Planet Russell

,

RacialiciousWill ESPN Tell Doug Glanville’s Story?

By Arturo R. García

Doug Glanville during his playing days with the Philadelphia Phillies. Image via Section215.com

An ESPN analyst is involved in what could be one of the most interesting stories of the year — depending, in part, on whether the network decides to cover it.

Doug Glanville is among the many former pro baseball players who contributes to the network’s Major League Baseball coverage. But he’s also penned columns for The New York Times and Time, on top of writing his own biography. But it’s his work this week for The Atlantic that has garnered attention.

Instead of covering his life on the baseball field, though, his column this week discussed his experience with a more commonplace aspect of life in America: racial profiling. Outside his own home.

This past February, Glanville wrote, he was clearing snow from the driveway of his Hartford, Connecticut home — located roughly 20 minutes from ESPN’s headquarters in Bristol — when he was approached by a police officer from West Hartford:

I noted the strangeness of his being in Hartford — an entirely separate town with its own police force — so I thought he needed help. He approached me with purpose, and then, without any introduction or explanation he asked, “So, you trying to make a few extra bucks, shoveling people’s driveways around here?”

All of my homeowner confidence suddenly seemed like an illusion.

It would have been all too easy to play the “Do you know who I am?” game. My late father was an immigrant from Trinidad who enrolled at Howard University at age 31 and went on to become a psychiatrist. My mother was an important education reformer from the South. I graduated from an Ivy League school with an engineering degree, only to get selected in the first round of the Major League Baseball draft. I went on to play professionally for nearly 15 years, retiring into business then going on to write a book and a column for The New York Times. Today, I work at ESPN in another American dream job that lets me file my taxes under the description “baseball analyst.”

But I didn’t mention any of this to the officer. I tried to take his question at face value, explaining that the Old Tudor house behind me was my own. The more I talked, the more senseless it seemed that I was even answering the question. But I knew I wouldn’t be smiling anymore that day.

After a few minutes, he headed back to his vehicle. He offered no apology, just an empty encouragement to enjoy my shoveling. And then he was gone.

And it’s not like Glanville lives in a “rough” neighborhood, either; he states in the column that he lives near not only Hartford Mayor Pedro Segarra, but Gov. Dannel Malloy and one state senator. Hartford police soon confirmed that the West Hartford officer was outside his jurisdiction, something that was not mentioned in a statement released on Tuesday by the latter department.

Instead, West Hartford police said the officer was looking for a “Black male, in his 40′s, wearing a brown jacket and carrying a snow shovel,” who had allegedly broken the town’s ban on door-to-door soliciting by asking a homeowner if he could shovel snow from their driveway for a fee. That person was later located and given a verbal warning.

“While the officer’s actions in searching for the suspicious party were completely appropriate, we wish he had taken the extra time to introduce himself to Mr. Glanville and to explain the purpose of the question,” the West Hartford Police’s statement read. “We have discussed this with the officer and will work to remind all of our officers of the importance of good interpersonal skills and taking time, when practical, to explain their actions.”

Before sharing his story with ESPN or the Times, though, Glanville continued his conversation with West Hartford authorities:

In my case, the officer had not only spoken to me without respect but had crossed over into a city where West Hartford’s ordinance didn’t even apply.

But as we spoke, I found myself thinking of the people who have to deal with far more extreme versions of racial profiling on a regular basis and don’t have the ability to convene meetings at Town Hall. As an article in the April issue of The Atlantic points out, these practices have “side effects.” They may help police find illegal drugs and guns, but they also disenfranchise untold numbers of people, making them feel like suspects … all of the time.

In reaching out for understanding, I learned that there is a monumental wall separating these towns. It is built with the bricks of policy, barbed by racially charged anecdotes, and cemented by a fierce suburban protectionism that works to safeguard a certain way of life. The mayor of West Hartford assured me that he championed efforts to diversify his town, and the chief of police told me he is active in Connecticut’s statewide Racial and Ethnic Disparity Commission in the Criminal Justice System. (He also pointed me to a 2011 article he wrote for Police Chief Magazine, addressing many of the same issues I raised.) I hope their continued efforts can help traverse this class- and race-based barrier, which unfortunately grows even more impenetrable with experiences such as mine.

Glanville’s encounter points to intersections of not only sport and race, but class and profiling, and of law and stereotypes. But a quick check of ESPN’s online listings for him shows that the topic hasn’t been broached. If Glanville is up to it, here’s to hoping it spurs a more in-depth discussion on these issues on the network. Considering that the network covers athletes’ legal issues as thoroughly as it would the average ballgame — a positive, it should be said — Glanville already offers ESPN exactly the kind of person who can approach these issues with the kind of nuance they deserve. Even if, unfortunately, he can rely on his lived experience in doing so.

[Top image via Doug Glanville's official Facebook page]

The post Will ESPN Tell Doug Glanville’s Story? appeared first on Racialicious - the intersection of race and pop culture.

Worse Than FailureSecure Development

Steven's multi-billion dollar tech firm spared no expense in providing him two computers. One was stuffed in a broom closet down the hall; he used it for email, Internet access, and other administrative items. At his cubicle sat the computer on which he did all his programming, connected to the company's separated development environment (SDE).

The SDE was a company-wide network that existed in parallel to the normal network. No Internet connectivity, and login was only possible with an RSA SecurID dongle. The stated purpose was to provide a secure environment for software development. The other devs on Steven's team had their own SDE boxes for the same purpose.

Bank of the West Los Altos branch vault

One day, the Java install on Steven's SDE machine took a core dump and rolled around in it. Unfortunately, he couldn't troubleshoot the machine himself. Only SDE administrators could install or alter configurations on those boxes.

Steven logged a ticket. Within an hour, he was watching an SDE admin reinstall Java for him. Once the admin had unchecked all the predatory toolbar options and got the install going, he frowned at some files sitting in Steven's current working folder.

"Are these .exe files?" he asked.

Steven mirrored the frown with confusion. "Those are my team's development tools and deliverables."

"Is this approved software? Did we install these for you?"

"No. We wrote the code for those and built them."

"You can't install files on this machine!" the admin exclaimed.

"I didn't install them," Steven returned. "I compiled our first-party source code, developed entirely within the SDE, and created those .exe files. That's my job!"

"So you did install them!" the admin cried with gotcha flair.

Steven gaped. "That's not what the word 'install' means!"

Java had finished (actually) installing. The SDE admin left with a righteous gleam in his eye, which Steven shook off. Surely this wasn't going anywhere. If the admin tried to report anything, someone would fetch a dictionary, and everything would be fine.

Well, no. A few days later, Steven's entire team received an email stating they were in violation of Cyber Security policy for installing "malicious, unapproved" software on their SDE machines. The message ended with a sinister promise: Disciplinary actions are forthcoming.

Their immediate boss was powerless to defuse it. The case automatically escalated to Human Resources. The whole developer team was forced into numerous interviews with the sort of drones who couldn't hack Accounting or Finance in business school.

"All we did was develop software in the environment we were provided to develop our software in!" they explained for the umpteenth time.

Unblinking incomprehension. "Why did you install this software on your machines?"

"We didn't install anything! We compiled source code- the source code this company pays us to develop!"

"Well, is it malicious?"

"Of course it's not malicious! Some of this stuff is customer deliverables! We also have myriad scripts and some Java code. We've been doing this in the SDE per company policy for well over a year!"

"What's a Java?"

At the end of these interrogations, Steven's team was ordered to keep working, but immediately cease generating any "prohibited files." If they dared create one more project deliverables, they faced termination.

How are we supposed to meet our deadlines? Steven clicked Send on the email copied to numerous managers.

He and his team sat on their thumbs for a day. Finally, someone shed light on the real problem: the SDE team's definition of the word "install" was so ambiguous, it covered everything from putting down an SDK to setting an adorable kitten picture as one's desktop background.

The head of Cyber Security issued a development exception for Steven's team. They were allowed to develop software on the SDE, as long as all .exe's, .lib's, and other generated files were manually tracked within a shared drive Excel spreadsheet that locked up whenever someone forgot to close it. In the meantime, the SDE admins were to set up a special "development system" for Steven's team, where they'd officially be allowed to develop code. A high-level issue was raised against Cyber Security and the SDE admins to properly define the term "install" and adjust their policies accordingly.

Steven's team was assured they'd get their special dev system well before their development exception expired. Their skepticism toward this promise was entirely merited.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Planet DebianRichard Hartmann: secure password storage

Dear lazyweb,

for obvious reaons I am in the process of cycling out a lot of passwords.

For the last decade or so, I have been using openssl.vim to store less-frequently-used passwords and it's still working fine. Yet, it requires some manual work, not least of which manually adding random garbage at the start of the plain text (and in other places) every time I save my passwords. In the context of changing a lot of passwords at once, this has started to become tedious. Plus, I am not sure if a tool of the complexity and feature-set of Vim is the best choice for security-critical work on encrypted files.

Long story short, I am looking for alternatives. I did some research but couldn't come up with anything I truly liked; as there's bound to be tools which fit the requirements of like-minded people, I decided to ask around a bit.

My personal short-list of requirements is:

  • Strong crypto
  • CLI-based
  • Must add random padding at the front of the plain text and ideally in other places as well
  • Should ideally pad the stored file to a few kB so size-based attacks are foiled
  • Must not allow itself to be swapped out, etc
  • Must not be hosted, cloud-based, as-a-service, or otherwise compromised-by-default
  • Should offer a way to search in the decrypted plain text, nano- or vi-level of comfort are fine
  • Both key-value storage or just a large free-form text area would be fine with a slight preference for free-form text

Any and all feedback appreciated. Depending on the level of feedback, I may summarize my own findings and suggestions into a follow-up post.

Planet DebianAndrew Pollock: [life] Day 78: Alginate, dragon boats and relatives

I ordered some alginate the other day, and it arrived yesterday, but we were out, so I had to pick it up from the post office this morning.

Anshu and I picked it up before Zoe was dropped off. We had a couple of attempts at making some, but didn't quite get the ratios or the quantity right, and we were too slow, so we'll have to try again. The plan is to try and make a cast of Zoe's hand, since we were messing around with plaster of Paris recently. I've found a good Instructable to try and follow.

Nana and her dragon boating team were competing in the Australian Dragon Boat Championships over Easter, and her first race was today. It also ended up that today was the best day to try and go and watch, so when she called to say her first race would be around noon, I quickly decided we should jump in the car and head up to Kawana Waters.

We abandoned the alginate, and I slapped together a picnic lunch for Zoe and I, and we bid Anshu farewell and drove up.

Zoe's fever seemed to break yesterday afternoon after Sarah picked her up, and she slept well, but despite all that, she napped in the car on the way up, which was highly unusual, but helped pass the time. She woke up when we arrived. I managed to get a car park not too far from the finish line, and we managed to find Nana, whose team was about the enter the marshaling area.

Her boat was closest to the shore we were watching from, and her boat came second in their qualifying round for the 200 metre race, meaning they went straight through to the semi-finals.

The semi-finals were going to be much later, and I wanted to capitalise on the fact that we were going to have to drive right past my Mum and Dad's place on the way home to try and see my sister and her family, since we missed them on Monday.

We headed back after lunch and a little bit of splashing around in the lake, and ended up staying for dinner at Mum and Dad's. Zoe had a great time catching up with her cousin Emma, and fooling around with Grandpa and Uncle Michael.

She got to bed a little bit late by the time we got home, but I'm hopeful she'll sleep well tonight.

Planet DebianDavid Pashley: Bad Password Policies

After the whole Heartbleed fiasco, I’ve decided to continue my march towards improving my online security. I’d already begun the process of using LastPass to store my passwords and generate random passwords for each site, but I hadn’t completed the process, with some sites still using the same passwords, and some having less than ideal strength passwords, so I spent some time today improving my password position. Here’s some of the bad examples of password policy I’ve discovered today.

First up we have Live.com. A maximum of 16 characters from the Microsoft auth service. Seems to accept any character though.

Screenshot from 2014-04-15 21:36:57

 

This excellent example is from creditexpert.co.uk, one of the credit agencies here in the UK. They not only restrict to 20 characters, they restrict you to @, ., _ or |. So much for teaching people how to protect themselves online.

Screenshot from 2014-04-15 17:38:28

Here’s Tesco.com after attempting to change my password to ”QvHn#9#kDD%cdPAQ4&b&ACb4x%48#b”. If you can figure out how this violates their rules, I’d love to know. And before you ask, I tried without numbers and that still failed so it can’t be the “three and only three” thing. The only other idea might be that they meant “‘i.e.” rather than “e.g.”, but I didn’t test that.

Screenshot from 2014-04-15 16:20:17

Edit: Here is a response from Tesco on Twitter:

Screenshot from 2014-04-16 07:47:58

Here’s a poor choice from ft.com, refusing to accept non-alphanumeric characters. On the plus side they did allow the full 30 characters in the password.

Screenshot from 2014-04-15 15:22:08

 

The finest example of a poor security policy is a company who will remain nameless due to their utter lack of security. Not only did they not use HTTPS, they accepted a 30 character password and silently truncated it to 20 characters. The reason I know this is because when I logged out and tried to log in again and then used the “forgot my password” option, they emailed me the password in plain text.

I have also been setting up two-factor authentication where possible. Most sites use the Google Authenticator application on your mobile to give you a 6 digit code to type in in addition to your password. I highly recommend you set it up too. There’s a useful list of sites that implement 2FA and links to their documentation at http://twofactorauth.org/.

I realise that my choice LastPass requires me to trust them, but I think the advantages outweigh the disadvantages of having many sites using the same passwords and/or low strength passwords. I know various people cleverer than me have looked into their system and failed to find any obvious flaws.

Remember people, when you implement a password, allow the following things:

  • Any length of password. You don’t have to worry about length in your database, because when you hash the password, it will be a fixed length. You are hashing your passwords aren’t you?
  • Any character. The more possible characters that can be in your passwords, the harder it will be to brute force, as you are increasing the number of permutations a hacker needs to try.

If you are going to place restrictions, please make sure the documentation matches the implementation, provide a client-side implementation to match and provide quick feedback to the user, and make sure you explicitly say what is wrong with the password, rather than referring back to the incorrect documentation.

There are also many JS password strength meters available to show how secure the inputted passwords are. They are possibly a better way of providing feedback about security than having arbitrary policies that actually harm your security. As someone said to me on twitter, it’s not like “password is too strong” was ever a bad thing.

The post Bad Password Policies appeared first on David Pashley.com.

,

TEDA $5 million challenge for a tech solution to help community college students graduate

<iframe class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/NcmdoL4Smh8?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Ani Okkasian was the first in her family to go to college. “My parents escaped a communist country and got to the [United] States with $700 in their pocket,” she says. And so, when she participated in a TEDActive 2014 workshop held by the Robin Hood Foundation to brainstorm ways to help community college students graduate, she offered an insight from her own college experience: these students may feel like they’re floating on their own.

Community colleges offer access to higher education for more than 8 million students a year in the United States, many of them from low-income backgrounds and, like Okkasian, the first in their family to go to college. Robin Hood has identified a pattern at play on community college campuses; a large number of students require remedial classes before moving on, but only 28% of students who take them earn their degree, even 8.5 years later. Hoping to change this, Robin Hood has launched a $5 million College Success Prize—a venture capital-sized award for a technology solution to keep community college students on track to graduate in three years. The solution could help students improve their writing and problem solving, or could focus on building social and behavioral skills that are also a part of success.

It’s in the space of the social where Okkasian, who is now an adjunct professor at Woodbury University and the Marketing and Communications Manager for the Los Angeles Area Chamber of Commerce, saw an opportunity. “On a fundamental level, I identify with the type of students that Robin Hood is trying to help,” she says. “I felt it was my responsibility to participate in [the TEDActive] workshop and provide insights from firsthand experience.”

The workshop began with attendees thinking about who students in remedial classes are: How old are they? What do their lives look like outside of school? What kind of access do they have to mentorship? From there, they broke into three groups for rapid-fire brainstorming, each group scrawling an intricate tangle of Post-It notes before them.

Okkasian liked that her team brought together thinkers from different backgrounds, and noticed that everyone seemed to agree on one core idea: that letting students know they are not alone could make a difference. “We chose to focus on the idea of a small learning network for the students most at risk of dropping out,” she says. “We realized that social connections could be the conduit for content that will enable these students to succeed.”

Her team’s excitement for the idea has continued, even after TEDActive. “We have some Google hangouts scheduled,” she says. “We’re excited to put the final touches on our idea and submit it for consideration.”

They have time to polish it. The College Success Prize works something like an incubator—there are three rounds, starting with an application process that’s open through the end of June 2014. Semi-finalists will receive $40,000 in funding to get their idea rolling and, in January, three finalists will be picked to receive $60,000 more in development money, along with help from consultants ideas42. These three solutions will then be tested starting in the fall of 2015 on a sample of 2,000 CUNY community college students. Over the course of a three-year trial, finalists will receive cash as they reach target goals. Any team whose solution leads to a 15 percent increase in students graduating in three years will split a grand prize of $3.5 million.

Robin Hood’s senior vice president says the idea of the challenge is to get people with interesting insights, like Okkasian, working on the problem. “Education is the silver bullet when it comes to fighting poverty, and we want the biggest thinkers, and the most innovative developers and designers to step up to the challenge,” he says.

TEDActive attendees deep in thought at the Robin Hood College Success workshop. Photo: Sarah Nickerson

TEDActive attendees deep in thought at the Robin Hood College Success workshop. Photo: Sarah Nickerson

Just a bit of the Post-It sprawl that ensued. Photo: Sarah Nickerson

Just a bit of the Post-It sprawl that ensued. Photo: Sarah Nickerson

A group presents its ideas to the rest of the workshop. Photo: Sarah Nickerson

A group presents its ideas to the rest of the workshop. Photo: Sarah Nickerson

Read more about the remedial course problem »

Read more about the Robin Hood College Success Prize »

Read more about the Robin Hood TEDActive workshop »


Planet DebianPetter Reinholdtsen: FreedomBox milestone - all packages now in Debian Sid

The Freedombox project is working on providing the software and hardware to make it easy for non-technical people to host their data and communication at home, and being able to communicate with their friends and family encrypted and away from prying eyes. It is still going strong, and today a major mile stone was reached.

Today, the last of the packages currently used by the project to created the system images were accepted into Debian Unstable. It was the freedombox-setup package, which is used to configure the images during build and on the first boot. Now all one need to get going is the build code from the freedom-maker git repository and packages from Debian. And once the freedombox-setup package enter testing, we can build everything directly from Debian. :)

Some key packages used by Freedombox are freedombox-setup, plinth, pagekite, tor, privoxy, owncloud and dnsmasq. There are plans to integrate more packages into the setup. User documentation is maintained on the Debian wiki. Please check out the manual and help us improve it.

To test for yourself and create boot images with the FreedomBox setup, run this on a Debian machine using a user with sudo rights to become root:

sudo apt-get install git vmdebootstrap mercurial python-docutils \
  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
  u-boot-tools
git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
  freedom-maker
make -C freedom-maker dreamplug-image raspberry-image virtualbox-image

Root access is needed to run debootstrap and mount loopback devices. See the README in the freedom-maker git repo for more details on the build. If you do not want all three images, trim the make line. Note that the virtualbox-image target is not really virtualbox specific. It create a x86 image usable in kvm, qemu, vmware and any other x86 virtual machine environment. You might need the version of vmdebootstrap in Jessie to get the build working, as it include fixes for a race condition with kpartx.

If you instead want to install using a Debian CD and the preseed method, boot a Debian Wheezy ISO and use this boot argument to load the preseed values:

url=http://www.reinholdtsen.name/freedombox/preseed-jessie.dat

I have not tested it myself the last few weeks, so I do not know if it still work.

If you wonder how to help, one task you could look at is using systemd as the boot system. It will become the default for Linux in Jessie, so we need to make sure it is usable on the Freedombox. I did a simple test a few weeks ago, and noticed dnsmasq failed to start during boot when using systemd. I suspect there are other problems too. :) To detect problems, there is a test suite included, which can be run from the plinth web interface.

Give it a go and let us know how it goes on the mailing list, and help us get the new release published. :) Please join us on IRC (#freedombox on irc.debian.org) and the mailing list if you want to help make this vision come true.

TEDWhat is the TED Prize (and how can you win next year’s)?

<iframe class="youtube-player" frameborder="0" height="315" src="http://www.youtube.com/embed/EYKWB3symA0?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="560"></iframe>

What do a British chef, a Newcastle University professor and an anti-corruption activist have in common? They’re all winners of the TED Prize – a cash award, currently for $1,000,000, given annually to a forward-thinking individual with a fresh, bold vision for sparking global change to make the world a better place.

The Prize begins with a big wish – one that will motivate people around the world to get involved. Imagine an inspiring, high-impact idea that needs the support of a global community of activists, big thinkers and social entrepreneurs. Each TED Prize winner is a rare and powerful combination: someone who knows how to capture imaginations as well as how to make a measurable impact. From Jamie Oliver’s Food Revolution (2010) to Sugata Mitra’s School in the Cloud (2013) to our most recent Prize winner Charmian Gooch and her campaign against anonymous corporations, the TED Prize has helped to tackle child obesity, advance education, improve global health and inspire art around the world.

Note: we may just have announced Charmian’s win, but we’re already looking for our 2015 winner. The deadline for this year’s applications is March 31, so nominate yourself — or someone else you think might fit the bill. Anyone can win the TED Prize, including TED Fellows, speakers and community members. Here’s a guide to filling out the nomination form – and here some tips for writing a killer application. Good luck!


LongNowExplore Urban Infrastructure at the MacroCity Conference, May 30-31

macrocity-01

We rarely see in full the cities that we live in. Focused on our daily lives, urban dwellers are often only dimly aware of the numerous, enmeshed layers of critical infrastructure that quietly hum in the background to make modern life possible.

Come and explore the amazing stories and surprising histories to be found lurking just below the surface of our cities at MacroCity, a two-day, whirlwind tour of this bigger picture of urban life. The event brings together a diverse set of panelists, speakers, and participants to explore the vast, often overlooked networks of infrastructure that surround us. The line-up includes rogue archivist and Lost Landscapes creator Rick Prelinger, as well as Laci Videmsky of the New California Water Atlas.

The schedule also includes a variety of field trips, offering an opportunity to explore first-hand some of the vast networks of infrastructure that sustain the Bay Area.

Organized by the Bay Area Infrastructure Observatory, the conference will take place on May 30-31 at SPUR and the Brava Theater in San Francisco. The Long Now Foundation is partnering with BAIO on the event, and Long Now members receive a 25% discount on tickets – please check your email for your discount code.

Field trips will take place on May 30th, with most of the speakers scheduled for May 31st. A basic pass to the talks can be reserved for $100; the deluxe pass for $150 includes access to a field trip, as well. Half-price tickets are available for members of the nonprofit community; please see the event registration page for more information.

Sociological ImagesHappy Birthday, Emile Durkheim!

Source: Deviant Art.

Have a scholar we should commemorate? Send us a cool pic and we will!

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Geek FeminismThat’s not a Linkspam. THIS is a Linkspam (15 April 2014)

  • So You’ve Got Yourself a Policy. Now What? | Stephanie Zvan at Freethough Blogs (April 10): “We know from situations in which they’ve failed that “zero-tolerance” policies, policies in which any act that is deemed to be unacceptable results in expulsion and exclusion, don’t work well. They fail in three main ways. People who are against harassment policies in general are quick to point out that they leave no room for honest mistakes. They are correct when talking about zero-tolerance policies, even if they make the same criticism about all policies.”
  • What’s Missing from Journalists’ Tactic of Snagging Stories from Twitter? Respect. | Tina Vasquez at bitchmedia (March 21): “Christine Fox does not consider herself a social justice advocate. On March 12, Fox’s timeline took a decidedly different turn. That night, to illustrate that there is no correlation between clothing and sexual assault, Fox asked her more than 12,000 followers to share what they were wearing when they were sexually assaulted. It was the first time Fox facilitated a conversation on this scale and it was also the first time she publicly shared her story as an assault survivor. She walked away from her computer that night feeling positive about what took place—and many tweeted to thank her, saying that through the tears, the discussion felt healing. But the next morning, Fox felt her hands go shaky. She felt nauseous and sweaty. She’d later learn from followers on Twitter that after reading through hundreds of tweets about assault, she had likely “triggered” herself, a term she was relatively unfamiliar with. Still, she knew something powerful had happened and she was proud to have sparked it. And then BuzzFeed came along and fucked everything up.”
  • My Cane is Not A Costume – Convention Exclusions and Ways to Think About Oppression at Cons | Derek Newman-Stille at Speculating Canada (April 7): “On a regular basis at speculative and other fan conventions, I get knocked around, shoved, pushed out of the way. People assume that because I am using a cane, I am taking up more than my fair space, after all, I have THREE whole legs on the ground (two legs and a cane). I hope this is because they assume that my cane is the equivalent to their lightsaber, a performative piece, a part of a costume… That is my hope. However, I have seen issues of systemic ableism at cons.”
  • Why are People Perennially Surprised By Internet Misogyny? | s.e. smith at meloukhia.net (April 14): “I have a confession: I was tempted to cut and paste this piece, since I’m pretty sure I’ve written it before. I realized that my desire to cut and paste was kind of an indicator of how endlessly circular this topic is, though. [...] I really don’t know how many times people need to say this before the message will sink through: the internet is a dangerous place for women. It’s especially dangerous for women living at the intersections of multiple marginalisations.”
  • Collecting Inspiration with Supersisters | Liz Zanis at The Metropolitan Museum of Art (April 3): “Published in 1979, the Supersisters trading cards were a playful, informative, and accessible way to spread feminism to younger audiences. The series was inspired by Lois Rich’s daughter, an eight-year-old baseball-card collector, who asked why there weren’t any pictures of girls on the cards. With a grant from the New York State Education Department, Lois Rich and her sister, Barbara Egerman, contacted five hundred women of achievement and created cards of the first seventy-two to respond.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on PinboardDelicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Krebs on SecurityHardware Giant LaCie Acknowledges Year-Long Credit Card Breach

Computer hard drive maker LaCie has acknowledged that a hacker break-in at its online store exposed credit card numbers and contact information on customers for the better part of the past year. The disclosure comes almost a month after the breach was first disclosed by KrebsOnSecurity.

On Mar. 17, 2014, this blog published evidence showing that the Web storefront for French hardware giant LaCie (now owned by Seagate) had been compromised by a group of hackers that broke into dozens of online stores using security vulnerabilities in Adobe’s ColdFusion software. In response, Seagate said it had engaged third-party security firms and that its investigation was ongoing, but that it had found no indication that any customer data was compromised.

The Lacie.com Web site as listed in the control panel of a botnet of hacked ecommerce sites.

The Lacie.com Web site as listed in the control panel of a botnet of hacked ecommerce sites.

In a statement sent to this reporter on Monday, however, Seagate allowed that its investigation had indeed uncovered a serious breach. Seagate spokesman Clive J. Over said the breach may have exposed credit card transactions and customer information for nearly a year beginning March 27, 2013. From his email:

“To follow up on my last e-mail to you, I can confirm that we did find indications that an unauthorized person used the malware you referenced to gain access to information from customer transactions made through LaCie’s website.”

“The information that may have been accessed by the unauthorized person includes name, address, email address, payment card number and card expiration date for transactions made between March 27, 2013 and March 10, 2014. We engaged a leading forensic investigation firm, who conducted a thorough investigation into this matter. As a precaution, we have temporarily disabled the e-commerce portion of the LaCie website while we transition to a provider that specializes in secure payment processing services. We will resume accepting online orders once we have completed the transition.”

Security and data privacy are extremely important to LaCie, and we deeply regret that this happened. We are in the process of implementing additional security measures which will help to further secure our website. Additionally, we sent notifications to the individuals who may have been affected in order to inform them of what has transpired and that we are working closely and cooperatively with the credit card companies and federal authorities in their ongoing investigation.

It is unclear how many customer records and credit cards may have been accessed during the time that the site was compromised; Over said in his email that the company did not have any additional information to share at this time.

As I noted in a related story last month, Adobe ColdFusion vulnerabilities have given rise to a number of high profile attacks in the past. The same attackers who hit LaCie also were responsible for a breach at jam and jelly maker Smuckers, as well as Alpharetta, Ga. based credit card processor SecurePay.

In February, a hacker in the U.K. was charged with accessing computers at the Federal Reserve Bank of New York in October 2012 and stealing names, phone numbers and email addresses using ColdFusion flaws. According to this Business Week story, Lauri Love was arrested in connection with a sealed case which claims that between October 2012 and August 2013, Love hacked into computers belonging to the U.S. Department of Health and Human Services, the U.S. Sentencing Commission, Regional Computer Forensics Laboratory and the U.S. Department of Energy.

According to multiple sources with knowledge of the attackers and their infrastructure, this is the very same gang responsible for an impressive spree of high-profile break-ins last year, including:

-An intrusion at Adobe in which the attackers stole credit card data, tens of millions of customer records, and source code for most of Adobe’s top selling software (ColdFusion,Adobe Reader/Acrobat/Photoshop);

-A break-in targeting data brokers LexisNexis, Dun & Bradstreet, and Kroll.

-A hack against the National White Collar Crime Center, a congressionally-funded non-profit organization that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime.

RacialiciousOpen Thread: Scandal 3.17, “Flesh and Blood”

By Arturo R. García

We now pause to honor Eli’s (Joe Morton) BOSS entrance.

Finally, the chickens came home to roost on Scandal‘s penultimate episode of the season.

Unfortunately, they came for the writers.

While it’s natural for this episode to serve as the introduction for multiple points of tension heading into the finale, the whole turned out more overcooked than the sum of its parts. And for this show, that’s saying something. Let’s take each of them one-by-one.

1. It’s six days before the election!: As we’ve talked about in the past, the lack of attention to any notion of a campaign (past dramatic speeches every now and then) during this stretch of the season made hearing this the biggest surprise of the episode. (So much so that the writers apparently felt the need to have everybody remind us over and over). Nobody’s asking this show to turn into a documentary, but the campaign process literally takes years. So setting this episode so close to the election felt like an albatross trying to fly its way to plausibility, not knowing the eight-episode structure for this arc clipped its wings from the outset.

2. Sally and Leo have an evil plan!: The lack of an actual campaign also undercuts Sally’s sudden attempt at an underhanded Hail Mary. Viewers barely saw her get over killing her husband, and now she’s trying to land the killing blow on Fitz’s campaign? Her candidacy barely has a reason to exist at this point. Also, it would’ve been nice to see how Leo set up his deal with the Evil High-Schooler; nobody on this show is exactly a good person, but one hates to think he’s like a political Woodeston when he’s off the clock.

“Bring my baby home.” Yes, ma’am.

3. Maya has an evil plan!: This was actually the highlight of the episode. The feint — tricking everyone into thinking she and Adnan wanted to blow Fitz up at his campaign stop — was well-constructed, the revelation that it was her who killed Senator MacGuffin felt earned, and Khandi Alexander more than delivered in her spotlight moments. Not only that, but the shot of Maya sneaking into the OliviaCave while Huck and Quinn were en flagrante crassus — some super-spies they are — was a rare moment in this episode where the show’s style outshone its attempt to pile on narrative substance.

Fitz (Tony Goldwyn) and Olivia (Kerry Washington), in the spotlight again.

4. Olivia and Fitz and Jake and Olivia!: At one point, Jake served as a serviceable counterpoint to Fitz. But since becoming Command, he’s devolved into the other side of the melodramatic coin. It’s not even clear anymore whether he has a real reason to want to be Olivia besides, she’s there and she was there and she won’t ditch both of them altogether. And now, instead of one lovelorn argument per week, we get two. That’s screen time that, to put it mildly, might have done more service to other characters.

5. Harrison’s trapped! Rowan is dying!: If I had to guess, I’d say both will pull through — after all, if Rowan were going to die, he would have done so at the end of this episode. But we’ll see how that all plays out.

Meanwhile, Racializens, what’s your predictions for next week?

The post Open Thread: Scandal 3.17, “Flesh and Blood” appeared first on Racialicious - the intersection of race and pop culture.

Planet Linux AustraliaChris Samuel: Lunar Eclipse 15th April 2014

Tonight Melbourne got to experience the tail end of a lunar eclipse as the moon rose in eclipse at 17:48. We took a friend on a trip up to the (apparently now closed) Olinda Golf Course to view the moon rise. It was nice and clear and after roaming around a bit to find a place where we should have been able to see the eclipsed moon we found a suitable spot but couldn’t see the moon itself. Mars was visible in the right area but of course the salient point of a lunar eclipse is that the moon is in the earths shadow and so wasn’t findable until it started to exit at third contact. Got a few photos, of which this was the best.

Lunar Eclipse 15th April 2014 taken from Olinda Golf Course

We had to head back down the hill as Donna had an appointment at 7pm but later on our friend called up and said excitedly “Have you seen the moon? Go and look!”. I went out to see but the hills were still in the way then, so later on I headed out with the camera once the moon was visible and got some more photos as the moon headed towards fourth contact (when it exits the shadow of the Earth).

Lunar Eclipse 15th April 2014 taken from Upper Ferntree Gully
Lunar Eclipse framed in gum leaves, 15th April 2014 taken from Upper Ferntree Gully
Lunar Eclipse through trees, poles and wires - 15th April 2014 taken from Upper Ferntree Gully
Lunar Eclipse shortly before fourth contact, 15th April 2014 taken from Upper Ferntree Gully

This item originally posted here:

Lunar Eclipse 15th April 2014

RacialiciousQuoted: The Worst Justification Ever For Not Casting People Of Color

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="345" src="http://www.youtube.com/embed/_OSaJE2rqxU" width="615"></iframe>

From the beginning, we were concerned about casting, the issue of race. What we realized is that this story is functioning at the level of myth, and as a mythical story, the race of the individuals doesn’t matter. They’re supposed to be stand-ins for all people. Either you end up with a Bennetton ad or the crew of the Starship Enterprise. You either try to put everything in there, which just calls attention to it, or you just say, ‘Let’s make that not a factor, because we’re trying to deal with everyman.’ Looking at this story through that kind of lens is the same as saying, ‘Would the ark float and is it big enough to get all the species in there?’ That’s irrelevant to the questions because the questions are operating on a different plane than that; they’re operating on the mythical plane.

– Ari Handel, screenwriter for “Noah,” as told to The High Calling

The post Quoted: The Worst Justification Ever For Not Casting People Of Color appeared first on Racialicious - the intersection of race and pop culture.

CryptogramAuditing TrueCrypt

Recently, Matthew Green has been leading an independent project to audit TrueCrypt. Phase I, a source code audit by iSEC Partners, is complete. Next up is Phase II, formal cryptanalysis.

Quick summary: I'm still using it.

Planet DebianBálint Réczey: Proposing amd64-hardened architecture for Debian

Facing last week’s Heartbleed bug the need for improving the security of our systems became more apparent than usually. In Debian there are widely used methods for Hardening packages at build time and guidelines for improving the default installations’ security.

Employing such methods usually come at an expense, for example slower code execution of binaries due to additional checks or additional configuration steps when setting up a system. Balancing between usability and security Debian chose an approach which would satisfy the most users by using C/C++ features which only slightly decrease execution speed of built binaries and by using reasonable defaults in package installations.

All the architectures supported by  Debian aims using the same methods for enhancing security but it does not have to stay the same way. Amd64 is the most widely used architecture of Debian according to popcon and amd64 hardware comes with powerful CPU-s. I think there would be a significant amount of people (being one of them :-)) who would happily use a version of Debian with more security features enabled by default sacrificing some CPU power and installing and setting up additional packages.

My proposal for serving those security-focused users is introducing a new architecture targeting amd64 hardware, but with more security related C/C++ features turned on for every package (currently hardening has to be enabled by the maintainers in some way) through compiler flags as a start.

Introducing the new architecture would also let package maintainers enabling additional dependencies and build rules selectively for the new architecture improving the security further. On the users’ side the advantage of having a separate security enhanced architecture instead of a Debian derivative is the potential of installing a set of security enhanced packages using multiarch. You could have a fast amd64 installation as a base and run Apache or any other sensitive server from the amd64-hardened packages!

I have sent the proposal for discussion to debian-dev, too. Please join the discussion there or leave a comment here.

Worse Than FailureCodeSOD: I Had My Reasons

Trevor spent a huge amount of time writing a 2,000,000+ PHP/JavaScript/HTML system for an e-commerce company. Like a few other I'm-Special geniuses in our field, he believed that he could do it better than everyone else. For this reason, he came up with his own way of doing things. Database queries. Date-time logic. You name it.

Some time back, Kenzal was brought on as a senior developer to work on the e-commerce system. As he spelunked his way through the system, Kenzal would find some piece of puzzling code and ask Trevor what he was going for, or why he did it that way. Trevor would invariably respond: I had my reasons.

Kenzal encounterd this particular snippet in the "critical logic" in the batch creation process, around 7,500 lines into in the 10K+ LOC invoice manger file, somewhere after running the query and checking for results:

<?php
  $m = $SYSTEM->getValue('FULFILLMENT_CART_CONFIG');
  if ($m == '') $m = 'LLLLSSSSSSSSLLLLLLLL'; 
  $m  = strtoupper($m); 
  $t  = $this->db->getDataset(); 
  $n  = sizeof($t); 
  $sp = 0; 
  $lp = $n - 1; 
  $info = array(); 
  for ($i=0; $i<$n; $i++) {
      $info[$i] = array();
      if (substr($m,$i,1) == 'L') {
         foreach ($t[$lp] as $k => $v) $info[$i][$k] = $v;
         --$lp;
      }
      else {
         foreach ($t[$sp] as $k => $v) $info[$i][$k] = $v;
         ++$sp;
      }
  }
  return (array(0,$info));
?>

Rather than just simply returning the result set, Trevor decided that the results needed to be reordered according to the value of some random string, manually popping and de-queuing the values in the array. When queried as to why he would write something like that, Trevor replied with his usual: I had my reasons.

Both Trevor and his code have since been replaced. When Trevor was asked to leave, he was told (among other things) that they had their reasons. All of the above code has since been replaced with:

<?php
`return (array(0,$this->db->getDataset()));`
?>
[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Cory DoctorowHomeland Audiobook

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="30" mozallowfullscreen="true" src="https://archive.org/embed/HomelandChapter01" webkitallowfullscreen="true" width="500"></iframe>


Wil Wheaton reads this independently produced audio edition of Homeland, which also includes Jacob Appelbaum's reading of his own afterword, and Noah Swartz reading his brother Aaron Swartz's afterword.

Kelvin ThomsonWe Should Examine Free Trade Agreements

We have seen a lot of knee jerk triumphalism about the signing of free trade agreements recently with Korea and Japan. But what does it really mean for Australia, especially Australian workers? In the case of the Korea-Australia Free Trade Agreement (KAFTA), possibly more local unemployment.<o:p></o:p>

On the one hand Australia has agreed not to apply Labour Market Testing under the Korea FTA. But Korea has reserved the right to request employers for evidence that they have conducted labor market testing. In particular, the provision states: ‘Labour market testing may be required as a condition for temporary entry of, or numerical restriction may be imposed relating to, temporary entry for professionals’.<o:p></o:p>

Free trade has turned into a euphemism for accommodating the agendas of transnational corporations, in this case of the Korea FTA, an increased use of 457 Temporary Migrant Workers. <o:p></o:p>

Already, Gina Rinehart’s Roy Hill is using up to 200 white-collar 457visa workers, half of which are Korean nationals, and many of whom are women, clocking up 84 hours a week. Many are not working in the occupations approved for their visas – a breach of the sponsoring employer’s obligations, and this despite Roy Hill claiming it was so inundated with job applications from locals that it did not need to use 457 visas. The ‘free movement of labour’ on the free trade agenda of corporations is nothing more than a vehicle to race to the bottom on local wages and conditions. <o:p></o:p>

The secrecy under which these agreements are being negotiated and then signed undermines democracy and comes at the expense of local health, labour and environmental laws. <o:p></o:p>

At a time when over 713,000 Australians are unemployed and we have a crisis in youth unemployment the Liberal Government should be looking for and supporting local solutions, not exacerbating this problem by opening the door to even larger migrant worker programs. <o:p></o:p>

Kelvin ThomsonLeave the CSIRO Alone

It is bad enough that the Liberal Government does not have a Science Minister and has treated the research of climate scientists with disdain and contempt, apparently preferring the climate science of a nineteenth century poet. But funding cuts for the CSIRO would be immensely damaging for Australia’s future. We need a focus on innovation and applied science that the CSIRO is world renowned for. It is one of Australia’s genuine competitive advantages, and it needs to be protected and encouraged, not reduced and diminished.<o:p></o:p>

And it is about time we stopped cutting funding for Government agencies through the use of the euphemism of “efficiency dividends”, when agencies are already required to become more efficient each year in order to meet the needs of a population which is now growing by 1.8%, and grew by over 400,000 people last year. Any agency which services a population growing at such a rate, with a budget which is only increased by the CPI to take inflation into account, is by definition becoming more efficient and should not be penalised with additional cuts.<o:p></o:p>

The Prime Minister says the government should be judged by its performance in the area of science, rather than whether it has a Science Minister. Its treatment of the CSIRO Budget will indeed enable its performance to be judged.<o:p></o:p>

Planet DebianAndrew Pollock: [life] Day 77: Port of Brisbane tour

Sarah dropped Zoe around this morning at about 8:30am. She was still a bit feverish, but otherwise in good spirits, so I decided to stick with my plan for today, which was a tour of the Port of Brisbane.

Originally the plan had been to do it with Megan and her Dad, Jason, but Jason had some stuff to work on on his house, so I offered to take Megan with us to allow him more time to work on the house uninterrupted.

I was casting around for something to do to pass the time until Jason dropped Megan off at 10:30am, and I thought we could do some foot painting. We searched high and low for something I could use as a foot washing bucket, other than the mop bucket, which I didn't want to use because of potential chemical residue. I gave up because I couldn't anything suitable, and we watched a bit of TV instead.

Jason dropped Megan around, and we immediately jumped in the car and headed out to the Port. I missed the on ramp for the M4 from Lytton Road, and so we took the slightly longer Lytton Road route, which was fine, because we had plenty of time to kill.

The plan was to get there for about 11:30am, have lunch in the observation cafe on the top floor of the visitor's centre building, and then get on the tour bus at 12:30pm. We ended up arriving much earlier than 11:30am, so we looked around the foyer of the visitor's centre for a bit.

It was quite a nice building. The foyer area had some displays, but the most interesting thing (for the girls) was an interactive webcam of the shore bird roost across the street. There was a tablet where you could control the camera and zoom in and out on the birds roosting on a man-made island. That passed the time nicely. One of the staff also gave the girls Easter eggs as we arrived.

We went up to the cafe for lunch next. The view was quite good from the 7th floor. On one side you could look out over the bay, notably Saint Helena Island, and on the other side you got quite a good view of the port operations and the container park.

Lunch didn't take all that long, and the girls were getting a bit rowdy, running around the cafe, so we headed back downstairs to kill some more time looking at the shore birds with the webcam, and then we boarded the bus.

It was just the three of us and three other adults, which was good. The girls were pretty fidgety, and I don't think they got that much out of it. The tour didn't really go anywhere that you couldn't go yourself in your own car, but you did get running commentary from the driver, which made all the difference. The girls spent the first 5 minutes trying to figure out where his voice was coming from (he was wired up with a microphone).

The thing I found most interesting about the port operations was the amount of automation. There were three container terminals, and the two operated by DP World and Hutchinson Ports employed fully automated overhead cranes for moving containers around. Completely unmanned, they'd go pick a container from the stack and place it on a waiting truck below.

What I found even more fascinating was the Patrick terminal, which used fully automated straddle carriers, which would, completely autonomously move about the container park, pick up a container, and then move over to a waiting truck in the loading area and place it on the truck. There were 27 of these things moving around the container park at a fairly decent clip.

Of course the girls didn't really appreciate any of this, and half way through the tour Megan was busting to go to the toilet, despite going before we started the tour. I was worried about her having an accident before we got back, she didn't, so it was all good.

I'd say in terms of a successful excursion, I'd score it about a 4 out of 10, because the girls didn't really enjoy the bus tour all that much. I was hoping we'd see more ships, but there weren't many (if any) in port today. They did enjoy the overall outing. Megan spontaneously thanked me as we were leaving, which was sweet.

We picked up the blank cake I'd ordered from Woolworths on the way through on the way home, and then dropped Megan off. Zoe wanted to play, so we hung around for a little while before returning home.

Zoe watched a bit more TV while we waited for Sarah to pick her up. Her fever picked up a bit more in the afternoon, but she was still very perky.

Planet DebianDirk Eddelbuettel: BH release 1.54.0-2

Yesterday's release of RcppBDT 0.2.3 lead to an odd build error. If one used at the same time a 32-bit OS, a compiler as recent as g++ 4.7 and the Boost 1.54.0 headers (directly or via the BH package) then the file lexical_cast.hpp barked and failed to compile for lack of an 128-bit integer (which is not a surprise on a 32-bit OS).

After looking at this for a bit, and looking at some related bug report, I came up with a simple fix (which I mentioned in an update to the RcppBDT 0.2.3 release post). Sleeping over it, and comparing to the Boost 1.55 file, showed that the hunch was right, and I have since made a new release 1.54.0-2 of the BH package which contains the fix.

Changes in version 1.54.0-2 (2014-04-14)

  • Bug fix to lexical_cast.hpp which now uses the test for INT128 which the rest of Boost uses, consistent with Boost 1.55 too.

Courtesy of CRANberries, there is also a diffstat report for the most recent release.

Comments and suggestions are welcome via the mailing list or issue tracker at the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet DebianColin Watson: Porting GHC: A Tale of Two Architectures

We had some requests to get GHC (the Glasgow Haskell Compiler) up and running on two new Ubuntu architectures: arm64, added in 13.10, and ppc64el, added in 14.04. This has been something of a saga, and has involved rather more late-night hacking than is probably good for me.

Book the First: Recalled to a life of strange build systems

You might not know it from the sheer bulk of uploads I do sometimes, but I actually don't speak a word of Haskell and it's not very high up my list of things to learn. But I am a pretty experienced build engineer, and I enjoy porting things to new architectures: I'm firmly of the belief that breadth of architecture support is a good way to shake out certain categories of issues in code, that it's worth doing aggressively across an entire distribution, and that, even if you don't think you need something now, new requirements have a habit of coming along when you least expect them and you might as well be prepared in advance. Furthermore, it annoys me when we have excessive noise in our build failure and proposed-migration output and I often put bits and pieces of spare time into gardening miscellaneous problems there, and at one point there was a lot of Haskell stuff on the list and it got a bit annoying to have to keep sending patches rather than just fixing things myself, and ... well, I ended up as probably the only non-Haskell-programmer on the Debian Haskell team and found myself fixing problems there in my free time. Life is a bit weird sometimes.

Bootstrapping packages on a new architecture is a bit of a black art that only a fairly small number of relatively bitter and twisted people know very much about. Doing it in Ubuntu is specifically painful because we've always forbidden direct binary uploads: all binaries have to come from a build daemon. Compilers in particular often tend to be written in the language they compile, and it's not uncommon for them to build-depend on themselves: that is, you need a previous version of the compiler to build the compiler, stretching back to the dawn of time where somebody put things together with a big magnet or something. So how do you get started on a new architecture? Well, what we do in this case is we construct a binary somehow (usually involving cross-compilation) and insert it as a build-dependency for a proper build in Launchpad. The ability to do this is restricted to a small group of Canonical employees, partly because it's very easy to make mistakes and partly because things like the classic "Reflections on Trusting Trust" are in the backs of our minds somewhere. We have an iron rule for our own sanity that the injected build-dependencies must themselves have been built from the unmodified source package in Ubuntu, although there can be source modifications further back in the chain. Fortunately, we don't need to do this very often, but it does mean that as somebody who can do it I feel an obligation to try and unblock other people where I can.

As far as constructing those build-dependencies goes, sometimes we look for binaries built by other distributions (particularly Debian), and that's pretty straightforward. In this case, though, these two architectures are pretty new and the Debian ports are only just getting going, and as far as I can tell none of the other distributions with active arm64 or ppc64el ports (or trivial name variants) has got as far as porting GHC yet. Well, OK. This was somewhere around the Christmas holidays and I had some time. Muggins here cracks his knuckles and decides to have a go at bootstrapping it from scratch. It can't be that hard, right? Not to mention that it was a blocker for over 600 entries on that build failure list I mentioned, which is definitely enough to make me sit up and take notice; we'd even had the odd customer request for it.

Several attempts later and I was starting to doubt my sanity, not least for trying in the first place. We ship GHC 7.6, and upgrading to 7.8 is not a project I'd like to tackle until the much more experienced Haskell folks in Debian have switched to it in unstable. The porting documentation for 7.6 has bitrotted more or less beyond usability, and the corresponding documentation for 7.8 really isn't backportable to 7.6. I tried building 7.8 for ppc64el anyway, picking that on the basis that we had quicker hardware for it and didn't seem likely to be particularly more arduous than arm64 (ho ho), and I even got to the point of having a cross-built stage2 compiler (stage1, in the cross-building case, is a GHC binary that runs on your starting architecture and generates code for your target architecture) that I could copy over to a ppc64el box and try to use as the base for a fully-native build, but it segfaulted incomprehensibly just after spawning any child process. Compilers tend to do rather a lot, especially when they're built to use GCC to generate object code, so this was a pretty serious problem, and it resisted analysis. I poked at it for a while but didn't get anywhere, and I had other things to do so declared it a write-off and gave up.

Book the Second: The golden thread of progress

In March, another mailing list conversation prodded me into finding a blog entry by Karel Gardas on building GHC for arm64. This was enough to be worth another look, and indeed it turned out that (with some help from Karel in private mail) I was able to cross-build a compiler that actually worked and could be used to run a fully-native build that also worked. Of course this was 7.8, since as I mentioned cross-building 7.6 is unrealistically difficult unless you're considerably more of an expert on GHC's labyrinthine build system than I am. OK, no problem, right? Getting a GHC at all is the hard bit, and 7.8 must be at least as capable as 7.6, so it should be able to build 7.6 easily enough ...

Not so much. What I'd missed here was that compiler engineers generally only care very much about building the compiler with older versions of itself, and if the language in question has any kind of deprecation cycle then the compiler itself is likely to be behind on various things compared to more typical code since it has to be buildable with older versions. This means that the removal of some deprecated interfaces from 7.8 posed a problem, as did some changes in certain primops that had gained an associated compatibility layer in 7.8 but nobody had gone back to put the corresponding compatibility layer into 7.6. GHC supports running Haskell code through the C preprocessor, and there's a __GLASGOW_HASKELL__ definition with the compiler's version number, so this was just a slog tracking down changes in git and adding #ifdef-guarded code that coped with the newer compiler (remembering that stage1 will be built with 7.8 and stage2 with stage1, i.e. 7.6, from the same source tree). More inscrutably, GHC has its own packaging system called Cabal which is also used by the compiler build process to determine which subpackages to build and how to link them against each other, and some crucial subpackages weren't being built: it looked like it was stuck on picking versions from "stage0" (i.e. the initial compiler used as an input to the whole process) when it should have been building its own. Eventually I figured out that this was because GHC's use of its packaging system hadn't anticipated this case, and was selecting the higher version of the ghc package itself from stage0 rather than the version it was about to build for itself, and thus never actually tried to build most of the compiler. Editing ghc_stage1_DEPS in ghc/stage1/package-data.mk after its initial generation sorted this out. One late night building round and round in circles for a while until I had something stable, and a Debian source upload to add basic support for the architecture name (and other changes which were a bit over the top in retrospect: I didn't need to touch the embedded copy of libffi, as we build with the system one), and I was able to feed this all into Launchpad and watch the builders munch away very satisfyingly at the Haskell library stack for a while.

