Planet Russell


Planet DebianBen Armstrong: Debian Live After Debian Live

Get involved

After this happened, my next step was to get re-involved in Debian Live to help it carry on after the loss of Daniel. Here’s a quick update on some team progress, notes that could help people building Stretch images right now, and what to expect next.

Team progress

  • Iain uploaded live-config, incorporating an important fix, #bc8914bc, that prevented images from booting.
  • I want to get live-images ready for an upload, including #8f234605 to fix wrong config/bootloaders that prevented images from building.

Test build notes

  • As always, build Stretch images with latest live-build from Sid (i.e. 5.x).
  • Build Stretch images, not Sid, as there’s less of a chance of dependency issues spoiling the build, and that’s the default anyway.
  • To make build iterations faster, make sure the config is modified to not build source & not include installer (edit auto/config before ‘lb config’) and use an apt caching proxy.
  • Don’t forget to inject fixed packages (e.g. live-config) into each config. Use apt pinning as per live-manual, or drop the debs into config/packages.chroot.

Test boot notes

  • Use kvm, giving it enough ram (-m 1024 works for me).
  • For gnome-desktop and kde-desktop, use -vga qxl, or else the desktop will crash and restart repeatedly.
  • When using qxl, edit boot params to add qxl.modeset=1 (workaround for #779515, which will be fixed in kernel >= 4.3).
  • My gnome image test was spoiled by #802929. The mouse doesn’t work (pointer moves, but no buttons work). Waiting on a new kernel to fix this. This is a test environment related bug only, i.e. should work fine on hardware. (Test pending.)
  • The Stretch standard, lxde-desktop, cinnamon-desktop, xfce-desktop, and gnome-desktop images all built and booted fine (except for the gnome issue noted above).
  • The Stretch kde-desktop and mate-desktop images are next on my list to test, along with Jessie images.
  • I’ve only tested on the standard and lxde-desktop images that if the installer is included, booting from the Install boot menu option starts the installer (i.e. didn’t do an actual install).

Coming soon

See the TODO in the wiki. We’re knocking these off steadily. It will be faster with more people helping (hint, hint).


Krebs on SecurityHilton Acknowledges Credit Card Breach

Two months after KrebsOnSecurity first reported that multiple banks suspected a credit card breach at Hilton Hotel properties across the country, Hilton has acknowledged an intrusion involving malicious software found on some point-of-sale systems.

hiltonAccording to a statement released after markets closed on Tuesday, the breach persisted over a 17-week period from Nov. 18, 2014 to Dec. 5, 2014, or April 21 to July 27, 2015.

“Hilton Worldwide (NYSE: HLT) has identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems,” the company said. “Hilton immediately launched an investigation and has further strengthened its systems.”

Hilton said the data stolen includes cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs).

The company did not say how many Hilton locations or brands were impacted, or whether the breach was limited to compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties — as previously reported here.

The announcement from Hilton comes just five days after Starwood Hotel & Resorts Worldwide — including some 50 Sheraton and Westin locations — was hit by a similar breach that lasted nearly six months.

Starwood and Hilton join several other major hotel brands in announcing a malware-driven credit card data breach over the past year. In October 2015, The Trump Hotel Collection confirmed a report first published by KrebsOnSecurity in June about a possible card breach at the luxury hotel chain.

In March, upscale hotel chain Mandarin Oriental acknowledged a similar breach. The following month, hotel franchising firm White Lodging allowed that — for the second time in 12 months — card processing systems at several of its locations were breached by hackers.

Readers should remember that they are not liable for unauthorized debit or credit card charges, but with one big caveat: the onus is on the cardholder to spot and report any unauthorized charges. Keep a close eye on your monthly statements and report any bogus activity immediately. Many card issuers now let customers receive text alerts for each card purchase and/or for any account changes. Take a moment to review the notification options available to you from your bank or card issuer.

LongNow“The Clock of the Long Now” Short Documentary

<iframe allowfullscreen="" frameborder="0" height="332" src=";title=0&amp;byline=0&amp;portrait=0&amp;badge=0" width="590"></iframe>

Last week, directors Jimmy Goldblum and Adam Weber released their short documentary on “The Clock of the Long Now” at the DocNYC festival. The video features interviews with Danny Hillis, Stewart Brand, and Alexander Rose, as well as previously unreleased footage of clock construction, and gives an excellent introduction to our Clock Project.


Cory DoctorowAuthors Alliance guide to Open Access

The Authors Alliance, a nonprofit writers’ organization, conducted a wide-ranging piece of research on the experience of authors with open access publishing, including my own experiences with Creative Commons and commercial publishing.

That said, most of the essay focuses on academic and scientific authors, who may be institutionally bound to publish under open access, or who may wish to open their work as part of their ethical commitment to peer review and access in scholarship.


• Learn more about open access and related options

• Comply with an open access policy from an employer or funding agency

• Select the terms on which you would like to make a work openly accessible

• Publish a work with an open access publisher

• Make a work openly accessible on a personal or group website

• Deposit a work in an open access repository

• Negotiate with a conventional publisher to make a work openly accessible

• And much more.

Cory DoctorowI won the Comment Awards prize for Technology and Digital Commentator of the Year!

I woke this morning to the delightful news that I won Editorial Intelligence’s 2015 prize for Technology and Digital Commentator of the Year for my work on the Guardian. I’m honoured and delighted — thank you to the jury and the organisation, and to Martha Lane Fox for her presentation of the award!

Planet DebianBernd Zeimetz: online again

Finally, is back online and I’m planning to start blogging again! Part of the reason why I became inactive was the usage of ikiwiki, which is great, but at end unnecessarily complicated. So I’ve migrated by page to - a static website generator, written in go. Hugo has an active community and it is easy to create themes for it or to enhance it. Also it is using plain Markdown syntax instead of special ikiwiki syntax mixed into it - should make it easy to migrate away again if necessary.

In case somebody else would like to convert from ikiwiki to Hugo, here is the script I’ve hacked together to migrate my old blog posts.


find . -type f -name '*.mdwn' | while read i; do
        echo '+++'
        slug="$(echo $i | sed 's,.*/,,;s,\.mdwn$,,')"
        echo "slug = \"${slug}\""
        echo "title = \"$(echo $i | sed 's,.*/,,;s,\.mdwn$,,;s,_, ,g;s/\b\(.\)/\u\1/;s,debian,Debian,g')\""
        if grep -q 'meta updated' $i; then
            echo -n 'date = '
            sed '/meta updated/!d;/.*meta updated.*/s,.*=",,;s,".*,,;s,^,",;s,$,",' $i
            echo -n 'date = '
            git log --diff-filter=A --follow --format='"%aI"' -1 -- $i
        if grep -q '\[\[!tag' $i; then
            echo -n 'tags ='
            sed '/\[\[!tag/!d;s,[^ ]*tag ,,;s,\]\],,;s,\([^ ]*\),"\1",g;s/ /,/g;s,^,[,;s,$,],' $i
        echo 'categories = ["linux"]'
        echo 'draft = false'
        echo '+++'
        echo ''

        sed -e '/\[\[!tag/d' \
            -e '/meta updated/d' \
            -e '/\[\[!plusone *\]\]/d' \
            -e 's,\[\[!img files[0-9/]*/\([^ ]*\) alt="\([^"]*\).*,![\2](../\1),g' \
            -e 's,\[\([^]]*\)\](\([^)]*\)),[\1](\2),g' \
            -e 's,\[\[\([^|]*\)|\([^]]*\)\]\],[\1](\2),g' \
    } > $tmp
    #cat $tmp; rm $tmp 
    mv $tmp `echo $i | sed 's,\.mdwn,.md,g'`

For the planet Debian readers - only linux related posts will show up on the planet. If you are interested in my mountain activities and other things I post, please follow my blog on directly.

CryptogramNSA Collected Americans' E-mails Even After it Stopped Collecting Americans' E-mails

In 2001, the Bush administration authorized -- almost certainly illegally -- the NSA to conduct bulk electronic surveillance on Americans: phone calls, e-mails, financial information, and so on. We learned a lot about the bulk phone metadata collection program from the documents provided by Edward Snowden, and it was the focus of debate surrounding the USA FREEDOM Act. E-mail metadata surveillance, however, wasn't part of that law. We learned the name of the program -- STELLAR WIND -- when it was leaked in 2004. But supposedly the NSA stopped collecting that data in 2011, because it wasn't cost-effective.

"The internet metadata collection program authorized by the FISA court was discontinued in 2011 for operational and resource reasons and has not been restarted," Shawn Turner, the Obama administration's director of communications for National Intelligence, said in a statement to the Guardian."

When Turner said that in 2013, we knew from the Snowden documents that the NSA was still collecting some Americans' Internet metadata from communications links between the US and abroad. Now we have more proof. It turns out that the NSA never stopped collecting e-mail metadata on Americans. They just cancelled one particular program and changed the legal authority under which they collected it.

The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the N.S.A.'s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court.


The N.S.A. had long barred analysts from using Americans' data that had been swept up abroad, but in November 2010 it changed that rule, documents leaked by Edward J. Snowden have shown. The inspector general report cited that change to the N.S.A.'s internal procedures.

The other replacement source for the data was collection under the FISA Amendments Act of 2008, which permits warrantless surveillance on domestic soil that targets specific noncitizens abroad, including their new or stored emails to or from Americans.

In Data and Goliath, I wrote:

Some members of Congress are trying to impose limits on the NSA, and some of their proposals have real teeth and might make a difference. Even so, I don't have any hope of meaningful congressional reform right now, because all of the proposals focus on specific programs and authorities: the telephone metadata collection program under Section 215, bulk records collection under Section 702, and so on. It's a piecemeal approach that can't work. We are now beyond the stage where simple legal interventions can make a difference. There's just too much secrecy, and too much shifting of programs amongst different legal justifications.

The NSA continually plays this shell game with Congressional overseers. Whenever an intelligence-community official testifies that something is not being done under this particular program, or this particular authority, you can be sure that it's being done under some other program or some other authority. In particular, the NSA regularly uses rules that allow them to conduct bulk surveillance outside the US -- rules that largely evade both Congressional and Judicial oversight -- to conduct bulk surveillance on Americans. Effective oversight of the NSA is impossible in the face of this level of misdirection and deception.

Planet DebianCarl Chenet: db2twitter: Twitter out of the browser

You have a database, a tweet pattern and wants to automatically tweet on a regular basis? No need for RSS, fancy tricks, 3rd party website to translate RSS to Twitter or whatever. Just use db2twitter.

db2twitter is pretty easy to use!  First define your Twitter credentials:


Then your database information:


Then the pattern of your tweet, a Python-style formatted string:

tweet={} hires a {}{}

Add db2twitter in your crontab:

*/10 * * * * db2witter db2twitter db2twitter.ini

And you’re all set! db2twitter will generate and tweet the following tweets:

MyGreatCompany hires a web developer
CoolStartup hires a devops skilled in Docker

db2twitter is developed by and run for, the job board of th french-speaking Free Software and Opensource community.


db2twitter also has cool options like;

  • only tweet during user-specified time (e.g 9AM-6PM)
  • use user-specified SQL filter in order to get data from the database (e.g only fetch rows where status == « edited »)

db2twitter is coded in Python 3.4, uses SQlAlchemy (see supported database types) and  Tweepy. The official documentation is available on readthedocs.

Sociological ImagesWomen and the making of holidays

I don’t know for sure what holidays are like at your house, but if they resemble holidays at my house, and most houses in the US, women do almost all of the holiday preparation: decorating, gift buying and wrapping, invitations, neighborhood and church activities, cooking, cooking, more cooking, and cleaning.

Holidays are moments in the year when women, specifically, have extra responsibilities. I distinctly remember my own beloved stepmother telling me — stress making her voice taut — that she just wanted everyone to have a nice Thanksgiving. She would work herself silly to do and have all the right things so that everyone else would have a good time. Multiple this by 10 at Christmas.

This Bed, Bath, & Beyond ad, sent in by Jessica E. and Jessica S., reminded me of the crazy workload that accompanies holidays for women:

Picture_1Alone with the responsibility of making a holiday for everyone else, the woman manages to mobilize technology and goods from BB&B to make it happen. Ironically, the text reads: “When you need a hand with holiday entertaining,” but actual human help in the form of hands is absent. Apparently it’s easier for women to grow five extra arms than it is to get kids and adult men to pitch in.

Anyhoo, be a peach and give your mom a hand this holiday season.

Originally published in 2009.

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

CryptogramPolicy Repercussions of the Paris Terrorist Attacks

In 2013, in the early days of the Snowden leaks, Harvard Law School professor and former Assistant Attorney General Jack Goldsmith reflected on the increase in NSA surveillance post 9/11. He wrote:

Two important lessons of the last dozen years are (1) the government will increase its powers to meet the national security threat fully (because the People demand it), and (2) the enhanced powers will be accompanied by novel systems of review and transparency that seem to those in the Executive branch to be intrusive and antagonistic to the traditional national security mission, but that in the end are key legitimating factors for the expanded authorities.

Goldsmith is right, and I think about this quote as I read news articles about surveillance policies with headlines like "Political winds shifting on surveillance after Paris attacks?"

The politics of surveillance are the politics of fear. As long as the people are afraid of terrorism -- regardless of how realistic their fears are -- they will demand that the government keep them safe. And if the government can convince them that it needs this or that power in order to keep the people safe, the people will willingly grant them those powers. That's Goldsmith's first point.

Today, in the wake of the horrific and devastating Paris terror attacks, we're at a pivotal moment. People are scared, and already Western governments are lining up to authorize more invasive surveillance powers. The US want to back-door encryption products in some vain hope that the bad guys are 1) naive enough to use those products for their own communications instead of more secure ones, and 2) too stupid to use the back doors against the rest of us. The UK is trying to rush the passage of legislation that legalizes a whole bunch of surveillance activities that GCHQ has already been doing to its own citizens. France just gave its police a bunch of new powers. It doesn't matter that mass surveillance isn't an effective anti-terrorist tool: a scared populace wants to be reassured.

And politicians want to reassure. It's smart politics to exaggerate the threat. It's smart politics to do something, even if that something isn't effective at mitigating the threat. The surveillance apparatus has the ear of the politicians, and the primary tool in its box is more surveillance. There's minimal political will to push back on those ideas, especially when people are scared.

Writing about our country's reaction to the Paris attacks, Tom Engelhardt wrote:

...the officials of that security state have bet the farm on the preeminence of the terrorist 'threat,' which has, not so surprisingly, left them eerily reliant on the Islamic State and other such organizations for the perpetuation of their way of life, their career opportunities, their growing powers, and their relative freedom to infringe on basic rights, as well as for that comfortably all-embracing blanket of secrecy that envelops their activities.

Goldsmith's second point is more subtle: when these power increases are made in public, they're legitimized through bureaucracy. Together, the scared populace and their scared elected officials serve to make the expanded national security and law enforcement powers normal.

Terrorism is singularly designed to push our fear buttons in ways completely out of proportion to the actual threat. And as long as people are scared of terrorism, they'll give their governments all sorts of new powers of surveillance, arrest, detention, and so on, regardless of whether those powers actual combat the actual threat. This means that those who want those powers need a steady stream of terrorist attacks to enact their agenda. It's not that these people are actively rooting for the terrorists, but they know a good opportunity when they see it.

We know that the PATRIOT Act was largely written before the 9/11 terrorist attacks, and that the political climate was right for its introduction and passage. More recently:

Although "the legislative environment is very hostile today," the intelligence community's top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, "it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement."

The Paris attacks could very well be that event.

I am very worried that the Obama administration has already secretly told the NSA to increase its surveillance inside the US. And I am worried that there will be new legislation legitimizing that surveillance and granting other invasive powers to law enforcement. As Goldsmith says, these powers will be accompanied by novel systems of review and transparency. But I have no faith that those systems will be effective in limiting abuse any more than they have been over the last couple of decades.

Worse Than FailureThe Guru and The Code

A logistics company isn’t the kind of company that invests heavily in IT, no matter how vital IT is for their business. That’s why Rich spent several years as the only developer. Most of his code was built to pick up data from one siloed turn-key system and dump it into a different one, or to integrate two in-house developed applications. On a bad day, he had to touch up the VBA <script src="" type="text/javascript"></script> macros in home-grown Excel spreadsheet someone in accounting had hacked together and had suddenly become “business critical”.

Guru teg bahadur.jpg
What a Guru might look like

Practically overnight, the logistics company hit an inflection point in its growth curve, and suddenly they were exploding. Revenue quintupled, new SBUs were created from thin air, and headcounts expanded accordingly. This, sadly, left Rich drowning in the flood of new requests. “I need help,” he told his management.

“We don’t have room for more IT hires, but we can bring on some contractors,” was the reply.

And thus appeared “Lunch Room Guy”. Lunch Room Guy was the new contractor from Initech. With the rapid expansion, they didn’t have any office space for contractors, so Lunch Room Guy was so named because that was where he sat. He immediately proved his utility by learning how to work the newfangled and overly complicated coffee machine. He was cheerful, enthusiastic and friendly. Eager to prove he was a good team player, he even went so far as to train others on how to use those coffee machines during his lunch hour.

The only problem with Lunch Room Guy was that he didn’t have all that much experience. “Well,” he admitted, “I’ve only got a few years experience with .NET, but my boss is a total guru. I can call on him anytime I get stuck, so it’ll be fine.”

A guru! How exciting! Based on the Initech’s track record, based on Lunch Room Guy’s enthusiastic demeanor, and based on their confidence in his Guru, Rich handed off a set of simple requirements for processing some XML-based data, and a little advice. “We’ve been using XLinq- Linq to XML- for doing XML processing. It works very well, but your boss is the Guru, so if he has other ideas, let me know.”

Requirements went in, and… something came out. Something that became known around the company as The Code. The Guru and Lunch Room Guy worked hard and communicated well. The users were kept in the loop, testing proceeded well, and the product got released into production without any issues. For the first few months, everything was smooth. The developer team kept growing to keep up with the business needs, and Lunch Room Guy was joined by Conference Room Gal #0, Conference Room Gal #1, and Broom Closet Jake.

As the company grew, the number of XML files hitting The Code also grew, and that’s when everything started to blow up. Invalid XML was coming out of The Code, or sometimes the data was just incomplete. The users were angry, the CIO was furious, and Lunch Room Guy and his Guru were busy on other projects, which meant Rich had to take a look at the code.

The first thing he noticed was that there was absolutely no logging at all. There was nothing that gave him a clue to how many files were processed, or how long the processing took, or if any errors occurred. Rich quickly added some timestamps to the process, and discovered that it was taking well over two hours to process the XML files- which was a problem, since the downstream job that consumed the XML ran every hour.

Rich dug deeper into the code, and found mysterious enumerated types declared like so:

Public Enum TableType1
&apostable name here
End Enum

Public Enum Columns
<snip 28 more>
End Enum

Lunch Room Guy’s code was starting to smell like a week old bologna sandwich. Especially when, a few lines later, Rich found this gem:

Public ReadOnly Property TableType() As String
Return _TableType.ToString
End Get
End Property

Public Sub SetTableType(ByVal TableType As GLEAN.Tables.HEADER.TableType1)
    _TableType = TableType
End Sub

Get the table type as a string, but set it using an Enum? That kind of mysterious logic could only make sense to the mind of a Guru. A little further down in the same file, Rich found more of the Guru’s handiwork…

Public Property Items(ByVal ColumnName As Columns) As Object
    Select Case ColumnName
        Case Columns.DAddress1
            Return _DAddress1
        Case Columns.DAddress2
            Return _DAddress2
        Case Columns.DCity
            Return _DCity
        Case Columns.DCountry
            Return _DCountry  
'snip 28 more cases
    End Select
End Get

Set(ByVal value As Object)
        Select Case ColumnName
            Case Columns.ScheduleId
                _ScheduleId = CInt(value)
            Case Columns.HeaderId
                _HeaderId = CInt(value)
            Case Columns.SchedNum
                _SchedNum = CInt(value)
            Case Columns.ShipWithRef
                If value.ToString.Length > 30 Then
                    _ShipWithRef = value.ToString.Substring(1, 30)
                    _ShipWithRef = value.ToString
                End If
                If _ShipWithRef.Trim = "" Then
                    _ShipWithRef = ""
                End If 
' snip 28 more cases
        End Select

    Catch ex As Exception

    End Try

End Set  
End Property

This coding “style” was replicated throughout the entire project. The constructor (well, actually the “Create” method, as the code didn’t use constructors) took 32 parameters. Pretty much every operation ran through a 32-branch Select/Case statement to decided what, exactly, to do. Exceptions were always caught and ignored. And this class represented just one section of the XML file- an XML file that was divided into 10 sections, each of which were backed with a database table ranging from 10–40 columns.

Rich sought out Lunch Room Guy for an explanation of what this garbage was.

“Oh, the Guru did all of the design and architecture,” he said. “It’s a really genius pattern, because it’s like using a database, but without actually using a database. It runs in memory, so it’s lightning fast! I’ve learned so much from the Guru.”

Rich blinked and backed away slowly. Lunch Room Guy wasn’t the only one who had learned from the Guru. Rich had learned two things. First, code reviews were not optional. Second, that there were times when the only option was to completely junk the existing code. Rich applied both of those lessons, and over the course of one long weekend, reimplemented his own solution. With a review from Conference Room Gal #2 and Broom Closet Jake, he released it into production.

It’s less than one-hundredth the number of lines of code, it runs in seconds, not hours, produces copious logging data, and has been chugging away with little more than minor changes ever since. To this day, even though Rich and his co-workers have moved on to other jobs and projects, they connect over social media and routinely discuss The Code, Lunch Room Guy, and what it truly means to be a Guru.

<link href="" rel="stylesheet"/> <script src=""></script> <script>hljs.initHighlightingOnLoad();</script>

[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet Linux News: LCA2016 Optiver Diversity Programme Announced 2016, in partnership with Optiver, are very proud to announce our diversity programme for 2016! LCA2016 and Optiver are proud to be able to support diversity in our community. The Optiver Diversity Programme is intended to ensure that continues to be a safe, open, and welcoming conference for everyone. Together with Optiver the programme has been developed to assist delegates from under-represented cohorts who contribute to the Open Source community but, without financial assistance, would not be able to attend LCA2016. For more information please see our Optiver Diversity Programme page

Planet DebianRhonda D'Vine: Salut Salon

I don't really remember where or how I stumbled upon this four women so I'm sorry that I can't give credit where credit is due, and I even do believe that I started writing a blog entry about them already somewhere. Anyway, I want to present you today Salut Salon. They might play classic instruments, but not in a classic way. But see and hear yourself:

  • Wettstreit zu viert: This is the first that I stumbled upon that did catch my attention. Lovely interpretation of classic tunes and sweet mixup.
  • Ievan Polkka: I love the catchy tune—and their interpretation of the song.
  • We'll Meet Again: While the history of the song might not be so laughable the giggling of them is just contagious. :)

So like always, enjoy!

/music | permanent link | Comments: 0 | Flattr this

Planet DebianMichal Čihař: Wammu 0.40

Yesterday, Wammu 0.40 has been released.

The list of changes is not really huge:

  • Correctly escape XML output.
  • Make error message selectable.
  • Fixed spurious D-Bus error message.
  • Translation updates.

I will not make any promises for future releases (if there will be any) as the tool is not really in active development.

Filed under: English Gammu Wammu | 0 comments

Krebs on SecuritySecurity Bug in Dell PCs Shipped Since 8/15

All new Dell laptops and desktops shipped since August 2015 contain a serious security vulnerability that exposes users to online eavesdropping and malware attacks. Dell says it is prepping a fix for the issue, but experts say the threat may ultimately need to be stomped out by the major Web browser makers.

d3llAt issue is a root certificate installed on newer Dell computers that also includes the private cryptographic key for that certificate. Clever attackers can use this key from Dell to sign phony browser security certificates for any HTTPS-protected site.

Translation: A malicious hacker could exploit this flaw on open, public networks (think WiFi hotspots, coffee shops, airports) to impersonate any Web site to a Dell user, and to quietly intercept, read and modify all of a vulnerable Dell system’s Web traffic.

According to Joe Nord, the computer security researcher credited with discovering the problem, the trouble stems from a certificate Dell installed named “eDellRoot.”

Dell says the eDellRoot certificate was installed on all new desktop and laptops shipped from August 2015 to the present day. According to the company, the certificate was intended to make it easier for Dell customer support to assist customers in troubleshooting technical issues with their computers.

“We began loading the current version on our consumer and commercial devices in August to make servicing PC issues faster and easier for customers,” Dell spokesperson David Frink said. “When a PC engages with Dell online support, the certificate provides the system service tag allowing Dell online support to immediately identify the PC model, drivers, OS, hard drive, etc. making it easier and faster to service.”

“Unfortunately, the certificate introduced an unintended security vulnerability,” the company said in a written statement. “To address this, we are providing our customers with instructions to permanently remove the certificate from their systems via direct email, on our support site and Technical Support.”

In the meantime, Dell says it is removing the certificate from all Dell systems going forward.

“Note, commercial customers who image their own systems will not be affected by this issue,” the company’s statement concluded. “Dell does not pre-install any adware or malware. The certificate will not reinstall itself once it is properly removed using the recommended Dell process.”

The vulnerable certificate from Dell. Image: Joe Nord

The vulnerable certificate from Dell. Image: Joe Nord

It’s unclear why nobody at Dell saw this as a potential problem, especially since Dell’s competitor Lenovo suffered a very similar security nightmare earlier this year when it shipped an online ad tracking component called Superfish with all new computers.

Researchers later discovered that Superfish exposed users to having their Web traffic intercepted by anyone else who happened to be on that user’s local network. Lenovo later issued a fix and said it would no longer ship computers with the vulnerable component.

Dell’s Frink said the company would not divulge how many computers it has shipped in the vulnerable state. But according to industry watcher IDC, the third-largest computer maker will ship a little more than 10 million computers worldwide in the third quarter of 2015.

Zakir Durumeric, a Ph.D. student and research fellow in computer science and engineering at the University of Michigan, helped build a tool on his site — — which should tell Dell users if they’re running a vulnerable system.

Durumeric said the major browser makers will most likely address this flaw in future updates soon.

“My guess is this has to be addressed by the browser makers, and that we’ll seem them blocking” the eDellRoot certificate. “My advice to end users is to make sure their browsers are up-to-date.”

Further reading:

An in-depth discussion of this issue on Reddit.

Dan Goodin‘s coverage over at Ars Technica.

Dell’s blog advisory.

Update, 1:15 a.m. ET: Added link to Dell’s instructions for removing the problem.


Planet Linux AustraliaDavid Rowe: SM2000 VHF Open Digital Voice Radio Part 1

For the last month I’ve been working hard on prototyping the SM2000 – an open source VHF radio. It’s purpose is to test some advanced VHF/UHF ideas I have for FreeDV.

The SM2000 will be a small box (like the SM1000), that contains a fully functional VHF SDR Digital Voice radio. It will run advanced open source Digital Voice modes, have a 1W power output and adequate tx/rx filtering for real-world operation on the 2M band. No Host PC required. Open Hardware and Software, price TBD but a few hundreds of $. It will also run analog FM but no modes with a proprietary codec.

Just yesterday I demonstrated demodulation of 1200 bits/s 2FSK at -135dBm, right in line with predicted performance.

This is an important milestone. Analog FM and first generation digital voice (D-star/DMR/C4FM and friends) fall over at about -120dBm. One of my aims is equivalent performance to these systems at 10dB lower. With completely open hardware and software.


I need custom RF hardware to develop and demonstrate VHF DV ideas I have formed over the past year. However I am not a RF expert, am just one guy, and have limited resources. So I will focus on those areas that I can uniquely contribute to. Choose my battles. In other areas (e.g. certain aspects of RF performance), I will just shoot for acceptable.

I have a similar approach to architecture. There are many ways to build a radio, and I have chosen one that suits me at this time. Feel free to warm up your soldering iron and substitute your own favourite.

What I care about:

  • I don’t trust any part of the modem being in hardware. This means software defined waveforms, and SSB style up and down conversion. Direct FM is out. And don’t get me started on data running through analog FM modems.
  • TDMA needs a “bare metal” uC for hard real time, so no OS. Host PC/USB peripheral type designs won’t work.
  • Functional demos of advanced features such as sub -130dBm Digital Voice, $100 TDMA repeater, diversity to handle multipath, low cost, open hardware and software.
  • No chip sets or SoCs. This is open source. I need control.
  • Don’t have to a tick all boxes first time around.

Less important:

  • Minimal cost
  • Sparkling RF performance in areas such as phase noise, IP3, blocking, ACR, high tx power, multi-band operation, low spurious, power consumption. The RF Gurus can do that better than me so I’ll leave it to them.
  • Gold plating – is the feature going to add to our schedule? Can anyone else implement it? Will it introduce risk? Who will step up to make it happen?

Your Suggestions Welcome

But I’ll probably ignore them. What I really want is your contribution. If you want your-favourite-must-have-feature to happen, step up and make it happen. Innovation is 1% inspiration and 99% perspiration. I get overwhelmed by well-meaning people with inspired ideas, and underwhelmed when I ask them to help implement those ideas.

Can you make my TODO list shorter, not longer? Now you have my attention.

Receiver Design

The receiver is a dual conversion superhet, with IFs at 10.7MHz and 24kHz. It is designed primarily for constant amplitude waveforms such as FSK, so does not have an AGC.

I used this Gain and Noise Spreadsheet as a tool to design the radio. It calculates cascaded NF, the NF of the ADC, and the gain required to get the MDS we need. I also have some sub-sections that I plug numbers into as I test, e.g. for NF calculations, and tuned circuit calculations. Very useful.

I haven’t designed the first BPF yet, but anticipate it will have a low loss (to maintain system NF), and a fairly broad response.

The PGA103 is a 0.5dB NF, 20dBm input IP3, 20dB gain block which sets up the overall receiver noise figure of 1.5dB. It’s major disadvantage is high power consumption (90mA at 5V), so I am considering a discrete transistor amplifier here.

The BPF near the mixer provides attenuation of out of band signals. Through a process of slightly mystified experimentation I have settled on a double tuned circuit:

Which has a response like this:

For reasons I do not understand (parasitic capacitive coupling?) changing the position of the coils relative to each other sets the position of the notches. I’ve set up the 60dB notch on the 126MHz image frequency. I’ve built it a couple of times with the same dimensions and the response is quite predictable. Each coil is 6 turns wound on a 1/4 inch drill bit, with a tap at half a turn for the 50 ohms input and output. The other end of each coil has a 12pF trimmer cap.

A Si5351 is employed for the local oscillators. For the purists I will include a Si570 option for the first LO. The RF switch for the two Si5351 outputs is to support diversity (two channel) reception. The radio can quickly shift to a channel a few hundred kHz away to receive a packet, effectively receiving on two frequencies at the same time.

I’m using a SBL-1 mixer but will move to an ADE-1. The RF Gurus tell me that termination of the IF port of the mixer is important. So I’m using a 15dB gain Termination Insensitive Amplifier (TIA) that presents a 50 ohm load to the mixer over a wide range of frequencies. I swept the TIA input using a return loss bridge and confirmed around 20dB return loss out to 300MHz (the sum of the LO and RF signals). The TIA has bandwidth of 50MHz which should effectively filter out the LO+RF IF signal.

A 10.7MHz 15kHz wide crystal filter attenuates off channel signals (47dB down at +/- 25kHz) and performs bandpass anti-aliasing filtering for the ADC. To get a nice flat response there is some impedance matching either side of the crystal filter.

I messed around with a few 2nd mixers (sub harmonic, discrete transistor, diode). I had some problems with noise when using a transistor mixer (LO injected into emitter, RF into base) which held me up for a few days. Then I tried a NE602 and it worked really well, and provides some gain. With a good Z-match on the input the 2nd mixer noise problem was gone. So that will do for now.

The baseband amp takes the 24 kHz IF and boosts it 50dB before feeding it to the uC ADC. It’s just two transistors with emitter degeneration to set the gain. The ADC is configured to sample at 96kHz, and upload samples to a Host PC via USB. I can then use a GNU Octave script (e.g. fsk_horus.m) to demodulate the FSK signal.


I am designing for test, e.g. using 50 ohm building blocks. This allows me to break out each section and test separately, for example sweeping the crystal filter, or driving the TIA with a 10.7MHz FSK signal, or measuring NF of a section.

I have been testing the Bit Error Rate (BER) performance from the very early building block stage. This measure neatly defines the performance of a digital radio. Much better to test BER early than wait for final integration and have dozens of problems to solve. We want to know as soon as possible if there is a problem.

This block diagram shows an example of testing from the IF down:

I modified the fsk_horus modem to support 1200 bit/s and a sample rate of Fs=96kHz. This is a well tested modem that has performance bang on ideal.

Component Selection

The radio is implemented with garden variety transistors, the most exotic parts being the ECS M15B crystal filter, SBL-1 mixer, PGA-103 LNA, and NE602. There are no transformers. I have used some toroids to wind my own inductors however these are not critical in terms of Q or tolerance and can be replaced with off the shelf parts.

There are three trimmer capacitors that need aligning with the use of a spectrum analyser. Although it may be possible to have an alignment mode, e.g. use the Si5351 to sweep a test signal, sample the signal and display a spectrum on a Host PC.

I used Manhattan style construction:

The two PCBs in the background are a STM32F4 Discovery board and an OpenRadio which I’m just using for it’s Si5351 outputs.

I didn’t even need a printed circuit board to prototype and reach the -135dBm performance milestone. This has allowed me to remove a large chunk of risk from the project very early on – a huge benefit.

I think it’s remarkable that with rough construction, no shielding, a poor layout to the STM32F4 ADC, I can demodulate such weak signals. I guess the engineering is subtle and not related to the physical appearance. It does go crazy when I key my HT next to it though!

When we do move to a PCB the same parts in surface mount packages will result in a nice compact design.

Next Steps

  • Build a 1W transmitter prototype. In particular deal with RF amplifiers and diode switching to make a TDMA transciever.
  • Testing of the receiver, e.g. other specs apart from MDS
  • Work with Rick, KA8BMA, to develop a Rev A prototype PCB version of the entire radio.
  • Lots of software work
  • The 1200 bit/s 2FSK modem has been used so far as it’s what I had lying around. For the final system I’m favouring 4FSK at 2400 bit/s which I estimate will work at -132dBm. So need to get 4FSK running soon.
  • Work towards functional demonstration of the project goals.

I haven’t planned any further forward. I’m not sure when a SM2000 product will emerge. Some time in 2016 I guess. Sooner if you help!

Command Lines

I’m documenting this here so I don’t forget.

Use fsk_horus to generate modem signal at Fs=96kHz. Use hackrf_uc.m to up-convert to IQ samples at Fs=10MHz for replay by the HackRF. hackrf_uc.m also adds a 700kHz offset (IQ designs have a black hole at DC).

For testing the IF we can then play a 10.7MHz signal from HackRF using:

/codec2-dev/octave$ hackrf_transfer -t -f 10000000 -a 1 -x 20

For testing at 146MHz input of the radio use:

~/codec2-dev/octave$ hackrf_transfer -t -f 145300000 -a 0 -x 15

Note the 700kHz offset.

In both cases adjust the -a and -x options and use an attenuator to get the level you want for testing. The level can be checked on a spec-an, although this gets tricky beneath -120dBm.

Simultaneously sample by flashing the STM32F4 Discovery with adc_rec_usb.elf, and then upload Fs=96kHz samples using:

~/codec2-dev/octave$ sudo dd if=/dev/ttyACM0 of=test.raw count=10000

Then demod using fsk_horus:

octave:109> fsk_horus
Fs: 96000 Rs: 1200 Ts: 80 nsym: 1200
demod of raw bits....
centre: 23976 shift: 1272 twist: -1.4 dB
coarse offset: 1192 nerrs_min: 25 next_state: 1
frames: 13 Tbits: 14400 Terrs: 2 BER 0.000 EbNo: 12.23

Here is a plot of the STM3F4 ADC with -135dBm at the rx input:

You can see the passband of the crystal filter – the internal noise from the radio front end passed through the filter creates the trapezoidal spectral shape at the input to the ADC. The two lines in the centre are the low and high FSK tones centered on the 24kHz IF, the hump of “noise” between them are part of the FSK signal. Not sure what that line around 17kHz is all about.

The lines on the far left are harmonics of the 1.2kHz interrupt service routine on the STM32F4. I cleaned most of this noise up with some power supply filtering, it was initially 20dB higher and all over the spectrum:

A little noise goes a long way with 100dB of gain.

Measuring Noise Figure with the Rigol DSA-815

After lots of reading on NF and a few false starts, I can now reliably measure noise figures, e.g. in my LNA, mixer, BPF, and IF amplifiers. For example the TIA amplifier is spec-ed at 5 dB and I measured 5.2dB. I have also measured the single (BPF in front) and double sided NF of the SBL-1 mixer and they were 3dB apart.

You need to have noise above the noise floor of the 815. With the 815 terminated in 50 ohms I measured -162dBm/Hz, which suggests a NF of 12dB. With gains of greater than 20dB on the device or system you are measuring, the numbers from the 815 start to make sense. So plan your tests such that the measured No is higher than -140dBm/Hz.

Here are the Rigol settings I use:

  1. Amplitude: attenuation 0dB. Pre-amp On
  2. BW/Det: sample
  3. Trace/P/F: Power average
  4. Marker Function: No function (to measure gain) Noise Marker (to measure No)

The procedure is: measure the gain G using a test signal, then switch the test signal off, terminate with 50 ohms, and measure No (noise power/Hz). NF = No – G + 174.

Here is my working for an earlier LNA-Mixer-IF amp combination:

Input power  -80.00
Output power -10.00
Gain          70.00
Noise pwr   -102.20  
NF             1.80

My design had a calculated NF of 1.3dB, so 1.8dB is reasonable given the 1.5dB accuracy of the 815. I have a spreadsheet setup so I can just plug the numbers in.


Mel K0PFX, and Jim, N0OBG for buying me the spec-an, which has been invaluable. Neil, VK5KA, for RF advice; John VK3IC and Craig VK3CDN for cables, test equipment, and RF advice; Matt, VK5ZM and Brady for bouncing ideas off; Glen English for RF guidance and in particular explaining ADC NF.

Brady pointed me at the DSP10 2M radio from 1999 which turns out is very similar to what I have come up with! Some very similar design decisions, and a useful example for me.

LongNowSupport Long Now while you shop Amazon this Holiday Season


This holiday season you can support Long Now while you shop on Amazon by listing us as your charity of choice for “AmazonSmile.” When you list us as your charity, .5% of the price of eligible products will be donated to us when you purchase them on Amazon.

To list us as your charity, follow our AmazonSmile link.

Thank you for all your support.

Planet DebianRiku Voipio: Using ser2net for serial access.

Is your table a mess of wires? Do you have multiple devices connected via serial and can't remember which is /dev/ttyUSBX is connected to what board? Unless you are a embedded developer, you are unlikely to deal with serial much anymore - In that case you can just jump to the next post in your news feed.

Introducting ser2net

Usually people start with minicom for serial access. There are better tools - picocom, screen, etc. But to easily map multiple serial ports, use ser2net. Ser2net makes serial ports available over telnet.

Persistent usb device names and ser2net

To remember which usb-serial adapter is connected to what, we use the /dev/serial tree created by udev, in /etc/ser2net.conf:

# arndale
7004:telnet:0:'/dev/serial/by-path/pci-0000:00:1d.0-usb-0:1.8.1:1.0-port0':115200 8DATABITS NONE 1STOPBIT
# cubox
7005:telnet:0:/dev/serial/by-id/usb-Prolific_Technology_Inc._USB-Serial_Controller_D-if00-port0:115200 8DATABITS NONE 1STOPBIT
# sonic-screwdriver
7006:telnet:0:/dev/serial/by-id/usb-FTDI_FT230X_96Boards_Console_DAZ0KA02-if00-port0:115200 8DATABITS NONE 1STOPBIT
The by-path syntax is needed, if you have many identical usb-to-serial adapters. In that case a Patch from BTS is needed to support quoting in serial path. Ser2net doesn't seems very actively maintained upstream - a sure sign that project is stagnant is a homepage still at This patch among other interesting features can be also be found in various ser2net forks in github.

Setting easy to remember names

Finally, unless you want to memorize the port numbers, set TCP port to name mappings in /etc/services:

# Local services
arndale 7004/tcp
cubox 7005/tcp
sonic-screwdriver 7006/tcp
Now finally:
telnet localhost sonic-screwdriver
^Mandatory picture of serial port connection in action

TED“Grandparents tell the best stories”: Get ready for the Great Thanksgiving Listen

Kara Masteller, 21, says that her grandfather James Kennicott always intimidated her when she was young. When she told him that in their StoryCorps interview, however, he laughed and said, “I’m a pretty soft guy.” Photo: Courtesy of StoryCorps

James Kennicott’s life advice for his granddaughter: “Just roll with it.” The two recorded an interview using the StoryCorps app while sitting in an Applebee’s parking lot. StoryCorps’ Dave Isay, the winner of the 2015 TED Prize, wants hundreds of thousands to interview a grandparent over Thanksgiving weekend. Photo: Courtesy of StoryCorps

When James Kennicott, now 86, was young, he loved ice-skating on the river near his home in Waterloo, Iowa. One day, the ice cracked under his feet and he plunged into the water below. He didn’t have hot water at home. So he broke into his school to take a hot shower.

“I think that says a lot about his childhood, that there was really no one there to help him get out of the water or keep him warm,” says his granddaughter Kara Masteller, 21.

Kara heard this story for the first time when she used the StoryCorps app — launched by StoryCorps founder Dave Isay with the 2015 TED Prize — to interview her grandfather. Because James didn’t want to talk at the senior community where he lives, the two drove to a local mall and recorded their interview while sitting in an Applebee’s parking lot. NPR highlighted their interview on Friday’s Morning Edition — the first interview recorded on the app to be broadcast in the weekly StoryCorps segment.

The interview serves an appetizer for the Great Thanksgiving Listen, StoryCorps’ mass movement to record the stories of a generation of elders over the coming holiday weekend. StoryCorps hopes that as many as 250,000 people will participate and ask a grandparent or family friend questions to unlock their experience.

On Google today, these words appear underneath the search bar: “Grandparents have the best stories. Record your grandparents’ story this Thanksgiving.” The thought links to an animation about the Great Thanksgiving Listen narrated by David Hyde Pierce of Frasier. “We can find wisdom and poetry all around us,” he says. “Help us make history.”

A new TED-Ed lesson released today also shows how taking part in the Great Thanksgiving Listen will add a fresh, first-person dimension to what exists in history books.

What if Anne Frank hadn’t kept a diary? What if no one could listen to Martin Luther King’s Mountaintop speech?” the lesson asks. “You can make history by recording it.”

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src=";rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Everyone is invited to participate in the Great Thanksgiving Listen. Download the StoryCorps app, choose your questions and follow the prompts. Then upload your interview at the Library of Congress, using the hashtag #TheGreatListen.

Planet DebianC.J. Adams-Collier: Regarding fdupes

Dear readers,

There is a very useful tool for finding and merging shared permanent storage, and its name is fdupes. There was a terrible occurrence in the software after version 1.51, however. They removed the -L argument because too many people were complaining about lost data. It sounds like user error to me, and so I continue to use this one. I have to build from source, since the newer versions do not have the -L option.

And so there you are. I recommend using it, even though this most useful feature has been deprecated and removed from the software. Perhaps there should be a fdupes-danger package in Debian?

CryptogramVoter Surveillance

There hasn't been that much written about surveillance and big data being used to manipulate voters. In Data and Goliath, I wrote:

Unique harms can arise from the use of surveillance data in politics. Election politics is very much a type of marketing, and politicians are starting to use personalized marketing's capability to discriminate as a way to track voting patterns and better "sell" a candidate or policy position. Candidates and advocacy groups can create ads and fund-raising appeals targeted to particular categories: people who earn more than $100,000 a year, gun owners, people who have read news articles on one side of a particular issue, unemployed veterans...anything you can think of. They can target outraged ads to one group of people, and thoughtful policy-based ads to another. They can also fine-tune their get-out-the-vote campaigns on Election Day, and more efficiently gerrymander districts between elections. Such use of data will likely have fundamental effects on democracy and voting.

A new research paper looks at the trends:

Abstract: This paper surveys the various voter surveillance practices recently observed in the United States, assesses the extent to which they have been adopted in other democratic countries, and discusses the broad implications for privacy and democracy. Four broad trends are discussed: the move from voter management databases to integrated voter management platforms; the shift from mass-messaging to micro-targeting employing personal data from commercial data brokerage firms; the analysis of social media and the social graph; and the decentralization of data to local campaigns through mobile applications. The de-alignment of the electorate in most Western societies has placed pressures on parties to target voters outside their traditional bases, and to find new, cheaper, and potentially more intrusive, ways to influence their political behavior. This paper builds on previous research to consider the theoretical tensions between concerns for excessive surveillance, and the broad democratic responsibility of parties to mobilize voters and increase political engagement. These issues have been insufficiently studied in the surveillance literature. They are not just confined to the privacy of the individual voter, but relate to broader dynamics in democratic politics.

Planet DebianLunar: Reproducible builds: week 30 in Stretch cycle

What happened in the reproducible builds effort this week:

Toolchain fixes

  • Markus Koschany uploaded antlr3/3.5.2-3 which includes a fix by Emmanuel Bourg to make the generated parser reproducible.
  • Markus Koschany uploaded maven-bundle-plugin/2.4.0-2 which includes a fix by Emmanuel Bourg to use the date in the DEB_CHANGELOG_DATETIME variable in the file embedded in the jar files.
  • Niels Thykier uploaded debhelper/9.20151116 which makes the timestamp of directories created by dh_install, dh_installdocs, and dh_installexamples reproducible. Patch by Niko Tyni.

Mattia Rizzolo uploaded a version of perl to the “reproducible” repository including the patch written by Niko Tyni to add support for SOURCE_DATE_EPOCH in Pod::Man.

Dhole sent an updated version of his patch adding support for SOURCE_DATE_EPOCH in GCC to the upstream mailing list. Several comments have been made in response which have been quickly addressed by Dhole.

Dhole also forwarded his patch adding support for SOURCE_DATE_EPOCH in libxslt upstream.

Packages fixed

The following packages have become reproducible due to changes in their build dependencies: antlr3/3.5.2-3, clusterssh, cme, libdatetime-set-perl, libgraphviz-perl, liblingua-translit-perl, libparse-cpan-packages-perl, libsgmls-perl, license-reconcile, maven-bundle-plugin/2.4.0-2, siggen, stunnel4, systemd, x11proto-kb.

The following packages became reproducible after getting fixed:

Some uploads fixed some reproducibility issues, but not all of them:

Vagrant Cascadian has set up a new armhf node using a Raspberry Pi 2. It should soon be added to the Jenkins infrastructure.

diffoscope development

diffoscope version 42 was release on November 20th. It adds a missing dependency on python3-pkg-resources and to prevent similar regression another autopkgtest to ensure that the command line is functional when Recommends are not installed. Two more encoding related problems have been fixed (#804061, #805418). A missing Build-Depends has also been added on binutils-multiarch to make the test suite pass on architectures other than amd64.

Package reviews

180 reviews have been removed, 268 added and 59 updated this week.

70 new “fail to build from source” bugs have been reported by Chris West, Chris Lamb and Niko Tyni.

New issue this week: randomness_in_ocaml_preprocessed_files.


Jim MacArthur started to work on a system to rebuild and compare packages built on using .buildinfo and

On December 1-3rd 2015, a meeting of about 40 participants from 18 different free software projects will be held in Athens, Greece with the intent of improving the collaboration between projects, helping new efforts to be started, and brainstorming on end-user aspects of reproducible builds.

Google Adsense[Infographic] Are you prepared for the busiest quarter of the year?

The holiday season is the busiest time of the year, with shoppers out in full force to gather their holiday gifts, round up their decorations, and treat themselves to something special. 2014 was a record-breaker in terms of ad spend, which goes to show just how important it is that your advertising is as targeted as possible, and that you’re fully prepared for the final, and most lively, quarter of the year.

Check out these stats and tips below which can help you be in tip-top form for the season:
(viewing from mobile? Download it here.)

Not yet an AdSense user? Sign up now!

Posted by Yigit Yucel
Marketing Communications Specialist

Krebs on SecurityHow to Enable Multifactor Security on Amazon

Amazon has added multi-factor authentication to help customers better secure their accounts from hackers. With this new feature enabled, thieves would have to know your username, password, and have access to your mobile device or impersonate you to your mobile provider in order to hijack your Amazon account. The security feature allows users to receive a one-time code via text message, automated phone call, or third-party app — such as Google Authenticator.

Step one of enabling multi-factor identification on your Amazon account.

Step one of enabling multi-factor identification on your Amazon account.

Multi-factor authentication, also often called “two-step” or “two factor” authentication, is a great way to improve the security of your various online accounts (where available). With multi-factor logins enabled, even if thieves somehow steal your account username and password they’ll still need access to the second factor — your mobile phone — to successfully hijack your account.

Users can instruct Amazon to “remember” each device, which disables future prompts for the second factor on that device going forward. If Amazon later detects a login attempt from a device it does not recognize as associated with that account, it will prompt for the code from the second factor — text message, voice call, or app (whichever you choose).

I’m not sure I succeeded the first time I tried to set up multi-factor authentication on Amazon. I signed in, clicked “Your Account,” and then under “Account Settings” clicked “Change Account Settings.” That page allowed me to add a mobile number by typing in a code that was sent to my mobile. But when I hit “Done” and went back to Amazon’s home page, I decided to revisit the page only to discover that there are two more steps needed to finish setting up multi-factor authentication.

In step two, Amazon asks for a backup phone number where users can receive text messages or voice calls, in case you don’t have access to the mobile device added in Step 1. The backup method also can be Google’s Authenticator App.

Step two of three for enabling multi-factor authentication on Amazon.

Step two of three for enabling multi-factor authentication on Amazon.

Step three just explains how it all works and allows users to skip future one-time codes on personal devices.

Step 3.

Step 3.

If you shop at Amazon, take a few minutes today to turn on multi-factor authentication for your account. While you’re at it, check out to see if multi-factor is available for other any online services you may use. Also, consider whether you’re able to beef up the security of the backup email accounts you use for your recovery address.

One final note: Receiving one-time codes by a third-party mobile app that does not require a working connection to the Internet — such as Google Authenticator — allows for fewer chances that your one-time codes could be diverted by attackers: Thieves can still call in to your Internet service provider or mobile provider, pretend to be you, and have your calls and/or texts forwarded to another number that they control.

Planet DebianJonathan Dowland: CDs should come with download codes

boxes of CDs & the same data on MicroSD

boxes of CDs & the same data on MicroSD

There's a Vinyl resurgence going on, with vinyl record sales growing year-on-year. Many of the people buying records don't have record players. Many records are sold including a download code, granting the owner an (often one-time) opportunity to download a digital copy of the album they just bought.

Some may be tempted to look down upon those buying vinyl records, especially those who don't have a means to play them. The record itself is, now more than ever, a physical totem rather than a media for the music. But is this really that different to how we've treated audio CDs this century?

For at least 15 years, I've ripped every CD I've bought and then stored it in a shoebox. (I'm up to 10 shoeboxes). The ripped copy is the only thing I listen to. The CD is little more than a totem, albeit one which I have to use in a relatively inconvenient ritual in order to get something I can conveniently listen to.

