Planet Russell

,

Sociological ImagesGirls Deserve Better than “Girls on the Run”

Every spring, my daughter receives an invitation to participate in a local Girls on the Run (GOTR) program. Every spring, I hesitate saying, “yes.”

Girls on the Run (GOTR) is a non-profit organization with about 200 councils across the U.S. and Canada. Over 10 to 12 weeks, councils help organize teams of girls in 3rd through 8th grades to train for and complete a 5K run.

1

Volunteer coaches lead their team through the program’s pre-packaged curriculum, consisting of lessons that “encourage positive emotional, social, mental and physical development.” Among other things they discuss self-esteem, confidence, team work, healthy relationships, and “challenges girls face.” Boys are not allowed to participate in the program. The 5K is described by GOTR as the ending “moment in time that beautifully reflects the very essence of the program goals.”

The starting line has the atmosphere of a party. Music is played over loud speakers, pumping teen pop (with lyrics laden with sexual innuendo and “crushes” on boys) and oldies that carry an affirmative “you can do it” message like Gaynor’s, “I Will Survive.”

Vendors (local businesses and organizations) bring tables to engage the girls and their parents in products/services they have available. This is not the only form of capitalistic opportunism affiliated with GOTR. The international organization’s official sponsors include Lego Friends – a line of Legos that emphasize single-sexed socialization (not building!) and Secret’s campaign “Mean Stinks” (featuring another pop glam star, Demi Lovato) that emphasizes painting fingernails blue, among other frivolous things, to address girl-on-girl bullying.

The run is an odd scene. Though boys have been banned from participation, older male relatives, friends, and teachers are encouraged to run with girls as their sponsors. It has become a unique trademark of GOTR that these men, and many of the women and girls, dress “hyper-feminine” (e.g., in skirts, tutus, big bows, bold patterned knee-high socks, tiaras, etc.), apply make-up or face paint, and spray color their hair. The idea is to “girl it up.”

Over the years, I’ve become increasingly uncomfortable with this event for a couple of reasons.

First, encouraging girls to “girl it up”—or I prefer, “glam it up,” so that we don’t appropriate these behaviors just for girls—can be fun, an opportunity to step out and beyond what is practiced in everyday life. But there’s no corresponding encouragement to “butch it up” if they desire, or do some combination of both.  In the end, then, this simply serves to reproduce gender stereotypes and the old-fashioned and false notion that gender is binary.

Second, by bombarding girls with “positive” messages about themselves meant to counteract negative ones, the program implicitly gives credence to the idea that girls aren’t considered equal to boys. What messages are girls really getting when special programs are aimed at trying to make them feel good about themselves as girls?

Although I have always given in to my daughter’s requests, at some point I am going to say “no.” Instead of reinforcing the box she’s put into, and decorating it with a pretty bow, we’ll have to start unpacking mainstream girl culture together.

Scott Richardson is an assistant professor of educational foundations and affiliate of women’s studies at Millersville University of Pennsylvania. You can follow him on Twitter.

(View original at http://thesocietypages.org/socimages)

Sociological ImagesHappy Birthday, Thorstein Veblen!

Thorstein Veblen (1857 – 1929) Veblen was a noted economist and sociologist and a prominent leader of the institutional economics movement. He is widely known for his book, The Theory of the Leisure Class, where he famously discusses a phenomena he called conspicuous consumption.

Sociological Cinema

3Art by Phillip Fivel Nessen. H/t Sociological Cinema.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

RacialiciousThe SDCC Files: The Cosplay Gallery

 

"trinandtonic:patbaer:</p

by Kendra James

As I wrote for the The Daily Beast the best part of Comic-Con is always the ridiculously talented cosplayers wandering the halls. As a cosplayer myself, I know how challenging (and fun)  designing, finding, and creating costumes for cons can be.  With that in mind I wanted to showcase some of the costumed heroes, heroines and other beloved characters of colour Art and I spotted during this year’s con.

IMG_9728a

Static Shock

IMG_9736a

The tiniest Clark Kent

IMG_9747a

Ms. Marvel (Kamala Khan)

IMG_9780a

Lt. Uhura

IMG_9784a

Oberyn Martell

IMG_9790a

Zuko and Azula from Avatar: The Last Airbender

IMG_9902

Maleficent and Aurora

IMG_9918

The Black Widow

IMG_9922

(Siblings) Thor, Black Widow, and Captain America

IMG_9953

Buzz Lightyear  (who had fully automated wings)

IMG_9965

Captain America and The Winter Soldier (they each made their own costumes independently!)

IMG_9975

Princess Leia

IMG_9983

Bert from Mary Poppins

CAM00763 (1)

Captain America and Patriot

unnamed

Super Family

Margaery Tyrell (myself) and Sansa Stark

The post The SDCC Files: The Cosplay Gallery appeared first on Racialicious - the intersection of race and pop culture.

Planet Linux AustraliaAndrew Pollock: [life] Day 182: Errands, movie, bike ride and swim class

Zoe woke up at around midnight and ended up in bed with me. I think I'll be spending the weekend doing some retraining.

I had noticed that Tinkerbell and the Pirate Fairy was still showing at the Hawthorne Cineplex, so I thought I'd take Zoe today. She ended up doing a poor job listening this morning when we were trying to get going, so I told her we'd go see it tomorrow as a consequence.

We headed out to exchange her tennis racquet for a larger one, and picked up a few other bits and pieces while we were out. I got a witches hat from Bunnings, and now she's very excited about having a tennis lesson at home.

We dropped by the movie theatre to see what time the movie would be showing tomorrow, because they haven't published the times for the next week yet, and the time didn't really work for what I wanted to do tomorrow, so we ended up watching the movie today anyway.

The movie was pretty good. It's nice to see Disney allowing John Lasseter to have creative input into non-Pixar films. I noticed his name in the trailers for Frozen as well.

After that, we dropped into Ooniverse next door, and ended up having lunch there. I struck up a conversation with Nicky Noo. I can see an opportunity to potentially keep my recently acquired barista skills vaguely sharp by doing some freebie barista work there in my copious amounts of spare time.

We walked home after that, and to kill some time, we were going to do a bike tour of the local parks until it was time for Zoe's swim class. After pumping up the tyres and getting to Bulimba Memorial Park, that was about as far as we got before it was time to leave for swim class.

We biked over to the swim class, and I had a great time watching Zoe learning to roll and breathe. It's the last piece she needs to pick up before she can properly swim, and then it's just refinement. She didn't do too badly.

Megan arrived for her class, which was after Zoe's, so the girls got to briefly hang out, and Zoe wanted to stay for a bit to watch Megan swim.

After that, we biked home, and Sarah arrived a bit earlier than usual to pick up Zoe.

Worse Than FailureCodeSOD: The Joys of Interdisciplinary Work

Lisa thought that the Modesto Biology Institute was the perfect working environment. The scientists who showed her around were all friendly, not the "evil, lab-coated villains" portrayed in Fritz Lang films. The lab director, Howard, pointed out the lack of horror monsters in their lab after Lisa joked about it during her interview.

"See?" Howard said, gesturing. "You won't find anything scarier than a petri dish in here ... except for grant applications." He looked disgusted at the suggestion.

"I'll take your word for it," Lisa said, laughing.

But there were horrors lurking in the lab ... just not the kind that grow in petri dishes.

SQL Swarm

Lisa heard a plaintive cry down the hall one day. She found Howard looked forlornly at his monitor.

"It's our web interface," he said. "We use it to log experimental data. I wrote it myself a few years back, but it's been giving me so much trouble lately. That's the third time the server's crashed today. I don't see why it keeps choking up every time we add a new dataset."

"Well, that's why I'm here," Lisa said. "Mind giving me an hour or two to see what's wrong?"

The web interface used a custom Java library -- also written by Howard -- that spoke to an Oracle database. Whereas she expected to see a few tables (one for data, one for experiments, and maybe one for additional metadata), she instead found over 3000: two tables for each experiment ever conducted at Modesto.

"Howard," Lisa said, "can I prune any of these tables?"

"Afraid not. We can't afford to lose any of that data. Our funding would go out the window." He shuddered.

Lisa instead optimized some confiurations in Oracle. She tried not to think of the thousands of tables that lay waiting in that database.

System.out Basilisk

"Lisa, could you give me a hand? I'm trying to add a file input field to our spreadsheet uploader, but it keeps rendering outside of the form."

By now Lisa had gotten her hands dirty in the web interface. She had finally convinced Howard to combine the 3000 tables after another server crash broke the app for almost a day. However, she hadn't yet touched the view code.

Well, it can't be any worse than all those tables, she thought, and immediately regretted it once she opened spreadsheetUpload.java.

System.out.println("<select name=\"operation1\"><option value=\"greater\">><option value=\"smaller\"><"); System.out.println("<option value=\"greaterequal\">>=<option value=\"smallerequal\"><="); System.out.println("<option value=\"equal\">=<option value=\"notequal\"><>"); System.out.println("<option value=\"like\">LIKE<option value=\"in\">IN"); System.out.println("<option value=\"notin\">NOT IN<option value=\"between\">BETWEEN</select>"); System.out.println("<input type=text size=10 name=\"bed1\">&nbsp</center><br>"); 2 System.out.println("<center><font color=white>[ Name='osmY' ] [ Name LIKE 'flg_' ] [Name LIKE '%rp%'] [IN (2,3,5,6)] [BETWEEN 2 AND 3]</font></center><br>"); System.out.println("&nbsp<input type=checkbox name=\"ck2\">"); System.out.println("<select name=\"and2\"><option value=\"and\">AND<option value=\"or\">OR</select>");

"It'll be a few minutes," she yelled to Howard down the hall. There were no comments, no string variables to be found, just line after line of System.out.println. How on Earth did Howard even get it working in the first place?

Class-Based Hydra

Grants and the neverending search for funding are the worst aspects of working in a research lab, Howard explained one day. There are always strings attached.

Such as one that came from their biggest contributor.

"There have to be at least 100 defined classes," Howard said, pointing out a stipulation in a grant application. "Otherwise the interface can't be considered a 'major research appliance.'"

"That many classes would be a nightmare," Lisa objected. "The app has 15. It doesn't need any more."

"They'll get access to the source code any way they can," he said. "You've practically taken over for me since you started. Is there any way you could make it happen?"

"I'll try."

To inflate the class count, Lisa duplicated the different categories of experiments conducted at Modesto. Before, there was just one class called ExperimentModel.java. Now there were over several hundred, including DoubleBlindPharmaceuticalModel.java, DoubleBlindPsychologicalModel.java, and even FieldStudyModel.java.

But it suited their benefactors ... for a time.

The FORTRAN Menace

"God, I'm so sorry for putting you through all this." Howard held the latest request from the lab's benefactors. "Apparently they'll double our funding if all of our software ran on FORTRAN."

"...What." Lisa nearly dropped her tea.

"FORTRAN. It's well beyond my expertise. Do they even teach it in school nowadays?"

"There's a class." Lisa looked on a the world-weary Howard, trying to please the lab's patrons while keeping her sane. "I'll look into it."

As Lisa discovered, it was possible to rewrite their web application to run in FORTRAN, with a few extra libraries installed for HTTP communication and UTF-8 support. She gave the news to Howard, who shook his head. "Thanks, but I know when to stop before we create a monster."

Lisa didn't have to rewrite the interface in FORTRAN. The Modesto Biology Institute kept its funding, and Lisa works there to this day.

[Advertisement] Have you seen BuildMaster 4.3 yet? Lots of new features to make continuous delivery even easier; deploy builds from TeamCity (and other CI) to your own servers, the cloud, and more.

Planet Linux Australialinux.conf.au News: Call for bids for LCA 2017

Plans are coming along really well for linux.conf.au 2015 in Auckland. We're very much looking forward to seeing you all there, but in the meantime it's time to start thinking about plans for 2017.

Here is the timeline:

  • July - Council works with Bid Teams to help them prepare their bids, answering questions and providing guidance.
  • 8th August - Submission of formal bids closes.
  • August - Council clarifies any questions regarding the bids and reviews them.
  • September - Council conducts Site Inspections with shortlisted Bid Teams.
  • October - Council decides on the winning city and informs the Bid Teams.
  • January - The winning bid is announced at linux.conf.au 2015.

If you have ever sat in the back of a LUG meeting or an LCA talk and had an informal chat to someone about running an LCA now is the time to put that idea into action. If you were the person two seats back listening in, go bug that person to put in a bid!

If you haven’t already, the first thing to to do is to send an email to Council@linux.org.au to let them know you are thinking of submitting a bid. You should also CC linux-aus@linux.org.au, this might help you find other people keen on helping you out.

Once you've done that here are two documents to help you get started:

The first outlines what is required for the bid process, while the second give a fairly detailed overview of the sorts of things you need to think about when preparing to run an LCA, and provide example bid documents.

There is also a comprehensive Event Portal with lots of useful information on how to run a successful event at http://wiki.linux.org.au/Linux_Australia:Events_Portal

So go out, get your team together, talk to some venues/vendors and start bidding to run the next awesome LCA! Armed with your amazing organising skills, this is your opportunity to show off your city, do what you always wanted to do at LCA, add something extra special to the conference and have a say in the programme of the conference.

This is something you will remember for a lifetime and gain life-long friends, professional contacts and the experience looks amazing on a resume. Not to mention, it’s great fun to run!

Once you've finalised your bid document then please send to Council@linux.org.au and linux-aus@linux.org.au.

If you are thinking of bidding, please put your hand up sooner rather than later so that the Council can make sure you get the support you need to prepare a high quality bid. Please don’t hesitate to contact us if you have any questions or need any help in preparing your bid.

Chaotic IdealismQ&A: Informing an Undiagnosed Adult Friend

Q: Would it be a good idea to inform an adult friend that he most probably has Aspergers/HFA? He is very intelligent, has a well-paid responsible job [that he can do from home totally on his own, usually], has verbal but not behavioural meltdowns; his friendships are odd and shallow and his love-life alternately a mess or non-existent.

A: Short answer? Yes. If it's bad enough for you to worry about it, it's probably a good idea to tell him what you've observed. The worst that happens is he gets offended and you apologize; at best, you might have given him a clue that'll help him change his life for the better.

Long answer: The profile for adult autism is pretty complicated. When someone's slipped under the radar for half a lifetime, they often develop coping skills, hide autistic traits, and generally cobble together a way to cope. What they end up with is something that seems vaguely autistic to someone in the know, but could be any number of other things too.

The traits you mentioned aren't really core features of autism. Shallow friendships, stormy love life, verbal meltdowns, intelligence... they're rather vague traits. Shallow friendships aren't actually associated with autism at all, because we tend to be introverts, which means we tend to have a very small number of very close friends, if we have any at all. But there are extroverted autistics, about a quarter of us, and depending on the person, extroversion plus autism can equal someone who thinks of everyone they meet as a "friend", when actually they don't know all those people very well.

But if you do suspect ASD in someone you know, and you can see them suffering from not having any help for those traits, yeah, you owe it to them to tell them, "Hey, maybe there's a name for this." You're probably not a psychologist (and if you were you wouldn't really be well-placed to evaluate someone who's also an everyday friend), so you can't stick a label on it with any kind of accuracy. It's really the childhood history that would tell a professional what your friend's brain is like, because if they're autistic, their childhood is a time before they developed all those ways of coping, and before they developed ways to pretend to be NT. Autism is usually more obvious in kids, so when an adult gets diagnosed it is always very useful to know what they were like as a child.

But if you see that they have cognitive problems that are creating daily hassles for them, as a friend, you can explain your suspicions to them--that you see that they have some traits that look a little like autism; that you've read there are a lot of people who weren't diagnosed as kids because their autism was very mild; that you're telling them this because it might be useful for them to help them understand themselves, and perhaps seek a professional evaluation if their problems are bad enough for them to need outside help.

Even if it doesn't turn out to be autism after all, at the very least you will have pointed out to them that you can see that they are having trouble, that you care, and that you want them to get whatever treatment that they may need in order to manage those problems. What your friend does with the information is up to them; after all, they are an adult, it's their life and their decision to make. Just remember that whether they get a diagnosis or not, whether it's autism or not, they are still the same person they have always been.

Chaotic IdealismThoughts on oxytocin

Oxytocin is associated with the way NTs "group up". It makes you want to bond with someone and trust them, while rejecting anyone outside your group.

So, oxytocin is involved with bonding and trust, and also with prejudice.

I think the oxytocin/autism picture is going to be more complex than it seems at first glance. For example, autistic people are known to trust too much--the opposite of what an oxytocin deficiency would imply. And we are securely bonded with our parents, the same as neurotypical children are--meaning that we don't have issues with bonding, either.

My personal hypothesis? The "oxytocin deficiency" in autistic brains is an effect, not a cause, of our social skills delays. Because we don't connect as easily, we simply don't have the opportunity to produce oxytocin as often as NTs do--but when we do connect, we seem to find it as rewarding as NTs do. Only when oxytocin is associated with real social connections is it actually useful. Otherwise, it would be like telling your brain, "Trust; bond; form groups," indiscriminately. And that can be dangerous. Ask an autistic with an active-but-odd social style what happens when you trust everybody and see everybody as a friend; they'll probably have some pretty painful anecdotes.

What I think this means for everyday autistic life is that messing with oxytocin directly may not actually be too productive in the absence of social phobia. Autistics without social phobia seem to experience social interaction as being rewarding but overwhelming, and for them, the oxytocin comes naturally with successful social interaction--meaning that the best approaches would involve helping them make social connections to begin with; the oxytocin response would facilitate bonding quite normally once those connections were established. With people who have social phobia, the oxytocin might help, because it skews the social outlook toward trust and away from fear--but this would be true for social phobics whether they were autistic or not.

My basic opinion is that oxytocin is interesting to study and relevant to understanding socialization, but has practical applications mostly for people with social phobia. For people with autism in general, a more fundamental approach involving making social contact easier and less stressful would be preferable--a combination of speech/language therapy and communication-related accommodations that teach us how to connect with others and provide places where connections are more easily and simply made.

,

Geek FeminismTo be or not to be, that is the linkspam (29 July 2014)

  • Dr who? Campaign to boost digital profile of Australia’s female scientists | The Age (July 29): “According to web information company Alexa, Wikipedia is the sixth-most popular website globally. Yet even Wikipedia admits to a systematic bias when it comes to women in science, describing the subject as ‘’woefully under-represented’’. Next month, the Australian Academy of Science plans to change that, hosting a Women of Science ‘’Wikibomb’’ event inspired by a similar call to arms by the Royal Society, London.”
  • This Is What Tech’s Ugly Gender Problem Really Looks Like | WIRED (July 28): “Shortly after Kathryn Tucker started RedRover, an app that showcases local events for kids, she pitched the idea to an angel investor at a New York tech event. But it didn’t go over well. When she finished her pitch, the investor said he didn’t invest in women.”
  • Checking Your Privilege: A How-To for Hard Things | Leslie Hawthorn at OSCON 2014 | Youtube (July 23): “The reason that systemic problems are so difficult and so insidious, is because when you are a participant in a system, when you are a user of a system and all of the defaults are configured to work for you out of the box, it never occurs to you that those defaults even exist.”
  • When Does a Woman Owe You Sex? Check This Chart | Identities.Mic (July 22): “Microsoft Excel took a turn for the explicit this week when the Internet learned the once-innocuous office tool was being used in a dispiriting new bro-trend: tracking the number of times their partners refuse sex. Yes, #sexspreadsheets are a thing, presumably because some men still believe that owning a penis entitles them to unlimited sexy times. [...] The many falsehoods propagated at every turn have driven us to put together a helpful chart that may help clear up any uncertainties regarding when women owe it to anyone to have sex”
  • “Females” in Open Source, by Amber Wu | Model View Culture (July 21): “Sexism is so deeply ingrained in tech’s unbalanced demographics that making a point of not being a misogynist is practically countercultural. Unseating those biases to the point where codes of conduct are normal and our spaces are widely safer will take huge forces of change. “
  • How can tech companies diversify their workforces? | Marketplace.org (July 24): “Twitter is the latest tech company to disclose statistics on the race and gender of its workforce, following Facebook, Yahoo, Google and LinkedIn. Like those companies, Twitter is falling short on diversity.”
  • Getting hired without getting burned: Sniffing for culture smells | Liz Abinante (July 24): “It is incredibly difficult to find a good place to work. With companies that fire women after they announce that they’re pregnant, intimidate women into leaving, hire people who think it’s ok to compare women to programming tools, and have abysmally low diversity numbers (although at 10% women in tech, I am no longer surprised by Twitter’s terrible block policy), it’s surprisingly easy to end up working in a toxic environment.”
  • The Mary Sue Exclusive Interview: Mike Mearls and Jeremy Crawford on Acknowledging Sexuality and Gender Diversity in D&D | The Mary Sue (July 24): “Mike Mearls and Jeremy Crawford, lead designers of the latest edition of Dungeons & Dragons, out in a staggered release all this summer and fall, talk about the mechanics of inclusive gaming, Gen Con diversity panels, realistic artwork, and the decision to “look at the wonderfully diverse group of people who play the game and say, ‘There’s a place for each of you at the game table’” with the system’s new suggestions for roleplaying gender and sexuality.”
  • Virginia E. Johnson, Scientist: Beyond “Masters of Sex” | The Toast (July 23): “The 2013 Showtime television show Masters of Sex introduced viewers to William H. Masters (1915–2001) and Virginia E. Johnson (1925–2013), two of the best-known American sex researchers of the twentieth century. [...] But the television show fails to address why and how she has become the person that she became, and why she chose to devote her life and career to sex research with a difficult and demanding man.”
  • Women and Minority Leaders Are Penalized For Fostering Diversity, Study Finds | Mashable (July 18): “Women and minorities don’t shy away from hiring their peers out of fear of the competitive threat they may pose, but rather out of fear of the retribution they may incur, new research suggests. The reason they are so reluctant to hire other women and ethnic minorities is because they are often penalized by their bosses for doing so, according to a study to be presented at next month’s annual meeting of the Academy of Management.”
  • Women in the Sciences Report Harassment and Assault | Julienne Rutherford at Huffington Post (July 24): “We, like many other scientists, had heard the stories, shared via email, on blogs, whispered in the corners of hotel conference rooms. Harrowing stories of sexual harassment and assault during one of the most important stages of professionalization in the sciences: fieldwork. [...] We set out to explore more deeply the pervasiveness of these experiences and the results we published in PLOS ONE on July 16, 2014 are a sobering wake-up call.”
  • Comic-Con’s dark side: Harassment amid the fantasy | The Washington Post (July 27): “Geeks for CONsent, founded by three women from Philadelphia, gathered nearly 2,600 signatures on an online petition supporting a formal anti-harassment policy at Comic-Con.”

We link to a variety of sources, some of which are personal blogs. If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Sky CroeserCitizen Lab Summer Institute on Monitoring Internet Openness and Rights, Day 1

The first day of CLSI 2014 started with Ron Diebert talking about the state of the field and the attempt currently under way to build an inter-disciplinary research community around monitoring Internet openness and rights. Fenwick McKelvey has also put up a reading list of papers mentioned at CLSI 2014.

The opening panel looked at Network Measurement and Information Controls, and was facilitated by Meredith Whittaker of Google Research. Phillipa Gill gave an outline of the ICLAB project [slides]. This project is trying to develop better automation techniques for measuring censorship which would allow a better understanding of not just what is blocked, but also how it’s being blocked, who’s blocking it, and which circumvention methods might be most effective. At the moment the tool is still running in pre-alpha, and having some successes with block page detection: early findings will come out in IMC later this year.

Nick Feamster from Georgia Tech then discussed another project which is attempting to build a more nuanced picture of Web filtering than the data currently available. He argued that censorship takes many forms, not just blocking: performance degradation, personalisation, and other tactics. This means that measuring Web filtering is harder than it appears, and what is required is, “Widespread, continuous measurements of a large number of censored sites.” Issues with this include the problem of distributing client software to look for censorship, which is potentially done through the browser. This is possible, but leads to ethical issues.

Jeffrey Knockel of the University of New Mexico talked about moving, ‘Toward Measuring Censorship Everywhere All the Time’ [slides]. The method discussed here was to use side channels, which allows measuring IP censorship off-path without running any software on the server or the client or anywhere in between. This can be done completely in Layer 3, which has enough side channels.  Almost 10% of IPv4 addresses respond to large pings, higher in some countries – this allows for more vantage points. [I have no idea what this means.]

Finally, Collin Anderson talked about studying information controls inside Iran. He discussed the use of mass-scale continuous data collection as a way to show themes of political discourse within the country. This requires content-specific, context-specific knowledge. For example, when Iraq started to clamp down on the Internet, Islamist content was specifically blocked, as well as an odd assortment of pornographic site. Anderson argued that this research will be more effective when people avoid references to “censorship”, which can be divisive, and instead talk about “interference” and “information controls”. (This was also a theme that came up in the Q&A as Meredith discussed the need to avoid ‘inflammatory activist tinge’ to language, project titles, and so on, because this can discourage use and endanger anyone accessing services).

The Q&A for this last session focused quite a bit on ethics issues, and on the problems with managing these given the limitations of current ethics research boards and the challenges involved in the research itself. For example, while university ethics boards tend to prioritise ‘informed consent’, this can create problems for users of circumvention tools as it removes plausible deniability. Similarly, the idea of using anonymity to protect activists may not always match activists’ experience: some participants want their real names used because they feel this offers the protection of international visibility. Gill argued that part of what we need is better models of risk: frameworks for predicting how censors are likely to react to measurement.

The next session of the date focused on Mobile Security and Privacy. David Lie of University of Toronto began with a discussion of ‘Pscout: Analyzing the Android Permission Specification’. This tool uses two-factor attestation as a way to improve data security. This combines two-factor authentication with malware protection across both laptops and mobiles/authentication tokens. (I have some concern about the focus here on ‘trusted computing’, which takes devices further out of their users’ control).

Jakub Dalek of Citizen Lab talked next about the Asia Chats project, which focuses on chat apps that are popular outside the western context. In this case, Line, Firechat, and WeChat. Line implements blocking for users registered with a Chinese number, although there are a number of ways to circumvent this blocking. Firechat, which has been popular in Iraq, is promoted as being anonymous, but the actual content of messages is very poorly protected. Finally, Dalek noted that there was a lot of Chinese government interest in regulating WeChat.

Jason Q. Ng, also Citizen Lab, shared his work on the same project, this time focusing on Weixin. One of the interesting trends here is the emergence of messages which place the blame on other users for blocked content, such as: “This content has been reported by multiple people, the related content is unable to be shown”. Looking at the specific kinds of content blocked suggest that even if ‘users’ are blocking this material, there’s some link with the Chinese government (or at least with government interests). More work is needed, perhaps, which looks at these kinds of indirect forms of information control.

Finally, Bendert Zevenbergen of the Oxford Internet Institute outlined the Ethical Privacy Guidelines for Mobile Connectivity Measures, the outcome of a workshop held with ten lawyers and ten technical experts. He also raised the potential helpfulness of a taxonomy of Internet Measurement ethics issues, and invited people to begin collaborating in the creation of a draft document.

The next session focused on Transparency and Accountability in Corporations and Government. Chris Prince of the Office of the Privacy Commissioner of Canada talked about the annual report in Canada on the use of electronic surveillance which has been made available since 1974. A paper analysing this data, Big Brother’s Shadow, was published in 2013, and suggested important shifts in targets and sites of surveillance.

Jon Penney of the Berkman Center, Citizen Lab, and Oxford Internet Institute, outlined three major challenges for transparency reporting in ‘Corporate Transparency: the US experience’. These include the need for more companies to be willing to share transparency reports with more and better data (including standardised data); better presentation and communication of transparency reports which balance advocacy and research and provide contextualisation; and more work on the legal and regulatory space impacting transparency reporting.

Nathalie Marechal of USC Annenberg talked about the ‘Ranking Digital Rights‘ project, which is developing and testing criteria for particular privacy-protections from companies (such as whether they allow users to remain anonymous), working within an international human rights framework. This work has the potential to be useful not only for civil society actors advocating for better corporate behaviour, but also for corporations lobbying for policy change. The initial phase of the project is looking at geographically-based case studies to better understand themes across different locations, and during this phase there’s an interest in understanding how to assess multinational corporations operating across multiple regulatory contexts, including those which are acquired by other companies. Marechal and other researchers on the project are seeking feedback on the work so far.

Chris Parsons of Citizen Lab spoke on the need for better data about online privacy and related issues in the Canadian context: at the moment, we’re aware that, “an eye is monitoring Canadan communications”, but don’t have full details. This work began by sending surveys to leading Canadian companies in order to get more information an data retention. Results mainly indicated a generalised refusal to engage in any depth with the questions. The work has also been crowdsourcing ‘right of access’ information through an open request tool [try it out, if you're Canadian!]. Unlike the surveys, these requests are legally binding, and through the data generated, they’re trying to figure out how long online data is stored, how it is processed, and who it is shared with. Collaborations with MP Charmaine Borg have also led to more information about how Canadian intelligence and police agencies are engaging in data surveillance. From this initial research, they’re now trying to use this data to develop a transparency template to more effectively map what still need to know.

In the final talk of the session, Matt Braithwaite of Google talked about work around Gmail to build a better understanding of increasing encryption of email in transit. Google also has useful data available on this, and their report on it received significant attention, which resulted in a spike in encryption of email.

The final panel for day one looked at Surveillance
Seth Hardy of Citizen Lab talked about ‘Targeted Threat Index: Characterizing and Quantifying Politically Motivated Malware’, This is a way of measuring the combination of social targeting (for example, the use of specific language and internal group knowledge to convince activists to open attachments) and technical sophistication to build a better understanding of how politically-motivated malware is developing. Research from this project will be presented at USENIX Security on August 21st, 2014.

Bill Marczak (UC Berkeley and Citizen Lab) and John Scott-Railton (UCLA and Citizen Lab), talking about the growth of state sponsored hacking. They described the growth of mercenaries, companies selling tools to governments (such as FinFly). Some of the challenges for this research include the lack of people available to contact targeted groups and find out about the issues they might be having, and that targeted users may not even realised they’re under attack in some cases. There is some information available on malware that users are accessing, but metadata on this is limited: researchers get a file name, country of submitter, and time submitted, which doesn’t give information about the context in which malware was accessed.

Ashkan Soltani spoke on how technological advances enable bulk surveillance. One of the important differences between traditional surveillance techniques and new methods is the cost. For example, Soltani estimates that for the FBI to tail someone, it’s about $50/hr by foot, $105/hour by car, and covert auto pursuit with five cars is about $275/hour. Mobile tracking might work out to between 4c and $5/hour. This means that the FBI has been able to use mobile tracking to watch 3,000 people at a time, which would be totally impossible otherwise. This is vital when we think about how different forms of surveillance are (or aren’t) regulated.

Nicholas Weaver is based at the International Computer Science Institute, and emphasising that this gives him more freedom to look at NSA-relevant areas because he has a freedom to look at leaks that US government employees are prohibited from accessing. He advises us not to trust any Tim Horton’s near any government buildings. He gave a brief overview of NSA surveillance, arguing that it’s not particularly sophisticated and opens up a lot of vulnerabilities. Weaver said that anyone with a knowledge of the kinds of surveillance that the US’s allies (such as France and Israel) are engaging in will find them more worrying than actions of the US’s opponents (eg. Russia and China).

Cynthia Wong discussed work by Internet Research and Human Rights Watch on documenting the harms of surveillance. One of the organisation’s case studies has focused on Ethiopia, which is interesting because of the network of informants available, and the extreme hostility to human rights documentation and research on the part of the Ethiopian government. Surveillance in Ethiopia is complex but not necessarily sophisticated, often relying on strategies like beating people up and demanding their Facebook passwords. However, the state also buys surveillance tools from foreign companies, and documenting the harms of surveillance may help in bringing action against both companies and Ethiopia itself. The organisation also has a new report out which looks at surveillance in the US, where it’s harder to document both surveillance and resultant harms: this report highlights the chilling effects of surveillance on lawyers and journalists.


Planet DebianIan Campbell: Debian Installer ARM64 Dailies

It's taken a while but all of the pieces are finally in place to run successfully through Debian Installer on ARM64 using the Debian ARM64 port.

So I'm now running nightly builds locally and uploading them to http://www.hellion.org.uk/debian/didaily/arm64/.

If you have CACert in your CA roots then you might prefer the slightly more secure version.

Hopefully before too long I can arrange to have them building on one of the project machines and uploaded to somewhere a little more formal like people.d.o or even the regular Debian Installer dailies site. This will have to do for now though.

Warning

The arm64 port is currently hosted on Debian Ports which only supports the unstable "sid" distribution. This means that installation can be a bit of a moving target and sometimes fails to download various installer components or installation packages. Mostly it's just a case of waiting for the buildd and/or archive to catch up. You have been warned!

Installing in a Xen guest

If you are lucky enough to have access to some 64-bit ARM hardware (such as the APM X-Gene, see wiki.xen.org for setup instructions) then installing Debian as a guest is pretty straightforward.

I suppose if you had lots of time (and I do mean lots) you could also install under Xen running on the Foundation or Fast Model. I wouldn't recommend it though.

First download the installer kernel and ramdisk onto your dom0 filesystem (e.g. to /root/didaily/arm64).

Second create a suitable guest config file such as:

name = "debian-installer"
disk = ["phy:/dev/LVM/debian,xvda,rw"]
vif = [ '' ] 
memory = 512
kernel = "/root/didaily/arm64/vmlinuz"
ramdisk= "/root/didaily/arm64/initrd.gz"
extra = "console=hvc0 -- "

In this example I'm installing to a raw logical volume /dev/LVM/debian. You might also want to use randmac to generate a permanent MAC address for the Ethernet device (specified as vif = ['mac=xx:xx:xx:xx:xx:xx']).

Once that is done you can start the guest with:

xl create -c cfg

From here you'll be in the installer and things carry on as usual. You'll need to manually point it to ftp.debian-ports.org as the mirror, or you can preseed by appending to the extra line in the cfg like so:

mirror/country=manual mirror/http/hostname=ftp.debian-ports.org mirror/http/directory=/debian

Apart from that there will be a warning about not knowing how to setup the bootloader but that is normal for now.

Installing in Qemu

To do this you will need a version of http://www.qemu.org which supports qemu-system-aarch64. The latest release doesn't yet so I've been using v2.1.0-rc3 (it seems upstream are now up to -rc5). Once qemu is built and installed and the installer kernel and ramdisk have been downloaded to $DI you can start with:

qemu-system-aarch64 -M virt -cpu cortex-a57 \
    -kernel $DI/vmlinuz -initrd $DI/initrd.gz \
    -append "console=ttyAMA0 -- " \
    -serial stdio -nographic --monitor none \
    -drive file=rootfs.qcow2,if=none,id=blk,format=qcow2 -device virtio-blk-device,drive=blk \
    -net user,vlan=0 -device virtio-net-device,vlan=0

That's using a qcow2 image for the rootfs, I think I created it with something like:

qemu-img create -f qcow2 rootfs.qcow2 4G

Once started installation proceeds much like normal. As with Xen you will need to either point it at the debian-ports archive by hand or preseed by adding to the -append line and the warning about no bootloader configuration is expected.

Installing on real hardware

Someone should probably try this ;-).

Planet DebianDaniel Pocock: Pruning Syslog entries from MongoDB

I previously announced the availability of rsyslog+MongoDB+LogAnalyzer in Debian wheezy-backports. This latest rsyslog with MongoDB storage support is also available for Ubuntu and Fedora users in one way or another.

Just one thing was missing: a flexible way to prune the database. LogAnalyzer provides a very basic pruning script that simply purges all records over a certain age. The script hasn't been adapted to work within the package layout. It is written in PHP, which may not be ideal for people who don't actually want LogAnalyzer on their Syslog/MongoDB host.

Now there is a convenient solution: I've just contributed a very trivial Python script for selectively pruning the records.

Thanks to Python syntax and the PyMongo client, it is extremely concise: in fact, here is the full script:

#!/usr/bin/python

import syslog
import datetime
from pymongo import Connection

# It assumes we use the default database name 'logs' and collection 'syslog'
# in the rsyslog configuration.

with Connection() as client:
    db = client.logs
    table = db.syslog
    #print "Initial count: %d" % table.count()
    today = datetime.datetime.today()

    # remove ANY record older than 5 weeks except mail.info
    t = today - datetime.timedelta(weeks=5)
    table.remove({"time":{ "$lt": t }, "syslog_fac": { "$ne" : syslog.LOG_MAIL }})

    # remove any debug record older than 7 days
    t = today - datetime.timedelta(days=7)
    table.remove({"time":{ "$lt": t }, "syslog_sever": syslog.LOG_DEBUG})

    #print "Final count: %d" % table.count()

Just put it in /usr/local/bin and run it daily from cron.

Customization

Just adapt the table.remove statements as required. See the PyMongo tutorial for a very basic introduction to the query syntax and full details in the MongoDB query operator reference for creating more elaborate pruning rules.

Potential improvements

  • Indexing the columns used in the queries
  • Logging progress and stats to Syslog


LogAnalyzer using a database backend such as MongoDB is very easy to set up and much faster than working with text-based log files

Planet DebianGunnar Wolf: Editorial process starting in 3... 2... 1...

Yay!

Today I finally submitted our book, Fundamentos de Sistemas Operativos, for the Editorial Department of our institute. Of course, I'm not naïve enough to assume there won't be a heavy editorial phase, but I'm more than eager to dive into it... And have the book printed in maybe two months time!

Of course, this book is to be published under a free license (CC-BY-SA). And I'm talking with the coauthors, we are about to push the Git repository to a public location, as we believe the source for the text and figures can also be of interest to others.

The book itself (as I've already boasted about here :-} ) is available (somewhat as a preprint) for download.

[update] Talked it over with the coauthors, and we finally have a public repository! Clone it from:

https://github.com/gwolf/sistop.git

Or just browse it from Github's web interface.

LongNowHow Hard Should the Turing Test Be?

www_princetonai_com

It seems clear that computers are becoming more intelligent, but in the face of this fact, our definition of intelligence itself seems increasingly blurry. The University of Reading recently made an announcement exemplifying this trend:

The 65 year-old iconic Turing Test was passed for the very first time by computer program Eugene Goostman during Turing Test 2014 held at the renowned Royal Society in London.

At its face, this is huge and historic news. Alan Turing’s proposal of the eponymous test threw down the field of Artificial Intelligence’s original gauntlet. For a computer program to pass for human is no small feat and the creators have done something no one has achieved until now.

Within the world of Long Now’s Long Bets, as well, $20,000 is on the line – Mitch Kapor predicted in 02002 that “By 2029 no computer – or “machine intelligence” – will have passed the Turing Test.” He argued that when it comes to human knowledge and culture,

It is such a broad canvas, in my view, that it is impossible to foresee when, or even if, a machine intelligence will be able to paint a picture which can fool a human judge.

Ray Kurzweil, who helped popularize the Turing Test in his books The Age of Spiritual Machines and The Singularity is Near took him up on the bet, countering that sufficient reverse-engineering of the human brain will allow for computer programs that can think like a human and that trends within the relevant research are accelerating much like the power of computers themselves.

Eugene Goostman would appear to have beat Kapor’s deadline by 15 years!

As with any wager, though, the devil is in the details, and here is where we come back to fuzzy definitions of intelligence. Eugene Goostman the computer program poses as a 13 year-old who is communicating in a language that isn’t his first. Interrogators had only had 5 minutes with which to get to know “him.” And in the end, a “passing” grade for this test was 30% – the program managed to convince 33% of judges it was human.

In a way, we have to talk about Turing tests. The Turing test passed by Eugene Goostman in not the same Turing test proposed by Kapor and Kurzweil. Indeed, Kurzweil found Eugene Goostman to be rather lacking, posting a transcript of a conversation he had with the program and pointing out some of its clearly non-human characteristics:

I chatted with the chatbot Eugene Goostman, and was not impressed. Eugene does not keep track of the conversation, repeats himself word for word, and often responds with typical chatbot non sequiturs.

His bet with Mitch Kapor stipulates that interviews will last 2 hours, which would allow for significantly more in-depth conversation and, one assumes, a much easier time in determining computer or human. Kurzweil has not conceded the bet and even explains that he expects a long period of dubious and debated claims that computers have passed Turing’s test.

Turing’s test was explicitly meant to ignore the mechanisms of thought and to focus on the experience of it, but in tweaking the rules of the test we implicitly set a bar and work towards a definition for human intelligence. The bar cleared by Eugene Goostman may not be high enough to indicate human-level intelligence to Kurzweil or many others, but there can be little doubt that higher bars will yet be cleared and each one’s demonstration of intelligence debated.

CryptogramThe Costs of NSA Surveillance

New America Foundation has a new paper on the costs of NSA surveillance: economic costs to US business, costs to US foreign policy, and costs to security.

News article.

Planet DebianChristian Perrier: Developers per country (July 2014)

This is time again for my annual report about the number of developers per country.

This is now the sixth edition of this report. Former editions:

So, here we are with the July 2014 version, sorted by the ratio of *active* developers per million population for each country.

Act: number of active developers
Dev: total number of developers
A/M: number of active devels per million pop.
D/M: number of devels per million pop.
2009: rank in 2009
2010: rank in 2010
2011: rank in 2011 (June)
2012: rank in 2012 (June)
2013: rank in 2012 (July)
2014: rank now
Code Name Population Act Dev Dev Act/Million Dev/Million 2009 2010 June 2011 June 2012 July 2013 July 2014
fi Finland 5259250 19 31 3,61 5,89 1 1 1 1 1 1
ie Ireland 4670976 13 17 2,78 3,64 13 9 6 2 2 2
nz New Zealand 4331600 11 15 2,54 3,46 4 3 5 7 7 3 *
mq Martinique 396404 1 1 2,52 2,52

3 4 4 4
se Sweden 9088728 22 37 2,42 4,07 3 6 7 5 5 5
ch Switzerland 7870134 19 29 2,41 3,68 2 2 2 3 3 6 *
no Norway 4973029 11 14 2,21 2,82 5 4 4 6 6 7 *
at Austria 8217280 18 29 2,19 3,53 6 8 10 10 10 8 *
de Germany 81471834 164 235 2,01 2,88 7 7 9 9 8 9 *
lu Luxemburg 503302 1 1 1,99 1,99 8 5 8 8 9 10 *
fr France 65350000 101 131 1,55 2 12 12 11 11 11 11
au Australia 22607571 32 60 1,42 2,65 9 10 12 12 12 12
be Belgium 11071483 14 17 1,26 1,54 10 11 13 13 13 13
uk United-Kingdom 62698362 77 118 1,23 1,88 14 14 14 14 14 14
nl Netherlands 16728091 18 40 1,08 2,39 11 13 15 15 15 15
ca Canada 33476688 34 63 1,02 1,88 15 15 17 16 16 16
dk Denmark 5529888 5 10 0,9 1,81 17 17 16 17 17 17
es Spain 46754784 34 56 0,73 1,2 16 16 19 18 18 18
it Italy 59464644 36 52 0,61 0,87 23 22 22 19 19 19
hu Hungary 10076062 6 12 0,6 1,19 18 25 26 20 24 20 *
cz Czech Rep 10190213 6 6 0,59 0,59 21 20 21 21 20 21 *
us USA 313232044 175 382 0,56 1,22 19 21 25 24 22 22
il Israel 7740900 4 6 0,52 0,78 24 24 24 25 23 23
hr Croatia 4290612 2 2 0,47 0,47 20 18 18 26 25 24 *
lv Latvia 2204708 1 1 0,45 0,45 26 26 27 27 26 25 *
bg Bulgaria 7364570 3 3 0,41 0,41 25 23 23 23 27 26 *
sg Singapore 5183700 2 2 0,39 0,39


33 33 27 *
uy Uruguay 3477778 1 2 0,29 0,58 22 27 28 28 28 28
pl Poland 38441588 11 15 0,29 0,39 29 29 30 30 30 29 *
jp Japan 127078679 36 52 0,28 0,41 30 28 29 29 29 30 *
lt Lithuania 3535547 1 1 0,28 0,28 28 19 20 22 21 31 *
gr Greece 10787690 3 4 0,28 0,37 33 38 34 35 35 32 *
cr Costa Rica 4301712 1 1 0,23 0,23 31 30 31 31 31 33 *
by Belarus 9577552 2 2 0,21 0,21 35 36 39 39 32 34 *
ar Argentina 40677348 8 10 0,2 0,25 34 33 35 32 37 35 *
pt Portugal 10561614 2 4 0,19 0,38 27 32 32 34 34 36 *
sk Slovakia 5477038 1 1 0,18 0,18 32 31 33 36 36 37 *
rs Serbia 7186862 1 1 0,14 0,14



38 38
tw Taiwan 23040040 3 3 0,13 0,13 37 34 37 37 39 39
br Brazil 192376496 18 21 0,09 0,11 36 35 38 38 40 40
cu Cuba 11241161 1 1 0,09 0,09
38 41 41 41 41
co Colombia 45566856 4 5 0,09 0,11 41 44 46 47 46 42 *
kr South Korea 48754657 4 6 0,08 0,12 39 39 42 42 42 43 *
gt Guatemala 13824463 1 1 0,07 0,07



43 44 *
ec Ecuador 15007343 1 1 0,07 0,07
40 43 43 45 45
cl Chile 16746491 1 2 0,06 0,12 42 41 44 44 47 46 *
za South Africa 50590000 3 10 0,06 0,2 38 48 48 48 48 47 *
ru Russia 143030106 8 9 0,06 0,06 43 42 47 45 49 48 *
mg Madagascar 21281844 1 1 0,05 0,05 44 37 40 40 50 49 *
ro Romania 21904551 1 2 0,05 0,09 45 43 45 46 51 50 *
ve Venezuela 28047938 1 1 0,04 0,04 40 45 50 49 44 51 *
my Malaysia 28250000 1 1 0,04 0,04

49 50 52 52
pe Peru 29907003 1 1 0,03 0,03 46 46 51 51 53 53
tr Turkey 74724269 2 2 0,03 0,03 47 47 52 52 54 54
ua Ukraine 45134707 1 1 0,02 0,02 48 53 58 59 55 55
th Thailand 66720153 1 2 0,01 0,03 50 50 54 54 56 56
eg Egypt 80081093 1 3 0,01 0,04 51 51 55 55 57 57
mx Mexico 112336538 1 1 0,01 0,01 49 49 53 53 58 58
cn China 1344413526 10 14 0,01 0,01 53 53 57 56 59 59
in India 1210193422 8 9 0,01 0,01 52 52 56 57 60 60
sv El Salvador 7066403 0 1 0 0,14

36 58 61 61































969 1561 62,08%







A few interesting facts:
  • New Zealand bumps from rank 7 to rank 3, thanks to one new active developer
  • Switzerland loses one developer and goes donw to rank 6
  • Norway also slightly goes down by losing one developer
  • With two more developers, Austria climbs up to rank 8 and overtakes Germany...;-)
  • Hungary climbs a little bit by gaining one developer
  • Singapore doubles its number of developers from 1 to 2 and bumps from 33 to 27
  • One rank up too for Poland that gained one developer
  • Down to rank 31 for Lithuania by losing one developer
  • Up to rank 32 for Greece with 4 developers instead of 3
  • Argentina goes up by havign two more developers (it lost 2 last year)
  • Up from 46 to 42 for Colombia by winning one more developer
  • One more developer and Russia climps from 49 to 48
  • One less for Venezuela that has only one developer left...:-(
  • No new country this year. Less movement towards "the universal OS"?
  • We have 12 more active Debian developers and 26 more developers overall. Less progression than last year
  • The ratio of active developers increases is nearly stable though slightly decreasing

TEDWhat happened after my TED Talk? I quit my job, wrote a book, grew my organization, and promoted a US postage stamp in Times Square

Hannah Brencher carried a USPS mail crate with her when she spoke at TED@NYC. Photo: Ryan Lash

Hannah Brencher carried a USPS mail crate with her when she spoke at TED@NYC. Photo: Ryan Lash

Hannah Brencher strolled onstage to give her TED Talk, “Love letters to strangers,” with a US Postal Service mail crate propped on her hip. And that mail crate full of letters turned out to be a metaphor for what happened next — a box of surprises and possibilities.

