Planet Russell


Planet DebianNorbert Preining: Craft Beer Kanazawa 2015 地ビール祭り・金沢

Last weekend the yearly Craft Beer Kanazawa Festival took place in central Kanazawa. This year 14 different producers brought about 80 different kind of beers for us to taste. Compared with 6 years ago when I came to Japan and Japan was still more or less Kirin-Asahi-Sapporo country without any distinguishable taste, the situation as improved vastly, and we can now enjoy lots of excellent local beers!

Returning from a trip to Swansea and a conference in Fukuoka, I arrived at Kanazawa train station and went directly to the beer festival. A great welcome back in Kanazawa, but due to excessive sleep deprivation and the feeling of “finally I want to come home”, I only enjoyed 6 beers from 6 different producers.

In the gardens behind the Shinoki Cultural Center lots of small tents with beer and food were set up. Lots of tables and chairs were also available, but most people enjoyed flocking around in the grass around the tents. What a difference to last year’s rainy and cold beer festival!

This year’s producers were (in order from left to right, page links according to language):


With only 6 beers to my avail (due to ticket system), I choose the ones I don’t have nearby. Mind that the following comments are purely personal and do not define a quality standards 😉 I just say what I like from worst to best:

  • Ohya Brasserie, Kitokito Hop きときとホップ: A desaster, I was close to throw this beer away, but then thought – もったいない (what a waste!). Strange and disturbing taste.
  • Ushitora Brewery, Pure Street Session IPA: Ok, but nothing special. Too light and not taste a bit unclear to me.
  • Minoh Brewery, Momo Weizen: Typical Weizen Beer, light and refreshing taste. Good.
  • Swanlake Brewery, some seasonal IPA: good, not so extremely bitter, nice taste.
  • Ise Kadoya Brewery, Pale Ale: very good, full taste
  • Yoho Brewery, Red Ale: my absolute favorite – I don’t know why, but this brewery simply produces absolutely stunning ales. Their Aooni 青鬼 IPA is my day-in-day-out beer, world class. Their Yona Yona Ale, less bitter than the Aooni, is already famous, and this Red Ale was a perfect addition.


A great beer festival and I am looking for next years festival to try a few more. In the mean time I will stock up beers at home, so that I have always a good Yoho Brewery beer at hand!



Krebs on SecurityTrump Hotel Collection Confirms Card Breach

The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and Republican presidential candidate Donald Trump, said last week that a year-long breach of its credit card system may have resulted in the theft of cards used at the hotels. The acknowledgement comes roughly three months after this author first reported that multiple financial institutions suspected the hotels were compromised.

Trump International Hotel and Tower in Chicago.

Trump International Hotel and Tower in Chicago.

In a Web site created to share details about the hack, The Trump Hotel Collection said the breach affects customers who used their credit or debit cards at the hotels between May 19, 2014, and June 2, 2015.

“While the independent forensic investigator did not find evidence that information was taken from the Hotel’s systems, it appears that there may have been unauthorized malware access to payment card information as it was inputted into the payment card systems. Payment card data (including payment card account number, card expiration date, and security code) of individuals who used a payment card at the Hotel between May 19, 2014, and June 2, 2015, may have been affected.

The Trump compromise is just the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments. In March, upscale hotel chain Mandarin Oriental disclosed a compromise. The following month, hotel franchising firm White Lodging acknowledged that, for the second time in 12 months, card processing systems at several of its locations were breached by hackers.

On Sept. 25, this author first reported that the Hilton Hotel chain is investigating reports of a pattern of card fraud traced back to some of its properties.

The Trump advisory named the individual properties that were hit with the card-stealing malware, including Trump SoHo New York, Trump National Doral, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas, and Trump International Toronto. The hotel collection said transactions on the point-of-sale terminals at the Las Vegas and Waikiki properties may also have been intercepted by card thieves.

This tracks almost exactly what I heard from banks in June of this year, who told me they had little doubt that Trump properties in several U.S. locations — including Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York — were dealing with a card breach that appeared to extend back to at least February 2015. Turns out, it was quite a bit longer than that.

Many experts I’ve interviewed believe that the huge number of card breaches at U.S.-based organizations over the past year represents a response by fraudsters to changes in the United States designed to make credit and debit cards more difficult and expensive to counterfeit.

Non-chip cards store cardholder data on a magnetic stripe, which can be trivially stolen by malware designed to infect point-of-sale devices. The data is then sold to thieves who can copy and re-encode it onto virtually anything else with a magnetic stripe and use the counterfeit cards to buy stolen merchandise from big box stores.

Effective October 1, 2015, U.S.-based merchants that have not yet installed card readers which accept more secure chip-based cards assume responsibility for the cost of fraud from counterfeit cards. While most experts believe it may be years after that deadline before most merchants have switched entirely to chip-based card readers (and many U.S. banks are only now thinking about issuing chip-based cards to customers) cyber thieves no doubt well understand they won’t have this enormously profitable cash cow around much longer, and they’re busy milking it for all it’s worth.

For more on chip card technology and why most U.S. banks are moving to chip-and-signature over the more widely used chip-and-PIN approach, check out this story.

TEDReframes, rethinks and bold calls: 16 speakers share ideas at TEDGlobal>London

Norwegian journalist Anders Fjellberg told the heartbreaking story at TEDGlobal>London of how he identified two Syrian men who had attempted to swim the English Channel. Instead of finding opportunity, their bodies washed ashore in Norway and the Netherlands. Photo: James Duncan Davidson/TED

Journalist Anders Fjellberg told the heartbreaking story of how he identified two Syrian men who had attempted to swim the English Channel. Their bodies washed ashore, wrapped in cheap wetsuits, on beaches in Norway and the Netherlands. This take on the refugee crisis moved the audience at TEDGlobal>London. Photo: James Duncan Davidson/TED

In 1831, Michael Faraday stood in a lecture hall and demoed an idea that changed everything: electromagnetic induction. This work paved the way for widespread use of electricity.

On September 29, 2015, in the same lecture hall, attendees gathered for TEDGlobal>London to hear more ideas with the potential to shift reality. Sixteen TED speakers shared insights on the issues that matter most in the world right now: the refugee crisis, poverty and ethical science. Oh and, of course, spam email.

Read recaps of the talks given in Session 1…

Embrace the mess. Keith Jarrett’s Köln Concert is the best-selling piano album of all time. But the day of the concert in 1975, it careened toward disaster. The opera house delivered the wrong piano — the black notes stuck, the white notes were out of tune and it wasn’t big enough to drive the sound needed. Jarrett wanted to cancel. But he didn’t. Instead he played, working with the piano’s constraints. The performance was a revelation. Tim Harford, the “Undercover Economist,” sees a lesson in this. “We need to gain a bit more appreciation for the unexpected advantages of having to cope with a little mess,” he says. Disorder and disruption can propel good creative work, and Harford shares several psych experiments that point to this conclusion. “Disruptions help us become more creative, but we don’t feel like they’re helping us — we feel like they’re getting in the way,” he says. He gives one final musical example — producer Brian Eno and his deck of Oblique Strategies, which include tactics like having musicians switch instruments. “Sometimes all of us need to sit down and try to play an unplayable piano,” he says.

Architecture as an organism. Ole Scheeren doesn’t just design and construct buildings — he tells stories, creating scripts and narratives for the people inside. As he shows five structures he helped design, Scheeren illustrates how architecture can exceed the physical domain of the built environment and focus instead on how people engage with reality. Eschewing traditional architectural conventions, Scheeren asks if buildings — specifically skyscrapers — can be about collaboration instead of isolation and hierarchy. Take the CCTV Headquarters in Beijing, an office building designed in the form of a loop which provides a workspace for the 10,000 employees. Or The Interlace, a residential space in Singapore patterned as a hexagonal grid with huge outdoor spaces. Scheeren’s projects are a hybrid of the technical and the social, and he is constantly thinking about the characters inhabiting his buildings — where they would meet, what they would experience. “We no longer live in a world that is clearly delineated,” says Scheeren. “We live in a world in which boundaries have started to blur.”

What’s missing from the welfare system? In 1942, The Beveridge Report became a bestseller. No, it wasn’t about coffee or tea. This pamphlet written by Sir William Beveridge outlined the architecture of the first welfare state. Its concepts rippled out into the world, says social entrepreneur Hilary Cottam, and it made impersonal bureaucracy the standard for care of the needy. This system works — to a point. But it favors forms and assessments over real conversations and connections. When many care workers visit someone in need, they spend most of their time managing the system rather than really working with the people. “The system is like a costly gyroscope that just spins around families, keeping them stuck exactly where they are,” says Cottam. So, what’s the alternative? Cottam wants us to move toward “relational welfare” — the creation of social meshes that are based on human connection. These systems can be far more effective, and much cheaper, when it comes to big issues like unemployment, cyclical violence and the loneliness experienced by the elderly. “It’s all about relationships,” she says. “Relationships are the critical resource we have.”

Hilary Cottam wants to see the welfare state redesigned to take into account human connection. Photo: James Duncan Davidson/TED

Hilary Cottam wants to see the welfare state redesigned to take into account human connection. Photo: James Duncan Davidson/TED

Pulling back the curtain on sovereign debt. Haircut, reprofiling, restructuring, refinancing, rollover. These are the terms that make people’s eyes glaze over when trying to understand sovereign debt — the much talked-about but seldom understood public finance phenomenon by which countries finance themselves. Jill Dauchy advises governments on debt and, in a Q&A with TEDGlobal curator Bruno Giussani, she reveals the patterns of governments that run into debt trouble and the perception that debt negotiations are a murky business. “What’s changing today is the nature of the governments getting intro trouble,” Dauchy says. “It used to be a problem in emerging markets. But today, from the European perspective, it’s getting closer to home.”

Two migrants’ lethal gamble for a better life. Norwegian journalist Anders Fjellberg was determined to solve the mystery of two dead bodies, clothed in cheap wetsuits, that had washed ashore, one in Norway and one in the Netherlands. Through persistent investigating, he evetually identified them as two Syrian men who’d tried to swim the English Channel in a desperate bid to gain asylum in the United Kingdom. Fjellberg retraced their journey from a ravaged district of Damascus to an overcrowded refugee camp in Calais, dubbed “the worst refugee camp in Europe.” It was here that Fjellberg discovered “the reality of living as a refugee in Europe in 2015,” he says: thousands of migrants contending with hunger, scabies and an interminable wait for passage to the UK. “Go to Calais and talk to the refugees,” he says, “and you will meet lawyers, farmers, engineers — the full spectrum,” he says. Gradually, Fjellberg says, the motivation of these two Syrian men came into focus. While some have said this is a story about death, “I don’t agree,” Fjellberg says. Instead, it throws into relief two life-affirming questions: “What is a better life? And what am I willing to do to achieve it?”

Girl with guitar. Emily Barker has recorded lush, studio versions of her songs. But for her new album The Toerag Sessions, she went analog, recording on 2-track tape — peeling it back to just her, her guitar and, sometimes, a harmonica. She treats us to a performance of “Nostalgia,” with the kind of intimate, heartfelt delivery usually found around a campfire.

The importance of the pre-mortems. Many of us have done post-mortems at work. But what about a “pre-mortem?” Neuroscientist Daniel J. Levitin sees pre-mortems as an essential tool because, when we’re in the moment, experiencing stress, our thinking gets cloudy (and we don’t know it because, um, our thinking is cloudy). Instead, plan ahead for stress: “Look ahead and try to figure out all the things that could go wrong and what you can do to prevent all those things,” he says. The idea is to systemize potential pitfalls. One simple example: At home, designate one set place for the things you always lose. “The hippocampus … is an exquisitely evolved mechanism for finding things,” he says. “But not so much for things that move around.” Or, for instance, before going to the doctor’s to get test results, make a list of the questions you need to ask in order to make calm, rational decisions. (If prescribed a drug, for instance, he suggests asking for a piece of data doctors don’t like to talk about, the “number needed to treat.”) “All of us are flawed, all of us will fail,” he says. “The idea is to think ahead of what those failures might be and put systems in place that will help minimize the damage.”

A report card for the world. The UN’s 17 Global Goals, unveiled this month, are not just an exercise in wishful thinking, says Michael Green. Think the world can’t end poverty by 2030? Just consider the ambitious goals the UN set in 2000, and know that the world leapt ahead of many of the benchmarks set. “The pessimists and doomsayers who think the world can’t get better are simply wrong,” Green says. But, to reach this next set of global goals, world leaders need to broaden their focus beyond GDP. Three years ago, Green and his team unveiled the Social Progress Index, a set of indicators that measures the world’s progress in civil rights, education and environmental protection, among other issues that slip under the GDP’s radar. This year, Green will roll up the measures into the “People’s Report Card,” to show the world and individual countries how they’re doing. In 2015, the world gets a C-. But world leaders have committed to working toward an A. The intention is to hold leaders accountable on these vital, neglected measures. “Even a flood tide of economic growth is not going to get us there if it lifts the mega-yachts of the super wealthy and leaves the rest behind,” says Green. “Getting to the Global Goals will only happen if we do things differently.”

Harald Haas demos how to transmit data using light, for the first time in public. The tools: an LED light, and a computer connected to a solar panel. The data is encoded in fluctuations in the brightness of the LED. Photo: James Duncan Davidson/TED

Harald Haas demoed how to transmit data using light, for the first time in public. The tools: an LED light, and a computer connected to a solar panel. The data is encoded in fluctuations in the brightness of the LED. Photo: James Duncan Davidson/TED

And now, the talks in session 2:

A massive extension of the Internet. More than 4 billion people worldwide don’t have access to the Internet, and with little energy infrastructure in developing countries to support traditional broadband and wifi, it will be a challenge to get it soon. This phenomenon, known as the digital divide, stands between people and information. Harald Haas uses off-the-shelf LED lights and solar cells to transmit data — a breakthrough that may help close the digital divide without a massive spike in energy consumption. For the first time in public, Haas demoed his technology, showing how light emitted by an LED could make a video play on a computer connected to a solar panel. The video data is encoded in fast, subtle fluctuations in the brightness emitted by the LED. The solar panel detects those changes as it harvests the light, the computer decodes those changes, and the video plays. Using this technology, any existing solar panel  — on objects, houses and more — can be adapted to receive broadband signals.

The invisible power of radio waves. “You’re bathing in a sea of electromagnetic waves,” says engineer and scientist Danielle George, who taps the invisible energy of radio waves to send huge volumes of information through the air. These wireless transmissions promise to unleash a tsunami of data from unlikely places. Sensors beneath the soil of a farm can transmit vital information about moisture and nutrients. Sensors in a jet engine could transmit a live feed of information to maintenance crews. And it only gets bigger from there. George introduces us to the Square Kilometre Array, which is 50 times more sensitive than any other radio instrument. “We’ve broadcast radio signals into deep space for century and it’s allowed us to realize how much of the universe is beyond what we think we know,” says George. “It will expand our knowledge of the overall universe.”

Why CRISPR demands caution. Jennifer Doudna and her colleague Emmanuelle Charpentier invented CRISPR-Cas9, a technology that lets scientists delete or insert specific bits of DNA in cells. It allows the human genome to be “edited.” Easily. “Genome engineering has been in development since the 1970s, but the techniques were either inefficient or difficult enough to use that most scientists have not adopted them,” says Doudna. “This is a technology that’s analogous to the way we use a word processing program to fix a typo in a document.” CRISPR-Cas9 finds sequence matches and functions like a pair of scissors to make cuts. It has incredible potential to help scientists cure diseases. “But we have to consider that CRISPR could be used for enhancement — we could make a person with stronger bones or less susceptibility to cardiovascular disease,” says Doudna. And with this comes the potential for “designer humans.” Doudna and Charpentier want to slow down. They’ve called for a global pause in research until the social and ethical implications can be thought through. “This is no longer science fiction … This needs careful consideration and discussion,” says Doudna. “It may not be possible to come up with a consensus view, but we need to understand all the potential issues.”

Intrigued by spam. James Veitch responds to the spam emails you most likely delete. A few years ago, he responded to an email from a man named Solomon Odonkuh, who’d offered to cut him in on a deal involving a large quantity of gold. Email by email, Veitch narrated his months-long exchange with Solomon, which included discussions of what they would do with their newfound wealth, a dubious set of code words and, of course, a request for Veitch to send him some money.

During her talk on how radio waves can send huge volumes of information through the air, she showed one of Michael Faraday's original notebooks from the Royal Institution archives. Faraday is not only the namesake of the lecture hall where TEDGlobal>London was held — he demoed electromagnetic induction here in 1831. Photo: James Duncan Davidson/TED

During her talk on how radio waves can send huge volumes of information through the air, Danielle George showed one of Michael Faraday’s original notebooks from the Royal Institution archives. Faraday is not only the namesake of the lecture hall where TEDGlobal>London was held — he demoed electromagnetic induction here in 1831. Photo: James Duncan Davidson/TED

TEDGlobal curator Bruno Giussani interviewed Jennifer Doudna, one of the inventors of CRISPR-Cas9, a tool that allows for the editing of the human genome. Doudna wants to quarantine the research until the ethical implications can be thought through. Photo: James Duncan Davidson/TED

TEDGlobal curator Bruno Giussani interviewed Jennifer Doudna, one of the inventors of CRISPR-Cas9, a tool that allows for the editing of the human genome. Doudna wants to quarantine the research until the ethical implications can be thought through. Photo: James Duncan Davidson/TED

How to be a global reader. Writer Ann Morgan considered herself well read — until she realized the “massive cultural blindspot” in her bookshelf. Amid legions of English and American authors, there were very few (translated) works from authors beyond the English-speaking world. To see what she was missing, Morgan committed to finding and reading one book from each of the world’s 196 countries. From an orgy in a tree in Angola to the confessions of Kuwait’s Bridget Jones, her literary odyssey offered glimpses of worlds almost entirely unknown to English speakers. But the most amazing part was how people around the world jumped to help her find books — they even offered to translate untranslated works into English. “Little by little, that long list of countries that I’d started the year with morphed from a rather dry, academic register of place names into living, breathing entities,” says Morgan. She urges other Anglophones to read translated works for themselves, so that publishers might take notice and bring the world’s literary gems back to their shores.

Turning mass surveillance into art. The revelation that the NSA and GCHQ had mounted antennas to the roofs of the American and British embassies to spy on the German governmental district in Berlin — including German Chancellor Angela Merkel — enraged the international community. In the outrage, artists Christoph Wachter and Mathias Jud saw opportunity. “If people are spying on us,” Jud says, “it stands to reason that they have to listen to what we are saying.” Wachter and Jud started the “Can you hear me?” project, mounting antennas on the roofs of the Swiss Embassy and the Academy of the Arts in Berlin that established an open network that allowed people to send anonymous text messages, emails and voice chats to those listening on the intercepted frequencies. More than 15,000 messages showed the growing discontent with surveillance, and looked forward to a future in which citizens will not be constantly monitored by their governments. “We should start making our own connections, fighting for the idea of an equal and globally connected world,” Jud urges. “This is essential to overcome our speechlessness and the separation provoked by rival political forces.”

In a cave, clues to the world’s evolution. Francesco Sauro explores “alien worlds” on Earth — he studies life in yet-undiscovered caves. Caves tend to form in areas where water dissolves soluble rock. But that’s not the case in the tepuis — the tall, flat mountains that lord over the Brazilian and Venezuelan rainforest. The tepuis are made of quartz, one of the hardest rocks — and yet, cave formations snake through its mountains. Sauro takes us inside one of them, called Imawarì Yeuta, or “House of the Gods” in the indigenous language. Imawarì Yeuta is “a labyrinth of passages” that offers “snapshots of the past.” Its mineral formations are almost unimaginably strange — stalagmites of opal, “mushrooms” of silica, “monster eggs” of an unidentified substance. Life inside these caves has been isolated from the rest of the world for, probably, eons. “Everything you can find there, even a cricket, has evolved in the dark in isolation,” he says. Some could provide clues to the origins of life.

How two kids made big change. Plastic bags are essentially indestructible, but they’re used and thrown away with reckless abandon. Even in the small island nation of Bali, whose population is just north of 4 million, 680 cubic meters of plastic garbage are produced each day. Most end up in the ocean, where they pollute the water and harm marine life, or burned in garbage piles, where they release harmful dioxins into the atmosphere. Two sisters — Melati and Isabel Wijsen, 14 and 12 years old respectively — are on a mission to stop plastic bags from suffocating their beautiful island home. The young activists started Bye Bye Plastic Bags. Their efforts — a petition, beach cleanups, even a hunger strike — paid off when they landed a meeting with Bali governor I Made Mangku Pastika. He recently committed to a plastic-bag-free Bali by 2018. The sisters provide an inspiring example. “Don’t ever let anyone tell you that you’re too young or you won’t understand,” Isabel says, “We’re not telling you it’s going to be easy, we’re telling you it’s going to be worth it.”

Download the full program brochure of the event as a PDF »

While the speakers shared their ideas at TEDGlobal>London on September 29, graphic artist Eddie Jacob sat in the balcony of the historic Faraday Lecture Theatre “visually scribing” the conference — in other words, drawing a summary of each talk. Jacob is the art director of Innovation Arts, and turned his visual notes into a PDF, downloadable in full here.

While the speakers shared their ideas at TEDGlobal>London on September 29, graphic artist Eddie Jacob sat in the balcony of the historic Faraday Lecture Theatre “visually scribing” the conference — in other words, drawing out a summary of each talk. Jacob is the art director of Innovation Arts, and turned his visual notes into a PDF, downloadable in full here.

Sociological ImagesAmerican gun laws and the tragedy of the false negative

This video was making the rounds last spring. The video maker wants to make two points:

1. Cops are racist. They are respectful of the White guy carrying the AR-15. The Black guy gets less comfortable treatment.

2. The police treatment of the White guy is the proper way for police to deal with someone carrying an assault rifle.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="" width="560"></iframe>

I had two somewhat different reactions.

1. This video was made in Oregon. Under Oregon’s open-carry law, what both the White and Black guy are doing is perfectly legal. And when the White guy refuses to provide ID, that’s legal too. If this had happened in Roseburg, and the carrier had been strolling to Umpqua Community College, there was nothing the police could have legally done, other than what is shown in the video, until the guy walked onto campus, opened fire, and started killing people.

2.  Guns are dangerous, and the police know it. In the second video, the cop assumes that the person carrying an AR-15 is potentially dangerous – very dangerous. The officer’s fear is palpable. He prefers to err on the side of caution – the false positive of thinking someone is dangerous when he is really OK.  The false negative – assuming an armed person is harmless when he is in fact dangerous – could well be the last mistake a cop ever makes.

But the default setting for gun laws in the US is just the opposite – better a false negative. This is especially true in Oregon and states with similar gun laws. These laws assume that people with guns are harmless. In fact, they assume that all people, with a few exceptions, are harmless. Let them buy and carry as much weaponry and ammunition as they like.

Most of the time, that assumption is valid. Most gun owners, at least those who got their guns legitimately, are responsible people. The trouble is that the cost of the rare false negative is very, very high. Lawmakers in these states and in Congress are saying in effect that they are willing to pay that price. Or rather, they are willing to have other people – the students at Umpqua, or Newtown, or Santa Monica, or scores of other places, and their parents – pay that price.

Originally posted at Montclair Socioblog.

Jay Livingston is the chair of the Sociology Department at Montclair State University. You can follow him at Montclair SocioBlog or on Twitter.

(View original at

Planet Linux AustraliaBinh Nguyen: Geo-Politics, Soundcloud Scraper/Downloader, Apple Issues and More

- if you don't quite understand the difference between Western media and why some Russian media is branded as being propogandist watch some of the interviews of Putin and compare it with other news outlets. In general things are much more 'controlled' and at times it feels as though the questions and answers have been prepared before hand
Vladimir Putin 60 Minutes interview FULL 9-27-15 Vladimir Putin 60 minutes Interview Charlie Rose
Putin Speaks English for CNN
Vladimir Putin: An Enigmatic Leader's Rise To Power - Best Documentary 2015
Vladimir Putin Rage
Putin: Who gave NATO right to kill Gaddafi? 
Putin: We won't let anyone achieve military dominance over Russia
Putin: America is a bully and threat to stability
Putin slams US in address to nation
Putin on US Foreign Policy Elite
Putin: Quit lecturing Russia on democracy!
Putin talks NSA, Syria, Iran, drones in exclusive RT interview (FULL VIDEO)
'Do you realise what you've done?' Putin addresses UNGA 2015 (FULL SPEECH)
Vladimir Putin: "KGB Spymaster"
- I think a lot of people underestimate Putin. They know that he's attempting to look after Russia's (and his) best interests but the thing I'm wondering is whether or not they realise how far he's willing to push back and how multi-faceted he really is. It's clear that he can come off as a thug but look at the USSR's history. Their is no way that he look after Russia's best interests without at least projecting strength. I'm not sure he could have lasted long within the KGB/FSB if we was a pure thug/gansta as seems to be portrayed by some people
- at times, I look at Putin's reactions and it feels as though there was some tacit agreement to have him bring it back to a position of global strength. Hearing some stories about him (and other heads of state of Russia as well as other USSR member states) it feels as though every time Russia has has tried to help the West, the West has not returned the favour (the truth is probably somewhere in the middle). This is especially the case with the expansion of NATO and Western interests close to and inside of former USSR states. Many Westerners have been booted out of former USSR states for appearing to want to interfere with internal politics. The problem is that if this is true, Putin will feel as though he's being pushed into a corner from which he has no option except to react forcefully. The irony is that this time the West isn't dealing with a pure politician. As stated previously I feel he's far more intelligent and multi-faceted than that. Think carefully; with the moves that he's currently making in the Middle East, some of his other moves in other USSR states as well as in the East any possible new Eurasian Union (if it comes off) is much stronger (and better prepared) as a (China's influence and future success is a different issue altogether...) power bloc to challenge the current Western powers
- this point is pivotal in the Syrian conflict. It also gives perspective of how the Chinese/Russians view the world and what they will do in future if they continue to get stronger
- as stated previously, I don't think that any confrontation between the supposed Eurasian powers versus the West and it's allies is going to be as clear cut as some people say. In the past you could put this down to 'propoganda' but the fact is they have demonstrated their technologies and have footage of it. Nearly everything you've thought of both sides have also thought of on both sides as well. Estimates of how far China is behind the West in defense technology (on a broad basis) can vary anywhere between 5-30 years. My guess is that it's about 10-20 years. Less, if they allocate resources correctly, increase their defense budget, gain further intelligence, and can make certain breakthroughs....
China's new YJ-18 missile: 'S'-shape movement at supersonic terminal speed
China Missile 中国导弹 WU-14 10 times sound speed can tear apart US anti-missile network
U.S. and Chinese Air Superiority Capabilities
An Assessment of Relative Advantage, 1996–2017,400789
- one of the things that I think Westerners generally mis-interpret is that freedom doesn't not necessarily require choice. If that were the case, the Middle East and many parts of Eurasia would have fallen apart a long time ago. Look at the way the Chinese government has handled their overheating sharemarket. In the West, investors and institutions would blame the government (for recent massive/drastic falls) but would understand that that is part of life. In China, interviews with some people is identical to the response that is given by a lot of former Soviet spies. Failure and betrayal are much more closely aligned
- people keep on arguing about how much they spend on defense and how spending equates to quality. The problem is that price doesn't necessarily equate to value. Anybody who has lived long enough knows this.... Who cares if it's cheap or expensive if it's effective in fulfilling it's goal?
- guess this answers my previous thought about how far the Chinese are willing to project out. With respect to the functioning of the UN it is fascinating to see how the persepectives of the Russian and Chinese will play in the future especially if they continue their pathway towards strong, sustainable economic growth. What has surprised me is how early they've been to push out
- people (any country) get hysterical at times in this discussion on who will 'lead the world' in future. Moreover, it is at this point that power projection and deterrance begin to take on bizarre dimensions. Think about how strange it sounds when the someone who projects power considers that it a deterrent against someone who considers an immobile object a deterrent
- I don't think China wants to win back Taiwan (or other contested territories) by having to have armed conflict. They want these territories to come back willingly to the 'motherland'. If they don't have that choice they want to have the exact same option that Russia has to it (with other former states of the USSR). Moreover, if they invade/take over constested territory they want their military to be strong enough such that they don't have to resort to nuclear weapons to intimidate others into backing down. They don't see it as that either. They see it as recovery of lost territory that has been documented (the same goes for other countries in the region though)  
- with some of the moves of recent in the Middle East one has to wonder how much respect countries in that region actually has for the West?
- turning local populations can take decades and even then they may still want you gone. Either you stay there for the long haul or you ensure that the side that you back will be able to take control. Ironically, this potentially means coming to an agreement with Russia on and having at least partial representation by former elements of Syria's current government. The Middle East is becoming more and more bizarre (and confusing) by the day. There are few if any clean hands in our world now,_terrorists_and_narcotrafficers
- if you've never heard of Chomksy his perspective on the world can come off incredibly paranoid if you've never heard too many other non-Western perspectives. It is interesting little (and how much at other times) separates many of us though
Bernie Sanders + Noam Chomsky: Deciphering Foreign Policy Jargon
Noam Chomsky: US is world's biggest terrorist
- the more you read the more obvious it is why there are so many defecters from from the West rather than the other way around. While things are brutal in many non-Western countries they are more up front. In the West things are at a different level, often less obvious and often hidden in the shadows. Potential agents, employees only get an idea of what the 'real world' is like when they join the service/s. I guess this is also the reason why if there are non-Western defectors they are often based on idelogical grounds
- if you know enough about finance and economics you'll realise that most GDP figures are distorted since everyone chooses different constituent parts. It's not just an issue related to China alone. In fact, in the past there were stories about them under-reporting GDP figures because technically their measures were different

This script is to facilitate automated retrieval of music from the website, after it was found that existing website download programs such as Teleport Pro, HTTrack, and FlashGet were too inefficient. 

It works by reverse engineering the storage scheme of files on the website, the lack of need for registration and login credentials, and taking advantage of this so that we end up with a more efficient automated download tool.