The process of ripping CDs has improved a lot in this time, but it's still a pain. CD-ROM drives are also becoming a lot more scarce. Ripping is not necessary reliable, either. The best tool to verify a rip is AccurateRip, a privately-owned database of track checksums. The private status is a problem for the community (Remember what happened to CDDB?) and is only useful if other people using an AccurateRip-supported ripper have already successfully ripped the CD.

Then there's things like CD pre-emphasis. It turns out that the Red Book standard defines a rarely-used flag that means the CD (or individual tracks) have had pre-emphasis applied to the treble-end of the frequency spectrum. The CD player is supposed to apply de-emphasis on playback. This doesn't happen if you fetch the audio data digitally, so it becomes the CD rippers responsibility to handle this. CD rippers have only relatively recently grown support for it. Awareness has been pretty low, so low that nobody has a good idea about how many CDs actually have pre-emphasis set: it's thought to be very rare, but (as far as I know) MusicBrainz doesn't (yet) track it.

So some proportion of my already-ripped CDs may have actually been ripped incorrectly, and I can't easily determine which ones without re-ripping them all. I know that at least my Quake computer game CD has it set, and I have suspicions about some other releases.

Going forward, this could be avoided entirely if CDs were treated more like totems, as vinyl records are, than the media delivering the music itself, and if record labels routinely included download cards with audio CDs. For just about anyone, no matter how the music was obtained, media-less digital is the canonical form for engaging with it. Attention should also be paid to make sure that digital releases are of a high quality: but that's a topic for another blog post.

Sociological ImagesThanksgiving, the first TV dinner

6a00d83451ccbc69e2010536215b89970bPre-prepared frozen meals pre-dated the Swanson “TV dinner,” but it was Swanson who brought the aluminum tray — previously only seen in taverns and airplanes — into the home.

They were motivated by opportunity and necessity. The necessity went something like this, or so the story goes: After the 1953 Thanksgiving holiday, Swanson found themselves up to their ears in turkey. They had overestimated demand, and there they were, with 260 tons of frozen turkey and the next bird holiday 364 days away. So, they slapped together a frozen turkey dinner, with peas and mashed potatoes, and held their breath.


The opportunity was the meteoric rise of living room television sets. In 1950, only 9% of American households had TVs. By 1953, 45% of households had one. The next year, that number would rise to 56%. Swanson’s overstock of turkeys occurred at exactly the same moment that owning a television became the new hot thing. So, Swanson tied their advertising directly to TV watching, inventing the phrase “TV dinner.”


Rumor is that Swanson wasn’t optimistic, but the dinners outsold their expectations. They planned to sell 5,000 turkey TV dinners that first year, in 1954, but they ended up selling 10 million.

So, if you celebrate Thanksgiving and are eating a TV dinner tonight instead of a whole bird, know that you, too, are part of a true American tradition.

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

Planet DebianGergely Nagy: Keyboard updates

Last Friday, I compiled a list of keyboards I'm interested in, and received a lot of incredible feedback, thank you all! This allowed me to shorten the list considerably, two basically two pieces. I'm reasonably sure by now which one I want to buy (both), but will spend this week calming down to avoid impulse-buying. My attention was also brought to a few keyboards originally not on my list, and I'll take this opportunity to present my thoughts on those too.

The Finalists




  • Great design, by the looks of it.
  • Mechanical keys.
  • Open source hardware and firmware, thus programmable.
  • Thumb keys.
  • Available as an assembled product, from multiple sources.


  • Primarily a kit, but assembled available.
  • Assembled versions aren't as nice as home-made variants.


The keyboard looks interesting, primarily due to the thumb keys. From the ErgoDox EZ campaign, I'm looking at $270. That's friendly, and makes ErgoDox a viable option! (Thanks @miffe!)

There's also another option, FalbaTech, which ships sooner, I can customize the keyboard to some extent, and Poland is much closer to Hungary than the US. With this option, I'm looking at $205 + shipping, a very low price for what the keyboard has to offer. (Thanks @pkkolos for the suggestion!)

Keyboardio M01

Keyboardio Model 01


  • Mechanical keyboard.
  • Hardwood body.
  • Blank and dot-only keycaps option.
  • Open source: firmware, hardware, and so on. Comes with a screwdriver.
  • The physical key layout has much in common with my TypeMatrix.
  • Numerous thumb-accessible keys.
  • A palm key, that allows me to use the keyboard as a mouse.
  • Fully programmable LEDs.
  • Custom macros, per-application even.


  • Fairly expensive.
  • Custom keycap design, thus rearranging them physically is not an option, which leaves me with the blank or dot-only keycap options only.
  • Available late summer, 2016.


With shipping cost and whatnot, I'm looking at something in the $370 ballpark, which is on the more expensive side. On the other hand, I get a whole lot of bang for my buck: LEDs, two center bars (tripod mounting sounds really awesome!), hardwood body, and a key layout that is very similar to what I came to love on the TypeMatrix.

I also have a thing for wooden stuff. I like the look of it, the feel of it.

The Verdict

Right now, I'm seriously considering the Model 01, because even if it is about twice the price of the ErgoDox, it also offers a lot more: hardwood body (I love wood), LEDs, palm key. I also prefer the layout of the thumb keys on the Model 01.

The Model 01 also comes pre-assembled, looks stunning, while the ErgoDox pales a little in comparsion. I know I could make it look stunning too, but I do not want to build things. I'm not good at it, I don't want to be good at it, I don't want to learn it. I hate putting things together. I'm the kind of guy who needs three tries to put together a set of IKEA shelves, and I'm not exaggerating. I also like the shape of the keys better on the Model 01.

Nevertheless, the ErgoDox is still an option, due to the price. I'd love to buy both, if I could. Which means that once I'm ready to replace my keyboard at work, I will likely buy an ErgoDox. But for home, Model 01 it is, unless something even better comes along before my next pay.

The Kinesis Advantage was also a strong contender, but I ended up removing it from my preferred options, because it doesn't come with blank keys, and is not a split keyboard. And similar to the ErgoDox, I prefer the Model 01's thumb-key layout. Despite all this, I'm very curious about the key wells, and want to try it someday.

Suggested options



Suggested by Andred Carter, a very interesting keyboard with a unique design.


  • Portable, foldable.
  • Active support for forearm and hand.
  • Hands never obstruct the view.


  • Not mechanical.
  • Needs a special inlay.
  • Best used for word processing, programmers may run into limitations.


I like the idea of the keyboard, and if it wouldn't need a special inlay, but used a small screen or something to show the keys, I'd like it even more. Nevertheless, I'm looking for a mechanical keyboard right now, which I can also use for coding.

But I will definitely keep the Yogitype in mind for later!

Matias Ergo Pro

Matias Ergo Pro


  • Mechanical keys.
  • Simple design.
  • Split keyboard.


  • Doesn't seem to come with a blank keys option, nor in Dvorak.
  • No thumb key area.
  • Neither open source, nor open hardware.
  • I have no need for the dedicated undo, cut, paste keys.
  • Does not appear to be programmable.


This keyboard hardly meets any of my desired properties, and doesn't have anything standing out in comparison with the others. I had a quick look at this when compiling my original list, but was quickly discarded. Nevertheless, people asked me why, so I'm including my reasoning here:

While it is a split keyboard, with a fairly simple design, it doesn't come in the layout I'd prefer, nor with blank keys. It lacks the thumb key area that ErgoDox and the Model 01 have, and which I developed an affection for.

Microsoft Sculpt Ergonomic Keyboard

Microsoft Sculpt


  • Numpad is a separate unit.
  • Reverse tilt.
  • Well positioned, big Alt keys.
  • Cheap.


  • Not a split keyboard.
  • Not mechanical.
  • No blank or Dvorak option as far as I see.


This keyboard does not buy me much over my current TypeMatrix 2030. If I'd be looking for the cheapest possible among ergonomic keyboards, this would be my choice. But only because of the price.

Truly Ergonomic Keyboard

Truly Ergonomic Keyboard


  • Mechanical.
  • Detachable palm rest.
  • Programmable firmware.


  • Not a split keyboard.
  • Layouts are virtual only, the printed keycaps stay QWERTY, as far as I see.
  • Terrible navigation key setup.


Two important factors for me are physical layout and splittability. This keyboard fails both. While it is a portable device, that's not a priority for me at this time.

Worse Than FailureCodeSOD: Confession: The Coin-Flip Hash

There are certain problems in computing that you generally shouldn’t tackle unless you’re planning to make it your life’s work. Don’t write your own date handling logic. Don’t write your own encryption. If you do, you’ll probably screw it up, so use something developed by someone who knows what they are doing.

Handling passwords is a subset of encryption, in many ways. Samuel sends this to us as a confession- he hopes to unburden himself of his sins. It’s bad enough that he’s passing passwords in the clear, but he goes a step farther:

        if( ($r==0 && md5($_POST["pass"])=="7e843964cca0fe3c3adc1d3f8605554b") || ($r==1 && sha1($_POST["pass"])=="92f5d9410b62c8a35da15d64cacce9db13d15277") ){
                //render successful login content, set cookie
                //render login error
        //render "no password" error

If the user has supplied a password, this utterly bizarre logic will flip a coin. Based on the flip, it will compare the hash of the input password using either MD5 or SHA–1, and for bonus points, the hashes are hard-coded in, which I guess “solves” the problem of storing them someplace.

One of Samuel’s co-workers spotted this, saw his name on the commit, and asked him, “What were you thinking?”

Samuel could only answer, “I wasn’t.”

<link href="" rel="stylesheet"/> <script src=""></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet DebianJonathan Dowland: On BBC 6 Music

Back in July I had a question of mine read out on the Radcliffe and Maconie programme on BBC 6 Music. The pair were interviewing Stephen Morris of New Order and I took the opportunity to ask a question about backing vocals on the 1989 song "Run2". Here's the question and answer (318K MP3, 21s):

Planet DebianThomas Goirand: OpenStack Liberty and Debian

Long over due post

It’s been a long time I haven’t written here. And lots of things happened in the OpenStack planet. As a full time employee with the mission to package OpenStack in Debian, it feels like it is kind of my duty to tell everyone about what’s going on.

Liberty is out, uploaded to Debian

Since my last post, OpenStack Liberty, the 12th release of OpenStack, was released. In late August, Debian was the first platform which included Liberty, as I proudly outran both RDO and Canonical. So I was the first to make the announcement that Liberty passed most of the Tempest tests with the beta 3 release of Liberty (the Beta 3 is always kind of the first pre-release, as this is when feature freeze happens). Though I never made the announcement that Liberty final was uploaded to Debian, it was done just a single day after the official release.

Before the release, all of Liberty was living in Debian Experimental. Following the upload of the final packages in Experimental, I uploaded all of it to Sid. This represented 102 packages, so it took me about 3 days to do it all.

Tokyo summit

I had the pleasure to be in Tokyo for the Mitaka summit. I was very pleased with the cross-project sessions during the first day. Lots of these sessions were very interesting for me. In fact, I wish I could have attended them all, but of course, I can’t split myself in 3 to follow all of the 3 tracks.

Then there was the 2 sessions about Debian packaging on upstream OpenStack infra. The goal is to setup the OpenStack upstream infrastructure to allow packaging using Gerrit, and gating each git commit using the usual tools: building the package and checking there’s no FTBFS, running checks like lintian, piuparts and such. I knew already the overview of what was needed to make it happen. What I didn’t know was the implementation details, which I hoped we could figure out during the 1:30 slot. Unfortunately, this didn’t happen as I expected, and we discussed more general things than I wished. I was told that just reading the docs from the infra team was enough, but in reality, it was not. What currently needs to happen is building a Debian based image, using disk-image-builder, which would include the usual tools to build packages: git-buildpackage, sbuild, and so on. I’m still stuck at this stage, which would be trivial if I knew a bit more about how upstream infra works, since I already know how to setup all of that on a local machine.

I’ve been told by Monty Tailor that he would help. Though he’s always a very busy man, and to date, he still didn’t find enough time to give me a hand. Nobody replied to my request for help in the openstack-dev list either. Hopefully, with a bit of insistence, someone will help.

Keystone migration to Testing (aka: Debian Stretch) blocked by python-repoze.who

Absolutely all of OpenStack Liberty, as of today, has migrated to Stretch. All? No. Keystone is blocked by a chain of dependency. Keystone depends on python-pysaml2, itself blocked by python-repoze.who. The later, I upgraded it to version 2.2. Though python-repoze.what depends on version <= 1.9, which is blocking the migration. Since python-repoze.who-plugins, python-repoze.what and python-repoze.what-plugins aren’t used by any package anymore, I asked for them to be removed from Debian (see #805407). Until this request is processed by the FTP masters, Keystone, which is the most important piece of OpenStack (it does the authentication) will be blocked for migration to Stretch.

New OpenStack server packages available

On my presentation at Debconf 15, I quickly introduced new services which were released upstream. I have since packaged them all:

  • Barbican (Key management as a Service)
  • Congress (Policy as a Service)
  • Magnum (Container as a Service)
  • Manila (Filesystem share as a Service)
  • Mistral (Workflow as a Service)
  • Zaqar (Queuing as a Service)

Congress, unfortunately, was not accepted to Sid yet, because of some licensing issues, especially with the doc of python-pulp. I will correct this (remove the non-free files) and reattempt an upload.

I hope to make them all available in jessie-backports (see below). For the previous release of OpenStack (ie: Kilo), I skipped the uploads of services which I thought were not really critical (like Ironic, Designate and more). But from the feedback of users, they would really like to have them all available. So this time, I will upload them all to the official jessie-backports repository.

Keystone v3 support

For those who don’t know about it, Keystone API v3 means that, on top of the users and tenant, there’s a new entity called a “domain”. All of the Liberty is now coming with Keystone v3 support. This includes the automated Keystone catalog registration done using debconf for all *-api packages. As much as I could tell by running tempest on my CI, everything still works pretty well. In fact, Liberty is, to my experience, the first release of OpenStack to support Keystone API v3.

Uploading Liberty to jessie-backports

I have rebuilt all of Liberty for jessie-backports on my laptop using sbuild. This is more than 150 packages (166 packages currently). It took me about 3 days to rebuild them all, including unit tests run at build time. As soon as #805407 is closed by the FTP masters, all what’s remaining will be available in Stretch (mostly Keystone), and the upload will be possible. As there will be a lot of NEW packages (from the point of view of backports), I do expect that the approval will take some time. Also, I have to warn the original maintainers of the packages that I don’t maintain (for example, those maintained within the DPMT), that because of the big number of packages, I will not be able to process the usual communication to tell that I’m uploading to backports. However, here’s the list of package. If you see one that you maintain, and that you wish to upload the backport by yourself, please let me know. Here’s the list of packages, hopefully, exhaustive, that I will upload to jessie-backports, and that I don’t maintain myself:

alabaster contextlib2 kazoo python-cachetools python-cffi python-cliff python-crank python-ddt python-docker python-eventlet python-git python-gitdb python-hypothesis python-ldap3 python-mock python-mysqldb python-pathlib python-repoze.who python-setuptools python-smmap python-unicodecsv python-urllib3 requests routes ryu sphinx sqlalchemy turbogears2 unittest2 zzzeeksphinx.

More than ever, I wish I could just upload these to a PPA^W Bikeshed, to minimize the disruption for both the backports FTP masters, other maintainers, and our OpenStack users. Hopefully, Bikesheds will be available soon. I am sorry to give that much approval work to the backports FTP masters, however, using the latest stable system with the latest release, is what most OpenStack users really want to do. All other major distributions have specific repositories too (ie: RDO for CentOS / Red Hat, and cloud archive for Ubuntu), and stable-backports is currently the only place where I can upload support for the Stable release.

Debian listed as supported distribution on

Good news! If you go at you will see a list of supported distributions. I am proud to be able to tell that, after 6 months of lobbying from my side, Debian is also listed there. The process of having Debian there included talking with folks from the OpenStack foundation, and having Bdale to sign an agreement so that the Debian logo could be reproduced on Thanks to Bdale Garbee, Neil McGovern, Jonathan Brice, and Danny Carreno, without who this wouldn’t have happen.

Planet Linux AustraliaSam Watkins: sswam

I like the Chrome browser, but the memory usage is fscking ridiculous.

I have a slightly older computer at work, if I open 4 or more tabs in Chrome the computer will grind to a halt, and I gotta wait perhaps a few minutes for it to swap everything out then I can close the tabs. 150MB for a tab, that’s just way way way too much.

Personally I strongly dislike “virtual memory” in the sense of swapping to disk. I’d much rather get a (non-fatal) “out of memory” error than have the computer grind to a halt, which is what happens when a virtual memory computer goes a bit over its RAM. I don’t want to click a different window that I haven’t used for a while and have to wait for 3 minutes while the computer loads it from disk again and tries to figure out what to swap out. If we didn’t use swap, programmers (looking at you, Google) would be more careful not to waste memory.

Computers are not all that much more functional than they were in to 1990s, or even the 1980s, for regular office tasks such as wordprocessing and spreadsheets – and those computers although technically slower were actually more responsive in many cases because they did NOT grind to a halt due to swapping.


Planet Linux AustraliaOpenSTEM: The Robots Are Coming!

The first Mirobot v2 kits have arrived in Australia! Ben Pirt at Pirt Design & Technology in the UK has once again delivered a very neat product. OpenSTEM is the main distributor for Australia, because we regularly get in quite a few for schools and individual students anyhow.

Mirobot v2 box

Most of our Mirobots are extra special, because we get them un-soldered. That is, there are a few SMD (surface mounted) components, but other than that students (of all ages!) can do a bit of soldering! This is part of our Robotics Program, where Soldering and otherwise assembling a moving product from all the loose parts is a real enabler – so with the v2 coming out in pre-soldered form by default, we had a word with Ben to ensure that we can keep doing the great stuff with the classes!

This does mean that for every shipment we get, we need to prep a few extra bits before sending on the kits or using them in the classroom. So we’re working on that now for this first shipment. There’ll be more – if you want a kit (un-soldered or pre-soldered), do get your order in soon!


Planet Linux News: Crowd favourite Bacon to headline

Newly-appointed Director of Community at GitHub, Jono Bacon, will be one of four outstanding keynotes for in February 2016. Bacon, formerly Community Manager at Canonical - the company behind Linux distribution Ubuntu, and author of the best-selling ‘The Art of Community’, will deliver insights into building strong, effective, diverse and successful technical communities.

Bacon shared his enthusiasm for keynoting “I am absolutely delighted to be joining you all in Geelong in 2016. LCA is a cornerstone in the global Linux and Open Source movement and I am not only excited about speaking but also getting to know all the attendees at the event”, Bacon says.

Conference Director, David Bell, was thrilled to announce Mr Bacon as Keynote Speaker.

“Our theme for 2016 is ‘Life is better with Linux’ - and the strength of our Linux and open source communities contribute significantly to that aspiration. Robust, diverse, and inclusive communities happen by design, not accident, and Jono has done an enormous amount to shape that. It’s truly an honour to be able to host him in Geelong in February.”

One of the most respected technical conferences in Australia, Linux Conference Australia ( will make Geelong home between 1st-5th February 2016. The conference is expected to attract over 500 national and international professional and hobbyist developers, technicians and innovative hardware specialists, and will feature nearly 100 Speakers and presentations over five days. Deakin University’s stunning Waterfront Campus will host the conference, leveraging state of the art networking and audio visual facilities.

The conference delivers Delegates a range of presentations and tutorials on topics such as open source hardware, open source operating systems and open source software, storage, containers and related issues such as patents, copyright and technical community development.

Linux is a computer operating system, in the same way that MacOS, Windows, Android and iOS are operating systems. It can be used on desktop computers, servers, and increasingly on mobile devices such as smartphones and tablets.

Linux embodies the ‘open source’ paradigm of software development, which holds that source code – the code that is used to give computers and mobile devices functionality – should be ‘open’. That is, the source code should be viewable, modifiable and shareable by the entire community. There are a number of benefits to the open source paradigm, including facilitating innovation, sharing and re-use. The ‘open’ paradigm is increasingly extending to other areas such as open government, open culture, open health and open education.

Potential Delegates and Speakers are encouraged to remain up to date with conference news through one of the following channels;

  • Website:
  • Twitter: @linuxconfau, hashtag #lca2016
  • Facebook:
  • Google+:
  • Lanyrd:
  • IRC: on
  • Email:
  • Announce mailing list:

We warmly encourage you to forward this announcement to technical communities you may be involved in.

Jono Bacon Jono Bacon will be one of four keynotes for 2016 in Geelong

Planet Linux AustraliaBinh Nguyen: How Wasteful is the US DoD?, How Groundbreaking is the JSF?, and More

It's clear that I've been doing some digging of late with regards to US DoD and Intelligence spending. What's obvious is that large chunks of it are extremely wasteful but other parts are very underfunded which gives a very bad overall look to it. Some ex-defense/intelligence officials have stated that if they could run things more efficiently they could probably halve their spending and still get the same level of efficacy from their services. The main problems appear to be purchasing equipment that they don't need, repetition of programs/work, inadequate ovesight and corruption, lack of project management (whether in the defense or intelligence sector things seem to be caught very late in the game), high costs of ownership and/or research and development, overly ambitious programs, etc...

The following is a random sample of some of the US DoD's modern programs with some very rudimentary research regarding their status. Next to them is an indicator of whether they are likely on or off budget as well as status (in brackets)

- Bell V-22 Osprey Program (OVER BUT IN)
- Boeing Comanche (OVER AND CANCELLED)
- Ford Class Aircraft Carriers (OVER BUT IN)
- Apache Helicopter (OVER BUT IN)
- Seawolf class submarine (NOT ENOUGH INFO, LIKELY OVER)
- Virginia class submarine (UNDER COST AND IN)
- Zumwalt Class Destroyer (OVER)
- B-1/XB-70 (OVER)
- Arleigh Burke Class (NOT ENOUGH INFO, LIKELY ON)

The other thing we should factor in is that even though the US may enjoy a qualitative (and quantitative) edge it's clear that they have security issues possibly owing to the size of some of their programs and some very odd issues which have cropped up in the security of some of their equipment. For instance, it's speculated that some of their drones may have been jammed/hacked...

What's muddying things further is that like other bureaucracies worldwide they also seem to be getting creative with regards to accounting. It's very difficult to get a good idea of what things are like when they're trying to cover things up the way things are rather than how they're likely to be. If you're shifting money to make things look like things are working out okay you know that a program is in trouble. We could put some of this this down to 'Black Ops' but if what you see on the open is true it's likely that what you see behind the veil is also true... which means that the guesstimate by some ex-defense/intelligence staff that you see in the media makes sense (of halving the budget but maintaining the same capability)

As I've said previously a lot of what seems to be said in the marketing and advertising about the F-35 just seems rediculous. Moreover, if you know a bit or do a bit of research a lot of the new capabilities that the JSF is going to have (or is likely going to have) have already been trailed by the US and other defense forces around the globe. Seeing as though the program has been stripped back to meet a deadline I'm of the opinion that I'll believe it when I see it (there's just way too much spin doctoring at the moment for me to honestly believe that things are 'on track' in spite of what they say).  As for a break down of what I'm talking about let's take a look at some of the JSF's much vaunted capabilities...
- as I've said previously does anyone notice something vaguely familiar between the Yak-141 and the F-35? Apparently, after economic issues in the USSR they decided to cut their losses with regards to this program. Lockheed Martin engaged in joint research and also experimented with technology that was possibly later used in the F-35 and F-22 (thrust vectoring, lift off system (the Yak-141 has a different style of of system to achieve SVTOL but similar. They gave up on a dual engine configuration because of instability during takee off and landing. They also had experimented with different engine layouts and materials such as composites, flat nozzles, etc...). What is it that they say? Good artists create, great artists steal? (not having a go at the US just the marketing/hype is just so frustrating. Russia/China also just as guilty with regards to 'industrial espionage') Japan's F-2 (ground breaking AESA RADAR and work with composites) along with the Russia's Yak-141 probably gave the US the core of the F-22 and F-35 progams
- extended supercruise cababilities have been around for more than half a century
- LPI capabilities been around for quite a while. While they may have been crude they've existed
- it has been said that that helmet mounted targeting and cueing and HOBS is revolutionary but has been present for decades (though likely in a less advanced form)
- sensor fusion available in 4.5 gen fighters for a while now though in less advanced form. Likely to be upgraded in future
Sensor Fusion
- ceramic heat signature reduction experimentation on nozzles (look carefully at some of the pictures online. It's clear that the Russians have at least played around with this stuff before decades ago and other countries are likely the same...)
- sometimes I just wonder what the point of the JSF is? If the B/2LRS-B can penetrate unseen into enemy defenses and the JSF's EW capabilities are too weak that they require an escort (in the form of Growlers) the value for money aspect of the JSF goes out the window. What really peturbs me is this. One moment (sometimes the same person in the same conversation) they say the JSF is self-escorting. The next minute they say they have to travel with EW aircraft. If that's the case why don't you just run the LRS-B with Growlers... or just upgrade/increase the number of F-22's in the fleet (unless they also have serious running problems?)
Buying Growlers instead of Lightnings
- stealth has definitely been around for a long time with experiments being developed by many nations prior to the US. The one thing I will give the F-22/F-35 programs are that they represent a jump in capabilities. How much of a jump is yet to be determined. I'd like to say I could make a recommendation of countries who are able to make a genuine attempt at this at an economical cost but it doesn't seem possible. Every single country that has attempted to gain 5th Gen capabilities has basically ended up in cost overruns. They're so expensive that you're struggling to cover all of your own airspace. The best choice for construction would likely be a joint venture in a high/low configuration. Namely, one group does the research/design (or has a advantage here) while others supply cheap labour and materials... Ironically, many of the decent/obvious options here have already been taken, India/Russia, US/Allies, etc... (China is one of the obvious one's out but they've probably gained a huge leg up with regards to industrial espionage of US technology)
Stealth Fighter - Hitler's Secret Weapons Recreated | Greatest Mysteries of World War II | 720p
Inside the Stealth B2 Bomber - Military Documentary
Symposium: Integrating Innovative Airpower 
- at the moment it's clear that other defense manufacturers can smell, "blood in the water". Moreover, there are too many SLEP, review programs at the moment to honestly say that out and out that the JSF is out of the woods with regards to research and development. Auditing and other reporting is being covered up through media hype (truth is in audit reports while 'spin' is healthy in media). Creative accouting possibly being used. Like I said, I'll believe it when I see it... As far as I'm concerned concurrency is basically disguising development and the true cost of the program (a lot of the cost savings that they're finding with regards to lubricants, different coatings, etc... they should have found earlier). If they had of been kept separate somewhat we would have a better understanding of what the true cost of development and production will ultimately be...
Why is the UK treating the F-35 like a 2nd tier Fighter?

- RAM upgrade on a Macbook Unibody

- diagnostic boot command options on statup for Mac OS X
Startup key combinations for Mac

- accessing HFS filesystems from Linux and Windows

- creating DMG files and bootable USB flash drives

- hard drive upgrades on a from Macbook Unibody

- Verbatim seem to use standard SATA based drives (not soldered USB PCB options) in their enclosures. A good option if you can find a good deal. Reputation of some of their internal drives seems a little dodgy though...

- The V-22's development process has been long and controversial, partly due to its large cost increases,[51] some of which are caused by the requirement to fold wing and rotors to fit aboard ships.[52] The development budget was first planned for $2.5 billion in 1986, which increased to a projected $30 billion in 1988.[33] By 2008, $27 billion had been spent on the program and another $27.2 billion was required to complete planned production numbers.[26] Between 2008 and 2011, the estimated lifetime cost for maintaining the V-22 grew by 61 percent, mostly allocated to maintenance and support.[53]

    Its [The V-22's] production costs are considerably greater than for helicopters with equivalent capability—specifically, about twice as great as for the CH-53E, which has a greater payload and an ability to carry heavy equipment the V-22 cannot... an Osprey unit would cost around $60 million to produce, and $35 million for the helicopter equivalent.
    — Michael E. O'Hanlon, 2002.[54]
- The V-22 Osprey program has become the largest scandal in US military history.  Stubborn Marine Corps Generals refuse to admit that dedication and political influence cannot overcome the laws of physics which have proven the complex tilt-rotor design flawed and ultra-expensive.  Details can be found in the seven previous G2mil articles about the V-22, which reveal blatant lies about the V-22's performance.  This article will cover the V-22's soaring cost, $96.2 million for each MV-22 this year, while the FY2005 defense budget request boosts the price 19% to $114.8 million per aircraft. The US Air Force requests three similar CV-22s in FY2005 for $443.0 million; or a unit cost of $147.7 million each.  If the $395.4 million requested in FY2005 for V-22 research, development, evaluation and testing is included in this buy of 11 V-22s, the total cost of each V-22 is $159.7 million.

     The US Army has lost 41 helicopters over Iraq and Afghanistan this past year, with another 24 so badly damaged they are likely to be scrapped.  This is proof that employing ultra-expensive V-22s over combat zones is unwise, especially since they are larger than any helicopter in the US inventory. The V-22 weighs twice as much and costs four times more than helicopters with comparable abilities.  For example, the Navy's FY2005 budget requests 15 MH-60S helicopters for $400.8 million; or a unit cost of $26.7 million each. This helo weighs one-third as much as the V-22, but can pick up nearly the same payload. It has room for 13 combat equipped Marines, compared to 18 for the V-22.  If Congress canceled the V-22 and diverted its $1756.5 million FY2005 request to buy MH-60Ss, this could provide 67 modern helicopters for the Corps, which can also carry machine guns, rockets, and Hellfire missiles, unlike the V-22.
- A day before the offer's expiration, both Lockheed Martin and Austal USA received Navy contracts for an additional ten ships of their designs; two ships of each design being built each year between 2011 and 2015. Lockheed Martin's LCS-5 had a contractual price of $437 million, Austal USA's contractual price for LCS-6 was $432 million. On 29 December 2010, Department of Navy Undersecretary Sean Stackley noted that the program was well within the Congressional cost cap of $480 million per ship. The average per-ship target price for Lockheed ships is $362 million, Stackley said, with a goal of $352 million for each Austal USA ships. Government-furnished equipment (GFE), such as weapons, add about $25 million per ship; another $20 million for change orders, and "management reserve" is also included. Stackley declared the average cost to buy an LCS should be between $430 million and $440 million.[103] In the fiscal year 2011, the unit cost was $1.8 billion and the program cost $3.7 billion.[104]
- Requiring 1,000 fewer crew members and 30 per cent less maintenance over its 50-year lifespan, the Ford is said to let the US Navy save $4 billion.

While the Navy praises this as another significant advantage, critics say, the cost of building the ship has already skyrocketed.  With the carrier now 70 per cent complete, construction costs are about 22 per cent over the over the scheduled budget. 

The high price still will not guarantee that after it is commissioned in 2016 the carrier will not face “significant reliability shortfalls”, as the Government Accountability Office, an investigative arm of Congress, said in September.

This may limit the ship's mission effectiveness and increase the government’s costs even more.
- “No one on this planet knows what inflation will be in, say, just six months time, but the Department of Defense seems to think they do,” said renowned military expert Winslow Wheeler, director of the Straus Military Reform Project, started in 2005. “The Pentagon plays this game all the time. It’s a typical example of how they manipulate long-term projections to make programs go down smoother.”
- Members of Congress have repeatedly criticized the inflated costs, and in 2012 lawmakers essentially reset the program’s budget and made Lockheed responsible for future cost increases. But that still leaves a hefty cost for the Pentagon, which will continue paying for its share of expenses well into the second half of this century. Yet in its 2013 F-35 report, the Pentagon claims the project has come in within budget and that costs have been reduced -- by $15.1 billion in today’s economy, or $89.5 billion, according to its 2065 projections.

However, the 97-page report doesn’t mention that the annual savings for the years 2012 to 2013 are both based on projections through 2065, the end of the program’s life. Analysts often project future costs over the short term, and often they’re wrong  -- Wall Street analysts, for example, regularly miss month-to-month projections for jobs reports. Projections for the next fifty years would have to involve an unusual degree of speculation and a wide margin for error.
-In a 2014 article in Foreign Policy, Lewis recalled the history of dirty bombs. How Russia tinkered with the radiological weapons during the 1950s. And how, during the darkest days of the Korean War, with Chinese and North Korean troops threatening to overrun American forces, U.S. Army Gen. Douglas MacArthur proposed “sowing a band of radioactive cesium across Manchuria as a kind of ‘cordon sanitaire’ against the Chinese advance.”
- First off, this has nothing to do with the F-22, F-35, B-2 or anything else the US is currently flying. It will not make them obsolete, because this isn't a detection tech. The UHF frequencies aren't a particularly effective counter either, because the installations have to be really large just to be able to resolve something the size of an aircraft. You can't just run the noise through a statistical model to pop out a Raptor. Even if you could get some kind of signal, you wouldn't be able to tell if there was one or twenty. UHF has poor angular resolution due to the wavelength.

Second, even if you could detect a stealth aircraft from the ground, you still need a way to guide aircraft or missiles to it. Combat tests have shown that pilots that can *see* an F-22 can't lock their fighter on to it. Since UHF sets have to be large to have sufficient resolution, you can't fit one into a fighter, never mind a missile. Indeed, UHF antennas aren't even road-mobile. They're fixed installations right now.

Third, coatings are actually the LEAST important part of a stealth aircraft. First is shaping, second is how it flies. Third is substructure. Fourth is coatings. And the coatings in use are already broadband-absorbing, including being fairly effective against UHF. Yet that's insufficient for complete invisibility because the shaping is optimized for high band.

Now, having said all that, is this a big advance? Maybe. It depends not just on the tunability (which appears to be fantastic) but how much of the spectrum it can absorb at a given time. Passive coatings will absorb all high band frequencies at the same time. You need to do that because a modern AESA emitter is broadcasting (randomly) over a very wide range of frequencies. You have to block all of those simultaneously, otherwise you're going to get pinged the next time the emitter cycles to a frequency you aren't currently blocking. Which is going to happen multiple times a second.
- A speaker at the recent ASPI submarine conference made the observation that ‘no system was too beautiful’ for the Seawolfs. In other words, pursuit of the highest level of performance was given priority above any thought of economical production. The result was inevitable; the Seawolf entered into an F-22-like ‘death spiral’ of higher projected unit costs and lower projected build numbers. In the end only three were built, versus 29 planned, as the 1991 cost estimate was close to US$5 billion per boat in today’s dollars.
- In 2005, it was estimated to cost at least $8 billion excluding the $5 billion spent on research and development (though that was not expected to be representative of the cost of future members of the class).[13] A 2009 report said that Ford would cost $14 billion including research and development, and the actual cost of the carrier itself would be $9 billion.[52] The life-cycle cost per operating day of a carrier strike group (including aircraft) was estimated at $6.5 million in 2013 published by the Center for New American Security.[53]
- Lawmakers and others have questioned whether the Zumwalt-class costs too much and whether it provides the capabilities the U.S. military needs. In 2005 the Congressional Budget Office estimated the acquisition cost of a DD(X) at $3.8–4.0bn in 2007 dollars, $1.1bn more than the navy's estimate.[76]

The National Defense Authorization Act For Fiscal Year 2007 (Report of the Committee On Armed Services House of Representatives On H.R. 5122 Together With Additional And Dissenting Views) stated the following: "The committee understands there is no prospect of being able to design and build the two lead ships for the $6.6 billion budgeted. The committee is concerned that the navy is attempting to insert too much capability into a single platform. As a result, the DD(X) is now expected to displace over 14,000 tons and by the navy's estimate, cost almost $3.3 billion each. Originally, the navy proposed building 32 next generation destroyers, reduced that to 24, then finally to 7 in order to make the program affordable. In such small numbers, the committee struggles to see how the original requirements for the next generation destroyer, for example providing naval surface fire support, can be met."[citation needed]
- In February 2011, the USAF reduced its planned purchase of RQ-4 Block 40 aircraft from 22 to 11 in order to cut costs.[19] In June 2011, the U.S. Defense Department's Director, Operational Test and Evaluation (DOT&E) found the RQ-4B "not operationally effective" due to reliability issues.[20] In June 2011, the Global Hawk was certified by the Secretary of Defense as critical to national security following a breach of the Nunn-McCurdy Amendment; the Secretary stated: "The Global Hawk is essential to national security; there are no alternatives to Global Hawk which provide acceptable capability at less cost; Global Hawk costs $220M less per year than the U-2 to operate on a comparable mission; the U-2 cannot simultaneously carry the same sensors as the Global Hawk; and if funding must be reduced, Global Hawk has a higher priority over other programs."[21]

On 26 January 2012, the Pentagon announced plans to end Global Hawk Block 30 procurement as the type was found to be more expensive to operate and with less capable sensors than the existing U-2.[22][23] Plans to increase procurement of the Block 40 variant were also announced.[24][25] The Air Force's fiscal year 2013 budget request said it had resolved to divest itself of the Block 30 variant, however, the National Defense Authorization Act for Fiscal Year 2013 mandated operations of the Block 30 fleet through the end of 2014.[26] The USAF plans to procure 45 RQ-4B Global Hawks as of 2013.[1] Just before his release from ACC, Hostage said of the U-2's replacement by the drone that "The combatant commanders are going to suffer for eight years and the best they’re going to get is 90 percent".[27]

From 2010-2013, costs of flying the RQ-4 fell by more than 50%. In 2010, the cost per flight hour was $40,600, with contractor logistic support making up $25,000 per flight hour of this figure. By mid-2013, cost per flight hour dropped to $18,900, contractor logistic support having dropped to $11,000 per flight hour. This was in part due to higher usage, spreading logistics and support costs over a higher number of flight hours.[28]
- Iran’s story about the electronic ambush of America’s sophisticated drone, the RQ-170 Sentinel, is that their experts used their technology savvy to trick the drone into landing where the drone thought was its actual base in Afghanistan but instead they made it land in Iran. They used reverse engineering techniques that they had developed after exploring less sophisticated American drones captured or shot down in recent years. They were able to figure how to exploit a navigational weakness in the drone’s system. "The GPS navigation is the weakest point," the Iranian engineer told the newspaper.

Iranian electronic warfare specialists were able to cut off the communications link by jamming on the communications. The engineer said that they forced the drone into autopilot. That state is where “the bird loses its brain." The Iranians reconfigured the drone's GPS coordinates and they used precise latitudinal and longitudinal data to force the drone to land on its own. In doing so the Iranian team did not have to bother about cracking remote control signals and communications from a control center in the U.S., and the RQ170 suffered only minimal damage, according to the report.

Adding strength and credibility to that story were military experts saying that even a combat-grade GPS system is vulnerable to manipulation. According to a GPS expert at the University of New Brunswick in Canada, Richard Langley, it’s theoretically possible to take control of a drone by jamming.
- Top US officials said in 2009 that they were working to encrypt all drone data streams in Iraq, Pakistan, and Afghanistan – after finding militant laptops loaded with days' worth of data in Iraq – and acknowledged that they were "subject to listening and exploitation."

Perhaps as easily exploited are the GPS navigational systems upon which so much of the modern military depends.
- With privacy and state snooping politically sensitive issues in Germany, the BND was already the focus of a parliamentary inquiry in Berlin into the extent of its surveillance and its targeting guidelines. It was reported in May that, despite Mrs. Merkel’s anger, the agency was aware of and cooperated with the National Security Administration’s surveillance program based out of Germany.

If true, the scope of Germany’s spying program seems to be more closely aligned with U.S. intelligence programs than previously stated.

Separately, citing Germany’s far-reaching data protection laws, U.S. software giant Microsoft announced plans Wednesday to build data centers in the country in an attempt to shield customers from U.S. surveillance.

The tech giant said it will provide cloud services, including Azure and Office 365, from facilities in Magdeburg and Frankfurt.
- “He has to travel around the entire country for field guidance, so there always needs to be a personal restroom exclusively for the Suryeong [Supreme Leader] Kim Jong-un,” the source said. “It is unthinkable in a Suryeong-based society for him to have to use a public restroom just because he travels around the country.”
- "China makes it a practice to not get extended into military conflicts in the Middle East," Deputy National Security Adviser Ben Rhodes said at the White House press briefing on Thursday. "Their policy over years, if not decades, is to not be overextended in military exercises."

This echoes what foreign-policy experts have said about the likelihood of Chinese involvement in Syria.

"This is very far from China's fight," Bremmer told Business Insider earlier this week. "They don't want responsibility for it, there's no potential diplomatic or security win for Beijing."
- But Kuwait is fighting back. Volunteer organisation Kuwait Oasis is working to plant 315,000 trees along the country's borders by 2019 to hold back the moving sands.

A similar initiative in Mongolia's Kubuqi Desert reduced sandstorms from 80 a year to fewer than five. Both use Waterboxx plant incubators from Dutch startup Groasis Technologies. These collect water from the air at night via condensation and prevent its evaporation during the day, so each tree consumes 35 times less water than with standard irrigation.
- “If you listen to what the IRGC says they’re doing, they say they’re assisting the Syrian military and the [National Defense Forces militias] at various different levels in how to run hardware, to use artillery, to do tactics and logistics—everything from the tactical to the strategic,” says Afshon Ostovar, an Iran expert at the Center for Naval Analyses, a federally funded research and development center.

“It doesn’t make sense for [Quds Force] to be able to advise on everything,” says Ostovar. “You’re going to need various skills brought to bear and it doesn’t make sense to just bring your special forces Quds Force guys, who are trained in language, tradecraft and bomb-making, to teach a guy how to use a howitzer or how to integrate armor with infantry tactics.”
- Should it be selected, the F-35 will replace Denmark's aging F-16 aircraft with an affordable, sustainable, and highly capable fifth-generation aircraft. The F-35 program includes partners from nine countries – Australia, Italy, Canada, Denmark, Netherlands, Norway, Turkey, United Kingdom, and United States – as well as three foreign military sales customers – Israel, Japan, and South Korea

Multicut A/S has a modern factory delivering complex machined parts and subassemblies. It uses state-of-the-art production equipment in its lean manufacturing facility – including 9-axis mill-turn machine tools, as well as 5-axis vertical and 4-axis horizontal computer numerical controlled machines networked with robotic material handling systems.
Source: Pratt & Whitney
- True, Syria is not Vietnam. In fact, it could end up being much worse, not least because instead of two broadly definable camps with (relatively) defined strategic and tactical objectives, Syria's war involves dozens of local and regional actors with shifting allegiances and often unidentifiable strategies. As a result, Syria makes the three-dimensional chess played by superpowers back then look quaint.
- Congressmen in Brazil, one of the most violent countries in the world, are proposing to dramatically loosen restrictions on personal gun ownership, bringing the country much closer to the American right to bear arms.

The politicians say the measures are necessary to allow embattled citizens the right to defend themselves from criminals armed with illegal weapons. But opponents say the move will only increase the country’s toll of nearly 60,000 murders in 2014.
- Truth be told, no one knows how to deal with ISIS. Not Washington, not Paris and not Moscow. There isn’t a rulebook — but there is certainly a list of tried and tested failures that can inform our decision making. What is also clear is that this threat does demand solidarity among nations who should be able to put their minor differences aside to face a common threat.
- Syria, though, remains the potent drawcard for those trying to radicalise citizens from France or elsewhere. Combined with social media, the propaganda has been much more effective than during other conflicts.

For instance, during 2001-2012, only about 60-70 French citizens were known to have journeyed to fight in Pakistan and Afghanistan, the official said.

And unlike the 1990s, identifying potential radicals within mosques had become "a nightmare for intelligent services".

The would-be fighters were often "isolated individuals" who might be radicalised within just one month. About 20 to 30 per cent of the French citizens seeking to fight for IS were converts to Islam, he said.
- In a recent report on American public opinion and U.S. foreign policy, “Defending our allies’ security” ranked near the bottom of a list of foreign policy priorities. Judging from their rhetoric and military spending plans, protecting our allies is the top concern for many of the men and women aspiring for higher office.
- According to North Korean state media both countries declared 2015 a “year of friendship”  in order to commemorate “Korea’s liberation and the victory in the great Patriotic War in Russia.”  A North Korean delegation, led by Lieutenant General Choe Jang Sik, deputy head of the Korean People’s Army General Staff Operations Bureau, visited Moscow in August to discuss the possible participation of a North Korean team in the “2016 International Army Games,” annually hosted by the Russian Ministry of Defense (See: “Russia Beats China in This Year’s International Army Games”).
- “Lichtenstein ranks number 1 considering the rights its citizens enjoy outside its jurisdiction. This is far beyond popular immigration countries such as the US, which is ranked 34. The UAE scores relatively well in 26th position.”

In another ranking, Kochenov compared countries considering these rights internally as well as externally. Here, Germany topped the list of strongest passports, while the UAE ranked 63th out of the 199 countries compared.
- "IS has shown that when they suffer battlefield reverses, they try to do something that ensures they counter any perception they are losing strength."

Ingram believes the shift in strategy was most likely long planned. He says it dovetails with another core IS objective, to weaken "infidel" western states and prove that Muslims and those of other faiths can't coexist.

He notes a lengthy article from an edition of the IS propaganda magazine vowing the destruction of the "grayzone", its term for secular societies.

"IS is saying to Muslims you no longer have a choice. There is no grey zone. You now have a caliphate, you have your own world to return to.

"You can't live in the land of the kuffar, no matter how devout, and be a good Muslim. Even if you pray five times a day and fast.

To this end, Islamic State hopes there will be rise in Islamophobia in the West. It will reinforce its hateful ideology."
- “From 1990 to 2010, the Army began and then cancelled 22 major programs,” the article noted, “at an approximate cost of $1 billion per year starting in 1996 and rising as high as $3.8 billion per year after 2004.”
While the White House tried to distance itself from the idea of containment, a senior administration official said, “What we had in essence was a containment policy” based on the belief that efforts to counter the Islamic State’s ideology had to be led by Sunni Muslim states, with backup from the United States.

Yet Mr. Obama’s strategy was also based on intelligence assessments that the Islamic State was overextended and vulnerable to a cutoff in its oil and black-market revenues — and that, in the long war against extremism, there was still time to bolster the most capable local forces and bring Arab states to the fight.

“If Paris changes anything,” an American official said, “it’s the recognition that we can’t wait for those two events to happen, if they ever happen.”
- In Brussels, NATO dropped the flags of its 28 member nations to half staff to honor the French dead. NATO officials said that France so far has declined to invoke the alliance's Article 5, which would oblige all members to join its fight against the militants..

The only time Article 5 has ever been invoked was, at U.S. request, after the September 2001 al-Qaeda attacks.
- With the trade of stolen data booming on the multi billion-dollar dark web, Mr Pogue said "data is the new oil" yet Australia, like most countries, still has a "head-in-the-sand approach".

"It will get worse before it gets better," he told Fairfax Media. "The sooner decision makers understand that there are only three types of organisations – those that have been breached, those that are currently breached (and likely don't know it) and those that are about to the breached – the better."
- Mr Pogue, senior vice-president of cyber threat analysis with Australian data investigation company Nuix, said hackers were becoming more creative and more aggressive.

Most advertise their skills in hidden Russian-language forums. The stolen data is sold on encrypted "dark net" sites, with stolen credit card details fetching an average of $100.

The money is then funding other crimes, such as terrorism and people smuggling.

One dark-net site identified by Australian police recently was selling credit cards for 8¢, CCVs for $8 and other card details, such as billing addresses, for $80. At one point, 14,000 users were accessing the site.
- The renminbi is already, according to SWIFT, the fifth most-used payment currency in the world, helped by the rapid expansion of the country's middle class and its growing use of the internet for shopping.
- Experts noted that several factors may have been behind the failures in January: Security services are drowning in data, overwhelmed by the quantity of people and emails they are expected to track, and hampered by the inability to make pre-emptive arrests in democratic countries
- Bernard Bajolet, the head of the French spy service, spoke during a public appearance at George Washington University in Washington two weeks ago about the twin threats France was facing, both from its own extremists and "terrorist actions which are planned (and) ordered from outside or only through fighters coming back to our countries."

General warnings about potential attacks from Iraqi intelligence or other Middle Eastern intelligence services are not uncommon, the official said. The French were already on high alert.

"During the last month we have disrupted a certain number of attacks in our territory," Bajolet said. "But this doesn't mean that we will be able all the time to disrupt such attacks."

Obtaining intelligence about the Islamic State group has been no easy feat given difficulties accessing territory held by the radical Sunni group. Iraqi agencies generally rely on informants inside the group in both Iraq and Syria for information, but that is not always infallible. Last year, reports from Iraqi intelligence officials and the Iraqi government that al-Baghdadi was injured were later denied or contradicted.
- The Prime Minister told Radio 4's Today programme: "The disagreement has been that we think that Assad should go at once and obviously Russia has taken a different view.

"We have to find a settlement where Assad leaves and there is a government that can bring Syria together and we mustn't let the gap between us be the alter on which the country of Syria is slaughtered.

"That is the challenge. Now that is going to take compromises."

Mr Cameron's talks with Mr Putin will be followed by a meeting of the Quint - an informal group of Western powers within the G20, made up of the UK, US, France, Germany and Italy - to assess progress and discuss how further efforts on Syria can be co-ordinated.
- What happened in Paris represented one shot in what could prove to be a long, painful battle that we cannot win with the sword. It was tragic for sure, but also predictable. The French have discovered what some of us have predicted since the outset of the US-led campaign: rather than stemming terrorism, the air strikes in Iraq and Syria are creating new Sunni  jihadists in the region and abroad.
Make no mistake: Paris was a direct response to this war. According to Professor Robert Pape, a terrorism expert at the University of Chicago, the clear majority of culprits in the more than 2100 documented cases of suicide bombings from 1980 to 2009 were motivated by foreign intervention in the Middle East, not ideological or religious conviction. For example, the 2004 Madrid and 2005 London bombings were in response to the 2003 Iraq invasion. And the recent downing of the Russian airline over the Sinai was in response to President Vladimir Putin's air strikes in Syria.
- Officials believe the ISIS geek squad is teaching terrorists how to use encryption and communication platforms like Silent Circle, Telegram and WhatsApp.

Aaron F. Brantly said he and his colleagues at the U.S. Army-affiliated Combating Terrorism Center have found that Islamic State members use as many as 120 separate platforms, many of them encrypted, to communicate and share information. One of its most favored methods, he said, is a highly encrypted form of communication called Telegram.

"It essentially allows them to hide what they are discussing from people who aren't explicitly looking for it," especially law enforcement and intelligence agencies, Brantly said. "Obviously this is a major concern. … They are creating a space for themselves to operate independent of direct surveillance."
- The senior European counterterrorism official said that European authorities are gravely concerned and will meet this week to discuss the issue - though they are already becoming contentious with each other about their lack of options. Some are restricted by civil liberties concerns in their home countries, while others note that creating a "back door" in an electronic communication platform - meaning a way for governments to spy on messages in real time - also creates an opportunity for non-governmental groups to take a peek. When Greece put a "back door" in electronic communications passing through its territories, it was quickly exploited by hackers.

"I am waiting for somebody to show me a way we can do this that is guaranteed to be only used by the good guys," said Paul Rosenzweig, a cyber consultant and former deputy assistant secretary in the U.S. Department of Homeland Security. "But it is not person-specific. Anything that we can create can, and will, be cracked."
- The fundamentalist interpretation of Islam is not a common mode of thinking for most Muslims, especially in recent times. But it is clearly driving the political agenda in Muslim countries. Not all Muslim modernisers are willing to confront the anti-Western and anti-Semitic beliefs that feed the Islamist narrative. The Islamists are dominating the discourse within the Muslim world by murdering secularists and forcing many of them to leave their countries.