Onstage at Joe’s Pub in June 2012, Brencher told her story of writing love letters to strangers — yes, in her own handwriting — and leaving them on café tables, tucking them in books at the library, and sending them to anyone on the internet who asked. The project, which she began as a way to fight her post-college depression, took on its own life, so Brencher set up the website More Love Letters to help the letter-writing project expand to anyone who wants to get or send a little love.

As she wrote and practiced her TED Talk in the weeks before the June event, she was also daydreaming about leaving her full-time job to focus on More Love Letters — and to try her hand at writing her story as a memoir.

“The week I gave my talk,” says Brencher, “I was offered a freelance position that allowed me to leave my full-time job. So I gave my TED Talk, and then I walked into my office Monday morning and quit. It was a transformational weekend.”

But not an instant transformation, she says: “I left to work on More Love Letters and to write a book. But I started to gather more and more freelance work and just got very good at doing other things. I didn’t know how to do a book proposal; I didn’t know how to find an agent. I was just stalling.”

Then one day, five months after she quit her job, her phone started blowing up. “Friends started texting me saying, ‘Hannah, you’re the TED Talk of the Day right now,’” she remembers. “My life just flipped upside down from that point forward. Within 24 hours, my life was completely different.”

In the five months since her talk, Brencher hadn’t gotten far at all on her book idea. But a few hours after her talk posted, she got the push she needed: an email from an agent. “She sent me a message that said, ‘Hey, this resonates so much with me,’” remembers Brencher. “‘What you’re doing—I see this being a book.'”

Brencher signed with this agent, and the two began the long process of writing a book proposal. In the end, Brencher signed a contract with Howard Books at Simon & Schuster, and her memoir—If You Find This Letter—will be out in March 2015. “It tells her story of living in New York City, dealing with depression, and the movement that came out of these letters,” she says. “I had no idea how much [writing a book] was going to take out of me—how much I had to become a creature of habit, how much I had to sit with myself on a daily basis, and how much of the story I didn’t actually have figured out until I went to the page. There were a lot of days of me lying on the floor, crying into the Ikea carpet. But I am so thankful. It’s been just unreal to me.”

But as exciting as it was to get an agent and start writing her book, Brencher says that she knew the talk had truly made ripples when More Love Letters was asked to partner with the US Postal Service, after someone at the post office’s PR agency saw her TED Talk. The agency asked Brencher and More Love Letters to help promote the post office’s traditional Love stamp released each February for Valentine’s Day. The 2013 stamp was called “Sealed with Love.”

For the 14 days before Valentine’s Day in 2013, More Love Letters held love-letter-writing parties around the country and rallied their audience to write love letters to men and women serving in the U.S. military for the holiday.

Sealed with Love Table

Brencher snapped this photo of the letter-writing table she manned to promote the stamp, “Sealed with Love.”

On February 14, Brencher headed to Times Square in New York City, where the Postal Service had pitched an enormous “Sealed with Love” tent. She wore a red dress and sat a table writing love letters and offering stationery to passersby to write their own. In the tent, post office employees passed out stamps. Meanwhile, pop star Kevin Jonas and his wife—her fellow representatives for the stamp—roamed the tent, meeting and greeting.

“It was a dream partnership,” said Brencher. “We would not be able to function without the United States Postal Service, so to be able to meet some of the workers was great. People make comments like, ‘Oh, the Postal Service is on the way out,’ but it is so essential. I loved handing out envelopes and stamps and playing a part in making someone who would probably not write a letter reach out to a loved one.”

Of course, much more has happened since Brencher’s TED Talk posted. Brencher’s created a love-letter stationery kit through Potter Style at Crown Publishing; it will appear in gift stores in December of this year. Brencher continues to receive dozens of emails a week about her talk, and found herself especially moved when a class of 5th graders in Long Island watched it and wrote her a big stack of letters in response.

Meanwhile, More Love Letters is now up to 15 volunteers. Brencher hopes that with increased visibility through her talk, her book, and releasing more products like the stationery kit, More Love Letters will continue to grow.

“Letters—whether they’re breakup letters, or letters for people who are starting their first year of college, or just a random hello—we want to find a way to get them to as many people as possible,” she says. “Something that shows up in the mailbox for you—there’s a power behind that that you can’t touch.”

Hannah Brencher, heads down, writing Valentine's day love letters in Times Square. Photo: Courtesy of Hannah Brencher

Hannah Brencher, head down, writing Valentine’s Day love letters in Times Square.


Sociological ImagesA Reluctant Defense of Sunscreen for Men

Lotion is socially constructed as feminine and so some men, attempting to avoid the prevailing insults of our time – gay, fag, bitch, pussy, douche, girl, and woman – are disinclined to use it.

Eeeew, lotion!

You know who you are, guys.

Sunscreen is a category of lotion and so putting on sunscreen is equivalent to admitting you’re the sun’s bitch.  Men are supposed to let the sun bake their face into a tough, craggy masculinity that says “yeah, I go outdoors and, when I do, I don’t give a shit.”

Because caring about one’s health is for pussies, some scholars argue that being male is the single strongest predictor of whether a person will take health risks.  In fact, thanks in part to the stupid idea that lotion carries girl cooties, men are two to three times more likely to be diagnosed with skin cancer.

So, fine dudes, here’s some sunscreen for men.  For christ’s sake.

1

Thanks to @r0setayl0r and @ryesilverman for sending along the product!  Check it out on our truly humorous pointlessly gendered products Pinterest board.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

RacialiciousThe SDCC Files: The Black Panel

<iframe frameborder="no" height="750" src="http://storify.com/wriglied/sdcc-2014-the-black-panel/embed?border=false" width="100%"></iframe><script src="http://storify.com/wriglied/sdcc-2014-the-black-panel.js?border=false"></script>

<noscript>[View the story "SDCC 2014: The Black Panel" on Storify]</noscript>

The post The SDCC Files: The Black Panel appeared first on Racialicious - the intersection of race and pop culture.

RacialiciousThe SDCC Files: Racebending presents ‘Superheroines! Power, Responsibility and Representation’

<iframe frameborder="no" height="750" src="http://storify.com/wriglied/sdcc-2014-racebending-presents-superheroines-power/embed?border=false" width="100%"></iframe><script src="http://storify.com/wriglied/sdcc-2014-racebending-presents-superheroines-power.js?border=false"></script>

<noscript>[View the story "SDCC 2014: Racebending presents 'Superheroines! Power, Responsibility and Representation'" on Storify]</noscript>

The post The SDCC Files: Racebending presents ‘Superheroines! Power, Responsibility and Representation’ appeared first on Racialicious - the intersection of race and pop culture.

Planet DebianRussell Coker: Android Screen Saving

Just over a year ago I bought a Samsung Galaxy Note 2 [1]. About 3 months ago I noticed that some of the Ingress menus had burned in to the screen. Back in ancient computer times there were “screen saver” programs that blanked the screen to avoid this, then the “screen saver” programs transitioned to displaying a variety of fancy graphics which didn’t really fulfill the purpose of saving the screen. With LCD screens I have the impression that screen burn wasn’t an issue, but now with modern phones we have LED displays which have the problem again.

Unfortunately there doesn’t seem to be a free screen-saver program for Android in the Google Play store. While I can turn the screen off entirely there are some apps such as Ingress that I’d like to keep running while the screen is off or greatly dimmed. Now I sometimes pull the notification menu down when I’m going to leave Ingress idle for a while, this doesn’t stop the screen burning but it does cause different parts to burn which alleviates the problem.

It would be nice if apps were designed to alleviate this. A long running app should have an option to change the color of it’s menus, it would be ideal to randomly change the color on startup. If the common menus such as the “COMM” menu would appear in either red, green, or blue (the 3 primary colors of light) in a ratio according to the tendency to burn (blue burns fastest so should display least) then it probably wouldn’t cause noticable screen burn after 9 months. The next thing that they could do is to slightly vary the position of the menus, instead of having a thin line that’s strongly burned into the screen there would be a fat line lightly burned in which should be easier to ignore.

It’s good when apps have an option of a “dark” theme, that involves less light coming from the screen that should reduce battery use and screen burn. A dark theme should be at least default and probably mandatory for long running apps, a dark theme is fortunately the only option for Ingress.

I am a little disappointed with my phone. I’m not the most intensive Ingress player so I think that the screen should have lasted for more than 9 months before being obviously burned.

Planet Linux AustraliaAndrew Pollock: [life] Day 181: Kindergarten, startup stuff, tennis and haircuts

Zoe had a massive sleep last night. I had her in bed by 7:20pm. She woke up a little before 6am because she'd lost Cowie, and went back to sleep until 7:30am. I had planned to try biking to Kindergarten for the first time in ages, but we got to Kindergarten late enough as it was driving.

I pretty much spent the day studying for my real estate license. I selected finalists for the design contest I'm running on 99designs. If you'd like to vote, I'm running a poll.

I picked up Zoe from Kindergarten and walked her next door to her tennis lesson. She really didn't want to do it this afternoon, and it took some firm encouragement to get her to participate. I'm never sure where to draw the line, but based on the grinning and running around within seconds of her finally joining in, I think I made the right decision. I think the problem was she was too hot. It was quite a warm day today.

The plan after that had been to go back to Megan's house for a play date, but her little sister had come home from day care early, showing signs of conjunctivitis, so we instead went to the local coffee shop for a babyccino with Megan and her Dad. While we were there, I managed to snag an appointment for a haircut for me, and a fringe trim for Zoe, so we headed over there afterwards.

After our haircuts, it was pretty much time to start making dinner, so Zoe watched some TV, and I prepared dinner.

I managed to get Zoe to bed early. It'll be interesting to see if she has another massive sleep again.

CryptogramConference on Deception

There was a conference on deception earlier this month. Sophie Van Der Zee has a summary of the sessions.

Planet DebianRussell Coker: Happiness and Lecture Questions

I just attended a lecture about happiness comparing Australia and India at the Australia India Institute [1]. The lecture was interesting but the “questions” were so bad that it makes a good case for entirely banning questions from public lectures. Based on this and other lectures I’ve attended I’ve written a document about how to recognise worthless questions and cut them off early [2].

As you might expect from a lecture on happiness there were plenty of stupid comments from the audience about depression, as if happiness is merely the absence of depression.

Then they got onto stupidity about suicide. One “question” claimed that Australia has a high suicide rate, Wikipedia however places Australia 49th out of 110 countries, that means Australia is slightly above the median for suicide rates per country. Given some of the dubious statistics in the list (for example the countries claiming to have no suicides and the low numbers reported by some countries with extreme religious policies) I don’t think we can be sure that Australia would be above the median if we had better statistics. Another “question” claimed that Sweden had the highest suicide rate in Europe, while Greenland, Belgium, Finland, Austria, France, Norway, Denmark, Iceland, and most of Eastern Europe are higher on the list.

But the bigger problem in regard to discussing suicide is that the suicide rate isn’t about happiness. When someone kills themself because they have a terminal illness that doesn’t mean that they were unhappy for the majority of their life and doesn’t mean that they were any unhappier than the terminally ill people who don’t do that. Some countries have a culture that is more positive towards suicide which would increase the incidence, Japan for example. While people who kill themselves in Japan are probably quite unhappy at the time I don’t think that there is any reason to believe that they are more unhappy than people in other countries who only keep living because suicide is considered to be wrong.

It seems to me that the best strategy when giving or MCing a lecture about a potentially contentious topic is to plan ahead for what not to discuss. For a lecture about happiness it would make sense to rule out all discussion of suicide, anti-depressants, and related issues as they aren’t relevant to the discussion and can’t be handled in an appropriate manner in question time.

Worse Than FailureCircle Around the Requirements

Bakdar was the only technical person at PromoCorp, a marketing company. When someone finally launched a technical project, he was ready. The product was a cutting-edge web-to-print technology, in which Joe User could easily upload an image of his plumbing company’s logo onto a mock-up of a pen, and send it to PromoCorp with his order. It would save time, money, and provide a revenue stream for PromoCorp. The project was big, the project was technical, and the project was the attractive sort of thing that made careers. Bakdar was over the moon.

It was a brilliant idea, with one problem. PromoCorp didn’t have the internal resources to create the web interface on their own, so they contracted a third party, Weblutions, to do it for them. Bakdar was the liaison between the two, tasked with making sure things went smoothly. The interface between Weblutions and PromoCorp was supposed to import the images from Weblutions so that they could be emblazoned onto things like crappy t-shirts nobody would ever wear. The finished goods would then be returned to the customer who initiated the request.

Jarvis was the lead developer at Weblutions, and was Bakdar’s point of contact. Jarvis provided FTP access to the cache of uploaded files and order documents (in XML, of course). What Bakdar got from there were piles of very low-resolution, raster-based PNG files that wouldn’t look good in Minecraft, let alone printed on promotional items.

“Hey, Jarvis,” Bakdar said over the phone. “Listen, I got into the FTP and pulled the images, but they… they aren’t what we’re hoping for?”

“Really bro?” Jarvis said. “Looks gnarly over here. What’s the problem?”

“The largest image is 640x480. If I printed these logos on some promo balloons, it would just look like some sort of smeared blob.”

“Alright, alright, that’s cool. So what can Jarvis do for ya?”

“Well, you either need to give us the images in a vector format, or give us much higher resolution raster files.” Bakdar explained the importance of DPI and print size. “Something like SVG files for vector art would be the best.”

“Well, why didn’t you say so, man?” Jarvis said, ignoring the fact that the requirements document clearly stated valid minimum resolutions. “I’ll get ’em to you by the end of the week!” Jarvis brimmed with confidence. “Vectors, man. Vectors!”

Bakdar should have been relieved, but he couldn’t seem to shake his unease about the situation. Still, Jarvis was the lead developer, and Bakdar hadn’t written anything from scratch in years. He gave Jarvis the benefit of the doubt, vowing to check back on his progress at the end of the week.

Friday afternoon rolled along, and there was still no word from Jarvis. Bakdar shot off a quick email, hoping for an update, but instead got an out-of-office message: “I’m out of the office for the next week, dudes and dudettes! Surfing trip, WOOOOOO!” Bakdar furrowed his brow as hard as a brow can be furrowed.

When Jarvis returned from vacation, he replied to Bakdar’s original email: “So sorry, bro. I forgot to tell you that I redid everything like you asked. It’s all SVGs now! Peace ~ Jarvis”.

Bakdar did his best to ignore the fact that Jarvis had wasted a whole week of his time, and connected to the FTP site to import the new images. The progress bar crept up to 5% and stayed there. For an hour. Bakdar canceled it and had Jarvis remove all but one image from the directory so that he could test the import.

The process got past 5%, but was glacially slow for a single image. This gave Bakdar time to imagine what would be waiting for him when it was done. He half expected a PNG file with its base64-encoded data embedded in the SVG file, but that would be silly.

Silly, and much, much better than what Jarvis did. Jarvis’s “ingenious” vectorization algorithm created a file which contained a circle node with a radius of 1px for every single pixel in the (still woefully low-resolution) original PNG file. The 3kb PNG file blew up to a 3.7Mb SVG file. Chrome and Firefox committed browser suicide rather than render it. Adobe Illustrator tried its best for 20 minutes before its proverbial head exploded. Past WTF evidence should have told Jarvis that circles are nothing but trouble, but nonetheless, he came up with this atrocious solution.

Bakdar called Jarvis. “Jarvis, we need to chat…”

“Right on, bro. What’s up?”

“I can’t use this. The file sizes are far too large, and it renders the system inoperable.”

“Hold on a sec, buddy. After our last call, I went back to the requirements. Section 4 says the images can either be high-resolution raster files, or- and check this, dude, direct quote- ‘an SVG file’. That’s what I gave you. It meets the requirements.”

“Yeah… but… well… let me get back to you.” Bakdar rushed to the requirements document in hopes of finding the logical flaw in Jarvis’s response. Sadly, the document said nothing about file sizes or processing times.

Bakdar had to go back to his superiors and explain how their high-res image project would be delayed while he worked through some kinks with the web vendor. Any urgent client requests for promotional items would be limited to tiny logos on small trinkets until Bakdar found a way to claim “SVG file” precluded Jarvis’s pointillist solution. Suddenly, the whole “manage a technical project” thing had lost its glamor.

[Advertisement] Have you seen BuildMaster 4.3 yet? Lots of new features to make continuous delivery even easier; deploy builds from TeamCity (and other CI) to your own servers, the cloud, and more.

Planet DebianJohannes Schauer: bootstrap.debian.net temporarily not updated

I'll be moving places twice within the next month and as I'm hosting the machine that generates the data, I'll temporarily suspend the bootstrap.debian.net service until maybe around September. Until then, bootstrap.debian.net will not be updated and retain the status as of 2014-07-28. Sorry if that causes any inconvenience. You can write to me if you need help with manually generating the data bootstrap.debian.net provided.

Planet DebianRicardo Mones: Switching PGP keys

Finally I find the mood to do this, a process which started 5 years ago in DebConf 9 at Cáceres by following Ana's post, of course with my preferred options and my name, not like some other ;-).

Said that, dear reader, if you have signed my old key:

1024D/C9B55DAC 2005-01-19 [expires: 2015-10-01]
Key fingerprint = CFB7 C779 6BAE E81C 3E05  7172 2C04 5542 C9B5 5DAC

And want to sign my "new" and stronger key:

4096R/DE5BCCA6 2009-07-29
Key fingerprint = 43BC 364B 16DF 0C20 5EBD  7592 1F0F 0A88 DE5B CCA6

You're welcome to do so :-)

The new key is signed with the old, and the old key is still valid, and will probably be until expiration date next year. Don't forget to gpg --recv-keys DE5BCCA6 to get the new key and gpg --refresh-keys C9B55DAC to refresh the old (otherwise it may look expired).

Debian's Keyring Team has already processed my request to add the new key, so all should keep working smoothly. Kudos to them!

Planet Linux AustraliaRusty Russell: Pettycoin Alpha01 Tagged

As all software, it took longer than I expected, but today I tagged the first version of pettycoin.  Now, lots more polish and features, but at least there’s something more than the git repo for others to look at!

Planet DebianChristian Perrier: [life] Running update July 26th 2014

Dog, long time since I blogged about my running activities. Apparently, I didn't since.....I posted a summary for 2013.

So, well, that will be a long update as many things happened during the first half of 2014 when it comes at running, for me.

January: I was recovering from a fatigue fracture injury inherited from last races in 2013. As a consequence, I resumed running only on Jan 7th. Therefore I cancelled my participation to the "Semi Raid 28", an night orienteering raid of about 50-60km in southern neighbourhood of Paris. Instead, I actually offerred my help to organizers in collecting orienteering signs after the race (the longest one : 120km). So, I ended up spending over 24 hours running in woods and hunting down hidden signs with the same information than runners. My only advantage was that I was able to use my car to go from one point to another. Still, I ended up running over 70km in many small parts, often alone in the dark woods with my headlamp, on very muddy areas...and collecting nearly 80 huge signs.

February: Everything was going well and I for instance ran a great half-marathon in Bullion (south of Paris) in 1h3821" (great for a quite hilly race)....until I twisted my left ankle while running back from work. A quite severe twist, though no bone damage, thankfully. I had to stop running, again, for 3 years. Biking to/from work was the replacement activity....

March: I resumed running on March 10th, one week before a quite difficult trail race in my neighbourhood (30km "only" but up to 800 meters positive climb). That race was a preparation (and a test after the injury) for my 3rd participation to "Paris Ecotrail", a 80km trail race in woods of the South-West area of Paris, ending in the Eiffel Tower area. Indeed, both went very well, though I was very careful with my ankle. I finally broke my record at Ecotrail, finishing the race in 9h08 (to be compared to 9h36 last year and 11h15 the year before).

April: Paris marathon was scheduled one week after Ecotrail. Everybody will tell you that running a marathon one week after a 80km race is kinda crazy.....which is why I made it..:-). That was my 3rd Paris marathon and my 12th marathon overall. However, this year, no record in sight. The challenge was running the marathon....dressed as SpongeBob (you know me, right?). I actually had great fun doing that and was happy to get zillions of cheering all over the race, from the crowd. I finally completed the race in 4h30, which is, after all, not that far from the time of my very first marathon (4h12). The only drawback was that the succession of quite very long distance runs made my left knee suffer as it never happened before. As a consequence, I (again) had to stop running for nearly one month before we found that I was quite sensitive to pronation, which the succession of long and slow races made worse.

May: so finally afterthese (very) long weeks, I could gradually resume running, which finally culminated in mid-May with the 50km race "trail des Cerfs", in the Rambouillet Forest, closed to our place. This quite long but not too difficult trail race ("only" 800 meters positive climb overall) was completed in 5h16, which was completely unexpected, given the low training during the previous weeks.

June: no race during that month. The entire month was focused on preparing the Montagn'hard race of July 5th: so several training sessions with a lot of climbing either by running or by fast walking (nordic style) as well as downhill run training (always important for moutain trail).

July: the second "big peak" of my 2014 season was scheduled for July 5th: "La Montagn'hard", a moutain trail race close to Les Contamines in the neighbourhood of Chamonix, the french moutaineering Mekkah. "Only" 60 kilometers....but close to 5000 meters positive climb. Montagn'hard is among the thoughest moutain trail races in France and therefore a "must do" for trail runners. This race week-end includes also a 105km ultra-race, which is often said to be as hard, even maybe harder, than the very famous "Ultra Trail du Mont-Blanc" trail in Chamonix. Still, for my second only season in moutain trail running, I decided to be "wise" and stick with the "medium" version (after all, my experience, as of now with moutain trails were only two quite "short" ones). Needless to say, it has indeed been a GREAT race. The environment is wonderful ("Miage" side of the Mont-Blanc range), the race goes through great place (Col de Tricot, noticeably) and I made a great result by finishing80th out of 325+ runners, in 12h18, while my target time was around 13 hours.

This is where I am now. Nearly one month after Montagn'hard, I'm deeply training for my next Big Goal: The "Sur la Trace des Ducs de Savoie" or "TDS", one of the 4 races of the Ultra Trail du Mont-Blanc week, in end August (during DebConf): 120km, nearly 7500m positive climp, between Courmayeur and Chamonix, through several passes, up to 2600m height. Yet another challenge: my first "over 24h" race, with a full night out in the moutains.

You'll certainly hear again from me about that...:-)

Planet Linux AustraliaBrendan Scott: brendanscott

The Cabinet Office has announced the adoption of its open standards:

“The selected standards, which are compatible with commonly used document applications, are:

PDF/A or HTML for viewing government documents

Open Document Format (ODF) for sharing or collaborating on government documents

The move supports the government’s policy to create a level playing field for suppliers of all sizes, with its digital by default agenda on track to make cumulative savings of £1.2 billion in this Parliament for citizens, businesses and taxpayers.”

Imagine a world in which there is the possibility of competition for office suites.  One day Australia might join that world too.


,

TEDAn ode to lunch ladies, a park underneath the streets of New York, and an attempt to put the ‘awe’ back in ‘awesome': A recap of TED@NYC

Sally Kohn opens TED@NYC with a plea for us to think of each tweet we write and each headline we click on as an act of media creation. Photo: Ryan Lash

Sally Kohn opens TED@NYC with a plea for us to think of each tweet we write and each headline we click on as an act of media creation. Photo: Ryan Lash

TED@NYC is not your usual TED event. Hosted in a New York City club, speakers here—many of whom responded to an open audition call—give rapid-fire, five-minute talks. Below, a recap of each speaker who took the stage last night during this inspiring evening.

The internet can be a place of intelligent conversation, or a place of rumors and insults. Sally Kohn, once the liberal voice of Fox News and now a CNN contributor (and occasional Newt Gingrich debate partner), returns to the TED@NYC stage to deliver an important message: We can influence what we see online, because we are not just passive recipients of media. With everything we blog, everything we tweet and every link we click on, we are making media, she says. “We are the new editors,” she stresses. “We decide what gets attention.”

“Big oil broke my heart,” says Christine Bader, author of The Evolution of the Corporate Idealist. Bader worked at BP for nine years, believing deeply in the power of business to do good. But when the Deepwater Horizon Oil Rig exploded in the Gulf of Mexico, she became disillusioned. That’s when she had to start appreciating incremental progress. Inside every massive corporation, there’s an invisible army of idealists working to prevent disasters, she says, and they tackle the toughest issues at the heart of globalization, step by step, day by day. If we reward the responsible, honest and cautious behavior we want to see in business, we can move the needle, she says.

We live in an age of relentless self-promotion, but that culture is not without exception. David Zweig sings the praises of “Invisibles,” those with successful careers who haven’t made a name for themselves at all. There’s Jim Harding, the mind behind wayfinding, the art of guiding people through complex spaces with just the right signage font and aisle angle. There’s Dennis Poon, who’s engineered some of the world’s tallest skyscrapers without the public face of a Wright or Gehry, and Peter Stumpf, the piano technician for a symphony orchestra, whose name isn’t in the program but feels a part of a duet when the piano sounds right. These invisibles share a desire to remain outside the limelight, but Zweig believes that their stories are the antidote to a world that lives for likes and followers.

When children’s book author Jarrett Krosoczka visited his elementary school, he looked across the cafeteria. “There she was, my old lunch lady,” he says. Seeing the woman who used to happily serve him pizza ignited the idea for the Lunch Lady graphic novel series, in which hand-drawn heroes wield fishstick nunchucks and capture the bad guys in hairnets.The series took off, but even more meaningful to Krosoczka: his lunch lady felt like he’d validated her life’s work. It led Krosoczka to a new project—School Lunch Hero Day—to thank hard workers like her.

Next up is a speaker who had a lunch lady in her life very recently. Sara Sakowitz, an 18-year-old cancer researcher, is studying genetic methods to stop the spread of breast cancer. Her work focuses on shutting down the dangerous stage of metastasis by silencing important genes that normally block cancer progression. It’s a new therapy that could someday change the way we treat many types of cancer. As Sakowitz has developed and grown as a researcher, she’s realized that science always needs fresh perspectives and people brave enough to explore new directions. It’s time for a mindset shift, she says. If we rethink how we think, we can find more effective treatments.

Why does time seem to fly on some occasions and to creep by interminably on others? That question is the focus of Jordan Gaines Lewis’ side work in science writing. Cross-cultural studies have yielded surprisingly concrete conclusions, in the form of five key things that make time fly: (1)  A lack of memorable events (think high school homecoming) (2) Time becoming short relative to how long you’ve lived (3) Actual biological signals within your body (4) A focus on boring routines and (5) Stress, because perceiving there to be too little time actually makes it seem like there’s even less of it. Armed with this information, the ways to slow time down are actually quite simple. Vary your routine, make plans for the future, and make a conscious effort to savor each moment.

Daniel Barasch left his job to work fulltime on The Lowline, the first underground park.

Daniel Barasch left his job to work fulltime on The Lowline, the first underground park.

Daniel Barasch is building a park, complete with lush greenery, underneath the bustling sidewalks of New York City. The inversion of the Highline, this project is called The Lowline, and it will be built in an underground trolley terminal abandoned in 1948. By harvesting sunlight, concentrating it and reflecting it below ground, this park-in-the-works will be bright and beautiful—a football field-sized space where residents of the Lower East Side can gather year-round. This part is especially important to Barasch, as this is the neighborhood where his grandparents lived when they first immigrated to the United States. They may even have walked through that very trolley terminal.

Why do we love iced coffee, but sometimes cringe at the sight of someone wearing Google Glass? The answer, says Madison Maxey, lies with ergonomic design. The founder of CRATED, a fashion and tech company, is fascinated with the bond between human and object. She thinks that the future of wearable technology lies with objects that interact with us, ask us questions and predict what we want. If we fold design into the creative process, rather than applying it on top later, we might hit the sweet spot where we fall in love with our objects.

Around the world men are facing a dire problem: They believe they cannot dance. Benjamin Weston is here to help. The only dance step you need, he says, is the two-step. Step right and touch, step left and touch. The secret is that dancing isn’t really your moves at all. Pull your hands out of your pockets, stop hiding behind your drink, and give it some flavor — if the music is playful, be playful; if the music is aggressive, be aggressive. Dancing is just your presence, to a beat, insists Weston, as he shakes and shimmies on the stage.

The stories we’re told about love as kids lead us to believe that our perfect partner appears magically or by fate. Ty Tashiro, relationship psychologist and author of The Science of Happily Ever After, is here to tell us that’s not the case—and that these beliefs lead us to look for the wrong things in potential partners. As Tashiro found in his research, people tend to get their “first three wishes” in a partner, but too often they waste these wishes on good looks and wealth while the characteristics that really correlate to marital happiness are emotional stability, being exciting, and being kind. For couples that choose each other based on these criteria, marriage satisfaction stays far more stable over the long-term.

Our next speaker shares a deeply personal story of fatherhood and forgiveness. Growing up on the South Side of San Antonio in the 1980s, actor and writer Brian Luna struggled with poverty, homelessness and unemployment after his father was arrested for theft. Luna shares how he came to terms with his own shame about his father’s decisions. He was angry and frustrated, until one night, at 3 a.m., he visited his dad at work. They began the long, difficult journey of working through their challenges. “Shine a light on your story,” he says. “Let others know that outside the impossible walls of this shame, the air is breathable.”

“We’re all made of the same stuff in the same box,” says Dustin Yellin, who knows a thing or two about boxes. When the artist was eight years old, he buried a dollar bill, a pen and a fork in a box for aliens to find. In his later work, he filled layers of resin and glass with his own taxonomy of invented specimens — plants, insects and creatures like “Triptych,” his eerie and astounding homage to Hieronymous Bosch’s Garden of Earthly Delights that’s filled with cycloptic eyeballs, floating animal heads and Osama bin Laden. But the latest and largest of his boxes is “Pioneer Works,” which contains a physicist, a musician, a garden and a school, for starters. “We shake the box and people start hitting each other like particles,” he says.

The second session of the evening kicks off with the intricate and irresistible beats of Emily Wells. The classical violinist blends the traditional with the modern in a mesmerizing blend of strings, vocals and electronic rhythm. With a performance, she entranced the audience.

Joy Sun challenges organizations to nix the idea that “some good” is all we can hope for. With the belief that charity should empower rather than simply help, this TED Fellow works as the COO of GiveDirectly, which allows donors to transfer funds to people, ”cash given with no strings attached.” Sun admits that, at first, she assumed this was not the best model as people might actually need organizations to help them make good choices. But the evidence shows otherwise. So Sun asks: how good are organizations at allocating resources on behalf of the poor? To do the most good, she suggests, sometimes the best thing we can do is take a step back and give people the means to help themselves.

Nonprofit life is intense. Once upon a time, the former executive director of GLAAD, Joan Garry, was what her employees described as a venti — a Starbucks measurement of intensity. Her leadership style was making people sick — literally. After noticing an employee’s serious health condition, she learned three valuable lessons about managing the intensity and urgency of work: focus on what actually matters, be a real person who has fun, and be a champion of purpose, helping each employee find meaning and significance in their work. These are good tips to help you manage your job, no matter where you work.

Daniel Gareau and his team created a new microscope system that provides cellular imaging in whole tissue. They were excited about their breakthrough, and couldn’t wait for it to revolutionize skin cancer surgery. But when they presented their black-and-white contrast images to medical teams, they could see that they weren’t capturing the doctors’ interest. The images weren’t in the visual language that medical teams were used to, pink-and-purple dye stain that they had years of experience interpreting. As soon as they reorganized the tech to match those familiar visuals, the system started turning heads. “Tech won’t change medical practice with one inventor,” says Gareau. “It needs to spread.”

Mulmul Kuo reveals her art that can, in essence, have a conversation with you. Photo: Ryan Lash

Molmol Kuo reveals her art that can, in essence, have a conversation with you. Photo: Ryan Lash

Artist Molmol Kuo creates objects that tell stories. At YesYesNo, she makes art that breaks the barriers between human and object in surprising and funny ways. With new media and a penchant for “doing weird things with electricity,” she’s designed water fountains and shoes that talk to you. And for London’s cultural expo, she created a series of balloons that ran 70 miles along Hadrian’s Wall and communicated user-generated messages through light.

Draped in a glittery, feathery explosion of stars and stripes, Taylor Mac sighs, “Aren’t you exhausted from ideas? This is a factory of ideas.” To pause the flow of speakers, judy (Mac’s preferred name) does some performance art, launching into “Snakeskin Cowboy” from judy’s upcoming 24-decade concert of the history of music. Determined to turn the room into “a queer junior high school dance,” judy asks the audience to stand up, find someone of the same sex, and hold on tight. Together, the room sways. “You have to go on a little longer than is appropriate,” judy says. “If you stop, Ted Nugent has won.”

Up next is cybersecurity expert Dave Weinstein, who thinks we need to reevaluate our approach to staying safe online. Rather than focusing on the vulnerabilities of the Internet, let’s think about the human decisions behind cyberattacks. Where does this desire to do harm come from? How can we create a system to mutually deter aggressive online behavior? If we focus on the humanity behind cyber, says Weinstein, we’ll have a safer online world.

Luigi Sorbara dreamed of being a professional athlete, but he knew he wasn’t strong enough and fast enough. So he settled for doing math in a windowless room. What he got was not a bad compromise: doing math in an NBA arena. Sorbara brings what he calls “the databall” to the Boston Celtics, taking the massive amounts of data recorded by six cameras trained on all 10 players, plus the ball, through every single game. How is that helpful? While Sorbara won’t reveal any Celtics secrets (especially not in New York), he shares some of what the Houston Rockets are doing with it: their data showed that the estimated shot value on a long two-pointer was actually lower than a three-pointer, so they changed their offense. Now 89 percent of their shots are either three-pointers or right at the rim.

Comedian Jill Shargaa speaks next, giving an awesome talk about the most awesome word: awesome. It’s overused, she says. Let’s fix that. She heeds us to put the awe back in awesome, because when we mix the mundane with the majestic, we take the power away from our lexicon. Some things that are actually awesome: the wheel! Pyramids! The Grand Canyon! Louis Daguerre! D-Day! Honey bees! The moon landing! Woodstock! Sharks! The Internet! What’s not awesome? Powerpoints.

Perry Barber didn’t become a female MLB umpire as a political act—her mother just told her that a Little League team was looking for an umpire, so she thought she’d give it a try. She’s passionate about encouraging other women to try it too, as there are currently zero female umpires in professional baseball—not because of discrimination, but because of inertia, she says. Umpiring is much more fun than it looks and it’s also a job that requires serious conflict resolution and communication skills. Staying composed in the middle of the chaos, diffusing potential violence—this is what makes umpiring meaningful. So ladies, get thee to umpire school.

“Am I going to die?” As an EMT, Matthew O’Reilly was hit with this question over and over. When someone has minutes left to live, and there is nothing medicine can do, O’Reilly has make a choice: “Do I tell the dying that they’re going to face death?” In these patients, O’Reilly sees above all inner peace and acceptance, so he has made the decision: “It is not my place to comfort the dying with my lies.” As people look for forgiveness, remembrance and significance in their lives, O’Reilly has come to value honest answers to hard questions.

Teacher and poet Clint Smith opens his poem “Silence” with a quote from Martin Luther King, Jr.: “In the end, we will remember not the words of our enemies, but the silence of our friends.” He continues exploring the danger and shame of silence in his own life — from one Lent in childhood when he gave up speaking, to awkward things unsaid at fundraising dinners — and in the lives of his students. In his classroom there are four ruling principles: (1) Read critically. (2) Write consciously. (3) Speak clearly. (4) Speak your truth. He does that with gusto in this spoken-word piece, avowing, “I will live every day as if there were a microphone tucked under my tongue.”

With quick wit and brutal honesty, Baratunde Thurston steps to the stage to wrap up the night. The comedian, author of How to Be Black and co-founder of Cultivated Wit shares observations, lessons learned, and some of his own commentary on the evening’s proceedings. From a solution to Sally Kohn’s clicking manifesto to a new name for Perry Barber’s profession to utter awe at Sara Sakowitz’s work, he was the perfect end to an — wait for it — awesome evening.

Baratunde Thurston closes out the night with hilarious observations. Photo: Ryan Lash

Baratunde Thurston closes out the night with sharp, funny observations. Photo: Ryan Lash

Liz Jacobs, Morton Bast, Olivia Cucinotta and Kate Torgovnick May all contributed to this piece.


RacialiciousThe SDCC Files: The Battle For Multicultural Heroes

<iframe allowtransparency="true" frameborder="no" height="750" src="http://storify.com/aboynamedart/the-battle-for-multicultural-heroes/embed?border=false" width="100%"></iframe><script src="http://storify.com/aboynamedart/the-battle-for-multicultural-heroes.js?border=false"></script>
<noscript>[View the story "The Battle For Multicultural Heroes" on Storify]</noscript>

The post The SDCC Files: The Battle For Multicultural Heroes appeared first on Racialicious - the intersection of race and pop culture.

Krebs on SecurityHackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System

Three Israeli defense contractors responsible for building the “Iron Dome” missile shield currently protecting Israel from a barrage of rocket attacks were compromised by hackers and robbed of huge quantities of sensitive documents pertaining to the shield technology, KrebsOnSecurity has learned.

The never-before publicized intrusions, which occurred between 2011 and 2012, illustrate the continued challenges that defense contractors and other companies face in deterring organized cyber adversaries and preventing the theft of proprietary information.

The Iron Dome anti-missile system in operation, 2011.

A component of the ‘Iron Dome’ anti-missile system in operation, 2011.

According to Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. (CyberESI), between Oct. 10, 2011 and August 13, 2012, attackers thought to be operating out of China hacked into the corporate networks of three top Israeli defense technology companies, including Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems.

By tapping into the secret communications infrastructure set up by the hackers, CyberESI determined that the attackers exfiltrated large amounts of data from the three companies. Most of the information was intellectual property pertaining to Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rockets, and other technical documents in the same fields of study.

Joseph Drissel, CyberESI’s founder and chief executive, said the nature of the exfiltrated data and the industry that these companies are involved in suggests that the Chinese hackers were looking for information related to Israel’s all-weather air defense system called Iron Dome.

The Israeli government has credited Iron Dome with intercepting approximately one-fifth of the more than 2,000 rockets that Palestinian militants have fired at Israel during the current conflict. The U.S. Congress is currently wrangling over legislation that would send more than $350 million to Israel to further development and deployment of the missile shield technology. If approved, that funding boost would make nearly $1 billion from the United States over five years for Iron Dome production, according to The Washington Post.

Neither Elisra nor Rafael responded to requests for comment about the apparent security breaches. A spokesperson for Israel Aerospace Industries brushed off CyberESI’s finding, calling it “old news.” When pressed to provide links to any media coverage of such a breach, IAI was unable to locate or point to specific stories. The company declined to say whether it had alerted any of its U.S. industry partners about the breach, and it refused to answer any direct questions regarding the incident.

arrow3“At the time, the issue was treated as required by the applicable rules and procedures,” IAI Spokeswoman Eliana Fishler wrote in an email to KrebsOnSecurity. “The information was reported to the appropriate authorities. IAI undertook corrective actions in order to prevent such incidents in the future.”

Drissel said many of the documents that were stolen from the defense contractors are designated with markings indicating that their access and sharing is restricted by International Traffic in Arms Regulations (ITAR) — U.S. State Department controls that regulate the defense industry. For example, Drissel said, among the data that hackers stole from IAI is a 900-page document that provides detailed schematics and specifications for the Arrow 3 missile.

“Most of the technology in the Arrow 3 wasn’t designed by Israel, but by Boeing and other U.S. defense contractors,” Drissel said. “We transferred this technology to them, and they coughed it all up. In the process, they essentially gave up a bunch of stuff that’s probably being used in our systems as well.”

WHAT WAS STOLEN, AND BY WHOM?

According to CyberESI, IAI was initially breached on April 16, 2012 by a series of specially crafted email phishing attacks. Drissel said the attacks bore all of the hallmarks of the “Comment Crew,” a prolific and state-sponsored hacking group associated with the Chinese People’s Liberation Army (PLA) and credited with stealing terabytes of data from defense contractors and U.S. corporations.

Image: FBI

Image: FBI

The Comment Crew is the same hacking outfit profiled in a February 2013 report by Alexandria, Va. based incident response firm Mandiant, which referred to the group simply by it’s official designation — “P.L.A. Unit 61398.” In May 2014, the U.S. Justice Department charged five prominent military members of the Comment Crew with a raft of criminal hacking and espionage offenses against U.S. firms.

Once inside the IAI’s network, Comment Crew members spent the next four months in 2012 using their access to install various tools and trojan horse programs on systems throughout company’s network and expanding their access to sensitive files, CyberESI said. The actors compromised privileged credentials, dumped password hashes, and gathered system, file, and network information for several systems. The actors also successfully used tools to dump Active Directory data from domain controllers on at least two different domains on the IAI’s network.

All told, CyberESI was able to identify and acquire more than 700 files — totaling 762 MB total size — that were exfiltrated from IAI’s network during the compromise. The security firm said most of the data acquired was intellectual property and likely represented only a small portion of the entire data loss by IAI.

“The intellectual property was in the form of Word documents, PowerPoint presentations, spread sheets, email messages, files in portable document format (PDF), scripts, and binary executable files,” CyberESI wrote in a lengthy report produced about the breaches.

“Once the actors established a foothold in the victim’s network, they are usually able to compromise local and domain privileged accounts, which then allow them to move laterally on the network and infect additional systems,” the report continues. “The actors acquire the credentials of the local administrator accounts by using hash dumping tools. They can also use common local administrator account credentials to infect other systems with Trojans. They may also run hash dumping tools on Domain Controllers, which compromises most if not all of the password hashes being used in the network. The actors can also deploy keystroke loggers on user systems, which captured passwords to other non-Windows devices on the network.”

The attackers followed a similar modus operandi in targeting Elisra, a breach which CyberESI says began in October 2011 and persisted intermittently until July 2012. The security firm said the attackers infiltrated and copied the emails for many of Elisra’s top executives, including the CEO, the chief technology officer (CTO) and multiple vice presidents within the company.

CyberESI notes it is likely that the attackers were going after persons of interest with access to sensitive information within Elisra, and/or were gathering would be targets for future spear-phishing campaigns.

Drissel said like many other such intellectual property breaches the company has detected over the years, neither the victim firms nor the U.S. government provided any response after CyberESI alerted them about the breaches at the time.

“The reason that nobody wants to talk about this is people don’t want to re-victimze the victim,” Drissel said. “But the real victims here are the people on the other end who are put in harm’s way because of poor posture on security and the lack of urgency coming from a lot of folks on how to fix this problem. So many companies have become accustomed to low-budget IT costs. But the reality is that if you have certain sensitive information, you’ve got to spend a certain amount of money to secure it.”

ANALYSIS

While some of the world’s largest defense contractors have spent hundreds of millions of dollars and several years learning how to quickly detect and respond to such sophisticated cyber attacks, it’s debatable whether this approach can or should scale for smaller firms.

Michael Assante, project lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) security at the SANS Institute, said although there is a great deal of discussion in the security industry about increased information sharing as the answer to detecting these types of intrusions more quickly, this is only a small part of the overall solution.

“We collectively talk about all of the things that we should be doing better — that we need to have better security policies, better information sharing, better detection, and we’re laying down the tome and saying ‘Do all of these things’,” Assante said. “And maybe a $100 million security program can do all these things well or make progress against these types of attacks, but that 80-person defense contractor? Not so much.

Assante said most companies in the intelligence and defense industries have gotten better at sharing information and at the so-called “cyber counter-intelligence” aspect of these attacks: Namely, in identifying the threat actors, tactics and techniques of the various state-sponsored organizations responsible. But he noted that most organizations still struggle with the front end of problem: Identifying the original intrusion and preventing the initial compromise from blossoming into a much bigger problem.

“I don’t think we’ve improved much in that regard, where the core challenges are customized malware, persistent activity, and a lot of noise,” Assante said. “Better and broader notification [by companies like CyberESI] would be great, but the problem is that typically these notifications come after sensitive data has already been exfiltrated from the victim organization. Based on the nature of advanced persistent threats, you can’t beat that time cycle. Well, you might be able to, but the amount of investment needed to change that is tremendous.”

Ultimately, securing sensitive systems from advanced, nation-state level attacks may require a completely different approach. After all, as Einstein said, “We cannot solve our problems with the same thinking we used when we created them.”

Indeed, that appears to be the major thrust of a report released this month by Richard J. Danzig, a board member of the Center for New American Security. In “Surviving on a Diet of Poison Fruit,” (PDF) Danzig notes that defensive efforts in major mature systems have grown more sophisticated and effective.

“However, competition is continuous between attackers and defender,” he wrote. “Moreover, as new information technologies develop we are not making concomitant investments in their protection. As a result, cyber insecurities are generally growing, and are likely to continue to grow, faster than security measures.”

