun at stereotypes

Stormtrooper: A portrait of a 12-year-old boy who hides his aspirations to be a ballet dancer from his friends.

Stormtrooper: A portrait of a 12-year-old boy who hides his aspirations to be a ballet dancer from his friends. Image: Uldus Bakhtiozina

A 12-year-old boy in a Stormtrooper helmet – and a tutu. A hulking man wearing a pre-Raphaelite collar of Barbie dolls. A bride standing wistfully in a garden, her face obscured by a wrestling mask. Russian photo-based artist Uldus Bakhtiozina’s whimsical and surreal images — which feature models as well as herself — raise an eyebrow at identity, gender and cultural stereotypes with humor and thoughtfulness. Exquisitely detailed and lit like classical paintings, her images reveal a vulnerability in her heavily costumed subjects, offering layers of meaning and emotion. At TED2014, we spoke to Uldus about her work and worldview. Below, an edited transcript of our conversation.

Tell us about yourself and how you got started.

I found my way to photography six years ago. At the time, I was doing my art degree in England. There I was, surrounded with so many stereotypes around my nationality, which made me smile and feel inspired at the same time. That’s why I started with self-portraits: I wanted to lay open those stereotypes and change people’s perceptions.

After I graduated from high school in Russia at 16, I studied politics, but I didn’t finish, because I realized that’s not the thing I want to do. So I moved to London for art school and studied at St Martin’s. My first degree was in graphic design. Afterwards, I did a degree in photography. I worked as a graphic designer, then as an art director, while in the process of evolving as a professional photographer. I tried different disciplines: porcelain sculpture, oil painting, illustrations, mixed media. My exploration of the arts helped me to realize that photography is the best tool to express my ideas. That’s what I do now, and what I want to do for the rest of my life.

How did you stumble on photography after trying other media? And why do you describe yourself as a photo-based artist rather than as a straight photographer?

I don’t think there is a straight photographer in the world. Photography is a tool for sending a message, not just for capturing a moment or for fashion. I describe my way of photography creation as hand-touched within the picture. I stitch costumes, glue backgrounds, draw and even cook sometimes to create the whole composition. I shoot on film, with a Pentax 67-II. This makes the process much longer than digital photography. There it is hand-touched again. I develop prints and scan them again, so the whole process of one image can take up to three months or longer.

 Sadness Never Loneliness: a self-portrait of the artist as a desperate bride, addressing the cultural expectation that every young woman desires marriage. Image: Uldus Bakhtiozina

Sadness Never Loneliness: A self-portrait of the artist as a desperate bride, addressing the cultural expectation that every young woman desires marriage. Image: Uldus Bakhtiozina

Your portraits seem to bring out people’s internal conflicts, and put them out there for all to see. You must get to know people quite well before you take a picture.

Yes. Normally, I meet with my models a lot before I photograph them. We talk, we hang out. I want them to feel warm and relaxed, and to trust me. My last project involved mostly young men. In the Russian mentality, heterosexual guys don’t really like to pose. For them to dress up or be confronted with a camera, it’s kind of doing something girly. To convince them to be my models was an issue. Their occupations are many, but all of them came to my exhibition and brought their friends. I was happy about this, because I could integrate people who are typically so far away from each other’s subcultures — some of them far from the arts field. There were punks, architects, dancers, anarchists, illustrators, graphic designers, hairdressers, old-school skinheads, all mixed together. That was the most amazing thing. I feel that my art should give a smile and positive energy.

Why is that important to you?

We already have so much negativity around us, and I want to balance this. People sometimes create very negative tragedy art — about war, illness, revolution, politics. And while this can motivate people to move toward more positive things, generally, when you open up any social network or news blog, there is bad news, bad news, bad news. I believe in motivation by creating something positive. Negative and positive emotions should be balanced.

I want to give to my audience a little bit of fairytale. I consider my photography something that makes people happier. Like a meditation. I’m happy to hear people say that they can look at my photo work for hours and they feel healed.

Hulk: a portrait of a bouncer, upending Russian social norms dictating that it's only acceptable for a man to be depicted as hyper-masculine.

Hulk: a portrait of a bouncer, upending Russian social norms dictating that it’s only acceptable for a man to be depicted as hyper-masculine. Image: Uldus Bakhtiozina

In your Fellows talk, you showed an image of a man wearing a collar of dolls from your series “Desperate Romantics.” Was he happy with the image?

Oh, yeah. He was so excited that I was showing this image at TED. It’s interesting: he’s a very brutal guy anyway, and everyone knows that the fact that he agreed to pose for the image makes him, in a way, even more brutal—because he’s not afraid to dress up like this. It makes him even more of a man. Some of his friends photograph him because he has such interesting features, and often he takes an aggressive pose. But anyone who knows him in person knows that he’s also very kind and sweet, and will always help you if you have a problem. People would say that he’s philosophical. So those who know him see the photo and say, “Yeah, that’s really Nikita.”

You’ve done a lot of art around the culture of boys and men. What about the culture of girls?

Right now, I’m doing a very feminine project. It’s going to be a book about Russian fairy tales, and Russian princesses — Tsarevnas — in these fairy tales. So these princesses are able to transform into animals at some point in the fairy tale. I stitch the costumes for them.

I want to open the subject of history of Russian fairy tales because they were created before Christianity came to Russia, before religion and church. People believed in the gods of sky, forest and sun. They were very close to nature. This is becoming popular again now in Russia, and in the world in general. People are more appreciative of their connection to nature, to the supernatural — discovering one’s self, using intuition. Russian fairy tales are a metaphor for this.

You often photograph portraits of strangers you meet on your travels. Is it as simple as that, or do you stay in one place and get to know people first?

It happens sometimes. I’ve been working on a project called “Miss Other World,” an ironic series of portraits about the Miss Universe competition, and some of those models are people I met in my travels. I use the word “miss” in terms of “missing something.” Miss Purity feeds herself with fast food, Miss Uniqueness is surrounded with hundreds of identical Buddhas, Miss Relevance sits in a temple, drinking and smoking, Miss Genuine — whom I met in Bali — has clearly had plastic surgery and is wearing plastic jewelry…

Miss Genuine: Part of the "Miss Other World" series. A portrait of a stranger encountered on Uldus's travels.

Miss Genuine: Part of the “Miss Other World” series. A portrait of a stranger encountered on Uldus’s travels. Image: Uldus Bakhtiozina

Wasn’t Miss Genuine offended that you asked her to pose?

No, she wasn’t. It’s just a matter of communication with people. I explain what the project means, what the thought process is behind my work. She sees it as a message. I also pose for this project as Miss Understanding and Miss Purity.

So you make fun of yourself as well.

Yeah, I do — a lot. It’s a part of my social experiment. When people meet me, and I start talking with them, people realize that actually, I’m quite normal. I’m not a freak. Art is my method for exploring the world, and identity, and to notice how people approach and accept things that are different from them. We often see others as we are, not as they are.

And now, I’m in the middle of this social experiment at TED. People come up to me, and I feel that through our conversation their impression about “Uldus” gets transformed up to 180 degrees. It’s interesting how they are entering new levels of understanding and coming to understand the many meanings in my work.

<iframe class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/LRzOmuWyKdc?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Above, watch a video made by Uldus, an extension of her “Miss Other World” series.


Chaotic IdealismMy Splinter Skill

Among the uninformed, autism is often associated with savant syndrome. You know--Rain Man, counting cards. Or calendar calculation, or memorizing books, or drawing something with photographic accuracy after having seen it once. It's always flashy and exotic-seeming, like savant syndrome is so hugely outside everyday experience that autistic people may as well be performing animals instead of people.

So here's the reality: Only about 10% of autistics have a savant skill, and it's a lot less flashy than Rain Man. It's just a skill that you're so naturally good at that you pick it up way more quickly than anybody else, and get way better at it than anybody else--it's like your brain is specialized for it. Neurotypicals, by that definition, can be considered to be social savants. Any NT toddler learning language has a savant-like language acquisition ability that they won't have when they're grown.

Point being: Savant skills don't define autism, and they aren't actually that weird in the first place. If you're neurotypical, you have probably had the experience of looking at somebody and just knowing how they're feeling, or following along with others' actions without having to think much about it. That's pretty much the way somebody with a savant skill learns things like that--it just feels natural to them to do it, comes easily.

Another term for a savant skill is "splinter skill", and I prefer that term because people don't associate it nearly as much with calendar-calculating, card-counting stereotypes. If I could popularize any term for it, I'd use the term "cognitive specialty", because that's basically what a savant skill or splinter skill is.

So let's talk about what a splinter skill really looks like, in everyday life. It's a very specific skill--not like a broad talent, but quite a small specialty. For example, a talent would be, "I'm good at doing math problems." A splinter skill would be, "I can prime-factor numbers very quickly and accurately." Most people with splinter skills aren't prodigious savants (a "prodigious savant" is a term for someone with the really flashy savant syndrome, like Kim Peek or Daniel Tammet). They just have this one thing that they're really good at. For example, I know of one young woman with an intellectual disability who is so hyperlexic that she learned to read at three, and in adulthood she has such natural grammar and spelling ability that she literally never makes mistakes. She's a grammar specialist. She's not a novelist; she probably doesn't study English literature; she doesn't even have any particular ability to write a good research paper. But her grammar and spelling are perfect, and have been since she was very young. Another young man had a very good spatial memory, and he worked at a warehouse. He could tell you where any product in that warehouse was located, without a map or a manifest or anything else. Those are typical examples of splinter skills.

I have a minor splinter skill. I can improvise a harmony line to any melody after hearing it once. Sometimes I can improvise the harmony during the first hearing because I am so familiar with the patterns that music takes.

I am relatively good at learning music. I play the piano passably, can sing on-key, and enjoy listening to complex classical pieces as well as the simpler, more catchy songs from musicals. My musical ability isn't a splinter skill; it's a talent. I started out with a knack for music, but I had to work to learn to play the piano, and while I've always been very good at differentiating pitches, I still had to learn how to control my voice so that the pitch I was thinking of was the one that I actually produced. (By the way, no, I don't have perfect pitch. I can guess a note within a couple of steps, and I can recognize an interval intuitively, but to me, there's nothing about a C that's distinct from a D, even though I can tell you it's the exact same difference as between an F and a G.)

I'm not actually a gifted musician in general. I'm good at music, sure, but not amazing. That's what a splinter skill is--it's very precise. It doesn't give me global ability in music; just in that one specific part of music.

Music in general, I had to learn. But the harmony thing... That came early, easily, and so naturally that I didn't realize that other people couldn't do it. I remember sitting in church as a kid, listening to a woman nearby singing harmony out of the hymnbook. I didn't realize she was following the notes. At that point in my life, I didn't know how to read music at all. I just heard that she was singing different notes that sounded good with the melody. I thought, "I can do that," and so I tried it, and I found that I learned it quickly and easily. Nowadays, I often sing an improvised harmony line to those Broadway musicals, at least when I'm alone and only my cats are there to hear me. It's just fun.

And it's not something that other people can't learn, either. It's not some hugely mysterious art. Any college music student probably knows enough about music to improvise a harmony line. It's just that I did it much younger, and it took much less learning. That's a typical splinter skill. See? It's not so intimidatingly weird after all, is it?

By the way, the idea that savant skills can't be creative--that's just bunk! Yeah, I started out with the bare mechanics of it; I liked the way sounds fit together like puzzle pieces. But as the years passed and I studied music and listened to more of it, I learned how to use that little brain quirk of mine to understand music more deeply and fully. When I listen to music, I hear all the little pieces of it, and I think about how they come together. It's like seeing all the brush strokes in a painting. If I were one of those artistic savants, I might've started out just copying from my environment, but I would've gone on to enjoy art for its own sake. For somebody with a splinter skill, the simple joy of fitting together harmonies, or playing with numbers, or drawing what they see, is entertainment enough that they generally want to learn more about it.

I am starting to wonder whether splinter skills are truly so rare. Marginal ones, like mine, are probably quite common on the autism spectrum and off it, especially among people who are neurodiverse in some way. If you think about it, savant syndrome isn't so far removed from the average person's experience at all--it's just an extreme version of what you normally see. Some people learn a subject more easily than most. Some people learn that subject more easily than they learn other things. Exaggerate that, specialize further, and you have a minor splinter skill like mine, which comes easily enough to someone who's a professional in the area and is unique mostly because they learn it so early and so quickly. Further on, you have extreme savants and then prodigious savants with multiple savant skills, whose abilities are so specialized that they would take years of training for a typical person. (The feat of memorizing a pageful of numbers in a few minutes can be performed by trained memory champions.)

When I sing a harmony line nowadays, I don't want people to look at me and think, "Wow, that's amazing!", as though I were a performing animal jumping through a hoop. I want them to think, "Wow, isn't the human brain interesting?" Because it is. And because I'm as human as they are. (Thankfully, now that I'm thirty, it's no longer odd for me to sing a harmony line in church. Plenty of people learn them from each other and read them from the hymnbooks. But when I was a kid... I used to get people turning around in their seats and complimenting me after the hymn ended.)

It's the strangest thing--the more extreme a person's savant skills, the less human they seem to be to others. I don't like that. I think Daniel Tammet is very lucky to still be thought of as human, because he's also so very articulate and is interested in brain science, and so scientists have to see him as a person instead of a test subject. Not all savants are that lucky. Savant syndrome is associated with brain damage, with developmental delay. In the worst case, a person could be seen as nothing but a mobile unit for transporting his savant skills. The person gets swallowed up by those flashy abilities, and nobody cares about what he likes and thinks and feels, what his ambitions are, who he loves. He's just "the savant". And that's scary.

Just like a disabled person might be seen as merely the sum of their disabilities, a person can also be seen as only the sum of their talents. That gifted kid is "that gifted kid"--everybody talks about his being able to take calculus at age twelve, but nobody really thinks about who he is as a person. Say he wants to become a paramedic, and loves baking cookies with Grandma, and sneaks his dog onto his bed every night even though he knows Mom hates the way the dog hair gets on the sheets... Nobody thinks about that stuff. It's all about the calculus. But what's with that? The dog-loving, cookie-baking kid with ambitions of riding in an ambulance for a living is just as real as the kid who juggles integrals.

And if you're both talented and disabled... oh, then you're really in for it! Either you're disabled, and it's "just a splinter skill" and you're not truly talented or truly creative; or you're gifted, and you should just "overcome your disability" and go be Stephen Hawking or something. (Nothing against Hawking, by the way. He does have a real talent for making physics accessible to high-schoolers, and for that I'll be forever grateful. But do they really have to constantly point out that he has ALS? We knew that after the first time they covered it; can we get to the physics now?)

People are just too complex to distill down like that. When a person has a highly visible or unusual trait like a savant skill, there's always the risk that other people will see that trait as fully defining them, as though there's nothing else to them. In reality, though, every person is so extremely complicated that even a hundred traits couldn't define them, let alone one. Perhaps that's why I like studying psychology so much--it constantly reminds me that even when you think you know what "human being" means, there's always more to learn.

LongNowMariana Mazzucato Seminar Media

This lecture was presented as part of The Long Now Foundation’s monthly Seminars About Long-term Thinking.

The Entrepreneurial State: Debunking Private vs. Public Sector Myths

Monday March 24, 02014 – San Francisco

Video is up on the Mazzucato Seminar page for Members.

*********************

Audio is up on the Mazzucato Seminar page, or you can subscribe to our podcast.

*********************

Government as radical, patient VC – a summary by Stewart Brand

The iPhone, Mazzucato pointed out, is held up as a classic example of world-changing innovation coming from business.

Yet every feature of the iPhone was created, originally, by multi-decade government-funded research. From DARPA came the microchip, the Internet, the micro hard drive, the DRAM cache, and Siri. From the Department of Defense came GPS, cellular technology, signal compression, and parts of the liquid crystal display and multi-touch screen (joining funding from the CIA, the National Science Foundation, and the Department of Energy, which, by the way, developed the lithium-ion battery.) CERN in Europe created the Web. Steve Jobs’ contribution was to integrate all of them beautifully.

Venture Capitalists (VCs) in business expect a return in 3 to 5 years, and they count on no more than one in ten companies to succeed. The time frame for government research and investment embraces a whole innovation cycle of 15 to 20 years, supporting the full chain from basic research through to viable companies. That means they can develop entire new fields such as space technology, aviation technology, nanotechnology, and, hopefully, Green technology.