With more than 1.4 billion Muslims around the globe, the swelling of the fundamentalist ranks poses serious problems. If only 1 per cent of the world's Muslims accepts this uncompromising theology, and 10 per cent of that 1 per cent decide to commit themselves to a radical agenda, we are looking at a 1 million strong recruitment pool for groups such as al-Qaeda, IS and whatever comes next.

Only a concerted ideological campaign against medieval Islamist ideology, like the one that discredited and contained communism, could turn the tide.
- "It is not just my view, but the view of my closest military and civilian advisors that that would be a mistake," he said.

"Not because our military could not march into Mosul or Raqqa or Ramadi and temporarily clear out ISIL, but because we would see a repetition of what we've seen before which is if you do not have local populations that are committed to inclusive governance, and who are pushing back against ideological extremes that they resurface."

Instead he defended his administration's current strategy and vowed to intensify it – supporting opposition forces on the ground with training, weapons and intelligence while conducting an airstrikes from above.

He said only by finding a political solution to the war in Syria could the chaos be ended and IS stifled, and that there was finally agreement on this course.

"We have the right strategy and we are going to see it through."
- Like Akshaya Mishra of Firstpost states, the Taliban, al-Qaeda and the likes of Osama bin Laden would not have existed if the US didn’t actively promote ideology-driven thugs to fight its Cold War against Russia. "Iraq would not be such a dangerous place if the US had not brought down Saddam Hussein for no reason at all."

The West is in the danger of making the same mistakes in this new Cold War that it did in the original one and such discord will further the causes of such entities as the Islamic State. The focus should remain on rooting out terrorist groups, that no longer require a US or a Russia, or even financiers within the G-20 countries; they are pretty much self sufficient.
- Imagine if every time you typed “Netflix and chill” (that’s code for casual sex, for the uninitiated) into Tinder, the app slapped you on the wrist with a warning message.

That’s what happens for users of Tantan, a dating app that’s popular among randy Chinese. A pound-for-pound copy of Tinder, Tantan lets users make friends or meet potential partners by swiping left or right at a set of photos, and enabling two-way chat for every mutual match. While it might help facilitate one-night stands, Tantan is not immune to China’s internet censorship.
- We applaud people in the Arab Spring standing up and saying this is not right. But when it happens in Yarraville people say that we are yuppies.
- Others have pointed out that the F-35 is hardly the first maligned plane in U.S. history. The F-4 Phantom suffered the same slings and arrows, and went on to survive battle with the more nimble MiGs during Vietnam (though as with all military history this is hotly contested: A better plane would have performed better). Still, as FighterSweep put it: “It’s fun to trash the new kid, especially the new kid that’s overweight, wears too much bling, and talks about how awesome it is all the time.”
- In considering future adversaries, Chinese information warfare doctrine makes clear the requirement to attack US C4ISR systems, including satellites, from the outset or even prior to, any military conflict. This information warfare campaign will be fought in space, cyberspace and across the electromagnetic spectrum. The PLA sees the information battle-space as an integrated environment comprising both cyberspace and electronic warfare, and base their approach to these domains around the concept of Integrated Networked Electronic Warfare (INEW).

General Dai Qingmin, PLA, states that a key goal of the PLA’s approach to INEW is to disrupt the normal operation of enemy battlefield information systems, while protecting one’s own, with the objective of seizing information superiority. Therefore, winning in the air against the PLAAF may be determined as much by which side wins these information warfare campaigns, as through success in tactical beyond-visual range air to air engagements. Imagine no data links between the F-35s and the AWACS; AESA radars on an E-7A Wedgetail spoofed; ASAT attacks that bring down strategic communications or computer-network attacks that strike logistics or which jam GPS signals, and the first shots fired are not missiles but satellites silenced by computer hackers or ground-based jamming. Furthermore there will be an incentive to strike quickly and decisively, with an information ‘battle of the first salvo’ effect emerging. Without the flexibility bestowed by these systems, the F-35 pilot must rely on on-board sensor systems such as its AESA Radar and Electro-Optical Targeting System (EOTS) to detect, track and engage targets which increase the detectability of the aircraft and potentially bring the F-35 into the envelope of an opponent’s within visual range systems.
- The terrorist attacks in Paris, beyond their obvious horror, recalled to me the words of the late Bernard Fall, a French-American historian and war correspondent in Vietnam. In 1965, Fall wrote: “When a country is being subverted it is not being outfought; it is being out-administered. Subversion is literally administration with a minus sign in front.” ISIS has subverted western Iraq and eastern Syria because it is out-administering the Baghdad and Damascus regimes there. That is, ISIS has erected a competent bureaucratic authority covering everything from schools to waste removal which, combined as it is with repression, is secure and stable. And with that territorial security, ISIS has apparently created a central dispatch point for planning terrorist attacks abroad. Eventually, the end of ISIS can only come about when some other force out-administers it.
- The AH-64 played roles in the Balkans during separate conflicts in Bosnia and Kosovo in the 1990s.[92][93] During Task Force Hawk, 24 Apaches were deployed to a land base in Albania in 1999 for combat in Kosovo. These required 26,000 tons of equipment to be transported over 550 C-17 flights, at a cost of US$480 million.[94] During these deployments, the AH-64 encountered problems such as deficiencies in training, night vision equipment, fuel tanks, and survivability.[95][96] On 27 April 1999, an Apache crashed during training in Albania due to a failure with the tail rotor,[97] causing the fleet in the Balkans to be grounded in December 2000.[98]

In 2000, Major General Dick Cody, 101st Airborne's commanding officer, wrote a strongly worded memo to the Chief of Staff about training and equipment failures.[99] No pilots were qualified to fly with night vision goggles, preventing nighttime operations.[100] The Washington Post printed a front-page article on the failures, commenting: "The vaunted helicopters came to symbolise everything wrong with the Army as it enters the 21st century: Its inability to move quickly, its resistance to change, its obsession with casualties, its post-Cold War identity crisis".[101] No Apache combat missions took place in Kosovo due to fears of casualties.[100]
- In January 1968, the United Kingdom terminated its F-111K order,[109] citing higher cost; increased costs along with devaluation of the pound had raised the cost to around £3 million each.[110] The first two F-111Ks (one strike/recon F-111K and one trainer/strike TF-111K) were in the final stages of assembly when the order was canceled.[109] The two aircraft were later completed and accepted by the USAF as test aircraft with the YF-111A designation.[108]
- The program costs, during 1963–1967, grew at an alarming rate; estimates by the USAF at the start of the program was placed at US$124.5 million, but by April 1967 had risen to $237.75 million.[36] While the initial price of US$5.21 million per aircraft was capped at US$5.95 million, R&D, labor, and other costs were not.[37] The rising price, three unexplained losses of USAF F-111As in Vietnam during their first month of deployment, and the British and U.S. Navy's orders' cancellations caused further controversy in Australia during 1968.[38] By 1973, however, when the F-111A had accumulated 250,000 flight hours, it had the best safety record among contemporary aircraft, which presaged the F-111C's own excellent record.[39]
- WASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.
- Obama says he won't put boots on the ground. Does that mean the special forces will be going in with bare feet?

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-11-16 to 2015-11-22

Planet Linux AustraliaSteven Hanley: [mtb] Brinzio loop and Summit Fiore ride

Looking over from the observatory to the Fiore summit (fullsize)
Though I had headed out solo to ride Basso Binda on the first Sunday I was there this ride I got to do with some company until the last climb and get shown one of the classic loops in the region.

My first views of Lago Maggiore and then back through Brinzio, then when we got back to Varese I decided to solo climb up to the summit past the Campo di Fiore and into the snow that was still around from the falls on the weekend. A rather pretty area for sure.

Images in my gallery from the ride ETC, Varese, Brinzio, Lago Maggiore, Brinzio, Summit Fiore ride.


Planet DebianBálint Réczey: Wireshark 2.0 switched default UI to Qt in unstable

Wireshark With the latest release the Wireshark Project decided to make the Qt GUI the default interface. In line with Debian’s Policy the packages shipped by Debian also switched the default GUI to minimize the difference from upstream. The GTK+ interface which was the previous default is still available from the wireshark-gtk package.

You can read more about the new 2.0.0 release in the release notes or on the Wireshark Blog featuring some of the improvements.

Happy sniffing!

update: Wireshark 2.0.0 will be available from testing and jessie-backports in a week. Ubuntu users can already download binary packages from the Wireshark stable releases PPA maintained by the Wireshark Project (including me:-)).

Planet DebianJonathan McDowell: Updating a Brother HL-3040CN firmware from Linux

I have a Brother HL-3040CN networked colour laser printer. I bought it 5 years ago and I kinda wish I hadn’t. I’d done the appropriate research to confirm it worked with Linux, but I didn’t realise it only worked via a 32-bit binary driver. It’s the only reason I have 32 bit enabled on my house server and I really wish I’d either bought a GDI printer that had an open driver (Samsung were great for this in the past) or something that did PCL or Postscript (my parents have an Xerox Phaser that Just Works). However I don’t print much (still just on my first set of toner) and once setup the driver hasn’t needed much kicking.

A more major problem comes with firmware updates. Brother only ship update software for Windows and OS X. I have a Windows VM but the updater wants the full printer driver setup installed and that seems like overkill. I did a bit of poking around and found reference in the service manual to the ability to do an update via USB and a firmware file. Further digging led me to a page on resurrecting a Brother HL-2250DN, which discusses recovering from a failed firmware flash. It provided a way of asking the Brother site for the firmware information.

First I queried my printer details:

$ snmpwalk -v 2c -c public hl3040cn.local iso.
iso. = STRING: "MODEL=\"HL-3040CN series\""
iso. = STRING: "SPEC=\"0001\""
iso. = STRING: "FIRMID=\"MAIN\""
iso. = STRING: "FIRMVER=\"1.11\""
iso. = STRING: "FIRMVER=\"1.02\""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""

I used that to craft an update file which I sent to Brother via curl:

curl -X POST -d @hl3040cn-update.xml -H "Content-Type:text/xml" --sslv3

This gave me back some XML with a URL for the latest main firmware, version 1.19, filename LZ2599_N.djif. I downloaded that and took a look at it, discovering it looked like a PJL file. I figured I’d see what happened if I sent it to the printer:

cat LZ2599_N.djf | nc hl3040cn.local 9100

The LCD on the front of printer proceeded to display something like “Updating Program” and eventually the printer re-DHCPed and indicated the main firmware had gone from 1.11 to 1.19. Great! However the PCLPS firmware was still at 1.02 and I’d got the impression that 1.04 was out. I didn’t manage to figure out how to get the Brother update website to give me the 1.04 firmware, but I did manage to find a copy of LZ2600_D.djf which I was then able to send to the printer in the same way. This led to:

$ snmpwalk -v 2c -c public hl3040cn.local iso.
iso. = STRING: "MODEL=\"HL-3040CN series\""
iso. = STRING: "SPEC=\"0001\""
iso. = STRING: "FIRMID=\"MAIN\""
iso. = STRING: "FIRMVER=\"1.19\""
iso. = STRING: "FIRMVER=\"1.04\""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""
iso. = STRING: ""

Cool, eh?

[Disclaimer: This worked for me. I’ve no idea if it’ll work for anyone else. Don’t come running to me if you brick your printer.]


CryptogramFriday Squid Blogging: Squid Spawning in South Australian Waters

Divers are counting them:

Squid gather and mate with as many partners as possible, then die, in an annual ritual off Rapid Head on the Fleurieu Peninsula, south of Adelaide.

Department of Environment divers will check the waters and gather data on how many eggs are left by the spawning squid.

No word on how many are expected. Ten? Ten billion? I have no idea.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Krebs on SecurityISIS Jihadi Helpdesk Customer Log, Nov. 20

From NBC News come revelations that ISIS has its very own web-savvy, 24-hour Jihadi Help Desk manned by a half-dozen senior operatives to assist foot soldiers in spreading their message far and wide. My first reaction to this story was disbelief, then envy (hey, where the heck is my 24/7 support?). But soon enough I forgot about all that, my mind racing with other possibilities.

jihadihelpdeskImagine the epic trolling opportunities available to a bored or disgruntled Jihadi Help Desk operator. For this persona, we need to reach way back into the annals of Internet history to the Bastard Operator from Hell (BOFH) — a megalomaniacal system administrator who constantly toyed with the very co-workers he was paid to support. What might a conversation between a jihadi and the Bastard Jihadi Operator from Hell (BJOFH) sound like?

[RECORDED MESSAGE]: Thank you for contacting the ISIS Jihadi Help Desk. We are currently experiencing higher than normal call volume. Please wait and your inquiry will be answered in the order that it was received. This call may be monitored for customer service and Jihadi training purposes.

JIHADI: [audible sigh].


BJOFH: ISIS Jihadi Helpdesk, Mohammed speaking, how may I help you?

JIHADI: Finally! I thought someone would never answer! I’ve been sitting here sweating bullets and listening to the same infidel hold music over and over.

BJOFH: My sincerest apologies, sir. Someone hit “reply-all” on an operational email, and that really lit up our switchboard this morning. Also, most of the encrypted email services we use are under attack by some other terrorist group and are offline at the moment.

JIHADI: Too bad for them. Seriously, you guys call this 24/7 support?? I’ve been parked on this couch for hours waiting for some son-of-a-dog to answer!

BJOFH: [Pause. Deep breath.]…Well, you’ve got me now, sir. What can I do to…er…for you?

JIHADI: Right. So I’ve got a hardware problem. This itchy vest I have keeps beeping, really loud. It’s getting super annoying, and I’ve got to have some quiet prayer…you know….me-time…pretty soon now, understand?

BJOFH: Yes, I see. Well, good news, brother! I think I can help you. Tell me…is there a mobile phone attached to the vest?

JIHADI: [inaudible…fumbling with receiver]….uh..yeah there is..Huh…feels like there’s one sewn into the left inside pocket.

BJOFH: So, I’m going to try something on my end. Sit tight, and I’ll  be right back.

JIHADI: [pause] Uh…okay. But don’t be gone so long this time!

BJOFH: [one minute later]…Thanks for holding. Yeah, looks like I’m going to have to go ahead and troubleshoot this issue a bit more. Can you do me a favor and call me from the vest phone?

JIHADI: Uh..wait, through the jacket, you mean?

BJOFH: Yes, sir. My desk line here is 1-866-GO-JIHAD.

JIHADI: Okay. But it’s kinda hard to reach the keypad. So many wires….

BJOFH: Totally fine, sir. Take your time. You should still be able to feel the phone’s keypad through the pocket fabric.

JIHADI: Okay yeah, I think I got it. So how do I send the call?

BJOFH:  If your vest is the model I think it is, the “Send Message” button should be the big one in the middle above the keypad.

JIHADI: [Fumbling with the phone] Okay, is it ringing?

BJOFH: [Line rings in background] Yep, got it, thanks. Okay, now I’m going to call you back.


BJOFH: Great. Do me a favor and just wait until the phone rings at least once before answering, okay?

JIHADI: Fine, whatever. Just…today, maybe?

BJOFH: You bet. Go JIHAD!

JIHADI: Wait a second! how do I answer…[fumbling with the receiver]

[Vest phone rings. Line goes dead].

All satire aside, the jihadis take their security and privacy seriously, shouldn’t you? has helpfully published a translated 34-page Opsec Guide (PDF), a document originally printed in Arabic and intended to introduce newbies to basic operational security measures, techniques and technologies. It’s not the easiest tutorial to read, but it does reference a great many resources worth investigating further.

Update, 5:12 p.m. ET: An earlier version of this article incorrectly attributed the source of the Opsec article referenced in the last paragraph.

Planet DebianJonathan Dowland: smartmontools

It's been at least a year since I last did any work on Debian, but this week I finally uploaded a new version of squishyball, an audio sample comparison tool, incorporating a patch from Thibaut Girka which fixes the X/X/Y test method. Shamefully Thibaut's patch is nearly a year old too. Better late than never...

I've also uploaded a new version of smartmontools which updates the package to the new upstream version. I'm not the regular maintainer for this package, but it is in the set of packages covered by the collab-maint team. To be polite I uploaded it to DELAYED-7, so it will take a week to hit unstable. I've temporarily put a copy of the package here in the meantime.

Geek FeminismBringing Balance to the Force: The Women of Star Wars Episode VII

This is a guest post by Lydia Huxley, a writer who loves playing music or a musician who loves writing. Is there a difference?

Upon looking at the recently-released theatrical poster for Star Wars Episode VII: The Force Awakens, one character stands out more than the others. Part of it is because she’s located at the very middle of the poster: a place typically reserved for the star. Part of it is because she is – well …a she. Daisy Ridley’s character, Rey, is the first woman to fill such a spot in the previously male-dominated franchise. In the previous six films there have been a total of two women in major roles: Carrie Fisher as Princess Leia and Natalie Portman as Padmé. And these are supporting roles!

Ridley is not the only actress to land a major role for the latest installment of the sci-fi series. She will be joined by Gwendoline Christie as Captain Phasma, Lupita Nyong’o voicing and motion capturing Maz Kanata, and Carrie Fisher returning as Princess Leia. With the exception of Leia, almost nothing is known about these characters, but all four appear on the theatrical poster so it’s a safe bet that they will be integral to the plot. Four women in major roles? In one movie? That’s double the number in the previous two trilogies combined.

Balanced Casting

Of the named characters on the poster, 3 are women, 4 are men, and 5 are nonhuman (whom the franchise most often personifies as male). Of the nonhumans, C-3PO and Chewbacca are widely considered male. Each is referred to as “he” and played by a male actor. Despite also being called “he” and occasionally having a man inside the dome in early films, R2-D2 has no humanlike features and a voice created by an ARP 2600 analog synthesizer, rendering R2 and the similar BB-8 droid as genderless characters. The animated Maz Kanata is presumably female with Nyong’o providing the character’s voice and motion-capturing. So, droids aside, the ratio of female to male characters is 4 to 6. If the poster’s gender ratio is at all indicative of the rest of the film’s characters, this puts The Force Awakens much closer to having a balanced cast than almost all other films of its popularity.

A study by University of Southern California looked at the top 700 most popular films released between 2007 and 2014, and found that only 30.2% of speaking characters were female. That percentage is even lower for action and adventure movies specifically. Of the top 100 movies in 2014, only 21 featured a female lead or co-lead.

Southern California)

(Image by University of Southern California)

A Renewed Hope

This cast can go a long way in terms of cultural impact. Currently, Star Wars is the third-highest-grossing film franchise and it holds a world record for “Most successful film merchandising franchise,” coming in at over $30 billion as of 2012. This includes books, video games, clothing, home video sales, toys, and more.

Toys, in particular, have the potential to cause a shift in the gender role paradigm. Remember the uproar over the lack of Black Widow merchandize following the release of Avengers: Age of Ultron? Hasbro seems determined not to let this happen again, releasing action figures of Rey and Captain Phasma before the movie’s release date, as well as reissuing original trilogy-era Leia toys. And these aren’t Barbies. These are action figures. The same as, say, Iron Man. Or any other action hero. The availability of female action toys is a step in the right direction. If we can get children to acknowledge that women can be just as exciting of action heroes as men, they might question gender roles later in life.

This is the hope, anyway.

The film itself, which is expected to break box office records, could believably set an excellent example for other filmmakers if they acknowledged that its success is due to more than just the Star Wars brand. It proves something. A balanced cast can work. A balanced cast can sell tickets. A balanced cast can get great reviews. A balanced cast can be badass! And as Bustle’s Courtney Lindley puts it, “I think more importantly that we, as audience, are finally, finally ready for her.”

The impact The Force Awakens will have on the film industry, children’s toys, and gender paradigms in general will only be known after the film’s release, which is currently more than a month away. Until then, let’s hope for great female characters in a widely-influential film.

Planet DebianJohn Goerzen: I do not fear

I am so saddened by the news this week. The attacks in Paris, Beirut, and Mali. The reaction of fear, anger, and hate. Governors racing to claim they will keep out refugees, even though they lack the power to do so. Congress voting to keep out refugees.

Emotions are a powerful thing. They can cause people to rise up and accomplish stunning things that move humanity forward. And they can move us back. Fear, and the manipulation of it, is one of those.

What have I to fear?

Even if the United States accepted half a million Syrian refugees tomorrow, I would be far more likely to die in a car accident than at the hands of a Syrian terrorist. I am a careful and cautious person, but I understand that life is not lived unless risk is balanced. I know there is a risk of being in a car crash every time I drive somewhere — but if that kept me at home, I would never see my kids’ violin concert, the beautiful “painted” canyon of Texas, or the Flint Hills of Kansas. So I drive smart and carefully, but I still drive without fear. I accept this level of risk as necessary to have a life worth living in this area (where there are no public transit options and the nearest town is miles away).

I have had pain in my life. I’ve seen grandparents pass away, I’ve seen others with health scares. These things are hard to think about, but they happen to us all at some point.

What have I to fear?

I do not fear giving food to the hungry, shelter to the homeless, comfort to those that have spent the last years being shot at. I do not fear helping someone that is different than me. If I fail to do these things for someone because of where they come from or what their holy book is, then I have become less human. I have become consumed by fear. I have let the terrorists have control over my life. And I refuse to do that.

If governors really wanted to save lives, they would support meaningful mass transit alternatives that would prevent tens of thousands of road deaths a year. They would support guaranteed health care for all. They would support good education, science-based climate change action, clean water and air, mental health services for all, and above all, compassion for everyone.

By supporting Muslim registries, we look like Hitler to them. By discriminating against refugees based on where they’re from or their religion, we support the terrorists, making it easy for them to win hearts and minds. By ignoring the fact that entering the country as a refugee takes years, as opposed to entering as a tourist taking only minutes, we willfully ignore the truth about where dangers lie.

So what do I have to fear?

Only, as the saying goes, fear. Fear is making this country turn its backs on the needy. Fear is making not just the US but much of Europe turn its backs on civil liberties and due process. Fear gives the terrorists control, and that helps them win.

I refuse. I simply refuse to play along. No terrorist, no politician, no bigot gets to steal MY humanity.

Ultimately, however, I know that the long game is not one of fear. The arc of the universe bends towards justice, and ultimately, love wins. It takes agonizingly long sometimes, but in the end, love wins.

So I do not fear.

Planet DebianGergely Nagy: Looking for a keyboard

Even though I spend more time staring at the screen than typing, there are times when I - after lots and lots of prior brain work - sit down and start typing, a lot. A couple of years ago, I started to feel pain in my wrists, and there were multiple occasions when I had to completely stop writing for longer periods of time. These were situations I obviously did not want repeated, so I started to look for remedies. First, I bought a new keyboard, a TypeMatrix 2300, which while not ergonomic, was a huge relief for my hands and wrists. I also started to learn Dvorak, but that's still something that is kind-of in progress: my left hand can write Dvorak reasonably fast, but my right one seems to be Qwerty-wired, even after a month of typing Dvorak almost exclusively.

This keyboard served me well for the past five year or so. But recently, I started to look for a replacement, partly triggered by a Clojure/conj talk I watched. I got as far as assembling a list of keyboards I'm interested in, but I have a hard time choosing. This blog post here serves two purposes then: first to make a clear pros/cons list for myself, second, to solicit feedback from others who may have more experience with any of the options below.

Update: There is a [follow up post], with a few more keyboards explored, and a semi-final verdict. Thanks everyone for the feedback and help, much appreciated!

Lets start with the current keyboard!

TypeMatrix 2030

TypeMatrix 2030


  • The Matrix architecture, with straight vertical key columns has been incredibly convenient.
  • Enter and Backspace in the middle, both large: loving it.
  • Skinnable (easier to clean, and aids in learning a new layout).
  • Optional dvorak skin, and a hardware Dvorak switch.
  • The layout (cursor keys, home/end, page up/down, etc) is something I got used to very fast.
  • Multimedia keys close by with Fn.
  • Small, portable, lightweight - ideal for travel.


  • Small: while also a feature, this is a downside too. Shoulder position is not ideal.
  • Skins: while they are a terrific aid when learning a new layout, and make cleaning a lot easier, they wear off quickly. Sometimes fingernails are left to grow too long, and that doesn't do good to the skin. One of my two QWERTY layouts has a few holes already, sadly.
  • Not a split keyboard, which is starting to feel undesirable.


All in all, this is a keyboard I absolutely love, and am very happy with. Yet, I feel I'm ready to try something different. With my skins aging, and the aforementioned Clojure/conj talk, the desire to switch has been growing for a while now.

Desired properties

There are a few desired properties of the keyboard I want next. The perfect keyboard need not have all of these, but the more the merrier.

  • Ergonomic design.
  • Available in Dvorak, or with blank keys.
  • Preferably a split keyboard, so I can position the two parts as I see fit.
  • Ships to Hungary, or Germany, in a reasonable time frame. (If all else fails, shipping to the US may work too, but I'd rather avoid going through extra hoops.)
  • Mechanical keys preferred. But not the loud clicky type: I work in an office; and at home, I don't want to wake my wife either.

I plan to buy one keyboard for a start, but may end up buying another to bring to work (like I did with the TypeMatrix, except my employer at the time bought the second one for me). At work, I will continue using the TypeMatrix, most likely, but I'm not sure yet.

Anyhow, there are a number of things I do with my computer that require a keyboard:

  • I write code, a considerable amount.
  • I write prose, even more than code. Usually in English, sometimes in Hungarian.
  • I play games. Most of them, with a dedicated controller, but there are some where I use the keyboard a lot.
  • I browse the web, listen to music, and occasionally edit videos.
  • I multi-task all the time.
  • 90% of my time is spent within Emacs (recently switched to Spacemacs).
  • I hate the mouse, with a passion. Trackballs, trackpoints and touchpads even more. If I can use my keyboard to do mouse-y stuff well enough to control the browser, and do some other things that do not require precise movement (that is, not games), I'll be very happy.

I am looking for a keyboard that helps me do these things. A keyboard that will stay with me not for five years or a decade, but pretty much forever.

The options

Ultimate Hacking Keyboard

Ultimate Hacking Keyboard


  • Split keyboard.
  • Mechanical keys (with a quiet option).
  • Ships to Hungary. Made in Hungary!
  • Optional addons: three extra buttons and a small trackball for the left side, and a trackball for the right side. While I'm not a big fan of the mouse, the primary reasons is that I have to move my hand. If it's in the middle, that sounds much better.
  • Four layers of the factory keymap: I love the idea of these layers, especially the mouse layer.
  • Programmable, so I can define any layout I want.
  • Open source firmware, design and agent!
  • An optional palm rest is available as well.
  • Blank option available.


  • Likely not available before late summer, 2016.
  • No thumb keys.
  • Space/Mod arrangement feels alien.
  • The LED area is useless to me, and bothers my eye. Not a big deal, but still.
  • While thumb keys are available for the left side, not so for the right one. I'd rather have keys there than a trackball. The only reason I'd want the $50 addon set, is the left thumb-key module (which also seems to have a trackpoint, another pointless gadget).


The keyboard looks nice, has a lot of appealing features. It is programmable, so much so that by the looks of it, I could emulate the hardware dvorak switch my TypeMatrix has. However, I'm very unhappy with the addons, so there's that too.

All in all, this would cost me about $304 (base keyboard, modules, palm rest and shipping). Not too bad, certainly a strong contender, despite the shortcomings.




  • Great design, by the looks of it.
  • Mechanical keys.
  • Open source hardware and firmware, thus programmable.
  • Thumb keys.
  • Available via ErgoDox EZ as an assembled product.


  • Primarily a kit, but assembled available.
  • Not sure when it'd ship (december shipments are sold out).


The keyboard looks interesting, primarily due to the thumb keys. From the ErgoDox EZ campaign, I'm looking at $270. That's friendly, and makes ErgoDox a viable option! (Thanks @miffe!)

Kinesis Advantage

Kinesis Advantage


  • Mechanical keys, Cherry-MX brown.
  • Separate thumb keys.
  • Key wells look interesting.
  • Available right now.
  • QWERTY/Dvorak layout available.


  • Not a split keyboard.
  • Not open source, neither hardware, nor firmware.
  • Shipping to Hungary may be problematic.
  • The QWERTY/Dvorak layout is considerably more expensive.
  • Judging by some of the videos I saw, keys are too loud.


The key wells look interesting, but it's not a split keyboard, nor is it open source. The cost come out about $325 plus shipping and VAT and so on, so I'm probably looking at something closer to $400. Nah. I'm pretty sure I can rule this out.

Kinesis FreeStyle2

Kinesis FreeStyle2


  • Split keyboard.
  • Available right now.
  • Optional accessory, to adjust the slope of the keyboard.


  • Not open source, neither hardware, nor firmware.
  • Doesn't seem to be mechanical.
  • Shipping to Hungary may be problematic.
  • No Dvorak layout.
  • No thumb keys.


While a split keyboard, at a reasonably low cost ($149 + shipping + VAT), it lacks too many things to be considered a worthy contender.




  • Mechanical keyboard.
  • Key wells.
  • Thumb keys.
  • Built in palm rest.
  • Available in Dvorak too.


  • Not a split keyboard.
  • The center numeric area looks weird.
  • Not sure about programmability.
  • Not open source.
  • Expensive.


Without shipping, I'm looking at £450. That's a very steep price. I love the wells, and the thumb keys, but it's not split, and customisability is a big question here.




  • Sleek, compact design.
  • No keycaps.
  • Mechanical keyboard.
  • Open source firmware.
  • More keys within thumbs reach.
  • Available right now.


  • Ships as a DIY kit.
  • Not a split keyboard.


While not a split keyboard, it does look very interesting, and the price is much lower than the rest: $149 + shipping ($50 or so). It is similar - in spirit - to my existing TypeMatrix. It wouldn't take much to get used to, and is half the price of the alternatives. A strong option, for sure.

Keyboardio M01

Keyboardio Model 01


  • Mechanical keyboard.
  • Hardwood body.
  • Blank and dot-only keycaps option.
  • Open source: firmware, hardware, and so on. Comes with a screwdriver.
  • The physical key layout has much in common with my TypeMatrix.
  • Numerous thumb-accessible keys.
  • A palm key, that allows me to use the keyboard as a mouse.
  • Fully programmable LEDs.
  • Custom macros, per-application even.


  • Fairly expensive.
  • Custom keycap design, thus rearranging them physically is not an option, which leaves me with the blank or dot-only keycap options only.
  • Available late summer, 2016.


With shipping cost and whatnot, I'm looking at something in the $370 ballpark, which is on the more expensive side. On the other hand, I get a whole lot of bang for my buck: LEDs, two center bars (tripod mounting sounds really awesome!), hardwood body, and a key layout that is very similar to what I came to love on the TypeMatrix.

I also have a thing for wooden stuff. I like the look of it, the feel of it.

The Preference List

After writing this all up, I think I prefer the Model 01, but the UHK and ErgoDox come close too!

The UHK is cheaper, but not by a large margin. It lacks the thumb keys and the palm key the M01 has. It also looks rather dull (sorry). They'd both ship about the same time, but, the M01 is already funded, while the UHK is not (mind you, there's a pretty darn high chance it will be).

The ErgoDox has thumb keys, split keyboard, and is open source. Compared to the UHK, we have the thumb keys, and less distraction, for a better price. But the case is not so nice. Compared to the Model 01: no leds, or center bar, and an inferior case. But, much better price, which is an important factor too.

Then, there's the Atreus. While it's a DIY kit, it is much more affordable than the rest, and I could have it far sooner. Yet... it doesn't feel like a big enough switch from my current keyboard. I might as well continue using the TypeMatrix then, right?

The rest, I ruled out earlier, while I was reviewing them anyway.

So, the big question is: should I invest close to $400 into a keyboard that looks stunning, and will likely grow old with me? Or should I give up some of the features, and settle for one of the $300 ones, that'll also grow old with me. Or is there an option I did not consider, that may match my needs and preferences better?

If you, my dear reader, got this far, and have a suggestion, please either tweet at me, or write an email, or reach me over any other medium I am reachable at (including IRC, hanging out as algernon on FreeNode and OFTC).

Thank you in advance, to all of you who contact me, and help me choose a keyboard!

LongNowWhy build a 10,000 Year Clock?

<iframe allowfullscreen="" frameborder="0" height="281" src=";title=0&amp;byline=0&amp;portrait=0&amp;badge=0" width="500"></iframe>

Adam Weber and Jimmy Goldblum of Public Record released this short video about The Clock of The Long Now this week at the New York Documentary Film Festival and it can also be seen at The Atlantic.

Krebs on SecurityStarwood Hotels Warns of Credit Card Breach

Starwood Hotels & Resorts Worldwide today warned that malware designed to help cyber thieves steal credit and debit card data was found on point-of-sale cash registers at some of the company’s hotels in North America. The disclosure makes Starwood just the latest in a recent string of hotel chains to acknowledge credit card breach investigations, and comes days after the company announced its acquisition by Marriott International.


Starwood published a list (PDF) of more than 50 of its hotel properties — mostly Sheraton and Westin locations across the United States and Canada — that were impacted by the breach. According to that list, the breach started as early as November 2014 in some locations, ending sometime in April or May for all affected hotels.

As with other ongoing hotel breaches, the malware that hit Starwood properties affected certain restaurants, gift shops and other point of sale systems at the relevant Starwood properties.

“We have no indication at this time that our guest reservation or Starwood Preferred Guest membership systems were impacted,” Starwood President Sergio Rivera wrote in a letter to affected customers. “The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date. There is no evidence that other customer information, such as contact information, Social Security numbers or PINs, were affected by this issue.”

Starwood joins several other major hotel brands in announcing a malware-driven credit card data breach. In October 2015, The Trump Hotel Collection confirmed a report first published by KrebsOnSecurity in June about a possible card breach at the luxury hotel chain.

On Sept. 25, this author first reported that the Hilton Hotel chain is investigating reports of a pattern of card fraud traced back to some of its properties. Bank sources said the fraud pattern they’re seeing all traces back to restaurants and gift shops at various Hilton locations. The company hasn’t commented further beyond its initial statement in September that it was looking into the matter.

In March, upscale hotel chain Mandarin Oriental acknowledged a similar breach. The following month, hotel franchising firm White Lodging acknowledged that — for the second time in 12 months — card processing systems at several of its locations were breached by hackers. Each time, the breach was traced back to point of sale systems at food and beverage outlets inside the White Lodging properties.

Readers should remember that they are not liable for unauthorized debit or credit card charges, but with one big caveat: the onus is on the cardholder to spot and report any unauthorized charges. Keep a close eye on your monthly statements and report any bogus activity immediately. Many card issuers now let customers receive text alerts for each card purchase and/or for any account changes. Take a moment to review the notification options available to you from your bank or card issuer.

Planet DebianDaniel Pocock: Databases of Muslims and homosexuals?

One US presidential candidate has said a lot recently, but the comments about making a database of Muslims may qualify as the most extreme.

Of course, if he really wanted to, somebody with this mindset could find all the Muslims anyway. A quick and easy solution would involve tracing all the mobile phone signals around mosques on a Friday. Mr would-be President could compel Facebook and other social networks to disclose lists of users who identify as Muslim.

Databases are a dangerous side-effect of gay marriage

In 2014 there was significant discussion about Brendan Eich's donation to the campaign against gay marriage.

One fact that never ranked very highly in the debate at the time is that not all gay people actually support gay marriage. Even where these marriages are permitted, not everybody who can marry now is choosing to do so.

The reasons for this are varied, but one key point that has often been missed is that there are two routes to marriage equality: one involves permitting gay couples to visit the register office and fill in a form just as other couples do. The other route to equality is to remove all the legal artifacts around marriage altogether.

When the government does issue a marriage certificate, it is not long before other organizations start asking for confirmation of the marriage. Everybody from banks to letting agents and Facebook wants to know about it. Many companies outsource that data into cloud CRM systems such as Salesforce. Before you know it, there are numerous databases that somebody could mine to make a list of confirmed homosexuals.

Of course, if everybody in the world was going to live happily ever after none of this would be a problem. But the reality is different.

While discrimination: either against Muslims or homosexuals - is prohibited and can even lead to criminal sanctions in some countries, this attitude is not shared globally. Once gay people have their marriage status documented in the frequent flyer or hotel loyalty program, or in the public part of their Facebook profile, there are various countries where they are going to be at much higher risk of prosecution/persecution. The equality to marry in the US or UK may mean they have less equality when choosing travel destinations.

Those places are not as obscure as you might think: even in Australia, regarded as a civilized and laid-back western democracy, the state of Tasmania fought tooth-and-nail to retain the criminalization of virtually all homosexual conduct until 1997 when the combined actions of the federal government and high court compelled the state to reform. Despite the changes, people with some of the most offensive attitudes are able to achieve and retain a position of significant authority. The same Australian senator who infamously linked gay marriage with bestiality has successfully used his position to set up a Senate inquiry as a platform for conspiracy theories linking Halal certification with terrorism.

There are many ways a database can fall into the wrong hands

Ironically, one of the most valuable lessons about the risk of registering Muslims and homosexuals was an injustice against the very same tea-party supporters a certain presidential candidate is trying to woo. In 2013, it was revealed IRS employees had started applying a different process to discriminate against groups with Tea party in their name.

It is not hard to imagine other types of rogue or misinformed behavior by people in positions of authority when they are presented with information that they don't actually need about somebody's religion or sexuality.

Beyond this type of rogue behavior by individual officials and departments, there is also the more sinister proposition that somebody truly unpleasant is elected into power and can immediately use things like a Muslim database, surveillance data or the marriage database for a program of systematic discrimination. France had a close shave with this scenario in the 2002 presidential election when
Jean-Marie Le Pen, who has at least six convictions for racism or inciting racial hatred made it to the final round in a two-candidate run-off with Jacques Chirac.

The best data security

The best way to be safe- wherever you go, both now and in the future - is not to have data about yourself on any database. When filling out forms, think need-to-know. If some company doesn't really need your personal mobile number, your date of birth, your religion or your marriage status, don't give it to them.

Sociological ImagesWhat explains differences in color preference by sex?

Flashback Friday.

A study published in 2001, to which I was alerted by Family Inequality, asked undergraduate college students their favorite color and presented the results by sex.  Men’s favorites are on the left, women’s on the right:

The article is a great example of the difference between research findings and the interpretation of those findings.  For example, this is how I would interpret it:

Today in the US, but not elsewhere and not always, blue is gendered male and pink gendered female.  We might expect, then, that men would internalize a preference for blue and women a preference for pink.  We live, however, in an androcentric society that values masculinity over femininity.  This rewards the embracing of masculinity by both men and women (making it essentially compulsory for men) and stigmatizes the embracing of femininity (especially for men).

We might expect, then, that men would comfortably embrace a love of blue (blue = masculinity = good), while many women will have a troubled relationship to pink (pink = femininity = devalued, but encouraged for women) and gravitate to blue and all of the good, masculine meaning it offers.

That’s how I’d interpret it.

Here’s how the authors of the study interpreted it:

…we are inclined to suspect the involvement of neurohormonal factors. Studies of rats have found average sex differences in the number of neurons comprising various parts of the visual cortex. Also, gender differences have been found in rat preferences for the amount of sweetness in drinking water. One experiment demonstrated that the sex differences in rat preferences for sweetness was eliminated by depriving males of male-typical testosterone levels in utero. Perhaps, prenatal exposure to testosterone and other sex hormones operates in a similar way to “bias” preferences for certain colors in humans.

Go figure.

Important lesson here: data never stands alone. It must always be interpreted.

Originally posted in 2010.

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

Planet DebianSylvain Beucler: Rebuilding Android proprietary SDK binaries

Going back to Android recently, I saw that all tools binaries from the Android project are now click-wrapped by a quite ugly proprietary license, among others an anti-fork clause (details below). Apparently those T&C are years old, but the click-wrapping is newer.

This applies to the SDK, the NDK, Android Studio, and all the essentials you download through the Android SDK Manager.

Since I keep my hands clean of smelly EULAs, I'm working on rebuilding the Android tools I need.
We're talking about hours-long, quad-core + 8GB-RAM + 100GB-disk-eating builds here, so I'd like to publish them as part of a project who cares.

As a proof-of-concept, the Replicant project ships a 4.2 SDK and I contributed build instructions for ADT and NDK (which I now use daily).

(Replicant is currently stuck to a 2013 code base though.)

I also have in-progress instructions on my hard-drive to rebuild various newer versions of the SDK/API levels, and for the NDK whose releases are quite hard to reproduce (no git tags, requires fixes committed after the release, updates are partial rebuilds, etc.) - not to mention that Google doesn't publish the source code until after the official release (closed development) :/ And in some cases like Android Support Repository [not Library] I didn't even find the proper source code, only an old prebuilt.

Would you be interested in contributing, and would you recommend a structure that would promote Free, rebuilt Android *DK?

The legalese

Anti-fork clause:

3.4 You agree that you will not take any actions that may cause or result in the fragmentation of Android, including but not limited to distributing, participating in the creation of, or promoting in any way a software development kit derived from the SDK.

So basically the source is Apache 2 + GPL, but the binaries are non-free. By the way this is not a GPL violation because right after:

3.5 Use, reproduction and distribution of components of the SDK licensed under an open source software license are governed solely by the terms of that open source software license and not this License Agreement.

Still, AFAIU by clicking "Accept" to get the binary you still accept the non-free "Terms and Conditions".

(Incidentally, if Google wanted SDK forks to spread and increase fragmentation, introducing an obnoxious EULA is probably the first thing I'd have recommended. What was its legal team thinking?)

Indemnification clause:

12.1 To the maximum extent permitted by law, you agree to defend, indemnify and hold harmless Google, its affiliates and their respective directors, officers, employees and agents from and against any and all claims, actions, suits or proceedings, as well as any and all losses, liabilities, damages, costs and expenses (including reasonable attorneys fees) arising out of or accruing from (a) your use of the SDK, (b) any application you develop on the SDK that infringes any copyright, trademark, trade secret, trade dress, patent or other intellectual property right of any person or defames any person or violates their rights of publicity or privacy, and (c) any non-compliance by you with this License Agreement.

Usage restriction:

3.1 Subject to the terms of this License Agreement, Google grants you a limited, worldwide, royalty-free, non-assignable and non-exclusive license to use the SDK solely to develop applications to run on the Android platform.

3.3 You may not use the SDK for any purpose not expressly permitted by this License Agreement. Except to the extent required by applicable third party licenses, you may not: (a) copy (except for backup purposes), modify, adapt, redistribute, decompile, reverse engineer, disassemble, or create derivative works of the SDK or any part of the SDK; or (b) load any part of the SDK onto a mobile handset or any other hardware device except a personal computer, combine any part of the SDK with other software, or distribute any software or device incorporating a part of the SDK.

If you know the URLs, you can still direct-download some of the binaries which don't embed the license, but all this feels fishy. GNU licensing didn't answer me (yet). Maybe debian-legal has an opinion?

In any case, the difficulty to reproduce the *DK builds is worrying enough to warrant an independent rebuild.

Did you notice this?

Planet DebianSylvain Beucler: No to ACTA - Paris

Today, there were events all around Europe to block ACTA.

In Paris, the protest started at Place de la Bastille :

APRIL was present, with in particular its president Lionel Allorge, and two members who wore the traditional anti-DRM suit :

Jérémie Zimmermann from La Quadrature du Net gave a speech and urged people to contact their legal representatives, in addition to protesting in the street :

The protest was cheerful and free of violence :

It got decent media coverage :

Notable places it crossed include Place des Victoires :

and Palais Royal, where it ended :

Next protest is in 2 weeks, on March 10th. Update your agenda!

Planet DebianSylvain Beucler: New free OpenGL ES documentation

Great news!

The Learn OpenGL ES website recently switched its licensing to Creative Commons BY-SA 3.0 :)

It provides tutorials for OpenGL ES using Java/Android and WebGL, and is focusing on a more community-oriented creative process. Give them cheers!

Planet DebianSylvain Beucler: Mini-sendmail... in bash

I recently faced an environment where there is no MTA.

WTF? The reason is that people who work there get security audits on a regular basis, and the security people are usually mo...deratly skilled guys who blindly run a set of scripts, e.g. by ordering to disable Apache modules that "where seen enabled in /etc/apache2/mods-available/"...

To avoid spending days arguing with them and nitpicking with non-technical managers, the system is trimmed to the minimum - and there is no MTA. No MTA, so no cron output, so difficulty to understand why last night's cron job failed miserably.

Since it was not my role to reshape the whole business unit, I decided to hack a super-light, but functional way to get my cron output:

cat <<'EOF' > /usr/sbin/sendmail
    echo "From me  $(LANG=C date)"
) >> /var/mail/all
chmod 755 /usr/sbin/sendmail

It works! :)

There is a companion logrotate script, to avoid filling the file system:

cat <<'EOF' > /etc/logrotate.d/mail-all
/var/mail/all {
  rotate 10
  create 622 root mail

Bootstrap with:

touch /var/mail/all
logrotate -f /var/mail/all

You now can check your sys-mails with:

mutt -f /var/mail/all


Planet DebianSylvain Beucler: Meritous: Free game ported on Android

Base attack

Meritous is a nice, addictive action-adventure dungeon crawl game. Each new game is unique since the dungeon is built in a semi-random fashion. Last but not least, the engine, graphics and sound effects are GPL'd :)

The game is based on SDL 1.2, which has an unofficial Android variant, so I decided to try and port it on my cell phone! The port was surprinsingly smooth and only non-SDL fixes (move big stack allocation to heap) were necessary. Who said it was difficult to program in C on Android? ;)

It was also an opportunity to study the build system for F-Droid, an app market for free software apps, where APKs are rebuilt from source. The spec-like file is here.

The game packaging is also being ressurected for Debian but is being distressfully held hostage in the NEW queue for 2 weeks!

You can download the very first (aka beta) Android version:

  • for free at F-Droid
  • for 0.50€ at GPlay - because publishing at GPlay costs $25 (+30% of sells..)

Comments welcome!

Planet DebianTimo Jyrinki: Converting an existing installation to LUKS using luksipc

This is a burst of notes that I wrote in an e-mail in June when asked about it, and I'm not going to have any better steps since I don't remember even that amount as back then. I figured it's better to have it out than not.

So... if you want to use LUKS In-Place Conversion Tool, the notes below on converting a shipped-with-Ubuntu Dell XPS 13 Developer Edition (2015 Intel Broadwell model) may help you. There were a couple of small learnings to be had...
The page itself is good and without errors, although funnily uses reiserfs as an example. It was only a bit unclear why I did save the initial_keyfile.bin since it was then removed in the next step (I guess it's for the case you want to have a recovery file hidden somewhere in case you forget the passphrase).

For using the tool I booted from a 14.04.2 LTS USB live image and operated there, including downloading and compiling luksipc in the live session. The exact reason of resizing before luksipc was a bit unclear to me at first so I simply indeed resized the main rootfs partition and left unallocated space in the partition table.

Then finally I ran ./luksipc -d /dev/sda4 etc.

I realized I want /boot to be on an unencrypted partition to be able to load the kernel + initrd from grub before entering into LUKS unlocking. I couldn't resize the luks partition anymore since it was encrypted... So I resized what I think was the empty small DIAGS partition (maybe used for some system diagnostic or something, I don't know), or possibly the next one that is the actual recovery partition one can reinstall the pre-installed Ubuntu from. And naturally I had some problems because it seems vfatresize tool didn't do what I wanted it to do and gparted simply crashed when I tried to use it first to do the same. Anyway, when done with getting some extra free space somewhere, I used the remaining 350MB for /boot where I copied the rootfs's /boot contents to.

After adding the passphrase in luks I had everything encrypted etc and decryptable, but obviously I could only access it from a live session by manual cryptsetup luksOpen + mount /dev/mapper/myroot commands. I needed to configure GRUB, and I needed to do it with the grub-efi-amd64 which was a bit unfamiliar to me. There's also grub-efi-amd64-signed I have installed now but I'm not sure if it was required for the configuration. Secure boot is not enabled by default in BIOS so maybe it isn't needed.

I did GRUB installation – I think inside rootfs chroot where I also mounted /dev/sda6 as /boot (inside the rootfs chroot), ie mounted dev, sys with -o bind to under the chroot (from outside chroot) and mount -t proc proc proc too. I did a lot of trial and effort so I surely also tried from outside the chroot, in the live session, using some parameters to point to the mounted rootfs's directories...

I needed to definitely install cryptsetup etc inside the encrypted rootfs with apt, and I remember debugging for some time if they went to the initrd correctly after I executed mkinitramfs/update-initramfs inside the chroot.

At the end I had grub asking for the password correctly at bootup. Obviously I had edited the rootfs's /etc/fstab to include the new /boot partition, I changed / to be "UUID=/dev/mapper/myroot /     ext4    errors=remount-ro 0       ", kept /boot/efi as coming from the /dev/sda1 and so on. I had also added "myroot /dev/sda4 none luks" to /etc/crypttab. I seem to also have GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda4:myroot root=/dev/mapper/myroot" in /etc/default/grub.

The only thing I did save from the live session was the original partition table if I want to revert.

So the original was:

Found valid GPT with protective MBR; using GPT.
Disk /dev/sda: 500118192 sectors, 238.5 GiB
Logical sector size: 512 bytes
First usable sector is 34, last usable sector is 500118158
Partitions will be aligned on 2048-sector boundaries
Total free space is 6765 sectors (3.3 MiB)
Number  Start (sector)    End (sector)  Size       Code  Name
1            2048         1026047   500.0 MiB   EF00  EFI system partition
2         1026048         1107967   40.0 MiB    FFFF  Basic data partition
3         1107968         7399423   3.0 GiB     0700  Basic data partition
4         7399424       467013631   219.2 GiB   8300
5       467017728       500117503   15.8 GiB    8200

And I now have:

Number  Start (sector)    End (sector)  Size       Code  Name

1            2048         1026047   500.0 MiB   EF00  EFI system partition
2         1026048         1107967   40.0 MiB    FFFF  Basic data partition
3         1832960         7399423   2.7 GiB     0700  Basic data partition
4         7399424       467013631   219.2 GiB   8300
5       467017728       500117503   15.8 GiB    8200
6         1107968         1832959   354.0 MiB   8300

So it seems I did not edit DIAGS (and it was also originally just 40MB) but did something with the recovery partition while preserving its contents. It's a FAT partition so maybe I was able to somehow resize it after all.

The 16GB partition is the default swap partition. I did not encrypt it at least yet, I tend to not run into swap anyway ever in my normal use with the 8GB RAM.

If you go this route, good luck! :D

Planet DebianPau Garcia i Quiles: Desktops DevRoom @ FOSDEM 2016: Have you submitted your talk yet?

FOSDEM 2016 is going to be great (again!) and you still have the chance to be one of the stars.

Have you submitted your talk to the Desktops DevRoom yet?


Remember: we will only accept proposals until December 6th. After that, the Organization Team will get busy and vote and choose the talks.

Here is the full Call for Participation, in case you need to check the details on how to submit:

FOSDEM Desktops DevRoom 2016 Call for Participation

Topics include anything related to the Desktop: desktop environments, software development for desktop/cross-platform, applications, UI, etc

CryptogramReputation in the Information Age

Reputation is a social mechanism by which we come to trust one another, in all aspects of our society. I see it as a security mechanism. The promise and threat of a change in reputation entices us all to be trustworthy, which in turn enables others to trust us. In a very real sense, reputation enables friendships, commerce, and everything else we do in society. It's old, older than our species, and we are finely tuned to both perceive and remember reputation information, and broadcast it to others.