In his conclusion, Danzig offers a range of broad (and challenging) suggestions, including this gem, which emphasizes placing a premium on security over ease-of-use and convenience in mission-critical government systems:

“For critical U.S. government systems, presume cyber vulnerability and design organizations, operations and acquisitions to compensate for this vulnerability. Do this by a four-part strategy of abnegation, use of out-of-band architectures, diversification and graceful degradation. Pursue the first path by stripping the ‘nice to have’ away from the essential, limiting cyber capabilities in order to minimize cyber vulnerabilities. For the second, create non-cyber interventions in cyber systems. For the third, encourage different cyber dependencies in different systems so single vulnerabilities are less likely to result in widespread failure or compromise. And for the fourth, invest in discovery and recovery capabilities. To implement these approaches, train key personnel in both operations and security so as to facilitate self-conscious and well- informed tradeoffs between the security gains and the operational and economic costs from pursuing these strategies.”

Source: Center for New American Security

Source: Center for New American Security

RacialiciousThe SDCC Files: The Witty Women of Steampunk

<iframe allowtransparency="true" frameborder="no" height="750" src="http://storify.com/aboynamedart/the-witty-women-of-steampunk-1/embed?border=false" width="100%"></iframe><script src="http://storify.com/aboynamedart/the-witty-women-of-steampunk-1.js?border=false"></script>
<noscript>[View the story "The Witty Women of Steampunk" on Storify]</noscript>

Top image from Anina Bennett’s “Boilerplate.”

The post The SDCC Files: The Witty Women of Steampunk appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesCuteness Inspired Aggression is Widespread

Don’t you want to pinch it and squeeze it and bite its little face off!?

1

You’re not alone.

Rebecca Dyer and Oriana Aragon, graduate students in psychology, brought subjects into a lab, handed them a fresh sheet of bubble wrap, and exposed them to cute, funny, and neutral pictures of animals.  Those who saw the cute ones popped significantly more bubbles than the others.

Cute things make us aggressive!  It’s why we say things like: “I just wanna eat you up!” and why we have to restrain ourselves from giving our pets an uncomfortably tight hug.

Which one do you want to hurt the most!?

1

An aggressive response to cuteness, it appears, it “completely normal.”

The authors suggest that humans non-consciously balance extreme emotions with one from the other side of the spectrum to try to maintain some control and balance.  This, Aragon explains at her website, may be why we cry when we’re really happy and laugh at funerals.

In the meantime, if this makes you want to inflict some serious squishing, know that you’re in good company.

2

All pictures from Cute Overload.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianChris Lamb: start-stop-daemon: --exec vs --startas

start-stop-daemon is the classic tool on Debian and derived distributions to manage system background processes. A typical invokation from an initscript is as follows:

start-stop-daemon \
    --quiet \
    --oknodo \
    --start \
    --pidfile /var/run/daemon.pid \
    --exec /usr/sbin/daemon \
    -- -c /etc/daemon.cfg -p /var/run/daemon.pid

The basic operation is that it will first check whether /usr/sbin/daemon is not running and, if not, execute /usr/sbin/daemon -c /etc/daemon.cfg -p /var/run/daemon.pid. This process then has the responsibility to daemonise itself and write the resulting process ID to /var/run/daemon.pid.

start-stop-daemon then waits until /var/run/daemon.pid has been created as the test of whether the service has actually started, raising an error if that doesn't happen.

(In practice, the locations of all these files are parameterised to prevent DRY violations.)

Idempotency

By idempotence we are mostly concerned with repeated calls to /etc/init.d/daemon start not starting multiple versions of our daemon.

This might not seem to be particularly big issue at first but the increased adoption of stateless configuration management tools such as Ansible (which should be completely free to call start to ensure a started state) mean that one should be particularly careful of this apparent corner case.

In its usual operation, start-stop-daemon ensures only one instance of the daemon is running with the --exec parameter: if the specified pidfile exists and the PID it refers to is an "instance" of that executable, then it is assumed that the daemon is already running and another copy is not started. This is handled in the pid_is_exec method (source) - the /proc/$PID/exe symlink is resolved and checked against the value of --exec.

Interpreted scripts

However, one case where this doesn't work is interpreted scripts. Lets look at what happens if /usr/sbin/daemon is such a script, eg. a file that starts:

#!/usr/bin/env python
# [..]

The problem this introduces is that /proc/$PID/exe now points to the interpreter instead, often with an essentially non-deterministic version suffix:

$ ls -l /proc/14494/exe
lrwxrwxrwx 1 www-data www-data 0 Jul 25 15:18
                              /proc/14494/exe -> /usr/bin/python2.7

When this process is examined using the --exec mechanism outlined above it will be rejected as an instance of /usr/sbin/daemon and therefore another instance of that daemon will be incorrectly started.

--startas

The solution is to use the --startas parameter instead. This omits the /proc/$PID/exe check and merely tests whether a PID with that number is running:

start-stop-daemon \
    --quiet \
    --oknodo \
    --start \
    --pidfile /var/run/daemon.pid \
    --startas /usr/sbin/daemon \
    -- -c /etc/daemon.cfg -p /var/run/daemon.pid

Whilst it is therefore less reliable (in that the PID found in the pidfile could actually be an entirely different process altogether) it's probably an acceptable trade-off against the case of running multiple instances of that daemon.

This danger can be ameliorated by using some of start-stop-daemon's other matching tests, such as --user or even --name.

RacialiciousThe SDCC Files: Milestone @ 21

<iframe allowtransparency="true" frameborder="no" height="750" src="http://storify.com/aboynamedart/milestone-21/embed?border=false" width="100%"></iframe><script src="http://storify.com/aboynamedart/milestone-21.js?border=false"></script>
<noscript>[View the story "Milestone @ 21" on Storify]</noscript>

The post The SDCC Files: Milestone @ 21 appeared first on Racialicious - the intersection of race and pop culture.

RacialiciousThe SDCC Files: Breaking Barriers: Transgender Trends in Popular Culture

<iframe allowtransparency="true" frameborder="no" height="750" src="http://storify.com/aboynamedart/breaking-barriers-transgender-trends-in-popular-cu/embed?border=false" width="100%"></iframe><script src="http://storify.com/aboynamedart/breaking-barriers-transgender-trends-in-popular-cu.js?border=false"></script>
<noscript>[View the story "Breaking Barriers: Transgender Trends in Popular Culture" on Storify]</noscript>

Top image from Transposes, by Dylan Edwards

The post The SDCC Files: Breaking Barriers: Transgender Trends in Popular Culture appeared first on Racialicious - the intersection of race and pop culture.

Planet Linux AustraliaAndrew Pollock: [life] Day 180: Kindergarten, recovery and an afternoon play date

I was away all weekend with Anshu, so I had to play weekend catch up when I got home this morning. After I'd unpacked the car and sorted out some lunch, I did the grocery shopping, and by the time I'd unpacked from that it was pretty much time to pick up Zoe and Megan from Kindergarten.

On the way home from Kindergarten, Zoe asked if they could go to the playground. I'd been intended to offer them the playground or a ferry ride, so this worked out nicely.

Zoe wanted to ride her scooter to the park, and Megan seemed happy to run alongside her, so this seemed like a win-win situation. There were a few other kids from Kindergarten at the playground as well.

The small world factor struck this afternoon. There was a mother at the playground that I'd seen at pick up time at Kindergarten, who I didn't recognise, so I struck up a conversation with her. It turns out she's the mother of a boy who was in Zoe's swim class last year. I'd previously spoken with her husband at swim school. They were from Melbourne, had had a stint up in Brisbane, returned to Melbourne, decided they liked Brisbane better, and just relocated back again. Their son, Miller, had gone to Zoe's Kindergarten last year as well, and his Dad had had good things to say about it Sarah at Zoe's swim class.

After the stint in the park, we came back home, and Zoe and Megan watched a bit of TV while I prepared dinner, and then Jason came to pick up Megan.

We had a nice dinner, and I got Zoe to bed a little bit early.

CryptogramRussia Paying for a Tor Break

Russia has put out a tender on its official government procurement website for anyone who can identify Tor users. The reward of $114,000 seems pretty cheap for this capability. And we now get to debate whether 1) Russia cannot currently deaonymize Tor users, or 2) Russia can, and this is a ruse to make us think they can't.

Worse Than FailureCodeSOD: A Team of One

Bob worked at a small company. There’s a messy history in its founding. The owner, Aaron, worked for another company making basically the same software, until he finally got fed up with their coding style and practices. So he quit to found his own company, with his own rules about things, like how many blank lines there should be before a for loop (exactly 1), how to order variable declarations (alphabetically, with “::” coming after “z”), and how source control should be organized (about as organized as organized crime).

Aaron didn’t waste a lot of time managing, and made sure to keep his hands in the code. Of course, no one wanted to touch the code after he did, which meant Aaron wasn’t just the owner, but he was a one-man team. The other teams might deliver features, but Aaron’s team delivered vision. Well, vision, and code blocks like this, which parse parameters off the command-line:

 typedef enum context_option_type_e
   {
       context_option_type_unknown             = 0,
       context_option_type_bool                = 1,
       context_option_type_double              = 2,
       context_option_type_float               = 3,
       context_option_type_string              = 4,
       context_option_type_uint32              = 5,
       context_option_type_uint64              = 6,
       context_option_type_max,
   } context_option_type_e;

       bool
       get_bool_context_option(
           const uint32_t context_option) const
       {
           bool return_value = false;

           if (context_option > this->vector_context_option_to_type_mapping.size())
           {
               assert(false && "Invalid context option specified.");
               goto exit;
           }

           if (
               this->vector_context_option_to_type_mapping[context_option] ==
               context_option_type_bool)
           {
               ::std::string string_context_option_lowercase;
               const ::std::string &string_context_option =
                   this->vector_string_context_options[context_option];

               string_context_option_lowercase.resize(
                   string_context_option.size());
               ::std::transform(
                   string_context_option.begin(),
                   string_context_option.end(),
                   string_context_option_lowercase.begin(),
                   ::std::tolower);

               if (
                   (string_context_option_lowercase.compare("1") == 0) ||
                   (string_context_option_lowercase.compare("true") == 0) ||
                   (string_context_option_lowercase.compare("yes") == 0))
               {
                   return_value = true;
               }
           }
           else
           {
               assert(false && "Context option is not a bool type.");
           }

       exit:
           return return_value;
       }
<link href="http://yandex.st/highlightjs/7.3/styles/default.min.css" rel="stylesheet"/> <script src="http://img.thedailywtf.com/images/remy/highlight.js/highlight.pack.js"></script> <script>hljs.initHighlightingOnLoad();</script>

You’ll notice that the enum defines 6 types of option, and this function is only for the bool option. You might think, “Aaron copied and pasted this code six times for the different types,” but you’d be wrong. Aaron just didn’t implement them.

Aaron continues to be the most prolific committer, even if no one knows exactly what he's working on. At least his variable names are always perfectly ordered.

For those unfamiliar with C, I recommend investigating getopt, the POSIX standard function for parsing command-line options.

[Advertisement] Have you seen BuildMaster 4.3 yet? Lots of new features to make continuous delivery even easier; deploy builds from TeamCity (and other CI) to your own servers, the cloud, and more.

Planet DebianDaniel Pocock: Secure that Dictaphone

2014 has been a big year for dictaphones so far.

First, it was France and the secret recordings made by Patrick Buisson during the reign of President Sarkozy.

Then, a US court ordered the release of the confidential Boston College tapes, part of an oral history project. Originally, each participant had agreed their recording would only be released after their death. Sinn Fein leader Gerry Adams was arrested and questioned over a period of 100 hours and released without charge.

Now Australia is taking its turn. In #dictagate down under, a senior political correspondent from a respected newspaper recorded (most likely with consent) some off-the-record comments of former conservative leader Ted Baillieu. Unfortunately, this journalist misplaced the dictaphone at the state conference of Baillieu's arch-rivals, the ALP. A scandal quickly errupted.

Secure recording technology

There is no question that electronic voice recordings can be helpful for people, including journalists, researchers, call centers and many other purposes. However, the ease with which they can now be distributed is only dawning on people.

Twenty years ago, you would need to get the assistance of a radio or TV producer to disseminate such recordings so widely. Today there is email and social media. The Baillieu tapes were emailed directly to 400 people in a matter of minutes.

Just as technology brings new problems, it also brings solutions. Encryption is one of them.

Is encryption worthwhile?

Coverage of the Snowden revelations has revealed that many popular security technologies are not one hundred percent safe. In each of these dictaphone cases, however, NSA-level expertise was not a factor. Even the most simplistic encryption would have caused endless frustration to the offenders who distributed the Baillieu tape.

How can anybody be sure encryption is reliable?

Part of the problem is education. Everybody using the technology needs to be aware of the basic concepts, for example, public key cryptography.

Another big question mark is back doors. There is ongoing criticism of Apple iPhone/iPod devices and the many ways that their encryption can be easily disabled by Apple engineers and presumably many former staff, security personnel and others. The message is clear: proprietary, closed-source solutions should be avoided. Free and open source technologies are the alternative. If a company does not give you the source code, how can anybody independently audit their code for security? With encryption software, what use is it if nobody has verified it?

What are the options?

However, given that the majority of people don't have a PhD in computer science or mathematics, are there convenient ways to get started with encryption?

Reading is a good start. The Code Book by Simon Singh (author of other popular science books like Fermat's Last Theorem) is very accessible, not classified and assumes no formal training in mathematics. Even for people who do know these topics inside out, it is a good book to share with friends and family.

The Guardian Project (no connection with Guardian Media of Edward Snowden fame) aims to provide a secure and easy to use selection of apps for pocket devices. This project has practical applications in business, journalism and politics alike.

How should a secure dictaphone app work?

Dictaphone users typically need to take their dictaphones in the field, so there is a risk of losing it or having it stolen. A strong security solution in this situation may involve creating an RSA key pair on a home/office computer, keeping the private key on the home computer and putting the public key on the dictaphone device. Configured this way, the dictaphone will not be able to play back any of the recordings itself - the user will always have to copy them to the computer for decryption.

Planet Linux AustraliaAndrew Pollock: [life] Day 177: Bike riding practice, picnic

Friday was another loosely planned day. Zoe indicated that she'd like to practice riding her bike, and it was a nice day, so we made a picnic lunch of it.

We went to Minnippi again, and Zoe did pretty well. I used the gentle downhill part of the path this time to give Zoe a bit more momentum, and there were a few brief periods where I let go of the bike completely and she stayed upright. I definitely think she's getting better, and her confidence is improving. Hopefully a few more practices will have her riding on her own.

After she got tired of riding her bike, we checked out the aviation-themed play area. We had some fun alternating between being the "pilot" and the "control tower". We had our picnic lunch up in that part of the park.

Shortly after lunch, another little girl, Lilian, arrived with her mother, and Zoe befriended her, although she didn't want to play with her all that much. I struck up a bit of a conversation with her mother, and when they migrated over to the duck pond, we went as well, as we had some crusts to feed to the ducks.

There was a guy over there with a big loaf of bread, which he was feeding to the ducks unsuccessfully. When Zoe and Lilian arrived, he donated the remainder of the bread to them to feed to the ducks.

After that, we all went to the other play structure for a while.

When Lilian left, we headed back to Cannon Hill to get some more kitty litter and a tennis racquet. We also dropped into Bunnings for a coffee and babyccino. Bunnings has a bit of an indoor play area, so Zoe checked that out too.

It was getting on in the afternoon by this stage, so we headed home and pottered around for a little bit. Zoe watched some TV, Anshu arrived, and then Sarah arrived to pick up Zoe. It was a nice day.

Planet Linux AustraliaBrendan Scott: brendanscott

Getup alleges that someone has copied one of Getup’s videos, then issuing a takedown over the same video in respect of Getup.  With copyright enforcement rhetoric running hysterical for years now it comes as no surprise that the provider of the video site would remove Getup’s video.  Takedown procedures are specifically designed to be swift and effective against allegations, regardless of the justice of the matter.  Given such a lopsided approach to rights, it is surprising that it has taken until now for people to start abusing the system.  It will get worse in the future.


Planet Linux AustraliaAndrew Cowie: Vale Peter Miller

Sad to receive news this morning that a long time friend and colleague, Peter Miller, had passed.

Peter Miller

“After fighting cancer for many years, finally lost”. No, not lost; if there was ever anyone who fought the battle of life and won it was be Peter. Even knowing he was at his last days he was unbowed. Visiting him last week he proudly showed us the woodworking plans and cut lists for some cabinets he was making for his wife MT. He had created the diagrams himself, writing C++ code to call manually drive a drawing library, outputting postscript. Let’s see you do architectural drawing without a CAD program. The date on the printout was two weeks ago.

“The world is a less interesting place today,” wrote another friend. No. Peter firmly believed that interest comes from within. The world is there to be explored, I can hear him saying. He taught us to go forth, wonder, and understand. And so we should.

AfC

Planet DebianRuss Allbery: AFS::PAG 1.02

This is primarily a testing exercise. I moved my software release process and web page generation to a different host, and wanted to run through a release of a package to make sure that I got all the details right.

It's still a bit clunky, and I need to tweak the process, but it's close enough.

That said, there are a few minor changes in this module (which provides the minimum C glue required to do AFS operations from Perl — only the pieces that can't be duplicated by calling command-line programs). I'm improving the standardization of my Perl distributions, so I've moved NEWS to Changes and switched to the Lancaster Consensus environment variables for controlling testing. I also added some more pieces to the package metadata.

You can get the latest version from the AFS::PAG distribution page.

,

Rondam RamblingsAre corporations people?

My earlier post on the Hobby Lobby decision sparked a lively discussion, so I went back and actually read the Court's opinion.  Not much there that I didn't already know, with one notable exception: I had believed that the Court invented the idea that corporations are people out of whole cloth, and that turns out not to be true.  It turns out that there is a law called the Dictionary Act,

Geek FeminismQuick Hit: #LikeDustIRise

Over on Twitter, the great and talented @Gildedspine, creator of #YesAllWomen, is hosting a discussion about online activism, the power of community, and speaking up even in the face of harassment and abuse.

She’s got a powerful conversation going. I encourage you to check it out: #LikeDustIRise.

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2014-07-21 to 2014-07-27

Sociological ImagesSunday Fun: Confirmation Bias for Everyone!

1By David Malki at Wondermark.  H/t to @annettecboehm.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianChristian Perrier: Developers per country (July 2014)

This is time again for my annual report about the number of developers per country.

This is now the sixth edition of this report. Former editions:

So, here we are with the July 2014 version, sorted by the ratio of *active* developers per million population for each country.

Act: number of active developers
Dev: total number of developers
A/M: number of active devels per million pop.
D/M: number of devels per million pop.
2009: rank in 2009
2010: rank in 2010
2011: rank in 2011 (June)
2012: rank in 2012 (June)
2013: rank in 2012 (July)
2014: rank now
Code Name Population Act Dev Dev Act/Million Dev/Million 2009 2010 June 2011 June 2012 July 2013 July 2014
fi Finland 5259250 19 31 3,61 5,89 1 1 1 1 1 1
ie Ireland 4670976 13 17 2,78 3,64 13 9 6 2 2 2
nz New Zealand 4331600 11 15 2,54 3,46 4 3 5 7 7 3 *
mq Martinique 396404 1 1 2,52 2,52

3 4 4 4
se Sweden 9088728 22 37 2,42 4,07 3 6 7 5 5 5
ch Switzerland 7870134 19 29 2,41 3,68 2 2 2 3 3 6 *
no Norway 4973029 11 14 2,21 2,82 5 4 4 6 6 7 *
at Austria 8217280 18 29 2,19 3,53 6 8 10 10 10 8 *
de Germany 81471834 164 235 2,01 2,88 7 7 9 9 8 9 *
lu Luxemburg 503302 1 1 1,99 1,99 8 5 8 8 9 10 *
fr France 65350000 101 131 1,55 2 12 12 11 11 11 11
au Australia 22607571 32 60 1,42 2,65 9 10 12 12 12 12
be Belgium 11071483 14 17 1,26 1,54 10 11 13 13 13 13
uk United-Kingdom 62698362 77 118 1,23 1,88 14 14 14 14 14 14
nl Netherlands 16728091 18 40 1,08 2,39 11 13 15 15 15 15
ca Canada 33476688 34 63 1,02 1,88 15 15 17 16 16 16
dk Denmark 5529888 5 10 0,9 1,81 17 17 16 17 17 17
es Spain 46754784 34 56 0,73 1,2 16 16 19 18 18 18
it Italy 59464644 36 52 0,61 0,87 23 22 22 19 19 19
hu Hungary 10076062 6 12 0,6 1,19 18 25 26 20 24 20 *
cz Czech Rep 10190213 6 6 0,59 0,59 21 20 21 21 20 21 *
us USA 313232044 175 382 0,56 1,22 19 21 25 24 22 22
il Israel 7740900 4 6 0,52 0,78 24 24 24 25 23 23
hr Croatia 4290612 2 2 0,47 0,47 20 18 18 26 25 24 *
lv Latvia 2204708 1 1 0,45 0,45 26 26 27 27 26 25 *
bg Bulgaria 7364570 3 3 0,41 0,41 25 23 23 23 27 26 *
sg Singapore 5183700 2 2 0,39 0,39


33 33 27 *
uy Uruguay 3477778 1 2 0,29 0,58 22 27 28 28 28 28
pl Poland 38441588 11 15 0,29 0,39 29 29 30 30 30 29 *
jp Japan 127078679 36 52 0,28 0,41 30 28 29 29 29 30 *
lt Lithuania 3535547 1 1 0,28 0,28 28 19 20 22 21 31 *
gr Greece 10787690 3 4 0,28 0,37 33 38 34 35 35 32 *
cr Costa Rica 4301712 1 1 0,23 0,23 31 30 31 31 31 33 *
by Belarus 9577552 2 2 0,21 0,21 35 36 39 39 32 34 *
ar Argentina 40677348 8 10 0,2 0,25 34 33 35 32 37 35 *
pt Portugal 10561614 2 4 0,19 0,38 27 32 32 34 34 36 *
sk Slovakia 5477038 1 1 0,18 0,18 32 31 33 36 36 37 *
rs Serbia 7186862 1 1 0,14 0,14



38 38
tw Taiwan 23040040 3 3 0,13 0,13 37 34 37 37 39 39
br Brazil 192376496 18 21 0,09 0,11 36 35 38 38 40 40
cu Cuba 11241161 1 1 0,09 0,09
38 41 41 41 41
co Colombia 45566856 4 5 0,09 0,11 41 44 46 47 46 42 *
kr South Korea 48754657 4 6 0,08 0,12 39 39 42 42 42 43 *
gt Guatemala 13824463 1 1 0,07 0,07



43 44 *
ec Ecuador 15007343 1 1 0,07 0,07
40 43 43 45 45
cl Chile 16746491 1 2 0,06 0,12 42 41 44 44 47 46 *
za South Africa 50590000 3 10 0,06 0,2 38 48 48 48 48 47 *
ru Russia 143030106 8 9 0,06 0,06 43 42 47 45 49 48 *
mg Madagascar 21281844 1 1 0,05 0,05 44 37 40 40 50 49 *
ro Romania 21904551 1 2 0,05 0,09 45 43 45 46 51 50 *
ve Venezuela 28047938 1 1 0,04 0,04 40 45 50 49 44 51 *
my Malaysia 28250000 1 1 0,04 0,04

49 50 52 52
pe Peru 29907003 1 1 0,03 0,03 46 46 51 51 53 53
tr Turkey 74724269 2 2 0,03 0,03 47 47 52 52 54 54
ua Ukraine 45134707 1 1 0,02 0,02 48 53 58 59 55 55
th Thailand 66720153 1 2 0,01 0,03 50 50 54 54 56 56
eg Egypt 80081093 1 3 0,01 0,04 51 51 55 55 57 57
mx Mexico 112336538 1 1 0,01 0,01 49 49 53 53 58 58
cn China 1344413526 10 14 0,01 0,01 53 53 57 56 59 59
in India 1210193422 8 9 0,01 0,01 52 52 56 57 60 60
sv El Salvador 7066403 0 1 0 0,14

36 58 61 61































969 1561 62,08%







A few interesting facts:
  • New Zealand bumps from rank 7 to rank 3, thanks to one new active developer
  • Switzerland loses one developer and goes donw to rank 6
  • Norway also slightly goes down by losing one developer
  • With two more developers, Austria climbs up to rank 8 and overtakes Germany...;-)
  • Hungary climbs a little bit by gaining one developer
  • Singapore doubles its number of developers from 1 to 2 and bumps from 33 to 27
  • One rank up too for Poland that gained one developer
  • Down to rank 31 for Lithuania by losing one developer
  • Up to rank 32 for Greece with 4 developers instead of 3
  • Argentina goes up by havign two more developers (it lost 2 last year)
  • Up from 46 to 42 for Colombia by winning one more developer
  • One more developer and Russia climps from 49 to 48
  • One less for Venezuela that has only one developer left...:-(
  • No new country this year. Less movement towards "the universal OS"?
  • We have 12 more active Debian developers and 26 more developers overall. Less progression than last year
  • The ratio of active developers increases is nearly stable though slightly decreasing

,

RacialiciousThe SDCC Files: MD Marie

14565237778_bf567fc9f6

MD Marie

We first noticed science-fiction author MD Marie and her steampunk style when she discussed “The Saints of Winter Valley,” her multi-cultural steampunk story featuring four women of color, during Friday’s Black Panel. Naturally, we hopped over to her booth and got more details.

Where You Can Find Her: Booth 1623
Where You Can Find Her Online: Saints Of Winter Valley Twitter feed and Facebook page.
What’s The Story?: “It is steampunk, even though it’s futuristic,” Marie says about Saints, which is set in the year 2118. “The story is post-global warming, so people have reverted back to a simpler, but extravagant time, because resources are scant. Most of the planet is underwater because of global warming. The United States is actually divided into two separate countries.”
On the future of multicultural steampunk: “I see it going very far. It’s kind of touch-and-go with the general audience, but in the steampunk genre, it’s very popular. My characters, my story, are very popular. I see it getting stronger, and going very far. I just need everybody to catch up with us.”

The post The SDCC Files: MD Marie appeared first on Racialicious - the intersection of race and pop culture.

Don MartiNewspaper dollars, Facebook dimes

(updated 27 Jul 2014: add Gannett ad revenue)

Hard to miss the Facebook earnings news this week.

Facebook earnings beat expectations as ad revenues soar

Facebook Beats In Q2 With $2.91 Billion In Revenue, 62% Of Ad Revenue From Mobile, 1.32B Users

Let's take a look at those numbers. (I'd like to fill in more and better data here, so any extra sources welcome.)

Mobile ads: 62% of ad revenues.

Total US ad revenue: $1.3 billion.

Which would make mobile US revenue about 800 million. (Other countries are heavier on mobile, so this might even be high.)

Americans spend 162 minutes on a mobile device per day of which 17% is Facebook. So figure about 28 minutes per day on average. (Average of all US "consumers", not just mobile or Facebook users.)

That's double the time spent reading the printed newspaper.

US users spend an average of 14 minutes/day on printed newspapers. (Average of newspaper readers and non-readers. Just print, not web or mobile.)

But how are newspapers doing with the ad revenue?

Even after a sharp decline, newspaper print ad revenue in the USA is at $17.3 billion/year. That's the 2013 number, so it's reasonable to expect it to continue to come down as newspaper-reading time continues to decline.

Let's say it comes down another 10 percent for this year (which is faster than trend, and Gannett's print advertising is only down 6% this quarter compared to a year ago) and take a quarter of that. That's $3.9 billion.

So the newspaper brings in more than four times as much ad money by being in front of users for half the time. The newspaper completely lacks all the advanced behavioral targeting stuff, and Facebook is full of it.

What's going on here? Why is Facebook—the most finely targeted ad medium ever built—an order of magnitude less valuable to advertisers than the second-oldest low-tech ad medium is?

Here's my best explanation so far for the "print dollars to digital dimes" problem.

Advertising is based on a two-way exchage of information. You, the reader, give advertising your attention. Advertising gives you some information about the advertiser's intentions. That's often not found in the content of the ad. The fact that it's running in a public place at all is what builds up your mental model of the product, or brand equity.

On the other hand, advertising that's targeted to you is like a cold call or an email spam. You might respond to it at the time, but it doesn't carry information about the advertiser's intentions. (For example, you might be the one sucker who they're trying to stick with the last obsolete unit in the warehouse, before an incompatible change.)

As Bob Hoffman, Ad Contrarian, wrote, Online advertising has thus far proven to be a lousy brand-building medium. Walk through your local supermarket or Target or Walmart and see if you can find any brands built by online advertising. So what is web advertising good for? Thus far, it has been effective at search and moderately effective at a certain type of direct response.

Without the signaling/brand building effect, those targeted Facebook ads don't pull their weight, and come in at less valuable than newspaper ads.

I'm not saying we should go back to dead trees, but clearly mobile is leaving money on the table here. What's the solution? Paradoxically, it's going to have to involve some privacy tech on the user's end—preventing some of the one-sided data flow towards advertisers in order to introduce signaling effect.

More: Targeted Advertising Considered Harmful

Sociological ImagesSaturday Stat: World’s Top Military Spender

According to the Stockholm International Peace Institute, the United States remains the world’s top military spender. In fact, U.S. military spending equals the combined military spending of the next ten countries.  And most of those are U.S. allies.

1 (2) - Copy

Although declining in real terms, the U.S. military budget remains substantial and a huge drain on our public resources.  As the following chart shows, military spending absorbs 57% of our federal discretionary budget.

1 (2)

 Notice that many so-called non-military discretionary budget categories also include military related spending. For example: Veteran’s Benefits, International Affairs, Energy and the Environment, and Science.   We certainly seem focused on a certain kind of security.

Martin Hart-Landsberg is a professor of economics at Lewis and Clark College. You can follow him at Reports from the Economic Front.

(View original at http://thesocietypages.org/socimages)

Planet DebianHolger Levsen: 20140726-the-future-is-now

Do you remember the future?

Unless you are over 60, you weren't promised flying cars. You were promised an oppressive cyberpunk dystopia. Here you go.

(Source: found in the soup)

Luckily the future today is still unwritten. Shape it well.

,

Planet DebianRichard Hartmann: Release Critical Bug report for Week 30

I have been asked to publish bug stats from time to time. Not exactly sure about the schedule yet, but I will try and stick to Fridays, as in the past; this is for the obvious reason that it makes historical data easier to compare. "Last Friday of each month" may or may not be too much. Time will tell.

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1511
    • Affecting Jessie: 431 That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 383 Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 44 bugs are tagged 'patch'. Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 20 bugs are marked as done, but still affect unstable. This can happen due to missing builds on some architectures, for example. Help investigate!
        • 319 bugs are neither tagged patch, nor marked done. Help make a first step towards resolution!
      • Affecting Jessie only: 48 Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 0 bugs are in packages that are unblocked by the release team.
        • 48 bugs are in packages that are not unblocked.

Graphical overview of bug stats thanks to azhag:

CryptogramFriday Squid Blogging: Build a Squid

An interactive animation from the Museum of New Zealand Te Papa Tongarewa.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Krebs on SecurityService Drains Competitors’ Online Ad Budget

The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Today’s post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.

Youtube ads from "GoodGoogle" pitching his AdWords click fraud service.

Youtube ads from “GoodGoogle” pitching his AdWords click fraud service.

AdWords is Google’s paid advertising product, displaying ads on the top or the right side of your screen in search results. Advertisers bid on specific keywords, and those who bid the highest will have their ads show up first when Internet users search for those terms. In turn, advertisers pay Google a small amount each time a user clicks on one of their ads.

One of the more well-known forms of online ad fraud (a.k.a. “click fraud“) involves Google AdSense publishers that automate the clicking of ads appearing on their own Web sites in order to inflate ad revenue. But fraudsters also engage in an opposite scam involving AdWords, in which advertisers try to attack competitors by raising their costs or exhausting their ad budgets early in the day.

Enter “GoodGoogle,” the nickname chosen by one of the more established AdWords fraudsters operating on the Russian-language crime forums.  Using a combination of custom software and hands-on customer service, GoodGoogle promises clients the ability to block the appearance of competitors’ ads.

“Are you tired of the competition in Google AdWords that take your first position and quality traffic,?” reads GoodGoogle’s pitch. “I will help you get rid once and for all competitors in Google Adwords.”

The service, which appears to have been in the offering since at least January 2012, provides customers both a la carte and subscription rates. The prices range from $100 to block between three to ten ad units for 24 hours to $80 for 15 to 30 ad units. For a flat fee of $1,000, small businesses can use GoodGoogle’s software and service to sideline a handful of competitors’s ads indefinitely. Fees are paid up-front and in virtual currencies (WebMoney, e.g.), and the seller offers support and a warranty for his work for the first three weeks.

Reached via instant message, GoodGoogle declined to specify how his product works, instead referring me to several forums where I could find dozens of happy customers to vouch for the efficacy of the service.

Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University California, Berkeley, speculated that GoodGoogle’s service consists of two main components: A private botnet of hacked computers that do the clicking on ads, and advanced software that controls the clicking activity of the botted computers so that it appears to be done organically from search results.

Further, he said, the click fraud bots probably are not used for any other purpose (such as spam or denial-of-service attacks) since doing so would risk landing those bots on lists of Internet addresses that Google and other large Internet companies use to keep track of abuse complaints.

“You’d pretty much have to do this kind of thing as a service, because if you do it just using software alone, you aren’t going to be able to get a wide variety of traffic,” Weaver said. “Otherwise, you’re going to start triggering alarms.”

Amazingly, the individual responsible for this service not only invokes Google’s trademark in his nickname and advertises his wares via instructional videos on Google’s YouTube service, but he also lists several Gmail accounts as points of contact. My guess is it will not be difficult for Google to shutter this operation, and possibly to identity this individual in real life.

CryptogramBuilding a Legal Botnet in the Cloud

Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but there's no reason this can't scale to much larger numbers.

Geek FeminismLet’s do the linkspam again (25 July 2014)

  • Why Captain America Should Stay Black Forever | E.Knight at Boxing With God (July 19): “Comic book fans born today should grow up knowing this is Captain America. There should be no doubt.  The idea that a black man could represent the ultimate patriot is only ironic if our society continues to insist that White is America’s default race.”
  • New Thor Will be a Woman! Five Other Heroines Who Have Taken Up a Man’s Title | Mey at Autostraddle (July 22): “Although there’s absolutely nothing wrong with feminizing a name, there is a lot of clout that comes with the name Thor. By not adding “She-,” “Lady” or “Ms.” to the name, they are saying that this character isn’t a sidekick or partner to Thor, they’re saying that she isn’t “inspired by” Thor, they’re saying she simply is Thor. [...] While Thor is the most high-profile example of this, it’s not the first. Here are some of my favorite examples of this happening before.”
  • How Big of a Problem is Harassment at Comic Conventions? Very Big. | Janelle Asselin at bitchmedia (July 22)[warning for discussion of harassment] “It’s not difficult to see why conventions can be rife with harassment. People in my survey report being harassed by fans, journalists, publishing employees, and comics creators, so there are issues at every level of the industry. Conventions involve cramming a lot of people into one space where ideally everyone gets to move around. This means there are a lot of brush-by maneuvers, awkward running into people, and a lot of general closeness. [...] This is the first time ever that SDCC has made a specific anti-harassment policy so prominent and offered a clear course of action for fans who are harassed.”
  • Killing the Messenger at Mozilla | Tim Chevalier at Model View Culture (July 21) (disclosure: Tim Chevalier contributes to geekfeminism.org): “In 2012, it was nearly taboo at Mozilla to question the individualist narrative: the story that says that Eich, like any other employee, could spend his paycheck in whatever manner he chose. In 2014, Mozillans had no choice but to engage with a more structural narrative: that it’s impossible to lead a diverse organization when you have openly and obdurately expressed animus towards members of a protected class. [...] If we take [the Mozilla leaders] at face value, they did not understand why anyone would think that queer people’s rights were relevant to an open-source software project — surely they must have been aware that LGBTQ people worked for them.”
  • WisCon…This is How You Fail | The Angry Black Woman (July 20): “Race, gender, and class have all been issues at various points for me at WisCon. Most incidents fall into microaggression territory, and as a personal philosophy I tend not to let those dissuade me from things I want to do. That is an eminently personal choice, and should not be construed as telling anyone else what to do or how to feel. If my friends stop going, then so will I.”
  • The Pay-for-Performance Myth | Eric Chemi and Ariana Giorgi at Bllomberg Business Week (July 22): “An analysis of compensation data publicly released by Equilar shows little correlation between CEO pay and company performance. Equilar ranked the salaries of 200 highly paid CEOs. When compared to metrics such as revenue, profitability, and stock return, the scattering of data looks pretty random, as though performance doesn’t matter. The comparison makes it look as if there is zero relationship between pay and performance.”
  • Coder livetweets sexist remarks allegedly made by IBM executives | Aja Romano at The Daily Dot (July 22): “Note to IBM executives: If you’re going to openly discuss why you think young women make bad hires in the tech industry, you might want to make sure you’re not having lunch next to a young mom who’s also a coder. [...] According to [Lyndsay] Kirkham, the executives listed off a number of women who are currently employed at IBM, all of whom apparently have kids, and listed the amount of time the women were expected to take off in the next few years for anticipated pregnancies.”
  • #iamdoingprogramming made me feel more alienated from the tech community | Christina Truong at Medium (July 21): “In the eight years that I’ve been in the tech industry, I’ve worked with one Black person that was in a tech role and a handful in non-tech roles (project managers) and that’s a damn shame. [...] Diversity doesn’t mean pushing those that are already there out of the group. It simply means making space for different kinds of people, different opinions and opening up the culture instead of spotlighting and finding the same kind of person over and over again. It’s about showing people that there are different ways to be successful in this industry. It’s about telling everyone’s story.”
  • Numbers are not enough: Why I will only attend conferences with explicitly enforceable Codes of Conduct and a commitment to accessibility | Jennie Rose Halperin (July 22): “I recently had a bad experience at a programming workshop where I was the only woman in attendance and eventually had to leave early out of concern for my safety. [...] What happened could have been prevented: each participant signed a “Code of Conduct” that was buried in the payment for the workshop, but there was no method of enforcement and nowhere to turn when issues arose.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet DebianJuliana Louback: Extending an xTuple Business Object

xTuple is in my opinion incredibly well designed; the code is clean and the architecture ahderent to a standardized structure. All this makes working with xTuple software quite a breeze.

I wanted to integrate JSCommunicator into the web-based xTuple version. JSCommunicator is a SIP communication tool, so my first step was to create an extension for the SIP account data. Luckily for me, the xTuple development team published an awesome tutorial for writing an xTuple extension.

xTuple cleverly uses model based business objects for the various features available. This makes customizing xTuple very straightforward. I used the tutorial mentioned above for writing my extension, but soon noticed my goals were a little different. A SIP account has 3 data fields, these being the SIP URI, the account password and an optional display name. xTuple currently has a business object in the core code for a User Account and it would make a lot more sense to simply add my 3 fields to this existing business object rather than create another business object. The tutorial very clearly shows how to extend a business object with another business object, but not how to extend a business object with only new fields (not a whole new object).

Now maybe I’m just a whole lot slower than most people, but I had a ridiculously had time figuring this out. Mind you, this is because I’m slow, because the xTuple documentation and code is understandable and as self-explanatory as it gets. I think it just takes a bit to get used to. Either way, I thought this just might be useful to others so here is how I went about it.

Setup

First you’ll have to set up your xTuple development environment and fork the xtuple and xtuple-extesions repositories as shown in this handy tutorial. A footnote I’d like to add is please verify that your version of Vagrant (and anything else you install) is the one listed in the tutorial. I think I spent like two entire days or more on a wild goose (bug) chase trying to set up my environment when the cause of all the errors was that I somehow installed an older version of Vagrant - 1.5.4 instead of 1.6.3. Please don’t make the same mistake I did. Actually if for some reason you get the following error when you try using node:

<<ERROR 2014-07-10T23:52:46.948Z>> Unrecoverable exception. Cannot call method 'extend' of undefined

    at /home/vagrant/dev/xtuple/lib/backbone-x/source/model.js:37:39

    at Object.<anonymous> (/home/vagrant/dev/xtuple/lib/backbone-x/source/model.js:1364:3)
    ...

chances are, you have the wrong version. That’s what happened to me. The Vagrant Virtual Development Environment automatically installs and configures everything you need, it’s ready to go. So if you find yourself installing and updating and apt-gets and etc, you probably did something wrong.

Coding

So by now we should have the Vagrant Virtual Development Environment set up and the web app up and running and accessible at localhost:8443. So far so good.

Disclaimer: You will note that much of this is similar - or rather, nearly identical - to xTuple’s tutorial but there are some small but important differences and a few observations I think might be useful. Other Disclaimer: I’m describing how I did it, which may or may not be ‘up to snuff’. Works for me though.

Schema

First let’s make a schema for the table we will create with the new custom fields. Be sure to create the correct directory stucture, aka /path/to/xtuple-extensions/source/<YOUR EXTENSION NAME>/database/source or in my case /path/to/xtuple-extensions/source/sip_account/database/source, and create the file create_sa_schema.sql, ‘sa’ is the name of my schema. This file will contain the following lines:

do $$
  /* Only create the schema if it hasn't been created already */
  var res, sql = "select schema_name from information_schema.schemata where schema_name = 'sa'",
  res = plv8.execute(sql);
  if (!res.length) {
    sql = "create schema sa; grant all on schema sa to group xtrole;"
    plv8.execute(sql);
  }
$$ language plv8;

Of course, feel free to replace ‘sa’ with your schema name of choice. All the code described here can be found in my xtuple-extensions fork, on the sip_ext branch.

Table

We’ll create a table containing your custom fields and a link to an existing table - the table for the existing business object you want to extend. If you’re wondering why make a whole new table for a few extra fields, here’s a good explanation, the case in question is adding fields to the Contact business object.

You need to first figure out what table you want to link to. This might not be uber easy. I think the best way to go about it is to look at the ORMs. The xTuple ORMs are a JSON mapping between the SQL tables and the object-oriented world above the database, they’re .json files found at path/to/xtuple/node_modules/xtuple/enyo-client/database/orm/models for the core business objects and at path/to/xtuplenyo-client/extensions/source/<EXTENSION NAME>/database/orm/models for exension business objects. I’ll give two examples. If you look at contact.json you will see that the Contact business object refers to the table “cntct”. Look for the “type”: “Contact” on the line above, so we know it’s the “Contact” business object. In my case, I wanted to extend the UserAccount and UserAccountRelation business objects, so check out user_account.json. The table listed for UserAccount is xt.usrinfo and the table listed for UserAccountRelation is xt.usrlite. A closer look at the sql files for these tables (usrinfo.sql and usrlite.sql) revealed that usrinfo is in fact a view and usrlite is ‘A light weight table of user information used to avoid punishingly heavy queries on the public usr view’. I chose to refer to xt.usrlite - that or I received error messages when trying the other table names.

Now I’ll make the file /path/to/xtuple-extensions/source/sip_account/database/source/usrlitesip.sql, to create a table with my custom fields plus the link to the urslite table. Don’t quote me on this, but I’m under the impression that this is the norm for naming the sql file joining tables: the name of the table you are referring to (‘usrlite’ in this case) and your extension’s name. Content of usrlitesip.sql:

select xt.create_table('usrlitesip', 'sa');

select xt.add_column('usrlitesip','usrlitesip_id', 'serial', 'primary key', 'sa');
select xt.add_column('usrlitesip','usrlitesip_usr_username', 'text', 'references xt.usrlite (usr_username)', 'sa');
select xt.add_column('usrlitesip','usrlitesip_uri', 'text', '', 'sa');
select xt.add_column('usrlitesip','usrlitesip_name', 'text', '', 'sa');
select xt.add_column('usrlitesip','usrlitesip_password', 'text', '', 'sa');

comment on table sa.usrlitesip is 'Joins User with SIP account';

Breaking it down, line 1 creates the table named ‘usrlitesip’ (no duh), line 2 is for the primary key (self-explanatory). You can then add any columns you like, just be sure to add one that references the table you want to link to. I checked usrlite.sql and saw the primary key is usr_username, be sure to use the primary key of the table you are referencing.

You can check what you made by executing the .sql files like so:

$ cd /path/to/xtuple-extensions/source/sip_account/database/source
$ psql -U admin -d dev -f create_sa_schema.sql
$ psql -U admin -d dev -f usrlitesip.sql

After which you will see the table with the columns you created if you enter:

$ psql -U admin -d dev -c "select * from sa.usrlitesip;"

Now create the file /path/to/xtuple-extensions/source/sip_account/database/source/manifest.js to put the files together and in the right order. It should contain:

{
  "name": "sip_account",
  "version": "1.4.1",
  "comment": "Sip Account extension",
  "loadOrder": 999,
  "dependencies": ["crm"],
  "databaseScripts": [
    "create_sa_schema.sql",
    "usrlitesip.sql",
    "register.sql"
  ]
}

I think the “name” has to be the same you named your extension directory as in /path/to/xtuple-extensions/source/<YOUR EXTENSION NAME>. I think the “comment” can be anything you like and you want your “loadOrder” to be high so it’s the last thing installed (as it’s an add on.) So far we are doing exactly what’s instructed in the xTuple tutorial. It’s repetitive, but I think you can never have too many examples to compare to. In “databaseScripts” you will list the two .sql files you just created for the schema and the table, plus another file to be made in the same directory named register.sql.

I’m not sure why you have to make the register.sql or even if you indeed have to. If you leave the file empty, there will be a build error, so put a ‘;’ in the register.sql or remove the line “register.sql” from manifest.js as I think for now we are good without it.

Now let’s update the database with our new extension:

$ cd /path/to/xtuple
$ ./scripts/build_app.js -d dev -e ../xtuple-extensions/source/sip_account
$ psql -U admin -d dev -c "select * from xt.ext;"

That last command should display a table with a list of extensions; the ones already in xtuple like ‘crm’ and ‘billing’ and some others plus your new extension, in this case ‘sip_account’. When you run build_app.js you’ll probably see a message along the lines of “<Extension name> has no client code, not building client code” and that’s fine because yeah, we haven’t worked on the client code yet.

ORM

Here’s where things start getting different. So ORMs link your object to an SQL table. But we DON’T want to make a new business object, we want to extend an existing business object, so the ORM we will make will be a little different than the xTuple tutorial. Steve Hackbarth kindly explained this new business object/existing business object ORM concept here.