But compare the reward structure. Government takes the greater risk with no prospect of great reward, while VCs and businesses take less risk and can reap enormous rewards. “We socialize the risks and privatize the rewards.” Mazzucato proposes mechanisms for the eventual rewards of deep innovation to cycle back into a government “innovation fund”—perhaps by owning equity in the advantaged companies, or retaining a controlling “golden share” of intellectual property rights, or through income-contingent loans (such as are made to students). “After Google made billions in profits, shouldn’t a small percentage have gone back to fund the public agency (National Science Foundation) that funded its algorithm?” In Brazil, China, and Germany, state development banks get direct returns from their investments.

The standard narrative about government in the US is that it stifles innovation, whereas the truth is that it enables innovation at a depth that business cannot reach, and the entire society, including business, gains as a result. “We have to change the way we think about the state,” Mazzucato concludes.

Subscribe to our Seminar email list for updates and summaries.

TEDTen years later: Dan Gilbert on life after “The surprising science of happiness”

406369_Dan_Gilbert_2004_stageshot_NEWDan Gilbert gave his first TED Talk in February 2004; The surprising science of happiness was one of the first we ever published, in September 2006. Here, the Harvard psychologist reminisces about the impact of TED, shares some suggestions of useful further reading — and owns up to some mistakes.

by Dan Gilbert

When I gave this talk in 2004, the idea that videos might someday be “posted on the internet” seemed rather remote. There was no Netflix or YouTube, and indeed, it would be two years before the first TED Talk was put online. So I thought I was speaking to a small group of people who’d come to a relatively unknown conference in Monterey, California, and had I realized that ten years later more than 8 million people would have heard what I said that day, I would have (a) rehearsed and (b) dressed better.

That’s a lie. I never dress better. But I would have rehearsed. Back then, TED talks were considerably less important events and therefore a lot more improvisational, so I just grabbed some PowerPoint slides from previous lectures, rearranged them on the airplane to California, and then took the stage and winged it. I had no idea that on that day I was delivering the most important lecture of my life.

Mea Maxima Culpa

When you wing it, you make mistakes; and when millions of people watch you wing it, several hundred thousand of them will notice. There are at least three mistakes in this talk, and I know it because I’ve been receiving (and sheepishly replying to) emails about them for nearly ten years. I’m grateful to have the opportunity to correct them.

Mistake 1. Lottery Winners & Paraplegics: The first mistake occurred when I misstated the facts about the 1978 study by Brickman, Coates and Janoff-Bulman on lottery winners and paraplegics.

At 2:54 I said, “… a year after losing the use of their legs, and a year after winning the lotto, lottery winners and paraplegics are equally happy with their lives.” In fact, the two groups were not equally happy: Although the lottery winners (M=4.00) were no happier than controls (M=3.82), both lottery winner and controls were slightly happier than paraplegics (M=2.96).

So why has this study become the poster child for the concept of hedonic adaptation? First, most of us would expect lottery winners to be much happier than controls, and they weren’t. Second, most of us would expect paraplegics to be wildly less happy than either controls or lottery winners, and in fact they were only slightly less happy (though it is admittedly difficult to interpret numerical differences on rating scales like the ones used in this study). As the authors of the paper noted, “In general, lottery winners rated winning the lottery as a highly positive event, and paraplegics rated their accident as a highly negative event, though neither outcome was rated as extremely as might have been expected.” Almost 40 years later, I suspect that most psychologists would agree that this study produced rather weak and inconclusive findings, but that the point it made about the unanticipated power of hedonic adaptation has now been confirmed by many more powerful and methodologically superior studies. You can read the original study here.

Mistake 2. The Case of Moreese Bickham: The second mistake occurred when I told the story of Moreese Bickham. At 6:18 I said, “He spent 37 years in the Louisiana State Penitentiary for a crime he didn’t commit. He was ultimately exonerated, at the age of 78, through DNA evidence.” First, whether Mr. Bickham did or did not commit the crime is debatable. His attorney tells me that he believes Mr. Bickham was innocent, the state evidently believed otherwise, and I am no judge.  Second, Mr. Bickham was not exonerated on the basis of DNA evidence, but rather, was released for good behavior after serving half his sentence.

How I managed to mangle these facts is something I still scratch my head about. Bad notes? Bad sources? Demonic possession? Sorry, I just don’t remember. But while I got these ancillary facts wrong, I got the key facts right: Mr. Bickham did spend 37 years in prison, he did utter those words upon his release, and he was (and apparently still is) much happier than most of us would expect ourselves to be in such circumstances. You can read about him here.

Mistake 3. The Irreversible Condition: The third mistake was a slip of the tongue that led me to say precisely the opposite of what I meant. At 18:02 I said, “… because the irreversible condition is not conducive to the synthesis of happiness.” Of course I meant to say reversible, not irreversible, and the transcript of the talk contains the correct word. I hope this slip didn’t stop anyone from getting married.

Digging Deeper

I mentioned two of my own studies in my talk, and people often write to ask where they can read about them. The study of the amnesiacs who were shown the Monet prints was done in collaboration with Matt Lieberman, Kevin Oschner, and Dan Schacter, was published in Psychological Science, and can be found here. The study of Harvard students who took a photography course was done in collaboration with Jane Ebert, was published in Journal of Personality and Social Psychology, and can be found here. Pretty much everything else I’ve ever thought, said, written, felt, done, wondered, cooked, smoked or eaten can be found here.

Coda

Giving this talk taught me something I hadn’t known: normal people are interested in the same things I am! Until that day, I’d always thought that psychologists did experiments for each other and occasionally subjected undergraduates to them in class. What I discovered at TED in 2004 was that I could tell a story about human psychology to regular folks and some of them would actually want to hear it. Who knew? I’d been a professor for 20 years, but that was the first time it had ever occurred to me that a classroom can be roughly the size of the world.

I left TED determined to devote a portion of my professional life to telling people about exciting discoveries in the behavioral sciences. So I started writing essays for the New York Times, I wrote a popular book called Stumbling on Happiness, I made a PBS television series called This Emotional Life, and I even appeared in a Super Bowl commercial to try to remind people to plan for their futures. I don’t know what I’ll do next –another book, a feature film, a rock opera? Whatever it is, you can almost certainly blame it on TED.


Planet DebianWouter Verhelst: Call for help for DVswitch maintenance

I've taken over "maintaining" DVswitch from Ben Hutchings a few years ago, since Ben realized he didn't have the time anymore to work on it well.

After a number of years, I have to admit that I haven't done a very good job. Not becase I didn't want to work on it, but mainly because I don't have enough time to fix DVswitch against the numerous moving targets that it uses; the APIs of libav and of liblivemedia are fluent enough that just making sure everything remains compilable and in working order is quite a job.

DVswitch is used by many people; DebConf, FOSDEM, and the CCC are just a few examples, but I know of at least three more.

Most of these (apart from DebConf and FOSDEM) maintain local patches which I've been wanting to merge into the upstream version of dvswitch. However, my time is limited, and over the past few years I've not been able to get dvswitch into a state where I confidently felt I could upload it into Debian unstable for a release. One step we took in order to get that closer was to remove the liblivemedia dependency (which implied removing the support for RTSP sources). Unfortunately, the resulting situation wasn't good enough yet, since libav had changed API enough that current versions of DVswitch compiled against current versions of libav will segfault if you try to do anything useful.

I must admit to myself that I don't have the time and/or skill set to maintain DVswitch on an acceptable level all by myself. So, this is a call for help:

If you're using DVswitch for your conference and want to continue doing so, please talk to us. The first things we'll need to do:

  • Massage the code back into working order (when compiled against current libav)
  • Fix my buildbot instance so that my grand plan of having nightly build/test runs against libav master actually works.
  • Merge patches from the suse and CCC people that look nice
  • Properly release dvswitch 0.9 (or maybe 1.0?)
  • Party!

See you there?

Geek FeminismPyCon Open Thread

Were you at PyCon? Did you stop by the Geek Feminism Hackerspace? What did you think of the talks? Tell us about your experience in the comments below.

Google AdsenseNew Ad review center features help save you time and offer improved controls.

Having the right information on the ads displayed on your site and being able to control them, is a big ask we hear from publishers. Many of you are already using the Ad review center to review and control these ads. From today, enjoy more choice with new updates designed to save you time and give you more control in the review process.

Save time by not having to review the same ad twice. Now you can see which ads you’ve already reviewed by selecting the ‘Show reviewed ads’ checkbox in the top right corner of the Ad review center.
Show reviewed ads feature
 You’ll also have more choice when reviewing ads with our new ad size widget. Using the widget, you can review ads according to their size. If you want to review only the banner ads on your page for example, they’ll be quick and easy to find. We’re still fine-tuning this feature meaning it’s possible that not every single ad of a particular size will be captured right away, but it will capture the majority of them.
New ad size widget
You’ll now also have more control with new enhancements to our related ads feature. Over the next few days, related ads will start to identify ads containing the same logo. It’ll then group together different ads containing that logo and give you the option to allow or block them running on your site. This feature will also cover ads containing the same video.

Finally, we’ve given the Ad review center a new look with a brand new user interface designed for quick and simple navigation. Try out these new features today. We’re continuously looking for new ways to make this a valuable tool for you - please tell us what else you’d like to see over on our AdSense+ page.

Posted by Fiona Herring - AdSense Product Manager
Was this blog post useful? Share your feedback with us.

CryptogramBook Title

I previously posted that I am writing a book on security and power. Here are some title suggestions:

  • Permanent Record: The Hidden Battles to Capture Your Data and Control Your World

  • Hunt and Gather: The Hidden Battles to Capture Your Data and Control Your World

  • They Already Know: The Hidden Battles to Capture Your Data and Control Your World

  • We Already Know: The Hidden Battles to Capture Your Data and Control Your World

  • Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World

  • All About You: The Hidden Battles to Capture Your Data and Control Your World

  • Tracked: The Hidden Battles to Capture Your Data and Control Your World

  • Tracking You: The Forces that Capture Your Data and Control Your World

  • Data: The New Currency of Power

My absolute favorite is Data and Goliath, but there's a problem. Malcolm Gladwell recently published a book with the title of David and Goliath. Normally I wouldn't care, but I published my Liars and Outliers soon after Gladwell published Outliers. Both similarities are coincidences, but aping him twice feels like a bit much.

Anyway, comments on the above titles -- and suggestions for new ones -- are appreciated.

The book is still scheduled for February publication. I hope to have a first draft done by the end of June, and a final manuscript by the end of October. If anyone is willing to read and comment on a draft manuscript between those two months, please let me know in e-mail.

Krebs on SecurityCritical Java Update Plugs 37 Security Holes

Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program. Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. So — if you have Java installed — it is time to update (or to ditch the program once and for all).

javamessThe latest update for Java 7 (the version most users will have installed) brings the program to Java 7 Update 55. Those who’ve chosen to upgrade to the newer, “feature release” version of Java — Java 8 — will find fixes available in Java 8 Update 5 (Java 8 doesn’t work on Windows XP).

According to Oracle, at least four of the 37 security holes plugged in this release earned a Common Vulnerability Scoring System (CVSS) rating of 10.0 — the most severe possible. According to Oracle, vulnerabilities with a 10.0 CVSS score are those which can be easily exploited remotely and without authentication, and which result in the complete compromise of the host operating system.

There are a couple of ways to find out if you have Java installed and what version may be running.  Windows users can click Start, then Run, then type “cmd” without the quotes. At the command prompt, type “java -version” (again, no quotes). Users also can visit Java.com and click the “Do I have Java?” link on the homepage. Updates also should be available via the Java Control Panel or from Java.com.

If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. Updates are available from Java.com or via the Java Control Panel. Keep in mind that updating via the control panel will auto-select the installation of the Ask Toolbar, so de-select that if you don’t want the added crapware.

Otherwise, seriously consider removing Java altogether.  I’ve long urged end users to junk Java unless they have a specific use for it (this advice does not scale for businesses, which often have legacy and custom applications that rely on Java). This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants.

If you have an affirmative use or need for Java, unplug it from the browser unless and until you’re at a site that requires it (or at least take advantage of click-to-play). The latest versions of Java let users disable Java content in web browsers through the Java Control Panel. Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java.

For Java power users — or for those who are having trouble upgrading or removing a stubborn older version — I recommend JavaRa, which can assist in repairing or removing Java when other methods fail (requires the Microsoft .NET Framework).

Sociological ImagesNew Documentary: The Illusionists

1

Writer and director Elena Rossini has released the first four minutes of The Illusionists.  I’m really excited to see the rest.  The documentary is a critique of a high standard of beauty but, unlike some that focus exclusively on the impacts of Western women, Rossini’s film looks as though it will do a great job of illustrating how Western capitalist impulses are increasingly bringing men, children, and the entire world into their destructive fold.

The first few minutes address globalization and Western white supremacy, specifically.  As one interviewee says, the message that many members of non-Western societies receive is that you “join Western culture… by taking a Western body.”  The body becomes a gendered, raced, national project — something that separates modern individuals from traditional ones — and corporations are all too ready to exploit these ideas.

Watch for yourself (subtitles available here):

<iframe allowfullscreen="" height="281" src="http://player.vimeo.com/video/90666405" width="500"></iframe>

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

RacialiciousSelf-Healing From American Racism

By Guest Contributor Marly Pierre-Louis

All images provided by the author.

I love a good adventure. So when my partner asked, “How would you feel about moving to Amsterdam?” I was game. Between the shock of making that decision and being completely overwhelmed with all we had to do, I daydreamed about what it would be like to be Black in the Netherlands. I knew about the historical love affair between Black America and Europe. Black folks, especially artists, had always sought refuge from the terrors of American racism in Europe. Stories of Josephine Baker, James Baldwin, and Richard Wright in France painted an eclectic and humane portrait of Black life in Europe. I was thrilled at the prospect of experiencing a truly post racial existence.

Stage I

At least I thought I was. Something happened as we crossed the Atlantic: I got cynical. Post racial. What a farce. From the moment we landed I became slightly obsessed with analyzing how I was being read as a Black woman – an utterly disorienting experience. I had never before been so aware of how much influence my race and gender had on the way I maneuvered through the world and how I interacted with people. Specifically, white people. Meeting my new compatriots, I searched their faces, tones of voice, and body language, hoping for hints. I wasn’t getting any of the cues that I had spent my life learning to navigate. The feeling of being somehow “race-less” was unbearable.

This realization was deeply troubling to me. It made me cognitive of what happens when we step out of the borders of the United States and are actually able to put down our racial armor but can’t. We can’t function without it. So much of my existence had been crafted as a defensive response to white racism. I identify as a radical Black, sometimes nationalist, feminist. Who was I without the white American male gaze?

Stage II

I devoured everything I could find on race in the Netherlands and how racism manifested. Prior to 1975, when Suriname, one of the Dutch colonies was liberated, the Netherlands was pretty homogeneously white. So integration is a fairly recent phenomenon. Most of the Black folks who are here are migrants from Suriname or the Dutch Antilles. The marginalized groups here are not Black but Turkish and Moroccan migrants. I was told that in Europe, it’s not about race, it’s about ethnicity. My Blackness didn’t mean much to Dutch people and I was mainly being read as 1) a non-Dutch person, and then, 2) an American. Maybe post racial was possible!
Not quite.

The Dutch might lack the stereotypes and tropes of Black womanhood that the U.S has so painstakingly crafted over decades: i.e. sapphire, welfare mom, jezebel, etc. but they have plenty of issues of their own. In November I experienced my first Zwarte Piet season. Zwarte Piet is the Dutch version of Santa’s elf and the main character of their annual holiday celebration – a white person in Black face, curly wig, red lipstick and gold hoop earrings – in short, a coon. Hundreds of them descended upon the city for a three week period. It was, in a word … horrific.

While Zwarte Piet is the most overt manifestation of racism I’ve witnessed, I’ve watched enough BBC to know that folks here are dealing with their fair share of BS. In 2011, the Netherlands was the target of Rihanna’s rage when a Dutch magazine, Jackie, called her an “ultimate niggabitch.”

And last month, in a scene that was compared in reports to a Nazi Germany gathering, Geert Wilders, a right wing Dutch politician and leader of the Party for Freedom, asked a crowd of supporters at an election rally, “Do you want, in this city and in The Netherlands, more or less Moroccans?” To which the crowd roared back, “Less! Less! Less!”

The current coalition cabinet led by Prime Minister Mark Rutte, leader of the People’s Party for Freedom and Democracy (ironic, isn’t it?), is explicitly anti-Islam and has put structural barriers in place to make it difficult for immigrants to remain. New immigration laws mandate that non-citizens pass language and cultural tests within two years or else face deportation.