Obviously, the script can be modified on an ad-hoc basis to be able to download from virtually any website. As this is the very first version of the program (and I didn't have access to the original server while I was cleaning this up it may be VERY buggy). Please test prior to deployment in a production environment.

OS X: About OS X Recovery
How to Make an OS X Yosemite Boot Installer USB Drive
How to install Windows using Boot Camp
How to Create a Windows 10 Installer USB Drive from Mac OS X

If all you want is to try a later version of Mac OS X then try virtualisation...

I can log into my iTunes account but can not access my account details, what's wrong?

Came across a bizarre wireless bug recently on Mac OS X Snow Leopard

- Colonialism was neither romantic nor beautiful. It was exploitative and brutal. The legacy of colonialism still lives quite loudly to this day. Scholars have argued that poor economic performance, weak property rights and tribal tensions across the continent can be traced to colonial strategies. So can other woes. In a place full of devastation and lawlessness, diseases spread like wildfire, conflict breaks out and dictators grab power."
- The United States makes an improper division between surveillance conducted on residents of the United States, and the surveillance that is conducted with almost no restraint upon the rest of the world. This double standard has proved poisonous to the rights of Americans and non-Americans alike. In theory, Americans enjoy better protections. In practice there are no magical sets of servers and Internet connections that carry only American conversations. To violate the privacy of everyone else in the world, the U.S. inevitably scoops up its own citizens' data. Establishing nationality as a basis for discrimination also encourages intelligence agencies to make the obvious end-run: spying on each other's citizens, and then sharing that data. Treating two sets of innocent targets differently is already a violation of international human rights law. In reality, it reduces everyone to the same, lower standard.
- Australian actively managed global funds continue to deliver woeful returns, with 67 per cent performing worse than the S&P benchmark indexes, rising to 85 per cent over three years and almost 90 per cent over five years.

"On average, international equity funds posted a strong gain of 23.4 per cent in the past one-year period. However, the majority of funds in this peer group, at 67.3 per cent, underperformed the S&P Developed Ex-Australia LargeMidCap, which recorded a return of 25.5 per cent over the same period," Ms Luk said.

Every single Australian bond fund has underperformed the index this year, and the longer term results are not significantly more promising: 83.4 per cent underperformed over the last three years, and 86 per cent over five years.
- Thursday’s speech was not the first time the Pope has spoken out about the arms trade. He referred to it as “the industry of death” in a talk with Italian schoolchildren in May. “Why do so many powerful people not want peace? Because they live off war,” he said.

“This is serious. Some powerful people make their living with the production of arms and sell them to one country for them to use against another country,” he said. “The economic system orbits around money and not men, women. … So war is waged in order to defend money. This is why some people don’t want peace: They make more money from war, although wars make money but lose lives, health, education.”
- A politics and solidarity that depend on demonizing others, that draws on religious sectarianism or narrow tribalism or jingoism may at times look like strength in the moment, but over time its weakness will be exposed. And history tells us that the dark forces unleashed by this type of politics surely makes all of us less secure. Our world has been there before. We gain nothing from going back
- The fall of Kunduz may also be a good time to look at whether the Afghan Army needs to shuffle assets around, he adds. In the immediate aftermath of the Taliban takeover, the government in Kabul rushed well-regarded Afghan commandos to the region, for example.

That’s to be expected, but “militarily, you want to make sure you know what the situation is before you throw a bunch of forces into it,” Barno notes. This includes assessing the level of training and capability of Afghan forces posted up there. “Are there enough forces, and were those forces trained and led properly?” he adds.

Finally, it’s worth keeping in mind that up until this point, there have been essentially two models for dealing with non-governed spaces in the post-9/11 world, Scharre argues.

“First, you can send in 100,000 troops in and occupy and try to rebuild it – that’s a model that has costs millions in dollars and thousands in lives,” he says.

The other model is drones and air attacks, “which don’t seem to ever fully solve the problem,” Scharre adds. “In Syria, in Anbar, Iraq we’re grappling with this.”

Kunduz could underline the need to consider new models, he says – “one where US soldiers aren’t fighting, but some level of support is reasonable.”
- “Many military conflicts started with the silent connivance to the ideas of one people’s superiority over others. In this sense the modern ideologies of exceptionalism are extremely dangerous,” Naryshkin stated.
- In the heady days of the Cold War, Americans tended to view Soviet decision making as a black box: You know what goes in, you know what comes out, but you are clueless about what is happening inside. Soviet policy was thus believed to be both enigmatic and strategic. There was little room for personality or personal philosophy; understanding the system was the only way.
- There's a quote that's often attributed to Winston Churchill: "Russia is never as strong as you fear or as weak as you hope."
- Both sides of the debate are correct—but neither side is telling the whole story. As a good friend on the Hill recently told me: “In political communications, facts are an interesting aside, but are completely irrelevant. What we do here is spin.” That’s exactly what’s happening here—both sides are selectively cherry picking facts to make their case—spin.
- Danny Dalton: Some trust fund prosecutor, got off-message at Yale thinks he's gonna run this up the flagpole? Make a name for himself? Maybe get elected some two-bit congressman from nowhere, with the result that Russia or China can suddenly start having, at our expense, all the advantages we enjoy here? No, I tell you. No, sir! Corruption charges! Corruption? Corruption is government intrusion into market efficiencies in the form of regulations. That's Milton Friedman. He got a goddamn Nobel Prize. We have laws against it precisely so we can get away with it. Corruption is our protection. Corruption keeps us safe and warm. Corruption is why you and I are prancing around in here instead of fighting over scraps of meat out in the streets. Corruption is why we win.
- Bryan Woodman: But what do you need a financial advisor for? Twenty years ago you had the highest Gross National Product in the world, now you're tied with Albania. Your second largest export is secondhand goods, closely followed by dates which you're losing five cents a pound on... You know what the business community thinks of you? They think that a hundred years ago you were living in tents out here in the desert chopping each other's heads off and that's where you'll be in another hundred years, so, yes, on behalf of my firm I accept your money.
- “The ‘Russian’ attitude,” Isaiah Berlin wrote, “is that man is one and cannot be divided.” You can’t divide your life into compartments, hedge your bets and live with prudent half-measures. If you are a musician, writer, soldier or priest, integrity means throwing your whole personality into your calling in its purest form.
- Russia is a more normal country than it used to be and a better place to live, at least for the young. But when you think of Russia’s cultural impact on the world today, you think of Putin and the oligarchs. Now the country stands for grasping power and ill-gotten money.

There’s something sad about the souvenir stands in St. Petersburg. They’re selling mementos of things Russians are sort of embarrassed by — old Soviet Army hats, Stalinist tchotchkes and coffee mugs with Putin bare-chested and looking ridiculous. Of the top 100 universities in the world, not a single one is Russian, which is sort of astonishing for a country so famously intellectual.

This absence leaves a mark. There used to be many countercultures to the dominant culture of achievement and capitalism and prudent bourgeois manners. Some were bohemian, or religious or martial. But one by one those countercultures are withering, and it is harder for people to see their situations from different and grander vantage points. Russia offered one such counterculture, a different scale of values, but now it, too, is mainly in the past.
- 1) Xi removed over 28,000 officials in 2 years. This is old data from early 2015. Officials no longer go to high-end restaurants, wear luxury. Most senior officials who sent their kids and wives to foreign countries have recalled their kids and wives back. Those who didn't was told crystal clear that they will be sidelined. Can any other leader around the world do that, at such a large scale?

2) CCP turned itself from a communist dictatorship and autarky in 1978 to a capitalist technocratic oligarchy and largest trading country in 2015, gradually, without major political turmoil. (Viewed from today's color revolution standard, Tiananmen Square in 1989 is child's play.) Can any other polity in the world claim the same success?

Planet DebianSune Vuorela: KDE at Qt World Summit

So. KDE has landed at Qt World Summit.


You can come and visit our booth and …

  • hear about our amazing Free Qt Addons (KDE Frameworks)
  • stories about our development tools
  • meet some of our developers
  • Talk about KDE in general
  • Or just say hi!

KDE – 19 years of Qt Experience.

Planet Linux AustraliaJames Purser: TPP, Russia and Mandatory Data Retention

It's 11:26pm on Monday night, we're watching Dark Matter and the news has come out that the Trans Pacific Partnership has been signed off. Given that we've not actually been allowed to see what the full detail of the treaty contains and the only parts that we have seen have been leaks that actively threaten our ability to make our own laws and maintain our institutions (hello PBS), this is not a thing that I am happy about.

So on top of that, news has also come out that a Russian jet has violated Turkish airspace. This is also a thing that fills me with not happiness. Especially considering the fact that when Russia first fully entered the conflict in Syria they demanded that NATO stay out of Syrian airspace. The amount of dick swinging going on at the moment pretty much ensures a massive cock up.

Oh yes, the icing on the cake is the fact that the mandatory data retention regime backed by both the Coalition and the Labor party is going to come into play in about a week. This is despite the fact that there are still questions about who the hell is going to pay for it.

So wheee, it's a wonderful world really.

Blog Catagories: 

Planet Linux AustraliaMark Terle: The flow of things ….

The theme of this blog entry was triggered by a set of slides that were presented at this OSCON this year on the topic of flow. Flow being the wonderful energised state where you are fully focused upon and enjoying
the activity at hand.

For reference the presentation was: OSCON2015: Coding in the FLOW (Slides)


The conference presentation goes on to describe what the presenter thinks are the criteria needed for when you are coding, but I think there is a degree of generality here that can be applied to anything technical or skilled. They were described as:

  • G = Clear, attainable goals
  • F = Immediate and relevant feedback
  • S = Matched Skill and Challenge

For myself, I think I can add at least one other criteria

  • A = Available Time

In terms of my tinkering away at little software projects, my most recent project has been npyscreenreactor. npyscreen is a Python library around the Python curses bindings. npyscreenreactor is an implementation of interfacing that library with the Python Twisted library.  Twisted is an event driven networking engine for python. The reactor part of the name refers to a design pattern for how to write event based service handlers and have them run concurrently.  (See Reactor Pattern)

The project was written to support virtualcoke.  virtualcoke is an emulator of the behaviour of the PLC that drives the UCC Coke Machine. This is written primarly to avoid club members needing to have access  to the coke machine to test code to speak to the machine and the development of the reactor was needed to enable use of the PyModbus Twisted module.

This project, npyscreenreactor, has taken sometime to come to fruition with an initial working release of the code in March 2015, some bug fixing in June, working examples in August and probably what will now be a
stable version in September.

For this the goal, feedback, and skill have been there. However, the available time/energy has not (due to other commitments, such as work).  The wider project that will use virtualcoke, I still need to throw some energy at, but it is now lower down my list of priorities.

In things apart from this, flow has been less forthcoming of late and I’ll need to work on it.  The challenge being to set up a positive reinforcing cycle where the achieving the goal generates warm fuzzies and more enthusiasm to work harder.

Planet DebianBálint Réczey: Debian success stories: Automated signature verification

Debian was not generally seen as a bleeding-edge distribution, but it offered a perfect combination of stability and up-to-date software in our field when we chose the platform for our signature verification project. Having an active Debian Developer in the team also helped ensuring that packages which we use were in good shape when the freeze, then the release came and we can still rely on Jessie images with only a few extra packages to run our software stack.

Not having to worry about the platform, we could concentrate on the core project and I’m proud to announce that our start-up‘s algorithm won this year’s Signature Verification Competition for Online Skilled Forgeries (SigWIComp2015) . The more detailed story can be read already in the English business news and is also on, a leading Hungarian news site. We are also working on a solution for categorizing users based on cursor/finger movements for targeting content, offers and ads better. This is also covered in the articles.

László – a signature comparable in quality to the reference signatures

The verification task was not easy. The reference signatures were recorded at very low resolution and frequency and the forgers did a very good job in forging them creating a true challenge for everyone competing. At first glance it is hard to imagine that there is usable information in such small amount of recorded data, but our software is already better than me, for example in telling the difference between genuine and forged signatures. It feels like when the chess program beats the programmer again and again. :-)

I would like to thank you all, who helped making Debian an awesome universal operating system and hope we can keep making every release better and better!

CryptogramAutomatic Face Recognition and Surveillance

ID checks were a common response to the terrorist attacks of 9/11, but they'll soon be obsolete. You won't have to show your ID, because you'll be identified automatically. A security camera will capture your face, and it'll be matched with your name and a whole lot of other information besides. Welcome to the world of automatic facial recognition. Those who have access to databases of identified photos will have the power to identify us. Yes, it'll enable some amazing personalized services; but it'll also enable whole new levels of surveillance. The underlying technologies are being developed today, and there are currently no rules limiting their use.

Walk into a store, and the salesclerks will know your name. The store's cameras and computers will have figured out your identity, and looked you up in both their store database and a commercial marketing database they've subscribed to. They'll know your name, salary, interests, what sort of sales pitches you're most vulnerable to, and how profitable a customer you are. Maybe they'll have read a profile based on your tweets and know what sort of mood you're in. Maybe they'll know your political affiliation or sexual identity, both predictable by your social media activity. And they're going to engage with you accordingly, perhaps by making sure you're well taken care of or possibly by trying to make you so uncomfortable that you'll leave.

Walk by a policeman, and she will know your name, address, criminal record, and with whom you routinely are seen. The potential for discrimination is enormous, especially in low-income communities where people are routinely harassed for things like unpaid parking tickets and other minor violations. And in a country where people are arrested for their political views, the use of this technology quickly turns into a nightmare scenario.

The critical technology here is computer face recognition. Traditionally it has been pretty poor, but it's slowly improving. A computer is now as good as a person. Already Google's algorithms can accurately match child and adult photos of the same person, and Facebook has an algorithm that works by recognizing hair style, body shape, and body language ­- and works even when it can't see faces. And while we humans are pretty much as good at this as we're ever going to get, computers will continue to improve. Over the next years, they'll continue to get more accurate, making better matches using even worse photos.

Matching photos with names also requires a database of identified photos, and we have plenty of those too. Driver's license databases are a gold mine: all shot face forward, in good focus and even light, with accurate identity information attached to each photo. The enormous photo collections of social media and photo archiving sites are another. They contain photos of us from all sorts of angles and in all sorts of lighting conditions, and we helpfully do the identifying step for the companies by tagging ourselves and our friends. Maybe this data will appear on handheld screens. Maybe it'll be automatically displayed on computer-enhanced glasses. Imagine salesclerks ­-- or politicians ­-- being able to scan a room and instantly see wealthy customers highlighted in green, or policemen seeing people with criminal records highlighted in red.

Science fiction writers have been exploring this future in both books and movies for decades. Ads followed people from billboard to billboard in the movie Minority Report. In John Scalzi's recent novel Lock In, characters scan each other like the salesclerks I described above.

This is no longer fiction. High-tech billboards can target ads based on the gender of who's standing in front of them. In 2011, researchers at Carnegie Mellon pointed a camera at a public area on campus and were able to match live video footage with a public database of tagged photos in real time. Already government and commercial authorities have set up facial recognition systems to identify and monitor people at sporting events, music festivals, and even churches. The Dubai police are working on integrating facial recognition into Google Glass, and more US local police forces are using the technology.

Facebook, Google, Twitter, and other companies with large databases of tagged photos know how valuable their archives are. They see all kinds of services powered by their technologies ­ services they can sell to businesses like the stores you walk into and the governments you might interact with.

Other companies will spring up whose business models depend on capturing our images in public and selling them to whoever has use for them. If you think this is farfetched, consider a related technology that's already far down that path: license-plate capture.

Today in the US there's a massive but invisible industry that records the movements of cars around the country. Cameras mounted on cars and tow trucks capture license places along with date/time/location information, and companies use that data to find cars that are scheduled for repossession. One company, Vigilant Solutions, claims to collect 70 million scans in the US every month. The companies that engage in this business routinely share that data with the police, giving the police a steady stream of surveillance information on innocent people that they could not legally collect on their own. And the companies are already looking for other profit streams, selling that surveillance data to anyone else who thinks they have a need for it.

This could easily happen with face recognition. Finding bail jumpers could even be the initial driving force, just as finding cars to repossess was for license plate capture.

Already the FBI has a database of 52 million faces, and describes its integration of facial recognition software with that database as "fully operational." In 2014, FBI Director James Comey told Congress that the database would not include photos of ordinary citizens, although the FBI's own documents indicate otherwise. And just last month, we learned that the FBI is looking to buy a system that will collect facial images of anyone an officer stops on the street.

In 2013, Facebook had a quarter of a trillion user photos in its database. There's currently a class-action lawsuit in Illinois alleging that the company has over a billion "face templates" of people, collected without their knowledge or consent.

Last year, the US Department of Commerce tried to prevail upon industry representatives and privacy organizations to write a voluntary code of conduct for companies using facial recognition technologies. After 16 months of negotiations, all of the consumer-focused privacy organizations pulled out of the process because industry representatives were unable to agree on any limitations on something as basic as nonconsensual facial recognition.

When we talk about surveillance, we tend to concentrate on the problems of data collection: CCTV cameras, tagged photos, purchasing habits, our writings on sites like Facebook and Twitter. We think much less about data analysis. But effective and pervasive surveillance is just as much about analysis. It's sustained by a combination of cheap and ubiquitous cameras, tagged photo databases, commercial databases of our actions that reveal our habits and personalities, and ­-- most of all ­-- fast and accurate face recognition software.

Don't expect to have access to this technology for yourself anytime soon. This is not facial recognition for all. It's just for those who can either demand or pay for access to the required technologies ­-- most importantly, the tagged photo databases. And while we can easily imagine how this might be misused in a totalitarian country, there are dangers in free societies as well. Without meaningful regulation, we're moving into a world where governments and corporations will be able to identify people both in real time and backwards in time, remotely and in secret, without consent or recourse.

Despite protests from industry, we need to regulate this budding industry. We need limitations on how our images can be collected without our knowledge or consent, and on how they can be used. The technologies aren't going away, and we can't uninvent these capabilities. But we can ensure that they're used ethically and responsibly, and not just as a mechanism to increase police and corporate power over us.

This essay previously appeared on

EDITED TO ADD: Two articles that say much the same thing.

Worse Than FailureEins, Zwei, Zuffa!

Dave had been at Initech for a few years, and things were looking pretty good. Everyone was working towards a big project launch, and every team was on target, on schedule, and on budget. The management, however, was not confident, and decided to “increase quality”. Their solution was to bring in two experienced, highly-paid consultants from the land of engineering excellence: Germany.

A glass of beer

The two consultants were Bob Schlüdell and Bob Gepäckträger. They became known as Bob Eins and Bob Zwei. They assessed the situation, then rolled up their sleeves and started hacking on all of the projects and code bases with their special skills.

<style> code { font-family: monospace } </style>

And how special those skills were.

Bob Eins had two favorite things: C++ templates and threads. Anything that used both of these was good, and everything that did not was garbage and had to be rewritten to use threading and templates. He would take whatever library the company was using, reimplement about half of it with layer upon layer of templated classes, and inform the team that, “You will use this from now on!” Then he would start working on a new library and abandon the previous one, meaning that all of his code was unmaintained.

Bob Zwei was a different kind of beast. At his previous job, he had worked on some project codenamed “Volcano”, and that was all he ever wanted to talk about. Ask him any question from, “Have you seen this compiler error before?” to “Hey, we’re all going out to lunch today, wanna come?”, and he’d respond with, “You know, back when I was working on Project Volcano…” followed by twenty minutes of chatter about design problems completely irrelevant to the initial topic of discussion.

Dave managed to keep under the radar of the Bobs for awhile, but eventually they found him. They gave him a new core library to use. He sighed and went back to work. How bad could it be?

It was much, much worse than he could possibly imagine. The first thing he learned was that these two Germans were very organized. Majorly, pedantically, obsessive-compulsively organized. Even the most uptight librarian would tell them to loosen up. Due to this, the Bobs demanded that everyone follow strict namespacing standards to keep code organized. However, each of the Bobs had their own radically different scheme.

For example, a network socket class implemented by Bob Eins– because socket.h was Not Invented Here, and thus not good enough– was namespaced as base::universe::posix::network::socket::Constants::IPV4. It was unclear what existed outside of the base::universe namespace. Meanwhile, Bob Swei organized all his classes along the convention com::initech::divisionname::projectname::objectname, and refused to accept the reality that some projects spanned divisions, and thus couldn’t be slotted into that hierarchy.

This was all somewhat manageable until Bob Eins dropped the biggest bomb. His NIH-itis flared up again, so he wrote his very own signal/slot mechanism. All existing code needed to be converted away from Qt’s perfectly usable mechanism as soon as possible. The unique feature of Bob’s version was that everything was a thread. Every service? Thread. Every operation? Thread. Every object? Thread. Every method call? Thread. Everything. This would, it was gloriously announced, get rid of the bottleneck of having a single event loop running on the main thread.

Bob Eins answered every objection raised by the other developers with a variation of, “That is not an issue!” No reasoning was ever given. Future maintenance costs were “Not an issue!” Throwing away a year’s worth of working code was “Not an issue!” The massive amount of threading bugs, resource contention, and overhead were “Not an issue!”

Bob Zwei answered every objection raised by the other developers with a variation of, “You know, back when I was working on Project Volcano…”

All work ground to a halt. Because of the liberal use of templates, the project’s compile speed would have brought ridicule from a severely asthmatic snail. A “Hello World” for their framework took two minutes to compile. The full suite could take hours. Most developer time not wasted waiting for the compiler was spent adding mutexes everywhere, since you could no longer rely on any variable not magically changing out from under you. And the rest of their time was spent debugging race conditions, deadlocks, and resource leaks.

Eventually, the Bobs stepped in with a new solution: every object in every thread would run its own personal event loop.

Nothing was getting done, and management started getting anxious. One morning, Dave’s cube-mate was grabbed from his multiple week stint of fixing threading bugs into a meeting and shouted at for what seemed like forever. Dave could hear the muffled shouts. “Because your component isn’t finished, you are personally jeopardizing the future of the entire company!”

After a particularly fruitless bug hunt, Dave had no idea what could be causing his race conditions, so he figured he’d ask Bob Eins. He described his problem. Herr Eins glanced at his code for a microsecond and said, “There is nothing wrong in the platform. You are just using it incorrectly.”

“Is there any documentation on how to do this correctly?”

“There is no need for documentation. Just read the source code,” Bob Eins replied. He waved a hand and wandered off to do more template metaprogramming.

Dave went to Bob Zwei next. “You know,” he began, “back when I was working on Project Volcano…”

Dave didn’t want to look at the library sources, for they used every possible C++ misfeature and were as impenetrable as Mirkwood. After battling the digital equivalents of spiders and elves in a dense thicket of intertwined templates, he finally found what he was looking for: a helper class for the signal system. It was unusual, in that it had a comment, possibly the only one in the entirety of the Bobs’ code. It looked like this:

    // This class is not thread safe

Dave’s jaw dropped so low that you could have flown a 747 through his mouth. How could a core component that was used everywhere in this multithreaded messaging system be thread unsafe? He filed a bug asking if this issue could be fixed.

A few hours later, Dave’s boss tapped him on the shoulder. In a strange tone, he said, “I’ve been told that you filed a bug on Bob’s new signaling system.”

“That’s right…”

“I want you to know that sort of behavior is totally unprofessional.”

Instead of shouting, “What?” at the top of his voice, all Dave could do was sit there, stunned.

“You really shouldn’t be spending your time finding bugs.”

This sentence was even more incomprehensible than the previous one, so Dave just kept staring.

“In this company, we need to have an agile, startup-like mentality, with a focus on results and collaboration, rather than over-polishing minor niggles in our already established core infrastructure.”

Dave wondered if he had been teleported to Bizarro World, because not a single word he heard made sense.

“This is the last straw in a long line of disappointments, and we feel that there is no future for you in this company. Please clean your desk and leave the premises immediately.” Five minutes later, Dave was standing alone in the parking lot.

Then it struck him. The unemployed don’t have to deal with threading issues, namespaces, or supertaxonomies. Dave smiled, for the first time in months, and decided to celebrate by going on vacation. He started thinking of good places to unwind, but with two hard requirements.

One: it must not be in Germany. Two: it must not have any volcanoes.

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

Planet DebianMichal Čihař: python-suseapi 0.22

The python-suseapi 0.22 has been released last week. The version number shows nothing special, but one important change has happened - the development repository has been moved.

It's now under openSUSE project on GitHub, what makes it easier to find for potential users and also makes team maintenance a bit easier than under my personal account.

If you're curious what the module does - it's mostly usable only inside SUSE, providing access to some internal services. One major thing usable outside is the Bugzilla interface, which should be at one day replaced by python-bugzilla, but for now provides some features not available there (using web scraping).

Anyway the code has documentation on, so you can figure out yourself what it includes.

Filed under: Coding English SUSE | 0 comments

Planet DebianJulien Danjou: Gnocchi talk at OpenStack Paris Meetup #16

Last week, I've been invited to the OpenStack Paris meetup #16, whose subject was about metrics in OpenStack. Last time I spoke at this meetup was back in 2012, during the OpenStack Paris meetup #2. A very long time ago!

I talked for half an hour about Gnocchi, the OpenStack project I've been running for 18 months now. I started by explaining the story behind the project and why we needed to build it. Ceilometer has an interesting history and had a curious roadmap these last year, and I summarized that briefly. Then I talk about how Gnocchi works and what it offers to users and operators. The slides where full of JSON, but I imagine it offered a interesting view of what the API looks like and how easy it is to operate. This also allowed me to emphasize how many use cases are actually really covered and solved, contrary to what Ceilometer did so far. The talk has been well received and I got a few interesting questions at the end.

The video of the talk (in French) and my slides are available on my talk page and below. I hope you'll enjoy it.

Planet Linux AustraliaLev Lafayette: Storage Limitations on Android Devices

Many Android devices come with storage configurations that are surprising to end-users. A product that is advertised as having 32 gigabytes of memory may in fact turn out to have much less available in terms of installing applications.

read more


Planet Linux AustraliaLinux Users of Victoria (LUV) Announce: Submission on Trans-Pacific Partnership

Status of the Submission

As of August 15 the Department of Foreign Affairs and Trade of the Commonwealth of Australia stated that it "continues to welcome public submissions and comments on Australia's participation in TPP negotiations: (

read more

Planet DebianPhilipp Kern: Root on LVM on Debian s390x, new Hercules

Two s390x changes landed in Debian unstable today:
With this it should be possible to install Debian on s390x with root on LVM. I'd be happy to hear feedback about installations with any configuration, be it root on a single DASD or root on LVM. Unless you set both mirror/udeb/suite and mirror/suite to unstable you'll need to wait until the changes are in testing, though. (The debian-installer build does not matter as zipl-installer is not part of the initrd and sysconfig-hardware is part of the installation.)

Furthermore I uploaded a new version of Hercules - a z/Architecture emulator - to get a few more years of maintenance into Debian. See its upstream changelog for details on the changes (old 3.07 → new 3.11).

At this point qemu at master is also usable for s390x emulation. It is much faster than Hercules, but it uses newfangled I/O subsystems like virtio. Hence we will need to do some more patching to make debian-installer just work. One patch for netcfg is in to support virtio networking correctly, but then it forces the user to configure a DASD. (Which would be as wrong if Fibre Channel were to be used.) In the end qemu and KVM on s390x look so much like a normal x86 VM that we could drop most of the special-casing of s390x (netcfg-static instead of netcfg; network-console instead of using the VM console; DASD configuration instead of simply using virtio-blk devices; I guess we get to keep zIPL for booting).

Planet DebianLunar: Reproducible builds: week 23 in Stretch cycle

What happened in the reproducible builds effort this week:

Toolchain fixes

Andreas Metzler uploaded autogen/1:5.18.6-1 in experimental with several patches for reproducibility issues written by Valentin Lorentz.

Groovy upstream has merged a change proposed by Emmanuel Bourg to remove timestamps generated by groovydoc.

Ben Hutchings submitted a patch to add support for SOURCE_DATE_EPOCH in linux-kbuild as an alternate way to specify the build timestamp.

Reiner Herrman has sent a patch adding support for SOURCE_DATE_EPOCH in docbook-utils.

Packages fixed

The following packages became reproducible due to changes in their build dependencies: commons-csv. fest-reflect, sunxi-tools, xfce4-terminal,

The following packages became reproducible after getting fixed:

Some uploads fixed some reproducibility issues but not all of them:

Patches submitted which have not made their way to the archive yet:

Tomasz Rybak uploaded pycuda/2015.1.3-1 which should fix reproducibility issues. The package has not been tested as it is in contrib.

akira found an embedded code copy of texi2html in fftw.

Email notifications are now only sent once a day per package, instead of on each status change. (h01ger)

disorderfs has been temporarily disabled to see if it had any impact on the disk space issues. (h01ger)

When running out of disk space, build nodes will now automatically detect the problem. This means test results will not be recorded as “FTBFS” and the problem will be reported to Jenkins maintainers. (h01ger)

The navigation menu of package pages has been improved. (h01ger)

The two amd64 builders now use two different kernel versions: 3.16 from stable and 4.1 from backports on the other. (h01ger)

We now graph the number of packages which needs to be fixed. (h01ger)

Munin now creates graphs on how many builds were performed by build nodes (example). (h01ger)

A migration plan has been agreed with DSA on how to turn Jenkins into an official Debian service. A backport of jenkins-job-builder for Jessie is currently missing. (h01ger)

Package reviews

119 reviews have been removed, 103 added and 45 updated this week.

16 “fail to build from source” issues were reported by Chris Lamb and Mattia Rizzolo.

New issue this week: timestamps_in_manpages_generated_by_docbook_utils.


Allan McRae has submitted a patch to make ArchLinux pacman record a .BUILDINFO file.

Planet DebianDirk Eddelbuettel: RcppArmadillo

armadillo image

The somewhat regular monthly upstream Armadillo update brings us a first release of the 6.* series. This follows an earlier test release announced on the list, and released to the Rcpp drat. And as version 6.100.0 was released on Friday by Conrad, we rolled it into RcppArmadillo release yesterday. Following yet another full test against all reverse dependencies, got uploaded to CRAN which has now accepted it. A matching upload to Debian will follow shortly.

Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab.

This release a few changes:

Changes in RcppArmadillo version (2015-10-03)

  • Upgraded to Armadillo 6.100.0 ("Midnight Blue")

    • faster norm() and normalise() when using ATLAS or OpenBLAS

    • added Schur decomposition: schur()

    • stricter handling of matrix objects by hist() and histc()

    • advanced constructors for using auxiliary memory by Mat, Col, Row and Cube now have the default of strict = false

    • Cube class now delays allocation of .slice() related structures until needed

    • expanded join_slices() to handle joining cubes with matrices

Courtesy of CRANberries, there is also a diffstat report for the most recent CRAN release. As always, more detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet DebianJonathan Carter: Long Overdue Debconf 15 Post

Debconf 15

In August (that was 2 months ago, really!?) I attended DebCamp and DebConf in Heidelberg, Germany. This blog post is somewhat belated due to the debbug (flu obtained during DebConf) and all the catching up I had to do since then.


Debcamp was great, I got to hack on some of my Python related packages that were in need of love for a long time and also got to spend a lot of time tinkering with VLC for the Video Team. Even better than that, I caught up with a lot of great people I haven’t seen in ages (and met new ones) and stayed up waaaaay too late drinking beer, playing Mao and watching meteor showers.


At Debconf, I gave a short talk about AIMS Desktop (slides) but also expanded on the licensing problems we’ve had with Ubuntu on that project. Not all was bleak on the Ubuntu front though, some Ubuntu/Canonical folk were present at DebConf and said that they’d gladly get involved with porting Ubiquity (the Ubuntu installer, a front-end to d-i) to Debian. That would certainly be useful to many derivatives including potentiall AIMS Desktop if it were to move over to Debian.

AIMS Desktop talk slides:

We’re hosting DebConf in Cape Town next year and did an introduction during a plenary (slides). It was interesting spending some time with the DC15 team and learning how they work, it’s amazing all the detail they have to care about and how easy they made it look from the outside, I hope the DC16 team will pull that off as well.

Debconf 16 Slides:

DC16 at DC15 talk

DebConf 16 team members present at DebConf16 during DC16 presentation:

I uploaded my photos to DebConf Gallery, Facebook and Google, take your pick ;-), many sessions were recorded, catch them on If I had to summarize everything that I found interesting I’d have to delay posting this entry even further, topics that were particularly interesting were:

  • Reproducible Builds (project page on wiki)
  • Trademark Issues (general logo use discussion, and what can call itself “Debian”)
  • Many Derivative discussions
  • PPAs for Debian
  • Many packaging and workflow related talks and discussions where I was only qualified to listen and tried to take in as much as possible

Pollito’s First Trip to Africa

In my state of flu with complete lack of concentration for anything work related, I went ahead and made a little short story documenting Pollito’s (the DebConf mascot chicken) first trip to Africa. It’s silly but it was fun to make and some people enjoyed it ^_^

Well, what else can I say? DebConf 15 was a blast! Hope to see you at Debconf 16!

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-09-28 to 2015-10-04

Planet DebianJohannes Schauer: new sbuild release 0.66.0

I just released sbuild 0.66.0-1 into unstable. It fixes a whopping 30 bugs! Thus, I'd like to use this platform to:

  • kindly ask all sbuild users to report any new bugs introduced with this release
  • give a big thank you to everybody who supplied the patches that made fixing this many bugs possible (in alphabetical order): Aurelien Jarno, Christian Kastner, Christoph Egger, Colin Watson, Dima Kogan, Guillem Jover, Luca Falavigna, Maria Valentina Marin Rordrigues, Miguel A. Colón Vélez, Paul Tagliamonte

And a super big thank you to Roger Leigh who, despite having resigned from Debian, was always available to give extremely helpful hints, tips, opinion and guidance with respect to sbuild development. Thank you!

Here is a list of the major changes since the last release:

  • add option --arch-all-only to build arch:all packages
  • environment variable SBUILD_CONFIG allows to specify a custom configuration file
  • add option --build-path to set a deterministic build path
  • fix crossbuild dependency resolution
  • add option --extra-repository-key for extra apt keys
  • add option --build-dep-resolver=aspcud for aspcud based resolver
  • allow complex commands as sbuild hooks
  • add now external command %SBUILD_SHELL produces an interactive shell
  • add options --build-deps-failed-commands, --build-failed-commands and --anything-failed-commands for more hooks


Planet DebianStig Sandbeck Mathisen: Free software activities in September 2015


Working on making the munin master fit inside Mojolicious. The existing code is not written to make this trivial, but all the pieces are there. Most of the pieces need breaking up into smaller pieces to fit.



New version of puppet-module-puppetlabs-apache (Closes: #788124 #788125 #788127 ). I like it when a new upstream version closes all bugs left in the bts for a package.

A new package, the TLS proxy hitch currently waiting in the queue.


Lots of work on a new ceph puppet module.

Rondam RamblingsA Moral Puzzle

I was discussing idea-ism with someone the other day when I came up with what turns out to be a very interesting moral dilemma.  Unlike the classic trolley problems, this is actually a somewhat realistic scenario, and one on which reasonable people really do seem to disagree.  Here it is: John is a wealthy businessman whose heart is failing. If he doesn’t receive a transplant he will die. John

LongNowSaul Griffith Seminar Media

This lecture was presented as part of The Long Now Foundation’s monthly Seminars About Long-term Thinking.

Infrastructure & Climate Change

Monday September 21, 02015 – San Francisco

Video is up on the Griffith Seminar page.


Audio is up on the Griffith Seminar page, or you can subscribe to our podcast.


Green infrastructure – a summary by Stewart Brand

Griffith began with an eyeroll at the first round of responses in the US to reducing greenhouse gases, a program he calls “peak Al Gore.” Some activities feel virtuous —becoming vegetarian, installing LED lights, avoiding bottled water, reading news online, using cold water detergent, and “showering less in a smaller, colder house”—but they demand constant attention and they don’t really add up to what is needed.

Griffith’s view is that we deal best with greenhouse gases by arranging our infrastructure so we don’t have to think about climate and energy issues every minute. Huge energy savings can come from designing our buildings and cars better, and some would result from replacing a lot of air travel with “video conferencing that doesn’t suck.“ Clean energy will mostly come from solar, wind, biofuels (better ones than present), and nuclear. Solar could be on every roof. The most fuel-efficient travel is on bicycles, which can be encouraged far more. Electric cars are very efficient, and when most become self-driving they can be lighter and even more efficient because “autonomous vehicles don’t run into each other.” Sixty percent of our energy goes to waste heat; with improved design that can be reduced radically to 20 percent.

Taking the infrastructure approach, in a few decades the US could reduce its total energy use by 40 percent, while eliminating all coal and most oil and natural gas burning, with no need to shower less.

Subscribe to our Seminar email list for updates and summaries.


TEDA TEDx event crosses the US-Mexico border, to show that ideas can’t be fenced in

In early September, TEDxMonumento258 became the first TEDx event organized by teams in two different countries and held simultaneously across a border. Planning the event took more than two and a half years. Constraints on the US side proved the most difficult to overcome. Photo: Natalia Robert/TEDxMonumento258

In early September, TEDxMonumento258 became the first TEDx event organized by teams in two different countries and held simultaneously across a border. Planning the event took more than two and a half years. Constraints on the US side proved the most difficult to overcome. Photo: Natalia Robert/TEDxMonumento258

Adriana Eguia Alaniz started her talk in the United States, speaking English. She ended it in Mexico, speaking Spanish.

Welcome to TEDxMonumento258, an event held across the US-Mexico border. On September 4, 2015, attendees gathered in both San Diego and Tijuana to watch as ideas permeated the border fence that divides the cities. The organizers of TEDxSanDiego and TEDxTijuana planned this day-long event together, and imagined it as a metaphor. “You can pass laws, you can build fences,” said San Diego-based organizer Mark Lovett, “but you will never stop cultures from sharing their lives and ideas.”

The event name pointed to a symbol of the separation.

“At the border, there’s a marble obelisk called Monument 258,” said Lovett. “It was the first point of demarcation between the United States and Mexico after the Treaty of Guadalupe Hidalgo was signed 167 years ago, at the end of the Mexican-American War. … Everybody who lives in this region has been affected by the decisions made back then.”

Crossing the border between San Diego and Tijuana takes minutes at a good time, and several hours at a bad one. But in Friendship Park, where Monument 258 stands, a stretch of fence allows for interaction without crossing. The fence here is a thick, waffle-like, metal mesh — you can see and hear through it. The TEDxMonumento258 team decided to build two stages, back-to-back, one on each side. The speaker program would alternate — a speaker on the US side, then a speaker on the Mexico side.

The format was simple. But the planning was complex. It took more than two and a half years.

Adriana Eguia Alaniz She stands next to Monument 258, the first point of demarcation between the US and Mexico. The stage on the Mexican side of the fence was built to incorporate it. Eguia Alaniz began her talk in the morning in the US and ended it in the afternoon in Mexico. Photo: Arturo Loaiza/TEDxMonumento258

Adriana Eguia Alaniz stands next to Monument 258, the first point of demarcation between the US and Mexico. The stage on the Mexican side of the fence was built to incorporate it. Eguia Alaniz began her talk in the morning in the US and ended it in the afternoon in Mexico. Photo: Arturo Loaiza/TEDxMonumento258

The US side of Friendship Park is gated — it’s guarded by US Border Patrol and is generally closed to the public. “On Saturday and Sunday, they open the outer gate for four hours and allow people to walk up to the fence and talk to relatives in Tijuana,” said Lovett.

Lovett and his co-organizer Janelle Doll needed the Border Patrol’s blessing to hold an event here, especially one on a weekday. That process took time. Along with Tijuana-based organizers Heberto Peterson and Ariosto Manrique, the two also worked with the mayor of San Diego, the mayor of Tijuana and both cities’ “binational liaisons” to keep plans moving forward.

Still, technical challenges abounded. On the US side, Friendship Park has no power or wi-fi. Generators aren’t allowed, nor are tents for shade or screens where speakers could show slides. To power the event, Lovett had to get permission to run a 400-foot extension cord from a women’s bathroom in Border Field State Park, outside Friendship Park’s boundary. “We might be the first TEDx event powered by a bathroom,” he said.

Also difficult: getting permission to run a cable through the border fence, so that the footage shot on battery-powered cameras on the US side could be part of the event’s livestream. The livestream was run through the Mexican side of Friendship Park, a public beach called Playas de Tijuana. This is where Monument 258 stands, near a lighthouse, with a backdrop of murals painted on the border fence.

“On the Mexican side, we have electricity, Internet, public access to the park,” said Peterson. “People usually think about it as the other way around.”

Because of the constraints of the US side, the organizing team decided not to translate between English and Spanish. “We told our audience that if you’re not bilingual, you are not going to understand half of what you hear,” said Lovett. Instead, they sat bilingual speakers throughout the event, so they could share what was being said in each talk.

The coordination of the two sides happened through the most low-tech of methods: shouting through the fence. On the US side, the fence looks austere — but on the Mexican side, it’s painted with murals. Photo: Arturo Loaiza/TEDxMonumento258

The coordination of the two sides happened through the most low-tech of methods: shouting through the fence. On the US side, the fence looks austere — but on the Mexican side, it’s painted with murals. Photo: Arturo Loaiza/TEDxMonumento258

The theme for the event came easily: “Ideas without borders.” Talks included a museum curator on how art transcends language, an attorney on the need for civic engagement across the border and a sommelier on how food allows for cultural exchange.

But everything ground to a halt 10 minutes before the event started.

“A guy in a powered paraglider comes swooping over the fence from Mexico into US airspace,” said Lovett. “Border Patrol freaks out — they’re on the phone trying to see if there’s a helicopter to chase the guy. An agent comes up to me and says, ‘We don’t know what this guy is doing. This is a danger. You need to shut down your event.’”

“As soon as he said that, the paraglider turned around and flew back into Mexico,” said Lovett. “So we didn’t have to stop the show.”

Together, San Diego and Tijuana have a population of nearly 5 million people. Both Lovett and Peterson see the cultural exchange between the two as key.

“People work on both sides of the border. There’s commerce going on, communication going on,” said Lovett. “These two cultures — despite political, cultural and physical barriers — have created this very vibrant, very diverse, very rich multicultural region.”

“If we could demonstrate how two cultures work through difficulties and challenges, that hopefully could be a model for people in other parts of the world.”

Students from Redes 2025, an after-school music program in high-needs communities, played a musical interlude. Clarinetist Missael Zavala Lopez (right) spoke before they played about his experience growing up in California and returning to Mexico when his mother was deported. Photo: Arturo Loaiza/TEDxMonumento258

Students from Redes 2025, an after-school music program in high-needs communities, played a musical interlude. Clarinetist Missael Zavala Lopez (right) spoke before they played about his experience growing up in California and returning to Mexico when his mother was deported. Photo: Arturo Loaiza/TEDxMonumento258

In Friendship Park, the border fence continues far into the ocean. Photo: Natalia Robert/TEDxMonumento258

In Friendship Park, the border fence continues far into the ocean. Photo: Natalia Robert/TEDxMonumento258

CryptogramFriday Squid Blogging: Bobtail Squid Keeps Bacteria to Protect Its Eggs

The Hawaiian Bobtail Squid deposits bacteria on its eggs to keep them safe.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

TEDWant to give a tech demo or talk at TED2016? Apply to share your idea

Speaker Boaz Almog demonstrated how a superconductor disk can glide over a magnetic rail in a completely frictionless system. It's just one of dozens of TED tech demos that have raised oohs and ahhs from the audience. Could your demo be the next? Photo: James Duncan Davidson/TED

Boaz Almog demonstrates how a superconductor disk can glide over a magnetic rail in a completely frictionless system. It’s just one of dozens of TED tech demos that have raised oohs and ahhs from the audience. Could your demo be next? Photo: James Duncan Davidson/TED

Attention all engineers, inventors, makers, technology professionals and enthusiasts! TED is seeking jaw-dropping tech demos or talks, to be shared at our 2016 conference in Vancouver. The ideal talk/demo will feature a new piece of technology that can be shown in just a few minutes from the stage, tell us about something brand-new, or offer a new lens on a tech topic. It can be something that might change the way we do things in the future, or change the way we think.

If it’s a demo you’re proposing, the tech you show us can be simple or complex, tiny or big, homemade or slick, weird or elegant. It can come from a company, a university lab or a garage. Regardless, it should be innovative and smart with the potential to make a positive impact on some corner of the world. For either a demo or a talk, we’ll want to know why you’re uniquely qualified to share the idea at TED.

Think you’ve got something that might fit? Apply and tell us more »

Below, a variety of TED tech talks and demos, to show you the wide range of ideas we are looking for. May they inspire you.

<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="" webkitallowfullscreen="webkitAllowFullScreen" width="585"></iframe>
<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="" webkitallowfullscreen="webkitAllowFullScreen" width="585"></iframe>
<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="" webkitallowfullscreen="webkitAllowFullScreen" width="585"></iframe>
<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="" webkitallowfullscreen="webkitAllowFullScreen" width="585"></iframe>

CryptogramResilient Systems News

Former Raytheon CEO Bill Swanson has joined our board of directors.

For those who don't know, Resilient Systems is my company. I'm the CTO, and we sell an incident-response management platform that...well...helps IR teams to manage incidents. It's a single hub that allows a team to collect data about an incident, assign and manage tasks, automate actions, integrate intelligence information, and so on. It's designed to be powerful, flexible, and intuitive -- if your HR or legal person needs to get involved, she has to be able to use it without any training. I'm really impressed with how well it works. Incident response is all about people, and the platform makes teams more effective. This is probably the best description of what we do.

We have lots of large- and medium-sized companies as customers. They're all happy, and we continue to sell this thing at an impressive rate. Our Q3 numbers were fantastic. It's kind of scary, really.

Krebs on SecurityScottrade Breach Hits 4.6 Million Customers

Welcome to Day 2 of Cybersecurity (Breach) Awareness Month! Today’s awareness lesson is brought to you by retail brokerage firm Scottrade Inc., which just disclosed a breach involving contact information and possibly Social Security numbers on 4.6 million customers.

scottradeIn an email sent today to customers, St. Louis-based Scottrade said it recently heard from federal law enforcement officials about crimes involving the theft of information from Scottrade and other financial services companies.

“Based upon our subsequent internal investigation coupled with information provided by the authorities, we believe a list of client names and street addresses was taken from our system,” the email notice reads. “Importantly, we have no reason to believe that Scottrade’s trading platforms or any client funds were compromised. All client passwords remained encrypted at all times and we have not seen any indication of fraudulent activity as a result of this incident.”

The notice said that although Social Security numbers, email addresses and other sensitive data were contained in the system accessed, “it appears that contact information was the focus of the incident.” The company said the unauthorized access appears to have occurred over a period between late 2013 and early 2014.

Asked about the context of the notification from federal law enforcement officials, Scottrade spokesperson Shea Leordeanu said the company couldn’t comment on the incident much more than the information included in its Web site notice about the attack. But she did say that Scottrade learned about the data theft from the FBI, and that the company is working with agents from FBI field offices in Atlanta and New York. FBI officials could not be immediately reached for comment.

It may well be that the intruders were after Scottrade user data to facilitate stock scams, and that a spike in spam email for affected Scottrade customers will be the main fallout from this break-in.

In July 2015, prosecutors in Manhattan filed charges against five people — including some suspected of having played a role in the 2014 breach at JPMorgan Chase that exposed the contact information on more than 80 million consumers. The authorities in that investigation said they suspect that group sought to use email addresses stolen in the JPMorgan hacking to further stock manipulation schemes involving spam emails to pump up the price of otherwise worthless penny stocks.

Scottrade said despite the fact that it doesn’t believe Social Security numbers were stolen, the company is offering a year’s worth of free credit monitoring services to affected customers. Readers who are concerned about protecting their credit files from identity thieves should read How I Learned to Stop Worrying and Embrace the Security Freeze.

Cory DoctorowData breaches are winning the privacy wars, so what should privacy advocates do?

Data breaches are winning the privacy wars, so what should privacy advocates do?

My latest Guardian column, “Why is it so hard to convince people to care about privacy,” argues that the hard part of the privacy wars (getting people to care about privacy) is behind us, because bad privacy regulation and practices are producing wave after wave of people who really want to protect their privacy.

From now on, our job is figuring out what to tell those people when they come to us, to give them hope and tools so that they don’t become privacy nihilists.

Every week or two, from now on, will see new privacy disasters, each worse than the last. Every week or two, from now on, will see millions of people who suddenly wish there was more they could do to protect their privacy.

For privacy advocates in 2015, the job is clear: have a plan in your drawer. A plan: how to safeguard your privacy, how to understand your privacy, how to understand the breach. A plan that explains that your lack of security isn’t a fact of nature, it’s the result of conscious decisions made by people who were either hostile or indifferent to your wellbeing, who saved or made money through those decisions. A plan that shows you what you can do to keep you and yours safe – and whose head your should be demanding on a pike.

We should still be advocating for better practices, businesses, technology and rules for privacy, but our job will be made simpler with an army of supporters. That army is ready to enlist, too, even if they don’t know it.

Why is it so hard to convince people to care about privacy?
[The Guardian]


Planet DebianDaniel Pocock: Want to be selected for Google Summer of Code 2016?

I've mentored a number of students in 2013, 2014 and 2015 for Debian and Ganglia and most of the companies I've worked with have run internships and graduate programs from time to time. GSoC 2015 has just finished and with all the excitement, many students are already asking what they can do to prepare and be selected for Outreachy or GSoC in 2016.

My own observation is that the more time the organization has to get to know the student, the more confident they can be selecting that student. Furthermore, the more time that the student has spent getting to know the free software community, the more easily they can complete GSoC.

Here I present a list of things that students can do to maximize their chance of selection and career opportunities at the same time. These tips are useful for people applying for GSoC itself and related programs such as GNOME's Outreachy or graduate placements in companies.


There is no guarantee that Google will run the program again in 2016 or any future year until the Google announcement.

There is no guarantee that any organization or mentor (including myself) will be involved until the official list of organizations is published by Google.

Do not follow the advice of web sites that invite you to send pizza or anything else of value to prospective mentors.

Following the steps in this page doesn't guarantee selection. That said, people who do follow these steps are much more likely to be considered and interviewed than somebody who hasn't done any of the things in this list.

Understand what free software really is

You may hear terms like free software and open source software used interchangeably.

They don't mean exactly the same thing and many people use the term free software for the wrong things. Not all projects declaring themselves to be "free" or "open source" meet the definition of free software. Those that don't, usually as a result of deficiencies in their licenses, are fundamentally incompatible with the majority of software that does use genuinely free licenses.

Google Summer of Code is about both writing and publishing your code and it is also about community. It is fundamental that you know the basics of licensing and how to choose a free license that empowers the community to collaborate on your code well after GSoC has finished.

Please review the definition of free software early on and come back and review it from time to time. The The GNU Project / Free Software Foundation have excellent resources to help you understand what a free software license is and how it works to maximize community collaboration.

Don't look for shortcuts

There is no shortcut to GSoC selection and there is no shortcut to GSoC completion.

The student stipend (USD $5,500 in 2014) is not paid to students unless they complete a minimum amount of valid code. This means that even if a student did find some shortcut to selection, it is unlikely they would be paid without completing meaningful work.

If you are the right candidate for GSoC, you will not need a shortcut anyway. Are you the sort of person who can't leave a coding problem until you really feel it is fixed, even if you keep going all night? Have you ever woken up in the night with a dream about writing code still in your head? Do you become irritated by tedious or repetitive tasks and often think of ways to write code to eliminate such tasks? Does your family get cross with you because you take your laptop to Christmas dinner or some other significant occasion and start coding? If some of these statements summarize the way you think or feel you are probably a natural fit for GSoC.

An opportunity money can't buy

The GSoC stipend will not make you rich. It is intended to make sure you have enough money to survive through the summer and focus on your project. Professional developers make this much money in a week in leading business centers like New York, London and Singapore. When you get to that stage in 3-5 years, you will not even be thinking about exactly how much you made during internships.

GSoC gives you an edge over other internships because it involves publicly promoting your work. Many companies still try to hide the potential of their best recruits for fear they will be poached or that they will be able to demand higher salaries. Everything you complete in GSoC is intended to be published and you get full credit for it. Imagine a young musician getting the opportunity to perform on the main stage at a rock festival. This is how the free software community works. It is a meritocracy and there is nobody to hold you back.

Having a portfolio of free software that you have created or collaborated on and a wide network of professional contacts that you develop before, during and after GSoC will continue to pay you back for years to come. While other graduates are being screened through group interviews and testing days run by employers, people with a track record in a free software project often find they go straight to the final interview round.

Register your domain name and make a permanent email address

Free software is all about community and collaboration. Register your own domain name as this will become a focal point for your work and for people to get to know you as you become part of the community.

This is sound advice for anybody working in IT, not just programmers. It gives the impression that you are confident and have a long term interest in a technology career.

Choosing the provider: as a minimum, you want a provider that offers DNS management, static web site hosting, email forwarding and XMPP services all linked to your domain. You do not need to choose the provider that is linked to your internet connection at home and that is often not the best choice anyway. The XMPP foundation maintains a list of providers known to support XMPP.

Create an email address within your domain name. The most basic domain hosting providers will let you forward the email address to a webmail or university email account of your choice. Configure your webmail to send replies using your personalized email address in the From header.

Update your ~/.gitconfig file to use your personalized email address in your Git commits.

Create a web site and blog

Start writing a blog. Host it using your domain name.

Some people blog every day, other people just blog once every two or three months.

Create links from your web site to your other profiles, such as a Github profile page. This helps reinforce the pages/profiles that are genuinely related to you and avoid confusion with the pages of other developers.

Many mentors are keen to see their students writing a weekly report on a blog during GSoC so starting a blog now gives you a head start. Mentors look at blogs during the selection process to try and gain insight into which topics a student is most suitable for.

Create a profile on Github

Github is one of the most widely used software development web sites. Github makes it quick and easy for you to publish your work and collaborate on the work of other people. Create an account today and get in the habbit of forking other projects, improving them, committing your changes and pushing the work back into your Github account.

Github will quickly build a profile of your commits and this allows mentors to see and understand your interests and your strengths.

In your Github profile, add a link to your web site/blog and make sure the email address you are using for Git commits (in the ~/.gitconfig file) is based on your personal domain.

Start using PGP

Pretty Good Privacy (PGP) is the industry standard in protecting your identity online. All serious free software projects use PGP to sign tags in Git, to sign official emails and to sign official release files.

The most common way to start using PGP is with the GnuPG (GNU Privacy Guard) utility. It is installed by the package manager on most Linux systems.

When you create your own PGP key, use the email address involving your domain name. This is the most permanent and stable solution.

Print your key fingerprint using the gpg-key2ps command, it is in the signing-party package on most Linux systems. Keep copies of the fingerprint slips with you.

This is what my own PGP fingerprint slip looks like. You can also print the key fingerprint on a business card for a more professional look.

Using PGP, it is recommend that you sign any important messages you send but you do not have to encrypt the messages you send, especially if some of the people you send messages to (like family and friends) do not yet have the PGP software to decrypt them.

If using the Thunderbird (Icedove) email client from Mozilla, you can easily send signed messages and validate the messages you receive using the Enigmail plugin.

Get your PGP key signed

Once you have a PGP key, you will need to find other developers to sign it. For people I mentor personally in GSoC, I'm keen to see that you try and find another Debian Developer in your area to sign your key as early as possible.

Free software events

Try and find all the free software events in your area in the months between now and the end of the next Google Summer of Code season. Aim to attend at least two of them before GSoC.

Look closely at the schedules and find out about the individual speakers, the companies and the free software projects that are participating. For events that span more than one day, find out about the dinners, pub nights and other social parts of the event.

Try and identify people who will attend the event who have been GSoC mentors or who intend to be. Contact them before the event, if you are keen to work on something in their domain they may be able to make time to discuss it with you in person.

Take your PGP fingerprint slips. Even if you don't participate in a formal key-signing party at the event, you will still find some developers to sign your PGP key individually. You must take a photo ID document (such as your passport) for the other developer to check the name on your fingerprint but you do not give them a copy of the ID document.

Events come in all shapes and sizes. FOSDEM is an example of one of the bigger events in Europe, is a similarly large event in Australia. There are many, many more local events such as the Debian UK mini-DebConf in Cambridge, November 2015. Many events are either free or free for students but please check carefully if there is a requirement to register before attending.

On your blog, discuss which events you are attending and which sessions interest you. Write a blog during or after the event too, including photos.

Quantcast generously hosted the Ganglia community meeting in San Francisco, October 2013. We had a wild time in their offices with mini-scooters, burgers, beers and the Ganglia book. That's me on the pink mini-scooter and Bernard Li, one of the other Ganglia GSoC 2014 admins is on the right.

Install Linux

GSoC is fundamentally about free software. Linux is to free software what a tree is to the forest. Using Linux every day on your personal computer dramatically increases your ability to interact with the free software community and increases the number of potential GSoC projects that you can participate in.

This is not to say that people using Mac OS or Windows are unwelcome. I have worked with some great developers who were not Linux users. Linux gives you an edge though and the best time to gain that edge is now, while you are a student and well before you apply for GSoC.

If you must run Windows for some applications used in your course, it will run just fine in a virtual machine using Virtual Box, a free software solution for desktop virtualization. Use Linux as the primary operating system.

Here are links to download ISO DVD (and CD) images for some of the main Linux distributions:

If you are nervous about getting started with Linux, install it on a spare PC or in a virtual machine before you install it on your main PC or laptop. Linux is much less demanding on the hardware than Windows so you can easily run it on a machine that is 5-10 years old. Having just 4GB of RAM and 20GB of hard disk is usually more than enough for a basic graphical desktop environment although having better hardware makes it faster.

Your experiences installing and running Linux, especially if it requires some special effort to make it work with some of your hardware, make interesting topics for your blog.

Decide which technologies you know best

Personally, I have mentored students working with C, C++, Java, Python and JavaScript/HTML5.

In a GSoC program, you will typically do most of your work in just one of these languages.

From the outset, decide which language you will focus on and do everything you can to improve your competence with that language. For example, if you have already used Java in most of your course, plan on using Java in GSoC and make sure you read Effective Java (2nd Edition) by Joshua Bloch.

Decide which themes appeal to you

Find a topic that has long-term appeal for you. Maybe the topic relates to your course or maybe you already know what type of company you would like to work in.

Here is a list of some topics and some of the relevant software projects:

  • System administration, servers and networking: consider projects involving monitoring, automation, packaging. Ganglia is a great community to get involved with and you will encounter the Ganglia software in many large companies and academic/research networks. Contributing to a Linux distribution like Debian or Fedora packaging is another great way to get into system administration.
  • Desktop and user interface: consider projects involving window managers and desktop tools or adding to the user interface of just about any other software.
  • Big data and data science: this can apply to just about any other theme. For example, data science techniques are frequently used now to improve system administration.
  • Business and accounting: consider accounting, CRM and ERP software.
  • Finance and trading: consider projects like R, market data software like OpenMAMA and connectivity software (Apache Camel)
  • Real-time communication (RTC), VoIP, webcam and chat: look at the JSCommunicator or the Jitsi project
  • Web (JavaScript, HTML5): look at the JSCommunicator

Before the GSoC application process begins, you should aim to learn as much as possible about the theme you prefer and also gain practical experience using the software relating to that theme. For example, if you are attracted to the business and accounting theme, install the PostBooks suite and get to know it. Maybe you know somebody who runs a small business: help them to upgrade to PostBooks and use it to prepare some reports.

Make something

Make some small project, less than two week's work, to demonstrate your skills. It is important to make something that somebody will use for a practical purpose, this will help you gain experience communicating with other users through Github.

For an example, see the servlet Juliana Louback created for fixing phone numbers in December 2013. It has since been used as part of the Lumicall web site and Juliana was selected for a GSoC 2014 project with Debian.

There is no better way to demonstrate to a prospective mentor that you are ready for GSoC than by completing and publishing some small project like this yourself. If you don't have any immediate project ideas, many developers will also be able to give you tips on small projects like this that you can attempt, just come and ask us on one of the mailing lists.