First we’ll create the directory /path/to/xtuple-extensions/source/sip_account/database/orm/ext, according to xTuple convention. ORMs for new business objects would be put in /path/to/xtuple-extensions/source/sip_account/database/orm/models. Now we’ll create the .json file /path/to/xtuple-extensions/source/sip_account/database/orm/ext/user_account.jscon for our ORM. Once again, don’t quote me on this, but I think the name of the file should be the name of the business object you are extending, as is done in the turorial example extending the Contact object. In our case, UserAccount is defined in user_account.json and that’s what I named my extension ORM too. Here’s what you should place in it:

 1 [
 2   {
 3     "context": "sip_account",
 4     "nameSpace": "XM",
 5     "type": "UserAccount",
 6     "table": "sa.usrlitesip",
 7     "isExtension": true,
 8     "isChild": false,
 9     "comment": "Extended by Sip",
10     "relations": [
11       {
12         "column": "usrlitesip_usr_username",
13         "inverse": "username"
14       }
15     ],
16     "properties": [
17       {
18         "name": "uri",
19         "attr": {
20           "type": "String",
21           "column": "usrlitesip_uri",
22           "isNaturalKey": true
23         }
24       },
25       {
26         "name": "displayName",
27         "attr": {
28           "type": "String",
29           "column": "usrlitesip_name"
30         }
31       },
32       {
33         "name": "sipPassword",
34         "attr": {
35           "type": "String",
36           "column": "usrlitesip_password"
37         }
38       }
39     ],
40     "isSystem": true
41   },
42   {
43     "context": "sip_account",
44     "nameSpace": "XM",
45     "type": "UserAccountRelation",
46     "table": "sa.usrlitesip",
47     "isExtension": true,
48     "isChild": false,
49     "comment": "Extended by Sip",
50     "relations": [
51       {
52         "column": "usrlitesip_usr_username",
53         "inverse": "username"
54       }
55     ],
56     "properties": [
57       {
58         "name": "uri",
59         "attr": {
60           "type": "String",
61           "column": "usrlitesip_uri",
62           "isNaturalKey": true
63         }
64       },
65       {
66         "name": "displayName",
67         "attr": {
68           "type": "String",
69           "column": "usrlitesip_name"
70         }
71       },
72       {
73         "name": "sipPassword",
74         "attr": {
75           "type": "String",
76           "column": "usrlitesip_password"
77         }
78       }
79     ],
80     "isSystem": true
81   }
82 ]

Note the “context” is my extension name, because the context + nameSpace + type combo has to be unique. We already have a UserAccount and UserAccountRelation object in the “XM” namespace in the “xtuple” context in the original user_account.json, now we will have a UserAccount and UserAccountRelation object in the “XM” namespace in the “sip_account” conext. What else is important? Note that “isExtension” is true on lines 7 and 47 and the “relations” item contains the “column” of the foreign key we referenced.

This is something you might want to verify: “column” (lines 12 and 52) is the name of the attribute on your table. When we made a reference to the primary key usr_usrname from the xt.usrlite table we named that column usrlitesip_usr_usrname. But the “inverse” is the attribute name associated with the original sql column in the original ORM. Did I lose you? I had a lot of trouble with this silly thing. In the original ORM that created a new UserAccount business object, the primary key attribute is named “username”, as can be seen here. That is what should be used for the “inverse” value. Not the sql column name (usr_username) but the object attribute name (username). I’m emphasizing this because I made that mistake and if I can spare you the pain I will.

If we rebuild our extension everything should come along nicely, but you won’t see any changes just yet in the web app because we haven’t created the client code.

Client

Create the directory /path/to/xtuple-extensions/source/sip_account/client which is where we’ll keep all the client code.

Extend Workspace View I want the fields I added to show up on the form to create a new User Account, so I need to extend the view for the User Account workspace. I’ll start by creating a directory /path/to/xtuple-extensions/source/sip_account/client/views and in it creating a file named ‘workspace.js’ containing this code:

XT.extensions.sip_account.initWorkspace = function () {

	var extensions = [
  	{kind: "onyx.GroupboxHeader", container: "mainGroup", content: "_sipAccount".loc()},
  	{kind: "XV.InputWidget", container: "mainGroup", attr: "uri" },
  	{kind: "XV.InputWidget", container: "mainGroup", attr: "displayName" },
  	{kind: "XV.InputWidget", container: "mainGroup", type:"password", attr: "sipPassword" }
	];

	XV.appendExtension("XV.UserAccountWorkspace", extensions);
};

So I’m initializing my workspace and creating an array of items to add (append) to view XV.UserAccountWorkspace. The first ‘item’ is this onyx.GroupboxHeader which is a pretty divider for my new form fields, the kind you find in the web app at Setup > User Accounts, like ‘Overview’. I have no idea what other options there are for container other than “mainGroup”, so let’s stick to that. I’ll explain content: “_sipAccount”.loc() in a bit. Next I created three input fields of the XV.InputWidget kind. This also confused me a bit as there are different kinds of input to be used, like dropdowns and checkboxes. The only advice I can give is snoop around the webapp, find an input you like and look up the corresponding workspace.js file to see what was used.

What we just did is (should be) enough for the new fields to show up on the User Account form. But before we see things change, we have to package the client. Create the file /path/to/xtuple-extensions/source/sip_account/client/views/package.js. This file is needed to ‘package’ groups of files and indicates the order the files should be loaded (for more on that, see this). For now, all the file will contain is:

enyo.depends(
"workspace.js"
);

You also need to package the ‘views’ directory containing workspace.js, so create the file Create the file /path/to/xtuple-extensions/source/sip_account/client/package.js and in it show that the directory ‘views’ and its contents must be part of the higher level package:

enyo.depends(
"views"
);

I like to think of it as a box full of smaller boxes.

This will sound terrible, but apparently you also need to create the file /path/to/xtuple-extensions/source/sip_account/client/core.js containing this line:

XT.extensions.icecream = {};

I don’t know why. As soon as I find out I’ll be sure to inform you.

As we’ve added a file to the client directory, be sure to update /path/to/xtuple-extensions/source/sip_account/client/package.js so it included the new file:

enyo.depends(
"core.js",
"views"
);

Translations

Remember “_sipAccount”.loc()” in our workspace.js file? xTuple has great internationalization support and it’s easy to use. Just create the directory and file /path/to/xtuple-extensions/source/sip_account/client/en/strings.js and in it put key-value pairs for labels and their translation, like this:

(function () {
  "use strict";

  var lang = XT.stringsFor("en_US", {
    "_sipAccount": "Sip Account",
    "_uri": "Sip URI",
    "_displayName": "Display Name",
    "_sipPassword": "Password"
  });

  if (typeof exports !== 'undefined') {
    exports.language = lang;
  }
}());

So far I included all the labels I used in my Sip Account form. If you write the wrong label (key) or forget to include a corresponding key-value pair in strings.js, xTuple will simply name your lable “_lableName”, underscore and all.

Now build your extension and start up the server:

$ cd /path/to/xtuple 
$ ./scripts/build_app.js -d dev -e ../xtuple-extensions/source/sip_account
$ node node-datasource/main.js

If the server is already running, just stop it and restart it to reflect your changes.

Now if you go to Setup > User Accounts and click the “+” button, you should see a nice little addition to the form with a ‘Sip Account’ divider and three new fields. Nice, eh?

Extend Parameters

Currently you can search your User Accounts list using any of the User Account fields. It would be nice to be able to search with the Sip account fields we added as well. To do that, let’s create the directory /path/to/xtuple-extensions/source/sip_account/client/widgets and there create the file parameter.js to extend XV.UserAccountListParameters. One again, you’ll have to look this up. In the xTuple code you’ll find the application’s parameter.js in /path/to/xtuple/enyo-client/application/source/widgets. Search for the business object you are extending (for example, XV.UserAccount) and look for some combination of the business object name and ‘Parameters’. If there’s more than one, try different ones. Not a very refined method, but it worked for me. Here’s the content of our parameter.js:

XT.extensions.sip_account.initParameterWidget = function () {

  var extensions = [
    {kind: "onyx.GroupboxHeader", content: "_sipAccount".loc()},
    {name: "uri", label: "_uri".loc(), attr: "uri", defaultKind: "XV.InputWidget"},
    {name: "displayName", label: "_displayName".loc(), attr: "displayName", defaultKind: "XV.InputWidget"}
  ];

  XV.appendExtension("XV.UserAccountListParameters", extensions);
};

Node that I didn’t include a search field for the password attribute for obvious reasons. Now once again, we package this new code addition by creating a /path/to/xtuple-extensions/source/sip_account/client/widgets/package.js file:

enyo.depends(
"parameter.js"
);

We also have to update /path/to/xtuple-extensions/source/sip_account/client/package.js:

enyo.depends(
"core.js",
"widgets"
"views"
);

Rebuild the extension (and restart the server) and go to Setup > User Accounts. Press the magnifying glass button on the upper left side of the screen and you’ll see many options for filtering the User Accounts, among them the SIP Uri and Display Name.

Extend List View

You might want your new fields to show up on the list of User Accounts. I figured out a way to do this that looks strange and kind of incorrect, but it’s apparently working.

Create the file /path/to/xtuple-extensions/source/sip_account/client/views/list.js and add the following:

enyo.kind({
    name: "XV.UserAccountList",
    kind: "XV.List",
    label: "_userAccounts".loc(),
    collection: "XM.UserAccountRelationCollection",
    parameterWidget: "XV.UserAccountListParameters",
    query: {orderBy: [
      {attribute: 'username'}
    ]},
    components: [
      {kind: "XV.ListItem", components: [
        {kind: "FittableColumns", components: [
          {kind: "XV.ListColumn", classes: "short", components: [
            {kind: "XV.ListAttr", attr: "username", isKey: true}
          ]},
          {kind: "XV.ListColumn", classes: "short", components: [
            {kind: "XV.ListAttr", attr: "propername"}
          ]},
          {kind: "XV.ListColumn", classes: "last", components: [
            {kind: "XV.ListAttr", attr: "uri"}
          ]}
        ]}
      ]}
    ]
  });
  
  XV.registerModelList("XM.UserAccountRelation", "XV.UserAccountList");

This is actually what’s in /path/to/xtuple/enyo-client/application/source/views/list.js – the entire highlighted part. All I did was add this to “components” after line 18:

  {kind: "XV.ListColumn", classes: "last", components: [
    {kind: "XV.ListAttr", attr: "uri"}
  ]}

I found this at random after a lot of trial and error. It’s strange because if you encapsulate that code with

XT.extensions.sip_account.initList = function () {
 //Code here
};

as is done with parameter.js and workspace.js (and in the xTuple tutorial you are supposed to do that with a new business object), it doesn’t work. I have no idea why. This might be ‘wrong’ or against xTuple coding norms; I will find out and update this post ASAP. But it does work this way. * shrugs *

That said, as we’ve created the list.js file, we need to ad it to our package by editing /path/to/xtuple-extensions/source/sip_account/client/views/package.js:

enyo.depends(
"list.js",
"workspace.js"
);

That’s all. Rebuild the app and restart your server and when you select Setup > User Accounts in the web app you should see the Sip URI displayed on the User Accounts that have the Sip Account data. Add a new User Account to try this out.

Planet DebianSteve Kemp: The selfish programmer

Once upon a time I wrote a piece of software for scheduling the classes available to a college.

There was a bug in the scheduler: Students who happened to be named 'Steve Kemp' had a significantly higher chance (>=80% IIRC) of being placed in lessons where the class makeup was more than 50% female.

This bug was never fixed. Which was nice, because I spent several hours both implementing and disguising this feature.

I'm was a bad coder when I was a teenager.

These days I'm still a bad coder, but in different ways.

Planet DebianWouter Verhelst: Multiarchified eID libraries for Debian

A few weeks back, I learned that some government webinterfaces require users to download a PDF files, sign them with their eID, and upload the signed PDF document. On Linux, the only way to do this appeared to be to download Adobe Reader for Linux, install the eID middleware, make sure that the former would use the latter, and from there things would just work.

Except for the bit where Adobe Reader didn't exist in a 64-bit version. Since the eid middleware packages were not multiarch ready, that meant you couldn't use Adobe Reader to create signatures with your eID card on a 64-bit Linux distribution. Which is, pretty much, "just about everything out there".

For at least the Debian packages, that has been fixed now (I still need to handle the RPM side of things, but that's for later). When I wanted to test just now if everything would work right, however...

... I noticed that Adobe no longer provides any downloads of the Linux version of Adobe Reader. They're just gone. There is an ftp.adobe.com containing some old versions, but nothing more recent than a 5.x version.

Well, I suppose that settles that, then.

Regardless, the middleware package has been split up and multiarchified, and is ready for early adopters. If you want to try it out, you should:

  • run dpkg --add-architecture i386 if you haven't yet enabled multiarch
  • Install the eid-archive package, as usual
  • Edit /etc/apt/sources.list.d/eid.list, and enable the continuous repository (that is, remove the # at the beginning of the line)
  • run dpkg-reconfigure eid-archive, so that the key for the continuous repository is enabled
  • run apt-get update
  • run apt-get -t continuous install eid-mw to upgrade your middleware to the version in continuous
  • run apt-get -t continuous install libbeidpkcs11-0:i386 to install the 32-bit middleware version.
  • run your 32-bit application and sign things.

You should, however, note that the continuous repository is named so because it contains the results of our continuous integration system; that is, every time a commit is done to the middleware, packages in this repository are updated automatically. This means the software in the continuous repository might break. Or it might eat your firstborn. Or it might cause nasal daemons. As such, FedICT does not support these versions of the middleware. Don't try the above if you're not prepared to deal with that...

Worse Than FailureError'd: The Best Truck in the World!

"Apparently this truck has a few more features than standard trucks," writes Derek, "I'm sure the price would have been an even $3,000,000 but there are a few miles on it to drive it down."

 

Dallin wrote, "This must have been a pretty amazing update to Google Maps if it was going to give me 11 seconds of my life back!"

 

"This was taken in a service center/rest stop on the westbound Highway 401 in Ontario, Canada," writes Andrew, "I wasn't able to discover much about Ontario from the screen, except that they use PCs for their slideshows."

 

"You know what, at a -216% discount, I think I'll just buy my gift cards straight from Starbucks at full price," wrote Todd.

 

"It seems that it isn't that easy to change the settings of a project in JetBrains WebStorm via keyboard shortcut," Dominic wrote.

 

"Someone at Netflix has got to be kidneying me!" Dan writes.

 

"My mobile operator decided to let me know that my contract was changing soon...or something," Hamish wrote.

 

[Advertisement] Have you seen BuildMaster 4.3 yet? Lots of new features to make continuous delivery even easier; deploy builds from TeamCity (and other CI) to your own servers, the cloud, and more.

Planet DebianTim Retout: London.pm's July 2014 tech meeting

Last night, I went to the London.pm tech meeting, along with a couple of colleagues from CV-Library. The talks, combined with the unusually hot weather we're having in the UK at the moment, combined with my holiday all last week, make it feel like I'm at a software conference. :)

The highlight for me was Thomas Klausner's talk about OX (and AngularJS). We bought him a drink at the pub later to pump him for information about using Bread::Board, with some success. It was worth the long, late commute back to Southampton.

All very enjoyable, and I hope they have more technical meetings soon. I'm planning to attend the London Perl Workshop later in the year.

Planet DebianGunnar Wolf: Nice read: «The Fasinatng … Frustrating … Fascinating History of Autocorrect»

A long time ago, I did some (quite minor!) work on natural language parsing. Most of what I got was the very basic rudiments on what needs to be done to begin with. But I like reading some texts on the subject every now and then.

I am also a member of the ACM — Association for Computing Machinery. Most of you will be familiar with it, it's one of the main scholarly associations for the field of computing. One of the basic perks of being an ACM member is the subscription to a very nice magazine, Communications of the ACM. And, of course, although I enjoy the physical magazine, I like reading some columns and articles as they appear along the month using the RSS feeds. They also often contain pointers to interesting reads on other media — As happened today. I found quite a nice article, I think, worth sharing with whoever thinks I have interesting things to say.

They published a very short blurb titled The Fasinatng … Frustrating … Fascinating History of Autocorrect. I was somewhat skeptical reading it links to an identically named article, published in Wired. But gave it a shot, anyway...

The article follows a style that's often abused and not very amusing, but I think was quite well done: The commented interview. Rather than just drily following through an interview, the writer tells us a story about that interview. And this is the story of Gideon Lewis-Kraus interviewing Dean Hachamovitch, the creator of the much hated (but very much needed) autocorrect feature that appeared originally in Microsoft Word.

The story of Hachamovitch's work (and its derivations, to the much maligned phone input predictors) over the last twenty-something years is very light to read, very easy to enjoy. I hope you find it as interesting as I did.

,

RacialiciousThe SDCC Files: Keith Knight and C. Spike Trotman

As part of our plan to boost peoples’ signals during San Diego Comic-Con, we plan to run at least one or two mini-profiles a day, starting with a look at two popular cartoonists.

14756423533_36aea18920-2

Keith Knight

Where You Can Find Him: Booth K-15 in the Small Press section.
Where You Can Find Him Online: His personal site; his Patreon site.
What’s The Story?: Knight, a longtime SDCC exhibitor — his first con was in 1993 — who has hosted panels at the event in past years, is here promoting Knight Takes Queen, the second collection of stories from his daily Knight Life strip.

“This was a long time coming,” Knight said of the collection. “I’ve got probably 1,000 strips that I can put into books. I’m psyched to get it out, because people have been asking for it. It basically takes it through the time when my wife was pregnant with my first child until just after his birth.”

How has the convention landscape changed during the years he’s taken part in the con?: “It’s certainly is a big change from when I started coming in ’93. In ’93 it was just all 53-year-old white men. But it really started to diversify thoughout the 2000s, and hit this kind of crazy crescendo. Instead of it becoming sort of a weird side thing, and now it’s really mainstream. Honestly, the crowd can be more diverse than the comics itself, which is kind of interesting. But attempts are being made; Captain America’s black again, and Thor’s gonna be a woman. What’s interesting to me is, this is the first time I’ve seen a lot of discussion of sexual harassment of women in cosplay outfits or just being here at Comic-Con was brought up. I’m glad that kind of stuff is on the table, because it’s all been simmering under the surface.”

IMG_9762

C. Spike Trotman

Where You Can Find Her: Booth 1330 with Black Label Comics
Where You Can Find Her Online: Iron Circus Comics website.
What’s The Story?: Trotman is promoting The Sleep Of Reason, a 26-story horror anthology featuring 34 different creators she says will have “no predictable endings” and none of the usual kinds of “scary” antagonists.

“I kind of got tired of things that feature supernatural creatures masquerading as horror,” she explains. “I personally don’t find things featuring zombies, werewolves, and vampires scary anymore because everybody already knows the rules. If a zombie shows up in a story, you know what you have to do to get rid of it. If a werewolf shows up, you know the rules it’s operating under. To me, the essence of fear is not understanding and being helpless in a situation. That’s why I don’t have things like zombies and vampires in The Sleep of Reason, because if I did have them, you would know how to take care of them.”

On the expanding audience for anthologies: “I think there has kind of been a mushrooms after the rain effect when it comes to anthologies. A lot of young creators, I’ve found, are putting together anthologies amongst themselves to kind of get their work out there, because the strength of the anthology, in my opinion, is [that] people will buy it for a creator they know is in there and they already like. But as a result, they’re exposed to maybe 10 or 15 other creators that they had no idea existed, and have great potential of becoming a fan of those creators. And I think people understand that, especially on the creators’ side, they understand that. So when they put together these projects, they’re kind of drawing from one another’s audiences and readerships with the hope that there can be kind of a swapping of fans — or at least growing their own fanbase by tapping into another person’s fanbase.”

The post The SDCC Files: Keith Knight and C. Spike Trotman appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesHappy Birthday, Sociological Images!

We’re 7 years old today!  To celebrate, here’s a picture of seven capybaras.

1 (2) - Copy

Thanks to everyone who has visited over the last seven years!  This is our 5,226th post and I can hardly believe it.  Ready to charge on for another!

Here are some highlights from the last year. The blog never ceases to surprise!

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

LongNowJem Finer’s Longplayer for Voices Launches a Kickstarter

<iframe frameborder="0" height="435" scrolling="no" src="https://www.kickstarter.com/projects/333361486/longplayer-for-voices-the-next-step/widget/video.html" width="580"></iframe>

The Long Now Foundation’s relationship with the Longplayer Trust, which launched a Kickstarter campaign this week, is older than either organization. Nearly 20 years ago, in “The Big Here and the Long Now”, Brian Eno noted that:

Since the beginning of the 20th century, artists have been moving away from an idea of art as something finished, perfect, definitive and unchanging towards a view of artworks as processes or the seeds for processes—things that exist and change in time, things that are never finished.

Two of his examples were Jem Finer’s “LongPlayer”—a 1,000-year musical composition commissioned by Artangel—and Danny Hillis’s Clock of the Long Now.

Both projects were in the early planning phases at the time, but they took form four years later on New Year’s Eve 01999. The first working prototype of The Clock marked the turn of the year at the Presidio in San Francisco by bonging twice, while Longplayer started running on a computer at the 19th-century Lighthouse in Trinity Buoy Wharf at the same time on midnight Greenwich Mean Time of the year 2000.

In 02002, Jem Finer expanded the Longplayer with a Graphical Score that transformed its six-part source music into a composition for human performers. The result was Longplayer Live, a 1,000-minute slice of the millennial composition that debuted at London’s Roundhouse, and was presented by Long Now at the Yerba Buena Center for the Artsin San Francisco in 02010.


roundhouse-02lscp-1000

These performances, which ran in conjunction with the Long Conversation, were a natural outgrowth of one of the Longplayer’s primary concerns—how to sustain a composition that will long outlive its composer. Like The Clock of the Long Now, which was designed with human maintenance in mind, the Longplayer “is a social organism, depending on people—and the communication between people—for its continuation.”

89d76264e028fc81aee24349bf4cbc49_large

The next step in Longplayer Live’s evolution highlights this human role. The project is Longplayer for Voices, a choral adaptation of the Graphic Score. You can listen to an early test of a 1,000-second excerpt of the score for human voice in this video.

<iframe allowfullscreen="" frameborder="0" height="326" src="http://player.vimeo.com/video/100633599?byline=0&amp;portrait=0" width="580"></iframe>

Over the next four years, Jem Finer, conductor Peter Broadbent, and composer Orlando Gough will work with a 240-person choir to develop a 1,000-minute version of Longplayer for Voices. While human voices will be needed for the performance, human generosity is needed to make the project a reality. The Kickstarter campaign will allow Longplayer for Voices to complete the score and recruit the choir in time for a performance at the Roundhouse in the fall of 02018. The Kickstarter campaign runs until August 15, 02014.

 

Planet Linux AustraliaAndrew Pollock: [life] Day 176: Museum and swimming

Today was a pretty chill day, after yesterday's crazy busy one.

Zoe jumped into bed with at 5:40am, but snoozed again until about 6:30am. It was exciting to get up and watch the inverter showing an ever-increasing power production as the sun rose.

I let Zoe choose what she wanted to do, which is code for "I had nothing in particular planned". She chose the museum by bus this morning, so we were out the door by 9am and on a bus not long after.

The museum had never mailed out my new membership cards from a month ago, so I stopped by the tickets desk first to try and sort that out. They were very apologetic, and gave me two free tickets to Deep Oceans show. They're valid until October, so we'll go back and check that out another day.

Zoe mostly just wanted to go to the Science Centre, so after some morning tea, we headed over there. The place was almost totally empty, so we had free run, which was pretty cool. That took us through until lunch time.

I was trying to make the 12:34pm bus home, but we managed to miss it by maybe 20 metres, which was a bit of a bummer. The lady who did the indoor air quality testing was going to come back at some point after 1pm. Fortunately she didn't end up coming until closer to 2pm, so we were fine getting the 1:04pm bus instead.

After she'd been, we briefly dropped in on one of our neighbours on the way out to grab a few things for dinner from the Hawthorne Garage.

Zoe wanted to go to the pool, which was going to be a bit tight, but we made it out to Colmslie for a brief splash around in the pool before I had to get home to put dinner on.

I wanted to get out to a seminar about company boards at 5:30pm, and Sarah was coming around to babysit Zoe for me, so I wanted to get dinner on the table at 5 before I had to leave. That didn't work out quite to plan, so I had to leave with dinner about 15 minutes from being ready.

I managed to order a taxi and get it almost immediately, and it got me into the city within 15 minutes, which was pretty good. On the way home afterwards, I managed to hail a taxi within minutes of leaving the building, so overall, the transport piece worked really well.

The seminar itself was vaguely interesting. I'm curious about getting on a company board, as I think it could be a good use of my experience, and also a non-9-to-5 way of making some income. I'm not quite sure how to get that first board seat though, and exactly what to expect from a time commitment.

Cory DoctorowDisrupting elections with Kickstarter-like campaigning apps


The UK parliamentary farce over #DRIP showed us that, more than any other industry, the political machine is in dire need of disruption.


In my latest Guardian column, How the Kickstarter model could transform UK elections, I suggest that the way that minority politicians could overcome the collective action deadlock of voters being unwilling to "throw away" their ballots on the parties they support, and so holding their nose and voting for the mainstream party they hate least, or not voting at all, by taking a page out of Kickstarter's playbook:

Here's how that could work:

"Yellow Party! Well, I love what you stand for, but come on, you haven't got a snowball's chance. It's throwing away my vote."

"Oh, I'm not asking you to vote for me! Not quite, anyway. All I want you to do is go on record saying that you would vote for me, if 20% of your neighbours made the same promise. Then, on election day, we'll send you a text or and email letting you know how many people there are who've made the same promise, and you get to decide whether it's worth your while.

"The current MP, Ms Setforlife, got elected with only 8,000 votes in the last election. If I can show you that 9,000 of your neighbours feel the same way as you do, and if you act on that information – well, we could change everything."

This threshold-style action system is at the heart of Kickstarter (pledge whatever you like, but no one has to spend anything unless enough money is raised to see the project to completion) and it's utterly adaptable to elections.

In democracies all over the world, voting is in decline. A permanent political class has emerged, and what it has to offer benefits a small elite at the public's wider expense.

How the Kickstarter model could transform UK elections

Planet DebianCraig Small: PHP uniqid() not always a unique ID

For quite some time modern versions of JFFNMS have had a problem. In large installations hosts would randomly appear as down with the reachability interface going red. All other interface types worked, just this one.

Reachability interfaces are odd, because they call fping or fping6 do to the work. The reason is because to run a ping program you need to have root access to a socket and to do that is far too difficult and scary in PHP which is what JFFNMS is written in.

To capture the output of fping, the program is executed and the output captured to a temporary file. For my tiny setup this worked fine, for a lot of small setups this was also fine. For larger setups, it was not fine at all. Random failed interfaces and, most bizzarely of all, even though a file disappearing. The program checked for a file to exist and then ran stat in a loop to see if data was there. The file exist check worked but the stat said file not found.

At first I thought it was some odd load related problem, perhaps the filesystem not being happy and having a file there but not really there. That was, until someone said “Are these numbers supposed to be the same?”

The numbers he was referring to was the filename id of the temporary file. They were most DEFINITELY not supposed to be the same. They were supposed to be unique. Why were they always unique for me and not for large setups?

The problem is with the uniqid() function. It is basically a hex representation of the time.  Large setups often have large numbers of child processes for polling devices. As the number of poller children increases, the chance that two child processes start the reachability poll at the same time and have the same uniqid increases. It’s why the problem happened, but not all the time.

The stat error was another symptom of this bug, what would happen was:

  • Child 1 starts the poll, temp filename abc123
  • Child 2 starts the poll in the same microsecond, temp filename is also abc123
  • Child 1 and 2 wait poller starts, sees that the temp file exists and goes into a loop of stat and wait until there is a result
  • Child 1 finishes, grabs the details, deletes the temporary file
  • Child 2 loops, tries to run stat but finds no file

Who finishes first is entirely dependent on how quickly the fping returns and that is dependent on how quicky the remote host responds to pings, so its kind of random.

A minor patch to use tempnam() instead of uniqid() and adding the interface ID in the mix for good measure (no two children will poll the same interface, the parent’s scheduler makes sure of that.) The initial responses is that it is looking good.

 

RacialiciousThe SDCC Files: Creators Of Color To Watch At The Con

By Arturo R. García

As a supplement to our two-part San Diego Comic-Con preview, enjoy this look at some of the creators of color who’ll be at the convention — some in panels, some on the floor, but all should be on your radar after the weekend.

Erika Alexander and Tony Puryear

Where You Can Find Them: The Writer’s Journey, Breaking into Comics and Hollywood Scriptwriting at 3 p.m. on Thursday, Room 32AB. Alexander will be part of Michael Davis’ Black Panel at 10 a.m. on Friday in Room 5AB. Both Alexander and Puryear will be signing for Dark Horse Comics at Booth 2615 on Friday from 3 to 4 p.m.
Where You Can Find Them Online: Concrete Park website and Twitter feed.
What’s The Story?: Racializens probably don’t need an introduction to Alexander, a TV veteran (The Cosby Show, Living Single) who also shared the story behind her decidedly more diverse Mad Men idea, Mad Men: Uptown Saturday Night, with us last April. Meanwhile, Puryear is the screenwriter behind the Arnold Schwarzenegger film Eraser and is coming off an appearance in the documentary Brave New Souls: Black Sci-Fi and Fantasy Writers of the 21st Century. The duo is at the con this year promoting Concrete Road, their dystopian sci-fi story. The first arc was selected to be part of last year’s edition of the Best American Comics anthology, with a new Park mini-series debuting on Oct. 5, and a hardcover collecting their featured work in Dark Horse Presents scheduled for an October release.

Cathy Camper

Where You Can Find Her: Technically, you can’t; Camper will not be at the convention in person. But her publisher, Chronicle Books, will be handing out advanced readers’ copies of Lowriders In Space, her collaboration with artist Raul III and editor Ginee Seo, at booth 1506. The 112-page graphic novel will be formally released on Nov. 4.
Where You Can Find Her Online: Lowriders In Space Facebook page
In Her Words: “I wrote Lowriders in Space because as an Arab-American, I was fed up with the inability of mainstream comics and books to represent the diversity of kids I serve today as a kid’s librarian, kids who like me, don’t see themselves in books,” Camper told Racialicious via email. “Raul III told me, ‘This is the book I wanted to read as a child,’ and he was passionate to create it for the same reasons I was.”

Dani Dixon

Where You Can Find Her: Insights for Independent Creators at 4 p.m. on Thursday, Room 32AB.
Where You Can Find Her Online: Her personal site; her Twitter feed.
What’s the story?: Dixon has created two comics series: 13 (about a world where every 13-year-old child has superpowers — but only for one year) and the Midwestern manga story M.I.S.//ing, through her own publishing house, Tumble Creek Press.

Ulises Farinas

Where You Can Find Him: Signing autographs for IDW Publishing at Booth 2643 Thursday at noon.
Where You Can Find Him Online: His personal site; Farinas is also a contributor for The Idol Box, focusing on race and pop culture
What’s the story?: Farinas is the artist for IDW’s Judge Dredd: Mega-City 2, in which the antihero is reassigned to mete out justice in a metropolis that spans the entire U.S. West Coast. Farinas’ ultra-detailed style won him critical praise from both IGN (“the absolute best thing about this comic is the artwork”) and Comic Book Therapy (“Farinas’ style fits this madcap story perfectly”). Farinas’ work has also been featured in Comics Alliance, Complex, the New York Times and Wired.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/uQ0AxQeu-Kc" width="560"></iframe>

Jonathan Gayles

Where You Can Find Him: Screening of White Scripts and Black Supermen: Black Masculinities In Comic-Books, Friday at 7:40 p.m. in Hall 2 at the Marriott Marquis & Marina, 333 W Harbor Dr. (down the street from the convention, literally).
Where You Can Find Him Online: and Facebook page; his Twitter feed.
What’s the story?: Gayles’ examination of the comics industry’s depiction of Black men, ranging from Black Panther to Luke Cage to the Milestone Universe, has made its way through the festival circuit since premiering four years ago, but this will be its first screening at SDCC.

Sloane Leong

Where You Can Find Her: Color Design in Comics at 5 p.m. on Thursday, Room 32AB and Image Comics’ “I is for Innovation” panel on Sunday at 2 p.m., Room 7AB
Where You Can Find Her Online: Her personal site; her Twitter feed.
What’s the story?: Leong enters the convention on the heels of the unveiling of From Under Mountains, a fantasy series scheduled to be released next year, featuring her art alongside writing by co-creators Marian Churchland and Claire Gibson. The story is set in the fictional kingdom of Akhara, and will feature a cast of characters almost entirely comprised of people of color.

“For one it feels like a strange betrayal not to include people like myself in the stories I’m telling and it also feels irresponsible not to challenge our culture’s status quo of all white everything,” Leong told Comics Alliance. “A lot of artists I feel don’t want to broach this issue in their work because they feel their work will be ‘othered’ and ignored and I feel like that too, but at the same time I feel encouraged by that. Someone could make amazing work and still not say anything of any consequence about the world they live and thats fine but for me that’s not really an option.”

Ajuan Mance

Where You Can Find Her: Currently scheduling a signing; see her Twitter feed for more information. Also, look for the afropick/barcode 8-Rock logo at the free tables in the Sails Pavillion.
Where You Can Find Her Online: Her personal site.
What’s the story?: Mance is currently promoting 1001 Black Men, an online sketchbook chronicling her encounters with Black men around the Bay Area, where she works. The gentleman pictured here, for instance, is No. 741:

I passed this guy a few weeks ago, at the San Francisco Public Library. I’d gone over to pick up the three pieces of art I’d shown as part of The Black Woman is God exhibit, curated by Karen Seneferu. It was the second incarnation of an exhibit that was at the African American Art and Culture Complex last summer. Like me he was heading toward the African American Center at the library and I watched with a little bit of envy as he disappeared into the stacks near the exhibit area.

Mance is also a zine creator, with her works including A Blues for Black Santa, Black Satyr, and The Little Book of Big Black Bears.

Eric Dean Seaton

Where You Can Find Him: Table P-13 in the Small Press Pavillion
Where You Can Find Him Online: Legend of the Mantamaji website and Facebook page; his Twitter feed.
What’s The Story?: Seaton, a veteran television director — he’s helmed 160 episodes of more than 32 different series — is promoting Legend of the Mantamaji, an urban fantasy set to be released this October. The story centers on attorney Elijah Alexander, who comes to find out he’s the last of the Mantamaji, a group of protectors with roots dating back 3,000 years. It’s also notable that the book will feature lettering by Deron Bennett, who was nominated for an Eisner Award two years ago for his work on titles like Jim Henson’s Dark Crystal, Jim Henson’s Tale of Sand and Helldorado, among others.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/8p_NchIbwZ4" width="560"></iframe>

Strawberry Scented Burnout

Where You Can Find Them: See below
Where You Can Find Them Online: SSB website, Facebook page, and Twitter feed. Individual Twitter feeds listed here.
What’s The Story?: As CEO Francis Bautista explains in the video above, the project started as a webcomic and has evolved into the foundation of a pop-culture site that covers everything from relationships to mixed martial arts to video games.

“This comic, I really wanna say that it’s catered to kids that are starting college, kids that have gone through college and people that are, sad to say, my age,” Bautista says. “Early thirties, you know.”

The post The SDCC Files: Creators Of Color To Watch At The Con appeared first on Racialicious - the intersection of race and pop culture.

Worse Than FailureCodeSOD: Doing a Split...the Hard Way

Way back when Java first came out, if you wanted to split a string into tokens, you had to roll your own mechanism to do so. Of course, even as far back as Java 1.2, there were some built-in secrets to help you tokenize your string so you could iterate over the tokens.

David S. found this little gem written by one of his cohorts in a very recent version of Java (which we all know has absolutely no way of splitting a string into tokens).

While it's plausible that someone new to Java might not know about the built-in function to tokenize a string, it's pretty clear from this piece of ingenuity that this individual also didn't seem to know about ArrayLists, or even System.arraycopy()...

public static String[] split(String toSplit, String delimiter) {
  String[] ret = new String[0];

  int i = toSplit.indexOf(delimiter);

  String[] temp = null;
  while(i>-1) {
    temp = new String[ret.length+1];
    for (int j=0; j < ret.length; j++) {
        temp[j] = ret[j];
    }
                     
    temp[temp.length-1] = toSplit.substring(0, i);
    toSplit =  toSplit.substring(i+ delimiter.length());
    i = toSplit.indexOf(delimiter);
                     
    ret = new String[temp.length];
    for (int j=0; j < ret.length; j++) {
        ret[j] = temp[j];
    }                    
  }
              
  temp = new String[ret.length+1];
  for (int j=0; j < ret.length; j++) {
      temp[j] = ret[j];
  }
              
  temp[temp.length-1] = toSplit;
              
  ret = new String[temp.length];
  for (int j=0; j < ret.length; j++) {
      ret[j] = temp[j];
  }             
              
  return ret;
}
[Advertisement] Have you seen BuildMaster 4.3 yet? Lots of new features to make continuous delivery even easier; deploy builds from TeamCity (and other CI) to your own servers, the cloud, and more.

Planet DebianMartin Pitt: vim config for Markdown+LaTeX pandoc editing

I have used LaTeX and latex-beamer for pretty much my entire life of document and presentation production, i. e. since about my 9th school grade. I’ve always found the LaTeX syntax a bit clumsy, but with good enough editor shortcuts to insert e. g. \begin{itemize} \item...\end{itemize} with just two keystrokes, it has been good enough for me.

A few months ago a friend of mine pointed out pandoc to me, which is just simply awesome. It can convert between a million document formats, but most importantly take Markdown and spit out LaTeX, or directly PDF (through an intermediate step of building a LaTeX document and calling pdftex). It also has a template for beamer. Documents now look soo much more readable and are easier to write! And you can always directly write LaTeX commands without any fuss, so that you can use markdown for the structure/headings/enumerations/etc., and LaTeX for formulax, XYTex and the other goodies. That’s how it should always should have been! ☺

So last night I finally sat down and created a vim config for it:

"-- pandoc Markdown+LaTeX -------------------------------------------

function s:MDSettings()
    inoremap <buffer> <Leader>n \note[item]{}<Esc>i
    noremap <buffer> <Leader>b :! pandoc -t beamer % -o %<.pdf<CR><CR>
    noremap <buffer> <Leader>l :! pandoc -t latex % -o %<.pdf<CR>
    noremap <buffer> <Leader>v :! evince %<.pdf 2>&1 >/dev/null &<CR><CR>

    " adjust syntax highlighting for LaTeX parts
    "   inline formulas:
    syntax region Statement oneline matchgroup=Delimiter start="\$" end="\$"
    "   environments:
    syntax region Statement matchgroup=Delimiter start="\\begin{.*}" end="\\end{.*}" contains=Statement
    "   commands:
    syntax region Statement matchgroup=Delimiter start="{" end="}" contains=Statement
endfunction

autocmd BufRead,BufNewFile *.md setfiletype markdown
autocmd FileType markdown :call <SID>MDSettings()

That gives me “good enough” (with some quirks) highlighting without trying to interpret TeX stuff as Markdown, and shortcuts for calling pandoc and evince. Improvements appreciated!

Planet DebianMatthew Palmer: First Step with Clojure: Terror

$ sudo apt-get install -y leiningen
[...]
$ lein new scratch
[...]
$ cd scratch
$ lein repl
Downloading: org/clojure/clojure/1.3.0/clojure-1.3.0.pom from repository central at http://repo1.maven.org/maven2
Transferring 5K from central
Downloading: org/sonatype/oss/oss-parent/5/oss-parent-5.pom from repository central at http://repo1.maven.org/maven2
Transferring 4K from central
Downloading: org/clojure/clojure/1.3.0/clojure-1.3.0.jar from repository central at http://repo1.maven.org/maven2
Transferring 3311K from central
[...]

Wait… what? lein downloads some random JARs from a website over HTTP1, with, as far as far I can tell, no verification that what I’m asking for is what I’m getting (has nobody ever heard of Man-in-the-Middle attacks in Maven land?). It downloads a .sha1 file to (presumably) do integrity checking, but that’s no safety net – if I can serve you a dodgy .jar, I can serve you an equally-dodgy .sha1 file, too (also, SHA256 is where all the cool kids are at these days). Finally, jarsigner tells me that there’s no signature on the .jar itself, either.

It gets better, though. The repo1.maven.org site is served by the fastly.net2 pseudo-CDN3, which adds another set of points in the chain which can be subverted to hijack and spoof traffic. More routers, more DNS zones, and more servers.

I’ve seen Debian take a kicking more than once because packages aren’t individually signed, or because packages aren’t served over HTTPS. But at least Debian’s packages can be verified by chaining to a signature made by a well-known, widely-distributed key, signed by two Debian Developers with very well-connected keys.

This repository, on the other hand… oy gevalt. There are OpenPGP (GPG) signatures available for each package (tack .asc onto the end of the .jar URL), but no attempt was made to download the signatures for the .jar I downloaded. Even if the signature was downloaded and checked, there’s no way for me (or anyone) to trust the signature – the signature was made by a key that’s signed by one other key, which itself has no signatures. If I were an attacker, it wouldn’t be hard for me to replace that key chain with one of my own devising.

Even ignoring everyone living behind a government- or company-run intercepting proxy, and everyone using public wifi, it’s pretty well common knowledge by now (thanks to Edward Snowden) that playing silly-buggers with Internet traffic isn’t hard to do, and there’s no shortage of evidence that it is, in fact, done on a routine basis by all manner of people. Serving up executable code to a large number of people, in that threat environment, with no way for them to have any reasonable assurance that code is trustworthy, is very disappointing.

Please, for the good of the Internet, improve your act, Maven. Putting HTTPS on your distribution would be a bare minimum. There are attacks on SSL, sure, but they’re a lot harder to pull off than sitting on public wifi hijacking TCP connections. Far better would be to start mandating signatures, requiring signature checks to pass, and having all signatures chain to a well-known, widely-trusted, and properly secured trust root. Signing all keys that are allowed to upload to maven.org with a “maven.org distribution root” key (itself kept in hardware and only used offline), and then verifying that all signatures chain to that key, wouldn’t be insanely difficult, and would greatly improve the security of the software supply chain. Sure, it wouldn’t be perfect, but don’t make the perfect the enemy of the good. Cost-effective improvements are possible here.

Yes, security is hard. But you don’t get to ignore it just because of that, when you’re creating an attractive nuisance for anyone who wants to own up a whole passel of machines by slipping some dodgy code into a widely-used package.


  1. To add insult to injury, it appears to ignore my http_proxy environment variable, and the repo1.maven.org server returns plain-text error responses with Content-Type: text/xml. But at this point, that’s just icing on the shit cake.

  2. At one point in the past, my then-employer (a hosting provider) blocked Fastly’s caching servers from their network because they took down a customer site with a massive number of requests to a single resource, and the incoming request traffic was indistinguishable from a botnet-sourced DDoS attack. The requests were coming from IP space registered to a number of different ISPs, with no distinguishing rDNS (184-106-82-243.static.cloud-ips.com doesn’t help me to distinguish between “I’m a professionally-run distributed proxy” and “I’m a pwned box here to hammer your site into the ground”).

  3. Pretty much all of the new breed of so-called CDNs aren’t actually pro-actively distributing content, they’re just proxies. That isn’t a bad thing, per se, but I rather dislike the far-too-common practice of installing varnish (and perhaps mod_pagespeed, if they’re providing “advanced” capabilities) on a couple of AWS instances, and hanging out your shingle as a CDN. I prefer a bit of truth in my advertising.

,

Planet DebianRuss Allbery: WebAuth 4.6.1

This is a bug-fix release of the WebAuth site-wide web authentication system. As is typical, I accumulated a variety of minor bug fixes and improvements that I wanted to get into a release before starting larger work (in this case, adding JSON support for the user information service protocol).

The most severe bug fix is something that only folks at Stanford would notice: support for AuthType StanfordAuth was broken in the 4.6.0 release. This is for legacy compatibility with WebAuth 2.5. It has been fixed in this release.

In other, more minor bug fixes, build issues when remctl support is disabled have been fixed, expiring password warnings are shown in WebLogin after any POST-based authentication, the confirmation page is forced if authorization identity switching is available, the username field is verified before multifactor authentication to avoid subsequent warnings, newlines and tabs are allowed in the XML sent from the WebKDC for user messages, empty RT and ST parameters are correctly diagnosed, and there are some documentation improvements.

The main new feature in this release is support for using FAST armor during password authentication in mod_webkdc. A new WebKdcFastArmorCache directive can be set to point at a Kerberos ticket cache to use for FAST armor. If set, FAST is required, so the KDC must support it as well. This provides better wire security for the initial password authentication to protect against brute-force dictionary attacks against the password by a passive eavesdropper.

This release also adds a couple of new factor types, mp (mobile push) and v (voice), that Stanford will use as part of its Duo Security integration.

Note that, for the FAST armor feature, there is also an SONAME bump in the shared library in this release. Normally, I wouldn't bump the SONAME in a minor release, but in this case the feature was fairly minor and most people will not notice the change, so it didn't feel like it warranted a major release. I'm still of two minds about that, but oh well, it's done and built now. (At least I noticed that the SONAME bump was required prior to the release.)

You can get the latest release from the official WebAuth distribution site or from my WebAuth distribution pages.

Planet DebianLior Kaplan: Testing PHPNG on Debian/Ubuntu

We (at Zend) want to help people get more involved in testing PHPNG (PHP next generation), so we’re started to provide binaries for it, although it’s still a branch on top of PHP’s master branch. See more details about PHPNG on Zeev Suraski’s blog post.

The binaries (64bit) are compatible with Debian testing/unstable and Ubuntu Trusty (14.04) and up. The mod_php is built for Apache 2.4 which all three flavors have.

The repository is at http://repos.zend.com/zend-server/early-access/phpng/

Installation instructions:

# wget http://repos.zend.com/zend.key -O- 2> /dev/null | apt-key add -
# echo “deb [arch=amd64] http://repos.zend.com/zend-server/early-access/phpng/ trusty zend” > /etc/apt/sources.list.d/phpng.list
# apt-get update
# apt-get install php5

For the task of providing these binaries, I had a pleasure of combining my experience as a member of the Debian PHP team and a Debian Developer with stuff more internal to the PHP development process. Using the already existing Debian packaging enabled me to test more builds scenarios easily (and report problems accoredingly). Hopefully this could also be translated back into providing more experimental packages for Debian and making sure Debian packages are ready for the PHP released after PHP 5.6.


Filed under: Debian GNU/Linux, PHP

Planet DebianPetter Reinholdtsen: 98.6 percent done with the Norwegian draft translation of Free Culture

This summer I finally had time to continue working on the Norwegian docbook version of the 2004 book Free Culture by Lawrence Lessig, to get a Norwegian text explaining the problems with todays copyright law. Yesterday, I finally completed translated the book text. There are still some foot/end notes left to translate, the colophon page need to be rewritten, and a few words and phrases still need to be translated, but the Norwegian text is ready for the first proof reading. :) More spell checking is needed, and several illustrations need to be cleaned up. The work stopped up because I had to give priority to other projects the last year, and the progress graph of the translation show this very well:

If you want to read the result, check out the github project pages and the PDF, EPUB and HTML version available in the archive directory.