The nature of how we manage reputation has changed in the past couple of decades, and Gloria Origgi alludes to the change in her remarks. Reputation now involves technology. Feedback and review systems, whether they be eBay rankings, Amazon reviews, or Uber ratings, are reputational systems. So is Google PageRank. Our reputations are, at least in part, based on what we say on social networking sites like Facebook and Twitter. Basically, what were wholly social systems have become socio-technical systems.

This change is important, for both the good and the bad of what it allows.

An example might make this clearer. In a small town, everyone knows each other, and lenders can make decisions about whom to loan money to, based on reputation (like in the movie It's a Wonderful Life). The system isn't perfect; it is prone to "old-boy network" preferences and discrimination against outsiders. The real problem, though, is that the system doesn't scale. To enable lending on a larger scale, we replaced personal reputation with a technological system: credit reports and scores. They work well, and allow us to borrow money from strangers halfway across the country­ -- and lending has exploded in our society, in part because of it. But the new system can be attacked technologically. Someone could hack the credit bureau's database and enhance her reputation by boosting her credit score. Or she could steal someone else's reputation. All sorts of attacks that just weren't possible with a wholly personal reputation system become possible against a system that works as a technological reputation system.

We like socio-technical systems of reputation because they empower us in so many ways. People can achieve a level of fame and notoriety much more easily on the Internet. Totally new ways of making a living­ -- think of Uber and Airbnb, or popular bloggers and YouTubers -- ­become possible. But the downsides are considerable. The hacker tactic of social engineering involves fooling someone by hijacking the reputation of someone else. Most social media companies make their money leeching off our activities on their sites. And because we trust the reputational information from these socio-technical systems, anyone who can figure out how to game those systems can artificially boost their reputation. Amazon, eBay, Yelp, and others have been trying to deal with fake reviews for years. And you can buy Twitter followers and Facebook likes cheap.

Reputation has always been gamed. It's been an eternal arms race between those trying to artificially enhance their reputation and those trying to detect those enhancements. In that respect, nothing is new here. But technology changes the mechanisms of both enhancement and enhancement detection. There's power to be had on either side of that arms race, and it'll be interesting to watch each side jockeying for the upper hand.

This essay is part of a conversation with Gloria Origgi entitled "What is Reputation?"

RacialiciousAnnouncement: Catch Arturo at Loscon 42!

Since Arturo talked about sci-fi/fantasy conventions earlier this week, it’s a good time to let you know that he’ll actually be appearing at one over Thanksgiving weekend — Loscon 42 in Los Angeles.

Hosted by the Los Angeles Science Fantasy Society, the convention will be held at the LAX Marriott from Nov. 27-29, and Arturo will be on two panels:

Fans of Color: Across Experiences Fans come from various cultural backgrounds! — Nov. 28, 11:30 a.m.: Fans of color will discuss what being a fan of colour in the U.S. is like: how they got into SFF, what makes it difficult being a SFF fan, how they deal with problems specific to them. Joining Arturo on the panel will be Racialicious contributor Jaymee Goh, as well as Eric Atkinson, Gregg Castro, and Isabel Schechter.

The Changing Face of Fandom — Nov. 29, 2:30 p.m.: The majority of people, especially young people flocking to pop culture and anime conventions instead of WorldCons. Media conventions with big name guests are getting the lion’s share of the publicity. Is there a place for all of our fandoms?? Arturo will be joined by Tina Beychok, Jimmy Diggs, and Anastasia Hunter.

Visit Loscon’s site for more information about the event. And you can also follow Arturo on Twitter as he chronicles his adventures throughout the weekend!

The post Announcement: Catch Arturo at Loscon 42! appeared first on Racialicious - the intersection of race and pop culture.

Worse Than FailureError'd: End User Experience May Vary by Region

"I guess eight of the ports are English-only," Andrew G. wrote.


"So, this means that nothing is expiring...right?" wrote Chris.


Steve L. wrote, "Hey AT&T! The 'Trim' function in JavaScript would work GREAT here."


"Um, can I opt out of the sale on this power meter?" wrote Scott.


"VS2010 was gracious enough to perform 916061759 more tasks than I wanted," wrote John A.


"You're welcome...I guess," writes Andrew.


"I don't think of this as an error so much as a reminder for some certain someone who, you know, might forget to insert their memory card," Alex G. wrote.


"This mobile TV was set up for people to watch World Cup matches outside Birmingham's Bullring centre, but it looks like it isn't quite ready for the opening match yet," writes Stuart D.


[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet Linux AustraliaSteven Hanley: [mtb] Alpe di Neggia ride in Italy/Switzerland

Looking toward Switzerland from the top of the climb (fullsize)
I had a work trip to the European Training centre in Gavirate Italy in April 2012, while there I managed to get out for three rides and one solid run. On the rides I took my camera and was able to get some great shots. Definitely an awesome area to train in for many sports.

Recommended to me by Luke Durbridge who was at the ETC while I was there, this ride was from Gavirate over to Lago di Maggiore and then along the shores until I hit the climb and down the other side in to Switzerland than back through the valley past Lago di Lugano toward the border at Ponte Tresa above Varese. A great ride for sure and a nice climb, though I probably left it an hour too late as coming back it was dark by the time I got to Varese and I had not taken lights.

Images in my gallery from the ride Alpe di Neggia ride in Italy/Switzerland.

Planet Linux AustraliaOpenSTEM: RCA Old Technology Video (1983)

It’s cool to look at past visions of the future, particularly those from companies in a sales/marketing context because they contain all the fabulous buzzwords from the time.

Entitled RCA Video Monitors: The Future Is Now (1983), the below is a segment from an extremely rare CED videodisc sent to dealers telling them about the then new concept in TV design: the inclusion of multiple A/V inputs and outputs for connecting multiple devices!

(image by grm_wnr, Wikimedia)

The intermittent skipping you see on the video was “normal” for that videodisc technology. Mind that videodisc wasn’t DVD, videodisks were quite big.

Note that, oddly, DVDs also exhibit a brief skip when (they switch from one layer to another on dual-layer disks). Technically it’d be so easy to avoid this visual annoyance!.

Compact Cassette(image by GrahamUK, Wikipedia)

The Compact Disk (CD) was invented by Philips and launched around 1984. DVD (Digital Versatile Disk) is from 1995. Philips actually has a history of these broad innovations, in 1953 they launched the Compact Cassette.

Philips somehow misfired with video recorders (VCRs), adopting the technically superior Video 2000 format (1979), and as we now know VHS became the global standard. The VCR format saga is an interesting historical example of where factors other than purely technical superiority played a role in defining the winner. Among other factors, they came in late – but there was more to it. Anyhow, we know that even Betamax was regarded as superior in quality to VHS, Betamax remained in use for professional recording equipment for a very long time.


Planet DebianMatthew Garrett: If it's not practical to redistribute free software, it's not free software in practice

I've previously written about Canonical's obnoxious IP policy and how Mark Shuttleworth admits it's deliberately vague. After spending some time discussing specific examples with Canonical, I've been explicitly told that while Canonical will gladly give me a cost-free trademark license permitting me to redistribute unmodified Ubuntu binaries, they will not tell me what Any redistribution of modified versions of Ubuntu must be approved, certified or provided by Canonical if you are going to associate it with the Trademarks. Otherwise you must remove and replace the Trademarks and will need to recompile the source code to create your own binaries actually means.

Why does this matter? The free software definition requires that you be able to redistribute software to other people in either unmodified or modified form without needing to ask for permission first. This makes it clear that Ubuntu itself isn't free software - distributing the individual binary packages without permission is forbidden, even if they wouldn't contain any infringing trademarks[1]. This is obnoxious, but not inherently toxic. The source packages for Ubuntu could still be free software, making it fairly straightforward to build a free software equivalent.

Unfortunately, while true in theory, this isn't true in practice. The issue here is the apparently simple phrase you must remove and replace the Trademarks and will need to recompile the source code. "Trademarks" is defined later as being the words "Ubuntu", "Kubuntu", "Juju", "Landscape", "Edubuntu" and "Xubuntu" in either textual or logo form. The naive interpretation of this is that you have to remove trademarks where they'd be infringing - for instance, shipping the Ubuntu bootsplash as part of a modified product would almost certainly be clear trademark infringement, so you shouldn't do that. But that's not what the policy actually says. It insists that all trademarks be removed, whether they would embody an infringement or not. If a README says "To build this software under Ubuntu, install the following packages", a literal reading of Canonical's policy would require you to remove or replace the word "Ubuntu" even though failing to do so wouldn't be a trademark infringement. If an email address is present in a changelog, you'd have to change it. You wouldn't be able to ship the juju-core package without renaming it and the application within. If this is what the policy means, it's so impractical to be able to rebuild Ubuntu that it's not free software in any meaningful way.

This seems like a pretty ludicrous interpretation, but it's one that Canonical refuse to explicitly rule out. Compare this to Red Hat's requirements around Fedora - if you replace the fedora-logos, fedora-release and fedora-release-notes packages with your own content, you're good. A policy like this satisfies the concerns that Dustin raised over people misrepresenting their products, but still makes it easy for users to distribute modified code to other users. There's nothing whatsoever stopping Canonical from adopting a similarly unambiguous policy.

Mark has repeatedly asserted that attempts to raise this issue are mere FUD, but he won't answer you if you ask him direct questions about this policy and will insist that it's necessary to protect Ubuntu's brand. The reality is that if Debian had had an identical policy in 2004, Ubuntu wouldn't exist. The effort required to strip all Debian trademarks from the source packages would have been immense[2], and this would have had to be repeated for every release. While this policy is in place, nobody's going to be able to take Ubuntu and build something better. It's grotesquely hypocritical, especially when the Ubuntu website still talks about their belief that people should be able to distribute modifications without licensing fees.

All that's required for Canonical to deal with this problem is to follow Fedora's lead and isolate their trademarks in a small set of packages, then tell users that those packages must be replaced if distributing a modified version of Ubuntu. If they're serious about this being a branding issue, they'll do it. And if I'm right that the policy is deliberately obfuscated so Canonical can encourage people to buy licenses, they won't. It's easy for them to prove me wrong, and I'll be delighted if they do. Let's see what happens.

[1] The policy is quite clear on this. If you want to distribute something other than an unmodified Ubuntu image, you have two choices:
  1. Gain approval or certification from Canonical
  2. Remove all trademarks and recompile the source code
Note that option 2 requires you to rebuild even if there are no trademarks to remove.

[2] Especially when every source package contains a directory called "debian"…

comment count unavailable comments

Planet DebianVincent Fourmond: Purely shell way to extract a numbered line from a file

I feel almost shameful to write it down, but as it took me a long time to realize this, I'll write it down anyway. Here's the simplest portable shell one-liner I've found to extract only the, say, 5th line from file:

~ cat file | tail -n +5 | head -n1

Hope it helps...

Update: following the comments to this post, here are a couple of other solutions. Thanks to all who contributed !

~ cat file | sed -ne 5p
~ cat file | sed -ne '5{p;q}' 

The second solution has the advantage of closing the input after line 5, so if you have an expensive command, you'll kill it with a SIGPIPE soon after it produces line 5. Other ones:

~ cat file | awk 'NR==5 {print; exit}'
~ cat file | head -n5 | tail -n1 

The last one, while simpler, is slightly more expensive because all the lines before the one you're interested in are copied twice (first from cat to head and then from head to tail). This happens less with the first solution because, even if tail passes on all the lines after the one you're interested in, it is killed by a SIGPIPE when head closes.

Google AdsenseGive your site a content boost

5 tips to grow site visitors

If you're like most publishers, you think a lot about how to grow your site audience. It should be no surprise that for this topic, content is key. Great content attracts and engages new users and keeps your wonderful old users coming back again and again.

But how do you produce content that is high in quality, value, and unique? For the answer, look back to why you became an AdSense publisher in the first place. Do what you love and your content will naturally be at the heart of all you do.

As you build your new content, use these five tips to make what you create as engaging as it can possibly be.

Be targeted, be consistent, be frequent
Take time to figure out who is reading your content and what topics they find most interesting. Does your blog about dogs get 20 comments about Chihuahuas for every one comment about Great Danes? Maybe you should focus on the little guys!

Update your content as often as you can. With regular updates you’ll build trust and engagement with your users, and they’ll be more likely to share your content with their friends and family.

Create engaging videos
People crave video. In fact, the average mobile viewing session on YouTube is now around 40 minutes. You could boost the amount of time your visitors spend on your site by using video and photos.

Create your own videos; it gives your site personality and unique content. Try adding a separate video section, or integrate video within your articles. Use A/B testing to find the best spot for your video: for instance, see how a video performs in the middle of article versus at the end. Remember, if you use videos that aren't yours, make sure that you have the rights to distribute them.

Be mobile-friendly
The number of smartphone users is estimated to grow by 16% to two billion users in 2015. In all, web access from mobile phones will represent 69% of all traffic by 2017, according to The average user now spends almost three hours per day on mobile devices.*

To win more visitors, optimize your site for all screens. Your site needs to be accessible anywhere and anytime, on smartphones and every other device. (Hungry to learn more? See more tips on going mobile.)

Go social
The way users find and share content has changed. Along with direct and search traffic, social sharing is key for your site visitor strategy. Remember, your article or video could be the perfect fit for someone’s micro-moment, so make sure you have the most important message in the first few moments.

Use social plugins and sharing buttons to help users share your content on the spot. Use large icons to highlight those sharing options. Try to A/B test where those buttons get the best engagement: at the top, at the bottom or embedded right in the article. For the best user experience, keep those buttons separated from your AdSense ads.

Look at what the numbers are telling you
If great content is job #1, great measurement is job #2. Google Analytics can bring you a deeper understanding of your audience and their demographics, time on site, which pages people leave fast, and which they visit most.

Use these insights to provide your users with the right content that works across devices. For instance, try the long-term revenue framework.

Have some top tips of your own? Share them with us in the comments below.

Not yet an AdSense user? Sign up now!
Posted by

Jason Le
Account Strategist 


AdSense Onboarding Agent

Sociological ImagesThe global sanitation crisis on #WorldToiletDay

4One of the first things other academics ask me is “why are you interested in toilets?”

For the vast majority of people, the biological function of waste excretion is an after thought, an activity that nobody wants to talk about, and often times, the mere thought of talking about shit grosses them out. I, however, am fascinated by the human and political dimensions of human waste and the challenges that solving the global sanitation crisis presents. More than excrement itself, I’m interested in a holistic view of sanitation (waste disposal, transportation, removal, treatment and reuse). This interest stems primarily from my training as a chemical engineer, my work experience as a sanitation engineer and researcher, and my interest from my doctoral studies in understanding the politics of policy intervention.

Contrary to what one might think, toilets are political. Owning a toilet will become a necessary prerequisite for politicians to run for office in Gujarat, India. The new Prime Minister of India, Shri Narendra Modi, has made ending open defecation and increasing access to toilets one of his campaign promises and a crucial component of his political and public policy agenda. Modi’s “toilets first, temples later” has been seen as a strong statement in favor of increasing toilet and latrine access in India.

In my own work I have emphasized that even if we have the technical capabilities to increase access to toilets, latrines and sanitation infrastructure, often times we see lack of progress because institutional, cultural, behavioral and societal barriers have been erected through time. I have shown that the behavioral determinants of sanitation governance are complex and multicausal, and also have multiple effects. Not having a toilet in your own home or easily accessible can lead to violence and physical/sexual assault. Lack of toilets affects women disproportionately and leaves them vulnerable to physical violence. Earlier this year I wrote about the complex linkages between menstrual hygiene management, access to toilets, and violence against women.

To end open defecation and increase sanitation access, we need a set of policy strategies that aren’t solely focused (individually) on cultural practices, or access to latrines, or poverty alleviation. All these factors must be tackled simultaneously.

World Toilet Day takes place on November 19th. This year finally the United Nations named World Toilet Day an official UN day, although for all the noise it has been making, we are WAY behind the target for the Millennium Development Goals. If we really want to end open defecation by 2025, as the UN indicates, we are definitely going to need a better approach. In my own research, I have found that institution- and routine-based strategies help increase access to sanitation. I have also argued that access to toilets can be used as a political manipulation strategy. We should be interested in the global politics of sanitation because the crisis is far-reaching and widespread.

Today, I encourage you to reflect on the fact that over 1 billion people defecate in the open because they lack the dignity of a toilet, and that 2.6 billion people don’t have access to improved water and sanitation sources.

Think about it. It IS political. Because we can’t wait to solve the global sanitation crisis.

Raul Pacheco-Vega, PhD is a professor of Resource Management and Environmental Studies with a specialty in the global politics of sanitation. You can follow him at, where this post originally appeared, and on Twitter and Facebook.

(View original at

Krebs on SecurityFederal Legislation Targets “Swatting” Hoaxes

A bill introduced in the U.S. House of Representatives on Wednesday targets “swatting,” an increasingly common and costly hoax in which perpetrators spoof a communication to authorities about a hostage situation or other violent crime in progress in the hopes of tricking police into responding at a particular address with deadly force.


The Interstate Swatting Hoax Act of 2015, introduced by Rep. Katherine Clark (D-Mass.) and Rep. Patrick Meehan (R-PA), targets what proponents call a loophole in current law. “While federal law prohibits using the telecommunications system to falsely report a bomb threat hoax or terrorist attack, falsely reporting other emergency situations is not currently prohibited,” reads a statement by the House co-sponsors.

To address this shortcoming, the bill “would close this loophole by prohibiting the use of the internet telecommunications system to knowingly transmit false information with the intent to cause an emergency law enforcement response.”

“In recent years, swatting has become a widely used tool for online harassers to attack journalists, academics, domestic violence survivors, and celebrities,” the lawmakers wrote. “Perpetrators locate victims’ private information online and use technology to conceal their identity as they contact emergency responders.”

Fairfax County Police outside my home on 3/14/13

Fairfax County Police outside my home on 3/14/13

As the target and victim of multiple swatting hoaxes, I support efforts to crack down on this dangerous crime, which wastes public resources, unnecessarily endangers lives, and diverts first responders away from real emergencies.

However, the bill doesn’t and can’t address a big part of the swatting problem: A huge percentage of those involved in swatting are under the age of 18, and the federal justice system simply isn’t built to handle juvenile offenders. As a result, most cases of youths detained for swatting are handled by state and local authorities. Thus, unless more states pass anti-swatting laws, many of these crimes likely will continue to go unpunished.

California, for example, has a law on the books that requires convicted swatters to repay any costs associated with the incident, which can range as high as $10,000. Under the California law, which took effect Jan. 1, 2014, convicted swatters can face up to a year in jail.

CryptogramRFID-Shielded, Ultra-Strong Duffel Bags

They're for carrying cash through dangerous territory:

SDR Traveller caters to people who, for one reason or another, need to haul huge amounts of cash money through dangerous territory. The bags are made from a super strong, super light synthetic material designed for yacht sails, are RFID-shielded, and are rated by how much cash in US$100 bills each can carry....

Planet DebianMiriam Ruiz: Projects, Conflicts and Emotions

The Debian Project includes many people, groups and teams with different goals, priorities and ways of doing things. Diversity is a good thing, and the results of the continuous interaction, cooperation and competition among different points of view and components make up a successful developing framework both in Debian and in other Free / Libre / Open Source Software communities.

The cost of this evolutionary paradigm is that sometimes there are subprojects that might have been extremely successful and useful that are surpassed by newer approaches, or that have to compete with alternative approaches that were not there before, and which might pursue different goals or have a different way of doing things that their developers find preferable in terms of modularity, scalability, stability, maintenance, aesthetics or any other reason.

Whenever this happens, the emotional impact on the person or group of people that are behind the established component (or process, or organizational structure), that is being questioned and put under test by the newer approach can be important, particularly when they have invested a lot of time and effort and a considerable amount of emotional energy doing a great job for many years. Something they should be thanked for.

This might be particularly hard when -for whatever reason- the communication between both teams is not too fluent or constant, and sometimes the author or authors of the solution that was considered mainstream until then might feel left out and their territory stolen. As generally development teams and technical people in the Free / Libre / Open Source world are more focused on results than on relationships, projects are generally not too good at managing this (emotional, relational) situations, even though they (we) are gradually learning and improving.

What has happened with the Debian Live Project is indeed a hurtful situation, even though it’s probably an unavoidable one. The Debian Live Project has done a great job for many years and it is sad to see it dying abruptly. A new competing approach is on its way with a different set of priorities and different way of doing things, and all that can be done at the moment is to thank Daniel for all his work, as well as everyone who has made the Debian Live Project successful for so many years, also thank the people who are investing their time and effort in developing something that might be even better. Lets wait and see.

Source of the image: Conflict Modes and Managerial Styles by Ed Batista

Worse Than FailureCodeSOD: The Cleaner

In software development, there are people who get the unenviable task of being the cleaner. Somebody makes a mess, and the cleaner comes in to take care of it. And that brings us to Tina.

I'm Winston Wolf. I solve problems.

Tina was brought in as a cleaner. There was an application that was a mess <script src="" type="text/javascript"></script>, and the powers-that-be wanted it taken care of. Tina took a look, and she noticed that there were a lot of round trips to the database. In fact, after profiling, it almost looked like every query ran at least twice. She saw code following this pattern everywhere:

    if (!IsTableEmpty("users")) {
        results = GetTableData("users");

Or, worse:

    if (!IsTableEmpty("users") && !IsTableEmpty("orders") && !IsTableEmpty("line_items")) {
        users = GetTableData("user");
        orders = GetTableData("orders");
        lines = GetTableData("lines");
        for (int i = 0; i < users.count; i++) {
            for (int j = 0; j < orders.count; j++) {
                for (int k = 0; k < lines.count; k++) {
                    //manually join all the records together
                    //with a giant block of conditionals

With that sort of logic, Tina knew exactly how this particular application needed to be “taken care of”, but she was curious. Curiousity, of course, isn’t a good trait in a cleaner. Don’t ask questions. Don’t poke your nose where it doesn’t belong. But she just had to know- how was IsTableEmpty implemented?

    private bool IsTableEmpty(string s){

            SqlDataAdapter adapter = new SqlDataAdapter("SELECT * FROM "+s,"server=****;database=****;User ID=****;Password=****");

            DataSet ds = new DataSet();


            int count=0;

            foreach(DataRow row in ds.Tables[0].Rows){




                    return false;

            return true;

<link href="" rel="stylesheet"/> <script src=""></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

Planet Linux AustraliaLinux Users of Victoria (LUV) Announce: LUV Beginners November Meeting: Security scanning with Nmap

Nov 21 2015 12:30
Nov 21 2015 16:30
Nov 21 2015 12:30
Nov 21 2015 16:30

RMIT Building 91, 110 Victoria Street, Carlton South

Scott Junner will offer a basic run through of the main functions of Nmap with some explanations of the background of what Nmap is doing and why it gets some of the results it gets. He will talk about why you would want to use Nmap and give an example of a few scans he did on his own network to show the kind of information that others could collect. Or you could collect on others - depending on which way you lean.

LUV would like to acknowledge Red Hat for their help in obtaining the Trinity College venue and VPAC for hosting.

Linux Users of Victoria Inc., is an incorporated association, registration number A0040056C.

November 21, 2015 - 12:30

read more

Planet Linux AustraliaSteven Hanley: [mtb/events] Triple Triathlon 2015 - Wheres Our Swimmer - Mixed Pairs

Tagging Milly for the Mt Taylor run (fullsize)
As I mention in the words I ended up in pairs this year again, racing with Milly after our swimmer for the event injured himself. Our goal was to have a fun day out in Canberra looking forward to the finish line and beers there. I think we managed that and enjoyed hanging out with all the others transcending the hills and lakes of Canberra.

Great to see Rowan have so much fun on course again, also Cam had an amazing day out with 12h15m solo and finishing third. Ben Crabb got to race again with his normal team before disappearing to the UK for three years. So many others were having fun and so were Milly and I (though the early shot of her before the swim start she does not appear so sure), looking through the event gallery on the Sri Chinmoy events site there are some good photos of everyone around too.

My words and photos are online in my Triple Triathlon 2015 - Wheres Our Swimmer - Mixed Pairs gallery. Good day out bring on 2016.


Planet Linux AustraliaSteven Hanley: [mtb/events] Geoquest 2012 - Out Of Range

Heading into the water with our tubes (fullsize)
When I looked at this album I realised I still have not published or added comments to my 2011 geoquest album. I guess that will be next. For now this was 2012 with Seb, Lee and Eliza up at Forster again. Before Eliza was quite so hooked on MTB near the end of her doing Triathlon we were trying to convince her long sill AR stuff is the best thing ever, I hope we did not scar her too much with the longest event she had ever done.

KV, Ben and Matt were our rather awesome support crew engaging in a bit of speed camping around the region and seeing us come past once in a while, thanks to them for the effort. It was a remarkably hard (well long at least) course this year and though there was no ocean paddling there was a bit of time in the kayaks. The event was a lot of fun as always, though I still need to sort out some of my insulin type and timing issues (as I was reminded this year when I had some lows).

My 2012 Geoquest - Out of Range gallery is online for anyone to have a look, I almost was worried I managed to get a photo of Eliza not smiling, however it appears not to have happened so all is right with the world.

CryptogramParis Terrorists Used Double ROT-13 Encryption

That is, no encryption at all. The Intercept has the story:

Yet news emerging from Paris -- as well as evidence from a Belgian ISIS raid in January -- suggests that the ISIS terror networks involved were communicating in the clear, and that the data on their smartphones was not encrypted.

European media outlets are reporting that the location of a raid conducted on a suspected safe house Wednesday morning was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall massacre. Le Monde reported that investigators were able to access the data on the phone, including a detailed map of the concert hall and an SMS messaging saying "we're off; we're starting." Police were also able to trace the phone's movements.

The obvious conclusion:

The reports note that Abdelhamid Abaaoud, the "mastermind" of both the Paris attacks and a thwarted Belgium attack ten months ago, failed to use encryption whatsoever (read: existing capabilities stopped the Belgium attacks and could have stopped the Paris attacks, but didn't). That's of course not to say batshit religious cults like ISIS don't use encryption, and won't do so going forward. Everybody uses encryption. But the point remains that to use a tragedy to vilify encryption, push for surveillance expansion, and pass backdoor laws that will make everybody less safe -- is nearly as gruesome as the attacks themselves.

And what is it about this "mastermind" label? Why do we have to make them smarter than they are?

EDITED TO ADD: More information.

EDITED TO ADD: My previous blog post on this.

LongNowThe Artangel Longplayer Letters: Manuel Arriaga writes to Giles Fraser

dysonIn May, John Burnside  wrote a letter to Manuel Arriga as part of the Artangel Longplayer Letters series. The series is a relay-style correspondence: The first letter was written by Brian Eno to Nassim Taleb. Nassim Taleb then wrote to Stewart Brand, and Stewart wrote to Esther Dyson, who wrote to Carne Ross, who wrote to John Burnside, who wrote to Manuel Arriaga. Manuel’s response is now addressed to Giles Fraser, a priest, professor, and journalist who studies contemporary ethics, who will respond with a letter to a recipient of his choosing.

The discussion thus far has focused on the extent and ways government and technology can foster long-term thinking. You can find the previous correspondences here.

From: Manuel Arriaga, New York
To: Giles Fraser, London
16 November 2015

Dear Giles,

Reading the earlier letters in this exchange, it strikes me that the issue of long-term thinking is twofold. Its challenges make themselves felt at two very different levels: the individual and the collective.

As individuals we are notoriously prone to myopic decision-making. The work of cognitive psychologists such as Tversky and Kahneman, whom Stewart Brand quoted in his letter, abundantly documents the biases that plague each of us as we try to act “rationally”. When the temporal horizon expands and making a good decision today depends on properly weighing benefits and costs that are far into the future, we do a particularly poor job. It doesn’t help that, when we look into the more distant future, such consequences are probabilistic rather than certain.

A second, distinct problem has to do with collective decision making. How can we, as a society, adequately handle issues that have long-term consequences? Obviously, different people will list different concerns, but there is a widespread perception that our political life is too caught up in the ephemeral, all the while neglecting to pay proper attention to a number of looming structural challenges.

Why does this distinction between the individual and the collective matter? Because the pathologies that afflict us as a society are not simply the sum – nor the inevitable consequence – of our limitations as individuals. Instead, we have put in place specific procedures and collective decision-making mechanisms that ensure that our individual-level myopia will be amplified when we collectively make decisions. (It is in this sense that, as Esther Dyson wrote, “long-term thinking and collective action are two sides of the same coin.”) Our political system(s) almost seems designed to take our innate biases and ensure that, as a society, we act in a way that would make the most foolhardy and impulsive teenager seem wise by comparison.

Consider elections, perhaps one of the most celebrated institutions of modern times – the only widely-accepted way for the public to delegate power into the hands of a small number of politicians. This provides a way to hold those we elect accountable and gives (some measure of) protection against authoritarian abuses of power.

However, as is painfully evident in 2015, elections also foster shortsightedness in a myriad of ways. Politicians are immersed in the media and electoral cycles, unable to extend their vision beyond the dual horizons of the day’s media coverage and the forthcoming election. Citizens are invited to pick representatives (and occasionally to vote on ballot measures) with little to no serious reflection and on the basis of a wholly inadequate information diet. Finally, journalists find themselves working in an ever-accelerating environment, where they often feel that careful, in-depth coverage of policy issues no longer has a place and must be sacrificed at the altar of sensationalism, high ratings and social media buzz. To borrow Brian Eno’s phrase, the whole system seems geared towards “increasingly short nows”.

Needless to say, we should be doing the opposite. We should be devising collective governance mechanisms that bring out the best in our thinking, creating ways to make decisions that will help us, as a society, overcome our innate myopia and the biases that plague our reasoning. The good news is that I sincerely believe that we have at our disposal a concrete, albeit little known, way to do just that. Its wider adoption promises to make the collective more, rather than less, intelligent than the individual – in short, the kind of change of method that would, as Carne Ross put it, be “tantamount to changing the outcome” in matters of policy that require deep long-term political thinking.

One way to achieve this is through a practice known as citizen deliberation: the use of large panels of randomly selected people to carefully reflect and decide on complex policy matters. Unlike professional politicians, such a representative sample of ordinary citizens has all the incentives – and close to none of the disincentives – to properly think through the long-term consequences of different policy choices. Furthermore, if the deliberation process were rigorously conducted, these citizen panels would be able to see through the “ideology and ghost stories,” as Stewart Brand puts it, that typically plague such decisions.

Greater use of citizen deliberation in policy making could be a powerful antidote to many of the ills we have been identifying. However, in my short book Rebooting Democracy: A Citizen’s Guide to Reinventing Politics, a specific concern over our difficulty in making reasoned long-term choices prompted me to suggest a blueprint for a particular kind of institution. A “Long Now Citizens’ Assembly” (the name was meant as a not-so-subtle nod to the inspiring work of the Long Now Foundation) would be a large citizen panel that would convene every ten years. These citizens would be tasked with defining a collective political vision, thereby setting out some key choices in terms of the direction their nation, region or city should take, subject to approval in a referendum. The decade between meetings would make it unambiguously clear that the panel existed in a different temporal plane from that of electoral party politics.

Although citizen deliberation dates back to ancient Greece, the idea of involving ordinary citizens in real-world policy making invariably comes as a shock to many. However, skepticism dissipates as people come to understand how citizen deliberation works in practice. The citizen panel carries out an in-depth study and analysis of the issue(s) at hand, including consultations with policy makers, interest groups, scientific experts and others. They deliberate, at length and with the assistance of skilled facilitators, about the available policy choices and their possible impact. The process has nothing in common with the rowdy scenes and uninformed shouting matches that characterized, for example, the town hall meetings on healthcare reform in the United States back in 2009.

A commonly-voiced concern is whether ordinary citizens have what it takes – are they intelligent enough to address complex policy issues? Here, too, doubts prove unfounded. Stanford Professor James Fishkin, one of the world’s foremost experts on citizen deliberation, writes that “the public is very smart if you give them a chance. If people think their voice actually matters, they’ll do the hard work, really study, … ask the experts smart questions and then make tough decisions. When they hear the experts disagreeing, they’re forced to think for themselves. About 70% change their minds in the process.” He assures us that “citizens can become better informed and master the most complex issues of state government if they are given the chance.”

The promise of citizen deliberation is that it could free policy making from the well-known biases that plague professional politicians. Ordinary citizens, chosen at random and for a single, non-renewable term, can act – just like a jury in court – in what they perceive to be the true long-term public interest, free from the pressures of facing reelection. They don’t have to worry about how necessary-but-unpopular measures will adversely impact their popularity ratings.

But perhaps the most exciting aspect is that none of this is idle, academic speculation. Recent experiences show how well citizen deliberation works in practice. In 2004, a randomly-chosen panel of 160 citizens was tasked by the government of the Canadian province of British Columbia with reforming the province’s electoral system. After drawing on the input of a wide variety of experts, consulting the public, and deliberating at length, the British Columbia Citizens’ Assembly on Electoral Reform ended up suggesting a type of electoral system that, in the words of Professor David Farrell, a renowned expert on electoral systems, “politicians, given a choice, would probably least like to see introduced but which voters, given a choice, should choose.” The assembly’s proposal was later approved by 58% of the popular vote in a referendum, yet regrettably failed to meet the strict requirements imposed by the provincial government for its results to be considered binding, and therefore has yet to be implemented.

Similarly encouraging results are reported from the U.S. state of Oregon. Since 2010, citizen deliberation has been used to assist Oregon voters in state-wide ballot initiatives. In a process known as the “Citizen Initiative Review,” a panel of about twenty-five randomly chosen Oregonians is tasked with carefully researching and deliberating on the ballot measure up for a vote. At the end of this process, an accessible and highly informative set of “key findings”, as well as an indication of how many panelists ultimately supported and opposed the proposed measure, are presented as a “citizens’ statement” in the pamphlet that voters receive in the mail before a ballot. Research confirms that this citizens’ statement not only makes voters better informed, but also has a substantial influence on the voting behavior of those who read it.

In his letter, John Burnside rightly wonders if – in light of the substantial social change that would be required just to bring rampant environmental destruction under control – it might be too optimistic to place that much faith in the abilities of our fellow citizens. When one pauses to consider what is at stake and how far we are from attaining that goal, it is impossible not to share his concern. Yet, I can think of no other collective decision making system better equipped to handle such a challenge. After all, the kind of major lifestyle changes that seem necessary are utterly indefensible by professional politicians seeking (re)election. We can also hope for the success of NGOs and other groups in civil society trying to promote greater environmental awareness, yet their odds of effecting major changes seem awfully limited as long as our so-called democracies remain deaf to voices other than those stemming from powerful economic interests (or, perhaps just as depressingly, focus groups). Our best hope perhaps lies in the abilities of ordinary citizens to collectively engage with these difficult issues and then share their findings with the broader public.

Giles, in this letter I deliberately adopted an “engineering” perspective – that of a self-confessed geek who asks himself how we might reform a system so that it can generate what I consider to be better outcomes. I did so aware of the violent oversimplification entailed in this process, any hopes of true change ultimately depending on our values and how they come to evolve over time.

As argued above, I believe that citizen deliberation offers us a powerful way to cut through the everyday froth, to reflect on and articulate what our values truly are and which reforms are needed so that, together, we can build a future that is true to those values. Yet, this is at best a tiny piece of the puzzle. I very much look forward to seeing where you will choose to take this conversation next.

All my best,


Manuel Arriaga is a visiting research professor at New York University and a fellow at the University of Cambridge. In 2014, he published Rebooting Democracy: A Citizen’s Guide to Reinventing Politics, which, by the end of the same year, had become the #1 best-selling book on democracy on Amazon UK. He is currently working on a film project on democratic innovations. More information about his work can be found at

Giles Fraser is a priest of the Church of England and a journalist. He is currently the parish priest at St Mary’s, Newington, near the Elephant and Castle, London, and writes a weekly Saturday column Loose Canon for The Guardian, as well as appearing frequently on BBC Radio 4. He is a regular contributor on Thought for the Day and a panellist on The Moral Maze. He is visiting professor in the anthropology department at the London School of Economics. He was previously Canon Chancellor of St Paul’s Cathedral and director of the St Paul’s Institute from 2009 until his resignation in October 2011. As Canon Chancellor, Fraser was a residentiary canon with special responsibility for contemporary ethics and engagement with the City of London as a financial centre.

Planet DebianDaniel Pocock: Improving DruCall and JSCommunicator user interface

DruCall is one of the easiest ways to get up and running with WebRTC voice and video calling on your own web site or blog. It is based on 100% open source and 100% open standards - no binary browser plugins and no lock-in to a specific service provider or vendor.

On Debian or Ubuntu, just running a command such as

# apt-get install -t jessie-backports drupal7-mod-drucall

will install Drupal, Apache, MySQL, JSCommunicator, JsSIP and all the other JavaScript library packages and module dependencies for DruCall itself.

The user interface

Most of my experience is in server-side development, including things like the powerful SIP over WebSocket implementation in the reSIProcate SIP proxy repro.

In creating DruCall, I have simply concentrated on those areas related to configuring and bringing up the WebSocket connection and creating the authentication tokens for the call.

Those things provide a firm foundation for the module, but it would be nice to improve the way it is presented and optimize the integration with other Drupal features. This is where the projects (both DruCall and JSCommunicator) would really benefit from feedback and contributions from people who know Drupal and web design in much more detail.

Benefits for collaboration

If anybody wants to collaborate on either or both of these projects, I'd be happy to offer access to a pre-configured SIP WebSocket server in my lab for more convenient testing. The DruCall source code is a hosted project and the JSCommunicator source code is on Github.

When you get to the stage where you want to run your own SIP WebSocket server as well then free community support can also be provided through the repro-user mailing list. The free, online RTC Quick Start Guide gives a very comprehensive overview of everything you need to do to run your own WebRTC SIP infrastructure.

Krebs on SecurityReport: Everyone Should Get a Security Freeze

This author has frequently urged readers to place a security freeze on their credit files as a means of proactively preventing identity theft. Now, a major consumer advocacy group is recommending the same: The U.S. Public Interest Research Group (US-PIRG) recently issued a call for all consumers to request credit file freezes before becoming victims of ID theft.


Each time news of a major data breach breaks, the hacked organization arranges free credit monitoring for all customers potentially at risk from the intrusion. But as I’ve echoed time and again, credit monitoring services do little if anything to stop thieves from stealing your identity. The best you can hope for from these services is that they will alert you when a thief opens or tries to open a new line of credit in your name.

But with a “security freeze” on your credit file at the four major credit bureaus, creditors won’t even be able to look at your file in order to grant that phony new line of credit to ID thieves.

Thankfully, US-PIRG — the federation of state public interest research groups — also is now recommending that consumers file proactive security freezes on their credit files.

“These constant breaches reveal what’s wrong with data security and data breach response. Agencies and companies hold too much information for too long and don’t protect it adequately,” the organization wrote in a report (PDF) issued late last month. “Then, they might wait months or even years before informing victims. Then, they make things worse by offering weak, short-term help such as credit monitoring services.”

The report continues: “Whether your personal information has been stolen or not, your best protection against someone opening new credit accounts in your name is the security freeze (also known as the credit freeze), not the often-offered, under-achieving credit monitoring. Paid credit monitoring services in particular are not necessary because federal law requires each of the three major credit bureaus to provide a free credit report every year to all customers who request one. You can use those free reports as a form of do-it-yourself credit monitoring.”

Check out the USPIRG’s full report, Why You Should Get Security Freezes Before Your Information is Stolen (PDF) for more good advice. In case anything in that report is unclear, in June I posted a Q&A on security freezes, explaining how they work, how to place them and the benefits and potential drawbacks of placing a freeze.

Have you frozen your credit file? If so, sound off about the experience in the comments. If not, why not?

RacialiciousBarack Obama on Race

The fact that race has always been the fault line of our society and has always distorted our politics—that is not subject to argument. 

-Barack Obama in GQ

The post Barack Obama on Race appeared first on Racialicious - the intersection of race and pop culture.

CryptogramAds Surreptitiously Using Sound to Communicate Across Devices

This is creepy and disturbing:

Privacy advocates are warning federal authorities of a new threat that uses inaudible, high-frequency sounds to surreptitiously track a person's online behavior across a range of devices, including phones, TVs, tablets, and computers.

The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.

Related: a Chrome extension that broadcasts URLs over audio.

Worse Than FailureThe Enterprise Axe

If a piece of software is described in any way, shape or form with the word “enterprise” it’s a piece of garbage.

-Remy’s Law of Enterprise Software

“Enterprise” software products live in an uncomfortable <script src="" type="text/javascript"></script> space. They need to fulfill the needs of a business, without being specific to any one business. They’re a one-size fits all solution, and companies like Oracle or SAP compete on their feature-set and the customizability of their inner platform.

Maciek recently had his own horrifying encounter with Microsoft’s own Enterprise Resource Planning tool, Dynamics AX. Dynamics AX is a monster glued together out of the left-over parts of every product Microsoft makes. It integrates with SharePoint, Office, Project Server, and of course SQL Server and SQL Server Reporting Services (SSRS), because a tool like this is not useful without some sort of reporting system. It’s extensible through both .NET and COM. It’s a mess that’s been featured before.

Dynamics AX first entered Maciek’s life when his end-users complained that one of the Accounts Receivable reports was “incorrect”. Specifically, they needed the “Invoice Date” field to be color coded. If the invoice went out to a customer on a Monday, the field should be green, but if it went out the second Thursday of the month, it should be red, but black if it was any other day, except for Wednesdays, which should always be yellow unless they fall on an odd numbered calendar day or it’s a leap year. Maciek didn’t ask the users why this particular insane business rule existed, because they wouldn’t have explained it to him anyway. One specific user- Vlad- had a vision of what the report was supposed to look like, and that Maciek was responsible for fulfilling that vision.

Maciek's screenshot of the report, which consists of nothing but boxes filled with expr, and they're all impossible to tell apart.

Maciek dug into Dynamics AX and opened up the report in Business Intelligence Development Studio- Microsoft’s tool for editing SSRS reports. The report itself was a canned report, developed by Microsoft and bundled with Dynamics AX. Since “naming things” is one of the “hard” problems in computer science, whoever actually developed the report didn’t bother trying to solve it. Every single field in the report was named “textbox45” or “textbox94”. Since every field used a customized expression to control what was actually displayed, Maciek couldn’t actually tell which field was the “Invoice Date” without examining the properties of hundreds of fields.

It took hours to find the field, and then Maciek carefully built a formatting expression that met Vlad’s vision. He ran the report with a few different sets of parameters, confirmed the output, then he sent sample reports to Vlad. “Can you confirm these reports are correct? If they are, I can roll the changes out to AX.”

A week went by with no reply from Vlad. Maciek moved on to other tasks. Another week went by. Maciek started to forget about Vlad entirely. Then, suddenly, a message with a subject line of “REPORTS ARE BROKEN!!!!!” arrived in Maciek’s inbox.

“Why isn’t this working?” Vlad’s email demanded. “I went to AX and ran the report and the invoice date field isn’t color coded correctly. FIX IT.”

“I didn’t put the changes in production yet,” Maciek replied. “I need you to confirm that the sample reports I sent are correct.”


This email exchange ballooned into a series of CCs and BCCs. Six levels of management swooped in to solve this crisis, and they solved it by dragging Maciek through twelve hours of meetings. Eventually, Vlad sent a follow up email. “Was there something I was supposed to look at? Could you resend?” Finally, Maciek was able to get the changes validated and released to production. He thought that would be the end of it.

A month later, Vlad sent another email with the subject, “THE REPORTS ARE BROKEN!!!!!” Specifically, the AR invoice report, which Maciek was the last person to touch, just printed out an error code and didn’t generate data.

As the “expert”, Maciek verified the error in production, and then pulled up the report in BIDS to see if he could debug the problem. When he ran the report from BIDS, even against production data, it worked fine. It printed out 3,000 records just fine. Since it worked on his machine, that meant the problem had to be somewhere in Dynamics AX. AX didn’t just run reports, but it had hooks where X++ (AX’s platform-specific programming language) could interact with the report lifecycle.

Maciek grabbed a machete and plunged into the thicket of Microsoft’s X++ code. There, he found this:

/// <summary>
/// Provides the opportunity for validation prior to running the report.
/// </summary>
protected container preRunValidate()
    // Record count is a good proxy for overall time on this
    // report. However, each record requires a significant amount
    // of processing and costly balance queries, so the limits
    // are set significantly lower for this report than other
    // reports. 100 records will take around 10 seconds to process
    // and 2500 records will take around 15 minutes to process.

    Query                           countQuery = this.getFirstQuery();

    int                             recordCount;

    recordCount = QueryRun::getQueryRowCount(countQuery);

    if (recordCount > #ErrorLimit)
        // Processing over the error limit should take around 20 minutes, so even
        // with some error possible due to overlap in counting this still
        // means the report will timeout on a machine with low volume and
        // no load.
        validateResult = [SrsReportPreRunState::Error];
    else if (recordCount > #WarningLimit)
        // Processing up to the warning limit should take around 10 seconds
        validateResult = [SrsReportPreRunState::Warning];

    return validateResult;

Note, this code executes after the query has been run against the database. If the query returns more than 2,500 records, this method sets an error code. From the comments, Maciek determined that the original developer believed that rendering a row on the report was neither CPU nor IO bound, but instead was a function of time. Maciek didn’t believe that, and even if it were true, Vlad wouldn’t mind waiting longer for the report to run if he got the results he wanted, but with that error limit set, increasing the timeout wouldn’t do anything.

On a whim, Maciek decided to live dangerously, and disabled the error limit check. Thus far, the report continues to run just fine.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Kelvin ThomsonImprove National Security by Importing Less Oil

Malcolm Maiden is right when he says in Today’s Age that reducing our oil imports could make Australia safer. He says every barrel of oil saved would tighten the funding equation for Islamic State and its supporters, and that the connection between oil money and terrorism is toxic and chronic. This is true. An analysis for Thomson Reuters last year by Jean-Charles Brisard and Damien Martinez found that 38 per cent of Islamic State funding comes from oil sales. It also gets money from donations, and some of the money behind the donors comes from oil sales. <o:p></o:p>

The methods we have used so far to defeat Islamist terrorism ever since Osama Bin Laden’s September 11 2001 attacks on the World Trade Centre have not been successful, and the world is every bit as dangerous as it was then, arguably more so. Given this, it makes sense to me to do everything we can to throttle the funding sources for Islamic State and other Islamist terrorists. Transitioning out of oil and into electric vehicles and battery storage technology would be an excellent place to start. And the UN Climate Change talks in Paris would be a deeply appropriate time and place for the world to become fair dinkum about this transition.<o:p></o:p>

Planet Linux AustraliaChris Smart: Changing Jenkins concurrent job token from @ to something else

Some jobs may fail in Jenkins when running concurrently because they don’t like the @ symbol in the path.

For example, you may get a jobs at something like:

  • /var/lib/jenkins/jobs/cool-project
  • /var/lib/jenkins/jobs/cool-project@2

This can be easily changed to something else, as per the Jenkins system properties page by modifying the -D arguments sent to Java. I’ve changed it to _job_ at the moment.

echo 'JAVA_ARGS="$JAVA_ARGS -Dhudson.slaves.WorkspaceList=_job_"'\
 >> /etc/default/jenkins
systemctl restart jenkins

Now concurrent jobs will be something like:

  • /var/lib/jenkins/jobs/cool-project
  • /var/lib/jenkins/jobs/cool-project_job_2

Which seems much nicer to me.


LongNowAndy Weir Seminar Media

This lecture was presented as part of The Long Now Foundation’s monthly Seminars About Long-term Thinking.

The Red Planet for Real

Tuesday October 27, 02015 – San Francisco

Video is up on the Weir Seminar page.


Audio is up on the Weir Seminar page, or you can subscribe to our podcast.


Planet DebianNorbert Preining: Debian/TeX Live 2015.20151116-1

One month has passed since the big multiarch update, and not one bug report concerning it did come in, that are good news. So here is a completely boring update with nothing more than the usual checkout from the TeX Live tlnet distribution as of yesterday.

Debian - TeX Live 2015

I cannot recall anything particular to mention here, so this time let me go with the list of updated and new packages only:

Updated packages

alegreya, algorithm2e, animate, archaeologie, articleingud, attachfile, bankstatement, beebe, biber, biblatex, biblatex-manuscripts-philology, biblatex-opcit-booktitle, bidi, br-lex, bytefield, catcodes, chemfig, chemformula, chemgreek, comprehensive, computational-complexity, ctable, datetime2, dowith, dvipdfmx, dvipdfmx-def, dynamicnumber, e-french, epspdf, etoc, fetamont, findhyph, fix2col, gitinfo2, gradstudentresume, indextools, kotex-oblivoir, kotex-utils, kpathsea, l3build, l3experimental, l3kernel, l3packages, latex, latex2e-help-texinfo, lisp-on-tex, ltxfileinfo, luatexja, makedtx, mathastext, mathtools, mcf2graph, media9, medstarbeamer, morehype, nameauth, nicetext, ocgx2, perltex, preview, prftree, pst-eucl, pstricks, reledmac, resphilosophica, selnolig, substances, tcolorbox, tetex, teubner, tex4ht, texdoc, texinfo, texlive-scripts, toptesi, translations, turabian-formatting, uptex, xepersian, xetex, xetex-def, xint.

New packages

asciilist, babel-macedonian, bestpapers, bibtexperllibs, fixcmex, iffont, nucleardata, srcredact, texvc, xassoccnt.


Krebs on SecurityParis Terror Attacks Stoke Encryption Debate

U.S. state and federal law enforcement officials appear poised to tap into public concern over the terror attacks in France last week to garner support for proposals that would fundamentally weaken the security of encryption technology used by U.S. corporations and citizens. Here’s a closer look at what’s going on, and why readers should be tuned in and asking questions.

encryptedeyeDespite early and widely repeated media reports that the terrorists who killed at least 128 people in Paris used strong encryption to disguise their communications, the evidence of this has failed to materialize. An initial report on Nov. 14 from Forbes titled “Why the Paris ISIS Terrorists Used PlayStation4 to Plan Attacks” was later backpedalled to “How Paris ISIS Terrorists May Have Used PlayStation 4 to Discuss and Plan.” Turns out there was actually nothing to indicate the attackers used gaming consoles to hide their communications; only that they could do that if they wanted to.

Politico ran a piece on Sunday that quoted a Belgian government official saying French authorities had confiscated at least one PlayStation 4 gaming console from one of the attacker’s belongings (hat tip to

“It’s unclear if the suspects in the attacks used PlayStation as a means of communication,” the Politico story explained. “But the sophistication of the attacks raises questions about the ability of law enforcement to detect plots as extremists use new and different forms of technology to elude investigators.”

Also on Sunday, The New York Times published a story that included this bit:

“The attackers are believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation but were not authorized to speak publicly. It was not clear whether the encryption was part of widely used communications tools, like WhatsApp, which the authorities have a hard time monitoring, or something more elaborate. Intelligence officials have been pressing for more leeway to counter the growing use of encryption.”

After heavy criticism of the story on Twitter, The Times later removed the story from the site (it is archived here). That paragraph was softened into the following text, which was included in a different Times story later in the day: “European officials said they believed the Paris attackers had used some kind of encrypted communication, but offered no evidence.” To its credit, the Times today published a more detailed look at the encryption debate.

The media may be unwittingly playing into the hands of folks that former NBC reporter Bob Sullivan lovingly calls the “anti-encryption opportunists,” i.e., those who support weakening data encryption standards to make it easier for law enforcement officials to lawfully monitor people suspected of terrorist activity.