And that’s just the stuff that makes the news. I’ve heard tales of racial profiling, media discrimination, and the silencing of academics and activists of color. During the driving test for her license, a friend of mine was asked her opinion of Zwarte Piet by the instructor. When she told him she thought it was racist, he vehemently defended the tradition and then promptly flunked her. Riding on public transit without a ticket is called “zwartrijden” — literally, “Black riding.” A friend explains that when Black folks get on the tram, they sometimes hear people joke, “Ook al koop je sen kaartje, je rijdt sowieso zwart.” Translation: whether or not you buy a ticket, you’re still “riding Black.”

This country is far from post racial.

Honestly though? Aside from some suspicious looks every now and then, I truly haven’t experienced much overt racism firsthand. What I’ve realized is that my status as an American expat has sheltered me. My partner and I are both here under “highly skilled migrant” visas. My privileged status has kept me from being confronted by structural racism and not knowing any Dutch has protected me from microaggressions. I exist in a bubble.

Self Care

My self care plan has been to construct an existence and identity outside of both the white American gaze and the Dutch one. It hasn’t been easy but it has been liberating. I’m no longer allowing my obsession with how I’m being read as a Black woman to dictate who I interact with and how I interact with them. I’ve fully embraced the expat experience and it’s been refreshing to feel like I can be MYSELF here. Myself meaning, Marly, the multi-dimensional individual, rather than Marly, the accumulation of white stereotypes + white fear + white liberal guilt x the entire Black race. I’ve made friends with Dutch, Romanians, and Italians. In my conversations with this multi-culti crew, I’ve never felt like a spectacle, I’ve never felt exoticized, undermined or underestimated.

My bubble is fragile.

A few months ago, I was at an event with some friends. Someone they knew came over and they introduced me to her. She was white and quite tall so I assumed she was Dutch. At one point, she referenced something American and when I asked her where she was from she said “Arkansas.” For a split second, the post racial(ish) safe space I had constructed for myself collapsed, I felt exposed. Not only was she a white American, but a white American from the South – like the Paula Dean South! I couldn’t help but feel like my humanity was once again, in danger. I’m hiding from American racism in European racism — it’s a tricky space to navigate.

And it’s an ongoing struggle. Every now and then I catch myself looking at someone sideways determined to anticipate how their racism will manifest. And whenever it does, I feel a perverse sense of triumph. The world is once again as it should be.

Marly Pierre-Louis is a writer and community cultivator currently biking through the rain in Amsterdam. She is interested in intersectional feminism and sexuality.

The post Self-Healing From American Racism appeared first on Racialicious - the intersection of race and pop culture.

RacialiciousWill ESPN Tell Doug Glanville’s Story?

By Arturo R. García

Doug Glanville during his playing days with the Philadelphia Phillies. Image via Section215.com

An ESPN analyst is involved in what could be one of the most interesting stories of the year — depending, in part, on whether the network decides to cover it.

Doug Glanville is among the many former pro baseball players who contributes to the network’s Major League Baseball coverage. But he’s also penned columns for The New York Times and Time, on top of writing his own biography. But it’s his work this week for The Atlantic that has garnered attention.

Instead of covering his life on the baseball field, though, his column this week discussed his experience with a more commonplace aspect of life in America: racial profiling. Outside his own home.

This past February, Glanville wrote, he was clearing snow from the driveway of his Hartford, Connecticut home — located roughly 20 minutes from ESPN’s headquarters in Bristol — when he was approached by a police officer from West Hartford:

I noted the strangeness of his being in Hartford — an entirely separate town with its own police force — so I thought he needed help. He approached me with purpose, and then, without any introduction or explanation he asked, “So, you trying to make a few extra bucks, shoveling people’s driveways around here?”

All of my homeowner confidence suddenly seemed like an illusion.

It would have been all too easy to play the “Do you know who I am?” game. My late father was an immigrant from Trinidad who enrolled at Howard University at age 31 and went on to become a psychiatrist. My mother was an important education reformer from the South. I graduated from an Ivy League school with an engineering degree, only to get selected in the first round of the Major League Baseball draft. I went on to play professionally for nearly 15 years, retiring into business then going on to write a book and a column for The New York Times. Today, I work at ESPN in another American dream job that lets me file my taxes under the description “baseball analyst.”

But I didn’t mention any of this to the officer. I tried to take his question at face value, explaining that the Old Tudor house behind me was my own. The more I talked, the more senseless it seemed that I was even answering the question. But I knew I wouldn’t be smiling anymore that day.

After a few minutes, he headed back to his vehicle. He offered no apology, just an empty encouragement to enjoy my shoveling. And then he was gone.

And it’s not like Glanville lives in a “rough” neighborhood, either; he states in the column that he lives near not only Hartford Mayor Pedro Segarra, but Gov. Dannel Malloy and one state senator. Hartford police soon confirmed that the West Hartford officer was outside his jurisdiction, something that was not mentioned in a statement released on Tuesday by the latter department.

Instead, West Hartford police said the officer was looking for a “Black male, in his 40′s, wearing a brown jacket and carrying a snow shovel,” who had allegedly broken the town’s ban on door-to-door soliciting by asking a homeowner if he could shovel snow from their driveway for a fee. That person was later located and given a verbal warning.

“While the officer’s actions in searching for the suspicious party were completely appropriate, we wish he had taken the extra time to introduce himself to Mr. Glanville and to explain the purpose of the question,” the West Hartford Police’s statement read. “We have discussed this with the officer and will work to remind all of our officers of the importance of good interpersonal skills and taking time, when practical, to explain their actions.”

Before sharing his story with ESPN or the Times, though, Glanville continued his conversation with West Hartford authorities:

In my case, the officer had not only spoken to me without respect but had crossed over into a city where West Hartford’s ordinance didn’t even apply.

But as we spoke, I found myself thinking of the people who have to deal with far more extreme versions of racial profiling on a regular basis and don’t have the ability to convene meetings at Town Hall. As an article in the April issue of The Atlantic points out, these practices have “side effects.” They may help police find illegal drugs and guns, but they also disenfranchise untold numbers of people, making them feel like suspects … all of the time.

In reaching out for understanding, I learned that there is a monumental wall separating these towns. It is built with the bricks of policy, barbed by racially charged anecdotes, and cemented by a fierce suburban protectionism that works to safeguard a certain way of life. The mayor of West Hartford assured me that he championed efforts to diversify his town, and the chief of police told me he is active in Connecticut’s statewide Racial and Ethnic Disparity Commission in the Criminal Justice System. (He also pointed me to a 2011 article he wrote for Police Chief Magazine, addressing many of the same issues I raised.) I hope their continued efforts can help traverse this class- and race-based barrier, which unfortunately grows even more impenetrable with experiences such as mine.

Glanville’s encounter points to intersections of not only sport and race, but class and profiling, and of law and stereotypes. But a quick check of ESPN’s online listings for him shows that the topic hasn’t been broached. If Glanville is up to it, here’s to hoping it spurs a more in-depth discussion on these issues on the network. Considering that the network covers athletes’ legal issues as thoroughly as it would the average ballgame — a positive, it should be said — Glanville already offers ESPN exactly the kind of person who can approach these issues with the kind of nuance they deserve. Even if, unfortunately, he can rely on his lived experience in doing so.

[Top image via Doug Glanville's official Facebook page]

The post Will ESPN Tell Doug Glanville’s Story? appeared first on Racialicious - the intersection of race and pop culture.

Worse Than FailureSecure Development

Steven's multi-billion dollar tech firm spared no expense in providing him two computers. One was stuffed in a broom closet down the hall; he used it for email, Internet access, and other administrative items. At his cubicle sat the computer on which he did all his programming, connected to the company's separated development environment (SDE).

The SDE was a company-wide network that existed in parallel to the normal network. No Internet connectivity, and login was only possible with an RSA SecurID dongle. The stated purpose was to provide a secure environment for software development. The other devs on Steven's team had their own SDE boxes for the same purpose.

Bank of the West Los Altos branch vault

One day, the Java install on Steven's SDE machine took a core dump and rolled around in it. Unfortunately, he couldn't troubleshoot the machine himself. Only SDE administrators could install or alter configurations on those boxes.

Steven logged a ticket. Within an hour, he was watching an SDE admin reinstall Java for him. Once the admin had unchecked all the predatory toolbar options and got the install going, he frowned at some files sitting in Steven's current working folder.

"Are these .exe files?" he asked.

Steven mirrored the frown with confusion. "Those are my team's development tools and deliverables."

"Is this approved software? Did we install these for you?"

"No. We wrote the code for those and built them."

"You can't install files on this machine!" the admin exclaimed.

"I didn't install them," Steven returned. "I compiled our first-party source code, developed entirely within the SDE, and created those .exe files. That's my job!"

"So you did install them!" the admin cried with gotcha flair.

Steven gaped. "That's not what the word 'install' means!"

Java had finished (actually) installing. The SDE admin left with a righteous gleam in his eye, which Steven shook off. Surely this wasn't going anywhere. If the admin tried to report anything, someone would fetch a dictionary, and everything would be fine.

Well, no. A few days later, Steven's entire team received an email stating they were in violation of Cyber Security policy for installing "malicious, unapproved" software on their SDE machines. The message ended with a sinister promise: Disciplinary actions are forthcoming.

Their immediate boss was powerless to defuse it. The case automatically escalated to Human Resources. The whole developer team was forced into numerous interviews with the sort of drones who couldn't hack Accounting or Finance in business school.

"All we did was develop software in the environment we were provided to develop our software in!" they explained for the umpteenth time.

Unblinking incomprehension. "Why did you install this software on your machines?"

"We didn't install anything! We compiled source code- the source code this company pays us to develop!"

"Well, is it malicious?"

"Of course it's not malicious! Some of this stuff is customer deliverables! We also have myriad scripts and some Java code. We've been doing this in the SDE per company policy for well over a year!"

"What's a Java?"

At the end of these interrogations, Steven's team was ordered to keep working, but immediately cease generating any "prohibited files." If they dared create one more project deliverables, they faced termination.

How are we supposed to meet our deadlines? Steven clicked Send on the email copied to numerous managers.

He and his team sat on their thumbs for a day. Finally, someone shed light on the real problem: the SDE team's definition of the word "install" was so ambiguous, it covered everything from putting down an SDK to setting an adorable kitten picture as one's desktop background.

The head of Cyber Security issued a development exception for Steven's team. They were allowed to develop software on the SDE, as long as all .exe's, .lib's, and other generated files were manually tracked within a shared drive Excel spreadsheet that locked up whenever someone forgot to close it. In the meantime, the SDE admins were to set up a special "development system" for Steven's team, where they'd officially be allowed to develop code. A high-level issue was raised against Cyber Security and the SDE admins to properly define the term "install" and adjust their policies accordingly.

Steven's team was assured they'd get their special dev system well before their development exception expired. Their skepticism toward this promise was entirely merited.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Planet DebianRichard Hartmann: secure password storage

Dear lazyweb,

for obvious reaons I am in the process of cycling out a lot of passwords.

For the last decade or so, I have been using openssl.vim to store less-frequently-used passwords and it's still working fine. Yet, it requires some manual work, not least of which manually adding random garbage at the start of the plain text (and in other places) every time I save my passwords. In the context of changing a lot of passwords at once, this has started to become tedious. Plus, I am not sure if a tool of the complexity and feature-set of Vim is the best choice for security-critical work on encrypted files.

Long story short, I am looking for alternatives. I did some research but couldn't come up with anything I truly liked; as there's bound to be tools which fit the requirements of like-minded people, I decided to ask around a bit.

My personal short-list of requirements is:

  • Strong crypto
  • CLI-based
  • Must add random padding at the front of the plain text and ideally in other places as well
  • Should ideally pad the stored file to a few kB so size-based attacks are foiled
  • Must not allow itself to be swapped out, etc
  • Must not be hosted, cloud-based, as-a-service, or otherwise compromised-by-default
  • Should offer a way to search in the decrypted plain text, nano- or vi-level of comfort are fine
  • Both key-value storage or just a large free-form text area would be fine with a slight preference for free-form text

Any and all feedback appreciated. Depending on the level of feedback, I may summarize my own findings and suggestions into a follow-up post.

Planet DebianAndrew Pollock: [life] Day 78: Alginate, dragon boats and relatives

I ordered some alginate the other day, and it arrived yesterday, but we were out, so I had to pick it up from the post office this morning.

Anshu and I picked it up before Zoe was dropped off. We had a couple of attempts at making some, but didn't quite get the ratios or the quantity right, and we were too slow, so we'll have to try again. The plan is to try and make a cast of Zoe's hand, since we were messing around with plaster of Paris recently. I've found a good Instructable to try and follow.

Nana and her dragon boating team were competing in the Australian Dragon Boat Championships over Easter, and her first race was today. It also ended up that today was the best day to try and go and watch, so when she called to say her first race would be around noon, I quickly decided we should jump in the car and head up to Kawana Waters.

We abandoned the alginate, and I slapped together a picnic lunch for Zoe and I, and we bid Anshu farewell and drove up.

Zoe's fever seemed to break yesterday afternoon after Sarah picked her up, and she slept well, but despite all that, she napped in the car on the way up, which was highly unusual, but helped pass the time. She woke up when we arrived. I managed to get a car park not too far from the finish line, and we managed to find Nana, whose team was about the enter the marshaling area.

Her boat was closest to the shore we were watching from, and her boat came second in their qualifying round for the 200 metre race, meaning they went straight through to the semi-finals.

The semi-finals were going to be much later, and I wanted to capitalise on the fact that we were going to have to drive right past my Mum and Dad's place on the way home to try and see my sister and her family, since we missed them on Monday.

We headed back after lunch and a little bit of splashing around in the lake, and ended up staying for dinner at Mum and Dad's. Zoe had a great time catching up with her cousin Emma, and fooling around with Grandpa and Uncle Michael.

She got to bed a little bit late by the time we got home, but I'm hopeful she'll sleep well tonight.

Planet DebianDavid Pashley: Bad Password Policies

After the whole Heartbleed fiasco, I’ve decided to continue my march towards improving my online security. I’d already begun the process of using LastPass to store my passwords and generate random passwords for each site, but I hadn’t completed the process, with some sites still using the same passwords, and some having less than ideal strength passwords, so I spent some time today improving my password position. Here’s some of the bad examples of password policy I’ve discovered today.

First up we have Live.com. A maximum of 16 characters from the Microsoft auth service. Seems to accept any character though.

Screenshot from 2014-04-15 21:36:57

 

This excellent example is from creditexpert.co.uk, one of the credit agencies here in the UK. They not only restrict to 20 characters, they restrict you to @, ., _ or |. So much for teaching people how to protect themselves online.

Screenshot from 2014-04-15 17:38:28

Here’s Tesco.com after attempting to change my password to ”QvHn#9#kDD%cdPAQ4&b&ACb4x%48#b”. If you can figure out how this violates their rules, I’d love to know. And before you ask, I tried without numbers and that still failed so it can’t be the “three and only three” thing. The only other idea might be that they meant “‘i.e.” rather than “e.g.”, but I didn’t test that.

Screenshot from 2014-04-15 16:20:17

Edit: Here is a response from Tesco on Twitter:

Screenshot from 2014-04-16 07:47:58

Here’s a poor choice from ft.com, refusing to accept non-alphanumeric characters. On the plus side they did allow the full 30 characters in the password.

Screenshot from 2014-04-15 15:22:08

 

The finest example of a poor security policy is a company who will remain nameless due to their utter lack of security. Not only did they not use HTTPS, they accepted a 30 character password and silently truncated it to 20 characters. The reason I know this is because when I logged out and tried to log in again and then used the “forgot my password” option, they emailed me the password in plain text.

I have also been setting up two-factor authentication where possible. Most sites use the Google Authenticator application on your mobile to give you a 6 digit code to type in in addition to your password. I highly recommend you set it up too. There’s a useful list of sites that implement 2FA and links to their documentation at http://twofactorauth.org/.

I realise that my choice LastPass requires me to trust them, but I think the advantages outweigh the disadvantages of having many sites using the same passwords and/or low strength passwords. I know various people cleverer than me have looked into their system and failed to find any obvious flaws.

Remember people, when you implement a password, allow the following things:

  • Any length of password. You don’t have to worry about length in your database, because when you hash the password, it will be a fixed length. You are hashing your passwords aren’t you?
  • Any character. The more possible characters that can be in your passwords, the harder it will be to brute force, as you are increasing the number of permutations a hacker needs to try.

If you are going to place restrictions, please make sure the documentation matches the implementation, provide a client-side implementation to match and provide quick feedback to the user, and make sure you explicitly say what is wrong with the password, rather than referring back to the incorrect documentation.