Please report typos, bugs and improvements to the github project if you find any.

Planet DebianMichael Prokop: Book Review: The Docker Book

Docker is an open-source project that automates the deployment of applications inside software containers. I’m responsible for a docker setup with Jenkins integration and a private docker-registry setup at a customer and pre-ordered James Turnbull’s “The Docker Book” a few months ago.

Recently James – he’s working for Docker Inc – released the first version of the book and thanks to being on holidays I already had a few hours to read it AND blog about it. :) (Note: I’ve read the Kindle version 1.0.0 and all the issues I found and reported to James have been fixed in the current version already, jey.)

The book is very well written and covers all the basics to get familiar with Docker and in my opinion it does a better job at that than the official user guide because of the way the book is structured. The book is also a more approachable way for learning some best practices and commonly used command lines than going through the official reference (but reading the reference after reading the book is still worth it).

I like James’ approach with “ENV REFRESHED_AT $TIMESTAMP” for better controlling the cache behaviour and definitely consider using this in my own setups as well. What I wasn’t aware is that you can directly invoke “docker build $git_repos_url” and further noted a few command line switches I should get more comfortable with. I also plan to check out the Automated Builds on Docker Hub.

There are some references to further online resources, which is relevant especially for the more advanced use cases, so I’d recommend to have network access available while reading the book.

What I’m missing in the book are best practices for running a private docker-registry in a production environment (high availability, scaling options,…). The provided Jenkins use cases are also very basic and nothing I personally would use. I’d also love to see how other folks are using the Docker plugin, the Docker build step plugin or the Docker build publish plugin in production (the plugins aren’t covered in the book at all). But I’m aware that this are fast moving parts and specialised used cases – upcoming versions of the book are already supposed to cover orchestration with libswarm, developing Docker plugins and more advanced topics, so I’m looking forward to further updates of the book (which you get for free as existing customer, being another plus).

Conclusion: I enjoyed reading the Docker book and can recommend it, especially if you’re either new to Docker or want to get further ideas and inspirations what folks from Docker Inc consider best practices.

Sky CroeserThinking about research ethics

I didn’t get much (well, any) training in the ethics of research during my formal studies, apart from the documents that came along with my first ethics application. Over the years, I’ve been thinking more about what constitutes ethical research involving activists, and how I can use my relatively-privileged position within academia. The work I’ve been doing with Tim Highfield on the Mapping Movements project has also raised new challenges as we’ve tried to think about how to use social media material ethically (and rigorously). Over recent years, I’ve also come across more critiques by feminists and people of colour of the ways in which their lives, analyses, and work has been appropriated by academia and the media.

In response to this, I’ve tried to put together a rough public document about the ethical guidelines for my research. This is intended as a public statement of accountability, and I hope to continue updating it in response to further thinking and self-education.


Krebs on SecurityFeds: Hackers Ran Concert Ticket Racket

A Russian man detained in Spain is facing extradition to the United States on charges of running an international cyber crime ring that allegedly stole more than $10 million in electronic tickets from e-tickets vendor StubHub.

stubhubVadim Polyakov, 30, was detained while vacationing in Spain. Polyakov is wanted on conspiracy charges to be unsealed today in New York, where investigators with the Manhattan District Attorney’s office and the U.S. Secret Service are expected to announce coordinated raids of at least 20 people in the United States, Canada and the United Kingdom accused of running an elaborate scam to resell stolen e-tickets and launder the profits.

Sources familiar with the matter describe Polyakov, from St. Petersburg, Russia, as the ringleader of the gang, which allegedly used thousands of compromised StubHub user accounts to purchase huge volumes of electronic, downloadable tickets that were fed to a global network of resellers.

Robert Capps, senior director of customer success for RedSeal Networks and formerly head of StubHub’s global trust and safety organization, said the fraud against StubHub — which is owned by eBay — largely was perpetrated with usernames and passwords stolen from legitimate StubHub customers. Capps noted that while banks have long been the target of online account takeovers, many online retailers are unprepared for the wave of fraud that account takeovers can bring.

“In the last year online retailers have come under significant attack by cyber criminals using techniques such as account takeover to commit fraud,” Capps said. “Unfortunately, the transactional risk systems employed by most online retailers are not tuned to detect and defend against malicious use of existing customer accounts.  Retooling these systems to detect account takeovers can take some time, leaving retailers exposed to significant financial losses in the intervening time.”

Polyakov is the latest in a recent series of accused Russian hackers detained while traveling abroad and currently facing extradition to the United States. Dmitry Belorossov, a Russian citizen wanted in connection with a federal investigation into a cyberheist gang that leveraged the Gozi Trojan, also is facing extradition to the United States from Spain. He was arrested in Spain in August 2013 while attempting to board a flight back to Russia.

Last month, federal authorities announced they had arrested Russian citizen Roman Seleznev as he was vacationing in the Maldives. Seleznev, the son of a prominent Russian lawyer, is currently being held in Guam and is awaiting extradition to the United States.

Arkady Bukh, a New York criminal lawyer who frequently represents Russian and Eastern European hackers who wind up extradited to the United States, said the Polyakov case will be interesting to watch because his extradition is being handled by New York authorities, not the U.S. government.

“I’m not saying they won’t get some help from the feds, but extradition by state prosecutors is often a failure,” Bukh said. “In fact, I don’t remember the last time we saw a successful extradition of cybercrime suspects by U.S. state prosecutors. You have to have a lot of political juice to pull off that kind of thing, and normally state prosecutors don’t have that kind of juice.”

Nevertheless, Bukh said, U.S. authorities have made it crystal clear that there are few countries outside of Russia and Ukraine which can be considered safe havens for wanted cybercriminals.

“The U.S. government has delivered the message that these guys can get arrested anywhere, that there are very few places they can go and go safely,” Bukh said.

Sociological ImagesConspicuous Pollution: Rural White Men Rollin’ Coal

Conspicuous consumption refers to the practice of ostentatiously displaying of high status objects.  Think very expensive purses and watches.  In the last few decades, as concern for the environment has become increasingly en vogue, it has become a marker of status to care for the earth.  Accordingly, people now engage in conspicuous conservation, the ostentatious display of objects that mark a person as eco-friendly.

Driving a Prius and putting solar panels on visible roof lines, even if they aren’t the sunniest, are two well-documented examples.  Those “litter removal sponsored by” signs on freeways are an example we’ve featured, as are these shoes that make it appear that the wearer helped clean up the oil spill in the gulf, even though they didn’t.

Well, welcome to the opposite: conspicuous pollution.

1

Elizabeth Kulze, writing at Vocativ, explains:

In small towns across America, manly men are customizing their jacked-up diesel trucks to intentionally emit giant plumes of toxic smoke every time they rev their engines. They call it “rollin’ coal”…

It’s a thing. Google it!

1a

This is not just a handful of guys.  Kulze links to “an entire subculture” on Facebook, Tumblr, and Instagram. “It’s just fun,” one coal roller says. “Just driving and blowing smoke and having a good time.”

It isn’t just fun, though. It’s a way for these men — mostly white, working class, rural men — to send an intrusive and nasty message to people they don’t like. According to this video, that includes Prius drivers, cops, women, tailgaters, and people in vulnerable positions. “City boys” and “liberals” are also targeted:

<iframe height="303" src="https://www.vocativ.com/embed/89277/" width="540"></iframe>

Kulze reports that it costs anywhere between $1,000 and $5,000 to modify a pickup to do this, which is why the phenomenon resonates with conspicuous consumption and conservation.  It’s an expensive and public way to claim an identity that the owner wants to project.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianTanguy Ortolo: GNU/Linux graphic sessions: suspending your computer

Major desktop environments such as Xfce or KDE have a built-in computer suspend feature, but when you use a lighter alternative, things are a bit more complicated, because basically: only root can suspend the computer. There used to be a standard solution to that, using a D-Bus call to a running daemon upowerd. With recent updates, that solution first stopped working for obscure reasons, but it could still be configured back to be usable. With newer updates, it stopped working again, but this time it seems it is gone for good:

$ dbus-send --system --print-reply \
            --dest='org.freedesktop.UPower' \
            /org/freedesktop/UPower org.freedesktop.UPower.Suspend
Error org.freedesktop.DBus.Error.UnknownMethod: Method "Suspend" with
signature "" on interface "org.freedesktop.UPower" doesn't exist

The reason seems to be that upowerd is not running, because it no longer provides an init script, only a systemd service. So, if you do not use systemd, you are left with one simple and stable solution: defining a sudo rule to start the suspend or hibernation process as root. In /etc/sudoers.d/power:

%powerdev ALL=NOPASSWD: /usr/sbin/pm-suspend, \
                        /usr/sbin/pm-suspend-hybrid, \
                        /usr/sbin/pm-hibernate

That allows members of the powderdev group to run sudo pm-suspend, sudo pm-suspend-hybrid and sudo pm-hibernate, which can be used with a key binding manager such as your window manager's or xbindkeys. Simple, efficient, and contrary to all that ever-changing GizmoKit and whatsitd stuff, it has worked and will keep working for years.

Planet Linux AustraliaAndrew Pollock: [life] Day 175: Kindergarten, cleaning, swim class and a lot of general madness

Today was ridiculously busy.

I woke up pretty early, but ended up not getting out of bed until about 7:30am. While I was in the shower, the guy from Origin buzzed to get let in because he wanted to replace the building's hot water meters. Then I raced next door for my chiropractic adjustment.

I got back home, had breakfast, and started cleaning the house, which I mostly finished by 11am, then I biked over for my massage. While I was getting my massage, the solar installer tried calling me because they'd arrived. Fortunately they didn't have to wait too long.

I did a bit more cleaning for 45 minutes, raced out to Grill'D to grab some lunch and then over to Kindergarten to chair the PAG meeting.

After the meeting, I picked up Zoe and Megan, and we went home to see how the solar installers were going.

They were making a spectacular mess, and we didn't have a lot of time before we had to head out again for Zoe's swim class. We drove over to the pool, and discovered a few other kids from Zoe's Kindergarten were in the preceding classes. Zoe's swim school is running a 2 for 1 thing this term because of the cold weather, to try and keep kids enrolled. I figured twice as many swim classes could only help, so jumped at the chance.

Megan was happy to play around while we waited for Zoe to have her class, and then we went home again. The solar installers were just finishing up.

No sooner had they walked out the door and the woman I'd organised to do indoor air quality testing arrived. I'm wanting to rule out living on a busy road having any contribution to Zoe's suspected asthma.

I was making a new Thermomix recipe for dinner, and Laura was coming over for dinner after she picked up Megan's little sister from day care. Dinner turned out really well, but with all of the preceding madness, I didn't get it started until a bit later than I had hoped, and so it was on the table later than I'd have liked.

Once Laura left with her kids, I chucked Zoe in the shower and got her down to bed only about 20 minutes later than normal. She slept through the night last night for Sarah, so I'm hoping she'll sleep through the night again tonight.

RacialiciousThe Racialicious Preview for San Diego Comic-Con, Part II: Saturday & Sunday

By Arturo R. García

Thanks to Kendra, as ever, for covering Part I of the weekend. As usual, you can find our panel coverage on Twitter through her account, the R official feed and my own personal account.

Just like last year, we’ll be compiling our individual panels on Storify and posting them next week. For now, though, let’s look at the second half of the con!

SATURDAY

Diversity in Genre Lit (10 a.m., Room 7AB)

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/QvlrcTB6FVE" width="560"></iframe>

Gene Luen Yang figures to have maybe the most momentum going into this discussion of creating diverse worlds in their work, since he’s coming off the release of The Shadow Hero, his new comic with illustrator Sonny Liew and letterer Janice Chiang. Joining him on the panel are Josephine Angelini (Trial by Fire), Adele Griffin (The Unfinished Life of Addison Stone), Lydia Kang (Control), Sherri L. Smith (Orleans) and the producer of the dearly-departed Young Justice animated series, Greg Weisman (Spirits of Ash and Foam: A Rain of the Ghosts Novel).

Avatar the Last Airbender: Legend and Legacy (10:30 a.m, Room 24ABC)

Well this could be awkward: Yang, who has written the comic-book adaptation of the popular animated series, is also booked for this get-together for fans.

Fantastic Females: Heroines in Paranormal Fantasy (10:30 a.m., Room 8)

While Marjorie Liu has made a name for herself for her work for Marvel Comics, she’s also a best-selling fantasy author. Her latest work, Labyrinth of Stars, was published earlier this year. In this panel, she’s joined by Deborah Harkness (the All Souls trilogy), S.J. Harper, (Reckoning), Tonya Hurley (the Blessed series), and the duo known as Christina Lauren (Reckoning, the Wild Seasons series).

Spotlight on Bryan Lee O’Malley (12 p.m., Room 28DE)

The creator of the Scott Pilgrim comics series previews his latest work, Seconds, a stand-alone graphic novel about a girl who gets more than one magical second chance, and the consequences of that kind of luck.

Kodansha Comics (12:30 p.m., Room 8)

Fans of Attack on Titan — the manga powerhouse that has spawned not only separate manga adaptations but a video game and a movie set for release next summer — will want to hone in on this one.

Comics Arts Conference Session #12: Poster Session (2 p.m., Room 26AB)

There’s quite a number of presentations scheduled for this 90-minute session, but here’s two that caught our eye:

  • Allen Thomas (University of Central Arkansas) and Mara Whiteside (University of Central Arkansas) examine the relationship between readers and minority comic book characters, namely the connection a reader feels to a particular character, and discuss the future direction of comic books in regards to minority representation.
  • J. Scott McKinnon (Henderson State University) identifies the factors that contribute to ethnic minority characters either succeeding or failing, examining online discussions, reviews, and published articles.
  • Jake Talley (San Diego State University) compares the female and minority populations in the Marvel and DC universes at various points in their histories to illustrate how their race and gender makeups have evolved over time, and compares the Big Two with younger publishers to see if the lack of decades of continuity produces a more representative character population.

30 Years of Usagi Yojimbo! (3 p.m., Room 28DE)

Everybody’s favorite samurai rabbit is back after a two-year hiatus, and creator Stan Sakai is back to shed some light on Senso, the upcoming six-issue miniseries that promises to serve as the character’s personal Dark Knight Returns.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="270" src="http://www.dailymotion.com/embed/video/x1atzuy" width="480"></iframe>
What’s Opera Doc by MistyIsland1

Spotlight on Willie Ito (3 p.m., Room 9)

The San Francisco native went from spending part of his childhood in a Japanese internment camp during World War II to a 60-year career as an animator that saw him work on everything from Lady and the Tramp to The Flintstones to the seminal Bugs Bunny animated story What’s Opera, Doc?

Drawing in a [+SM]Art Way: A Hands-on Workshop (5 p.m., Room 30CDE)

What does it say about the comics industry when maybe the most creative title of the whole weekend is from an academic panel? In this panel, Dr. Wei Xu will expand on his work in Drawing in the Digital Age, in which the mathematician and artist describes what he calls the “ABC Method” of working in both 2D and 3D art.

Best and Worst Manga of 2014 (7 p.m., Room 23)

The great Deb Aoki and David Brothers share their cheers and jeers in this panel, along with their picks for underrated books you should pick up.

Gays in Comics XXVII: Prism Comics Mixer and Auction (7 p.m., Room 6A)

In a year where marriage equality has picked up momentum across several states in the U.S., this year’s benefit event for the LGBT advocacy group Prism Comics should have an extra-celebratory air.

SUNDAY

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/xhhOMceBJv8" width="420"></iframe>

Teen Titans Go! Video Presentation and Q&A (11:45 a.m., Room 6BCF)

Okay, so the panel itself looks like it’ll be the usual preview for the upcoming season of the newest incarnation of the DC Entertainment comics series. But the highlight might end up being the appearance of Puffy AmiYumi, the Japanese pop duo behind the ultra-catchy theme song.

Comics Arts Conference Session #14: Strips and Pin-Ups, Race and Politics (12 p.m., Room 26AB)

Only three presentations scheduled for this session, and two of them look intriguing:

  • Melissa Loucks (University of Florida) reminds us of the work comic strips do toward thwarting the distortions and suppressions of the dominant civil rights narrative, looking at the work of Oliver Harrington, George Herriman, and Jackie Ormes.
  • Dwain C. Pruitt (University of Louisville) considers the roles that Matt Baker’s race and sexual orientation may have played in his work and in his most celebrated contribution, the “Baker Girl,” asserting that Baker’s work was shaped by the unique African-American expressive and visual culture of 1930s-1950s Harlem.

Comics Arts Conference Session #15: Comics of Future/Past: Constructing Race, Space and Identity Through the Visualization of the EthnoSurreal (1:30 p.m., Room 26AB)

And speaking of intriguing, check out the description for these three presentation:

Recently, Afrofuturism has been making a global resurgence. Creators in all media forms have been producing speculative narratives that challenge the status quo, remix historical perceptions, and situate the black body as subject. John Jennings (University at Buffalo, SUNY), Stanford Carpenter (Institute for Comics Studies), Regina Bradley (Kennesaw State University), and Jeremy Love (Bayou) ask if the term Afrofuturism still remains the proper designation for invoking ideas of race and cultural production, examining the new notion of the “EthnoSurreal” and how it is comprised of the EthnoGothic and EthnoFuturism. This panel will also tackle the articulation of how these designations are defined and how they can possibly challenge and reimagine ideas around socially constructed ideas regarding racial identity, its visualization, and its consumption through the comics medium.

Superheroines! Power, Responsibility, and Representation (1:30 p.m., Room 23ABC)

Our colleagues at Racebending host this all-female discussion centering on “women in the superhero world.” Marjorie Liu will be on this panel, as will Batman and Earth 2 writer Marguerite Bennett, writer and illustrator Joanna Estep (Bold Riley), cartoonist Faith Erin Hicks, clinical psychologist and podcaster Dr. Andrea Letamendi and artist and animator Jules Rivera.

Fund My Comic (2 p.m., Room 29A)

DC comics mainstay Jamal Igle will be part of this how-to talk on crowdfunding and self-publishing, following his success fundraising on Kickstarter for Molly Danger.

The Battle for Multicultural Heroes (4 p.m., Room 28DE)

Letamendi returns to join panelists Linda Le and Andre Meadows along with host Tony Kim in the second edition of the panel. Interesting to note last year that, while the discussion did a good job covering what you’d call Race 101, none of the panelists expressed any familiarity with Racebending or sites that cover social justice issues in general, aside from Angry Asian Man. This year, Kim said he attempted to contact Racebending, to no avail.

[Top image by Christopher Brown via Flickr Creative Commons]

The post The Racialicious Preview for San Diego Comic-Con, Part II: Saturday & Sunday appeared first on Racialicious - the intersection of race and pop culture.

Planet DebianFrancesca Ciceri: Adventures in Mozillaland #3

Yet another update from my internship at Mozilla, as part of the OPW.

A brief one, this time, sorry.

Bugs, Bugs, Bugs, Bacon and Bugs

I've continued with my triaging/verifying work and I feel now pretty confident when working on a bug.
On the other hand, I think I've learned more or less what was to be learned here, so I must think (and ask my mentor) where to go from now on.
Maybe focus on a specific Component?
Or steadily work on a specific channel for both triaging/poking and verifying?
Or try my hand at patches?
Not sure, yet.

Also, I'd like to point out that, while working on bug triaging, the developer's answers on the bug report are really important.
Comments like this help me as a triager to learn something new, and be a better triager for that component.
I do realize that developers cannot always take the time to put in comments basic information on how to better debug their component/product, but trust me: this will make you happy on the long run.
A wiki page with basic information on how debug problems for your component is also a good idea, as long as that page is easy to find ;).

So, big shout-out for MattN for a very useful comment!

Community

After much delaying, we finally managed to pick a date for the Bug Triage Workshop: it will be on July 25th. The workshop will be an online session focused on what is triaging, why is important, how to reproduce bugs and what information ask to the reporter to make a bug report the most complete and useful possible.
We will do it in two different time slots, to accomodate various timezones, and it will be held on #testday on irc.mozilla.org.
Take a look at the official announcement and subscribe on the event's etherpad!

See you on Friday! :)

Planet DebianSteinar H. Gunderson: The sad state of Linux Wi-Fi

I've been using 802.11 on Linux now for over a decade, and to be honest, it's still a pretty sad experience. It works well enough that I mostly don't care... but when I care, and try to dig deeper, it always ends up in the answer “this is just crap”.

I can't say exactly why this is; between the Intel cards I've always been using, the Linux drivers, the firmware, the mac80211 layer, wpa_supplicant and NetworkManager, I have no idea who are supposed to get all these things right, and I have no idea how hard or easy they actually are to pull off. But there are still things annoying me frequently that we should really have gotten right after ten years or more:

  • Why does my Intel card consistently pick 2.4 GHz over 5 GHz? The 5 GHz signal is just as strong, and it gives a less crowded 40 MHz channel (twice the bandwidth, yay!) instead of the busy 20 MHz channel the 2.4 GHz one has to share. The worst part is, if I use an access point with band-select (essentially forcing the initial connection to be to 5 GHz—this is of course extra fun when the driver sees ten APs and tries to connect to all of them over 2.4 in turn before trying 5 GHz), the driver still swaps onto 2.4 GHz a few minutes later!
  • Rate selection. I can sit literally right next to an AP and get a connection on the lowest basic rate (which I've set to 11 Mbit/sec for the occasion). OK, maybe I shouldn't trust the output of iwconfig too much, since rate is selected per-packet, but then again, when Linux supposedly has a really good rate selection algorithm (minstrel), why are so many drivers using their own instead? (Yes, hello “iwl-agn-rs”, I'm looking at you.)
  • Connection time. I dislike OS X pretty deeply and think that many of its technical merits are way overblown, but it's got one thing going for it; it connects to an AP fast. RFC4436 describes some of the tricks they're using, but Linux uses none of them. In any case, even the WPA2 setup is slow for some reason, it's not just DHCP.
  • Scanning/roaming seems to be pretty random; I have no idea how much thought really went into this, and I know it is a hard problem, but it's not unusual at all to be stuck at some low-speed AP when a higher-speed one is available. (See also 2.4 vs. 5 above.) I'd love to get proper support for CCX (Cisco Client Extensions) here, which makes this tons better in a larger Wi-Fi setting (since the access point can give the client a lot of information that's useful for roaming, e.g. “there's an access point on thannel 52 that sends its beacons every 100 ms with offset 54 from mine”, which means you only need to swap channel for a few milliseconds to listen instead of a full beacon period), but I suppose that's covered by licensing or patents or something. Who knows.

With now a billion mobile devices running Linux and using Wi-Fi all the time, maybe we should have solved this a while ago. But alas. Instead we get access points trying to layer hacks upon hacks to try to force clients into making the right decisions. And separate ESSIDs for 2.4 GHz and 5 GHz.

Augh.

Worse Than FailureLimited Options

Security is challenging to get right. It's always a complex balancing act between what users want and what administrators need. Between placing the server in a hermetically sealed container with no cables running the outside world, and setting the server up on the busiest street corner in town with an already logged-in administrator account pulled up on the attached monitor. Depending on the O/S update policy in practice at your company, that last example can be roughly the equivalent of connecting your server to the Internet.

Here at TDWTF, security is a common topic of submissions. If only because there are so many different (and creative) ways to set things up that are wrong and only a couple of ways to set it up that are correct. And there is a non-zero percentage of administrators that are, shall we say, less than diligent in how they go about their job. We're sure that none of you fit into that category. We're talking about other people.

So with that in mind, consider Jim's plight.

For the past year, Jim had been working, along side a group of foreign developers, on a Magento installation. The reasons for the length of the project could be the result of a number of happenstances. Maybe it was the fact that requirements had the malleability of the an un-fired lump of clay. Perhaps it was the challenge of translating these requirements into sufficiently concise and clear descriptions to be passed off to the foreign development team. Or, just perhaps, some of the company's own policies (or anti-policies) got in the way.

The current goal was to move a recently completely module to the production server. Under normal circumstances (for those of you who are not Magento-familiar), this is a routine and straightforward task. However, this was not the case for Jim. Once deployed, the new module did not appear in the Magento customization panel. And Jim could no longer view the Permissions panel.

The quite reasonable conclusion is that there was a problem with security. A problem that hadn't existed at the time of the last module deployment, since it was, you know, successful and all. So Jim went directly to the super-admin user.

The response was mildly surprising. Jim was told that his permissions had been restricted. At the request of management.

Huh? Okay then. Next stop: management. Jim went to his manager and asked what, if anything, he knew about the request. Turns out that he did.

A few days earlier, Jim's manager was unable to delete a test order. His belief (through his black-and-white-colored manager glasses) was that Jim must have changed something. So he made the request to the administrator that he be given full access. And the Jim have his permission reduced.

Deep breath. After all, this wasn't the first time.

"But when it comes time to deploy and enable modules, I need to have administrator permission", responded Jim.

"You can get the super-admin user to do that. No need for you to have those privileges."

"Well, yes. But that will delay things. And doesn't really do much for security, as I have full access to the source code, server and database."

As an aside, it's rarely good to argue that you should be given a security exemption by suggesting that if you wanted to screw the company, it was already within your power to do so. Just keep that in the back of your mind as you move through your career. Now, back to our story.

"Just do what I ask", was the not unexpected reply.

Being the good corporate citizen that he was, Jim followed his manager's instructions. He sent his request to the administrator and waited a couple of days for it to be fulfilled. As it turns out, when the super-admin user deployed the module, he too was unable see the Permissions panel in the Magento console. So, to help troubleshoot the problem, Jim was temporarily given full access to the system.

If this isn't irony, it's pretty close.

As Jim was looking at the dog's breakfast that was the permissions allocated to each role, Jim noticed that his manager didn't actually have full access. The administrator had only restricted Jim without actually increasing the manager's capability. And that neither of them belong to the role that would allow them to deploy modules to the Magento installation. That ability, based on Jim's digging, seemed to reside solely in the persona of Montgomery.

Montgomery was the WordPress designer. While Jim was responsible for the customization of the modules and implementing additional functionality on the server side, Montgomery was in charge of the design of the site. In terms of the access he required on the server, it could have been limited to the theme folder and maybe some XML files. But he was not a framework coder, nor could he build a module on his own. In other words, his need to have full access ranged from minimal to non-existent.

So Jim is faced with a collection of options, none of which were good. He could send every one of his future production requests to the administrator, wait the day or two for it to be acted upon and deal with the delays in scheduling that causes. He could make a request to his manager, one that had already complained that Jim's permissions were too high, to increase his privileges. Or he could talk Montgomery through the steps necessary to get his modules and other updates installed.

Suggesting that facing options like this was a Sophie's Choice is going over the top. Instead, Jim preferred to think of it as a Full Monty.

[Advertisement] Have you seen BuildMaster 4.3 yet? Lots of new features to make continuous delivery even easier; deploy builds from TeamCity (and other CI) to your own servers, the cloud, and more.

Planet DebianAndrew Pollock: [tech] Going solar

With electricity prices in Australia seeming to be only going up, and solar being surprisingly cheap, I decided it was a no-brainer to invest in a solar installation to reduce my ongoing electricity bills. It also paves the way for getting an electric car in the future. I'm also a greenie, so having some renewable energy happening gives me the warm and fuzzies.

So today I got solar installed. I've gone for a 2 kWh system, consisting of 8 250 watt Seraphim panels (I'm not entirely sure which model) and an Aurora UNO-2.0-I-OUTD inverter.

It was totally a case of decision fatigue when it came to shopping around. Everyone claims the particular panels they want to sell at the best. It's pretty much impossible to make a decent assessment of their claims. In the end, I went with the Seraphim panels because they scored well on the PHOTON tests. That said, I've had other solar companies tell me the PHOTON tests aren't indicative of Australian conditions. It's hard to know who to believe. In the end, I chose Seraphim because of the PHOTON test results, and they're also apparently one of the few panels that pass the Thresher test, which tests for durability.

The harder choice was the inverter. I'm told that yield varies wildly by inverter, and narrowed it down to Aurora or SunnyBoy. Jason's got a SunnyBoy, and the appeal with it was that it supported Bluetooth for data gathering, although I don't much care for the aesthetics of it. Then I learned that there was a WiFi card coming out soon for the Aurora inverter, and that struck me as better than Bluetooth, so I went with the Aurora inverter. I discovered at the eleventh hour that the model of Aurora inverter that was going to be supplied wasn't supported by the WiFi card, but was able to switch models to the one that was. I'm glad I did, because the newer model looks really nice on the wall.

The whole system was up at running just in time to catch the setting sun, so I'm looking forward to seeing it in action tomorrow.

Apparently the next step is Energex has to come out to replace my analog power meter with a digital one.

I'm grateful that I was able to get Body Corporate approval to use some of the roof. Being on the top floor helped make the installation more feasible too, I think.

Planet DebianMatthew Palmer: Per-repo update hooks with gitolite

Gitolite is a popular way to manage collections of git repositories entirely from the command line – it’s configured using configuration stored in a git repo, which is nicely self-referential. Providing per-branch access control and a wide range of addons, it’s quite a valuable system.

In recent versions (3.6), it added support for configuring per-repository git hooks from within the gitolite-admin repo itself – something which previously required directly jiggering around with the repo metadata on the filesystem. It allows you to “chain” multiple hooks together, too, which is a nice touch. You can, for example, define hooks for “validate style guidelines”, “submit patch to code review” and “push to the CI server”. Then for each repo you can pick which of those hooks to execute. It’s neat.

There’s one glaring problem, though – you can only use these chained, per-repo hooks on the pre-receive, post-receive, and post-update hooks. The update hook is special, and gitolite wants to make sure you never, ever forget it. You can hook into the update processing chain by using something called a “virtual ref”; they’re stored in a separate configuration directory, use a different syntax in the config file, and if you’re trying to learn what they do, you’ll spend a fair bit of time on them. The documentation describes VREFs as “a mechanism to add additional constraints to a push”. The association between that and the update hook is one you get to make for yourself.

The interesting thing is that there’s no need for this gratuitous difference in configuration methods between the different hooks. I wrote a very small and simple patch that makes the update hook configurable in exactly the same way as the other server-side hooks, with no loss of existing functionality.

The reason I’m posting it here is that I tried to submit it to the primary gitolite developer, and was told “I’m not touching the update hook […] I’m not discussing this […] take it or leave it”. So instead, I’m publicising this patch for anyone who wants to locally patch their gitolite installation to have a consistent per-repo hook UI. Share and enjoy!

Planet DebianJonathan McCrohan: Git remote helpers

If you follow upstream Git development closely, you may have noticed that the Mercurial and Bazaar remote helpers (use git to interact with hg and bzr repos) no longer live in the main Git tree. They have been split out into their own repositories, here and here.

git-remote-bzr had been packaged (as git-bzr) for Debian since March 2013, but was removed in May 2014 when the remote helpers were removed upstream. There had been a wishlist bug report open since Mar 2013 to get git-remote-hg packaged, and I had submitted a patch, but it was never applied.

Splitting out of these remote helpers upstream has allowed Vagrant Cascadian and myself to pick up these packages and both are now available in Debian.

apt-get install git-remote-hg git-remote-bzr

,

Geek FeminismThe Large Linkspam Collider (22 July 2014)

  •  how to recruit a diverse team | the evolving ultrasaurus: “There is no quick fix to diversity hiring. The easiest way to hire for diversity is to start with diversity — to start when you add the second person on your team — but if you reading this post, you likely have an imbalanced or homogeneous team. I’ve primarily written this for all-white or all-male teams in tech.”
  • The Problem With Science| Shakesville: “This doesn’t speak well of one of the industry’s leading publications. It also doesn’t inspire a lot of confidence (which, as I’ve already explained, I’m short on) that the folks making or breaking careers by deciding which papers are “sexy” enough to publish are going to have the professionalism to ground their decisions in something other than a creepy desire to excite their presumed readership of straight white cis guys.”
  • A handy template for online trolls: “It has come to my attention that you are [a person of color/woman/ LGBTQ/differently abled/immigrant] and you have posted an online essay suggesting that your situation in life is somehow challenging because of a circumstance relating to people who are not in your condition. As an Internet commenter, it is my mouse-driven duty to anonymously respond to your post. I’m not sure what would happen if I failed to do so, but I saw what happened when they stopped pushing the button in LOST so I will not take any chances.”
  • No More “Put A Skirt On It” | molly.is/saying: “Good news: the next time you draw a person or create a user avatar, you have an opportunity to fight the sexist patriarchal bullshit! Like many instances of patriarchy-smashing, it’s not actually that hard once you get the principles down. Here are 2 simple rules to keep you on track.”
  • Ninja Pizza Girl and The Thorny Tangle of Girlhood | Apple Cider Mage: “The crux of it is Jason Stark, the head of Disparity Games, relating precisely how and why Ninja Pizza Girl came to be. He talks about how the concept came straight from his childrens’ mouths but more importantly he  also describes the stumbles in his own assumptions about not only game design but also about his daughters’ growing vulnerability as they move into teen-hood and beyond. It was a bit of insight that I found intriguing, not so much as a gamer, but rather as a woman.”
  • Opinion: Selena Deckelmann on Portland tech’s gender divide | Portland Business Journal: “I was surprised and horrified to discover every woman in tech I knew had similar, and, disturbingly, far worse stories than mine. Many of these women, successful in tech and making good money, supported families and could not just quit and find another job in the small job market in Portland. Sure, they could move to another city — but with kids, spouses with jobs or in school, these decisions are rarely simple.”
  • Feminism and (Un)Hacking | Journal of Peer Production: CFP for articles on feminism and hacker/makerspaces: “With this special issue of the Journal of Peer Production, we hope to delve more deeply into these critiques to imagine new forms of feminist technical praxis that redefine these practices and/or open up new ones. How can we problematize hacking, tinkering, geeking and making through feminist theories and epistemologies? How do these practices, in fact, change when we begin to consider them through a feminist prism? Can we envision new horizons of practice and possibility through a feminist critique?”
  • San Fran tech types: what you need to know to move to Oakland | Live Work Oakland: “I’d like these young dudes coming to my town to actually see ALL the people coming up in tech in Oakland around me–the many Black, Latino, queer, female, and trans folks who, like all of us, show up in so many different ages, styles, and sizes, but who have a place, just like the white bros do. And  if these new folks coming into Oakland can’t see the folks who are already here, can’t change, I’d like them to just get the F* out of the way and take one of those corporate buses right back to where they came from .”
  • Meanwhile, in an alternate universe… | Infotropism: Read Skud’s take on what google+’s announcement re: pseudonyms SHOULD have been.
  • Canceling TRUCEConf | TRUCEConf: Trust, Respect, Unity, Compassion, and Equality: “I would say that it’s with a heavy heart that I am canceling this conference, if it weren’t for the sense of relief that comes with this announcement. I have struggled with this for long enough. The time has come to let it go.” (We covered TRUCEConf back in November 2013.)
  • “Pay a heavy price for it” | rosefox: “That’s the Frenkel story. He’s supposed to pay a price for getting what he wanted–the opportunity to harass a couple of women–but all he loses is four years of Wiscon. However, anyone who doesn’t want to be around harassers loses Wiscon forever.” (See also: the Chair of the Harassment Policy Committee responds to feedback about this decision, and more general thoughts on harassment at conferences from Publishers Weekly’s Genreville: What Conventions Are and Aren’t.)
  • Free Online Game Simulates Coming Out Experience | GLBT News: “The game is based on Case’s own coming out process, and it allows the player to choose a variety of conversational choices throughout the storyline. Characters remember what you have said, and they constantly refer back to choices that were made previously in the game. The games tagline is “a half-true game about half-truths.” The game has three endings, but like it promises at the very beginning, there are no easy or clean results. Everything is messy…just like the coming out process itself.”
  • Black Girls Hunger for Heroes, Too: A Black Feminist Conversation on Fantasy Fiction for Teens | Bitch Media: “What happens when two great black women fiction writers get together to talk about race in young adult literature? That’s exactly what happens in the conversation below, where  Zetta Elliott, a black feminist writer of poetry, plays, essays, novels, and stories for children, and award-winning Haitian-American speculative fiction writer Ibi Aanu Zoboi decided to discuss current young adult sci-fi. “

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet DebianTim Retout: Cowbuilder and Tor

You've installed apt-transport-tor to help prevent targeted attacks on your system. Great! Now you want to build Debian packages using cowbuilder, and you notice these are still using plain HTTP.

If you're willing to fetch the first few packages without using apt-transport-tor, this is as easy as:

  • Add 'EXTRAPACKAGES="apt-transport-tor"' to your pbuilderrc.
  • Run 'cowbuilder --update'
  • Set 'MIRRORSITE=tor+http://http.debian.net/debian' in pbuilderrc.
  • Run 'cowbuilder --update' again.

Now any future builds should fetch build-dependencies over Tor.

Unfortunately, creating a base.cow from scratch is more problematic. Neither 'debootstrap' nor 'cdebootstrap' actually rely on apt acquire methods to download files - they look at the URL scheme themselves to work out where to fetch from. I think it's a design point that they shouldn't need apt, anyway, so that you can debootstrap on non-Debian systems. I don't have a good solution beyond using some other means to route these requests over Tor.

Planet DebianNeil Williams: Validating ARMMP device tree blobs

I’ve done various bits with ARMMP and LAVA on this blog already, usually waiting until I’ve got all the issues ironed out before writing it up. However, this time I’m just going to do a dump of where it’s at, how it works and what can be done.

I’m aware that LAVA can seem mysterious at first, the package description has improved enormously recently, thanks to exposure in Debian: LAVA is a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests. Tests can be simple boot testing, bootloader testing and system level testing, although extra hardware may be required for some system tests. Results are tracked over time and data can be exported for further analysis.

The LAVA documentation has a glossary of terms like result bundle and all the documentation is also available in the lava-server-doc package.

The goal is to validate the dtbs built for the Debian ARMMP kernel. One of the most accessible ways to get the ARMMP kernel onto a board for testing is tftp using the Debian daily DI builds. Actually using the DI initrd can come later, once I’ve got a complete preseed config so that the entire install can be automated. (There are some things to sort out in LAVA too before a full install can be deployed and booted but those are at an early stage.) It’s enough at first to download the vmlinuz which is common to all ARMMP deployments, supply the relevant dtb, partner those with a minimal initrd and see if the board boots.

The first change comes when this process is compared to how boards are commonly tested in LAVA – with a zImage or uImage and all/most of the modules already built in. Packaged kernels won’t necessarily raise a network interface or see the filesystem without modules, so the first step is to extend a minimal initramfs to include the armmp modules.

apt install pax u-boot-tools

The minimal initramfs I selected is one often used within LAVA:

wget http://images.armcloud.us/lava/common/linaro-image-minimal-initramfs-genericarmv7a.cpio.gz.u-boot

It has a u-boot header added, as most devices using this would be using u-boot and this makes it easier to debug boot failures as the initramfs doesn’t need to have the header added, it can simply be downloaded to a local directory and passed to the board as a tftp location. To modify it, the u-boot header needs to be removed. Rather than assuming the size, the u-boot tools can (indirectly) show the size:

$ ls -l linaro-image-minimal-initramfs-genericarmv7a.cpio.gz.u-boot
-rw-r--r-- 1 neil neil  5179571 Nov 26  2013 linaro-image-minimal-initramfs-genericarmv7a.cpio.gz.u-boot

$ mkimage -l linaro-image-minimal-initramfs-genericarmv7a.cpio.gz.u-boot 
Image Name:   linaro-image-minimal-initramfs-g
Created:      Tue Nov 26 22:30:49 2013
Image Type:   ARM Linux RAMDisk Image (gzip compressed)
Data Size:    5179507 Bytes = 5058.11 kB = 4.94 MB
Load Address: 00000000
Entry Point:  00000000

Referencing http://www.omappedia.com/wiki/Development_With_Ubuntu, the header size is the file size minus the data size listed by mkimage.

5179571 - 5179507 == 64

So, create a second file without the header:

dd if=linaro-image-minimal-initramfs-genericarmv7a.cpio.gz.u-boot of=linaro-image-minimal-initramfs-genericarmv7a.cpio.gz skip=64 bs=1

decompress it

gunzip linaro-image-minimal-initramfs-genericarmv7a.cpio.gz

Now for the additions

dget http://ftp.uk.debian.org/debian/pool/main/l/linux/linux-image-3.14-1-armmp_3.14.12-1_armhf.deb

(Yes, this process will need to be repeated when this package is rebuilt, so I’ll want to script this at some point.)

dpkg -x linux-image-3.14-1-armmp_3.14.12-1_armhf.deb kernel-dir
cd kernel-dir

Pulling in the modules we need for most needs, comes thanks to a script written by the Xen folks. The set is basically disk, net, filesystems and LVM.

find lib -type d -o -type f -name modules.\*  -o -type f -name \*.ko  \( -path \*/kernel/lib/\* -o  -path \*/kernel/crypto/\* -o  -path \*/kernel/fs/mbcache.ko -o  -path \*/kernel/fs/ext\* -o  -path \*/kernel/fs/jbd\* -o  -path \*/kernel/drivers/net/\* -o  -path \*/kernel/drivers/ata/\* -o  -path \*/kernel/drivers/scsi/\* -o -path \*/kernel/drivers/md/\* \) | pax -x sv4cpio -s '%lib%/lib%' -d -w >../cpio
gzip -9f cpio

original Xen script (GPL-3+)

I found it a bit confusing that i is used for extract by cpio, but that’s how it is. Extract the minimal initramfs to a new directory:

sudo cpio -id < ../linaro-image-minimal-initramfs-genericarmv7a.cpio

Extract the new cpio into the same location. (Yes, I could do this the other way around and pipe the output of find into the already extracted location but that's for when I get a script to do this):

sudo cpio --no-absolute-filenames -id < ../ramfs/cpio

CPIO Manual

Use newc format, the new (SVR4) portable format, which supports file systems having more than 65536 i-nodes. (4294967295 bytes)
(41M)

find . | cpio -H newc -o > ../armmp-image.cpio

... and add the u-boot header back:

mkimage -A arm -T ramdisk -C none -d armmp-image.cpio.gz debian-armmp-initrd.cpio.gz.u-boot

Now what?

Now send the combination to LAVA and test it.

Results bundle for a local LAVA test job using this technique. (18k)

submission JSON - uses file:// references, so would need modification before being submitted to LAVA elsewhere.

complete log of the test job (72k)

Those familiar with LAVA will spot that I haven't optimised this job, it boots the ARMMP kernel into a minimal initramfs and then expects to find apt and other tools. Actual tests providing useful results would use available tools, add more tools or specify a richer rootfs.

The tests themselves are very quick (the job described above took 3 minutes to run) and don't need to be run particularly often, just once per board type per upload of the ARMMP kernel. LAVA can easily run those jobs in parallel and submission can be automated using authentication tokens and the lava-tool CLI. lava-tool can be installed without lava-server, so can be used in hooks for automated submissions.

Extensions

That's just one DTB and one board. I have a range of boards available locally:

* iMX6Q Wandboard (used for this test)
* iMX.53 Quick Start Board (needs updated u-boot)
* Beaglebone Black
* Cubie2
* CubieTruck
* arndale (no dtb?)
* pandaboard

Other devices available could involve ARMv7 devices hosted at www.armv7.com and validation.linaro.org - as part of a thank you to the Debian community for providing the OS which is (now) running all of the LAVA infrastructure.

That doesn't cover all of the current DTBs (and includes many devices which have no DTBs) so there is plenty of scope for others to get involved.

Hopefully, the above will help get people started with a suitable kernel+dtb+initrd and I'd encourage anyone interested to install lava-server and have a go at running test jobs based on those so that we start to build data about as many of the variants as possible.

(If anyone in DI fancies producing a suitable initrd with modules alongside the DI initrd for armhf builds, or if anyone comes up with a patch for DI to do that, it would help enormously.)

This will at least help Debian answer the question of what the Debian ARMMP package can actually support.

For help on LAVA, do read through the documentation and then come to us at #linaro-lava or the linaro-validation mailing list or file bugs in Debian: reportbug lava-server.

, so you can ask me.

I'm giving one talk on the LAVA software and there will be a BoF on validation and CI in Debian.

LongNowAdrian Hon Seminar Media

This lecture was presented as part of The Long Now Foundation’s monthly Seminars About Long-term Thinking.

A History of the Future in 100 Objects

Wednesday July 16, 02014 – San Francisco

Audio is up on the Hon Seminar page, or you can subscribe to our podcast.

*********************

Future artifacts – a summary by Stewart Brand

Speaking from 02082, Hon described 5 (of 100) objects and events from this century’s history he felt most strongly evoked the astonishing trends that have transformed humanity in the past 8 decades.

Not all developments proved to be positive. One such was Locked Simulation Interrogation. In 02019 in Washington DC, frustrated by a series of 5 unsolved bombings, the FBI combined an unremovable top quality virtual reality (VR) rig with detailed real-time brain scanning to run a suspect through a cascade of 572 intense simulations designed to draw out everything the suspect knew about the bombings. As a result the 6th bombing was averted, and the technique of adaptive VR became a standard law enforcement tool. But over time it was found to be unreliable and often harmful, and in 02033 the Supreme Court declared it to be unconstitutional.

By the 02040s people’s comfort with mood drugs and discomfort with lives that felt meaningless (mass automation had replaced many forms of work) led to the Fourth Great Awakening. In 02044 a religious entrepreneur found a way to transform human nature and acquire converts to the “Christian Consummation Movement” with a combination of one eyedropper, 18 pills, and an “induction course of targeted viruses and magstim.” Inductees were made more empathic, generous, trusting, and disciplined. The movement grew to 20 million Americans by the 02070s before it leveled off. The world learned what could be done with desire modification.

A lasting monument to humanity’s progress off planet was Alto Firenze, the first space station designed for elegance. Constructed in 02036, it progressed through a series of beautifications and uses from hotel to conference center and art museum to eventually being declared a World Heritage Site. In 2052 it was moved to L5 and thus escaped the cascade of debris collisions that completely emptied the over-crowded low-Earth orbit later that year.

Perhaps it was the steady increase of older people, along with continuing trends in self-quantification and “gamification,” that led to the Micromort Detector in 02032. “What if you could have a number that told you exactly how risky an action, any action, was going to be?“ The Lifeline bracelet measured the wearer’s exact health condition along with the environment and the action being contemplated and displayed how risky it would be in “micromorts”—a unit representing one chance in a million of death. Go canoeing—10 micromorts. Two glasses of wine—1 micromort. The bracelets became tremendously popular, though they were found to increase anxiety badly in some users. Later spinoffs included the Microfun Detector and Micromorals Detector.