This was all interesting, and finally all that work was actually paying off in terms of getting to watch a slew of several hundred build failures vanish from arm64 (the final count was something like 640, I think). The fly in the ointment was that ppc64el was still blocked, as the problem there wasn't building 7.6, it was getting a working 7.8. But now I really did have other much more urgent things to do, so I figured I just wouldn't get to this by release time and stuck it on the figurative shelf.

Book the Third: The track of a bug

Then, last Friday, I cleared out my urgent pile and thought I'd have another quick look. (I get a bit obsessive about things like this that smell of "interesting intellectual puzzle".) slyfox on the #ghc IRC channel gave me some general debugging advice and, particularly usefully, a reduced example program that I could use to debug just the process-spawning problem without having to wade through noise from running the rest of the compiler. I reproduced the same problem there, and then found that the program crashed earlier (in stg_ap_0_fast, part of the run-time system) if I compiled it with +RTS -Da -RTS. I nailed it down to a small enough region of assembly that I could see all of the assembly, the source code, and an intermediate representation or two from the compiler, and then started meditating on what makes ppc64el special.

You see, the vast majority of porting bugs come down to what I might call gross properties of the architecture. You have things like whether it's 32-bit or 64-bit, big-endian or little-endian, whether char is signed or unsigned, that sort of thing. There's a big table on the Debian wiki that handily summarises most of the important ones. Sometimes you have to deal with distribution-specific things like whether GL or GLES is used; often, especially for new variants of existing architectures, you have to cope with foolish configure scripts that think they can guess certain things from the architecture name and get it wrong (assuming that powerpc* means big-endian, for instance). We often have to update config.guess and config.sub, and on ppc64el we have the additional hassle of updating libtool macros too. But I've done a lot of this stuff and I'd accounted for everything I could think of. ppc64el is actually a lot like amd64 in terms of many of these porting-relevant properties, and not even that far off arm64 which I'd just successfully ported GHC to, so I couldn't be dealing with anything particularly obvious. There was some hand-written assembly which certainly could have been problematic, but I'd carefully checked that this wasn't being used by the "unregisterised" (no specialised machine dependencies, so relatively easy to port but not well-optimised) build I was using. A problem around spawning processes suggested a problem with SIGCHLD handling, but I ruled that out by slowing down the first child process that it spawned and using strace to confirm that SIGSEGV was the first signal received. What on earth was the problem?

From some painstaking gdb work, one thing I eventually noticed was that stg_ap_0_fast's local stack appeared to be being corrupted by a function call, specifically a call to the colourfully-named debugBelch. Now, when IBM's toolchain engineers were putting together ppc64el based on ppc64, they took the opportunity to fix a number of problems with their ABI: there's an OpenJDK bug with a handy list of references. One of the things I noticed there was that there were some stack allocation optimisations in the new ABI, which affected functions that don't call any vararg functions and don't call any functions that take enough parameters that some of them have to be passed on the stack rather than in registers. debugBelch takes varargs: hmm. Now, the calling code isn't quite in C as such, but in a related dialect called "Cmm", a variant of C-- (yes, minus), that GHC uses to help bridge the gap between the functional world and its code generation, and which is compiled down to C by GHC. When importing C functions into Cmm, GHC generates prototypes for them, but it doesn't do enough parsing to work out the true prototype; instead, they all just get something like extern StgFunPtr f(void);. In most architectures you can get away with this, because the arguments get passed in the usual calling convention anyway and it all works out, but on ppc64el this means that the caller doesn't generate enough stack space and then the callee tries to save its varargs onto the stack in an area that in fact belongs to the caller, and suddenly everything goes south. Things were starting to make sense.

Now, debugBelch is only used in optional debugging code; but runInteractiveProcess (the function associated with the initial round of failures) takes no fewer than twelve arguments, plenty to force some of them onto the stack. I poked around the GCC patch for this ABI change a bit and determined that it only optimised away the stack allocation if it had a full prototype for all the callees, so I guessed that changing those prototypes to extern StgFunPtr f(); might work: it's still technically wrong, not least because omitting the parameter list is an obsolescent feature in C11, but it's at least just omitting information about the parameter list rather than actively lying about it. I tweaked that and ran the cross-build from scratch again. Lo and behold, suddenly I had a working compiler, and I could go through the same build-7.6-using-7.8 procedure as with arm64, much more quickly this time now that I knew what I was doing. One upstream bug, one Debian upload, and several bootstrapping builds later, and GHC was up and running on another architecture in Launchpad. Success!

Epilogue

There's still more to do. I gather there may be a Google Summer of Code project in Linaro to write proper native code generation for GHC on arm64: this would make things a good deal faster, but also enable GHCi (the interpreter) and Template Haskell, and thus clear quite a few more build failures. Since there's already native code generation for ppc64 in GHC, getting it going for ppc64el would probably only be a couple of days' work at this point. But these are niceties by comparison, and I'm more than happy with what I got working for 14.04.

The upshot of all of this is that I may be the first non-Haskell-programmer to ever port GHC to two entirely new architectures. I'm not sure if I gain much from that personally aside from a lot of lost sleep and being considered extremely strange. It has, however, been by far the most challenging set of packages I've ported, and a fascinating trip through some odd corners of build systems and undefined behaviour that I don't normally need to touch.

XKCD Whatif One-Second Day

One-Second Day

What would happen if the Earth's rotation were sped up until a day only lasted one second?

—Dylan

If this is going to happen, I hope it doesn't happen late in the afternoon next Friday.

The Earth rotates,[citation needed] which means its midsection is being flung outward by centrifugal force.[1]Which is still a real thing. This centrifugal force isn't strong enough to overcome gravity and tear the Earth apart, but it's enough to flatten the Earth slightly and make it so you weigh almost a pound less at the Equator than you do at the poles.[2]This is due to several effects, including centrifugal force, the flattened shape of the Earth, and the fact that if you go far enough toward the pole in North America people start offering you poutine.

If the Earth (and everything on it) were suddenly sped up so that a day only lasted one second, the Earth wouldn't even last a single day.[3]Either kind. The Equator would be moving at over 10% of the speed of light. Centrifugal force would become much stronger than gravity, and the material that makes up the Earth would be flung outward.

You wouldn't die instantly—you might survive for a few milliseconds or even seconds. That might not seem like much, but compared to the speed at which you'd die in other What If articles involving relativistic speeds, it's pretty long.

The Earth's crust and mantle would break apart into building-sized chunks. By the time a second[4]I mean, a day. had passed, the atmosphere would have spread out too thin to breathe—although even at the relatively stationary poles, you probably wouldn't survive long enough to asphyxiate.

In the first few seconds, the expansion would shatter the crust into spinning fragments and kill just about everyone on the planet, but that's relatively peaceful compared to what would happen next.

Everything would be moving at relativistic speeds, but each piece of the crust would be moving at close to the same speed at its neighbors. This means things would be relatively calm ... until the disk hit something.

The first obstacle would be the belt of satellites around the Earth. After 40 milliseconds, the ISS would be struck by the edge of the expanding atmosphere and would be vaporized instantly. More satellites would follow. After a second and a half, the disc would reach the belt of geostationary satellites orbiting above the Equator. Each one would release a violent burst of gamma rays as the Earth consumed it.

The debris from the Earth would slice outward like an expanding buzzsaw. The disk would take about ten seconds to pass the Moon, another hour to spread past the Sun, and would span the Solar System within a day or two. Each time the disc engulfed an asteroid, it would spray a flood of energy in all directions, eventually sterilizing every surface in the Solar System.

Since the Earth is tilted, the Sun and the planets aren't usually lined up with the plane of the Earth's equator. They'd have a good chance of avoiding the buzzsaw[5]I keep reading this as "Buzzfeed". directly.

However, Next Friday, April 25th, the Moon will cross the plane of the Earth's equator (as it does every two weeks). If Dylan sped up the Earth at this moment, the Moon would be right in the path of the resulting planetary buzzsaw.

The impact would turn the moon into a comet, sending it rocketing from the Solar System in a spray of debris. The flash of light and heat would be so bright that if you were standing at the surface of the Sun, it would be brighter above you than below. Every surface in the Solar System—Europa's ice, Saturn's rings, and Mercury's rocky crust—would be scoured clean ...

... by moonlight.

,

Kelvin ThomsonAlarming Rise in Long-Term Youth Unemployment

There are few things more demoralising or destructive of self-esteem and life chances than long-term unemployment. It is therefore alarming that long-term youth unemployment in Australia has tripled in the past six years.<o:p></o:p>

In 2008 there were 19,500 long-term unemployed young people in Australia. Now there are 56,800. In Victoria there are now 81,900 unemployed young people. 14,000 of them have not worked at all in the past 12 months. It is outrageous that we make it so hard for these young people to break out of this trap by bringing in ever increasing numbers of migrant workers on both the permanent and temporary migrant worker programs. Last year net overseas migration was 240,000, and we now have over a million people from overseas in Australia on temporary visas, which give them work rights. How can we seriously expect to bring the unacceptable number of young people who are long-term unemployed down when they are subjected to such ferocious competition for entry-level jobs?<o:p></o:p>

It is not that young people don’t want to work. Many of them apply for dozens, or even hundreds, of jobs without success. This lack of success is damaging their self-confidence and self-esteem and crushing them. Australia is not short of people, or short of workers. What we are lacking is the sense to realise that our migrant worker programs are way too high given the number of people who are ready, willing and able to work.<o:p></o:p>

Planet DebianRichard Hartmann: git-annex corner case: Changing commit messages retroactively and after syncing

This is half a blog post and half a reminder for my future self.

So let's say you used the following commands:

git add foo
git annex add bar
git annex sync
# move to different location with different remotes available
git add quux
git annex add quuux
git annex sync

what I wanted to happen was to simply sync the already committed stuff to the other remotes. What happened instead was git annex sync's automagic commit feature (which you can not disable, it seems) doing its job: Commit what was added earlier and use "git-annex automatic sync" as commit message.

This is not a problem in and as of itself, but as this is my my master annex and as I managed to maintain clean commit messages for the last few years, I felt the need to clean this mess up.

Changing old commit messages is easy:

git rebase --interactive HEAD~3

pick the r option for "reword" and amend the two commit messages. I did the same on my remote and all the branches I could find with git branch -a. Problem is, git-annex pulls in changes from refs which are not shown as branches; run git annex sync and back are the old commits along with a merge commit like an ugly cherry on top. Blegh.

I decided to leave my comfort zone and ended up with the following:

# always back up before poking refs
git clone --mirror repo backup

git reset --hard 1234
git show-ref | grep master
# for every ref returned, do:
  git update-ref $ref 1234

rinse repeat for every remote, git annex sync, et voilà. And yes, I avoided using an actual loop on purpose; sometimes, doing things slowly and by hand just feels safer.

For good measure, I am running

git fsck && git annex fsck

on all my remotes now, but everything looks good up to now.

CryptogramSchneier Talks and Interviews

Here are three articles about me from the last month. Also these three A/V links.

CryptogramSchneier Speaking Schedule: April–May

Here's my upcoming speaking schedule for April and May:

Information about all my speaking engagements can be found here.

LongNowWatermark: New Film by Edward Burtynsky

Every living thing requires water. We humans interact with it in a myriad of ways, numerous times a day. But how often do we consider the complexity of that interaction?

<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/QOPLs_ogF-0" width="560"></iframe>

Renowned photographer and former SALT speaker Edward Burtynsky explores these questions in a new film. Co-directed by Burtynsky and filmmaker Jennifer Baichwal,

Watermark is a feature documentary film that brings together diverse stories from around the globe about our relationship with water: how we are drawn to it, what we learn from it, how we use it and the consequences of that use. … Shot in stunning 5K ultra high-definition video and full of soaring aerial perspectives, this film shows water as a terraforming element and the scale of its reach, as well as the magnitude of our need and use. This is balanced by forays into the particular: a haunting memory of a stolen river, a mysterious figure roaming ancient rice terraces, the crucial data hidden in a million year old piece of ice, a pilgrim’s private ritual among thousands of others at the water’s edge.

The film is part of Burtynsky’s larger Water project, which also includes a book and an exhibition of dramatic large-format photographs. Watermark will be playing at theaters throughout the United States this month and the next; you can find a list of screenings here.

In San Francisco, Watermark will be screened at the Opera Plaza Theater  for one week, starting this Friday, April 18. Come see the film on opening day for a chance to hear Burtynsky speak about the film: he will attend the 4.30 PM and 7.00 PM shows in person for a post-screening Q&A with the audience.

More information about the Water Project book can be found here, and the accompanying photographs will be on exhibit at the Rena Bransten Gallery in San Francisco through the end of the month.

 

Planet DebianDaniel Kahn Gillmor: OTR key replacement (heartbleed)

I'm replacing my OTR key for XMPP because of heartbleed (see below).

If the plain ASCII text below is mangled beyond verification, you can retrieve a copy of it from my web site that should be able to be verified.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

OTR Key Replacement for XMPP dkg@jabber.org
===========================================
Date: 2014-04-14

My main XMPP account is dkg@jabber.org.

I prefer OTR [0] conversations when using XMPP for private
discussions.

I was using irssi to connect to XMPP servers, and irssi relies on
OpenSSL for the TLS connections.  I was using it with versions of
OpenSSL that were vulnerable to the "Heartbleed" attack [1].  It's
possible that my OTR long-term secret key was leaked via this attack.

As a result, I'm changing my OTR key for this account.

The new, correct OTR fingerprint for the XMPP account at dkg@jabber.org is:

  F8953C5D 48ABABA2 F48EE99C D6550A78 A91EF63D

Thanks for taking the time to verify your peers' fingerprints.  Secure
communication is important not only to protect yourself, but also to
protect your friends, their friends and so on.

Happy Hacking,

  --dkg  (Daniel Kahn Gillmor)

Notes:

[0] OTR: https://otr.cypherpunks.ca/
[1] Heartbleed: http://heartbleed.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJTTBF+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB
NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcYwkQAKLzEnTV1lrK6YrhdvRnuYnh
Bh9Ad2ZY44RQmN+STMEnCJ4OWbn5qx/NrziNVUZN6JddrEvYUOxME6K0mGHdY2KR
yjLYudsBuSMZQ+5crZkE8rjBL8vDj8Dbn3mHyT8bAbB9cmASESeQMu96vni15ePd
2sB7iBofee9YAoiewI+xRvjo2aRX8nbFSykoIusgnYG2qwo2qPaBVOjmoBPB5YRI
PkN0/hAh11Ky0qQ/GUROytp/BMJXZx2rea2xHs0mplZLqJrX400u1Bawllgz3gfV
qQKKNc3st6iHf3F6p6Z0db9NRq+AJ24fTJNcQ+t07vMZHCWM+hTelofvDyBhqG/r
l8e4gdSh/zWTR/7TR3ZYLCiZzU0uYNd0rE3CcxDbnGTUS1ZxooykWBNIPJMl1DUE
zzcrQleLS5tna1b9la3rJWtFIATyO4dvUXXa9wU3c3+Wr60cSXbsK5OCct2KmiWY
fJme0bpM5m1j7B8QwLzKqy/+YgOOJ05QDVbBZwJn1B7rvUYmb968yLQUqO5Q87L4
GvPB1yY+2bLLF2oFMJJzFmhKuAflslRXyKcAhTmtKZY+hUpxoWuVa1qLU3bQCUSE
MlC4Hv6vaq14BEYLeopoSb7THsIcUdRjho+WEKPkryj6aVZM5WnIGIS/4QtYvWpk
3UsXFdVZGfE9rfCOLf0F
=BGa1
-----END PGP SIGNATURE-----

Planet DebianChristine Spang: PyCon 2014 retrospective

PyCon 2014 happened. (Sprints are still happening.)

This was my 3rd PyCon, but my first year as a serious contributor to the event, which led to an incredibly different feel. I also came as a person running a company building a complex system in Python, and I loved having the overarching mission of what I'm building driving my approach to what I chose to do. PyCon is one of the few conferences I go to where the feeling of acceptance and at-homeness mitigates the introvert overwhelm at nonstop social interaction. It's truly a special event and community.

Here are some highlights:

  • I gave a tutorial about search, which was recorded in its entirety... if you watch this video, I highly recommend skipping the hands-on parts where I'm just walking around helping people out. :)
  • I gave a talk! It's called Subprocess to FFI, and you can find the video here. Through three full iterations of dry runs with feedback, I had a ton of fun preparing this talk. I'd like to give more like it in the future as I continue to level up my speaking skills.
  • Allen Downey came to my talk and found me later to say hi. Omg amazing, made my day.
  • Aux Vivres and Dieu du Ciel, amazing eats and drink with great new and old friends. Special shout out to old Debian friends Micah Anderson, Matt Zimmerman, and Antoine Beaupré for a good time at Dieu du Ciel.
  • The Geek Feminism open space was a great place to chill out and always find other women to hang with, much thanks to Liz Henry for organizing it.
  • Talking to the community from the Inbox booth on Startup Row in the Expo hall on Friday. Special thanks for Don Sheu and Yannick Gingras for making this happen, it was awesome!
  • The PyLadies lunch. Wow, was that amazing. Not only did I get to meet Julia Evans (who also liked meeting me!), but there was an amazing lineup of amazing women telling everyone about what they're doing. This and Noami Ceder's touching talk about openly transitioning while being a member of the Python community really show how the community walks the walk when it comes to diversity and is always improving.
  • Catching up with old friends like Biella Coleman, Selena Deckelmann, Deb Nicholson, Paul Tagliamonte, Jessica McKellar, Adam Fletcher, and even friends from the bay area who I don't see often. It was hard to walk places without getting too distracted running into people I knew, I got really good at waving and continuing on my way. :)

I didn't get to go to a lot of talks in person this year since my personal schedule was so full, but the PyCon video team is amazing as usual, so I'm looking forward to checking out the archive. It really is a gift to get the videos up while energy from the conference is still so high and people want to check out things they missed and share the talks they loved.

Thanks to everyone, hugs, peace out, et cetera!

Google Adsense20(14) Publisher Stories: Total Race revs up their success using Google AdSense

Time sure does fly - we’ve now reached the end of our ‘20(14) publisher stories’ blog series. Thanks for following the series and for sharing your own stories. Read on to meet this week’s featured publisher and check back soon for more publisher stories.

Total Race was created by five friends and racing enthusiasts. Covering Formula 1, stock car racing and IndyCar, the site receives 135,000 monthly visitors  and employs a team of 15 editors and reporters.

Total Race partners, Ivan and Erick, were already familiar with Google AdSense and using it as a monetization solution for their other web projects. The decision to also choose it for totalrace.com.br was an easy one says Erick and today “AdSense earnings represent around 70% of our total advertising income”.

<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/KthRI6Yq4TA" width="560"></iframe>
(Don’t forget to enable english captions using the Captions button under the YouTube video)

The team also partnered with DoubleClick for Publishers (DFP) Small Business to manage their advertising and save them time. Erick is pleased with this decision stating “the process from start to finish is very fast and easy to use. I’d highly recommend this tool for publishers seeking more detail and control of their advertising campaigns”.

According to Erick, these products have been fundamental in the growth of the site. With the structure they bring, he’s ready to focus further on taking his passion for racing to an even wider audience.

Watch the Total Race story.

Posted by Barbara Sarti - Inside AdSense Team
Was this blog post useful? Share your feedback with us.

CryptogramGoGo Wireless Adds Surveillance Capabilities for Government

The important piece of this story is not that GoGo complies with the law, but that it goes above and beyond what is required by law. It has voluntarily decided to violate your privacy and turn your data over to the government.

TEDTen years later: Dan Gilbert on life after “The surprising science of happiness”

406369_Dan_Gilbert_2004_stageshot_NEWDan Gilbert gave his first TED Talk in February 2004; The surprising science of happiness was one of the first we ever published, in September 2006. Here, the Harvard psychologist reminisces about the impact of TED, shares some suggestions of useful further reading — and owns up to some mistakes.

by Dan Gilbert

When I gave this talk in 2004, the idea that videos might someday be “posted on the internet” seemed rather remote. There was no Netflix or YouTube, and indeed, it would be two years before the first TED Talk was put online. So I thought I was speaking to a small group of people who’d come to a relatively unknown conference in Monterey, California, and had I realized that ten years later more than 8 million people would have heard what I said that day, I would have (a) rehearsed and (b) dressed better.

That’s a lie. I never dress better. But I would have rehearsed. Back then, TED talks were considerably less important events and therefore a lot more improvisational, so I just grabbed some PowerPoint slides from previous lectures, rearranged them on the airplane to California, and then took the stage and winged it. I had no idea that on that day I was delivering the most important lecture of my life.

Mea Maxima Culpa

When you wing it, you make mistakes; and when millions of people watch you wing it, several hundred thousand of them will notice. There are at least three mistakes in this talk, and I know it because I’ve been receiving (and sheepishly replying to) emails about them for nearly ten years. I’m grateful to have the opportunity to correct them.

Mistake 1. Lottery Winners & Paraplegics: The first mistake was a slip of the brain. I’m a scientist and facts are my job, so I’m more than a little embarrassed to have misstated the facts about the 1978 study by Brickman, Coates, & Janoff-Bulman on lottery winners and paraplegics.

At 2:54 I said, “… a year after losing the use of their legs, and a year after winning the lotto, lottery winners and paraplegics are equally happy with their lives.” In fact, the two groups were not equally happy: Although the lottery winners (M=4.00) were no happier than controls (M=3.82), both lottery winner and controls were slightly happier than paraplegics (M=2.96).

So why has this study become the poster child for the concept of hedonic adaptation? First, most of us would expect lottery winners to be much happier than controls, and they weren’t. Second, most of us would expect paraplegics to be wildly less happy than either controls or lottery winners, and in fact they were only slightly less happy (though it is admittedly difficult to interpret numerical differences on rating scales like the ones used in this study). As the authors of the paper noted, “In general, lottery winners rated winning the lottery as a highly positive event, and paraplegics rated their accident as a highly negative event, though neither outcome was rated as extremely as might have been expected.” Almost 40 years later, I suspect that most psychologists would agree that this study produced rather weak and inconclusive findings, but that the point it made about the unanticipated power of hedonic adaptation has now been confirmed by many more powerful and methodologically superior studies. You can read the original study here.

Mistake 2. The Case of Moreese Bickham: The second mistake occurred when I told the story of Moreese Bickham. At 6:18 I said, “He spent 37 years in the Louisiana State Penitentiary for a crime he didn’t commit. He was ultimately exonerated, at the age of 78, through DNA evidence.” First, whether Mr. Bickham did or did not commit the crime is debatable. His attorney tells me that he believes Mr. Bickham was innocent, the state evidently believed otherwise, and I am no judge.  Second, Mr. Bickham was not exonerated on the basis of DNA evidence, but rather, was released for good behavior after serving half his sentence.

How I managed to mangle these facts is something I still scratch my head about. Bad notes? Bad sources? Demonic possession? Sorry, I just don’t remember. But while I got these ancillary facts wrong, I got the key facts right: Mr. Bickham did spend 37 years in prison, he did utter those words upon his release, and he was (and apparently still is) much happier than most of us would expect ourselves to be in such circumstances. You can read about him here.

Mistake 3. The Irreversible Condition: The third mistake was a slip of the tongue that led me to say precisely the opposite of what I meant. At 18:02 I said, “… because the irreversible condition is not conducive to the synthesis of happiness.” Of course I meant to say reversible, not irreversible, and the transcript of the talk contains the correct word. I hope this slip didn’t stop anyone from getting married.

Digging Deeper

I mentioned two of my own studies in my talk, and people often write to ask where they can read about them. The study of the amnesiacs who were shown the Monet prints was done in collaboration with Matt Lieberman, Kevin Oschner, and Dan Schacter, was published in Psychological Science, and can be found here. The study of Harvard students who took a photography course was done in collaboration with Jane Ebert, was published in Journal of Personality and Social Psychology, and can be found here. Pretty much everything else I’ve ever thought, said, written, felt, done, wondered, cooked, smoked or eaten can be found here.

Coda

Giving this talk taught me something I hadn’t known: normal people are interested in the same things I am! Until that day, I’d always thought that psychologists did experiments for each other and occasionally subjected undergraduates to them in class. What I discovered at TED in 2004 was that I could tell a story about human psychology to regular folks and some of them would actually want to hear it. Who knew? I’d been a professor for 20 years, but that was the first time it had ever occurred to me that a classroom can be roughly the size of the world.

I left TED determined to devote a portion of my professional life to telling people about exciting discoveries in the behavioral sciences. So I started writing essays for the New York Times, I wrote a popular book called Stumbling on Happiness, I made a PBS television series called This Emotional Life, and I even appeared in a Super Bowl commercial to try to remind people to plan for their futures. I don’t know what I’ll do next –another book, a feature film, a rock opera? Whatever it is, you can almost certainly blame it on TED.


Sociological ImagesWhere Did Your 2013 Tax Dollars Go?

Each  year the National Priorities Project releases a visual illustrating how our tax dollars are spent.  This is the one for 2013, sans medicare and social security taxes.

1At the end of Sociology 101, I like to ask my students: “What is the state for?”  This often takes them aback, as most of them have never considered the question before.  Is it for defense?  It is to maximize happiness or reduce misery?  Is it for maximizing GDP?  Protecting private property?  Do we want to use it to influence other countries?  How?

There are many questions to ask and they are not purely theoretical.  I like how the spending of our tax dollars helps make the conversation more concrete.

Cross-posted at Business Insider.

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianCraig Small: mutt ate my i key

I did a large upgrade tonight and noticed there was a mutt upgrade, no biggie really….Except my I have for years (incorrectly?) used the “i” key when reading a specific email to jump back to the list of emails, or from index to pager in mutt speak.

Instead of my pager of mails, I got “No news servers defined!” The fix is rather simple, in muttrc put

bind pager i exit

and you’re back to using the i key the wrong way again like me.

 

Planet DebianChris Lamb: Race report: Cambridge Duathlon 2014

(This is my first race of the 2014 season.)


I had entered this race in 2013 and found it was effective for focusing winter training. As triathlons do not typically start until May in the UK, scheduling earlier races can be motivating in the colder winter months.

I didn't have any clear goals for the race except to blow out the cobwebs and improve on my 2013 time. I couldn't set reasonable or reliable target times after considerable "long & slow" training in the off-season but I did want to test some new equipment and stategies, especially race pacing with a power meter, but also a new wheelset, crankset and helmet.

Preparation was both accidentally and deliberately compromised: I did very little race-specific training as my season is based around an entirely different intensity of race, but compounding this I was confined to bed the weekend before.

Sleep was acceptable in the preceding days and I felt moderately fresh on race morning. Nutrition-wise, I had porridge and bread with jam for breakfast, a PowerGel before the race, 750ml of PowerBar Perform on the bike along with a "Hydro" PowerGel with caffeine at approximately 30km.


Run 1 (7.5km)

A few minutes before the start my race number belt—the only truly untested equipment that day—refused to tighten. However, I decided that once the race began I would either ignore it or even discard it, risking disqualification.

Despite letting everyone go up the road, my first km was still too fast so I dialed down the effort, settling into a "10k" pace and began overtaking other runners. The Fen winds and drag-strip uphill from 3km provided a bit of pacing challenge for someone used to shelter and shorter hills but I kept a metered effort through into transition.

Time
33:01 (4:24/km, T1: 00:47) — Last year: 37:47 (5:02/km)

Bike (40km)

Although my 2014 bike setup features a power meter, I had not yet had the chance to perform an FTP test outdoors. I was thus was not able to calculate a definitive target power for the bike leg. However, data from my road bike suggested I set a power ceiling of 250W on the longer hills.

This was extremely effective in avoiding going "into the red" and compromising the second run. This lends yet more weight to the idea that a power meter in multisport events is "almost like cheating".

I was not entirely comfortable with my bike position: not only were my thin sunglasses making me raise my head more than I needed to, I found myself creeping forward onto the nose of my saddle. This is sub-optimal, even if only considering that I am not training in that position.

Overall, the bike was uneventful with the only memorable moment provided by a wasp that got stuck between my head and a helmet vent. Coming into transition I didn't feel like I had really pushed myself that hard—probably a good sign—but the time difference from last year's bike leg (1:16:11) was a little underwhelming.

Time
1:10:45 (T2: 00:58)

Run 2 (7.5km)

After leaving transition, my legs were extremely uncooperative and I had great difficulty in pacing myself in the first kilometer. Concentrating hard on reducing my cadence as well as using my rehearsed mental cue, I managed to settle down.

The following 4 kilometers were a mental struggle rather than a physical one, modulo having to force a few burps to ease some discomfort, possibly from drinking too much or too fast on the bike.

I had planned to "unload" as soon as I reached 6km but I didn't really have it in me. Whilst I am physiologically faster compared to last year, I suspect the lack of threshold-level running over the winter meant the mental component required for digging deep will require some coaxing to return.

However, it is said that you have successfully paced a duathlon if the second run faster than the first. On this criterion, this was a success, but it would have been a bonus to have really felt completely completely drained at the end of the day, if only from a neo-Calvinist perspective.

Time
32:46 (4:22/km) / Last year: 38:10 (5:05/km)

Overall

Total time
2:18:19

A race that goes almost entirely to plan is a bit of a paradox – there's certainly satisfaction in setting goals and hitting them without issue, but this is a gratification of slow-burning fire rather than the jubilation of a fireworks display.

However, it was nice to learn that I managed to finish 5th in my age group despite this race attracting an extremely strong field: as an indicator, the age-group athlete finishing immediately before me was seven minutes faster and the overall winner finished in 1:54:53 (!).

The race identified the following areas to work on:

  • Perform an outdoors FTP on my time-trial bike outdoors to develop an optimum power plan.
  • Do a few more brick runs, at least to re-acclimatise the feeling.
  • Schedule another bike fit.

Although not strictly race-related, I also need to find techniques to ensure transporting a bike on public transport is less stressful. (Full results & full 2014 race schedule)

RacialiciousVoices: RIP Karyn Washington, Founder of For Brown Girls (1992-2014)

By Arturo R. García

For Brown Girls founder Karyn Washington.

The online social justice community suffered a sobering loss with the death of Karyn Washington, who created For Brown Girls and the #DarkSkinRedLip Project, Clutch Magazine reported late last week.

Adding to the shock was that Washington, whose work helped uplift her fans and readers and raise necessary conversations about the unfair beauty standards pushed on communities of color, reportedly took her own life at just 22 years of age, after struggling with depression following her mother’s death last year. Her passing has not only inspired conversation about her work, but about the struggle facing many of our communities and mental health.

FBG was created to celebrate the beauty of dark skin while combatting colorism and promoting self love! FBG was created to celebrate darker shades of brown- to encourage those struggling with accepting having a darker skin complexion to love and embrace the skin they are in. However, women of all shades may take away from FBG the universal and essential message of self love and acceptance.
For Brown Girls Mission Statement

The inspiring young lady helped to empower young women through her work in celebrating the beauty of African-American women, particularly those of dark-complexion.

One example of Washington’s great influence was her #DarkSkinRedLip project, which she launched after rapper ASAP Rocky openly criticized women with darker skin for wearing red lipstick. With this project, Washington allowed all shades of women to band together in knocking down barriers in beauty by encouraging them to embrace their beauty and claim confidence in wearing any lipstick they please.

– Lilly Workneh, The Grio

I remember I’d cover my mouth when i laughed. I had just gotten braces and I wasn’t quite comfortable yet. I was the epitome of an awkward little black girl. You told me I could be your brace face buddy. I think that was the first time if ever heard the term “brace face” !!! Lol & it certainly wasn’t the last either. We’d talk a lot about school and other silly stuff that probably didn’t matter much, but you gave me so much comfort. Now that I think about it, that amazes me. We were only in middle school and there you were inspiring me and teaching me to love my brown self in the most subtle ways. It is no surprise that you would go on to do such amazing things. May “For Brown Girls” (FBG) continue to thrive. That will forever be your brand, your movement, and your legacy! You’re amazing and even at such the young and tender age of 22 you’ve touched the lives of many all over the world. You inspire me and so many other people so much more than you could’ve ever imagined. I wish you could’ve seen the true magnitude of that.

When I look at you I see a reflection of myself and most certainly that is why this hurts so badly. From now on I’ll forever remember your big beautiful smile, your charm, ambition, professionalism, entrepreneurship, confidence, humility, your drive, and your beautiful Brown Skin. That is what I’ll choose to remember… because to be honest, I’m a bit angry with you. Indeed I’m being selfish, but my heart is devastated- yet, because I know a tad bit about what you were going through I can understand. I’m guilt tripping because I wish I could’ve been there for you a little bit more. I’m so sorry, but I can’t help but to think that with just a little bit more time or a little less distance, proximity would’ve allowed me to make, maybe the slightest difference … Forgive me!

Lia Lia

We’ve spoken about the struggle of dealing with depression and mental illness on this site, and the propensity for many people of color to pass on seeking help and counseling because of worry of public opinion and shame. With losses like these, it’s even more important to spread the word about the realities of these internal battles. Washington was a woman who made a difference and her push to remind us as sistas of our beauty was major. Continue to support it and to spread love, as Washington so loved to do.

– Victoria Uwumarogie, Madame Noire

Washington, who dedicated herself to the uplifting of dark-skinned black girls and women, and worked so that they would have a sense of well-being, was struggling with depression and mental illness, and was unable to extend the love she gave to others to herself.

This is often par for the course with black women, who often shoulder so much burden (one of the only things the community will give us kudos for, the quintessential ‘struggle’) and to admit any weakness of the mind and body is to be considered defective. Vulnerability is not allowed. Tears are discouraged. Victims are incessantly blamed. We are hard on our women, and suffer as a result.

When your community tells you that you’re better off praying than seeking the advice of medical professionals and medication, you feel shame when you feel your mind is breaking. There is no safe place. To admit to any mental frialty is to invite scorn and mockery, accusations of “acting white.”

– Christelyn Karazin, Beyond Black & White

I identify with Washington’s encouragement for those struggling with acceptance in having a darker complexion to love and embrace the skin they are in. In Karyn’s unexpected transition, there’s a lesson to be learned. We all, regardless of the shade of our skin, are seeking a loving and supportive system in a community still struggling to accept a variety of skin-tones. Colorism is promoted by media outlets force feeding images of one-dimensional beauty for men and women. People everywhere can continue fostering and laying the bricks For Brown Girls struggling to find self-love and acceptance in their skin by uplifting and supporting one another through projects such as Washington’s.

– M L Ward, Uptown Magazine

<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/dGg6G87v7v8" width="560"></iframe>

There are people who speculate and assume that she was in this place because she wasn’t comfortable with her skin complexion or she had self-esteem issues. That really is 100 percent false. Karyn loved who she was, and she loved her beauty, and she knew she was beautiful. She really overcame the whole colorism issue very early on in her development as a young woman. She was very confident in her skin, and I never heard her say anything negative about her dark skin, or her brown skin. That is just something, I don’t think, that was an issue at all.

– Video by Yumnah Najah, via Women’s Elevation Magazine

When I heard the news this morning, that’s the first thing I thought. I should have shared my thoughts about living without my mother. And how I didn’t want to. I wanted to join her in heaven. It has too be easier up top.

But I was/am too ashamed to admit it. I can hardly believe that I am even typing it and sharing it with you. But fuck it, I’ve thought about it. Does that make me crazy?! NOPE!

I’ve learned in this past year that it doesn’t. It’s what makes me human. I blame social media a bit. We all try to illustrate these perfect lives. Who really shares the bad days? And more importantly, who doesn’t judge someone when they do?

I checked on her one last time in January 2014. I left my number again, just in case she needed to hear my voice. But Karyn never called.

As I continued to fight off my own depression with cocktails, tears and hugs from my boyfriend Karyn still lived inside of me. Karyn isn’t alone. All too often we look down on Karyn. She’s that unstable creature (insert B word) who hasn’t learned to deal with life’s obstacles. She hasn’t learned how to become this beacon of strength that represents all Black women.

– Ty Alexander, Gorgeous In Grey

I really appreciate those who follow the blog and support FBG. It warms my heart see to young ladies excited about the project and to hear that it makes them feel special. I created this spotlight because the blog is for them and I wanted to feature them on it! I ask the girls to fill out a short questionnaire so I and others can get to know them. In the feature, the girls also share their favorite quote, what they love about themselves and what inspires them. They send that along with their picture to the FBG email. I then format it all in a post and feature the ladies throughout the week on the blog. I also wanted to do something a little different than other blogs which also focus on darker skinned beauty. Instead of just pictures, I want to make sure my blog has substance.

– Karyn Washington, Interview with Madame Noire, March 2012

National Suicide Prevention Lifeline: 1-800-273-TALK (8255)

The post Voices: RIP Karyn Washington, Founder of For Brown Girls (1992-2014) appeared first on Racialicious - the intersection of race and pop culture.

Worse Than FailureAll Your RAM Are Belong to Us

Back around the turn of the century, governments were a different place to work at. The public trough, while not as fat as it had been, was still capable of providing funding for boondoggles handed out to friends and family. This was before deficit hawks made a sport of picking off small cost overruns that scurried around the fields of government largesse. Before billions was spent on wars of questionable necessity. Before mayors broke down the stereotype that all crack addicts were skinny.

In this heyday, Ray worked for a government department that contracted, managed and passed-through telecommunications services from external providers to other government departments. The department's central billing and administration system was built and run on the Ingres ABF framework and it's origin dated back to the early 90's. What's more, as soon as the application could be put into minimal funding status, it was. Even in the heady Internet bubble days, no money was spent beyond what was needed to keep the application running.

For developers, this meant a heavy reliance on shell scripts and other such tools to support the main application. And, considering the critical nature of the application (it did generate revenue...or at least caused numbers to be moved from one ledger to another within the government), any change went through enough manual testing to defoliated a acre of the Amazon rain forest generating the testing outputs.

So when Ray needed to make a bulk data change to the central database, he followed the prescribed steps. The appropriate shell script was created, followed by multiple runs on the test server to create the 3 type-set, calf leather bound volumes of input-output testing printouts. Once done, 5 levels of sign-off were collected. While there's no question that this was an extreme process (XP, but not in the productive way), by the time Ray ran the procedural gauntlet, he was confident that the script would do what it was advertised to do.

To run these scripts, the developers used one-off AT scripts on the server to schedule it to start after hours on the server in question. This mechanism, along with servers that had a good SMS notification system for failed AT jobs, meant that developers could schedule a script to run and then go home with confidence.

Ray set up him job to run at 6:30pm and with no notification of a failure, it was a sleep-filled evening. And he came in the next morning confident of it being a normal day. The sight of the wide-eyed, slightly perspiring system administrator combined with his opening statement of "Thank god you're here!" extinguished that.

"Fezzik's down!", he said. The servers were named after movie characters and Fezzik was the production server that Ray had scheduled the script on the night before.

"Um...define 'down'." Ray said, stalling while desperately trying to think of what weird permutation in the script could have caused this.

"It's not responding. The network controller says Fezzik's there. We can ping it. But terminal sessions are immediately frozen on connect and the applications running on that server are unreachable."

"So, it's not DOWN down then?" Ray asked as he reversed course and headed to the server room.

"It's down enough", came the reply.

At the server console, the user login shell was visible. The sys admin pushed a key. The server replied with an annoyingly cheerful beep. One key press, no characters, just a beep. The keyboard buffer was full. Ray felt queasy.

"Inconceivable. I have no idea what caused that." Ray said with an honesty that was quickly turning to desperation.

"Well", said the admin, "we did get some e-mails from the system this morning before it stopped responding. What the hell is rous_at_job.sh?"

Ray paused. "Why?"

"There's so many instances of it that we don't KNOW how many instances there are of it!"

Realization and dread in equal measures dawned on Ray. Instead of rous_at_job.sh running rous.sh param1 param2, Ray had instead set rous_at_job.sh to run rous_at_job.sh param1 param2! The script simply invoked itself, recursively, forever. So, for a little over 12 hours, like Agent Smith in the Matrix, rous_at_job.sh had patiently, one Kb at a time, taken over the memory and run-time capabilities of the server. By the time the system administrators had got in in the morning, rous_at_job.sh had successfully completed its quest for electronic domination and had physically run out of space to spawn another process.

The only option was to literally unplug the machine. The only saving grace was the fact that, given the current state of the processes, Ray was pretty certain that the server wasn't actually doing anything. Other than running rous_at_job.sh, that is.

The server came back no worse for wear. Going forward, developers were banned from running ANY job on the production server. Like magic, budget was found for a new data change management and scheduling system. And Ray spent a large percentage of his paycheck at the pub that Friday buying the system administrators beers.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Planet DebianBits from Debian: DPL election is over, Lucas Nussbaum re-elected

The Debian Project Leader election has concluded and the winner is Lucas Nussbaum. Of a total of 1003 developers, 401 developers voted using the Condorcet method.

More information about the result is available in the Debian Project Leader Elections 2014 page.

The new term for the project leader will start on April 17th and expire on April 17th 2015.

Krebs on SecurityCrimeware Helps File Fraudulent Tax Returns

Many companies believe that if they protect their intellectual property and customers’ information, they’ve done a decent job of safeguarding their crown jewels from attackers. But in an increasingly common scheme, cybercriminals are targeting the Human Resources departments at compromised organizations and rapidly filing fraudulent federal tax returns on all employees.

Last month, KrebsOnSecurity encountered a Web-based control panel that an organized criminal gang has been using to track bogus tax returns filed on behalf of employees at hacked companies whose HR departments had been relieved of W2 forms for all employees.

The control panel for a tax fraud botnet involving more than a half dozen victim organizations.

An obfuscated look at the he control panel for a tax fraud operation involving more than a half dozen victim organizations.

According to the control panel seen by this reporter, the scammers in charge of this scheme have hacked more than a half-dozen U.S. companies, filing fake tax returns on nearly every employee. At last count, this particular scam appears to stretch back to the beginning of this year’s tax filing season, and includes fraudulent returns filed on behalf of thousands of people — totaling more than $1 million in bogus returns.

The control panel includes a menu listing every employee’s W2 form, including all data needed to successfully file a return, such as the employee’s Social Security number, address, wages and employer identification number. Each fake return was apparently filed using the e-filing service provided by H&R Block, a major tax preparation and filing company. H&R Block did not return calls seeking comment for this story.

The "drops" page of this tax  fraud operation lists the nicknames of the co-conspirators who agreed to "cash out" funds on the prepaid cards generated by the bogus returns -- minus a small commission.

The “drops” page of this tax fraud operation lists the nicknames of the co-conspirators who agreed to “cash out” funds on the prepaid cards generated by the bogus returns — minus a small commission.

Fraudulent returns listed in the miscreants’ control panel that were successfully filed produced a specific five-digit tax filing Personal Identification Number (PIN) apparently generated by H&R Block’s online filing system. An examination of the panel suggests that successfully-filed returns are routed to prepaid American Express cards that are requested to be sent to addresses in the United States corresponding to specific “drops,” or co-conspirators in the scheme who have agreed to receive the prepaid cards and “cash out” the balance — minus their fee for processing the bogus returns.

Alex Holden, chief information security officer at Hold Security, said although tax fraud is nothing new, automating the exploitation of human resource systems for mass tax fraud is an innovation.

“The depth of this specific operation permits them to act as a malicious middle-man and tax preparation company to be an unwitting ‘underwriter’ of this crime,” Holden said. “And the victims maybe exploited not only for 2013 tax year but also down the road,  and perhaps subject of higher scrutiny by IRS — not to mention potential financial losses. Companies should look at their human resource infrastructure to ensure that payroll, taxes, financial, medical, and other benefits are afforded the same level of protection as their other mission-critical assets.”

ULTIPRO USERS TARGETED

I spoke at length with Doug, a 45-year-old tax fraud victim at a company that was listed in the attacker’s control panel. Doug agreed to talk about his experience if I omitted his last name and his employer’s name from this story. Doug confirmed that the information in the attacker’s tax fraud panel was his and mostly correct, but he said he didn’t recognize the Gmail address used to fraudulently submit his taxes at H&R Block.

Doug said his employer recently sent out a company-wide email stating there had been a security breach at a cloud provider that was subcontracted to handle the company’s employee benefits and payroll systems.

“Our company sent out a blanket email saying there had been a security breach that included employee names, addresses, Social Security numbers, and other information, and that they were going to pay for a free year’s worth of credit monitoring,” Doug said.

Almost a week after that notification, the company sent out a second notice stating that the breach extended to the personal information of all spouses and children of its employees.

“We were later notified that the breach was much deeper than originally suspected, which included all of our beneficiaries, their personal information, my life insurance policy, 401-K stuff, and our taxes,” Doug said. “My sister-in-law is an accountant, so I raced to her and asked her to help us file our taxes immediately. She pushed them through quickly but the IRS came back and said someone had already filed our taxes a few days before us.”

Doug has since spent many hours filling out countless forms with a variety of organizations, including the Federal Trade Commission, the FBI, the local police department, and of course the Internal Revenue Service.

Doug’s company and another victim at a separate company whose employees were all listed as recent tax fraud victims in the attacker’s online control panel both said their employers’ third-party cloud provider of payroll services was Weston, Fla.-based Ultimate Software. In each case, the attackers appear to have stolen the credentials of the victim organization’s human resources manager, credentials that were used to manage employee payroll and benefits at Ultipro, an online HR and payroll solutions provider.

Jody Kaminsky, senior vice president of marketing at Ultimate Software, said the company has no indication of a compromise of Ultimate’s security. Instead, she said Doug’s employer appears to have had its credentials stolen and abused by this fraud operation.

“Although we are aware that several customers’ employees were victims of tax fraud, we have no reason to believe this unauthorized access was the result of a compromise of our own security,” Kaminsky said. “Rather, our investigation suggests this is the result of stolen login information on the end-user level and not our application.”

Kaminsky continued:

“Unfortunately incidents of tax fraud this tax season across the U.S. are increasing and do not appear to be limited to just our customers or any one company (as I’m sure you’re well aware due to your close coverage of this issue). Over the past several weeks, we have communicated multiple times with our customers about recent threats of tax fraud and identity theft schemes.”

“We believe through schemes such as phishing or malware on end-user computers, criminals are attempting to obtain system login information and use those logins to access employee data for tax fraud purposes. We take identity theft schemes extremely seriously. As tax season progresses, we have been encouraging our customers to take steps to protect their systems such as enforcing frequent password resets and ensuring employee computers’ are up-to-date on anti-malware protection.”

PROTECT YOURSELF FROM TAX FRAUD

According to a 2013 report from the Treasury Inspector General’s office, the U.S. Internal Revenue Service (IRS) issued nearly $4 billion in bogus tax refunds in 2012. The money largely was sent to people who stole Social Security numbers and other information on U.S. citizens, and then filed fraudulent tax returns on those individuals claiming a large refund but at a different address.

It’s important to note that fraudsters engaged in this type of crime are in no way singling out H&R Block or Ultipro. Cybercrooks in charge of large collections of hacked computers can just as easily siphon usernames and passwords — as well as incomplete returns — from taxpayers who are preparing returns via other online filing services, including TurboTax and TaxSlayer.

If you become the victim of identity theft outside of the tax system or believe you may be at risk due to a lost/stolen purse or wallet, questionable credit card activity or credit report, etc., you are encouraged to contact the IRS at the Identity Protection Specialized Unit, toll-free at 1-800-908-4490 so that the IRS can take steps to further secure your account.

That process is likely to involve the use of taxpayer-specific PINs for people that have had issues with identity theft. If approved, the PIN is required on any tax return filed for that consumer before a return can be accepted. To start the process of applying for a tax return PIN from the IRS, check out the steps at this link. You will almost certainly need to file an IRS form 14039 (PDF), and provide scanned or photocopied records, such a drivers license or passport.

The most frightening aspect of this tax crimeware panel is that its designers appear to have licensed it for resale. It’s not clear how much this particular automated fraud machine costs, but sources in the financial industry tell this reporter that this same Web interface has been implicated in multiple tax return scams targeting dozens of companies in this year’s tax-filing season.

Planet DebianAndrew Pollock: [life] Day 76: Dora + Fever

We had a bit of a rough night last night. I noticed Zoe was pretty hot when she had a nap yesterday after not really eating much lunch. She still had a mild fever after her nap, so I gave her some paracetamol (aka acetaminophen, that one weirded me out when I moved to the US) and called for a home doctor to check her ears out.

Her ears were fine, but her throat was a little red. The doctor said it was probably a virus. Her temperature wasn't so high at bed time, so I skipped the paracetamol, and she went to bed fine.

She did wake up at about 1:30am and it took me until 3am to get her back to bed. I think it was a combination of the fever and trying to phase out her white noise, but she just didn't want to sleep in her bed or her room. At 3am I admitted defeat and let her sleep with me.

She had only a slightly elevated temperature this morning, and otherwise seemed in good spirits. We were supposed to go to a family lunch today, because my sister and brother are in town with their respective families, but I figured we'd skip that on account that Zoe may have still had something, and coupled with the poor night's sleep, I wasn't sure how much socialising she was going to be up for.

My ear has still been giving me grief, and I had a home doctor check it yesterday as well, and he said the ear canal was 90% blocked. First thing this morning I called up to make an appointment with my regular doctor to try and get it flushed out. The earliest appointment I could get was 10:15am.

So we trundled around the corner to my doctor after a very slow start to the day. I got my ear cleaned out and felt like a million bucks afterwards. We went to Woolworths to order an undecorated mud slab cake, so I can try doing a trial birthday cake. I've given up on trying to do the sitting minion, and significantly scaled back to just a flat minion slab cake. The should be ready tomorrow.

The family thing was originally supposed to be tomorrow, and was only moved to today yesterday. My original plan had been to take Zoe to a free Dora the Explorer live show that was on in the Queen Street Mall.

I decided to revert back to the original plan, but by this stage, it was too late to catch the 11am show, so the 1pm show was the only other option. We had a "quick" lunch at home, which involved Zoe refusing the eat the sandwich I made for her and me convincing her otherwise.

Then I got a time-sensitive phone call from a friend, and once I'd finished dealing with that, there wasn't enough time to take any form of public transport and get there in time, so I decided to just drive in.

We parked in the Myer Centre car park, and quickly made our way up to the mall, and made it there comfortably with 5 minutes to spare.

The show wasn't anything much to phone home about. It was basically just 20 minutes of someone in a giant Dora suit acting out was was essentially a typical episode of Dora the Explorer, on stage, with a helper. Zoe started out wanting to sit on my lap, but made a few brief forays down to the "mosh pit" down the front with the other kids, dancing around.

After the show finished, we had about 40 minutes to kill before we could get a photo with Dora, so we wandered around the Myer Centre. I let Zoe choose our destinations initially, and we browsed a cheap accessories store that was having a sale, and then we wandered downstairs to one of the underground bus station platforms.

After that, we made our way up to Lincraft, and browsed. We bought a $5 magnifying glass, and I let Zoe do the whole transaction by herself. After that it was time to make our way back down for the photo.

Zoe made it first in line, so we were in and out nice and quick. We got our photos, and they gave her a little activity book as well, which she thought was cool, and then we headed back down the car park.

In my haste to park and get top side, I hadn't really paid attention to where we'd parked, and we came down via different elevators than we went up, so by the time I'd finally located the car, the exit gate was trying to extract an extra $5 parking out of me. Fortunately I was able to use the intercom at the gate and tell my sob story of being a nincompoop, and they let us out without further payment.

We swung by the Valley to clear my PO box, and then headed home. Zoe spontaneously announced she'd had a fun day, so that was lovely.

We only had about an hour and half to kill before Sarah was going to pick up Zoe, so we just mucked around. Zoe looked at stuff around the house with her magnifying glass. She helped me open my mail. We looked at some of the photos on my phone. Dayframe and a Chromecast is a great combination for that. We had a really lovely spell on the couch where we took turns to draw on her Magna Doodle. That was some really sweet time together.

Zoe seemed really eager for her mother to arrive, and kept asking how much longer it was going to be, and going outside our unit's front door to look for her.