There are also many JS password strength meters available to show how secure the inputted passwords are. They are possibly a better way of providing feedback about security than having arbitrary policies that actually harm your security. As someone said to me on twitter, it’s not like “password is too strong” was ever a bad thing.

The post Bad Password Policies appeared first on David Pashley.com.

,

Planet DebianPetter Reinholdtsen: FreedomBox milestone - all packages now in Debian Sid

The Freedombox project is working on providing the software and hardware to make it easy for non-technical people to host their data and communication at home, and being able to communicate with their friends and family encrypted and away from prying eyes. It is still going strong, and today a major mile stone was reached.

Today, the last of the packages currently used by the project to created the system images were accepted into Debian Unstable. It was the freedombox-setup package, which is used to configure the images during build and on the first boot. Now all one need to get going is the build code from the freedom-maker git repository and packages from Debian. And once the freedombox-setup package enter testing, we can build everything directly from Debian. :)

Some key packages used by Freedombox are freedombox-setup, plinth, pagekite, tor, privoxy, owncloud and dnsmasq. There are plans to integrate more packages into the setup. User documentation is maintained on the Debian wiki. Please check out the manual and help us improve it.

To test for yourself and create boot images with the FreedomBox setup, run this on a Debian machine using a user with sudo rights to become root:

sudo apt-get install git vmdebootstrap mercurial python-docutils \
  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
  u-boot-tools
git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
  freedom-maker
make -C freedom-maker dreamplug-image raspberry-image virtualbox-image

Root access is needed to run debootstrap and mount loopback devices. See the README in the freedom-maker git repo for more details on the build. If you do not want all three images, trim the make line. Note that the virtualbox-image target is not really virtualbox specific. It create a x86 image usable in kvm, qemu, vmware and any other x86 virtual machine environment. You might need the version of vmdebootstrap in Jessie to get the build working, as it include fixes for a race condition with kpartx.

If you instead want to install using a Debian CD and the preseed method, boot a Debian Wheezy ISO and use this boot argument to load the preseed values:

url=http://www.reinholdtsen.name/freedombox/preseed-jessie.dat

I have not tested it myself the last few weeks, so I do not know if it still work.

If you wonder how to help, one task you could look at is using systemd as the boot system. It will become the default for Linux in Jessie, so we need to make sure it is usable on the Freedombox. I did a simple test a few weeks ago, and noticed dnsmasq failed to start during boot when using systemd. I suspect there are other problems too. :) To detect problems, there is a test suite included, which can be run from the plinth web interface.

Give it a go and let us know how it goes on the mailing list, and help us get the new release published. :) Please join us on IRC (#freedombox on irc.debian.org) and the mailing list if you want to help make this vision come true.

TEDWhat is the TED Prize (and how can you win next year’s)?

<iframe class="youtube-player" frameborder="0" height="315" src="http://www.youtube.com/embed/EYKWB3symA0?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="560"></iframe>

What do a British chef, a Newcastle University professor and an anti-corruption activist have in common? They’re all winners of the TED Prize – a cash award, currently for $1,000,000, given annually to a forward-thinking individual with a fresh, bold vision for sparking global change to make the world a better place.

The Prize begins with a big wish – one that will motivate people around the world to get involved. Imagine an inspiring, high-impact idea that needs the support of a global community of activists, big thinkers and social entrepreneurs. Each TED Prize winner is a rare and powerful combination: someone who knows how to capture imaginations as well as how to make a measurable impact. From Jamie Oliver’s Food Revolution (2010) to Sugata Mitra’s School in the Cloud (2013) to our most recent Prize winner Charmian Gooch and her campaign against anonymous corporations, the TED Prize has helped to tackle child obesity, advance education, improve global health and inspire art around the world.

Note: we may just have announced Charmian’s win, but we’re already looking for our 2015 winner. The deadline for this year’s applications is March 31, so nominate yourself — or someone else you think might fit the bill. Anyone can win the TED Prize, including TED Fellows, speakers and community members. Here’s a guide to filling out the nomination form – and here some tips for writing a killer application. Good luck!


LongNowExplore Urban Infrastructure at the MacroCity Conference, May 30-31

macrocity-01

We rarely see in full the cities that we live in. Focused on our daily lives, urban dwellers are often only dimly aware of the numerous, enmeshed layers of critical infrastructure that quietly hum in the background to make modern life possible.

Come and explore the amazing stories and surprising histories to be found lurking just below the surface of our cities at MacroCity, a two-day, whirlwind tour of this bigger picture of urban life. The event brings together a diverse set of panelists, speakers, and participants to explore the vast, often overlooked networks of infrastructure that surround us. The line-up includes rogue archivist and Lost Landscapes creator Rick Prelinger, as well as Laci Videmsky of the New California Water Atlas.

The schedule also includes a variety of field trips, offering an opportunity to explore first-hand some of the vast networks of infrastructure that sustain the Bay Area.

Organized by the Bay Area Infrastructure Observatory, the conference will take place on May 30-31 at SPUR and the Brava Theater in San Francisco. The Long Now Foundation is partnering with BAIO on the event, and Long Now members receive a 25% discount on tickets – please check your email for your discount code.

Field trips will take place on May 30th, with most of the speakers scheduled for May 31st. A basic pass to the talks can be reserved for $100; the deluxe pass for $150 includes access to a field trip, as well. Half-price tickets are available for members of the nonprofit community; please see the event registration page for more information.

Sociological ImagesHappy Birthday, Emile Durkheim!

Source: Deviant Art.

Have a scholar we should commemorate? Send us a cool pic and we will!

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Geek FeminismThat’s not a Linkspam. THIS is a Linkspam (15 April 2014)

  • So You’ve Got Yourself a Policy. Now What? | Stephanie Zvan at Freethough Blogs (April 10): “We know from situations in which they’ve failed that “zero-tolerance” policies, policies in which any act that is deemed to be unacceptable results in expulsion and exclusion, don’t work well. They fail in three main ways. People who are against harassment policies in general are quick to point out that they leave no room for honest mistakes. They are correct when talking about zero-tolerance policies, even if they make the same criticism about all policies.”
  • What’s Missing from Journalists’ Tactic of Snagging Stories from Twitter? Respect. | Tina Vasquez at bitchmedia (March 21): “Christine Fox does not consider herself a social justice advocate. On March 12, Fox’s timeline took a decidedly different turn. That night, to illustrate that there is no correlation between clothing and sexual assault, Fox asked her more than 12,000 followers to share what they were wearing when they were sexually assaulted. It was the first time Fox facilitated a conversation on this scale and it was also the first time she publicly shared her story as an assault survivor. She walked away from her computer that night feeling positive about what took place—and many tweeted to thank her, saying that through the tears, the discussion felt healing. But the next morning, Fox felt her hands go shaky. She felt nauseous and sweaty. She’d later learn from followers on Twitter that after reading through hundreds of tweets about assault, she had likely “triggered” herself, a term she was relatively unfamiliar with. Still, she knew something powerful had happened and she was proud to have sparked it. And then BuzzFeed came along and fucked everything up.”
  • My Cane is Not A Costume – Convention Exclusions and Ways to Think About Oppression at Cons | Derek Newman-Stille at Speculating Canada (April 7): “On a regular basis at speculative and other fan conventions, I get knocked around, shoved, pushed out of the way. People assume that because I am using a cane, I am taking up more than my fair space, after all, I have THREE whole legs on the ground (two legs and a cane). I hope this is because they assume that my cane is the equivalent to their lightsaber, a performative piece, a part of a costume… That is my hope. However, I have seen issues of systemic ableism at cons.”
  • Why are People Perennially Surprised By Internet Misogyny? | s.e. smith at meloukhia.net (April 14): “I have a confession: I was tempted to cut and paste this piece, since I’m pretty sure I’ve written it before. I realized that my desire to cut and paste was kind of an indicator of how endlessly circular this topic is, though. [...] I really don’t know how many times people need to say this before the message will sink through: the internet is a dangerous place for women. It’s especially dangerous for women living at the intersections of multiple marginalisations.”
  • Collecting Inspiration with Supersisters | Liz Zanis at The Metropolitan Museum of Art (April 3): “Published in 1979, the Supersisters trading cards were a playful, informative, and accessible way to spread feminism to younger audiences. The series was inspired by Lois Rich’s daughter, an eight-year-old baseball-card collector, who asked why there weren’t any pictures of girls on the cards. With a grant from the New York State Education Department, Lois Rich and her sister, Barbara Egerman, contacted five hundred women of achievement and created cards of the first seventy-two to respond.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on PinboardDelicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Krebs on SecurityHardware Giant LaCie Acknowledges Year-Long Credit Card Breach

Computer hard drive maker LaCie has acknowledged that a hacker break-in at its online store exposed credit card numbers and contact information on customers for the better part of the past year. The disclosure comes almost a month after the breach was first disclosed by KrebsOnSecurity.

On Mar. 17, 2014, this blog published evidence showing that the Web storefront for French hardware giant LaCie (now owned by Seagate) had been compromised by a group of hackers that broke into dozens of online stores using security vulnerabilities in Adobe’s ColdFusion software. In response, Seagate said it had engaged third-party security firms and that its investigation was ongoing, but that it had found no indication that any customer data was compromised.

The Lacie.com Web site as listed in the control panel of a botnet of hacked ecommerce sites.

The Lacie.com Web site as listed in the control panel of a botnet of hacked ecommerce sites.

In a statement sent to this reporter on Monday, however, Seagate allowed that its investigation had indeed uncovered a serious breach. Seagate spokesman Clive J. Over said the breach may have exposed credit card transactions and customer information for nearly a year beginning March 27, 2013. From his email:

“To follow up on my last e-mail to you, I can confirm that we did find indications that an unauthorized person used the malware you referenced to gain access to information from customer transactions made through LaCie’s website.”

“The information that may have been accessed by the unauthorized person includes name, address, email address, payment card number and card expiration date for transactions made between March 27, 2013 and March 10, 2014. We engaged a leading forensic investigation firm, who conducted a thorough investigation into this matter. As a precaution, we have temporarily disabled the e-commerce portion of the LaCie website while we transition to a provider that specializes in secure payment processing services. We will resume accepting online orders once we have completed the transition.”

Security and data privacy are extremely important to LaCie, and we deeply regret that this happened. We are in the process of implementing additional security measures which will help to further secure our website. Additionally, we sent notifications to the individuals who may have been affected in order to inform them of what has transpired and that we are working closely and cooperatively with the credit card companies and federal authorities in their ongoing investigation.

It is unclear how many customer records and credit cards may have been accessed during the time that the site was compromised; Over said in his email that the company did not have any additional information to share at this time.

As I noted in a related story last month, Adobe ColdFusion vulnerabilities have given rise to a number of high profile attacks in the past. The same attackers who hit LaCie also were responsible for a breach at jam and jelly maker Smuckers, as well as Alpharetta, Ga. based credit card processor SecurePay.

In February, a hacker in the U.K. was charged with accessing computers at the Federal Reserve Bank of New York in October 2012 and stealing names, phone numbers and email addresses using ColdFusion flaws. According to this Business Week story, Lauri Love was arrested in connection with a sealed case which claims that between October 2012 and August 2013, Love hacked into computers belonging to the U.S. Department of Health and Human Services, the U.S. Sentencing Commission, Regional Computer Forensics Laboratory and the U.S. Department of Energy.

According to multiple sources with knowledge of the attackers and their infrastructure, this is the very same gang responsible for an impressive spree of high-profile break-ins last year, including:

-An intrusion at Adobe in which the attackers stole credit card data, tens of millions of customer records, and source code for most of Adobe’s top selling software (ColdFusion,Adobe Reader/Acrobat/Photoshop);

-A break-in targeting data brokers LexisNexis, Dun & Bradstreet, and Kroll.

-A hack against the National White Collar Crime Center, a congressionally-funded non-profit organization that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime.

RacialiciousOpen Thread: Scandal 3.17, “Flesh and Blood”

By Arturo R. García

We now pause to honor Eli’s (Joe Morton) BOSS entrance.

Finally, the chickens came home to roost on Scandal‘s penultimate episode of the season.

Unfortunately, they came for the writers.

While it’s natural for this episode to serve as the introduction for multiple points of tension heading into the finale, the whole turned out more overcooked than the sum of its parts. And for this show, that’s saying something. Let’s take each of them one-by-one.

1. It’s six days before the election!: As we’ve talked about in the past, the lack of attention to any notion of a campaign (past dramatic speeches every now and then) during this stretch of the season made hearing this the biggest surprise of the episode. (So much so that the writers apparently felt the need to have everybody remind us over and over). Nobody’s asking this show to turn into a documentary, but the campaign process literally takes years. So setting this episode so close to the election felt like an albatross trying to fly its way to plausibility, not knowing the eight-episode structure for this arc clipped its wings from the outset.

2. Sally and Leo have an evil plan!: The lack of an actual campaign also undercuts Sally’s sudden attempt at an underhanded Hail Mary. Viewers barely saw her get over killing her husband, and now she’s trying to land the killing blow on Fitz’s campaign? Her candidacy barely has a reason to exist at this point. Also, it would’ve been nice to see how Leo set up his deal with the Evil High-Schooler; nobody on this show is exactly a good person, but one hates to think he’s like a political Woodeston when he’s off the clock.

“Bring my baby home.” Yes, ma’am.

3. Maya has an evil plan!: This was actually the highlight of the episode. The feint — tricking everyone into thinking she and Adnan wanted to blow Fitz up at his campaign stop — was well-constructed, the revelation that it was her who killed Senator MacGuffin felt earned, and Khandi Alexander more than delivered in her spotlight moments. Not only that, but the shot of Maya sneaking into the OliviaCave while Huck and Quinn were en flagrante crassus — some super-spies they are — was a rare moment in this episode where the show’s style outshone its attempt to pile on narrative substance.

Fitz (Tony Goldwyn) and Olivia (Kerry Washington), in the spotlight again.

4. Olivia and Fitz and Jake and Olivia!: At one point, Jake served as a serviceable counterpoint to Fitz. But since becoming Command, he’s devolved into the other side of the melodramatic coin. It’s not even clear anymore whether he has a real reason to want to be Olivia besides, she’s there and she was there and she won’t ditch both of them altogether. And now, instead of one lovelorn argument per week, we get two. That’s screen time that, to put it mildly, might have done more service to other characters.

5. Harrison’s trapped! Rowan is dying!: If I had to guess, I’d say both will pull through — after all, if Rowan were going to die, he would have done so at the end of this episode. But we’ll see how that all plays out.

Meanwhile, Racializens, what’s your predictions for next week?

The post Open Thread: Scandal 3.17, “Flesh and Blood” appeared first on Racialicious - the intersection of race and pop culture.

Planet Linux AustraliaChris Samuel: Lunar Eclipse 15th April 2014

Tonight Melbourne got to experience the tail end of a lunar eclipse as the moon rose in eclipse at 17:48. We took a friend on a trip up to the (apparently now closed) Olinda Golf Course to view the moon rise. It was nice and clear and after roaming around a bit to find a place where we should have been able to see the eclipsed moon we found a suitable spot but couldn’t see the moon itself. Mars was visible in the right area but of course the salient point of a lunar eclipse is that the moon is in the earths shadow and so wasn’t findable until it started to exit at third contact. Got a few photos, of which this was the best.

Lunar Eclipse 15th April 2014 taken from Olinda Golf Course

We had to head back down the hill as Donna had an appointment at 7pm but later on our friend called up and said excitedly “Have you seen the moon? Go and look!”. I went out to see but the hills were still in the way then, so later on I headed out with the camera once the moon was visible and got some more photos as the moon headed towards fourth contact (when it exits the shadow of the Earth).

Lunar Eclipse 15th April 2014 taken from Upper Ferntree Gully
Lunar Eclipse framed in gum leaves, 15th April 2014 taken from Upper Ferntree Gully
Lunar Eclipse through trees, poles and wires - 15th April 2014 taken from Upper Ferntree Gully
Lunar Eclipse shortly before fourth contact, 15th April 2014 taken from Upper Ferntree Gully

This item originally posted here:

Lunar Eclipse 15th April 2014

RacialiciousQuoted: The Worst Justification Ever For Not Casting People Of Color

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="345" src="http://www.youtube.com/embed/_OSaJE2rqxU" width="615"></iframe>

From the beginning, we were concerned about casting, the issue of race. What we realized is that this story is functioning at the level of myth, and as a mythical story, the race of the individuals doesn’t matter. They’re supposed to be stand-ins for all people. Either you end up with a Bennetton ad or the crew of the Starship Enterprise. You either try to put everything in there, which just calls attention to it, or you just say, ‘Let’s make that not a factor, because we’re trying to deal with everyman.’ Looking at this story through that kind of lens is the same as saying, ‘Would the ark float and is it big enough to get all the species in there?’ That’s irrelevant to the questions because the questions are operating on a different plane than that; they’re operating on the mythical plane.