Signs of ancient life were found on Mars in 2028, on Europa in 2048. “By the time extrasolar alien life was first imaged in 2055, celebrations were considerably smaller, the wonder and excitement having been eroded by the slow drip of discoveries. By then, everyone had simply assumed that life was out there, everywhere.“ One planet now discovered to have signs of intelligent life is 328 light years away. Thus the Armstrong Expedition, using an antimatter-fueled lighthugger craft bearing only artificial intelligences set out to make contact in 02079.

“This century,” Hon summarized, “we learned what it means to be human.”

Subscribe to our Seminar email list for updates and summaries.

CryptogramSecuring the Nest Thermostat

A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nest's remote data collection.

RacialiciousThe Racialicious Preview for San Diego Comic-Con, Part I: Thursday & Friday

It’s that time of year again! Arturo and I are headed out to Nerd Summer Camp –also known as San Diego Comic Con– on behalf of the R. From July 24-27 we’ll be live-tweeting panels, writing recaps, interviewing creators, and getting up to all sorts of general shenanigans. You may remember that Art posted last week, asking for creators of colour to get in touch. That still applies– we want to hear from you and provide as much signal boosting as possible.

In the meantime, we’ve got our panel recommendations for Thursday and Friday listed below.  You’ll be able to find panel coverage and more from the con on twitter this week via @Racialicious, @aboynamedart, and @wriglied.

THURSDAY

Science Fiction & Fantasy Literature (11am; Room 5AB)

With both Marie Lu and Jim Butcher, this panel is a bit of a catch 22. You can go and here Lu (who is Chinese-American) talk about her great YA Legends series, but you’re also going to have to hear Butcher talk about the Dresden Files which –with his white-washing of Chicago and choie of naming a character ‘Injun Joe’– hasn’t always gone so well. The panel also features Dr. David Brin (Hugo, Locus and Nebula Award-winning author of the Uplift trilogy), Rachel Caine(NY Times bestselling author of the Morganville Vampires series), Jason Hough (NY Times bestselling author of The Darwin Elevator series), and Jonathan Maberry (NY Times bestselling author of the Joe Ledger series) discuss writing science fiction and fantasy novels and their adaptation to TV and movies.

Masters of the Web: Comic Book Movies (11:30am, Room 24ABC)

We love Manu Bennett, who just got done with a stint on the CW’s Arrow, which is our sole reason for reccing this panel on upcoming major comic book movies. Also features: John Campea(AMC Movie Talk), Jeremy Jahns (YouTube film critic), Tiffany Smith (DC All Access),Kristian Harloff and Mark Ellis (Schmoes Know), and Jon Schnepp (AMC Movie Talk).

Dreamworks Animation (11:30am, Hall H)

Dreamworks hasn’t announced any details about their huge Hall H panel, but I’m hoping they serve up a few more details or some more footage for their new animated feature starring Rhianna:

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/4ALMl1nTPdA" width="560"></iframe>

This may not be worth waiting in the Hall H line, but definitely keep an ear to the internet that afternoon.

Female Heroes, Then and Now (1:00pm, Room 32AB)

The number of panels focusing on sexism, gender, and sexuality this year is promising. One of the first here doesn’t seem to be particularly diverse, but does promise an indepth discussion on sexism, science fiction, comics, and geek culture with Heartbreakers creators Anina Bennett andPaul Guinan, along with friends Jimmy Palmiotti (Painkiller Jane), Kiala Kazebee(Vaginal Fantasy), Allison Baker (Monkeybrain Comics), and Claire Hummel (Bioshock: Infinite).

Comedy Central: Key & Peele and Introducing Moonbeam City! (1:30pm, Indigo Ballroom, Hilton Bayfront)

Key & Peele at Comic-Con! Stars Keegan-Michael Key and Jordan Peelebe will  the upcoming season of their show (of the same name) on Comedy Central, their new animated show Moonbeam City and their unique point of view, born from “their shared background and experiences growing up biracial in a not quite post-racial world”.

Beyond Clichés: Creating Awesome Female Characters for Film, TV, Comics, Video Games, and Novels (2pm, Room 28DE)

A necessary panel, because clearly creating female characters is hard. This panel promises discussion on the future of female character creation for film, TV, comics, video games, and novels and examine the traps of common tropes, clichés, and stereotypes, while discussing how content creators can create wonderful, relatable, and realistic female characters with moderator Michele Brittany (West Coast Bleeding Cool News correspondent), Neo Edmund (Red Riding-Werewolf Huntress, Kaijudo Rise of the Duel Masters), Charlotte Fullerton (My Little Pony, Ben 10 Omniverse), Clare Kramer(Buffy the Vampire Slayer, Geek Nation), Marv Wolfman (Teen Titans, creator of countless comic book characters), Andrew Robinson (Kaijudo Rise of the Duel Masters, Rescue Bots), and Mairghread Scott (Transformers Prime, Rescue Bots).

 

The Art of Big Hero Six (2pm, Room 7AB)

 

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/fG9B56QFMvg" width="560"></iframe>

Big Hero Six marks the first animated feature from the melded Disney/Marvel conglomerate. Based on a Marvel comic that debuted in 1998, the film is a cute looking, if slightly white-washed, classic tale of a boy and his robot in the fictional city of San Fransokyo. The panel features Walt Disney Animation Studios presents director Don Hall, producer Roy Conli, production designer Paul Felix and character designer Shiyoon Kim who will share the visual development of Big Hero 6.

Greendale Forever: TV Guide Magazine’s Tribute to Community (2:15pm, Ballroom 20)

I feel as if I’m one of the few people who have no need for a sixth season of this show, and definitely not on Yahoo, but here we are. If you still care about what’s happening at Greendale, this panel is probably for you– even if site favourites Troy and Abed are noticeably absent.

Instead we get Community creator Dan Harmon, executive producer Chris McKenna, and cast members Joel McHale, Gillian Jacobs, Jim Rash and Dino Stamatopoulos.

The Most Dangerous Women at Comic-Con: Positive Portrayals of Women in Pop Culture (3pm, Room 7AB)

So many panels on female characters and women, so few panels on race and diversity. (Oops, did I say that?) This panel discusses powerful women in pop culture and features Action Flick Chick Katrina Hill (Action Movie Freak) has assembled a team of women and men dangerous in their own right: Lesley Aletter (professional stuntwoman), Jenna Busch (Legion of Leia founder), Adrienne Curry (host/model/Tolkien enthusiast), Jane Espenson(Husbands), Alan Sizzler Kistler (TheMarySue.com), Bryan Q. Miller ( Batgirl), and Jennifer K. Stuller (Ink-Stained Amazon).

The Writer’s Journey: Breaking into Comic Book and Hollywood Scriptwriting (3pm, Room 32AB)

I highlight these “how-to” panels not for their merits of diversity (but let’s give a major shoutout to panelist and Friend of the Blog, Erika Alexander) but because they do provide good practical and realistic advice from professional writers about getting into the industry. Thursday’s features Brandon M. Easton (ThunderCats [2011], Transformers: Rescue Bots), Geoffrey Thorne (TNT’s Leverage, Ben 10), Jonathan Callan(Ben 10, Generator Rex), animation showrunner Charlotte Fullerton (Ben 10: Omniverse), veteran screenwriter Tony Puryear (the Schwarzenegger film Eraser), and actress/writer Erika Alexander (Maxine Shaw from Living Single and co-creator/co-writer of Concrete Park, a graphic novel from Dark Horse) dishing all the inside dirt.

Breaking Barriers: Transgender Trends in Popular Culture (5pm, room 28DE)

Our first LGBTQ panel of the year includes Tara Madison Avery (Dirtheads, Gooch, Prism Comics) present panelistsDylan Edwards (Transposes), Melanie Gillman (As the Crow Flies), J. D. Saxon (Mahou Shounen Fight!), Elizabeth Lain (F*** the Limits!: The 30-Day Art Project, This Is Where),Ashley Love (Trans Forming Media, journalist, transsexual advocate), and Comic-Con special guest, famed comics historian Michelle Nolan (Love on the Racks: A History of American Romance Comics). They’ll be discussing everything from coming out and transition to navigating gender politics in a world still struggling to understand, cartoonists, writers, and filmmakers are investing their work with unique personal experiences as their characters learn to live and love in new and unexpected ways.

LGBT Geek Year in Review (6pm, Room 28DE)

It’s a shame that so many of the panels I find the most interesting are so late in the day! I’m hoping I have the energy to get to this year in review panel with LGBT activist and columnist P. Kristen Enos (Active Voice, Creatures of Grace) leads a discussion with Diane Anderson-Minshall (The Advocate), Trish Bendix (AfterEllen.com), Matt Kane (GLAAD), and Sean Z. Maker (Bent-Con).

Showtime: Penny Dreadful (6pm, Ballroom 20)

I’m not gonna lie– the idea of Aisha Tyler moderating the Penny Dreadful panel threw me for a loop. It’s a left field decision that I love, even if I don’t quite understand it. Anyway, it’s enough to get the show’s panel on our list despite it’s rather white cast. (However, the show itself is masterfully done and Eva Green is upsettingly good, if you’re looking for a quick watch this August). Tyler will moderate show stars Josh Hartnett(Ethan Chandler), Reeve Carney (Dorian Gray), and Harry Treadaway (Victor Frankenstein

Hip-Hop & Comics: Cultures Combining (7pm, Room 23ABC)

I’ve been to this panel twice at NYCC, so won’t be attending again but do fully encourage that you go see Patrick Reed’s hip-hop panel. Guests haven’t been announced yet, but in the past he’s had names like Jean Grae and Run of Run DMC joining him on stage, so it’s likely to be worth checking out.

 

FRIDAY

Gender in Comics (10am, Room 4)

This panel focuses as much on gender within the books as the business side of the industry. Panelists include comics editor Janelle Asselin, ComicsAlliance.com senior editor Andy Khouri, BOOM! Studios editor Dafna Pleban, comics writer James Tynion IV (The Woods), Image comics director of trade book sales Jennifer de Guzman, and WIRED writer Laura Hudson and IDW publishing editor Sarah Gaydos.

The Black Panel (10am, Room 5AB)

So this would pretty much be the panel of the con to be at. Arturo covers the panel every year, and this year we’ll be tag teaming for a supersized panel with Orlando Jones (Sleepy Hollow, MAD TV), Ne-Yo (actor, artist, writer, singer, etc.), J. August Richards (Angel, Marvel Agents of S.H.I.E.L.D.), Kevin Grevioux (I, Frankenstein; Underworld), Cree Summer (Batman Beyond, Rugrats, A Different World), and Erika Alexander (Living Single, Concrete Park). The Black Panel is produced by Tatiana El Khouri and hosted by its founder, Michael Davis.

 

Writing for TV: From First Draft to Getting Staffed (10:30am, 24ABC)

I attended this howto panel last year and found it well run, informative, and extremely entertaining. Karen Horne is the VP of NBC programming talent development and inclusion, and she’s joined by Spiro Skentzos (Grimm), Keto Shimizu (Arrow), David Schulner (Emerald City), and David Slack (Person of Interest) to talk about breaking into TV writing with a large Q&A session at the end.

Nickelodeon: Legend of Korra: Book 3 (11:15am, Ballroom 20)

I’ve never seen an episode of Avatar or Korra, but people tell me it’s a thing I should be watching. Join Executive producer and creator team Bryan Konietzko and Mike DiMartino and Janet Varney(Korra), David Faustino (Mako), P. J. Byrne (Bolin), Seychelle Gabriel (Asami), John Michael Higgins (Varrick) and Mindy Sterling (Lin Beifong) for this panel which includes an exclusive sneak peek screening of a new episode for Book 3, “Change.” Moderated by Megan Casey (VP of current series for Nickelodeon).

Milestone @ 21 (11:30am, Room 5AB)

Come for the Black Panel, stay for Milestone! They’re in the same room, back to back, so you’ve really got no excuse not to come. The Milestone @ 21 panel is produced by Reggie Hudlin (Django Unchained, Django/Zorro) and hosted by Phil LaMarr (Static Shock, Mad TV) and features Denys Cowan, (Django Unchained, Green Arrow), Derek Dingle (Black Enterprise magazine), and Michael Davis (The Hidden Beach).

Game of Thrones Panel and Q&A (1:40pm, Hall H)

Not to drop any spoilers for the non-book initiated, but the following seasons should introduce the rest of the the now-deceased Oberyn Martell’s family. I’m hoping, if not absolutely expecting, that Friday’s panel might bring some Dornish casting announcements  of a POC variety. If not, you’ll still get a full panel of GoT stars, including Gwendoline Christie as Brienne of Tarth, Nikolaj Coster-Waldau as Jaime Lannister, Natalie Dormer as Margaery Baratheon, Kit Harington as Jon Snow, Rose Leslie as Ygritte, Rory McCann as Sandor Clegane (“The Hound”), Pedro Pascal as Oberyn Martell, Sophie Turner as Sansa Stark, and Maisie Williams as Arya Stark.

 

The Witty Women of Steampunk (2:30pm, 24ABC)

Friend of the Blog Ay-leen the Peacemaker (editor for BeyondVictoriana.com and Tor Books) joins Anina Bennett (Boilerplate: History’s Mechanical Marvel), Claire Hummel (Bioshock: Infinite), Robin Blackburn (The League of S.T.E.A.M.), Sarah Hunter (Steampunk model/performer),Sheyne Fleischer ( The League of S.T.E.A.M.), and moderator Dina Kampmeyer (Lady Steam Designs) to discuss a steampunk reimagining a history that never was. They’ll explore multiculturalism, science, sexuality, class politics, and much more.

Big Ideas for Movies: Crossing Borders with Mexican Animation (3pm, Room 23ABC)

If I’m reading correctly, this is a pretty packed panel. The creators and talent behind the new 3D animated film El Americano 3D are teaming up to bring the new face of Mexican animation to Comic Con. The panel features Mexican filmmaker Ricardo Arnaiz and his producing partnersEdward James Olmos (Battlestar Galactica), Phil Roman (The Simpsons), Verónica Arceo,Alex Flores, Gerry Cardoso, and Michael D. Olmos. Also joining them include the voice talent,Rico Rodriguez(Modern Family), Raul Garcia (Aladdin), Mike Kunkel (Tarzan), and Richard Pursel(SpongeBob Squarepants) and the voices of Gabriel Iglesias (The Fluffy Movie), Cheech Marin (Cheech and Chong), Kate del Castillo (Under the Same Moon), Erik Estrada (CHIPs), and Lisa Kudrow (Friends), among many others.

Top image by Ben Templesmith via Flickr Creative Commons

The post The Racialicious Preview for San Diego Comic-Con, Part I: Thursday & Friday appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesChildren Seeking Refuge Have Hardened Americans Against Undocumented Immigrants

This year tens of thousands of Central American children, fleeing violence and poverty, have been arriving in the U.S. seeking refuge.  It’s a stunning story that has been covered widely in the media and Americans’ opinions about immigration have taken a hit.

The Pew Research Center collected data regarding American leniency toward undocumented immigrants in February and July, before and after media coverage of this crisis began.  The results show that members of all political parties, on average, are less inclined to allow “immigrants living in U.S. who meet certain requirements” to stay legally (see far right column).

The strongest opponents are Republicans and members of the Tea Party.  These groups were more opposed to enabling undocumented immigrants to stay legally to begin with and they showed the greatest change in response to this new crisis.

1

Republicans and Independents are also more likely than Democrats to think that we should speed up the deportation process, even if it means deporting children who are eligible for asylum.

2

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Don MartiHow to beat adtech fraud: REGISTER ALL HUMANS

Ted McConnell, on AdExchanger: Advertising Fraud: It’s Time For Asymmetrical Warfare.

When you have an enemy that’s shape-shifting, agile, belligerent, invisible, greedy, fast and brilliant, you have a problem. Welcome to what military strategy people call asymmetrical warfare. It looks like terrorism. They lie about their identity. They only have to be right once. There are no lines in the sand. You can’t tell them from the good guys. They adapt.

I's actually worse than that. The best fraud rings only have to be better than the worst ad networks. The fraud perpetrators get to pick which network to attack, while the network doesn't get to pick which fraud perpetrators it deals with. The feedback for fraud is relatively quick. It's cheap and easy to try it on a small scale by buying or generating a little bit of bad traffic and seeing what happens. It's easy to decouple the parts of fraud that you're good at from the parts that you need help on, because that's how adtech is networked to begin with. Finally, the expected consequences of failure are small.

Where this piece gets problematic is in suggested solutions for dealing with the adtech fraud problem while keeping the adtech system intact. (Adtech, privacy, and fraud control, you can only have two.) Of course, this means abandoning privacy.

For example, "Make a publicly provided 'white list' of humans, accessible as a service to all transactions," and "tighten up Internet access...make sure an antivirus is in place." So in order to beat adtech fraud, McConnell wants to have (1) a white list of all humans and (2) control over all client systems (to verify that antivirus). Even the DRM maximalists didn't get that much.

And what happens while this perfect system of total control is being rolled out? Older clients, and humans who aren't on the white list of humans, will still be out there, so most of the fraud gets to continue. And by the time the system of control is in place, someone will subvert it for legit reasons.

If total Internet lockdown isn't going to happen, how do you beat fraud? A better answer is to turn the privacy up, not down: Adtech fraud: you can't cheat an honest man.

Bonus links:

Jon Udell: It’s time to engineer some filter failure

Atul: Does Privacy Matter?

Tim Peterson: Angry Birds Maker Rovio Points Finger at Ad Networks Over NSA Data Leak

Randall Rothenberg, president and CEO of the Interactive Advertising Bureau: IAB Head: 'The Digital Advertising Industry Must Stop Having Unprotected Sex' (via The Drift from Upstream)

David Rogers: Bad adbots and the vanishing CMO

Robin Hanson: Why Do Firms Buy Ads?

Ted Dhanik: We're All Responsible for Click Fraud and Here's How to Stop It

Doug Weaver: Dead internet ideas: The "right" to target

RacialiciousThe Disney Triple Crown: Why Ming-Na Wen Needs To Be In Star Wars

By Guest Contributor Keith Chow, cross-posted from The Nerds Of Color

Earlier this week, Lucasfilm announced the addition of two more actors to the cast of Star Wars Episode VII. We do not yet know who the two relatively unknown actors — Pip Anderson, who’s British, and Crystal Clarke, who’s African American — will play in the movie, but I’m guessing their roles must be substantial enough to warrant a press release about their casting. If their characters are indeed prominent, Clarke will join John Boyega and Lupita Nyong’o in making this “the blackest Star Wars ever.”

Still, every time breaking Star Wars casting news comes across my feed, there’s always one name that I hope to see in the headlines:Ming-Na Wen.

Talk about nerd cred, other than Ming-Na, Joy Luck Club also starred Tamlyn Tomita (Karate Kid II), Lauren Tom (Futurama), and Rosalind Chao (Star Trek: TNG).

For those not in the know, Ming-Na is one of the most prominent Asian American actresses in Hollywood today. Though she has been acting since the mid-80s, her career took off in 1993 when she was cast in the lead role of June in Wayne Wang’s adaptation of the Amy Tan novel, The Joy Luck Club.

Wen also spent over five seasons as part of the main cast of ER as Dr. Chen when the show was at the height of its powers on NBC. In addition to these mainstream roles, her geek cred runs deep as well.

She followed her star-making turn in Joy Luck Club by playing Chun Li in 1994′s live-action adaptation of Street Fighter. In 2001, Wen voiced Dr. Aki Ross, the lead character in the big screen CG-animated Final Fantasy: The Spirits Within. And on television, Ming-Na provided the voice of Detective Yin on the Kids’ WB animated The Batman series and starred for two seasons on SyFy’s Stargate Universe. She even had a small role in the 2009 superhero flick Push — alongside future Captain America, and until recently, fellow S.H.I.E.L.D. agent, Chris Evans.

Despite this long and impressive filmography, the two roles that have led to Ming-Na’s icon status among us Nerds of Color — and the rest of the world, for that matter — are as a Disney Princess and as a Marvel superhero.

Her turn as the legendary Chinese heroine Fa Mulan in 1998 was a big deal. Not only is Mulan the only animated Disney film set in China, its voice cast of predominantly Asian American actors is still pretty impressive 16 years later 1. Though Mulan has never been depicted as a princess in any Chinese telling of the legend, Disney nevertheless inducted the character into their heavily branded — and super popular — Disney Princesses line, making her one of the very few non-white Princesses to be “coronated,” and therefore one of the very few Asian dolls in the toy aisle.

Last year, Ming-Na officially joined the ranks of the Marvel Cinematic Universe — Disney’s other mega-franchise — when she was cast as Agent May on ABC’s Agents of S.H.I.E.L.D. And while I admit that I haven’t been the show’s biggest fan2, it was never because of any issue with the character of Melinda May. (My main problems withS.H.I.E.L.D. were always its Whedon-y bits).

In fact, she was one of the few bright spots on the show for me (this mini-Joy Luck Club reunion, for starters) and her relationship with Coulson is actually interesting. Hopefully, the showrunners give her more to do in Season Two than stand around and glower.

Though, admittedly, she’s REALLY good at standing around and glowering.

While she was promoting the premiere of Agents of S.H.I.E.L.D., Ming-Na revealed that there was yet one more Disney franchise she wanted to be a part of: Star Wars.

Though her interview with Access Hollywood made all the rounds back in October, those of us who had been following her career since Joy Luck Club already knew about her preference for that galaxy far, far away. I think it was in a feature in the now defunct A Magazine where I first learned about her Star Wars fandom and her desire to be in one of the films.

Not sure if this was the issue, but I’m pretty sure the issue came out around the time the prequels were being shot. Unfortunately, the magazine existed before the internet and not even Google can track down the article. But trust me, Ming-Na’s Star Wars fandom runs deep, and in the mid-90s, she was all about being in a Star Wars movie. Up to that point, I had no idea that the actress from Joy Luck Club was a fangirl!

Despite the pleas to be in one, George Lucas wasn’t swayed enough to cast her in any of his movies. I guess in Lucas’ Star Wars universe, the only Asians we ever get to see are:

One of Jabba’s dancers in the Special Edition of Return of the Jedi

… Uh, Lando’s co-pilot on the Millennium Falcon, Nien Nunb …

… And the Nemoidians in Episodes I-III.

Also, Amidala in all kinds of Orientalist costumes and makeup.

That’s it. That’s the list.

The one time Lucas actually did cast a real live Asian for a role, he cast Bai Ling instead3 of Ming-Na (and subsequently sent that scene to the cutting room floor).

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="http://www.youtube.com/embed/iBGJTiyvd90" width="560"></iframe>

Also, peep the diversity in that deleted scene. By cutting it, all the black and brown people in Star Wars was reduced by 95%!

When Episode III came and went in 2005, no one expected there to be more Star Wars films, and Ming-Na’s dream to be in one went the way of the Jedi after Order 66. But now that Disney has swooped in to resuscitate the franchise, it is the perfect opportunity to let Mulan wield a lightsaber!

Even if she isn’t cast in J.J. Abrams’ Episode VII — or Rian Johnson’s Episodes VIII and IX, for that matter — Disney has already announced that they will be doing standalone Star Wars movies outside the main sequel trilogy. With a new Star Wars movie coming out every year from now to eternity, why not throw a bone to one of the Magic Kingdom’s most loyal subjects?

Not only would it be a dream fulfilled for one of nerdom’s own, but it would be an historic occasion. To win the Disney triple crown of being an official  Disney Princess, a Marvel superhero, and a Jedi? Hell, that’s gotta be bigger than the EGOT!

So just like the time I called on Marvel to cast an Asian Americanactor to play Iron Fist, I am once again calling on Disney to do the right thing and cast Ming-Na Wen in a Star Wars movie!

  1. Still not sure how or why Donny Osmond provided Shang’s singing voice, though. Either way, here’s hoping Disney doesn’t neglect to cast Asian American actors to voice the characters in the upcoming Big Hero 6 movie. 
  2. I will say, though, that the post-Winter Soldier episodes did eventually get better. 
  3. Is she even real life? 

The post The Disney Triple Crown: Why Ming-Na Wen Needs To Be In Star Wars appeared first on Racialicious - the intersection of race and pop culture.

Worse Than FailureCodeSOD: An Odd Way to Find Even Numbers

Fred S. never much cared for zebra striping, the UI pattern than was all the rage after Mac OS X launched in 2001. It found its way into other Mac applications, web pages, even onto Linux. Like a tsunami of alternating grey-and-white waves, it overtook everything in its path.

After numerous requests from users, the project manager for WeightTracker asked Fred to add zebra striping to the weight journal window. Fred had inherited oversight of the application after the original developer, Louis, had been poached by their underperforming rival.

Louis, not a fan of Visual Basic's built-in functions, had written his own toolkit for WeightTracker, so Fred used Louis's evenOrOdd function to determine what color each row of the weight table should display. He incremented WeightTracker's version number and pushed up his changes.

QA immediately pushed them back: the zebra striping wasn't displaying in France.

Fred had never bothered to look at the evenOrOdd code, but it didn't sit well not knowing how it worked. He laughed when he found it.

iBoucle = 0 
While (FileImg.ListCount > 0) 
 iBoucle = iBoucle + 1 
 If InStr(Str(iBoucle / 2), ".") > 0 Then 
 ...

evenOrOdd takes a number, divides it by two, converts it to a string, and returns true if there is a . character present. It works perfectly if you use periods for decimal markers.

However, in France (and most of Europe), the decimal marker is ,, not .. Louis, who Fred knew was a French programmer, should have known this.

[Advertisement] Have you seen BuildMaster 4.3 yet? Lots of new features to make continuous delivery even easier; deploy builds from TeamCity (and other CI) to your own servers, the cloud, and more.

Planet DebianRussell Coker: Public Lectures About FOSS

Eventbrite

I’ve recently started using the Eventbrite Web site [1] and the associated Eventbrite Android app [2] to discover public events in my area. Both the web site and the Android app lack features for searching (I’d like to save alerts for my accounts and have my phone notify me when new events are added to their database) but it is basically functional. The main issue is content, Eventbrite has a lot of good events in their database (I’ve got tickets for 6 free events in the next month). I assume that Eventbrite also has many people attending their events, otherwise the events wouldn’t be promoted there.

At this time I haven’t compared Eventbrite to any similar services, Eventbrite events have taken up much of my available time for the next 6 weeks (I appreciate the button on the app to add an entry to my calendar) so I don’t have much incentive to find other web sites that list events. I would appreciate comments from users of competing event registration systems and may write a post in future comparing different systems. Also I have only checked for events in Melbourne, Australia as I don’t have any personal interest in events in other places. For the topic of this post Eventbrite is good enough, it meets all requirements for Melbourne and I’m sure that if it isn’t useful in other cities then there are competing services.

I think that we need to have free FOSS events announced through Eventbrite. We regularly have experts in various fields related to FOSS visiting Melbourne who give a talk for the Linux Users of Victoria (and sometimes other technical groups). This is a good thing but I think we could do better. Most people in Melbourne probably won’t attend a LUG meeting and if they did they probably wouldn’t find it a welcoming experience.

Also I recommend that anyone who is looking for educational things to do in Melbourne visit the Eventbrite web site and/or install the Android app.

Accessible Events

I recently attended an Eventbrite event where a professor described the work of his research team, it was a really good talk that made the topic of his research accessible to random members of the public like me. Then when it came to question time the questions were mostly opinion pieces disguised as questions which used a lot of industry specific jargon and probably lost the interest of most people in the audience who wasn’t from the university department that hosted the lecture. I spent the last 15 minutes in that lecture hall reading Wikipedia and resisted the temptation to load an Android game.

Based on this lecture (and many other lectures I’ve seen) I get the impression that when the speaker or the MC addresses a member of the audience by name (EG “John Smith has a question”) then it’s strongly correlated with a low quality question. See my previous post about the Length of Conference Questions for more on this topic [3].

It seems to me that when running a lecture everyone involved has to agree about whether it’s a public lecture (IE one that is for any random people) as opposed to a society meeting (which while free for anyone to attend in the case of a LUG is for people with specific background knowledge). For a society meeting (for want of a better term) it’s OK to assume a minimum level of knowledge that rules out some people. If 5% of the audience of a LUG don’t understand a lecture that doesn’t necessarily mean it’s a bad lecture, sometimes it’s not possible to give a lecture that is easily understood by those with the least knowledge that also teaches the most experienced members of the audience.

For a public lecture the speaker has to give a talk for people with little background knowledge. Then the speaker and/or the MC have to discourage or reject questions that are for a higher level of knowledge.

As an example of how this might work consider the case of an introductory lecture about how an OS kernel works. When one of the experienced Linux kernel programmers visits Melbourne we could have an Eventbrite event organised for a lecture introducing the basic concepts of an OS kernel (with Linux as an example). At such a lecture any questions about more technical topics (such as specific issues related to compilers, drivers, etc) could be met with “we are having a meeting for more technical people at the Linux Users of Victoria meeting tomorrow night” or “we are having coffee at a nearby cafe afterwards and you can ask technical questions there”.

Planning Eventbrite Events

When experts in various areas of FOSS visit Melbourne they often offer a talk for LUV. For any such experts who read this post please note that most lectures at LUV meetings are by locals who can reschedule, so if you are only in town for a short time we can give you an opportunity to speak at short notice.

I would like to arrange to have some of those people give a talk aimed at a less experienced audience which we can promote through Eventbrite. The venue for LUV talks (Melbourne University 7PM on the first Tuesday of the month) might not work for all speakers so we need to find a sponsor for another venue.

I will contact Linux companies that are active in Melbourne and ask whether they would be prepared to sponsor the venue for such a talk. The fallback option would be to have such a lecture at a LUV meeting.

I will talk to some of the organisers of science and technology events advertised on Eventbrite and ask why they chose the times that they did. Maybe they have some insight into which times are best for getting an audience. Also I will probably get some idea of the best times by just attending many events and observing the attendance. I think that the aim of an Eventbrite event is to attract delegates who wouldn’t attend other meetings, so it is a priority to choose a suitable time and place.

Finally please note that while I am a member of the LUV committee I’m not representing LUV in this post. My aim is that community feedback on this post will help me plan such events. I will discuss this with the LUV committee after I get some comments here.

Please comment if you would like to give such a public lecture, attend such a lecture, or if you just have any general ideas.

Planet DebianMartin Pitt: autopkgtest 3.2: CLI cleanup, shell command tests, click improvements

Yesterday’s autopkgtest 3.2 release brings several changes and improvements that developers should be aware of.

Cleanup of CLI options, and config files

Previous adt-run versions had rather complex, confusing, and rarely (if ever?) used options for filtering binaries and building sources without testing them. All of those (--instantiate, --sources-tests, --sources-no-tests, --built-binaries-filter, --binaries-forbuilds, and --binaries-fortests) now went away. Now there is only -B/--no-built-binaries left, which disables building/using binaries for the subsequent unbuilt tree or dsc arguments (by default they get built and their binaries used for tests), and I added its opposite --built-binaries for completeness (although you most probably never need this).

The --help output now is a lot easier to read, both due to above cleanup, and also because it now shows several paragraphs for each group of related options, and sorts them in descending importance. The manpage got updated accordingly.

Another new feature is that you can now put arbitrary parts of the command line into a file (thanks to porting to Python’s argparse), with one option/argument per line. So you could e. g. create config files for options and runners which you use often:

$ cat adt_sid
--output-dir=/tmp/out
-s
---
schroot
sid

$ adt-run libpng @adt_sid

Shell command tests

If your test only contains a shell command or two, or you want to re-use an existing upstream test executable and just need to wrap it with some command like dbus-launch or env, you can use the new Test-Command: field instead of Tests: to specify the shell command directly:

Test-Command: xvfb-run -a src/tests/run
Depends: @, xvfb, [...]

This avoids having to write lots of tiny wrappers in debian/tests/. This was already possible for click manifests, this release now also brings this for deb packages.

Click improvements

It is now very easy to define an autopilot test with extra package dependencies or restrictions, without having to specify the full command, using the new autopilot_module test definition. See /usr/share/doc/autopkgtest/README.click-tests.html for details.

If your test fails and you just want to run your test with additional dependencies or changed restrictions, you can now avoid having to rebuild the .click by pointing --override-control (which previously only worked for deb packages) to the locally modified manifest. You can also (ab)use this to e. g. add the autopilot -v option to autopilot_module.

Unpacking of test dependencies was made more efficient by not downloading Python 2 module packages (which cannot be handled in “unpack into temp dir” mode anyway).

Finally, I made the adb setup script more robust and also faster.

As usual, every change in control formats, CLI etc. have been documented in the manpages and the various READMEs. Enjoy!

Geek FeminismIt has been zero days since the last sexist incident in tech

[Content warning: sexual objectification.]

Obie Fernandez is the author of The Rails Way, the editor of Addison-Wesley’s Professional Ruby Series, and a co-founder and CTO of Javelin, a startup that builds “tools and services to help you change your world”.

Fernandez also, apparently, can’t talk about technology without reminding everybody that he has, on some occasion or another, had sex. Despite being a CTO, he also apparently doesn’t know that the Internet doesn’t have an erase button — which goes to show you that extremely poor judgment doesn’t stop you from getting copious VC funding for your company, if you’re male.


A screenshot of a tweet from Obie Fernandez, which he later deleted

Fernandez’s Twitter bio declares, “Author, Programmer, Dad”. Usually (certainly not always, I’m aware!) being a dad implies that you have had sex at least once. But it’s so important for Fernandez to remind us that he has had sex — with people of multiple ages — that he also has to inject tortured sexual analogies into what could have been a perfectly benign programming language flame war.

At 8:36 PM tonight (in my time zone, anyway, Fernandez tweeted, “still not sure exactly what I’m supposed to apologize for other than being a bit crass about 20-year old people.”

By 9:11 PM, Fernandez had evidently thought about it deeply and carefully enough to issue a retraction. I guess the “lean startup” approach is so powerful that its adherents can go from sneering at their critics (including a risible attempt to backjustify his sexism with an appeal to pansexuality — folks, we’ve been over that already) to heartfelt apology in less than 40 minutes. (I fear that his apology may not be entirely heartfelt, though, as he quickly moved on to declaring that he’s “not a sexist” and attempting to pay for his blunder by citing all the women he hires.)

Readers of this blog are aware that one asshat in tech would have little effect on his own, if he were indeed an isolated case. They are equally aware that Fernandez is no anomaly of asshaberdashery. I think the hapless Fernandez is providing us with a valuable lesson: the message to “not feed the trolls” is a dangerous one. While any given individual absolutely can and should disengage with trolls when necessary to protect their physical and mental health, engaging with them can have value. Judging from his Twitter avatar, Mr. Fernandez is at least 30 years old. That makes 30 years or more in which not a single person in his life has told him that the world generally does not need to know that he has done a sex. Perhaps his demeanor makes them afraid to challenge him. Perhaps they don’t think it’s worth the time. Who knows? But at one point in his life, one presumes that he was impressionable — one knows that he’s impressionable, since nobody acts like he does unless they get rewarded for it. Rewarded with laughs, with buddy-buddy slaps on the back from fellow bros, with congratulations on how delightfully politically incorrect he is, with 1.5 million dollars of venture capital money from the likes of Mark Suster, Eric Ries, and 500 Startups.

Back when I was first dabbling in Usenet in the mid-1990s, it was conventional wisdom that trolls were usually children sitting at a computer in their mothers’ basements. That, in other words, they had no real power other than the ability to rustle a few jimmies for a moment. It’s 2014 now, and some of those children have grown up and become technology executives — people with hiring and firing power, with a lot of control over a big part of the economy. If the adults in the room had spent a bit more time trying to socialize those children (because clearly, they weren’t getting it from their parents) and less time stating their troll-starving prowess, perhaps we would be able to attend a conference without hearing about some guy’s crotch.

Postscript: On Twitter, Matt Adereth pointed out this 2005 blog post from Fernandez:

I didn’t particularly like Ruby the first time I met her. I thought she was interesting, but a few months later (to my surprise) something changed. I started seeing her appealing qualities. My friends really spoke highly of Ruby, so we started spending time together. The love affair began in February 2005 and about a month later, things started getting pretty bad with my wife, Java. Even when I was doing Java, I couldn’t stop thinking of Ruby and how much better she is for me.

So it looks like Mr. Fernandez has been unnecessarily sexualizing technical discussions for fun and profit for quite some time. As Adereth observed, it also looks like Fernandez’s use of the “who said I was talking about women?” derailing tactic is entirely disingenuous.

Planet DebianMJ Ray: Three systems

There are three basic systems:

The first is slick and easy to use, but fiddly to set up correctly and if you want to do something that its makers don’t want you to, it’s rather difficult. If it breaks, then fixing it is also fiddly, if not impossible and requiring complete reinitialisation.

The second system is an older approach, tried and tested, but fell out of fashion with the rise of the first and very rarely comes preinstalled on new machines. Many recent installations can be switched to and from the first system at the flick of a switch if wanted. It needs a bit more thought to operate but not much and it’s still pretty obvious and intuitive. You can do all sorts of customisations and it’s usually safe to mix and match parts. It’s debatable whether it is more efficient than the first or not.

The third system is a similar approach to the other two, but simplified in some ways and all the ugly parts are hidden away inside neat packaging. These days you can maintain and customise it yourself without much more difficulty than the other systems, but the basic hardware still attracts a price premium. In theory, it’s less efficient than the other types, but in practice it’s easier to maintain so doesn’t lose much efficiency. Some support companies for the other types won’t touch it while others will only work with it.

So that’s the three types of bicycle gears: indexed, friction and hub. What did you think it was?

Kelvin ThomsonMAKE CIVILIANS SAFE - THE RESPONSIBILITY TO PROTECT

Tuesday 22nd July 2014<o:p></o:p>

MAKE CIVILIANS SAFE - THE RESPONSIBILITY TO PROTECT<o:p></o:p>

The news that a Malaysian civilian plane has been shot down, with the loss of everyone on board, is shocking. So too is the news of ongoing conflict in Gaza, with Palestinians shooting rockets at Israeli civilians, and Israeli bombs killing Palestinian children.<o:p></o:p>

These tragic events, and many others, make it clear that we need to do more to make the world safe for civilians. There should be United Nations peacekeepers in Ukraine, in Gaza, and around the world wherever there is conflict and there are civilian lives at risk.<o:p></o:p>

Australia will hold the United Nations Security Council Presidency for a month in November. What should we be doing with this rare opportunity?<o:p></o:p>

I am dismayed and often disgusted by events in Iraq, Syria, Gaza, Afghanistan and Ukraine. I know the people of North Korea are brutalised by their leaders and that drug lords in Mexico and Colombia routinely put on public display the bodies of those they have executed. The antics of Boko Haram, Al Shebab and other violent fundamentalists make me sick.

I don't believe in unilateral action of the "coalition of the willing" kind. As we have seen only too clearly from Vietnam to Iraq, that only makes matters worse, with violence begetting violence. But I don't believe we can just sit here and shrug our shoulders and say there is nothing we can do about it.<o:p></o:p>

I do believe in collective international action to solve problems. And of course we have the United Nations, established precisely to solve international problems and to seek to improve on the abysmal record of the First and Second World Wars. I know it does a lot of good, but the level of global violence suggests that it needs to be doing much more.<o:p></o:p>

Why doesn't it do more? Well that would be because the big powers - members of the UN Security Council with a veto power over UN action - are prepared to turn a blind eye to, to cover up, the sins and misdeeds of their allies and supporters. No-one has clean hands here. Not the United States, not Russia, not China. All three of them are guilty of putting up with outrageous conduct when it Is done by one of their supporters, and all three are willing to use their veto power in the Security Council to stop the UN from taking meaningful action.<o:p></o:p>

Over my years of political life I've come to realise that a key measure of political integrity is what political leaders are prepared to tolerate by way of misconduct from people in their camp. And at present the big powers, instead of working together to put an end to war and political violence, are prepared to tolerate way too much.<o:p></o:p>

Of course getting the big powers to lift their game is no easy matter. But I make three observations that might help. First, people concerned about global conflict should seek to breathe new life into the "responsibility to protect". This doctrine took a long time to develop and was very quickly put into cold storage after Libya. But it does have the potential to save civilian lives, and we should demand that the UN Security Council uses it when outbreaks of violence occur. Some people might think that this will require a lot more resources for the UN. But it is nonsense to think that we don't have these resources readily at hand. The US, Russia and China have massive numbers of troops and equipment at their disposal. All that is required is for some of these resources to be handed over to the UN, and to operate as blue helmets.

Second, we should be wary of the way that trade agreements and global trading arrangements act as a handbrake and make countries reluctant to tell home truths to their trading partners. Countries around the world should not allow their independence and self-sufficiency to become so compromised that they cannot say what needs to be said or do what needs to be done.<o:p></o:p>

Third, our attitude matters. Everyone has to be willing to put the weights on the big countries and demand action from them. It is not good enough to let them blame this or that rogue state, or rogue General, or rogue religious leader. We should tell the big powers we know they can the fix the problem if they genuinely want to, or if they can't that the world is willing to help out.

Not an easy row to hoe, to be sure, and often inconvenient. But far superior to Coalition of the Willing type unilateral action, which has proven to be disastrous, and far superior to fatalism, and meekly allowing this violence to continue, or trying to pick up the refugee pieces. That is an ambulance at the bottom of the cliff, when what is needed is more fences at the top. An ounce of prevention is indeed worth a pound of cure, and we should use our time in the sun chairing the Security Council to advocate that.<o:p></o:p>

Kelvin Thomson<o:p></o:p>
Member for Wills<o:p></o:p>

TEDWhy TED takes two weeks off every summer

Why_we_close_983pxTED.com is has gone dark for two weeks. No new TED Talks will be posted until August 4, while most of the TED staff takes a two-week holiday. Yes, we all go on break at the same time (mostly). We’ve been doing it this way now for five years, and it works for us. Here’s why.

In the pre-video days of TED, the company built its schedule around the conferences. If you’ve ever run a big event, you know: the week afterward, all you want to do is lie on a beach. So the conference would end, the office would close, and everyone would disappear for a week, recover, and come back refreshed and ready to plan next year. Instant vacation.

But in the video era, that’s not how it works. Now, when the conference ends, the second shift begins. We’re collecting all the video we shot and starting to get these ideas out into the world as TED Talks. Which means that a bunch of people who just spent a 24/7 week working a conference are spending another 24/7 week dealing with press requests, following up with speakers, managing media, and editing and posting the talks from the previous week. We started to notice that for about half the staff, our post-conference recovery days were actually full-time stressy workdays. And just about the time half the staff was wandering in refreshed and full of ideas for making TED better, the other half was feeling like something the cat dragged in — but the new projects were exciting to start on, so they’d dive in. Result: Core people just weren’t taking their vacation days, because there was always something interesting to do.

So in early 2009, TED’s managers came up with a pretty brilliant idea: we all take vacation at once. I love how June Cohen, our Executive Producer, explains this decision. “When you have a team of passionate, dedicated overachievers, you don’t need to push them to work harder, you need to help them rest. By taking two weeks all together, it makes sure everyone takes vacation,” she says. “Planning a vacation is hard—most of us would feel a little guilty to take two weeks off if it weren’t pre-planned for us, and we’d be likely to cancel when something inevitably came up. This creates an enforced rest period, which is so important for productivity and happiness.”

No, we don’t all go the same place. But as the bartender said: You don’t have to go home, but you can’t stay here. The main office is empty (this year the WiFi will be shut off intermittently too). And we stay off email. The whole point is that vacation be truly restful and that we get to recharge without having to check in. If incoming email just stops, we can all rest without worrying about what we’re missing back at the office.

Our shared vacation time is a little hack that solves the problem of an office full of Type-A’s with raging FOMO. We avoid the fear of missing out by making sure that very little is going on.

June points out another reason why this works for us. “A group vacation is so efficient. In most companies, team members stagger their vacations through the summer. But this means you can never quite get things done. You never have all the right people in the room,” she says. “We’re all on the same schedule. We all return feeling rested and invigorated. What’s good for the team is good for business.”

One team isn’t taking this year’s break, though: This year’s break falls over Q4 contract deadlines, so our partnership team is in full swing, closing the sponsor deals that help support all of TED’s work throughout the year. So please, send good thoughts to the hardworking folks who help bring you TED Talks for free.

And from the rest of us, see you in August.


TEDA sci-fi film with its eyes on reality: Watch the deleted scene from “I Origins” that features a TEDx Talk

Molecular biologist Ian (aka Michael Pitt) stares at a billboard of a pair of green eyes in Mike Cahill's film "I Origins." Photo: Fox Searchlight

Molecular biologist Ian (played by Michael Pitt) stares at a billboard of a pair of green eyes in Mike Cahill’s “I Origins.” The film explores iris recognition technology, and a TEDx talk helped Cahill do research. Photo: Fox Searchlight

Mike Cahill’s new film I Origins is technically science fiction. But the technology in it is firmly rooted in reality.

A mind-twister of the highest order, I Origins tells the story of a molecular biologist, Ian (played by Michael Pitt), who studies the iris of the eye, a part that is unique for every individual. His lab partner makes a startling discovery—that a young girl in India has the exact same iris pattern as someone Ian loved deeply. It’s a statistical impossibility that leads him to wonder: Could this be reincarnation?

Cahill got the first tingle of the idea for this film after hearing the story of National Geographic’s “Afghan Girl.” Seventeen years after her haunting green eyes appeared on the cover, the magazine found her again—and made sure they had the right woman by giving her an iris scan. “I found that story so compelling,” says Cahill. “Soon after hearing that, I was on an island in Europe where there were these Roman ruins on the water. Alongside them, there were rocks with dinosaur footprints on them … It occurred to me that we didn’t discover dinosaurs until way after their civilization had risen and fallen. I wondered: What are our dinosaur footprints? That’s when I started to think, ‘Maybe it’s the eye.’”

As he was writing I Origins, which opens in New York and Los Angeles today, July 18, and across the U.S. the week after, Cahill did intensive research on iris-based identity authentication—he read every book and paper on the topic that he could find. And then, in his Googling, he discovered a talk given at TEDxKC by Jeff Carter, the chief technology officer of EyeLock. This New York-based company specializes in biometric technology like iris recognition systems.

Carter explains in the talk, “Today, your identity can be determined from across the room while you’re at a full run—even if you’re wearing a mask, or a wig, or sunglasses—with a one-in-a-quadrillion certainty that you are who you say you are.” Yipes. “This could mean no more credit cards, no more driver’s license, no more passports, no more user IDs or passwords, no more paper documents like voter registration cards or medical records.”