The directors of the FBI , Central Intelligence Agency and National Security Agency have repeated warned Congress and the technology community that they’re facing a yawning intelligence gap from smart phone and internet communication technologies that use encryption which investigators cannot crack — even after being granted the authority to do so by the U.S. courts.

For its part, the Obama administration has reportedly backed down in its bitter dispute with Silicon Valley over the encryption of data on iPhones and other digital devices.

“While the administration said it would continue to try to persuade companies like Apple and Google to assist in criminal and national security investigations, it determined that the government should not force them to breach the security of their products,” wrote Nicole Perlroth and David Sanger for The New York Times in October. “In essence, investigators will have to hope they find other ways to get what they need, from data stored in the cloud in unencrypted form or transmitted over phone lines, which are covered by a law that affects telecommunications providers but not the technology giants.”

But this hasn’t stopped proponents of weakening encryption from identifying opportunities to advance their cause. In a memo obtained in August by The Washington PostRobert Litt, a lawyer in the Office of the Director of National Intelligence, wrote that the public support for weakening encryption “could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”

To that apparent end, law enforcement officials from Manhattan and the City of London are expected on Wednesday to release a “white paper on smartphone encryption,” during an annual financial crimes and cybersecurity symposium at The Federal Reserve Bank of New York. A media notice (PDF) about the event was sent out by Manhattan District Attorney Cyrus R. Vance Jr., one of the speakers at the event and a vocal proponent of building special access for law enforcement into encrypted communications. Here’s Vance in a recent New York Times op-ed on the need for the expanded surveillance powers.

Critics say any plans designed to build in secret “backdoors” that allow court-ordered access to encrypted communications ultimately would backfire once those backdoors were discovered by crooks and nation states. In her column titled “After Paris Attacks, Here’s What the CIA Director Gets Wrong About Encryption,”’s Kim Zetter examines security holes in the arguments for weakening encryption.

The aforementioned Bob Sullivan reminds us that weakening domestic encryption laws would simply ensure that the criminals we wish to monitor use non-US encryption technology:

“For starters, U.S. firms that sell products using encryption would create backdoors, if forced by law.  But products created outside the U.S.?  They’d create backdoors only if their governments required it.  You see where I’m going. There will be no global master key law that all corporations adhere to.  By now I’m sure you’ve realized that such laws would only work to the extent that they are obeyed.  Plenty of companies would create rogue encryption products, now that the market for them would explode.  And of course, terrorists are hard at work creating their own encryption schemes.”

“There’s also the problem of existing products, created before such a law. These have no backdoors and could still be used. You might think of this as the genie out of the bottle problem, which is real. It’s very,  very hard to undo a technological advance.”

“Meanwhile, creation of backdoors would make us all less safe.  Would you trust governments to store and protect such a master key?  Managing defense of such a universal secret-killer is the stuff of movie plots.  No, the master key would most likely get out, or the backdoor would be hacked.  That would mean illegal actors would still have encryption that worked, but the rest of us would not. We would be fighting with one hand behind out backs.”

“In the end, it’s a familiar argument: disabling encryption would only stop people from using it legally. Criminals and terrorists would still use it illegally.”

Where do you come down on this debate, dear readers? Are you taking advantage of the kinds of technologies and services — like Signal, Telegram and Wickr — that use encryption the government says it can’t crack? Sound off in the comments below.

Planet DebianSven Hoexter: The 2015 version of Alanis Morissette Ironic

Something that made my day this week was a 2015 version of Alanis Morissette Ironic. It's even a bit more ironic when you're partially cought in a hands clean situation.

TEDAnnouncing our 2016 TED Prize winner: Satellite archaeologist Sarah Parcak

Sarah Parcak has a big idea on how we can protect ancient sites and, with them, our cultural history. Sign up to follow her 2016 TED Prize quest. Photo: Ryan Lash/TED

Sarah Parcak has a big idea on how we can protect ancient sites and, with them, our cultural history. Sign up to follow her 2016 TED Prize quest. Photo: Ryan Lash/TED

She’s best described as the modern-day Indiana Jones. Using infrared imagery from satellites, she identifies ancient sites lost in time. In Egypt, she helped locate 17 potential pyramids, plus 1,000 forgotten tombs and 3,100 unknown settlements. And that’s in addition to her discoveries throughout the Roman Empire.

Sarah Parcak uses 21st century technology to make the world’s invisible history visible again. That’s why TED is thrilled to announce her as the winner of the 2016 TED Prize.

Parcak has a bold, ambitious wish to help uncover and protect the world’s hidden cultural heritage. On February 16, during the TED2016 conference, she will share this $1 million idea in a TED Talk and reveal her plan to make it a reality. Her talk will be livestreamed for free to the world, and posted on shortly after. All will be invited to become a part of her work.

Sarah Parcak is a professor at the University of Alabama at Birmingham, where she founded the Laboratory for Global Observation. She, quite literally, wrote the textbook on satellite archaeology and gained international attention in 2011 when she satellite-mapped all of Egypt, identifying thousands of undiscovered sites. Parcak is now using satellite data to fight the looting happening at archaeological sites across the Middle East.

Her work is critical right now, as shown by ISIS’s recent takeover of the ancient city of Palmyra. They are destroying this history-rich site, “bit by bit,” said Parcak.

“The last four and half years have been horrific for archaeology. I’ve spent a lot of time, as have many of my colleagues, looking at the destruction,” she said. “This Prize is not about me. It’s about our field. It’s about the thousands of men and women around the world, particularly in the Middle East, who are defending and protecting sites.”

Parcak embraces the comparisons to Indiana Jones — her Twitter handle is @indyfromspace, and she proudly wears the signature hat — but she also stresses that the analogy isn’t perfect.

“Discoveries aren’t made by one person exploring by themselves,” she said. “And discoveries aren’t made overnight. People don’t see the thousands of hours that go into it.”

Her wish, however, stands to speed up the process of locating and protecting ancient sites. And because she is deeply connected to the TED community — Parcak is a TED Fellow, as well as an organizer of TEDxBirmingham — she is excited to see how TED’s global network of innovators and changemakers can help the effort.

“We can use this TED Prize to get the world involved,” she said.

Mark your calendar to watch Sarah Parcak’s TED Prize wish revealed on February 16, 2016. Sign up for updates from our new TED Prize winner »

The TED Prize is a $1 million grant, given annually to a bold leader with a wish to spark global change. Applications are accepted year-round, on a rolling basis. Nominate yourself or someone else »

Planet DebianSven Hoexter: Failing with F5: assign a http profile and an irule at the same time

Beside of an upgrade to TMOS 11.4.1HF9 I wanted to use a maintenance today to assign some specific irule to a VS. Within the irule I use some HTTP functions so when I tried to add the irule to the already existing VS the tmsh correctly told me that I also need a http profile on this VS. Thanks tmsh you're right, oversight by myself.

So what I did was:

tmsh modify ltm virtual mySpecialVS rules { mySpecialiRule } profiles add { company-http-profile }

tmsh accepted but all my tests ended at the VS. I could connect but got no reply at all. That was strange because I tested this irule extensively. So I reverted back to the known good state with just plain tcp forwarding.

My next try was to assign only the http profile without the irule.

tmsh modify ltm virtual mySpecialVS profiles add { company-http-profile }

Tested that and it worked. So what on earth was wrong with my irule? I added some debug statements and readded the irule like this:

tmsh modify ltm virtual mySpecialVS rules { mySpecialiRule }

And now it worked as intended. So I went on and removed my debug statements, tested again and it still works. Let's see if I can reproduce that case some time later this week to fill a proper bugreport with F5.

Update: Turns out it was all my fault. Due to a misunderstanding about RULE_INIT and the static namespace, I managed to overwrite important variables globally. Lesson learned: Be very careful if you use "static::" or better avoid it. Also think twice if you start to set things on the RULE_INIT event. Since it's only called on saving an irule or restarts of the device, your errors might show only later when you do not expect that.

Planet Linux AustraliaSteven Hanley: [mtb] Hume and Hovell Ride Albury to Canberra 2012

A creek crossing on day 1 (fullsize)
This was a really fun ride, 3 days riding from Albury to Canberra on the Hume and Hovell track, a bunch of ARNuts and others, stopping overnight in Tumbarumba and then Tumut.

It was also not long after the Greenedge Call Me Maybe video came out so many of us spent a fiar proportion of the ride posing for photos and some videos miming the actions. I have never tried to edit the videos into anything together however you can see the poses in many of the photos.

The ride itself has a good variety of terrain, great views in places, confusing areas where it is difficult to follow the track and we all had fun. Photos and some words are online on my Hume and Hovell track ride 2012 page.

CryptogramOn CISA

I have avoided writing about the Cybersecurity Information Sharing Act (CISA), largely because the details kept changing. (For those not following closely, similar bills were passed by both the House and the Senate. They're now being combined into a single bill which will be voted on again, and then almost certainly signed into law by President Obama.)

Now that it's pretty solid, I find that I don't have to write anything, because Danny Weitzner did such a good job, writing about how the bill encourages companies to share personal information with the government, allows them to take some offensive measures against attackers (or innocents, if they get it wrong), waives privacy protections, and gives companies immunity from prosecution.

Information sharing is essential to good cybersecurity, and we need more of it. But CISA is a really a bad law.

This is good, too.

Sociological ImagesIs Beiber’s What Do You Mean? just as bad as Thicke’s Blurred Lines?

Robin Thicke’s song, “Blurred Lines,” achieved international recognition in 2013. But the lyrics were also heavily criticized as promoting sexual violence by celebrating “blurred lines” around sexual consent. Indeed, the song and video prompted an online photo essay in which women and men are depicted holding up signs with words they heard from their own rapists — some of which were almost direct quotes from Thicke’s song. The song received a great deal of negative and positive press all at the same time.

It’s not a new argument to suggest that many elements of what feminist scholars refer to as “rape culture” are embedded in seemingly pleasurable elements of pop culture, like songs, movies, and television shows. And Robin Thicke’s song served as an example to many of how we not only tolerate rape culture, but celebrate it and render it “sexy.”

Recently, Rebecca Traister discussed just how much rape culture even informs what we think of as “good sex” in her piece “The Game is Rigged.” In it, Traister challenges the notion that all consensual sex is good and shows just how messy the debate about what qualifies as “consensual” really is. In many ways, our national discussion around sexual assault and consent is taking up themes raised by feminists in the 1980s about what actually qualifies as consent in a society in which violence against women is considered sexy.

Compared with “Blurred Lines,” Justin Bieber’s newly released hit single, “What Do You Mean?” has been subject to less critique, though it reproduces the notion that women do not actually know what they want and that they are notoriously bad and communicating their desires (sexual and otherwise). In the song, Bieber asks the woman with whom he’s interacting:

What do you mean?
Ohh ohh ohh
When you nod your head yes
But you wanna say no
What do you mean?

The lack of clear consent isn’t just present in the song; it is what provides the sexual tension. It’s part of what is intended to make the song “sexy.”

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="" width="560"></iframe>

Sexualizing women’s sexual indecision is an important part of the way rape culture works. It is one way that conversations about consent often over-simplify a process that is and should be much more complex. The song itself presents Bieber nagging the woman to whom he’s singing to make a decision about their relationship. But there are many elements suggesting that the decision she’s being asked to make is more immediate as well — not only about the larger relationship, but about a sexual interaction in the near future. Throughout the song, the click of a stopwatch can be heard as a beat against which Bieber presses the woman to make a decision while berating her for the mixed signals she has been sending him.

Bieber is presented as the “good guy” throughout the song by attempting to really decipher what the woman actually means. Indeed, this is another element of rape culture: the way in which we are encouraged to see average, everyday guys as “not-rapists,” because rapists are the bad guys who attack women from bushes (at worst) or simply get them drunk at a party (at best).

The controversy over the ad in Bloomingdale’s 2015 holiday catalog urging readers to “spike your best friend’s eggnog when they’re not looking” shows that this kind of rape culture is also casually promoted in popular culture as well.  But, the larger discourse that Bieber’s song plays a role in promoting is the notion that women do not know what they mean or want. Bieber plays the role of someone simultaneously pressuring her for sexual advance (“Said we’re running out of time”), helping her work through her feelings (“What do you mean?”), and demanding results (“Better make up your mind”). And, like the Bloomingdale’s advertisement, this is not sexy.

Indeed, the music video takes this a step further. Bieber is shown at the beginning paying John Leguizamo on a street corner and asking him to make sure “she doesn’t get hurt.” We later find out that John was paid to orchestrate a kidnapping of both Justin and the woman. Both are taken by men in masks, driven to a warehouse in the trunk of a car, and tied up. Justin is able to free them, but they are still in a room with their kidnappers.

They back up to a door that leads outside the building and see that they are one of the top floors. Justin turns to the woman, holds out his hand and asks, “Do you trust me?” She takes his hand and they both jump out of the building. They jump and fall to the ground, landing on a parachute pillow only to discover that the whole thing was a trick. The kidnapping was actually an orchestrated ruse to bring her to a party that they entered by leaping from the building away from the men who’d taken them. The men in masks all reveal themselves to be smiling beneath. She smiles at Justin, recognizing that it was all a trick, grabs his face, kisses him and they dance the night away in the underground club.

Even though the song is about feeling like a woman really can’t make up her mind about Justin, their relationship, and sexual intimacy, the woman in the video is not depicted this way at all. She appears sexually interested in Justin from the moment the two meet in the video and not bothered by his questions and demands at all. Though it is worth mentioning that he is terrorizing her in the name of romance, indeed the terror itself is a sign of how much he loves her — also a part of rape culture. This visual display alongside the lyrics works in ways that obscure the content of the lyrics, content that works against much of what we are shown visually.

Part of what makes rape culture so insidious is that violence against women is rendered pleasurable and even desirable. Thicke and Bieber’s songs are catchy, fun, and beg to be danced to. The women in Thicke’s video also appear to be having fun strutting around nude while the men sing. The woman in Bieber’s video is being kidnapped and terrified for sport, sure, but it’s because he wants to show his love for her. She’s shown realizing and appreciating this at the conclusion of the video.

Rape culture hides the ways that sexual violence is enacted upon women’s bodies every day. It obscures the ways that men work to minimize women’s control over their own bodies. It conceals the ways that sexual violence stems not just from dangerous, deviant others, but the normal everydayness of heterosexual interactions. And all of this works to make sexualized power arrangements more challenging to identify as problematic, which is precisely what makes confronting rape culture so challenging.

Originally posted at Feminist Reflections and Inequality by (Interior) Design.

Tristan Bridges is a sociologist at the College at Brockport (SUNY) and CJ Pascoe is a sociologist at the University of Oregon. Pascoe is the author of Dude, You’re a Fag:  Masculinity and Sexuality in High School, and together they are the editors of Exploring Masculinities: Identity, Inequality, Continuity and Change.

(View original at

TEDRunning notes from TEDYouth 2015: Made in the Future

Sarah Parcak is a space archeologist, using satellite imagery to find new ancient wonders. Photo: Ryan Lash/TED

Sarah Parcak is a space archeologist, using satellite imagery to find hidden ancient wonders — lost cities, temples, even pyramids. As she said onstage, “I have the coolest job!” Photo: Ryan Lash/TED

Fast-forward 20, 50, or even 100 years into the future — what will our lives be like? Will flying cars and 3D-printed dinners be the norm, or will they remain mostly science fiction? On Saturday, November 14, kids and teens from all five boroughs of New York City explored these possibilities at the Brooklyn Museum. With 27 speakers and performers, the audience got a glimpse of what could be “Made in the Future” with questions like:

How will we live with robots?

Can we use microbes to cure diseases?

What will the next jobs be?

Hosted by Kelly Stoetzel, TED’s content director, and Rives, a professional poet, each session had fascinating insights on what’s to come. Below are highlights from each one:

Kicking off Session 1:

“We need to re-analyze almost every archeological site in the world.”

— Sarah Parcak is a “space archeologist” who studies satellite images, looking for clues to long-buried history. And there’s more of it than anyone expected, she says: “Everywhere we look, we find new settlements, new temples, even potential pyramids.” Parcak, who’s a TED Fellow, this week won the TED Prize, a $1 million gift to kick off a great big project. Because, as she says, “We have barely scratched the surface of what we know about the past.”

“With advanced computing, and how developed our internet is, it’s the golden era of innovation.”

— Inventor Raymond Wang wants to stop worldwide disease epidemics — starting by cleaning up the air that people breathe on planes. Using a virtual 3D mockup of an airplane cabin and “a whole bunch of physics,” he created a better method of circulating air in a way that will keep passengers’ germs from spreading after a nasty sneeze. This won him the top prize at the Intel Science and Engineering Fair – and could someday reduce transmission of sickness between passengers by 190%.

“You can use math to exchange secrets.”

Online, our personal data is always vulnerable to hackers. So what protects your credit card number when you want to buy something online? Encryption, the act of encoding information so that the sender and receiver can decode it, but someone who might be listening in doesn’t have a clue. Computer security expert Avi Rubin shows us the math behind how encryption works, illustrating the important concepts in mathematics that protect us every day.

“I don’t know how the future will look like, which means that I can imagine it — and I can create it.”

From levitating objects to guessing the exact  secret word that an onstage volunteer has in her mind, mentalist Gerard Senehi can’t explain how he does what he does. Even further, he says, even though he can’t predict how the world will be like in even five years, “What’s important is to make room for what’s possible.”


Danit Peleg shows off her creates 3D-printed fashion designs. Photo: Ryan Lash/TED

Fashion designer Danit Peleg, at right, printed the outfit on model Rebekah on a small, consumer-size 3D printer. Even the cool red shoes! Photo: Ryan Lash/TED


“Fashion is a very physical thing, and I wonder how our world will look like when our clothes will be digital.”

Downloadable, printable clothing may be coming to a closet near you. What started as designer Danit Peleg’s fashion school project turned into a collection of 3D-printed designs that have the strength and flexibility for everyday wear.

“The internet of food is being planted right now. Start hacking it.”

— Skip the grocery store lines, and start growing your own food — even if you don’t have a garden. Caleb Harper, director of CitiFARM at the MIT Media Lab, gave the audience a literal breakdown of his “food computer,” a small hydroponic greenhouse that’s connected to the web to exchange data for optimum growing.

“If you give doctors detailed performance data about how they’re doing, you can help them be the best they can be.”

— Surgeon Carla Pugh wants to help doctors improve their medical examinations and procedures. She and her team have built some amazing model body parts that help doctors practice sensitive exams without hurting real humans — and also help them get better and better at what they do.

Marian Hill, a Philadelphia songwriter duo-plus-sax, brought their cool, hip-hop influenced vocals and some very energetic sampling to their hit song “One Time” to close out the Session and send everyone off to lunch — and a chance to meet the speakers in person.  

Jumping into Session 2:

“VR isn’t film, it’s not theater, it’s not gaming. It’s something so completely new.”

Jessica Brillhart is the principal filmmaker at Jump, Google Cardboard’s new technology that films in 360 degrees. In a live demo, she jumps from a train in Japan to the Eiffel Tower in Paris through virtual reality, showing the audience the new interactive future of storytelling.

“If you’re going to invent things for the future, it’s very important to have your hands on the technology to understand it intuitively.”

—  As a “maker-futurist,” Carla Diana designs products that bring tomorrow’s technology into homes everywhere. With her accessible, downloadable designs, Diana creates products, like books with 3D-printable illustrations and a robotic lamps that nudge you awake, that make life more practical and whimsical. 

“In the future, rather than taking a data set and first calculating the mean, median and mode, we’ll say, ‘Welcome to the data room.’”

—  A bell rings and a ceasefire is signed; a note sounds, signaling a massacre. Jen Ziemke, an expert on the decades-long Angolan Civil War, turns conflict data from cells on a spreadsheet into visceral, interactive experiences.

“It wasn’t until I let myself be wrapped in the dizzying embrace of chaos that I found peace in leaving some messes untidied and some questions unanswered.”
  Anna Kaufman used to obsessively order and structure her life. But when her sister received a devastating and incomprehensible diagnosis, she realized that embracing chaos is a great way to find inner peace — and spark creativity.

“If you can dream it, you can do it. The possibilities are limitless.”

 As a Disney Imagineer, Betsy McIver-Cho uses cutting-edge engineering technology to help park guests engage with fantastical characters and stories. Along with sneak peeks of upcoming attractions, Cho shares the challenges and triumphs of making magic.

The father-daughter beatboxing duo Nicole Paris & Ed Cage battled it out onstage with overlapping, complex, electronic-sounding beats. Ed tells us that beatboxing began right here in New York City, when people would emulate the beats of a DJ at parties for rappers to freestyle over. Then Nicole shows us where the art of beatboxing is heading next– followed by an epic beatbox jam.

The TEDYouth audience ponders what could be "Made in the Future". Photo: Ryan Lash/TED

The TEDYouth audience ponders what could be “Made in the Future”. Photo: Ryan Lash/TED


“We have co-evolved, as humans, with microbes that are now a part of us.” 

—  Over 100 trillion tiny microbes live in the human gut alone, and are spread all over and inside the body. Elaine Y. Hsiao studies how our microbes influence the brain and behavior and could, someday, be used to treat diseases.

“I wanted to see something warm and fuzzy and soft and human on the cold steel-framed facade that I looked at every day.”

 Street artist Magda Sayeg transforms urban landscapes into her own playground with warm, fuzzy “yarn bombs” by decorating everyday objects with colorful knit and crochet works. She explains that everyone has the hidden power to create change around them.

“The thing about rumors is, the funnier they are, the more likely they are to fester and stick.”

Rumors can be deeply damaging, says high school senior Parker Goldstein. As a victim of harsh rumors himself, Goldstein wants people to know how their words can have a lasting effect on others. He challenges us all to fight our human impulse to fit in, when the price is hurting our friends and peers.

Speaker Joey Mazzarino teaches attendees how to make their own stories. Photo: Ryan Lash/TED

Speaker Joey Mazzarino, a Sesame Street puppeteer, teaches attendees how to make their own stories. Photo: Ryan Lash/TED

 “A puppeteer is part magician.”

— In an improv class in college, says Joey Mazzarino, an employee from the show Sesame Street came in to speak. And he was hooked. Twenty years later, he’s sharing his own puppet designs, insider tricks and fun characters, in a talk that encourages the audience to follow their passion, no matter how off-beat it may be.

“Help one, help many.”

— Mike Ebeling loves to take on the impossible, helping one person at a time. When he heard the story of Daniel, a young boy whose arms were blown off by an airstrike in the Sudan, he faced this impossible challenge by creating the world’s first 3D-printed prosthetic lab, helping Daniel’s community in Sudan to design and build limbs for him and then for more and more people. He encouraged the audience to change the world through starting small, then going big — not the other way around.

Closing the day with Session 3:

“There should be nothing that stops a young person from experimenting with their goals and dreams. We do not need to wait for a future time to do what we want.”

Adults, listen up: stop asking kids what they want to do when they grow up — ask what they want to do right now. Ishita Katyal, who kick started her author career at age 8, says that it’s important that younger generations pursue their passions in the present.

“To keep up with current rate of climate change, trees would have to migrate several miles per year.”

— Sally Aitken studies trees (her favorite is the white-bark pine) and how they are reacting to our climate change. Animals, she points out, can migrate when climates change — but trees are stuck in one place. She hopes her work will help us figure out how to adapt better trees for our changing climates.

“What really matters is the story inside, the story that will capture the reader and make them fly thousands of meters away from the ground to a place only books can take you.”

— As long as the passion for the story is there, says avid reader and book-blogger Marta Botet Borràs, the packaging doesn’t matter. She shares how her love for reading turned into the first YouTube channel to review books in the Catalan language.

“Can we have fewer cars and more humans?”

— As cities expand and populations surge, it’s time to rethink how we get around. Sharing ideas such as a bicycle wheel that amplifies human motion, Carlo Ratti and Assaf Biderman shared their passion for urban mobility with fewer cars and more fun.

“We know a lot more about space than we do about the underground water resources on our planet, the very lifeblood of Mother Earth.”

— Cave diver Jill Heinerth is an aquanaut, exploring the mysteries of underwater caves in rocks and ice to learn how they function. Underwater caves hold much of the water we humans drink, so  it’s important that we understand our connection to these important natural resources.

Youth speaker Chelsea Ha wants kids to realize that they can help save the environment. Photo: Ryan Lash/TED

Youth speaker Chelsea Ha wants kids to realize that they can help save the environment. Photo: Ryan Lash/TED

“Adults right now are doing a magnificent job of promoting sustainability, but we will be the ones to take charge next.”

— With water shortages and rising temperatures, saving the environment can seem like an endless challenge. However, environmentalist Chelsea Ha believes that kids are problem solvers who, through everyday actions like switching to LED lightbulbs and reusing grocery bags, can save planet earth.

“Take it back to the soulful era.”

— Spoken word artist and high school student Brandon Allen wants to take us back. Energetically infusing pop culture references across decades (“I’m talkin’, ‘Ain’t no river wide enough, ain’t no valley low enough'”) to arrive at a more serious sense of nostalgia for a less complicated — and volatile — time.

“You have to travel along the road of wrong to find right.”

Adam Steltzner led the team that landed the rover Curiosity on Mars. The secret to his success? Failing repeatedly, until those failures illuminated the right solution at the right time. He encourages the audience to similarly embrace what they can learn from failure in anything they do.

You can watch the archive livestream of TEDYouth 2015 until Wednesday, Nov. 18, at

Adam Steltzner shares that when he and his team landed a rover on Mars, they had to fail again and again to get it right. Photo: Ryan Lash/TED

Adam Steltzner says that when he and his team at NASA landed a rover on Mars, they had to fail again and again before they figure out how to get it right. Photo: Ryan Lash/TED

Cory DoctorowTurns out that “unsubscribing” from spam actually works

After my spam hit a point where I couldn’t actually download my email faster than it was arrivingI spent a month clicking the unsubscribe links in all the spams in my inbox. Weirdly, it worked.

What’s weirder is that I discovered that most of that spam was coming from organizations I knew, even ones I supported and had worked with, but whose mailing lists I’d never asked to join. The growth of proprietary platforms — cough Facebook cough — that charge businesses to reach customers who’ve asked to hear from them has driven them to take desperate measures, mass-adding everyone they know to mailing lists.

I sympathize with these concerns — hell, I’m a Facebook vegan. But adding me — and everyone else — who you have any glancing contact with to a mailing list won’t solve this problem. Much as I support many of the causes, businesses and organizations whose mailing lists I unsubscribed from, it doesn’t do them or me any good for them to fill my mailbox with messages I don’t ever read.

Many of these lists were run by companies or organizations I had a relationship with – I’d given a lecture, sent money or bought something – but never agreed to be on their lists. I don’t need updates from a Chicago yoga studio I attended once while on tour in 2005.

Most were sent using a tool like Mailchimp. I’ve used Mailchimp for my own projects, and signed up for several lists – but when I tried to find a central list of all the Mailchimp emails I’d been added to, they refused to provide it. It reflects badly on them, making it look like they rely so much upon spammers that they can’t afford to reveal how their tools are used.

Being legit isn’t a guarantee of good behaviour. Dwell UK has perfected the art of annoyance, as a Twitter search for them demonstrates. A year ago they promised they’d remove me, yet I’m still receiving mail from them. Their email should read: “Welcome to the Dwell UK mailing list: to unsubscribe, just die.”

There is unintentional comedy in the email they send you afterwards that asks if you unsubscribed “in error”. When the email template renders the UNSUBSCRIBE link in three-point, grey-on-white type and requires three clicks to confirm, there is no question of “in error”.

Death by spam: lazy email marketing is killing our inboxes [Cory Doctorow/The Guardian]

Planet Linux AustraliaBinh Nguyen: Middle Eastern/African/Asian Background, NSA Whistleblowers, and More

- whenever you take a on a new job you feel naive (the following are all publicly available videos/documentaries often from well known media outlets). Despite what is being said by a lot of people in the public spotlight I don't believe that there is a way to acheive victory in a timely fashion. Kids of primary school age are being trained to hate the West, to learn how to use weapons, to become suicide bombers, etc... We can destroy large parts of the organisation but then it will be a case of managing the situation downwards if there is to be some form of major 'direct foreign intervention'. This will be a multi-generational fight which people in these areas seem to understand. Teachers know that there's a strong chance that they will be killed if they attempt to re-educate children against such groups...
Peshmerga vs. the Islamic State - The Road to Mosul (Full Length)
The Enemy Within (Pakistan Taliban)
Yemen - A Failed State
The Alleged Iranian Plot To Kidnap And Kill British Nationals (2010)
The Battle for Iraq - Shia Militias vs. the Islamic State
The War Against Boko Haram (Full Length)
Syria's Unending Rebel Conflict - Wolves of the Valley
Naxal - Terrorism from Inside
ISIS  - Vice Iran vs ISIS Documentary 2015 (isis vice)
- assume that any media that you see regarding conflict will be controlled. A common tactic among biased regimes/media is to interview people who are less than competent. You may be shocked by some customs among some militaries... and some of the decisions that are made. The way that the a lot of these rebels fight is foolhardy at times. They often have no body armour, have little/no aerial/naval/artillery support, limited ammunition, wepaons, and communications capability, and yet they walk around problem areas as though things were peaceful. Only when they get fired upon do they up the tempo...
The War Against Boko Haram (Full Length)
Full Documentary US Marines Attack On Taliban War Of Afghanistan HD 2015 !! 720p
People and Power - Chad - At War With Boko Haram
- just like in the immediate aftermath of 9/11 it feels like a lot of public officials are unsure exactly what to do. The public services (including defense and intelligence) are supposed to fill the breach. However, it's clear that publicly elected officals sometimes don't listen, the services are getting swamped, etc... Ultimately, it means that public officials are effecitvely just getting a filtered version of what may be happening. They may not making the best decision after all. For any official to have a genuine chance they need more background prior to them entering their job at the highest levels of government
- at times, some of these groups almost seem sane. At others you just wonder how on Earth they can believe what they believe. One thing which is interesting (if you know about prophets and prophetic visions) is that they seem to be trying to attempt to acheive prophecies rather than letting them happen. I'm certain that if there is a God, things will be done according to his timing not ours
The Islamic State (Full Length)
Featured Documentary - ISIL and the Taliban
- the more you look the more it feels as though the average person in these areas doesn't care about who governs them as long as they are safe and well looked after. Most of these strange groups aren't that much different though and foreign intervention can often be interpreted as 'plots' when countries/companies later try to exploit the resources of their country. If there is to be foreign intervention, the interests of the people in these countries must come first not the interests of those who are intervening to stop the spread of such propaganda. Stay out of internal politics and religious issues if at all possible
- the average citizen doesn't really care about major conflicts in distant lands as long as it's not in their own homeland. A lot of the time it feels as though the US is unsure (and the rest of us are well) of it's place in the world
- a lot of decisions that need to be made by governments are effectively the lesser of two evil type decisions... Whether it's supporting one side, engaging in a proxy war, etc... The irony is that a lot of what we end up is often a consequence of an earlier decision. We think we know a group or individual and think that we're on the same side. Not always
- regime change isn't as simple as changing leader like changing your vote in a democracy. The USSR/US have had a long history of involvement in proxy wars and yet they still haven't figured things out. Often it's a combination of luck as well as skill to determine whether your strategy will hold
Afghanistan War - Military Documentary HD
- I have a feeling no matter how much intelligence we have we'll never understand what is actually happening. There is no perfect solution. The other issue is that we're basically getting all the information that we need as is (even without extra powers). It feels as though it's just a decision every once in a while which is allowing an attack to slip through the net. Something which a lot of whistleblowers also seem to be saying (see the next section on NSA whistleblowers in this post). Making better decisions would probably save us more money (and would probably be more effective) than simply spending more money on our intelligence/defense budgets
Featured Documentary - ISIL and the Taliban
- a lot of multi-generation Westerners are too blinkered. A lot of immigrant parents would prefer to be in their homeland and they transfer this tought into their children as well. To those people who say, 'go back their homeland' a lot of the time these people simply don't have a choice... If they think that 'Western interference/intervention' is for the greater good wait until they come up against people who have been cut loose from covert operations or feel that their homelands have been destroyed as a result of it. At the other end of the spectrum, if the situation were explained more completely in the media a lot of the time strategic decisions will make much more sense and people will likely give some strategies greater acceptance
- at times it feels as though some public officials are just inviting/inciting further trouble. Some areas they shouldn't touch at all... It makes it a thousand times easier to turn into anti-Western propaganda. Free speech is great but at times like this it can sometimes feel more trouble than it's worth
The Stream - Alarm over Australia's counterterrorism plans
- whether it's the Russians, Chinese, Iranians, or terrorist groups part of the problem is that Western strategies are often too predictable (admittedly, there are only so many tricks in the bag). Due to this opponents often take pre-emptive measures to hedge against any actions that the West is likely to take

- some of what the NSA does makes no sense (I've worked on this type of stuff and there are solutions which help to maintain 'national security' while maintaining privacy. Some of which they also worked on...). If the problem comes down to deicision making and not collections/technology capability why don't they spend more time in training in these areas rather than new programs which have little chance of succeeding? Sometimes it feels as though the US is simply feeding into the 'military complex' for no reason other than to create employment. If that's the case, aren't there industries with better money to employment ratios? The other thing that's obvious is this. In the past, the US defense industry clearly had spin off technologies which could be used in the civilian sector. Obviously, this helped to pay the bills over the long term. I wonder whether this is what they're thinking. The obvious problem is that it's in the technology sector. A sector which generally employs fewer people for the amount of money involved...
NSA Whistleblower - Everyone in US under virtual surveillance, all info stored, no matter the post
- problem of mass storage of data (in context of Operation Trailblazer) is that the job of analysts is much more difficult. Throws you much more work for something not neccessarily worthwhile. Operation Trailblazer makes sense if required data wasn't coming into the system but they did? The impression that I get over and over again is that they're getting enough information in order to prevent something from happening. The reason why things are getting through are bad decisions every once in a while (9/11, Boston, Afghanistan, Iraq, etc...). The main reasons why I think they're holding data is to use as leverage in investigations where something has managed to get through (Boston), some for encrypted/encoded content, some for 'Automated Analysis/Intelligence' type techniques, etc... The obvious problem is like that of Russia, China, Iran, Saudi Arabia, etc... With lack of oversight individuals could get into trouble for doing something that the government does not like, not what is actually unlawful. I've heard of bizarre cases where people have been visted by Federal Agents for talking about stuff that was already in the public sphere...
'NSA owns entire network anywhere in the world' - whistleblower William Binney
Exclusive Interview with Former NSA Technical Director - William Binney
US' Betrayal of Truth _ Interview with Whistleblower Thomas Drake
- I find it strange that they haven't been able to make better progress on 'Operation Trailblazer'. Technically, it's not much different to what scientific and financial programmers face. Think about HFT/Algorithmic trading and the issues faced are almost identical (high speed analysis of massive amounts of data). They shouldn't have issues with wages either since intelligence/defense contract wages are pretty high as indicated by Snowden
- even though the US government has said otherwise it doesn't seem plausible that these people would be whistleblowing without probable cause. The whistleblowers all have high level access which means that technically they would have access to operations intelligence which would also give them a high level overview similar to the highest levels of government. They would know if something seemed wrong with the current setup
William Binney on The Alex Jones Show - March 18,2015
- a lot of whistleblowers just sound slightly naive
Assange on 'US Empire', Assad govt overthrow plans & new book 'The WikiLeaks Files' (EXCLUSIVE)
Live Q&A - Edward Snowden
- if the internal electronic, monitoring systems of the US intelligence is that inefficient Russian and Chinese practice of relying more heavily on HUMINT makes much more sense. They can gain everything for the cost of a single agent... (doesn't matter if it takes one thousand agents are caught) Obviously, it's possible that some of these whistleblowers could be 'false flag' operations but what's the point?
William Binney on The Alex Jones Show - March 18,2015
- if the reason for high US spending on defense/intelligence is for subsidising jobs wouldn't they be better off subsidising jobs in other areas? Think about it, bang for buck? Skills in intelligence/defense are somewhat limited to that particular field. A lot of private defense jobs are mostly about high wage jobs for a small number of people. The US could create chain stores/resturants and employ heaps more people? Else, help people start up firms. It would surely be a more more efficient way of creating jobs? Unless this is about veneer of success? Like when you bring people over but only show them the 'finest cutlery'?
- Soviet/Russian whistleblower/defectors tend to have very short lifespans after they defect or speak out. If you want more details look over some of my previous posts. The West tends to punish those that speak out via professional discrimination thereafter as indicated by the accounts of some of the people mentioned in these videos
- after getting a lot of background it seems clear that the US is unsure of how to attack the terrorist issue. Hence, they've resorted to mass surveillance and the solutions are neither elegant, efficient, cost-effective, etc... They sound rediculous, incompetent, and wasteful at times. This theme seems to be consistent across the intelligence as well as the defense sector. Indications (by people employed by US defense and intelligence agencies) are that they can slash about half their spending and still achieve the same capability which means the current targeted reduction in spending make much more sense...
NSA Whistleblower William Binney the 3 words that will put you on the NSA List
Edward Snowden, v 1.0 - NSA Whistleblower William Binney Tells All
Thomas Drake 60 Minutes Documentary
China employs two million microblog monitors state media say

- reset of firmware password on a Macbook can be fairly painless on older systems but extremely difficult on newer ones

- certain Macbook performacne issues can come down to SMC issues (which will require a reset)
Resetting the System Management Controller (SMC) on your Mac

- just like other operating systems Apple hardware/software also has these options

- I wonder how many refugees are hailing Facebook's efforts? Who cares about food and water as long as have have connectivity, huh?

- it had to happen sometime, huh?

- always been curious about this as another form of 'passive income'...

- what should you charge as an IT specialist as determined by Google

- proxying web requess via the CLI

Some recent quotes in the media...

- “Great companies don’t hire skilled people and motivate them, they hire already motivated people and inspire them. People are either motivated or they are not. Unless you give motivated people something to believe in, something bigger than their job to work toward, they will motivate themselves to find a new job and you’ll be stuck with whoever’s left.”
- I think this only amplifies that, for the most part, we are doing hiring wrong. What shows up in an interview is often the person you like the most, or the person that fits your interviewing style, rather than the best person for the job. This is why contract-to-hire has been in use much more recently. The problem is that contract-to-hire usually isn't appealing to a candidate if they already have a job.
- China never promised to be the global factory forever. Its export-driven model was fine for a while because it allowed for fast growth, but it also ruined the country's environment and made the economy dependent on foreign demand, which, as recent economic crises have proved, can be unreliable. This model is being gradually dismantled and those countries that built their own economic plans upon it need to rethink and prepare for slower growth.
- David - otherwise known as the hero our city deserves - called out: “Did you see Tony Abbott eat the onion?”

“T - Tony Abbott? Tony Abbott what?”

“The onion! Eat the onion! Tony Abbott ate the onion!”

The sheer disbelief in Oliver’s voice said it all, as he attempted to make sense of the question. Just remember that this was a man hearing that the current Prime Minister of Australia bit into a raw, unpeeled onion.

“Did he do it competently?”

Laughter followed, but it soon became clear that words were not enough. Oliver would need evidence of this. He just wasn’t getting it.

“He ate an onion? He ATE an ONION? He ate an onion like a two-year-old eats an onion, thinking: ‘It’s round and I’ve seen round apples! Is this an apple?’ No. He did not do that.”

And then, when an audience member enlightened him further: “He ate TWO?! Get the f**k out!”
- I am struck not only with the rubbish in this article, but the success of P. Leahy in espousing conflicting and incoherent views without in any way realising their combination of sectarianism, futility, militarism and inconsistency.However his recognition that “A strategy should be about what we want to happen” is sensible – even if he endows us with the right to decide how Middle Easterners should live and who should run it.“Our” decision regarding Saddam Hussein was impressively wrong, with continuing consequences.

Most of the mass murderers and war criminals who took part in the invasion of Iraq in 2003 have now received the Freedom Medal.  Those behind America's Iraq adventure - people like Dick Cheney, Don Rumsfeld, Paul Wolfowitz, John McCain and Condoleeza Rice - are as visible as ever, pushing their hawkish views in the papers and the talk shows.  As Conor Friedersdorf comments, it's amazing 'how much influence Iraq War supporters still have in US foreign affairs'.

Yet Iraqis are still dying in large numbers from the war that they started. They also made ISIL what it is today.So our real scale of values is our ruling clique demonstrating their impunity to plunder us while using us and our resources to attack their self-defined “enemies”.Our so-called enemies will have noticed – after all, our ruling clique ruthlessly drives a global order that has long done the same to them. That is why the peasants are revolting.

As Thatcher said, “We are all responsible for our own actions. We cannot blame society if we disobey the law.  We simply cannot delegate the exercise of mercy and generosity to others.”

Note the media silence on the enormous costs of these utterly futile wars to the American people.
- There is no requirement for the Australian electorate to vote for these idiots. Yet we do it regularly and constantly. I put it to you, we are the bigger morons.
- Greetings to you all at the NSA and everybody else who is reading this on ECHELON.
- Sir Winston Churchill quote: "The vice of capitalism is that it stands for the unequal sharing of blessings; whereas the virtue of socialism is that is stands for the equal sharing of misery."
- The developed world is rich but ageing, and unevenly recovering from the profound shock of the GFC. And China is no longer our free ride. In business, as Mr Turnbull says, the only way forward is by disrupting others and avoiding it yourself. New interconnecting digital technologies mean old natural barriers to competition and old business models built around them are crashing, with people's jobs changing in ways we are only just grasping. That is the world Mr Turnbull says we can master. It will mean changes at basic levels, from schools and universities, through to creating the entrepreneurial culture that our top econocrat, Reserve Bank governor Glenn Stevens, says we have too little of. It means accepting failure as a step on the path to success and of praising tall poppies who earn their place.
- He noted that he was asked at a hearing last year whether the U.S. would come to the defense of those it trained when they were attacked by forces loyal to Bashar Assad. Hagel said yes.
“The White House didn’t like that answer, but I said, ‘Guys, let me give you the facts of life. You can’t play think-tank nonsense and bullshit when you’re getting a question like that because the whole world is listening and watching what your answer to that is,’ ” Hagel said.
- Having worked with pilots, I have seen their enthusiasm to play with something shiny and new. But in their enthusiasm, they tend to gloss over a lot of problems in its implementation.

I will take a problem that we had when Canada initially received the F-18. On take off there was a fault where instruments would throw a breaker on take off. The pilot solution, and the solution that was accepted,was to get the pilot to unclip the panel and use a rod to flip the circuits back on. All this while flying the aircraft fter takeoff. This was the accepted solution for quite a while as the maintenance people tracked down and repair the problem. The rational solution would have been to ground the fleet and make this repair a top priority.

This is the problem with pilots and remember that it is pilots who are in charge of the air force. They would risk their lives in a slingshot and a large bucket than give up an opportunity to fly. Time and time again, u have seen a pilot (an officer) try to coerce a technician (not an officer) to sign off that a plane was safe to fly when it wasn't. Just to get a little more flight time. Now if that plane suffered from an incident, you would see that same pilot screaming for the tech'support head for signs in off on the a/c.
- Elliot: My father picked me up from school one day and we played hooky and went to the beach. It was too cold to go in the water, so we sat on a blanket and ate pizza. When I got home my sneakers were full of sand, and I dumped it on my bedroom floor. I didn't know the difference; I was six. My mother screamed at me for the mess, but he wasn't mad. He said that billions of years ago, the world shifting and moving brought that sand to that spot on the beach and then I took it away. "Every day," he said, "we change the world," which is a nice thought until I think about how many days and lifetimes I would need to bring a shoeful of sand home until there is no beach... until I've made a difference to anyone. Every day we change the world, but to change the world in a way that means anything, that takes more time than most people have. It never happens all at once. It's slow. It's methodical. It's exhausting. We don't all have the stomach for it.
- A wise man once pointed out that many of the truths we cling to depend greatly on our own point of view. Relative to the 1970s and 1980s, the United States is almost incomparably powerful and secure, enjoying presumptive military advantage over any opponent or plausible coalition of opponents. We sometimes forget, for example, that there is some history to the idea of Russian troops freely operating in Ukraine.

And the point is not that the United States deserves some kind of comeuppance for its arrogance. Geopolitics isn’t a Shakespearean drama, or a morality play. Noting that Russia, China, and others have the growing capability to act independently in their regions does not imply that they will act justly, or that they have any special right to torture their neighbors.
- “On June 22, 1941, Churchill had enough common sense to make an alliance with the USSR, because the alternative alliance with the Third Reich was even less appealing than the one with Moscow,” observes Maxim Sokolov, a popular Russian political commentator. “But John Kerry is obviously no Churchill. He has a different style of thinking.”
- Like that quote that's usually attributed to Einstein says, "Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."
- iSight makes 90 per cent of its revenue from subscriptions to its six intelligence streams, each focused on a particular threat, including cyberespionage and cybercrime.

The company's most recent competition comes from its oldest clients, particularly banks, which have been hiring former intelligence analysts to start internal operations. One former client, which declined to be named because of concerns that doing so could violate a nondisclosure agreement, said it had been able to build its own intelligence program at half the cost of its cancelled iSight subscriptions.

But most businesses do not have the same resources as, say, a company like Bank of America, whose chief executive recently said there was no cap on the bank's cyber security budget.

Many of those businesses remain paralysed by the drumbeat of alarms that expensive security technologies are sounding on their networks.

At iSight's threat centre, the company's approach is perhaps best summed up by a logo emblazoned on a T-shirt worn by one of its top analysts: "Someone should do something."
- "We don't have a good sense, sometimes, of what's going on," she said. "And worse, as a policymaker, it's not like they can fly in and take a look at what happened."
- On Syria, the president said we could work with Iran and Russia to combat terrorism, but: “we must recognize that there cannot be, after so much bloodshed, so much carnage, a return to the pre-war status quo.” Bashar Assad must go.

Putin’s riposte “We think it is an enormous mistake to refuse to cooperate with the Syrian government and its armed forces, who are valiantly fighting terrorism face to face.” Bashar will stay and his Russian and Iranian friends have the military power to make it so — regardless of how many Syrian Christian and Sunni “terrorists” they have to butcher.

He also announced a new Russian-led front against “terrorism,” defined as anyone who opposes Assad. Their destruction, he promised Europe, will stem the flow of refugees as Assad’s authority is restored — under Russian guidance. Front members include Syria, Iraq and Iran; bombing has already begun.

So, on one hand, a man with a relatively weak state but who is a realist with specific goals; long-range plans; a thirst to right what he describes as a “historic tragedy”; and an iron will to act.

On the other, a man leading the world’s most powerful nation who pronounces his visions and cannot grasp why they do not come true, as they often do at home. Who is confused when his opponents are not cowed by his words. Whose irresolution fills his allies with apprehension. There is weakness in the water, thicker than blood; below, sharks circle.

This will not end well. Not for anyone.
- So Russia's state-dominated space industry is set to continue struggling to outperform its Western counterparts. Meanwhile, existing companies are plagued by lack of quality control and expert oversight. In 2013, a Proton rocket was lost because a worker installed a sensor upside down — and hammered it in to fit.
- If you want to understand Afghanistan’s opium problem, put yourself in the shoes of an Afghan farmer. Your country’s in turmoil, you’re largely disconnected from the rest of the population, and you have few options to earn a living. There’s no irrigation infrastructure, and poppies are the only plants tough enough to withstand the environmental conditions. You could plant wheat, but why bother? Poppies will earn you eight times as much money.

So the extent to which Afghanistan has become ground zero for opium, as the latest United Nations Office of Drugs and Crime 2007 World Drug Report makes plain, should be no surprise. Around 92 percent of the world’s heroin comes from Afghan poppies, and—thanks to the 49 percent increase in poppy cultivation in Afghanistan between 2005 and 2006—global opium production reached a record high of 6,610 metric tons last year. Opium production and trade accounts for at least a third of all economic activity in Afghanistan.
- In a typical year, Afghan farmers sell about 7,000 tons of opium at $130 a kilogram to traffickers who convert that into 1,000 tons of heroin, worth perhaps $2,500 a kilogram in Afghanistan and $4,000 at wholesale in neighboring countries. That works out to roughly $900 million in annual revenues for the farmers, $1.6 billion for traffickers from operations within Afghanistan, and another $1.5 billion for those who smuggle heroin out of the country. (2010 was atypical; a poppy blight drove opium production down and prices up.)
- Often, but not always. In the early years of the Afghanistan war, coalition policy included widespread forced eradication. In June 2009, however, Barack Obama’s administration announced that U.S. and other international forces would no longer conduct eradication operations, on which the late Richard Holbrooke said the United States had "wasted hundreds of millions of dollars."

The sensible motivation for this reversal was recognition that eradication produced unintended consequences. Pulling up a farmer’s opium crop could generate ill will, perhaps enough to produce a new recruit for the insurgency. It was also geographically inconvenient. Afghanistan is a horrendously complicated place, but to oversimplify, two-thirds of the country (roughly 27 of 34 provinces) has been nearly poppy-free and relatively stable for a few years. The remaining third — in particular Helmand and Kandahar provinces — is rife with both poppies and insurgents. Eradication in those areas has a minimal and temporary effect on the drug trade, at most pushing production to the next valley or district. And angering farmers where Taliban recruiters prowl seemed like a gift to the enemy. So the Obama administration swore off direct support of eradication, though the governors of some Afghan provinces continue to pursue their own eradication programs.
- It violates the essence of what made America a great country in its political system. Now it's just an oligarchy with unlimited political bribery being the essence of getting the nominations for president or being elected president. And the same thing applies to governors, and U.S. Senators and congress members. So, now we've just seen a subversion of our political system as a payoff to major contributors, who want and expect, and sometimes get, favors for themselves after the election is over. ... At the present time the incumbents, Democrats and Republicans, look upon this unlimited money as a great benefit to themselves. Somebody that is already in Congress has a great deal more to sell."

CryptogramRefuse to Be Terrorized

Paul Krugman has written a really good update of my 2006 esssay.


So what can we say about how to respond to terrorism? Before the atrocities in Paris, the West's general response involved a mix of policing, precaution, and military action. All involved difficult tradeoffs: surveillance versus privacy, protection versus freedom of movement, denying terrorists safe havens versus the costs and dangers of waging war abroad. And it was always obvious that sometimes a terrorist attack would slip through.

Paris may have changed that calculus a bit, especially when it comes to Europe's handling of refugees, an agonizing issue that has now gotten even more fraught. And there will have to be a post-mortem on why such an elaborate plot wasn't spotted. But do you remember all the pronouncements that 9/11 would change everything? Well, it didn't -- and neither will this atrocity.

Again, the goal of terrorists is to inspire terror, because that's all they're capable of. And the most important thing our societies can do in response is to refuse to give in to fear.


But our job is to remain steadfast in the face of terror, to refuse to be terrorized. Our job is to not panic every time two Muslims stand together checking their watches. There are approximately 1 billion Muslims in the world, a large percentage of them not Arab, and about 320 million Arabs in the Middle East, the overwhelming majority of them not terrorists. Our job is to think critically and rationally, and to ignore the cacophony of other interests trying to use terrorism to advance political careers or increase a television show's viewership.

The surest defense against terrorism is to refuse to be terrorized. Our job is to recognize that terrorism is just one of the risks we face, and not a particularly common one at that. And our job is to fight those politicians who use fear as an excuse to take away our liberties and promote security theater that wastes money and doesn't make us any safer.