Ideally, the project will be something that you would use anyway even if you do not end up participating in GSoC. Such projects are the most motivating and rewarding and usually end up becoming an example of your best work. To continue the example of somebody with a preference for business and accounting software, a small project you might create is a plugin or extension for PostBooks.

Getting to know prospective mentors

Many web sites provide useful information about the developers who contribute to free software projects. Some of these developers may be willing to be a GSoC mentor.

For example, look through some of the following:

Getting on the mentor's shortlist

Once you have identified projects that are interesting to you and developers who work on those projects, it is important to get yourself on the developer's shortlist.

Basically, the shortlist is a list of all students who the developer believes can complete the project. If I feel that a student is unlikely to complete a project or if I don't have enough information to judge a student's probability of success, that student will not be on my shortlist.

If I don't have any student on my shortlist, then a project will not go ahead at all. If there are multiple students on the shortlist, then I will be looking more closely at each of them to try and work out who is the best match.

One way to get a developer's attention is to look at bug reports they have created. Github makes it easy to see complaints or bug reports they have made about their own projects or other projects they depend on. Another way to do this is to search through their code for strings like FIXME and TODO. Projects with standalone bug trackers like the Debian bug tracker also provide an easy way to search for bug reports that a specific person has created or commented on.

Once you find some relevant bug reports, email the developer. Ask if anybody else is working on those issues. Try and start with an issue that is particularly easy and where the solution is interesting for you. This will help you learn to compile and test the program before you try to fix any more complicated bugs. It may even be something you can work on as part of your academic program.

Find successful projects from the previous year

Contact organizations and ask them which GSoC projects were most successful. In many organizations, you can find the past students' project plans and their final reports published on the web. Read through the plans submitted by the students who were chosen. Then read through the final reports by the same students and see how they compare to the original plans.

Start building your project proposal now

Don't wait for the application period to begin. Start writing a project proposal now.

When writing a proposal, it is important to include several things:

  • Think big: what is the goal at the end of the project? Does your work help the greater good in some way, such as increasing the market share of Linux on the desktop?
  • Details: what are specific challenges? What tools will you use?
  • Time management: what will you do each week? Are there weeks where you will not work on GSoC due to vacation or other events? These things are permitted but they must be in your plan if you know them in advance. If an accident or death in the family cut a week out of your GSoC project, which work would you skip and would your project still be useful without that? Having two weeks of flexible time in your plan makes it more resilient against interruptions.
  • Communication: are you on mailing lists, IRC and XMPP chat? Will you make a weekly report on your blog?
  • Users: who will benefit from your work?
  • Testing: who will test and validate your work throughout the project? Ideally, this should involve more than just the mentor.

If your project plan is good enough, could you put it on Kickstarter or another crowdfunding site? This is a good test of whether or not a project is going to be supported by a GSoC mentor.

Learn about packaging and distributing software

Packaging is a vital part of the free software lifecycle. It is very easy to upload a project to Github but it takes more effort to have it become an official package in systems like Debian, Fedora and Ubuntu.

Packaging and the communities around Linux distributions help you reach out to users of your software and get valuable feedback and new contributors. This boosts the impact of your work.

To start with, you may want to help the maintainer of an existing package. Debian packaging teams are existing communities that work in a team and welcome new contributors. The Debian Mentors initiative is another great starting place. In the Fedora world, the place to start may be in one of the Special Interest Groups (SIGs).

Think from the mentor's perspective

After the application deadline, mentors have just 2 or 3 weeks to choose the students. This is actually not a lot of time to be certain if a particular student is capable of completing a project. If the student has a published history of free software activity, the mentor feels a lot more confident about choosing the student.

Some mentors have more than one good student while other mentors receive no applications from capable students. In this situation, it is very common for mentors to send each other details of students who may be suitable. Once again, if a student has a good Github profile and a blog, it is much easier for mentors to try and match that student with another project.

GSoC logo generic


Getting into the world of software engineering is much like joining any other profession or even joining a new hobby or sporting activity. If you run, you probably have various types of shoe and a running watch and you may even spend a couple of nights at the track each week. If you enjoy playing a musical instrument, you probably have a collection of sheet music, accessories for your instrument and you may even aspire to build a recording studio in your garage (or you probably know somebody else who already did that).

The things listed on this page will not just help you walk the walk and talk the talk of a software developer, they will put you on a track to being one of the leaders. If you look over the profiles of other software developers on the Internet, you will find they are doing most of the things on this page already. Even if you are not selected for GSoC at all or decide not to apply, working through the steps on this page will help you clarify your own ideas about your career and help you make new friends in the software engineering community.

Krebs on SecurityExperian Breach Affects 15 Million Consumers

Kicking off National Cybersecurity Awareness Month with a bang, credit bureau and consumer data broker Experian North America disclosed Thursday that a breach of its computer systems exposed approximately 15 million Social Security numbers and other data on people who applied for financing from wireless provider T-Mobile USA Inc.

experianExperian said the compromise of an internal server exposed names, dates of birth, addresses, Social Security numbers and/or drivers’ license numbers, as well as additional information used in T-Mobile’s own credit assessment. The Costa Mesa, Calif.-based data broker stressed that no payment card or banking details were stolen, and that the intruders never touched its consumer credit database.

Based on the wording of Experian’s public statement, many publications have reported that the breach lasted for two years from Sept. 1, 2013 to Sept. 16, 2015. But according to Experian spokesperson Susan Henson, the forensic investigation is ongoing, and it remains unclear at this point the exact date that the intruders broke into Experian’s server.

Henson told KrebsOnSecurity that Experian detected the breach on Sept. 15, 2015, and confirmed the theft of a single file containing the T-Mobile data on Sept. 22, 2015.

T-Mobile CEO John Legere blasted Experian in a statement posted to T-Mobile’s site. “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” Legere wrote.


Experian said it will be notifying affected consumers by snail mail, and that it will be offering affected consumers free credit monitoring through its “Protect MyID” service. Take them up on this offer if you want , but I would strongly encourage anyone affected by this breach to instead place a security freeze on their credit files at Experian and at the other big three credit bureaus, including Equifax, Trans Union and Innovis.

Experian’s offer to sign victims up for its credit monitoring service to address a breach of its own making is pretty rich. Moreover, credit monitoring services aren’t really built to prevent ID theft. The most you can hope for from a credit monitoring service is that they give you a heads up when ID theft does happen, and then help you through the often labyrinthine process of getting the credit bureaus and/or creditors to remove the fraudulent activity and to fix your credit score.

If after ordering a free copy of your credit report at you find unauthorized activity on your credit file, by all means take advantage of the credit monitoring service, which should assist you in removing those inquiries from your credit file and restoring your credit score if it was dinged in the process.

But as I explain at length in my story How I Learned to Stop Worrying and Embrace the Security Freeze, credit monitoring services aren’t really built to stop thieves from opening new lines of credit in your name.

If you wish to block thieves from using your personal information to obtain new credit in your name, freeze your credit file with the major bureaus. For more on how to do that and for my own personal experience with placing a freeze, see this piece.

I will be taking a much closer look at Experian’s security (or lack thereof) in the coming days, and my guess is lawmakers on Capitol Hill will be following suit. This is hardly first time lax security at Experian has exposed millions of consumer records. Earlier this year, a Vietnamese man named Hieu Minh Ngo was sentenced to 13 years in prison for running an online identity theft service that pulled consumer data directly from an Experian subsidiary. Experian is now fighting off a class-action lawsuit over the incident.

During the time that ID theft service was in operation, customers of Ngo’s service had access to more than 200 million consumer records. Experian didn’t detect Ngo’s activity until it was notified by federal investigators that Ngo was an ID thief posing as a private investigator based in the United States. The data broker failed to detect the anomalous activity even though Ngo’s monthly payments for consumer data lookups his hundreds of customers conducted each month came via wire transfers from a bank in Singapore.

Sociological ImagesThe US Census and the social construction of race

Flashback Friday.

Social and biological scientists agree that race and ethnicity are social constructions, not biological categories.  The US government, nonetheless, has an official position on what categories are “real.”  You can find them on the Census (source):


These categories, however real they may seem, are actually the product of a long process. Over time, the official US racial categories have changed in response to politics, economics, conflict, and more. Here’s some highlights.

In the year of the first Census, 1790, the race question looked very different than it does today:

Free white males
Free white females
All other free persons (included Native Americans who paid taxes and free blacks)
And slaves

By 1870 slavery is illegal and the government was newly concerned with keeping track of two new kinds of people: “mulattos” (or people with both black and white ancestors) and Indians:

Indian (Native Americans)

Between 1850 and 1870 6.5 million Europeans had immigrated and 60,000 Chinese.  Chinese and Japanese were added for the 1880 Census.

By 1890, the U.S. government with obsessed with race-mixing.  The race question looked like this:

Black (3/4th or more “black blood”)
Mulatto (3/8th to 5/8th “black blood”)
Quadroons (1/4th “black blood”)
Octoroons (1/8th or any trace of “black blood”)

This year was the only year to include such fine-tuned mixed-race categories, however, because it turned out it wasn’t easy to figure out how to categorize people.

In the next 50 years, the government added and deleted racial categories. There were 10 in 1930 (including “Mexican” and “Hindu”) and 11 in 1940 (introducing “Hawaiian” and “Part Hawaiian”).  In 1970, they added the “origin of descent” question that we still see today.  So people are first asked whether they are “Hispanic, Latino, or Spanish” and then asked to choose a race.

You might immediately think, “But what do these words even mean?”  And you’d be right to ask.  “Spanish” refers to Spain; “Latino” refers to Latin America; and “Hispanic” is a totally made up word that was originally designed to mean “people who speak Spanish.”

Part of the reason we have the “Hispanic” ethnicity question is because Mexican Americans fought for it.  They thought it would be advantageous to be categorized as “white” and, so, they fought for an ethnicity category instead of a racial one.

Funny story:  The US once included “South American” as a category in the “origin of descent” question.  That year, over a million residents southern U.S. states, like Alabama and Mississippi checked that box.

2000 was the first year that respondents were allowed to choose more than one race. They considered a couple other changes for that year, but decided against them. Native Hawaiians had been agitating to be considered Native Americans in order to get access to the rights and resources that the US government has promised Native Americans on the mainland. The government considered it for 2000, but decided “no.” And whether or not Arab American should be considered a unique race or an ethnicity was also discussed for that year. They decided to continue to instruct such individuals to choose “white.”

The changing categories in the Census show us that racial and ethnic categories are political categories. They are chosen by government officials who are responding not to biological realities, but to immigration, war, prejudice, and social movements.

This post originally appeared in 2010.

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

Worse Than FailureError'd: Adult Supervision Required

"I was found that my NAS was choking on small files," Lionel S. writes, "Now I know it was a marble all along."


"I'm glad that Visual Studio is looking out for me," wrote Connor O.


"Yes. That's SO much easier to understand," Lucas M.


"This is the Yellow Pages ( listing for Blackjack Marina in Perry, MO." Travis H. wrote, "Based on that second link, I hope it hasn't dried up."


"Here's an error message that I received while trying to renew my domain on DirectNIC," Shreerang wrote, "Yeah, I'm not sure about that date, but I definitely can't argue with the price."


"I needed to do a factory reset on my Windows Phone, but it turned out that the Settings app could not be opened. Maybe an update is available?," writes James Wright.


Dave C. wrote, "I'm impressed that Intuit was able to condense testimonies from all 5 million small businesses into one small window."


"Latest version? Older version? I can't choose!", writes Jason.


[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

CryptogramStealing Fingerprints

The news from the Office of Personnel Management hack keeps getting worse. In addition to the personal records of over 20 million US government employees, we've now learned that the hackers stole fingerprint files for 5.6 million of them.

This is fundamentally different from the data thefts we regularly read about in the news, and should give us pause before we entrust our biometric data to large networked databases.

There are three basic kinds of data that can be stolen. The first, and most common, is authentication credentials. These are passwords and other information that allows someone else access into our accounts and -- usually -- our money. An example would be the 56 million credit card numbers hackers stole from Home Depot in 2014, or the 21.5 million Social Security numbers hackers stole in the OPM breach. The motivation is typically financial. The hackers want to steal money from our bank accounts, process fraudulent credit card charges in our name, or open new lines of credit or apply for tax refunds.

It's a huge illegal business, but we know how to deal with it when it happens. We detect these hacks as quickly as possible, and update our account credentials as soon as we detect an attack. (We also need to stop treating Social Security numbers as if they were secret.)

The second kind of data stolen is personal information. Examples would be the medical data stolen and exposed when Sony was hacked in 2014, or the very personal data from the infidelity website Ashley Madison stolen and published this year. In these instances, there is no real way to recover after a breach. Once the data is public, or in the hands of an adversary, it's impossible to make it private again.

This is the main consequence of the OPM data breach. Whoever stole the data -- we suspect it was the Chinese -- got copies the security-clearance paperwork of all those government employees. This documentation includes the answers to some very personal and embarrassing questions, and now opens these employees up to blackmail and other types of coercion.

Fingerprints are another type of data entirely. They're used to identify people at crime scenes, but increasingly they're used as an authentication credential. If you have an iPhone, for example, you probably use your fingerprint to unlock your phone. This type of authentication is increasingly common, replacing a password -- something you know -- with a biometric: something you are. The problem with biometrics is that they can't be replaced. So while it's easy to update your password or get a new credit card number, you can't get a new finger.

And now, for the rest of their lives, 5.6 million US government employees need to remember that someone, somewhere, has their fingerprints. And we really don't know the future value of this data. If, in twenty years, we routinely use our fingerprints at ATM machines, that fingerprint database will become very profitable to criminals. If fingerprints start being used on our computers to authorize our access to files and data, that database will become very profitable to spies.

Of course, it's not that simple. Fingerprint readers employ various technologies to prevent being fooled by fake fingers: detecting temperature, pores, a heartbeat, and so on. But this is an arms race between attackers and defenders, and there are many ways to fool fingerprint readers. When Apple introduced its iPhone fingerprint reader, hackers figured out how to fool it within days, and have continued to fool each new generation of phone readers equally quickly.

Not every use of biometrics requires the biometric data to be stored in a central server somewhere. Apple's system, for example, only stores the data locally: on your phone. That way there's no central repository to be hacked. And many systems don't store the biometric data at all, only a mathematical function of the data that can be used for authentication but can't be used to reconstruct the actual biometric. Unfortunately, OPM stored copies of actual fingerprints.

Ashley Madison has taught us all the dangers of entrusting our intimate secrets to a company's computers and networks, because once that data is out there's no getting it back. All biometric data, whether it be fingerprints, retinal scans, voiceprints, or something else, has that same property. We should be skeptical of any attempts to store this data en masse, whether by governments or by corporations. We need our biometrics for authentication, and we can't afford to lose them to hackers.

This essay previously appeared on Motherboard.

Planet DebianSylvain Beucler: Android Free developer tools rebuilds

I published some Free rebuilds of the Android SDK, NDK and ADT at:

As described in my previous post, Google is click-wrapping all developer binaries (including preview versions for which source code isn't published yet) with a non-free EULA, notably an anti-fork clause.

There's been some discussion on where to host this project at the campaign list.

Build instructions are provided, so feel free to check if the builds are reproducible, and contribute instructions for more tools!

Geek FeminismIntersectional Types: a new mailing list for programming languages researchers and research-curious

This is a guest post by Chris Martens, a programming languages researcher who recently got her Ph.D. at Carnegie Mellon University; she research-blogs at

STEM academia falls behind the broader “women in tech” movements in several respects, most notably in the sense that we don’t have many spaces (i.e. backchannels) to discuss, organize, and seek advice in situations that are unique to academia, while still arising from the usual structural oppression systems. In recent years, the Lambda Ladies group for women in functional programming has been a great example of a group that serves this purpose for participation in industry and open source, which opened my eyes to what academia has been sorely missing.

Meanwhile, from where I stand within programming languages (PL) research, I am seeing more and more women showing up (though usually white, cis women), more trans people coming out, other queer people speaking up, and people of color (who sometimes inhabit several of those identities) struggling for a voice. While each of these groups and intersections faces their own challenges to integrating with a largely white/cishet/male academic community, I believe the time is ripe for us to organize and talk to each other about those challenges, to build a space of our own for social as well as research discussions.

As a starting point for our field, I started a mailing list back in May of this year, called Intersectional Types.

Currently, the mailing list traffic is very light (averaging less than one message per day), and thread topics have been things like approaching organizers of conferences about diversity issues, calls for participation and service on committees, dependently-typed programming, and favorite female role models.

In general, the list has the following purpose, as summarized at the above link:

In some ways, this list should be considered just another research list, such as the TYPES forum. This space can be used for research questions, literature guidance, starting collaborative efforts, introductions and updates to current research projects, open-ended philosophical questions about grand research visions, links to blog posts/papers, announcement of CFPs and job postings, announcements of achievements and breakthroughs.

In addition, this list is a response to a problem: that PL research communities have a really hard time attracting, retaining, and especially *valuing* people who are marginalized in society. This problem is in no way unique to PL, but the purpose of this list is to bring together folks with similar enough research interests that we can provide each other support that’s meaningful within the context of our specific field.

Some specific examples of activity we encourage, but don’t see on traditional research fora, are: requests for career mentorship and advice (especially along an academic career track); requests for feedback on papers and blog posts; giving (remote) practice talks; organizing local meetups and events; posting about mentorship programs, fellowships, summer schools, and other opportunities; venting about the ways our environments are unwelcoming and dysfunctional; and discussing how we ourselves can create more welcoming and supportive environments when we are in positions of leadership.

Other details, such as who’s welcome to join, moderator contact information, and the code of conduct, can be found on the list description page. In particular, we encourage new members who have some degree of experience with PL as a topic (e.g. a course or self-instruction) but may not work formally within the academic system, whether that’s a “not yet” situation or a “probably never” situation, especially if structural oppression systems influence that situation.

Finally, I want to add a call to other academic feminists to consider searching for and starting explicitly political backchannels like this one within your field. There may be more people out there who are like you, frustrated in the ways you are frustrated, or merely different in the ways that you are different. The first step toward change is often feeling less alone in wanting it.

Planet DebianNorbert Preining: Updates for OSX 10.11 El Capitan: cjk-gs-integrate and jfontmaps 20151002.0

Now that OSX 10.11 El Capitan is released and everyone is eagerly updating, in cooperation with the colleagues from the Japanese TeX world we have released new versions of the jfontmaps and cjk-gs-integrate packages. With these two packages in TeX Live, El Capitan users can take advantage of the newly available fonts in the Japanese TeX engines ((u)ptex et al), and directly in Ghostscript.


For jfontmaps the changes were minimal, Yusuke Terada fixed a mismatch in ttc index numbers for some fonts. Without this fix, Hiragino Interface is used instead of HiraginoSans-W3 and -W6.

On the other hand, cjk-gs-integrate has seen a lot more changes:

  • add support for OSX 10.11 El Capitan provided fonts (by Yusuke Terada)
  • added 2004-{H,V} encodings for Japanese fonts (by Munehiro Yamamoto)
  • fix incorrect link name – this prevented kanji-config-updmap from the jfontmaps package to find and use the linked fonts
  • rename --link-texmflocal to --link-texmf [DIR] with an optional argument
  • add a --remove option to revert the operation – this does clean up completely only if the same set of fonts is found

For more explanations concerning how to run cjk-gs-integrate, please see the dedicated page: CJK fonts and Ghostscript integration.

For feedback and bug reports, please use the github project pages: jfontmaps, cjk-gs-support.

Both packages should arrive in your local TeX Live CTAN repository within a day or two.

We hope that with this users of El Capitan can use their fonts to the full extend.



Planet Linux AustraliaMichael Still: A searchable database of walk waypoints

Over the last year I've become increasingly interested in bush walking, especially around the ACT. It quickly became evident that John Evan's site is an incredibly valuable resource, especially if you're interested in trig points or border markers.

However, I do most of my early walk planning and visualization in Google Earth before moving to Garmin Basecamp to generate walkable maps. I wanted a way to hook John's database of GPS logs into Google Earth, so that I could plan walks more effectively. For example, John often marks gates in fences, underpasses under major roads, and good routes through scrub in his GPS tracks.

After a fair bit of playing, I ended up with this KML file which helps me do those things. Its basically magic -- the file is just a link to a search engine which has a database of GPS waypoints based off walks John and I have logged. These are then rendered in Google Earth as if they were in a static KML file. You can also download the search results as KML for editing and so forth as well.

So, I'd be interested in other people's thoughts on if this is a useful thing. I'd also be very interested in other donated GPS logs of walks and bike rides around Canberra, especially if they have waypoints marked for interesting things. If you have any comments at all, please email me at

Tags for this post: walks gps search google earth
Related posts: HP iPaq GPS FA256A; MelbourneIT are into search engine optimisation?; Historical revisionism; Searching for a technorati search plug in for Mozilla Firefox; Well, that's Google blog search live then; Google book search


Planet Linux AustraliaMichael Still: Garran green strip

When I was a teenager my best mate lived in a house which backs onto this smallish reserve and we used to walk his dog here heaps. I had a few spare moments yesterday, so I was keen to do a quick explore and see what its like now. The short answer is that its still nice -- good terrain, nice mature trees, and a few geocaches. I think this one would be a good walk for cubs.


Interactive map for this route.

Tags for this post: blog pictures 20151001 photo canberra bushwalk


Planet DebianJunichi Uekawa: Playing with FUSE and git.

Playing with FUSE and git. I've been playing with FUSE and git to make a file system, for fun. There's already many filesystems that are implemented with FUSE, and there are quite a few ones that implement filesystem for git, but I don't use any of them. I wondered why that is the case but tried to build one anyway. It's in github repository gitlstreefs. I have created several toy file systems in C++. ninjafs is one where it shows ninja targets as files and builds the file target when file is actually needed. They aren't quite as useful yet but an interesting excercise, FUSE was reasonably straightforward to implement simple filesystems with.

CryptogramExistential Risk and Technological Advancement

AI theorist Eliezer Yudkowsky coined Moore's Law of Mad Science: "Every eighteen months, the minimum IQ necessary to destroy the world drops by one point."

Oh, how I wish I said that.

Sociological ImagesWhat, if anything, do Catholics have in common?

One of the major contributions of political scientist Benedict Anderson is the idea of an “imagined community”: a large group of people connected not through interaction, but by the idea that they are part of a meaningful group. In his book on the idea, he wrote:

It is imagined because the members of even the smallest nation will never know most of their fellow-members, meet them, or even hear of them, yet… it is imagined as a community, because, regardless of the actual inequality and exploitation that may prevail in each, the nation is always conceived as a deep, horizontal comradeship. I suppose the idea might apply as well to religions.

Last week was a special week for American Catholics. The Pope’s visit to the U.S. was energizing, arguably intensifying the connection Catholics feel to their religion and, by extension, each other. But what, really, do Catholics have in common?

I don’t know, but agreement on what is sinful is not one of them. A Pew Research Center survey of Catholics reveals, instead, quite a lot of disagreement. Some Catholics don’t believe in the concept of sin at all and the remaining don’t always agree on what is sinful.


According to the results of the survey, for example, there is considerable disagreement as to whether abortion, homosexual behavior, hoarding wealth, divorce, unmarried cohabitation, and harming the environment are sinful. Moreover, plenty do not ascribe to some aspects of Catholic doctrine: only 17% of Catholics, for example, think that using contraception is sinful.

So, what does it mean to be Catholic?

Anderson might argue that they are simply an imagined community: a group of strangers with widely divergent views and life circumstances who feel the same despite all the reasons to feel different.

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

Geek FeminismBook Club: What should we read next?

Attention constant readers! It’s time to choose our next book!

Here are three candidates, two fiction novels and one research paper:

Cover of Ancillary Mercy by Ann Leckie

Ancillary Mercy by Ann Leckie

Ann Leckie, Ancillary Mercy

will be published 6 October 2015; 368 pages

I’ve pre-ordered this final book in the Ancillaryverse trilogy and will be eager to talk about it with other geek feminists starting, probably, on October 7th. Protagonist Breq used to be a starship, connected instantly to multiple bodies, and hasn’t quite gotten used to being singly embodied. I think the first book in the trilogy, Ancillary Justice, integrated fist-punching-related adventure with flashbacks and thinky conversations and interstellar intrigue and music really well. It’s about power and institutions, about the lived difference between true mutual aid and imperialism, and about how to be loyal to imperfect institutions and imperfect people. And explosions.

Ancillary Sword, the middle book, shifted settings to concentrate on one spaceship near one station orbiting one planet, helping us compare societies that are functional, dysfunctional, and broken. Leckie compares othering, oppression, and possibilities for resistance across urban and plantation settings. And I utterly bawled at one character’s soliloquy on the way to her doom, and at tiny hopeful steps of mutual understanding and community empowerment. Also, again, explosions.

Here’s the first chapter of book three, and in case that’s not enough, here’s some fanfic based on books one and two.

The Ancillaryverse is scifi that argues with other scifi; you can see the Radchaai as Borg (ancillaries), or as Federation (per the “root beer” and Eddington/Maquis critiques from Deep Space Nine), and you can see Justice of Toren as literally the ship who sang (see the comments in Leckie’s post here, around the novels’ feminist lineage). I’m looking forward to seeing more of Leckie’s conversation with other speculative fiction, to more critiques, and more explosions.

Photo of Sherry Turkle

Sherry Turkle. Photo by jeanbaptisteparis, CC BY-SA 2.0 (, via Wikimedia Commons

Sherry Turkle and Seymour Papert, “Epistemological Pluralism and the Revaluation of the Concrete”

published 1991; about 31 pages

Sociologist, psychologist, and technology researcher Turkle authored this paper with constructionist education researcher Papert, and reading it gave me new language for thinking about me as a programmer:

Here we address sources of exclusion determined not by rules that keep women out, but by ways of thinking that make them reluctant to join in. Our central thesis is that equal access to even the most basic elements of computation requires an epistemological pluralism, accepting the validity of multiple ways of knowing and thinking….

“Hard thinking” has been used to define logical thinking. And logical thinking has been given a privileged status that can be challenged only by developing a respectful understanding of other styles where logic is seen as a powerful instrument of thought but not as the “law of thought.” In this view, “logic is on tap, not on top.”….

The negotiational and contextual element, which we call bricolage….

Our culture tends to equate soft with feminine and feminine with unscientific and undisciplined. Why use a term, soft, that may begin the discussion of difference with a devaluation? Because to refuse the word would be to accept the devaluation. Soft is a good word for a flexible and nonhierarchical style, open to the experience of a close connection with the object of study. Using it goes along with insisting on negotiation, relationship, and attachment as cognitive virtues….

I appreciated the case studies of programmers and their approaches and frustrations, the frameworks analyzed and suggested (e.g., relational and environmental), and the connections to other feminist researchers such as Carol Gilligan. If you feel like your approach to engineering makes you countercultural, you might like this piece too. Here’s a plain HTML version of the paper, and here’s a PDF of the paper as originally typeset and footnoted.

Cover of Sorcerer to the Crown by Zen Cho

Sorcerer to the Crown by Zen Cho

Zen Cho, Sorcerer to the Crown

published 1 September 2015; 384 pages

Author Zen Cho’s speculative and historical fiction foregrounds the perspective of women of color, specifically the Malaysian diaspora; she has non-US-centric views on diversity which I find both disorienting and refreshing to read! You can read the first chapter of her first novel, Sorcerer to the Crown, for free online. It’s a fast-moving period fantasy with a bunch of women and people of color. The blurb:

Zacharias Wythe, England’s first African Sorcerer Royal, is contending with attempts to depose him, rumours that he murdered his predecessor, and an alarming decline in England’s magical stocks. But his troubles are multiplied when he encounters runaway orphan Prunella Gentleman, who has just stumbled upon English magic’s greatest discovery in centuries.

I’d love to discuss themes in this feminist Malaysian-British author’s work with other geek feminists. In her postcolonial historical romance novella The Perilous Life of Jade Yeo, her short story collection Spirits Abroad, and in Sorcerer to the Crown, Cho depicts adventurous, mercenary, or blasé women who use, disregard, or otherwise play with expectations of femininity. She illustrates how both mundane and magical institutions use gatekeeping to prop up their own status hierarchies, and how that affects people trying to make their way in. Intersectionality, diaspora and immigration, the culture of British education, and queer relationships also appear in Cho’s stories over and over.

if you read The Perilous Life of Jade Yeo then you might be forewarned of the kind of genre switchup Cho is doing — I definitely see Prunella Gentleman prefigured in Jade Yeo. I particularly like that, in Sorcerer to the Crown, Cho writes in a genre that often has kind of a slow tempo, and moves the speed up so there are more exciting plot developments per page, and adds more Wodehouse-y shenanigans and off-the-rails conversations, without ever sliding into unbelievable-silly-farce-romp or territory. And there’s a spoiler I badly want to talk about with other people of color!

Something else altogether

You tell me! Let’s try to wrap up voting by Wednesday October 7th.

<noscript>Take Our Poll</noscript><script type="text/javascript"> (function(d,c,j){if(!d.getElementById(j)){var pd=d.createElement(c),s;;pd.src='';s=d.getElementsByTagName(c)[0];s.parentNode.insertBefore(pd,s);} else if(typeof jQuery !=='undefined')jQuery(d.body).trigger('pd-script-load');}(document,'script','pd-polldaddy-loader')); </script>

Geek FeminismGF classifieds (October, November, and December 2015)

This is another round of Geek feminism classifieds. If you’re looking to hire women, find some people to participate in your study, find female speakers, or just want some like-minded folk to join your open source project, this is the thread for you!