<iframe class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/HNR-CD6Shkk?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

The talk captured Cahill’s imagination. “I was taken with how passionate and articulate Jeff was,” he says. “And the technology was just insane.”

Cahill reached out to EyeLock to ask if he could use their iris-based recognition system in the film. At first, EyeLock hesitated—they’d been approached by other film productions in the past, and didn’t love the idea of leaving the presentation of their technology in someone else’s hands. But when they realized that Cahill truly wanted their input—even on the film’s script—they agreed.

Soon after, Carter and his EyeLock team invited Cahill and others from I Origins to their office. Cahill remembers, “Jeff was really kind. He showed us all their technology. I’d read so much on it, but it was the first opportunity I’d had just to play with the toy. We saw demonstrations. As you approach a door, the door is like, ‘Hello, Mike Cahill,’ and then opens. You’ve seen Minority Report? They’ve figured out how to do that today.”

This system makes a cameo in the film—it’s what Ian uses to enter his laboratory—and Cahill loved using real technology in this way. “It adds an extra level of authenticity,” says Cahill. “For me, grounding it in real, existing technology allows the audience to believe that the whole thing is true … For scientific narratives, when an audience believes them, that is exhilarating. It’s like there’s a special door inside our hearts; the visceral feeling is that much stronger.”

EyeLock very much appreciated this grounded approach.

“This isn’t your traditional sci-fi movie. Honestly, it’s a love story at the heart of it,” says Carter. “What was really exciting for us was that [Mike] wasn’t thinking about iris technology as part of a dystopian-type world, and he wasn’t thinking about it as all the glory that you see painted in some sci-fi either. He was thinking about it as just … a part of life.”

Ian (Michael Pitt) and his lab partner Karen (Brit Marling) in a pivotal moment in "I Origins." Photo: Fox Searchlight

Ian (Michael Pitt) and his lab partner Karen (Brit Marling) in a pivotal moment in “I Origins.” Photo: Fox Searchlight

In the cut of the film that screened at the Sundance Film Festival—which won the Alfred P. Sloan Feature Film Prize for an outstanding science or technology film—Carter’s TEDx talk appeared in the film, about two-thirds of the way in.

“It was originally in a scene where Ian is arriving in India. Jeff said, ‘Leonardo da Vinci believed that eyes are the window to the soul,’ and then goes into describing iris technology,” says Cahill. “I always loved that moment. But the problem was: it ended up being about two minutes’ worth of exposition in my third act. At that point, the audience knows what’s going on. You kind of want it to move along a little bit faster.”

While Carter’s talk no longer appears in the final cut of the film, you can watch part of the deleted scene above, courtesy of Fox Searchlight.

Iris biometrics sound futuristic, but the concept actually dates back quite far— Hippocrates even wrote about the uniqueness of the pattern of the iris. The first patent for iris recognition was issued in 1987, and the first algorithm to automate it was patented in 1991.

“They have [iris recognition] at some airports. I mean, it’s all over the place—a lot of people just don’t realize it,” says Cahill. “Seeing iris biometrics in the film may be an introduction to the technology for a lot of people.”

And while Carter is a little disappointed that his TEDx talk got cut from the final film, it’s this potential that has him really excited.

“I’ve been thinking about this for over 10 years, so for me, it’s really refreshing that it’s becoming so mainstream,” he says. “I feel pride that I was a small portion of Mike’s incredible vision. I feel a lot of pride that our technology is featured in the movie.”

As for where he hopes iris-based recognition systems will go from here, Carter sees wide-open possibilities—especially if people embrace the new technology.

“We are talking about embedding this into all manner of consumer electronic devices—in places you couldn’t even imagine,” says Carter. “An iris scan is really the ultimate in security. To give you an analogy—fingerprints would be the floppy disks; an iris scan is the solid-state hard drive.”

<iframe class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/Vs8EpSd9ZOg?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>


TEDA perpetual tourist who makes his own souvenirs: The intriguing work of artist Jorge Mañes Rubio

Jorge Mañes Rubio explains he makes his new souvenirs to create interesting interactions at TED2014. Photo: Ryan Lash

Jorge Mañes Rubio makes his own souvenirs—to have a reminder of his travels and create interactions with locals. Photo: Ryan Lash

From China’s underwater cities to Amsterdam’s neglected neighborhoods to Italy’s looted ruins, Jorge Mañes Rubio seeks out forsaken places and makes art that memorializes, reimagines and reengages them with the world. His project “Normal Pool Level” — which emerged from his exploration of the cities, towns and villages submerged by China’s Three Gorges Dam Project — is on exhibition at the Centre for Chinese Contemporary Art in Manchester, England, until September 7. So it felt like the perfect time to ask Rubio more about this exhibit, as well as about the experiences that led him from a stable career in design to life as a perpetual tourist.

Let’s start with your current exhibition. How did you end up in China, looking for abandoned underwater cities?

My project in China was something very special to me, on so many levels. It all started when I moved to Chongqing for two months in 2013 as part of an artist-in-residence program. The city was quite tough, and pretty much nobody could speak English, so in the end I decided to travel along the Yangtze River, looking for the remains of the cities flooded by the Three Gorges Dam Project. Thousands of cities and villages have been submerged, and so far 4 million people have been forced to relocate—but very few people know this.

During my journey I came across cities that have no name, cities that don’t appear on any map. On one hand, I was really excited to be able to explore these places which very few people have seen. But on the other, I was appalled to see the conditions people were living in. We’re talking about entire cities that have been pretty much destroyed and left isolated, but where some people have refused to leave. I decided to create a series of souvenirs and symbols that would document and recognize these forgotten cities, and at the same time help me to express this inner conflict I went through during my journey.

What kind of objects did you create?

In the beginning, my intention was just to look for these cities, and to explore this area. But the more I saw, the more I understood that these places deserved recognition. I was struggling with the fact that I found some of these places extremely beautiful. It was a strange and tragic beauty, but a fascinating one nevertheless. I knew photographs were not enough to convey those feelings, so I started to gather materials and objects along the road, and later I modified them and transformed them into the symbols that compose the project.

The most representative are probably two plastic jerrycans that contain water from the Yangtze River. I collected this water at the exact point where the old city of Fengdu used to stand, now completely submerged under the water. Later on, I painted these jerrycans with traditional chinese motifs, as if they were precious Chinese vases. The result is an object whose identity is heavily questioned, which doesn’t seem to belong either to Eastern or Western culture, but that represents the clash between traditional Chinese culture and industrialization. There are more than 10 objects and installations in total, together with a series of photographs.

Fengdu Jerry Cans, from the Normal Pool Level series. Exhibition view at the 501 Contemporary Art Centre, Chongqing, China. Photo: Seethisway.

Plastic jerrycans, basic containers for water or fuel, are painted to look like Chinese vases. Fengdu Jerry Cans, from the Normal Pool Level series. Exhibition view at the 501 Contemporary Art Centre, Chongqing, China. Photo: Seethisway.

You call yourself a “perpetual tourist.” What does this mean, especially in the context of design?

Until fairly recently, I worked with design companies on everyday items like chairs, furniture or small products — homeware, vases, so on. But while I was studying at the Royal College of Art in London, I joined a program that was very experimental, pushing the boundaries of design. So my work became much more about the impact design can have in our current society, beyond manufacturing everyday items.

To put it concisely, I became interested in experience. Right now, with any product that you have or acquire, what you look forward to is the experiences the product might allow you to have. So I started thinking about tourism. In a way, industrial design is about creating a product, and replicating it millions of times. And tourism is the mass-production of experiences. You create one experience — say, going to the top of the Eiffel Tower — and then millions of people have, literally, that very same experience. I also find interesting the way people behave when they are tourists. Things look different, the food tastes different, and you dare to do things that otherwise you’d never do. You’re way more open to learning about new cultures, meeting new people. You become someone else. I thought, “What if I apply that kind of behavior to everyday experiences? Can I behave like a tourist every day?”

I did a few projects that explored these ideas. One was an illegal souvenir production project on top of the Eiffel Tower. Another one — my graduation project — was a portable souvenir factory. I rode my bike for three weeks along the Camino de Santiago in Spain, and attached to the bike I had a portable rotational molding machine. In every village, I met different people, and I used my machine to manufacture my own souvenirs on the road — in contrast to the experience of buying, you know, fridge magnets.

La Copa del Rey, from the Ultreia, the Nomad Factory series. Exhibition view at the Royal College of Art, London, UK. Photo: Matthew Booth.

Rubio made these trophies to commemorate playing a game of football with a group of kids. La Copa del Rey, from the Ultreia, the Nomad Factory series. Exhibition view at the Royal College of Art, London, UK. Photo: Matthew Booth.

Did you give them away to the people you met?

Sometimes I made them just for myself, sometimes I gave them away. The act of giving them away allowed me to create a unique scenario or situation that made the human interaction much more interesting. On other occasions, I was learning new crafts and skills from people I met on the road, using those skills to my own advantage. The whole process allowed me to have a much more authentic experience.

The machine is quite simple — you can just cycle with it, and it works with the movement of the bicycle. So as long as you’re traveling, you can manufacture objects. You put molds inside it, and using different materials — silicon, fiberglass, bioresin — you can create all kinds of products. For example, I was giving football trophies away to kids after I played football with them, so that they’d have a souvenir of our experience. I also used the machine to mix different kinds of clay to create ceramics, and even to extract honey from honeycombs.

The Camino de Santiago is a very interesting mix of culture, history, religion, nature and tourism, and it has been extremely commercialized in the last few years, so the project was also about challenging this situation. I traveled with electronics like a GPS, photo and video cameras, a solar panel, and a camping tent. I was completely self-sustaining, and could sleep in the middle of the forest instead of sharing a hostel with hundreds of tourists.

But again, it wasn’t about the objects themselves. It’s about the experiences that these objects generated. I’m interested in super-simple analog artifacts and basic human interactions that can trigger unique experiences. So, for example, when a kid runs to tell his parents that there’s a guy who came from London with a bicycle and who makes football trophies out of the sun, that experience is unique and will never happen again.

You’ve given them that experience, and you’ve also taken an experience for yourself.

Exactly. The souvenirs I create celebrate this exchange.

Street Food Lighting, Amsterdam. Photo: Seethisway.

Rubio brings the street vendors of China, India and Morocco to the streets of The Netherlands. Street Food Lighting, Amsterdam. Photo: Seethisway.

I’m also curious about your Street Food Lighting project. I love street food and night markets. Why did you decide to project footage of street food stalls onto urban spaces?

What I like about these kind of places is that they are open until very late, and the lights are really bright. You feel completely safe because there are always people coming and going. They’re so welcoming. It’s not just about the food. I mean, they make the streets a better place. China, India, Morocco — very different cultures, but street food is something they have in common. Fascinated, I started filming these late-night markets and food stalls around the world.

Now I live in Holland, where the cities have many dark streets, empty buildings and storefronts. So I started projecting these videos onto these streets. The idea behind it is that you’ll be heading home late at night in Amsterdam, and all of a sudden you’re taken into a late-night Moroccan spice market, for example. The idea is not just that you’re lighting the streets in a different way. It’s also that you are promoting the streets as a place for social exchange. In Europe, for example, Moroccan people don’t have the same status as a white person. I’m always projecting in neighborhoods or in areas where you’re not supposed to find this kind of work. It’s not like you’re walking in the city center, and you see an art installation, or a big sculpture. I’m doing this in suburbs or in places where people usually don’t interact with art and design. I want to bring this experience to those people and places.

Did you have to get permission to do this?

I presented the project to the City of Eindhoven, and it was awarded in 2012 by the Dutch Design and Architecture Institute, so they funded me to film and produce the project in several locations. It’s now been exhibited in museums and galleries all over the world, from Madrid to Chicago, Shanghai to Seoul. A fun fact is that when it got featured in The Atlantic Cities, they defined the project as a way to fight crime.

I think it’s important to bring something different to our streets, so we can live them in an unexpected way. It seems that the generalized idea of public spaces is that it must be a square with benches and a little fountain, or a shopping mall. But the truth is that there’s much more we could do with our public spaces, especially with those that are abandoned or underused.

Abandoned church. Undisclosed location, Italy. Photo: Seethisway.

Rubio photographed churches abandoned after a devastating earthquake. Abandoned church. Undisclosed location, Italy. Photo: Seethisway.

You specialize in exploring and making art from abandoned places. Can you tell us about some of those?

Yes, I’m doing a project right now in Italy, in the Cilento National Park, where I found some truly incredible places. My friend, designer Gianluca Tesauro, lives in the south of Italy, and last summer he invited me to come for a few days to relax on the Amalfi Coast. A few months before, in my research, I’d came across a few villages that were abandoned in the ’80s after the devastating earthquake of Irpinia. I was quite surprised that these villages were never rebuilt, so Gianluca and I went to look for them. We were amazed by what we found. Many churches and chapels were still standing. Sadly, people managed to break into these churches, and they looted everything they could. They got all the Madonnas, all the santos, all the paintings and relics. So these places are now completely empty. We decided to start a new project out of this experience.

As an artist, I’m on a permanent quest for this kind of situation, where my work can contribute in changing the way we perceive these places. We talked with locals, and we are now preparing a collaboration with craftsmen from the area, creating a series of new artworks and installations that will replace the stolen icons with new fictional symbols.

This must be very dangerous. These structures look like they’re going to fall down at any minute.

Yeah, it is really sad and quite dangerous. Some of them are open to the public “at your own risk,” others are closed. It’s important to understand that with this project we are not asking for reconstruction or restoration, but to preserve the ruins as what they are today. That conflict between beauty and decay makes them contemporary and relevant for our time. It is what essentially makes them truly works of art.

Why did they allow you inside?

I think they were really surprised that two young guys were taking such a big interest in their heritage. Usually, youngsters go there to drink beers and smash a few windows, but I believe these places deserve much more than that. Some locals do care, but in Italy there’s so much heritage that it’s impossible to preserve everything. What we propose is to reopen these places with a new purpose, and to help preserve their identity.

We want to create a series of new artworks, and place them here, in this church. We aim to open the doors of this place to the public in 2015, 35 years after the quake — not only for the locals, but also for potential visitors. The new artworks are inspired by southern Italian traditions and folklore, but they are not necessarily religious objects, because these places are not religious anymore—they’ve been deconsecrated. The project’s called Buona Fortuna, which means “good luck” in Italian, and it’s represented by a symbol that means good luck in southern Italy. But it also ironically represents the way these places have been completely forgotten — like, “Yeah, good luck with this.”

It’s difficult because we don’t want to work with local funding, as there’s no way we’d have the freedom to do whatever we want. We want to stay away from the regional politics, which are very complex. So, we are selling photographs of the churches in very limited editions, and that’s helping us to promote the project and finance it in a more independent way.

So you’ve gone from straight-ahead industrial design to something far more conceptual. How do you feel about how your work has evolved over time?

I’m still finding my way, even on a practical level. Before, I didn’t really use photography for my projects. I wouldn’t mind documenting what I was doing just with my phone. But now I take my time, I consider it carefully, set up a tripod — you know, take my time. But I would never have called myself a photographer, because photography for me is a tool to help people understand the context in which my artworks are created. But it is true that a few years ago, I saw myself as a designer. I wanted to create products. And now I want something completely different. I want my work to have a social impact that design, most of the time, cannot achieve.

Here, Rubio sets up a shot in an Italian church devastated by an earthquake. Photo: Courtesy of Rubio

Rubio sets up a shot in an Italian church devastated by an earthquake. Photo: Courtesy of Rubio


Planet DebianAndrew Pollock: [debian] Day 174: Kindergarten, startup stuff, tennis

I picked up Zoe from Sarah this morning and dropped her at Kindergarten. Traffic seemed particularly bad this morning, or I'm just out of practice.

I spent the day powering through the last two parts of the registration block of my real estate licence training. I've got one more piece of assessment to do, and then it should be done. The rest is all dead-tree written stuff that I have to mail off to get marked.

Zoe's doing tennis this term as her extra-curricular activity, and it's on a Tuesday afternoon after Kindergarten at the tennis court next door.

I'm not sure what proportion of the class is continuing on from previous terms, and so how far behind the eight ball Zoe will be, but she seemed to do okay today, and she seemed to enjoy it. Megan's in the class too, and that didn't seem to result in too much cross-distraction.

After that, we came home and just pottered around for a bit and then Zoe watched some TV until Sarah came to pick her up.

Planet DebianHideki Yamane: GeoIP support for installer is really nice


RHEL7 installation note says "The new graphical installer also generates automatic default settings where applicable. For example, if the installer detects a network connection, the user's general location is determined with GeoIP and sane suggestions are made for the default keyboard layout, language and timezone." but CentOS7 doesn't work as expected ;-)

 GeoIP support in Fedora20 Installer works well and it's pretty nice. Boot from live media and it shows "Try Fedora" and "Install to Hard Drive" menu.

Then, select "Install" and...Boom! it shows in Japanese without any configuration automagically!

I want same feature for d-i, too.

,

Krebs on SecurityBanks: Card Breach at Goodwill Industries

Heads up, bargain shoppers: Financial institutions across the country report that they are tracking what appears to be a series of credit card breaches involving Goodwill locations nationwide. For its part, Goodwill Industries International Inc. says it is working with the U.S. Secret Service on an investigation into these reports.

goodwillHeadquartered in Rockville, Md., Goodwill Industries International, Inc. is a network of 165 independent agencies in the United States and Canada with a presence in 14 other countries. The organizations sell donated clothing and household items, and use the proceeds to fund job training programs, employment placement services and other community-based initiatives.

According to sources in the financial industry, multiple locations of Goodwill Industries stores have been identified as a likely point of compromise for an unknown number of credit and debit cards.

In a statement sent to KrebsOnSecurity, Goodwill Industries said it first learned about a possible incident last Friday, July 18. The organization said it has not yet confirmed a breach, but that it is working with federal authorities on an investigation into the matter.

“Goodwill Industries International was contacted last Friday afternoon by a payment card industry fraud investigative unit and federal authorities informing us that select U.S. store locations may have been the victims of possible theft of payment card numbers,” the company wrote in an email.

“Investigators are currently reviewing available information,” the statement continued. “At this point, no breach has been confirmed but an investigation is underway. Goodwills across the country take the data of consumers seriously and their community well-being is our number one concern. Goodwill Industries International is working with industry contacts and the federal authorities on the investigation. We will remain appraised of the situation and will work proactively with any individual local Goodwill involved taking appropriate actions if a data compromise is uncovered.”

The U.S. Secret Service did not respond to requests for comment.

It remains unclear how many Goodwill locations may have been impacted, but sources say they have traced a pattern of fraud on cards that were all previously used at Goodwill stores across at least 21 states, including Arkansas, California, Colorado, Florida, Georgia, Iowa, Illinois, Louisiana, Maryland, Minnesota, Mississippi, Missouri, New Jersey, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, Washington and Wisconsin.

It is also not known at this time how long ago this apparent breach may have begun, but those same financial industry sources say the breach could extend back to the middle of 2013.

Financial industry sources said the affected cards all appear to have been used at Goodwill stores, but that the fraudulent charges on those cards occurred at non-Goodwill stores, such as big box retailers and supermarket chains. This is consistent with activity seen in the wake of other large data breaches involving compromised credit and debit cards, including the break-ins at Target, Neiman Marcus, Michaels, Sally Beauty, and P.F. Chang’s.

CryptogramFingerprinting Computers By Making Them Draw Images

Here's a new way to identify individual computers over the Internet. The page instructs the browser to draw an image. Because each computer draws the image slightly differently, this can be used to uniquely identify each computer. This is a big deal, because there's no way to block this right now.

Article. Hacker News thread.

EDITED TO ADD (7/22): This technique was first described in 2012. And it seems that NoScript blocks this. Privacy Badger probably blocks it, too.

EDITED TO ADD (7/23): EFF has a good post on who is using this tracking system -- the White House is -- and how to defend against it.

And a good story on BoingBoing.

Planet DebianChris Lamb: Disabling internet for specific processes with libfiu

My primary usecase is to prevent testsuites and build systems from contacting internet-based services. This, at the very least, introduces an element of non-determinism and malicious code at worst.

I use Alberto Bertogli's libfiu for this, specifically the fiu-run utility which part of the fiu-utils package on Debian and Ubuntu.

Here's a contrived example, where I prevent Curl from talking to the internet:

$ fiu-run -x -c 'enable name=posix/io/net/connect' curl google.com
curl: (6) Couldn't resolve host 'google.com'

... and here's an example of it detecting two possibly internet-connecting tests:

$ fiu-run -x -c 'enable name=posix/io/net/connect' ./manage.py text
[..]
----------------------------------------------------------------------
Ran 892 tests in 2.495s

FAILED (errors=2)
Destroying test database for alias 'default'...

Note that libfiu inherits all the drawbacks of LD_PRELOAD; in particular, we cannot limit the child process that calls setuid binaries such as /bin/ping:

$ fiu-run -x -c 'enable name=posix/io/net/connect' ping google.com
PING google.com (173.194.41.65) 56(84) bytes of data.
64 bytes from lhr08s01.1e100.net (17.194.41.65): icmp_req=1 ttl=57 time=21.7 ms
64 bytes from lhr08s01.1e100.net (17.194.41.65): icmp_req=2 ttl=57 time=18.9 ms
[..]

Whilst it would certainly be more robust and flexible to use iptables—such as allowing localhost and other local socket connections but disabling all others—I gravitate towards this entirely userspace solution as it requires no setup and I can quickly modify it to block other calls on an ad-hoc basis. The list of other "modules" libfiu supports is viewable here.

Planet DebianIan Campbell: sunxi-tools now available in Debian

I've recently packaged the sunxi tools for Debian. These are a set of tools produce by the Linux Sunxi project for working with the Allwinner "sunxi" family of processors. See the package page for details. Thanks to Steve McIntyre for sponsoring the initial upload.

The most interesting component of the package are the tools for working with the Allwinner processors' FEL mode. This is a low-level processor mode which implements a simple USB protocol allowing for initial programming of the device and recovery which can be entered on boot (usually be pressing a special 'FEL button' somewhere on the device). It is thanks to FEL mode that most sunxi based devices are pretty much unbrickable.

The most common use of FEL is to boot over USB. In the Debian package the fel and usb-boot tools are named sunxi-fel and sunxi-usb-boot respectively but otherwise can be used in the normal way described on the sunxi wiki pages.

One enhancement I made to the Debian version of usb-boot is to integrate with the u-boot packages to allow you to easily FEL boot any sunxi platform supported by the Debian packaged version of u-boot (currently only Cubietruck, more to come I hope). To make this work we take advantage of Multiarch to install the armhf version of u-boot (unless your host is already armhf of course, in which case just install the u-boot package):

# dpkg --add-architecture armhf
# apt-get update
# apt-get install u-boot:armhf
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  u-boot:armhf
0 upgraded, 1 newly installed, 0 to remove and 1960 not upgraded.
Need to get 0 B/546 kB of archives.
After this operation, 8,676 kB of additional disk space will be used.
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Selecting previously unselected package u-boot:armhf.
(Reading database ... 309234 files and directories currently installed.)
Preparing to unpack .../u-boot_2014.04+dfsg1-1_armhf.deb ...
Unpacking u-boot:armhf (2014.04+dfsg1-1) ...
Setting up u-boot:armhf (2014.04+dfsg1-1) ...

With that done FEL booting a cubietruck is as simple as starting the board in FEL mode (by holding down the FEL button when powering on) and then:

# sunxi-usb-boot Cubietruck -
fel write 0x2000 /usr/lib/u-boot/Cubietruck_FEL/u-boot-spl.bin
fel exe 0x2000
fel write 0x4a000000 /usr/lib/u-boot/Cubietruck_FEL/u-boot.bin
fel write 0x41000000 /usr/share/sunxi-tools//ramboot.scr
fel exe 0x4a000000

Which should result in something like this on the Cubietruck's serial console:

U-Boot SPL 2014.04 (Jun 16 2014 - 05:31:24)
DRAM: 2048 MiB


U-Boot 2014.04 (Jun 16 2014 - 05:30:47) Allwinner Technology

CPU:   Allwinner A20 (SUN7I)
DRAM:  2 GiB
MMC:   SUNXI SD/MMC: 0
In:    serial
Out:   serial
Err:   serial
SCSI:  SUNXI SCSI INIT
Target spinup took 0 ms.
AHCI 0001.0100 32 slots 1 ports 3 Gbps 0x1 impl SATA mode
flags: ncq stag pm led clo only pmp pio slum part ccc apst 
Net:   dwmac.1c50000
Hit any key to stop autoboot:  0 
sun7i# 

As more platforms become supported by the u-boot packages you should be able to find them in /usr/lib/u-boot/*_FEL.

There is one minor inconvenience which is the need to run sunxi-usb-boot as root in order to access the FEL USB device. This is easily resolved by creating /etc/udev/rules.d/sunxi-fel.rules containing either:

SUBSYSTEMS=="usb", ATTR{idVendor}=="1f3a", ATTR{idProduct}=="efe8", OWNER="myuser"

or

SUBSYSTEMS=="usb", ATTR{idVendor}=="1f3a", ATTR{idProduct}=="efe8", GROUP="mygroup"

To enable access for myuser or mygroup respectively. Once you have created the rules file then to enable:

# udevadm control --reload-rules

As well as the FEL mode tools the packages also contain a FEX (de)compiler. FEX is Allwinner's own hardware description language and is used with their Android SDK kernels and the fork of that kernel maintained by the linux-sunxi project. Debian's kernels follow mainline and therefore use Device Tree.

Planet DebianDaniel Pocock: Australia can't criticize Putin while competing with him

While much of the world is watching the tragedy of MH17 and contemplating the grim fate of 298 deceased passengers sealed into a refrigerated freight train in the middle of a war zone, Australia (with 28 victims on that train) has more than just theoretical skeletons in the closet too.

At this moment, some 153 Tamil refugees, fleeing the same type of instability that brought a horrible death to the passengers of MH17, have been locked up in the hull of a customs ship on the high seas. Windowless cabins and a supply of food not fit for a dog are part of the Government's strategy to brutalize these people for simply trying to avoid the risk of enhanced imprisonment(TM) in their own country.

Under international protocol for rescue at sea and political asylum, these people should be taken to the nearest port and given a humanitarian visa on arrival. Australia, however, is trying to lie and cheat their way out of these international obligations while squealing like a stuck pig about the plight of Australians in the hands of Putin. If Prime Minister Tony Abbott wants to encourage Putin to co-operate with the international community, shouldn't he try to lead by example? How can Australians be safe abroad if our country systematically abuses foreigners in their time of need?

Geek FeminismSolicitation on flipping the script

This is a guest post by April Wright. April is a graduate student in evolutionary biology at the University of Texas at Austin. When she’s not crunching data at her computer, she teaches courses for novice biologists so they can learn some computation. In her spare time, she enjoys reading, gaming, running with her dogs and spending time in the kitchen. You can get ahold of her at her website or Twitter.

So I wrote a blog post that went a little bit viral the other day. And a lot of people have asked in the past couple days what can be done to improve the atmosphere at programming meetings. I’ve been chewing on that pretty substantially.

I’ve had a lot of good discussions over the past couple days (help yourself to warm fuzzies here).

Reader bioatmosphere made a very good point in the comments, pulled out below:

The burden to fix things shouldn’t be on you just because you’re experiencing them

She’s right, of course. And that reminded me of this post by Cate Huston, which closes with a section called “Changing the Conversation”. I’ll copy the crucial bit (do read the whole thing, though) below:

Are you doing meaningful work?

Do you feel appreciated?

Do you feel respected?

And I’m going to tack on one more:

Do you feel like you’re part of something?

Because I think that’s what really got me: I felt like I was part of something, then I didn’t. It’s not just being snubbed that hurts, it’s a sense of loss of a community I kinda thought I fit with.

Since I have some ears bent towards me for a bit: People who feel integrated in communities and happy at meetings, what about it? What about these communities and meetings that makes you feel appreciated? Or respected? Or part of something? And what could you do to help someone else feel that?

Get at me via whatever channel preferred. [Mod note: while we normally do not encourage anonymous comments, they are acceptable on this post. Please note that your IP address will be logged, but is only visible to blog administrators.]

Planet DebianSteve Kemp: An alternative to devilspie/devilspie2

Recently I was updating my dotfiles, because I wanted to ensure that media-players were "always on top", when launched, as this suits the way I work.

For many years I've used devilspie to script the placement of new windows, and once I googled a recipe I managed to achieve my aim.

However during the course of my googling I discovered that devilspie is unmaintained, and has been replaced by something using Lua - something I like.

I'm surprised I hadn't realized that the project was dead, although I've always hated the configuration syntax it is something that I've used on a constant basis since I found it.

Unfortunately the replacement, despite using Lua, and despite being functional just didn't seem to gell with me. So I figured "How hard could it be?".

In the past I've written softare which iterated over all (visible) windows, and obviously I'm no stranger to writing Lua bindings.

However I did run into a snag. My initial implementation did two things:

  • Find all windows.
  • For each window invoke a lua script-file.

This worked. This worked well. This worked too well.

The problem I ran into was that if I wrote something like "Move window 'emacs' to desktop 2" that action would be applied, over and over again. So if I launched emacs, and then manually moved the window to desktop3 it would jump back!

In short I needed to add a "stop()" function, which would cause further actions against a given window to cease. (By keeping a linked list of windows-to-ignore, and avoiding processing them.)

The code did work, but it felt wrong to have an ever-growing linked-list of processed windows. So I figured I'd look at the alternative - the original devilspie used libwnck to operate. That library allows you to nominate a callback to be executed every time a new window is created.

If you apply your magic only on a window-create event - well you don't need to bother caching prior-windows.

So in conclusion :

I think my code is better than devilspie2 because it is smaller, simpler, and does things more neatly - for example instead of a function to get geometry and another to set it, I use one. (e.g. "xy()" returns the position of a window, but xy(3,3) sets it.).

kpie also allows you to run as a one-off job, and using the simple primitives I wrote a file to dump your windows, and their size/placement, which looks like this:

shelob ~/git/kpie $ ./kpie --single ./samples/dump.lua
-- Screen width : 1920
-- Screen height: 1080
..
if ( ( window_title() == "Buddy List" ) and
     ( window_class() == "Pidgin" ) and
     ( window_application() == "Pidgin" ) ) then
     xy(1536,24 )
     size(384,1032 )
     workspace(2)
end
if ( ( window_title() == "feeds" ) and
     ( window_class() == "Pidgin" ) and
     ( window_application() == "Pidgin" ) ) then
     xy(1,24 )
     size(1536,1032 )
     workspace(2)
end
..

As you can see that has dumped all my windows, along with their current state. This allows a simple starting-point - Configure your windows the way you want them, then dump them to a script file. Re-run that script file and your windows will be set back the way they were! (Obviously there might be tweaks required.)

I used that starting-point to define a simple recipe for configuring pidgin, which is more flexible than what I ever had with pidgin, and suits my tastes.

Bug-reports welcome.

Sociological ImagesBorder Fences Make Unequal Neighbors

There is one similarity between the Israel/Gaza crisis and the U.S. unaccompanied child immigrant crisis: National borders enforcing social inequality. When unequal populations are separated, the disparity creates social pressure at the border. The stronger the pressure, the greater the military force needed to maintain the separation.

To get a conservative estimate of the pressure at the Israel/Gaza border, I compared some numbers for Israel versus Gaza and the West Bank combined, from the World Bank (here’s a recent rundown of living conditions in Gaza specifically). I call that conservative because things are worse in Gaza than in the West Bank.

Then, just as demographic wishful thinking, I calculated what the single-state solution would look like on the day you opened the borders between Israel, the West Bank, and Gaza. I added country percentiles showing how each state ranks on the world scale (click to enlarge).

1

Israel’s per capita income is 6.2-times greater, its life expectancy is 6 years longer, its fertility rate is a quarter lower, and its age structure is reversed. Together, the Palestinian territories have a little more than half the Israeli population (living on less than 30% of the land). That means that combining them all into one country would move both populations’ averages a lot. For example, the new country would be substantially poorer (29% poorer) and younger than Israel, while increasing the national income of Palestinians by 444%. Israelis would fall from the 17th percentile worldwide in income, and the Palestinians would rise from the 69th, to meet at the 25th percentile.

Clearly, the separation keeps poor people away from rich people. Whether it increases or decreases conflict is a matter of debate.

Meanwhile

Meanwhile, the USA has its own enforced exclusion of poor people.

3

Photo of US/Tijuana border by Kordian from Flickr Creative Commons.

The current crisis at the southern border of the USA mostly involves children from Guatemala, Honduras, and El Salvador. They don’t actually share a border with the USA, of course, but their region does, and crossing into Mexico seems pretty easy, so it’s the same idea.

To make a parallel comparison to Israel and the West Bank/Gaza, I just used Guatemala, which is larger by population than Honduras and El Salvador combined, and also closest to the USA. The economic gap between the USA and Guatemala is even larger than the Israeli/Palestinian gap. However, because the USA is 21-times larger than Guatemala by population, we could easily absorb the entire Guatemalan population without much damaging our national averages. Per capita income in the USA, for example, would fall only 4%, while rising more than 7-times for Guatemala (click to enlarge):

4

This simplistic analysis yields a straightforward hypothesis: violence and military force at national borders rises as the income disparity across the border increases. Maybe someone has already tested that.

The demographic solution is obvious: open the borders, release the pressure, and devote resources to improving quality of life and social harmony instead of enforcing inequality. You’re welcome!

Cross-posted at Family Inequality.

Philip N. Cohen is a professor of sociology at the University of Maryland, College Park, and writes the blog Family Inequality. You can follow him on Twitter or Facebook.

(View original at http://thesocietypages.org/socimages)

Planet DebianTim Retout: apt-transport-tor 0.2.1

apt-transport-tor 0.2.1 should now be on your preferred unstable Debian mirror. It will let you download Debian packages through Tor.

New in this release: support for HTTPS over Tor, to keep up with people.debian.org. :)

I haven't mentioned it before on this blog. To get it working, you need to "apt-get install apt-transport-tor", and then use sources.list lines like so:

deb tor+http://http.debian.net/debian unstable main

Note the use of http.debian.net in order to pick a mirror near to whichever Tor exit node. Throughput is surprisingly good.

On the TODO list: reproducible builds? It would be nice to have some mirrors offer Tor hidden services, although I have yet to think about the logistics of this, such as how the load could be balanced (maybe a service like http.debian.net). I also need to look at how cowbuilder etc. can be made to play nicely with Tor. And then Debian installer support!

RacialiciousQuoted: Police And Medical Teams During Eric Garner’s Last Moments

At one point, another officer is seen taking a cell phone and a pack of cigarettes from the 43-year-old Garner’s pants.

Even after the arrival of an EMT four minutes into the video, no medical aid is provided to Garner. He’s instead just loaded onto a stretcher and wheeled off.

Cops say he was pronounced dead a short time later after arriving at a Staten Island hospital.

NYPD Officer Daniel Pantaleo, caught on another video putting Garner in a chokehold, is shown standing a few feet away and chatting amiably with a uniformed colleague.

Near the end of the clip, he gives a satiric wave to the person shooting the second video.

Pantaleo, an eight-year veteran, was placed on modified duty Saturday as cops and the Staten Island district attorney investigated the case.

Pantaleo was stripped of his gun and his shield and assigned to work desk duty. The police union immediately denounced the move as “knee-jerk” and “completely unwarranted.”

New York Daily News

Image by Marcos Vasconcelos via Flickr Creative Commons

The post Quoted: Police And Medical Teams During Eric Garner’s Last Moments appeared first on Racialicious - the intersection of race and pop culture.

Planet Linux Australialinux.conf.au News: Our Call For Papers has closed

The Call For Papers is now closed. The last 6 weeks has been very exciting as we’ve watched all of those paper submissions flow in.

To those of you who have submitted a presentation to us - good luck, and thank you! You should hear from us in September whether you have succeeded.

There are more and more wonderful things happening each day.

The LCA 2015 Auckland Team

Planet DebianFrancois Marier: Creating a modern tiling desktop environment using i3

Modern desktop environments like GNOME and KDE involving a lot of mousing around and I much prefer using the keyboard where I can. This is why I switched to the Ion tiling window manager back when I interned at Net Integration Technologies and kept using it until I noticed it had been removed from Debian.

After experimenting with awesome for 2 years and briefly considering xmonad , I finally found a replacement I like in i3. Here is how I customized it and made it play nice with the GNOME and KDE applications I use every day.

Startup script

As soon as I log into my desktop, my startup script starts a few programs, including:

Because of a bug in gnome-settings-daemon which makes the mouse cursor disappear as soon as gnome-settings-daemon is started, I had to run the following to disable the offending gnome-settings-daemon plugin:

dconf write /org/gnome/settings-daemon/plugins/cursor/active false

Screensaver

In addition, gnome-screensaver didn't automatically lock my screen, so I installed xautolock and added it to my startup script:

xautolock -time 30 -locker "gnome-screensaver-command --lock" &

to lock the screen using gnome-screensaver after 30 minutes of inactivity.

I can also trigger it manually using the following shortcut defined in my ~/.i3/config:

bindsym Ctrl+Mod1+l exec xautolock -locknow

Keyboard shortcuts

While keyboard shortcuts can be configured in GNOME, they don't work within i3, so I added a few more bindings to my ~/.i3/config:

# volume control
bindsym XF86AudioLowerVolume exec /usr/bin/pactl set-sink-volume @DEFAULT_SINK@ -- '-5%'
bindsym XF86AudioRaiseVolume exec /usr/bin/pactl set-sink-volume @DEFAULT_SINK@ -- '+5%'

# brightness control
bindsym XF86MonBrightnessDown exec xbacklight -steps 1 -time 0 -dec 5
bindsym XF86MonBrightnessUp exec xbacklight -steps 1 -time 0 -inc 5
bindsym XF86AudioMute exec /usr/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle

# show battery stats
bindsym XF86Battery exec gnome-power-statistics

to make volume control, screen brightness and battery status buttons work as expected on my laptop.

These bindings require the following packages:

Keyboard layout switcher

Another thing that used to work with GNOME and had to re-create in i3 is the ability to quickly toggle between two keyboard layouts using the keyboard.

To make it work, I wrote a simple shell script and assigned a keyboard shortcut to it in ~/.i3/config:

bindsym $mod+u exec /home/francois/bin/toggle-xkbmap

Suspend script

Since I run lots of things in the background, I have set my laptop to avoid suspending when the lid is closed by putting the following in /etc/systemd/login.conf:

HandleLidSwitch=lock

Instead, when I want to suspend to ram, I use the following keyboard shortcut:

bindsym Ctrl+Mod1+s exec /home/francois/bin/s2ram

which executes a custom suspend script to clear the clipboards (using xsel), flush writes to disk and lock the screen before going to sleep.

To avoid having to type my sudo password every time pm-suspend is invoked, I added the following line to /etc/sudoers:

francois  ALL=(ALL)  NOPASSWD:  /usr/sbin/pm-suspend

Window and workspace placement hacks

While tiling window managers promise to manage windows for you so that you can focus on more important things, you will most likely want to customize window placement to fit your needs better.

Working around misbehaving applications

A few applications make too many assumptions about window placement and are just plain broken in tiling mode. Here's how to automatically switch them to floating mode:

for_window [class="VidyoDesktop"] floating enable

You can get the Xorg class of the offending application by running this command:

xprop | grep WM_CLASS

before clicking on the window.

Keeping IM windows on the first workspace

I run Pidgin on my first workspace and I have the following rule to keep any new window that pops up (e.g. in response to a new incoming message) on the same workspace:

assign [class="Pidgin"] 1

Automatically moving workspaces when docking

Here's a neat configuration blurb which automatically moves my workspaces (and their contents) from the laptop screen (eDP1) to the external monitor (DP2) when I dock my laptop:

# bind workspaces to the right monitors
workspace 1 output DP2
workspace 2 output DP2
workspace 3 output DP2
workspace 4 output DP2
workspace 5 output DP2
workspace 6 output eDP1

You can get these output names by running:

xrandr --display :0 | grep " connected"

Finally, because X sometimes fail to detect my external monitor when docking/undocking, I also wrote a script to set the displays properly and bound it to the appropriate key on my laptop:

bindsym XF86Display exec /home/francois/bin/external-monitor

Planet DebianDebConf team: Talks review and selection process. (Posted by René Mayorga)

Today we finished the talk selection process. We are very grateful to everyone who decided to submit talks and events for DebConf14.

If you have submitted an event, please check your email :). If you have not received any confirmation regarding your talk status, please contact us on talks@debconf.org

During the selection process, we bore in mind the number of talk slots during the conference, as well as maintaining a balance among the different submitted topics. We are pleased to announce that we have received a total of 115 events, of which 80 have been approved (69%). Approval means your event will be scheduled during the conference and you will have video coverage.

The list of approved talks can be found on the following link: https://summit.debconf.org/debconf14/all/

If you got an email telling your talk have being approved, and your talk is not listed, don’t panic. Check the status on summit, and make sure to select a track, if you have some track suggestions please mail us and tell us about it.

This year, we expect to also have a sort of “unconference” schedule. This will take place during the designated “hacking time”. During that time the talks rooms will be empty, and ad hoc meetings can be scheduled on-site while we are in the Conference. The method for booking a room for your ad hoc meeting will be decided and announced later, but is expected to be flexible (i.e: open scheduling board / 1 day or less in advance booking), Please don’t abuse the system: bear in mind the space will be limited, and only book your event if you gather enough people to work on your idea.

Please make sure to read the email regarding your talk. :) and prepare yourself.

Time is ticking and we will be happy to meet you in Portland.

Planet Linux AustraliaDave Hall: Drupal in the Enterprise (aka Vote for my DrupalCon Session)

TL; DR: [spam]Please vote for my DrupalCon Denver proposal on Drupal workflows in the enterprise.[/spam]

For the last few months I've been working for Technocrat on a new Drupal based site for the Insurance Australia Group's Direct Insurance brands. The current sites are using Autonomy Teamsite.

The basics of the build are relatively straight forward, around 1000 nodes, a bunch of views and a bit of glue to hold it all together. Where things get complicated is the workflow. The Financial services sector in Australia is subject to strict control of representations being made about products. The workflow system needs to ensure IAG complies with these requirements.

During the evaluation we found that generally Drupal workflows are based around publishing a single piece of content on the production site. In the IAG case a collection of nodes need to be published as a piece of work, along with a new block. These changes need to be reviewed by stakeholders and then deployed. This led us to build a job based workflow system.

We are using the Features module to handle all configuration, deploy for entities and some additional tools, including Symfony, Jenkins and drush to hold it all together.

I've proposed the session for Drupal Downunder in January and will refine the session based on feedback from there in preparation for Denver. If you want to learn more about Drupal Workflows in the Enterprise, please vote for my session.

Planet Linux AustraliaDave Hall: Interacting with the Acquia Cloud API using Python

The Acquia Cloud API makes it easy to manage sites on the platform. The API allows you to perform many administrative tasks including creating, destroying and copying databases, deploying code, managing domains and copying files.

Acquia offers 2 official clients. The primary client is a drush plugin which can only be downloaded from Acquia Insight. The other is a PHP library which states in the README that it is "[n]ot ready for production usage".

On a recent project using WF Tools we needed some pretty advanced deployment scripts for sites hosted on Acquia Cloud. We had tried using a mix of bash and PHP, but that created a maintenance nightmare, so we switched to Python.

I was unable to find a high quality Python library, so I wrote a python client for the Acquia Cloud API. The library implements all of the features that we needed, so there are a few things missing.

Chaining complex commands together is easy because the library implements a fluent interface. An extreme example of what is possible is below:


import acapi

# Instantiate the client
c = acapi.Client('user@example.com', 'acquia-token')

# Copy the prod db to dev, make a backup of the dev db and download it to /tmp
c.site('mysite').environment('prod').db('mysite').copy('dev').backups().create().download('/tmp/backup.sql.gz')

Some of the code is "borrowed" from the Python client for Twilio. The library is licensed under the terms of the MIT license.

I am continuing to develop the library. Consider this a working alpha. Improving error handling, creating a comprehensive test suite and implementing the missing API calls are all on the roadmap. Pull requests are welcome.

The code is PEP 8 (coding standards and PEP 257 (documentation standards) compliant and uses the numpydoc for code documentation.

Check out the Python client for Acquia's Cloud API on github.

Worse Than FailureThe Great Bacon Conspiracy

As an IT infrastructure manager, Jerry spent more time skimming his junkmail folder than he liked. Unfortunately, a large number of important messages landed there, because Garrett, the CSO, mandated an extremely aggressive approach to identifying spam. No less than once a week, a vital message was marked as spam.

NCI bacon.jpg

One afternoon, Jerry noticed an email from Garrett canned away in the spam folder. It was badly formatted, incomprehensible, and CCed to a large list of people. He forwarded the message to the security office, noting, “This looks suspicious. Could someone have malware? Or is this a phishing attempt?”

Over the next few weeks, Jerry didn’t waste any brainpower on the mysterious email. Garrett’s latest mandate required a new proxy server, to “harden security”, and a new firewall to “minimize breaches”. As the dust cleared from that effort, a new message from Garrett reached Jerry’s inbox.

“Based on the CC-SPOOF line, bcaec51a8bd23bf2c604fb04f899, I’ve tracked the sender to a location outside of Armonk, NY. I suspect they were WAR-driving on the Taconic Parkway, probably trying to breach IBM.”

CC-SPOOF? An obvious hash? Breaching IBM based on Garrett’s email address? Jerry scratched his head for five minutes, and then decided he needed an explanation. He grabbed a stiff cup of coffee, and then scaled the stairs up to the literal upper management floor. “Garrett, how on Earth did you turn that gobbledygook into a location in New York State?”

Garrett’s office was a haven of creative disarray. Papers, most of them detailing internal security arrangements and other limited access data, piled up high on his desk. The walls and his monitor were spackled with Post-It™ notes; they were a mixture of todos, reminders, and more than a few marked “user:/pass:”.

Garrett leapt from his chair in a flutter of papers, and landed beside the whiteboard. Thrilled to have someone interested in his hard work, he grabbed a marker, cleared off some space on his whiteboard, and launched into his explanation.

“The email contained this line in the headers,” Garrett said as he scribbled:

Content-Type: multipart/alternative; boundary=bcaec51a8bd23bf2c604fb04f899

“That’s an interesting string, isn’t it? A boundary? Like a… border perhaps? What border could it be talking about? What’s encoded in there? Ha! Well, you’ll notice that if you ignore the last three digits, which are obviously meaningless, the string is 25 characters long. If it’s a multiple of 5, that means it can be a Baconian cipher. Now, a simple Baconian cipher works like this…”

Outside of Garrett’s little world, a Baconian cipher is a simple binary encoding that can be used for steganography. The letter “I” is “01000”, and “D” becomes “00011”. “Idiot” could be rendered as “01000 00011 01000 00111 10010”. These binary values can be encoded into a document through formatting changes, like using italics to represent “1”, and normal characters to represent “0”.