– Ari Handel, screenwriter for “Noah,” as told to The High Calling

The post Quoted: The Worst Justification Ever For Not Casting People Of Color appeared first on Racialicious - the intersection of race and pop culture.

CryptogramAuditing TrueCrypt

Recently, Matthew Green has been leading an independent project to audit TrueCrypt. Phase I, a source code audit by iSEC Partners, is complete. Next up is Phase II, formal cryptanalysis.

Quick summary: I'm still using it.

Planet DebianBálint Réczey: Proposing amd64-hardened architecture for Debian

Facing last week’s Heartbleed bug the need for improving the security of our systems became more apparent than usually. In Debian there are widely used methods for Hardening packages at build time and guidelines for improving the default installations’ security.

Employing such methods usually come at an expense, for example slower code execution of binaries due to additional checks or additional configuration steps when setting up a system. Balancing between usability and security Debian chose an approach which would satisfy the most users by using C/C++ features which only slightly decrease execution speed of built binaries and by using reasonable defaults in package installations.

All the architectures supported by  Debian aims using the same methods for enhancing security but it does not have to stay the same way. Amd64 is the most widely used architecture of Debian according to popcon and amd64 hardware comes with powerful CPU-s. I think there would be a significant amount of people (being one of them :-)) who would happily use a version of Debian with more security features enabled by default sacrificing some CPU power and installing and setting up additional packages.

My proposal for serving those security-focused users is introducing a new architecture targeting amd64 hardware, but with more security related C/C++ features turned on for every package (currently hardening has to be enabled by the maintainers in some way) through compiler flags as a start.

Introducing the new architecture would also let package maintainers enabling additional dependencies and build rules selectively for the new architecture improving the security further. On the users’ side the advantage of having a separate security enhanced architecture instead of a Debian derivative is the potential of installing a set of security enhanced packages using multiarch. You could have a fast amd64 installation as a base and run Apache or any other sensitive server from the amd64-hardened packages!

I have sent the proposal for discussion to debian-dev, too. Please join the discussion there or leave a comment here.

Update: Many of you wondered if amd64-hardened could have prevented the exploitation of the Heartbleed vulnerability. I have posted a proof of concept to show that using -fsanitize=address and disabling custom freelist would have protected systems against stealing data using the exploits.

Disabling the custom freelist-like solutions and enabling-fsanitize=address would be part of amd64-hardened to make memory protection techniques work effectively thus I think if we had this architecture ready at the beginning of April, it would have been immune to Heartbleed.

Worse Than FailureCodeSOD: I Had My Reasons

Trevor spent a huge amount of time writing a 2,000,000+ PHP/JavaScript/HTML system for an e-commerce company. Like a few other I'm-Special geniuses in our field, he believed that he could do it better than everyone else. For this reason, he came up with his own way of doing things. Database queries. Date-time logic. You name it.

Some time back, Kenzal was brought on as a senior developer to work on the e-commerce system. As he spelunked his way through the system, Kenzal would find some piece of puzzling code and ask Trevor what he was going for, or why he did it that way. Trevor would invariably respond: I had my reasons.

Kenzal encounterd this particular snippet in the "critical logic" in the batch creation process, around 7,500 lines into in the 10K+ LOC invoice manger file, somewhere after running the query and checking for results:

<?php
  $m = $SYSTEM->getValue('FULFILLMENT_CART_CONFIG');
  if ($m == '') $m = 'LLLLSSSSSSSSLLLLLLLL'; 
  $m  = strtoupper($m); 
  $t  = $this->db->getDataset(); 
  $n  = sizeof($t); 
  $sp = 0; 
  $lp = $n - 1; 
  $info = array(); 
  for ($i=0; $i<$n; $i++) {
      $info[$i] = array();
      if (substr($m,$i,1) == 'L') {
         foreach ($t[$lp] as $k => $v) $info[$i][$k] = $v;
         --$lp;
      }
      else {
         foreach ($t[$sp] as $k => $v) $info[$i][$k] = $v;
         ++$sp;
      }
  }
  return (array(0,$info));
?>

Rather than just simply returning the result set, Trevor decided that the results needed to be reordered according to the value of some random string, manually popping and de-queuing the values in the array. When queried as to why he would write something like that, Trevor replied with his usual: I had my reasons.

Both Trevor and his code have since been replaced. When Trevor was asked to leave, he was told (among other things) that they had their reasons. All of the above code has since been replaced with:

<?php
`return (array(0,$this->db->getDataset()));`
?>
[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Cory DoctorowHomeland Audiobook

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="30" mozallowfullscreen="true" src="https://archive.org/embed/HomelandChapter01" webkitallowfullscreen="true" width="500"></iframe>


Wil Wheaton reads this independently produced audio edition of Homeland, which also includes Jacob Appelbaum's reading of his own afterword, and Noah Swartz reading his brother Aaron Swartz's afterword.

Kelvin ThomsonWe Should Examine Free Trade Agreements

We have seen a lot of knee jerk triumphalism about the signing of free trade agreements recently with Korea and Japan. But what does it really mean for Australia, especially Australian workers? In the case of the Korea-Australia Free Trade Agreement (KAFTA), possibly more local unemployment.<o:p></o:p>

On the one hand Australia has agreed not to apply Labour Market Testing under the Korea FTA. But Korea has reserved the right to request employers for evidence that they have conducted labor market testing. In particular, the provision states: ‘Labour market testing may be required as a condition for temporary entry of, or numerical restriction may be imposed relating to, temporary entry for professionals’.<o:p></o:p>

Free trade has turned into a euphemism for accommodating the agendas of transnational corporations, in this case of the Korea FTA, an increased use of 457 Temporary Migrant Workers. <o:p></o:p>

Already, Gina Rinehart’s Roy Hill is using up to 200 white-collar 457visa workers, half of which are Korean nationals, and many of whom are women, clocking up 84 hours a week. Many are not working in the occupations approved for their visas – a breach of the sponsoring employer’s obligations, and this despite Roy Hill claiming it was so inundated with job applications from locals that it did not need to use 457 visas. The ‘free movement of labour’ on the free trade agenda of corporations is nothing more than a vehicle to race to the bottom on local wages and conditions. <o:p></o:p>

The secrecy under which these agreements are being negotiated and then signed undermines democracy and comes at the expense of local health, labour and environmental laws. <o:p></o:p>

At a time when over 713,000 Australians are unemployed and we have a crisis in youth unemployment the Liberal Government should be looking for and supporting local solutions, not exacerbating this problem by opening the door to even larger migrant worker programs. <o:p></o:p>

Kelvin ThomsonLeave the CSIRO Alone

It is bad enough that the Liberal Government does not have a Science Minister and has treated the research of climate scientists with disdain and contempt, apparently preferring the climate science of a nineteenth century poet. But funding cuts for the CSIRO would be immensely damaging for Australia’s future. We need a focus on innovation and applied science that the CSIRO is world renowned for. It is one of Australia’s genuine competitive advantages, and it needs to be protected and encouraged, not reduced and diminished.<o:p></o:p>

And it is about time we stopped cutting funding for Government agencies through the use of the euphemism of “efficiency dividends”, when agencies are already required to become more efficient each year in order to meet the needs of a population which is now growing by 1.8%, and grew by over 400,000 people last year. Any agency which services a population growing at such a rate, with a budget which is only increased by the CPI to take inflation into account, is by definition becoming more efficient and should not be penalised with additional cuts.<o:p></o:p>

The Prime Minister says the government should be judged by its performance in the area of science, rather than whether it has a Science Minister. Its treatment of the CSIRO Budget will indeed enable its performance to be judged.<o:p></o:p>

Planet DebianAndrew Pollock: [life] Day 77: Port of Brisbane tour

Sarah dropped Zoe around this morning at about 8:30am. She was still a bit feverish, but otherwise in good spirits, so I decided to stick with my plan for today, which was a tour of the Port of Brisbane.

Originally the plan had been to do it with Megan and her Dad, Jason, but Jason had some stuff to work on on his house, so I offered to take Megan with us to allow him more time to work on the house uninterrupted.

I was casting around for something to do to pass the time until Jason dropped Megan off at 10:30am, and I thought we could do some foot painting. We searched high and low for something I could use as a foot washing bucket, other than the mop bucket, which I didn't want to use because of potential chemical residue. I gave up because I couldn't anything suitable, and we watched a bit of TV instead.

Jason dropped Megan around, and we immediately jumped in the car and headed out to the Port. I missed the on ramp for the M4 from Lytton Road, and so we took the slightly longer Lytton Road route, which was fine, because we had plenty of time to kill.

The plan was to get there for about 11:30am, have lunch in the observation cafe on the top floor of the visitor's centre building, and then get on the tour bus at 12:30pm. We ended up arriving much earlier than 11:30am, so we looked around the foyer of the visitor's centre for a bit.

It was quite a nice building. The foyer area had some displays, but the most interesting thing (for the girls) was an interactive webcam of the shore bird roost across the street. There was a tablet where you could control the camera and zoom in and out on the birds roosting on a man-made island. That passed the time nicely. One of the staff also gave the girls Easter eggs as we arrived.

We went up to the cafe for lunch next. The view was quite good from the 7th floor. On one side you could look out over the bay, notably Saint Helena Island, and on the other side you got quite a good view of the port operations and the container park.

Lunch didn't take all that long, and the girls were getting a bit rowdy, running around the cafe, so we headed back downstairs to kill some more time looking at the shore birds with the webcam, and then we boarded the bus.

It was just the three of us and three other adults, which was good. The girls were pretty fidgety, and I don't think they got that much out of it. The tour didn't really go anywhere that you couldn't go yourself in your own car, but you did get running commentary from the driver, which made all the difference. The girls spent the first 5 minutes trying to figure out where his voice was coming from (he was wired up with a microphone).

The thing I found most interesting about the port operations was the amount of automation. There were three container terminals, and the two operated by DP World and Hutchinson Ports employed fully automated overhead cranes for moving containers around. Completely unmanned, they'd go pick a container from the stack and place it on a waiting truck below.

What I found even more fascinating was the Patrick terminal, which used fully automated straddle carriers, which would, completely autonomously move about the container park, pick up a container, and then move over to a waiting truck in the loading area and place it on the truck. There were 27 of these things moving around the container park at a fairly decent clip.

Of course the girls didn't really appreciate any of this, and half way through the tour Megan was busting to go to the toilet, despite going before we started the tour. I was worried about her having an accident before we got back, she didn't, so it was all good.

I'd say in terms of a successful excursion, I'd score it about a 4 out of 10, because the girls didn't really enjoy the bus tour all that much. I was hoping we'd see more ships, but there weren't many (if any) in port today. They did enjoy the overall outing. Megan spontaneously thanked me as we were leaving, which was sweet.

We picked up the blank cake I'd ordered from Woolworths on the way through on the way home, and then dropped Megan off. Zoe wanted to play, so we hung around for a little while before returning home.

Zoe watched a bit more TV while we waited for Sarah to pick her up. Her fever picked up a bit more in the afternoon, but she was still very perky.

Planet DebianDirk Eddelbuettel: BH release 1.54.0-2

Yesterday's release of RcppBDT 0.2.3 lead to an odd build error. If one used at the same time a 32-bit OS, a compiler as recent as g++ 4.7 and the Boost 1.54.0 headers (directly or via the BH package) then the file lexical_cast.hpp barked and failed to compile for lack of an 128-bit integer (which is not a surprise on a 32-bit OS).

After looking at this for a bit, and looking at some related bug report, I came up with a simple fix (which I mentioned in an update to the RcppBDT 0.2.3 release post). Sleeping over it, and comparing to the Boost 1.55 file, showed that the hunch was right, and I have since made a new release 1.54.0-2 of the BH package which contains the fix.

Changes in version 1.54.0-2 (2014-04-14)

  • Bug fix to lexical_cast.hpp which now uses the test for INT128 which the rest of Boost uses, consistent with Boost 1.55 too.

Courtesy of CRANberries, there is also a diffstat report for the most recent release.

Comments and suggestions are welcome via the mailing list or issue tracker at the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet DebianColin Watson: Porting GHC: A Tale of Two Architectures

We had some requests to get GHC (the Glasgow Haskell Compiler) up and running on two new Ubuntu architectures: arm64, added in 13.10, and ppc64el, added in 14.04. This has been something of a saga, and has involved rather more late-night hacking than is probably good for me.

Book the First: Recalled to a life of strange build systems

You might not know it from the sheer bulk of uploads I do sometimes, but I actually don't speak a word of Haskell and it's not very high up my list of things to learn. But I am a pretty experienced build engineer, and I enjoy porting things to new architectures: I'm firmly of the belief that breadth of architecture support is a good way to shake out certain categories of issues in code, that it's worth doing aggressively across an entire distribution, and that, even if you don't think you need something now, new requirements have a habit of coming along when you least expect them and you might as well be prepared in advance. Furthermore, it annoys me when we have excessive noise in our build failure and proposed-migration output and I often put bits and pieces of spare time into gardening miscellaneous problems there, and at one point there was a lot of Haskell stuff on the list and it got a bit annoying to have to keep sending patches rather than just fixing things myself, and ... well, I ended up as probably the only non-Haskell-programmer on the Debian Haskell team and found myself fixing problems there in my free time. Life is a bit weird sometimes.

Bootstrapping packages on a new architecture is a bit of a black art that only a fairly small number of relatively bitter and twisted people know very much about. Doing it in Ubuntu is specifically painful because we've always forbidden direct binary uploads: all binaries have to come from a build daemon. Compilers in particular often tend to be written in the language they compile, and it's not uncommon for them to build-depend on themselves: that is, you need a previous version of the compiler to build the compiler, stretching back to the dawn of time where somebody put things together with a big magnet or something. So how do you get started on a new architecture? Well, what we do in this case is we construct a binary somehow (usually involving cross-compilation) and insert it as a build-dependency for a proper build in Launchpad. The ability to do this is restricted to a small group of Canonical employees, partly because it's very easy to make mistakes and partly because things like the classic "Reflections on Trusting Trust" are in the backs of our minds somewhere. We have an iron rule for our own sanity that the injected build-dependencies must themselves have been built from the unmodified source package in Ubuntu, although there can be source modifications further back in the chain. Fortunately, we don't need to do this very often, but it does mean that as somebody who can do it I feel an obligation to try and unblock other people where I can.

As far as constructing those build-dependencies goes, sometimes we look for binaries built by other distributions (particularly Debian), and that's pretty straightforward. In this case, though, these two architectures are pretty new and the Debian ports are only just getting going, and as far as I can tell none of the other distributions with active arm64 or ppc64el ports (or trivial name variants) has got as far as porting GHC yet. Well, OK. This was somewhere around the Christmas holidays and I had some time. Muggins here cracks his knuckles and decides to have a go at bootstrapping it from scratch. It can't be that hard, right? Not to mention that it was a blocker for over 600 entries on that build failure list I mentioned, which is definitely enough to make me sit up and take notice; we'd even had the odd customer request for it.

Several attempts later and I was starting to doubt my sanity, not least for trying in the first place. We ship GHC 7.6, and upgrading to 7.8 is not a project I'd like to tackle until the much more experienced Haskell folks in Debian have switched to it in unstable. The porting documentation for 7.6 has bitrotted more or less beyond usability, and the corresponding documentation for 7.8 really isn't backportable to 7.6. I tried building 7.8 for ppc64el anyway, picking that on the basis that we had quicker hardware for it and didn't seem likely to be particularly more arduous than arm64 (ho ho), and I even got to the point of having a cross-built stage2 compiler (stage1, in the cross-building case, is a GHC binary that runs on your starting architecture and generates code for your target architecture) that I could copy over to a ppc64el box and try to use as the base for a fully-native build, but it segfaulted incomprehensibly just after spawning any child process. Compilers tend to do rather a lot, especially when they're built to use GCC to generate object code, so this was a pretty serious problem, and it resisted analysis. I poked at it for a while but didn't get anywhere, and I had other things to do so declared it a write-off and gave up.

Book the Second: The golden thread of progress

In March, another mailing list conversation prodded me into finding a blog entry by Karel Gardas on building GHC for arm64. This was enough to be worth another look, and indeed it turned out that (with some help from Karel in private mail) I was able to cross-build a compiler that actually worked and could be used to run a fully-native build that also worked. Of course this was 7.8, since as I mentioned cross-building 7.6 is unrealistically difficult unless you're considerably more of an expert on GHC's labyrinthine build system than I am. OK, no problem, right? Getting a GHC at all is the hard bit, and 7.8 must be at least as capable as 7.6, so it should be able to build 7.6 easily enough ...