This crass and irreverent essay was written after January's Paris terrorist attack, but is very relevant right now.

Planet Linux AustraliaGary Pendergast: Replacing Rdio

I guess we’ve all heard of the impending demise of Rdio.

As one of the 500k subscribers with good taste in their streaming apps, it’s now time to consider a replacement. Here are my criteria – some of them may vary for you, but it’ll hopefully give you an idea for how you can choose, too.

Must Have

  • Offline sync to mobile (I listen to music when I’m flying a lot)
  • Ability to play from my Mac (I listen when I’m working)
  • Ability to play on Sonos (the rest of my house)
  • Family accounts

Should Have

  • Desktop App (I kill my browser pretty regularly, I don’t want that to interfere with my music)

Nice To Have

  • Android Auto support (I don’t have an Android Auto device, but I’m likely to buy one in the near future)
  • Account sharing instead of family accounts (it’s cheaper, and my wife and I mostly don’t use the account in different locations at the same time)

Given that the death of Rdio was most likely due to its lack of market share, I decided to only go with major players – this quickly narrowed it down to Google Play Music, Apple Music, and Spotify.

Google Play Music

Out of the box, Google Play Music does okay – it has an excellent selection of music, the mobile app isn’t terrible, and it works on Sonos. YouTube Red is supposed to be pretty nice, too, but it’s currently not available in Australia.

It falls down heavily when using it on my desktop, though. There’s a Chrome extension to hook into my keyboard media buttons, or there are third party apps available, none of which are very good.

Finally, it becomes completely unusable to share with my wife – I obviously can’t sign into my Google account on her phone, and Google still don’t have family accounts (though they have been announce as “coming soon”).

Apple Music

I’ve never had a good relationship with iTunes – it’s always been a clunky beast, and my recent experiments seem to indicate that not much has changed, except for a re-skin of some of the UI. It feels really hacked together. It is a native app, though, so it wins points by not being associated with my browser.

The family account was super janky to setup, I found the UI kept dying on me. Eventually I got through, however, and I hopefully will never need to touch that again (famous last words…).

On the bright side, the Apple Music app for Android is really nice, despite being a recent beta release. There’s no word on if it supports Android Auto, but that’s not an immediate requirement for me, so I’m happy to let it go.


Spotify’s biggest benefit is that it’s not attached to a personal account. Unlike with Google or Apple, my wife and I could share the same account, without needing to share our personal logins. It’s cheating the system slightly, but it’d save us $6/month, so I’m not too concerned about it.

Spotify’s apps have been severely ugly in the past, but the good news is that the Android app is much more useable now. Unfortunately, I was unable to try out the OSX app, because the downloader was broken. The web app requires Adobe Flash, which is a total non-starter.


In the end, I chose Apple Music, for two reasons. One, it was the only one with a desktop app that actually worked. And two, it’s the only service that I can play Taylor Swift’s 1989 on. If the other services can’t get their act together enough to negotiate for a popular album to be on their service, then I’m concerned about their future ability to do so.

I may end up needing to re-evaluate this decision, particularly if the Sonos support doesn’t happen before Rdio finally closes it’s doors (I’m maintaining my Rdio account just for that). But for now, this will do.

Worse Than FailureCodeSOD: A Hardware Switch

Michele S. had recently worked on code for an engine-controlled device. Since the device had physically-moving parts operated by servos, the software had to be careful to not move anything out of bounds because it could actually break a physical piece of equipment.

Michele had written the low-level function which sets the position of a component.

    void PlcPart::set_target_position (uint16_t parPosition) {
     using boost::algorithm::clamp;
     const uint16_t min_pos = m_set_base_position;
     const uint16_t max_pos = min_pos + m_movement_range;
     vaeAssertRelease(parPosition >= min_pos and parPosition <= max_pos);
     m_target_position = clamp(parPosition, min_pos, max_pos);

It validates that the requested position is in a suitable range, asserts if it’s out-of-range, and then clamps it to the accepted range. It prevents physical damage to the hardware and safely notifies the programmer if they try to exceed the boundaries.

At some point, Michele discovered that the unit tests started having issues. Apparently, someone was annoyed at the assertion messages and took it upon himself to correct this. But, instead of fixing the root cause (calling set_target_position with bad values), he modified the function itself to look like this:

	void PlcPart::set_target_position (uint16_t parPosition) {
	 using boost::algorithm::clamp;
	 const uint16_t min_pos = m_set_base_position;
	 const uint16_t max_pos = min_pos + m_movement_range;
	 if (parPosition > max_pos)
	   parPosition = max_pos;
	 vaeAssertRelease(parPosition >= min_pos and parPosition <= max_pos);
	 m_target_position = clamp(parPosition, min_pos, max_pos);

Assertions avoided! (Well, half of them anyway.)

<link href="" rel="stylesheet"/> <script src=""></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet DebianPetter Reinholdtsen: PGP key transition statement for key EE4E02F9

I've needed a new OpenPGP key for a while, but have not had time to set it up properly. I wanted to generate it offline and have it available on a OpenPGP smart card for daily use, and learning how to do it and finding time to sit down with an offline machine almost took forever. But finally I've been able to complete the process, and have now moved from my old GPG key to a new GPG key. See the full transition statement, signed with both my old and new key for the details. This is my new key:

pub   3936R/EE4E02F9 2015-11-03 [expires: 2019-11-14]
      Key fingerprint = 3AC7 B2E3 ACA5 DF87 78F1  D827 111D 6B29 EE4E 02F9
uid                  Petter Reinholdtsen <>
uid                  Petter Reinholdtsen <>
sub   4096R/87BAFB0E 2015-11-03 [expires: 2019-11-02]
sub   4096R/F91E6DE9 2015-11-03 [expires: 2019-11-02]
sub   4096R/A0439BAB 2015-11-03 [expires: 2019-11-02]

The key can be downloaded from the OpenPGP key servers, signed by my old key.

If you signed my old key (DB4CCC4B2A30D729), I'd very much appreciate a signature on my new key, details and instructions in the transition statement. I m happy to reciprocate if you have a similarly signed transition statement to present.

Planet DebianDirk Eddelbuettel: RcppAnnoy 0.0.7

A new version of RcppAnnoy, our Rcpp-based R integration of the nifty Annoy library by Erik, is now on CRAN. Annoy is a small, fast, and lightweight C++ template header library for approximate nearest neighbours.

This release mostly just catches up with the Annoy release 1.6.2 of last Friday. No new features were added on our side.

Courtesy of CRANberries, there is also a diffstat report for this release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


Krebs on SecurityChipotle Serves Up Chips, Guac & HR Email

The restaurant chain Chipotle Mexican Grill seems pretty good at churning out huge numbers of huge burritos, but the company may need to revisit some basic corporate cybersecurity concepts. For starters, Chipotle’s human resources department has been replying to new job applicants using the domain “” — a Web site name that the company has never owned or controlled.

chipemailTranslation: Until last week, anyone could have read email destined for the company’s HR department just by registering the domain “”. Worse, Chipotle itself has inadvertently been pointing this out for months in emails to everyone who’s applied for a job via the company’s Web site.

This security oversight by Chipotle was brought to light by reader Michael Kohlman, a professional IT expert who discovered the bug after applying for a job at the food retailer.

Kohlman, who’s between jobs at the moment, said he submitted his resume and application to Chipotle’s online HR department not necessarily because he wanted to be a restaurant employee, but more to satisfy the terms of his unemployment benefits (which require him to regularly show proof that he is actively looking for work).

Kohlman said after submitting his resume and application, he received an email from Chipotle Careers that bore the return address The Minnesota native said he became curious about the source of the Chipotle HR email when a reply sent to that address generated an error or “bounce” message saying his missive was undeliverable.

“The canned response was very odd,” Kohlman said. “Rather than indicating the email didn’t exist, [the bounced message] just came back and said it could not resolve the DNS settings.”

A quick search for ownership records on the domain showed that it had never before been registered. So, Kohlman said, on a whim he plunked down $30 to purchase it.

The welcome message that one receives upon successfully submitting an application for a job at Chipotle discourages users from replying to the message. But Kohlman said a brief look at the incoming email associated with that domain revealed a steady stream of wayward emails to — mainly from job seekers and people seeking password assistance to the Chipotle HR portal.

A confirmation letter from Chipotle Careers, which for at least several months used the reply address, a domain the company didn't own.

A confirmation letter I got from Chipotle Careers, which for at least several months used the reply address, a domain the company didn’t own.

“In nutshell, everything that goes in email to this HR system could be grabbed, so the potential for someone to abuse this is huge,” said Kohlman. “As someone who has made a big chunk of their career defending against cyber-attackers, I’d rather see Chipotle and others learn from their mistakes rather than cause any real damage.”

Kohlman has since offered to freely give over the domain to the restaurant chain. But Chipotle expressed zero interest in acquiring the free domain. In fact, Chipotle’s spokesman Chris Arnold says the company doesn’t see this as a big deal at all.

“The domain is not a functional address and never has been,” Arnold wrote in an emailed statement. “It never had any operational significance, and never served to solicit or accept any kind of response. So there has never been a security risk of any kind associated with this. That address is being changed to (a domain that we do own), but this has never been functional and is really a non-issue.”

I suppose that’s not really a shocking response from a $3.5 billion/year company that only just last month hired its first chief information officer. Chipotle still doesn’t have a job position that puts anyone in charge of computer security. One might say the company’s infosec security maturity level leaves a bit to be desired.

This entire debacle reminds me of a story I wrote for The Washington Post in 2008 titled “They Told You Not To Reply“. That piece was about an adventuresome young man who gamely registered the domain “” — just to see how badly the domain was being abused. Little did he know what he was signing up for: a constant glut of email destined for companies that had dumped customers there for years — including banks, defense contractors and a whole mess of other organizations that should have known better. He ending up publishing the funniest emails on his blog, and would usually only remove the emails after the offending companies agreed to make a donation to any local animal shelter.

CryptogramParis Attacks Blamed on Strong Cryptography and Edward Snowden

Well, that didn't take long:

As Paris reels from terrorist attacks that have claimed at least 128 lives, fierce blame for the carnage is being directed toward American whistleblower Edward Snowden and the spread of strong encryption catalyzed by his actions.

Now the Paris attacks are being used an excuse to demand back doors.

CIA Director John Brennan chimed in, too.

Of course, this was planned all along. From September:

Privately, law enforcement officials have acknowledged that prospects for congressional action this year are remote. Although "the legislative environment is very hostile today," the intelligence community's top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, "it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement."

There is value, he said, in "keeping our options open for such a situation."

I was going to write a definitive refutation to the meme that it's all Snowden's fault, but Glenn Greenwald beat me to it.

EDITED TO ADD: It wasn't fair for me to characterize Ben Wittes's Lawfare post as agitating for back doors. I apologize.

Better links are these two New York Times stories.

EDITED TO ADD (11/17): These two essays are also good.

EDITED TO ADD (11/18): The New York Times published a powerful editorial against mass surveillance.

EDITED TO ADD (11/19): The New York Times deleted a story claiming the attackers used encryption. Because it turns out they didn't use encryption.

Planet DebianSteve Kemp: lumail2 nears another release

I'm pleased with the way that Lumail2 development is proceeding, and it is reaching a point where there will be a second source-release.

I've made a lot of changes to the repository recently, and most of them boil down to moving code from the C++ side of the application, over to the Lua side.

This morning, for example, I updated the handing of index.limit to be entirely Lua based.

When you open a Maildir folder you see the list of messages it contains, as you would expect.

The notion of the index.limit is that you can limit the messages displayed, for example:

  • See all messages: Config:set( "index.limit", "all")
  • See only new/unread messages: Config:set( "index.limit", "new")
  • See only messages which arrived today: Config:set( "index.limit", "today")
  • See only messages which contain "Steve" in their formatted version: Config:set( "index.limit", "steve")

These are just examples that are present as defaults, but they give an idea of how things can work. I guess it isn't so different to Mutt's "limit" facilities - but thanks to the dynamic Lua nature of the application you can add your own with relative ease.

One of the biggest changes, recently, was the ability to display coloured text! That was always possible before, but a single line could only be one colour. Now colours can be mixed within a line, so this works as you might imagine:

Panel:append( "$[RED]This is red, $[GREEN]green, $[WHITE]white, and $[CYAN]cyan!" )

Other changes include a persistant cache of "stuff", which is Lua-based, the inclusion of at least one luarocks library to parse Date: headers, and a simple API for all our objects.

All good stuff. Perhaps time for a break in the next few weeks, but right now I think I'm making useful updates every other evening or so.

Google AdsenseWhen writing for humans, it helps to think like one

What is human-centered design, and why should you care?

Suppose you want to come up with a new way to engage your site visitors and attract more of them. You could lie on the couch and hope to dream up a genius idea... or you could try human-centered design.

Human-centered design is a creative approach to problem solving. It's taught by innovative institutions such as IDEO and the Stanford Design School and is often used to design new products.

But it's not just for designers. Publishers like you can use human-centered design to understand what audiences want and create new content to match. Why not give it a try?

The steps go like this:

1. Empathize: Observe, engage, and immerse

To get started, look at your users’ behavior and think about why they behave that way.
  • Meet some of your users and watch what they do with your content.
  • Engage with them. Ask them why they read or watch your content. Try to uncover their needs. 
  • Immerse yourself in their experience however you can. Try to discover the emotions that guide their behaviors. Which specific users do you want to create new content for?
Let's say we have a blog focused on the millennial generation and their interests. By meeting and talking with our audience, we learn that a small but growing group of young professional women find our blog really valuable. We decide to focus on this audience.

2. Define: Focus and paraphrase

What is the main user need? Based on what you've heard and learned, create a problem statement. It should look something like this:

"Young professional women need to know more about how to advance their careers, because they aspire to move into management roles."

This is a good problem statement because it:
  • Targets a clear cohort of users.
  • Addresses a specific need.
  • Is something you can take action on.

3. Ideate: Explore

Now it's time to explore as many possible ideas as you can think of. Here are some key ideas for brainstorming:
  • Be prolific. Go for a high quantity and wide variety of ideas.
  • Be positive. Use the mantra "Yes, and" to build ideas on top of each other.
  • Be patient. Don't interrupt yourself or critique ideas as you think of them. You can judge them later.
Use guiding questions. For instance, "How might we…"
  1. Connect relatable role models with our young professional women readers?
  2. Give them useful strategies for managing up?
  3. Address the biases women may face in the workplace? 
4. Prototype: Create

Now you're ready to start building. Choose your best idea and build as many prototype solutions as you can. Prototypes can be things like:

  • Post-it notes
  • Role playing
  • Storyboards
  • Objects

Use any prototype you like, as long as it's something you can show to test users to judge their reactions.  For our blog, we might:

Create a video interview with female executives and transcribe it for the blog.

Go to a conference on women in leadership and post notes on conversations we have there.

Present data that shows how progressive companies have tried to address the problem and what can be implemented at smaller companies. 

Hold a Google Hangout and invite readers to join in and talk with a guest speaker.

5. Test: Experiment, refine

Now you're ready to take things back to your target users again. Show them your prototypes and once again observe, empathize, and immerse yourself in their experience. Ask for feedback. Listen. Then use what you hear to refine the prototype. Refine and repeat as necessary.

You'll need patience for this creative problem-solving approach. But when you're done, your ideas will be stronger because they grow from the needs of your users. The more you get to know your audience, the better you can anticipate their needs and adjust your content strategy to engage them in the future.

We hope you find this new thinking useful whenever you design something new. Let us know what you think about the human-centered design in the comments below.
Not yet an AdSense user? Sign up now!

Posted by Michael Le
Strategic Partnership Manager

Planet DebianDaniel Pocock: Quick start using Blender for video editing

Updated 2015-11-16 for WebM

Although it is mostly known for animation, Blender includes a non-linear video editing system that is available in all the current stable versions of Debian, Ubuntu and Fedora.

Here are some screenshots showing how to start editing a video of a talk from a conference.

In this case, there are two input files:

  • A video file from a DSLR camera, including an audio stream from a microphone on the camera
  • A separate audio file with sound captured by a lapel microphone attached to the speaker's smartphone. This is a much better quality sound and we would like this to replace the sound included in the video file.

Open Blender and choose the video editing mode

Launch Blender and choose the video sequence editor from the pull down menu at the top of the window:

Now you should see all the video sequence editor controls:

Setup the properties for your project

Click the context menu under the strip editor panel and change the panel to a Properties panel:

The video file we are playing with is 720p, so it seems reasonable to use 720p for the output too. Change that here:

The input file is 25fps so we need to use exactly the same frame rate for the output, otherwise you will either observe the video going at the wrong speed or there will be a conversion that is CPU intensive and degrades the quality. Also check that the resolution_percentage setting under the picture dimensions is 100%:

Now specify output to PNG files. Later we will combine them into a WebM file with a script. Specify the directory where the files will be placed and use the # placeholder to specify the number of digits to use to embed the frame number in the filename:

Now your basic rendering properties are set. When you want to generate the output file, come back to this panel and use the Animation button at the top.

Editing the video

Use the context menu to change the properties panel back to the strip view panel:

Add the video file:

and then right click the video strip (the lower strip) to highlight it and then add a transform strip:

Audio waveform

Right click the audio strip to highlight it and then go to the properties on the right hand side and click to show the waveform:

Rendering length

By default, Blender assumes you want to render 250 frames of output. Looking in the properties to the right of the audio or video strip you can see the actual number of frames. Put that value in the box at the bottom of the window where it says 250:

Enable AV-sync

Also at the bottom of the window is a control to enable AV-sync. If your audio and video are not in sync when you preview, you need to set this AV-sync option and also make sure you set the frame rate correctly in the properties:

Add the other sound strip

Now add the other sound file that was recorded using the lapel microphone:

Enable the waveform display for that sound strip too, this will allow you to align the sound strips precisely:

You will need to listen to the strips to make an estimate of the time difference. Use this estimate to set the "start frame" in the properties for your audio strip, it will be a negative value if the audio strip starts before the video. You can then zoom the strip panel to show about 3 to 5 seconds of sound and try to align the peaks. An easy way to do this is to look for applause at the end of the audio strips, the applause generates a large peak that is easily visible.

Once you have synced the audio, you can play the track and you should not be able to hear any echo. You can then silence the audio track from the camera by right clicking it, look in the properties to the right and change volume to 0.

Make any transforms you require

For example, to zoom in on the speaker, right click the transform strip (3rd from the bottom) and then in the panel on the right, click to enable "Uniform Scale" and then set the scale factor as required:

Render the video output to PNG

Click the context menu under the Curves panel and choose Properties again.

Click the Animation button to generate a sequence of PNG files for each frame.

Render the audio output

On the Properties panel, click the Audio button near the top. Choose a filename for the generated audio file.

Look on the bottom left-hand side of the window for the audio file settings, change it to the ogg container and Vorbis codec:

Ensure the filename has a .ogg extension

Now look at the top right-hand corner of the window for the Mixdown button. Click it and wait for Blender to generate the audio file.

Combine the PNG files and audio file into a WebM video file

You will need to have a few command line tools installed for manipulating the files from scripts. Install them using the package manager, for example, on a Debian or Ubuntu system:

# apt-get install mjpegtools vpx-tools mkvtoolnix

Now create a script like the following:

#!/bin/bash -e

# Set this to match the project properties

# Set this to the rate you desire:


NUM_FRAMES=`find ${PNG_DIR} -type f | wc -l`

png2yuv -I p -f $FRAME_RATE -b 1 -n $NUM_FRAMES \
    -j ${PNG_DIR}/%08d.png > ${YUV_FILE}

vpxenc --good --cpu-used=0 --auto-alt-ref=1 \
   --lag-in-frames=16 --end-usage=vbr --passes=2 \
   --threads=2 --target-bitrate=${TARGET_BITRATE} \
   -o ${WEBM_FILE}-noaudio ${YUV_FILE}

rm ${YUV_FILE}

mkvmerge -o ${WEBM_FILE} -w ${WEBM_FILE}-noaudio ${AUDIO_FILE}

rm ${WEBM_FILE}-noaudio

Next steps

There are plenty of more comprehensive tutorials, including some videos on Youtube, explaining how to do more advanced things like fading in and out or zooming and panning dynamically at different points in the video.

If the lighting is not good (faces too dark, for example), you can right click the video strip, go to the properties panel on the right hand side and click Modifiers, Add Strip Modifier and then select "Color Balance". Use the Lift, Gamma and Gain sliders to adjust the shadows, midtones and highlights respectively.

LongNow“100 Years of Robot Art and Science in the Bay Area” Long Conversation November 20th 02015

Running Machine and Dual Mule

On November 20, 02015, our Executive Director Alexander Rose is helping organize a free “Long Conversation” about the history of robots with UC Berkeley’s Ken Goldberg at “Friday Nights at the DeYoung”.

The event starts at 6:30, with doors at 6:00pm in the Koret Auditorium of the De Young Museum.

A “Long Conversation” is a relay style speaking event. In this case, it is a 2 hour relay of 10 minute public conversations between 11 pairs of speakers who will be speaking on “100 Years of Robot Art and Science in the Bay Area”. The conversation is part of a larger exhibit honoring the 100 year anniversary of the 1915 Panama-Pacific International Exposition. The participants of this conversation include:

  • Josette Melchor (Grey Area Foundation for the Arts)
  • Dorothy R. Santos (writer, curator)
  • Tim Roseborough (artist, musician, former Kimball Artist-in-Residence)
  • John Markoff (author of Machines of Loving Grace)
  • Karen Marcelo (dorkbotSF)
  • David Pescovitz (Institute for the Future)
  • Catharine Clark (Catharine Clark Gallery)
  • Alexander Rose (director, Long Now Foundation)
  • Pieter Abbeel (professor, Computer Sciences, UC Berkeley)
  • Terry Winograd (Computer Science department, Stanford Univeristy)
  • Kal Spelletich (Seeman)
  • Artist Jenny Odell, who will be providing live images (VJing)

Friday Nights at the de Young are after-hours art happenings that include a mix of live music, dance and theater performances, film screenings, panel discussions, lectures, artist demonstrations, hands-on art activities, and exhibition tours. Local artists conduct drop-in workshops, debut new commissions, display their art in the Kimball Education Gallery, and take part in conversations about the creative process. The café offers a delicious prix-fixe menu and specialty cocktails, and the Hamon Tower observation level is open until 8 pm. Artists-in-Residence, curators, scholars, and arts educators play active roles in making Friday Nights an engaging museum experience.

We hope to see you there.

Sociological ImagesOn the insidious sexism of the Covergirl Star Wars collection

So, Star Wars is out with a new movie and instead of pretending female fans don’t exist, Disney has decided to license the Star Wars brand to Covergirl. A reader named David, intrigued, sent in a two-page ad from Cosmopolitan for analysis.

What I find interesting about this ad campaign — or, more accurately — boring, is its invitation to women to choose whether they are good or bad. “Light side or dark side. Which side are you on?” it asks. Your makeup purchases, apparently, follow.




This is the old — and by “old” I mean ooooooooold — tradition of dividing women into good and bad. The Madonna and the whore. The woman on the pedestal and her fallen counterpart. Except Covergirl, like many cosmetics companies before that have used exactly the same gimmick, is offering women the opportunity to choose which she wants to be. Is this some sort of feminist twist? Now we get to choose whether men want to marry us or just fuck us? Great.

But that part’s just boring. What’s obnoxious about the ad campaign is the idea that, for women, what really matters about the ultimate battle between good and evil is whether it goes with her complexion. It affirms the stereotype that women are deeply trivial, shallow, and vapid. What interests us about Star Wars? Why, makeup, of course!

If David — who also noted the inclusion of a single Asian model as part of the Dark Side — hadn’t asked me to write about this, I probably wouldn’t have. It feels like low hanging fruit because it’s just makeup advertising and who cares. But this constant message that women are genuinely excited at the idea of getting to choose which color packet to use as some sort of idiotic contribution to a battle of good versus evil is corrosive.

Moreover, the constant reiteration of the idea that we are thrilled to paint our faces actually obscures the fact that we are essentially required to do so if we want to be taken seriously as professionals, potential partners or, really, valuable human beings. So, not only does this kind of message teach us not to take women seriously at all, it hides the very serious way in which we are actively forced to capitulate to the male gaze — every. damn. day. — and feed capitalism while we’re at it.

This ad isn’t asking us if we want to be on the dark side or the light side. It’s asking us if we want to wear makeup or wear makeup. It’s not a choice at all. But it sure does make subordination seem fun.

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

Planet DebianJulien Danjou: Profiling Python using cProfile: a concrete case

Writing programs is fun, but making them fast can be a pain. Python programs are no exception to that, but the basic profiling toolchain is actually not that complicated to use. Here, I would like to show you how you can quickly profile and analyze your Python code to find what part of the code you should optimize.

What's profiling?

Profiling a Python program is doing a dynamic analysis that measures the execution time of the program and everything that compose it. That means measuring the time spent in each of its functions. This will give you data about where your program is spending time, and what area might be worth optimizing.

It's a very interesting exercise. Many people focus on local optimizations, such as determining e.g. which of the Python functions range or xrange is going to be faster. It turns out that knowing which one is faster may never be an issue in your program, and that the time gained by one of the functions above might not be worth the time you spend researching that, or arguing about it with your colleague.

Trying to blindly optimize a program without measuring where it is actually spending its time is a useless exercise. Following your guts alone is not always sufficient.

There are many types of profiling, as there are many things you can measure. In this exercise, we'll focus on CPU utilization profiling, meaning the time spent by each function executing instructions. Obviously, we could do many more kind of profiling and optimizations, such as memory profiling which would measure the memory used by each piece of code – something I talk about in The Hacker's Guide to Python.


Since Python 2.5, Python provides a C module called cProfile which has a reasonable overhead and offers a good enough feature set. The basic usage goes down to:

>>> import cProfile
>>>'2 + 2')
2 function calls in 0.000 seconds
Ordered by: standard name
ncalls tottime percall cumtime percall filename:lineno(function)
1 0.000 0.000 0.000 0.000 <string>:1(<module>)
1 0.000 0.000 0.000 0.000 {method 'disable' of '_lsprof.Profiler' objects}

Though you can also run a script with it, which turns out to be handy:

$ python -m cProfile -s cumtime
72270 function calls (70640 primitive calls) in 4.481 seconds
Ordered by: cumulative time
ncalls tottime percall cumtime percall filename:lineno(function)
1 0.004 0.004 4.481 4.481<module>)
1 0.001 0.001 4.296 4.296
3 0.000 0.000 4.286 1.429
3 0.000 0.000 4.268 1.423
4/3 0.000 0.000 3.816 1.272
4 0.000 0.000 2.965 0.741
4 0.000 0.000 2.962 0.740
4 0.000 0.000 2.961 0.740
2 0.000 0.000 2.675 1.338
30 0.000 0.000 1.621 0.054
30 0.000 0.000 1.621 0.054
30 1.621 0.054 1.621 0.054 {method 'read' of '_ssl._SSLSocket' objects}
1 0.000 0.000 1.611 1.611
4 0.000 0.000 1.572 0.393
4 0.000 0.000 1.572 0.393
60 0.000 0.000 1.571 0.026
4 0.000 0.000 1.571 0.393
1 0.000 0.000 1.462 1.462
1 0.000 0.000 1.462 1.462
1 0.000 0.000 1.462 1.462
1 0.000 0.000 1.459 1.459

This prints out all the function called, with the time spend in each and the number of times they have been called.

Advanced visualization with KCacheGrind

While being useful, the output format is very basic and does not make easy to grab knowledge for complete programs. For more advanced visualization, I leverage KCacheGrind. If you did any C programming and profiling these last years, you may have used it as it is primarily designed as front-end for Valgrind generated call-graphs.

In order to use, you need to generate a cProfile result file, then convert it to KCacheGrind format. To do that, I use pyprof2calltree.

$ python -m cProfile -o myscript.cprof
$ pyprof2calltree -k -i myscript.cprof

And the KCacheGrind window magically appears!

Concrete case: Carbonara optimization

I was curious about the performances of Carbonara, the small timeserie library I wrote for Gnocchi. I decided to do some basic profiling to see if there was any obvious optimization to do.

In order to profile a program, you need to run it. But running the whole program in profiling mode can generate a lot of data that you don't care about, and adds noise to what you're trying to understand. Since Gnocchi has thousands of unit tests and a few for Carbonara itself, I decided to profile the code used by these unit tests, as it's a good reflection of basic features of the library.

Note that this is a good strategy for a curious and naive first-pass profiling. There's no way that you can make sure that the hotspots you will see in the unit tests are the actual hotspots you will encounter in production. Therefore, a profiling in conditions and with a scenario that mimics what's seen in production is often a necessity if you need to push your program optimization further and want to achieve perceivable and valuable gain.

I activated cProfile using the method described above, creating a cProfile.Profile object around my tests (I actually started to implement that in testtools). I then run KCacheGrind as described above. Using KCacheGrind, I generated the following figures.

The test I profiled here is called test_fetch and is pretty easy to understand: it puts data in a timeserie object, and then fetch the aggregated result. The above list shows that 88 % of the ticks are spent in set_values (44 ticks over 50). This function is used to insert values into the timeserie, not to fetch the values. That means that it's really slow to insert data, and pretty fast to actually retrieve them.

Reading the rest of the list indicates that several functions share the rest of the ticks, update, _first_block_timestamp, _truncate, _resample, etc. Some of the functions in the list are not part of Carbonara, so there's no point in looking to optimize them. The only thing that can be optimized is, sometimes, the number of times they're called.

The call graph gives me a bit more insight about what's going on here. Using my knowledge about how Carbonara works, I don't think that the whole stack on the left for _first_block_timestamp makes much sense. This function is supposed to find the first timestamp for an aggregate, e.g. with a timestamp of 13:34:45 and a period of 5 minutes, the function should return 13:30:00. The way it works currently is by calling the resample function from Pandas on a timeserie with only one element, but that seems to be very slow. Indeed, currently this function represents 25 % of the time spent by set_values (11 ticks on 44).

Fortunately, I recently added a small function called _round_timestamp that does exactly what _first_block_timestamp needs that without calling any Pandas function, so no resample. So I ended up rewriting that function this way:

def _first_block_timestamp(self):
- ts = self.ts[-1:].resample(self.block_size)
- return (ts.index[-1] - (self.block_size * self.back_window))
+ rounded = self._round_timestamp(self.ts.index[-1], self.block_size)
+ return rounded - (self.block_size * self.back_window)

And then I re-run the exact same test to compare the output of cProfile.

The list of function seems quite different this time. The number of time spend used by set_values dropped from 88 % to 71 %.

The call stack for set_values shows that pretty well: we can't even see the _first_block_timestamp function as it is so fast that it totally disappeared from the display. It's now being considered insignificant by the profiler.

So we just speed up the whole insertion process of values into Carbonara by a nice 25 % in a few minutes. Not that bad for a first naive pass, right?

RacialiciousCon Or Bust Assistance Program For POC Sci-Fi Fans Open Until Nov. 25

If you or any POC fan you know are looking to go to Science fiction/fantasy (SFF) conventions in 2016, you should know that Con Or Bust has opened up its request process until Nov. 25.

The organization is devoted to helping POC fans attend more SFF events. Requests are confidential and can be made through the form located here.

To give you an idea of how the project’s scope has expanded since it began in 2009, here’s an excerpt from its website:

From April 2013 through March 2014, Con or Bust helped 30 different people attend cons 32 times. People attended seventeen different cons. The monetary portion of Con or Bust’s awards again ranged from $0 (membership transfers only) to $1,000. Eleven awards were in the range of $200-450, and seven were from $500-700. At the end of this period, Con or Bust carried forward a balance of approximately $7,700.

The 2014 auction and associated matching challenge raised $16,476. These funds, together with the balance from the prior year, funded assistance for March 2014 through early May 2015. In addition, starting from April 2014, Con or Bust permitted people to request monetary assistance for any upcoming SFF con, not merely cons in the next quarter.

From March 2014 through early May 2015, Con or Bust provided assistance 95 times to help 85 different people attend 25 different cons. Of those 95 times, 41 did not include monetary assistance, only donated memberships (or, in one case, a hotel room donated by a convention). Monetary assistance was provided 54 times, sometimes in conjunction with donated memberships. The awards ranged from $25 to $2,300; 34 of the 54 awards were $500 or less. At the close of this period, Con or Bust carried forward a balance of $67.42.

The 2015 auction was held later in the calendar year than previously, ending in early May; bids and donations raised $12,726 to support Con or Bust for the next twelve months.

In August 2015, a donation drive by John Scalzi raised a total of $11,840.92.

Check under the cut for a listing of 2016 conventions that are covered in this assistance period, along with the number of open membership slots for each as of 11 p.m. PST on Nov. 15.

Membership assistance for these conventions is open on a first-come, first-served basis:

  • Arisia — Jan. 15-18, Boston: Five con memberships and one hotel room with double beds (Friday-Monday) are available. Guests of Honor: John Scalzi (Author); Johnna Y. Klukas (Artist); Pablo Miguel Alberto Vazquez III (Fan).
  • Farpoint 23 — Feb. 12-14, Timonium, Maryland: Two memberships are available, and must be claimed by Jan. 31. Confirmed guests: David Gerrold, Sean Maher.
  • Boskone — Feb. 19-21, Boston: Two memberships are available. Guest of Honor: Garth Nix.
  • SFContario 6 — Nov. 20-22, Toronto, Canada: Two memberships are available. Guests of Honor: Saladin Ahmed, Tom Smith, and Peter Watts.

Membership assistance for these 2016 conventions is only open through Nov. 25:

  • FOGcon 6 — March 11-13, Walnut Creek, Calif.: Three memberships are available. Honored Guests: Ted Chiang, Donna Haraway, Jo Walton, and Octavia Butler (posthumous).
  • AnomalyCon — March 25-27, Denver: Twenty passes are available for this steampunk and alternate history event. Passes must be claimed by March 1. Note: This convention requires legal names on badges. Guests include Racialicious Guest Contributor Jaymee Goh.
  • Wiscon 40 — May 27-30, Madison, Wisc.: Three memberships are available. Guests of Honor: Nalo Hopkinson, Justine Larbalestier, and Sofia Samatar.
  • Satellite 5 — May 28-29, Glasgow, Scotland: One membership is available. Guest of Honor: Jaine Fenn.
  • ConQuesT — May 27-29, Kansas City: Four memberships are available, which must be claimed by March 30, 2016. Guests of Honor: Julie Dillon, Lindsay Ellis, Diane Lacey, Seanan McGuire, and Nnedi Okorafor.
  • Au Contraire 2016 — June 3-5, Wellington, New Zealand: One membership is available. Guests include A.J. Fitzwater, Stephanie Paul, Martin Wallace.
  • Westercon 69 — July 1-4, Portland: Ten attending memberships are available. Guests of Honor: John Scalzi (Writer); Theresa Mather (Artist); David D. Levine (Fan).
  • CON.TXT — July 29-31, Arlington, Virginia: Two memberships are available, and must be claimed before May 2016. Attendees must be 18 or older on July 29, 2016.

Top image via Farpoint Con Facebook page

The post Con Or Bust Assistance Program For POC Sci-Fi Fans Open Until Nov. 25 appeared first on Racialicious - the intersection of race and pop culture.

CryptogramDid Carnegie Mellon Attack Tor for the FBI?

There's pretty strong evidence that the team of researchers from Carnegie Mellon University who canceled their scheduled 2015 Black Hat talk deanonymized Tor users for the FBI.

Details are in this Vice story and this Wired story (and these two follow-on Vice stories). And here's the reaction from the Tor Project.

Nicholas Weaver guessed this back in January.

The behavior of the researchers is reprehensible, but the real issue is that CERT Coordination Center (CERT/CC) has lost its credibility as an honest broker. The researchers discovered this vulnerability and submitted it to CERT. Neither the researchers nor CERT disclosed this vulnerability to the Tor Project. Instead, the researchers apparently used this vulnerability to deanonymize a large number of hidden service visitors and provide the information to the FBI.

Does anyone still trust CERT to behave in the Internet's best interests?

Worse Than FailureQuality Overhaul


"Hey, did you see the email? They're remaking our website!"

"No way, Dave. You're kidding." Cody rushed to his PC and opened the latest company newsletter. After three years of working at IniVenture, he found the news hard to believe. Despite many pleas from the employees, management had never dared to touch that relic of late 90s web design, opting to spend their time and money on more lucrative ventures instead.

"'Over the next few months,'" he read aloud with Dave peeking over his shoulder, "'we'll be cooperating with Victory Design, an award-winning web design and development agency, to bring IniVenture even closer to the world of Internet and modern technology.'"

"As if we were anywhere close to that now," Dave groaned, then took to hunting the usual bull. "Let's see: 'latest technologies,' 'brand synergy,' 'your feedback matters,' blah blah blah ... " He smirked. "Well, I don't know about you, but I can't wait to see the revamp. It's going to be a beautiful disaster."

Months passed without any news about the new website. Some employees sent their suggestions and offered help, only to be met with a standardized response and no follow-up. The newsletter didn't offer many updates either, other than the occasional reassurance that the project was "right on track" and would be completed "shortly." Reading between the lines, it seemed the revamp had either been shoved aside or canned.

Until one day, Cody ended up paying a visit to the IT department.

"Hi, Jen," he greeted the mousy girl tapping at the keyboard. "Can you hook me up with a clean laptop? We have a new guy starting in a few days."

"Uh, yeah, sure, but it'll have to wait a while," she said, not lifting her eyes from the monitor. "I'm just deploying the new website, so ..."

"Oh, it's done already?" Cody asked, surprised. "Is it any good?"

"I ... don't know, really," Jen answered. "I didn't even have time to look at it. The moment the PM got the first version from the designers, she forwarded it to me and told me to put it on a public server immediately."

"Wait, seriously?" Cody's eyes went wide. "Aren't you guys going to, um, test it or anything?"

"I tried to explain, and the other company did too, but ... well, let's just say I got my orders." Jen shrugged and went back to hacking at the keyboard.

"Well, good luck then."

Cody sneaked out of the room and went back to his desk. Wow, what a mess, he thought. It's probably going to be down for at least a week, maybe more.

But he turned out to be wrong. Just an hour later, his browser opened to the new, sleek, and remodelled IniVenture home page.

Except the more he dug into it, the more problems he found. Some links lead to 404 pages, others went into infinite redirect loops. A few images and captions were missing. And to top it off, most projects and clients were just test data left over by the developers, all of them located in "SAMPLE City, SAMPLE State, US".

Trying not to laugh, Cody clicked the "Employee Survey" link to let management know about the issues. The page promised that every employee who offered his feedback would be entered into a drawing to win a new iPhone. He answered the questions eagerly but honestly, describing his findings in detail. Then, when the last field of the form asked him to provide his name and email for the sweepstake, something dawned on him ...

"Hey, did you see the email? Guess who's the lucky guy with the new iPhone?"

"What, did I win?" Dave ran to Cody's desk and peeked over his shoulder. Trying not to laugh, Cody pulled up the latest company newsletter.

"'The new website proved to be an amazing success. We'd like to thank everyone for their efforts, and we'd like to thank over 17,000 of our employees for taking the time to voice their feedback.'"

"Wait, what?!" Dave cried. "We don't even have a tenth of—"

"Read on." Cody buried his face in his hands to contain the laughing fit.

"'The lucky winner of a new iPhone 6S is Mr. Bruce Wayne, who can contact our corporate offices at Gotham City to ...'" Dave shook his head. "Great. Now we have Batman working for us?"

"Either that, or someone failed to make sure that the employee survey was for employees only!" Giggling like a madman, Cody closed the email client.

It wasn't until the following month that management figured out the problems with the website. They ended up taking it down for a month of maintenance, then silently replaced it with the old version.

And as far as everybody at IniVenture knows, the Dark Knight never showed up to collect his iPhone.

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Planet Linux AustraliaSteven Hanley: [mtb/events] Australian Single Speed Nationals 2012 - Beechworth, Bushranger themed (sort of)

Posing with Jeebus (fullsize)
Wow right now I am finding it surprising I have not been to the single speed nationals since 2012, (un) organised every year by a group of locals somewhere, sort of overseen by Australian Recreational Singlespeed Enthusiasts (ARSE). The 2010 Canberra SSNATS event in Majura Pines was heaps of fun, organised by Canberra One Gear Society (COGS).

In 2013 the event was in Cairns and though it sounded fun I decided it was just a bit too far to head up there for the event, in 2014 I tried and tried to talk friends into heading up for the weekend in Dungog NSW, however few of my Canberra friends were keen and I did something else that weekend (softie that I am).

I am still hoping the road trip to Wombat State Forest in Victoria will go ahead for the 2015 event. There was a ANZAC event in Rotortua over easter however I skipped that. This however is all getting off the topic of 2012.

I made it down to 2012, camping with McCook and having a fantastic weekend of mtb riding with the crew in Beechworth. The rather important aspect of beer was sorted that weekend and Bridge Road Brewerers in that town and they are possibly my favourite brewer in Australia.

The Beechworth mtb park is a great mix of interesting technical stuff and fun all in native bush, there were other ride options as can be seen in my gallery also. Photos and words from the 2012 Australian Single Speed Nationals are online in the link.

Planet Linux AustraliaErik de Castro Lopo: Forgive me Curry and Howard for I have Sinned.

Forgive me Curry and Howard for I have sinned.

For the last several weeks, I have been writing C++ code. I've been doing some experimentation in the area of real-time audio Digital Signal Processing experiments, C++ actually is better than Haskell.

Haskell is simply not a good fit here because I need:

  • To be able to guarantee (by inspection) that there is zero memory allocation/de-allocation in the real-time inner processing loop.
  • Things like IIR filters are inherently stateful, with their internal state being updated on every input sample.

There is however one good thing about coding C++; I am constantly reminded of all the sage advice about C++ I got from my friend Peter Miller who passed away a bit over a year ago.

Here is an example of the code I'm writing:

  class iir2_base
      public :
          // An abstract base class for 2nd order IIR filters.
          iir2_base () ;

          // Virtual destructor does nothing.
          virtual ~iir2_base () { }

          inline double process (double in)
              unsigned minus2 = (minus1 + 1) & 1 ;
              double out = b0 * in + b1 * x [minus1] + b2 * x [minus2]
                              - a1 * y [minus1] - a2 * y [minus2] ;
              minus1 = minus2 ;
              x [minus1] = in ;
              y [minus1] = out ;
              return out ;

      protected :
          // iir2_base internal state (all statically allocated).
          double b0, b1, b2 ;
          double a1, a2 ;
          double x [2], y [2] ;
          unsigned minus1 ;

      private :
          // Disable copy constructor etc.
          iir2_base (const iir2_base &) ;
          iir2_base & operator = (const iir2_base &) ;
  } ;

Planet DebianWouter Verhelst: terrorism

noun | ter·ror·ism | \ˈter-ər-ˌi-zəm\ | no plural

The mistaken belief that it is possible to change the world through acts of cowardice.

First use in English 1795 in reference to the Jacobin rule in Paris, France.

ex.: They killed a lot of people, but their terrorism only intensified the people's resolve.

Planet DebianDirk Eddelbuettel: Rcpp 0.12.2: More refinements

The second update in the 0.12.* series of Rcpp is now on the CRAN network for GNU R. As usual, I will also push a Debian package. This follows the 0.12.0 release from late July which started to add some serious new features, and builds upon the 0.12.1 release in September. It also marks the sixth release this year where we managed to keep a steady bi-montly release frequency.

Rcpp has become the most popular way of enhancing GNU R with C or C++ code. As of today, 512 packages on CRAN depend on Rcpp for making analytical code go faster and further. That is up by more than fifty package from the last release in September (and we recently blogged about crossing 500 dependents).

This release once again features pull requests from two new contributors with Nathan Russell and Tianqi Chen joining in. As shown below, other recent contributors (such as such as Dan) are keeping at it too. Keep'em coming! Luke Tierney also email about a code smell he spotted and which we took care of. A big Thank You! to everybody helping with code, bug reports or documentation. See below for a detailed list of changes extracted from the NEWS file.

Changes in Rcpp version 0.12.2 (2015-11-14)

  • Changes in Rcpp API:

    • Correct return type in product of matrix dimensions (PR #374 by Florian)

    • Before creating a single String object from a SEXP, ensure that it is from a vector of length one (PR #376 by Dirk, fixing #375).

    • No longer use STRING_ELT as a left-hand side, thanks to a heads-up by Luke Tierney (PR #378 by Dirk, fixing #377).

    • Rcpp Module objects are now checked more carefully (PR #381 by Tianqi, fixing #380)

    • An overflow in Matrix column indexing was corrected (PR #390 by Qiang, fixing a bug reported by Allessandro on the list)

    • Nullable types can now be assigned R_NilValue in function signatures. (PR #395 by Dan, fixing issue #394)

    • operator<<() now always shows decimal points (PR #396 by Dan)

    • Matrix classes now have a transpose() function (PR #397 by Dirk fixing #383)

    • operator<<() for complex types was added (PRs #398 by Qiang and #399 by Dirk, fixing #187)

  • Changes in Rcpp Attributes:

    • Enable export of C++ interface for functions that return void.

  • Changes in Rcpp Sugar:

    • Added new Sugar function cummin(), cummax(), cumprod() (PR #389 by Nathan Russell fixing #388)

    • Enabled sugar math operations for subsets; e.g. x[y] + x[z]. (PR #393 by Kevin and Qiang, implementing #392)

  • Changes in Rcpp Documentation:

    • The NEWS file now links to GitHub issue tickets and pull requests.

    • The Rcpp.bib file with bibliographic references was updated.

Thanks to CRANberries, you can also look at a diff to the previous release As always, even fuller details are on the Rcpp Changelog page and the Rcpp page which also leads to the downloads page, the browseable doxygen docs and zip files of doxygen output for the standard formats. A local directory has source and documentation too. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet Linux AustraliaSam Watkins: sswam

TLDR: Division by zero is not as scary as it’s made out to be:

a/0 = b ⟺ a = 0

Division is multiplication, backwards. These two equations are exactly equivalent, by definition:

a/c = b

a = b×c

It’s easy to understand division by zero if we look at the equivalent multiplication.

a/0 = b

a = b×0

For any real number b:

a = b×0 = 0

a = 0

There are two cases with division by zero:

If a = 0, then a/0 = b is unconstrained, any real number b satisfies the equation. You can discard such an equation which does not constraint the result.

If a ≠ 0 then a/0 = b is contradictory. There is no real number b which satisfies that equation. This is still useful to know; “there is no answer” can be a sort of meta-answer. For example if trying to solve a system of equations of static forces, “there is no answer” might mean you need to consider a different design for your bridge!

There is no need to consider advanced concepts such as limits in order to fully understand division.

In short, a/0 = b is true if and only if a = 0.

If you see such an equation a/0 = b, you may simplify it to a = 0.

a/0 = b ⟺ a = b×0 ⟺ a = 0

a/0 = b ⟺ a = 0

I posted this here about a year ago:

Cory DoctorowThe Internet will always suck

Have you ever wondered why the Internet is always just a little bit too slow to support the kind of activity you’re trying to undertake? My latest Locus column, The Internet Will Always Suck, hypothesizes that whenever the Internet gets a little faster or cheaper, that unlocks a bunch of applications that couldn’t gain purchase at the old levels, and they rush in to fill in the new space that’s been opened up. The good news is that new ways of connecting with one another are always being opened up. The bad news is that this means that the net will always be more-or-less broken for whatever we depend upon it most.

Why do people use crappy VoIP connections? Because in a world where telephone carriers still treat ‘‘long distance’’ as a premium prod­uct to be charged for by the second, the alternative for many users is no connection at all. Why do users try to download giant media files over cellular network connections on moving trains? Because the alternative isn’t waiting until you get to the office – it’s blowing a deadline and tanking the whole project.

The corallary of this: whatever improvements are made to the network will be swallowed by a tolerance for instability as an alternative to noth­ing at all. When advocates of network quality-of-service guarantees talk about the need to give telesurgeons highly reliable connections to the robots conducting surgery on the other side of the world, the point they miss is that as soon as telesurgery is a possibility, there will be ‘‘special circumstances’’ that require telesurgeons to conduct operations even when the reliable reserved lines aren’t available. If a child is pulled from the rubble of a quake in some rich, mediagenic city and the only orthopedic surgeon that can save him is on the other side of the world, she will inevitably end up operating Dr Robot over whatever crappy network connection the rescue crews can jury-rig in the wreckage.

The corollary of this: always assume that your users are in a zone of patchy coverage, far from technical assistance, working with larger files than they should, under tighter deadlines than is sane, without a place to recharge their battery. Don’t make your users load three screens to approve a process, and if you do, make sure that if one of those screens times out and has to be reloaded, it doesn’t start the process over. Assume every download will fail and need to be recovered midstream. Assume their IP addresses will change midstream as they hunt for a wifi network with three bars.

The Internet Will Always Suck [Cory Doctorow/Locus]

(Image: No Signal, Silverisdead, CC-BY)

Planet DebianNorbert Preining: Movies: Monuments Men and Interstellar

Over the rainy weekend we watched two movies: Monuments Men (in Japanese it is called Michelangelo Project!) and Interstellar. Both blockbuster movies from the usual American companies, they are light-years away when it comes to quality. The Monuments Men are boring, without a story, without depth, historically inaccurate, a complete failure. Interstellar, although a long movie, keeps you frozen in the seat while being as scientific as possible and starts your brain working heavily.


My personal verdict: 3 rotten eggs (because Rotten Tomatoes are not stinky enough) for the Monuments Men, and 4 stars for Interstellar.


First for the plot of the two movies: The Monuments Men is loosely based on a true story about rescuing pieces of art at the end of the second world war, before the Nazis destroy them or the Russian take them away. A group of art experts is sent into Europe and manages to find several hiding places of art taken by the Nazis.

Interstellar is set in near future where the conditions on the earth are deteriorating to a degree that human life seems to be soon impossible. Some years before the movie plays a group of astronauts were sent through a wormhole into a different galaxy to search for new inhabitable planets. Now it is time to check out these planets, and try to establish colonies there. Cooper, a retired NASA officer and pilot, now working as farmer, and his daughter are guided by some mysterious way to a secret NASA facility. Cooper is drafted for being a pilot on the reconnaissance mission, and leaves earth and our galaxy through the same wormhole. (Not telling more!)

Monuments Men

Looking at the cast of Monuments Men (George Clooney, Matt Damon, Bill Murray, John Goodman, Jean Dujardin, Bob Balaban, Hugh Bonneville, and Cate Blanchett) one would expect a great movie – but from the very first to the very last scene, it is a slowly meandering shallow flow of sticked together scenes without much coherence. Tension is generated only through unrelated events (stepping onto a landmine, patting a horse), but never developed properly. Dialogs are shallow and boring – with one exception: When Frank Stokes (George Clooney) meets the one German and inquires general about the art, predicting his future being hanged.

Historically, the movie is as inaccurate as it can be – despite Clooney stating that “80 percent of the story is still completely true and accurate, and almost all of the scenes happened”. That contrasts starkly with the verdict of Nigel Pollard (Swansea University): “There’s a kernel of history there, but The Monuments Men plays fast and loose with it in ways that are probably necessary to make the story work as a film, but the viewer ends up with a fairly confused notion of what the organisation was, and what it achieved.”

The movie leaves a bitter aftertaste, hailing of American heroism paired with the usual stereotypes (French amour, German retarded, Russian ignorance, etc). Together with the half baked dialogues it feels like a permanent coitus interruptus.