Here’s how it works:

  1. Geeky subjects only. We take a wide view of geekdom, but if your thing isn’t related to an obviously geeky topic, you’ll probably want to give a bit of background on why the readers of Geek Feminism would be interested.
  2. Explain what your project/event/thing is, or link to a webpage that provides clear, informative information about it. Ideally you’ll also explain why geek women might find it particularly awesome.
  3. Explain what you’re looking for. Even if it’s not a job ad, think of it like one: what is the activity/role in question, and what would it involve? What is the profile of people you’re looking for?
  4. GF has international readership, so please be sure to indicate the location if you’re advertising a job position, conference, or other thing where the location matters. Remember that city acronyms aren’t always known world-wide and lots of cities share names, so be as clear as possible! (That is, don’t say “SF[O]” or “NYC” or “Melb”, say “San Francisco, USA”, “New York City, USA” or “Melbourne, Australia”.) And if you can provide travel/relocation assistance, we’d love to know about it.
  5. Keep it legal. Most jurisdictions do not allow you to (eg.) advertise jobs for only people of a given gender. So don’t do that. If you are advertising for something that falls into this category, think of this as an opportunity to boost the signal to women who might be interested.
  6. If you’re asking for participants in a study, please note Mary’s helpful guide to soliciting research participation on the ‘net, especially the “bare minimum” section.
  7. Provide a way for people to contact you, such as your email address or a link to apply in the case of job advertisements. (The email addresses entered in the comment form here are not public, so readers won’t see them.)
  8. Keep an eye on comments here, in case people ask for clarification or more details. (You can subscribe to comments via email or RSS.)

If you’d like some more background/tips on how to reach out to women for your project/event/whatever, take a look at Recruiting women on the Geek Feminism Wiki.)

Good luck!

CryptogramIdentifying CIA Officers in the Field

During the Cold War, the KGB was very adept at identifying undercover CIA officers in foreign countries through what was basically big data analysis. (Yes, this is a needlessly dense and very hard-to-read article. I think it's worth slogging through, though.)

Planet DebianPetter Reinholdtsen: French Docbook/PDF/EPUB/MOBI edition of the Free Culture book

As I wrap up the Norwegian version of Free Culture book by Lawrence Lessig (still waiting for my final proof reading copy to arrive in the mail), my great dblatex helper and developer of the dblatex docbook processor, Benoît Guillon, decided a to try to create a French version of the book. He started with the French translation available from the Wikilivres wiki pages, and wrote a program to convert it into a PO file, allowing the translation to be integrated into the po4a based framework I use to create the Norwegian translation from the English edition. We meet on the #dblatex IRC channel to discuss the work. If you want to help create a French edition, check out his git repository and join us on IRC. If the French edition look good, we might publish it as a paper book on A French version of the drawings and the cover need to be provided for this to happen.

Planet DebianMike Gabriel: My FLOSS activities in August/September 2015

Here comes my "monthly" FLOSS report for August and September 2015. As 50% of August 2015 had been dedicated to taking some time off (spending time in Sweden with the family), it happened that even more workload had to be processed in September 2015.

  • Completion of MATE 1.10 in Debian testing/unstable and Ubuntu 15.10
  • Contribution to Debian LTS, Debian packaging
  • Development of GOsa² Plugin SchoolManager
  • Automatic builds for Arctica Project
  • Forking Unity Greeter as Arctica Greeter (with focus on the remote logon part inside Unity Greeter)

Received Sponsorship

My monthly 8h portion of working for the Debian LTS project I had to dispatch from August into September. Thus, I received 16h of paid work for working on Debian LTS in September 2015. For details, see below. Thanks to Raphael Hertzog for having me on the team [1]. Thanks to all the people and companies sponsoring the Debian LTS Team's work.

The development of GOsa² Plugin SchoolManager (for details, see below) was done on contract for a school in Nothern Germany. The code will be released under the same license as the GOsa² software itself.

Completion of MATE 1.10 in Debian testing/unstable and Ubuntu 15.10

In the first half of September all MATE 1.10 packages finally landed in Debian testing (aka stretch). Martin Wimpress handled most of the packaging changes, whereas my main job was being reviewer and uploader of his efforts. Thanks to John Paul Adrian Glaubitz for jumping in as reviewer and uploader during my vacation time.

read more

Google AdsenseBoost your business with a Certified Publishing Partner

Today we’re excited to launch our new Certified Publishing Partner program.

Certified Publishing Partners are trained experts on AdSense, DoubleClick for Publishers, and DoubleClick Ad Exchange who could help you earn more from your sites while also saving you time. Whether you’re just starting out with ads, fine-tuning your existing ad setup or looking for brand new revenue sources, Certified Publishing Partners are ready to help you achieve your goals. They know how to make online ads work harder for you so you can spend more time creating and publishing your great content.

Get superior account management
Certified Publishing Partners are experts at account management services like:
  • Full-service ad operations, implementation and testing
  • Mobile, web, app and responsive design and development
  • Content moderation 
  • Video integration
  • Monetization
  • Ad customization

Feel confident
When you see the Certified Publishing Partner badge it means that a partner has been carefully vetted and meets Google's rigorous qualification standards. They have received high rankings in client satisfaction. They are, in short, a trusted business partner.
The Certified Partner Program is officially open for business today.  Learn more about the program and see a list of our partners. Then let us know what you think in the comments section below.

Posted by Sahar Golestani
SMB Publishing Marketing Manager

Planet DebianMike Gabriel: Nightly builds for Arctica Project (Debian / Ubuntu)

I am happy to announce that The Arctica Project can now provide automatic nightly builds of its developers' coding code work.

Packages are built automatically via Jenkins, see [1] for an overview of the current build queues. The Jenkins system builds code as found on our CGit mirror site [2].

NOTE: The Arctica Project's nightly builds may especially be interesting to people that want to try out the latest development steps on nx-libs (3.6.x branch) as we provide nx-libs 3.6.x binary preview builds.

Currently, we only build our code against Debian and Ubuntu (amd64, i386), more distros and platforms are likely to be added. If people can provide machine power (esp. non-Intel based architectures), please get in touch with us on Freenode IRC (channel: #arctica).

This is how you can add our package repositories to your APT system.

Debian APT (here: stretch)

Please note that we only support recent Debian versions (currently version 7.x and above).

$ echo 'deb stretch main' | sudo tee /etc/apt/sources.list.d/arctica.list
$ sudo apt-key adv --recv-keys --keyserver 0x98DE3101
$ sudo apt-get update

Ubuntu APT (here: trusty)

Please note that we support recent Ubuntu LTS versions only (Ubuntu 14.04 only at the moment).

$ echo 'deb trusty main' | sudo tee /etc/apt/sources.list.d/arctica.list
$ sudo apt-key adv --recv-keys --keyserver 0x98DE3101
$ sudo apt-get update

read more

Worse Than FailureCodeSOD: A Handle on Events

As developers, we try to write software that will be helpful to our users. Sometimes, we'll do key-by-key examination of what they're typing to do auto-complete. Sometimes, we'll look at a type-field entry to display the relevant subset of subordinate fields to be entered. Sometimes, we'll even try to coalesce error messages so that the user gets one message with a list of mistakes as opposed to one message per mistake.

Of course, it helps if the logic to detect multiple errors and coalesce them into one is correct.

Mike M. was supporting a system that had an event queue. In the case of this particular queue, the messages were all for the same condition. To be helpful, the cow-orker who wrote it decided to only display the pop-up for the first message in the queue and silently swallow the rest.

For the longest time, the system generated a single message for the given condition and so only a single pop-up was ever displayed.

Recently, something unrelated changed, and the system started generating a large number of identical events at once on the queue, which exposed a flaw in the coalescing logic; it took Mike four minutes of continuous clicking to get through the queue of event messages:

SomeClass::eventHandler(Event e) {
   if (!necessaryThing) {
      static bool showingError = false;
      if (showingError)
         return ;
      showingError = true;
      QMessageBox::warning(this, tr("App"), tr("Error message"));
      showingError = false;
      return ;
[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet DebianMichal Čihař: IMAP utils 0.5

I've just released new version of imap-utils. Main reason for new release was change on PyPI which now needs files to be hosted there.

However the new release also comes with other changes:

  • Changed license to GPL3+.
  • Various coding style fixes.

Also this is first release done from Git repository hosted on GitHub.

Filed under: Coding English IMAP | 0 comments

Planet Linux AustraliaStewart Smith: PAPR spec publicly available to download

PAPR is the Power Architecture Platform Reference document. It’s a short read at only 890 pages and defines the virtualised environment that guests run in on PowerKVM and PowerVM (i.e. what is referred to as ‘pseries’ platform in the Linux kernel).

As part of the OpenPower Foundation, we’re looking at ensuring this is up to date, documents KVM specific things as well as splitting out the bits that are common to OPAL and PAPR into their own documents.

Kelvin ThomsonUN Expert Says Trade Agreements Need to Respect Human Rights

The first Independent Expert appointed by the UN to promote a democratic and equitable international order, Mr Alfred de Zayas, says that governments across the world need to put a stop to free trade and investment agreements that conflict with human rights treaty obligations.<o:p></o:p>

He says "Over the past decades free trade and investment agreements have had adverse impacts on the enjoyment of human rights by interfering with the States's fundamental functions to legislate in the public interest and regulate fiscal, budgetary, labour, health, and environmental policies".<o:p></o:p>

His report deplores the paradox resulting from assuming conflicting treaty obligations, where countries ratify human rights treaties, but then enter into agreements that prevent him from fulfilling their human rights obligations.<o:p></o:p>

In particular he urges the abolition of the Investor-State Dispute Settlement mechanism in Trade and Investment Agreements. He says it "encroaches on the regulatory space of States and suffers from fundamental flaws including lack of independence, transparency, accountability and predictability".<o:p></o:p>

"This dispute settlement mechanism has mutated into a privatised system of 'justice', incompatible with article 14(1) of the International Covenant on Civil and Political Rights, whereby three arbitrators are allowed to override national legislation and the judgments of the highest national tribunals, in secret and with no possibility of appeal. This constitutes a grave challenge to the very essence of he rule of law."

Kelvin ThomsonVoting in Melbourne City Council Elections

A report commissioned by the Electoral Regulation Research Network recommends that only residents be allowed to vote in Melbourne City Council elections, that is to say that businesses would be banned from voting in them. Presently businesses are required to vote, and corporations operating in Melbourne are allocated two votes.<o:p></o:p>

The lead author of the report, Monash University Associate Professor Ken Coghill, said giving votes to corporate entities and non-resident property owners was not democratic. He rejected the idea businesses should have a vote because they pay rates.<o:p></o:p>

"The cry of 'no taxation without representation' is false: it is not accepted for voting in state or Commonwealth elections or in other democracies", Professor Coghill said.<o:p></o:p>

The Municipal Association of Victoria opposes the idea. They say "a dominance of residential voters could see more focus on the amenity of living in the city, possibly at the expense of economic activity and development".<o:p></o:p>

And the problem is?<o:p></o:p>


Planet DebianBen Armstrong: Halifax Mainland Common: Early Fall, 2015

A friend and I regularly meet to chat over coffee and then usually finish up by walking the maintained trail in the Halifax Mainland Common Park, but today we decided to take a brief excursion onto the unmaintained trails criss-crossing the park. The last gasp of a faint summer and early signs of fall are evident everywhere.

Some mushrooms are dried and cracked in a mosaic pattern:



Ferns and other brush are browning amongst the various greens of late summer:


A few late blueberries still cling to isolated bushes here and there:


The riot of fall colours in this small clearing, dotted with cotton-grass, burst into view as we round a corner, set behind by a backdrop of nearby buildings:



The ferns here are vivid, like a slow burning fire that will take the rest of fall to burn out:


We appreciate one last splash of colour before we head back under the cover of woods to rejoin the maintained trail:


So many times we’ve travelled our usual route “on automatic”. I’m happy today we left the more travelled trail to share in these glimpses of the changing of seasons in a wilderness preserved for our enjoyment immediately at hand to a densely populated part of the city.


Planet DebianChris Lamb: Free software activities in September 2015

Inspired by Raphaël Hertzog, here is a monthly update covering a large part of what I have been doing in the free software world:


The Reproducible Builds project was also covered in depth on LWN as well as in Lunar's weekly reports (#18, #19, #20, #21, #22).


  • redis — A new upstream release, as well as overhauling the systemd configuration, maintaining feature parity with sysvinit and adding various security hardening features.
  • python-redis — Attempting to get its Debian Continuous Integration tests to pass successfully.
  • libfiu — Ensuring we do not FTBFS under exotic locales.
  • gunicorn — Dropping a dependency on python-tox now that tests are disabled.

RC bugs

I also filed FTBFS bugs against actdiag, actdiag, bangarang, bmon, bppphyview, cervisia, choqok, cinnamon-control-center, clasp, composer, cpl-plugin-naco, dirspec, django-countries, dmapi, dolphin-plugins, dulwich, elki, eqonomize, eztrace, fontmatrix, freedink, galera-3, golang-git2go, golang-github-golang-leveldb, gopher, gst-plugins-bad0.10, jbofihe, k3b, kalgebra, kbibtex, kde-baseapps, kde-dev-utils, kdesdk-kioslaves, kdesvn, kdevelop-php-docs, kdewebdev, kftpgrabber, kile, kmess, kmix, kmldonkey, knights, konsole4, kpartsplugin, kplayer, kraft, krecipes, krusader, ktp-auth-handler, ktp-common-internals, ktp-text-ui, libdevice-cdio-perl, libdr-tarantool-perl, libevent-rpc-perl, libmime-util-java, libmoosex-app-cmd-perl, libmoosex-app-cmd-perl, librdkafka, libxml-easyobj-perl, maven-dependency-plugin, mmtk, murano-dashboard, node-expat, node-iconv, node-raw-body, node-srs, node-websocket, ocaml-estring, ocaml-estring, oce, odb, oslo-config, oslo.messaging, ovirt-guest-agent, packagesearch, php-svn, php5-midgard2, phpunit-story, pike8.0, plasma-widget-adjustableclock, plowshare4, procps, pygpgme, pylibmc, pyroma, python-admesh, python-bleach, python-dmidecode, python-libdiscid, python-mne, python-mne, python-nmap, python-nmap, python-oslo.middleware, python-riemann-client, python-traceback2, qdjango, qsapecng, ruby-em-synchrony, ruby-ffi-rzmq, ruby-nokogiri, ruby-opengraph-parser, ruby-thread-safe, shortuuid, skrooge, smb4k, snp-sites, soprano, stopmotion, subtitlecomposer, svgpart, thin-provisioning-tools, umbrello, validator.js, vdr-plugin-prefermenu, vdr-plugin-vnsiserver, vdr-plugin-weather, webkitkde, xbmc-pvr-addons, xfsdump & zanshin.

Planet DebianNorbert Preining: 6 years in Japan

Exactly 6 years ago, on October 1, 2009, I started my work at the Japan Advanced Institute of Science and Technology (JAIST), arriving the previous day in a place not completely unknown, but with a completely different outlook: I had a position as Associate Professor, and somehow was looking forward to an interesting and challenging time.


6 years later I am still here at the JAIST, but things have changed considerably, and my future is even less clear than 6 years ago. So it is time to reflect a bit about the last years.

The biggest achievement

My biggest achievement in these 6 years is probably that I managed to learn Japanese to a degree that I can teach in Japanese (math, logic, etc), can read Japanese books to a certain degree, and have generally no problem communicating in daily life. Said that, there is still a long way to go. Reading, and much more writing, is still requiring concentration and power, far from the natural flow in my other languages. While talking feels rather natural, the complexity of the written language is a huge hurdle. But this is probably the good, the high point of the 6 years, a great challenge, that keeps my mind busy and working and challenged over long time, with still more to do.

The happiest thing

Many events here in Japan were of great fun and enjoyment for me. The rich culture, paired with a spectacular love for traditional handicraft I haven’t seen anywhere else, is a guarantee for enjoyable and intellectually stimulating activities. But the biggest joy of my time here of course was that I found a lovely, beautiful, and caring wife. Not knowing the challenges of an international marriage, I was caught without preparation, and so we had (and still have) rough times due to the cultural differences, and different expectations. But this is what makes life interesting, and so I am always grateful for this chance. Whatever happens in the future, she will be part of my decisions and the center of my life.

The biggest disappointment

Of course, when you live in a country for some time, you learn to know the highs and lows. As someone interested in politics and social systems, Japan is a pain in the butt in many respects. But the biggest disappointment was in a different area: Working environment. While I love my work and had great surroundings, there is something that always is present in the background: Foreigners here are not considered assets, but embellishment. Meaning that they are the first ones to loose their jobs when times are difficult, meaning that they are not considered as full members. After many years at a university here, and with no outlook on a job after March, I can only say, Japan is a country of “Japanese first”, especially when it comes to jobs. Of course, other countries are not that different, but looking at the average mixture of nationalities at universities in Europe or the US, and comparing them to Japanese universities, a bleak image is arising. I enjoyed my time here, I worked hard and did a lot for my university, but the economically hard times make it necessary to change things, and that means getting rid of foreigners.

That is the reason why the work environment is the biggest disappointment in these years.


The future is unclear, as it always was. The dire fate of many researchers. Being in my 40ies without a permanent position and a family, I am forced to think hard what my next options are. The hide-and-seek games of Japanese (and other) universities seem to me less and less an option. Sad as it is, after having worked 20+ years in academics, having done some interesting (for me) research and having managed to secure a name in our community, I am not sure where my future is. Continuing on definite contracts does not sound like a great option for me. Several things for the future come to my mind: starting my own business, work as programmer (maybe Google still wants me after I rejected them 2 years ago), work as mountain guide (have done that for some years before going to Japan). All of that is possible, but my loosing the time to research will always be a pain, since I enjoy cracking my brain on some complicated and deep logical problems.

Whatever comes, I will take it as a chance to learn new things. And in one way or another it will work out, I hope.

CryptogramSpoofing Fitness Trackers

The website has a series of instructional videos on how to spoof fitness trackers, using such things as a metronome, pendulum, or power drill. With insurance companies like John Hancock offering discounts to people who allow them to verify their exercise program by opening up their fitness-tracker data, these are useful hacks.

News article.

Planet DebianYves-Alexis Perez: Kernel recipes 2015: Hardened kernels for everyone

As part of my ongoing effort to provide grsecurity patched kernels for Debian, I gave a talk this morning at Kernel Recipes 2015. Slides and video should be available at one point, but you can find the former here in the meantime. I'm making some progresses on #605090 which I should be able to push soon.

Planet DebianRaphaël Hertzog: My Free Software Activities in September 2015

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 8 hours on Debian LTS. In that time, I mostly did CVE triaging (in the last 3 days since I’m of LTS frontdesk duty this week). I pushed 14 commits to the security tracker. There were multiple CVE without any initial investigation so I checked the status of the CVE not only in squeeze but also in wheezy/jessie.

On unpaid time, I wrote and sent the summary of the work session held during DebConf. And I tried to initiate a discussion about offering mysql-5.5 in squeeze-lts. We also have setup so that we can better handle embargoed security updates.

The Debian Administrator’s Handbook

Debian Handbook: cover of the jessie editionI spent a lot of time on my book, the content update has been done but now we’re reviewing it before preparing the paperback. I also started updating its French translation. You can help review it too.

While working on the book I noticed that snort got removed from jessie and the SE linux reference policy as well. I mailed their maintainers to recommend that they provide them in jessie-backports at least… those packages are relatively important/popular and it’s a pity that they are missing in jessie.

I hope to finish the book update in the next two weeks!

Distro Tracker

I spent a lot of time to revamp the mail part of Distro Tracker. But as it’s not finished yet, I don’t have anything to show yet. That said I pushed an important fix concerning the mail subscriptions (see #798555), basically all subscriptions of packages containing a dash were broken. It just shows that the new tracker is not yet widely used for mail subscription…

I also merged a patch from Andrew Starr-Bochicchio (#797633) to improve the description of the WNPP action items. And I reviewed another patch submitted by Orestis Ioannou to allow browsing of old news (see #756766).

And I filed #798011 against to request that a new X-Debian-PR-Severity header field be added to outgoing BTS mail so that Distro Tracker can filter mails by severity and offer people to subscribe to RC bugs only.

Misc Debian work

I filed many bugs this month and almost all of them are related to my Kali work:

  • 3 on debootstrap: #798560 (request for –suite-config option), #798562 (allow sharing bootstrap scripts), #7985604 (request to add kali related bootstrap scripts).
  • 3 requests of new upstream versions: for gpsd (#797899), for valgrind (#800013) and for puppet (#798636).
  • #797783: sbuild fails without any error message when /var/lib/sbuild is not writable in the chroot
  • #798181: gnuradio: Some files take way too long to compile (I had to request a give-back on another build daemon to ensure gnuradio migrated back to testing, and Julien Cristau suggested that it would be better to fix the package so that a single file doesn’t take more than 5 hours to build…)
  • #799550: libuhd003v5 lost its v5 suffix…


See you next month for a new summary of my activities.

3 comments | Liked this article? Click here. | My blog is Flattr-enabled.

CryptogramVolkswagen and Cheating Software

For the past six years, Volkswagen has been cheating on the emissions testing for its diesel cars. The cars' computers were able to detect when they were being tested, and temporarily alter how their engines worked so they looked much cleaner than they actually were. When they weren't being tested, they belched out 40 times the pollutants. Their CEO has resigned, and the company will face an expensive recall, enormous fines and worse.

Cheating on regulatory testing has a long history in corporate America. It happens regularly in automobile emissions control and elsewhere. What's important in the VW case is that the cheating was preprogrammed into the algorithm that controlled cars' emissions.

Computers allow people to cheat in ways that are new. Because the cheating is encapsulated in software, the malicious actions can happen at a far remove from the testing itself. Because the software is "smart" in ways that normal objects are not, the cheating can be subtler and harder to detect.

We've already had examples of smartphone manufacturers cheating on processor benchmark testing: detecting when they're being tested and artificially increasing their performance. We're going to see this in other industries.

The Internet of Things is coming. Many industries are moving to add computers to their devices, and that will bring with it new opportunities for manufacturers to cheat. Light bulbs could fool regulators into appearing more energy efficient than they are. Temperature sensors could fool buyers into believing that food has been stored at safer temperatures than it has been. Voting machines could appear to work perfectly -- except during the first Tuesday of November, when it undetectably switches a few percent of votes from one party's candidates to another's.

My worry is that some corporate executives won't interpret the VW story as a cautionary tale involving just punishments for a bad mistake but will see it instead as a demonstration that you can get away with something like that for six years.

And they'll cheat smarter. For all of VW's brazenness, its cheating was obvious once people knew to look for it. Far cleverer would be to make the cheating look like an accident. Overall software quality is so bad that products ship with thousands of programming mistakes.

Most of them don't affect normal operations, which is why your software generally works just fine. Some of them do, which is why your software occasionally fails, and needs constant updates. By making cheating software appear to be a programming mistake, the cheating looks like an accident. And, unfortunately, this type of deniable cheating is easier than people think.

Computer-security experts believe that intelligence agencies have been doing this sort of thing for years, both with the consent of the software developers and surreptitiously.

This problem won't be solved through computer security as we normally think of it. Conventional computer security is designed to prevent outside hackers from breaking into your computers and networks. The car analog would be security software that prevented an owner from tweaking his own engine to run faster but in the process emit more pollutants. What we need to contend with is a very different threat: malfeasance programmed in at the design stage.

We already know how to protect ourselves against corporate misbehavior. Ronald Reagan once said "trust, but verify" when speaking about the Soviet Union cheating on nuclear treaties. We need to be able to verify the software that controls our lives.

Software verification has two parts: transparency and oversight. Transparency means making the source code available for analysis. The need for this is obvious; it's much easier to hide cheating software if a manufacturer can hide the code.

But transparency doesn't magically reduce cheating or improve software quality, as anyone who uses open-source software knows. It's only the first step. The code must be analyzed. And because software is so complicated, that analysis can't be limited to a once-every-few-years government test. We need private analysis as well.

It was researchers at private labs in the United States and Germany that eventually outed Volkswagen. So transparency can't just mean making the code available to government regulators and their representatives; it needs to mean making the code available to everyone.

Both transparency and oversight are being threatened in the software world. Companies routinely fight making their code public and attempt to muzzle security researchers who find problems, citing the proprietary nature of the software. It's a fair complaint, but the public interests of accuracy and safety need to trump business interests.

Proprietary software is increasingly being used in critical applications: voting machines, medical devices, breathalyzers, electric power distribution, systems that decide whether or not someone can board an airplane. We're ceding more control of our lives to software and algorithms. Transparency is the only way verify that they're not cheating us.

There's no shortage of corporate executives willing to lie and cheat their way to profits. We saw another example of this last week: Stewart Parnell, the former CEO of the now-defunct Peanut Corporation of America, was sentenced to 28 years in jail for knowingly shipping out salmonella-tainted products. That may seem excessive, but nine people died and many more fell ill as a result of his cheating.

Software will only make malfeasance like this easier to commit and harder to prove. Fewer people need to know about the conspiracy. It can be done in advance, nowhere near the testing time or site. And, if the software remains undetected for long enough, it could easily be the case that no one in the company remembers that it's there.

We need better verification of the software that controls our lives, and that means more -- and more public -- transparency.

This essay previously appeared on

EDITED TO ADD: Three more essays.

Sociological ImagesThis Month in SocImages (September 2015)

SocImages News:

Apparently this was the month of finding out that SocImages is quoted in awesome places! Thanks to a friend, I learned that a post is quoted in the current edition of Our Bodies, Ourselves. Um, amazing!


And I also stumbled across a generous endorsement of the site in Kate Harding’s fantastic new book Asking For It: The Alarming Rise of Rape Culture — and What We Can Do About It.


We love great company and this month we got it!

You like!  Here are our most appreciated posts this month:

Thanks everybody!

Editor’s pick:

Top post on Tumblr this month:

Upcoming Lectures and Appearances:

I’m excited to have a number of talks scheduled for this year. If you’re in Baton Rouge, LA; Huntington, WV; Portsmouth, OH; Witchita, KS; or Omaha, NE, please feel free to come by and say “hi”!

  • Louisiana State University – Baton Rouge (Oct 8): Featured Guest and Panelist for a screening of The Hunting Ground
  • Marshall University (Oct 26): “Sex, Rapture, and Resistance on College Campuses”
  • Shawnee State University (Oct 27): “Sex, Rapture, and Resistance on College Campuses”
  • University of Nebraska, Omaha Undergraduate Sociological Symposium – Keynote speaker (Nov 13): “The Power of Public Sociology”
  • Wichita State University Sociology Club and Sociology Department Gender & Sexuality Conference – Keynote speaker (Mar 4): “Online Feminist Pedagogy: Talking about Gender and Sexuality with the World”

Social Media ‘n’ Stuff:

SocImages is on twitterfacebooktumblr, and pinterest.  Follow us! I’m on facebook, twitter, and have recently started playing around on instagram. Also on twitter, regular contributors @gwensharpnv@familyunequal, and @jaylivingston.


Please make me less lonely on instagram! I mostly post pictures of Louisiana, cocktails, and cats, but here’s one of a baby in a band:5

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

Worse Than FailureEditor's Soapbox: Processing a Rant

In addition to being your intrepid editor, I’m an independent consultant. People hire consultants because they want someone to “inform their process”. “How do we do Agile better? Do we do Scrum or Kanban? Can we do scrumfall instead?” “Should we do BDD, TDD, or ATDD? Or combine them? Are there any other acronyms we should be doing?”

The ITIL 2011 Processes Model
Ugh. This diagram makes me physically ill.

This week, I’m guiding a company on “ATDD”- “Acceptance Test Driven Development”, and while I was at it, I went off on a rant. I went off on a forty-five minute rant about processes and the role of having “process” in an organization, and how small organizations and large organizations use processes to shoot themselves in the foot in vastly different ways. It was quite a rant, and I discovered that I had a lot of strong feelings about how organizations adopt, employ, and adapt processes, and how the processes they use define their culture and also define what they can successfully accomplish as an organization.

So let’s take a minute to talk about process.

First, though, let’s talk about my last day at my old job. I worked the traditional 9-to–5 at a gigantic manufacturing company. It was the kind of company that had a “Project Management Office.” The PMO had two main jobs: it made a list of the “required project documents” that had to be uploaded to SharePoint during the lifecycle of your project, and it administered the Project Server instance you had to use to track your project.

I, on the other hand, was a developer who also inherited the responsibility of administering our TFS instance. On the latter part, my job was mostly supporting push-button deployments and reminding people that VM images don’t go in source control.

One day, our users asked us to “turn on” the functionality that TFS sync data about its work items with tasks in Project Server. To do that requires a handful of steps. Project Server needs a plugin installed, and a switch flipped. The TFS team project has to be configured to talk to Project Server. Then, anyone using MS Project can set up their project to sync data between the two environments. This was a trivial, low-risk change, so I brought it to the PMO to make it happen. The PMO was happy to install the plugin, but when we asked them to “flip the switch”, the effort died.

The effort died because the PMO wanted to fit the act of flipping the switch into their process. And it quickly became clear, as they asked their questions. No matter what question they asked, we had a simple reply that addressed their concern, which only meant that they had to re-ask the same question in a different way until we ran out of ways to say the same thing. Simply flipping the switch and letting the TFS administration team worry about administering TFS was not an option them, and they needed to control access to this feature. The idea that any Project Owner could just “turn this on” just by asking was an absolutely terrifying concept. The fact that it was on a per-project basis and not a global change was honestly worse, in their opinion, than a global change, because that meant decisions had to be made for each project, based on the needs of that project. Everything the PMO did was built around removing flexibility for decision-making.

This culminated in a meeting between the PMO and the TFS team on my last day of work. I had already quit my job- amicably- and was trying to help wrap up some final projects before I walked out the door. The meeting took the form of the TFS team saying, “You just need to flip a switch and everything after that is our problem and you don’t need to be involved,” and the PMO trying to toss their process over our own and suffocate us with it. Every solution we proposed was countered with a new obstacle, a new checkbox that had to be checked, a new document which needed to be generated. They weren't interested in posing challenges and getting solutions, they just wanted to make sure they were in control of the process.

Voices got raised, tempers flared, and in a fit of dontgiveashititis, I turned to the head of the PMO and said something like, “I give up. We are going to cancel this effort, because you have officially made it not worth doing. You are the obstacle, and since we can’t get rid of you, we just aren’t going to bother with you, and our developers get to suffer, so thanks.”