Sarah finally arrived, and remarked that Zoe felt hot, and so I checked her temperature, and her fever had returned, so whatever she has she's still fighting off.

I decided to do my Easter egg shopping in preparation for Sunday. A friend suggested this cool idea of leaving rabbit paw tracks all over the house in baby powder, and I found a template online and got that all ready to go.

I had a really great yoga class tonight. Probably one of the best I've had in a while in terms of being able to completely clear my head.

I'm looking forward to an uninterrupted night's sleep tonight.

Planet DebianMatthew Garrett: Real-world Secure Boot attacks

MITRE gave a presentation on UEFI Secure Boot at SyScan earlier this month. You should read the the presentation and paper, because it's really very good.

It describes a couple of attacks. The first is that some platforms store their Secure Boot policy in a run time UEFI variable. UEFI variables are split into two broad categories - boot time and run time. Boot time variables can only be accessed while in boot services - the moment the bootloader or kernel calls ExitBootServices(), they're inaccessible. Some vendors chose to leave the variable containing firmware settings available during run time, presumably because it makes it easier to implement tools for modifying firmware settings at the OS level. Unfortunately, some vendors left bits of Secure Boot policy in this space. The naive approach would be to simply disable Secure Boot entirely, but that means that the OS would be able to detect that the system wasn't in a secure state[1]. A more subtle approach is to modify the policy, such that the firmware chooses not to verify the signatures on files stored on fixed media. Drop in a new bootloader and victory is ensured.

But that's not a beautiful approach. It depends on the firmware vendor having made that mistake. What if you could just rewrite arbitrary variables, even if they're only supposed to be accessible in boot services? Variables are all stored in flash, connected to the chipset's SPI controller. Allowing arbitrary access to that from the OS would make it straightforward to modify the variables, even if they're boot time-only. So, thankfully, the SPI controller has some control mechanisms. The first is that any attempt to enable the write-access bit will cause a System Management Interrupt, at which point the CPU should trap into System Management Mode and (if the write attempt isn't authorised) flip it back. The second is to disable access from the OS entirely - all writes have to take place in System Management Mode.

The MITRE results show that around 0.03% of modern machines enable the second option. That's unfortunate, but the first option should still be sufficient[2]. Except the first option requires on the SMI actually firing. And, conveniently, Intel's chipsets have a bit that allows you to disable all SMI sources[3], and then have another bit to disable further writes to the first bit. Except 40% of the machines MITRE tested didn't bother setting that lock bit. So you can just disable SMI generation, remove the write-protect bit on the SPI controller and then write to arbitrary variables, including the SecureBoot enable one.

This is, uh, obviously a problem. The good news is that this has been communicated to firmware and system vendors and it should be fixed in the future. The bad news is that a significant proportion of existing systems can probably have their Secure Boot implementation circumvented. This is pretty unsurprisingly - I suggested that the first few generations would be broken back in 2012. Security tends to be an iterative process, and changing a branch of the industry that's historically not had to care into one that forms the root of platform trust is a difficult process. As the MITRE paper says, UEFI Secure Boot will be a genuine improvement in security. It's just going to take us a little while to get to the point where the more obvious flaws have been worked out.

[1] Unless the malware was intelligent enough to hook GetVariable, detect a request for SecureBoot and then give a fake answer, but who would do that?
[2] Impressively, basically everyone enables that.
[3] Great for dealing with bugs caused by YOUR ENTIRE COMPUTER BEING INTERRUPTED BY ARBITRARY VENDOR CODE, except unfortunately it also probably disables chunks of thermal management and stops various other things from working as well.

comment count unavailable comments

Planet DebianDirk Eddelbuettel: RcppBDT 0.2.3

A new release of the RcppBDT package is now on CRAN.

Several new modules were added; the package can now work on dates, date durations, "ptime" (aka posix time), and timezones. Most interesting may be the fact that ptime is configured to use 96 bits. This allows a precise representation of dates and times down to nanoseconds, and permits date and time calculations at this level.

The complete NEWS entry is below:

Changes in version 0.2.3 (2014-04-13)

  • New module 'bdtDt' replacing the old 'bdtDate' module in a more transparent style using a local class which is wrapped, just like the three other new classes do

  • New module 'bdtTd' providing date durations which can be added to dates.

  • New module 'bdtTz' providing time zone information such as offset to UTC, amount of DST, abbreviated and full timezone names.

  • New module 'bdtDu' using 'posix_time::duration' for time durations types

  • New module 'bdtPt' using 'posix_time::ptime' for posix time, down to nanosecond granularity (where hardware and OS permit it)

  • Now selects C++11 compilation by setting CXX_STD = CXX11 in src/Makevars* and hence depend on R 3.1.0 or later – this gives gives us long long needed for the nano-second high-resolution time calculations across all builds and platforms.

Courtesy of CRANberries, there is also a diffstat report for the lastest release. As always, feedback is welcome and the rcpp-devel mailing list off the R-Forge page for Rcpp is the best place to start a discussion.

Update: I just learned the hard way that the combination of 32-bit OS, g++ at version 4.7 or newer and a Boost version of 1.53 or 1.54 does not work with this new upload. Some Googling suggests that this ought to be fixed in Boost 1.54; seemingly it isn't as our trusted BH package with Boost headers provides that very version 1.54. However, the Googling also suggested a quick two-line fix which I just committed in the Github repo. A new BH package with the fix may follow in a few days.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

,

Planet DebianSteve Kemp: Is lumail a stepping stone?

I'm pondering a rewrite of my console-based mail-client.

While it is "popular" it is not popular.

I suspect "console-based" is the killer.

I like console, and I ssh to a remote server to use it, but having different front-ends would be neat.

In the world of mailpipe, etc, is there room for a graphic console client? Possibly.

The limiting factor would be the lack of POP3/IMAP.

Reworking things such that there is a daemon to which a GUI, or a console client, could connect seems simple. The hard part would obviously be working the IPC and writing the GUI. Any toolkit selected would rule out 40% of the audience.

In other news I'm stalling on replying to emails. Irony.

Planet DebianJeff Licquia: My Heart Bleeds (or, What’s Going On With Heartbleed)

[en]

One of the big news stories of the week has been “the Heartbleed bug“.  If you know a techie person, you might have noticed that person looking a bit more stressed and tired than usual since Monday (that was certainly true of me).  Some of the discussion might seem a bit confusing and/or scary; what’s worse, the non-tech press has started getting some of the details wrong and scare-mongering for readers.

So here’s my non-techie guide to what all the fuss is about.  If you’re a techie, this advice isn’t for you; chances are, you already know what you should be doing to help fix this.

(If you’re a techie and you don’t know, ask!  You might just need a little education on what needs to happen, and there’s nothing wrong with that, but you’ll be better off asking and possibly looking foolish than you will be if you get hacked.)

If you’re not inclined to read the whole thing, here are the important points:

  • Don’t panic!  There are reports of people cleaning out their bank accounts, cutting off their Internet service, buying new computers, etc.  If you’re thinking about doing anything drastic because you’re scared of Heartbleed, don’t.
  • You’ll probably need to change a lot of your passwords on various sites, but wait until each site you use tells you to.
  • This is mostly a problem for site servers, not PCs or phones or tablets.  Unless you’re doing something unusual (and you’d know if you were), you’re fine as long as you update your devices like you usually do.  (You do update your devices, right?)

So what happened?

There’s a notion called a “heartbeat signal”, where two computers talking to each other say “Hey, you there?” every so often. This is usually done by computer #1 sending some bit of data to computer #2, and computer #2 sending it back. In this particular situation, the two computers actually send both a bit of data and the length of that bit of data.

Some of you might be asking “so what happens if computer #1 sends a little bit of data, but lies and says the data is a lot longer than that?” In a perfect world, computer #2 would scold computer #1 for lying, and that’s what happens now with the bug fix. But before early this week, computer #2 would just trust computer #1 in one very specific case.

Now, computers use memory to keep track of stuff they’re working on, and they’re constantly asking for memory and then giving it back when they’re done, so it can be used by something else.  So, when you ask for memory, the bit of memory you get might have the results of what the program was doing just a moment ago–things like decrypting a credit card using a crypto key, or checking a password.

This isn’t normally a problem, since it’s the same program getting its own memory back.  But if it’s using this memory to keep track of these heartbeats, and it’s been tricked into thinking it needs to send back “the word HAT, which is 500 characters long“, then character 4 and following is likely to be memory used for something just a moment ago.

Most of that “recycled memory” would be undecipherable  junk. But credit cards, crypto keys, and passwords tend to be fairly easy to pick out, unfortunately.

And that, by the way, is where the name comes from: the heartbeat signal bleeds data, so “Heartbleed”.  There’s been some fascinating commentary on how well this bug has been marketed, by the way; hopefully, we in the techie community will learn something about how to explain problems like this for future incidents.

Does this affect every site?

No.  Only sites using certain newer versions of crypographic software called “OpenSSL” are affected by this.  OpenSSL is very popular; I’ve seen estimates that anywhere from a third to a half of all secure Internet sites use it.  But not all of those sites will have the bug, since it was only introduced in the last two years.

How do we know this?  OpenSSL is open source, and is developed “in public”.  Because of that, we know the exact moment when the bug was introduced, when it was released to the world, and when it was fixed.

(And, just for the record, it was an honest mistake.  Don’t go and slam on the poor guy who wrote the code with the bug.  It should have been caught by a number of different people, and none of them noticed it, so it’s a lot more complicated than “it’s his fault!  pitchforks and torches!”)

What should I do?

Nothing, yet.  Right now, this is mostly a techie problem.

Remember that bit about crypto keys?  That’s the part which puts the little lock icon next to the URL in your browser when you go to your bank’s Web site, or to Amazon to buy things, or whatever.  The crypto keys make sure that your conversation with your bank about your balance is just between you and your bank.

That’s also the part which is making techies the world over a little more stressed and tired.  You see, we know that the people who found the bug were “good guys” and helped to get the bug fixed, but we don’t know if any “bad guys” found the bug before this week.  And if a “bad guy” used the bug to extract crypto keys, they would still have those crypto keys, and could still use them even though the original bug is fixed.  That would mean that a “bad guy” could intercept your conversation with your bank / Amazon / whoever.

Since we don’t know, we have to do the safe thing, and assume that all our keys were in fact stolen,  That means we have to redo all our crypto keys.  That’s a lot of work.

And because your password is likely protected with those same crypto keys, if a “bad guy” has Amazon’s key, they’d be able to watch you change your password at Amazon.  Maybe they didn’t even have your old password, but now they have your new one.  Oops.  You’re now less secure than you were.

Now, it’s important to make sure we’re clear: we don’t know that this has happened.  There’s really no way of knowing, short of actually catching a “bad guy” in the act, and we haven’t caught anyone–yet.  So, this is a safety measure.

Thus, the best thing to do is: don’t panic.  Continue to live life as usual.  It might be prudent to put off doing some things for a few days, but I wouldn’t even worry so much about that.  If you pay your bills online, for example, don’t risk paying a bill late out of fear.  Remember: so far, we have no evidence yet that anyone’s actually doing anything malicious with this bug.

At some point, a lot of sites are going to post a notice that looks a lot like this:

We highly recommend our users change the password on their Linux Foundation ID—which is used for the logins on most Linux Foundation sites, including our community site, Linux.com—for your own security and as part of your own comprehensive effort to update and secure as many of your online credentials as you can.

(That’s the notice my employer posted once we had our site in order.)

That will be your cue that they’ve done the work to redo their crypto keys, and that it’s now safe to change your password.

A lot of sites will make statements saying, essentially, “we don’t have a problem”.  They’re probably right.  Don’t second-guess them; just exhale, slowly, and tick that site off your list of things to worry about.

Other sites might not say anything.  That’s the most worrying part, because it’s hard to tell if they’re OK or not.  If it’s an important site to you, the best course of action might be to just ask, or search on Google / Bing / DuckDuckGo / wherever for some kind of statement.

What about your site?

Yup, I use OpenSSL, and I was vulnerable.  But I’m the only person who actually logs in to anything on this site.  I’ve got the bugfix, but I’m still in the process of creating new keys.

Part of the problem is that everyone else is out there creating new keys at the same time, which creates a bit of a traffic jam.

So yeah, if you were thinking of posting your credit card number in a comment, and wanted to make sure you did it securely… well, don’t do that.  EVER.  And not because of Heartbleed.

Planet DebianAndreas Metzler: balance sheet snowboarding season 2013/14

Little snow, but above-average season. The macro weather situation was very stable this year, very high snowfall in Austria's south (eastern tyrol and carinthia), and long periods of warm and sunny weather with little precipitation on the northern side of the alps (i.e. us).

This had me going snowboarding a lot, but almost exclusively in Damüls since it is characterized by a) grassy terrain (no stones) and b) huge numbers of snow cannons.

I started early (December 7) with another 6 days on piste in December. If there had been more snow the season would have been a long one, too. - Season's end depends on the timimg of easter (because of the holidays) which would have been late. However I again stopped rather early, last day was March 30.

In addition to the days listed below I had an early season's opening at the glacier in Pitztal. I attended the pureboarding in November (21st to 23rd). Looking back at the season I am not quite satisfied with my progress, I just have not managed to implement and practise the technique I should have learned there. It is next to impossible when the slopes are full, and when they aren't one likes to give it a run. ;-)

Here is the balance sheet:

2005/06 2006/07 2007/08 2008/09 2009/10 2010/11 2011/12 2012/13 2013/14
number of (partial) days251729373030252330
Damüls1010510162310429
Diedamskopf154242313414191
Warth/Schröcken030413100
total meters of altitude12463474096219936226774202089203918228588203562274706
highscore10247m8321m12108m11272m11888m10976m13076m13885m12848m
# of runs309189503551462449516468597

Don MartiSurveillance Marketing pays

Katrina Lerman of Communispace explains how surveillance marketing pays. First of all, people don't like being tracked in general.

We found that consumers overwhelmingly prefer anonymity online: 86 percent of consumers would click a “do not track” button if it were available and 30 percent of consumers would actually pay a 5 percent surcharge if they could be guaranteed that none of their information would be captured.

What would get them over their resistance? Discounts, of course.

On the flip side, consumers may be willing to share their data if there’s a clear value exchange: 70 percent said they would voluntarily share personal data with a company in exchange for a 5 percent discount.

Got it? This is some heavy Chief-Marketing-Officer-level stuff here, so pay attention. Yes, you'll be spending a lot of money on Big Data and all the highly paid surveillance marketing consultants and IT experts who go with it. (Big Data experts are a rare breed, and feed primarily on between-sessions croissants at Big Data conferences.)

But look what you get for that increase in the marketing budget. You get to cut your price to get people to sign up for it.

Somewhere this all makes sense. Maybe Bob Hoffman can explain it.

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2014-04-07 to 2014-04-13

Sociological ImagesSunday Fun: Girl Pants

No pockets, no justice.

Click to embiggen.1 (2) - Copy
Visit Dumbing of Age.

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Kelvin ThomsonRenewable Energy Target

On Friday I met with Tim Sonnreich from the Clean Energy Council to talk about the Federal Government’s review of the Renewable Energy Target. The Clean Energy Council points out that scrapping or scaling back the renewables target would see electricity prices RISE, not fall, due to greater use of gas in the energy sector, at a time when gas is soaring in price. The Clean Energy Council is worried that $18 billion of investments in renewable energy projects are predicated on the target remaining as is. They will be hurt if the Renewable Energy Target is reduced.<o:p></o:p>
<o:p> </o:p>
My own view is that the Target needs to be retained till 2020, and increased, not reduced, after that.

Planet Linux AustraliaMaxim Zakharov: Google Code Jam. Minesweeper Master

The Minesweeper Master is the Problem C in the Google Code Jam 2014 Qualification Round.

Here is my solution for it in C language:


#include <stdio.h>
#include <string.h>

#define N 50

char mines[N][N];


int putMines(int R0, int R1, int C0, int C1, int M, int f) {
    int j;
    int sR = R1 - R0;
    int sC = C1 - C0;
    if (sR == 0) return M;
    if (sC == 0) return M;

    if (sR > sC && sR > 2 && M >= C1 - C0) {
	M -= C1 - C0;
	for(j = C0; j < C1; j++) mines[R0][j] = '*';
	return (M > 0) ? putMines(R0 + 1, R1, C0, C1, M, f) : 0;
    }
    if (sC > 2 && M >= R1 - R0) {
	M -= R1 - R0;
	for (j = R0; j < R1; j++) mines[j][C0] = '*';
	return (M > 0) ? putMines(R0, R1, C0 + 1, C1, M, f) : 0;
    }
    if (sR > 2 && M >= C1 - C0) {
	M -= C1 - C0;
	for(j = C0; j < C1; j++) mines[R0][j] = '*';
	return (M > 0) ? putMines(R0 + 1, R1, C0, C1, M, f) : 0;
    }
    if (sR > sC && (sC > 2 || f)) {
	for (j = R0; M > 0 && j < R1 - 2 + 2 * f; j++) {
	    mines[j][C0] = '*';
	    M--;
	}
	return (M > 0) ? putMines(R0, R1, C0 + 1, C1, M, f) : 0;
    }
    if (sR > 2 || f) {
	for (j = C0; M > 0 && j < C1 - 2 + 2 * f; j++) {
	    mines[R0][j] = '*';
	    M--;
	}
	return (M > 0) ? putMines(R0 + 1, R1, C0, C1, M, f) : 0;
    }
    return M;
 }

main() {
    int i, T;
    int R, C, M;
    int j, k;
    int mR, fill, mine, cr, cc;
    int d, rC, U;

    scanf("%d\n", &T);
    for (i = 0; i < T; i++) {
	printf("Case #%d:\n", i + 1);
	scanf("%d %d %d", &R, &C, &M);

	cr = R - 1;
	cc = C - 1;

	memset(mines, (int)'.', N * N);
	M = putMines(0, R, 0, C, M, (R * C - M) == 1);

	if ( M ) printf("Impossible\n");
	else {
	    mines[cr][cc] = 'c';
	    for (k = 0; k < R; k++) {
		for (j = 0; j < C; j++) {
		    printf("%c", mines[k][j]);
		}
		printf("\n");
	    }
	}
    }
}

Planet Linux AustraliaMaxim Zakharov: Google Code Jam. Cookie Clicker Alpha

The Cookie Clicker Alpha is the Problem B of the Google Code Jam 2014 Qualification Round.

Here is my solution for it in C language:


#include <stdio.h>
#include <math.h>
#include <stdlib.h>

#define EPS 0.0000001

main() {
    int T, i, c, p, m;
    double C, F, X, Y;
    
    struct Item {
	double y;
	double a;
	double cookies;
    } *H;

    H = (struct Item *) malloc(10000000 * sizeof(struct Item));

    scanf("%d\n", &T);
    for (i = 0; i < T; i++) {
	printf("Case #%d: ", i + 1);
	c = p = m = 0;
	scanf("%lf %lf %lf\n", &C, &F, &X);
	Y = 10000000.0;
	H[p].y = 0.0;
	H[p].a = 2.0;
	H[p].cookies = 0.0;

	while (c <= p) {
	    if (fabs(H[c].cookies - X) < EPS) {
		if (H[c].y < Y) Y = H[c].y;
	    } else if (H[c].y < Y) {
		H[p + 1].y = H[c].y + C/H[c].a;
		H[p + 1].a = H[c].a + F;
		H[p + 1].cookies = 0.0;

		H[p + 2].y = H[c].y + X/H[c].a;
		H[p + 2].a = H[c].a;
		H[p + 2].cookies = X;
		p = p + 2;
	    } 
	    c++;
	}
	printf("%.7lf\n", Y);
    }
}

Planet DebianC.J. Adams-Collier: When was the last time you upgraded from squeeze to wheezy?

Wow. 3G delta. I haven’t booted this laptop for a while… I think I’m finally ready to make the move from gnome2 to gnome3. There are bits that still annoy me, but I think it’s off to a good start. Upgrading perl from 5.10 to 5.14.