Not so much. What I'd missed here was that compiler engineers generally only care very much about building the compiler with older versions of itself, and if the language in question has any kind of deprecation cycle then the compiler itself is likely to be behind on various things compared to more typical code since it has to be buildable with older versions. This means that the removal of some deprecated interfaces from 7.8 posed a problem, as did some changes in certain primops that had gained an associated compatibility layer in 7.8 but nobody had gone back to put the corresponding compatibility layer into 7.6. GHC supports running Haskell code through the C preprocessor, and there's a __GLASGOW_HASKELL__ definition with the compiler's version number, so this was just a slog tracking down changes in git and adding #ifdef-guarded code that coped with the newer compiler (remembering that stage1 will be built with 7.8 and stage2 with stage1, i.e. 7.6, from the same source tree). More inscrutably, GHC has its own packaging system called Cabal which is also used by the compiler build process to determine which subpackages to build and how to link them against each other, and some crucial subpackages weren't being built: it looked like it was stuck on picking versions from "stage0" (i.e. the initial compiler used as an input to the whole process) when it should have been building its own. Eventually I figured out that this was because GHC's use of its packaging system hadn't anticipated this case, and was selecting the higher version of the ghc package itself from stage0 rather than the version it was about to build for itself, and thus never actually tried to build most of the compiler. Editing ghc_stage1_DEPS in ghc/stage1/package-data.mk after its initial generation sorted this out. One late night building round and round in circles for a while until I had something stable, and a Debian source upload to add basic support for the architecture name (and other changes which were a bit over the top in retrospect: I didn't need to touch the embedded copy of libffi, as we build with the system one), and I was able to feed this all into Launchpad and watch the builders munch away very satisfyingly at the Haskell library stack for a while.

This was all interesting, and finally all that work was actually paying off in terms of getting to watch a slew of several hundred build failures vanish from arm64 (the final count was something like 640, I think). The fly in the ointment was that ppc64el was still blocked, as the problem there wasn't building 7.6, it was getting a working 7.8. But now I really did have other much more urgent things to do, so I figured I just wouldn't get to this by release time and stuck it on the figurative shelf.

Book the Third: The track of a bug

Then, last Friday, I cleared out my urgent pile and thought I'd have another quick look. (I get a bit obsessive about things like this that smell of "interesting intellectual puzzle".) slyfox on the #ghc IRC channel gave me some general debugging advice and, particularly usefully, a reduced example program that I could use to debug just the process-spawning problem without having to wade through noise from running the rest of the compiler. I reproduced the same problem there, and then found that the program crashed earlier (in stg_ap_0_fast, part of the run-time system) if I compiled it with +RTS -Da -RTS. I nailed it down to a small enough region of assembly that I could see all of the assembly, the source code, and an intermediate representation or two from the compiler, and then started meditating on what makes ppc64el special.

You see, the vast majority of porting bugs come down to what I might call gross properties of the architecture. You have things like whether it's 32-bit or 64-bit, big-endian or little-endian, whether char is signed or unsigned, that sort of thing. There's a big table on the Debian wiki that handily summarises most of the important ones. Sometimes you have to deal with distribution-specific things like whether GL or GLES is used; often, especially for new variants of existing architectures, you have to cope with foolish configure scripts that think they can guess certain things from the architecture name and get it wrong (assuming that powerpc* means big-endian, for instance). We often have to update config.guess and config.sub, and on ppc64el we have the additional hassle of updating libtool macros too. But I've done a lot of this stuff and I'd accounted for everything I could think of. ppc64el is actually a lot like amd64 in terms of many of these porting-relevant properties, and not even that far off arm64 which I'd just successfully ported GHC to, so I couldn't be dealing with anything particularly obvious. There was some hand-written assembly which certainly could have been problematic, but I'd carefully checked that this wasn't being used by the "unregisterised" (no specialised machine dependencies, so relatively easy to port but not well-optimised) build I was using. A problem around spawning processes suggested a problem with SIGCHLD handling, but I ruled that out by slowing down the first child process that it spawned and using strace to confirm that SIGSEGV was the first signal received. What on earth was the problem?

From some painstaking gdb work, one thing I eventually noticed was that stg_ap_0_fast's local stack appeared to be being corrupted by a function call, specifically a call to the colourfully-named debugBelch. Now, when IBM's toolchain engineers were putting together ppc64el based on ppc64, they took the opportunity to fix a number of problems with their ABI: there's an OpenJDK bug with a handy list of references. One of the things I noticed there was that there were some stack allocation optimisations in the new ABI, which affected functions that don't call any vararg functions and don't call any functions that take enough parameters that some of them have to be passed on the stack rather than in registers. debugBelch takes varargs: hmm. Now, the calling code isn't quite in C as such, but in a related dialect called "Cmm", a variant of C-- (yes, minus), that GHC uses to help bridge the gap between the functional world and its code generation, and which is compiled down to C by GHC. When importing C functions into Cmm, GHC generates prototypes for them, but it doesn't do enough parsing to work out the true prototype; instead, they all just get something like extern StgFunPtr f(void);. In most architectures you can get away with this, because the arguments get passed in the usual calling convention anyway and it all works out, but on ppc64el this means that the caller doesn't generate enough stack space and then the callee tries to save its varargs onto the stack in an area that in fact belongs to the caller, and suddenly everything goes south. Things were starting to make sense.

Now, debugBelch is only used in optional debugging code; but runInteractiveProcess (the function associated with the initial round of failures) takes no fewer than twelve arguments, plenty to force some of them onto the stack. I poked around the GCC patch for this ABI change a bit and determined that it only optimised away the stack allocation if it had a full prototype for all the callees, so I guessed that changing those prototypes to extern StgFunPtr f(); might work: it's still technically wrong, not least because omitting the parameter list is an obsolescent feature in C11, but it's at least just omitting information about the parameter list rather than actively lying about it. I tweaked that and ran the cross-build from scratch again. Lo and behold, suddenly I had a working compiler, and I could go through the same build-7.6-using-7.8 procedure as with arm64, much more quickly this time now that I knew what I was doing. One upstream bug, one Debian upload, and several bootstrapping builds later, and GHC was up and running on another architecture in Launchpad. Success!

Epilogue

There's still more to do. I gather there may be a Google Summer of Code project in Linaro to write proper native code generation for GHC on arm64: this would make things a good deal faster, but also enable GHCi (the interpreter) and Template Haskell, and thus clear quite a few more build failures. Since there's already native code generation for ppc64 in GHC, getting it going for ppc64el would probably only be a couple of days' work at this point. But these are niceties by comparison, and I'm more than happy with what I got working for 14.04.

The upshot of all of this is that I may be the first non-Haskell-programmer to ever port GHC to two entirely new architectures. I'm not sure if I gain much from that personally aside from a lot of lost sleep and being considered extremely strange. It has, however, been by far the most challenging set of packages I've ported, and a fascinating trip through some odd corners of build systems and undefined behaviour that I don't normally need to touch.

XKCD Whatif One-Second Day

One-Second Day

What would happen if the Earth's rotation were sped up until a day only lasted one second?

—Dylan

If this is going to happen, I hope it doesn't happen late in the afternoon next Friday.

The Earth rotates,[citation needed] which means its midsection is being flung outward by centrifugal force.[1]Which is still a real thing. This centrifugal force isn't strong enough to overcome gravity and tear the Earth apart, but it's enough to flatten the Earth slightly and make it so you weigh almost a pound less at the Equator than you do at the poles.[2]This is due to several effects, including centrifugal force, the flattened shape of the Earth, and the fact that if you go far enough toward the pole in North America people start offering you poutine.

If the Earth (and everything on it) were suddenly sped up so that a day only lasted one second, the Earth wouldn't even last a single day.[3]Either kind. The Equator would be moving at over 10% of the speed of light. Centrifugal force would become much stronger than gravity, and the material that makes up the Earth would be flung outward.

You wouldn't die instantly—you might survive for a few milliseconds or even seconds. That might not seem like much, but compared to the speed at which you'd die in other What If articles involving relativistic speeds, it's pretty long.

The Earth's crust and mantle would break apart into building-sized chunks. By the time a second[4]I mean, a day. had passed, the atmosphere would have spread out too thin to breathe—although even at the relatively stationary poles, you probably wouldn't survive long enough to asphyxiate.

In the first few seconds, the expansion would shatter the crust into spinning fragments and kill just about everyone on the planet, but that's relatively peaceful compared to what would happen next.

Everything would be moving at relativistic speeds, but each piece of the crust would be moving at close to the same speed at its neighbors. This means things would be relatively calm ... until the disk hit something.

The first obstacle would be the belt of satellites around the Earth. After 40 milliseconds, the ISS would be struck by the edge of the expanding atmosphere and would be vaporized instantly. More satellites would follow. After a second and a half, the disc would reach the belt of geostationary satellites orbiting above the Equator. Each one would release a violent burst of gamma rays as the Earth consumed it.

The debris from the Earth would slice outward like an expanding buzzsaw. The disk would take about ten seconds to pass the Moon, another hour to spread past the Sun, and would span the Solar System within a day or two. Each time the disc engulfed an asteroid, it would spray a flood of energy in all directions, eventually sterilizing every surface in the Solar System.

Since the Earth is tilted, the Sun and the planets aren't usually lined up with the plane of the Earth's equator. They'd have a good chance of avoiding the buzzsaw[5]I keep reading this as "Buzzfeed". directly.

However, Next Friday, April 25th, the Moon will cross the plane of the Earth's equator (as it does every two weeks). If Dylan sped up the Earth at this moment, the Moon would be right in the path of the resulting planetary buzzsaw.

The impact would turn the moon into a comet, sending it rocketing from the Solar System in a spray of debris. The flash of light and heat would be so bright that if you were standing at the surface of the Sun, it would be brighter above you than below. Every surface in the Solar System—Europa's ice, Saturn's rings, and Mercury's rocky crust—would be scoured clean ...

... by moonlight.

,

Planet DebianSteve Kemp: Is lumail a stepping stone?

I'm pondering a rewrite of my console-based mail-client.

While it is "popular" it is not popular.

I suspect "console-based" is the killer.

I like console, and I ssh to a remote server to use it, but having different front-ends would be neat.

In the world of mailpipe, etc, is there room for a graphic console client? Possibly.

The limiting factor would be the lack of POP3/IMAP.

Reworking things such that there is a daemon to which a GUI, or a console client, could connect seems simple. The hard part would obviously be working the IPC and writing the GUI. Any toolkit selected would rule out 40% of the audience.

In other news I'm stalling on replying to emails. Irony.

Kelvin ThomsonAlarming Rise in Long-Term Youth Unemployment

There are few things more demoralising or destructive of self-esteem and life chances than long-term unemployment. It is therefore alarming that long-term youth unemployment in Australia has tripled in the past six years.<o:p></o:p>

In 2008 there were 19,500 long-term unemployed young people in Australia. Now there are 56,800. In Victoria there are now 81,900 unemployed young people. 14,000 of them have not worked at all in the past 12 months. It is outrageous that we make it so hard for these young people to break out of this trap by bringing in ever increasing numbers of migrant workers on both the permanent and temporary migrant worker programs. Last year net overseas migration was 240,000, and we now have over a million people from overseas in Australia on temporary visas, which give them work rights. How can we seriously expect to bring the unacceptable number of young people who are long-term unemployed down when they are subjected to such ferocious competition for entry-level jobs?<o:p></o:p>

It is not that young people don’t want to work. Many of them apply for dozens, or even hundreds, of jobs without success. This lack of success is damaging their self-confidence and self-esteem and crushing them. Australia is not short of people, or short of workers. What we are lacking is the sense to realise that our migrant worker programs are way too high given the number of people who are ready, willing and able to work.<o:p></o:p>

Planet DebianRichard Hartmann: git-annex corner case: Changing commit messages retroactively and after syncing

This is half a blog post and half a reminder for my future self.

So let's say you used the following commands:

git add foo
git annex add bar
git annex sync
# move to different location with different remotes available
git add quux
git annex add quuux
git annex sync

what I wanted to happen was to simply sync the already committed stuff to the other remotes. What happened instead was git annex sync's automagic commit feature (which you can not disable, it seems) doing its job: Commit what was added earlier and use "git-annex automatic sync" as commit message.

This is not a problem in and as of itself, but as this is my my master annex and as I managed to maintain clean commit messages for the last few years, I felt the need to clean this mess up.

Changing old commit messages is easy:

git rebase --interactive HEAD~3

pick the r option for "reword" and amend the two commit messages. I did the same on my remote and all the branches I could find with git branch -a. Problem is, git-annex pulls in changes from refs which are not shown as branches; run git annex sync and back are the old commits along with a merge commit like an ugly cherry on top. Blegh.

I decided to leave my comfort zone and ended up with the following:

# always back up before poking refs
git clone --mirror repo backup

git reset --hard 1234
git show-ref | grep master
# for every ref returned, do:
  git update-ref $ref 1234

rinse repeat for every remote, git annex sync, et voilà. And yes, I avoided using an actual loop on purpose; sometimes, doing things slowly and by hand just feels safer.

For good measure, I am running

git fsck && git annex fsck

on all my remotes now, but everything looks good up to now.

CryptogramSchneier Talks and Interviews

Here are three articles about me from the last month. Also these three A/V links.

CryptogramSchneier Speaking Schedule: April–May

Here's my upcoming speaking schedule for April and May:

Information about all my speaking engagements can be found here.

LongNowWatermark: New Film by Edward Burtynsky

Every living thing requires water. We humans interact with it in a myriad of ways, numerous times a day. But how often do we consider the complexity of that interaction?

<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/QOPLs_ogF-0" width="560"></iframe>

Renowned photographer and former SALT speaker Edward Burtynsky explores these questions in a new film. Co-directed by Burtynsky and filmmaker Jennifer Baichwal,

Watermark is a feature documentary film that brings together diverse stories from around the globe about our relationship with water: how we are drawn to it, what we learn from it, how we use it and the consequences of that use. … Shot in stunning 5K ultra high-definition video and full of soaring aerial perspectives, this film shows water as a terraforming element and the scale of its reach, as well as the magnitude of our need and use. This is balanced by forays into the particular: a haunting memory of a stolen river, a mysterious figure roaming ancient rice terraces, the crucial data hidden in a million year old piece of ice, a pilgrim’s private ritual among thousands of others at the water’s edge.

The film is part of Burtynsky’s larger Water project, which also includes a book and an exhibition of dramatic large-format photographs. Watermark will be playing at theaters throughout the United States this month and the next; you can find a list of screenings here.

In San Francisco, Watermark will be screened at the Opera Plaza Theater  for one week, starting this Friday, April 18. Come see the film on opening day for a chance to hear Burtynsky speak about the film: he will attend the 4.30 PM and 7.00 PM shows in person for a post-screening Q&A with the audience.

More information about the Water Project book can be found here, and the accompanying photographs will be on exhibit at the Rena Bransten Gallery in San Francisco through the end of the month.

 

Planet DebianDaniel Kahn Gillmor: OTR key replacement (heartbleed)

I'm replacing my OTR key for XMPP because of heartbleed (see below).

If the plain ASCII text below is mangled beyond verification, you can retrieve a copy of it from my web site that should be able to be verified.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

OTR Key Replacement for XMPP dkg@jabber.org
===========================================
Date: 2014-04-14

My main XMPP account is dkg@jabber.org.

I prefer OTR [0] conversations when using XMPP for private
discussions.

I was using irssi to connect to XMPP servers, and irssi relies on
OpenSSL for the TLS connections.  I was using it with versions of
OpenSSL that were vulnerable to the "Heartbleed" attack [1].  It's
possible that my OTR long-term secret key was leaked via this attack.

As a result, I'm changing my OTR key for this account.

The new, correct OTR fingerprint for the XMPP account at dkg@jabber.org is:

  F8953C5D 48ABABA2 F48EE99C D6550A78 A91EF63D

Thanks for taking the time to verify your peers' fingerprints.  Secure
communication is important not only to protect yourself, but also to
protect your friends, their friends and so on.