“This, obviously, is a complex Baconian cipher,” Garrett continued. He sketched out sprawling diagram connecting the various characters in the hash up through an epic conspiracy that roped in the Bilderberg Group and the Illuminati <script src="http://www.cornify.com/js/cornify.js" type="text/javascript"></script>. In the end, Garrett “proved” that the hash encoded “411737”, which obviously was a lat/long- 41.1ºN by 73.7ºW. “It was encoded as boundary because Armonk, NY is on the NY/Conneticut border.”

Garrett set the marker down, panting. Unconsciously, Jerry had been inching back towards the hallway for the entire speech, but now Garrett was looking at him, expecting some sort of reply. “Um… according to the MIME specification, that boundary marker is just a random string, good only for separating the parts in a multi-part message. But you’ve… you’ve found that it was actually a cipher that contains the location of the sender?”

“Yes! Many times a private key is configured in the threat actor’s email or spam mailer program. Currently spoofing has taken on a nefarious attack profile, and with the cipher usage, in fact, I believe it has been in use for the past six years! This Google+ malware has been moving through friend circles.”

“Oh, I see.” Jerry extracted himself from Garrett’s office, careful not to touch anything lest the crazy be contagious. Still, the conspiracy-mongering had his curiosity piqued. Where did the email come from? Jerry found a secret code in the headers himself, cryptically marked “client-IP”. In an unlikely coincidence, that number matched exactly to the IP of Garrett’s computer. A remote scan of the machine revealed that it was riddled with malware. One of those was probably responsible for the garbled message… or maybe that’s just what they want you to think.

[Advertisement] Have you seen BuildMaster 4.3 yet? Lots of new features to make continuous delivery even easier; deploy builds from TeamCity (and other CI) to your own servers, the cloud, and more.

Planet DebianKeith Packard: Glamorous Intel

Reworking Intel Glamor

The original Intel driver Glamor support was based on the notion that it would be better to have the Intel driver capture any fall backs and try to make them faster than Glamor could do internally. Now that Glamor has reasonably complete acceleration, and its fall backs aren’t terrible, this isn’t as useful as it once was, and because this uses Glamor in a weird way, we’re making the Glamor code harder to maintain.

Fixing the Intel driver to not use Glamor in this way took a bit of effort; the UXA support is all tied into the overall operation of the driver.

Separating out UXA functions

The first task was to just identify which functions were UXA-specific by adding “_uxa” to their names. A couple dozen sed runs and now a bunch of the driver is looking better.

Next, a pile of UXA-specific functions were actually inside the non-UXA parts of the code. Those got moved out, and a new ‘intel_uxa.h” file was created to hold all of the definitions.

Finally, a few non UXA-specific functions were actually in the uxa files; those got moved over to the generic code.

Removing the Glamor paths in UXA

Each one of the UXA functions had a little piece of code at the top like:

if (uxa_screen->info->flags & UXA_USE_GLAMOR) {
    int ok = 0;

    if (uxa_prepare_access(pDrawable, UXA_GLAMOR_ACCESS_RW)) {
        ok = glamor_fill_spans_nf(pDrawable,
                      pGC, n, ppt, pwidth, fSorted);
        uxa_finish_access(pDrawable, UXA_GLAMOR_ACCESS_RW);
    }

    if (!ok)
        goto fallback;

    return;
}

Pulling those out shrank the UXA code by quite a bit.

Selecting Acceleration (or not)

The intel driver only supported UXA before; Glamor was really just a slightly different mode for UXA. I switched the driver from using a bit in the UXA flags to having an ‘accel’ variable which could be one of three options:

  • ACCEL_GLAMOR.
  • ACCEL_UXA.
  • ACCEL_NONE

I added ACCEL_NONE to give us a dumb frame buffer mode. That actually supports DRI3 so that we can bring up Mesa and run it under X before we have any acceleration code ready; avoiding a dependency loop when doing new hardware. All that it requires is a kernel that offers mode setting and buffer allocation.

Initializing Glamor

With UXA no longer supporting Glamor, it was time to plug the Glamor support into the top of the driver. That meant changing a bunch of the entry points to select appropriate Glamor or UXA functionality, instead of just calling into UXA. So, now we’ve got lots of places that look like:

        switch (intel->accel) {
#if USE_GLAMOR
        case ACCEL_GLAMOR:
                if (!intel_glamor_create_screen_resources(screen))
                        return FALSE;
                break;
#endif
#if USE_UXA
        case ACCEL_UXA:
                if (!intel_uxa_create_screen_resources(screen))
                        return FALSE;
        break;
#endif
        case ACCEL_NONE:
                if (!intel_none_create_screen_resources(screen))
                        return FALSE;
                break;
        }

Using a switch means that we can easily elide code that isn’t wanted in a particular build. Of course ‘accel’ is an enum, so places which are missing one of the required paths will cause a compiler warning.

It’s not all perfectly clean yet; there are piles of UXA-only paths still.

Making It Build Without UXA

The final trick was to make the driver build without UXA turned on; that took several iterations before I had the symbols sorted out appropriately.

I built the driver with various acceleration options and then tried to count the lines of source code. What I did was just list the source files named in the driver binary itself. This skips all of the header files and the render program source code, and ignores the fact that there are a bunch of #ifdef’s in the uxa directory selecting between uxa, glamor and none.

    Accel                    Lines          Size(B)
    -----------             ------          -------
    none                      7143            73039
    glamor                    7397            76540
    uxa                      25979           283777
    sna                     118832          1303904

    none legacy              14449           152480
    glamor legacy            14703           156125
    uxa legacy               33285           350685
    sna legacy              126138          1395231

The ‘legacy’ addition supports i810-class hardware, which is needed for a complete driver.

Along The Way, Enable Tiling for the Front Buffer

While hacking the code, I discovered that the initial frame buffer allocated for the screen was created without tiling (!) because a few parameters that depend on the GTT size were not initialized until after that frame buffer was allocated. I haven’t analyzed what effect this has on performance.

Page Flipping and Resize

Page flipping (or just flipping) means switching the entire display from one frame buffer to another. It’s generally the fastest way of updating the screen as you don’t have to copy any bits.

The trick with flipping is that a client hands you a random pixmap and you need to stuff that into the KMS API. With UXA, that’s pretty easy as all pixmaps are managed through the UXA API which knows which underlying kernel BO is tied with each pixmap. Using Glamor, only the underlying GL driver knows the mapping. Fortunately (?), we have the EGL Image extension, which lets us take a random GL texture and turn it into a file descriptor for a DMA-BUF kernel object. So, we have this cute little dance:

fd = glamor_fd_from_pixmap(screen,
                               pixmap,
                               &stride,
                               &size);


bo = drm_intel_bo_gem_create_from_prime(intel->bufmgr, fd, size);
    close(fd);
    intel_glamor_get_pixmap(pixmap)->bo = bo;

That last bit remembers the bo in some local memory so we don’t have to do this more than once for each pixmap. glamorfdfrompixmap ends up calling eglCreateImageKHR followed by gbmbo_import and then a kernel ioctl to convert a prime handle into an fd. It’s all quite round-about, but it does seem to work just fine.

After I’d gotten Glamor mostly working, I tried a few OpenGL applications and discovered flipping wasn’t working. That turned out to have an unexpected consequence — all full-screen applications would run flat-out, and not be limited to frame rate. Present ‘recovers’ from a failed flip queue operation by immediately performing a CopyArea; not waiting for vblank. This needs to get fixed in Present by having it re-queued the CopyArea for the right time. What I did in the intel driver was to add a bunch more checks for tiling mode, pixmap stride and other things to catch pixmaps that were going to fail before the operation was queued and forcing them to fall back to CopyArea at the right time.

The second adventure was with XRandR. Glamor has an API to fix up the screen pixmap for a new frame buffer, but that pulls the size of the frame buffer out of the pixmap instead of out of the screen. XRandR leaves the pixmap size set to the old screen size during this call; fixing that just meant getting the pixmap size set correctly before calling into glamor. I think glamor should get fixed to use the screen size rather than the pixmap size.

Painting Root before Mode set

The X server has generally done initialization in one order:

  1. Create root pixmap
  2. Set video modes
  3. Paint root window

Recently, we’ve added a ‘-background none’ option to the X server which causes it to set the root window background to none and have the driver fill in that pixmap with whatever contents were on the screen before the X server started.

In a pre-Glamor world, that was done by hacking the video driver to copy the frame buffer console contents to the root pixmap as it was created. The trouble here is that the root pixmap is created long before the upper layers of the X server are ready for drawing, so you can’t use the core rendering paths. Instead, UXA had kludges to call directly into the acceleration functions.

What we really want though is to change the order of operations:

  1. Create root pixmap
  2. Paint root window
  3. Set video mode

That way, the normal root window painting operation will take care of getting the image ready before that pixmap is ever used for scanout. I can use regular core X rendering to get the original frame buffer contents into the root window, and even if we’re not using -background none and are instead painting the root with some other pattern (like the root weave), I get that presented without an intervening black flash.

That turned out to be really easy — just delay the call to I830EnterVT (which sets the modes) until the server is actually running. That required one additional kludge — I needed to tell the DIX level RandR functions about the new modes; the mode setting operation used during server init doesn’t call up into RandR as RandR lists the current configuration after the screen has been initialized, which is when the modes used to be set.

Calling xf86RandR12CreateScreenResources does the trick nicely. Getting the root window bits from fbcon, setting video modes and updating the RandR/Xinerama DIX info is now all done from the BlockHandler the first time it is called.

Performance

I ran the current glamor version of the intel driver with the master branch of the X server and there were not any huge differences since my last Glamor performance evaluation aside from GetImage. The reason is that UXA/Glamor never called Glamor’s image functions, and the UXA GetImage is pretty slow. Using Mesa’s image download turns out to have a huge performance benefit:

1. UXA/Glamor from April
2. Glamor from today

       1                 2                 Operation
------------   -------------------------   -------------------------
     50700.0        56300.0 (     1.110)   ShmGetImage 10x10 square 
     12600.0        26200.0 (     2.079)   ShmGetImage 100x100 square 
      1840.0         4250.0 (     2.310)   ShmGetImage 500x500 square 
      3290.0          202.0 (     0.061)   ShmGetImage XY 10x10 square 
        36.5          170.0 (     4.658)   ShmGetImage XY 100x100 square 
         1.5           56.4 (    37.600)   ShmGetImage XY 500x500 square 
     49800.0        50200.0 (     1.008)   GetImage 10x10 square 
      5690.0        19300.0 (     3.392)   GetImage 100x100 square 
       609.0         1360.0 (     2.233)   GetImage 500x500 square 
      3100.0          206.0 (     0.066)   GetImage XY 10x10 square 
        36.4          183.0 (     5.027)   GetImage XY 100x100 square 
         1.5           55.4 (    36.933)   GetImage XY 500x500 square

Running UXA from today the situation is even more dire; I suspect that enabling tiling has made CPU reads through the GTT even worse than before?

1: UXA today
2: Glamor today

       1                 2                 Operation
------------   -------------------------   -------------------------
     43200.0        56300.0 (     1.303)   ShmGetImage 10x10 square 
      2600.0        26200.0 (    10.077)   ShmGetImage 100x100 square 
       130.0         4250.0 (    32.692)   ShmGetImage 500x500 square 
      3260.0          202.0 (     0.062)   ShmGetImage XY 10x10 square 
        36.7          170.0 (     4.632)   ShmGetImage XY 100x100 square 
         1.5           56.4 (    37.600)   ShmGetImage XY 500x500 square 
     41700.0        50200.0 (     1.204)   GetImage 10x10 square 
      2520.0        19300.0 (     7.659)   GetImage 100x100 square 
       125.0         1360.0 (    10.880)   GetImage 500x500 square 
      3150.0          206.0 (     0.065)   GetImage XY 10x10 square 
        36.1          183.0 (     5.069)   GetImage XY 100x100 square 
         1.5           55.4 (    36.933)   GetImage XY 500x500 square

Of course, this is all just x11perf, which doesn’t represent real applications at all well. However, there are applications which end up doing more GetImage than would seem reasonable, and it’s nice to have this kind of speed up.

Status

I’m running this on my crash box to get some performance numbers and continue testing it. I’ll switch my desktop over when I feel a bit more comfortable with how it’s working. But, I think it’s feature complete at this point.

Where’s the Code

As usual, the code is in my personal repository. It’s on the ‘glamor’ branch.

git://people.freedesktop.org/~keithp/xf86-video-intel  glamor

Planet Linux AustraliaAndrew Pollock: [life] Day 170: The flight back

I have no idea if I'm getting my day numbers right any more with all the crossings of the international date line, but we'll call Friday day 170 and be done with it.

The flight back went pretty well. Zoe had a good time watching some movies, and also slept for a reasonable chunk of the flight. Zoe's cold had progressed into her typical runny nose/nasty cough combination, but neither was particularly bad. She did cough a bit in her sleep, but it didn't seem to stop her sleeping, and she was pretty happy for the duration of the flight. She was definitely impatient to land, because she knew she'd be seeing her mother.

We must have been the first flight into Brisbane on Friday morning, so we breezed through passport control quickly, and the car seat helpfully came out on the same carousel as the suitcases, so we were able to collect everything and exit quarantine relatively quickly.

Sarah met us outside, and dropped me home, and took the day off to spend with Zoe. I used the day to unpack and run a few errands.

I was super impressed with how well Zoe traveled overall. She's such a good little traveler. She's the perfect age/height for her Trunki now, and that made traversing airports at close to normal walking pace very doable. I'm also happy with how I handled solo-parent international travel. I've done a flight to Townsville with Zoe before, and a flight to Melbourne with Zoe and Anshu, but long-haul international for nearly 3 weeks is a totally different ball game, and aside from me needing to learn to pack a bit better when leaving a location (checklists, checklists, checklists!) everything went really well. The only thing I forgot to pack was my own swimwear, and that was easily fixed.

Planet DebianAndrew Pollock: [debian] Day 173: Investigation for bug #749410 and fixing my VMs

I have a couple of virt-manager virtual machines for doing DHCP-related work. I have one for the DHCP server and one for the DHCP client, and I have a private network between the two so I can simulate DHCP requests without messing up anything else. It works nicely.

I got a bit carried away, and I use LVM to snapshots for the work I do, so that when I'm done I can throw away the virtual machine's disks and work with a new snapshot next time I want to do something.

I have a cron job, that on a good day, fires up the virtual machines using the master logical volumes and does a dist-upgrade on a weekly basis. It seems to have varying degrees of success though.

So I fired up my VMs to do some investigation of the problem for #749410 and discovered that they weren't booting, because the initramfs couldn't find the root filesystem.

Upon investigation, the problem seemed to be that the logical volumes weren't getting activated. I didn't get to the bottom of why, but a manual activation of the logical volumes allowed the instances to continue booting successfully, and after doing manual dist-upgrades and kernel upgrades, they booted cleanly again. I'm not sure if I got hit by a passing bug in unstable, or what the problem was. I did burn about 2.5 hours just fixing everything up though.

Then I realised that there'd been more activity on the bug since I'd last read it while I was on vacation, and half the investigation I needed to do wasn't necessary any more. Lesson learned.

I haven't got to the bottom of the bug yet, but I had a fun day anyway.

Planet DebianJunichi Uekawa: Trying android wear SDK using my LG G watch.

Trying android wear SDK using my LG G watch. I didn't have the permissions to access the usb device, and I had to update the udev rules. It wasn't clear what the right way was, and existing Android devices look like audio or camera, not really consistent.

,

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2014-07-14 to 2014-07-20

Sociological ImagesSunday Fun: The Flintstones take a Smoke Break

A blast from the past.  Fred and Barney let their wives do all the work, pull out a pack of Winston’s:

<object codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="344" width="425"><param name="allowFullScreen" value="true"/><param name="src" value="http://www.youtube.com/v/gJLnPM0BjaQ&amp;hl=en&amp;fs=1"/><param name="allowfullscreen" value="true"/><embed allowfullscreen="true" height="344" src="http://www.youtube.com/v/gJLnPM0BjaQ&amp;hl=en&amp;fs=1" type="application/x-shockwave-flash" width="425"></object>

Originally posted in 2008.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet Linux AustraliaTim Serong: The Fridge Magnets

Last Thursday night was the TasLUG OpenStack 4th Birthday meetup. We had some nice nibbly food, some drinks, and four OpenStacky talks:

  • An update from the OpenStack Foundation (presented by me, with slides provided by the Foundation).
  • A talk about the NeCTAR cloud and using the command line tools to work with images, by Scott Bragg.
  • A talk on spinning up instances with Nova and Heat, by Stewart Wilde.
  • A talk by me on Ceph, and how it can be used as the storage backend for an OpenStack cloud.

We also had some posters, stickers and fridge magnets made up. The fridge magnets were remarkably popular. If you weren’t at TasLUG last night, and you want a fridge magnet, first download this image (the full-res one linked to, not the inline one):

Then, go to Vistaprint and place an order for Magnetic Business Cards, using this image. You can get 25 done for about $10, plus shipping.

Finally, I would like to publicly thank the OpenStack Foundation for supporting this event.

,

LongNowAlexander Rose speaks at Catalyst Week, Las Vegas on July 25th

Alexander Rose - Long Now Foundation

On Friday, July 25th 02014, Long Now Foundation’s Executive Director Alexander Rose will speak at Catalyst Week series in Las Vegas. This month’s speakers are this Thursday and Friday at the Learning Village in downtown Las Vegas. You can RSVP here to attend.

Catalyst Week is a monthly event sponsored by the Downtown Project, Zappo’s founder Tony Hsieh’s effort revitalize urban Las Vegas. As he discussed in his Seminar About Long-term Thinking (SALT) for Long Now Hsieh hopes to make Last Vegas “the most community-focused large city in the world”.

You can watch Tony’s SALT talk to hear more about the Downtown Project or read more about him in our Seminar primer blog post.

Don MartiSurfacing, not hiding, the creepy?

Let's look at the scorecard for the surveillance marketing game. The mainstream coverage would choose up sides like so:

  • Advertisers (brand and direct reponse)
  • Adtech vendors
  • Ad-supported sites
  • Authors
  • Users
  • Platform vendors

vs.

  • Elitist Internet greybeards
  • Privacy hackers
  • Unaccountable Eurocrats
  • Fraud perpetrators

Not so good for the privacy side. But if you do some research, the scorecard probably actually looks like so:

  • Direct response advertisers
  • Low-value ad-supported sites
  • Adtech vendors
  • Fraud perpetrators
  • Dominant platform vendor

vs.

  • Brand advertisers
  • High-value ad-supported sites
  • Authors
  • Users
  • Elitist Internet greybeards
  • Privacy hackers
  • Unaccountable Eurocrats
  • Smaller/new platform vendors

Quite a difference. If you're a platform vendor using privacy as a selling point, how do you make the user aware of it? Most platforms try to conceal tracking. But if you're working with the creeped-out feeling instead of trying to soothe it, you need to give the user a little hint of, "Gosh, I'm glad I didn't step in that!" in the same way that a mail application shows you the count of messages in your spam folder. For example, users could get a notification when entering the range of a new wireless shopper tracker, then have the option to hush it up.

The dreaded "Do you want to accept this cookie?" dialog could even be simplified. Instead of presenting the cookie with no context, you could get...

Do you want to accept tracking by example.com? This site appears on the following lists:

  • Companies that Hate Freedom (Freedom Lovers of America)

  • Puppy Kickers List (International Puppy Lovers League)

Block this site / Block all sites covered by both of these lists / Accept tracking

The challenge is to add just enough "look how I'm protecting your privacy—aren't I a good little device?" to keep the user uneasy when he or she uses something else.

Sociological ImagesSaturday Stat: Wait, WHO Dislikes Atheists?

Last month I posted data showing that, of all the things that might disqualify someone for public office, being an atheist is tops.  I wrote: “Prejudice against those who say there’s no god is stronger than ageism, homophobia, and sexism.” On average, Americans would rather vote for someone who admitted to smoking pot or had an extramarital affair.

We just don’t like atheists.

But who is “we”?

A survey by the Pew Research Center asked Americans of varying religious affiliations how they felt about each other.  atheists were most disliked by Protestants, especially White evangelicals and Black Protestants (somewhat less so White Mainline Protestants).  Atheists quite liked themselves, and agnostics thought were they were okay. Among other religiously affiliated groups, Jews gave atheists the highest rating.

1

For what it’s worth, atheists feel warmish toward Jews in return, preferring them to everyone except Buddhists, and they dislike Evangelical Christians almost as much as the Christians dislike them.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

Planet Linux AustraliaAndrew Pollock: [life] Day 168: Homeward bound

It's all a bit hazy now, but I think Zoe slept all night and woke up a bit early and came down to my room. Graydon appeared not long after. I made us all breakfast and then got stuck into packing.

After we were all packed up, and Zoe and Graydon had played a bit, Neal took us to REI and Best Buy to do a spot of shopping, and then dropped us at Hertz to pick up the rental car.

After lunch, we packed up the car and headed on our way to Dallas.

The drive went really well. I'd rented some sort of Chevy SUV, and it had a nice interior, and the car radio supported Pandora and had a big display. I stuck Zoe's car seat in the middle, and she was happy being able to see out the front and also see the cover art for what Pandora was dishing up. As I hoped, she napped for a couple of hours on the way up.

The drive took about three and a half hours, and I'd wanted to stop for a break along the way, but missed the exit for the only decent looking rest stop, so pressed on.

We made it to the airport with a comfortable margin of time, and had enough time for dinner. The highlight of the evening was hearing Kim Kardashian get paged twice. Everyone looked at each other and wondered if it was that Kim Kardashian and considered going to the gate she was paged to to find out.

Our flight ended up leaving a little bit late, due to needing to unload some of the cargo to make the distance and also to ensure we didn't arrive before the 5am curfew in Brisbane airport.

,

CryptogramFriday Squid Blogging: Squid Dissection

A six-hour video of a giant squid dissection from Auckland University of Technology.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Geek FeminismA Swiftly Tilting Linkspam

  • Why Silicon Valley needs the coder grrrls of Double Union, the feminist hacker space | Fast Company: “Unlike Sheryl Sandberg’s brand of feminism, which puts the responsibility on women to lean in, the Double Unioneers take a structural approach. It’s the system that needs fixing, not women.”
  • Why can’t Thor be a woman? Geek culture isn’t just for guys | The Guardian (July 16): “‘The burgeoning Thor controversy is part of a network of problems to do with representation in comics, but one aspect in particular weighs heaviest in this context. We, as a western culture, still struggle with androcentrism – the belief that male experience is the norm and that everything else is, at best, a derivation of the norm and, at worst, abnormal.”
  • Men interrupt more than women | Language Log (July 14): “Let’s pause and dwell on this for a sec: In fifteen hours of conversation that included 314 total interruptions, I observed a total of 13 examples of women interrupting male speakers. That is less than once per hour, in a climate where interruptions occur an average of once every two minutes and fifty-one seconds. Does anyone else think this is a big deal?”
  • For women on the Internet, it doesn’t get better | The Daily Dot (July 16): “Between 4Chan, Men’s Rights Activist groups, the Reddit Red Pill community, pick-up artist (PUA) groups, and anti-PUA groups like the one that Elliot Rodger clung to so dearly, the Internet has allowed men to band together more efficiently than ever before to threaten and antagonize women. Every woman with an online presence has a story to share about unwanted contact, sexual harassment, and predatory behavior.”
  • Dropping the F bomb | Geek Feminism (July 8): “Women in tech groups are not necessarily feminist. Some actively work against feminist ideals.”
  • Changing the World with a Breath and a Test | Marlena’s Blog (July 11): “Our mentoring relationship has been the difference between me putting this app in your hands vs. me building another fake twitter cobbled together from web tutorials and stack overflow.  That’s power.  Having someone tell me that, yes, I can do this even if I feel like an idiot, is a machete cutting deep into imposter syndrome.”
  • The problem of Richard Feynman | Galileo’s Pendulum (July 13): “But ‘Sherlock’ is fiction; Feynman was a real person, and those he hurt were no less real people than he was. Sure, it’s easy to abstract them: we don’t know the names of the women he met at bars, the wives of graduate students he emotionally blackmailed into ‘relationships’, the ‘airhead’ female undergraduates in his classes, or the waitresses he pranked just so he could get a self-satisfied story out of it later. We can justify uncomfortably to ourselves that they’re ‘just some women’, but Feynman is Feynman: he’s important symbolically for physics.”
  • Heroes, human “foibles”, and science outreach | Doing Good Science (July 13): “Science outreach doesn’t just deliver messages about what science knows or about the processes by which that knowledge is built. Science outreach also delivers messages about what kind of people scientists are (and about what kinds of people can be scientists). There is a special danger lurking here if you are doing science outreach by using a hero like Feynman and you are not a member of a group likely to have been hurt by his behavior. You may believe that the net effect of his story casts science and scientists in a way that will draw people in, but it’s possible you are fooling yourself.”
  • What’s the scariest thing in the world? Ask your teenage daughter | Polygon (July 15): More questions to Raven are met with disconcertingly direct answers. I’m shown a side of her life I hadn’t seen before. A world of loneliness and struggle where insults and exclusion are used to devastating effect. Teenage girls have problems that are far more real, and far scarier, than zombies.”
  • Gaymerx2: Internetting while Female Panel | Geeks Out (July 13): “Given the dark reality of the subject matter, this could have easily been a depressing recollection of the ugliest manifestations of human behavior on the internet. Instead, the panel struck an abidingly hopeful note and left quite a few people inspired to collectively work toward an ever-better future in gaming. “
  • Computer scientist and devoted educator Susan B. Horwitz dies | University of Wisconsin-Madison News (July 15): “An expert in programming languages and software engineering, Horwitz had been a member of the UW-Madison faculty for nearly 30 years. Among many professional accomplishments, she championed the encouragement of students who might otherwise overlook opportunities in computing…Particularly during the last decade, Horwitz strove to attract underrepresented students, particularly women and targeted minorities, to computer science and ensure their success. She was a founding member of the Academic Alliance of the National Center for Women and IT, based in Boulder, Colorado.”
  • Death by a Thousand Cuts: The Reality of Being a Woman in Tech | Social Ergonomics (July 11): “This is what is so insidious about the current state of affairs for women in the tech world. Even compliments come with strings attached. You know that even if you’re awesome and can keep up with the best of the best, you are still an outsider. Each compliment that ends with “for a woman”, reinforces the fact that according to all expectations, you’re not supposed to be comfortable with computers and technology.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

LongNowThe Future of Language at The Interval: Tuesday July 22

Laura Welcher of Long Now and Rosetta ProjectDavid Evan Harris Executive Director of Global LivesMandana Seyfeddinipur
Laura Welcher, David Evan Harris, and Mandana Seyfeddinipur speak on Tuesday, July 22 at The Interval

This Tuesday at The Interval “The Future of Language” featuring Dr. Laura Welcher of Long Now’s Rosetta Project and Global Lives Project‘s David Evan Harris, and special guest Dr Mandana Seyfeddinipur of the Endangered Languages Documentation Programme who is visiting from London.

Tuesday July 22, 02014 at 7:30pm
at The Interval (doors at 6:30)
Advanced Tickets are strongly encouraged as space is limited

Long Now’s Rosetta Project is dedicated to documenting and preserving human languages. In 02014 preservation is crucial because the languages of the world are dying at an unprecedented rate. And that’s only part of a larger problem.

The link between language diversity and biodiversity is well established. A quarter of all languages on Earth will not survive this century. When we lose a language we also lose the culture of its speakers, their specialized knowledge of the natural world and their care for it.

On Tuesday, July 22, at The Interval you’ll hear more about the situation and a new initiative between Long Now and the Global Lives Project to document the lives and culture of endangered language speakers and raise awareness of the problem in collaboration with The Hans Rausing Endangered Languages Project and a team from the Smithsonian Institution.

Mandana Seyfeddinipur directs the Endangered Languages Documentation Programme at SOAS, University of London. She is enabling hundreds of groups around the world to document dying languages around the world, some of the most important work going in this field.

The Global Lives Project is a Bay Area non-profit developing a video library of everyday life in cultures around the planet. Global Lives’ unique long-form videos tell a “Big Here” story about people around the world.

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="315" width="560"><param name="allowFullScreen" value="true"/><param name="allowscriptaccess" value="always"/><param name="src" value="//www.youtube.com/v/nL-RrzuMQqY?hl=en_US&amp;version=3"/><param name="allowfullscreen" value="true"/><embed allowfullscreen="true" allowscriptaccess="always" height="315" src="//www.youtube.com/v/nL-RrzuMQqY?hl=en_US&amp;version=3" type="application/x-shockwave-flash" width="560"></object>

Long Now’s salon talk events happen on Tuesday nights at The Interval our bar/cafe/museum at Fort Mason Center in San Francisco. The lineup of upcoming talks is growing. Check out the full list here.

Interval donors hear about our events first: there is still time to become a charter donor.

CryptogramNASDAQ Hack

Long article on a sophisticated hacking of the NASDAQ stock exchange.

TED5 things you think about Fargo, North Dakota — that you shouldn’t

Fargo: the fiction. Billy Bob Thornton stars in the FX television show Fargo. This show is based on the Coen Brothers movie, and gives the absolute wrong impression of my city. Photo: FX

Fargo: the fiction. Billy Bob Thornton stars in the FX television show Fargo, which is based on the Coen Brothers movie. Both give the absolute wrong impression of my city. Photo: FX/Matthias Clamer

By Greg Tehven

Fargo, North Dakota, has a skewed reputation. This city, which happens to be my hometown, rocketed to infamy thanks to the 1996 dark comedy by the Coen Brothers about a down-on-his-luck car salesman (William H. Macy) who plans to have his wife kidnapped, and the sheriff (Frances McDormand) who investigates what happens when the plan goes terribly awry. Fargo is a great film—I mean, it won the Oscar for Best Original Screenplay—but it also planted some very off ideas about the city I call home. And just as the jokes were finally dissipating, FX rolled out a new, addictive TV show also called Fargo that dredged up the stereotypes anew.

I grew up on a family farm outside Fargo. In fact, my great-great-grandfather was one of the pioneers who first settled this area. And as the organizer of TEDxFargo, it feels like my duty to set the record straight. Below, some common misconceptions about Fargo, corrected.

  1. You might think … people in Fargo talk funny.
    Yup, we might say “geez” on occasion. But most of us don’t talk funny, and we definitely don’t all sound the same. In fact, we have a surprisingly large international community. Our city is filled with innovators, artists, researchers, entrepreneurs and other professionals, many of whom have moved here from all over the world and have discovered that Fargo is a welcoming community to new Americans.
    .
  2. You might think … Fargo is small and in the middle of nowhere.
    Fun fact: Of the six towns named Fargo in the United States, the one in North Dakota has the largest population, with 113,658 residents. And we prefer to say we are located in the middle of a rich frontier, surrounded by beautiful natural landscapes and farms. Which means that Fargo offers what might be the greatest sunset in the world. Almost every night.
    .
  3. You might think … Fargo is cold all the time.
    I can’t lie—we get a lot of snow in Fargo, about 52 inches per winter. But it makes the other seasons all the sweeter, no? Fall is a gaggle of colors, spring is full of flowers, and the summer is glorious, mild and action-packed. The TEDxFargo community is hugely active in the warm months, with outdoor lunches and after-event celebrations in gardens and on rooftops. Our early summer mornings allow us to feature TEDx Adventures—this year, we’ll hold a coffee roasting exhibition, do yoga on a rooftop, and play childhood games in one of Fargo’s many parks.

    Fargo: the reality. TEDxFargo truly represents this city—full of big ideas and fascinating people. Photo: TEDxFargo

    Fargo: the reality. TEDxFargo truly represents this city—full of big ideas and fascinating people. Photo: TEDxFargo

  4. You might think … Fargo is for old-timers.
    The characters in Fargo aren’t exactly young and spry—they’re middle-aged and dealing with a lack of opportunities. But I’d like to point out that Fargo is now one of the youngest cities in the United States. In fact, the average age here is 30.2 years old. We are home to several universities, and Concordia Language Villages is one of the top places for people in the world to learn a new language. As far as new opportunities, we have a full calendar of startup events, an organization dedicated to promoting startups, a recently launched no-cost co-living incubator, and one of the best 1 Million Cups organizations in the country. So many people in Fargo are running their own companies or setting up their own creative studios. People are choosing Fargo as a place to launch their careers. Fun fact: nine new people move to Fargo every day.
    .
  5. You might think … Fargo is a nowhere place where no one would want to live.
    When I was younger, I believed the negative mythology about this place, so I went off to a big college, co-founded a nonprofit (Students Today Leaders Forever), and then traveled widely to see the great cities of the world. I spent time in Hanoi and Bangkok, and walked across Spain. And after that, I wanted to come back to Fargo. I’ve committed my life’s work to making this the greatest city in the world. I’ve turned down opportunities elsewhere to raise the profile of a creative community filled with some of the kindest people in the world.

TEDxFargo: On Purpose is just around the corner—it will take place on Thursday, July 24, at the historic Fargo Theatre. Our first event started in 2012 with four speakers and 100 people in the audience; this event will feature 22 speakers with an audience of more than 800, and TEDxYouth@Fargo the next day. This kind of growth couldn’t happen without a dedicated team of volunteers. This year, in addition to the speaker program, we’ll experiment with the aroma in the lobby and have puppies to hang out with during the breaks. Overall, we push ourselves to create a memorable experience where attendees are able to see things with new eyes and hear things with new ears. So we especially appreciate your thinking differently about our city.

<iframe class="youtube-player" frameborder="0" height="360" src="http://www.youtube.com/embed/vDgrSSfd8m8?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>


Sociological ImagesModern Politics, the Slave Economy, and Geological Time

Flashback Friday.

I have borrowed the information and images below from Jeff Fecke at Alas A Blog.  His discussion, if you’re interested, is more in depth.

There is a winding line of counties stretching from Louisiana to South Carolina, a set of states that largely voted for McCain in 2008, that went for Obama.  The map below shows how counties voted in blue and red and you can clearly see this interesting pattern.

 

These counties went overwhelmingly for Obama in part because there is large black population.  Often called the “Black Belt,” these counties more so than the surrounding ones were at one time home to cotton plantations and, after slavery was ended, many of the freed slaves stayed.  This image nicely demonstrates the relationship between the blue counties and cotton production in 1860:

 

But why was there cotton production there and not elsewhere?  The answer to this question is a geological one and it takes us all the way back to 65 million years ago when the seas were higher and much of the southern United States was under water.  This image illustrates the shape of the land mass during that time:

I’ll let Jeff take it from here:

Along the ancient coastline, life thrived, as usually does. It especially thrived in the delta region, the Bay of Tennessee, if you will. Here life reproduced, ate, excreted, lived, and died. On the shallow ocean floor, organic debris settled, slowly building a rich layer of nutritious debris. Eventually, the debris would rise as the sea departed, becoming a thick, rich layer of soil that ran from Louisiana to South Carolina.

65 million years later, European settlers in America would discover this soil, which was perfect for growing cotton.

So there you have it: the relationship between today’s political map, the economy, and 65 million years ago.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at http://thesocietypages.org/socimages)

TED10 tips on how to make slides that communicate your idea, from TED’s in-house expert

Speaker David Epstein created a truly stellar slide deck for his talk at TED2014. When your slides rock, your whole presentation pops to life. Here, advice from our office slide master on making Keynote and Powerpoint presentations that communicate strongly. Photo: James Duncan Davidson

When your slides rock, your whole presentation pops to life. At TED2014, David Epstein created a clean, informative slide deck to support his talk on the changing bodies of athletes. Photo: James Duncan Davidson

 

Aaron Weyenberg is the master of slide decks. Our UX Lead creates Keynote presentations that are both slick and charming—the kind that pull you in and keep you captivated, but in an understated way that helps you focus on what’s actually being said. He does this for his own presentations and for lots of other folks in the office. Yes, his coworkers ask him to design their slides, because he’s just that good.

We asked Aaron to bottle his Keynote mojo so that others could benefit from it. Here, 10 tips for making an effective slide deck, split into two parts: the big, overarching goals, and the little tips and tricks that make your presentation sing.

Gavin-AllHands-20140710-1.0.001

Aaron used this image of a New Zealand disaster to kick off a slide deck from TED’s tech team — all about how they prepares for worst-case scenarios. He asked for permission to use the image, and credited the photographer, Blair Harkness. View the whole slidedeck from this presentation.

The big picture…

  1. Think about your slides last. Building your slides should be the tail end of developing your presentation. Think about your main message, structure its supporting points, practice it and time it—and then start thinking about your slides. The presentation needs to stand on its own; the slides are just something you layer over it to enhance the listener experience. Too often, I see slide decks that feel more like presenter notes, but I think it’s far more effective when the slides are for the audience to give them a visual experience that adds to the words.
    .
  2. Create a consistent look and feel. In a good slide deck, each slide feels like part of the same story. That means using the same or related typography, colors and imagery across all your slides. Using pre-built master slides can be a good way to do that, but it can feel restrictive and lead to me-too decks. I like to create a few slides to hold sample graphic elements and type, then copy what I need from those slides as I go.
    .
  3. Think about topic transitions. It can be easy to go too far in the direction of consistency, though. You don’t want each slide to look exactly the same. I like to create one style for the slides that are the meat of what I’m saying, and then another style for the transitions between topics. For example, if my general slides have a dark background with light text, I’ll try transition slides that have a light background with dark text. That way they feel like part of the same family, but the presentation has texture—and the audience gets a visual cue that we’re moving onto a new topic.
    .
  4. With text, less is almost always more. One thing to avoid—slides with a lot of text, especially if it’s a repeat of what you’re saying out loud. It’s like if you give a paper handout in a meeting—everyone’s head goes down and they read, rather than staying heads-up and listening. If there are a lot of words on your slide, you’re asking your audience to split their attention between what they’re reading and what they’re hearing. That’s really hard for a brain to do, and it compromises the effectiveness of both your slide text and your spoken words. If you can’t avoid having text-y slides, try to progressively reveal text (like unveiling bullet points one by one) as you need it.
    .
  5. Use photos that enhance meaning. I love using simple, punchy photos in presentations, because they help what you’re saying resonate in your audience’s mind without pulling their attention from your spoken words. Look for photos that (1) speak strongly to the concept you’re talking about and (2) aren’t compositionally complex. Your photo could be a metaphor or something more literal, but it should be clear why the audience is looking at it, and why it’s paired with what you’re saying. For example, I recently used the image above—a photo of a container ship about to tip over (it eventually sank)—to lead off a co-worker’s deck about failure preparation. And below is another example of a photo I used in a deck to talk about the launch of the new TED.com. The point I was making was that a launch isn’t the end of a project—it’s the beginning of something new. We’ll learn, adapt, change and grow.
Here, a lovely image from a slidedeck Aaron created about the redesign of TED.com. View the whole deck from this presentation.

Here, a lovely image from a slidedeck Aaron created about the redesign of TED.com. View the whole deck from this presentation.

And now some tactical tips…

  1. Go easy on the effects and transitions. Keynote and Powerpoint come with a lot of effects and transitions. In my opinion, most of these don’t do much to enhance the audience experience. At worst, they subtly suggest that the content of your slides is so uninteresting that a page flip or droplet transition will snap the audience out of their lethargy. If you must use them, use the most subtle ones, and keep it consistent.
    .
  2. Use masking to direct attention in images. If you want to point something out in a photo, you could use a big arrow. Or you could do what I call a dupe-and-mask. I do this a lot when showing new page designs, particularly when I don’t want the audience to see the whole design until I’m finished talking about individual components of it. Here’s the original image.mask-1Here’s the process for masking it. (1) Set the image transparency to something less than 100. (2) Duplicate that image so there is one directly over the top of the other. (3) Set the dup’d image transparency back to 100. and (4) Follow the technique here to mask the dup’d image. You’ll end up with something that looks like this.mask-3You can use this technique to call out anything you want in a screenshot. A single word, a photo, a section of content—whatever you want your audience to focus on.
    .
  3. Try panning large images. Often, I want to show screen shot of an entire web page in my presentations. There’s a great Chrome extension to capture these—but these images are oftentimes much longer than the canvas size of the presentation. Rather than scaling the image to an illegible size, or cropping it, you can pan it vertically as you talk about it. In Keynote, this is done with a Move effect, which you can apply from an object’s action panel.
    .
  4. For video, don’t use autoplay. It’s super easy to insert video in Keynote and Powerpoint—you just drag a Quicktime file onto the slide. And when you advance the deck to the slide with the video that autoplays, sometimes it can take a moment for the machine to actually start playing it. So often I’ve seen presenters click again in an attempt to start the video during this delay, causing the deck to go to the next slide. Instead, set the video to click to play. That way you have more predictable control over the video start time, and even select a poster frame to show before starting.
    .
  5. Reproduce simple charts and graphs. Dropping an image of a chart into a presentation is fine, but it almost always disrupts the feel of a deck in unsightly fashion. If the graph data is simple enough (and you have some extra time) there’s a way to make it much more easy on the eyes. You could redraw it in the native presentation application. That sounds like needless work, and it might be for your purposes, but it can really make your presentation feel consistent and thought-through, of one flavor from soup to nuts. You’ll have control over colors, typography, and more. Here are some examples.users-chart
    .
    traffic-chart

Lastly, I’d love to leave you with a couple book recommendations. The first is Resonate, by Nancy Duarte. It’s not so much about slides, but about public speaking in general – which is the foundation for any presentation, regardless of how great your slides are. In it, she breaks down the anatomy of what makes a great presentation, how to establish a central message and structure your talk, and more. (One of her case studies comes from Benjamin Zander’s charming TED Talk about classical music, a talk that captivated the audience from start to finish.) Think of this as prerequisite reading for my second recommendation, also by Duarte: Slide:ology. This is more focused on presentation visuals and slides.

Happy slide-making.


Cory DoctorowDocumentary on the making of the Homeland audiobook with Wil Wheaton

<iframe allowfullscreen="allowfullscreen" class="embedly-embed" frameborder="0" height="281" scrolling="no" src="http://cdn.embedly.com/widgets/media.html?src=http%3A%2F%2Fplayer.vimeo.com%2Fvideo%2F100956787&amp;src_secure=1&amp;url=http%3A%2F%2Fvimeo.com%2F100956787&amp;image=http%3A%2F%2Fi.vimeocdn.com%2Fvideo%2F482608452_1280.jpg&amp;key=cd9e4f06431d4d5cb4fa3e4a1368b789&amp;type=text%2Fhtml&amp;schema=vimeo" width="500"></iframe>

Skyboat Media produced this great little documentary about Wil Wheaton's recording sessions for the audiobook of my novel Homeland, in which he had to read out Pi for four minutes straight, read out dialog in which the narrator had a fanboy moment about meeting Wil Wheaton, and many other fun moments.

Don MartiOpportunity in surveillance marketing consolidation?

In the surveillance marketing business, a bunch of companies that started off in different places have all ending up doing the same thing. A company that started as a 1980s dial-up online service is competing with a company that started as a 1990s web portal and both are competing with social networks and post-bro lean 21st-century whatevers. It's like sailors, merchants, and farmers all abandoning their original occupations and all headed out to pan for the same gold.

But is the surveillance marketing gold rush coming to its natural end? Are we entering the consolidation phase, at least on mobile devices? Derek Thompson: A Handful of Tech Companies Own the Vast Majority of Mobile Ads. Google, Facebook, Pandora, Twitter, and Apple have 75%, and a quarter of the pie is left for the rest.

So what happens to the losers?

As soon as you accept that your company is a loser in the surveillance marketing game, you get to stop repeating the same old Big Data jive and come up with something new. As far as I can tell, everyone on the whole Lumascape has the same Unique Selling Proposition. Which is not really the point as uniqueness goes.

Look, it's a basic marketing exercise. Lots of variants, but basically, you try to fill in something like this.

[Product] is the only [category] that [benefit] for [market] by [core competency].

Ready? Here goes.

[example.com] is the only [adtech intermediary] that [maximizes ROI] for [advertisers] by [creepy data collection and difficult math].

The "only" looks funny there, doesn't it? That is exactly as differentiated as:

[Joe Bloggs] is the only [random guy panning for gold] who [finds the most gold] by [panning for gold in this spot right here].

Boring. It's a recipe for consolidation of an industry. So losing could be the best thing that ever happened to you.

What's the alternative? Well, Microsoft seems to have part of the answer. Violet Blue writes, Second, using Android phones, I'm Google's lab rat and fighting back a continual invasiveness from a company that's really starting to freak me out.

Now we're getting somewhere. Sounds like a point of actual differentiation to me.

What if a vendor used its marketing power to amplify user feelings of unease about surveillance marketing, instead of trying to soothe them? Work with the creeped-out feeling, not agagainst it? Let's do that USP exercise again.

[Microsoft] is the only [productivity platform vendor] that [protects mental and economic integrity] for [users] by [blocking attempts to collect information about you].

That's something to work with, but it's just the start. A message without anything to back it up is as useless as the Scroogled campaign. Pointless. But if you build a security and privacy story keeping the USP in mind, within a couple of releases you've got something.

Clearly nobody in the IT industry is ready to give up getting a piece of the surveillance marketing business yet. But for whoever does first, the opportunity is waiting.

Bonus links

BOB HOFFMAN: The Dumbest People On Earth?

Tim Fernholz: Does the advertising business that built Google actually work?

Alex Kantrowitz: Ad-Tech Companies Form Group to Standardize User ID

The Tech Block: The truth about Google and evil

John Gruber: Privacy as a Competitive Advantage for Apple

BOB HOFFMAN: Misintermediation

Ricardo Bilton: Publishers’ plug-in addiction can come back to haunt them

Christof Wittig: Why mobile advertising isn’t as huge as it’s hyped to be (yet)

eaon pritchard: does culture really eat strategy for breakfast?

datacoup: What the brokers have broken: Shifting the conversation from Privacy to Control

Sam Thielman: This Is How Your Financial Data Is Being Used to Serve You Ads

MediaPost | Metrics Insider: Why Offline Data Is Key To Online Data Segmentation

MediaPost | Mobile Insider: Get This Crap Off My Phone: We Are Screwing Up The Mobile Experience

Lee Hutchinson: Op-Ed: Microsoft layoff e-mail typifies inhuman corporate insensitivity