cjac@calcifer:~$ sudo apt-get dist-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages will be REMOVED:
  at-spi capplets-data compiz compiz-gnome compiz-gtk defoma deskbar-applet g++-4.3 gcc-4.3 gcj-4.4-base gcj-4.4-jre gcj-4.4-jre-headless gcj-4.4-jre-lib
  gdm3 gir1.0-clutter-1.0 gir1.0-freedesktop gir1.0-glib-2.0 gir1.0-gstreamer-0.10 gir1.0-gtk-2.0 gir1.0-json-glib-1.0 glade-gnome gnome-about
  gnome-accessibility gnome-applets gnome-core gnome-panel gnome-utils-common lib32readline5-dev libbrasero-media0 libclass-mop-perl libdb4.7-java
  libdb4.8-dev libdevhelp-1-1 libdigest-sha1-perl libdirectfb-dev libebook1.2-9 libecal1.2-7 libedata-book1.2-2 libedata-cal1.2-7 libedataserverui1.2-8
  libepc-1.0-2 libepc-ui-1.0-2 libept1 libgcj10 libgcj10-awt libgd2-noxpm libgstfarsight0.10-0 libgtkhtml-editor0 libjpeg62-dev libmetacity-private0
  libmono-accessibility1.0-cil libmono-bytefx0.7.6.1-cil libmono-cairo1.0-cil libmono-cil-dev libmono-corlib1.0-cil libmono-cscompmgd7.0-cil
  libmono-data-tds1.0-cil libmono-data1.0-cil libmono-debugger-soft0.0-cil libmono-getoptions1.0-cil libmono-i18n-west1.0-cil libmono-i18n1.0-cil
  libmono-ldap1.0-cil libmono-microsoft7.0-cil libmono-npgsql1.0-cil libmono-oracle1.0-cil libmono-peapi1.0-cil libmono-posix1.0-cil
  libmono-relaxng1.0-cil libmono-security1.0-cil libmono-sharpzip0.6-cil libmono-sharpzip0.84-cil libmono-sqlite1.0-cil libmono-system-data1.0-cil
  libmono-system-ldap1.0-cil libmono-system-messaging1.0-cil libmono-system-runtime1.0-cil libmono-system-web1.0-cil libmono-system1.0-cil
  libmono-webbrowser0.5-cil libmono-winforms1.0-cil libmono1.0-cil libmtp8 libnautilus-extension1 libpango1.0-common libperl5.10 libpolkit-gtk-1-0
  libpulse-browse0 librpm1 librpmbuild1 libsdl1.2-dev libsdl1.2debian-pulseaudio libseed0 libstdc++6-4.3-dev libtelepathy-farsight0 libupnp3 libvlccore4
  libxmlrpc-c3 linphone-nox linux-headers-2.6.32-5-amd64 linux-sound-base metacity mono-2.0-devel mono-devel mysql-client-5.1 mysql-query-browser
  mysql-server-5.1 mysql-server-core-5.1 openoffice.org-base-core openoffice.org-core openoffice.org-gcj openoffice.org-report-builder-bin
  openoffice.org-style-andromeda php5-suhosin portmap python-beagle python-brasero python-docky python-encutils python-evince python-gnomeapplet
  python-gtop python-mediaprofiles python-metacity python-totem-plparser seahorse-plugins smbfs speedbar totem-coherence tqsllib1c2a unixcw vlc
  xserver-xorg-video-nv
The following NEW packages will be installed:
  accountsservice acl aisleriot apg aptdaemon-data aptitude-common asterisk-core-sounds-en asterisk-modules asterisk-moh-opsound-gsm at-spi2-core
  ax25-node bluez btrfs-tools caribou caribou-antler chromium chromium-inspector colord console-setup console-setup-linux cpp-4.6 cpp-4.7 crda
  cryptsetup-bin cups-filters db-util db5.1-util dconf-gsettings-backend dconf-service dconf-tools distro-info-data docutils-common docutils-doc enchant
  extlinux finger folks-common fonts-cantarell fonts-droid fonts-freefont-ttf fonts-horai-umefont fonts-lg-aboriginal fonts-liberation fonts-lyx
  fonts-opensymbol fonts-sil-gentium fonts-sil-gentium-basic fonts-sipa-arundina fonts-stix fonts-takao fonts-takao-gothic fonts-takao-mincho
  fonts-thai-tlwg fonts-tlwg-garuda fonts-tlwg-kinnari fonts-tlwg-loma fonts-tlwg-mono fonts-tlwg-norasi fonts-tlwg-purisa fonts-tlwg-sawasdee
  fonts-tlwg-typewriter fonts-tlwg-typist fonts-tlwg-typo fonts-tlwg-umpush fonts-tlwg-waree fonts-umeplus fuse g++-4.7 g++-4.7-multilib gcc-4.6
  gcc-4.6-base gcc-4.7 gcc-4.7-base gcc-4.7-multilib gcj-4.7-base gcj-4.7-jre gcj-4.7-jre-headless gcj-4.7-jre-lib gconf-service gcr
  gir1.2-accountsservice-1.0 gir1.2-atk-1.0 gir1.2-atspi-2.0 gir1.2-caribou-1.0 gir1.2-clutter-1.0 gir1.2-clutter-gst-1.0 gir1.2-cogl-1.0
  gir1.2-coglpango-1.0 gir1.2-evince-3.0 gir1.2-folks-0.6 gir1.2-freedesktop gir1.2-gck-1 gir1.2-gconf-2.0 gir1.2-gcr-3 gir1.2-gdesktopenums-3.0
  gir1.2-gdkpixbuf-2.0 gir1.2-gee-1.0 gir1.2-gkbd-3.0 gir1.2-glib-2.0 gir1.2-gmenu-3.0 gir1.2-gnomebluetooth-1.0 gir1.2-gnomekeyring-1.0
  gir1.2-gst-plugins-base-0.10 gir1.2-gstreamer-0.10 gir1.2-gtk-3.0 gir1.2-gtkclutter-1.0 gir1.2-gtksource-3.0 gir1.2-gtop-2.0 gir1.2-gucharmap-2.90
  gir1.2-javascriptcoregtk-3.0 gir1.2-json-1.0 gir1.2-mutter-3.0 gir1.2-networkmanager-1.0 gir1.2-notify-0.7 gir1.2-panelapplet-4.0 gir1.2-pango-1.0
  gir1.2-peas-1.0 gir1.2-polkit-1.0 gir1.2-rb-3.0 gir1.2-soup-2.4 gir1.2-telepathyglib-0.12 gir1.2-telepathylogger-0.2 gir1.2-totem-1.0
  gir1.2-totem-plparser-1.0 gir1.2-upowerglib-1.0 gir1.2-vte-2.90 gir1.2-webkit-3.0 gir1.2-wnck-3.0 gir1.2-xkl-1.0 git-man gjs gkbd-capplet glchess
  glib-networking glib-networking-common glib-networking-services glines gnect gnibbles gnobots2 gnome-bluetooth gnome-contacts gnome-control-center-data
  gnome-desktop3-data gnome-font-viewer gnome-icon-theme-extras gnome-icon-theme-symbolic gnome-online-accounts gnome-packagekit gnome-packagekit-data
  gnome-shell gnome-shell-common gnome-sudoku gnome-sushi gnome-themes-standard gnome-themes-standard-data gnome-user-share gnome-video-effects gnomine
  gnotravex gnotski gnuplot gnuplot-nox grilo-plugins-0.1 groff growisofs gsettings-desktop-schemas gstreamer0.10-gconf gtali guile-2.0-libs gvfs-common
  gvfs-daemons gvfs-libs hardening-includes hwdata iagno ienglish-common imagemagick-common ioquake3 ioquake3-server iputils-tracepath ipxe-qemu iw
  keyutils kmod krb5-locales lib32itm1 lib32quadmath0 lib32tinfo-dev lib32tinfo5 libaacplus2 libaacs0 libabiword-2.9 libaccountsservice0 libamd2.2.0
  libapache-pom-java libapol4 libapt-inst1.5 libapt-pkg4.12 libaqbanking-plugins-libgwenhywfar60 libaqbanking34 libaqbanking34-plugins libaqhbci20
  libaqofxconnect7 libarchive12 libasprintf0c2 libassuan0 libatk-adaptor libatk-adaptor-data libatk-bridge2.0-0 libatkmm-1.6-1 libatkmm-1.6-dev
  libatspi2.0-0 libaudiofile1 libavahi-ui-gtk3-0 libavcodec53 libavcodec54 libavformat53 libavformat54 libavutil51 libbabl-0.1-0 libbind9-80 libbison-dev
  libblas3 libbluray1 libboost-iostreams1.49.0 libboost-program-options1.49.0 libboost-python1.49.0 libboost-serialization1.49.0 libboost-thread1.49.0
  libbrasero-media3-1 libcairo-gobject2 libcairo-script-interpreter2 libcamel-1.2-33 libcanberra-dev libcanberra-gtk3-0 libcanberra-gtk3-module
  libcanberra-pulse libcapi20-3 libcaribou-common libcaribou-gtk-module libcaribou-gtk3-module libcaribou0 libccrtp0 libcdio-cdda1 libcdio-paranoia1
  libcdio13 libcfg4 libchamplain-0.12-0 libchamplain-gtk-0.12-0 libcheese-gtk21 libcheese3 libclass-factory-util-perl libclass-isa-perl libclass-load-perl
  libclass-load-xs-perl libclutter-1.0-common libclutter-gst-1.0-0 libclutter-gtk-1.0-0 libclutter-imcontext-0.1-0 libclutter-imcontext-0.1-bin
  libcluttergesture-0.0.2-0 libcmis-0.2-0 libcogl-common libcogl-pango0 libcogl9 libcolord1 libcommons-parent-java libconfdb4 libcoroipcc4 libcoroipcs4
  libcpg4 libcryptsetup4 libcrystalhd3 libcupsfilters1 libcw3 libdata-alias-perl libdatetime-format-builder-perl libdatetime-format-iso8601-perl
  libdb-java libdb5.1 libdb5.1-dev libdb5.1-java libdb5.1-java-jni libdbus-c++-1-0 libdbus-glib1.0-cil libdbus1.0-cil libdconf0 libdee-1.0-4
  libdevel-partialdump-perl libdevhelp-3-0 libdevmapper-event1.02.1 libdistro-info-perl libdmapsharing-3.0-2 libdns88 libdotconf1.0 libdvbpsi7
  libebackend-1.2-2 libebml3 libebook-1.2-13 libecal-1.2-11 libecore1 libedata-book-1.2-13 libedata-cal-1.2-15 libedataserver-1.2-16
  libedataserverui-3.0-1 libeina1 libemail-valid-perl libencode-locale-perl libepc-1.0-3 libepc-ui-1.0-3 libept1.4.12 libescpr1 libev4
  libeval-closure-perl libevdocument3-4 libevent-2.0-5 libevent-perl libevs4 libevview3-3 libexiv2-12 libexosip2-7 libexporter-lite-perl
  libexttextcat-data libexttextcat0 libfakechroot libfarstream-0.1-0 libfdk-aac0 libfdt1 libfile-basedir-perl libfile-desktopentry-perl
  libfile-fcntllock-perl libfile-listing-perl libfile-mimeinfo-perl libfltk-images1.3 libfltk1.3 libfolks-eds25 libfolks-telepathy25 libfolks25
  libfont-afm-perl libgail-3-0 libgcj13 libgcj13-awt libgck-1-0 libgconf-2-4 libgconf2-doc libgcr-3-1 libgcr-3-common libgd2-xpm libgdata13
  libgdata2.1-cil libgdict-common libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgegl-0.2-0 libgeocode-glib0 libgettextpo0 libgexiv2-1
  libgirepository-1.0-1 libgjs0b libgkeyfile1.0-cil libgladeui-2-0 libgladeui-common libglapi-mesa libglew1.7 libglib2.0-bin libgmime-2.6-0
  libgmime2.6-cil libgmp10 libgnome-bluetooth10 libgnome-desktop-3-2 libgnome-keyring-common libgnome-media-profiles-3.0-0 libgnome-menu-3-0 libgnomekbd7
  libgnutls-openssl27 libgnutlsxx27 libgoa-1.0-0 libgoa-1.0-common libgphoto2-l10n libgraphite2-2.0.0 libgrilo-0.1-0 libgs9 libgs9-common libgssdp-1.0-3
  libgstreamer-plugins-bad0.10-0 libgtk-3-0 libgtk-3-bin libgtk-3-common libgtk-3-dev libgtk-3-doc libgtk-sharp-beans-cil libgtk-vnc-2.0-0
  libgtkhtml-4.0-0 libgtkhtml-4.0-common libgtkhtml-editor-4.0-0 libgtkmm-3.0-1 libgtksourceview-3.0-0 libgtksourceview-3.0-common libgucharmap-2-90-7
  libgudev1.0-cil libgupnp-1.0-4 libgupnp-av-1.0-2 libgupnp-igd-1.0-4 libgusb2 libgvnc-1.0-0 libgweather-3-0 libgwenhywfar-data libgwenhywfar60 libgxps2
  libhcrypto4-heimdal libheimbase1-heimdal libhtml-form-perl libhtml-format-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl
  libhttp-message-perl libhttp-negotiate-perl libhunspell-1.3-0 libicu48 libimobiledevice2 libio-aio-perl libisc84 libisccc80 libisccfg82 libiscsi1
  libiso9660-8 libisoburn1 libitm1 libjavascriptcoregtk-1.0-0 libjavascriptcoregtk-3.0-0 libjbig0 libjs-sphinxdoc libjs-underscore libjson0 libjte1
  libkadm5clnt-mit8 libkadm5srv-mit8 libkarma0 libkdb5-6 libkmod2 libkpathsea6 liblapack3 liblavfile-2.0-0 liblavjpeg-2.0-0 liblavplay-2.0-0 liblcms2-2
  liblensfun-data liblensfun0 liblinear-tools liblinear1 liblinphone4 liblockfile-bin liblogsys4 liblvm2app2.2 liblwp-mediatypes-perl
  liblwp-protocol-https-perl liblwres80 liblzma5 libmaa3 libmagick++5 libmagickcore5 libmagickcore5-extra libmagickwand5 libmath-bigint-perl
  libmath-round-perl libmatroska5 libmediastreamer1 libmhash2 libminiupnpc5 libmission-control-plugins0 libmjpegutils-2.0-0 libmodule-implementation-perl
  libmodule-runtime-perl libmono-2.0-1 libmono-2.0-dev libmono-accessibility4.0-cil libmono-cairo4.0-cil libmono-codecontracts4.0-cil
  libmono-compilerservices-symbolwriter4.0-cil libmono-corlib4.0-cil libmono-csharp4.0-cil libmono-custommarshalers4.0-cil libmono-data-tds4.0-cil
  libmono-debugger-soft2.0-cil libmono-debugger-soft4.0-cil libmono-http4.0-cil libmono-i18n-cjk4.0-cil libmono-i18n-mideast4.0-cil
  libmono-i18n-other4.0-cil libmono-i18n-rare4.0-cil libmono-i18n-west4.0-cil libmono-i18n4.0-all libmono-i18n4.0-cil libmono-ldap4.0-cil
  libmono-management4.0-cil libmono-messaging-rabbitmq4.0-cil libmono-messaging4.0-cil libmono-microsoft-build-engine4.0-cil
  libmono-microsoft-build-framework4.0-cil libmono-microsoft-build-tasks-v4.0-4.0-cil libmono-microsoft-build-utilities-v4.0-4.0-cil
  libmono-microsoft-csharp4.0-cil libmono-microsoft-visualc10.0-cil libmono-microsoft-web-infrastructure1.0-cil libmono-npgsql4.0-cil
  libmono-opensystem-c4.0-cil libmono-oracle4.0-cil libmono-peapi4.0-cil libmono-posix4.0-cil libmono-rabbitmq4.0-cil libmono-relaxng4.0-cil
  libmono-security4.0-cil libmono-sharpzip4.84-cil libmono-simd4.0-cil libmono-sqlite4.0-cil libmono-system-componentmodel-composition4.0-cil
  libmono-system-componentmodel-dataannotations4.0-cil libmono-system-configuration-install4.0-cil libmono-system-configuration4.0-cil
  libmono-system-core4.0-cil libmono-system-data-datasetextensions4.0-cil libmono-system-data-linq4.0-cil libmono-system-data-services-client4.0-cil
  libmono-system-data-services4.0-cil libmono-system-data4.0-cil libmono-system-design4.0-cil libmono-system-drawing-design4.0-cil
  libmono-system-drawing4.0-cil libmono-system-dynamic4.0-cil libmono-system-enterpriseservices4.0-cil libmono-system-identitymodel-selectors4.0-cil
  libmono-system-identitymodel4.0-cil libmono-system-ldap4.0-cil libmono-system-management4.0-cil libmono-system-messaging4.0-cil
  libmono-system-net4.0-cil libmono-system-numerics4.0-cil libmono-system-runtime-caching4.0-cil libmono-system-runtime-durableinstancing4.0-cil
  libmono-system-runtime-serialization-formatters-soap4.0-cil libmono-system-runtime-serialization4.0-cil libmono-system-runtime4.0-cil
  libmono-system-security4.0-cil libmono-system-servicemodel-discovery4.0-cil libmono-system-servicemodel-routing4.0-cil
  libmono-system-servicemodel-web4.0-cil libmono-system-servicemodel4.0-cil libmono-system-serviceprocess4.0-cil libmono-system-transactions4.0-cil
  libmono-system-web-abstractions4.0-cil libmono-system-web-applicationservices4.0-cil libmono-system-web-dynamicdata4.0-cil
  libmono-system-web-extensions-design4.0-cil libmono-system-web-extensions4.0-cil libmono-system-web-routing4.0-cil libmono-system-web-services4.0-cil
  libmono-system-web4.0-cil libmono-system-windows-forms-datavisualization4.0-cil libmono-system-windows-forms4.0-cil libmono-system-xaml4.0-cil
  libmono-system-xml-linq4.0-cil libmono-system-xml4.0-cil libmono-system4.0-cil libmono-tasklets4.0-cil libmono-web4.0-cil libmono-webbrowser2.0-cil
  libmono-webbrowser4.0-cil libmono-webmatrix-data4.0-cil libmono-windowsbase4.0-cil libmount1 libmozjs10d libmozjs17d libmozjs185-1.0 libmpeg2encpp-2.0-0
  libmplex2-2.0-0 libmtdev1 libmtp-common libmtp-runtime libmtp9 libmupen64plus2 libmusicbrainz-discid-perl libmusicbrainz5-0 libmutter0 libmx-1.0-2
  libmx-bin libmx-common libmysqlclient18 libnatpmp1 libnautilus-extension1a libnet-domain-tld-perl libnet-http-perl libnet-ip-minimal-perl libnetcf1
  libnetfilter-conntrack3 libnettle4 libnewtonsoft-json4.5-cil libnice10 libnl-3-200 libnl-genl-3-200 libnl-route-3-200 libnm-glib4 libnm-gtk-common
  libnm-gtk0 libnm-util2 libnotify4 libnspr4 libnss-winbind libnss3 libnuma1 libnunit2.6-cil liboauth0 libodbc1 liboobs-1-5 libopal3.10.4 libopenal-data
  libopus0 libosip2-7 libp11-2 libp11-kit-dev libp11-kit0 libpackage-stash-xs-perl libpackagekit-glib2-14 libpam-cap libpam-modules-bin libpam-winbind
  libpanel-applet-4-0 libparams-classify-perl libpcre3-dev libpcrecpp0 libpeas-1.0-0 libpeas-common libperl5.14 libpipeline1 libpload4 libpodofo0.9.0
  libpoe-component-resolver-perl libpoppler-glib8 libpoppler19 libportsmf0 libpostproc52 libprocps0 libpst4 libpt2.10.4 libptexenc1 libpython2.7
  libqt4-declarative libqtassistantclient4 libqtdbus4 libqtwebkit4 libquadmath0 libquicktime2 libquorum4 libquvi-scripts libquvi7 libraptor2-0 librasqal3
  libraw5 libregexp-reggrp-perl libreoffice libreoffice-base libreoffice-base-core libreoffice-calc libreoffice-common libreoffice-core libreoffice-draw
  libreoffice-emailmerge libreoffice-evolution libreoffice-filter-binfilter libreoffice-filter-mobiledev libreoffice-gnome libreoffice-gtk
  libreoffice-help-en-us libreoffice-impress libreoffice-java-common libreoffice-math libreoffice-officebean libreoffice-report-builder-bin
  libreoffice-style-galaxy libreoffice-style-tango libreoffice-writer libresid-builder0c2a librest-0.7-0 librest-extras-0.7-0 librhythmbox-core6 librpm3
  librpmbuild3 librpmio3 librpmsign1 libruby1.9.1 libsaamf3 libsackpt3 libsaclm3 libsaevt3 libsalck3 libsam4 libsamsg4 libsane-common
  libsane-extras-common libsatmr3 libsbsms10 libseed-gtk3-0 libsidplay2 libsigsegv2 libsocialweb-client2 libsocialweb-common libsocialweb-service
  libsocialweb0 libsocket-getaddrinfo-perl libsocket-perl libsonic0 libsoundtouch0 libsox2 libspeechd2 libspice-client-glib-2.0-1
  libspice-client-gtk-2.0-1 libspice-server1 libssl-doc libssl1.0.0 libstdc++6-4.7-dev libsvm-tools libswitch-perl libswscale2 libsystemd-daemon0
  libsystemd-login0 libtagc0 libtelepathy-farstream2 libtelepathy-logger2 libtest-warn-perl libtinfo-dev libtinfo5 libtirpc1 libtokyocabinet9 libtotem-pg4
  libtotem0 libtqsllib1 libtracker-sparql-0.14-0 libtree-dagnode-perl libts-dev libucommon5 libumfpack5.4.0 libunique-3.0-0 libupnp6 libusbredirhost1
  libusbredirparser0 libv4lconvert0 libverto-libev1 libverto1 libvisio-0.0-0 libvlccore5 libvo-aacenc0 libvo-amrwbenc0 libvorbisidec1 libvotequorum4
  libvpx1 libvte-2.90-9 libvte-2.90-common libwacom-common libwacom2 libwebkitgtk-1.0-0 libwebkitgtk-1.0-common libwebkitgtk-3.0-0 libwebkitgtk-3.0-common
  libwebp2 libwebrtc-audio-processing-0 libwildmidi-config libwireshark-data libwireshark2 libwiretap2 libwnck-3-0 libwnck-3-common libwpd-0.9-9
  libwpg-0.2-2 libwps-0.2-2 libwsutil2 libwv-1.2-4 libwww-robotrules-perl libx11-doc libx11-protocol-perl libx264-123 libx264-124 libx264-130 libx264-132
  libxalan2-java libxcb-composite0 libxcb-glx0 libxcb-shape0 libxcb-shm0-dev libxcb-util0 libxen-4.1 libxml-commons-external-java
  libxml-commons-resolver1.1-java libxml-sax-base-perl libxmlrpc-c++4 libxmlrpc-core-c3 libxz-java libyajl2 libyaml-0-2 libyaml-perl libyelp0 libzrtpcpp2
  libzvbi-common libzvbi0 lightsoff linphone-nogtk linux-headers-3.2.0-4-amd64 linux-headers-3.2.0-4-common linux-headers-amd64 linux-image-3.2.0-4-amd64
  linux-image-amd64 linux-kbuild-3.2 live-boot-doc live-config-doc live-manual-html mahjongg memtest86+ minissdpd mono-4.0-gac mono-dmcs mscompress
  multiarch-support mupen64plus-audio-all mupen64plus-audio-sdl mupen64plus-data mupen64plus-input-all mupen64plus-input-sdl mupen64plus-rsp-all
  mupen64plus-rsp-hle mupen64plus-rsp-z64 mupen64plus-ui-console mupen64plus-video-all mupen64plus-video-arachnoid mupen64plus-video-glide64
  mupen64plus-video-rice mupen64plus-video-z64 mutter-common mysql-client-5.5 mysql-server-5.5 mysql-server-core-5.5 mythes-en-us openarena-081-maps
  openarena-081-misc openarena-081-players openarena-081-players-mature openarena-081-textures openarena-085-data openarena-088-data packagekit
  packagekit-backend-aptcc packagekit-tools planner-data planner-doc poppler-data printer-driver-all printer-driver-c2050 printer-driver-c2esp
  printer-driver-cjet printer-driver-escpr printer-driver-foo2zjs printer-driver-gutenprint printer-driver-hpcups printer-driver-hpijs
  printer-driver-m2300w printer-driver-min12xxw printer-driver-pnm2ppa printer-driver-postscript-hp printer-driver-ptouch printer-driver-pxljr
  printer-driver-sag-gdi printer-driver-splix psutils python-aptdaemon.gtk3widgets python-aptdaemon.gtkwidgets python-bzrlib python-dbus-dev
  python-debianbts python-defer python-dnspython python-fpconst python-gi python-gi-cairo python-gi-dev python-gobject-2 python-gobject-2-dev
  python-keyring python-launchpadlib python-lazr.restfulclient python-lazr.uri python-liblarch python-liblarch-gtk python-magic python-oauth
  python-packagekit python-pyatspi2 python-pyparsing python-repoze.lru python-routes python-setools python-simplejson python-soappy python-speechd
  python-spice-client-gtk python-wadllib python-webob python-zeitgeist python2.7 python2.7-dev python2.7-minimal qdbus quadrapassel remmina-common
  rhythmbox-data rpcbind rtkit ruby ruby1.9.1 shotwell-common smartdimmer software-properties-common sound-theme-freedesktop speech-dispatcher
  sphinx-common sphinx-doc swell-foop syslinux-themes-debian syslinux-themes-debian-wheezy tdb-tools telepathy-haze telepathy-logger telepathy-rakia
  tex-gyre ttf-marvosym wireless-regdb xbrlapi xorg-sgml-doctools xorriso xserver-xorg-input-mouse xserver-xorg-input-vmmouse xulrunner-17.0 yelp-xsl
  zeitgeist-core zenity-common
The following packages have been kept back:
  acroread-debian-files db4.8-util hibernate ia32-libs ia32-libs-gtk libboost-dev libboost-serialization-dev opensc wine
The following packages will be upgraded:
  abcde abiword abiword-common abiword-plugin-grammar abiword-plugin-mathview acpi acpi-fakekey acpi-support acpi-support-base acpid acroread-data
  acroread-dictionary-en acroread-l10n-en adduser alacarte alsa-base alsa-utils amb-plugins anacron analog ant ant-optional apache2 apache2-doc
  apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common app-install-data apt apt-file apt-utils apt-xapian-index aptdaemon aptitude
  aqbanking-tools aspell aspell-en asterisk asterisk-config asterisk-core-sounds-en-gsm asterisk-doc asterisk-voicemail astyle at audacity audacity-data
  augeas-lenses augeas-tools autoconf autoconf-doc automake automake1.9 autopoint autotools-dev avahi-autoipd avahi-daemon avidemux avidemux-common
  avidemux-plugins aview ax25-tools banshee baobab base-files base-passwd bash bash-completion bc bind9-doc bind9-host bind9utils binfmt-support binutils
  bison bluez-cups bogofilter bogofilter-bdb bogofilter-common brasero brasero-common bridge-utils browser-plugin-gnash bsd-mailx bsdmainutils bsdutils
  busybox buzztard buzztard-data bwidget bzip2 bzr bzrtools ca-certificates calibre calibre-bin ccache cd-discid cdebootstrap cdparanoia cdrdao
  checkpolicy cheese cheese-common chromium-browser chromium-browser-inspector cifs-utils cl-asdf cli-common clisp comerr-dev common-lisp-controller
  console-common console-data console-tools consolekit coreutils cowbuilder cowdancer cpio cpp cpp-4.4 cpufrequtils cracklib-runtime crawl-common
  crawl-tiles cron cryptsetup cups cups-bsd cups-client cups-common cups-driver-gutenprint cups-pk-helper cups-ppdc cupsddk curl curlftpfs cvs cw dash
  dasher dasher-data dbus dbus-x11 dc dcraw dctrl-tools debconf debconf-i18n debhelper debian-archive-keyring debian-faq debian-keyring debianutils debirf
  debootstrap desktop-base desktop-file-utils devhelp devhelp-common devscripts dialog dict dictionaries-common diffstat diffutils djtools dkms dmidecode
  dmsetup dnsmasq-base dnsutils doc-debian docbook docbook-dsssl docbook-to-man docbook-utils docbook-xml docbook-xsl docbook-xsl-doc-html docky dosemu
  dosfstools dpatch dpkg dpkg-dev dput dvd+rw-tools dvi2ps dynagen dynamips e2fslibs e2fsprogs ebtables ed eject ekiga emacs23-bin-common emacs23-common
  emacs23-nox emacsen-common emdebian-archive-keyring empathy empathy-common eog epiphany-browser epiphany-browser-data epiphany-extensions esound-common
  espeak espeak-data ethtool evince evince-common evolution evolution-common evolution-data-server evolution-data-server-common evolution-exchange
  evolution-plugins evolution-webcal exif exiftags exim4 exim4-base exim4-config exim4-daemon-light exiv2 f-spot fakechroot fakeroot fancontrol fceu
  fcrackzip fdupes feynmf file file-roller finch findutils firmware-iwlwifi firmware-linux-free firmware-linux-nonfree flac flashrom fldigi flex
  fontconfig fontconfig-config foo2zjs foomatic-db foomatic-db-engine foomatic-db-gutenprint foomatic-filters fping freedesktop-sound-theme freeglut3
  freetds-common ftp fuse-utils g++ g++-4.4 g++-4.4-multilib g++-multilib gawk gcalctool gcc gcc-4.4 gcc-4.4-base gcc-4.4-doc gcc-4.4-multilib
  gcc-doc-base gcc-multilib gcj-jre gcj-jre-headless gconf-defaults-service gconf-editor gconf2 gconf2-common gddrescue gdebi gdebi-core gedit
  gedit-common gedit-plugins genisoimage geoclue geoclue-hostip geoclue-localnet geoclue-manual geoclue-yahoo geoip-database gettext gettext-base
  ghostscript ghostscript-cups gimp gimp-data git git-buildpackage git-core git-svn gitk gksu glade gnash gnash-common gnash-opengl
  gnome-accessibility-themes gnome-applets-data gnome-backgrounds gnome-cards-data gnome-common gnome-control-center gnome-control-center-dev
  gnome-desktop-data gnome-dictionary gnome-disk-utility gnome-do gnome-do-plugins gnome-doc-utils gnome-games gnome-games-data gnome-games-extra-data
  gnome-icon-theme gnome-js-common gnome-keyring gnome-mag gnome-media gnome-menus gnome-nettool gnome-orca gnome-panel-data gnome-pkg-tools
  gnome-power-manager gnome-rdp gnome-screensaver gnome-screenshot gnome-search-tool gnome-session gnome-session-bin gnome-session-canberra
  gnome-session-common gnome-settings-daemon gnome-settings-daemon-dev gnome-system-log gnome-system-monitor gnome-system-tools gnome-terminal
  gnome-terminal-data gnome-user-guide gnomint gnu-fdisk gnucash-docs gnuchess gnumeric gnumeric-common gnupg gnupg-agent gocr google-talkplugin gparted
  gpgv gpredict gpscorrelate grep groff-base grub-common grub-legacy gsfonts-x11 gsmartcontrol gstreamer0.10-alsa gstreamer0.10-buzztard
  gstreamer0.10-buzztard-doc gstreamer0.10-doc gstreamer0.10-ffmpeg gstreamer0.10-ffmpeg-dbg gstreamer0.10-fluendo-mp3 gstreamer0.10-gnonlin
  gstreamer0.10-gnonlin-dbg gstreamer0.10-gnonlin-doc gstreamer0.10-nice gstreamer0.10-plugins-bad gstreamer0.10-plugins-bad-dbg
  gstreamer0.10-plugins-bad-doc gstreamer0.10-plugins-base gstreamer0.10-plugins-base-apps gstreamer0.10-plugins-base-dbg gstreamer0.10-plugins-base-doc
  gstreamer0.10-plugins-good gstreamer0.10-plugins-good-dbg gstreamer0.10-plugins-good-doc gstreamer0.10-plugins-ugly gstreamer0.10-plugins-ugly-dbg
  gstreamer0.10-plugins-ugly-doc gstreamer0.10-pulseaudio gstreamer0.10-tools gstreamer0.10-x gtg gthumb gthumb-data gtk2-engines gtk2-engines-pixbuf
  gucharmap guile-1.6 guile-1.6-libs guile-1.8-libs gvfs gvfs-backends gvfs-bin gzip hal hamster-applet hardinfo hddtemp hdparm hfsprogs hostname hp-ppd
  hpijs hplip hplip-cups hplip-data htmldoc htmldoc-common iamerican ibritish iceweasel ifupdown ijsgutenprint imagemagick imagemagick-doc info
  initramfs-tools initscripts inkscape insserv install-info installation-report intltool iotop iproute ipsec-tools iptables iptraf iputils-ping
  ircd-hybrid irssi isc-dhcp-client isc-dhcp-common isc-dhcp-server iscsitarget-dkms iso-codes ispell jack jadetex java-common jigdo-file keyanalyze
  keyboard-configuration keychain klibc-utils kpartx krb5-admin-server krb5-auth-dialog krb5-config krb5-doc krb5-kdc krb5-kdc-ldap krb5-multidev
  krb5-pkinit krb5-user lacheck lame latex-beamer latex-xcolor less lesstif2 lesstif2-dev lib32asound2 lib32bz2-1.0 lib32gcc1 lib32gomp1 lib32ncurses5
  lib32ncurses5-dev lib32nss-mdns lib32readline5 lib32stdc++6 lib32v4l-0 lib32z1 lib32z1-dev liba52-0.7.4 libaa1 libaa1-dev libacl1 libaften0
  libaiksaurus-1.2-0c2a libaiksaurus-1.2-data libaiksaurusgtk-1.2-0c2a libaio1 libalgorithm-diff-xs-perl libany-moose-perl libanyevent-perl libao-common
  libao4 libapache-dbi-perl libapache2-mod-apreq2 libapache2-mod-dnssd libapache2-mod-perl2 libapache2-mod-php5 libapache2-mod-python
  libapache2-request-perl libappconfig-perl libapr1 libapreq2 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libapt-pkg-perl libaqbanking-data
  libarchive-zip-perl libart-2.0-2 libart-2.0-dev libart2.0-cil libasn1-8-heimdal libasound2 libasound2-dev libasound2-plugins libaspell15 libass4
  libasync-interrupt-perl libasyncns0 libatasmart4 libatk1.0-0 libatk1.0-data libatk1.0-dev libatk1.0-doc libatspi1.0-0 libattr1 libaudio-dev libaudio2
  libaudiofile-dev libaudit0 libaugeas0 libavahi-client-dev libavahi-client3 libavahi-common-data libavahi-common-dev libavahi-common3 libavahi-core7
  libavahi-glib-dev libavahi-glib1 libavahi-gobject0 libavahi-ui0 libavc1394-0 libax25 libb-hooks-endofscope-perl libb-keywords-perl libbind9-60
  libblas3gf libblkid1 libbluetooth3 libbml0 libboo2.0.9-cil libbrlapi0.5 libbs2b0 libbsd0 libburn4 libbusiness-paypal-api-perl
  libbusiness-tax-vat-validation-perl libbuzztard0 libbz2-1.0 libc-ares2 libc-bin libc-dev-bin libc6 libc6-dev libc6-dev-i386 libc6-i386 libcaca-dev
  libcaca0 libcache-fastmmap-perl libcairo-perl libcairo2 libcairo2-dev libcairomm-1.0-1 libcairomm-1.0-dev libcanberra-gtk0 libcanberra0 libcap-ng0
  libcap2 libcap2-bin libcapture-tiny-perl libccid libcdaudio1 libcddb-get-perl libcddb2 libcdparanoia0 libcdt4 libchm-bin libchm1 libck-connector0
  libclass-c3-perl libclass-c3-xs-perl libclass-insideout-perl libclass-inspector-perl libclass-method-modifiers-perl libclass-methodmaker-perl
  libclone-perl libclutter-1.0-0 libcolamd2.7.1 libcolor-calc-perl libcomedi0 libcomerr2 libcommon-sense-perl libcommons-beanutils-java
  libcommons-collections3-java libcommons-compress-java libcommons-digester-java libcommons-logging-java libconfig-inifiles-perl libconfig-json-perl
  libconfig-tiny-perl libconsole libcontextual-return-perl libconvert-asn1-perl libcoro-perl libcorosync4 libcpufreq-dev libcpufreq0 libcrack2 libcroco3
  libcrypt-openssl-bignum-perl libcrypt-openssl-random-perl libcrypt-openssl-rsa-perl libcrypt-passwdmd5-perl libcrypt-ssleay-perl libcss-minifier-xs-perl
  libcss-packer-perl libcups2 libcupscgi1 libcupsdriver1 libcupsimage2 libcupsmime1 libcupsppdc1 libcurl3 libcurl3-gnutls libcurses-perl libcwidget3
  libdata-optlist-perl libdata-structure-util-perl libdata-visitor-perl libdatetime-format-http-perl libdatetime-perl libdatetime-set-perl
  libdatetime-timezone-perl libdatrie1 libdb-dev libdb-je-java libdbd-mysql-perl libdbi-perl libdbus-1-3 libdbus-1-dev libdbus-glib-1-2 libdbus-glib-1-dev
  libdc1394-22 libdca0 libdebian-installer-extra4 libdebian-installer4 libdevel-globaldestruction-perl libdevel-size-perl libdevel-stacktrace-perl
  libdevel-symdump-perl libdevmapper1.02.1 libdigest-hmac-perl libdirac-decoder0 libdirac-encoder0 libdirectfb-1.2-9 libdirectfb-extra libdiscid0
  libdjvulibre-text libdjvulibre21 libdns69 libdpkg-perl libdrm-dev libdrm-intel1 libdrm-nouveau1a libdrm-radeon1 libdrm2 libdv4 libdvdcss2 libdvdnav4
  libdvdread4 libedit2 libelf1 libelfg0 libemail-address-perl libenca0 libenchant1c2a libengine-pkcs11-openssl libepc-common libesd0 libesd0-dev
  libespeak1 libevolution libexception-class-perl libexempi3 libexif12 libexpat1 libexpat1-dev libexpect-perl libfaac0 libfaad2 libfcgi-perl libfcgi0ldbl
  libffi-dev libffi5 libfftw3-3 libfile-homedir-perl libfile-libmagic-perl libfile-mmagic-perl libfile-slurp-perl libfile-which-perl libfilter-perl
  libfinance-quote-perl libflac++6 libflac8 libflickrnet2.2-cil libflite1 libfltk1.1 libfluidsynth1 libfontconfig1 libfontconfig1-dev libfontenc1
  libfreetype6 libfreetype6-dev libfribidi0 libfs6 libftdi-dev libftdi1 libfuse2 libgail-common libgail-dev libgail18 libgc1c2 libgcc1 libgcj-bc
  libgcj-common libgconf2-4 libgconf2-dev libgconf2.0-cil libgcrypt11 libgcrypt11-dev libgd-gd2-noxpm-perl libgdata-common libgdbm3 libgdict-1.0-6
  libgdiplus libgdome2-0 libgdome2-cpp-smart0c2a libgdu-gtk0 libgdu0 libgee2 libgeoclue0 libgeoip1 libgfortran3 libgif4 libgimp2.0 libgio-cil libgksu2-0
  libgl1-mesa-dev libgl1-mesa-dri libgl1-mesa-glx libglade2.0-cil libgladeui-1-9 libglib-perl libglib2.0-0 libglib2.0-cil libglib2.0-data libglib2.0-dev
  libglib2.0-doc libglibmm-2.4-1c2a libglibmm-2.4-dev libglu1-mesa libglu1-mesa-dev libgnome-desktop-2-17 libgnome-desktop-dev libgnome-keyring-dev
  libgnome-keyring0 libgnome-keyring1.0-cil libgnome-mag2 libgnome-menu2 libgnome-speech7 libgnome-vfs2.0-cil libgnome2-0 libgnome2-canvas-perl
  libgnome2-common libgnome2-dev libgnome2-perl libgnome2-vfs-perl libgnome2.24-cil libgnomecanvas2-0 libgnomecanvas2-common libgnomecanvas2-dev
  libgnomedesktop2.20-cil libgnomekbd-common libgnomeui-0 libgnomeui-common libgnomeui-dev libgnomevfs2-0 libgnomevfs2-common libgnomevfs2-dev
  libgnomevfs2-extra libgnupg-interface-perl libgnutls-dev libgnutls26 libgoffice-0.8-8 libgoffice-0.8-8-common libgomp1 libgpg-error-dev libgpg-error0
  libgpgme11 libgphoto2-2 libgphoto2-port0 libgpm2 libgpod-common libgpod4 libgraph4 libgsf-1-114 libgsf-1-common libgsl0ldbl libgsm0710-0 libgsm1
  libgssapi-krb5-2 libgssglue1 libgssrpc4 libgstbuzztard0 libgstreamer-plugins-base0.10-0 libgstreamer-plugins-base0.10-dev libgstreamer0.10-0
  libgstreamer0.10-0-dbg libgstreamer0.10-dev libgtk-vnc-1.0-0 libgtk2-perl libgtk2.0-0 libgtk2.0-bin libgtk2.0-cil libgtk2.0-common libgtk2.0-dev
  libgtk2.0-doc libgtkglext1 libgtkhtml3.14-19 libgtkimageview0 libgtkmathview0c2a libgtkmm-2.4-1c2a libgtkmm-2.4-dev libgtop2-7 libgtop2-common
  libgtop2-dev libguard-perl libgudev-1.0-0 libguile-ltdl-1 libgutenprint2 libgvc5 libgweather-common libhal-dev libhal-storage1 libhal1 libhamlib2
  libhpmud0 libhsqldb-java libhtml-packer-perl libhtml-parser-perl libhtml-tableextract-perl libhtml-tagcloud-perl libhtml-template-expr-perl
  libhtml-template-perl libhtml-tree-perl libhtml-treebuilder-xpath-perl libhttp-server-simple-perl libhx509-5-heimdal libhyphen0 libical0 libice-dev
  libice6 libicu44 libicu4j-java libidl-dev libidl0 libidn11 libidn11-dev libieee1284-3 libijs-0.35 libilmbase6 libimage-exif-perl libimage-exiftool-perl
  libio-pty-perl libio-socket-inet6-perl libio-socket-ssl-perl libio-stringy-perl libio-stty-perl libipc-run-perl libiptcdata0 libisc62 libisccc60
  libisccfg62 libisofs6 libiw30 libjack0 libjasper1 libjavascript-minifier-xs-perl libjavascript-packer-perl libjaxp1.3-java libjaxp1.3-java-gcj
  libjbig2dec0 libjline-java libjpeg-progs libjpeg62 libjpeg8 libjs-jquery libjs-yui libjson-any-perl libjson-glib-1.0-0 libjson-perl libjson-xs-perl
  libjtidy-java libk5crypto3 libkadm5clnt-mit7 libkadm5srv-mit7 libkate1 libkdb5-4 libkeyutils1 libklibc libkms1 libkrb5-26-heimdal libkrb5-3
  libkrb5support0 libktoblzcheck1c2a liblapack3gf liblcms1 libldap-2.4-2 liblink-grammar4 liblircclient0 liblist-moreutils-perl liblocale-gettext-perl
  liblocales-perl liblockfile1 liblog-dispatch-perl liblog4c3 liblog4cxx10 libloudmouth1-0 liblouis-data liblouis2 liblqr-1-0 libltdl-dev libltdl7
  liblua5.1-0 liblua5.1-0-dev liblucene2-java liblwres60 liblzo2-2 libmad0 libmagic1 libmagick++3 libmagickcore3 libmagickcore3-extra libmagickwand3
  libmailtools-perl libmeanwhile1 libmime-tools-perl libmime-types-perl libmimic0 libmms0 libmng1 libmodplug1 libmodule-find-perl libmodule-starter-perl
  libmono-accessibility2.0-cil libmono-addins-gui0.2-cil libmono-addins0.2-cil libmono-c5-1.1-cil libmono-cairo2.0-cil libmono-cecil-private-cil
  libmono-corlib2.0-cil libmono-cscompmgd8.0-cil libmono-data-tds2.0-cil libmono-db2-1.0-cil libmono-i18n-west2.0-cil libmono-i18n2.0-cil
  libmono-ldap2.0-cil libmono-management2.0-cil libmono-messaging-rabbitmq2.0-cil libmono-messaging2.0-cil libmono-microsoft-build2.0-cil
  libmono-microsoft8.0-cil libmono-npgsql2.0-cil libmono-oracle2.0-cil libmono-peapi2.0-cil libmono-posix2.0-cil libmono-rabbitmq2.0-cil
  libmono-relaxng2.0-cil libmono-security2.0-cil libmono-sharpzip2.6-cil libmono-sharpzip2.84-cil libmono-simd2.0-cil libmono-sqlite2.0-cil
  libmono-system-data-linq2.0-cil libmono-system-data2.0-cil libmono-system-ldap2.0-cil libmono-system-messaging2.0-cil libmono-system-runtime2.0-cil
  libmono-system-web-mvc1.0-cil libmono-system-web-mvc2.0-cil libmono-system-web2.0-cil libmono-system2.0-cil libmono-tasklets2.0-cil libmono-wcf3.0-cil
  libmono-windowsbase3.0-cil libmono-winforms2.0-cil libmono-zeroconf1.0-cil libmono2.0-cil libmoose-perl libmouse-perl libmp3lame0 libmpc2 libmpcdec6
  libmpfr4 libmpg123-0 libmusicbrainz3-6 libmysqlclient-dev libmysqlclient16 libmythes-1.2-0 libnamespace-autoclean-perl libnamespace-clean-perl
  libncurses5 libncurses5-dev libncursesw5 libncursesw5-dev libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libneon27 libneon27-gnutls libnet-daemon-perl
  libnet-dbus-perl libnet-dns-perl libnet-ip-perl libnet-ldap-perl libnet-libidn-perl libnet-netmask-perl libnet-oauth-perl libnet-snmp-perl
  libnet-ssleay-perl libnet1 libnet1-dev libnet6-1.3-0 libnetaddr-ip-perl libnetpbm10 libnewt0.52 libnfnetlink0 libnfsidmap2 libnl1 libnm-glib-dev
  libnm-glib-vpn-dev libnm-glib-vpn1 libnm-util-dev libnotify-dev libnotify0.4-cil libnspr4-0d libnss-mdns libnss3-1d libnunit-cil-dev libofa0 libogg0
  liboobs-1-dev libopenais3 libopenal1 libopencore-amrnb0 libopencore-amrwb0 libopenct1 libopenexr6 libopenjpeg2 libopenraw1 libopenrawgnome1 libopts25
  liborbit2 liborbit2-dev liborc-0.4-0 libortp8 libosp5 libossp-uuid-perl libossp-uuid16 libostyle1c2 libotr2 libots0 libpackage-deprecationmanager-perl
  libpackage-stash-perl libpam-cracklib libpam-gnome-keyring libpam-ldap libpam-modules libpam-p11 libpam-runtime libpam0g libpam0g-dev libpango-perl
  libpango1.0-0 libpango1.0-dev libpango1.0-doc libpangomm-1.4-1 libpangomm-1.4-dev libpaper-utils libpaper1 libparams-util-perl libparams-validate-perl
  libparse-debcontrol-perl libparse-debianchangelog-perl libparse-recdescent-perl libparted0debian1 libpath-class-perl libpathplan4 libpcap0.8
  libpcap0.8-dev libpci3 libpciaccess-dev libpciaccess0 libpcre3 libpcsc-perl libpcsclite-dev libpcsclite1 libperl-critic-perl libperlio-eol-perl
  libphonon4 libpixman-1-0 libpixman-1-dev libpkcs11-helper1 libplist1 libplot2c2 libpng12-0 libpng12-dev libpod-coverage-perl libpoe-api-peek-perl
  libpoe-component-client-http-perl libpoe-component-client-keepalive-perl libpoe-component-ikc-perl libpoe-perl libpolkit-agent-1-0 libpolkit-backend-1-0
  libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpoppler-glib4 libpoppler5 libpopt-dev libpopt0 libportaudio2 libppi-perl libppix-regexp-perl
  libppix-utilities-perl libpq5 libproxy0 libpstoedit0c2a libpthread-stubs0 libpthread-stubs0-dev libpulse-dev libpulse-mainloop-glib0 libpulse0
  libpurple0 libpython2.6 libqdbm14 libqpol1 libqt4-assistant libqt4-core libqt4-dbus libqt4-designer libqt4-gui libqt4-help libqt4-network libqt4-opengl
  libqt4-qt3support libqt4-script libqt4-scripttools libqt4-sql libqt4-sql-mysql libqt4-svg libqt4-test libqt4-webkit libqt4-xml libqt4-xmlpatterns
  libqtcore4 libqtgui4 libraptor1 libraw1394-11 librdf0 libreadline-dev libreadline5 libreadline6 libreadline6-dev libreadonly-perl libreadonly-xs-perl
  librecode0 libregexp-assemble-perl libregexp-common-perl libregexp-java libresample1 libroken18-heimdal librpc-xml-perl librpcsecgss3 librsvg2-2
  librsvg2-2.18-cil librsvg2-common librtmp0 libruby1.8 libsamplerate0 libsane libsane-extras libsane-hpaio libsasl2-2 libsasl2-modules
  libschroedinger-1.0-0 libsctp1 libsdl-image1.2 libsdl-ttf2.0-0 libsdl1.2debian libselinux1 libselinux1-dev libsemanage-common libsemanage1
  libsensors-applet-plugin0 libsensors4 libsepol1 libsepol1-dev libservlet2.5-java libsetools-tcl libsgutils2-2 libshout3 libsigc++-2.0-0c2a
  libsigc++-2.0-dev libslang2 libslang2-dev libslp1 libslv2-9 libsm-dev libsm6 libsmbclient libsmi2ldbl libsndfile1 libsnmp-base libsnmp15
  libsoap-lite-perl libsocket6-perl libsofia-sip-ua-glib3 libsofia-sip-ua0 libsoup-gnome2.4-1 libsoup-gnome2.4-dev libsoup2.4-1 libsoup2.4-dev
  libsox-fmt-all libsox-fmt-alsa libsox-fmt-ao libsox-fmt-base libsox-fmt-ffmpeg libsox-fmt-mp3 libsox-fmt-oss libsox-fmt-pulse libsp1c2 libspandsp2
  libspectre1 libspeex1 libspeexdsp1 libsqlite0 libsqlite3-0 libsqlite3-dev libsrtp0 libss2 libssh-4 libssh2-1 libssl-dev libstartup-notification0
  libstartup-notification0-dev libstdc++6 libstdc++6-4.4-dev libstrongswan libsub-exporter-perl libsub-identify-perl libsub-install-perl libsub-name-perl
  libsub-uplevel-perl libsvga1 libsvga1-dev libsvn-perl libsvn1 libsybdb5 libsysfs-dev libsysfs2 libt1-5 libtag1-vanilla libtag1c2a libtaglib2.0-cil
  libtalloc2 libtar libtasn1-3 libtasn1-3-dev libtdb1 libtelepathy-glib0 libtemplate-perl libterm-readkey-perl libterm-size-perl
  libtest-checkmanifest-perl libtest-class-perl libtest-deep-perl libtest-exception-perl libtest-mockobject-perl libtest-pod-perl libtext-aspell-perl
  libtext-charwidth-perl libtext-csv-perl libtext-csv-xs-perl libtext-iconv-perl libtext-template-perl libthai-data libthai0 libtheora0 libtidy-0.99-0
  libtie-cphash-perl libtie-toobject-perl libtiff4 libtime-format-perl libtool libtotem-plparser17 libtry-tiny-perl libts-0.0-0 libtwolame0 libudev-dev
  libudev0 libuniconf4.6 libunique-1.0-0 libunistring0 libuniversal-can-perl libuniversal-isa-perl libupower-glib-dev libupower-glib1 liburi-perl
  libusb-0.1-4 libusb-1.0-0 libusb-1.0-0-dev libusb-dev libusbmuxd1 libustr-1.0-1 libutempter0 libuuid-perl libuuid1 libv4l-0 libva-x11-1 libva1
  libvamp-hostsdk3 libvariable-magic-perl libvcdinfo0 libvde0 libvdeplug2 libvirt-bin libvirt0 libvisual-0.4-0 libvlc5 libvorbis0a libvorbisenc2
  libvorbisfile3 libvpb0 libvte-common libvte0.16-cil libvte9 libwant-perl libwavpack1 libwbclient0 libwebkit1.1-cil libwildmidi1 libwind0-heimdal
  libwmf0.2-7 libwnck-common libwnck-dev libwnck2.20-cil libwnck22 libwrap0 libwvstreams4.6-base libwvstreams4.6-extras libwww-mechanize-perl libwww-perl
  libwxbase2.8-0 libwxgtk2.8-0 libx11-6 libx11-data libx11-dev libx11-xcb1 libx86-1 libxapian22 libxau-dev libxau6 libxaw7 libxcb-dri2-0 libxcb-keysyms1
  libxcb-randr0 libxcb-render-util0 libxcb-render-util0-dev libxcb-render0 libxcb-render0-dev libxcb-shm0 libxcb-xv0 libxcb1 libxcb1-dev libxcomposite-dev
  libxcomposite1 libxcursor-dev libxcursor1 libxdamage-dev libxdamage1 libxdg-basedir1 libxdmcp-dev libxdmcp6 libxdot4 libxenstore3.0 libxerces2-java
  libxerces2-java-gcj libxext-dev libxext6 libxfixes-dev libxfixes3 libxfont1 libxft-dev libxft2 libxi-dev libxi6 libxinerama-dev libxinerama1
  libxkbfile-dev libxkbfile1 libxklavier-dev libxklavier16 libxml-feedpp-perl libxml-libxml-perl libxml-parser-perl libxml-regexp-perl
  libxml-sax-expat-perl libxml-sax-perl libxml-simple-perl libxml-twig-perl libxml-xpathengine-perl libxml2 libxml2-dev libxml2-doc libxml2-utils libxmu6
  libxmuu1 libxp-dev libxp6 libxpm4 libxrandr-dev libxrandr2 libxrender-dev libxrender1 libxres-dev libxres1 libxslt1-dev libxslt1.1 libxss1 libxt-dev
  libxt6 libxtst6 libxv1 libxvidcore4 libxvmc1 libxxf86dga1 libxxf86vm-dev libxxf86vm1 libyaml-syck-perl libzbar0 libzephyr4 liferea liferea-data
  link-grammar-dictionaries-en links linphone linphone-common lintian linux-base linux-headers-2.6-amd64 linux-headers-2.6.32-5-common
  linux-image-2.6-amd64 linux-image-2.6.32-5-amd64 linux-libc-dev linux-source-2.6.32 live-build lm-sensors lmodern locales lockfile-progs login logjam
  logrotate lsb-base lsb-release lsof luatex lvm2 lwresd lzma m4 make make-doc makedev makepasswd man-db manpages manpages-dev mawk mdadm
  media-player-info mencoder menu mercurial mercurial-common mesa-common-dev mesa-utils metacity-common mic2 mime-support mingw32-binutils mjpegtools
  mktemp mlocate mobile-broadband-provider-info modemmanager module-init-tools mono-2.0-gac mono-csharp-shell mono-gac mono-gmcs mono-mcs mono-runtime
  mono-xbuild mount mousetweaks mozilla-plugin-gnash mpg123 mtd-utils mtools mupen64plus mutt myspell-en-us mysql-client mysql-common mysql-server nano
  nautilus nautilus-data nautilus-sendto nautilus-sendto-empathy nbd-client ncftp ncurses-base ncurses-bin ncurses-term ndisc6 net-tools netatalk netbase
  netcat-openbsd netcat-traditional netenv netpbm network-manager network-manager-dev network-manager-gnome network-manager-openvpn
  network-manager-openvpn-gnome network-manager-vpnc network-manager-vpnc-gnome nfs-common nfs-kernel-server nmap node normalize-audio notification-daemon
  ntp ntpdate nvclock obex-data-server obexd-client odbcinst odbcinst1debian2 open-iscsi openarena openarena-data openarena-server openbios-ppc
  openbios-sparc openbsd-inetd openhackware openjade openocd openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-common
  openoffice.org-draw openoffice.org-emailmerge openoffice.org-evolution openoffice.org-filter-binfilter openoffice.org-filter-mobiledev
  openoffice.org-gnome openoffice.org-gtk openoffice.org-help-en-us openoffice.org-impress openoffice.org-java-common openoffice.org-math
  openoffice.org-officebean openoffice.org-style-tango openoffice.org-thesaurus-en-us openoffice.org-writer openprinting-ppds openssh-blacklist
  openssh-blacklist-extra openssh-client openssh-server openssl openssl-blacklist openvpn openvpn-blacklist orbit2 org-mode os-prober oss-compat p7zip
  p7zip-full parted passwd patch patchutils pavucontrol pavumeter pbuilder pbzip2 pciutils pcmciautils pcsc-tools perl perl-base perl-doc perl-modules
  perlmagick perltidy pgf php-pear php-services-json php5-cli php5-common php5-dev pidgin pidgin-data pidgin-otr pidgin-sipe pinentry-gtk2 pkg-config
  planner pm-utils po-debconf po4a policycoreutils policykit-1 policykit-1-gnome poppler-utils popularity-contest powertop ppp ppp-dev pristine-tar
  procmail procps ps2eps psmisc pstoedit pulseaudio pulseaudio-esound-compat pulseaudio-module-x11 pulseaudio-utils purifyeps pwgen python python-apt
  python-apt-common python-aptdaemon python-aptdaemon-gtk python-axiom python-beautifulsoup python-brlapi python-cairo python-cddb python-central
  python-chardet python-cherrypy3 python-chm python-clientform python-coherence python-configobj python-crypto python-cssutils python-cups
  python-cupshelpers python-dateutil python-dbus python-debian python-demjson python-dev python-django python-django-tagging python-docutils
  python-evolution python-eyed3 python-feedparser python-gconf python-gdata python-gdbm python-glade2 python-gmenu python-gnome2 python-gnome2-desktop-dev
  python-gnome2-dev python-gnome2-doc python-gnomedesktop python-gnomekeyring python-gobject python-gobject-dev python-gpgme python-gst0.10 python-gtk-vnc
  python-gtk2 python-gtk2-dev python-gtk2-doc python-gtkglext1 python-gtksourceview2 python-html5lib python-httplib2 python-imaging python-iniparse
  python-ipy python-jinja2 python-libvirt python-libxml2 python-louis python-lxml python-mako python-markdown python-markupsafe python-mechanize
  python-minimal python-nevow python-notify python-numpy python-ogg python-old-doctools python-opengl python-openssl python-pam python-paramiko
  python-pexpect python-pkg-resources python-pyasn1 python-pyatspi python-pycurl python-pygments python-pykickstart python-pyorbit python-pypdf
  python-pysqlite2 python-pyvorbis python-qt4 python-rdflib python-renderpm python-reportbug python-reportlab python-reportlab-accel python-roman
  python-rpm python-rsvg python-selinux python-semanage python-sepolgen python-serial python-sip python-software-properties python-sphinx python-sqlite
  python-sqlitecachec python-support python-tagpy python-twisted-bin python-twisted-conch python-twisted-core python-twisted-web python-uno
  python-utidylib python-vte python-webkit python-wnck python-xapian python-xdg python-zope.interface python2.6 python2.6-dev python2.6-minimal
  qemu-keymaps qemu-kvm qemu-system qemu-user-static qemu-utils qt4-qtconfig quagga quagga-doc quilt radeontool rdesktop readline-common realpath recode
  remmina reportbug resolvconf rhythmbox rhythmbox-plugins rinse ripit rpm rpm-common rpm2cpio rsync rsyslog samba samba-common samba-common-bin samba-doc
  sane-utils scons screen seabios seahorse sed selinux-policy-default sensible-utils sensors-applet setools sflphone-daemon sflphone-data sflphone-gnome
  sgml-base sgml-data shared-mime-info sharutils shorewall-core shorewall6 shotwell siege signing-party simple-scan slapd smartmontools smbclient smistrip
  snd snd-gtk-pulse snmp software-center software-properties-gtk sound-juicer soundmodem sox sp spidermonkey-bin squashfs-tools ssh-krb5 sshfs ssl-cert
  strace strongswan strongswan-ikev1 strongswan-ikev2 strongswan-starter subversion sudo svn-buildpackage swat synaptic synergy syslinux syslinux-common
  system-config-printer system-config-printer-udev system-tools-backends system-tools-backends-dev sysv-rc sysvinit sysvinit-utils tar tasksel
  tasksel-data tcl tcl8.4 tcl8.5 tcpd tcpdump telepathy-gabble telepathy-mission-control-5 telepathy-salut telepathy-sofiasip tex-common texinfo
  texlive-base texlive-binaries texlive-common texlive-doc-base texlive-extra-utils texlive-font-utils texlive-fonts-recommended
  texlive-fonts-recommended-doc texlive-generic-recommended texlive-latex-base texlive-latex-base-doc texlive-latex-recommended
  texlive-latex-recommended-doc texlive-luatex texlive-metapost texlive-metapost-doc texlive-pstricks texlive-pstricks-doc texlive-xetex tidy time tinymce
  tipa tk tk8.4 tk8.5 tofrodos tomboy toshset totem totem-common totem-mozilla totem-plugins traceroute transfig transmission-cli transmission-common
  transmission-gtk trustedqsl tsconf ttf-ancient-fonts ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ttf-freefont ttf-lg-aboriginal ttf-liberation ttf-lyx
  ttf-opensymbol ttf-sil-gentium ttf-sil-gentium-basic ttf-takao ttf-takao-gothic ttf-takao-mincho ttf-thai-arundina ttf-thai-tlwg ttf-umefont ttf-umeplus
  ttf-unifont twm twolame tzdata ucf udev udisks ufraw-batch unattended-upgrades unetbootin unetbootin-translations unifont unixodbc uno-libs3 unp unrar
  unzip update-inetd update-manager-core update-manager-gnome update-notifier update-notifier-common upower ure usbmuxd usbutils util-linux vde2 vflib3
  vgabios vim-common vim-tiny vino virt-manager virt-viewer virtinst vlc-data vlc-nox vlc-plugin-notify vlc-plugin-pulse vpnc vzctl w3m wamerican wdiff
  wget whiptail whois winbind wireless-tools wireshark wireshark-common wordnet wordnet-base wordnet-gui wpasupplicant wvdial wwwconfig-common x11-apps
  x11-common x11-session-utils x11-utils x11-xfs-utils x11-xkb-utils x11-xserver-utils x11proto-composite-dev x11proto-core-dev x11proto-damage-dev
  x11proto-dri2-dev x11proto-fixes-dev x11proto-fonts-dev x11proto-gl-dev x11proto-input-dev x11proto-kb-dev x11proto-print-dev x11proto-randr-dev
  x11proto-render-dev x11proto-resource-dev x11proto-video-dev x11proto-xext-dev x11proto-xf86dri-dev x11proto-xf86vidmode-dev x11proto-xinerama-dev xauth
  xbase-clients xbitmaps xca xclip xdemorse xdg-user-dirs xdg-user-dirs-gtk xdg-utils xen-tools xen-utils-common xenstore-utils xfonts-100dpi
  xfonts-100dpi-transcoded xfonts-75dpi xfonts-75dpi-transcoded xfonts-a12k12 xfonts-ayu xfonts-baekmuk xfonts-base xfonts-bitmap-mule
  xfonts-biznet-100dpi xfonts-biznet-75dpi xfonts-biznet-base xfonts-cyrillic xfonts-efont-unicode xfonts-efont-unicode-ib xfonts-encodings
  xfonts-jisx0213 xfonts-kaname xfonts-kapl xfonts-mathml xfonts-mona xfonts-naga10 xfonts-scalable xfonts-terminus xfonts-terminus-dos
  xfonts-terminus-oblique xfonts-thai xfonts-thai-etl xfonts-thai-manop xfonts-thai-nectec xfonts-thai-poonlap xfonts-thai-vor xfonts-tipa xfonts-unifont
  xfonts-utils xfonts-wqy xindy xindy-rules xinit xkb-data xml-core xorg xorg-docs-core xoscope xsane xsane-common xserver-common xserver-xephyr
  xserver-xorg xserver-xorg-core xserver-xorg-dev xserver-xorg-input-all xserver-xorg-input-evdev xserver-xorg-input-synaptics xserver-xorg-input-wacom
  xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati xserver-xorg-video-chips xserver-xorg-video-cirrus xserver-xorg-video-fbdev
  xserver-xorg-video-i128 xserver-xorg-video-intel xserver-xorg-video-mach64 xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-openchrome xserver-xorg-video-r128 xserver-xorg-video-radeon xserver-xorg-video-rendition xserver-xorg-video-s3
  xserver-xorg-video-s3virge xserver-xorg-video-savage xserver-xorg-video-siliconmotion xserver-xorg-video-sis xserver-xorg-video-sisusb
  xserver-xorg-video-tdfx xserver-xorg-video-trident xserver-xorg-video-tseng xserver-xorg-video-vesa xserver-xorg-video-vmware xserver-xorg-video-voodoo
  xsltproc xterm xtightvncviewer xtrans-dev xutils-dev xz-utils yelp yum zenity zip zlib1g zlib1g-dev
2160 upgraded, 944 newly installed, 133 to remove and 9 not upgraded.
Need to get 90.5 MB/2,928 MB of archives.
After this operation, 1,287 MB of additional disk space will be used.
Do you want to continue [Y/n]? 

Planet Linux AustraliaMaxim Zakharov: Google Code Jam. Magic Trick

The Magic Trick is the Problem A of Google Code Jam 2014 Qualification Round.

Here is my solution for it in C language:


#include <stdio.h>

main() {
    int i, j, T, first, second,
	F[4], S[4], t[4], r, n;

    scanf("%d\n", &T);
    for (i = 0; i < T; i++) {
	printf("Case #%d: ", i + 1);
	scanf("%d", &first);
	for(j = 0; j < 4; j++) {
	    if (j == first - 1) {
		scanf("%d %d %d %d", F, F+1, F+2, F+3);
	    } else {
		scanf("%d %d %d %d", t, t+1, t+2, t+3); 
	    }
	}
	scanf("%d", &second);
	for(j = 0; j < 4; j++) {
	    if (j == second - 1) {
		scanf("%d %d %d %d", S, S+1, S+2, S+3);
	    } else {
		scanf("%d %d %d %d", t, t+1, t+2, t+3); 
	    }
	}
	n = 0;
	for(j = 0; j < 4; j++) {
	    if (F[j] == S[0] || F[j] == S[1] || F[j] == S[2] || F[j] == S[3]) {
		n++;
		r = F[j];
	    }
	}
	switch(n) {
	case 0: printf("Volunteer cheated!\n"); break;
	case 1: printf("%d\n", r); break;
	default:printf("Bad magician!\n");
	}
    }
}

,

Planet DebianMario Lang: Emacs Chess

Between 2001 and 2004, John Wielgley wrote emacs-chess, a rather complete Chess library for Emacs. I found it around 2004, and was immediately hooked. Why? Because Emacs is configurable, and I was hoping that I could customize the chessboard display much more than with any other console based chess program I have ever seen. And I was right. One of the four chessboard display types is exactly what I was looking for, chess-plain.el:

 ┌────────┐
8│tSlDjLsT│
7│XxXxXxXx│
6│ ⡀ ⡀ ⡀ ⡀│
5│⡀ ⡀ ⡀ ⡀ │
4│ ⡀ ⡀ ⡀ ⡀│
3│⡀ ⡀ ⡀ ⡀ │
2│pPpPpPpP│
1│RnBqKbNr│
 └────────┘
  abcdefgh

This might look confusing at first, but I have to admit that I grew rather fond of this way of displaying chess positions as ASCII diagrams. In this configuration, initial letters for (mostly) German chess piece names are used for the black pieces, and English chess piece names are used for the white pieces. Uppercase is used to indicate if a piece is on a black square and braille dot 7 is used to indicate an empty black square.

chess-plain is completely configurable though, so you can have more classic diagrams like this as well:

 ┌────────┐
8│rnbqkbnr│
7│pppppppp│
6│ + + + +│
5│+ + + + │
4│ + + + +│
3│+ + + + │
2│PPPPPPPP│
1│RNBQKBNR│
 └────────┘
  abcdefgh

Here, upper case letters indicate white pieces, and lower case letters black pieces. Black squares are indicated with a plus sign.

However, as with many Free Software projects, Emacs Chess was rather dormant in the last 10 years. For some reason that I can not even remember right now, my interest in Emacs Chess has been reignited roughly 5 weeks ago.

Universal Chess Interface

It all began when I did a casual apt-cache serch for chess engines, only to discover that a number of free chess engines had been developed and packaged for Debian in the last 10 years. In 2004 there was basically only GNUChess, Phalanx and Crafty. These days, a number of UCI based chess engines have been added, like Stockfish, Glaurung, Fruit or Toga2. So I started by learning how the new chess engine communication protocol, UCI, actually works. After a bit of playing around, I had a basic engine module for Emacs Chess that could play against Stockfish. After I had developed a thin layer for all things that UCI engines have in common (chess-uci.el), it was actually very easy to implement support for Stockfish, Glaurung and Fruit in Emacs Chess. Good, three new free engines supported.

Opening books

When I learnt about the UCI protocol, I discovered that most UCI engines these days do not do their own book handling. In fact, it is sort of expected from the GUI to do opening book moves. And here one thing led to another. There is quite good documentation about the Polyglot chess opening book binary format on the net. And since I absolutely love to write binary data decoders in Emacs Lisp (don't ask, I don't know why) I immediately started to write Polyglot book handling code in Emacs Lisp, see chess-polyglot.el.

It turns out that it is relatively simple and actually performs very good. Even a lookup in an opening book bigger than 100 megabytes happens more or less instantaneously, so you do not notice the time required to find moves in an opening book. Binary search is just great. And binary searching binary data in Emacs Lisp is really fun :-).

So Emacs Chess can now load and use polyglot opening book files. I integrated this functionality into the common UCI engine module, so Emacs Chess, when fed with a polyglot opening book, can now choose moves from that book instead of consulting the engine to calculate a move. Very neat! Note that you can create your own opening books from PGN collections, or just download a polyglot book made by someone else.

Internet Chess Servers

Later I reworked the internet chess server backend of Emacs Chess a bit (sought games are now displayed with tabulated-list-mode), and found and fixed some (rather unexpected) bugs in the way how legal moves are calculated (if we take the opponents rook, their ability to castle needs to be cleared).

Emacs Chess supports two of the most well known internet chess servers. The Free Internet Chess Server (FICS) and chessclub.com (ICC).

A Chess engine written in Emacs Lisp

And then I rediscovered my own little chess engine implemented in Emacs Lisp. I wrote it back in 2004, but never really finished it. After I finally found a small (but important) bug in the static position evaluation function, I was motivated enough to fix my native Emacs Lisp chess engine. I implemented quiescence search so that captue combinations are actually evaluated and not just pruned at a hard limit. This made the engine quite a bit slower, but it actually results in relatively good play. Since the thinking time went up, I implemented a small progress bar so one can actually watch what the engine is doing right now. chess-ai.el is a very small Lisp impelemtnation of a chess engine. Static evaluation, alpha beta and quiescence search included. It covers the basics so to speak. So if you don't have any of the above mentioned external engines installed, you can even play a game of Chess against Emacs directly.

Other features

The feature list of Emacs Chess is rather impressive. You can not just play a game of Chess against an engine, you can also play against another human (either via ICS or directly from Emacs to Emacs), view and edit PGN files, solve chess puzzles, and much much more. Emacs Chess is really a universal chess interface for Emacs.

Emacs-chess 2.0

In 2004, John and I were already planning to get emacs-chess 2.0 out the door. Well, 10 years have passed, and both of us have forgotten about this wonderful codebase. I am trying to change this. I am in development/maintainance mode for emacs-chess again. John has also promised to find a bit of time to work on a final 2.0 release.

If you are an Emacs user who knows and likes to play Chess, please give emacs-chess a whirl. If you find any problems, please file an Issue on Github, or better yet, send us a Pull Requests.

There is an emacs-chess Debian package which has not been updated in a while. If you want to test the new code, be sure to grab it from GitHub directly. Once we reach a state that at least feels like stable, I am going to update the Debian package of course.

Planet DebianLars Wirzenius: Programming performance art

Thirty years ago I started to learn programming. To celebrate this, I'm doing a bit of programming as a sort of performance art. I will write a new program, from scratch, until it is ready for me to start using it for real. The program won't be finished, but it will be ready for my own production use. It'll be something I have wanted to have for a while, but I'm not saying beforehand what it will be. For me, the end result is interesting; for you, the interesting part is watching me be stupid and make funny mistakes.

The performance starts Friday, 18 April 2014, at 09:00 UTC. I apologise if this is an awkward time for you. No time is good for everyone, so I picked a time that is good for me.

Run the following command to see what the local time will be for you.

date --date '2014-04-18 09:00:00 UTC'

While I write this program, I will broadcast my terminal to the Internet for anyone to see. For instructions, see the http://liw.fi/distix/performance-art/ page.

There will be an IRC channel as well: #distix on the OFTC network (irc.oftc.net). Feel free to join there if you want to provide real time feedback (the laugh track).

TEDOf masks & magic: Uldus Bakhtiozina makes images that poke fun at stereotypes

Stormtrooper: A portrait of a 12-year-old boy who hides his aspirations to be a ballet dancer from his friends.

Stormtrooper: A portrait of a 12-year-old boy who hides his aspirations to be a ballet dancer from his friends. Image: Uldus Bakhtiozina

A 12-year-old boy in a Stormtrooper helmet – and a tutu. A hulking man wearing a pre-Raphaelite collar of Barbie dolls. A bride standing wistfully in a garden, her face obscured by a wrestling mask. Russian photo-based artist Uldus Bakhtiozina’s whimsical and surreal images — which feature models as well as herself — raise an eyebrow at identity, gender and cultural stereotypes with humor and thoughtfulness. Exquisitely detailed and lit like classical paintings, her images reveal a vulnerability in her heavily costumed subjects, offering layers of meaning and emotion. At TED2014, we spoke to Uldus about her work and worldview. Below, an edited transcript of our conversation.

Tell us about yourself and how you got started.

I found my way to photography six years ago. At the time, I was doing my art degree in England. There I was, surrounded with so many stereotypes around my nationality, which made me smile and feel inspired at the same time. That’s why I started with self-portraits: I wanted to lay open those stereotypes and change people’s perceptions.

After I graduated from high school in Russia at 16, I studied politics, but I didn’t finish, because I realized that’s not the thing I want to do. So I moved to London for art school and studied at St Martin’s. My first degree was in graphic design. Afterwards, I did a degree in photography. I worked as a graphic designer, then as an art director, while in the process of evolving as a professional photographer. I tried different disciplines: porcelain sculpture, oil painting, illustrations, mixed media. My exploration of the arts helped me to realize that photography is the best tool to express my ideas. That’s what I do now, and what I want to do for the rest of my life.

How did you stumble on photography after trying other media? And why do you describe yourself as a photo-based artist rather than as a straight photographer?

I don’t think there is a straight photographer in the world. Photography is a tool for sending a message, not just for capturing a moment or for fashion. I describe my way of photography creation as hand-touched within the picture. I stitch costumes, glue backgrounds, draw and even cook sometimes to create the whole composition. I shoot on film, with a Pentax 67-II. This makes the process much longer than digital photography. There it is hand-touched again. I develop prints and scan them again, so the whole process of one image can take up to three months or longer.

 Sadness Never Loneliness: a self-portrait of the artist as a desperate bride, addressing the cultural expectation that every young woman desires marriage. Image: Uldus Bakhtiozina

Sadness Never Loneliness: A self-portrait of the artist as a desperate bride, addressing the cultural expectation that every young woman desires marriage. Image: Uldus Bakhtiozina

Your portraits seem to bring out people’s internal conflicts, and put them out there for all to see. You must get to know people quite well before you take a picture.

Yes. Normally, I meet with my models a lot before I photograph them. We talk, we hang out. I want them to feel warm and relaxed, and to trust me. My last project involved mostly young men. In the Russian mentality, heterosexual guys don’t really like to pose. For them to dress up or be confronted with a camera, it’s kind of doing something girly. To convince them to be my models was an issue. Their occupations are many, but all of them came to my exhibition and brought their friends. I was happy about this, because I could integrate people who are typically so far away from each other’s subcultures — some of them far from the arts field. There were punks, architects, dancers, anarchists, illustrators, graphic designers, hairdressers, old-school skinheads, all mixed together. That was the most amazing thing. I feel that my art should give a smile and positive energy.

Why is that important to you?

We already have so much negativity around us, and I want to balance this. People sometimes create very negative tragedy art — about war, illness, revolution, politics. And while this can motivate people to move toward more positive things, generally, when you open up any social network or news blog, there is bad news, bad news, bad news. I believe in motivation by creating something positive. Negative and positive emotions should be balanced.

I want to give to my audience a little bit of fairytale. I consider my photography something that makes people happier. Like a meditation. I’m happy to hear people say that they can look at my photo work for hours and they feel healed.

Hulk: a portrait of a bouncer, upending Russian social norms dictating that it's only acceptable for a man to be depicted as hyper-masculine.

Hulk: a portrait of a bouncer, upending Russian social norms dictating that it’s only acceptable for a man to be depicted as hyper-masculine. Image: Uldus Bakhtiozina

In your Fellows talk, you showed an image of a man wearing a collar of dolls from your series “Desperate Romantics.” Was he happy with the image?

Oh, yeah. He was so excited that I was showing this image at TED. It’s interesting: he’s a very brutal guy anyway, and everyone knows that the fact that he agreed to pose for the image makes him, in a way, even more brutal—because he’s not afraid to dress up like this. It makes him even more of a man. Some of his friends photograph him because he has such interesting features, and often he takes an aggressive pose. But anyone who knows him in person knows that he’s also very kind and sweet, and will always help you if you have a problem. People would say that he’s philosophical. So those who know him see the photo and say, “Yeah, that’s really Nikita.”

You’ve done a lot of art around the culture of boys and men. What about the culture of girls?

Right now, I’m doing a very feminine project. It’s going to be a book about Russian fairy tales, and Russian princesses — Tsarevnas — in these fairy tales. So these princesses are able to transform into animals at some point in the fairy tale. I stitch the costumes for them.

I want to open the subject of history of Russian fairy tales because they were created before Christianity came to Russia, before religion and church. People believed in the gods of sky, forest and sun. They were very close to nature. This is becoming popular again now in Russia, and in the world in general. People are more appreciative of their connection to nature, to the supernatural — discovering one’s self, using intuition. Russian fairy tales are a metaphor for this.

You often photograph portraits of strangers you meet on your travels. Is it as simple as that, or do you stay in one place and get to know people first?

It happens sometimes. I’ve been working on a project called “Miss Other World,” an ironic series of portraits about the Miss Universe competition, and some of those models are people I met in my travels. I use the word “miss” in terms of “missing something.” Miss Purity feeds herself with fast food, Miss Uniqueness is surrounded with hundreds of identical Buddhas, Miss Relevance sits in a temple, drinking and smoking, Miss Genuine — whom I met in Bali — has clearly had plastic surgery and is wearing plastic jewelry…

Miss Genuine: Part of the "Miss Other World" series. A portrait of a stranger encountered on Uldus's travels.

Miss Genuine: Part of the “Miss Other World” series. A portrait of a stranger encountered on Uldus’s travels. Image: Uldus Bakhtiozina

Wasn’t Miss Genuine offended that you asked her to pose?

No, she wasn’t. It’s just a matter of communication with people. I explain what the project means, what the thought process is behind my work. She sees it as a message. I also pose for this project as Miss Understanding and Miss Purity.

So you make fun of yourself as well.

Yeah, I do — a lot. It’s a part of my social experiment. When people meet me, and I start talking with them, people realize that actually, I’m quite normal. I’m not a freak. Art is my method for exploring the world, and identity, and to notice how people approach and accept things that are different from them. We often see others as we are, not as they are.

And now, I’m in the middle of this social experiment at TED. People come up to me, and I feel that through our conversation their impression about “Uldus” gets transformed up to 180 degrees. It’s interesting how they are entering new levels of understanding and coming to understand the many meanings in my work.

<iframe class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/LRzOmuWyKdc?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Above, watch a video made by Uldus, an extension of her “Miss Other World” series.


TEDNot a bug splat: This massive portrait is a message to drone operators

jr_kpk_fullThis portrait of a girl tells a story larger than the massive piece of vinyl it is printed on. Unfurled in the Khyber Pakhtunkhwa region of Pakistan, “#NotABugSplat” was created by a collection of artists and activists, using TED Prize winner JR’s Inside Out campaign, to send a message to drone operators, who reportedly call their kills “bug splats” because they appear small and grainy on screen. The idea is to “create empathy and introspection amongst drone operators,” explains the project website.

Below, an image JR posted about this Inside Out project via Instagram:

<iframe allowtransparency="true" frameborder="0" height="710" scrolling="no" src="http://instagram.com/p/mfU4TrxBMm/embed/" width="612"></iframe>


TEDWebby Award nominations: Vote for TED, and find hundreds more sites to explore

The 2014 Webby Award nominations were announced this week, and one particular nomination stood out. Because once again, in the Online Film & Video: Variety category, TED is pitted against Kid President. And once again, we’re so conflicted.

If you are too, vote for TED where you can; we’ll understand. Here are all of TED’s nominations in the People’s Voice ballot. Sign in to vote in support of TED.com, TED-Ed or one of the other amazing nominees:

TED.com is nominated in Social: Education & Discovery and in Online Film & Video: Events & Live Webcasts, as well as the hotly contested Online Film & Video: Variety.

Our app is nominated in Mobile & Apps: Education & Reference, and the  iTunes audio podcast series is nominated in Mobile & Apps: Podcasts.

Meanwhile, TED-Ed is up for the Web: Education category.

Voting is open until April 24, and winners will be announced April 29.

Bonus: As you go to each page to cast your vote, scroll down to the “Honorees” listing as well, for even more amazing websites, apps and social campaigns to explore.


Planet Linux AustraliaAndrew Donnellan: Change

Accepting a position on the Graduate Development Program will involve a change in your personal circumstances. For some, it may mean leaving home and relocating, for others, it will be your first full-time role, and for others, it will mean new work and a new team. Please outline what sort of changes you anticipate you will need to consider to commence work.

As much as I hate writing answers to selection criteria, sometimes the questions posed do make me think.


Filed under: Life Tagged: Change, life

Planet DebianRuss Allbery: Accumulated haul

Wow, it's been a while since I've done this. In part because I've not had much time for reading books (which doesn't prevent me from buying them).

Jared Bernstein & Dean Baker — Getting Back to Full Employment (non-fiction)
James Coughtrey — Six Seconds of Moonlight (sff)
Philip J. Davis & Reuben Hersh — The Mathematical Experience (non-fiction)
Debra Dunbar — A Demon Bound (sff)
Andy Duncan & Ellen Klages — Wakulla Springs (sff)
Dave Eggers & Jordan Bass — The Best of McSweeny's (mainstream)
Siri Hustvedt — The Blazing World (mainstream)
Jacqueline Koyanagi — Ascension (sff)
Ann Leckie — Ancillary Justice (sff)
Adam Lee — Dark Heart (sff)
Seanan McGuire — One Salt Sea (sff)
Seanan McGuire — Ashes of Honor (sff)
Seanan McGuire — Chimes at Midnight (sff)
Seanan McGuire — Midnight Blue-Light Special (sff)
Seanan McGuire — Indexing (sff)
Naomi Mitchinson — Travel Light (sff)
Helaine Olen — Pound Foolish (non-fiction)
Richard Powers — Orfeo (mainstream)
Veronica Schanoes — Burning Girls (sff)
Karl Schroeder — Lockstep (sff)
Charles Stross — The Bloodline Feud (sff)
Charles Stross — The Traders' War (sff)
Charles Stross — The Revolution Trade (sff)
Matthew Thomas — We Are Not Ourselves (mainstream)
Kevin Underhill — The Emergency Sasquatch Ordinance (non-fiction)
Jo Walton — What Makes This Book So Great? (non-fiction)

So, yeah. A lot of stuff.