Happy Hacking,

  --dkg  (Daniel Kahn Gillmor)

Notes:

[0] OTR: https://otr.cypherpunks.ca/
[1] Heartbleed: http://heartbleed.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJTTBF+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB
NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcYwkQAKLzEnTV1lrK6YrhdvRnuYnh
Bh9Ad2ZY44RQmN+STMEnCJ4OWbn5qx/NrziNVUZN6JddrEvYUOxME6K0mGHdY2KR
yjLYudsBuSMZQ+5crZkE8rjBL8vDj8Dbn3mHyT8bAbB9cmASESeQMu96vni15ePd
2sB7iBofee9YAoiewI+xRvjo2aRX8nbFSykoIusgnYG2qwo2qPaBVOjmoBPB5YRI
PkN0/hAh11Ky0qQ/GUROytp/BMJXZx2rea2xHs0mplZLqJrX400u1Bawllgz3gfV
qQKKNc3st6iHf3F6p6Z0db9NRq+AJ24fTJNcQ+t07vMZHCWM+hTelofvDyBhqG/r
l8e4gdSh/zWTR/7TR3ZYLCiZzU0uYNd0rE3CcxDbnGTUS1ZxooykWBNIPJMl1DUE
zzcrQleLS5tna1b9la3rJWtFIATyO4dvUXXa9wU3c3+Wr60cSXbsK5OCct2KmiWY
fJme0bpM5m1j7B8QwLzKqy/+YgOOJ05QDVbBZwJn1B7rvUYmb968yLQUqO5Q87L4
GvPB1yY+2bLLF2oFMJJzFmhKuAflslRXyKcAhTmtKZY+hUpxoWuVa1qLU3bQCUSE
MlC4Hv6vaq14BEYLeopoSb7THsIcUdRjho+WEKPkryj6aVZM5WnIGIS/4QtYvWpk
3UsXFdVZGfE9rfCOLf0F
=BGa1
-----END PGP SIGNATURE-----

Planet DebianChristine Spang: PyCon 2014 retrospective

PyCon 2014 happened. (Sprints are still happening.)

This was my 3rd PyCon, but my first year as a serious contributor to the event, which led to an incredibly different feel. I also came as a person running a company building a complex system in Python, and I loved having the overarching mission of what I'm building driving my approach to what I chose to do. PyCon is one of the few conferences I go to where the feeling of acceptance and at-homeness mitigates the introvert overwhelm at nonstop social interaction. It's truly a special event and community.

Here are some highlights:

  • I gave a tutorial about search, which was recorded in its entirety... if you watch this video, I highly recommend skipping the hands-on parts where I'm just walking around helping people out. :)
  • I gave a talk! It's called Subprocess to FFI, and you can find the video here. Through three full iterations of dry runs with feedback, I had a ton of fun preparing this talk. I'd like to give more like it in the future as I continue to level up my speaking skills.
  • Allen Downey came to my talk and found me later to say hi. Omg amazing, made my day.
  • Aux Vivres and Dieu du Ciel, amazing eats and drink with great new and old friends. Special shout out to old Debian friends Micah Anderson, Matt Zimmerman, and Antoine Beaupré for a good time at Dieu du Ciel.
  • The Geek Feminism open space was a great place to chill out and always find other women to hang with, much thanks to Liz Henry for organizing it.
  • Talking to the community from the Inbox booth on Startup Row in the Expo hall on Friday. Special thanks for Don Sheu and Yannick Gingras for making this happen, it was awesome!
  • The PyLadies lunch. Wow, was that amazing. Not only did I get to meet Julia Evans (who also liked meeting me!), but there was an amazing lineup of amazing women telling everyone about what they're doing. This and Noami Ceder's touching talk about openly transitioning while being a member of the Python community really show how the community walks the walk when it comes to diversity and is always improving.
  • Catching up with old friends like Biella Coleman, Selena Deckelmann, Deb Nicholson, Paul Tagliamonte, Jessica McKellar, Adam Fletcher, and even friends from the bay area who I don't see often. It was hard to walk places without getting too distracted running into people I knew, I got really good at waving and continuing on my way. :)

I didn't get to go to a lot of talks in person this year since my personal schedule was so full, but the PyCon video team is amazing as usual, so I'm looking forward to checking out the archive. It really is a gift to get the videos up while energy from the conference is still so high and people want to check out things they missed and share the talks they loved.

Thanks to everyone, hugs, peace out, et cetera!

CryptogramGoGo Wireless Adds Surveillance Capabilities for Government

The important piece of this story is not that GoGo complies with the law, but that it goes above and beyond what is required by law. It has voluntarily decided to violate your privacy and turn your data over to the government.

Sociological ImagesWhere Did Your 2013 Tax Dollars Go?

Each  year the National Priorities Project releases a visual illustrating how our tax dollars are spent.  This is the one for 2013, sans medicare and social security taxes.

1At the end of Sociology 101, I like to ask my students: “What is the state for?”  This often takes them aback, as most of them have never considered the question before.  Is it for defense?  It is to maximize happiness or reduce misery?  Is it for maximizing GDP?  Protecting private property?  Do we want to use it to influence other countries?  How?

There are many questions to ask and they are not purely theoretical.  I like how the spending of our tax dollars helps make the conversation more concrete.

Cross-posted at Business Insider.

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianCraig Small: mutt ate my i key

I did a large upgrade tonight and noticed there was a mutt upgrade, no biggie really….Except my I have for years (incorrectly?) used the “i” key when reading a specific email to jump back to the list of emails, or from index to pager in mutt speak.

Instead of my pager of mails, I got “No news servers defined!” The fix is rather simple, in muttrc put

bind pager i exit

and you’re back to using the i key the wrong way again like me.

 

Planet DebianChris Lamb: Race report: Cambridge Duathlon 2014

(This is my first race of the 2014 season.)


I had entered this race in 2013 and found it was effective for focusing winter training. As triathlons do not typically start until May in the UK, scheduling earlier races can be motivating in the colder winter months.

I didn't have any clear goals for the race except to blow out the cobwebs and improve on my 2013 time. I couldn't set reasonable or reliable target times after considerable "long & slow" training in the off-season but I did want to test some new equipment and stategies, especially race pacing with a power meter, but also a new wheelset, crankset and helmet.

Preparation was both accidentally and deliberately compromised: I did very little race-specific training as my season is based around an entirely different intensity of race, but compounding this I was confined to bed the weekend before.

Sleep was acceptable in the preceding days and I felt moderately fresh on race morning. Nutrition-wise, I had porridge and bread with jam for breakfast, a PowerGel before the race, 750ml of PowerBar Perform on the bike along with a "Hydro" PowerGel with caffeine at approximately 30km.


Run 1 (7.5km)

A few minutes before the start my race number belt—the only truly untested equipment that day—refused to tighten. However, I decided that once the race began I would either ignore it or even discard it, risking disqualification.

Despite letting everyone go up the road, my first km was still too fast so I dialed down the effort, settling into a "10k" pace and began overtaking other runners. The Fen winds and drag-strip uphill from 3km provided a bit of pacing challenge for someone used to shelter and shorter hills but I kept a metered effort through into transition.

Time
33:01 (4:24/km, T1: 00:47) — Last year: 37:47 (5:02/km)

Bike (40km)

Although my 2014 bike setup features a power meter, I had not yet had the chance to perform an FTP test outdoors. I was thus was not able to calculate a definitive target power for the bike leg. However, data from my road bike suggested I set a power ceiling of 250W on the longer hills.

This was extremely effective in avoiding going "into the red" and compromising the second run. This lends yet more weight to the idea that a power meter in multisport events is "almost like cheating".

I was not entirely comfortable with my bike position: not only were my thin sunglasses making me raise my head more than I needed to, I found myself creeping forward onto the nose of my saddle. This is sub-optimal, even if only considering that I am not training in that position.

Overall, the bike was uneventful with the only memorable moment provided by a wasp that got stuck between my head and a helmet vent. Coming into transition I didn't feel like I had really pushed myself that hard—probably a good sign—but the time difference from last year's bike leg (1:16:11) was a little underwhelming.

Time
1:10:45 (T2: 00:58)

Run 2 (7.5km)

After leaving transition, my legs were extremely uncooperative and I had great difficulty in pacing myself in the first kilometer. Concentrating hard on reducing my cadence as well as using my rehearsed mental cue, I managed to settle down.

The following 4 kilometers were a mental struggle rather than a physical one, modulo having to force a few burps to ease some discomfort, possibly from drinking too much or too fast on the bike.

I had planned to "unload" as soon as I reached 6km but I didn't really have it in me. Whilst I am physiologically faster compared to last year, I suspect the lack of threshold-level running over the winter meant the mental component required for digging deep will require some coaxing to return.

However, it is said that you have successfully paced a duathlon if the second run faster than the first. On this criterion, this was a success, but it would have been a bonus to have really felt completely completely drained at the end of the day, if only from a neo-Calvinist perspective.

Time
32:46 (4:22/km) / Last year: 38:10 (5:05/km)

Overall

Total time
2:18:19

A race that goes almost entirely to plan is a bit of a paradox – there's certainly satisfaction in setting goals and hitting them without issue, but this is a gratification of slow-burning fire rather than the jubilation of a fireworks display.

However, it was nice to learn that I managed to finish 5th in my age group despite this race attracting an extremely strong field: as an indicator, the age-group athlete finishing immediately before me was seven minutes faster and the overall winner finished in 1:54:53 (!).

The race identified the following areas to work on:

  • Perform an outdoors FTP on my time-trial bike outdoors to develop an optimum power plan.
  • Do a few more brick runs, at least to re-acclimatise the feeling.
  • Schedule another bike fit.

Although not strictly race-related, I also need to find techniques to ensure transporting a bike on public transport is less stressful. (Full results & full 2014 race schedule)

RacialiciousVoices: RIP Karyn Washington, Founder of For Brown Girls (1992-2014)

By Arturo R. García

For Brown Girls founder Karyn Washington.

The online social justice community suffered a sobering loss with the death of Karyn Washington, who created For Brown Girls and the #DarkSkinRedLip Project, Clutch Magazine reported late last week.

Adding to the shock was that Washington, whose work helped uplift her fans and readers and raise necessary conversations about the unfair beauty standards pushed on communities of color, reportedly took her own life at just 22 years of age, after struggling with depression following her mother’s death last year. Her passing has not only inspired conversation about her work, but about the struggle facing many of our communities and mental health.

FBG was created to celebrate the beauty of dark skin while combatting colorism and promoting self love! FBG was created to celebrate darker shades of brown- to encourage those struggling with accepting having a darker skin complexion to love and embrace the skin they are in. However, women of all shades may take away from FBG the universal and essential message of self love and acceptance.
For Brown Girls Mission Statement

The inspiring young lady helped to empower young women through her work in celebrating the beauty of African-American women, particularly those of dark-complexion.

One example of Washington’s great influence was her #DarkSkinRedLip project, which she launched after rapper ASAP Rocky openly criticized women with darker skin for wearing red lipstick. With this project, Washington allowed all shades of women to band together in knocking down barriers in beauty by encouraging them to embrace their beauty and claim confidence in wearing any lipstick they please.

– Lilly Workneh, The Grio

I remember I’d cover my mouth when i laughed. I had just gotten braces and I wasn’t quite comfortable yet. I was the epitome of an awkward little black girl. You told me I could be your brace face buddy. I think that was the first time if ever heard the term “brace face” !!! Lol & it certainly wasn’t the last either. We’d talk a lot about school and other silly stuff that probably didn’t matter much, but you gave me so much comfort. Now that I think about it, that amazes me. We were only in middle school and there you were inspiring me and teaching me to love my brown self in the most subtle ways. It is no surprise that you would go on to do such amazing things. May “For Brown Girls” (FBG) continue to thrive. That will forever be your brand, your movement, and your legacy! You’re amazing and even at such the young and tender age of 22 you’ve touched the lives of many all over the world. You inspire me and so many other people so much more than you could’ve ever imagined. I wish you could’ve seen the true magnitude of that.

When I look at you I see a reflection of myself and most certainly that is why this hurts so badly. From now on I’ll forever remember your big beautiful smile, your charm, ambition, professionalism, entrepreneurship, confidence, humility, your drive, and your beautiful Brown Skin. That is what I’ll choose to remember… because to be honest, I’m a bit angry with you. Indeed I’m being selfish, but my heart is devastated- yet, because I know a tad bit about what you were going through I can understand. I’m guilt tripping because I wish I could’ve been there for you a little bit more. I’m so sorry, but I can’t help but to think that with just a little bit more time or a little less distance, proximity would’ve allowed me to make, maybe the slightest difference … Forgive me!

Lia Lia

We’ve spoken about the struggle of dealing with depression and mental illness on this site, and the propensity for many people of color to pass on seeking help and counseling because of worry of public opinion and shame. With losses like these, it’s even more important to spread the word about the realities of these internal battles. Washington was a woman who made a difference and her push to remind us as sistas of our beauty was major. Continue to support it and to spread love, as Washington so loved to do.

– Victoria Uwumarogie, Madame Noire

Washington, who dedicated herself to the uplifting of dark-skinned black girls and women, and worked so that they would have a sense of well-being, was struggling with depression and mental illness, and was unable to extend the love she gave to others to herself.

This is often par for the course with black women, who often shoulder so much burden (one of the only things the community will give us kudos for, the quintessential ‘struggle’) and to admit any weakness of the mind and body is to be considered defective. Vulnerability is not allowed. Tears are discouraged. Victims are incessantly blamed. We are hard on our women, and suffer as a result.

When your community tells you that you’re better off praying than seeking the advice of medical professionals and medication, you feel shame when you feel your mind is breaking. There is no safe place. To admit to any mental frialty is to invite scorn and mockery, accusations of “acting white.”

– Christelyn Karazin, Beyond Black & White

I identify with Washington’s encouragement for those struggling with acceptance in having a darker complexion to love and embrace the skin they are in. In Karyn’s unexpected transition, there’s a lesson to be learned. We all, regardless of the shade of our skin, are seeking a loving and supportive system in a community still struggling to accept a variety of skin-tones. Colorism is promoted by media outlets force feeding images of one-dimensional beauty for men and women. People everywhere can continue fostering and laying the bricks For Brown Girls struggling to find self-love and acceptance in their skin by uplifting and supporting one another through projects such as Washington’s.

– M L Ward, Uptown Magazine

<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/dGg6G87v7v8" width="560"></iframe>

There are people who speculate and assume that she was in this place because she wasn’t comfortable with her skin complexion or she had self-esteem issues. That really is 100 percent false. Karyn loved who she was, and she loved her beauty, and she knew she was beautiful. She really overcame the whole colorism issue very early on in her development as a young woman. She was very confident in her skin, and I never heard her say anything negative about her dark skin, or her brown skin. That is just something, I don’t think, that was an issue at all.

– Video by Yumnah Najah, via Women’s Elevation Magazine

When I heard the news this morning, that’s the first thing I thought. I should have shared my thoughts about living without my mother. And how I didn’t want to. I wanted to join her in heaven. It has too be easier up top.

But I was/am too ashamed to admit it. I can hardly believe that I am even typing it and sharing it with you. But fuck it, I’ve thought about it. Does that make me crazy?! NOPE!

I’ve learned in this past year that it doesn’t. It’s what makes me human. I blame social media a bit. We all try to illustrate these perfect lives. Who really shares the bad days? And more importantly, who doesn’t judge someone when they do?

I checked on her one last time in January 2014. I left my number again, just in case she needed to hear my voice. But Karyn never called.

As I continued to fight off my own depression with cocktails, tears and hugs from my boyfriend Karyn still lived inside of me. Karyn isn’t alone. All too often we look down on Karyn. She’s that unstable creature (insert B word) who hasn’t learned to deal with life’s obstacles. She hasn’t learned how to become this beacon of strength that represents all Black women.

– Ty Alexander, Gorgeous In Grey

I really appreciate those who follow the blog and support FBG. It warms my heart see to young ladies excited about the project and to hear that it makes them feel special. I created this spotlight because the blog is for them and I wanted to feature them on it! I ask the girls to fill out a short questionnaire so I and others can get to know them. In the feature, the girls also share their favorite quote, what they love about themselves and what inspires them. They send that along with their picture to the FBG email. I then format it all in a post and feature the ladies throughout the week on the blog. I also wanted to do something a little different than other blogs which also focus on darker skinned beauty. Instead of just pictures, I want to make sure my blog has substance.

– Karyn Washington, Interview with Madame Noire, March 2012

National Suicide Prevention Lifeline: 1-800-273-TALK (8255)

The post Voices: RIP Karyn Washington, Founder of For Brown Girls (1992-2014) appeared first on Racialicious - the intersection of race and pop culture.

Worse Than FailureAll Your RAM Are Belong to Us

Back around the turn of the century, governments were a different place to work at. The public trough, while not as fat as it had been, was still capable of providing funding for boondoggles handed out to friends and family. This was before deficit hawks made a sport of picking off small cost overruns that scurried around the fields of government largesse. Before billions was spent on wars of questionable necessity. Before mayors broke down the stereotype that all crack addicts were skinny.