It’s probably not my proudest moment, but it was damn satisfying.

I relate this story, because it’s a perfect example of two different approaches to process. Every process we had regarding TFS was built with one goal: to help developers get things done. It was formal, and documented, but it was also nearly invisible. The PMO, on the other hand, wanted to use process as a tool for control. They wanted it to be governance and a series of checkpoints, and the philosophy was, “if we build good checkpoints, and force people to go through our good checkpoints, we will have good end results.” (They were consistently wrong, and more projects failed than ever succeeded under their watch).

A lot of developers, especially the ones who work in large or “enterprise” organizations, take a very dim view of “processes”, because they’ve dealt with too many groups like the PMO I dealt with. They hear things like Agile, or Test Driven Development, or Business Driven Development, and all they hear is a new set of policies and practices that are going to be foisted upon them without any sense of the underlying reality.

On the other side, you have those tiny shops, who see process as nothing but an obstacle. “We’re just hackers, bro.” The attitude is best typified by an organization that’s “small in spirit”, in this bizarre slide deck from a FaceBook developer, which argues that their terrible practices arise from their “scale”, and that’s why the FaceBook iOS app has to be a 187MB behemoth to show you your newsfeed.

Like most Internet debates, both sides are beating the snot out of a straw man, so let’s just say the actual truth: Process is important, and it doesn’t have to suck. And let’s add onto that: process is never a cure for a problem, but it might be a treatment.

Let’s be honest, managing developers is like herding cats, and you need to point them all in the same direction by giving them some sort of guidance and organizing principle. Processes are a way to scale up an organization, a way to build towards consistent results, and a way to simplify the daily job of your developers. With that in mind, I want to talk about development processes and how organizations can make process work for them, with the following guidelines.

Have a purpose. Why are you making the software that you’re making? What is its purpose? The software product they create is supposed to accomplish something for their end users. In enterprises, you’ll often hear the phrase “business value”, which is a fancy way of saying, “why does this matter?” Understand why you’re developing the software you’re making.

How does having a purpose help you with defining your processes? Simple: every process that makes it easier to achieve that purpose is good. Any process that erects an obstacle between you and your goal is bad. Stop doing that.

Buzzwords are not processes. I’ve been doing an incredible amount of “ATDD” consulting. “We have to do ATDD,” organizations say. ATDD- Acceptance Test Driven Development- is not a process. It’s a collection of practices that you can employ to build your own process. This goes for anything that’s trendy. “We need to do Agile.” No, you don’t “do” Agile. You examine the various Agile processes and methodologies and adapt them to your organization and build your own process. Don’t do things just because somebody else told you to.

How do you know which practices are the right ones to adapt? Try them out, and then ask yourself: are we doing a better or worse job of achieving our goals.

Guidelines are better than checkpoints. A lot of organizations use process to control their employees. “You must do this, and you must do it this way.” Compliance is enforced, sometimes with a carrot, usually with a stick. This grows from bureaucracy, which itself grows from a fairly natural need to ensure consistent performance regardless of which “human resources” are involved in an effort. Bureaucracies don’t care if they turn into a Harrison Bergeron dystopia where performance is consistently poor- just as long as its consistent.

The purpose of a process is not to ensure compliance. It’s to provide a well-paved path that guides your developers to success. Which brings us to our penultimate point.

Processes should grow from institutional best practices. While you can certainly learn from other organizations, and trade magazines, and articles like this one, the only people who know how to do what you specifically do are the people who do it- you.

Roger Corman, the master of the B-movie, was infamous for shooting movies on tight schedules with budgets that couldn’t afford rent in San Francisco right now. Many of those movies were bad, most of them are, well, B-movies, and a few of them are actually pretty great. He consistently delivered product on time and on budget, and the results were usually acceptable. As a producer, he would take new directors aside and lay down “The Process”. He would lay out the workflow for these directors, in almost a draconian way: “You block like this, you light like this, you shoot like this, you run your team and departments like this, and you never try and take shortcuts.”

In fact, the Corman process contradicts much of what I said above- he didn’t give “guidelines”, he gave mandates. If you directed a Corman flick, you directed it according to the Corman process. But here’s the kicker: the Corman process was a best practice that Corman himself developed and refined over his career, and it was built to serve his institutional purpose (to make an acceptable film, quickly and cheaply).

Processes have to be built by people who use the process. They have to support the organization’s purpose. A well designed process encourages compliance because it is an effective process. A good process should not require management to get engaged in its adoption, because a good process has clear benefits.

Finally, processes that result in additional meetings, documents nobody reads, work that doesn’t directly support the organization’s purpose, or involve erecting obstacles to keep people on the “correct” path- these are bad processes.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Planet DebianDominique Dumont: Using custom cache object with AngularJS $http


At work, I’ve been bitten by the way AngularJS handles cache by default when using $https service. This post will show a simple way to improve cache handling with $http service.

The service I’m working on must perform the followings tasks:

  • retrieve data from a remote server.
  • save data to the same server.
  • retrieve the saved data and some extra information generated by the server to update a UI

At first, I’ve naively used $http.get cache parameter to enable or disable caching using a sequence like:

  1. $http.get(url, {cache: true} )
  2. $
  3. $http.get(url, {cache: false})
  4. $http.get(url, {cache: true})

Let’s say the calls above use the following data:

  1. $http.get(url, {cache: true}) returns “foo”
  2. $ stores “bar”
  3. $http.get(url, {cache: false}) returns “bar”

I expected the next call $http.get(url, {cache: false}) to return “bar”. But no, I got “foo”, i.e. the obsolete data.

Turns out that cache object is completely left alone when {cache: false} is passed to $http.get.

ok. Fair enough. But this means that the value of the cache parameter should not change for a given URL. The default cache provided by $https cannot be cleared. (Well, actually, you can clear the cache under AngularJS’s hood, but that will probably not improve the readability of your code).

The naive approach does not work. Let’s try another solution by using a custom cache object as suggested by AngularJS doc. This cache object should be created by $cacheFactory service.

This cache object can then be passed to $http.get to be used as cache. When needed, the cache can be cleared. In the example above, the cache must be cleared after saving some data to the remote service.

There’s 2 possibilities to clear a cache:

  • Completely flush the cache using removeAll() function.
  • Clear the cache for the specific URL using remove(key) function. The only hitch is that the “key” used by $http is not documented.

So, we have to use the first solution and create a cache object for each API entry point:

angular.module('app').factory('myService', function ($http, $cacheFactory) {
  var myFooUrl = '/foo-rest-service';
  // create cache object. The cache id must be unique
  var fooCache = $cacheFactory(''); 
  function getFooData () {
    return $http.get( myFooUrl, { cache: fooCache });
  function saveFooData(data) {
    return $ myFooUrl, { cache: fooCache }).then(function() {
      myCache.removeAll() ;

The code above ensures that:

  • cached data for foo service is always consistent
  • http get requests are not sent more than necessary

This simple approach has the following limitations:

  • cache is not refreshed if the data on the server are updated by another client
  • cache is flushed when only the browser page is reloaded

If you need more a more advance cache mechanism, you may want to check jmdobry’s angular cache project

All the best

Planet Linux AustraliaMichael Still: Wandering around Curtin

I decided to go on a little walk on the way home from a work lunch and I don't regret it. This is a nice area, which I was exploring for geocaches. I probably wouldn't have come here at all, but it was the second part of the "Trees of Curtin" walk from Best Bush, Town and Village Walks in and around the ACT that I had done the first half of ages ago.

I am glad I came back for the second half -- to be honest I was pretty bored with the first half (a bike path beside a major road mostly), whereas this is much more like walking around in nature. The terrain is nice, no thistles, and plenty of horses. A nice afternoon walk overall.

Now back to reviewing Mitaka specs.


Interactive map for this route.

Tags for this post: blog pictures 20150930 photo canberra bushwalk


Geek FeminismWhy be happy when you could be linkspam? (29 September 2015)

  • Bingo and Beyond | hypatia dot ca: “I was the instigator of the bingo card at 2014’s Grace Hopper conference. For more on how to not have me make a bingo card making fun of you at some point in the future, skip to the resources at the end. But for a fun story, read on…”
  • Dreamforce’s ‘Women’s Innovation’ panel is why we should stop babying female CEOs | TNW News: “It’s alienating, in no uncertain terms, to have to sit through a panel designed to be about women in technology and instead have it derailed by the seemingly interminable myth that when we want to talk about being a woman in tech, what we’re really saying is that we want to talk about being wives and mothers with day jobs in the technology industry.”
  • Strong Female Characters are Rarely Strong and Barely Characters | The Mary Sue: : “You’ve met this character before. She has black hair with a colorful stripe, wears green or purple lipstick with chipped painted nails to match; she wears black leather clothing that’s cut a little short in place, designed to help her while she skateboards or rides a motorcycle; she has a series of skills which are “for boys” and has interests which are “for boys”. In the first act we meet her and she seems rude and dismissive, saying “whatever” and rolling her eyes. In the second act we are shown that she secretly has a feminine and caring side – almost universally in the process of learning that she secretly cares for the male protagonist, and is too insecure to admit it. In the third act she learns to reconcile her feelings for the protagonist with her tough-as-nails identity and uses some typically “for boys” skill – usually combat, but also often hacking or deductive science – to save the male protagonist… so that he can save the day.”
  • Cyber Violence Against Women And Girls: A World-Wide Wake-up Call | UN Women: [PDF] “As the Internet evolves and social media and networking tools increasingly become an intrinsic part of people’s lives around the globe, attitudes and norms that contribute to cyber VAWG (Violence Against Women and Girls) must be addressed with urgency. A collective global effort, led by the United Nations system, has put in place the pillars for a 21st century sustainable development paradigm. The Sustainable Development Goals (SDGs) establishing the global development priorities for the next 15 years includes a goal on gender equality, which places women’s access to technology for their empowerment as one of the core indicators for progress. For this to be realized, all stakeholders must take accelerated actions to ensure a safer, more secure Internet for present and future generations – one without endemic VAWG.”
  • What can I do today to create a more inclusive community in CS? Guest Post from Cynthia Lee | Computing Education Blog: “The below list was created by Cynthia Lee for the workshop participants. I loved it and asked if I could offer it here as a guest post. I’m grateful that she agreed.”
  • Spotlight on a Young Scientist: Anika Cheerla | Google for Education: “While volunteering in a senior care facility, Anika was shocked to learn how many older adults suffer from Alzheimer’s disease. Her curiosity led her to learn more about diagnosis of this disease, and she found that without a standard test or method for diagnosis, most doctors rely on their own opinions. She decided to create a tool that quickly and accurately diagnosed Alzheimer’s and knew her brother, who loved science and coding, would be able to help her. By extracting image features from MRI scans, Anika built an interface for doctors to upload an image, enter some basic patient information and get a reliable Alzheimer’s diagnosis.”
  • My Black & STEM Playlist — Medium: “So part of my thrival story is music. As I told The Setup, the single most important piece of tech I own are my headphones. Today I’d like to share some of the music I always have available to me no matter where I am, going beyond some of the songs I shared with the CBC earlier this year. There’s plenty I left out, but for me this is the most memorable stuff.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Kelvin ThomsonBuilding Excavation Not Good Enough

This morning I visited John Wade at his Engine Fit business in Nicholson Street Brunswick. His workshop has collapsed due to excavations next door. The damage is so great that it will almost certainly put him out of business for a year, threatening a 40 year family business.<o:p></o:p>

But it could have been worse. If his son had not alerted everyone inside when he heard the wall cracking, enabling them to flee the building, there could have been injury or deaths.<o:p></o:p>

This is not the first time Melbourne has seen building excavations causing chaos for next door properties. It raises two important questions. First, whether we should continue with the privatised system of building surveying introduced by the Kennett Government in the 1990s. Are building surveyors, who nowadays work for builders and developers, doing their job properly? Secondly, in our rush to cram more people into Melbourne in general and Moreland in particular, are we permitting high rise buildings that are not suitable for the land they are being built on?<o:p></o:p>

I will await the findings of WorkSafe and Moreland Council, who are investigating the collapse, with great interest. Small family businesses like John Wade's deserve better than to be the innocent victims of developer greed and inadequate regulation.<o:p></o:p>


Planet Linux AustraliaMichael Still: Second trail run

I went for my second trail run last night. This one was on much rockier terrain, and I ended up tweaking my right knee. I think that was related to the knee having to stabilize as I ran over uneven rocks. I'll experiment by finding a different less awkward trail to run and seeing what happens I suppose.

Interactive map for this route.

Tags for this post: blog canberra trail run
Related posts: First trail run; Chicken run; Update on the chickens; Boston; Random learning for the day


Geek FeminismFeminist tech demos: menstruation, harassment, an erotic wearable, and more

Joelle Fleurantin and her Erotic Haptic Device, part of the Patchworked Venus project.

Joelle Fleurantin and her Erotic Haptic Device, part of the Patchworked Venus project.

On Friday, I interviewed feminist technologists at a demo showcase in New York City. (Thanks to NYC Media Lab (a higher education-city government-industry partnership) for giving me a press pass to their 2015 annual summit.)

Patchworked Venus

Joelle Fleurantin presented Patchworked Venus, “A wearable exploring how computing has given birth to a new form of sexual intimacy”. See the embedded video below for a demo.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="281" mozallowfullscreen="mozallowfullscreen" src="" webkitallowfullscreen="webkitallowfullscreen" width="500"></iframe>

Patchworked Venus: Erotic Haptic Device Preview from Joelle F. on Vimeo.

Ms. Fleurantin, (MPS ’15, NYU ITP), discussed her design with me, explaining that instead of being a phallic accessory like a lot of other erotic devices, Patchworked Venus emphasizes other erogenous zones. Her artist’s statement asks:

How can an erotic device become a tool for body modification: an extension of the user rather than a facsimile of an external, imagined person? And what then becomes of this augmented wearer, specifically when her body is not raceless like those present in dominant representations of the cyborg?

Patchworked Venus explores these questions by casting an intimate experience within the context of dress as performance.

The garment, in contrast to conventional vibrators, is meant to be worn, and uses heat, compression, and touch on the wearer’s back, inner thighs, and nipples. A warm circuit provides heat over the breast, motors like those used for haptic response in mobile phones give the user a sensation of touch on the back and the inner thighs, and an inflatable jacket and hood literally embrace the wearer with a pneumatic actuating system, providing a pleasant feeling of compression and constriction. She “designed and milled breakout boards for use with the Adafruit Flora” (from her “About” page). Ms. Fleurantin also considered using soft robotics and lithography to give the wearer a sensation of breath on the skin, but decided against it since that approach would require a large, loud air compressor.

A close-up of some circuitry on the Patchworked Venus garment.

A close-up of some circuitry on the Patchworked Venus garment.

Check out her ten-minute thesis presentation for more on the Erotic Haptic Device and Patchworked Venus. In it, Ms. Fleurantin discusses her influences and process, including her upbringing as a black woman, learning from her mother how important self-presentation, grooming, and clothing were. I noted down some names and links from that presentation and from my conversation with her on Friday:

(I had previously known Ms. Fleurantin because of her work on user research for the Mozilla wiki; I’ll be curious to see her next project as well!)


I spoke with Lucy M. Bonner and tried out her immersive harassment simulator “Compliment”. Ms. Bonner (MFA Design and Technology ’16, Parsons the New School for Design) developed “Compliment,” a virtual reality experience using the Oculus Rift, and you can see a demo video on YouTube if you sign in.

From her artist’s statement:

Compliment is an immersive experience of street harassment designed and created for the Oculus Rift. It demonstrates the fact that harassment creates an atmosphere of intimidation and tension for women on a daily basis, that it is not ok, and that it is not a compliment. Compliment conveys the forceful intrusion and violation of space and attention that makes a woman feel vulnerable, angry, and silenced in order to raise awareness and effect change.

Ms. Bonner received much more street harassment when she moved from Houston to New York City, and used those catcalls she heard in real life to populate the set of harassing comments that simulated harassers say to the player. She appreciates how virtual reality lets her offer, say, a 6-foot-2-inches man a way to experience the world as a shorter, more vulnerable person. “Many of the harassers in the experience are much larger than the player, which creates part of the sense of danger and intrusion in confrontations.” Also: “Players are unable to respond, as in the real world with concern for safety, and are forced to constantly hear and dodge unwanted attention.”

I mentioned to Ms. Bonner a truism I’ve heard (via Adria Richards or Lukas Blakk, I believe) that men tend to use augmented reality experiences like Google Glass to more powerfully navigate the world, while women tend to use them to document their experience in the world. Ms. Bonner wouldn’t put “Compliment” in that latter category, and not just because VR and augmented reality are different approaches; she considers “Compliment” more outwardly focused, showing other people what her experience is like rather than concentrating on gathering proof of the experience itself. “Compliment” conveys, as she puts it, the “cumulative atmosphere of silencing and objectification”.

Joanna Chin and Bryan Collinsworth present d.Bot

Joanna Chin and Bryan Collinsworth present d.Bot


I spoke with Joanna Chin and Bryan Collinsworth about their quite different simulator, d.Bot. “Drawing from female experiences in online and offline dating, is a chatbot that simulates conversing with an unenlightened male.” Ms. Chin and Mr. Collinsworth (MFA in Design & Technology ’16, The New School) used JavaScript,, and Parse to develop d.Bot, and made it partially to test out a theory about a different approach to artificial intelligence than you often see. Rather than aiming for a predictive response, d.Bot is trying to stimulate a particular response in the human user. You can try it out at

A demo session with d.Bot

A demo session with d.Bot

Ms. Chin said that it’s been nice to be able to use things guys have said to her, and that hearing or seeing new annoying messages, she figures, it’s going into the pot. (This includes a comment a guy said to her during fair setup, just before I arrived.) You can also click the “Feed Me” button to add something a guy has said to you, if you’d like to add more quotes to the database.

Mr. Collinsworth hopes d.Bot will help men experience what women experience, both online and in the physical world; any one guy saying uncreative things doesn’t experience what it’s like to hear those same comments frequently and en masse. In that vein, he suggested that perhaps Tinder could show users an originality score as they type messages to other users, flagging likely boring messages and discouraging users from sending them.

Ms. Chin said that she’s seen other critique of boring or harassing men (street harassers and OKCupid and Tinder users) that’s more in a name-and-shame mode, and that she wonders whether a critique in the form of humor around originality and creativity would be more likely to change the player’s behavior, as opposed to dinging a user and saying “you’re a bad person”. For her and for other d.Bot users, the bot is also a fun way to vent — she said she’s seen women happy to finally have a chance to talk back to these messages in a safe, consequence-free sandbox.

I asked for her thoughts on feminist dating apps like Bumble, and we discussed the possibility that Bumble (in which women can and men cannot initiate conversation) is just moving the problem a little further down the road; instead of screening out men at the stage of initial online conversation, het women might find that they go on more dates with men who don’t interact well.


Monica Raffaelli presenting SHVRK

Monica Raffaelli presenting SHVRK

Monica Raffaelli presented “SHVRK”: “Surf the crimson wave with fewer fatalities”. Users can sign up to get text message alerts of their friends’ menstrual cycles. Below is her SHVRK v1.0 demo video.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="281" mozallowfullscreen="mozallowfullscreen" src="" webkitallowfullscreen="webkitallowfullscreen" width="500"></iframe>

Ms. Raffaelli (MS Integrated Digital Media ’16, NYU Polytechnic School of Engineering) and I spoke a little on Friday, and then she answered my questions on SHVRK, her influences, and her feminism via email:

There are apps for women to track women’s cycles, and there are apps for men to track what they don’t like about women’s cycles. The former often have pastel palettes, cute logos, and an emphasis on fertility and pregnancy. The latter have a handful of angry responses from the feminist community.

As long as bodily fluids and excretions are taboo, periods will be taboo. The app was never meant to change anybody’s views of leftover uterine lining. That said, the divisive nature of the current apps on the market doesn’t offer many people the opportunity to level the playing field. What we need is an app with an interface with universal appeal. We need an app that doesn’t perpetuate traditional stereotypes, but educates and facilitates. We need an app that makes the monthly inconvenience a little more convenient.

I’ve tried apps with features I didn’t need. I don’t need help getting pregnant, I don’t need to share my uterine woes with a community of empathetic blood sisters, and I don’t need cute puppies to guide me through reminders to hydrate. What I do need is an app that alerts my man to the state of my hormones. What about the men who don’t care about the difference between pads and tampons, ovulation versus menstruation, or what PMS really stands for? Well, I don’t blame them­­I’m not sure I would care for the details either if I didn’t go through it monthly.

The first steps were figuring out what would make a man WANT to use the same period app as a woman. My favorite answers were from the “make me a sandwich” types of guys. If this could get you laid, would you use the app? But of course.

Who is this app for? This is for women who like men, men who like women, and women who like women. This is for the monogamous and polyamorous. This is for the people with a sense of humor. This app is for those who say “I don’t trust anything that bleeds for a week and doesn’t die.” This is for anybody who has ever been cockblocked by a period.

“…why you made SHVRK (including your dissatisfactions with other services and apps)…”

My shark week isn’t a big deal. In fact, I usually forget about it, and that’s why I started to use the apps. These would give me a heads up, and I realized, you know who else could use these updates? My boyfriend. When the conversation comes up, he tries to either be understanding or a comedian. He cares, but he’ll never really get it. Why not give him just the information he needs without framing it in etiquette and small talk?

My research showed that there were tons of apps for men. They seemed to have exploded between 2008 and 2010, and most of them enraged the feminist community. Could it be possible to make one app that could appeal to those menstruating as well as those not menstruating?

“…what technologies you used to make it…”

The graphite pencil. Illustrator, After Effects, and the rest of the Adobe suite. Started playing around with a bit of this and that for the final product, from PHP to Swift… This is a lot of learning as I go.

“…what some next steps are…”

Step 1: iOS or Android? Step 2: Launch.

“…your feminism and the ways in which the project is feminist…”

Feminism can be a scary word. Every female in this society develops a relationship with it, and that makes it a weighty, frustrating, and complex matter. Feminism is a spectrum. We might avoid it all costs, or we embrace our own definition, or we embody someone else’s interpretation without realizing it. That’s about all I can say about ‘feminism’.

I want to bid farewell to man­bashing and figurative bra­burning. There are too many women in the world with no access to proper hygiene products and women who are cast out of their homes during that time of the month, but there are also too many man­bashers and bra­burners here fighting a fight that’s been fought here. What if we take another approach to understanding the difference between men and women in the little world of people with smartphones and access to clean running water?

In April, Leslee Udwin visited NYU for a special screening of her film ​India’s Daughter. There are two relevant memorable moments from that night. The first was when Leslee Udwin said she set out to answer ‘why men rape’. The second was when I asked if she had found her answer, and she responded that she expected the men she interviewed to be monsters. She expected them to be textbook psychopaths. What she found was that they were just humans like you and me. They were not ‘bad apples’ spoiling the barrel. The barrel was bad.

There are bad apple feminists the same way there are bad apple chauvinists. SHVRK is not about redefining ‘man’ or ‘woman’, but about leveling the playing field between unique individuals like you and me, ​so we don’t have to hear “Are you PMSing? Are you on your period?”

“…​and what or who some of your influences are.​”

Leslee Udwin is pretty amazing, but here I have to officially say Happenstance. Nothing goes up on a pedestal like happenstance. Letting the cards fall as they may is magical and always a little mysterious. Let it lead the way.

And more

I concentrated in this piece on discussing demos from the summit that particularly spoke to me on a feminist level, but I saw women technologists presenting many projects you might find interesting for other reasons. StackedUp uses AI for investigative reporting. NEW YOARK is an augmented reality mobile app that emphasizes the diversity of languages spoken in New York City. Bullet Pointe Lab designs and makes innovative clothes for ballet dancers, such as shorts with heating elements to help warm hips so they can open more fully. I saw multiple more clothing-related apps, natural language processing research, a tool to help you analyze your own social media activity, and a Twitter bot and collaborative storytelling and coding project telling the stories of people incarcerated at the Rikers Island correctional facility. On my way out the door, I spoke to one of the event staffers, a woman who’s working on, a project to use the web and stickers on milk cartons to raise awareness of missing Central American and Mexican migrants.

Thanks again to NYC Media Lab and to the innovators who spoke with me.

TED2015 MacArthur ‘genius grant’ winners include two TED Fellows: Patrick Awuah and LaToya Ruby Frazier

Education entrepreneur Patrick Awuah and photographer LaToya Ruby Frasier have been named 2015 MacArthur 'Geniuses.' They are both also TED Fellows — Patrick from the very class and LaToya from the last class. Photo: TED

Education entrepreneur Patrick Awuah and photographer LaToya Ruby Frazier have been named 2015 MacArthur ‘geniuses.’ They are both TED Fellows — Patrick from the first class of the program, LaToya from the most recent.

The MacArthur Foundation revealed its list of 2015 Fellows this morning. Twenty-four people received the “genius grant,” a $625,000 no-strings-attached stipend — and two of them are TED Fellows: Patrick Awuah and LaToya Ruby Frazier.

Patrick Awuah founded Ashesi University, a college in his home country of Ghana dedicated to educating Africa’s next generation of leaders by focusing on liberal arts and ethics. (Watch his TED Talk: “How to educate leaders? Liberal arts.“) LaToya Ruby Frazier makes photographs that blur the boundaries between self-portraiture and documentary, and offer new dimension to discussions about inequality and Rust Belt renewal. (Watch her TED Talk: “A visual history of inequality in industrial America.“)

The two are like bookends of the TED Fellows program: Awuah was in the first class of TED Fellows, back in 2009, and Frazier is in the most recent TED Fellows class of 2015.

<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="" webkitallowfullscreen="webkitAllowFullScreen" width="585"></iframe>
<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="" webkitallowfullscreen="webkitAllowFullScreen" width="439"></iframe>

Sociological ImagesWhat happens when women planning abortions view ultrasounds?

Health care providers who perform abortions routinely use ultrasound scans to confirm their patients’ pregnancies, check for multiple gestations, and determine the stage of the pregnancies. But it is far from standard – and not at all medically necessary – for women about to have abortions to view their ultrasounds. Ultrasound viewing by patients has no clinical purpose: it does not affect the woman’s condition or the decisions health providers make. Nevertheless, ultrasound viewing has become central to the hotly contested politics of abortion.

Believing that viewing ultrasounds will change minds, opponents of abortion – spearheaded by the advocacy group Americans United for Life – have pushed for state laws to require such viewing. So far, eighteen states require that women be offered the opportunity to view their pre-abortion ultrasound images, and five states actually go so far as to legally require women to view their ultrasound images before obtaining an abortion (although the women are permitted to avert their eyes). In two of the five states that have passed such mandatory viewing laws, courts have permanently enjoined the laws, keeping them from going into effect.

States that allow/require ultrasounds before abortion (vocative):7

As the debates continue to rage, both sides assume that what matters for an abortion patient is the content of the ultrasound image. Abortion opponents believe the image will demonstrate to the woman that she is carrying a baby – a revelation they think will make her want to continue her pregnancy. Ironically, supporters of abortion rights also argue that seeing the image of the fetus will make a difference. They say this experience will be emotionally distressing and make abortions more difficult. Paradoxically, such arguments from rights advocates reinforce assumptions that fetuses are persons and perpetuate stigma about abortion procedures.

Does viewing change women’s minds – or cause trauma?

What is missing from all of this is research on a crucial question: How do women planning abortions actually react to voluntary or coerced viewing of ultrasounds? As it turns out, seeing the ultrasound images as such does little to change women’s minds about abortion. What matters is how women scheduled for abortions already feel. Viewing an ultrasound can matter for women who are not fully certain about their plans to have an abortion.

My colleagues and I analyzed medical records from over 15,000 abortion visits during 2011 to a large, urban abortion provider. This provider has a policy of offering every patient the voluntary opportunity to view her ultrasound image. In her intake paperwork, the patient can check a box saying she wants to view; then, when she’s in the ultrasound room, the technician provides her with the opportunity to see the image. Over 42% of incoming abortion patients chose to view their ultrasound images, and the substantial majority (99%) of all 15,000 pregnancies ended in abortion.

Our research team looked at whether viewing the ultrasound image was associated with deciding to continue with the pregnancy instead of proceeding with the abortion. We took into account factors such as the age, race, and poverty level of the women involved, as well as how far along their pregnancies were, the presence of multiple fetuses, and how certain women said they were about their abortion decision.

As it became clear that certainty mattered, we looked more closely. Among women who were highly certain, viewing their ultrasound did not change minds. However, among the small fraction (7.4%) of women who were not very certain or only moderately certain, viewing slightly increased the odds that they would forego their planned abortion and continue with their pregnancy. Nonetheless, this effect was very small and most did proceed to abortion.

Our findings make sense, because some women who are unsure about their abortion decision may seek experiences such as ultrasound viewing to help them make a final choice. Nevertheless, many previous studies have documented that women’s reasons for abortion are complex and unlikely to be negated simply by viewing an ultrasound image. Our study analyzed a situation where viewing ultrasounds was voluntary, but there is no reason to think that mandatory viewing would change more minds. Forcing women to view their ultrasounds could, however, affect patient satisfaction and sense of autonomy.

Apart from whether minds are changed, many people imagine that viewing an ultrasound for an unwanted pregnancy is distressing; and in interviews with 26 staff members at an abortion facility that offers pre-abortion ultrasounds, my colleague and I discovered that many staffers believed viewing the image caused relief for women early in their pregnancies but was traumatic for those at later stages.

However, when my colleagues and I asked 212 women throughout the United States about their reactions to viewing pre-abortion ultrasounds, we found no evidence that viewing was broadly distressing or that emotions depended on the gestational stage. All interviewees said their minds were not changed about proceeding with abortions. Just over one in five reported that viewing provoked negative reactions of guilt, depression, or sadness; one in ten reported positive feelings such as happiness; and the largest group, just over a third, said they felt “fine,” “okay,” or even “nothing.” This common response that viewing did not matter was a surprise given the intensity surrounding political debates.