I went ahead and bought nearly all of the novels Seanan McGuire had out that I'd not read yet after realizing that I'm going to eventually read all of them and there's no reason not to just own them. I also bought all of the Stross reissues of the Merchant Princes series, even though I had some of the books individually, since I think it will make it more likely I'll read the whole series this way.

I have so much stuff that I want to read, but I've not really been in the mood for fiction. I'm trying to destress enough to get back in the mood, but in the meantime have mostly been reading non-fiction or really light fluff (as you'll see from my upcoming reviews). Of that long list, Ancillary Justice is getting a lot of press and looks interesting, and Lockstep is a new Schroeder novel. 'Nuff said.

Kevin Underhill is the author of Lowering the Bar, which you should read if you haven't since it's hilarious. I'm obviously looking forward to that.

The relatively obscure mainstream novels here are more Powell's Indiespensible books. I will probably cancel that subscription soon, at least for a while, since I'm just building up a backlog, but that's part of my general effort to read more mainstream fiction. (I was a bit disappointed since there were several months with only one book, but the current month finally came with two books again.)

Now I just need to buckle down and read. And play video games. And do other things that are fun rather than spending all my time trying to destress from work and zoning in front of the TV.

Planet DebianAndrew Pollock: [life] Explaining "special needs"

I got one of those rare opportunities to calibrate Zoe's outlook on people on Friday. I feel pretty happy with the job I did.

Once we arrived at the New Farm Park ferry terminal, the girls wanted to have some morning tea, so we camped out in the terminal to have something to eat. Kim had had packed two poppers (aka "juice boxes") for Sarah so they both got to have one. Nice one, Kim!

Not long after we started morning tea, an older woman with some sort of presumably intellectual disability and her carer arrived to wait for a ferry. I have no idea what the disability was, but it presented as her being unable to speak. She'd repeatedly make a single grunting noise, and held her hands a bit funny, and would repeatedly stand up and walk in a circle, and try to rummage through the rubbish bin next to her. I exchanged a smile with her carer. The girls were a little bit wary of her because she acting strange. Sarah whispered something to me inquiring what was up with her. Zoe asked me to accompany her to the rubbish bin to dispose of her juice box.

I didn't feel like talking about the woman within her earshot, so I waited until they'd boarded their ferry, and we'd left the terminal before talking about the encounter. It also gave me a little bit of time to construct my explanation in my head.

I specifically wanted to avoid phrases like "something wrong" or "not right". For all I knew she could have had cerebral palsy, and had a perfectly good brain trapped inside a malfunctioning body.

So I explained that the woman had "special needs" and that people with special needs have bodies or brains that don't work the same way as us, and so just like little kids, they need an adult carer to take care of them so they don't hurt themselves or get lost. In the case of the woman we'd just seen, she needed a carer to make sure she didn't get lost or rummage through the rubbish bin.

That explanation seemed to go down pretty well, and that was the end of that. Maybe next time such circumstances permit, I'll try striking up a conversation with the carer.

Planet DebianRuss Allbery: Review: Cryptography Engineering

Review: Cryptography Engineering, by Niels Ferguson, et al.

Publisher: Wiley
Copyright: 2010
ISBN: 0-470-47424-6
Format: Kindle
Pages: 384

Subtitled Design Principles and Practical Applications, Cryptography Engineering is intended as an overview and introduction to cryptography for the non-expert. It doesn't dive deeply into the math, although there is still a fairly thorough mathematical introduction to public-key cryptography. Instead, it focuses on the principles, tools, and algorithms that are the most concretely useful to a practitioner who is trying to design secure systems rather than doing theoretical cryptography.

The "et al." in the author summary hides Bruce Schneier and Tadayoshi Kohno, and this book is officially the second edition of Practical Cryptography by Ferguson and Schneier. Schneier's name will be familiar from, among other things, Applied Cryptography, and I'll have more to say later about which of the two books one should read (and the merits of reading both). But one of the immediately-apparent advantages of Cryptography Engineering is that it's recent. Its 2010 publication date means that it recommends AES as a block cipher, discusses MD5 weaknesses, and can discuss and recommend SHA-2. For the reader whose concern with cryptography is primarily "what should I use now for new work," this has huge benefit.

"What should I use for new work" is the primary focus of this book. There is some survey of the field, but that survey is very limited compared to Applied Cryptography and is tightly focused on the algorithms and approaches that one might reasonably propose today. Cryptography Engineering also attempts to provide general principles and simplifying assumptions to steer readers away from trouble. One example, and the guiding principle for much of the book, is that any new system needs at least a 128-bit security level, meaning that any attack will require 2128 steps. This requirement may be overkill in some edge cases, as the authors point out, but when one is not a cryptography expert, accepting lower security by arguments that sound plausible but may not be sound is very risky.

Cryptography Engineering starts with an overview of cryptography, the basic tools of cryptographic analysis, and the issues around designing secure systems and protocols. I like that the authors not only make it clear that security programming is hard but provide a wealth of practical examples of different attack methods and failure modes, a theme they continue throughout the book. From there, the book moves into a general discussion of major cryptographic areas: encryption, authentication, public-key cryptography, digital signatures, PKI, and issues of performance and complexity.

Part two starts the in-depth discussion with chapters on block ciphers, block cipher modes, hash functions, and MACs, which together form part two (message security). The block cipher mode discussion is particularly good and includes algorithms newer than those in Applied Cryptography. This part closes with a walkthrough of constructing a secure channel, in pseudocode, and a chapter on implementation issues. The implementation chapters throughout the book are necessarily more general, but for me they were one of the most useful parts of the book, since they take a step back from the algorithms and look at the perils and pitfalls of using them to do real work.

The third part of the book is on key negotiation and encompasses random numbers, prime numbers, Diffie-Hellman, RSA, a high-level look at cryptographic protocols, and a detailed look at key negotiation. This will probably be the hardest part of the book for a lot of readers, since the introduction to public-key is very heavy on math. The authors feel that's unavoidable to gain any understanding of the security risks and attack methods against public-key. I'm not quite convinced. But it's useful information, if heavy going that requires some devoted attention.

I want to particularly call out the chapter on random numbers, though. This is an often-overlooked area in cryptography, particularly in introductions for the non-expert, and this is the best discussion of pseudo-random number generators I've ever seen. The authors walk through the design of Fortuna as an illustration of the issues and how they can be avoided. I came away with a far better understanding of practical PRNG design than I've ever had (and more sympathy for the annoying OpenSSL ~/.rnd file).

The last substantial part of the book is on key management, starting with a discussion of time and its importance in cryptographic protocols. From there, there's a discussion of central trusted key servers and then a much more comprehensive discussion of PKI, including the problems with revocation, key lifetime, key formats, and keeping keys secure. The concluding chapter of this part is a very useful discussion of key storage, which is broad enough to encompass passwords, biometrics, and secure tokens. This is followed by a short part discussing standards, patents, and experts.

A comparison between this book and Applied Cryptography reveals less attention to the details of cryptographic algorithms (apart from random number generators, where Cryptography Engineering provides considerably more useful information), wide-ranging surveys of algorithms, and underlying mathematics. Cryptography Engineering also makes several interesting narrowing choices, such as skipping stream ciphers almost entirely. Less surprisingly, this book covers only a tiny handful of cryptographic protocols; there's nothing here about zero-knowledge proofs, blind signatures, bit commitment, or even secret sharing, except a few passing mentions. That's realistic: those protocols are often extremely difficult to understand, and the typical security system doesn't use them.

Replacing those topics is considerably more discussion of implementation techniques and pitfalls, including more assistance from the authors on how to choose good cryptographic building blocks and how to combine them into useful systems. This is a difficult topic, as they frequently acknowledge, and a lot of the advice is necessarily fuzzy, but they at least provide an orientation. To get much out of Applied Cryptography, you needed a basic understanding of what cryptography can do and how you want to use it. Cryptography Engineering tries to fill in that gap to the point where any experienced programmer should be able to see what problems cryptography can solve (and which it can't).

That brings me back to the question of which book you should read, and a clear answer: start here, with Cryptography Engineering. It's more recent, which means that the algorithms it discusses are more directly applicable to day-to-day work. The block cipher mode and random number generator chapters are particularly useful, even if, for the latter, one will probably use a standard library. And it takes more firm stands, rather than just surveying. This comes with the risk of general principles that aren't correct in specific situations, but I think for most readers the additional guidance is vital.

That said, I'm still glad I read Applied Cryptography, and I think I would still recommend reading it after this book. The detailed analysis of DES in Applied Cryptography is worth the book by itself, and more generally the survey of algorithms is useful in showing the range of approaches that can be used. And the survey of cryptographic protocols, if very difficult reading, provides tools for implementing (or at least understanding) some of the fancier and more cutting-edge things that one can do with cryptography.

But this is the place to start, and I wholeheartedly recommend Cryptography Engineering to anyone working in computer security. Whether you're writing code, designing systems, or even evaluating products, this is a very useful book to read. It's a comprehensive introduction if you don't know anything about the field, but deep enough that I still got quite a bit of new information from it despite having written security software for years and having already read Applied Cryptography. Highly recommended. I will probably read it from cover to cover a second time when I have some free moments.

Rating: 9 out of 10

Planet DebianRussell Coker: Replacement Credit Cards and Bank Failings

I just read an interesting article by Brian Krebs about the difficulty in replacing credit cards [1].

The main reason that credit cards need to be replaced is that they have a single set of numbers that is used for all transactions. If credit cards were designed properly for modern use (IE since 2000 or so) they would act as a smart-card as the recommended way of payment in store. Currently I have a Mastercard and an Amex card, the Mastercard (issued about a year ago) has no smart-card feature and as Amex is rejected by most stores I’ve never had a chance to use the smart-card part of a credit card. If all American credit cards had a smart card feature which was recommended by store staff then the problems that Brian documents would never have happened, the attacks on Target and other companies would have got very few card numbers and the companies that make cards wouldn’t have a backlog of orders.

If a bank was to buy USB smart-card readers for all their customers then they would be very cheap (the hardware is simple and therefore the unit price would be low if purchasing a few million). As banks are greedy they could make customers pay for the readers and even make a profit on them. Then for online banking at home the user could use a code that’s generated for the transaction in question and thus avoid most forms of online banking fraud – the only possible form of fraud would be to make a $10 payment to a legitimate company become a $1000 payment to a fraudster but that’s a lot more work and a lot less money than other forms of credit card fraud.

A significant portion of all credit card transactions performed over the phone are made from the customer’s home. Of the ones that aren’t made from home a significant portion would be done from a hotel, office, or other place where a smart-card reader might be conveniently used to generate a one-time code for the transaction.

The main remaining problem seems to be the use of raised numbers. Many years ago it used to be common for credit card purchases to involve using some form of “carbon paper” and the raised numbers made an impression on the credit card transfer form. I don’t recall ever using a credit card in that way, I’ve only had credit cards for about 18 years and my memories of the raised numbers on credit cards being used to make an impression on paper only involve watching my parents pay when I was young. It seems likely that someone who likes paying by credit card and does so at small companies might have some recent experience of “carbon paper” payment, but anyone who prefers EFTPOS and cash probably wouldn’t.

If the credit card number (used for phone and Internet transactions in situations where a smart card reader isn’t available) wasn’t raised then it could be changed by posting a sticker with a new number that the customer could apply to their card. The customer wouldn’t even need to wait for the post before their card could be used again as the smart card part would never be invalid. The magnetic stripe on the card could be changed at any bank and there’s no reason why an ATM couldn’t identify a card by it’s smart-card and then write a new magnetic stripe automatically.

These problems aren’t difficult to solve. The amounts of effort and money involved in solving them are tiny compared to the costs of cleaning up the mess from a major breach such as the recent Target one, the main thing that needs to be done to implement my ideas is widespread support of smart-card readers and that seems to have been done already. It seems to me that the main problem is the incompetence of financial institutions. I think the fact that there’s no serious competitor to Paypal is one of the many obvious proofs of the incompetence of financial companies.

The effective operation of banks is essential to the economy and the savings of individuals are guaranteed by the government (so when a bank fails a lot of tax money will be used). It seems to me that we need to have national banks run by governments with the aim of financial security. Even if banks were good at their business (and they obviously aren’t) I don’t think that they can be trusted with it, an organisation that’s “too big to fail” is too big to lack accountability to the citizens.

,

Cory DoctorowMy “Futuristic Tales of the Here and Now” in Vodo’s indie science fiction bundle: comics, movies, novels, and more!


Jamie from Vodo writes, "We've launched Otherworlds, our first indie sci-fi bundle! This pay-what-you-want, crossmedia collection includes the graphic novel collecting Cory's own 'Futuristic Tales of the Here and Now', Jim Munroe's micro-budget sci-fi satire 'Ghosts With Shit Jobs', Robert Venditti's New York Times Bestselling graphic novel 'The Surrogates', and Amber Benson/Adam Busch's alien office farce, 'Drones'. Check out the whole bundle and choose your own price 5% of earnings go to the Electronic Frontier Foundation!"

I love Vodo -- they produce gorgeous, high-quality science fiction shows that are CC licensed; each episode is released once donors have pitched in to pay for it. It's a business-model that lets them make good art based on generosity, trust and working with the Internet, instead of stamping their feet and insisting that it change to suit their needs.

Otherworlds

Planet DebianChris Lamb: My 2014 race schedule

«Swim 2.4 miles! Bike 112 miles! Run 26.2 miles! Brag for the rest of your life...»


Whilst 2013 was based around a "70.3"-distance race, in my second year in triathlon I will be targetting training solely around my first Ironman-distance event.

I chose the Ironman event in Klagenfurt, Austria not only because the location lends a certain tone to the occasion but because the course is suited to my relative strengths within the three disciplines.

Compared to 2013 I've made the following conscious changes to my race scheduling and selection:

  • Fewer races in general to allow for more generous spacing between events, resulting in more training, recovery and life.
  • No sprint-distance triathlons as they do not provide enough enjoyment or suitable training for the IM distance given their logistical outlay.
  • Prefering cycling over running time trials: general performance in triathlon—paradoxically including your run performance—is primarily based around bike fitness.
  • Prefering smaller events over "mass-participation" ones.

Readers unfamiliar with triathlon training may observe that despite my primary race finishing with a marathon-distance run, I am not racing a standalone marathon in preparation. This is a common practice, justified by the run-specific training leading up to the event as well as the long recovery period afterwards compromising your training overall.

For similar reasons, I have also chosen not to race the "70.3" distance event in 2014. Whether to do so is a more contentious issue than whether to run a marathon, but it resolved itself once I could not find an event that was scheduled suitably and I could convince myself that most of the benefits could be achieved through other means.


April 13th

Cambridge Duathlon (link)

Run: 7.5km, bike: 40km, run: 7.5km

May 11th

St Neots Olympic Tri (link)

Swim: 1,500m, bike: 40km, run: 10km

May 17th

ECCA 50-mile cycling time trial (link)

Course: E2/50C

June 1st

Icknield RC 100-mile cycling time trial (link)

Course: F1/100

June 15th

Cambridge Triathlon (link)

Swim: 1,500m, bike: 40km, run: 10km

June 29th

Ironman Austria (link)

Swim 2.4km, bike: 190km, run: 42.2km

Planet DebianChris Lamb: 2014 race schedule

«Swim 2.4 miles! Bike 112 miles! Run 26.2 miles! Brag for the rest of your life...»


In 2013, my training efforts were based around a "70.3"-distance race. In my second year in triathlon I will be targetting my first Ironman-distance event.

After some deliberation I decided on the Ironman event in Klagenfurt, Austria (pictured) not only because the location lends a certain tone to the occasion but because the course is suited to my relative strengths within the three disciplines.

I've made the following conscious changes to my race scheduling and selection this year:

  • Fewer races overall to allow for generous spacing between events, allowing more training, recovery and life.
  • No sprint-distance events as they do not provide enough enjoyment or appropriate training for the IM distance given their logistical outlay.
  • Prefering cycling over running time trials: performance in triathlon—paradoxically including your run performance—is primarily based around bike fitness.
  • Prefering smaller events over "mass-participation" ones.

Readers may observe that despite my primary race finishing with a marathon-distance run, I am not racing a standalone marathon in preparation. This is common practice, justified by the run-specific training leading up to a marathon and the recovery period afterwards compromising training overall.

For similar reasons, I have also chosen not to race a "70.3" distance event in 2014. Whether to do so is a more contentious issue than whether to run a marathon, but it resolved itself once I could not find an event that was suitably scheduled and I could convince myself that most of the benefits could be achieved through other means.


April 13th

Cambridge Duathlon (link)

Run: 7.5km, bike: 40km, run: 7.5km

May 11th

St Neots Olympic Tri (link)

Swim: 1,500m, bike: 40km, run: 10km

May 17th

ECCA 50-mile cycling time trial (link)

50 miles. Course: E2/50C

June 1st

Icknield RC 100-mile cycling time trial (link)

100 miles. Course: F1/100

June 15th

Cambridge Triathlon (link)

Swim: 1,500m, bike: 40km, run: 10km

June 29th

Ironman Austria (link)

Swim 2.4km, bike: 190km, run: 42.2km

Cory DoctorowHomeland audiobook, read by Wil Wheaton, is back on downpour.com


For those of you who missed the audiobook in which Wil Wheaton reads my novel Homeland in the Humble Ebook Bundle, despair no longer! You can buy it DRM-free on the excellent Downpour.com, a site with many DRM-free audio titles.


Homeland (audiobook)

Falkvinge - Pirate PartyMore People Were Paid To Exploit Heartbleed For The NSA Than To Fix It

NSA Seal Holding the Heartbleed Logo

Infrastructure – Zacqary Adam Green: Unsurprisingly, it turns out that the NSA knew about the Heartbleed bug since shortly after it was added to OpenSSL. While thousands of salaried NSA personnel search for bugs like these to exploit, OpenSSL has only four part-time volunteers maintaining it. Of course this was going to happen.

The idea behind open source software is that “given enough eyeballs, all bugs are shallow.” This only works if there actually are enough eyeballs. Code audits can only happen if there are people with the will, expertise, and time to do so. Rusty Foster pointed out the problem with OpenSSL:

The project’s code is more than fifteen years old, and it has a reputation for being dense, as well as difficult to maintain and to improve. Since the bug was revealed, other programmers have had harsh criticisms for what they regard as a mistake that could easily have been avoided.…

Unlike a rusting highway bridge, digital infrastructure does not betray the effects of age. And, unlike roads and bridges, large portions of the software infrastructure of the Internet are built and maintained by volunteers, who get little reward when their code works well but are blamed, and sometimes savagely derided, when it fails. To some degree, this is beginning to change: venture-capital firms have made substantial investments in code-infrastructure projects, like GitHub and the Node Package Manager. But money and support still tend to flow to the newest and sexiest projects, while boring but essential elements like OpenSSL limp along as volunteer efforts.

This point is only compounded by the NSA news. As it turns out, a great deal of funding was going towards meticulously auditing OpenSSL. The problem is that the NSA keeps the results of these audits to themselves. No bugs are fixed. No patches are committed. Critical flaws are kept under wraps so that they can be used to siphon more data and break into more computers.

Never mind the fact that the NSA’s priority is supposed to be the defense of the United States, when critical infrastructure in the US was potentially affected by this bug. If they wanted to call this defense, then the NSA must have been really confident that the classic go-to bogeymen of China, Russia, Iran, or Al Qaeda hadn’t also discovered Heartbleed. Which, of course, they couldn’t be, because Neel Mehta at Google eventually reported it, so it’s not like it was impossible to find without NSA super-wizardry.

But back to the issue at hand: the NSA has, potentially, a small army of security researchers doing all of the code audits that tech companies and the open source community should be doing, and hoarding the benefits for themselves. The Is TrueCrypt Audited Yet? project might as well change its website header from “Not Yet” to “Who Knows?” This is awful. Economically, it’s also unsurprising.

The NSA has an entire budget devoted to doing just this: “$1.6 billion a year on data processing and exploitation, more than a thousand times the annual budget of the OpenSSL project” reports The Verge. Their prime directive is to find bugs, keep them quiet, and exploit them for their own gain (sorry, “national security”). OpenSSL’s volunteers, on the other hand, need jobs to feed their families. As much as they might want to, they don’t have the time to devote the effort needed to make sure their code is rock-solid. And apparently, neither do its users. It took a Google employee two years to discover Heartbleed, despite the fact that they’re a multi-billion dollar corporation that depends on the integrity of things like OpenSSL. Evidently, though, it’s still not cost-effective to have dedicated teams keeping an eye on the code.

My instinct is to just say that this is another infopolicy case for a universal basic income, to free up volunteers who are willing and able to perform these audits from the pressure of having to work another job. While that would certainly help, I admit it’s a bit reductionist. Code audits can be boring, tedious work, and while with 7 billion people in the world I’m sure some of them would be jumping out of the woodwork to proofread thousands of lines of code, I can’t say how many. But the NSA has apparently figured out how to efficiently spot glaring security flaws, so it’s high time the white hats did too.

Planet Linux AustraliaMichael Fox: Ubuntu 12.04.4, TvHeadend and Realtek RTL2832U USB tuner

This week I setup an old Dell Optiplex 755 tower with Ubuntu 12.04.4, TvHeadEnd and Realtek RTL2832U USB tuner to perform some DVB-T recordings. The installation I performed of TvHeadEnd is the exact same one I documented some months back when I used the same USB tuner on a Raspberry Pi. You can read about it here.

The installation was flawless and simple as you’d expect. The system has been running a few days now and capturing what I want. It also allows me to point VLC client on other machines at the system to network stream any of the DVB-T channels the tuner can tune against (also shown in the previous post linked above).

Thinking of buying another tuner to be honest, so I can record from 2 different channels that don’t share the same stream/multiplex id.

CryptogramMore on Heartbleed

This is an update to my earlier post.

Cloudflare is reporting that it's very difficult, if not practically impossible, to steal SSL private keys with this attack.

Here's the good news: after extensive testing on our software stack, we have been unable to successfully use Heartbleed on a vulnerable server to retrieve any private key data. Note that is not the same as saying it is impossible to use Heartbleed to get private keys. We do not yet feel comfortable saying that. However, if it is possible, it is at a minimum very hard. And, we have reason to believe based on the data structures used by OpenSSL and the modified version of NGINX that we use, that it may in fact be impossible.

The reasoning is complicated, and I suggest people read the post. What I have heard from people who actually ran the attack against a various servers is that what you get is a huge variety of cruft, ranging from indecipherable binary to useless log messages to peoples' passwords. The variability is huge.

This xkcd comic is a very good explanation of how the vulnerability works. And this post by Dan Kaminsky is worth reading.

I have a lot to say about the human aspects of this: auditing of open-source code, how the responsible disclosure process worked in this case, the ease with which anyone could weaponize this with just a few lines of script, how we explain vulnerabilities to the public -- and the role that impressive logo played in the process -- and our certificate issuance and revocation process. This may be a massive computer vulnerability, but all of the interesting aspects of it are human.

EDITED TO ADD (4/12): We have one example of someone successfully retrieving an SSL private key using Heartbleed. So it's possible, but it seems to be much harder than we originally thought.

And we have a story where two anonymous sources have claimed that the NSA has been exploiting Heartbleed for two years.

EDITED TO ADD (4/12): Hijacking user sessions with Heartbleed. And a nice essay on the marketing and communications around the vulnerability

EDITED TO ADD (4/13): The US intelligence community has denied prior knowledge of Heatbleed. The statement is word-game free:

NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report. Reports that say otherwise are wrong.

The statement also says:

Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.

Since when is "law enforcement need" included in that decision process? This national security exception to law and process is extending much too far into normal police work.

Another point. According to the original Bloomberg article:

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

Certainly a plausible statement. But if those millions didn't discover something obvious like Heartbleed, shouldn't we investigate them for incompetence?

Finally -- not related to the NSA -- this is good information on which sites are still vulnerable, including historical data.

Chaotic IdealismCats have shorter lifespans.

We're all aware that our cats don't live as long as we usually do, and most of the time we just think of it as something sad.

But lately I've been thinking that there's more to it than the sadness of saying goodbye when a cat is old and you're not.

Cats grow up faster, age faster, live faster than we do. When I first adopted Tiny, he was a gangly street cat, the equivalent of a teenager in human terms, and he didn't trust anyone. I was twenty-three, and I was older than Tiny. I taught him how to trust. I taught him how to deal with his fear of thunderstorms and how to tolerate having his claws clipped. I showed him that the world was interesting, and that it was safe to explore because the world was no longer going to chase him away for being a mangy stray. I taught him that he could ask me for things, and I'd give them to him. Well, mostly. Some things just don't fare well between the inquisitive paws of a cat.

And then Tiny started passing me in age. He started to learn about me, just the way I was learning about him. He learned how to get me out of bed in the morning with gentle pats of the paw. He learned that when I'm overloaded and stuck, he can nudge me out of it. He learned how to lead me, his tail straight up, to his food bowl or his water dish. He even learned how to remind me to do things when I forgot them and he noticed the break in routine. He'll come to me and look at me, then walk away, look back at me, as though saying, "You should be doing something else, not this. Follow me, I'll show you." Or, "You're stuck again, aren't you? Here, human, I'll reset you."

Now Tiny is seven years old, and I am thirty. In cat years, he is older than me, middle-aged, and he is starting to take care of me. When he was young, living with Tiny felt like I was raising a child. Now it feels like living with an older brother. When he's old and grand and wise, I'll still have to look hard in the mirror to find my first wrinkles.

It's not as simple as shorter lifespans, is it? It's like my cat is on a faster timeline than I am. Things just don't take them as long as they take us. A whole lifetime, for a cat, can be fifteen years--and it's just as whole a lifetime as a human's seventy-five.

Geek FeminismFrankly, my dear, I don’t link a spam (11 April 2014)

  • Women do not apply to ‘male-sounding’ job postings | Klaus Becker at Technische Universität München (April 3): “If the advertisement described a large number of traits associated with men, the women found it less appealing and were less inclined to apply. Such traits include ‘assertive’, ‘independent’, ‘aggressive’ and ‘analytical’. Women found words like ‘dedicated’, ‘responsible’, ‘conscientious’ and ‘sociable’ more appealing. For male test subjects, on the other hand, the wording of the job advertisement made no difference.” (Citations follow the press release.)
  • Is the Oculus Rift sexist? (plus response to criticism) | danah boyd at apophenia (April 3): “[M]ilitary researchers had noticed that women seemed to get sick at higher rates in simulators than men. While they seemed to be able to eventually adjust to the simulator, they would then get sick again when switching back into reality. Being an activist and a troublemaker, I walked straight into the office of the head CAVE researcher and declared the CAVE sexist.” Warning: as discussed at the end of the piece, boyd uses some language that trans people have criticised, explaining it as the language of her trans informants.
  • Introducing ‘Sexism Ed’ | Kelly J. Baker at Chronicle Vitae (April 2): “But look: We could lean in until our backs were permanently bent forward and still face discrimination, bias, harassment, and more recently, rescinded job offers… I’ll be writing an occasional column—I’ll call it Sexism Ed—as a way to continue the conversation on sexism and gender discrimination in higher ed.”
  • Creepshots: Microsoft discovers an on-campus peeping tom | Nate Anderson at Ars Technica (April 5): “The Muvi camera [found by a Microsoft vendor employee] contained ‘upskirt’ video footage of women climbing stairs or escalators—or sometimes just standing in checkout lines—and some of it had been shot on Microsoft’s campus.”

Lots of goodness in Model View Culture‘s Funding issue, including:

Check out the whole issue!

Planet DebianWouter Verhelst: Review: John Scalzi: Redshirts

I'm not much of a reader anymore these days (I used to be when I was a young teenager), but I still do tend to like reading something every once in a while. When I do, I generally prefer books that can be read front to cover in one go—because that allows me to immerse myself into the book so much more.

John Scalzi's book is... interesting. It talks about a bunch of junior officers on a starship of the "Dub U" (short for "Universal Union"), which flies off into the galaxy to Do Things. This invariably involves away missions, and on these away missions invariably people die. The title is pretty much a dead giveaway; but in case you didn't guess, it's mainly the junior officers who die.

What I particularly liked about this book is that after the story pretty much wraps up, Scalzi doesn't actually let it end there. First there's a bit of a tie-in that has the book end up talking about itself; after that, there are three epilogues in which the author considers what this story would do to some of its smaller characters.

All in all, a good read, and something I would not hesitate to recommend.

Planet DebianIan Campbell: qcontrol 0.5.3

Update: Closely followed by 0.5.4 to fix an embarassing brown paper bag bug:

  • Correct argument handling for system-status command

Get it from gitorious or http://www.hellion.org.uk/qcontrol/releases/0.5.4/.

I've just released qcontrol 0.5.3. Changes since the last release:

  • Reduce spaminess of temperature control (Debian bug #727150).
  • Support for enabling/disabling RTC on ts219 and ts41x. Patch from Michael Stapelberg (Debian bug #732768).
  • Support for Synology Diskstation and Rackstation NASes. Patch from Ben Peddell.
  • Return correct result from direct command invocation (Debian bug #617439).
  • Fix ts41x LCD detection.
  • Improved command line argument parsing.
  • Lots of internal refactoring and cleanups.

Get it from gitorious or http://www.hellion.org.uk/qcontrol/releases/0.5.3/.

The Debian package will be uploaded shortly.

Planet DebianSteve Kemp: Putting the finishing touches to a nodejs library

For the past few years I've been running a simple service to block blog/comment-spam, which is (currently) implemented as a simple JSON API over HTTP, with a minimal core and all the logic in a series of plugins.

One obvious thing I wasn't doing until today was paying attention to the anchor-text used in hyperlinks, for example:

  <a href="http://fdsf.example.com/">buy viagra</a>

Blocking on the anchor-text is less prone to false positives than blocking on keywords in the comment/message bodies.

Unfortunately there seem to exist no simple nodejs modules for extracting all the links, and associated anchors, from a random Javascript string. So I had to write such a module, but .. given how small it is there seems little point in sharing it. So I guess this is one of the reasons why there often large gaps in the module ecosystem.

(Equally some modules are essentially applications; great that the authors shared, but virtually unusable, unless you 100% match their problem domain.)

I've written about this before when I had to construct, and publish, my own cidr-matching module.

Anyway expect an upload soon, currently I "parse" HTML and BBCode. Possibly markdown to follow, since I have an interest in markdown.

Sociological ImagesFrom Pale To Pumped With Racial Stereotypes

Flashback Friday.

If whiteness is the neutral category — meaning that people of color are commonly understood to be raced while white people are not — then to be non-white is to be different in some way. The “bad” difference is the deviant (for example, the “welfare queen,” the “thug”), while the “good” difference is the exotic, the interesting, the hip, the cool… the hot or spicy.  Whiteness, in contrast, is boring, bland, or “vanilla.”

This two-page advertisement for Crystal Light beautifully illustrates these cultural ideas.  Notice the way the ad goes from black-and-white to color, from a white model to a model of color (but not too dark-skinned), from straight to curly (but not too curly) hair, from a rather plain dress to one that looks vaguely ethnic, and from awkward standing to dancing (of course).  In the ad, whiteness is, quite literally, bland and being of color is framed as more flavorful.

1 (2) - Copy

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet Linux AustraliaPaul Wayper: Sitting at the feet of the Miller

Today I woke nearly an hour earlier than I'm used to, and got on a plane at a barely undignified hour, to travel for over three hours to visit a good friend of mine, Peter Miller, in Gosford.

Peter may be known to my readers, so I won't be otiose in describing him merely as a programmer with great experience who's worked in the Open Source community for decades. For the last couple of years he's been battling Leukaemia, a fight which has taken its toll - not only on him physically and on his work but also on his coding output. It's a telling point for all good coders to consider that he wrote tests on his good days - so that when he was feeling barely up to it but still wanted to do some coding he could write something that could be verified as correct.

I arrived while he was getting a blood transfusion at a local hospital, and we had spent a pleasurable hour talking about good coding practices, why people don't care about how things work any more, how fascinating things that work are (ever seen inside a triple lay-shaft synchronous mesh gearbox?), how to deal with frustration and bad times, how inventions often build on one another and analogies to the open source movement, and many other topics. Once done, we went back to his place where I cooked him some toasted sandwiches and we talked about fiction, the elements of a good mystery, what we do to plan for the future, how to fix the health care system (even though it's nowhere near as broken as, say, the USA), dealing with road accidents and fear, why you can never have too much bacon, what makes a good Linux Conference, and many other things.

Finally, we got around to talking about code. I wanted to ask him about a project I've talked about before - a new library for working with files that allows the application to insert, overwrite, and delete any amount of data anywhere in the file without having to read the entire file into memory, massage it, and write it back out again. Happily for me this turned out to be something that Peter had also given thought to, apropos of talking with Andrew Cowie about text editors (which was one of my many applications for such a system). He'd also independently worked out that such a system would also allow a fairly neat and comprehensive undo and versioning system, which was something I thought would be possible - although we differed on the implementation details, I felt like I was on the right track.

We discussed how such a system would minimise on-disk reads and writes, how it could offer transparent, randomly seekable, per-block compression, how to recover from partial file corruption, and what kind of API it should offer. Then Peter's son arrived and we talked a bit about his recently completed psychology degree, why psychologists are treated the same way that scientists and programmers are at parties (i.e. like a form of social death), and how useful it is to consider human beings as individual when trying to help them. Then it was time for my train back to Sydney and on to Canberra and home.

Computing is famous, or denigrated, as an industry full of introverts, who would rather hack on code than interact with humans. Yet many of us are extroverts who don't really enjoy this mould we are forced into. We want to talk with other people - especially about code! For an extrovert like myself, having a chance to spend time with someone knowledgeable, funny, human, and sympathetic is to see sun again after long days of rain. I'm fired up to continue work on something that I thought was only an idle, personal fantasy unwanted by others.

I can only hope it means as much to Peter as it does to me.

CryptogramPolice Disabling Their Own Voice Recorders

This is not a surprise:

The Los Angeles Police Commission is investigating how half of the recording antennas in the Southeast Division went missing, seemingly as a way to evade new self-monitoring procedures that the Los Angeles Police Department imposed last year.

The antennas, which are mounted onto individual patrol cars, receive recorded audio captured from an officer’s belt-worn transmitter. The transmitter is designed to capture an officer’s voice and transmit the recording to the car itself for storage. The voice recorders are part of a video camera system that is mounted in a front-facing camera on the patrol car. Both elements are activated any time the car’s emergency lights and sirens are turned on, but they can also be activated manually.

According to the Los Angeles Times, an LAPD investigation determined that around half of the 80 patrol cars in one South LA division were missing antennas as of last summer, and an additional 10 antennas were unaccounted for.

Surveillance of power is one of the most important ways to ensure that power does not abuse its status. But, of course, power does not like to be watched.

Worse Than FailureError'd: Visit Scenic NON-STATIC METHOD

"I was hoping to take a trip to Hong Kong, but NON-STATIC METHOD seems to be a good value," writes Ryan.

 

"I had a feeling that this new laptop might run hot," Kelly L. wrote, "but I wasn't expecting it to be quite this hot!"

 

"Wow! My build went so fast that it's running in the 19th century!" Eric writes.

 

"Lorem ipsum dolar sit amet,"Casey writes, "consectetur adipiscing elit. Pellentesque pharetra ligula sit: http://www.samsclub.com/sams/shoppingtools/invitation/invitationToJoin.jsp."

 

Rich writes, "It seems Skype couldn't handle the future and reverted to Win3.1-style erroring (in Windows 7)."

 

"It seems that Bugzilla is very picky about the max size of an upload," Chris D. writes.

 

Denise writes, "Though my password passes their requirements and is rated 'very strong', it's still too simple for National Geographic's unwritten high standards."

 

"One of my favorite video blogs, Table Top, hosted by Wil Wheaton uploads a new episode every Thursday," Andy G. writes, "I might skip this one though. This week's game and guests seem to be a little...boring."

 

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Planet DebianLars Wirzenius: Applying the Doctorow method to coding

When you have a big goal, do at least a little of it every day. Cory Doctorow writes books and stuff, and writes for at least twenty minutes every day. I write computer software, primarily Obnam, my backup program, and recently wrote the first rough draft of a manual for it, by writing at least a little every day. In about two months I got from nothng to something that is already useful to people.

I am now applying this to coding as well. Software development is famously an occupation that happens mostly in one's brain and where being in hack mode is crucial. Getting into hack mode takes time and a suitable, distraction-free environment.

I have found, however, that there are a lot of small, quick tasks that do not require a lot of concentration. Fixing wordings of error messages, making small, mechanical refactorings, confirming bugs by reproducing them and writing test cases to reproduce them, etc. I have foubd that if I've prepared for and planned such tasks properly, in the GTD planning phase, I can do such tasks even on trains and traun stations.

This is important. I commute to work and if I can spend the time I wait for a train, or on the train, productively, I can significant, real progress. But to achieve this I really do have to do the preparation beforehand. Th 9:46 train to work is much too noisy to do any real thinking in.

Planet Linux AustraliaColin Charles: Korean MySQL Power User Group

If you are a MySQL power user in Korea, its well worth joining the Korean MySQL Power User Group. This is a group led by senior DBAs at many Korean companies. From what I gather, there is experience there using MySQL, MariaDB, Percona Server and Galera Cluster (many on various 5.5, some on 5.6, and quite a few testing 10.0). No one is using WebScaleSQL (yet?). The discussion group is rather active, and I’ve got a profile there (I get questions translated for me).

BBQ starters for tonight's DBA dinner in SeoulThis is just a natural evolution of the DBA Dinners that were held once every quarter. Organised by OSS Korea, and sometimes funded by SkySQL, people would eat & drink, while hearing a short message about updates in the MySQL world (usually by me, but we’ve had special guests like Werner Vogels, CTO Amazon; recently we’ve seen appearances by Monty, Patrik Sallner, Michael Carney where mostly all we do then is eat & drink).

So from meetups to getting information online, in a quick fashion. Much hunger for open source in Korea, very smart people working there on services feeding the population (where some even make it outside of the local market). The future of open source in Korea is definitely very bright.

Related posts:

  1. Book in Korean: Real MariaDB
  2. Change in Affiliation
  3. The MySQL Mugshot Group

Planet DebianJoey Hess: propellor introspection for DNS

In just released Propellor 0.3.0, I've improved improved Propellor's config file DSL significantly. Now properties can set attributes of a host, that can be looked up by its other properties, using a Reader monad.

This saves needing to repeat yourself:

hosts = [ host "orca.kitenet.net"
        & stdSourcesList Unstable
        & Hostname.sane -- uses hostname from above

And it simplifies docker setup, with no longer a need to differentiate between properties that configure docker vs properties of the container:

 -- A generic webserver in a Docker container.
    , Docker.container "webserver" "joeyh/debian-unstable"
        & Docker.publish "80:80"
        & Docker.volume "/var/www:/var/www"
        & Apt.serviceInstalledRunning "apache2"

But the really useful thing is, it allows automating DNS zone file creation, using attributes of hosts that are set and used alongside their other properties:

hosts =
    [ host "clam.kitenet.net"
        & ipv4 "10.1.1.1"

        & cname "openid.kitenet.net"
        & Docker.docked hosts "openid-provider"

        & cname "ancient.kitenet.net"
        & Docker.docked hosts "ancient-kitenet"
    , host "diatom.kitenet.net"
        & Dns.primary "kitenet.net" hosts
    ]

Notice that hosts is passed into Dns.primary, inside the definition of hosts! Tying the knot like this is a fun haskell laziness trick. :)

Now I just need to write a little function to look over the hosts and generate a zone file from their hostname, cname, and address attributes:

extractZoneFile :: Domain -> [Host] -> ZoneFile
extractZoneFile = gen . map hostAttr
  where gen = -- TODO

The eventual plan is that the cname property won't be defined as a property of the host, but of the container running inside it. Then I'll be able to cut-n-paste move docker containers between hosts, or duplicate the same container onto several hosts to deal with load, and propellor will provision them, and update the zone file appropriately.


Also, Chris Webber had suggested that Propellor be able to separate values from properties, so that eg, a web wizard could configure the values easily. I think this gets it much of the way there. All that's left to do is two easy functions:

overrideAttrsFromJSON :: Host -> JSON -> Host

exportJSONAttrs :: Host -> JSON

With these, propellor's configuration could be adjusted at run time using JSON from a file or other source. For example, here's a containerized webserver that publishes a directory from the external host, as configured by JSON that it exports:

demo :: Host
demo = Docker.container "webserver" "joeyh/debian-unstable"
    & Docker.publish "80:80"
    & dir_to_publish "/home/mywebsite" -- dummy default
    & Docker.volume (getAttr dir_to_publish ++":/var/www")
    & Apt.serviceInstalledRunning "apache2"

main = do
    json <- readJSON "my.json"
    let demo' = overrideAttrsFromJSON demo
    writeJSON "my.json" (exportJSONAttrs demo')
    defaultMain [demo']

Planet DebianAndrew Pollock: [life] Day 73: A fourth-generation friendship

Oh man, am I exhausted.

I've known my friend Kim for longer than we remembered. Until Zoe was born, I thought the connection was purely that our grandmothers knew each other. After Zoe was born, and we gave her my birth mother's name as her middle name, Kim's mother sent me a message indicating that she knew my mother. More on that in a moment.

Kim and I must have interacted when we were small, because it predates my memory of her. My earliest memories are of being a pen pal with her when she lived in Kingaroy. She had a stint in South Carolina, and then in my late high school years, she moved relatively close to me, at Albany Creek, and we got to have a small amount of actual physical contact.

Then I moved to Canberra, and she moved to Melbourne, and it was only due to the wonders of Facebook that we reconnected while I was in the US.

Fast forward many years, and we're finally all back in Brisbane again. Kim is married and has a daughter named Sarah who is a couple of years older than Zoe, and could actually pass of as her older sister. She also has as a younger son. Since we've been back in Brisbane, we've had many a play date at each other's homes, and the girls get along famously, to the point where Sarah was talking about her "best friend Zoe" at show and tell at school.

The other thing I learned since reconnecting with Kim in the past year, is that Kim's aunt and my mother were in the same grade at school. Kim actually arranged for me to have a coffee with her aunt when she was visiting from Canberra, and she told me a bunch of stuff about my Mum that I didn't know, so that was really nice.

Kim works from home part time, and I offered to look after Sarah for a day in the school holidays as an alternative to her having to go to PCYC holiday care. Today was that day.

I picked up Zoe from Sarah this morning, as it was roughly in the same direction as Kim's place, and made more sense, and we headed over to Kim's place to pick up Sarah. We arrived only a couple of minutes later than the preferred pick up time, so I was pretty happy with how that worked out.

The plan was to bring Sarah back to our place, and then head over to New Farm Park on the CityCat and have a picnic lunch and a play in the rather fantastic playground in the park over there.

I hadn't made Zoe's lunch prior to leaving the house, so after we got back home again, I let the girls have a play while I made Zoe's lunch. After some play with Marble Run, the girls started doing some craft activity all on their own on the balcony. It was cute watching them try to copy what each other were making. One of them tried gluing two paper cups together by the narrow end. It didn't work terribly well because there wasn't a lot of surface to come into contact with each other.

I helped the girls with their craft activity briefly, and then we left on foot to walk to the CityCat terminal. Along the way, I picked up some lunch for myself at the Hawthorne Garage and added it to the small Esky I was carrying with Zoe's lunchbox in it. It was a beautiful day for a picnic. It was warm and clear. I think Sarah found the walk a bit long, but we made it to the ferry terminal relatively incident free. We got lucky, and a ferry was just arriving, and as it happened, they had to change boats, as they do from time to time at Hawthorne, so we would have had plenty of time regardless, as everyone had to get off one boat and onto a new one.

We had a late morning tea at the New Farm Park ferry terminal after we got off, and then headed over to the playground. I claimed a shady spot with our picnic blanket and the girls did their thing.

I alternated between closely shadowing them around the playground and letting them run off on their own. Fortunately they stuck together, so that made keeping track of them slightly easier.

For whatever reason, Zoe was in a bit of a grumpier mood than normal today, and wasn't taking too kindly to the amount of turn taking that was necessary to have a smoothly oiled operation. Sarah (justifiably) got a bit whiny when she didn't get an equitable amount of time getting the call the shots on what the they did, but aside from that they got along fine.

There was another great climbing tree, which had kids hanging off it all over the place. Both girls wanted to climb it, but needed a little bit of help getting started. Sarah lost her nerve before Zoe did, but even Zoe was a surprisingly trepidatious about it, and after shimmying a short distance along a good (but high) branch, wanted to get down.

The other popular activity was a particularly large rope "spider web" climbing frame, which Sarah was very adept at scaling. It was a tad too big for Zoe to manage though, and she couldn't keep up, which frustrated her quite a bit. I was particularly proud of how many times she returned to it to try again, though.

We had our lunch, a little more play time, and the obligatory ice cream. I'd contemplated catching the CityCat further up-river to Sydney Street to then catching the free CityHopper ferry, but the thought of then trying to get two very tired girls to walk from the Hawthorne ferry terminal back home didn't really appeal to me all that much, so I decided to just head back home.

That ended up being a pretty good call, because as it was, trying to get the two of them back home was like herding cats. Sarah was fine, but Zoe was really dragging the chain and getting particularly grumpy. I had to deploy every positive parenting trick that I currently have in my book to keep Zoe moving, but we got there eventually. Fortunately we didn't have any particularly deadline.

The girls did some more playing at home while I collapsed on the couch for a bit, and then wanted to do some more craft. We made a couple of crowns and hot-glued lots of bling onto them.

We drove back to Kim's place after that, and the girls played some more there. Sarah nearly nodded off on the way home. Zoe was surprisingly chipper. The dynamic changed completely once we were back at Sarah's house. Zoe seemed fine to take Sarah's direction on everything, so I wonder how much of things in the morning were territorial, and Sarah wasn't used to Zoe calling the shots when she was at Zoe's place.

Kim invited us to stay for dinner. I wasn't really feeling like cooking, and the girls were having a good time, so I decided to stay for dinner, and after they had a bath together we headed home. Zoe stayed awake all the way home, and went to bed without any fuss.

It's pretty hot tonight, and I'm trialling Zoe sleeping without white noise, so we'll see how tonight pans out.

Kelvin ThomsonHANDS OFF AGE PENSIONERS

Before the election the Liberal Party promised it would not attack age pensions in any shape or form. There would be no surprises and no lame excuses, it said.<o:p></o:p>
The Liberal Government must now stop undermining support for the age pension, and rule out any attacks on the pension in the forthcoming Budget. Age pensioners are not living the high life.  I have come across age pensioners freezing in winter because they cannot afford the cost of heating.<o:p></o:p>
Nor should they have the value of their own homes included in the assets test. Many pensioners in my electorate built homes in working class suburbs like Brunswick, Coburg and Pascoe Vale in the 1950s and 60s. These properties are much more fashionable as a result of population-growth rises in property values, but these pensioners are not “better off” – they are merely living in the house they’re always lived in, and all they ask is to be allowed to keep living there – a perfectly reasonable desire.<o:p></o:p>
The baby boomer generation has already fitted up age pensioners with the GST and utility prices rising much faster than the rate of inflation. By all means let us balance the books, but the Liberal Party could save many billions of dollars in the coming decade by<o:p></o:p>
Not introducing its extravagant the Paid Parental Leave (saving $3 billion per annum).<o:p></o:p>
Not increasing defence spending to the plucked out of the air figure of 2% of GDP within a decade (which would see the current $26.5 billion per annum rise to $50 billion!).<o:p></o:p>
Not building the East-West Freeway through Melbourne’s Royal Park ($1.5 billion and rising).<o:p></o:p>
Not getting rid of the price on carbon (this would save $4-5 billion per annum, according to Dr Ross Garnaut).<o:p></o:p>
If they still need money, they should cut back on some of the family payments which were introduced by the Howard Government when the money was flowing in from the resources boom. If there is a genuine argument that we need to tighten our belts because money from the resources boom is no longer coming in, that is where the belt tightening should occur.

Planet DebianDirk Eddelbuettel: RcppCNPy 0.2.3

R 3.1.0 came out today. Among the (impressive and long as usual) list of changes is the added ability to specify CXX_STD = CXX11 in order to get C++11 (or the best available subset on older compilers). This brings a number of changes and opportunities which are frankly too numerous to be discussed in this short post. But it also permits us, at long last, to use long long integer types.

For RcppCNPy, this means that we can finally cover NumPy integer data (along with the double precision we had from the start) on all platforms. Python encodes these as an int64, and that type was unavailable (at least in 32-bit OSs) until we got long long made available to us by R. So today I made the change to depend on R 3.1.0, and select C++11 which allowed us to free the code from a number if #ifdef tests. This all worked out swimmingly and the new package has already been rebuilt for Windows.

I also updated the vignette, and refreshed its look and feel. Full changes are listed below.

Changes in version 0.2.3 (2014-04-10)

  • src/Makevars now sets CXX_STD = CXX11 which also provides the long long type on all platforms, so integer file support is no longer conditional.

  • Consequently, code conditional on RCPP_HAS_LONG_LONG_TYPES has been simplified and is no longer conditional.

  • The package now depends on R 3.1.0 or later to allow this.

  • The vignette has been updated and refreshed to reflect this.

CRANberries also provides a diffstat report for the latest release. As always, feedback is welcome and the rcpp-devel mailing list off the R-Forge page for Rcpp is the best place to start a discussion.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

,

LongNowThe Artangel Longplayer Letters: Esther Dyson writes to Carne Ross

dysonIn November, Long Now co-founder Stewart Brand wrote a letter to Long Now board member Esther Dyson as part of the Artangel Longplayer Letters series. The series is a relay-style correspondence: The first letter was written by Brian Eno to Taleb. Taleb then wrote to Stewart Brand, and Stewart wrote to Esther Dyson. Esther’s response is now addressed to Carne Ross, who will respond with a letter to a recipient of his choosing.

The discussion thus far has focused on how humanity can increase technological capacity to meet real global needs without incurring catastrophic unintended consequences. You can find the previous correspondences here.


Dear Carne,

Through a telescope, darkly.

I’ve been reading Stewart’s letter about science and technology and the long-term, but the thing that concerns me more – and that you, Carne, understand – is how society can work collectively to make long-term decisions in the first place. There are big issues that we need to address, but first we need to find the wisdom to address them together.

Right now, we are getting better and better at manipulating the world with finer and finer precision towards local optima, sacrificing longer-term gains we may discount or be unaware of. We think in examples rather than in statistics. We are intrigued by stories and narratives rather than structures and dynamics. We study techniques of manipulation to acquire power rather than to produce empowerment. The Internet lets us see the whole world across distances with greater precision, but – like a telescope – with a smaller field of vision.

How can we think and then act long-term ?

Government

In the last few months, we’ve seen a variety of big-deal political moves: revolutions (Ukraine), reversions to authoritarianism and censorship (Turkey), revolutionary backsliding (Egypt), civil war (Syria) and a variety of conflicts so messy they don’t have recognizable descriptions.

When things get too bad, there is a revolution or some kind of power change at the top, but neither generally does much good. Often the new leaders negotiate with the ousted incumbents for ruling roles, bargaining among themselves over the spoils, while the people who supposedly chose them to lead have little say in the process. The people have enough power to get rid of the old guys, but they don’t have the institutional capacity to head the government or to take over its body, its administrative institutions.