In this heyday, Ray worked for a government department that contracted, managed and passed-through telecommunications services from external providers to other government departments. The department's central billing and administration system was built and run on the Ingres ABF framework and it's origin dated back to the early 90's. What's more, as soon as the application could be put into minimal funding status, it was. Even in the heady Internet bubble days, no money was spent beyond what was needed to keep the application running.

For developers, this meant a heavy reliance on shell scripts and other such tools to support the main application. And, considering the critical nature of the application (it did generate revenue...or at least caused numbers to be moved from one ledger to another within the government), any change went through enough manual testing to defoliated a acre of the Amazon rain forest generating the testing outputs.

So when Ray needed to make a bulk data change to the central database, he followed the prescribed steps. The appropriate shell script was created, followed by multiple runs on the test server to create the 3 type-set, calf leather bound volumes of input-output testing printouts. Once done, 5 levels of sign-off were collected. While there's no question that this was an extreme process (XP, but not in the productive way), by the time Ray ran the procedural gauntlet, he was confident that the script would do what it was advertised to do.

To run these scripts, the developers used one-off AT scripts on the server to schedule it to start after hours on the server in question. This mechanism, along with servers that had a good SMS notification system for failed AT jobs, meant that developers could schedule a script to run and then go home with confidence.

Ray set up him job to run at 6:30pm and with no notification of a failure, it was a sleep-filled evening. And he came in the next morning confident of it being a normal day. The sight of the wide-eyed, slightly perspiring system administrator combined with his opening statement of "Thank god you're here!" extinguished that.

"Fezzik's down!", he said. The servers were named after movie characters and Fezzik was the production server that Ray had scheduled the script on the night before.

"Um...define 'down'." Ray said, stalling while desperately trying to think of what weird permutation in the script could have caused this.

"It's not responding. The network controller says Fezzik's there. We can ping it. But terminal sessions are immediately frozen on connect and the applications running on that server are unreachable."

"So, it's not DOWN down then?" Ray asked as he reversed course and headed to the server room.

"It's down enough", came the reply.

At the server console, the user login shell was visible. The sys admin pushed a key. The server replied with an annoyingly cheerful beep. One key press, no characters, just a beep. The keyboard buffer was full. Ray felt queasy.

"Inconceivable. I have no idea what caused that." Ray said with an honesty that was quickly turning to desperation.

"Well", said the admin, "we did get some e-mails from the system this morning before it stopped responding. What the hell is rous_at_job.sh?"

Ray paused. "Why?"

"There's so many instances of it that we don't KNOW how many instances there are of it!"

Realization and dread in equal measures dawned on Ray. Instead of rous_at_job.sh running rous.sh param1 param2, Ray had instead set rous_at_job.sh to run rous_at_job.sh param1 param2! The script simply invoked itself, recursively, forever. So, for a little over 12 hours, like Agent Smith in the Matrix, rous_at_job.sh had patiently, one Kb at a time, taken over the memory and run-time capabilities of the server. By the time the system administrators had got in in the morning, rous_at_job.sh had successfully completed its quest for electronic domination and had physically run out of space to spawn another process.

The only option was to literally unplug the machine. The only saving grace was the fact that, given the current state of the processes, Ray was pretty certain that the server wasn't actually doing anything. Other than running rous_at_job.sh, that is.

The server came back no worse for wear. Going forward, developers were banned from running ANY job on the production server. Like magic, budget was found for a new data change management and scheduling system. And Ray spent a large percentage of his paycheck at the pub that Friday buying the system administrators beers.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Planet DebianBits from Debian: DPL election is over, Lucas Nussbaum re-elected

The Debian Project Leader election has concluded and the winner is Lucas Nussbaum. Of a total of 1003 developers, 401 developers voted using the Condorcet method.

More information about the result is available in the Debian Project Leader Elections 2014 page.

The new term for the project leader will start on April 17th and expire on April 17th 2015.

Planet DebianAndrew Pollock: [life] Day 76: Dora + Fever

We had a bit of a rough night last night. I noticed Zoe was pretty hot when she had a nap yesterday after not really eating much lunch. She still had a mild fever after her nap, so I gave her some paracetamol (aka acetaminophen, that one weirded me out when I moved to the US) and called for a home doctor to check her ears out.

Her ears were fine, but her throat was a little red. The doctor said it was probably a virus. Her temperature wasn't so high at bed time, so I skipped the paracetamol, and she went to bed fine.

She did wake up at about 1:30am and it took me until 3am to get her back to bed. I think it was a combination of the fever and trying to phase out her white noise, but she just didn't want to sleep in her bed or her room. At 3am I admitted defeat and let her sleep with me.

She had only a slightly elevated temperature this morning, and otherwise seemed in good spirits. We were supposed to go to a family lunch today, because my sister and brother are in town with their respective families, but I figured we'd skip that on account that Zoe may have still had something, and coupled with the poor night's sleep, I wasn't sure how much socialising she was going to be up for.

My ear has still been giving me grief, and I had a home doctor check it yesterday as well, and he said the ear canal was 90% blocked. First thing this morning I called up to make an appointment with my regular doctor to try and get it flushed out. The earliest appointment I could get was 10:15am.

So we trundled around the corner to my doctor after a very slow start to the day. I got my ear cleaned out and felt like a million bucks afterwards. We went to Woolworths to order an undecorated mud slab cake, so I can try doing a trial birthday cake. I've given up on trying to do the sitting minion, and significantly scaled back to just a flat minion slab cake. The should be ready tomorrow.

The family thing was originally supposed to be tomorrow, and was only moved to today yesterday. My original plan had been to take Zoe to a free Dora the Explorer live show that was on in the Queen Street Mall.

I decided to revert back to the original plan, but by this stage, it was too late to catch the 11am show, so the 1pm show was the only other option. We had a "quick" lunch at home, which involved Zoe refusing the eat the sandwich I made for her and me convincing her otherwise.

Then I got a time-sensitive phone call from a friend, and once I'd finished dealing with that, there wasn't enough time to take any form of public transport and get there in time, so I decided to just drive in.

We parked in the Myer Centre car park, and quickly made our way up to the mall, and made it there comfortably with 5 minutes to spare.

The show wasn't anything much to phone home about. It was basically just 20 minutes of someone in a giant Dora suit acting out was was essentially a typical episode of Dora the Explorer, on stage, with a helper. Zoe started out wanting to sit on my lap, but made a few brief forays down to the "mosh pit" down the front with the other kids, dancing around.

After the show finished, we had about 40 minutes to kill before we could get a photo with Dora, so we wandered around the Myer Centre. I let Zoe choose our destinations initially, and we browsed a cheap accessories store that was having a sale, and then we wandered downstairs to one of the underground bus station platforms.

After that, we made our way up to Lincraft, and browsed. We bought a $5 magnifying glass, and I let Zoe do the whole transaction by herself. After that it was time to make our way back down for the photo.

Zoe made it first in line, so we were in and out nice and quick. We got our photos, and they gave her a little activity book as well, which she thought was cool, and then we headed back down the car park.

In my haste to park and get top side, I hadn't really paid attention to where we'd parked, and we came down via different elevators than we went up, so by the time I'd finally located the car, the exit gate was trying to extract an extra $5 parking out of me. Fortunately I was able to use the intercom at the gate and tell my sob story of being a nincompoop, and they let us out without further payment.

We swung by the Valley to clear my PO box, and then headed home. Zoe spontaneously announced she'd had a fun day, so that was lovely.

We only had about an hour and half to kill before Sarah was going to pick up Zoe, so we just mucked around. Zoe looked at stuff around the house with her magnifying glass. She helped me open my mail. We looked at some of the photos on my phone. Dayframe and a Chromecast is a great combination for that. We had a really lovely spell on the couch where we took turns to draw on her Magna Doodle. That was some really sweet time together.

Zoe seemed really eager for her mother to arrive, and kept asking how much longer it was going to be, and going outside our unit's front door to look for her.

Sarah finally arrived, and remarked that Zoe felt hot, and so I checked her temperature, and her fever had returned, so whatever she has she's still fighting off.

I decided to do my Easter egg shopping in preparation for Sunday. A friend suggested this cool idea of leaving rabbit paw tracks all over the house in baby powder, and I found a template online and got that all ready to go.

I had a really great yoga class tonight. Probably one of the best I've had in a while in terms of being able to completely clear my head.

I'm looking forward to an uninterrupted night's sleep tonight.

Krebs on SecurityCrimeware Helps File Fraudulent Tax Returns

Many companies believe that if they protect their intellectual property and customers’ information, they’ve done a decent job of safeguarding their crown jewels from attackers. But in an increasingly common scheme, cybercriminals are targeting the Human Resources departments at compromised organizations and rapidly filing fraudulent federal tax returns on all employees.

Last month, KrebsOnSecurity encountered a Web-based control panel that an organized criminal gang has been using to track bogus tax returns filed on behalf of employees at hacked companies whose HR departments had been relieved of W2 forms for all employees.

The control panel for a tax fraud botnet involving more than a half dozen victim organizations.

An obfuscated look at the he control panel for a tax fraud operation involving more than a half dozen victim organizations.

According to the control panel seen by this reporter, the scammers in charge of this scheme have hacked more than a half-dozen U.S. companies, filing fake tax returns on nearly every employee. At last count, this particular scam appears to stretch back to the beginning of this year’s tax filing season, and includes fraudulent returns filed on behalf of thousands of people — totaling more than $1 million in bogus returns.

The control panel includes a menu listing every employee’s W2 form, including all data needed to successfully file a return, such as the employee’s Social Security number, address, wages and employer identification number. Each fake return was apparently filed using the e-filing service provided by H&R Block, a major tax preparation and filing company. H&R Block did not return calls seeking comment for this story.

The "drops" page of this tax  fraud operation lists the nicknames of the co-conspirators who agreed to "cash out" funds on the prepaid cards generated by the bogus returns -- minus a small commission.

The “drops” page of this tax fraud operation lists the nicknames of the co-conspirators who agreed to “cash out” funds on the prepaid cards generated by the bogus returns — minus a small commission.

Fraudulent returns listed in the miscreants’ control panel that were successfully filed produced a specific five-digit tax filing Personal Identification Number (PIN) apparently generated by H&R Block’s online filing system. An examination of the panel suggests that successfully-filed returns are routed to prepaid American Express cards that are requested to be sent to addresses in the United States corresponding to specific “drops,” or co-conspirators in the scheme who have agreed to receive the prepaid cards and “cash out” the balance — minus their fee for processing the bogus returns.

Alex Holden, chief information security officer at Hold Security, said although tax fraud is nothing new, automating the exploitation of human resource systems for mass tax fraud is an innovation.

“The depth of this specific operation permits them to act as a malicious middle-man and tax preparation company to be an unwitting ‘underwriter’ of this crime,” Holden said. “And the victims maybe exploited not only for 2013 tax year but also down the road,  and perhaps subject of higher scrutiny by IRS — not to mention potential financial losses. Companies should look at their human resource infrastructure to ensure that payroll, taxes, financial, medical, and other benefits are afforded the same level of protection as their other mission-critical assets.”

ULTIPRO USERS TARGETED

I spoke at length with Doug, a 45-year-old tax fraud victim at a company that was listed in the attacker’s control panel. Doug agreed to talk about his experience if I omitted his last name and his employer’s name from this story. Doug confirmed that the information in the attacker’s tax fraud panel was his and mostly correct, but he said he didn’t recognize the Gmail address used to fraudulently submit his taxes at H&R Block.

Doug said his employer recently sent out a company-wide email stating there had been a security breach at a cloud provider that was subcontracted to handle the company’s employee benefits and payroll systems.

“Our company sent out a blanket email saying there had been a security breach that included employee names, addresses, Social Security numbers, and other information, and that they were going to pay for a free year’s worth of credit monitoring,” Doug said.

Almost a week after that notification, the company sent out a second notice stating that the breach extended to the personal information of all spouses and children of its employees.

“We were later notified that the breach was much deeper than originally suspected, which included all of our beneficiaries, their personal information, my life insurance policy, 401-K stuff, and our taxes,” Doug said. “My sister-in-law is an accountant, so I raced to her and asked her to help us file our taxes immediately. She pushed them through quickly but the IRS came back and said someone had already filed our taxes a few days before us.”

Doug has since spent many hours filling out countless forms with a variety of organizations, including the Federal Trade Commission, the FBI, the local police department, and of course the Internal Revenue Service.

Doug’s company and another victim at a separate company whose employees were all listed as recent tax fraud victims in the attacker’s online control panel both said their employers’ third-party cloud provider of payroll services was Weston, Fla.-based Ultimate Software. In each case, the attackers appear to have stolen the credentials of the victim organization’s human resources manager, credentials that were used to manage employee payroll and benefits at Ultipro, an online HR and payroll solutions provider.

Jody Kaminsky, senior vice president of marketing at Ultimate Software, said the company has no indication of a compromise of Ultimate’s security. Instead, she said Doug’s employer appears to have had its credentials stolen and abused by this fraud operation.

“Although we are aware that several customers’ employees were victims of tax fraud, we have no reason to believe this unauthorized access was the result of a compromise of our own security,” Kaminsky said. “Rather, our investigation suggests this is the result of stolen login information on the end-user level and not our application.”

Kaminsky continued:

“Unfortunately incidents of tax fraud this tax season across the U.S. are increasing and do not appear to be limited to just our customers or any one company (as I’m sure you’re well aware due to your close coverage of this issue). Over the past several weeks, we have communicated multiple times with our customers about recent threats of tax fraud and identity theft schemes.”

“We believe through schemes such as phishing or malware on end-user computers, criminals are attempting to obtain system login information and use those logins to access employee data for tax fraud purposes. We take identity theft schemes extremely seriously. As tax season progresses, we have been encouraging our customers to take steps to protect their systems such as enforcing frequent password resets and ensuring employee computers’ are up-to-date on anti-malware protection.”

PROTECT YOURSELF FROM TAX FRAUD

According to a 2013 report from the Treasury Inspector General’s office, the U.S. Internal Revenue Service (IRS) issued nearly $4 billion in bogus tax refunds in 2012. The money largely was sent to people who stole Social Security numbers and other information on U.S. citizens, and then filed fraudulent tax returns on those individuals claiming a large refund but at a different address.

It’s important to note that fraudsters engaged in this type of crime are in no way singling out H&R Block or Ultipro. Cybercrooks in charge of large collections of hacked computers can just as easily siphon usernames and passwords — as well as incomplete returns — from taxpayers who are preparing returns via other online filing services, including TurboTax and TaxSlayer.

If you become the victim of identity theft outside of the tax system or believe you may be at risk due to a lost/stolen purse or wallet, questionable credit card activity or credit report, etc., you are encouraged to contact the IRS at the Identity Protection Specialized Unit, toll-free at 1-800-908-4490 so that the IRS can take steps to further secure your account.

That process is likely to involve the use of taxpayer-specific PINs for people that have had issues with identity theft. If approved, the PIN is required on any tax return filed for that consumer before a return can be accepted. To start the process of applying for a tax return PIN from the IRS, check out the steps at this link. You will almost certainly need to file an IRS form 14039 (PDF), and provide scanned or photocopied records, such a drivers license or passport.

The most frightening aspect of this tax crimeware panel is that its designers appear to have licensed it for resale. It’s not clear how much this particular automated fraud machine costs, but sources in the financial industry tell this reporter that this same Web interface has been implicated in multiple tax return scams targeting dozens of companies in this year’s tax-filing season.

,

Don MartiSurveillance Marketing pays

Katrina Lerman of Communispace explains how surveillance marketing pays. First of all, people don't like being tracked in general.

We found that consumers overwhelmingly prefer anonymity online: 86 percent of consumers would click a “do not track” button if it were available and 30 percent of consumers would actually pay a 5 percent surcharge if they could be guaranteed that none of their information would be captured.

What would get them over their resistance? Discounts, of course.

On the flip side, consumers may be willing to share their data if there’s a clear value exchange: 70 percent said they would voluntarily share personal data with a company in exchange for a 5 percent discount.

Got it? This is some heavy Chief-Marketing-Officer-level stuff here, so pay attention. Yes, you'll be spending a lot of money on Big Data and all the highly paid surveillance marketing consultants and IT experts who go with it. (Big Data experts are a rare breed, and feed primarily on between-sessions croissants at Big Data conferences.)

But look what you get for that increase in the marketing budget. You get to cut your price to get people to sign up for it.

Somewhere this all makes sense. Maybe Bob Hoffman can explain it.