Interstellar cannot serve with a similar cast, but still a few known people (Matthew McConaughey, Anne Hathaway, and Michael Caine!). But I believe this is actually a sign of quality. Well balancing scientific accuracy and the requirements for blockbusters, the movie successfully spans the bridge between complicated science, in particular general gravity, and entertainment. While not going so far to call the move edutainment (like both the old and new Cosmos), it is surprising how much of hard science is packed into this movie. This is mostly thanks to the theoretical physicist Kip Thorne acting as scientific consultant for the movie, but also due to the director Christopher Nolan being serious about it and studying relativity at Caltech.

Of course, scientific accuracy has limits – nobody knows what happens if one crosses the event horizon of a black hole, and even the existence of wormholes is purely theoretical by now. Still, throughout the movie it follows the two requirements laid out by Kip Thorne: “First, that nothing would violate established physical laws. Second, that all the wild speculations… would spring from science and not from the fertile mind of a screenwriter.”

I think the biggest compliment was that, despite the length, despite a long day out (see next blog), despite the rather unfamiliar topic, my wife, who is normally not interested in space movies and that kind, didn’t fall asleep throughout the movie, and I had to stop several times to explain details of the theory of gravity and astronomy. So in some sense it was perfect edutainment!


Planet DebianManuel A. Fernandez Montecelo: Work on aptitude

Midsummer for me is also known as “Noite do Lume Novo” (literally “New Fire Night”), one of the big calendar events of the year, marking the end of the school year and the beginning of summer.

On this day, there are celebrations not very unlike the bonfires in the Guy Fawkes Night in England or Britain [1]. It is a bit different in that it is not a single event for the masses, more of a friends and neighbours thing, and that it lasts for a big chunk of the night (sometimes until morning). Perhaps for some people, or outside bigger towns or cities, Guy Fawkes Night is also celebrated in that way ─ and that's why during the first days of November there are fireworks rocketing and cracking in the neighbourhoods all around.

Like many other celebrations around the world involving bonfires, many of them also happening around the summer solstice, it is supposed to be a time of renewal of cycles, purification and keeping the evil spirits away; with rituals to that effect like jumping over the fire ─ when the flames are not high and it is safe enough.

So it was fitting that, in the middle of June (almost Midsummer in the northern hemisphere), I learnt that I was about to leave my now-previous job, which is a pretty big signal and precursor for renewal (and it might have something to do with purifying and keeping the evil away as well ;-) ).

Whatever... But what does all of this have to do with aptitude or Debian, anyway?

For one, it was a question of timing.

While looking for a new job (and I am still at it), I had more spare time than usual. DebConf 15 @ Heidelberg was within sight, and for the first time circumstances allowed me to attend this event.

It also coincided with the time when I re-gained access to commit to aptitude on the 19th of June. Which means Renewal.

End of June was also the time of the announcement of the colossal GCC-5/C++11 ABI transition in Debian, that was scheduled to start on the 1st of August, just before the DebConf. Between 2 and 3 thousand source packages in Debian were affected by this transition, which a few months later is not yet finished (although the most important parts were completed by mid-end September).

aptitude itself is written in C++, and depends on several libraries written in C++, like Boost, Xapian and SigC++. All of them had to be compiled with the new C++11 ABI of GCC-5, in unison and in a particular order, for aptitude to continue to work (and for minimal breakage). aptitude and some dependencies did not even compile straight away, so this transition meant that aptitude needed attention just to keep working.

Having recently being awarded again with the Aptitude Hat, attending DebConf for the first time and sailing towards the Transition Maelstrom, it was a clear sign that Something Had to Be Done (to avoid the sideways looks and consequent shame at DebConf, if nothing else).

Happily (or a bit unhappily for me, but let's pretend...), with the unexpected free time in my hands, I changed the plans that I had before re-gaining the Aptitude Hat (some of them involving Debian, but in other ways ─ maybe I will post about that soon).

In July I worked to fix the problems before the transition started, so aptitude would be (mostly) ready, or in the worst case broken only for a few days, while the chain of dependencies was rebuilt. But apart from the changes needed for the new GCC-5, it was decided at the last minute that Boost 1.55 would not be rebuilt with the new ABI, and that the only version with the new ABI would be 1.58 (which caused further breakage in aptitude, was added to experimental only a few days before, and was moved to unstable after the transition had started). Later, in the first days of the transition, aptitude was affected for a few days by breakage in the dependencies, due to not being compiled in sequence according to the transition levels (so with a mix of old and new ABI).

With the critical intervention of Axel Beckert (abe / XTaran), things were not so bad as they could have been. He was busy testing and uploading in the critical days when I was enjoying a small holiday on my way to DebConf, with minimal internet access and communicating almost exclusively with him; and he promptly tended the complaints arriving in the Bug Tracking System and asked for rebuilds of the dependencies with the new ABI. He also brought the packaging up to shape, which had decayed a bit in the last few years.

Gruesome Challenges

But not all was solved yet, more storms were brewing and started to appear in the horizon, in the form of clouds of fire coming from nearby realms.

The APT Deities, which had long ago spilled out their secret, inner challenge (just the initial paragraphs), were relentless. Moreover, they were present at Heidelberg in full force, in ─or close to─ their home grounds, and they were Marching Decidedly towards Victory:

apt BTS Graph, 2015-11-15

In the talk @ DebConf “This APT has Super Cow Powers” (video available), by David Kalnischkies, they told us about the niceties of apt 1.1 (still in experimental but hopefully coming to unstable soon), and they boasted about getting the lead in our arms race (should I say bugs race?) by a few open bug reports.

This act of provocation further escalated the tensions. The fierce competition which had been going on for some time gained new heights. So much so that APT Deities and our team had to sit together in the outdoor areas of the venue and have many a weissbier together, while discussing and fixing bugs.

But beneath the calm on the surface, and while pretending to keep good diplomatic relations, I knew that Something Had to Be Done, again. So I could only do one thing ─ jump over the bonfire and Keep the Evil away, be that Keep Evil bugs Away or Keep Evil APT Deities Away from winning the challenge, or both.

After returning from DebConf I continued to dedicate time to the project, more than a full time job in some weeks, and this is what happened in the last few months, summarised in another graph, showing the evolution of the BTS for aptitude:

aptitude BTS Graph, 2015-11-15

The numbers for apt right now (15th November 2015) are:

  • 629 open (731 if counting all merged bugs independently)
  • 0 Release Critical
  • 275 (318 unmerged) with severity Important or Normal
  • 354 (413 unmerged) with severity Minor or Wishlist
  • 0 marked as Forwarded or Pending

The numbers for aptitude right now are:

  • 488 (573 if counting all merged bugs independently)
  • 1 Release Critical (but it is an artificial bug to keep it from migrating to testing)
  • 197 (239 unmerged) with severity Important or Normal
  • 271 (313 unmerged) with severity Minor or Wishlist
  • 19 (20 unmerged) marked as Forwarded or Pending

The Aftermath

As we can see, for the time being I could keep the Evil at bay, both in terms of bugs themselves and re-gaining the lead in the bugs race ─ the Evil APT Deities were thwarted again in their efforts.

... More seriously, as most of you suspected, the graph above is not the whole truth, so I don't want to boast too much. A big part of the reduction in the number of bugs is because of merging duplicates, closing obsolete bugs, applying translations coming from multiple contributors, or simple fixes like typos and useful suggestions needing minor changes. Many of remaining problems are comparatively more difficult or time consuming that the ones addressed so far (except perhaps avoiding the immediate breakage of the transition, that took weeks to solve), and there are many important problems still there, chief among those is aptitude offering very poor solutions to resolve conflicts.

Still, even the simplest of the changes takes effort, and triaging hundreds of bugs is not fun at all and mostly a thankless effort ─ althought there is the occasionally kind soul that thanks you for handling a decade-old bug.

If being subjected to the rigours of the BTS and reading and solving hundreds of bug reports is not Purification, I don't know what it is.

Apart from the triaging, there were 118 bugs closed (or pending) due to changes made in the upstream part or the packaging in the last few months, and there are many changes that are not reflected in bugs closed (like most of the changes needed due to the C++11 ABI transition, bugs and problems fixed that had no report, and general rejuvenation or improvement of some parts of the code).

How long this will last, I cannot know. I hope to find a job at some point, which obviously will reduce the time available to work on this.

But in the meantime, for all aptitude users: Enjoy the fixes and new features!


[1] ^ Some visitors of the recent mini-DebConf @ Cambridge perhaps thought that the fireworks and throngs gathered were in honour of our mighty Universal Operating System, but sadly they were not. They might be, some day. In any case, the reports say that the visitors enjoyed the fireworks.

Planet Linux AustraliaDavid Rowe: Give Us Our Daily Bread

Last week I visited a modern Australian farm on the Eyre Peninsula of South Australia, about 500km from where I live in Adelaide.

This farm has been in one family for several generations, and has steadily grown to 8000 acres (3200 hectares). This same area was previously farmed by 7 families, and now provides a livelihood for just one. This tells me that modern agriculture is super efficient, and explains why food (and calories) are super cheap for us here in the affluent Western world.

This is both good and bad. Given the right political conditions, science and technology enables us to feed the world. We don’t need to be hungry and can use those excess calories for other purposes. The jobs lost in one industry migrate to others. This farming family, for example, has spawned a variety of professionals that have left the family farm and done good things for the world.

It also brings diseases of affluence. Our poor bodies are not evolved to deal with an excess of food. We are evolved to be hunter-gatherers, constantly on the look out for the next calorie. Historically we haven’t had enough. So we are hard wired to eat too much. Hence the rise of heart disease and diabetes.

Breathtaking Array of Skills

I was impressed by the diverse array of skills required to run the farm. Business, animal husbandry, mechanical, agricultural science. The increased mechanisation means computers everywhere and I imagine robotics is on the horizon. During our visit they were measuring the moisture content of the crop to determine the best time to harvest. They even have an animal “retirement village” – they care for several old working dogs who had kept foxes away from the sheep for years.

Unlike many jobs, they don’t know what their yields and hence income will be from year to year. That’s a lot of risk in your annual income.

Overall, It takes about 12 years to learn the skills needed to run a modern farm.

This farm produces 3,500 tonnes of wheat per year. Based on 13680 kJ/kg of wheat, and a person needing 8700 kJ/day, that’s enough to feed 15,000 people every year. From the work of one family farm. Wow.

Organic Farming

I asked them about organic farming. The bottom line is the yields would be halved. So double the prices for everything we eat. That may be fine if you are a rich Westerner but that is the line between life and death for someone in the developing world. Alternatively, it means using twice the land under cultivation for the same amount of food. Organic means starving poor people and goodbye rain forests.

Their use of pesticides is strictly monitored and all residues must be removed. They have modern, scientific methods of erosion control to manage the soil, and techniques to naturally fix nitrogen. Sustainability is being addressed right now by modern, scientific, farming.

In my opinion the organic food movement is a more about scientific illiteracy and marketing than health.

Wind Farming

On a nearby hill was a 75MW wind farm, part of many that have sprung up in South Australia over the past decade. I am quite proud that South Australia now averages 30% wind power. We are about to close down our last remaining coal power station.

In this case, the lucky farmer that owns the land leased for the wind turbines receives $100k per year in passive income. K-ching K-ching as the turbines rotate.

It’s incredible to think that for years there have been “rivers of energy” flowing over those hills. It took technology and the right economic conditions to reach up and pluck that energy out of the sky.

Planet DebianCarl Chenet: Retweet 0.5 : only retweet some tweets

Retweet 0.5 is now available ! The main new feature is: Retweet now lets you define a list of hashtags that, if they appear in the text of the tweet, this tweet is not retweeted.

You only need this line in your retweet.ini configuration file:


Have a look at the official documentation to read how it extensively works.

Retweet 0.5 is available on the PyPI repository and is already in the official Debian unstable repository.

Proposed Debian Logo

Retweet is in production already for Le Journal Du hacker , a French FOSS community website to share and relay news and , a job board for the French-speaking FOSS community.



What about you? does Retweet allow you to develop your Twitter account? Let your comments in this article.

Planet Linux AustraliaMichael Still: Mount Stranger one last time

This is the last walk in this series, which was just a pass through now that the rain has stopped to make sure that we hadn't left any markers or trash lying around after the Scout orienteering a week ago. This area has really grown on me -- I think most people stick to the path down by the river, whereas this whole area has nice terrain, plenty of gates through fences and is just fun to explore. I'm so lucky to have this so close to home.

Interactive map for this route.

Tags for this post: blog canberra bushwalk


Planet DebianLunar: Reproducible builds: week 29 in Stretch cycle

What happened in the reproducible builds effort this week:

Toolchain fixes

Emmanuel Bourg uploaded eigenbase-resgen/ which uses of the scm-safe comment style by default to make them deterministic.

Mattia Rizzolo started a new thread on debian-devel to ask a wider audience for issues about the -Wdate-time compile time flag. When enabled, GCC and clang print warnings when __DATE__, __TIME__, or __TIMESTAMP__ are used. Having the flag set by default would prompt maintainers to remove these source of unreproducibility from the sources.

Packages fixed

The following packages have become reproducible due to changes in their build dependencies: bmake, cyrus-imapd-2.4, drobo-utils, eigenbase-farrago, fhist, fstrcmp, git-dpm, intercal, libexplain, libtemplates-parser, mcl, openimageio, pcal, powstatd, ruby-aggregate, ruby-archive-tar-minitar, ruby-bert, ruby-dbd-odbc, ruby-dbd-pg, ruby-extendmatrix, ruby-rack-mobile-detect, ruby-remcached, ruby-stomp, ruby-test-declarative, ruby-wirble, vtprint.

The following packages became reproducible after getting fixed:

Some uploads fixed some reproducibility issues, but not all of them:

Patches submitted which have not made their way to the archive yet:

  • #804729 on pbuilder by Reiner Herrmann: tell dblatex to build in a deterministic path.

The fifth and sixth armhf build nodes have been set up, resulting in five more builder jobs for armhf. More than 10,000 packages have now been identified as reproducible with the “reproducible” toolchain on armhf. (Vagrant Cascadian, h01ger)

Helmut Grohne and Mattia Rizzolo now have root access on all 12 build nodes used by and (h01ger) is now linked from all package pages and the dashboard. (h01ger)

profitbricks-build5-amd64 and profitbricks-build6-amd64, responsible for running amd64 tests now run 398.26 days in the future. This means that one of the two builds that are being compared will be run on a different minute, hour, day, month, and year. This is not yet the case for armhf. FreeBSD tests are also done with 398.26 days difference. (h01ger)

The design of the Arch Linux test page has been greatly improved. (Levente Polyak)

diffoscope development

Three releases of diffoscope happened this week numbered 39 to 41. It includes support for EPUB files (Reiner Herrmann) and Free Pascal unit files, usually having .ppu as extension (Paul Gevers).

The rest of the changes were mostly targetting at making it easier to run diffoscope on other systems. The tlsh, rpm, and debian modules are now all optional. The test suite will properly skip tests that need optional tools or modules when they are not available. As a result, diffosope is now available on PyPI and thanks to the work of Levente Polyak in Arch Linux.

Getting these versions in Debian was a bit cumbersome. Version 39 was uploaded with an expired key (according to the keyring on which will hopefully be updated soon) which is currently handled by keeping the files in the queue without REJECTing them. This prevented any other Debian Developpers to upload the same version. Version 40 was uploaded as a source-only upload… but failed to build from source which had the undesirable side effect of removing the previous version from unstable. The package faild to build from source because it was built passing -I to debbuild. This excluded the ELF object files and static archives used by the test suite from the archive, preventing the test suite to work correctly. Hopefully, in a nearby future it will be possible to implement a sanity check to prevent such mistakes in the future.

It has also been identified that ppudump outputs time in the system timezone without considering the TZ environment variable. Zachary Vance and Paul Gevers raised the issue on the appropriate channels.

strip-nondeterminism development

Chris Lamb released strip-nondeterminism version 0.014-1 which disables stripping Mono binaries as it is too aggressive and the source of the problem is being worked on by Mono upstream.

Package reviews

133 reviews have been removed, 115 added and 103 updated this week.

Chris West and Chris Lamb reported 57 new FTBFS bugs.


The video of h01ger and Chris Lamb's talk at MiniDebConf Cambridge is now available.

h01ger gave a talk at CCC Hamburg on November 13th, which was well received and sparked some interest among Gentoo folks. Slides and video should be available shortly.

Frederick Kautz has started to revive Dhiru Kholia's work on testing Fedora packages.

Your editor wish to once again thank #debian-reproducible regulars for reviewing these reports weeks after weeks.

Planet DebianSimon McVittie: Discworld Noir in a Windows 98 virtual machine on Linux

Discworld Noir was a superb adventure game, but is also notoriously unreliable, even in Windows on real hardware; using Wine is just not going to work. After many attempts at bringing it back into working order, I've settled on an approach that seems to work: now that qemu and libvirt have made virtualization and emulation easy, I can run it in a version of Windows that was current at the time of its release. Unfortunately, Windows 98 doesn't virtualize particularly well either, so this still became a relatively extensive yak-shaving exercise.


These instructions assume that /srv/virt is a suitable place to put disk images, but you can use anywhere you want.

The emulated PC

After some trial and error, it seems to work if I configure qemu to emulate the following:

  • Fully emulated hardware instead of virtualization (qemu-system-i386 -no-kvm)
  • Intel Pentium III
  • Intel i440fx-based motherboard with ACPI
  • Real-time clock in local time
  • No HPET
  • 256 MiB RAM
  • IDE primary master: IDE hard disk (I used 30 GiB, which is massively overkill for this game; qemu can use sparse files so it actually ends up less than 2 GiB on the host system)
  • IDE primary slave, secondary master, secondary slave: three CD-ROM drives
  • PS/2 keyboard and mouse
  • Realtek AC97 sound card
  • Cirrus video card with 16 MiB video RAM

A modern laptop CPU is an order of magnitude faster than what Discworld Noir needs, so full emulation isn't a problem, despite being inefficient.

There is deliberately no networking, because Discworld Noir doesn't need it, and a 17 year old operating system with no privilege separation is very much not safe to use on the modern Internet!

Software needed

  • Windows 98 installation CD-ROM as a .iso file (cp /dev/cdrom windows98.iso) - in theory you could also use a real optical drive, but my laptop doesn't usually have one of those. I used the OEM disc, version 4.10.1998 (that's the original Windows 98, not the Second Edition), which came with a long-dead PC, and didn't bother to apply any patches.
  • A Windows 98 license key. Again, I used an OEM key from a past PC.
  • A complete set of Discworld Noir (English) CD-ROMs as .iso files. I used the UK "Sold Out Software" budget release, on 3 CDs.
  • A multi-platform Realtek AC97 audio driver.

Windows 98 installation

It seems to be easiest to do this bit by running qemu-system-i386 manually:

qemu-img create -f qcow2 /srv/virt/discworldnoir.qcow2 30G
qemu-system-i386 -hda /srv/virt/discworldnoir.qcow2 \
    -drive media=cdrom,format=raw,file=/srv/virt/windows98.iso \
    -no-kvm -vga cirrus -m 256 -cpu pentium3 -localtime

Don't start the installation immediately. Instead, boot the installation CD to a DOS prompt with CD-ROM support. From here, run


and create a single partition filling the emulated hard disk. When finished, hard-reboot the virtual machine (press Ctrl+C on the qemu-system-i386 process and run it again).

The DOS FORMAT.COM utility is on the Windows CD-ROM but not in the root directory or the default %PATH%, so you'll have to run:

d:\win98\format c:

to create the FAT filesystem. You might have to reboot again at this point.

The reason for doing this the hard way is that the Windows 98 installer doesn't detect qemu as supporting ACPI. You want ACPI support, so that Windows will issue IDLE instructions from its idle loop, instead of occupying a CPU core with a busy-loop. To get that, boot to a DOS prompt again, and use:

setup /p j /iv

/p j forces ACPI support (Thanks to "Richard S" on the Virtualbox forums for this tip.) /iv is unimportant, but it disables the annoying "billboards" during installation, which advertised once-exciting features like support for dial-up modems and JPEG wallpaper.

I used a "Typical" installation; there didn't seem to be much point in tweaking the installed package set when everything is so small by modern standards.

Windows 98 has built-in support for the Cirrus VGA card that we're emulating, so after a few reboots, it should be able to run in a semi-modern resolution and colour depth. Discworld Noir apparently prefers a 640 × 480 × 16-bit video mode, so right-click on the desktop background, choose Properties and set that up.

Audio drivers

This is the part that took me the longest to get working. Of the sound cards that qemu can emulate, Windows 98 only supports the SoundBlaster 16 out of the box. Unfortunately, the Soundblaster 16 emulation in qemu is incomplete, and in particular version 2.1 (as shipped in Debian 8) has a tendency to make Windows lock up during boot.

I've seen advice in various places to emulate an Eqsonic ES1370 (SoundBlaster AWE 64), but that didn't work for me: one of the drivers I tried caused Windows to lock up at a black screen during boot, and the other didn't detect the emulated hardware.

The next-oldest sound card that qemu can emulate is a Realtek AC97, which was often found integrated into motherboards in the late 1990s. This one seems to work, with the "A400" driver bundle linked above. For Windows 98 first edition, you need a driver bundle that includes the old "VXD" drivers, not just the "WDM" drivers supported by Second Edition and newer.

The easiest way to get that into qemu seems to be to turn it into a CD image:

genisoimage -o /srv/virt/discworldnoir-drivers.iso WDM_A400.exe
qemu-system-i386 -hda /srv/virt/discworldnoir.qcow2 \
    -drive media=cdrom,format=raw,file=/srv/virt/windows98.iso \
    -drive media=cdrom,format=raw,file=/srv/virt/discworldnoir-drivers.iso \
    -no-kvm -vga cirrus -m 256 -cpu pentium3 -localtime -soundhw ac97

Run the installer from E:, then reboot with the Windows 98 CD inserted, and Windows should install the driver.

Installing Discworld Noir

Boot up the virtual machine with CD 1 in the emulated drive:

qemu-system-i386 -hda /srv/virt/discworldnoir.qcow2 \
    -drive media=cdrom,format=raw,file=/srv/virt/DWN_ENG_1.iso \
    -no-kvm -vga cirrus -m 256 -cpu pentium3 -localtime -soundhw ac97

You might be thinking "... why not insert all three CDs into D:, E: and F:?" but the installer expects subsequent disks to appear in the same drive where CD 1 was initially, so that won't work. Instead, when prompted for a new CD, switch to the qemu monitor with Ctrl+Alt+2 (note that this is 2, not F2). At the (qemu) prompt, use info block to see a list of emulated drives, then issue a command like

change ide0-cd1 /srv/virt/DWN_ENG_2.iso

to swap the CD. Then switch back to Windows' console with Ctrl+Alt+1 and continue installation. I used a Full installation of Discworld Noir.

Transferring the virtual machine to GNOME Boxes

Having finished the "control freak" phase of installation, I wanted a slightly more user-friendly way to run this game, so I transferred the virtual machine to be used by libvirtd, which is the backend for both GNOME Boxes and virt-manager:

virsh create discworldnoir.xml

Here is the configuration I used. It's a mixture of automatic configuration from virt-manager, and hand-edited configuration to make it match the qemu-system-i386 command-line.

Running the game

If all goes well, you should now see a discworldnoir virtual machine in GNOME Boxes, in which you can boot Windows 98 and play the game. Have fun!

Planet Linux AustraliaChris Smart: Btrfs RAID 6 on dm-crypt on Fedora 23

I’m building a NAS and given the spare drives I have at the moment, thought I’d have a play with Btrfs. Apparently RAID 6 is relatively safe now, so why not put it through its paces? As Btrfs doesn’t support encryption, I will need to build it on top of dm-crypt.

Boot drive:

  • /dev/sda

Data drives:

  • /dev/sdb
  • /dev/sdc
  • /dev/sdd
  • /dev/sde
  • /dev/sdf

I installed Fedora 23 Server onto /dev/sda and just went from there, opening a shell.
# Setup dm-crypt on each data drive
# and populate the crypttab file.
for x in b c d e f ; do
  cryptsetup luksFormat /dev/sd${x}
  UUID="$(cryptsetup luksUUID /dev/sd${x})"
  echo "luks-${UUID} UUID=${UUID} none" >> /etc/crypttab
# Rebuild the initial ramdisk with crypt support
echo "dracutmodules+=crypt" >> /etc/dracut.conf.d/crypt.conf
dracut -fv
# Verify that it now has my crypttab
lsinitrd /boot/initramfs-$(uname -r).img |grep crypttab
# Reboot and verify initramfs prompts to unlock the devices
# After boot, verify devices exist
ls -l /dev/mapper/luks*

OK, so now I have a bunch of encrypted disks, it’s time to put btrfs into action (note the label, btrfs_data):
# Get LUKS UUIDs and create btrfs raid filesystem
for x in b c d e f ; do
  DEVICES="${DEVICES} $(cryptsetup luksUUID /dev/sd${x}\
    |sed 's|^|/dev/mapper/luks-|g')"
mkfs.btrfs -L btrfs_data -m raid6 -d raid6 ${DEVICES}'

See all our current btrfs volumes:
btrfs fi show

Get the UUID of the filesystem so that we can create an entry in fstab, using the label we created before:
UUID=$(btrfs fi show btrfs_data |awk '{print $4}')
echo "UUID=${UUID} /mnt/btrfs_data btrfs noatime,subvolid=0 0 0"\
  >> /etc/fstab

Now, let’s create the mountpoint and mount the device:
mkdir /mnt/btrfs_data
mount -a

Check data usage:
btrfs filesystem df /mnt/btrfs_data/

This has mounted the root of the filesystem to /mnt/btrfs_data, however we can also create subvolumes. Let’s create one called “share” for shared network data:
btrfs subvolume create /mnt/btrfs_data/share

You can mount this specific volume directly, let’s add it to fstab:
echo "UUID=${UUID} /mnt/btrfs_share btrfs noatime,subvol=share 0 0"\
  >> /etc/fstab
mkdir /mnt/btrfs_share
mount -a

You can list and delete subvolumes:
btrfs subvolume list -p /mnt/btrfs_data/
btrfs subvolume delete /mnt/btrfs_data/share

Now I plugged in a few backup drives and started rsyncing a few TB across to the device. It seemed to work well!

There are lots of other things you can play with, like snapshots, compression, defragment, scrub (use checksums to repair corrupt data), rebalance (re-allocates blocks across devices) etc. You can even convert existing file systems with btrfs-convert command, and use rebalance to change the RAID level. Neat!

Then I thought I’d try the rebalance command just to see how that works with a RAID device. Given it’s a large device, I kicked it off and went to do something else. I returned to an unwakeable machine… hard-resetting, journalctl -b -1 told me this sad story:

Nov 14 06:03:42 localhost.localdomain kernel: ------------[ cut here ]------------
Nov 14 06:03:42 localhost.localdomain kernel: kernel BUG at fs/btrfs/extent-tree.c:1833!
Nov 14 06:03:42 localhost.localdomain kernel: invalid opcode: 0000 [#1] SMP
Nov 14 06:03:42 localhost.localdomain kernel: Modules linked in: fuse joydev synaptics_usb uas usb_storage rfcomm cmac nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ebtab
Nov 14 06:03:42 localhost.localdomain kernel: snd_soc_core snd_hda_codec rfkill snd_compress snd_hda_core snd_pcm_dmaengine ac97_bus snd_hwdep snd_seq snd_seq_device snd_pcm mei_me dw_dmac i2c_designware_platform snd_timer snd_soc_sst_a
Nov 14 06:03:42 localhost.localdomain kernel: CPU: 0 PID: 6274 Comm: btrfs Not tainted 4.2.5-300.fc23.x86_64 #1
Nov 14 06:03:42 localhost.localdomain kernel: Hardware name: Gigabyte Technology Co., Ltd. Z97N-WIFI/Z97N-WIFI, BIOS F5 12/08/2014
Nov 14 06:03:42 localhost.localdomain kernel: task: ffff88006fd69d80 ti: ffff88000e344000 task.ti: ffff88000e344000
Nov 14 06:03:42 localhost.localdomain kernel: RIP: 0010:[] [] insert_inline_extent_backref+0xe7/0xf0 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: RSP: 0018:ffff88000e3476a8 EFLAGS: 00010293
Nov 14 06:03:42 localhost.localdomain kernel: RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
Nov 14 06:03:42 localhost.localdomain kernel: RDX: ffff880000000000 RSI: 0000000000000001 RDI: 0000000000000000
Nov 14 06:03:42 localhost.localdomain kernel: RBP: ffff88000e347728 R08: 0000000000004000 R09: ffff88000e3475a0
Nov 14 06:03:42 localhost.localdomain kernel: R10: 0000000000000000 R11: 0000000000000002 R12: ffff88021522f000
Nov 14 06:03:42 localhost.localdomain kernel: R13: ffff88013f868480 R14: 0000000000000000 R15: 0000000000000000
Nov 14 06:03:42 localhost.localdomain kernel: FS: 00007f66268a08c0(0000) GS:ffff88021fa00000(0000) knlGS:0000000000000000
Nov 14 06:03:42 localhost.localdomain kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov 14 06:03:42 localhost.localdomain kernel: CR2: 000055a79c7e6fd0 CR3: 00000000576ce000 CR4: 00000000001406f0
Nov 14 06:03:42 localhost.localdomain kernel: Stack:
Nov 14 06:03:42 localhost.localdomain kernel: 0000000000000000 0000000000000005 0000000000000001 0000000000000000
Nov 14 06:03:42 localhost.localdomain kernel: 0000000000000001 ffffffff81200176 0000000000270026 ffffffffa0925d4a
Nov 14 06:03:42 localhost.localdomain kernel: 0000000000002158 00000000a7c0ba4c ffff88021522d800 0000000000000000
Nov 14 06:03:42 localhost.localdomain kernel: Call Trace:
Nov 14 06:03:42 localhost.localdomain kernel: [] ? kmem_cache_alloc+0x1d6/0x210
Nov 14 06:03:42 localhost.localdomain kernel: [] ? btrfs_alloc_path+0x1a/0x20 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] __btrfs_inc_extent_ref.isra.52+0xa9/0x270 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] __btrfs_run_delayed_refs+0xc84/0x1080 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] btrfs_run_delayed_refs.part.73+0x74/0x270 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] ? btrfs_release_path+0x2b/0xa0 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] btrfs_run_delayed_refs+0x15/0x20 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] btrfs_commit_transaction+0x56/0xad0 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] prepare_to_merge+0x1fe/0x210 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] relocate_block_group+0x25e/0x6b0 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] btrfs_relocate_block_group+0x1ca/0x2c0 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] btrfs_relocate_chunk.isra.39+0x3e/0xb0 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] btrfs_balance+0x9c4/0xf80 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] btrfs_ioctl_balance+0x3c4/0x3d0 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] btrfs_ioctl+0x541/0x2750 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: [] ? lru_cache_add+0x1c/0x50
Nov 14 06:03:42 localhost.localdomain kernel: [] ? lru_cache_add_active_or_unevictable+0x32/0xd0
Nov 14 06:03:42 localhost.localdomain kernel: [] ? handle_mm_fault+0xc8a/0x17d0
Nov 14 06:03:42 localhost.localdomain kernel: [] ? cp_new_stat+0xb3/0x190
Nov 14 06:03:42 localhost.localdomain kernel: [] do_vfs_ioctl+0x295/0x470
Nov 14 06:03:42 localhost.localdomain kernel: [] ? selinux_file_ioctl+0x4d/0xc0
Nov 14 06:03:42 localhost.localdomain kernel: [] SyS_ioctl+0x79/0x90
Nov 14 06:03:42 localhost.localdomain kernel: [] ? do_page_fault+0x2f/0x80
Nov 14 06:03:42 localhost.localdomain kernel: [] entry_SYSCALL_64_fastpath+0x12/0x71
Nov 14 06:03:42 localhost.localdomain kernel: Code: 10 49 89 d9 48 8b 55 c0 4c 89 7c 24 10 4c 89 f1 4c 89 ee 4c 89 e7 89 44 24 08 48 8b 45 20 48 89 04 24 e8 5d d5 ff ff 31 c0 eb ac <0f> 0b e8 92 b7 76 e0 66 90 0f 1f 44 00 00 55 48 89 e5
Nov 14 06:03:42 localhost.localdomain kernel: RIP [] insert_inline_extent_backref+0xe7/0xf0 [btrfs]
Nov 14 06:03:42 localhost.localdomain kernel: RSP
Nov 14 06:03:42 localhost.localdomain kernel: ---[ end trace 63b75c57d2feac56 ]---


Looks like rebalance has a major bug at the moment. I did a search and others have the same problem, looks like I’m hitting this bug. I’ve reported it on Fedora Bugzilla.

Anyway, so I won’t do a rebalance at the moment, but other than that, btrfs seems pretty neat. I will make sure I keep my backups up-to-date though, just in case…

Sam VargheseOne-sided cricket matches are here to stay. Why would you attend?

World cricket is in a parlous state, not in terms of the money it makes, but in terms of the contests it provides. The games are one-sided to the extent that patrons at the grounds are few and far-between.

There is no better illustration of this than in the ongoing Australian games, where the home team is playing New Zealand and the West Indies in three Tests apiece. The first Test against New Zealand was won convincingly, and the second looks like going the same route. As to the West Indies, they are not expected to last beyond four days in each of the three Tests.

The man who is responsible for this farcical outcome, where Tests are mostly one-sided, died recently. Jagmohan Dalmiya was the man who set in motion these unending Test matches, where cricket goes on round the year, and the same bunch of players have to play, and play and play. Dalmiya’s so-called Test championship was set in motion after he became head of the ICC with the help of Australia and England. His first attempt to become the head of the ICC in 1996 failed, thwarted by England and Australia with support from New Zealand, South Africa and the West Indies. England and Australia insisted that candidates needed the support of at least two thirds of the ICC’s full members, the nine Test-playing countries. Dalmiya was backed by Pakistan, Sri Lanka and Zimbabwe, and also 19 of the 22 associate members. Test-playing countries have two votes against one for associate members.

In the 1996 poll, Dalmiya obtained 25 votes against 13 for Australia’s Malcolm Grey in the first ballot. A third candidate Krish Mackerdhuj from South Africa withdrew. But at the second ballot, five of the Test-playing nations supported Grey and with South Africa abstaining, Dalmiya was shut out. The ICC then decided that incumbent chairman Sir Clyde Walcott would continue for another year until July 1997.

But in 1997, Dalmiya cut a deal with Grey that he would be the next ICC head if Dalmiya was given the reins, and he ascended to the throne. Dalmiya is from the Marwari community which is know for being extremely good at business. He is also a Bengali.

Thus it was not surprising that he managed to give Bangladesh full Test status soon after he became ICC chief. At that time, Kenya had a much better team. Bangladesh is the eastern part of the Indian state of West Bengal, which became a part of Pakistan at partition in 1947 due to its majority Muslim population, and finally a separate nation in 1971 after a war.

Dalmiya’s other interest was to make money for the ICC. Hence the future Test tours programme where every nation had to play every other nation at least once in a certain cycle. Points were awarded and rankings created.

But the standard of the game, apart from contests between a few countries, dropped like a stone. Players are human beings and get tired, in body, mind and spirit by playing too many games. Apart from the Tests there have been countless one-day series and also Twenty20 games. Each country has been interested in organising games that result in more income; India and Pakistan, for example, still capitalise on the age-old enmity between their countries and try to play whenever possible. Due to political tensions, that has not been possible in recent times.

Dalmiya was later embroiled in a TV rights controversy had to leave his ICC post in 2000. But he has hovered around, being in the Indian cricket board or the Calcutta cricket board and when he died was head of the Indian board.

Nobody has done a thing to try and rectify the abnormal amount of cricket being played. Money is the sole criterion and while countries have to adhere to the ICC-mandated timetable, they organise other games which will bring in money as and when they like. The players could complain, but the money keeps them from doing so. But then they cannot perform like trained monkeys and the quality of the games is very low.

Australians normally turn out in large numbers for cricket in summer. This year, the crowds are poor, very poor. New Zealand played before 1373 spectators on the final day of the first Test and 6608 on day four, when the contest was still open, though the target set favoured Australia. It does not look very good at the second Test either with 13,593 attending on day one and 10,047 on day two.

Let’s be clear about one thing: national cricket bodies do not need crowds to make money. That is already done through TV deals. Not a single spectator needs to come through the gates for the books to be in the black.

But is that all the game is about? It is on life-support now, with few, if any, Tests going to the fifth day, and big wins for one team all the time. People are losing interest and that is a dangerous sign.

TEDFree live webcast: TEDYouth 2015 this Saturday

Update: Archives of the webcast are available in Spanish, Arabic and English free online until Tuesday, Nov. 17, at »


Get ready for the fifth annual TEDYouth, happening Saturday, Nov. 14. Hundreds of middle and high school students from all around New York City — and you too! — can watch a day of brilliant ideas, inspiration and conversation.

TEDYouth 2015 features 27 live speakers and performances, plus hands-on activities and workshops in fields from science and technology, to exploration and art.

The three sessions of the speaker program will be webcast live for free between 11am and 6pm EST, available in English, Arabic, and Spanish. If you want to re-watch online later, the archives of the webcast will remain public for streaming until Tuesday, Nov. 17, at

In the meantime, check out the awesome lineup of speakers. They’ll explore the theme of “Made in the Future,” addressing questions such as:

How will artificial intelligence both limit and expand our options?
What will matter in the future?
As resources diminish, what new materials will we harness or create?
Which types of careers will emerge or cease to exist?

Speakers will seek to answer these questions from a number of different perspectives — scientific, cultural, technological, educational, artistic, entrepreneurial, environmental and more.

Tune in this Saturday at 11am ET! >>

Planet Linux AustraliaSteven Hanley: [mtb] Around the K 2013 - Cold morning and night lap of Kosci

The awesome open views heading toward Kiandra (fullsize)
Like the other Round the K galleries, another great day out on road bikes, this was the first time I had made it all the way around the loop too. The photo I am using to the left here is a great example of the open alpine regions neat Kiandra, those who have only done the Jindabyne - Cabramurra section have missed out on this bit of riding.

Gallery from the day is online Around The K 2012 gallery and as I said in the last few links to Round the K, bring on the next one in a few weeks. I am as this appears out competing in Triple Tri in pairs though so wrote the post ahead of time and am letting it appear during the day, unlikely that it matters as I doubt I have many readers.

And I have just noticed as I went to do an entry for Monday 2015-11-16 that I had in fact already posted the link and a photo for the post today. Oh well laziness is an artform so it is staying here.


Planet DebianDaniel Pocock: Migrating data from Windows phones

Many of the people who have bought Windows phones seek relief sooner or later. Sometimes this comes about due to peer pressure or the feeling of isolation, in other cases it is the frustration of the user interface or the realization that they can't run cool apps like Lumicall.

Frequently, the user has been given the phone as a complimentary upgrade when extending a contract without perceiving the time, effort and potential cost involved in getting their data out of the phone, especially if they never owned a smartphone before.

When a Windows phone user does decide to cut their losses, they are usually looking to a friend or colleague with technical expertise to help them out. Personally, I'm not sure that anybody I would regard as an IT expert has ever had a Windows phone though, meaning that many experts are probably also going to be scratching their heads when somebody asks them for help. Therefore, I've put together this brief guide to help deal with these phones more expediently when they are encountered.

The Windows phones have really bad support for things like CalDAV and WebDAV so don't get your hopes up about using such methods to backup the data to any arbitrary server. Searching online you can find some hacks that involve creating a Google or iCloud account in the phone and then modifying the advanced settings to send the data to an arbitrary server. These techniques vary a lot between specific versions of the Windows Phone OS and so the techniques I've described below are probably easier.

Identify the Windows Live / Hotmail account

The user may not remember or realize that a Microsoft account was created when they first obtained the phone. It may have been created for them by the phone, a friend or the salesperson in the phone shop.

Look in the settings (Accounts) to find the account ID / email address. If the user hasn't been using this account, they may not recognize it and probably won't know the password for it. It is essential to try and obtain (or reset) the password before going any further, so start with the password recovery process. Microsoft may insist on sending a password reset email to some other email address that the user has previously provided or linked to their phone.

Extracting data from the phone

In many cases, the easiest way to extract the data is to download it from Microsoft rather than extracting it from the phone. Even if the user doesn't realize it, the data is probably all replicated in and so there is no further loss of privacy by logging in there to extract it.

Set up an IMAP mail client

An IMAP client will be used to download the user's emails (from the account they may never have used) and SMS.

Install Mozilla Thunderbird (IceDove on Debian), GNOME Evolution or a similar program on the user's PC.

Configure the IMAP mail client to connect to the account. Some clients, like Thunderbird, will automatically set up all the server details when you enter the account ID. For manual account setup, the details here may help.

Email backup

If the user was not using the account ID for email correspondence, there may not be a lot of mail in it. There may be some billing receipts or other things that are worth keeping though.

Create a new folder (or set of folders) in the user's preferred email account and drag and drop the messages from the Inbox to the new folder(s).

SMS backup

SMS backup can also be done through It is slightly more complicated than email backup, but similar.

  • In the Outlook email index page, look for the settings button and click Manage Categories.
  • Enable the Contacts and Photos categories with a tick in each of them.
  • Go back to the main Inbox page and look for the categories section on the bottom left-hand side of the screen, under the folder list. Click the Contacts category.
  • The page may now appear blank. That is normal.
  • On the top right-hand corner of the page, click the Arrange menu and choose Conversation.
  • All the SMS messages should now appear on the screen.
  • Under the mail folders list on the left-hand side of the page, click to create a new folder with a name like SMS.
  • Select all the SMS messages and look for the option to move them to a folder. Send them to the SMS folder you created.
  • Now use the IMAP mail client to locate the SMS folder and copy everything from there to a new folder in the user's preferred mail server or local disk.

Contacts backup

On the top left-hand corner of the email page, there is a chooser to select other applications. Select People.

You should now see a list of all the user's contacts. Look for the option to export them to Outlook and other programs. This will export them as a CSV file.

You can now import the CSV file into another application. GNOME Evolution has an import wizard with an option for Outlook file format. To load the contacts into a WebDAV address book, such as DAViCal, configure the address book in Evolution and then select it as the destination when running the CSV import wizard.

WARNING: beware of using the Mozilla Thunderbird address book with contact data from mobile devices and other sources. It can't handle more than two email addresses per contact and this can lead to silent data loss if contacts are not fully saved.

Calendar backup

Now go to the application chooser again and select the calendar application. Microsoft provides instructions to extract the calendar, summarised here:

  • Look for the Share button at the top somewhere and click it.
  • On the left-hand side of the page, click Get a link
  • On the right-hand side, choose Show event details to ensure you get a full calendar and then click Create underneath it.
  • Look for the link with a webcals prefix. If you are downloading with a tool like wget, change the scheme prefix to https. Fetch the file from this link and save it with an ics extension.
  • Inspect the ics calendar file to make sure it looks like real iCalendar data.

You can now import the ics file into another application. GNOME Evolution has an import wizard with an option for iCalendar file format. To load the calendar entries into a CalDAV server, such as DAViCal, configure the calendar server in Evolution and then select it as the destination when running the import wizard.

Backup the user's photos, videos and other data files

Hopefully you will be able to do this step without going through Try enabling the MTP or PTP mode in the phone and attach it to the computer using the USB cable. Hopefully the computer will recognize it in at least one of those modes.

Use the computer's file manager or another tool to simply backup the entire directory structure.

Reset the phone to factory defaults

Once the user has their hands on a real phone, it is likely they will never want to look at that Windows phone again. It is time to erase the Windows phone, there is no going back.

Go to the Settings and About and tap the factory reset option. It is important to do this before obliterating the account, otherwise there are scenarios where you could be locked out of the phone and unable to erase it.

Erasing may take some time. The phone will reboot and then display an animation of some gears spinning around for a few minutes and then reboot again. Wait for it to completely erase.

Permanently close the Microsoft account

Keeping track of multiple accounts and other services is tedious and frustrating for most people, especially with services that try to force the user to receive email in different places.

You can help eliminate user fatigue by helping them permanently close the account so they never have to worry about it again.

Follow the instructions on the Microsoft site.

At some point it will suggest certain actions you should take before closing the account, most can be ignored. One thing you should do is remove the link between the account ID and the phone. It is a good idea to do this as otherwise you may have problems erasing the device, if you haven't already done so. Before completely closing the account, also verify that the factory reset of the phone completed successfully.

Dispose of the Windows phone safely

If you can identify any faults with the phone, the user may be able to return it under the terms of the warranty. Some phone companies may allow the user to exchange it for something more desirable when it fails under warranty.

It may be tempting to sell the phone to a complete stranger on eBay or install a custom ROM on it. In practice, neither option may be worth the time and effort involved. You may be tempted to put it beyond use so nobody else will suffer with it, but please try to do so in a way that is respectful of the environment.

Putting the data into a new phone

Prepare the new phone with a suitable ROM such as Replicant or Cyanogenmod.

Install the F-Droid app on the new phone.

From F-droid, install the DAVdroid app. DAVdroid will allow you to quickly sync the new phone against any arbitrary CalDAV and WebDAV server to populate it with the user's calendar and contact / address book data.

Now is a good time to install other interesting apps like Lumicall, Conversations and K-9 Mail.

Planet Linux AustraliaSteven Hanley: [mtb] Blue Mountains Six foot/TNF100 scouting trip Feb 2014

Jane loving the trail run down to Coxs river (fullsize)
Oops I realised I forgot to link to this one in my reverse posting of all these adventures, this was a weekend Jane and I headed up to the Blue Mountains for some running and to scout out the Six Foot course (made Jane more comfortable on the course (and as she finished 2nd in the race it probably helped)) and for me we were able to do the climb up Furber Steps (and a nice run along Federal pass including the giant stair case descent).

Though I did get to climb the steps in the Mt Solitary Ultra I had not at that time planned to do that race so I was happy to see them for TNF100 prep. We had a good weekend up there and it was nice to have a relaxed run to the river and back, we managed to see a number of people out for a Fat Arse run on the course too. My gallery from my Blue Mountains weekend in Feb 2014 is online here, thanks for the company Jane, hope to see you back on the trails soon.

Planet DebianJuliana Louback: PaperTrail - Powered by IBM Watson

On the final semester of my MSc program at Columbia SEAS, I was lucky enough to be able to attend a seminar course taught by Alfio Gliozzo entitled Q&A with IBM Watson. A significant part of the course is dedicated to learning how to leverage the services and resources available on the Watson Developer Cloud. This post describes the course project my team developed, the PaperTrail application.

Project Proposal

Create an application to assist in the development of future academic papers. Based on a paper’s initial proposal, Paper Trail predicts publications to be used as references or acknowledgement of prior art and provides a trend analysis of major topics and methods.

The objective is to speed the discovery of relevant papers early in the research process, and allow for early assessment of the depth of prior research concerning the initial proposal.

Meet the Team

Wesley Bruning, Software Engineer, MSc. in Computer Science

Xavier Gonzalez, Industrial Engineer, MSc. in Data Science

Juliana Louback, Software Engineer, MSc. in Computer Science

Aaron Zakem, Patent Attorney, MSc. in Computer Science

Prior Art

A significant amount of attention has been given to this topic over the past few decades. The table below shows the work the team deemed most relevant due to recency, accuracy and similarity of functionality.


The variation in accuracy displayed is a result of experimentation with different dataset sizes and algorithm variations. More information and details can be found in the prior art report.

The main differential of PaperTrail is providing a form of access to the citation prediciton and trend analysis algorithm. With the exception of the project by McNee et al., these algorithmns aren’t currently available for general use. The application on is open to use but its objective is to rank publications and authors for given topics.


Citation Prediction: PaperTrail builds on the work done by Wolski’s team in Fall 2014. This algorithmn builds a reference graph used to define research communities, with an associated vector of topic scores generated by an LDA model. The papers in each research community are then ranked by importance within the community with a custom ranking algorithm. When a target document is given to algorithm as input, the LDA model is used to generate a vector of topics that are present in the document. The communities with the most similar topic vectors are selected and the publications within these communities with highest rank and greatest similarity to the input document are recommended as references. A more detailed description can be found here.

Trend Analysis: Initially, the idea was to use the AlchemyData News API to obtain statistics pertaining to the amount of publications on a given topic over time. However, with the exception of buzz-words (i.e. ‘big data’), many more specialized topics appeared very infrequently in news articles, if at all. This isn’t entirely surprising given the target audience of PaperTrail. As a work around, we use the Alchemy Language API to extract keywords from the abstracts in the dataset, in addition to relevance scores. The PaperTrail database could then be queried for entry counts for a given year and keyword to provide an indication of publication trends in academia. Note that the Alchemy Language API extracts multiple-word ‘keywords’ as well as single words.


To maintain consistency with Wolski’s project, we are using the DBLP data as made available on The DBLP-Citation-network V5 dataset contains 1,572,277 entries; we are limited to the use of entries that contain both abstracts and citations, bringing the dataset size down to 265,865 entries.


A high-level visualization of the project architecture is displayed below. Before launching PaperTrail, it’s necessary to train Wolski’s algorithm offline. Currently any documentation with regard to the performance of said algorithm is unavailable; the PaperTrail project will include an evaluation phase and report the findings made.

The PaperTrail app and database will be hosted on the Bluemix Platform.


Status Report

Phases completed:

  • Project design

  • Prior art research

  • Data cleansing

  • Development and deployment of an alpha version of the PaperTrail app

Phases under development:

  • Algorithm training and evaluation

  • Keyword extraction

  • MapReduce of publication frequency by year and topic

  • Data visualization component

Planet DebianCraig Small: Mixing pysnmp and stdin

Depending on the application, sometimes you want to have some socket operations going (such as loading a website) and have stdin being read. There are plenty of examples for this in python which usually boil down to making stdin behave like a socket and mixing it into the list of sockets select() cares about.

A while ago I asked an email list could I have pysnmp use a different socket map so I could add my own sockets in (UDP, TCP and a zmq to name a few) and the Ilya the author of pysnmp explained how pysnmp can use a foreign socket map.

This sample code below is merely an mixture of Ilya’s example code and the way stdin gets mixed into the fold.  I have also updated to the high-level pysnmp API which explains the slight differences in the calls.