As Martin Wolf says in the Financial Times, liberal democracies need responsible citizens, disinterested guardians, open markets and just laws. But beyond that, they need to deliver effective services. They must provide schools, infrastructure (this now includes broadband internet), courts, police, garbage collection, health care and street lights. These bureaucracies work more or less, even though they are often corrupt, but you can’t clean them up and replace them from the center as easily as you can trade power from one autocrat to another. Indeed, in most places I see little hope of good, long-term-focused government emerging from within federal governments and national parties, which are too big, too ponderous and increasingly too distant from the daily lives of most people. National governments are not fertile ground for effective governance, nor are they close enough to the people to deliver services effectively.

Scale and Scalability

By contrast, cities are beginning to take on more of the task of delivering services that matter and are becoming increasingly accountable to their residents. They cannot fulfill all the functions of a central government, but perhaps cities can show us the way. It is in cities that a new set of trained, uncorrupted politicians and public servants can emerge, under the closer watch of each city’s residents.[1] Like entrepreneurs, cities can innovate, in a way that central governments (and large businesses) cannot.

I see lots of interesting initiatives being taken by cities and their mayors, who often don’t follow national party lines or interests: from former Mayor Bloomberg in New York City, trying to improve the city’s eating habits; to London’s congestion zones which charge fees for cars entering the city to Stockholm’s toll bridges (where polls taken before the toll was imposed showed a majority against the change, but I heard of one poll taken after the change reporting that a majority had supported the change from the start!).

There’s also a new interest in cities among good-government advocates, philanthropies and other long-term actors. From economist Paul Romer, with his Charter Cities project to the New Cities Foundation; from CodeforAmerica to CityMart and Urban.us, two online marketplaces for city services; from Michael Bloomberg to Ken Livingstone, practical idealists are focusing on building city governments rather than overthrowing national ones. When some future revolution comes, perhaps these city governments will scale up and create the systems that can both govern and deliver on a national scale.

Cities can make rules that would be intrusive if imposed by a national government, such as building codes, control of the provision and pricing of internet bandwidth, requirements for posting nutritional information and the like. Because people are free to move from city to city in a way that they may not be able to move from country to country, both legally and practically, cities are constrained by competitive forces that do not apply to national governments.

At the same time, locally or nationally, government activities and the behavior of government officials are both becoming increasingly visible with much help from the internet and social media. While national-scale data may seem irrelevant to many people, local data are endlessly fascinating, whether these relate to how much some politician paid for a particular piece of real estate – and amazingly, it just happens to be near a new transport hub – or the relative test scores of five local schools.

Whether longtime residents or a new generation of CodeforAmerica techies, city voters can check their phones to find out when the next bus will arrive and they can check a website to find out how many buses are late each month. They can pay for their monthly transit pass with a credit card, and they usuallly pay less than people from out of town who buy just one ticket at a time. They can find out what percentage of their neighbors consume more or less electricity than they do, and they can compare this year’s statistics with last year’s.

Transparency at this level is more meaningful than either national statistics or neighborhood gossip. It gives people the ability to see the present in context, both in the local context of one’s neighbors and also the larger context of the wider world. Ideally, it also gives them the ability to see the present in the context of the past and of the future.

Data that you can change – by how you behave or vote or agitate – may have more meaning yet. The moment people feel they have a finger on the scale – not the scale of justice, but the one that measures out the benefits they receive – they will take more interest.

With luck, people will develop a taste for government that is transparently responsive rather than corruption-driven. Civil servants will grow to become customer-driven, just as businesses are. That still leaves the challenge of getting those citizens to think long-term: to demand good schools rather than lower taxes, to favor public transit over parking lots.

In fact, it’s all about interactions of scale: The world has become overwhelmingly large while the data are becoming increasingly fine-grained. When the data are relevant, they make more sense to people. When the data are local, people see something that they could influence. But people also need to add the fourth dimension: If you can measure short-term performance too precisely, you may forget about long-term impacts.

The Way to Wellville: Health as an Example

As it happens, I’m using cities – or small towns, anyway – in a crazily ambitious experiment to get people to think and act long-term for the sake of their own health. After much thinking on how to encourage people to think long-term – which of course they all know they should do – I concluded that the best way to change the time scale of people’s thinking about their own health was to show the impact of health-producing measures. Ideally the data can work both as evidence, guiding society in the infrastructure and perhaps even regulations it creates, and also as inspiration to individuals struggling to resist temptations.

The basic mechanism is a contest, called The Way to Wellville and loosely modeled on the X Prize, of five places, with five metrics, over five years. It’s a cheesy publicity-seeking stunt designed for our short-attention culture, but with underlying long-term premises. The metrics on which the communities will compete include both ‘health’ measures such as health-care costs per capita, transitions to diabetes, measures of dental and mental health, and the impacts of health, such as high-school graduation rates and absenteeism.

The way to change, we believe, is not just with things like quantified-self tools, which let you examine your own health and activity levels, but with something closer to ‘quantified community’, examining and changing the role that a community plays in its members’ health. The contest, The Way to Wellville, will get the five communities to compete to improve their own health. We’re not telling them what to do; we’re just supplying a goal and managing the measurement process. We’ll help the communities track themselves – and their competitors – to see the impact of each community’s collective behavior.

Five years may sound pathetic in terms of long-term thinking, but it’s longer than the span most health-insurance companies use in their calculations, and my hope is that the improvements visible after a mere five years will encourage people to recognize the value of long-term thinking about health and therefore to think longer still.

It turns out that community affordances have a huge impact on individual outcomes, but until now most of that hasn’t been visible to the naked eye. Studies show that walking to a bus makes people healthier than driving a car, that children whose parents are afraid of crime tend to stay inside and get obese, that people who live in polluted areas get respiratory diseases or even cancer, and of course that people who live in ‘food swamps’ (with bad food, as opposed to ‘food deserts’ with no food) tend to be unhealthier in the long-term. Indeed, their medical care over time will cost more than good food would have cost in the first place.

On one of our field trips to Niagara Falls, we discovered that the smoking rate there is thirty-seven percent versus a United States average of around eighteen percent. Why? Because there’s a Native American casino nearby that benefits from a federal US tax exemption that allows them to sell cigarettes tax-free: A national policy that has horrible consequences locally! It proves, for better or worse, how closely behavior is connected with incentives.

Manipulation

As I noted, one of the big problems of the current age is our collective ability to manipulate people. I am not referring just to politicians: Advertisers and food manufacturers can influence our tastes and even use our body chemistry, evolved though millennia of shortages, to like foods that are not good for us in their present abundance. The fitness landscape has changed, and we are all stuck in local optima, consuming more than enough to survive in the short term and reducing our health prospects in the long-term.

Thinking long-term, we can understand how we’re manipulated. Thinking collectively, the people in the Wellville communities can decide to manipulate themselves positively rather than negatively.

This is not a process of surreptitiously manipulating people into healthy behavior, but instead doing so openly and with those people’s active engagement. Just as a dieter is advised to remove unhealthy foods from their house, we want people to remove unhealthy foods from their communities or at least to put them on the virtual top shelf, and to support and benefit from subsidies on the good stuff.

That means changing the food supply to make healthy food a default rather than a difficult choice. We’re not crazy enough to talk about taxing sugar, for example, but rather about subsidizing healthy food, spending on refrigeration rather than chemical preservatives, and so forth.

So, in practical terms, how am I hoping to get people to think and to act long-term without manipulating them?

Children are key. Most of us can probably agree that it’s okay to constrain what children eat and to educate them; that’s not an undue abridgement of their freedom. So many of Wellville’s suggested tactics – to be selected and implemented by the communities themselves, not by us – will start with children. School lunches will be healthy, and they’ll be supplemented by classes in nutrition and cooking and agriculture.

To be sure, there will be arguments over what is healthy and what those constraints should be. Different communities will probably impose different constraints, either communitywide or with subsets of people trying different diets or levels of exercise.

That’s okay: We know some of what works, but we don’t know the details. Learning is a major purpose of Wellville: to take the risks and time to find out what works in the real world so that in the future people can make better-informed choices. For example, not Does such-and-such a diet work? But, also, Can a normal group of people actually stick to such-and-such a diet? It may be that changing the timing of food consumption – the breakfast like a king, lunch like a prince, dinner like a pauper approach – matters more than meticulous calorie counting, and is easier to do, especially if your neighbors do it with you. Let’s find out!

And finally, there’s education. Not brainwashing, education! My favorite idea is the mouse house: Every first-grade class should have its own set of four mice, kept separately. Two get a running wheel, and the other two are sedentary. Of each pair, one gets a healthy diet, while the other eats cookies, ice cream and hot dogs. The class gets to feed them and watch what happens to them. Of course, they’ll be reporting all this to their older siblings and their parents.

Fortunately for first graders, less so for mice, mice are not as long-term as people, so the effects should be visible in a couple of months. After, say, two months, the children can vote to ‘rescue’ the mice from mistreatment. Or if we get lucky, they’ll be sued by People for Ethical Treatment of Animals!

Wellville, in short, is not a thought exercise. It’s a practical, real-world attempt to make long-term impacts visible, both to television viewers and to data scientists.

Long-term thinking and collective action are two sides of the same coin. Each moves from the constrained center to a broader view of the impact of one’s behavior, on oneself over time, or on other people whom one can encompass in a broader sense of self.

Carne, can you help us spread Wellville outside the US? We’d love to see it copied worldwide, but long-term thinking starts at home.

 

Esther


1. Yes, this argument applies somewhat differently in smaller countries that are akin to cities with federal courts and foreign policy. Some behave more like national governments, others like accountable cities. Switzerland, for one example, has as little national policy as possible for a nation-state – and a fairly satisfied, mostly middle-class citizenry despite some flaws – and some financial help from foreign businesspeople paying local taxes for precisely that lack of political volatility.


Esther Dyson sits on the board of the Long Now Foundation, as well as the Eurasia Foundation and the National Endowment for Democracy. She is chairman of EDventure Holdings and an investor in a number of start-ups concerned with health care, biotechnology and space travel. Originally a journalist, she wrote Release 2.0: A Design for Living in the Digital Age in 1998 and trained as a backup cosmonaut in Russia from 2008 to 2009.

Carne Ross founded the world’s first not-for-profit diplomatic advisory group, Independent Diplomat. He writes on world affairs and the history of anarchism, recently publishing The Leaderless Revolution (2011), which looks into how, even in democratic nations, citizens feel a lack of agency and governments seem increasingly unable to tackle global issues.

Krebs on SecurityHeartbleed Bug: What Can You Do?

In the wake of widespread media coverage of the Internet security debacle known as the Heartbleed bug, many readers are understandably anxious to know what they can do to protect themselves. Here’s a short primer.

The Heartbleed bug concerns a security vulnerability in a component of recent versions of OpenSSL, a technology that a huge chunk of the Internet’s Web sites rely upon to secure the traffic, passwords and other sensitive information transmitted to and from users and visitors.

Around the same time that this severe flaw became public knowledge, a tool was released online that allowed anyone on the Internet to force Web site servers that were running vulnerable versions of OpenSSL to dump the most recent chunk of data processed by those servers.

That chunk of data might include usernames and passwords, re-usable browser cookies, or even the site administrator’s credentials. While the exploit only allows for small chunks of data to be dumped each time it is run, there is nothing to prevent attackers from replaying the attack over and over, all the while recording fresh data flowing through vulnerable servers. Indeed, I have seen firsthand data showing that some attackers have done just that; for example, compiling huge lists of credentials stolen from users logging in at various sites that remained vulnerable to this bug.

For this reason, I believe it is a good idea for Internet users to consider changing passwords at least at sites that they visited since this bug became public (Monday morning). But it’s important that readers first make an effort to determine that the site in question is not vulnerable to this bug before changing their passwords. Here are some resources that can tell you if a site is vulnerable:

http://filippo.io/Heartbleed/

https://www.ssllabs.com/ssltest/

http://heartbleed.criticalwatch.com/

https://lastpass.com/heartbleed/

As I told The New York Times yesterday, it is likely that many online companies will be prompting or forcing users to change their passwords in the days and weeks ahead, but then again they may not (e.g., I’m not aware of messaging from Yahoo to its customer base about their extended exposure to this throughout most of the day on Monday). But if you’re concerned about your exposure to this bug, checking the site and then changing your password is something you can do now (keeping in mind that you may be asked to change it again soon).

It is entirely possible that we may see a second wave of attacks against this bug, as it appears also to be present in a great deal of Internet hardware and third-party security products, such as specific commercial firewall and virtual private network (VPN) tools. The vast majority of non-Web server stuff affected by this bug will be business-oriented devices (and not consumer-grade products such as routers, e.g.). The SANS Internet Storm Center is maintaining a list of commercial software and hardware devices that either have patches available for this bug or that will need them.

For those in search of more technical writeups/analyses of the Hearbleed bug, see this Vimeo video and this blog post (hat tip once again to Sandro Süffert).

Finally, given the growing public awareness of this bug, it’s probable that phishers and other scam artists will take full advantage of the situation. Avoid responding to emailed invitations to reset your password; rather, visit the site manually, either using a trusted bookmark or searching for the site in question.

Planet DebianSteve Kemp: A small assortment of content

Today I took down my KVM-host machine, rebooting it and restarting all of my guests. It has been a while since I'd done so and I was a little nerveous, as it turned out this nerveousness was prophetic.

I'd forgotten to hardwire the use of proxy_arp so my guests were all broken when the systems came back online.

If you're curious this is what my incoming graph of email SPAM looks like:

I think it is obvious where the downtime occurred, right?

In other news I'm awaiting news from the system administration job I applied for here in Edinburgh, if that doesn't work out I'll need to hunt for another position..

Finally I've started hacking on my console based mail-client some more. It is a modal client which means you're always in one of three states/modes:

  • maildir - Viewing a list of maildir folders.
  • index - Viewing a list of messages.
  • message - Viewing a single message.

As a result of a lot of hacking there is now a fourth mode/state "text-mode". Which allows you to view arbitrary text, for example scrolling up and down a file on-disk, to read the manual, or viewing messages in interesting ways.

Support is still basic at the moment, but both of these work:

  --
  -- Show a single file
  --
  show_file_contents( "/etc/passwd" )
  global_mode( "text" )

Or:

function x()
   txt = { "${colour:red}Steve",
           "${colour:blue}Kemp",
           "${bold}Has",
           "${underline}Definitely",
           "Made this work" }
   show_text( txt )
   global_mode( "text")
end

x()

There will be a new release within the week, I guess, I just need to wire up a few more primitives, write more of a manual, and close some more bugs.

Happy Thursday, or as we say in this house, Hyvää torstai!

Planet Linux AustraliaColin Charles: Amazon EC2 Linux AMIs

If you use Amazon Elastic Compute Cloud (EC2), you are always given choices of AMIs (by default; there are plenty of other AMIs available for your base-os): Amazon Linux AMI, Red Hat Enterprise Linux, SUSE Enterprise Server and Ubuntu. In terms of cost, the Amazon Linux AMI is the cheapest, followed by SUSE then RHEL. 

I use EC2 a lot for testing, and recently had to pay a “RHEL tax” as I needed to run a RHEL environment. For most uses I’m sure you can be satisfied by the Amazon Linux AMI. The last numbers suggest Amazon Linux is #2 in terms of usage on EC2.

Anyway, recently Amazon Linux AMI came out with the 2014.03 release (see release notes). You can install MySQL 5.1.73 or MySQL 5.5.36 (the latter makes the most sense today) easily without additional repositories.

The most interesting part of the release notes though? When the 2014.09 release comes out, it would mark 3 years since they’ve gone GA with the Amazon Linux AMI. They are likely to remove MySQL 5.1 (its old and deprecated upstream). And:

We are considering switching from MySQL to MariaDB.

This should be interesting going forward. MariaDB in the EC2 AMI would be a welcome addition naturally. I do wonder if the choice will be offered in RDS too. I will be watching the forums closely

Related posts:

  1. A Storage Engine for Amazon S3
  2. Some MariaDB related news from the Red Hat front
  3. MariaDB & distributions update, Dec 2013

Planet DebianJoey Hess: Kite: a server's tale

My server, Kite, is finishing its 20th year online.

It started as kite.resnet.cornell.edu, a 486 under the desk in my dorm room. Early on, it bounced around the DNS -- kite.ithaca.ny.us, kite.ml.org, kite.preferred.com -- before landing on kite.kitenet.net. The hardware has changed too, from a succession of desktop machines, it eventually turned into a 2u rack-mount server in the CCCP co-op. And then it went virtual, and international, spending a brief time in Amsterdam, before relocating to England and the kvm-hosting co-op.

Through all this change, and no few reinstalls from scratch, it's had a single distinct personality. This is a multi-user unix system, of the old school, carefully (and not-so-carefully) configured and administered to perform a grab-bag of functions. Whatever the users need.

I read the olduse.net hacknews newsgroup, and I see, in their descriptions of their server in 1984, the prototype of Kite and all its ilk.

It's consistently had a small group of users, a small subset of my family and friends. Not quite big enough to really turn into a community, and we wall and talk less than we once did.


Exhibit: Kite as it appeared in the 90's

[Intentionally partially broken, being able to read the cgi source code is half the fun.]

Kite was an early server on the WWW, and garnered mention in books and print articles. Not because it did anything important, but because there were few enough interesting web sites that it slightly stood out.


Many times over these 20 years I've wondered what will be the end of Kite's story. It seemed like I would either keep running it indefinitely, or perhaps lose interest. (Or funding -- it's eaten a lot of cash over the years, especially before the current days of $5/month VPS hosting.) But I failed to anticipate what seems to really be happening to it. Just as I didn't fathom, when kite was perched under my desk, that it would one day be some virtual abstract machine in a unknown computer in anther country.

Now it seems that what will happen to Kite is that most of the important parts of it will split off into a constellation of specialized servers. The website, including the user sites, has mostly moved to branchable.com. The DNS server, git server and other crucial stuff is moving to various VPS instances and containers. (The exhibit above is just one more automatically deployed, soulless container..) A large part of Kite has always been about me playing with bleeding-edge stuff and installing random new toys; that has moved to a throwaway personal server at cloudatcost.com which might be gone tomorrow (or might keep running for free for years).

What it seems will be left is a shell box, with IMAP access to a mail server, and a web server for legacy /~user/ sites, and a few tools that my users need (including that pine program some of them are still stuck on.)

Will it be worth calling that Kite?


[ Kite users: This transition needs to be done by December when the current host is scheduled to be retired. ]

Sociological ImagesHow to Change the World One Shrug at a Time

This is, by far, the best response to inquiries about male -bodied cross-dressing that I have ever heard. If you don’t already love Eddie Izzard, you might now.  Asked why he wears “women’s dresses,” this non-cisgendered man responds, in a nutshell: “I’m not wearing women’s dresses. I’m wearing my dresses. I bought them. They are mine and I’m a man. They are very clearly a man’s dresses.”

1 (2) - Copy
Johnny Depp does a similarly good job of refusing to take the bait in this clip from the Late Show with David Letterman. Letterman queries his rationale for wearing a women’s engagement ring. Depp just plays dumb and ultimately says that it didn’t fit his fiancée, but it did fit him. So… shrug.

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="315" width="560"><param name="allowFullScreen" value="true"/><param name="allowscriptaccess" value="always"/><param name="src" value="//www.youtube.com/v/p8VJCZwOv74?version=3&amp;hl=en_US"/><param name="allowfullscreen" value="true"/><embed allowfullscreen="true" allowscriptaccess="always" height="315" src="//www.youtube.com/v/p8VJCZwOv74?version=3&amp;hl=en_US" type="application/x-shockwave-flash" width="560"></object>

The phenomenon of being questioned about one’s performance of gender is called “gender policing.” Generally there are three ways to respond to gender policing: (1) apologize and follow the gender rules, (2) make an excuse for why you’re breaking the rules (which allows you to break them, but still affirms the rules), or (3) do something that suggests that the rules are stupid or wrong.  Only the last one is effective in changing or eradicating norms delimiting how men and women are expected to behave.

In these examples, both Izzard and Depp made the choice to disregard the rules, even when being policed. It seems like a simple thing, but it’s very significant. It’s the best strategy for getting rid of these rules altogether.

Thanks to Dmitriy T.C. for the links!

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianCraig Small: WordPress update needed for stable too

Yesterday I mentioned that wordpress had an important security update to 3.8.2  The particular security bugs also impact the stable Debian version of wordpress, so those patches have been backported.  I’ve uploaded the changes to the security team so hopefully there will new package soon.

The version you are looking for will be 3.6.1+dfsg-1~deb7u2 and will be on the Debian security mirrors.

Planet Linux AustraliaAndrew Pollock: [life] Day 72: The Workshops, and zip lining into a pool

Today was jam packed, from the time Zoe got dropped off to the time she was picked up again.

I woke up early to go to my yoga class. It had moved from 6:15am to 6:00am, but was closer to home. I woke up a bunch of times overnight because I wanted to make sure I got up a little bit earlier (even though I had an alarm set) so I was a bit tired.

Sarah dropped Zoe off, and we quickly inspected our plaster fish from yesterday. Because the plaster had gotten fairly thick, it didn't end up filling the molds completely, so the fish weren't smooth. Zoe was thrilled with them nonetheless, and wanted to draw all over them.

After that, we jumped in the car to head out to The Workshops Rail Museum. We were meeting Megan there.

We arrived slightly after opening time. I bought an annual membership last time we were there, and I'm glad we did. The place is pretty good. It's all indoors, and it's only lightly patronised, even for school holidays, so it was nice and quiet.

Megan and her Dad and sister arrived about an hour later, which was good, because it gave Zoe and I a bit of time to ourselves. We had plenty of time on the diesel engine simulator without anyone else breathing down our neck wanting a turn.

The girls all had a good time. We lost Megan and Zoe for a little bit when they decided to take off and look at some trains on their own. Jason and I were frantically searching the place before I found them.

There was a puppet show at 11am, and the room it was in was packed, so we plonked all three kids down on the floor near the stage, and waited outside. That was really nice, because the kids were all totally engrossed, and didn't miss us at all.

After lunch and a miniature train ride we headed home. Surprisingly, Zoe didn't nap on the way home.

Jason was house sitting for some of his neighbours down the street, and he'd invited us to come over and use their pool, so we went around there once we got back home. The house was great. They also had a couple of chickens.

The pool was really well set up. It had a zip line that ran the length of the pool. Zoe was keen to give it a try, and she did really well, hanging on all the way. They also had a little plastic fort with a slippery slide that could be placed at the end of the pool, and the girls had a great time sliding into the pool that way.

We got back home from all of that fun and games about 15 minutes before Sarah arrived to pick Zoe up, so it was really non-stop day.

RacialiciousThursday Throwback: The Dead, River Spirits, & a Magic Hat [Racialigious]

This Article was originally published on July 30, 2009

by Guest Contributor Alex Felipe originally published at AlexFelipe.com

Filipinos don’t celebrate Halloween, they instead have a day dedicated to the dead on 1 November, the Araw ng mga Patay [Day of the Dead]. It’s a holiday that is the perfect metaphor for Philippine spirituality: an imported Catholic holiday that hints at an animist past.

Having grown up in Canada I only just recently learned about this tradition, and I experienced my first Araw ng mga Patay only last year. I went to go visit my grandfathers graves, they had both died during the 90s and been brought back to the Phils.

The holiday is an odd one seen through the lens of a Filipino raised in Canada. Families head out to the cemetery to clean the tombs of relatives, bring food, flowers, light candles, and pray. But more or less it just seems like a day where everyone decides to have a family picnic—a picnic that just so happens to be in an insanely crowded cemetery.

It’s an odd sight to be honest. Drunk men playing cards on grave markers next to a family singing karaoke on a portable machine next to parents praying the rosary for a recently deceased child.

Strangely enough, it’s a generally mirthful holiday. There are fast food tents set up in the cemetery just for that day: McDonalds, Jollibee, Greenwich Pizza, Ando’s Chicken, and more—all in the middle of a cemetery.

To my foreign influenced eyes, this holiday seems light and fun; a nice way to remember the past, but in the Phils—despite how casual the atmosphere is—there is a real fear that to not pay respect at the grave of a family member would have severe repercussions from the spirit world.

It’s moments like these that really help remind me of our people’s animist past, and the very real connection to the spirit world that doesn’t exist here in Canada.

 

Tala-andig pre-sacrifice ritual. Miarayon, Mindanao
This past lives on despite, or perhaps more accurately, within the country’s Christian framework. As one Tala-andig tribal leader told me in during a visit to their community in 2005, “In our political system we have to go through channels–barangay captain up to the President. You can’t just talk to the President, first you have to go to the local barangay captain, then to the mayor, then the congressman, etc. It’s the same way with our beliefs. We start with the spirits and work our way up to [the Christian] God.”

I am particularly fascinated by our living family mythology. As a Filipino, even a Filipino in Canada, all our family histories are ripe with this folklore. I am proud to even have a little of it attached to me.

I’d like to share some of these stories with you, old stories that sometimes seem a world away, and make me nostalgic for a place I can’t remember, for spirits that I cannot recall…

My great-grandfather, my paternal lola’s father, was apparently a Spaniard (don’t hold it against me). My Mommy Es (as we call our grandma) tells me that he was an older man in his 50s when he married my great-grandmother who was 18. His name was Gabriel and he was a soldier with Spain when he was younger.

My grandmother didn’t know him very well, he died before she became a teen and he was stern man who only really interacted with his kids to discipline them. One thing she did remember about him was his magic hat.

This hat was one of the family anting-antings [magic talisman]. They were often amulets worn around the neck (most commonly they gave the wearer invincibility against a specific weapon), but they could be anything—in this case, a hat.

Mommy Es first told me about the magic hat in my teens when I was a massive comic book geek and it caught my imagination enough that I have never forgotten the story, and have never forgotten the sense of loss I felt for not having it—but I’m getting ahead of myself.

So he had a magic hat. This hat was said to have an amazing power: he could use it to transport himself anywhere on earth by simply putting on the hat and thinking about the place. It had an unusual caveat: it would only work if the wearer used it in a place where he was out of sight from watching eyes.

I was an atheist as a teen, and I didn’t really believe in its powers, but it intrigued me. Did one have to be completely out of sight or just have no one watching? How far was its range? Did you have to image the place so well that you couldn’t go anywhere that you hadn’t already been? And of course: why didn’t he use it to be a superhero?

The hat was lost during the war with Japan, after my great-grandfather had died. When my Lola’s family was forced to run to flee into the mountains it was left behind. I have no idea how such an important piece of magic could be left behind, I mean you’d think this hat would have been pretty damned useful during a war.

I, of course, also wondered how my Lola could believe in such an outlandish story—and she really believes it was real. She would tell me about how he walk into a room and just disappear or just appear out of no where when she thought she was alone. It’s all just a little creepy if you ask me—knowing that he was a Spaniard in a Philippines just recently free of Spain—to think that he would just appear and disappear randomly through my grandma’s childhood memories.

 

A statue of a child Jesus behind a young man playing a video game. [Manila]
In the mountains my grandmother had a more dangerous run in with another creature of Filipino mythology.

Throughout my life I have always known my Lola to be afraid of rivers and creeks, it originates from the War and the time she was attacked by a river spirit. She tells the story of how she was in her early teens and went out to the river to fetch water. Usually one of the older family members did it but she felt she was old enough. Her family later found her by the river near dead.

They attribute the incident to a run-in with a river spirit that she forgot to ask permission from.

The theme of river spirits continued with me, but in an opposite direction. I’ve always loved small forest rivers and creeks. I can sit by them for hours.

My maternal Lola, we called her ‘Nanay’ [which means “mother”] loves to tell the story of how when I was a toddler I was always running away from home. At first they would get worried (I have no idea how a baby less than two could run away from home, but that’s the story), but they would always find me in the same place. I would run to the creek in the wooded area near our home and play with my friends the duende.

Duende were mischievous spirits that inhabited the land. While the name is Spanish, the spirits are Filipino, stemming from our animist tradition. Duende were mischievous and often played pranks on people. They could also be very dangerous if offended, and they were easily offended (as my Mommy Es’ story shows). But if you were good to them, they were very protective of you.

Nanay would say how she would often find me there and she would see strange things: like how I would apparently be playing with spirits she couldn’t see, she would see me splash water at an invisible friend–and water would splash back.

She marveled at that friendship as duende were usually creatures to be avoided. In stories even those they befriended usually found themselves in serious trouble. I’ve always loved that connection, and when I went back to the Phils to discover that the creek was gone and the area cemented over and covered in homes I felt a real sadness and I truly hoped that my mythological friends were ok.

To this day when I walk through forests, or come to a creek I would bow my head and greet the spirits. And to this day I’ve always felt safe in wild areas—I’ve had quite a few close calls, but I’ve always come out ok.

Now I’m not saying I believe these stories to be literal truth, but there is wonderful metaphorical truth to be found in mythology—it’s the truth that cannot be spoken of in literal terms, the truth that is within all religions, the truth that’s corrupted by those that see only words but can’t grasp their meaning.

One Filipino wrote on an online criticism of the Araw ng mga Patay holiday “I will never understand the Filipino fascination with the dead, much less their superstitious beliefs concerning the dead among us. I prefer to deal with the land of the living. After all, it’s the living people that need our help as we can do nothing for the dead.”

nullI disagree, many of our problems in the Phils and as Filipinos (especially those of us raised outside the homeland) comes from this disconnect between the present and the past, tradition and modernity. In our headlong rush to become equal to the West [whatever that may mean], we are quickly discarding our mythologies instead of allowing them to evolve. This stupidity is an attempt to strip us of our relationship to the land, each other, and the past.

But these stories live in us whether we want them to or not because our parents, our grandparents, and our families have lived with these stories and they have influenced how they act and how they have raised us.

Tradition is not a static creature. It lives and evolves within the people they inhabit. We cannot remove ourselves from it any more than we can try to remove our blood from our bodies. We can definitely try, and I know too many that do, but the sad result helps neither the living nor the dead.


(all images: ©2005-07 alex felipe / All Rights Reserved)

The post Thursday Throwback: The Dead, River Spirits, & a Magic Hat [Racialigious] appeared first on Racialicious - the intersection of race and pop culture.

RacialiciousDerrick Gordon Becomes First Out Gay Male NCAA Basketball Player

By Arturo R. García

<script height="345px" src="http://player.ooyala.com/iframe.js#ec=dsYzZzbDoEtK6SG0MZqGliEIrV_e31tg&amp;pbid=e7e908eebffd4efeb96a3096aa9b4bd0" width="615px"></script>

University of Massachusetts guard Derrick Gordon announced to the public on Wednesday — after telling his parents and teammates — that he is a gay man, becoming the first gay male NCAA basketball player.

“I know what it’s like to cry yourself to sleep or ‘have a girlfriend’ when that’s not your girlfriend, just to try and impress your friends,” Gordon said in video published by Outsports on the day of his announcement. “Nobody should have to try to live like that.”

Though his opening up to his teammates was by all accounts positive, the road there appears to have been rough for Gordon.

According to Outsports, some of Gordon’s fellow Minutemen began questioning him about his sexuality after finding a picture of him and his boyfriend on Instagram. The questioning turned into ridicule, and it took a toll on Gordon:

“That was probably the lowest point I was ever at. I didn’t want to play basketball anymore. I just wanted to run and hide somewhere. I used to go back to my room and I’d just cry. There were nights when I would cry myself to sleep.

When Gordon eventually confronted his team – again asserting he was straight and demanding they stop harassing him – the teasing slowed. Yet the damage was already done. Throughout the season – all the way into the NCAA tournament last month – some teammates continued to wait until Gordon was done in the locker room before they would venture into the showers. The “gay” label lingered. The treatment built distance between him and the rest of the team. Gordon responded by isolating himself, which in turn was met with more distance from various players.

ESPN-W reported that Outsports itself became a resource for Gordon, following the public announcements by NBA free agent Jason Collins and former University of Missouri football player Michael Sam. By this point he had also developed his own support group, which included former NFL player Wade Davis — who gave a presentation to National Football League team officials last month regarding LGBTQ issues — and Yonkers, New York high school head coach Anthony Nicodemo, who came out last year.

“I was thinking about summer plans and just being around my teammates and how it was going to be,” Gordon told ESPN. “I just thought, ‘Why not now? Why not do it in the offseason when it’s the perfect time to let my teammates know and everybody know my sexuality?’”

Before telling his teammates, however, Gordon told his family, starting by simply telling his parents he had something important to share with them:

Finally, on the seventh or eighth guess, his mother, Sandra, asked the question he was hoping she would ask.

“Are you gay?”

“And I hopped on it real quick,” Gordon said. “I said, ‘Yes, that’s it.’ And she just looked at me and froze. She was shocked a little bit, but she also said she knew a little bit, too. That’s what surprised me, honestly. But, like they always say, mothers know.”

Derrick’s father, Michael, said little at the time. He seemed to be processing the news, and didn’t reach out to his son (the two usually text frequently) for about 24 hours after Derrick returned to UMass. But when Michael did call, his message was this: I will always love you and support you, no matter what.

Gordon also received help from UMass head coach Derek Kellogg, who gathered the squad for the meeting in which the transfer from Western Kentucky finally confirmed their suspicions — on his terms. Kellogg described the meeting as a bonding experience for Kellogg and his fellow Minutemen.

“The reaction of the team was great. My strength coach, Rich Hogan, stepped up first and just said, D.G., we love you, this doesn’t change anything,” Kellogg told Sports Illustrated. “Then actually the team stepped up and said, really to a man, one by one, that they kind of had known for a while. They’re like, D.G., we’ve been here for you the whole time, we’ve known for like eight months, a year, whatever it might be. This doesn’t change anything. You’re a brother, a family member.”

Gordon’s interview with ESPN, aired on Wednesday, can be seen below.

<script src="http://player.espn.com/player.js?playerBrandingId=4ef8000cbaf34c1687a7d9a26fe0e89e&amp;adSetCode=91cDU6NuXTGKz3OdjOxFdAgJVtQcKJnI&amp;pcode=1kNG061cgaoolOncv54OAO1ceO-I&amp;width=550&amp;height=345&amp;externalId=espn:10750463&amp;thruParam_espn-ui[autoPlay]=false&amp;thruParam_espn-ui[playRelatedExternally]=true"></script>

The post Derrick Gordon Becomes First Out Gay Male NCAA Basketball Player appeared first on Racialicious - the intersection of race and pop culture.

Worse Than FailureBest of Email: (Un)Helpful Support, An Epic Opportunity, and more!

Don't forget, The Daily WTF loves terrible emails. If you have some to share, mail in your mail!


Perfectly Safe to Open This (from Alex)

"I mean, to some extent I'm happy to receive offers, but I'm happy with where I am. Ah, whatever."

 

 

"Helpful" Support (from Oscar)

"I was on a business trip, and the wireless connection at the hotel was acting weird. SSL connections would fail sporadically, which with the help of Wireshark turned out to be their servers sending HTML error messages instead of a TLS handshake reply (one article I found pointed fingers at Microsoft Forefront, but I didn't dig any further). Since we use OpenVPN at work, it failed the same way and I thought I'd give their support a try. Couple of weeks later, I got the following very 'helpful' reply."

________________________________________________________
From: support@thecloud.com
To: oscar@initech.se
Subject: RE: Connect Issues

Thank you for contacting The Cloud.  While The Cloud is a public-access 
network, we cannot guarantee that all VPN connections used during any 
given session will work as intended.  Further to that point, if your VPN 
connection fails whilst connected to The Cloud, we are unable to support 
your VPN.  We apologise for the inconvenience this presents.

If you have any other questions, please don't hesitate to contact us again.

Kind regards,

Joseph G
The Cloud Support Team

 

iloveu (from Anon)

We received the below here at TDWTF. Yeah...

________________________________________________________
From: an anonymous lover [mailto:somebody@somewhere.net] 
To: Alex Papadimoulis
Subject: [AP] iloveu

dude wtf man u wer hittin on my GF amy? dude ill kick ur 
as if you ever hit on my girl again il hit u with my fist 
for seriously. do you even lift? bro i can benchp ress 
400 of youre little pipsqueak friends in one setting if 
u had that many but i bet you dont

but serioulsy brah stay away from my gf before i have to 
come show you why they called me the real wtf

 

 

The Origins of a WTF (from Mark M.)

It's not often that one gets to witness the formation of the universe, a star, or even a nebula. This week, however, I was gifted with a glimpse of what can only become a WTF. I will, of course, pass on this great opportunity.

Sounds like fun!

________________________________________________________
From: contact@initechrecruiting.com 
To: markm@initrode.com
Subject: A Terrific Opportunity!

Good morning!
 
I apologize if this email does not apply to your skillset!

My name is ..... ..... and I am a Microsoft/Java recruiter 
for .... Systems Inc. One of my large telecommunications 
clients in Monroe, Lousiana has an opening for an asp.net 
developer. This is a 6 month contract and contractors must 
work onsite in Monroe. Please review the job outline below 
and let me know if you'd like to discuss this in further 
detail. Pay is flexible at this point and we can negotiate
when discussing further. 

I hope to hear from you soon! Have a great remainder of your day!

Project Information: 
    Web Application for collaboration of multiple groups.
    5000 hours worth of work in a 6 month time frame
    40% front, 40% middle, 20% backend
    Virtual Server with VS 2010
    
Technologies & Tools: 
    C#
    ASP.NET
    JavaScript
    Entity Framework
    MySQL database
    MySQL workbench
    Oracle
    Visual Studio Express 
 
Development Methodology: 
    Spiral
    No real design patterns
 
Team Dynamics: 
    Lead Developer
    1 other developer
    
Skills Needed: 
    Mid - range work horse
    Collaborative environment
    Lots of discovery still going on.
    Full SDLC skills
 
Notes: 
    Not able to do remote workers

 

Crazy ol' Sears (from Jason B. )

Agent Name from Sears sent me this e-mail today about a recent order we placed, but I don't feel compelled to add the "accessories" to my order...

Sounds like fun!

 

 

Just plain wrong... (from Henrik)

Google contest run from a Live.com email address. Yep, seems legit!

________________________________________________________
From: a39Aef@gmail.com 
To: henrikrkm@initech.com
Subject: A Terrific Opportunity!

Congratulations !!! Dear Google winner,

You have been awarded the sum of 750,000.00 Great British Pounds for 
the on going Google Promo, contact us via this 
email ( googlemanagement.team@live.com ) for more 
details regarding your winning.

Best Regards.
Google Management Team. 

 

An Epic Opportunity (from Tim D.)

Seriously - if recruiters put as much time and effort into emails like this one, they'd probably fill their positions much faster.

________________________________________________________
From: Jwills@foo-recruiting.com
Subject: Formidable and rare PHP Zend role in London
To: timd@someemail.com

Hi Tim,

It was a cold day, Gustav arrived for his first day at work 
clutching his laptop and some books on the Zend framework. 
His past nights had been disturbed by the 'Tetris effect', 
lines of pure code produced by his unconscious mind in his 
sleep, dropping down, one atop the other, leaving him in 
somewhat of a half awake, half asleep state throughout the 
nights. His world view was formed through code, indeed 
giving him great insight, yet leaving him somewhat distant 
from those around him.

He was starting to question his sanity. A formidable PHP Zend 
coder, instead of taking rest in its conventional sense, his 
mind would be occupied with thoughts on RESTful services, 
instead of using soap in the bath, he would be comparing SOAP 
with RESTful services. He took a single bite on a pear, the 
only food he had eaten in two weeks, and instantly started 
thinkng of PEAR and PECL extensions. Instead of eating, he 
would usually be coding, his natural hunger instinct shut 
off from the deep levels of focus that he sustained during 
coding sessions. Am I human? he asked himself one day, clearly 
feeling that his very existence had merged with the technology 
with which he was engaged on a day to day basis.

His family life remained intact, a bright wife who understood 
his predicament serving as a buffer between his internal world 
and the world around him. Even when talking with her, his mind 
would drift onto coding, sometimes so much so, that he lost 
awareness of her very presence.

As he calmly, as if programmed, walked through the porte-cochère 
leading to the entrance of the office, he felt totally in control, 
as if on a mission to take charge of his young colleagues and guide 
them in the right direction on the greenfield LAMP platform-build 
that he was to be in charge of. He knew that this would be no easy 
feat, but felt reassured that he would be able to get on with producing 
a large amount of the purest code himself, whilst overseeing the 4 
strong team of fastidious developers that already worked at the company, 
rather than being a mere hands off development manager.

As he arrived at his desk, he was astounded by the office environment, 
a wondrous place, void of unnecessary ornementation, fine desks 
sculpted from burr walnut. A minimalistic, clutter free environment 
seemed exactly what young Gustav needed to allow his coding to 
flourish. The air was as clean, a distant memory pervaded his mind, 
reminding him of the clean childhod air of the Matterhorn foothills 
in which he was raised. He mused on the brilliance of the architecture 
holding him, a hybrid blend of Le Corbusier and Ahrends Burton Koralek 
he decided..... indeed he had many other interests in addition to his 
coding.......

I am looking for candidates like young Gustav, to fill a technical 
lead role in a London based agency. I would really like to speak with 
you about the opportunity as it is a good one. They really want 
fastidious PHP Zend coders, who have experience in RESTful services, 
to work on their new platform, and migration to the LAMP stack.

You will be coding every day as well as overseeing other developers 
in a relaxed environment where you start work at 9 and finish at 5.

Please do get back to me if you are very good at PHP Zend and are looking 
for a new opportunity. I will be able to provide you with plenty of 
information. The salary on offer is £55K-£60K per annum

Best Regards

 

It's not a big deal until you're fired. (from Ian)

"For a while we ran Outlook 2002. Better known to most as Outlook XP. The back end at the time was Exchange 5.5 . We found an issues were one could show the 'From' field when composing an email. The real problem came in the form of being able to fill in ANY name and being able to send the email. Our exchange administrator didn't think this was much of a problem as only a few knew about it, and they were limit to the system admins group."

________________________________________________________
From: IT Director
Sent: Tue 2/24/2004 9:10 AM
To: ExchangeAdmin
Subject: Your negligence...

Has cost you your job. Pack you things and get out.


You're FIRED!!

Once he calmed down and I admitted I had sent him the message he got the point.

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Planet DebianMichal Čihař: Heartbleed fun

You probably know about heartbleed bug in OpenSSL as it is so widespread that it got to mainstream medias as well. As I'm running Debian Wheezy on my servers, they were affected as well.

The updated OpenSSL library was installed immediately after it has been released, but there was still option that somebody got private data from the server before (especially as the vulnerability exists for quite some time). So I've revoked and reissued all SSL certificates while regenerating new private keys. This has nice benefit that they now use SHA 256 intermediate CA compared to SHA 1 which was used on some of them before.

Though there is no way to figure out whether there was some information leak or not, I have decided to reset all access tokens for OAuth (eg. GitHub), so if you have used GitHub login for Weblate, you will have to reauthenticate.

Filed under: English phpMyAdmin Weblate | 0 comments | Flattr this!

Planet DebianChristine Spang: a tuturial about search

Today I gave a tutorial at PyCon 2014 entitled Search 101: An Introduction to Information Retrieval.

It was an experiment of sorts: the first workshop I've run primarily by myself, my first tutorial at PyCon, my first paid teaching gig. It was an opportunity to take some of the lessons I learned from teaching the Boston Python Workshop and apply them to a new situation.

The material itself is a distillation of many hours of frustration with the documentation for various open source search engine libraries, frustration that they didn't tell me where to start or about the big picture, they just jumped straight into the details.

Here's what worked:

  • IPython Notebook. Oh em gee. I started writing the class's handout using IPython Notebook because it was a simple way to easily embed syntax-highlighted code into a markdown document that was viewable in a browser. Not only was it a super quick and fun way to write the handout, but many students used the interactive execution features to play around with the example code.
  • Not having a paper handout. Saved trees, printing hassle, and no one seemed to mind.
  • Putting everything in a git repo... git is sufficiently ubiquitous these days that students didn't really have trouble getting a copy, and appreciated having everything in one place, with simple setup instructions. I brought a clone of the repo on a USB stick as a backup plan.

Here's what caused problems:

  • Mostly, the IPython dependency pyzmq, which requires compilation. I don't know what the current landscape is for Python distribution, but installing these libraries through pip is still a pain. I've heard rumour that more ubiquitous wheels may solve this in the future.
  • Some people aren't used to using virtualenv everywhere. Even seeing that, I still think it's worth the confusion to put it forth as the recommended setup method.

Intermediate students are a different crowd than beginners. There was less of an air of discovery in the room, though I organized the class around open-ended tasks. Since the material allowed for folks to take it in the direction of their interest, I found it a bit difficult to gauge whether people were following or not. Overall though, everyone was attentive and studious. I had fun.

Ruben and Stuart, the PyCon tutorial organizers, had logistics running super smoothly, AV, lunch, everything. Thanks for that you guys, you rock. :) And thanks as well to my helpers: Leo, the tutorial host, Eben, my TA, and Roberto, on AV. It's impossible to pay adequate attention to 20+ people as a single person, couldn't have done a decent job without y'all. ;)

,

Planet DebianSteinar H. Gunderson: Movit 1.1 released

I just released version 1.1 of Movit, my GPU-based video filter library. This is basically for two things: A bunch of accumulated small fixed and tweaks, and support for GLES 3.0 (think mobile).

So, what now? Well, perhaps unsurprisingly, releasing a library does not bring an army of interested developers to your door, so as a library writer, most of my time actually goes into projects further up in the hierarchy. In particular, when you start imposing unreasonable demands such as “working OpenGL” onto end users who like to use Gentoo but don't know how to install a package, there is some fallout.

However, it also exposes you to a lot of scenarios you never really thought about, which can be frustrating, but in the end also increases the quality and robustness of your code. In particular, I know there's some issue (probably in Kdenlive's Movit support and not Movit, though) where NVIDIA's OpeNGL drivers are much stricter than Mesa's with regards to multithreading, and it's damn near impossible to track down without having one in a desktop machine myself. (I have one in my HTPC, but it's Atom-based and only has the TV for monitor, so debugging there is something I'd rather not do.)

So, what's next? The answer is pretty simple: Probably a break. I have to go to travel now (vacation and work) for the next month or so, so I fear Movit will get less attention for a little while. Then again, it's in fairly good shape, so I'm not that worried that the world will be screaming for me when I come back. :-)

Falkvinge - Pirate PartyPirate Party Vindicated By Highest EU Court, Killing Mass Surveillance Law. Oldmedia Reacts By Writing Cat Story.

Cat face

Privacy: The Swedish Pirate Party’s political work has been consistently ignored by Swedish media from our setting foot in the European Parliament in general, and in this election campaign in particular. After having been excluded from televised live debates three days ahead of voting despite being up for re-election to the European Parliament, we had a huge victory yesterday where the European Court of Justice made us right in what we had been saying all along about privacy. Swedish oldmedia responded with a story about the party leader’s cat.

Yesterday, the European Court of Justice ruled the detested Data Retention Directive invalid. Retroactively invalid, even: the court ruled that it had never existed. The directive (a directive is sort of a federal law covering the EU) mandated all EU states to log all communications from all citizens: from whom, to whom, from where, using what method, and when. No communication would be unseen by the Government.

This wasn’t for the usual organizedcrime-terrorism-pedophiles-filesharing mantra. This was for everybody, with the express purpose of using your communications logs against you. The Pirate Party was founded as a direct reaction to this blanket violation; we were quoted in 2006 saying “this is worse than Stasi” in a context depicting us as though we were talking complete rubbish and nonsense.

Yesterday, the European Court of Justice – the highest court of the world’s largest economy – said the same thing in a historic verdict. The blanket violations are intolerable and inexcusable.

So in the past two weeks, the Swedish Pirate Party has had these amazing progresses and successes:

  • An amazing gathering of 300 pirates in Brussels, founding the European Pirate Party.
  • On April 3, the Pirate stance on Net Neutrality won in the European Parliament, something we’ve been fighting hard for against the European Commission, safeguarding the future of free enterprise in Europe.
  • The Swedish Pirate Party’s European Election campaign kickoff on April 5.
  • Yesterday, April 8, the highest court of the world’s largest economy saying we had been right the entire time with our “unconstructive” stance, pointing out that blanket violations of privacy are inexcusable.

On the day that the highest court in the largest economy on the planet says the same thing that the Pirate Party has been saying for almost a decade, while constantly being belittled by the powers that be, governmental oldmedia (SVT) finally writes about the Pirate Party. Bloody finally.

On the eve of this string of successes, when you expect a heavy political analysis of all the successes and an admission that there may have been some kernel of truth to the basic idea of privacy being fundamentally inviolable, they write a story about how the party leader was locked into her bathroom by her cat, and post it as a highlight on their election coverage (“Val 2014″). I wish I were joking.

Anna Troberg trapped in bathroom by cat. Courtesy SVT.

In the words of Calandrella, this is a facepalm, this is an eternal facepalm.

Somebody banging their head against a piece of furniture repeatedly in frustration

I’ve been frustrated by Swedish governmental media before, when I took actions that got headlines all over the world but not in Sweden. It was deemed newsworthy in Japan, China, Thailand, Greece, and elsewhere, but not in Sweden where it had actually happened. This final straw crosses the line. This is where it gets personal. I had had these plans loosely before, but this is where it gets official.

I pledge to outcompete this collection of bastard oldmedia and commit them to irrelevance over the coming years.

They’ve already committed themselves to irrelevance, as illustrated clearly by their own actions above. What I’m going to provide is an alternative that makes it clear how obsolete they are. I aim to have outcompeted European oldmedia for all intents and purposes in five years, with launch about a year from now (I’m in process of coding the infrastructure).

We’re not supposed to have a governmental news station. The idea is repulsive. The fact that they’re branding themselves as “independent”, and that people hearing it actually believe that crap, turns into an unworthy Foxesque “fair and balanced” situation – but revoltingly funded by public money. It needs to go.

I’ve already demonstrated my ability to kick stale powerholders out of their jobs when they’re underperforming. Watch me repeat that in a new field.

LongNow33 Books on How to Live and a Russian Nesting Doll

Photo by Elizabeth Lippman for The New York Times

Long Now Member Maria Popova is the mastermind behind the popular cultural blog of ideas known as Brain Pickings.  The blog was founded in 02006, where she has been reviewing books, writing multiple blog entries and tweeting 50 times a day, all while balancing on a wobble board. The lifelong bibliophile has also written for Wired UK, The New York Times, and is an MIT Futures of Entertainment Fellow. And now, she has compiled her own reading list of 33 books to add to the collection of the 3,500 volumes most essential to sustain and rebuild civilization.

When we launched the Manual for Civilization project, it was a natural fit with Popova’s interests and expertise. She reviewed Brian Eno’s selections for the Manual for Civilization and contemplated Stewart Brand’s 76-book list, noting that only 1.5 of the books Brand suggested were authored by women. Here is an excerpt of her thoughtful reflections when creating her own list:

In grappling with the challenge, I faced a disquieting and inevitable realization: The predicament of diversity is like a Russian nesting doll — once we crack one layer, there’s always another, a fractal-like subdivision that begins at the infinite and approaches the infinitesimal, getting exponentially granular with each layer, but can never be fully finished. If we take, for instance, the “women problem” — to paraphrase Margaret Atwood — then what about Black women? Black queer women? Non-Western Black queer women? Non-English-speaking non-Western Black queer women? Non-English-speaking non-Western Black queer women of Jewish descent? And on and on. Due to that infinite fractal progression, no attempt to “solve” diversity — especially no thirty-item list — could ever hope to be complete. The same goes for other variables like genre or subject: For every aficionado of fiction, there’s one of drama, then 17th-century drama, then 17th-century Italian drama, and so on.

Popova presents us with a set of books that have helped her learn “how to make sense of ourselves, our world, and our place in it.” Many of her selected books have additional links to detailed reviews she previously wrote, providing a great deal of insight and context. So rather than listing the books here, you can find Popova’s reading list where it is best written: “33 Books on How to Live: My Reading List for the Long Now Foundation’s Manual for Civilization.”