Our research questions the wisdom of state laws that force women scheduled to have abortions to view their ultrasounds prior to the procedure. Fewer than half of abortion patients want to view their ultrasounds, and there is no clinical benefit. More to the point, abortion providers already offer patients the opportunity to view their ultrasounds – and never turn down women’s requests to look at these images. When women already feel uncertain about proceeding with an abortion, viewing the image of the fetus may make a difference. But for the vast majority whose minds are made up, viewing does not matter – and trying to force this to happen in every case merely adds costs and indignities to the abortion process.

Originally posted at Scholars Strategy NetworkRead more at: 

Katrina Kimport, PhD is an assistant professor in the Department of Obstetrics, Gynecology and Reproductive Sciences and a research sociologist with the Advancing New Standards in Reproductive Health program at the University of California, San Francisco.

(View original at

Planet DebianDariusz Dwornikowski: Delete until signature in vim

It has been bugging me for a while. When responding to an email, you often want to delete all the content (or part of the previous content) until the end of the email's body. However it would be nice to leave your signature in place. For that I came up with this nifty little vim trick:

nnoremap <silent> <leader>gr <Esc>d/--\_.*Dariusz<CR>:nohl<CR>O

Assuming that your signature starts with -- and the following line starts with your name (in my case it is Dariusz), this will delete all the content from the current line until the signature. Then it will remove search highlighting, and finally move one line up.

Krebs on SecurityATM Skimmer Gang Firebombed Antivirus Firm

It’s notable whenever cybercime spills over into real-world, physical attacks. This is the story of a Russian security firm whose operations were pelted with Molotov cocktail attacks after exposing an organized crime gang that developed and sold malicious software to steal cash from ATMs.

molotovThe threats began not long after December 18, 2013, when Russian antivirus firm Dr.Web posted a writeup about a new Trojan horse program designed to steal card data from infected ATMs. Dr.Web received an email warning the company to delete all references to the ATM malware from its site.

The anonymous party, which self-identified as the “International Carders Syndicate,” said Dr.Web’s ATM Shield product designed to guard cash machines from known malware “threatens activity of Syndicate with multi-million dollar profit.”

The threat continued:

“Hundreds of criminal organizations throughout the world can lose their earnings. You have a WEEK to delete all references about ATM Skimmer from your web resource. Otherwise syndicate will stop cash-out transactions and send criminal for your programmers’ heads. The end of Doctor Web will be tragic.”

In an interview with KrebsOnSecurity, Dr.Web CEO Boris Sharov said the company did not comply with the demands. On March 9, 2014, someone threw a Molotov cocktail at the office of a third-party company that was distributing Dr.Web’s ATM Shield product. Shortly after that, someone attacked the same office again. Each time, the damage was minimal, but it rattled company employees nonetheless.

Less than two weeks later, Dr.Web received a follow-up warning letter:

“Dear Dr.Web, the International carder syndicate has warned you about avoidance of interference (unacceptable interference) in the ATM sphere. Taking into account the fact that you’ve ignored syndicate’s demands, we employed sanctions. To emphasis the syndicate’s purpose your office at Blagodatnaya st. was burnt twice.

If you don’t delete all references about atmskimmer viruses from your products and all products for ATM, the International carder syndicate will destroy Doctor Web’s offices throughout the world, In addition, syndicate will lobby the Prohibition of usage of Russian anti-viruses Law in countries that have representation offices of the syndicate under the pretext of protection against Russian intelligence service.”

After a third attack on the St. Petersburg office, a suspect who was seen running away from the scene of the attack was arrested but later released because no witnesses came forward to confirm he was the one who threw the bomb.

Meanwhile, Sharov said Dr.Web detected two physical intrusions into its Moscow office.

“This is an office where we have much more security than any other, but also many more visitors,” he said. “We had been on high alert after the fire bombings, and we’ve never had intrusions before and never had them after this. But during that period, we had three attempts to enter the perimeter and to do something bad, but I won’t go into details about that.”

Sharov said Dr.Web analysts believe the group that threatened the attacks were not cyber thieves themselves but instead an organized group of programmers that had sold — but not yet delivered — a crimeware product to multiple gangs that specialize in cashing out hacked ATM cards.

“We think this group got very nervous by the fact that we had published exactly what they’d done, and it was very untimely for them, they were really desperate,” Sharov said. “We believe our reports came out just after development of the ATM Trojan had finished but before it was released to customers.”

Sharov said he also believes that the group of malware programmers who sent the threats weren’t the same miscreants who threw the Molotov cocktails. Rather, Dr.Web maintains that those attacks were paid for and ordered over the Internet, for execution by strangers who answered a criminal help wanted ad.

“We are completely sure it was ordered [over the] Internet, through a black market where you can order almost any crime,” Sharov said, again declining to be more specific. “What we saw was some people from St. Petersburg throwing Molotov cocktails, running away from the guards. But those people were not from the IT criminal environment. All the attacks had been ordered by Internet. And since they never succeeded against our office, it showed us that not much money was paid for these attacks.”

Dr.Web believes the criminal programmers who hired the attacks on its properties and partners were operating out of Ukraine, in part because of the facts surrounding another fire in its Kiev office on April 14, 2014. Sharov said that fire was not started intentionally, but instead was the result of an electrical issue on a floor not occupied by Dr.Web.

“The fire squad came quickly and our office was just damaged a little bit by the water,” he recalled. “Very soon after that, we received another threat with a photograph of entrance to the Kiev office, and it said another fire was set there. That photograph gave away for us the fact that the team was somewhere in the Ukraine. Nobody had any published any photograph of the attacks on St. Petersburg or Moscow. The fact that they published that and tried to present the case that it was their [doing], they were not well informed.”

Not long after that incident, Sharov said his office got confirmation from a bank in Moscow that the team behind on the ATM Trojan that caused all the ruckus was operating out of Kiev, Ukraine.

In the 18 months since then, the number of ATM-specific Trojans has skyrocketed, although the attackers seem to be targeting mainly Russian, Eastern European and European banks with their creations. For more the spread and sophistication of ATM malware, see:

Spike in Malware Attacks on Aging ATMs

Thieves Planted Malware to Hack ATMs

Thieves ‘Jackpot’ ATMs With ‘Black Box’ Attack

Gang Hacked ATMs from Inside Banks

CryptogramHow GCHQ Tracks Internet Users

The Intercept has a new story from the Snowden documents about the UK's surveillance of the Internet by the GCHQ:

The mass surveillance operation ­ code-named KARMA POLICE­ was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom's electronic eavesdropping agency, Government Communications Headquarters, or GCHQ.


One system builds profiles showing people's web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on "suspicious" Google searches and usage of Google Maps.


As of March 2009, the largest slice of data Black Hole held -- 41 percent -- was about people's Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people's use of tools to browse the Internet anonymously.

Lots more in the article. The Intercept also published 28 new top secret NSA and GCHQ documents.

Worse Than FailureCodeSOD: MacGyver's XMLHTTPRequest

In these days of browser standards, it’s easy to forget that once upon a time, simple tasks like an HTTP request from JavaScript were difficult or even impossible, and if you wanted it to work in every browser, you were going to have to write wrappers to try and create a consistent API.

Zeke inherited an application back from those bad old days. It needs to poll a server, and based on the response, it performs an action, but it does this in an “inventive” way.

First, they fashion a rudimentary enum:

    var Response = {
            nothing: 1,
            showInviteNewWin: 2,
            showInviteSameWin: 3,
            pushPageSamewin: 4,
            pushPageNewWin: 5,
            inviteTimeOut: 6,
            resendInfo: 7,
            neverInvite: 8,
            stop: 9,
            notCurrentPage: 10

They’re going to use that in a moment to parse the server’s response, but first- how are they going to send a request?

    var na_pro_img = null;
    function sendVisitInfo() {
        na_pro_img = null;
        na_pro_img = new Image();
        na_pro_img.onload = checkResponse; /*imageLoaded;*/
        var d = new Date();
        na_pro_img.src = prefix + &aposVisitor.aspx?Cmd=1&TITLE=&apos + escape((document.title != "") ? document.title : document.location) + &apos&REFERRER=&apos + escape(document.referrer) + &apos&LASTVISIT=&apos + escape(lastVisitCookie) + &apos&LASTINVITE=&apos + escape(lastInviteCookie) + &apos&RSND=&apos + resendCount + &apos&CUSTOMVARIABLES=&apos + escape(custProp) + &apos&LT=&apos + d.getTime() + ((neverCookie != null) ? (&apos&NEVERINVITE=&apos + escape(neverCookie)) : "") + &apos&cpId=&apos + curPageID;
        d = null;

Well, that will generate a request, I suppose, with the SRC property passing a bunch of stuff in the URL parameters. But how on Earth are they parsing anything useful out of the response? And what does this have to do with their rudimentary enum?

    function checkResponse() {
        switch (na_pro_img.width) {
            case Response.nothing:
            case Response.showInviteNewWin:
                sessWin = &aposn&apos;
             // more cases cut for brevity

They use the width. The width of the image is matched against their “enum”. Through modern eyes, this is the sort of thing that makes you want to go WTF, but for those of us that had the misfortune to do web development back in the days when JavaScript was a novelty and autoplaying MIDI <script src="" type="text/javascript"></script> files was the coolest thing you could have on your page…

<link href="" rel="stylesheet"/> <script src=""></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] Scout is the best way to monitor your critical server infrastructure. With over 90 open source plugins, robust alerting, beautiful dashboards and a 5 minute install - Scout saves youvaluable engineering time. Try the server monitoring you'll 👍 today.Your first 30 days are free on us. Learn more at Scout.

Planet Linux AustraliaArjen Lentz: Julian Burnside: What sort of country are we? | The Conversation

Planet DebianNorbert Preining: Multi-boot stick update: TAILS 1.6, SysresCD 4.6.0, GParted 0.23, Debian 8.2

Updates for my multi-boot/multi-purpose USB stick: All components have been updated to the latest versions and I have confirmed that all of them still boot properly – although changes in the grub.cfg file are necessary. So going through these explanations one will end up with a usable USB stick that can boot you into TAILS, System Rescue CD, GNU Parted Live CD, GRML, and also can boot into an installation of Debian 8.2 Jessie installation. All this while still being able to use the USB stick as normal media.


Since there have been a lot of updates, and also changes in the setup and grub config file, I include the full procedure here, that is, merging and updating these previous posts: USB stick with Tails and SystemRescueCD, Tails 1.2.1, Debian jessie installer, System Rescue CD on USB, USB stick update: TAILS 1.4, GParted 0.22, SysResCD 4.5.2, Debian Jessie, and USB stick update: Debian is back, plus GRML.

Let us repeat some things from the original post concerning the wishlist and the main players:

I have a long wishlist of items a boot stick should fulfill

  • boots into Tails, SystemRescueCD, GParted, and GRML
  • boots on both EFI and legacy systems
  • uses the full size of the USB stick (user data!)
  • allows installation of Debian
  • if possible, preserve already present user data on the stick


A USB stick, the iso images of TAILS 1.6, SystemRescueCD 4.6.0, GParted Lice CD 0.23.0, GRML 2014.11, and some tool to access iso images, for example ISOmaster (often available from your friendly Linux distribution).

I assume that you have already an USB stick prepared as described previously. If this is not the case, please go there and follow the section on preparing your usb stick.

Three types of boot options

We will employ three different approaches to boot special systems: the one is directly from an iso image (easiest, simple to update), the other via extraction of the necessary kernels and images (bit painful, needs some handwork), and the last one is a mixture necessary to get Debian booting (most painful, needs additional downloads and handwork).

At the moment we have the following status with respect to boot methods:

  • Booting directly from ISO image: System Rescue CD, GNOME Parted Live CD, GRML
  • Extraction of kernels/images: TAILS
  • Mixture: Debian Jessie install

Booting from ISO image

Grub has gained quite some time ago the ability to boot directly from an ISO image. In this case the iso image is mounted via loopback, and the kernel and initrd are specified relatively to the iso image root. This system makes it extremely easy to update the respective boot option: just drop the new iso image onto the USB stick, and update the isofile setting. One could even use some -latest method, but I prefer to keep the exact name.

For both SystemRescueCD, GNOME Partition Live CD, and GRML, just drop the iso files into /boot/iso/, in my case /boot/iso/systemrescuecd-x86-4.6.0.iso and /boot/iso/gparted-live-0.23.0-1-i586.iso.

After that, entries like the following have to be added to grub.cfg. For the full list see grub.cfg:

submenu "System Rescue CD 4.6.0 (via ISO) ---> " {
  set isofile="/boot/iso/systemrescuecd-x86-4.6.0.iso"
  menuentry "SystemRescueCd (64bit, default boot options)" {
        set gfxpayload=keep
        loopback loop (hd0,1)$isofile
        linux   (loop)/isolinux/rescue64 isoloop=$isofile
        initrd  (loop)/isolinux/initram.igz
submenu "GNU/Gnome Parted Live CD 0.23.0 (via ISO) ---> " {
  set isofile="/boot/iso/gparted-live-0.23.0-1-i586.iso"
  menuentry "GParted Live (Default settings)"{
    loopback loop (hd0,1)$isofile
    linux (loop)/live/vmlinuz boot=live union=overlay username=user config components quiet noswap noeject  ip= net.ifnames=0 nosplash findiso=$isofile
    initrd (loop)/live/initrd.img
submenu "GRML 2014.11 ---> " {
  menuentry "Grml Rescue System 64bit" {
        export iso_path
        loopback loop (hd0,1)$iso_path
        set root=(loop)
        kernelopts=" ssh=foobarbaz toram  "
        export kernelopts
        configfile /boot/grub/loopback.cfg

Note the added isoloop=$isofile and findiso=$isofile that helps the installer find the iso images.

Booting via extraction of kernels and images

This is a bit more tedious, but still not too bad.

Installation of TAILS files

Assuming you have access to the files on the TAILS CD via the directory ~/tails, execute the following commands:

mkdir -p /usbstick/boot/tails
cp -a ~/tails/live/* /usbstick/boot/tails/

The grub.cfg entries look now similar to the following:

submenu "TAILS Environment 1.6 ---> " {
  menuentry "Tails64 Live System" {
        linux   /boot/tails/vmlinuz2 boot=live live-media-path=/boot/tails config live-media=removable nopersistent noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails
        initrd  /boot/tails/initrd2.img

The important part here is the live-media-path=/boot/tails, otherwise TAILS will not find the correct files for booting. The rest of the information was extracted from the boot setup of TAILS itself.

Mixture of iso image and extraction – Debian jessie

As mentioned in the previous post, booting Debian/Jessie installation images via any method laid out above didn’t work, since the iso images is never found. It turned out that the current installer iso images do not contain the iso-scan package, which is responsible for searching and loading of iso images.

But with a small trick one can overcome this: One needs to replace the initrd that is on the ISO image with one that contains the iso-scan package. And we do not need to create these initrd by ourselves, but simply use the ones from hd-media type installer. I downloaded the following four gzipped initrds from one of the Debian mirrors: i386/initrd text mode, i386/initrd gui mode, amd64/initrd text mode, amd64/initrd gui mode, and put them into the USB stick’s boot/debian/install.386, boot/debian/install.386/gtk, boot/debian/install.amd, boot/debian/install.amd/gtk, respectively. Finally, I added entries similar to this one (rest see the grub.cfg file):

submenu "Debian 8.2 Jessie NetInstall ---> " {
    set isofile="/boot/iso/firmware-8.2.0-amd64-i386-netinst.iso"
    menuentry '64 bit Install' {
        set background_color=black
        loopback loop (hd0,1)$isofile
        linux    (loop)/install.amd/vmlinuz iso-scan/ask_second_pass=true iso-scan/filename=$isofile vga=788 -- quiet 
        initrd   /boot/debian/install.amd/initrd.gz

Again an important point, don’t forget the two kernel command line options: iso-scan/ask_second_pass=true iso-scan/filename=$isofile, otherwise you probably will have to make the installer scan all disks and drives completely, which might take ages.

Current status of USB stick

Just to make sure, the usb stick should contain at the current stage the following files:

        vmlinuz Tails.module initrd.img ....
            lots of files
            lots of files
            lots of files
        grub.cfg            *this file we create in the next step!!*

The Grub config file grub.cfg

The final step is to provide a grub config file in /usbstick/boot/grub/grub.cfg. I created one by looking at the isoboot.cfg files both in the SystemRescueCD, TAILS iso images, GParted iso image, and the Debian/Jessie image, and converting them to grub syntax. Excerpts have been shown above in the various sections.

I spare you all the details, grab a copy here: grub.cfg


That’s it. Now you can anonymously provide data about your evil government, rescue your friends computer, fix a forgotten Windows password, and above all, install a proper free operating system.

If you have any comments, improvements or suggestions, please drop me a comment. I hope this helps a few people getting a decent USB boot stick running.


Planet DebianErich Schubert: Ubuntu broke Java because of Unity

Unity, that is the Ubuntu user interface, that nobody else uses.

Since it is a Ubuntu-only thing, few applications have native support for its OSX-style hipster "global" menus.

For Java, someone once wrote a hack called java-swing-ayatana, or "jayatana", that is preloaded into the JVM via the environment variable JAVA_TOOL_OPTIONS. The hacks seems to be unmaintained now.

Unfortunately, this hack seems to be broken now (Google has thousands of problem reports), and causes a NullPointerException or similar crashes in many applications; likely due to a change in OpenJDK 8.

Now all Java Swing applications appear to be broken for Ubuntu users, if they have the jayatana package installed. Congratulations!

And of couse, you see bug reports everywhere. Matlab seems to no longer work for some, NetBeans appears to have issues, and I got a number of bug reports on ELKI because of Ubuntu. Thank you, not.

Planet Linux AustraliaOpenSTEM: On Teaching Programming

Being involved with teaching young students to code, I have come to the tentative conclusion that many coding kids have not actually been taught programming. This has been going on for a while, so some of this cohort are now themselves teaching others.

I have noticed that many people doing programming actually lack many of the fundamental skills that would make their programs efficient, less buggy and even just functional.

A few years back, Esther Schindler wrote an article Old-school programming techniques you probably don’t miss (ComputerWorld, April 2009).

Naturally, many (most!) of the things described there are familiar to me, and it’s interesting to review them. But contrary to Esther, I still do apply some of those techniques – I don’t want to miss them, as they serve a very important purpose, in understanding as well as for producing better code. And I teach them to students.

Programming is about smartly applied laziness. Students are typically aghast when I use that word, which is exactly why I use it, but the point is that smartly applied laziness is not the same as slackness. It’s simply a juicy way of describing “efficient”.

Ein_Dienstmagdt_zu_Dantzig by unknown artistSuppose you need to shift some buckets of water.  You could carry one bucket at a time, but you’ll quickly find that it’s hard on your arm and shoulders, as well as wasting the other arm you have. So we learn that if you have more than one bucket to shift, carrying only one bucket at a time is not the best way of going about it. Similarly, trying to carry three or more buckets is probably going to cost more time than it saves, as well as likely spilling water all over the place.

Thus, and this was of course worked out many centuries ago, carrying two buckets works best and is the most efficient as well as being quite comfortable – particularly when using a neat yet simple tool called a yoke (as pictured).

Inevitably, most kids will have at some time explored this issue themselves (perhaps while camping), and generally come to the same conclusion and insight. This is possible because the issue is fairly straightforward, and not obscured by other factors. In programming, things are not always so transparent.

Our modern programming tools (high-level languages, loose typing, visual programming, extensive APIs and libraries) enable us to have more convenience. But that convenience can only be applied judiciously when the programmer has the knowledge and skills required to make appropriate judgements. Without that, code can still be produced rapidly, but the results are not so good.

Some would say “good enough”, and that is somewhat true – when you have an abundance of computing power, memory and storage, what do a few bytes or cycles matter? But add together many of those inefficiencies, and it does become a rather dreadful mess. These days the luxury of abundance has become seriously abused. In our everyday life using laptops, smart-phones, tablets and other devices, we frequently encounter the consequences, and somehow regard it as “normal”. However, crashing apps (extreme case but very common) are not normal, and we should not regard any of this as good enough.

I see kids being taught to code using tools such as MIT’s Scratch. I reckon that’s fine as a tool, but in my observations so far the kids are only being shown how the system works. Some kids will have a natural knack for it and figure out how to do things properly, others will plod along and indeed get through by sheer determination, and some will give up – they might conclude that programming is not for them. I think that’s more than a pity. It’s wrong.

When you think about it, what’s actually happening… in natural language, do we just give a person a dictionary and some reference to grammar, and expect them to effectively use that language? We wouldn’t (well actually, it is what my French teachers did, which is why I didn’t pick up that language in school). And why would computer programming languages be different?

Given even a few fundamental programming techniques, the students become vastly more competent and effective and produce better code that actually works reliably. Is such understanding an optional extra that we don’t really care about, or should it be regarded as essential to the teaching?

I think we should set the bar higher. I believe that anyone learning programming should learn fundamentals of how and why a computer works the way it does, and the various techniques that make a computer program efficient and maintainable (among other attributes). Because programming is so much more than syntax.

Planet Linux AustraliaOpenSTEM: NASA Confirms Signs of Water Flowing on Mars, Possible Niches for Life | NY Times


Planet Linux AustraliaMichael Still: Old Joe and Goorooyarroo

Steve, Mel, Michael and I went for a walk to Old Joe trig yesterday. I hadn't been to Goorooyarroo at all before, and was quite impressed. The terrain is nice, with some steep bits as you get close to the border (its clear that the border follows the water catchment from a walk around here). Plenty of nice trees, not too many thistles, and good company. A nice morning walk.

We bush bashed to the trig straight up the side of the hill, and I think there were gentler (but longer) approaches available -- like for instance how we walked down off the hill following the fence line. That said, the bush bash route wasn't terrible and its probably what I'd do again.

I need to come back here and walk this border segment, that looks like fun. There are also heaps of geocaches in this area to collect.


Interactive map for this route.

Tags for this post: blog pictures 20150928 photo canberra bushwalk


LongNowLive audio stream for John Markoff at The Interval on September 29, 02015

Long Now members can tune in for a live audio simulcast of this sold out event starting at 7:15 PT, September 29

Veteran technology writer John Markoff speaks in Long Now’s “Conversations at The Interval” series this Tuesday. He will discuss his new book Machines of Loving Grace: The Quest for Common Ground Between Humans and Robots which covers the birth of artificial intelligence in the 1950s all the way up to the consumer and industrial robotics innovations of today. Long Now’s Paul Saffo will interviewed Markoff onstage.

John Markoff at The Interval, September 29, 02015

Tickets to this talk sold out very quickly, as our Interval events often do. Due to the huge interest in this event, Long Now will be live audio-streaming Tuesday’s talk for members.

You can join Long Now for just $8/month which includes tickets to Seminars, HD video of 12 years of Long Now talks, and many other benefits.

Current Long Now members, just login on the member site. The stream will begin at 7:15pm Pacific.

Machines of Loving Grace is the first comprehensive study to place [robots] in the context of the cloud-based intelligence

—George Dyson, author of Turing’s Cathedral: The Origins of the Digital Universe

In recent years, the pace of technological change has accelerated dramatically, posing an ethical quandary. If humans delegate decisions to machines, who will be responsible for the consequences? Drawing on his forty years covering the tech industry, Markoff conducted numerous interviews and extensive research to assemble this history and poise key questions about how we will cohabitate with our robotic creations.

Long Now members can tune in for a live audio simulcast at 7:15 PT on September 29

This will be the third time we have live streamed an Interval event. Due to our limited resources, it is not possible to do so for most talks. We do plan to release Interval talks as podcasts and video on the Long Now site (similarly to our Seminar series).

We also plan to stream the talk by Andy Weir author of The Martian which takes place at The Interval on October 27, 02015. Tickets will go on sale for that talk two weeks beforehand and we expect it will sell out quickly.

Andy Weir at The Interval, October 27, 02015

Long Now is looking for a major sponsor to fund the cost of producing the series to the standard of our Seminar media. We are also seeking a sponsor to support more regular streaming of Interval events. Sponsorship inquiries are welcome.

Sociological ImagesWhat is a world in which commercials make you cry?

And what does it have to do with the largest refugee crisis since World War II?

Grab the tissues:

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="" width="560"></iframe>

In his book named after the idea, sociologist Stjepan Meštrović describes contemporary Western societies as postemotional. By invoking the prefix “post,” he doesn’t mean to suggest that we no longer have any emotions at all, but that we have become numb to our emotions, so much so that we may not feel them the way we once did.

This, he argues, is a result of being exposed to a “daily diet of phoniness”: a barrage of emotional manipulation from every corner of culture, news, entertainment, infotainment, and advertising. In this postemotional society, our emotions have become a natural resource that, like spring water, is tapped at no cost to serve corporations with goals of maximizing mass consumption and fattening their own wallets. Even companies that make stuff like gum.

As examples, Meštrović describes how our dramas and comedies feed us fictionalized stories that take us on extreme emotional roller coasters, while their advertisements manipulate our emotions to encourage us to buy. Serious media like the news lead with the most emotionally intense stories of the day. Our own lives are usually rather humdrum, but if you watch the news, you vicariously experience trauma every day. A cop killed another kid. An earthquake has killed thousands. Little girls are kidnapped by warlords. Immigrants die by the boatload. Do you feel sad? Angry? Scared? Your friends do; you know because of Facebook, Twitter, and Tumblr. Do you need a pick me up? Here’s a kitten. Feel happy.

Importantly for Meštrović, the emotions that we encounter through these media are not our own. The happiness you feel watching a baby laughing on YouTube isn’t really your happiness, nor is it your sadness when you watch a news story about a tragedy. It’s not your daughter who has treasured your tiny offerings of love for 18 years, but you spend emotional energy on these things nevertheless.

In addition to being vicarious, the emotions we are exposed to are largely fake: from the voiceover on the latest blockbuster movie trailer, to the practiced strain in the voice of the news anchor, to the performative proposal on The Bachelor, to the enthusiasm for a cleaning product in the latest ad. These emotions are performed after being carefully filtered through focus groups and designed to appeal to the masses.

But they are so much more intense than those a typical human experiences in their daily lives, and the onslaught is so constant. Meštrović thinks we are emotionally exhausted by this experience, leaving us little energy left to feel our own, idiosyncratic emotions. We lose our ability to detect our own more nuanced emotions, which are almost always small and mundane compared the extraordinary heights of grief, rage, lust, and love that we are exposed to when the news chases down the latest mass tragedy or the movies offer up never-ending tales of epic quests. Meanwhile, in consuming the emotions of others, we get lost. We end up confused by the dissolving of the boundary between personal and vicarious; our bodies can’t tell the difference between friends on TV and those in real life.

Meštrović is worried about this not just on our behalf. He’s worried that it inures us to real tragedies because our hearts are constantly being broken, but only a little. When we are triggered to constantly feel all the feelings for all the people everywhere — real ones and fake ones — we don’t have the energy to emotionally respond to the ones that are happening right in front of us. His work was originally inspired by the bland global response to the Bosnian genocide in the ’90s, but applies equally well to the slow, stuttering response — both political and personal — to the refugees fleeing the Syrian Civil War. The emotional dilution that characterizes a postemotional society makes us less likely to take action when needed. So, when action is needed, we change our Facebook profile picture instead of taking to the streets.

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

Worse Than FailureAnnouncements: Release! at Ohio Linux Fest

To introduce myself, that’s me over in the right corner. Hi. You might remember that, a year or so back, this site got a face lift. We still love the way it looks, but, if we are being straight with you, the CSS and HTML are a damn mess. So, I’ll be re-building the site while maintaining the same look, and maybe writing an article here and there.

Most of you are familiar with Release!, the card game, which Inedo came out with last summer. The support on Kickstarter was fantastic, especially from the Daily WTF community. I was the lead game designer on Release!, and I was also on the team for our more recent Kickstarter campaign, ABC++.

This October, I am pleased to participate in an event in my town: Ohio Linux Fest in Columbus will feature Release! during its game nights, and give me the opportunity to speak about the overlap of game and software design.

Catch my talk, Pinochle, Dungeons and Dragons, and Software Usability, as well as some Release! demos during Friday’s happy hour, and at the afterparty.

The talk revolves around how board games utilize a very similar design infrastructure as software UIs to communicate with their users. It mostly discusses the lessons we can take from these cardboard interfaces and how to apply them to digital ones.

God, that sounds nerdy as hell.

Anyway, I will be sure to bring some TDWTF Mugs, and copies of Release! with me too. So, if you don’t have the game yet you might wind up scoring a free pack!

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

CryptogramGood Article on the Sony Attack

Fortune has a three-part article on the Sony attack by North Korea. There's not a lot of tech here; it's mostly about Sony's internal politics regarding the movie and IT security before the attack, and some about their reaction afterwards.

Despite what I wrote at the time, I now believe that North Korea was responsible for the attack. This is the article that convinced me. It's about the US government's reaction to the attack.

Worse Than FailureYou're Not My MIME Type

Andrew performed corporate support for a giant multinational. One day, he was assigned what looked like a straightforward bug: a new Intranet webpage for one business unit was failing to accept CSV spreadsheets containing product information from another business unit.


After obtaining the proper permissions, Andrew first attempted to duplicate the issue. He browsed to the Intranet upload page, then tried to upload the user’s example CSV files. Each attempt failed with the oh-so-helpful message “Invalid file type.”

Well, they were perfectly valid CSV files. Andrew tracked down the developer support contact for the site—Brian—and forwarded him the ticket.

Not an hour later, the ticket boomeranged right back to Andrew, with a note from Brian attached. The code that handles file uploads is a third-party library. You’ll have to contact them for help.

Ugh. The very thought set Andrew’s teeth on edge. First, he decided to see if there was the slightest chance of resolving the error himself. He googled every search string combination he could think of for the library name, error, scenario—no dice. The company website offered no useful documentation, either. It had support forums, but they were ghost towns.

Andrew’s dread amplified. Realistically, this wasn’t going to get fully resolved before the heat death of the universe. That whole time, Andrew was sure to have users breathing down his neck. His next effort was to get a workaround in place. After making several phone calls and painfully backtracking his way to the people in charge of the dual business unit venture (“Tiffany? Oh, she doesn’t even work here anymore. You want Rob!”), he arranged things so that his users could email their CSV files directly to one person in the other business unit.