  1. from time import time
  2. import sys
  3. import asyncore
  4. from pysnmp.hlapi import asyncore as snmpAC
  5. from pysnmp.carrier.asynsock.dispatch import AsynsockDispatcher
  8. class CmdlineClient(asyncore.file_dispatcher):
  9.     def handle_read(self):
  10.     buf = self.recv(1024)
  11.     print "you said {}".format(buf)
  14. def myCallback(snmpEngine, sendRequestHandle, errorIndication,
  15.                errorStatus, errorIndex, varBinds, cbCtx):
  16.     print "myCallback!!"
  17.     if errorIndication:
  18.         print(errorIndication)
  19.         return
  20.     if errorStatus:
  21.         print('%s at %s' % (errorStatus.prettyPrint(),
  22.               errorIndex and varBinds[int(errorIndex)-1] or '?')
  23.              )
  24.         return
  26.     for oid, val in varBinds:
  27.     if val is None:
  28.         print(oid.prettyPrint())
  29.     else:
  30.         print('%s = %s' % (oid.prettyPrint(), val.prettyPrint()))
  32. sharedSocketMap = {}
  33. transportDispatcher = AsynsockDispatcher()
  34. transportDispatcher.setSocketMap(sharedSocketMap)
  35. snmpEngine = snmpAC.SnmpEngine()
  36. snmpEngine.registerTransportDispatcher(transportDispatcher)
  37. sharedSocketMap[sys.stdin] = CmdlineClient(sys.stdin)
  39. snmpAC.getCmd(
  40.     snmpEngine,
  41.     snmpAC.CommunityData('public'),
  42.     snmpAC.UdpTransportTarget(('', 161)),
  43.     snmpAC.ContextData(),
  44.     snmpAC.ObjectType(
  45.         snmpAC.ObjectIdentity('SNMPv2-MIB', 'sysDescr', 0)),
  46.     cbFun=myCallback)
  48. while True:
  49.     asyncore.poll(timeout=0.5, map=sharedSocketMap)
  50.     if transportDispatcher.jobsArePending() or transportDispatcher.transportsAreWorking():
  51.         transportDispatcher.handleTimerTick(time())

Some interesting lines from the above code:

  • Lines 8-11 are the stdin class that is called (or rather its handle_read method is) when there is text available on stdin.
  • Line 34 is where pysnmp is told to use our socket map and not its inbuilt one
  • Line 37 is where we have used the socket map to say if we get input from stdin, what is the handler.
  • Lines 39-46 are sending a SNMP query using the high-level API
  • Lines 48-51 are my simple socket poller

With all this I can handle keyboard presses and network traffic, such as a simple SNMP poll.


LongNow“The Forty Part Motet” by Janet Cardiff Arrives Next Door to The Interval


Fort Mason Center for Arts & Culture and the San Francisco Museum of Modern Art co-present the California debut of Janet Cardiff’s immersive sound installation The Forty Part Motet at the newly opened Gallery 308, right next door to The Interval. The Forty Part Motet is a 40-part choral performance of English composer, Thomas Tallis’s 16th-century composition Spem in Alium, sung by the Salisbury Cathedral Choir. The performance is played in a 14-minute loop that includes 11 minutes of singing and 3 minutes of intermission.

Individually recorded parts are projected through 40 speakers arranged inward in an oval formation, allowing visitors to walk throughout the installation, listening to individual voices along with the whole. Cardiff’s layering of voices creates an emotionally evocative sound sculpture that feels intimate, even within a public space.

Admission is free. Advance tickets are strongly recommended in the first weeks due to limited capacity, although same day walk-up tickets will be offered as available. The piece is open from 12pm to 8pm Wednesdays through Sundays from November 14, 02015 to January 18, 02016 –  do come by The Interval for a cocktail or coffee afterwards!

CryptogramFriday Squid Blogging: Squid Fishing Championship

It's an annual event in Hvar, Croatia.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Planet DebianFrancois Marier: How Tracking Protection works in Firefox

Firefox 42, which was released last week, introduced a new feature in its Private Browsing mode: tracking protection.

If you are interested in how this list is put together and then used in Firefox, this post is for you.

Safe Browsing lists

There are many possible ways to download URL lists to the browser and check against that list before loading anything. One of those is already implemented as part of our malware and phishing protection. It uses the Safe Browsing v2.2 protocol.

In a nutshell, the way that this works is that each URL on the block list is hashed (using SHA-256) and then that list of hashes is downloaded by Firefox and stored into a data structure on disk:

  • ~/.cache/mozilla/firefox/XXXX/safebrowsing/mozstd-track* on Linux
  • ~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/mozstd-track* on Mac
  • C:\Users\XXXX\AppData\Local\mozilla\firefox\profiles\XXXX\safebrowsing\mozstd-track* on Windows

This sbdbdump script can be used to extract the hashes contained in these files and will output something like this:

$ ~/sbdbdump/ -v .
- Reading sbstore: mozstd-track-digest256
[mozstd-track-digest256] magic 1231AF3B Version 3 NumAddChunk: 1 NumSubChunk: 0 NumAddPrefix: 0 NumSubPrefix: 0 NumAddComplete: 1696 NumSubComplete: 0
[mozstd-track-digest256] AddChunks: 1445465225
[mozstd-track-digest256] SubChunks:
[mozstd-track-digest256] addComplete[chunk:1445465225] e48768b0ce59561e5bc141a52061dd45524e75b66cad7d59dd92e4307625bdc5
[mozstd-track-digest256] MD5: 81a8becb0903de19351427b24921a772

The name of the blocklist being dumped here (mozstd-track-digest256) is set in the urlclassifier.trackingTable preference which you can find in about:config. The most important part of the output shown above is the addComplete line which contains a hash that we will see again in a later section.

List lookups

Once it's time to load a resource, Firefox hashes the URL, as well as a few variations of it, and then looks for it in the local lists.

If there's no match, then the load proceeds. If there's a match, then we do an additional check against a pairwise allowlist.

The pairwise allowlist (hardcoded in the urlclassifier.trackingWhitelistTable pref) is designed to encode what we call "entity relationships". The list groups related domains together for the purpose of checking whether a load is first or third party (e.g. and both belong to the same entity).

Entries on this list (named mozstd-trackwhite-digest256) look like this:

which translates to "if you're on the site, then don't block resources from

If there's a match on the second list, we don't block the load. It's only when we get a match on the first list and not the second one that we go ahead and cancel the network load.

If you visit our test page, you will see tracking protection in action with a shield icon in the URL bar. Opening the developer tool console will expose the URL of the resource that was blocked:

The resource at "" was blocked because tracking protection is enabled.

Creating the lists

The blocklist is created by Disconnect according to their definition of tracking.

The Disconnect list is on their Github page, but the copy we use in Firefox is the copy we have in our own repository. Similarly the Disconnect entity list is from here but our copy is in our repository. Should you wish to be notified of any changes to the lists, you can simply subscribe to this Atom feed.

To convert this JSON-formatted list into the binary format needed by the Safe Browsing code, we run a custom list generation script whenever the list changes on GitHub.

If you run that script locally using the same configuration as our server stack, you can see the conversion from the original list to the binary hashes.

Here's a sample entry from the mozstd-track-digest256.log file:

[m] >>
[hash] e48768b0ce59561e5bc141a52061dd45524e75b66cad7d59dd92e4307625bdc5

and one from mozstd-trackwhite-digest256.log:

[entity] Twitter >> (canonicalized), hash a8e9e3456f46dbe49551c7da3860f64393d8f9d96f42b5ae86927722467577df

This in combination with the sbdbdump script mentioned earlier, will allow you to audit the contents of the local lists.

Serving the lists

The way that the binary lists are served to Firefox is through a custom server component written by Mozilla: shavar.

Every hour, Firefox requests updates from If new data is available, then the whole list is downloaded again. Otherwise, all it receives in return is an empty 204 response.

Should you want to play with it and run your own server, follow the installation instructions and then go into about:config to change these preferences to point to your own instance:


Note that on Firefox 43 and later, these prefs have been renamed to:


Learn more

If you want to learn more about how tracking protection works in Firefox, you can find all of the technical details on the Mozilla wiki or you can ask questions on our mailing list.

Thanks to Tanvi Vyas for reviewing a draft of this post.

CryptogramAmazon Chooses Data and Goliath as a Best Book of 2015

Amazon chose Data and Goliath as one of its Best Books of 2015, in both the nonfiction and business categories.

Planet DebianJohn Goerzen: Memories of a printer

I have a friend who hates printers. I’ll call him “Mark”, because that, incidentally, is his name. His hatred for printers is partly my fault, but that is, ahem, a story for another time that involves him returning from a battle with a printer with a combination of weld dust, toner, and a deep scowl on his face.

I also tend to hate printers. Driver issues, crinkled paper, toner spilling all over the place…. everybody hates printers.

But there is exactly one printer that I have never hated. It’s almost 20 years old, and has some stories to tell.

Nearly 20 years ago, I was about to move out of my parents’ house, and I needed a printer. I bought a LaserJet 6MP. This printer ought to have been made by Nokia. It’s still running fine, 18 years later. It turned out to be one of the best investments in computing equipment I’ve ever made. Its operating costs, by now, are cheaper than just about any printer you can buy today — less than one cent per page. It has been supported by every major operating system for years.

PostScript was important, because back then running Ghostscript to convert to PCL was both slow and a little error-prone. PostScript meant I didn’t need a finicky lpr/lprng driver on my Linux workstation to print. It just… printed. (Hat tip to anyone else that remembers the trial and error of constructing an /etc/printcap that would print both ASCII and PostScript files correctly!)

Out of this printer have come plane and train tickets, taking me across the country to visit family and across the world to visit friends. It’s printed resumes and recipes, music and university papers. I even printed wedding invitations and envelopes on them two years ago, painstakingly typeset in LaTeX and TeXmacs. I remember standing at the printer in the basement one evening, feeding envelope after envelope into the manual feed slot. (OK, so it did choke on a couple of envelopes, but overall it all worked great.)

The problem, though, is that it needs a parallel port. I haven’t had a PC with one of those in a long while. A few years ago, in a moment of foresight, I bought a little converter box that has an Ethernet port and a parallel port, with the idea that it would be pay for itself by letting me not maintain some old PC just to print. Well, it did, but now the converter box is dying! And they don’t make them anymore. So I finally threw in the towel and bought a new LaserJet.

It cost a third of what the 6MP did, has a copier, scanner, prints in color, does duplexing, has wifi… and, yes, still supports PostScript — strangely enough, a deciding factor in going with HP over Brother once again. (The other was image quality)

We shall see if I am still using it when I’m 50.

Geek FeminismSingin’ bye bye Miss Linkspammy Pie

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet DebianDaniel Pocock: How much video RAM for a 4k monitor?

I previously wrote about my experience moving to a 4K monitor.

I've been relatively happy with it except for one thing: I found that 1GB video RAM simply isn't sufficient for a stable system. This wasn't immediately obvious as it appeared to work in the beginning, but over time I've observed that it was not sufficient.

I'm not using it for gaming or 3D rendering. My typical desktop involves several virtual workspaces with terminal windows, web browsers, a mail client, IRC and Eclipse. Sometimes I use vlc for playing media files.

Using the nvidia-settings tool, I observed that the Used Dedicated memory statistic would frequently reach the maximum, 1024MB. On a few occasions, X crashed with errors indicating it was out of memory.

After observing these problems, I put another card with 4GB video RAM into the system and I've observed it using between 1024 MB and 1300 MB at any one time. This leaves me feeling that people with only basic expectations for their desktop should aim for at least 2GB video RAM for 4k.

That said, I've continued to enjoy many benefits of computing with a 4K monitor. In addition to those mentioned in my previous blog, here are some things that were easier for me with 4K:

  • Using gitk to look through many commits on the master branch of reSIProcate and cherry-pick some things to the resiprocate-1.9 branch. gitk only used half the screen and I was able to use the right hand side of the screen to look at the code in an editor in more detail.
  • Simultaneously monitoring logs from two Android devices running Lumicall and a repro SIP proxy server in three terminal windows arranged side by side, up to 125 lines of text in each.
  • Using WebRTC sites in the Mozilla browser while having a browser console window, source code and SIP proxy logs all open at the same time, none of them overlapping.

You can do much of this with a pair of monitors, but there is something quite nice about doing it all on a single 4K screen.

Krebs on SecurityJPMorgan Hackers Breached Anti-Fraud Vendor G2 Web Services

Buried in the federal indictments unsealed this week against four men accused of stealing tens of millions of consumer records from JPMorgan Chase and other brokerage firms are other unnamed companies that were similarly victimized by the accused. One of them, identified in the indictments only as “Victim #12,” is an entity that helps banks block transactions for dodgy goods advertised in spam. Turns out, the hackers targeted this company so that they could more easily push through payments for spam-advertised prescription drugs and fake antivirus schemes.

g2webAccording to multiple sources, Victim #12 is none other than Bellevue, Wash. based G2 Web Services LLC, a company that helps banks figure out if a website is fraudulent or is selling contraband. G2 Web Services has not responded to multiple requests for comment.

In the final chapters of my book, Spam Nation: The Inside Story of Organized Cybercrime, I detailed the work of The International AntiCounterfeiting Coalition (IACC), a non-profit organization dedicated to combating product counterfeiting and piracy.

In 2011, G2 Web Services landed a contract to help the IACC conduct “test buys” at sites with products that were being advertised via spam. The company would identify which banks (mostly in Asia) were processing payments for these sites, and then Visa and MasterCard would rain down steep fines on the banks for violating their contracts with the credit card companies. The idea was to follow the money from schemes tied to cybercrime, deter banks from accepting funds from fraudulent transactions, and make it difficult for spammers to maintain stable credit card processing for those endeavors.

Prosecutors say the ringleader of the cybercrime gang accused of breaking into JPMC, Scottrade, E-Trade and others is 31-year-old Gery Shalon, a resident of Tel Aviv and Moscow. Investigators allege Shalon and his co-conspirators monitored credit card transactions processed through their payment processing business to attempt to discern which, if any, were undercover transactions made on behalf of credit card companies attempting to identify unlawful merchants. The government also charges that beginning in or about 2012, Shalon and his co-conspirators hacked into the computer networks of Victim-12 (G2 Web Services).

Shalon and his gang allegedly monitored Victim-12’s detection efforts, including reading emails of Victim-12 employees so they could take steps to evade detection.

“In particular, through their unlawful intrusion into Victim-12’s network, Shalon and his co-conspirators determined which credit and debit card numbers Victim-12 employees were using the make undercover purchases of illicit goods in the course of their effort to detect unlawful merchants,” Shalon’s indictment explains. “Upon identifying those credit and debit card numbers, Shalon and his co-conspirators blacklisted the numbers from their payment processing business, automatically declining any transaction for which payment was offered through one of those credit or debit card numbers.”

According to the U.S. government, Shalon ran, a dodgy credit card processor that worked with dozens of banks to push through sales for fake antivirus and pharma-spam sites. Interestingly, in 2011, I wrote about a source who’d stumbled upon a portion of the customer database for As I wrote then:

“The database indicates that a large number of fake AV Web sites were using to process payments (a partial list is here). The database revealed even bigger fish: Among the companies it processed was, a major rogue pharmacy affiliate program that pays hackers and spammers to promote its pharmacy sites.”

“Another interesting client that processes payments through was HzMedia Limited. That entity is owned by Igor Gusev, the founder of GlavMed, one of the world’s largest and spammiest rogue Internet pharmacy affiliate programs.”

Gusev would emerge as one of two major cybercrime kingpins I profiled in Spam Nation.

This story is interesting because it shows how money laundering is such a key component of cybercrime operations, and that anyone who has built such networks likely knows or works with a great many of the world’s top cybercrooks. It also illustrates the lengths to which organized cybercriminals will go to preserve their business models.

G2 was profiled in a New York Times story last month on firms that pit artificial intelligence against hacking threats. That piece cited G2 Web’s ability to spot “transaction laundering,” in which an illegal business tries to appear legitimate by processing transactions through a legal site. The story didn’t mention a breach, but it quoted a G2 employee on the challenges associated with fighting crooks who possess the means and the motive for hacking those who stand in their way.

“The guys who run these illicit sites are also into viruses and malware,” the Times quoted Alan Krumholz, principal data scientist at G2. “It’s a cat-and-mouse game. They go from one business into another.”

The full indictment against Shalon is here (PDF). The mention of Victim 12 (G2) is on page 23.

Sociological ImagesAnorexia Mirabilis: Fasting in Victorian England and modern India

Flashback Friday.

Joan Jacob Brumberg’s fantastic book, Fasting Girls: The History of Anorexia Nervosa, is an excellent example of the benefits of sociologically-inspired history.  Brumberg begins by explaining that girls who starved themselves have been recorded in many historical epochs, but the way in which societies have made sense of that starvation has varied.

Today we medicalize self-starvation; we call it a mental illness and we name it “anorexia nervosa.”

In Medieval Europe, fasting girls were labeled with the term “anorexia mirabilis”; these girls were seen as miracles, able to survive on spiritual devotion alone. During the Victorian Era, people would pilgrimage to these fasting girls and leave offerings.  A famous fasting girl could be a financial boon to a struggling family.

Fasting Girl Mollie Fancher in 1887:


During the nineteenth century, medical doctors and psychiatrists (who generally saw religion as a threat to their nascent authority) argued that the fasting girls were impossibilities, that no one could survive without food. The competition between medicine and religion became so intense that doctors became intent on proving that these fasting girls were not surviving on holiness, but were sneaking food. In several cases, doctors staked out fasting girls, watching her to make sure that she did not eat, and these girls, relentless in the illusion, sometimes died.

In any case, I thought of Brumberg’s book when I came across a story about Prahlad Jani, an Indian man who claims that he has not had any food or drink for 70 years, surviving on “spiritual life force” instead.

In 2003 and 2010, Jani’s claims were tested by physicians. In the latest round, Indian military scientists held him in a hospital, watching him to ensure he did not eat or drink.  Unlike the doctors in the Victorian era, however, who wanted the girls to fail, these doctors think Jani might hold a secret that will be useful for the military and they’re hoping that, by watching, they will be able to discover it.

They released him after 15 days. As they did in 2003, they said that his tests came back normal despite complete abstinence from food and water.

Originally posted in 2010.

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

Planet Linux AustraliaBinh Nguyen: China Background, Economic Warfare, and More

- the world feels very different when you get perspectives from all over the world... if you were to simply watch the local news you'd think that the Chinese and Russians were right on our border and were ready to invade us. The other problem is that due to the language problem we only get a snippet of what they intend to say. Younger people in China aren't much different from us and censorship is bad but isn't as horrible as we're meant to believe?
Freedom, Politics and Change in China - Does The West Fear China Documentary
BBC Documentary Our World Flashpoint South China Sea english subtitles
United States, China and Public Opinion
Are We Looking For A Fight In The South China Sea
Are China's ambitions in the South China Sea a threat
The Debate - South China Sea Tensions (May 30th)
Counting the Cost - The scramble for the South China Sea
Taiwan in the South China Sea
Chinese Assertiveness in the South China Sea - Harbinger of Things to Come
Five Former U.S. Ambassadors to China Discuss U.S.-China Relations 
- if you listen to a lot of the what is being said it's a combination of fear, disbelief, concern, anger, etc... in varying quantities. A lot of countries are wanting to maintain current order or at least have an understanding of where they will fit into the world that is currently being shaped before our very eyes. Others wanting to change and looking for an idea of how far they can push things. There are a lot of commentators out there who have a limited understanding of the history behind what is happening, a lot of differing perspectives, highly concentrated media, on all sides, which makes it difficult to get a balanced idea of what is actually happening
The Heat - Henry Kissinger on China-U.S. relations
China and the U.S. Are Long-term Enemies-kd
India’s World – US-China face-off in South China sea
- the thing I find most bemusing is that people most often remember the most extreme examples of each and every society out there. If you were to listen to some media outlets it seems as though the Chinese government were against 'Falun Gung', 'Dalai Lama', etc.. for no reason. Dig further and most groups that the government is opposed to are wanting substantial social change (not judging here. There have been some pretty ugly accusations though...). The worse part of this is that while there is somewhat of a tacit agreement among intelligence agencies internationally on what type of covers/operations that they should and should not use. This may have changed of late somewhat with some targets/penetrations being considered of higher priority. Muddies the water a lot...
Kevin Rudd - Are China and the US doomed to conflict
The Debate - South China Sea Tensions (October 28th)
- they don't trust us and we don't trust them. Look at their history and you sort of understand why exactly they don't trust us. A lot of promises were broken. Since they have a long memory they're thinking why should they trust us if we can't be trusted to follow through on what we say. Makes the circumstances worse...
- if they want a 'peaceful rise' they'll need to export their culture either way. Make them seem less threatening and help us understand them within context. Whether it's the Russians, Chinese, Europeans, Arabs, etc... everytime they speak about US/Allied conspiracies they sound crazy. Music such as C-Pop, sporting/music stars, etc... help but they aren't accessible enough. Clearly, Putin believes in the old Soviet model of strengh entailing respect on the global stage whether in sport, technology, science, etc... Too simplistic. Fear and respect won't hold without a continual presence (similar to geo-political engineering). Admiration and respect is something different though. That holds and won't require a massive security apparatus to keep everything in order. Easier said than done with a lof of the problems the world faces now though. Something which China seems to be better at especially in the context of their neighbours...

- if you follow the financial markets you'll realise that a lot of things aren't adding up at the moment. A lot of numbers don't quite make sense. Others have noticed as well... not just the conspiracy theorists, speculators, etc... If we were to go on fundamentals many countries that technically shouldn't be in trouble are in trouble and vice-versa
$100 Trillion American Economic Collapse with Jim Rickards
Exclusive Interview - Jim Rickards & Peter Schiff Discuss Global Gold Markets [Full Discussion]
The Coming Financial Collapse Of Great Britain UK Explained _ Revolutionary Documentaries
China Warns US, It Has Begun Dumping Treasuries - Episode 751a
- one of the things that is obvious is that during moments of financial difficulty the US goes understands together and in solidarity for one another. Their debt purchases are split internally and externally. Think about the recent European Debt issues where interest rates when through the roof. By having someone step in and control the flow into the general community they've been able to manage interest rates, inflation, growth, etc... The US has made things slightly easier by having private entities step in to keep things in check. By using a proxy/third party it makes it more difficult for speculators if this is is what happening which would make it more difficult for the US. Who knows how much of their own debt they're actually buying?
- if the West goes to war it will be a multi-layered/complex war. Most countries that it is likely to go to conflict with have taken substantial measures to shield themselves from any impact that they likely to face. It will be economic, cyber, hybrid, conventional, and non-conventional warfare. With the way the US is being dealt with at the moment it feels as though it's enemies have found a moment of weakness (or else the US is in actual decline). They're basically seeing how far they can push the US and it's allies at the moment. The obvious question is how much will it weaken and whether or not it will be (relatively) terminal?
Cold War 2 Or World War 3 Economic Warfare Between The United States And Russia Has Begun
Cyber-Enabled Economic Warfare - An Evolving Challenge
- the West is getting outplayed. If you want to take a bet, there are plenty of under valued assets out there if you look hard/deep enough. Moreover, it's clear that prior to any major military move that is likely to trigger actions by others (such as sanctions) a lot of countries are betting on this and taking a bet on it to reduce their economic impact. In reality the US has been caught off guard a number of times... but it doesn't really matter if you have a massive military. Does it matter if you can't really afford (or have no appetite) to deploy it?
The Push For War With China Is Now Escalating -- Episode 234
Economic WAR Between U.S. & Russia _ Gregory Mannarino
Panel 2 - Russia, China, and the Future of  Economic Warfare
- if various parties have engaged in economic/algorithmic based warfare then it would explain a few odd market movements and why some people have been arrested for reasonably 'normal behaviour' (according to the press). Part of me feels as though the world is currently being re-shaped in front of us behind our backs (if that makes sense)
- the problem with a lot of activists and conspiracy theorists is that they sound crazy or that they mix up good with bad material. It makes it very difficult to judge their credibility. This is especially the case with financial makret speculators who have a bet on the other side
US Pushes War Against Russia, North Korea And China To Cover-Up The Collapse - Episode 747b
U.S. Government Financial Numbers Are Manipulated To Keep The Illusion Of A Recovery - Episode 786a
- countries are worried about surprise opportunistic moves. Think about Turkey, Iran, Saudi Arabia, Lebanon, Iraq, Israel, etc... in the Middle East region at the moment. With the advent of the Syrian/Iraq/Afghanistan conflicts all have made moves to re-shape the region as they see fit. US/Australia has troops stationed in the north in case an 'opportunity' rises (there are other reasons as well obviously)...

- difficult to read encoded URL's. Thankfully, don't need to memorise them (though you do tend to memorise things over time)...

- making extensions easier then you actually think

- Carla is a sound plugin host for Linux. May require code modification/re-compilation to get things running on your localhost
- lots of plugins to help secure your local setup...

- Ninite is not the only option for automated installation under Windows. If desperate plenty of options

- decoding video/sound streams used to be easy but is not becoming more difficult with the increase in encoding, obfucation, encryption, etc... Need more time but think I can come up with an elegant solution... (some of the existing code that I'm looking at is highly specific and needs extensive modification for each site. I want a generalised solution that is elegant if possible...)

Some recent interesting quotes in the media...

- Multiple Air Force and industry sources confirm that the Raptor has a lower radar cross section over a wider range of frequencies than the F-35 (as the Air Force maintained for nearly decade till 2014), but the newer aircraft is far better at managing its signature thanks to an incredibly advanced electronic warfare suite. That is likely why retired Air Combat Command commander Gen. Mike Hostage told Breaking Defense: “The F-35 doesn’t have the altitude, doesn’t have the speed [of the F-22], but it can beat the F-22 in stealth.” The operative word there is can. As current ACC commander Gen. Hawk Carlisle told National Defense Magazine: The F-35 has much better “passive capability to determine who’s out there [and] its ability to manage its own signature.”

Ultimately, it’s the pilot vehicle interface the United States has developed over the decades at great expense that affords it the edge over Russia and China’s upstart programs—as Carlisle himself told me a few years ago at the Pentagon. Nonetheless, the United States will have to keep developing new technology to stay ahead.
- "If the only problem the F-35 had was that the aircraft was $1 million more expensive, they wouldn't have a problem," he said. "The problem is the aircraft is tens of millions of dollars more than they originally told people it would be, and that's just the acquisition price. It's the sustainment cost that will destroy air forces."
Still, even with Canada pulling out of the program, costs of the F-35 will likely fall in the long term as production of the aircraft becomes more efficient, according to The Fiscal Times. Each plane now costs an estimated $108 million, according to Lockheed, and prices are expected to fall to $85 million per plane by 2019 if Canada stays in the program.
- The F-35 program includes variants for the Marine Corps, Air Force and Navy, and also has international developmental partners and customers. The fighter program has been plagued by numerous problems from helmet glitches that made pilots air sick to software issues. Most recently, the services discovered that pilots weighing less than 136 pounds could be killed by whiplash if they needed to eject
- Because of the importance and complexity of the project, Alexander Sergeyevich Yakovlev assigned a large portion of his OKB to the development of the new VTOL fighter, with no fewer than ten chief engineers working simultaneously on what was called "Product 48" (the military had designated it Yak-41). Over fifty designs were studied. One key problem was designing an aircraft with both vectoring thrust and an afterburner, which was essential for sustained supersonic speeds. A twin-engine design was considered, but abandoned as the loss of an engine on landing would result in an immediate roll to the side. Eventually it was decided that the best arrangement was a single vectoring nozzle located just behind the center of gravity, as well as dedicated vertical thrust jets positioned just behind the cockpit. A considerable amount of time was spent in the development of a flat, rectangular nozzle similar to that later employed on the American F-22 Raptor. Such a nozzle proved well-suited for the changes in configuration needed for both thrust vectoring and supersonic flight, and allowed for a thin, shallow tail. Ultimately, a circular nozzle was used, located between twin booms supporting the twin-finned tail.[1][page needed]

Parts subject to excessive heat from the engines during landing were manufactured of titanium, and no less than 26% of the overall aircraft was to be manufactured of graphite or composite material. Because of heat build-up, hovering was restricted to no more than 2½ minutes.[1][page needed]

All three engines were controlled through an interlinked digital system, which was capable of controlling both engine start-up as well as modulating the thrust of all three engines during landing and hovering flight. Twin tandem reaction control jets were positioned at the wingtips, while a swiveling yaw jet was positioned under the nose.[1][page needed]

The cockpit was pressurized and air-conditioned. The small canopy was bulletproof in front. It hinged to the right, but because of a long dorsal spine it had no rear vision. The ejection seat was automatically armed as soon as the engine duct was rotated past 30 degrees with an airspeed of less than 300 km/h (186 mph). The instrumentation in the prototypes was simple and similar to that planned for the earlier Yak-36M. The production version was to have been fitted with an extensive avionics and weapons suite including doppler radar, laser-TV ranging and aiming, as well as a heads-up multifunction display (HUD) which worked in connection with a helmet-mounted missile aiming system as found on the Mikoyan MiG-29. This system allows the pilot to lock onto an enemy aircraft by turning his head as far as 80 degrees from front.[1][page needed]
Following the announcement by the CIS on September 1991 that it could no longer fund development of the Yak-41M, Yakovlev entered into discussions with several foreign partners who could help fund the program. Lockheed Corporation, which was in the process of developing the X-35 for the US Joint Strike Fighter program, stepped forward, and with their assistance 48-2 was displayed at the Farnborough Airshow in September 1992. Yakovlev announced that they had reached an agreement with Lockheed for funds of $385 to $400 million for three new prototypes and an additional static test aircraft to test improvements in design and avionics. Planned modifications for the proposed Yak-41M included an increase in STOL weight to 21,500 kg (47,400 lb). One of the prototypes would have been a dual-control trainer. Though no longer flyable, both 48-2 and 48-3 were exhibited at the 1993 Moscow airshow. The partnership began in late 1991, though it was not publicly revealed by Yakovlev until 6 September 1992, and was not revealed by Lockheed until June 1994.[1]
- Iran is not an innocent country burdened by our sanctions, as some like to portray it. It is a country that deprives its citizens of basic needs in order to bankroll terrorism and violence throughout the world. Iran’s interests are far different than our own and to believe that handing over billions of dollars to this regime will go without bolstering our enemies is ludicrous. To ignore Iran’s intentions in the world is foolish. And to believe that this is a good deal is simply naïve.
- In Israel, much of the criticism has revolved around the cost of the US-made jet and the erosion of indigenous know-how. Former defense minister Moshe Arens, an aeronautical engineer by training and one of the program’s most vocal castigators, told The Times of Israel in October that while the F-35 might be “nice to have,” he didn’t see any need for it considering the country’s budgetary constraints. He noted that the military was still operating Vietnam War-era armored personnel carriers — to fatal effect this past summer in Gaza’s Shejaiya neighborhood this past summer — and said Israel would do better upgrading its existing F-15 and F-16 planes and investing the surplus funds in the ground forces.
In 1968, Israel bought the US-made Phantom, which was faster than the Mirage and could carry nearly six times its payload. “Our concept is that we will never win with quantity,” Lt. Col. B said. “We’ll win by being first.” The Phantom, he said, was “the first bomber that could escort itself deep into enemy territory.”
- This is not to say that today’s IAF planes lack the ability to unlock the S-300. Quite likely, the IAF has trained against the system in Greece and has created a combat doctrine capable of defeating it. The F-35 though, he said, “is similar to the iPhone,” in that the planners were able to take the capacity once housed on separate aircraft – stealth, intelligence gathering, advanced radars, planning, control, and electronic warfare – and “pack it all into a single fighter plane.”

Shapir conceded that the aircraft has “fantastic” capabilities and even said it might yet prove a useful tool against the S-300, but asserted that the only reason it is a truly necessary tool for Israel – which fights most of its battles near home but needs to maintain the capability of projecting its air power to places as distant as Tehran — is because Israel’s planes are aging and the United States “made the F-35 the only game in town.”

“There’s no other way,” he said, “because there’s nothing else out there.”
- Which raises the question of whether the RCAF will get new fighters at all. The lifetime of existing CF-18s has already been extended to 2025. The Liberals appear determined to end the RCAF’s participation in the aerial campaign against the Islamic State of Iraq and the Levant. Bearing that in mind, they may decide it makes more sense to invest in state-of-the-art drones, which can stay aloft virtually around the clock and patrol vast swathes of Arctic territory at high altitudes, than replace aging but still-serviceable manned fighters they would prefer not to use. In that event, there would savings in the billions, which could be redirected towards a navy in dire need of rapid, major investment.
- Because of their relatively long wavelength, VHF radars generally lack sufficient accuracy to guide a missile to a target on their own and are therefore used to cue higher frequency, shorter wavelength engagement radars to the approximate location of the target. Narrowband stealth aircraft such as the F-117, F-22 and F-35 were designed to be very low observable (VLO) in these higher frequencies in order to significantly limit the range at which they can be successfully detected by engagement radars. Consequently, despite inputs from the VHF acquisition radar, the X-band* engagement radar of Dani’s SA-3 battery was able to track the F-117 only at a distance of 8 miles (13 km), obtaining a lock and launching two missiles towards it only on the third attempt (the colonel would order his men to switch the engagement radar on for no more than 20 seconds for each attempt in order to avoid being targeted by NATO electronic warfare aircraft).
- Meanwhile, Germany spends a mere 1.2 percent. Italy, Canada, and Spain spend 1 percent or less. It’s understandable that people in those countries prefer to spend their money on universal health care and paid parental leave. But one of the reasons they’re able to do that and skimp on defense is the security subsidy they get from US taxpayers. The United States foots the bill for 73 percent of NATO’s defense spending, including the cost of keeping more than 40,000 troops in Germany. The fact that so many Europeans have come to take US protection for granted could be seen as a sign of the trust they place in the US-led NATO alliance. But a truly strong alliance requires equal participation from all members. Europeans can’t expect Americans to make sacrifices to defend them if they aren’t willing to make the same sacrifices to defend themselves.
- The humiliating failure of the two peace agreements signed in Minsk, Belarus, intended to halt the fighting in eastern Ukraine, proved what leaders of the free world simply refuse to admit: that there is no dealing with Putin the way they deal with one another. The model is repeating itself in Syria, as diplomats head to Vienna for peace talks. But confronting Putin doesn’t mean defeating the entire Russian army or starting World War III. Putin’s entire leadership cult in Russia is built on his image as an invincible strongman. He cannot afford to look like a loser, which is why he has maintained the feeble myth that Russian forces aren’t fighting in Ukraine, and why he picks targets NATO won’t defend. Any opposing force that threatened to inflict enough damage to pierce Putin’s illusion of invincibility would be enough to cause a real change in his behavior.

But the politicians of the free world know that it is easier and more popular to do nothing and claim to be peacemakers than to endure the criticism that inevitably comes with any action, which is why it will be so hard to break the cycle in Ukraine, Syria, and wherever Putin prods next—whether it’s Libya, the Baltics, or Venezuela. The United States and Europe have overwhelming military and economic advantages over Russia, but their leaders seem to lack the realization that diplomacy has its limits when facing dictators, and that diplomacy is only possible from a position of strength. As long as Putin sends jets and tanks while the West sends blankets and diplomats, the dictator will be calling the shots.
In 1986, Ames told the KGB that he feared he would be a suspect after the loss of several CIA assets. The KGB threw US investigators off his trail by constructing an elaborate diversion whereby a Soviet case officer told a CIA contact that the mole was stationed at Warrenton Training Center (WTC), a secret CIA communications facility in Virginia. US mole hunters investigated 90 employees at WTC for almost a year and came up with ten suspects, although the lead investigator noted that "there are so many problem personalities that no one stands out".[22][23]
- China's efforts amount to a worldwide "market intelligence program," says former FBI analyst Paul D. Moore. "The reality is that China does not practice intelligence the way God intended," he jokes. America's intelligence structure arose during the Cold War to contain the Soviet Union. "In our model, professional intelligence officers go out and do the job," Moore says. "In China's model, anyone and everyone is a potential intelligence asset."
- “Of course, we too practice cyberespionage,” Clapper said. “In a public forum, I won’t say how successful we are at it, but we’re not bad at it. When we talk about what are we going to do to counter espionage, to punish somebody, or retaliate, I at least think it’s a good idea to think about the old saw that people who live in glass houses shouldn’t throw rocks.”

That comment didn’t sit well with the committee’s chairman, Sen. John McCain, a Republican from Arizona.

“So it’s OK for them to steal our secrets that are most important, including our fighters, because we live in a glass house?” McCain asked. “That is astounding.”

Clapper replied, “I’m not saying it’s a good thing. I’m just saying that both nations engage in this.”
- “We should not have one-sided evaluations. People fell in love in the camps, people got pregnant; it wasn’t all bad,” he says, attributing negative information about the camps to a western campaign against Russia. “It was fashionable to say bad things about the USSR. Now it is again fashionable to insult Russia. We have sanctions against us. The west looks for negative things.”

Panikarov’s views on the Gulag are part of a larger trend. With the Soviet victory in the second world war elevated to a national rallying point under Vladimir Putin’s presidency, the forced labour camps, through which millions of Soviet citizens passed, are seen by many as an unfortunate but necessary by-product. In many museums and in much public discourse, the Gulag is not ignored completely, but is “contextualised” in a way that plays down the horror and pairs it with the war, suggesting the two come as a package.
- "If you want to hit an aircraft carrier, you just drop a bomb on the flight deck, and that puts the carrier out of action," he said, saying flight deck incidents have caused many deadly carrier fires over the years.

"You get a weapon — the bigger the better — and put it on the flight deck, preferably when they're launching, recovering or arming aircraft," Polmar said. Or, he added, "You knock out the propellers" with a torpedo designed to home in on their movement.
- As for new technology, Rear Admiral Ma said China has tested a new launch system “many times” and that all tests so far have gone quite smoothly. Ma spoke of “breakthroughs” in an electromagnetic catapult launch system for the new carrier. The new technology will set it apart from the Liaoning, which uses a more-outdated “ski jump” launch system. Breakthroughs in developing a catapult system would result in an “enormous increase” in the flight radius and payload of carrier-based aircraft, Ma said. With this technology, Ma claimed, China will be on par with or even more advanced than the United States.

Ma would not confirm, however, that the new technology was being used on the carrier currently under construction. Admiral Liu said the new carrier would “definitely” have areas of improvement over the Liaoning but declined to provide any specifics, saying the construction process is “extremely complicated.”
- China and Germany agreed to work on stopping economic cyber spying between the two nations amid mounting concern that the thousands of small- and medium-sized companies that form the backbone of German industry are ill-equipped to repel hacking attacks.

Similar no-spy agreements exist between China and the U.S. as well as the U.K., Merkel said Thursday in Beijing. Germany, the Asian nation’s biggest European trade partner, seeks such a deal “very quickly,” and China agreed, she told reporters after talks with Chinese Premier Li Keqiang.
- Britain spends £37.4 billion on its military budget, the fifth largest in the world.

Of this, £19.5bn is with British industry but less than half of new contracts are put out to competitive tender.

BAE Systems, Britain’s largest manufacturer, is the main supplier. In 2014 only 8 per cent of its contracts with the MoD were competitive.

Over 60 per cent of British arms sales are to the war-torn Middle East. Since 1945, British forces have carried out armed intrusions in foreign countries on 25 occasions — more than any other nation, including the US and Russia. Syria awaits.

Over the past 25 years Britain has spent £34bn on such interventions, mainly in Iraq and Afghanistan, where the army suffered significant military defeats.

This sum increases to £42bn if compensation for injury and death is included, plus a further £30bn on long-term care for veterans.

The consequences for the people of those countries are now only too visible, with thousands of refugees leaving their homes to seek respite in Europe from bombing, shelling and starvation.
- "By keeping silent," said Mr Shlosberg, "Russia's rulers have shown how far away they are from the Russian people -- on such unreachable heights that they hear nothing, feel nothing and understand nothing. The landing of their aircraft will not be a soft one."
- Back in 2004, when Australia was in the process of negotiating a trade deal with the United States — one that John Howard initiated — we were told that there would be no changes to the Pharmaceutical Benefit Scheme, the great scheme that ensures that all Australians, no matter their economic status, will have access to medicines at a reasonable price.

The US pharmaceutical industry hates the PBS with a passion because it would love to get Australians to pay much higher prices than what we do. Howard knew that it would be political poison, especially with an election due in 2004, to say anything indicating that the Americans would be able to manipulate the PBS. But that is precisely what happened.
- Young children brought up not believing in God are more likely to be generous and tolerant than those who grow up in a religious household, a study has suggested.

Agnostic and atheist kids were significantly more likely to share than children whose parents were religious, researchers claimed.

But children who believe in God were more likely to be vengeful and back harsher punishments for those who hurt others, they said.

It is suggested this is because religious children feel as they are going to heaven they are less concerned about the consequences of being mean.
- “Yeah, the good old prosperous days when US had a country that cared about Israel and our own morality. We stopped communism dead in South America. Consider how things would be now if Obama had been running things then. Instead of an Islamic Spring, we’d have had a Commie Spring. Mexico under communist rule, our borders being overrun worse than they are now, was a viable possibility back then. Cuba would’ve been thrilled. Even Jimmy Carter would have been happy.”

What a load of crap. America back in the 80s faced very different threats than today, and even Reagan didn’t let Israel control our foreign policy in the Middle East. Imagine where we would be now if Alfred E. Bush hadn’t invaded Iraq, or enacted his economic policies that cratered our economy. Whichever President that took over after GW would have had to make similar choices to what current administration has done. We are simply tapped out economically and militarily to repeat what was done during the Cold War, let alone shoving our weight around the world. Grow up.
- A central thrust of Soviet propaganda throughout the Cold War was to portray all Soviet misconduct, however outrageous, as no different from what the West was doing — including the propaganda itself. Accordingly, if the West accused the Kremlin of some gross wrongdoing, it was promptly depicted as another hypocritical attempt to belittle the Soviet Union. To a degree it worked: Many Russians, lacking any direct experience of the West, accepted a moral equivalence between their system and Western democracy — along with an instinctive fear of a world forever scheming against them. Alas, this approach has become an integral part of Vladimir Putin’s Russia.

CryptogramPersonal Data Sharing by Mobile Apps

Interesting research:

"Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps," by Jinyan Zang, Krysta Dummit, James Graves, Paul Lisker, and Latanya Sweeney.

We tested 110 popular, free Android and iOS apps to look for apps that shared personal, behavioral, and location data with third parties.

73% of Android apps shared personal information such as email address with third parties, and 47% of iOS apps shared geo-coordinates and other location data with third parties.

93% of Android apps tested connected to a mysterious domain,, likely due to a background process of the Android phone.

We show that a significant proportion of apps share data from user inputs such as personal information or search terms with third parties without Android or iOS requiring a notification to the user.

EDITED TO ADD: News article.

Worse Than FailureError'd: Who Stole the Search Box?!

"Why, thank you, Microsoft, I do need assistance with... wait a minute!" Steve L. writes.


"It's like you could click OK, but the app really doesn't want you to," wrote Miroslaw


"So, according to IBM's site, addresses only required for the US or Canada, so why am I being asked to enter it for Australia? WTF!," wrote Chris.


Mark writes, "I'm with you, Tundra, I blame my parents for a lot of things too."


"OneDrive is so great that it already has my future photos available," Tim N. wrote.


"I can't say for sure, but I think the analysis shows that either I have some bad code on my hands or my machine sucks," writes James D.


Kelly B. writes, "I went to get my stuff off the printer at work but it appeared to have passed."


"Dublin, Ireland near Los Angeles?! Heck, that isn't even close to Dublin, California!" wrote Catherine H.


[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Rondam RamblingsThose who live by the wingnut shall die by the wingnut

I must confess to engaging in more than a little schadenfreude in watching the Republican party leadership reaping what they have sown.Less than three months before the kickoff Iowa caucuses, there is growing anxiety bordering on panic among Republican elites about the dominance and durability of Donald Trump and Ben Carson and widespread bewilderment over how to defeat them. Party leaders and

Planet Linux AustraliaSteven Hanley: [mtb] Happy Jacks and Jagungal wilderness ride on NYE 2012

David, Julie and Alex with Jagungal in the background (fullsize)
Alex and I had been thinking we should head up to near Jagungal and check out some of the trails through the wilderness there to ensure bikes could get through. This to ensure our planned route through for the next Canberra to Kosci Ride would work better than the previous one.

We decided to do a new years eve mtb ride on our single speeds in the wilderness around Mt Jagungal (the northern most mountain in Australia over 2000 metres). David and Julie came along for the fun, though I did not have my camera I was able to get my phone out easily through the day and get some good photos. They are all online in my Happy Jacks Jagungal Ride Album. Nice day out and and awesome way to finish off the year even though we arrived back in canberra tired and ready for sleep around midnight.


LongNowSteven Johnson takes a Long Now Perspective on the Superintelligence Threat


Steven Johnson, former Seminar speaker & author of How We Got to Now, recently wrote on the dangers of A.I. on his blog “How We Got To Next“. He discusses evolutionary software, the existential threat of A.I., before concluding with a meditation of long-term thinking and The Long Now Foundation:

One of the hallmarks of human intelligence is our long-term planning; our ability to make short-term sacrifices in the service of more distant goals. But that planning has almost never extended beyond the range of months or, at best, a few years. Wherever each of us individually happens to reside on Mount Einstein, as a species we are brilliant problem-solvers. But we have never used our intelligence to solve a genuinely novel problem that doesn’t exist yet, a problem we anticipate arising in the distant future based on our examination of current trends.

“This is the function of science fiction. To parse, debate, rehearse, question, and prepare us for the future of new.”

To be clear, humans have engineered many ingenious projects with the explicit aim of ensuring that they last for centuries: pyramids, dynasties, monuments, democracies. Some of these creations, like democratic governance, have been explicitly designed to solve as-of-yet-undiscovered problems by engineering resilience and flexibility into their codes and conventions. But mostly those exercises in long-term planning have been all about preserving the current order, not making a preemptive move against threats that might erupt three generations later. In a way, the closest analogue to the current interventions on climate (and the growing AI discussion) are eschatological: in religious traditions that encourage us to make present-day decisions based on an anticipated Judgement Day that may not arrive for decades, or millennia.

No institution in my knowledge has thought more about the history and future of genuinely long-term planning than the Long Now Foundation, and so I sent an email to a few of its founders asking if there were comparable examples of collective foresight in the historical record. “The Dutch in planning their dykes may have been planning for 100-year flood levels, and the Japanese apparently had generational tsunami levels for village buildings. However, both of these expectations are more cyclical than emergent,” Kevin Kelly wrote back. He went on to say:

I think you are right that this kind of exercise is generally new, because we all now accept that the world of our grandchildren will be markedly different than our world — which was not true before.

I believe this is the function of science fiction. To parse, debate, rehearse, question, and prepare us for the future of new. For at least a century, science fiction has served to anticipate the future. I think you are suggesting that we have gone beyond science fiction by crafting laws, social manners, regulations, etc., that anticipate the future in more concrete ways. In the past there have been many laws prohibiting new inventions as they appeared. But I am unaware of any that prohibited inventions before they appeared.

I read this as a cultural shift from science fiction as entertainment to science fiction as infrastructure — a necessary method of anticipation.

Stewart Brand sounded a note of caution. “Defining potential, long-term problems is a great public service,” he wrote. “Over-defining solutions early on is not. Some problems just go away on their own. For others, eventual solutions that emerge are not at all imaginable from the start.”

Read the full article on Steven Johnson’s blog

Cory DoctorowScholarly article on activism and technology in my YA novels

Anika Ullmann, a graduate student in Cultural Studies Leuphana University in Luneberg, Germany, has published a paper on the relationship of my young adult novels to political radicalism, the hacker ethic and the “First Days of a Better Nation.” I found it a great and insightful read, and Annika kindly made a copy available for you to read, too!

CryptogramTesting the Usability of PGP Encryption Tools

"Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client," by Scott Ruoti, Jeff Andersen, Daniel Zappala, and Kent Seamons.

Abstract: This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt to use Mailvelope to communicate with each other. Our results shown that more than a decade and a half after Why Johnny Can't Encrypt, modern PGP tools are still unusable for the masses. We finish with a discussion of pain points encountered using Mailvelope, and discuss what might be done to address them in future PGP systems.

I have recently come to the conclusion that e-mail is fundamentally unsecurable. The things we want out of e-mail, and an e-mail system, are not readily compatible with encryption. I advise people who want communications security to not use e-mail, but instead use an encrypted message client like OTR or Signal.

Google AdsenseThe time is now for multi-screen

We live in an exciting time, where the number and variety of connected devices are growing at a rapid pace. People are coming online for the first time, and they’re accessing the Web through a mobile device.

Having a solid multi-screen strategy will help you prepare for the next wave of mobile web users. By following the simple steps below, we can help set you up for success on mobile web and answer questions like: How will my users react?, how do I keep my brand identity?, and what will happen to my earnings?

1. Test your site 
Start by understanding how your site currently runs on mobile devices. Use Google PageSpeed Insights to see how your site is performing on mobile and identify your site’s most crucial needs and what to take care of first.

2. Pick your strategy
Next, it’s time to make a choice on which multi-screen strategy to move forward with. The most common solutions are:

The choice is yours and all strategies have both pros and cons. When making the decision, you should consider the following:

  • Do I want to serve the same content to all platforms? If so, a responsive design should do the trick.
  • What’s more important; speed or flexibility? A separate mobile site or dynamic serving allows for better optimization.
  • Do I have the resources to maintain more than one site? Responsive design can help you save valuable time and resources.
  • What kind of technical capabilities do I have? Pick a strategy that best suits your skill set.

3. Follow best practices
We’ve finally made it to the fun part – building the site. No matter what solution you choose, every multi-screen developer should follow these general rules of thumb.

  • Focus on the main action that you want the user to take: While you had plenty of space on desktop, you’ll have to be resourceful on mobile.
  • Make your navigation easy to understand: Users want quick access to key actions, so make things easy to find.
  • Use existing design paradigms: Do you already have a brand identity on your desktop site? Reuse the same design elements when possible. Try adapting to the user’s device, for example using Material Design for Android: users like familiarity.
  • Make sure videos work: Design your look and feel and page animations using modern web technologies. Read more about Look and Feel for video in our Web Fundamentals guide.
  • Limit image-based text: Make use of web fonts when possible. Mobile means lower bandwidth.
  • Simplify payment processes: Auto-populate shipping addresses and contact details. Use existing payment solutions such as Google Wallet.

4. Avoid common mistakes
Learn from other developers by checking out some of the most common mistakes on mobile sites. This can save you time as you plan and launch your multi-screen strategy.

We hope these guidelines are useful when thinking about your multi-screen strategy. Let us know if you have any other tips that have worked well for you in the comments below.

Not yet an AdSense user? Sign up now!

Posted by Felix Nermark
Marketing Communication Specialist

Sociological ImagesWhere do we learn whom we should perceive negatively?

We often think that as long as a white person doesn’t fly the Confederate flag, use the n-word, or show up to a white supremacist rally that they aren’t racist. However, researchers at Harvard and the Ohio State University, among others, have shown that even whites who don’t endorse racist beliefs tend to be biased against non-whites. This bias, though, is implicit: it’s subconscious and activated in decisions we make that are faster than our conscious mind can control.

You can test your own implicit biases here. Millions of people have.

But where do these negative subconscious attitudes come from? And when do they start?

The Kirwan Institute for the study of race and ethnicity has found that we learn them early and often from the mass media. As an example, consider this seemingly harmless digital billboard for Hiperos, a company that works to protect clients against risk online. The ad implies that, as a business, you need to be leery of working with third parties. Of particular risk is exposure to bribery or corruption. Whom can you trust? Who are the people you should be afraid of? Who might be corrupt?

I took a photo of each of the ads as they cycled through. Turns out, the company portrays people you should be worried about as mostly non-white or not-quite-white.


Who is untrustworthy? Those that seem exotic: brown people, black people, Asian people, Latinos, Italian “mobsters,” foreigners. 4 5 6

There were comparatively few non-Hispanic whites represented: 7

Of course, this company’s advertising alone could not powerfully influence whom we consider suspicious, but stuff like this — combined with thousands of other images in the news, movies, and television shows — sinks into our subconscious, teaching us implicitly to fear some kinds of people and not others.

For more, see the original post on

Todd Beer, PhD is an Assistant Professor at Lake Forest College, a liberal arts college north of Chicago. His blog, SOCIOLOGYtoolbox, is a collection of tools and resources to help instructors teach sociology and build an active sociological imagination. 

(View original at