The Brooklyn-based editor will be speaking with author Caroline Paul at Hattery in San Francisco tomorrow, April 11, 02014. At the event titled “Brain Pickings: An Evening with Maria Popova,” (currently sold out) they will talk about “hunting and gathering on the internet, lessons on creativity, and musings such as the curious minds (and sleep habits) of famous writers past and present.”

Planet DebianThorsten Glaser: Heartbleed vs. Startcom / StartSSL

First of all, good news, MirBSD is not vulnerable to The Heartbleed Bug due to my deliberate choice to stick to an older OpenSSL version. My inquiry (in various places) as to what precisely could leak when a vulnerable client connected to a nōn-vulnerable server has yet to be answered, though we can assume private key material is safe.

Now the bad news: while the CA I use¹ and a CA I don’t use offer free rekeying (in general), a CA I also use occasionally² refuses to do that. The ugly: they will not even revoke the certificates, so any attacker who gained your key, for example when you have been using a certificate of theirs on a Debian system, will be able to use it (e.g. to MITM your visitors traffic) unless you shell over lots of unreasonable money per certificate. (Someone wrote they got the fee waived, but others don’t, nor do I. (There’s also a great Twitter discussion-thingy about this involving Zugschlus, but I won’t link Twitter because they are not accessible to Lynx users like me and other Planet Debian authors.)

① I’ve been using GoDaddy privately for a while, paid for a wildcard certificate for *.mirbsd.org, and later also at work. I’ve stopped using it privately due to current lack of money.

② Occasionally, for nōn-wildcard gratis SSL certificates for HTTP servers. Startcom’s StartSSL certificates are unusable for real SSL as used in SMTP STARTTLS anyway, so usage isn’t much.

Now I’ve got a dilemma here. I’ve created a CA myself, to use with MirBSD infrastructure and things like that – X.509 certificates for my hosts (especially so I can use them for SMTP) and possibly personal friends (whose PGP key I’ve signed with maximum trust after the usual verification) but am using a StartSSL certificate for www.mirbsd.org as my GoDaddy wildcard certificate expires in a week or so (due to the aforementioned monetary issues), and I’d rather not pay for a limited certificate only supporting a single vhost. There is absolutely no issue with that certificate and key (only ever generated and used on MirBSD, only using it in Apache mod_ssl). Then, there’s this soon-to-be tax-exempt non-profit society of public utility I’m working with, whose server runs Debian, and which is affected, but has been using a StartSSL certificate for a while. Neither the society nor I can afford to pay for revocation, and we do not see any possible justification for this especially in the face of CVE-2014-0160. I expect a rekey keeping the current validity end date, and would accept a revocation even if I were unable to get a new certificate, since even were we to get a certificate for the society’s domain from someplace else, an attacker could still MITM us with the previous one from Startcom.

The problem here is: I’d really love to see (all of!) Startcom dropped from the global list of trustworthy CAs, but then I’d not know from where to get a cert for MirBSD; Globalsign is not an option because I will not limit SSL compatibility to a level needed to pass their “quality” test… possibly GoDaddy, ISTR they offer a free year to Open Source projects… no idea about one for the society… but it would solve the problem of not getting the certificates revoked. For everyone.

I am giving Startcom time until Friday after $dayjob (for me); after that, I’ll be kicking them off MirBSD’s CA bundle and will be lobbying for Debian and Mozilla to do the same.

Any other ideas of how to deal with that? I’d probably pay 5 € for a usable certificate accepted by people (including old systems, such as MSIE 5.0 on Win2k and the likes) without questioning… most of the time, I only serve public content anyway and just use SSL to make the NSA’s job more difficult (and even when not I’m not dealing with any payment information, just the occasional login protected area).

By the way, is there any way to access the information that is behind a current-day link to groups.google.com with Lynx or Pine? I can’t help but praise GMane for their NNTP interface.

ObFunfact: just when I was finished writing this wlog entry, I got a new eMail “Special offer just for you.” from GoDaddy. Sadly, no offer for a 5 € SSL certificate, just the usual 20-35% off coupon code.

Planet DebianLucas Nussbaum: speedtest.net, or how not to do bandwidth tests

While trying to debug a bandwidth problem on a 3G connection, I tried speedtest.net, which ranks fairly high when one searches for “bandwidth test” on various search engines. I was getting very strange results, so I started wondering if my ISP might be bandwidth-throttling all traffic except the one from speedtest.net tests. After all, that’s on a 3G network, and another french 3G ISP (SFR) apparently uses Citrix ByteMobile to optimize the QoE by minifying HTML pages and recompressing images on-the-fly (amongst other things).

So, I fired wireshark, and discovered that no, it’s just speedtest being a bit naive. Speedtest uses its own text-based protocol on port 8080. Here is an excerpt of a download speed test:

> HI
< HELLO 2.1 2013-08-14.01
> DOWNLOAD 1000000
< DOWNLOAD JABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFGHIJABCDEFG

Yeah, right: sequences of “ABCDEFGHIJ”. How course, extremely easy to compress, which apparently happens transparently on 3G (or is it PPP? but I tried to disable PPP compression, and it did not see any change).

It’s funny how digging into problems that look promising at first sight often results in big disappointments :-(

RacialiciousQuoted: On Mental Health in Korea

According to research by the department of Family Medicine at Hallym University, some 60 percent of people who attempt suicide are suffering from depression. Yet too many people in South Korea have outdated views of psychological illness. Many think that when someone is suicidal he simply lacks a strong will to live; he’s weak. There’s little sympathy or interest in probing below the surface.

And it’s not easy to get therapy for depression in South Korea, where there is still strong societal resistance to psychological treatment. Kim Eo-su, a professor of psychiatry at Yonsei Severance Hospital, told me: “One out of three depression patients stops mid-treatment. One of the biggest issues is that many patients think they can overcome depression on their own through a religious life or through exercise.”

Many people who seek psychiatric treatment are afraid of doctors keeping records. There was a rumor going around recently among married women that having a record of treatment or medication for depression could mean losing custody of your children if your husband were ever to sue for divorce.

Satisfactory explanations for the root causes of the epidemic are hard to come by. For the elderly, many analysts cite the breakdown of the traditional family unit, and the poor economy. Among the youth, the pressure over college entrance examinations is often blamed. And for the middle-aged, it’s uncertainty about the economy. But no matter what the age, too many South Koreans see suicide as a viable escape from the stresses of modern life. That attitude has to change.

South Korea’s Struggle With Suicide, by Young-Ha Kim; April 2, 2014

The post Quoted: On Mental Health in Korea appeared first on Racialicious - the intersection of race and pop culture.

Google AdsenseGet ready to share your feedback in our semi-annual publisher survey

We’re always looking to hear your thoughts on how we’re doing and your suggestions on  how we can make Google AdSense and other Google publisher products as useful and impactful as possible for you. Your feedback is important to us and helps shape the future direction of our publisher solutions. Our semi-annual publisher survey will launch on April 23rd and we hope to hear from all of you.

Every six months, the feedback collected from this survey is closely reviewed to help determine our product roadmap. Based on your feedback and asks last time round, we’ve launched a number of new features to grow your earnings. These include custom ads sizes, easier A/B testing and to get the most from your ad units and the new AdSense homepage giving you quick access to the insights you value most.

Over the coming weeks, we’ll send the survey by email to a sample of publishers. To participate, please take the following steps as soon as possible:

  • Ensure your contact details are updated.
  • Ensure your email preferences are updated to receive ‘occasional survey’ messages.

Whether you’ve completed this survey before or you’re providing feedback for the first time, we’d like to thank you for taking the time to tell us how we’re doing. We’re looking forward to hearing your feedback.

Posted by Adriana Satmarean - AdSense Publisher Happiness Team
Was this blog post useful? Share your feedback with us.

RacialiciousFor a Kid of Color, Unavoidable Contact With the Cops

By Guest Contributor Alton Pitre, cross-posted from Juvenile Justice Information Exchange

Photo of the author.

I never chose to be raised by my grandmother in a South Central Los Angeles neighborhood filled with injustice, gang violence and police cruelty. This was my home and the kids on the block were my friends, many of whom eventually joined gangs. Being a native of this environment, I have seen many crazy things and have always felt like I was in the midst of a world war. I have countless friends who are either dead, in jail or doing nothing with their lives. Eventually, I became a victim of this society.

My first encounter with the police happened during my sophomore year in high school. I was leaving a childhood friend’s apartment with another friend when suddenly two Community Reform Against Street Hoodlums (CRASH) Officers trespassed and entered. Unfortunately, the friend leaving with me was already on their file as a gang member. Due to my personal photos on Myspace they knew who I was before meeting me face-to-face. I was arrested immediately. As far as I could tell, my crime was being with a friend in the vicinity of where we both grew up.

We were taken to Southwest Police Station and charged with a status offense, in this case trespassing. The police were able to do this because of a gang injunction law placed in my community of L.A. known as the Jungles. Gang injunctions are court-issued restraining orders against a gang that restricts one documented gang member from being with another within a defined geographic area. This allowed the police to summarily arrest any documented gang members who were together in a gang area. We were visiting, not trespassing. After that day gang unit cops harassed me wherever I went.

Contact with the police was now an every day thing for me and eventually I was placed on probation for multiple gang injunction violations. I became accustomed to the frequent street-frisks, which soon led to the police searching my grandmother’s house several times. It was routine to be stopped outside the mall or walking home from school, whether I was alone or with someone else. I would be stopped every time they saw me, but how is that fair when they were always out roaming? How could I possibly avoid it and still live my life?

On one occasion, CRASH camped out down the street from my high school then swooped on me while I was walking home with a friend from school. Again I was taken to Southwest for a gang injunction violation, but was later released to my father. I guess, as a teenager, I could not truly accept that I could really be punished or locked up for being around people I had known my whole life.

Image by Ryan Schill for JJIE.

In the spring of 2009, all of my petty run-ins with the law accumulated into a major problem. I was incarcerated for a crime that I did not commit. It was during those two years that I spent fighting my case that I witnessed racial inequality in the system. The experts call this disproportionate minority contact. I find it disturbing that youth of color make up a distinct minority of the youth population, but make up the majority of kids in detention. Kids of color are law enforcement’s center of attention when we are outside of lockup, but very little attention is paid to us when we are on the inside and in the courts.

I was eventually transported to Central Juvenile Hall for a court date along with a van full of minors in orange jumpsuits. During the ride, I discovered that one of the other teenagers, who was the same age and who faced the same charges as me, was sentenced to drug court while I was facing adult court and life in prison. The only difference was his use of drugs and the color of his skin. He was white. I was not angry with him but was deeply disappointed with our juvenile justice system.

If the courts must be involved, a thorough evaluation and investigation of both the crime and background of the person in custody should always be fairly considered in sentencing. African Americans, as well as everyone else in the justice system, should be judged individually with empathy and accountability, and not at all by the color of their skin.

Too many kids of color are targeted by the police on the very streets that are in the comfort zones of their own homes, sometimes before they even think about committing crimes. A kid’s concept, then, of men in badges constantly taking him to jail will drive him to believe that maybe that is where he belongs.

Police should not be able to cruise around all day and look for people to pester and kidnap. That is not justice.

Instead of police asking no questions and taking these kids to jail, gang-interventionist and social workers should be the ones hopping out of the backseats of cars to find out what is going on with at-risk minority youth.

That would be justice.

Alton Pitre is 22 years old, resides in Los Angeles, Calif., and attends Los Angeles Valley College where he studies journalism. Pitre is also an advocate for juvenile justice and loves hip-hop.

This op-ed is reprinted with permission from the Juvenile Justice Information Exchange (www.jjie.org), a non-profit news bureau covering juvenile justice and related issues.

The post For a Kid of Color, Unavoidable Contact With the Cops appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesOverwork And Its Costs: The U.S. in International Perspective

On average, U.S. workers with jobs put in more hours per year  than workers in most OECD countries. In 2012, only Greece, Hungary, Israel, Korea, and Turkey recorded a longer work year per employed person.

2

A long work year is nothing to celebrate. The following chart, from the same Economist article, shows there is a strong negative correlation between yearly hours worked and hourly productivity.

3.5

More importantly, the greater the number of hours worked per year, the greater the likelihood of premature death and poor quality of life.  This reality is highlighted in the following two charts taken from an article by Angus Chen titled “8 Charts to Show Your Boss to Prove That You Can Do More By Working Less.”

1 (2) - Copy

1 (2)

In sum, we need to pay far more attention to the organization and distribution of work, not to mention its remuneration and purpose, than we currently do.

Martin Hart-Landsberg is a professor of economics at Lewis and Clark College. You can follow him at Reports from the Economic Front.

(View original at http://thesocietypages.org/socimages)

Planet DebianCraig Small: Important WordPress update

WordPress 3.8.2 was released yesterday which contains some important security fixes. This is an important security release and the Debian packages were uploaded to the ftp-master a few minutes ago.

Besides fixing Debian Bug #744018, the release fixes the following two vulnerabilities (as mentioned in the bug report):

  • CVE-2014-0165 WordPress privilege escalation: prevent contributors from publishing posts
  • CVE-2014-0166 WordPress potential authentication cookie forgery

I recommend if you use the Debian package to upgrade as soon as it is available.

 

Planet DebianJulian Andres Klode: ThinkPad X230 UEFI broken by setting a setting

Today, I decided to set my X230 back to UEFI-only boot, after having changed that for a bios upgrade recently (to fix a resume bug). I then choose to save the settings and received several error messages telling me that the system ran out of resources (probably storage space for UEFI variables).

I rebooted my machine, and saw no logo appearing. Just something like an underscore on a text console. The system appears to boot normally otherwise, and once the i915 module is loaded (and we’re switching away from UEFI’s Graphical Output Protocol [GOP]) the screen works correctly.

So it seems the GOP broke.

What should I do next?


Filed under: General

RacialiciousReport: Customs officials held 40 ‘low-priority’ pregnant immigrants in one facility

By Arturo R. García

<iframe height="345" src="http://fusion.net/video/embed?id=576523" style="border:none;" width="615"></iframe>

Despite designating pregnant undocumented immigrants as “low-priority” targets for incarceration, officials with U.S. Immigration and Customs Enforcement (ICE) imprisoned 40 pregnant women at a detention facility in Texas while claiming not to keep “specific records” on detainees’ pregnancy status, Fusion reported on Tuesday.

Records obtained via a Freedom of Information Act (FOIA) request showed the women were held at the El Paso Processing Center last year, following a January 2014 report that 13 pregnant women were being detained at the facility during a four-month period, despite ICE officially stating that they should not be placed in detention centers “absent extraordinary circumstances.”

When Fusion filed a FOIA request looking for data on how many pregnant women were being detained in the agency’s 250 centers around the country, ICE responded with a statement saying it did not “maintain specific records” regarding that kind of information.

“I’m not sure what they know,” Silky Shah, interim executive director of the Detention Watch Network, an immigrants’ advocacy group. “There is a risk assessment tool, which we know has been implemented that should be keeping track of who is pregnant and who is going into detention, and they should have those numbers. How that’s being tracked, I’m not sure.”

Fusion also reported that, within days of receiving their initial requests, the agency released five pregnant detainees from the El Paso facility and stated that it was “re-running the data request” regarding its later FOIA filings.

One detainee, 27-year-old Sugey Carrazco, told Fusion that she is one of seven pregnant women being detained at ICE’s detention center in Otay Mesa, California, and that she has been denied necessary nutritional supplements because facility policy mandates that the last meal of the day be served at 4 p.m. Carrazco is seeking asylum from Mexico to join her two sons in the U.S.

While ICE did not confirm how many pregnant women are being detained at the Otay facility, the agency released a statement saying Carrazco “underwent an initial medical exam by the ICE Health Service Corps’ clinical director” and that she “continues to receive professional prenatal care while she awaits the outcome of her case.”

The post Report: Customs officials held 40 ‘low-priority’ pregnant immigrants in one facility appeared first on Racialicious - the intersection of race and pop culture.

Planet Linux AustraliaAndrew Pollock: [life] Day 71: Tumble Tastics trial, painting and plaster fun

Zoe slept in even later this morning. I'm liking this colder weather. We had nothing particular happening first thing today, so we just snuggled in bed for a bit before we got started.

Tumble Tastics were offering free trial classes this week, so I signed Zoe up for one today. She really enjoyed going to Gold Star Gymnastics in the US, and has asked me about finding a gym class over here every now and then.

Tumble Tastics is a much smaller affair than Gold Star, but at 300 metres from home on foot, it's awesomely convenient. Zoe scootered there this morning.

It seems to be physically part of what I'm guessing used to be the Church of Christ's church hall, so it's not big at all, but the room that Zoe had her class in still had plenty of equipment in it. There were 8 kids in her class, all about her size. I peeked around the door and watched.

Most of the class was instructor led and mainly mat work, but then part way through, the parents were invited in, and the teacher walked us all through a course around the room, using the various equipment, and the parents had to spot for their kids.

The one thing that cracked me up was when the kids were supposed to be tucking into a ball and rocking on their backs. Zoe instead did a Brazilian Jiu-Jitsu break-fall and fell backwards slapping the mat instead. It was good to see that some of what she learned in those classes has kicked in reflexively.

She really enjoyed the rope swing and hanging upside down on the uneven bars.

The class ran for 50 minutes (I was only expecting it to last 30 minutes) and Zoe did really well straight off. I think we'll make this her 4th term extra-curricular activity.

We scootered home the longer way, because we were in no particular hurry. Zoe did some painting when we got home, and then we had lunch.

After lunch we goofed off for a little bit, and then we did quiet time. Zoe napped for about two and a half hours, and then we did some plaster play.

I'd picked up a fish ice cube tray from IKEA on the weekend for 99 cents (queue Thrift Shop), and I bought a bag of plaster of Paris a while back, but haven't had a chance to do anything with it yet. I bribed Zoe into doing quiet time by telling her we'd do something new with the ice cube tray I'd bought.

We mixed up a few paper cups with plaster of Paris in them and then I squirted some paint in. I'm not sure if the paint caused a reaction, or the plaster was already starting to set by the time the paint got mixed in, but it became quite viscous as soon as the paint was mixed in. We did three different colours and used tongue depressers to jam it into the tray. Zoe seemed to twig that it was the same stuff as the impressions of her baby feet, which I thought was a pretty clever connection to make.

After that, there was barely enough time to watch a tiny bit of TV before Sarah arrived to pick Zoe up. I told her that her plaster would be set by the time she got dropped off in the morning.

I procrastinated past the point of no return and didn't go for a run. Instead I decided to go out to Officeworks and print out some photos to stick in the photo frame I bought from IKEA on the weekend.

Planet Linux AustraliaColin Charles: Book in Korean: Real MariaDB

Real MariaDBFor some months now, there have been some back & forth emails with Matt, one of the senior DBAs behind the popular messaging service, KakaoTalk (yes, they are powered by MariaDB). Today I got some positive information: the book published entirely in the Korean language, titled Real MariaDB is now available.

It covers MariaDB 10.0. Where appropriate, there are also notes on MySQL 5.6 (especially with regards to differences). This is Matt’s fourth MySQL-related book, and there’s a community around it as well. The foreword is written by Monty and I.

If you’re reading the Korean language, this is the manual to read. It should push MariaDB further in this market, and the content is relatively quite advanced covering a lot of optimization explanations, configuration options, etc. At 628 pages, it is much, much better than the Korean translation of the Knowledge base!

Related posts:

  1. Book: MariaDB Crash Course
  2. MariaDB 5.1.44 released
  3. MariaDB 5.1.42 released!

Worse Than FailureCodeSOD: Exceptional Date Formatting

The Java-based application that Dan M. supports does something that is frequently accomplished by applications the world over - based on the value of a passed string containing a valid date, convert it to datetime. Simple stuff. Java even has built-ins to make this task even easier.

Well, the developer behind the below code decided to take the idea of date conversion using Java's built-ins and run with it ...way off of the reservation.

How? First, and this is probably just a 'nice to have' as far as enterprise code goes, but you can't specify which date format to use with the passed value. Instead, hope that you correctly chose one of the possible combinations that are caught in the nested try/catch "design pattern"...but even when you do, other awesomeness appears.

Say you want to convert "04/09/14" to Wed Apr 09 00:00:00 GMT 2014 stored in a Date variable. No problem, that works fine. But what about "04-09-14" (MM-DD-YY) or "04/09" (MM/DD) - I mean, they're called out in the code so they should be handled, right? You bet they are...just add the current year at the end!

04-09-14 becomes 04-09-14 2014 (which Java parses correctly somehow), but MM/DD dates like 04/09 unsurprisingly fail to convert after being changed to 04/09 2014-2014/2014. Now, that's some fancy date mangling right there.

Well, at least the function is well-documented.


/**
 * Converts a String to a Date using Java's DateFormat class.
 * @param dateString
 * @return
 */
public static java.util.Date convertToDateUsingFormat(String dateString) {
  if(dateString!=null){
    DateFormat dateFormat = new SimpleDateFormat("M/d/y");
    try {
      return dateFormat.parse(dateString);
    } catch (ParseException e) {
      // July 10, 2009
      dateFormat = DateFormat.getDateInstance(DateFormat.LONG);
      try {
        return dateFormat.parse(dateString);
      } catch (ParseException e2) {
        // Jul 10, 2009
        dateFormat = DateFormat.getDateInstance(DateFormat.MEDIUM);
        try {
          return dateFormat.parse(dateString);
        } catch (ParseException e3) {
          // Jul 09
          dateFormat = new SimpleDateFormat("M y");
          try {
            return dateFormat.parse(dateString);
          } catch (ParseException e4) {
            // short
            dateFormat = DateFormat.getDateInstance(DateFormat.SHORT);
            try {
              return dateFormat.parse(dateString);
            } catch (ParseException e5) {
              // M d
              dateFormat = new SimpleDateFormat("M d");
              try {
                return dateFormat.parse(dateString);
              } catch (ParseException e6) {
                // M d (add current year)
                dateFormat = new SimpleDateFormat("M d y");
                dateString += " " + Calendar.getInstance().get(Calendar.YEAR);
                try {
                  return dateFormat.parse(dateString);
                } catch (ParseException e7) {
                  // M-d (add current year)
                  dateFormat = new SimpleDateFormat("M-d-y");
                  try {
                    return dateFormat.parse(dateString);
                  } catch (ParseException e8) {
                    // M-d (add current year)
                    dateFormat = new SimpleDateFormat("M-d-y");
                    dateString += "-" + Calendar.getInstance().get(Calendar.YEAR);
                    try {
                      return dateFormat.parse(dateString);
                    } catch (ParseException e9) {
                      // M/d (add current year)
                      dateFormat = new SimpleDateFormat("M/d/y");
                      dateString += "/" + Calendar.getInstance().get(Calendar.YEAR);
                      try {
                        return dateFormat.parse(dateString);
                      } catch (ParseException e10) {
                        e10.printStackTrace();
                        return null;
                      }
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
  } else return null;
}
<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

CryptogramHeartbleed

Heartbleed is a catastrophic bug in OpenSSL:

"The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.

Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory -- SSL private keys, user keys, anything -- is vulnerable. And you have to assume that it is all compromised. All of it.

"Catastrophic" is the right word. On the scale of 1 to 10, this is an 11.

Half a million sites are vulnerable, including my own. Test your vulnerability here.

The bug has been patched. After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected.

At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

This article is worth reading. Hacker News thread is filled with commentary. XKCD cartoon.

EDITED TO ADD (4/9): Has anyone looked at all the low-margin non-upgradable embedded systems that use OpenSSL? An upgrade path that involves the trash, a visit to Best Buy, and a credit card isn't going to be fun for anyone.

EDITED TO ADD (4/10): I'm hearing that the CAs are completely clogged, trying to reissue so many new certificates. And I'm not sure we have anything close to the infrastructure necessary to revoke half a million certificates.

Possible evidence that Heartbleed was exploited last year.

EDITED TO ADD (4/10): I wonder if there is going to be some backlash from the mainstream press and the public. If nothing really bad happens -- if this turns out to be something like the Y2K bug -- then we are going to face criticisms of crying wolf.

EDITED TO ADD (4/11): Brian Krebs and Ed Felten on how to protect yourself from Heartbleed.

Planet DebianPetter Reinholdtsen: S3QL, a locally mounted cloud file system - nice free software

For a while now, I have been looking for a sensible offsite backup solution for use at home. My requirements are simple, it must be cheap and locally encrypted (in other words, I keep the encryption keys, the storage provider do not have access to my private files). One idea me and my friends had many years ago, before the cloud storage providers showed up, was to use Google mail as storage, writing a Linux block device storing blocks as emails in the mail service provided by Google, and thus get heaps of free space. On top of this one can add encryption, RAID and volume management to have lots of (fairly slow, I admit that) cheap and encrypted storage. But I never found time to implement such system. But the last few weeks I have looked at a system called S3QL, a locally mounted network backed file system with the features I need.

S3QL is a fuse file system with a local cache and cloud storage, handling several different storage providers, any with Amazon S3, Google Drive or OpenStack API. There are heaps of such storage providers. S3QL can also use a local directory as storage, which combined with sshfs allow for file storage on any ssh server. S3QL include support for encryption, compression, de-duplication, snapshots and immutable file systems, allowing me to mount the remote storage as a local mount point, look at and use the files as if they were local, while the content is stored in the cloud as well. This allow me to have a backup that should survive fire. The file system can not be shared between several machines at the same time, as only one can mount it at the time, but any machine with the encryption key and access to the storage service can mount it if it is unmounted.

It is simple to use. I'm using it on Debian Wheezy, where the package is included already. So to get started, run apt-get install s3ql. Next, pick a storage provider. I ended up picking Greenqloud, after reading their nice recipe on how to use S3QL with their Amazon S3 service, because I trust the laws in Iceland more than those in USA when it come to keeping my personal data safe and private, and thus would rather spend money on a company in Iceland. Another nice recipe is available from the article S3QL Filesystem for HPC Storage by Jeff Layton in the HPC section of Admin magazine. When the provider is picked, figure out how to get the API key needed to connect to the storage API. With Greencloud, the key did not show up until I had added payment details to my account.

Armed with the API access details, it is time to create the file system. First, create a new bucket in the cloud. This bucket is the file system storage area. I picked a bucket name reflecting the machine that was going to store data there, but any name will do. I'll refer to it as bucket-name below. In addition, one need the API login and password, and a locally created password. Store it all in ~root/.s3ql/authinfo2 like this:

[s3c]
storage-url: s3c://s.greenqloud.com:443/bucket-name
backend-login: API-login
backend-password: API-password
fs-passphrase: local-password

I create my local passphrase using pwget 50 or similar, but any sensible way to create a fairly random password should do it. Armed with these details, it is now time to run mkfs, entering the API details and password to create it:

# mkdir -m 700 /var/lib/s3ql-cache
# mkfs.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl s3c://s.greenqloud.com:443/bucket-name
Enter backend login: 
Enter backend password: 
Before using S3QL, make sure to read the user's guide, especially
the 'Important Rules to Avoid Loosing Data' section.
Enter encryption password: 
Confirm encryption password: 
Generating random encryption key...
Creating metadata tables...
Dumping metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Compressing and uploading metadata...
Wrote 0.00 MB of compressed metadata.
# 

The next step is mounting the file system to make the storage available.

# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
Using 4 upload threads.
Downloading and decompressing metadata...
Reading metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Mounting filesystem...
# df -h /s3ql
Filesystem                              Size  Used Avail Use% Mounted on
s3c://s.greenqloud.com:443/bucket-name  1.0T     0  1.0T   0% /s3ql
#

The file system is now ready for use. I use rsync to store my backups in it, and as the metadata used by rsync is downloaded at mount time, no network traffic (and storage cost) is triggered by running rsync. To unmount, one should not use the normal umount command, as this will not flush the cache to the cloud storage, but instead running the umount.s3ql command like this:

# umount.s3ql /s3ql
# 

There is a fsck command available to check the file system and correct any problems detected. This can be used if the local server crashes while the file system is mounted, to reset the "already mounted" flag. This is what it look like when processing a working file system:

# fsck.s3ql --force --ssl s3c://s.greenqloud.com:443/bucket-name
Using cached metadata.
File system seems clean, checking anyway.
Checking DB integrity...
Creating temporary extra indices...
Checking lost+found...
Checking cached objects...
Checking names (refcounts)...
Checking contents (names)...
Checking contents (inodes)...
Checking contents (parent inodes)...
Checking objects (reference counts)...
Checking objects (backend)...
..processed 5000 objects so far..
..processed 10000 objects so far..
..processed 15000 objects so far..
Checking objects (sizes)...
Checking blocks (referenced objects)...
Checking blocks (refcounts)...
Checking inode-block mapping (blocks)...
Checking inode-block mapping (inodes)...
Checking inodes (refcounts)...
Checking inodes (sizes)...
Checking extended attributes (names)...
Checking extended attributes (inodes)...
Checking symlinks (inodes)...
Checking directory reachability...
Checking unix conventions...
Checking referential integrity...
Dropping temporary indices...
Backing up old metadata...
Dumping metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Compressing and uploading metadata...
Wrote 0.89 MB of compressed metadata.
# 

Thanks to the cache, working on files that fit in the cache is very quick, about the same speed as local file access. Uploading large amount of data is to me limited by the bandwidth out of and into my house. Uploading 685 MiB with a 100 MiB cache gave me 305 kiB/s, which is very close to my upload speed, and downloading the same Debian installation ISO gave me 610 kiB/s, close to my download speed. Both were measured using dd. So for me, the bottleneck is my network, not the file system code. I do not know what a good cache size would be, but suspect that the cache should e larger than your working set.

I mentioned that only one machine can mount the file system at the time. If another machine try, it is told that the file system is busy:

# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
Using 8 upload threads.
Backend reports that fs is still mounted elsewhere, aborting.
#

The file content is uploaded when the cache is full, while the metadata is uploaded once every 24 hour by default. To ensure the file system content is flushed to the cloud, one can either umount the file system, or ask S3QL to flush the cache and metadata using s3qlctrl:

# s3qlctrl upload-meta /s3ql
# s3qlctrl flushcache /s3ql
# 

If you are curious about how much space your data uses in the cloud, and how much compression and deduplication cut down on the storage usage, you can use s3qlstat on the mounted file system to get a report:

# s3qlstat /s3ql
Directory entries:    9141
Inodes:               9143
Data blocks:          8851
Total data size:      22049.38 MB
After de-duplication: 21955.46 MB (99.57% of total)
After compression:    21877.28 MB (99.22% of total, 99.64% of de-duplicated)
Database size:        2.39 MB (uncompressed)
(some values do not take into account not-yet-uploaded dirty blocks in cache)
#

I mentioned earlier that there are several possible suppliers of storage. I did not try to locate them all, but am aware of at least Greenqloud, Google Drive, Amazon S3 web serivces, Rackspace and Crowncloud. The latter even accept payment in Bitcoin. Pick one that suit your need. Some of them provide several GiB of free storage, but the prize models are quite different and you will have to figure out what suits you best.

While researching this blog post, I had a look at research papers and posters discussing the S3QL file system. There are several, which told me that the file system is getting a critical check by the science community and increased my confidence in using it. One nice poster is titled "An Innovative Parallel Cloud Storage System using OpenStack’s SwiftObject Store and Transformative Parallel I/O Approach" by Hsing-Bung Chen, Benjamin McClelland, David Sherrill, Alfred Torrez, Parks Fields and Pamela Smith. Please have a look.

Given my problems with different file systems earlier, I decided to check out the mounted S3QL file system to see if it would be usable as a home directory (in other word, that it provided POSIX semantics when it come to locking and umask handling etc). Running my test code to check file system semantics, I was happy to discover that no error was found. So the file system can be used for home directories, if one chooses to do so.

If you do not want a locally file system, and want something that work without the Linux fuse file system, I would like to mention the Tarsnap service, which also provide locally encrypted backup using a command line client. It have a nicer access control system, where one can split out read and write access, allowing some systems to write to the backup and others to only read from it.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Planet Linux AustraliaTasLUG: Hobart April Talk: The open-source graphics train wreck

Welcome to April already! Last month's talk on OpenDCP had a great reception, and I hope you're all not too busy getting new keys after that OpenSSL Heatbleed vulnerability.

NOTE: for this month only, TasLUG in will be meeting in the downstairs room at SoHo rather than upstairs.

When: Thursday, April 17th, 18:00 for an 18:30 start
Where: DOWNSTAIRS, Hotel Soho, 124 Davey St, Hobart. (Map)

Agenda:

  • 18:00 - early mingle, chin wagging, etc
  • 18:30 - Question and answer session, News of Note.

  • 19:00 - Mathew Oakes - The open-source graphics train wreck

    train wreck
    1.
    a chaotic or disastrous situation that holds a peculiar fascination for observers.
    "his train wreck of a private life guaranteed front-page treatment"

  • 20:00 - Meeting end. Dinner and drinks are available at the venue during the meeting.


We will probably get to a discussion on the Hobart LCA 2017 bid, ideas for upcoming Software Freedom Day in September, the Statewide meetup, Committee nomination and voting, so our pre-talk discussion should be packed full of jam.
Note for May: There will be no Hobart meeting next month in May - instead we should all be heading to our statewide meetup at Ross! If you need a lift, contact one of us on the mailing list or IRC so many of us can get along and bring your open source stuff to show off!


Also in April:
26th - Launceston meeting
May:
24th - Statewide Meet-up - Ross Town Hall
June:
19th - Hobart: No talk scheduled, idea being thrown about to make it an OpenStack short talk night.
July:
11-13th - Gov Hack 2014 - There's at least a Hobart venue for this event.
September:
20th - Software Freedom Day - events in Hobart and Launceston

Planet DebianDaniel Pocock: Double whammy for CACert.org users

If you are using OpenSSL (or ever did use it with any of your current keypairs in the last 3-4 years), you are probably in a rush to upgrade all your systems and replace all your private keys right now.

If your certificate authority is CACert.org then there is an extra surprise in store for you. CACert.org has changed their hash to SHA-512 recently and some client/server connections silently fail to authenticate with this hash. Any replacement certificates you obtain from CACert.org today are likely to be signed using the new hash. Amongst other things, if you use CACert.org as the CA for a distributed LDAP authentication system, you will find users unable to log in until you upgrade all SSL client code or change all clients to trust an alternative root.

Planet DebianDirk Eddelbuettel: BH release 1.54.0-1

A new release of the BH package is now on CRAN and its mirrors. BH provides (a sizeable subset of) the Boost library for C++, particularly (large) parts delivered as pure template headers not requiring linking. See the BH page for more details.

This release provides our first update relative to the Boost tarballs we started with. It moves us from 1.51.0 (which was getting a little long in the tooth) to 1.54.0. This is just about the first time ever that I didn't package something straight from the current release (now 1.55.0). My aim was to to balance the oh, shiny, new aspect with some stability. Comments welcome--maybe I will go to the bleeding edge next time.

As before, the CRAN is created by running bcp over a number of selected components of Boost. If you'd like to see additional ones include, please do get in touch too. Before uploading, I also tested against all of these sixteen CRAN dependents I could quickly test on my server given the installed dependencies there.

The complete list changes follows below.

Changes in version 1.54.0-1 (2014-04-07)

  • Upgraded to Boost 1.54.0

  • Adjust build script local/script/CreateBoost.sh accordingly

  • Renamed generation_runge_kutta_cash_karp54_classic.hpp to generation_runge_kutta_cash_karp54_cl.hpp to remain within 100-character limit for tar

Courtesy of CRANberries, there is also a diffstat report for the most recent release.

Comments and suggestions are welcome via the mailing list or issue tracker at the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

,

Debian Administration OpenSSL Heartbeat, a.k.a. Heartblead Bug

A serious security flaw has come to light in the OpenSSL package used in many Linux distributions including Debian. It is considered very serious and all administrators should patch their systems at once and restart any services that rely on OpenSSL.

Krebs on SecurityAdobe, Microsoft Push Critical Fixes

Adobe and Microsoft each issued updates to fix critical security vulnerabilities in their software today. Adobe patched its Flash Player software and Adobe AIR. Microsoft issued four updates to address at least 11 unique security flaws, including its final batch of fixes for Office 2003 and for systems powered by Windows XP.

crackedwinTwo of the four patches that Microsoft issued come with Redmond’s “critical” rating (its most severe), meaning attackers or malware can exploit the flaws to break into vulnerable systems without any help from users. One of the critical patches is a cumulative update for Internet Explorer (MS14-018); the other addresses serious issues with Microsoft Word and Office Web apps (MS14-017), including a fix for a zero-day vulnerability that is already being actively exploited. More information on these and other patches are available here.

As expected, Microsoft also used today’s patch release to pitch XP users on upgrading to a newer version of Windows, warning that attackers will begin to zero in on XP users even more now that Microsoft will no longer be issuing security updates for the 13-year-old operating system. From Microsoft’s Technet blog:

“From the year that Windows XP was built, cyber attacks have increased in sophistication.  Systems receiving regular updates get the protections they need based on the latest cyber threats.  But at some point an older model of any product will lack the capability to keep up and becomes antiquated.  Obsolescence for Windows XP is just around the corner.

Cybercriminals will work to take advantage of businesses and people running software that no longer has updates available to repair issues.  Over time, attackers will evolve their malicious software, malicious websites, and phishing attacks to take advantage of any  newly discovered vulnerabilities in Windows XP, which post April 8th, will no longer be fixed.”

Microsoft offers free a Windows XP data transfer tool to ease the hassle of upgrading to a newer version of Windows. I would submit that if your PC runs XP and came with XP installed, that it might be time to upgrade the computer hardware itself in addition to the software. In any case, beyond this month is not the greatest idea, and it’s time for XP users to consider other options. Don’t forget that there are many flavors of Linux that will run quite happily on older hardware. If you’ve been considering the switch for a while, take a few distributions for a spin using one of dozens of flavors of Linux available via Live CD.

ADOBE

Adobe fixed at least four vulnerabilities in Flash, all of them critical. The company says it is not aware of any exploits in the wild against the flaws. The latest version is v. 13.0.0.182 for Windows, Mac and Linux systems. The Adobe advisory for the Flash update is here.

This link will tell you which version of Flash your browser has installed. IE10/IE11 for Windows 8.0/8.1 and Chrome should auto-update their versions of Flash. If your version of Flash on Chrome (on either Windows, Mac or Linux) is not yet updated, you may just need to close and restart the browser. The version of Chrome that includes this fix is 34.0.1847.116 for Windows, Mac, and Linux (to learn what version of Chrome you have, click the stacked bars to the right at of the address bar, and select “About Google Chrome” from the drop down menu).

The most recent versions of Flash are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

If you use Adobe AIR (required by some desktop software products such as Pandora, e.g.,), you’ll need to make sure that’s updated as well. AIR usually does a good job of checking for new versions on startup. If you’re not sure whether you have AIR installed or what version it’s at, see these directions. The latest version is 13.0.0.83, and is available for manual download here.

flash13-0-0-182

LongNowTony Hsieh Seminar Primer

Tony Hsieh is perhaps best known as a successful Silicon Valley entrepreneur. He founded and then sold LinkExchange in the late 01990s, before going on to become CEO of online retail giant Zappos. But what Hsieh really does is build communities. Corporate tech is, for him, primarily a way to bring people together and foster a culture of togetherness. Any business, Hsieh is known to argue, should be evaluated not (just) on its return on investment, but on its ROC – its return on community.

Growing up in the Bay Area, Hsieh revealed an entrepreneurial spirit at an early age. In elementary and high school, he experimented with a variety of money-making ventures – from failed attempts to start a profitable worm farm to a successful mail-order button-making business – and as a Harvard undergrad, he managed an on-campus pizzeria. After graduating with a degree in computer science, the founding of LinkExchange was a logical next step. The company, an online advertising cooperative, became wildly successful: two years after its launch, it sold to Microsoft for several hundreds of millions of dollars. Hsieh, however, hadn’t much cared for the corporate lifestyle and profits-oriented culture at LinkExchange. So when he became involved with Zappos – first as an early investor, soon after as CEO – he set out to do things differently.

imgres-1Hsieh puts a lot of heart and effort into the creation of a positive corporate culture. Not only is “service” the number one commandment in Zappos’ oft-cited code of conduct; other items encourage “open and honest relationships,” “family spirit,” and even “fun and a little weirdness.” The company’s quarterly all-hands meetings are reported to be celebratory events full of music performances, employee skits, and bold stunts. Instead of traditional job titles, what you’ll find at Zappos are ‘ninjas’ and ‘monkeys’. In fact, the company recently announced that it is doing away with traditional corporate hierarchy altogether: it’s transitioning into a holacracy, an organizational structure based on principles of self-governance and a democratic distribution of power.

Fortune Magazine consistently ranks Zappos among the nation’s best companies to work for, and Hsieh is eager to share the positivity. In 02010, he published Delivering Happiness, an autobiography-cum-manifesto in which he shows that a focus on company culture and community wellbeing can actually lead to greater profits. The book became so popular that Hsieh and his team soon launched a company and website dedicated entirely to spreading its message.

These days, Hsieh spends much of his time pursuing his mission of community happiness in a very particular location. In downtown Las Vegas, a neighborhood of struggling casinos and weekly hotels long forgotten in the dark shadow of the glittery Strip, he’s been working on a major urban revitalization project.

<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/ytpI3SYSr-4" width="560"></iframe>

The Downtown Project was born in 02011, when it became clear that Zappos was growing out of its headquarters in Henderson, Nevada, and Hsieh began to think about building a new campus for his employees. He liked the sense of community created by companies like Nike, Apple, and Facebook, but wanted to avoid the insularity that often characterized their Silicon Valley compounds. As Hsieh explains,

We started brainstorming, what’s the dream campus we can create? And we decided, rather than take this very insular approach to building a campus, let’s actually take more of an NYU-type approach, where the campus kind of blends in with the city, and so rather than focus just on Zappos, focus on the community, and then over time that’ll become this kind of self-feeding thing that will ultimately help retain and attract more employees and be good for the city as well. It’s slightly different from most development projects, in that we’re not trying to master plan from the top down, we really want it to be organic and driven by the community, and part of the goal is for us at Zappos to learn from cities how to be more innovative and scale our culture, and scale our productivity. Once you have that, then the magic just kind of happens automatically.

800px-Fremont_East_view_from_ElCortezKey in Hsieh’s vision is the notion of collisions: the idea that innovation and creativity sprout from random, unplanned, and informal encounters between people. Hsieh ultimately tries to  build companies – and now, whole communities – that are designed to maximize those collisions.

“It’s the Downtown Project’s big bet,” Hsieh says [in Wired Magazine], “that a focus on collisions, com­munity, and colearning will lead to happiness, luckiness, innovation, and pro­ductivity. It’s not even so big a bet,” he adds. “Research has been done about this on the office level. It’s just never really been applied in a consolidated way to a city revitalization project.”

Big or not, it’s a bet with $350 million riding on it. Hsieh has invested $200 million in local real estate, and $50 million each in education, small businesses, and a tech start-up fund. He’s building schools, developing parks, establishing community work spaces, and organizing arts and music festivals. Inspired by Edward Glaeser’s theories of urban vitality, Hsieh envisions the city as a kind of incubator: by bringing in promising new business and creating spaces for its entrepreneurs to ‘collide’ with one another, he hopes to spur new life and creativity. For Hsieh, innovation and community go hand in hand.

In the end, Hsieh hopes his efforts will pay off in many ways. Beyond setting up shop in Las Vegas, which offered Zappos a more favorable tax treatment, he expects that by making the city more livable it will be good for business and help him attract and retain top-tier talent.

Tony Hsieh will talk about his Downtown Project and the importance of community vitality at the SF JAZZ Center on April 22. You can reserve tickets, get directions, and sign up for the podcast on our Seminars page.

Krebs on Security‘Heartbleed’ Bug Exposes Passwords, Web Site Encryption Keys

Researchers have uncovered an extremely critical vulnerability in recent versions of OpenSSL, a technology that allows millions of Web sites to encrypt communications with visitors. Complicating matters further is the release of a simple exploit that can be used to steal usernames and passwords from vulnerable sites, as well as private keys that sites use to encrypt and decrypt sensitive data.

Credit: Heartbleed.com

Credit: Heartbleed.com

From Heartbleed.com:

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.”

An advisory from Carnegie Mellon University’s CERT notes that the vulnerability is present in sites powered by OpenSSL versions 1.0.1 through 1.0.1f. According to Netcraft, a company that monitors the technology used by various Web sites, more than a half million sites are currently vulnerable. As of this morning, that included Yahoo.com, and — ironically — the Web site of openssl.org. This list at Github appears to be a relatively recent test for the presence of this vulnerability in the top 1,000 sites as indexed by Web-ranking firm Alexa.

An easy-to-use exploit that is being widely traded online allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL “libssl” library in chunks of 64kb at a time. As CERT notes, an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets.

Jamie Blasco, director of AlienVault Labs, said this bug has “epic repercussions” because not only does it expose passwords and cryptographic keys, but in order to ensure that attackers won’t be able to use any data that does get compromised by this flaw, affected providers have to replace the private keys and certificates after patching the vulnerable OpenSSL service for each of the services that are using the OpenSSL library [full disclosure: AlienVault is an advertiser on this blog].

It is likely that a great many Internet users will be asked to change their passwords this week (I hope). Meantime, companies and organizations running vulnerable versions should upgrade to the latest iteration of OpenSSL - OpenSSL 1.0.1g — as quickly as possible.

Update, 2:26 p.m.: It appears that this Github page allows visitors to test whether a site is vulnerable to this bug (hat tip to Sandro Süffert). For more on what you can do you to protect yourself from this vulnerability, see this post.

TEDHow data constellations tell a story: MAPPing the TED Fellows network and the conflict in Syria

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="564" mozallowfullscreen="mozallowfullscreen" src="http://mappr.io/p/tedfellowcollaborations" webkitallowfullscreen="webkitallowfullscreen" width="900"></iframe>

What’s this galaxy-like cluster of dots and lines? It’s the TED Fellows Collaboration Network MAPP, a rich and interactive web that shows the patterns of cross-disciplinary collaboration among TED Fellows over the past four years. This rainbow visualization was created using MAPPR, a cloud-based network mapping tool that Eric Berlow demoed during TED2014. It allows anyone to make shareable, interactive network visualizations.

The TED Fellows program began as a way to support and amplify the work of thinkers and innovators through the conference. But then something unexpected happened – the professionally diverse community, which includes scientists, makers, activists, artists, technologists and more, became its own living, breathing organism. Fellows began reaching out to each other for all manner of cross-disciplinary collaborations. A few examples include:

  • Filmmaker and sitar player Andrew Mendelson working with open-hardware guru Catarina Mota to incorporate programmable Arduino-powered tuners on his Carbon Fiber Sitar project.
  • Satirist and designer Safwat Saleem working with applied mathematician Max Little to help make all the visuals for his TEDMED talk on his revolutionary work to blend math and data science for the advancement of medicine.
  • Microbial ecologist Jessica Green collaborating with photojournalist John Adam Huggins and filmmaker Anita Doron to create a sci-fi graphic novel about the human microbiome set in Paris.
  • Tissue engineer Nina Tandon writing a TED Book with architect and futurist Mitch Joachim called Super Cells: Building with Biology.
  • Social media entrepreneur Suleiman Bakhit collaborating with strategist Adrian Hong during the Libyan revolution in 2011, to help open the door for the evacuation of tens of thousands of injured civilians and provide them with urgent medical care in Jordan. This collaboration had to be kept secret to avoid retaliation from the Libyan regime; it was mentioned publicly for the first time on the TED Fellows stage in Vancouver this year.
  • Bakhit also happens to be working with neuroscientist and poet Ivana Gadjanski to turn one of her poems into a comic book.

A whopping 84% of the Fellows documented in the collaboration network had at least one cross-disciplinary collaboration. And MAPPR itself is a creative collaboration among three Fellows: ecologist and network scientist Eric Berlow, artist/designer David Gurman and computer scientist Kaustuv DeBiswas, who together launched Vibrant Data, a data storytelling boutique in San Francisco’s Chinatown. They’re now focused on building MAPPR to enable the understanding of complex networks. Custom projects include mapping the collaboration network of faculty at the University of California, Berkeley, and visualizing the ecology of human creativity.

We asked Berlow to tell us more. Below, an edited transcript of our conversation.

What is MAPPR? What does it do?

It’s a cloud-based tool that lets anyone publish interactive visual stories about how things are connected. These network stories can be about anything — from the network structure of collaborations as with the TED Fellows, to identifying patterns of funding among donors and grant recipients, to unraveling the complexity of conflict. In one of our recent projects, we have mapped the conflict in Syria (see below), in collaboration with Vibrant Data’s conflict analyst, Scott Field. The Syrian civil war is widely regarded as the defining political crisis for the future of the Middle East. One of the main reasons it will be so hard to resolve is that is not a “stand-alone” conflict, but involves a complex intertwining of the vital strategic interests of all major powers that make up the regional security system. The Vibrant Data team aggregated expert analysis of the conflict to visualize that tangle of interests and identify its emergent structure. We hope that visualizing the structure of this conflict—and others—might help suggest pathways to resolving them sooner.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="564" mozallowfullscreen="mozallowfullscreen" src="http://mappr.io/p/syrianconflict-1" webkitallowfullscreen="webkitallowfullscreen" width="900"></iframe>

How does MAPPR work and who can use it?

MAPPR allows you to upload custom datasets of relationships and publish them as online custom network visualization stories. Each node and link in the network can be its own multimedia microsite. For example, in the TED Fellows collaboration network, each node can contain people’s bios, images, videos and so on, and each link can display multimedia information about that specific collaboration.

Network visualization isn’t new, but it has remained relatively inaccessible to non-experts. Anyone can use MAPPR. It’s designed to make network science accessible to anyone interested in visualizing and sharing a story — or Network MAPP — about how things are connected.  MAPPR is currently in private beta, and people can sign up at Mappr.io. We’ll notify them when it’s ready, likely at the end of April 2014.

During your talk at TED2014, you seemed bowled over by the results of the Fellows collaborations survey. Why do you think TED Fellows collaborations are so prolific and unusual?

We live in a world where we generally match like with like. Just look at any online suggestion engine! While this approach is great if you’re shopping for red shoes, if broadly applied, it has the potential to kill the creative innovation that comes from serendipitous encounter and unexpected remixes. The Fellows program does a remarkable job of selecting individuals who are not only incredibly diverse and interdisciplinary, but also have in common that they are extraordinarily open to new ideas and working together.


Geek FeminismThe joy of linkspam (8 April 2014)

Bonus Game Jam Walkout Section

  • Game Jam Walkout | The Mary Sue (April 2): “GAME_JAM was supposed to be a YouTube-based webseries, a reality show about four teams of game developers competing to win prizes and promote their careers. According to many of the folks involved, it was hamstrung by terrible contracts, mismanaged sponsorship, and a director who sought every opportunity to fabricate conflict against the will of participants, and a general misunderstanding of what game development actually involved. But the thing that united the sixteen contestants into walking off the show was when it attempted to get them to impugn the place of women in coding and game making.”
  • How The Most Expensive Game Jam In History Crashed And Burned In A Single Day | Indie Statik (March 31): “Two of the other teams have women on them. Do you think they’re at a disadvantage?” Silence. It was like the wind was sucked out of the room behind the barrier
  • Let’s talk about accountability | msminotaur (March 31): Account from one of the women involved.
  • Unreality | Zoe Quinn: “My feelings after being on and subsequently walking off a reality show about game jams”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on PinboardDelicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Sociological ImagesDiverse Countries Do Better with Female Heads of State

Countries with a lot of ethnic diversity generally show weaker economic growth than homogeneous countries.  A new study, however, discovered a variable that strongly reverses the trend: women leaders.

Management professor Susan Perkins and her colleagues compared the economic growth rate of 139 countries over 55 years.  They found that diverse countries did significantly better when a woman was at the helm.  The more diverse the country, the stronger the effect.

1

Perkins and her co-authors cautiously attempt to explain their data (here), but think that it may have something to do with leadership style.  Female leaders have been shown to be more collaborative and non-authoritarian than men. Co-author Nicholas Pearce speculates:

In countries with a lot of internal conflict, oftentimes people are looking for signals that the person in charge is going to be collaborative and not dictatorial or self-interested. Women’s gender role is symbolic of collaboration, that they’re going to empower marginalized voices.

Because of gender stereotypes, then, women may seem more trustworthy. Meanwhile, real differences in leadership style may affirm those expectations and be more effective in practice.

Lisa Wade is a professor of sociology at Occidental College and the author of Gender: Ideas, Interactions, Institutions, with Myra Marx Ferree. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

RacialiciousHeidi Klum’s Redface Photo Shoot

By Guest Contributor Ruth Hopkins, cross-posted from Last Real Indians

All images via Facebook.

Heidi Klum, I’m so disgusted with you. I can’t even look at you right now.

I’ve been a fan of Heidi Klum’s show Project Runway since episode one. I’ve seen every single season. As a Native woman who loves fashion, I was elated when Taos Pueblo fashion designer Patricia Michaels was selected for the show, especially considering how Native appropriation has run rampant in the fashion industry over the past several years. Patricia made it to the series finale and finished as the season’s runner-up. Heidi was supportive of Patricia too. She complimented Patricia’s designs and showed what appeared to be sincere appreciation for Native culture.

As a result, I never could have imagined that Heidi Klum would promote redface. Nay, I was sorely mistaken.

Heidi hosts a show overseas called Germany’s Next Top Model. Last Thursday Ms. Thang posted a gallery on Facebook under the title, “Here are my Beautiful GNTM Girls!”  Lo and behold, the spread was plum full of some of the most stereotypical, patently offensive photographs of pouty, half-naked white women posing ever-so seductively in war paint and headdresses that I’ve seen in well, months (what can I say, we’re currently plodding through an epidemic of society fetishizing Native women).

It felt like I’d just been stabbed in the back by my taller, skinnier, blonder, German big sister.

Twelve photos, total, featured German Fräuleins using “peace pipes,” feathers, tipis, and Native blankets for props. Maybe it was just my imagination, but I thought that even the horse looked a little embarrassed.

One picture shows a model in war paint with a single tear streaming down her face. Could we get any more cliché? Now we’re appropriating pretendians? Iron Eyes Cody, the famous ‘crying Indian’ referenced by pop culture, wasn’t even Native. Apparently even appearing to be Native by association makes one fodder for exploitation.

Perhaps we should have expected this from a country full of hobbyists that like to dress up like Natives and ‘play Indian.’ No matter, both scenarios are offensive and objectionable.

This isn’t the first time I’ve delved head first into confronting Native appropriation and why it’s wrong. I don’t know how I can explain it in any simpler terms. Natives are not costumes one can take on and off. When people dress up in stereotypical ‘Indian’ garb, they’re not only denying the existence of 566 distinct Tribal Nations, they’re mocking an entire group of human beings based solely on their race and heritage. Natives haven’t lost touch with what’s sacred either, and we do not take kindly to ceremonial objects like the pipe being used to hawk your wares, nor garner publicity for your second rate reality TV show. All who attempt to exploit and abuse what we hold sacred are hereby held to account for it. We stand for our ancestors and future generations of Natives in demanding that you respect us and our beliefs.

Appropriators, I don’t care how cute you look in a headdress. You aren’t Native. You have no right to wear a warbonnet because you have not earned it. You haven’t performed deeds of valor nor fought and given of yourself for a plains Tribal people. Every feather in a headdress signifies a specific act of bravery and self-sacrifice. If you are not a chief or a warrior, take it off before a Native woman finds you and snatches it off, along with some of your weave.

What’s particularly disconcerting about this act of appropriation is Heidi Klum should know better. For that reason I can only deduce that this act is not due to ignorance. It’s a blatant attempt to profit from white privilege. Like the GAP, Victoria’s Secret, Chanel and Ralph Lauren, Heidi is taking the low road and using Native appropriation to get attention, and she doesn’t care who she hurts in the process.

As a Native woman, I’m tired of being bombarded with negative, false imagery of who society thinks I am. For once I’d like to enjoy a fashion show, a music video, a football game or a photo spread without being singled out because of my race. It’s not just offensive, it’s discriminatory and just plain rude.

Normally this is where I ask Ms. Klum for an apology, but because this act of appropriation is so willful, any apology would ring hollow. Like many Natives, I’m tired of lip service.

Auf wiedersehen, Heidi. This is where I get off. Shame on you.

The post Heidi Klum’s Redface Photo Shoot appeared first on Racialicious - the intersection of race and pop culture.

Planet Linux AustraliaAndrew Pollock: [life] Day 70: Visiting relatives and home visiting doctors

Zoe did indeed sleep in this morning, by a whole 30 minutes. It was nice. She seemed no worse for wear for her lip injury, and it was looking better this morning.

Wow, "bimonthly" is ambiguous. I had my "every two month" in person co-parenting sync up lunch with Sarah today. Phew, that was a mouthful. Anyway, I had that today, and normally that would fall on a Kindergarten day, but it's school holidays. So we paid grandma and grandpa a visit, and they looked after Zoe for me so I could make the meeting.

Mum and Dad have been away on a driving holiday, so Zoe hasn't seen them for a while, and it's been even longer since we've been to their house. She really loves going to their house because it's big, with a big back yard with a swing set. There's all sorts of exciting things like grandpa's worm farm, a sand pit, a china tea set, a piano, a tricycle and remote controlled cars. Zoe basically just works her way around the house entertaining herself. It's great. I usually get to put my feet up and read the newspaper.

After I got back from my lunch meeting, we headed over to Greenslopes Private Hospital to visit my cousin, who's just had major surgery. On the way, Zoe napped in the car. I made a brief side trip to clear my post office box along the way.

Amusingly, Zoe wakes up from short naps in the car way better than at Kindergarten. I don't know if it has anything to do with the quality of sleep she's getting or what it is, but I easily woke her up and extracted her from the car when we arrived at the hospital. No meltdowns. And that's pretty typical of car naps.

I've had a discomfort in my right ear for the last couple of days, and it grew into increasing pain throughout the day today. It got to the point where, while I was driving home, that I deciding to get it looked at by a doctor, ASAP. One of my favourite things about being back in Australia is the availability of home visiting doctors.

It was actually faster and cheaper for me to get a home doctor out to look at me tonight than it was to get an appointment with my regular doctor. I wouldn't have gotten an appointment until some time tomorrow at the earliest (assuming he had appointments available), because I made the decision to see a doctor after 5pm, when they'd closed. Instead, I had a doctor at my door in a little more than 2 hours of making the request. It also worked out cheaper, because the home doctor bulk bills Medicare, whereas my regular doctor does not.

Add in the massive convenience of not having to lug a small child anywhere while I get seen by a doctor, and it's a major convenience. I love socialised healthcare.

It turned out I have an outer ear infection. So all we had to do after the doctor came was find a pharmacy that was still open after 7pm to get my ear drop prescription filled.

All of that mucking around meant that Zoe got to bed a little later than usual. It's another cool night tonight, so I'm hoping she'll sleep well and have another sleep in.

RacialiciousQuoted: Media Diversified UK on Game of Thrones And Genre Fiction’s Race Problem

While not placing it in the pantheon of truly great television, I’ve been a fan of Game of Thrones since the show debuted in 2011. I normally like my drama pessimistic, with a hard edge, and even downright cruel on occasion. I like even more that a show in the fantasy realm cares as much about its tonal execution, as it does costumes and wacky names.

And yet, I’ve never been able to relax in the presence of the programme, never allowed myself to be fully swept up in the world of Westeros. The reason why? This is best encapsulated by the conclusion of Season 3 – which Sky were so helpful to remind us of during their promotion for the upcoming Season 4.

The character of Daenerys Targaryen is emblematic of ”Game of Thrones” continuous problem with race. Beyond the emetic “white saviour“ scene to close Season 3, we are first introduced to her during a forced marriage to Khal Drogo of the Dothraki people (who are non-white). At the wedding, the Dothraki are painted as little more than savages, with the men literally killing each other to force themselves on the women; hypersexual and hyperviolent, two big racist boxes are ticked.

– From “Daenerys Targaryen Is Back To ‘Save The Coloureds’ Tour De #GameOfThrones 2014,” by Shane Thomas

The post Quoted: Media Diversified UK on Game of Thrones And Genre Fiction’s Race Problem appeared first on Racialicious - the intersection of race and pop culture.

Cryptogram"Unbreakable" Encryption Almost Certainly Isn't

This headline is provocative: "Human biology inspires 'unbreakable' encryption."

The article is similarly nonsensical:

Researchers at Lancaster University, UK have taken a hint from the way the human lungs and heart constantly communicate with each other, to devise an innovative, highly flexible encryption algorithm that they claim can't be broken using the traditional methods of cyberattack.

Information can be encrypted with an array of different algorithms, but the question of which method is the most secure is far from trivial. Such algorithms need a "key" to encrypt and decrypt information; the algorithms typically generate their keys using a well-known set of rules that can only admit a very large, but nonetheless finite number of possible keys. This means that in principle, given enough time and computing power, prying eyes can always break the code eventually.

The researchers, led by Dr. Tomislav Stankovski, created an encryption mechanism that can generate a truly unlimited number of keys, which they say vastly increases the security of the communication. To do so, they took inspiration from the anatomy of the human body.

Regularly, someone from outside cryptography -- who has no idea how crypto works -- pops up and says "hey, I can solve their problems." Invariably, they make some trivial encryption scheme because they don't know better.

Remember: anyone can create a cryptosystem that he himself cannot break. And this advice from 15 years ago is still relevant.

Another article, and the paper.

Worse Than FailureNursing the Plan Along

In the ancient time of 2008, people were still using Lotus Notes. Rumor has it that some still do, even today. Danny worked for an IBM partner which was a “full service” provider. It was the kind of company that you’d leas your entire IT infrastructure from, from servers to desktops and soup to nuts.

Their newest client was the state Nursing Board, the government agency responsible for keeping track of every nurse in the state- when they became a nurse, when they last paid to renew their license, any complaints or reports. From the IT side, this involved tracking payments, physical documents, and navigating custom Lotus Notes applications developed by the Board’s own development team. It was a giant pile of confusion with a highly manual and error prone process.

It had it all- data-entry/lookups in Lotus Notes <script src="http://www.cornify.com/js/cornify.js" type="text/javascript"></script>, a manual reconciliation to move payment data from their processor into their database, copy/pasted document generation and the need to print out then scan documents back into the Lotus document manager. The mountain of data was terabytes deep, and it needed to move from a highly custom Lotus v5 install to a Lotus v8 install.

That was enough of a challenge alone, but the nursing board’s director, Victor, had other requirements. “You have one month to complete this migration,” Victor said. “We cannot have any downtime during business hours. There is no budget for overtime. This is the busiest time of the year for us, so we need everything to work perfectly out of the gate.” The desktops were getting replaced, and they were going from Office XP to Office 2003. “Office 2007 is too new for us to trust it,” Victor explained.

To ensure success, Victor provided a detailed project plan, as designed by his pet developers. “If we follow the plan, we will be successful. I’ve detailed out everything, to the letter. This document is law. Do nothing that is not on the plan.”

Despite the challenges, the first week of the project passed without incident. Danny was as surprised as anyone else. The project plan, as laid out by the Nursing Board’s in-house developers, had them migrate the existing Lotus install to the new hardware before making any other changes. That transition went without a single problem… during the first week.

At 6AM on the Monday of the second week, Danny got his first call from Victor. “My system isn’t working! I have too much work to do to deal with these kinds of problems!”

“Can you be more specific about what’s not working?” Danny asked.

“No! Come here and fix it.”

Danny rushed down to Victor’s office and asked to see the problem. “I exited out of lotus when it wasn’t working,” Victor said. “Give me a minute to log back in.”

It took far longer than a minute, as Victor mis-typed, mis-clicked, and stopped to go look at his webmail. Finally, Victor pulled up a listing of nurse registrations, double clicked on a record, and the details instantly appeared, ready to be edited and modified. “There, see? It doesn’t work.”

Danny struggled to process what he was seeing. “I- I don’t understand. Is the record incorrect? I’m not sure what the problem is.”

In slow, careful speech, Victor enunciated the problem. “I click on the record and it opens.”

“And… that’s not supposed to happen?”

“Not that quickly, no!”

Danny explained that their new hardware was superior to the old hardware. It was expected that things should run faster and be more responsive. Working better was not a sign that anything was broken.

Victor wasn’t pleased by this explanation. “The project plan said that you weren’t making any changes but migrating to the new hardware, last week.”

“That’s correct.”

“But it’s different- it runs faster. You shouldn’t be making changes like that unless the project plan calls for it. Be more methodical!”

The rest of that week and the following one were dedicated to desktop upgrades. It was tedious work in the best case, but Victor made it even more challenging. “You are just putting new hardware in, nothing should be different. Nothing!” No matter what undocumented changes might have been done by creative users, Danny and his team needed to mirror that on each new machine. Danny spent one afternoon doing nothing but trying to arrange Victor’s desktop icons to match his old machine.

Along the way, there were several more moments for Victor where “it doesn’t work!”. Some fonts were different between Office XP and 2003, which meant the “document doesn’t work”. Since Victor’s new monitor had higher resolution, the fonts were too small, and hence “didn’t work”, but when he made them larger, they printed out wrong and hence “didn’t work”. The new mouse was optical, and didn’t have a ball, and hence “didn’t work”.

“You were just supposed to upgrade my computer, I don’t understand why so many things are different. You aren’t following the project plan!”

The start of the 4th week, according to the project plan, was to upgrade their Lotus v5 install to Lotus v8. Like all things Lotus, it was harder than it needed to be. There was no direct upgrade path, but years of experience had taught Danny the quickest route: 5 to 6.4.6 to 7.0.4 and finally to 8.0.1. It was time consuming, but it was not error prone.

Before starting the upgrade, Danny called a brief meeting with Victor and the developers.

“This meeting isn’t on the project plan,” Victor complained.

“Well, I just want to make sure we’re being extra safe,” Danny said. “So, you guys are happy with the test environment we set up? Everything works- custom databases, templates and views?”

“Yes,” the first developer said.

“So there were no problems?”

“Yes,” the second developer said. “There were no problems.”

“So you all agree that I should start the uprgade after business hours today?”

“Yes,” the developers said.

“That’s what the project plan says,” Victor complained. “Just follow the document.”

Danny upgraded the system. No errors cropped up. He smoke-tested it the best he knew how, but the developers had already left for the day. He called it a night and went home at around 3AM. Three hours later, he was called back in by a panicking Victor.

The office was in chaos. The entire nurse registration management system had stopped working. Oh, the bits Danny had smoke-tested still worked fine, but the overall business flow couldn’t be completed. They couldn’t get at nurse registrations, print certificates, or add the certificates to the document manager.

Danny went off the project plan to call another meeting with Victor and the developers. “Do you guys have any thoughts? You said it worked fine in the test environment.”

“It did,” the first developer said.

“We just had to make some changes to our database,” the second developer said.

“Wait, there were changes that needed to go in as part of the upgrade?”

“Yes.”

Danny raised his voice. “Did you think that, maybe, you should have told me before I started the upgrade?”

“It was in the project plan!” Victor shouted. “Section 37B: ‘Apply any necessary changes to the Lotus system ’. It’s all there, black and white, clear as crystal!”

That day was a loss, but a late night with the developers let Danny get an emergency fix in place. By the end of the project, Danny had put in a 4-week stretch of 60 hour weeks and had become intimately familiar with what 4AM looked like. At least this project was over, and the next time Victor sent Danny a project plan, Danny had a few colorful suggestions on how to improve it.

Project plan document from here

[Advertisement] BuildMaster 4.1 has arrived! Check out the new Script Repository feature and see how you can deploy builds from TFS (and other CI) to your own servers, the cloud, and more.

Kelvin ThomsonStrathmore Secondary College Rezoning

In March Strathmore North Primary School students visited the Australian War Memorial in Canberra and I spoke to them there about the meaning of the War Memorial.<o:p></o:p>

I told them if that if they ever needed my help my Electorate Office was in Munro Street Coburg.<o:p></o:p>

This morning Josh, a Grade Six Strathmore North Primary School student, rang my office and said, ‘Is that you, Kelvin?’ to Anthony Cianflone from my office who picked up the phone.<o:p></o:p>

Josh referred to my offer of help when the school had visited Canberra, and explained that he was adversely affected by a decision of the Department of Education to rezone the boundaries for entry to Strathmore Secondary College- the new boundary excluded children from his area of Strathmore North.<o:p></o:p>

As it happened, the State Member for Essendon, Justin Madden and I had attended and spoken to a large rally of parents and children at Strathmore Secondary College concerning this issue just yesterday. Justin had raised the issue directly with the Victorian Education Minister, and I had written to him yesterday.<o:p></o:p>
<o:p> </o:p>
The good news for Josh is that the Department of Education has acted to re-instate the Strathmore Heights region to the Strathmore Secondary College neighbourhood boundaries. The change of heart is a tribute to the energetic and united response of Strathmore Heights residents, extending as far as primary school children remembering and acting on an undertaking from their Federal MP!

Planet Linux AustraliaTridge on UAVs: APM:Plane 3.0.0 released

The ardupilot development team is proud to announce the release of version 3.0.0 of APM:Plane. This is a major release with a lot of new features.

For each release I try to highlight the two or 3 key new features that have gone in since the last release. That is a more difficult task this time around because there are just so many new things. Still, I think the most important ones are the new Extended Kalman Filter (EKF) for attitude/position estimation, the extensive dual sensors support and the new AP_Mission library.

We have also managed to still keep support for the APM1 and APM2, although quite a few of the new features are not available on those boards. We don't yet know for how long we'll be able to keep going on supporting these old boards, so if you are thinking of getting a new board then you should get a Pixhawk, and if you want the best performance from the APM:Plane code then you should swap to a Pixhawk now. It really is a big improvement.

New Extended Kalman Filter

The biggest change for the 3.0.0 release (and in fact the major reason why we are calling it 3.0.0) is the new Extended Kalman Filter from Paul Riseborough. Using an EKF for attitude and position estimation was never an option on the APM2 as it didn't have the CPU power or memory to handle it. The Pixhawk does have plenty of floating point performance, and Paul has done a fantastic job of taking full advantage of the faster board.

As this is the first stable release with the EKF code we have decided to not enable it by default. It does however run all the time in parallel with the existing DCM code, and both attitude/position solutions are logged both to the on-board SD card and over MAVLink. You can enable the EKF code using the parameter AHRS_EKF_USE=1, which can be set and unset while flying, allowing you to experiment with using the EKF either by examining your logs with the EKF disabled to see how it would have done or by enabling it while flying.

The main thing you will notice with the EKF enabled is more accurate attitude estimation and better handling of sensor glitches. A Kalman filter has an internal estimate of the reliability of each of its sensor inputs, and is able to weight them accordingly. This means that if your accelerometers start giving data that is inconsistent with your other sensors then it can cope in a much more graceful way than our old DCM code.

The result is more accurate flying, particularly in turns. It also makes it possible to use higher tuning gains, as the increased accuracy of the attitude estimation means that you can push the airframe harder without it becoming unstable. You may find you can use a smaller value for NAVL1_PERIOD, giving tighter turns, and higher gains on your roll and pitch attitude controllers.

Paul has written up a more technical description of the new EKF code here:

http://plane.ardupilot.com/wiki/common-apm-navigation-extended-kalman-filter-overview/

Dual Sensors

The second really big change for this release is support for dual-sensors. We now take full advantage of the dual accelerometers and dual gyros in the Pixhawk, and can use dual-GPS for GPS failover. We already had dual compass support, so the only main sensors we don't support two of now are the barometer and the airspeed sensor. I fully expect we will support dual baro and dual airspeed in a future release.

You might wonder why dual sensors is useful, so let me give you an example. I fly a lot of nitro and petrol planes, and one of my planes (a BigStik 60) had a strange problem where it would be flying perfectly in AUTO mode, then when the throttle reached a very specific level the pitch solution would go crazy (sometimes off by 90 degrees). I managed to recover in MANUAL each time, but it certainly was exciting!

A careful analysis of the logs showed that the culprit was accelerometer aliasing. At a very specific throttle level the Z
accelerometer got a DC offset of 11 m/s/s. So when the plane was flying along nice and level the Z accelerometer would change from -10 m/s/s to +1 m/s/s. That resulted in massive errors in the attitude solution.

This sort of error happens because of the way the accelerometer is sampled. In the APM code the MPU6000 (used on both the APM2 and Pixhawk) samples the acceleration at 1kHz. So if you have a strong vibrational mode that is right on 1kHz then you are sampling the "top of the sine wave", and get a DC offset.

The normal way to fix this issue is to improve the physical anti-vibration mounting in the aircraft, but I don't like to fix
problems like this by making changes to my aircraft, as if I fix my aircraft it does nothing for the thousands of other people running the same code. As the lead APM developer I instead like to fix things in software, so that everyone benefits.

The solution was to take advantage of the fact that the Pixhawk has two accelerometers, one is a MPU6000, and the 2nd is a LSM303D. The LSM303D is sampled at 800Hz, whereas the MPU6000 is sampled at 1kHz. It would be extremely unusual to have a vibration mode with aliasing at both frequencies at once, which means that all we needed
to do was work out which accelerometer is accurate at any point in time. For the DCM code that involved matching each accelerometer at each time step to the combination of the GPS velocity vector and current attitude, and for the EKF it was a matter of producing a weighting for the two accelerometers based on the covariance matrix.

The result is that the plane flew perfectly with the new dual accelerometer code, automatically switching between accelerometers as aliasing occurred.

Since adding that code I have been on the lookout for signs of aliasing in other logs that people send me, and it looks like it is more common than we expected. It is rarely so dramatic as seen on my BigStik, but often results in some pitch error in turns. I am hopeful that with a Pixhawk and the 3.0 release of APM:Plane that these types of problems will now be greatly reduced.

For the dual gyro support we went with a much simpler solution and just average the two gyros when both are healthy. That reduces noise, and works well, but doesn't produce the dramatic improvements that the dual accelerometer code resulted in.

Dual GPS was also quite a large development effort. We now support connecting a 2nd GPS to the serial4/5 port on the Pixhawk. This allows you to protect against GPS glitches, and has also allowed us to get a lot of logs showing that even with two identical GPS modules it is quite common for one of the GPS modules to get a significant error
during a flight. The new code currently switches between the two GPS modules based on the lock status and number of satellites, but we are working on a more sophisticated switching mechanism.

Supporting dual GPS has also made it easier to test new GPS modules. This has enabled us to do more direct comparisons between the Lea6 and the Neo7 for example, and found the Neo7 performs very well. It also helps with developing completely new GPS drivers, such as the Piksi driver (see notes below).

New AP_Mission library

Many months ago Brandon Jones re-worked our mission handling code to be a library, making it much cleaner and fixing a number of long term annoyances with the behaviour. For this release Randy built upon the work that Brandon did and created the new AP_Mission library.

The main feature of this library from the point of view of the developers is that it has a much cleaner interface, but it also has some new user-visible features. The one that many users will be glad to hear is that it no longer needs a "dummy waypoint" after a jump. That was always an annoyance when creating complex missions.

The real advantage of AP_Mission will come in future releases though, as it has the ability to look ahead in the mission to see what is coming, allowing for more sophisticated navigation. The copter code already takes advantage of this with the new spline waypoint feature, and we expect to take similar advantage of this in APM:Plane in future releases.

New Piksi GPS driver

One of the most exciting things to happen in the world of GPS modules in the last couple of years is the announcement by SwiftNav that they would be producing a RTK capable GPS module called the Piksi at a price that (while certainly expensive!) is within reach of more dedicated hobbyists. It offers the possibility of decimeter and possibly even centimetre level relative positioning, which has a lot of potential for small aircraft, particularly for landing control and more precise aerial mapping.

This release of APM:Plane has the first driver for the Piksi. The new driver is written by Niels Joubert, and he has done a great job. It is only a start though, as this is a single point positioning driver. It will allow you to use your new Piksi if you were part of the kickstarter, but it doesn't yet let you use it in RTK mode. Niels and the SwiftNav team are working on a full RTK driver which we hope will be in the next release.

Support for more RC channels

This release is the first to allow use of more than 8 RC input channels. We now support up to 18 input channels on  SBus on Pixhawk, with up to 14 of them able to be assigned to functions using the RCn_FUNCTION settings. For my own flying I now use a FrSky Taranis with X8R and X6R receivers and they work very nicely. Many thanks to the PX4 team, and especially to Holger and Lorenz for their great work on improving the SBus code.

Flaperon Support

This release is the first to have integrated flaperon support, and also includes much improved flaps support in general. You can now set a FLAP_IN_CHANNEL parameter to give an RC channel for manual flap control, and setup a  FLAPERON_OUTPUT to allow you to setup your ailerons for both manual and automatic flaperon control.

We don't yet have a full wiki page on setting up flaperons, but you can read about the parameters here:

http://plane.ardupilot.com/wiki/arduplane-parameters/#Flap_input_channel_ArduPlaneFLAP_IN_CHANNEL

Geofence improvements

Michael Day has made an number of significant improvements to the geo-fencing support for this release. It is now possible to enable/disable the geofence via MAVLink, allowing ground stations to control the fence.

There are also three new fence control parameters. One is FENCE_RET_RALLY which when enabled tells APM to fly back to the closest rally point on a fence breach, instead of flying to the centre of the fence area. That can be very useful for more precise control of fence breach handling.

The second new parameter is FENCE_AUTOENABLE, which allows you to automatically enable a geofence on takeoff, and disable when doing an automatic landing. That is very useful for fully automated missions.

The third new geofence parameter is FENCE_RETALT, which allows you to specify a return altitude on fence breach. This can be used to override the default (half way between min and max fence altitude).

Automatic Landing improvements

Michael has also been busy on the automatic landing code, with improvements to the TECS speed/height control when landing and new TECS_LAND_ARSPD and TECS_LAND_THR parameters to control airspeed and throttle when landing. This is much simpler to setup than DO_CHANGE_SPEED commands in a mission.

Michael is also working on automatic path planning for landing, based on the rally points code. We hope that will get into a release soon.

Detailed Pixhawk Power Logging

One of the most common causes of issues with autopilots is power handling, with poor power supplies leading to brownouts or sensor malfunction. For this release we have enabled detailed logging of the information available from the on-board power management system of the Pixhawk, allowing us to log the status of 3 different power sources (brick input, servo rail and USB) and log the voltage level of the servo rail separately from the 5v peripheral rail on the FMU.

This new logging should make it much easier for us to diagnose power issues that users may run into.

New SERIAL_CONTROL protocol

This release adds a new SERIAL_CONTROL MAVLink message which makes it possible to remotely control a serial port on a Pixhawk from a ground station. This makes it possible to do things like upgrade the firmware on a 3DR radio without removing it from an aircraft, and will also make it possible to attach to and control a GPS without removing it from the plane.

There is still work to be done in the ground station code to take full advantage of this new feature and we hope to provide documentation soon on how to use u-Blox uCenter to talk to and configure a GPS in an aircraft and to offer an easy 3DR radio upgrade button via the Pixhawk USB port.

Lots of other changes!

There have been a lot of other improvements in the code, but to stop this turning into a book instead of a set of release notes I'll stop the detailed description there. Instead here is a list of the more important changes not mentioned above:

  • added LOG_WHEN_DISARMED flag in LOG_BITMASK
  • raised default LIM_PITCH_MAX to 20 degrees
  • support a separate steering channel from the rudder channel
  • faster mission upload on USB
  • new mavlink API for reduced memory usage
  • fixes for the APM_OBC Outback Challenge module
  • fixed accelerometer launch detection with no airspeed sensor
  • greatly improved UART flow control on Pixhawk
  • added BRD_SAFETYENABLE option to auto-enable the safety switch on PX4 and Pixhawk on boot
  • fixed pitot tube ordering bug and added ARSPD_TUBE_ORDER parameter
  • fixed log corruption bug on PX4 and Pixhawk
  • fixed repeated log download bug on PX4 and Pixhawk
  • new Replay tool for detailed log replay and analysis
  • flymaple updates from Mike McCauley
  • fixed zero logs display in MAVLink log download
  • fixed norm_input for cruise mode attitude control
  • added RADIO_STATUS logging in aircraft logs
  • added UBX monitor messages for detailed hardware logging of u-Blox status
  • added MS4525 I2C airspeed sensor voltage compensation

I hope that everyone enjoys flying this new APM:Plane release as much as we enjoyed producing it! It is a major milestone in the development of the fixed wing code for APM, and I think puts us in a great position for future development.

Happy flying!

Kelvin ThomsonTAFE Funding Crisis

Why on earth are we spending $8 billion on a Freeway through Royal Park, and cutting TAFE funding by $119 million, leaving seven out of fourteen public TAFES in deficit?<o:p></o:p>

The best infrastructure investment we can make is to educate and train our young people.<o:p></o:p>

XKCD Whatif Faucet Power

Faucet Power

I just moved into a new apartment. It includes hot water but I have to pay the electric bill. So being a person on a budget ... what's the best way to use my free faucet to generate electricity?

David Axel Kurtz

You could build a tiny hydroelectric dam in your tub.

It would generate power, though not very much of it. The formula for power is pressure times flow rate.[1]Or, alternately, flow rate times density times height. Since bathtubs are pretty shallow, the pressure at the bottom isn't very high, so this works out to around two watts of power, or about 25 cents per month.

You can get more power if you increase the pressure of the water passing through the generator. To do this, you could increase the depth of the water. If you have two floors in your apartment, you could have the water column stretch from the second to the first floor, generating at least ten times the pressure and ten times the power.[2]This is similar to the rainwater scheme discussed in article 23. In effect, the local authorities would be paying to pump the water up to your apartment, and you're getting some of that energy back when you let it flow back down.

Could you use the faucet to pump the water up arbitrarily high, and get more and more power out of it as it falls back down?

No. First, you couldn't pump the water arbitrarily high. Household faucets have a pressure of around 4 atmospheres.[3]60 PSI. That's about 4000 millibars, if you measure your plumbing with an old barometer. You can lift water about 10 meters per atmosphere of pressure, which means that a household faucet can only pump water up by about 40 meters.

Second, as you can probably guess by looking at the above picture, pumping the water up 40 meters with water pressure and then back down doesn't accomplish anything—you can just hook the faucet up to your device, and let the water pressure drive the generator directly. In either case, for a bathtub faucet, this works out to almost 200 watts, or $25 per month.

You'd have to make sure your plumbing could handle the water. If your pipes get plugged up and stop draining, the faucet could fill your house in a matter of days. And either way, eventually someone from the city would probably show up to ask why you're using 40 tons of water every day.

And really, with California suffering through its worst drought in history, this system might earn you some dirty looks. Sure, if you live far away from California, it's not like your water would have gone to ease their drought, but wasting a gigantic amount of water (and investing a bunch of money) to save a few dollars on your electricity bill might come across as a little rude.

A bathtub's flow rate is five or six orders of magnitude less than that of a river, but it's still a lot of water. Could we put it to a less selfish use?

There's a common piece of advice that says you should drink 8 glasses of water a day. No one really knows where this advice came from; people claim you should drink anywhere from 2 to 12 glasses of water daily,[4]For some reason, the saying only ever uses even numbers; a web search turns up lots of tips about six or eight glasses per day, but few advising you to drink seven. and none of them have any real evidence behind them. The only real solid advice I've heard is that if you're thirsty, you should drink some water.

If we stick to the "8 glasses of water" standard, then a bathtub faucet provides enough drinking water to sustain about 10,000 people indefinitely. In other words, the city of Manhattan could survive on the water from just 150 bathtubs.

But if your goal is to save money on your electric bill, there's a much more lucrative option.

Single servings of bottled water sells for a dollar or two per half-liter. A lot of bottled water comes from municipal sources—that is, it's tap water. Bottled water isn't necessarily about the water; often, people are paying for convenience or because there's an issue with their water supply. Whatever the reason, however, there's no reason to let Coca Cola keep all the profits.

If you bottled the water from your bathtub faucet and managed to sell each bottle for \$1.50, you'd make \$72 per minute—\$38 million every year.

Then you won't have to worry about your power bill.

,

TEDNote-taking, doodles and sketches from TED2014

Do you think in pictures? These TED fans do — and they capture their thoughts in an idiosyncratic mix of words and text that parallels the way their thoughts flow.

Sharon Hwang posted this adorable video on Instagram, showing her thumbing through her notes from TED2014. She writes, “What an amazing week at TED! Leaving completely inspired, with a pile of notes scribbled.”

<iframe class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/dZemctjOKiA?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

A group of “citizen journalists” jotted down their thoughts on the conference using OneNote Online, Microsoft’s group note-taking system. Below, Sheryl Connelly’s interpretation of Larry Page’s talk.

Sheryl-Connelly-on-Larry-Page.jpg

Also via OneNote, Grace Rodriguez remembers Ray Kurzweil’s talk.

Grace-Rodriguez-on-Ray-Kurzweil

In her talk from TED2011, Sunni Brown made the plea: “Doodlers, unite!” This year, she shared her visual recordings of TED2014 talks with LinkedIn. Below, see her capturing of a talk from Amanda Burden, New York City’s former director of city planning.

Sunni-Brown-on-Amanda-Burden

Collective Next has made a tradition of scribing TED conferences. Here, an interpretation of Jennifer Senior’s talk on parenting, created by Tricia Walker.

Jennifer-Senior-doodle

TED-Ed Animation Producer Jeremiah Dickey drew portraits of all the speakers he watched in his sketchbook. Below, his interpretations of Will Marshall and Louie Schwartzberg from Session 9, and  Mellody Hobson and Sarah Lewis from the start of session 10.

Jeremiah-doodle

Translator Johanne Benoit-Gallagher, a painter who attended TEDActive, made these doodles while watching Allan Adams’ talk about black holes.Allan-Adams-doodle


Sociological ImagesU.S. Army Releases Racially Biased Hairstyle Regulations

1Sgt. Jasmine Jacobs of the National Guard in Georgia has always plaited her hair into two twists around her head. She has been in the military for six years and has worn her hair natural (meaning no chemical treatments [perms] or hair extensions [weaves]) for four of those years. But according to the new hair-grooming requirements the U.S. Army recently released, her hair is now out of regulation.

And so are the Afro-centric hairstyles of many black women in the Army, who make up 31 percent of Army women.

Jacobs, who said she is “kind of at a loss now with what to do with my hair,” has started a White House petition asking the Army to rethink its new hair guidelines. The petition has collected more than 7,000 signatures from soldiers and civilians, but needs to reach 100,000 signatures by April 19th in order for the White House to address it.

The petition states:

Females with natural hair take strides to style their natural hair in a professional manner when necessary; however, changes to AR 670-1 offer little to no options for females with natural hair… These new changes are racially biased and the lack of regard for ethnic hair is apparent.

The new Army Regulation 670-1  was published Tuesday and illustrates with photos the types of hairstyles that are unauthorized for women. Those include dreadlocks, twists or any type of matted or coiled hair. A particularly cumbersome requirement disallows the bulk of a woman’s hair to “exceed more than 2″ from her scalp.” That rules out Afros and most types of non-chemically altered black hair.

Basically, almost every natural hair option that black women in the Army could wear is now off limits. One of the few traditionally natural hairstyles that was listed as appropriate is cornrows, but a slew of specifications and rules surrounded even that. The diameter of each cornrow can’t be more than one-fourth of an inch, and no more than one-eighth of an inch of scalp may be shown between cornrows.

The only way to realistically meet the new standards would be to shave one’s head, perm one’s hair or wear weaves or wigs.

Jacobs said twists like the one she wears are very popular among black women soldiers because the style requires little maintenance when in the field. Her hair’s thickness and curliness makes pulling her hair back into a bun (a style popular among white women soldiers) impossible.

A spokesperson for the Army said the grooming changes are “necessary to maintain uniformity within a military population.” When that need for “uniformity” erases the ethnic differences of a group of women and forces them to constrain themselves to European standards of hair, it presents a serious problem.

“I think, at the end of the day, a lot of people don’t understand the complexities of natural hair… I’m disappointed to see the Army, rather than inform themselves on how black people wear their hair, they’ve white-washed it all,” said Jacobs.

Screenshots taken from Army Regulation 670-1.

Anita Little is the associate editor at Ms. magazine, where this post originally appeared. You can follow her on Twitter.

(View original at http://thesocietypages.org/socimages)

Google Adsense20(14) Publisher Stories: Google AdSense helps IoLeggol'Etichetta help consumers

As part of our ‘20(14) publisher stories’ blog series, every Monday we’ll introduce you to a publisher and share their success story. Read on to meet this week’s featured publisher, and feel free to share your own success story with us.

Raffaele Brogna is the creator of Ioleggoletichetta.it. Meaning ‘I read the label’ in english, the site is dedicated to consumer awareness and protection offering advice on how to get the right information from product labels and tips on saving money when shopping. As a social crowdsourcing project, the site has a large community following who regularly contribute and report on their own experiences and findings as consumers.

Alongside his wife, Raffaele looks after the day-to day operations as well as the broader strategy for the site. They decided to use AdSense at the outset to help cover running costs and considered the prompt payments offered by AdSense as a key influencer in their decision. They were quickly pleased with the results, in particular with the relevance of the ads displayed.


They also use Google Analytics to help identify the best placements for their ad units and to check on their overall ad unit performance. Today, revenue from Google AdSense covers the costs of running this project online. Looking ahead, Raffaele will continue partnering with Google AdSense to go even further in his quest to give Italian consumers the information they need to make informed decisions when shopping.

Posted by Suzy Headon - Inside AdSense Team
Was this blog post useful? Share your feedback with us.

TED5 days of TED in one page

What does 5 days of TED feel like? As Lucy Farey-Jones says: “Upon my re-entry to the real world, friends, clients and folks at my firm say: ‘How was TED?’ And there is a big pause from me as my brain tries and fails to sum it up. It’s an impossible question to answer. It’s like being asked ‘How is food?’ or ‘Puberty — how was it?’ Which is where this idea came in. I thought a way to answer this daunting question would be to make a graphic which tries to capture how TED makes me feel. I gave myself the challenge to capture 5 days in one page.”

Click on the image below to explore it in detail. The arrows will send you through to where you can watch talks or read more.

TED_Big_Bang_2014-(small)

Courtesy of Lucy Farey-Jones


TEDA jewel of the city: Aziza Chaouni on restoring the Fez River

Blog_FF_AzizaChaouniThe Fez River winds through the city’s medina – Fez’s historic medieval center and a UNESCO World Heritage Site. Heavily contaminated, almost an open sewer, it was covered over with concrete to contain the smell; it was all but forgotten in recent decades. For much of the past 20 years, architect and engineer Aziza Chaouni has been battling to restore it. Working with the city’s water department since 2007, she’s now restoring and reconnecting the riverbanks with the rest of the city, while creating open, green public spaces, allowing the medina to breathe again. At TED2014, we asked her to tell the story of this extraordinary task.

How did you begin the task of uncovering the Fez River?

The whole story actually started as my thesis at Harvard. My thesis advisor told me to do something “that you feel passionate about and that could make a difference.” For years, I’d seen the river in my hometown being desecrated, polluted and filled up with trash and rats. It had become an open sewer and a massive trash yard at the core of the city.

The Fez medina has about 250,000 inhabitants, and all their untreated sewage went straight into the narrow river that runs through it. The river was also heavily contaminated by nearby crafts workshops and tanneries — with chemicals such as chromium 3, which is lethal. People working in the tanneries were getting skin cancer, and some of them were dying. It was terrible. Obviously the river started to stink, so people started building walls to block the view. Then, because it became a health hazard, they covered it with concrete starting in 2002. And because it was covered, people began using that open space as trash yard.

Actually, the first covering began in 1952, when Morocco was still a French protectorate, but it was for political reasons — so that French colonial power could easily enter the medina and control the population. Then, as the population grew and Morocco became independent, covering happened because of the stench.

In your Fellows talk at TED2014, you showed how the water feeds into both public fountains and those in private courtyards. Do people actually use that water? Were they getting sick?

Of course they were, especially from the toxic chemicals dumped in the river by craftsmen. It became dangerous to drink from a running fountain. Besides, a series of droughts and excessive extraction from the water table left little water available for the medina water network. By the 1980s, most of the fountains had become defunct, yet they had been central to its urban fabric. Imagine if Rome had no more running fountains! Can you imagine La Seine or the Thames being suddenly covered? The Fez River is smaller in scale, but the effect is similar: a central part of the city was amputated. When I witnessed all this, I was in college at Columbia University in New York at the time. I would have been 19. I was outraged; I wrote an article in the newspaper and I received hate mail, because of course it made the city look bad. At the time, I was an aspiring engineer. But due to my age and lack of experience, I was not taken seriously.

Pollution in the Fez river. Photo: Aziza Chaouni

Pollution in the Fez River. Photo: Aziza Chaouni

Contaminated water will also have been entering your food supply, your groundwater.

Of course! Yes! Yes and yes and repeatedly yes. It would pollute the water table, which feeds the most fertile agricultural basin of Morocco. But this didn’t upset anyone. Environmental protection is almost seen as a luxury in developing countries: economic development, health and education are understandably bigger priorities. It’s a different mentality in Morocco. I heard many times: “Look, we’re eating the food and we’re fine, hence  nothing’s wrong!”

Many people are eating food exported from Morocco.

I know. And of course it’s not just Morocco — in so many emerging countries, you have high levels of environmental pollution, but you just don’t know about it as there is not much control or accountability. But the point is that if you uncover such a large-scale environmental hazard, even as an architect, you feel outraged and want to do something about it. So I decided, for my thesis, to propose re-envisioning the medina if the river were to be cleaned and uncovered.

My thesis took a slightly different approach to what I’m doing now. You see, the medina of Fez used to boast one of the oldest universities in North Africa, the Quarawiyine, but after Morocco’s independence in 1956, the government established an American style campus outside the city, which symbolized modernity. The university’s move caused the entire cultural life of the city to fade away. In my thesis, I proposed building a university in the medina, with the various departments to occupy the urban voids along the river. These voids had been created when the river was covered: houses were destroyed to make way for the heavy machinery required. My vision was that, once uncovered, the river would serve as a pleasant green feature, and its banks would be used as a circulation system linking the departments. Classrooms would be located in nearby abandoned buildings. The university model was unusual and innovative: it would be one of a heterogeneous network of buildings embedded within the medina’s urban fabric.

For me, bringing back the water and the university represented a double win. The university idea hasn’t happened yet, but working on this thesis allowed me to start thinking about the potential of the river for the city and its inhabitants. Many ideas I developed back then became a solid departure point for the actual project, which I started in 2007 in collaboration with my then-partner Takako Tajima.

You’d been thinking about uncovering the Fez River for almost 10 years by then. How did the Fez River Project become a reality?

When Takako and I learned in 2007 that the city would finally be diverting and treating the medina’s sewage, we knew that with clean water, it would be possible to uncover the river and use its banks. We could create much-needed green, open space in the medina. It only has 43.5 square feet of green space per person, while UN standards recommend between 215 to 275 square feet per person.

Inside the medina, the uncovering of the river opened up new possibilities to restore the river banks as pedestrian pathways, reconnect the river banks to the city fabric and transform what used to be urban voids into green, open spaces. So we proposed three main interventions: a pedestrian plaza, a playground and a botanical garden. We used four main strategies: precisely placed interventions strategically phased to enhance water quality, remediate contaminated sites, create open spaces, and build on existing resources for economic development. These interventions had to benefit the population on several levels — social, environmental, economic, urban — and be resilient, so that it would still function regardless of changes in budget, political climate, and so on.

At the wider city scale, we needed to prevent the newly cleaned river water inside the medina from getting polluted upstream, so we recommended measures for improving regional water quality, too. Depending on soil geomorphology, levels of water pollution, adjacent urban fabric and ecological systems, we purposefully located various rehabilitation tactics like canal restorers, constructed wetlands, bank restoration and storm-water retention ponds.

Before: A portion of the Fez river before uncovering, the concrete plaza being used as a dump. The blue marks indicate the locaation of the river. Image: Aziza Chaouni

Before: A portion of the Fez River before its uncovering. The concrete plaza being used as a dump and the blue marks indicate the location of the river. Image: Aziza Chaouni

Now that the water is clean, is biodiversity coming back?

Not inside the medina, but downstream. The changes in biodiversity are definitely noticeable: the flora looks more healthy. Inside the medina, there’s now construction, and craftsmen have not completely stopped polluting some areas of the river and its banks. So it’s more of a long-term goal, but it will happen.

It sounds as though you met with a huge amount of resistance. Yet now, the Fez River Project is celebrated. How did this happen?

The moment things changed was when we won two very important design prizes, called the Holcim Award for Sustainability in 2007. It’s one of the most lucrative prizes — up to $400,000 for the Gold Regional and Global awards — in the design field. The prize brought the Fez River, its problems and potentials to the attention of a large public. When something becomes that important publicly, there are many new stakeholders that emerge — everyone wants to help the project while projecting their own agendas. Suddenly, many voices started to be heard. But sadly, our input was seen as less necessary or relevant. So it became something of a battle.

Why is having many people interested difficult?

Having many voices interested in architectural and urban issues is a positive thing in many regards: for example, it can allow for a democratic design process. However, it can sometimes also create hurdles and harm a project as it dilutes its central design ideas. As some of my colleagues have observed, any municipal project around the world is the most complex project you can possibly work on, especially on a large scale. Because there are just so many variables, there are so many changes in the sociopolitical landscape, and so many commercial and economic interests colliding.

After: What this portion of the river will look like once it is uncovered, and the area shaded built to create a public plaza. Image: Aziza Chaouni

After: What this portion of the river above will look like once it is uncovered, and the area shaded built to create a public plaza. Image: Aziza Chaouni

But fortunately, there is no turning back now. The river is uncovered — a process that took three full years — and the first public space is almost finished. It’s a plaza. People are using it, even though it is still under construction. So, no matter what the design ends up looking like or how people change it, at least the worst has been avoided: the river could have remained terribly polluted and its existence even forgotten by the inhabitants of the medina, erasing a large part of the history of the city. Like in other other medinas in the Middle East, the covered river could have easily become a vehicular road, which is a harbinger of bad news for medinas.

When roads are introduced into these medieval cities, their pervasive pedestrian network starts to slowly be transformed. Narrow pedestrian streets become larger and are gradually replaced by roads. Also, once-inward-facing houses start to open up with businesses facing towards these new, large roads. As a result, the medinas’ urban fabric loses its unique character, which is marked by an organic, labyrinthine pedestrian system. The medinas of Tunis and Algiers illustrate well this tragic, irreversible transformation.

How many more years before your final vision comes to pass?

For me, on a fundamental level, I would say that the core of our vision has happened: the river has been resuscitated, both figuratively and literally. It is uncovered and acknowledged by all as a “river,” not a sewer. This presents a unique potential for the medina of Fez. A key lesson we have learned is that a resilient design project, with a solid core idea, can surmount any changes that come its way. Its core idea will remain, even though its aesthetics, timeline, methodology will drastically changed. In architecture school, we are taught that one’s project should be implemented as closely to one’s drawings as possible. In developing-world contexts, especially while working on municipal projects, this task is almost impossible. The architect needs to leave his or her ego in the back seat and develop a resilient, phased design with key principles that can sustain changes of stakeholders in the socio-political sphere, with the economic landscape and so on.

How much are you invested personally in the Fez medina? Did you grow up here?

My dad and my grandparents on both sides of the family were born and raised in this medieval city, so it’s absolutely very close to my heart. I grew up not inside the medina, but in the newer part of the city, right next to it. What’s amazing is that it’s not a place for tourists — it is a living city, and not much of its urban fabric has changed since the 7th century. People live there, work there — so if you want to buy, for example, a type of cake, special fabric, sweets or pickles, it can only be sold in certain neighborhoods of the medina. Tourists do go there as well, of course, but the medina of Fez has not given way to massive gentrification.

It sounds magical.

When my American mother-in-law, who’s a historian, came to Fez, she said, “I never felt so much that I was back in time, back in the medieval era. You almost forget which time period you’re in.”

You call yourself a nomad, and work on quite a few other projects around the world, specializing in eco-tourism in arid regions. But your work in Fez must take up a huge amount of time.

Let’s say I am a semi-nomad with a double life. I am an assistant professor at the University of Toronto, and I have a small design office with two people in Toronto, and an office of five people in Fez, my hometown. I usually spend about three months of the year in Fez, and I keep daily contact with my team and clients while I am in Toronto.

The nice thing about the University of Toronto is that it’s a research university, so I am expected to work on research projects. Obviously, I like to link my research to my practice, as they both feed on each other. I’m not an architectural historian — I teach students to become professional architects, so it is a big asset to be practicing, especially in countries like Morocco. That way, I can share with my students design expertise specific to developing world contexts.

I also have an applied research lab called DET at the University of Toronto that focuses specifically on ecotourism in emergent countries, in very remote areas. I have been focusing on deserts and arid climates these past years, and I have worked on projects in Southern Morocco and Jordan.

Proposed dwelling sites for an eco-tourist destination in Ain Nsissa nature reserve, Morocco. Image: Aziza Chaouni

Proposed dwelling sites for an eco-tourist destination in Ain Nsissa nature reserve, Morocco. Image: Aziza Chaouni

Can you give us an example?

Well, we work with the Moroccan Ministry of Tourism, for example, when they need to set up guidelines for investors to develop tourism projects in fragile, remote sites. Of course, Morocco is a developing country, and they want outside investors, but they also know that if they just let people do whatever they want, they will mess up those landscapes. In a desert, there is no margin for error. You mess it up, you kill everything, and that’s it. You’re all done. You have so few resources, too. So investors can be scared to come in.

With the help of my mentor and thesis advisor, Professor Hashim Sarkis, I was able to convince the Moroccan Ministry of Tourism to finance my students’ trips to Morocco. Then, under my guidance, they develop innovative solutions and guidelines, which then become bylaws. We started developing, for example, new types of ecological nomadic tents that leave very little impact on their context—they fold up and can be moved easily.

Then, I was asked to work in Jordan by the Royal Society of Conservation of Nature (RSCN), also in a desert area, to help them establish a new protected area north of Petra called Shobak. RSCN, an NGO, runs all national parks, not the government. Since they only receive 10% of their money from the government, they need to generate the other 90% to conserve nature. So they rely on eco-tourism, and wanted new ideas about how to develop it. The fact that I speak Arabic, and that I can also easily speak to women because of my gender, has been a big asset to understand the aspirations of local populations. A lot of men from these remote areas migrate to cities, so mostly women are left.

And you’re working on a Canadian project, as well?

Yes, after I’d been to Jordan, I collaborated with Parks Canada in Toronto to study the first very urban national park in Canada, Rouge National Urban Park, created in 2012. I applied for a grant to compare Rouge Park, which is right in the middle of the suburbs, with another urban national park in Rio, Guaratiba Biological Reserve, which contains a unique mangrove habitat. Both parks are adjacent to large, sprawling cities, and they will be under even more pressure in the future. How can we manage parks like this in new ways? How can we build next to these new parks?

Thanks to a LACREG grant, we did research for two years, then created an app that compares the two parks — how they are run and funded, their adjacent urban areas, their leisure activities, their ecosystems, endangered species. But the part we’re most proud of is that we created guided tours with a feature that allows visitors to become stewards of the park by reporting environmental abuse. Because these parks are usually not well-known, people can take different tours that will explain their history. But the most important issue is that urban parks are very hard to manage because they are readily accessible, and park rangers have a hard time being vigilant. So the app allows anyone who sees something or someone harming the parks — such as littering, poaching, off-leash dogs, harming wildlife — to take an image, immediately upload it to Flickr, and geo-tag it.