These herculean efforts garnered Andrew nothing but huffy scorn. “This is really inconvenient for us,” nagged the user who’d logged the ticket.

“It’s the best we can do until we get this third-party code fixed,” Andrew replied, taking it in stride.

Well, he’d done what he could. It was time to give third-party support a call. After navigating an extensive phone tree, he had a (presumed) live specimen on the other end to whom he could explain the issue.

“So why’s this happening?” he asked.

“That doesn’t sound familiar,” Carl, the rep on the other side, told him. “We’ll have to try to duplicate the issue on our end. Do you have some of these files?”

“Yes, I can email them to you,” Andrew said.

“Great! We’ll test that out and let you know what we find.”

To his credit, Carl called back within a few days to notify Andrew that the behavior had been duplicated. However, he didn’t know what was going wrong either, and would have to escalate the ticket on his end.

A few weeks later, Andrew received another call from Carl. “All right, this is admittedly a strange case. Let me explain. To determine a valid file type, our code checks and ensures that the MIME type of an uploaded file matches the known MIME types associated with the file extension. It does this by looking at the beginning of the file and following some rules of thumb.”

“OK,” Andrew said, furiously scribbling all this down in a notebook for future reference.

“It’s a safety feature,” Carl said. “Looking at your example files, they all begin with entries that start with C, then a space.”

“Yeah,” Andrew confirmed. “Those are part numbers.”

“Well, back in the days of punch cards, FORTRAN programs indicated comment lines by punching a ‘C’ character in the first column, usually followed by a space.”

Andrew froze for a few seconds. “Wait—so your code sees our part numbers and concludes the file is a FORTRAN program?”

“I’m afraid so,” Carl said. “It’s working as designed.”

“Working as designed?! It’s not flipping working at all!” Andrew cried.

“This is expected behavior given your input,” Carl said. “You can edit your CSV files to not start with C-space values, or modify your logic around our library so that—”

“No, I can’t do either of those things!” Andrew cut him off. “The users aren’t gonna change their files, and I have no access to the code! Couldn’t you edit the library to not make that check, and just be happy with a .csv file extension?”

“We’re not prepared to do that at this time, but we can file a feature request.” In other words, Sorry, buddy. Your company doesn’t spend enough money with our company.

“Fine,” Andrew growled, then hung up the phone. He pulled up his original support ticket to add this information and escalate it back to Brian, wondering how many minutes it would take to get kicked back with another blasé retort.


As always, thanks for reading! If you like my articles, you might just love my new sci-fi/fantasy adventure novel about a knight who travels the galaxy with a starship, going on quests and getting into mischief. It has no WTFs in it (intentionally anyway), but hopefully the sword-fighting and deadly court intrigue make up for that. Enjoy! -Ellis

[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet DebianSven Hoexter: HP tooling switches from hpacucli to hpssacli

I guess I'm a bit late in the game but I just noticed that HP no longer provides the venerable hpacucli tool for Debian/jessie and Ubuntu 14.04. While you could still install it (as I did from an internal repository) it won't work anymore on Gen9 blades. The replacement seems to be hpssacli, and it's available as usual from the HP repository.

I should've read the manual.

Kelvin Thomson457 Visa Workers Used to Undercut Australian Workers

I received a troubling letter from Mr Geoff McMahon, a constituent of mine who lives in North Coburg. Geoff is a 61 year old highly qualified electrical engineer. He has worked on numerous Australian fly in fly out resources jobs and says proudly that he has never been on the dole.<o:p></o:p>

But in the last 18 months he has seen all his engineering roles handed to 457 visa workers, and has had just three months work.<o:p></o:p>

He says Julie Bishop's statement that 457 visa workers who come to Australia are paid the same as their Australian counterparts "is a lie". He says he can testify from working alongside them that migrant workers are paid less. "While on the Santos GLNG project in Queensland, of the 105 engineers on gas compression Hub 04, I was one of two Australians, the rest were 457 visa workers. The Filipino engineers were paid $8 per hour. I told the Filipino that they are entitled to better pay. They all emphatically stated that they will not rock the boat and that $8 per hour was good pay for them".<o:p></o:p>

Geoff McMahon concludes his letter with the plea "Please rid this country of 457 workers. I need to work". He is right. With 800,000 people in this country out of work – and many more like Geoff who don't count as unemployed but who are underemployed – 457s are an employer rort. We should wind down the 457 program and make sure Australian workers have the opportunities, the training, and the right financial incentives to do these jobs.<o:p></o:p>

Krebs on SecurityWith Stolen Cards, Fraudsters Shop to Drop

A time-honored method of extracting cash from stolen credit cards involves “reshipping” scams, which manage the purchase, reshipment and resale of carded consumer goods from America to Eastern Europe — primarily Russia. A new study suggests that some 1.6 million credit and debit cards are used to commit at least $1.8 billion in reshipping fraud each year, and identifies some choke points for disrupting this lucrative money laundering activity.

Many retailers long ago stopped allowing direct shipments of consumer goods from the United States to Russia and Eastern Europe, citing the high rate of fraudulent transactions for goods destined to those areas. As a result, fraudsters have perfected the reshipping service, a criminal enterprise that allows card thieves and the service operators essentially split the profits from merchandise ordered with stolen credit and debit cards.

Source: Drops for Stuff research paper.

Source: Drops for Stuff research paper.

Much of the insight in this story comes from a study released last week called “Drops for Stuff: An Analysis of Reshipping Mule Scams,” which has multiple contributors (including this author). To better understand reshipping scheme, it helps to have a quick primer on the terminology thieves use to describe different actors in the scam.

The “operator” of the reshipping service specializes in recruiting “reshipping mules” or “drops” — essentially unwitting consumers in the United States who are enlisted through work-at-home job scams and promised up to $2,500 per month salary just for receiving and reshipping packages.

In practice, virtually all drops are cut loose after approximately 30 days of their first shipment — just before the promised paycheck is due. Because of this constant churn, the operator must be constantly recruiting new drops.

The operator sells access to his stable of drops to card thieves, also known as “stuffers.” The stuffers use stolen cards to purchase high-value products from merchants and have the merchants ship the items to the drops’ address. Once the drops receive the packages, the stuffers provide them with prepaid shipping labels that the mules will use to ship the packages to the stuffers themselves. After they receive the packaged relayed by the drops, the stuffers then sell the products on the local black market.

The shipping service operator will either take a percentage cut (up to 50 percent) where stuffers pay a portion of the product’s retail value to the site operator as the reshipping fee. On the other hand, those operations that target lower-priced products (clothing, e.g.) may simply charge a flat-rate fee of $50 to $70 per package. Depending on the sophistication of the reshipping service, stuffers can either buy shipping labels directly from the service — generally at a volume discount — or provide their own [for a discussion of ancillary criminal services that resell stolen USPS labels purchased wholesale, check out this story from 2014].

The researchers found that reshipping sites typically guarantee a certain level of customer satisfaction for successful package delivery, with some important caveats. If a drop who is not marked as problematic embezzles the package, reshipping sites offer free shipping for the next package or pay up to 15% of the item’s value as compensation to stuffers (e.g., as compensation for “burning” the credit card or the already-paid reshipping label).

However, in cases where the authorities identify the drop and intercept the package, the reshipping sites provide no compensation — it calls these incidents “acts of God” over which it has no control.

“For a premium, stuffers can rent private drops that no other stuffers will have access to,” the researchers wrote. “Such private drops are presumably more reliable and are shielded from interference by other stuffers and, in turn, have a reduced risk to be discovered (hence, lower risk of losing packages).”


One of the key benefits of cashing out stolen cards using a reshipping service is that many luxury consumer goods that are typically bought with stolen cards — gaming consoles, iPads, iPhones and other Apple devices, for instance — can be sold in Russia for a 30 percent to 5o percent markup on top of the original purchase price, allowing the thieves to increase their return on each stolen card.

shopFor example, an Apple MacBook selling for 1,000 US dollars in the United States typically retails for for about 1,400 US dollars in Russia because a variety of customs duties, taxes and other fees increase their price.

It’s not hard to see how this can become a very lucrative form of fraud for everyone involved (except the drops). According to the researchers, the average damage from a reshipping scheme per cardholder is $1, 156.93. In this case, the stuffer buys a card off the black market for $10, turns around and purchases more than $1,100 worth of goods. After the reshipping service takes its cut (~$550), and the stuffer pays for his reshipping label (~$100), the stuffer receives the stolen goods and sells them on the black market in Russia for $1,400. He has just turned a $10 investment into more than $700. Rinse, wash, and repeat.

The study examined the inner workings of seven different reshipping services over a period of five years, from 2010 to 2015, and involved data shared by the FBI and the U.S. Postal Investigative Service. The analysis showed that at least 85 percent of packages being reshipped via these schemes were being sent to Moscow or to the immediate surrounding areas of Moscow.

The researchers wrote that “although it is often impossible to apprehend criminals who are abroad, the patterns of reshipping destinations can help to intercept the international shipping packages beforethey leave the country, e.g., at an USPS International Service Center. Focusing inspection efforts on the packages destined to the stuffers’ prime destination cities can increase the success of intercepting items from reshipping scams.”

The research team wrote that disrupting the reshipping chains of these scams has the potential to cripple the underground economy by affecting a major income stream of cybercriminals. By way of example, the team found that a single criminal-operated reshipping service  can earn a yearly revenue of over 7.3 million US dollars, most of which is profit.

A copy of the full paper is available here (PDF).

Planet Linux AustraliaOpenSTEM: UCI brain-computer interface enables paralyzed man to walk

Proof-of-concept study shows possibilities for mind-controlled technology.


In the preliminary proof-of-concept study, led by UCI biomedical engineer Zoran Nenadic and neurologist An Do, a person with complete paralysis in both legs due to spinal cord injury was able – for the first time – to take steps without relying on manually controlled robotic limbs.

So this is using brainwave-detecting technology to reconnect a person’s brain with part of their body. A very practical example of how science can (re)enable people, in this case give them back their freedom of mobility. That’s fantastic.

Complementary, Honda’s ASIMO robot research can enable people to walk with artificial legs.

Don’t think this is just something that happens in labs! The basic tech is accessible. I have a single sensor EEG headset here, and some years ago I did a demo at a conference entitled “look ma, no hands” where I controlled the slide advance of the presentation on my laptop by doing a “long blink”.


Planet DebianClint Adams: He then went on to sing the praises of Donald Trump

“I like Italian food and Mexican food,” he said.

“Where are you from?” she asked.

“Yemen, but I like Italian food and Mexican food,” he answered.

“You don't like Yemeni food?” she asked.

“Eh, well, it's the thing you grow up with,” he replied. “Do you know Yemeni food?”

“Yes,” she said, “I like حنيذ.”

“Oh, حنيذ is good if you like meat. If you like vegetables, try سلتة.”

“Why wouldn't I like meat?” she demanded.

“You know, every place in Yemen does ﺢﻨﻳﺫ differently. I like the way they do it in the west of Yemen, near Africa,” he said, and proceeded to describe the cooking process.

Planet DebianSven Hoexter: 1blu hack and the usual TLS certificate key madness

Some weeks ago the german low cost hoster 1blu got hacked and there was a bit of fuss later about the TLS certificates issued by 1blu. I think they reissued all of them. Since I knew that some hoster offer to generate the complete cert + key package for the customer I naively assumed that only the lazy and novice customers were the victims of that issue.

Today, while helping someone, I learned that 1blu forces you to use the key generated by them for certificates included in a virtual server bundle and probably other bundles. That makes those bundles a lot less attractive since the included certificate is not useful at all. One could of course argue that a virtual server is not trustworthy anyway, but I'd like to believe for now that it's more complicated to extract stuff from all running virtual servers compared to dumping the central database / key repository.

Maybe it's time to create a wrapper around openssl that is less opaque to novice users so we can get rid of key generation by a third party one day. In the end it's a disasterous trend that only got started because of usability issues.

Planet DebianDominique Dumont: How to automount optical media on Debian Linux for Kodi


This problem has been bugging me for a while: how to setup my Kodi based home cinema to automatically mount an optical media ?

Turns out the solution is quite simple, now that Debian has switched for systemd. Just add the following line to /etc/fstab:

/dev/sr0 /media/bluray auto defaults,nofail,x-systemd.automount 0 2


  • /dev/sr0 is the device file. You can also use one of the symbolic links setup by udev in /dev/disk/by-id
  • /media/bluray is the mount point. You can choose another mount point
  • nofail is required to avoid failure report when booting without a disc in the optical drive
  • x-systemd.automount is the option to configure systemd to automatically mount the inserted disc

Do not specify noauto: this would prevent systemd to automatically mount a disc, which defeats the purpose.

To test you setup:

  • Run the command journalctl -x -f in a terminal to check what is going on with systemd
  • Reload systemd configuration with sudo systemctl daemon-reload.
  • load a disc in your optical drive

Then, journalctl should show something like:

Sept. 27 16:07:01 frodo systemd[1]: Mounted /media/bluray.

And that’s it. No need to have obsolete packages like udisk-glue or autofs.

Last but not least: this blog is moderated, please do not waste your time (and mine) posting rants.

All the best.

Tagged: automount, debian, kodi, optical, systemd

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-09-21 to 2015-09-27

Planet DebianNiels Thykier: There is nothing like (missing) iptables (rules) to make you use tor

I have been fiddling with setting up both iptables and tor on my local machine.  Most of it was fairly easy to do, once I dedicated the time to actually do it. Configuring both “at the same time” also made things easier for me, but YMMV.  Regardless, it did take quite a while researching, tweaking and testing – most of that time was spent on the iptables front for me.

I ended up doing this incrementally.  The major 5 steps I went through were:

  1. Created a basic incoming (INPUT) firewall – enforcing
  2. Installed tor + torsocks and aliased a few commands to run with torsocks
  3. Created a basic outgoing (OUTPUT) firewall – permissive
  4. Make the outgoing firewall enforcing
  5. Migrate the majority of programs and services to use tor.

Some of these overlapped time-wise and I certainly revisited the configuration a couple of times.  A couple of things, that I learned:

  • You probably want to have a look at “netstat --listen -put --numeric” when you write your INPUT firewall.
  • The tor developers have tried a lot to make things easy.  It is scary how often “torsocks program [args]” just works(tm).
    • That said, it does not always work.
  • Tor and iptables (OUTPUT) can have a synergy effect on each other.
    • Notably, when it is easier to just “torsocks” a program than adding the necessary iptables rules.
  • Writing iptables rules become a lot easier once:
    • You learn how to iptables’s LOG rule
    • You use sensible-editor + iptables-restore or something like puppet’s firewall module

Filed under: Debian

Planet DebianBen Armstrong: Annual Bluff Hike, 2015

Planet DebianLunar: Reproducible builds: week 22 in Stretch cycle

What happened in the reproducible builds effort this week:

Toolchain fixes

  • Ben Hutchings uploaded linux-tools/4.2-1 which makes the tarball generated by reproducible.

Packages fixed

The following 22 packages became reproducible due to changes in their build dependencies: breathe, cdi-api, geronimo-jpa-2.0-spec, geronimo-validation-1.0-spec, gradle-propdeps-plugin, jansi, javaparser, libjsr311-api-java, mac-widgets, mockito, mojarra, pastescript, plexus-utils2, powerline, python-psutil, python-sfml, python-tldap, pythondialog, tox, trident, truffle, zookeeper.

The following packages became reproducible after getting fixed:

Some uploads fixed some reproducibility issues but not all of them:

  • fldigi/3.23.01-1 by Kamal Mostafa.

Patches submitted which have not made their way to the archive yet:

diffoscope development

The changes to make diffoscope run under Python 3, along with many small fixes, entered the archive with version 35 on September 21th.

Another release was made the very next day fixed two encoding-related issues discovered when running diffoscope on more Debian packages.

strip-nondeterminism development

Version 0.12.0 now preserves file permissions on modified zip files and dh_strip_nondeterminism has been made compatible with older debhelper.

disorderfs development

Version 0.3.0 implemented a “multi-user” mode that was required to build Debian packages using disorderfs. It also added command line options to control the ordering of files in directory (either shuffled or reversed) and another to do arbitrary changes to the reported space used by files on disk.

A couple days later, version 0.4.0 was released to support locks, flush, fsync, fsyncdir, read_buf, and write_buf. Almost all known issues have now been fixed.

disorderfs is now used during the second build. This makes file ordering issue very easy to identify as such. (h01ger)

Work has been done on making the distributed build setup more reliable. (h01ger)

Documentation update

Matt Kraii fixed the example on how to fix issues related to dates in Sphinx. Recent Sphinx versions should also be compatible with SOURCE_DATE_EPOCH.

Package reviews

53 reviews have been removed, 85 added and 13 updated this week.

46 packages failing to build from source has been identified by Chris Lamb, Chris West, and Niko Tyni. Chris Lamb was the lucky reporter of bug #800000 on vdr-plugin-prefermenu.

Issues related to disorderfs are being tracked with a new issue.

Planet DebianRitesh Raj Sarraf: Laptop Mode Tools 1.68.1

I am please to announce the release of Laptop Mode Tools 1.68.1.

The last release (1.68) was mostly about systemd integration, and so is this release. There were a couple of bugs reported, and most of them fixed, with this release. All downstreams are requested to upgrade.

For RPM packages for Fedora and OpenSUSE (Tumbleweed), please see the homepage.

1.68.1 - Sun Sep 27 14:00:13 IST 2015

    * Update details about runtime-pm in manpage

    * Revert "Drop out reload"

    * Log error more descriptively

    * Write to common stderr. Do not hardcode a specific one

    * Call lmt-udev in lmt-poll. Don't call the laptop_mode binary directly.

      Helps in a lot of housekeeping

    * Direct stderr/stdout to journal

    * Fix stdout descriptor

    * Install the new .timer and poll service

    * Use _sbindir for RPM




Planet Linux AustraliaBlueHackers: Interactive Self-Care Guide

Interesting find:

[…] interactive flow chart for people who struggle with self care, executive dysfunction, and/or who have trouble reading internal signals. It’s designed to take as much of the weight off of you as possible, so each decision is very easy and doesn’t require much judgement.

Some readers may find it of use. I think it’d be useful to have the source code for this available so that a broad group of people can tweak and improve it, or make personalised versions.


Debian Administration Analysing performance problems with systemd

Now that Systemd is the default init-system in fresh installations of Debian GNU/Linux it is worth highlighting some of the new features.

Planet DebianNorbert Preining: Kobo firmware 3.18.0 mega update (KSM, nickel patch, ssh, fonts)

In short succession a new firmware from Kobo, this time 3.18.0. And here is my mega-update. On request from a reader I have now prepared updates for all three hardwares, Mark4 (Glo), Mark5 (Aura), and Mark6 (GloHD).

Kobo Logo

Changes since last release:

  • KSM updated to latest pre-release pre3
  • koreader updated to v2014.11-346 from September 19, 2015
  • customdict scripting update via was removed – for those who need it there is a patch that works better in the Metazoa patches, but I did not activate it for the public release.
  • build for Kobo Mark4 (Glo), Mark5 (Aura), and Mark6 (GloHD) hardware – but tested only on GloHD

Included patches from the Metazoa firmware patches:

  • all: Custom reading footer style (adapted for the respective device), My 15 line spacing values, Custom left & right margins, Brightness fine control, Search in Library by default, Disable pinch-to-zoom font resizing, Always display chapter name on navigation menu
  • Mark4: Compact homepage layout (Glo), Remove white borders from homescreen tile book covers
  • Mark5: Compact homepage layout (Aura)

Other things that are included are as usual: koreader, pbchess, coolreader, the ssh part of kobohack, and some side-loaded fonts. For details on the respective parts please see the previous post


Mark6 – Kobo GloHD

firmware: Kobo 3.18.0 for GloHD

Mega update: Kobo-3.18.0-combined/Mark6/KoboRoot.tgz

Mark5 – Aura

firmware: Kobo 3.18.0 for Aura

Mega update: Kobo-3.18.0-combined/Mark5/KoboRoot.tgz

Mark4 – Kobo Glo, Aura HD

firmware: Kobo 3.18.0 for Glo and AuraHD

Mega update: Kobo-3.18.0-combined/Mark4/KoboRoot.tgz


TEDHow telling stories can transform a classroom

When students get the chance to participate in StoryCorps interviews, it can "reorganize the ions of a class," according to one teacher who tried it. Photo: David Andrako, courtesy of StoryCorps

When students conduct StoryCorps interviews, teachers say it can “reorganize the ions of a class.” Photo: David Andrako, courtesy of StoryCorps

Caitlyn, a quiet seventh grader, was bullied by the other kids in her class at Luther Burbank Middle School in Burbank, California. She wore the same cowboy boots every day. “The other kids were awful about it,” said English teacher Rebecca Mieliwocki, remembering this student who has stayed lodged in her memory for 10 years now. “Even the best kids can be horrible sometimes. It’s a jungle in middle school.”

The law of the jungle, however, can change. Caitlyn’s story illustrates what can happen when students and teachers take the time to listen to each other’s stories.

When Caitlyn was in her class a decade ago, Mieliwocki introduced StoryCorps to her students. She gave them tape recorders and asked them to interview someone important in their lives. Over the next few months, the class listened to each student’s interview and discussed them together.

Caitlyn had interviewed her mom. The two of them talked about their lives since Caitlyn’s father died of melanoma two years prior, when Caitlyn was in the fifth grade. Before her dad passed away, he had wanted to get her something that would last forever — together, they picked out a pair of brown and turquoise cowboy boots. A year later, Caitlyn was diagnosed with melanoma herself. She had to have part of her foot removed. The boots her father bought were the only shoes that provided enough support for her to walk.

“None of us knew any of this about her,” said Mieliwocki. “We were all feeling about an inch tall. I was ashamed, personally. How could I not know this about my student?”

The teasing stopped. Not just for Caitlyn, but for everyone.

“Telling our stories brought all of our lived realities into the classroom,” said Mieliwocki. “I’ve never been able to reorganize the ions of a class the way that going through the StoryCorps interview experience did.”

StoryCorpsU launched in 2009 to echo that emotional transformation. It’s a program designed to help students in high-need schools find their voices and develop a sense of empathy. Celeste Davis-Carr, an English teacher at Corliss High School on the south side of Chicago, has participated since 2012. “I’ve been able to see my students differently and develop greater connections with them,” she said. (Hear Davis-Carr interview a student below.)

Celeste Davis-Carr has participated in StoryCorps U since TK. TK. Photo: Courtesy of StoryCorps

Celeste Davis-Carr has asked her English classes to participate in StoryCorpsU since 2012. She says it’s helped her see students differently. Photo: Courtesy of StoryCorps

The program aims to keep students in school by strengthening personal bonds. But its availability is limited; StoryCorpsU is expanding from about 40 classrooms across the United States to 50 classrooms this year. Demand from students often outweighs supply. “Students love the curriculum so much that they are fighting for the space and opportunity to record,” said Davis-Carr.

The StoryCorps app, which founder Dave Isay launched with the 2015 TED Prize, opens up new possibilities. Teachers can do what Mieliwocki did with Caitlyn’s class, or come up with their own lesson plan centered around interviews.

With the app, students can also join in large-scale recording projects. In August, StoryCorps announced The Great Thanksgiving Listen, a nationwide effort to capture the voices of older Americans as families sit down for pumpkin pie. Over Thanksgiving weekend 2015, Isay hopes that as many as 250,000 students might interview an elder — a grandparent, a neighbor, a friend — using the StoryCorps app. That would more than double the number of interviews in StoryCorps’ archive at the Library of Congress.

Teachers can choose to make The Great Thanksgiving Listen an assignment. A newly-released Teacher Toolkit gives instructions on using the app and guidance for helping students pick great questions for their interviews. The toolkit also includes prompts for class discussion, like “Did you learn anything that contradicted what you have learned previously from school texts?”

Interviews are a powerful tool for increasing understanding. Listen to the four recordings below, which — like Caitlyn’s story — illustrate just how deeply students and teachers can inspire each other:

  • “I didn’t think I would ever tell a teacher.” Celeste Davis-Carr was shocked when a student in her 2013 class, Aaron, made a confession. “[I’ve been] basically homeless for five months,” he said. “I’ve had to sleep outside, sometimes with nothing to eat.” A year later, Aaron switched on the tape recorder again to talk to Davis-Carr about how life changed since he revealed his secret. “Can I tell you one thing that I really admire about you, Aaron?” Davis-Carr says to him. “You have a strength that no matter what anyone says about you or does to you, you don’t change who you are as a person.”
  • Being the first one to go to college in my whole family — that’s my biggest motivation.” During his freshman year at Marian University, Noe Rueda felt deep thankfulness for his high school economics teacher, Alex Fernandez, who helped him get a scholarship. So the two sat down to talk about college — and about Rueda’s experience growing up poor. Fernandez expressed his dreams for Noe’s future. “I’ve had so many students where everything’s stacked against them. What happens is they get almost there, and then they just quit,” he said. “I really want you to be the one that finished.”
  • “It made me feel really important that I had that influence on you.” Neurosurgeon Lee Buono had just removed a tumor from a patient’s brain, giving the patient the ability to speak again. Buono remembers this patient’s first words. “He said, ‘You make sure you call [your science] teacher. You make sure you thank him.’” Buono did just that. He reached out to his middle school teacher, Al Siedlecki, and they did a StoryCorps interview together. In it, Siedlecki recalls getting Buono’s initial phone call. “It was the same feeling I had when … when my kids were born,” he said.

Through the StoryCorpsU program, students interview each other — and those most important to them. But the StoryCorps app allows any teacher to build lesson plans around interviews. Photo: Courtesy of StoryCorps


CryptogramFriday Squid Blogging: Disney's Minigame Squid Wars

It looks like a Nintendo game.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Planet DebianClint Adams: This can or cannot be copyrighted

“Honey“ Mojito

  • 12 oz. “honey”
  • 7 medium limes
  • bag crushed ice
  • small bouquet fresh mint
  • water
  • light rum
  • sparkling water

Combine 12 oz. of “honey” with 8 oz. of warm water. Stir mixture together until the “honey” has completely dissolved. Juice limes in a juicer and pour into the “honey” and water. Squeeze the bunch of mint sprigs and add to a pitcher of crushed ice. Pour the “honey”/lime mixture over the ice. Stir and top with sparkling water. Add more “honey”, water, limes, or rum to your taste. Enjoy!

Serves 2

Krebs on SecurityBanks: Card Breach at Hilton Hotel Properties

Multiple sources in the banking industry say they have traced a pattern of credit card fraud that suggests hackers have compromised point-of-sale registers in gift shops and restaurants at a large number of Hilton Hotel and franchise properties across the United States. Hilton says it is investigating the claims.

hiltonIn August, Visa sent confidential alerts to numerous financial institutions warning of a breach at a brick-and-mortar entity that is known to have extended from April 21, 2015 to July 27, 2015. The alerts to each bank included card numbers that were suspected of being compromised, but per Visa policy those notifications did not name the breached entity.

However, sources at five different banks say they have now determined that the common point-of-purchase for cards included in that alert had only one commonality: They were all were used at Hilton properties, including the company’s flagship Hilton locations as well as Embassy Suites, DoubletreeHampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts.

In a written statement, a Hilton spokesperson said the company is investigating the breach claims.

“Hilton Worldwide is strongly committed to protecting our customers’ credit card information,” the company said. “We have many systems in place and work with some of the top experts in the field to address data security.  Unfortunately the possibility of fraudulent credit card activity is all too common for every company in today’s marketplace.  We take any potential issue very seriously, and we are looking into this matter.”

As with other recent card breaches at major hotel chains — including Mandarin Oriental and White Lodging properties — the breach does not appear to be related to the guest reservation systems at the affected locations. Rather, sources say the fraud seems to stem from compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties.

It remains unclear how many Hilton properties may be affected by this apparent breach. Several sources in the financial industry told KrebsOnSecurity that the incident may date back to November 2014, and may still be ongoing.

This is a developing story. More as updates become available.

Planet DebianJonathan Dowland: WadC 2.0 released


This week I released version 2.0 of Wad Compiler, a lazy functional programming language and IDE for the construction of Doom maps.

Version 2.0 is the first version in about four years and adds a fair number of features, most notably the ability to compose textures in your code and a basic command-line interface.

For more information see the release notes and the reference.

CryptogramAnti-Alien Security

You can wrap your house in tinfoil, but when you start shining bright lights to defend yourself against alien attack, you've gone too far.

In general, society puts limits on what types of security you are allowed to use, especially when that use can affect others. You can't place landmines on your lawn or shoot down drones hovering over your property.

TEDSoy TED weaves ideas into thought-provoking TV en español

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src=";rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

The latest TV show from TED’s creative team spins ideas from TED Talks in new directions — en español.

Soy TED, a new Spanish-language TV series about big ideas, premieres on Vme TV this Friday, September 25, at 7pm EST.

Each episode of Soy TED centers on a theme — from happiness to exploration to drones — built around a few key TED Talks. Between the talks, host Eduardo Hauser interviews a guest in the studio, in front of a live audience, usually someone with a personal connection to the topic.

“I hope it’ll be the bridge between TED ideas and the Hispanic community,” said Hauser.

Some guests are Spanish speakers who’ve given TED Talks before — like futurist Juan Enriquez, who appeared on an episode about the impact genomics will have on our lives, and Luis von Ahn, founder of DuoLingo, who had a lot to say in an episode on the future of education.

And some guests are just fascinating people, like Carlos Páez Rodríguez — the plane-crash survivor whose story was told in the movie Alive — and Franklin Chang Dîaz, the astronaut who shares the record for most space missions.

“He grew up in my home country of Venezuela, in a very rural town,” said Hauser. “Because lighting and power were so limited, at night he would lay on his back, watch the stars and think about how he wanted to travel to the stars. And he has done so seven times.”

Soy TED airs Friday nights on Vme TV at 7pm EST. It replays Fridays at 11pm, Saturdays at 3pm and Sundays at 2pm. Find out more »

Soy TED brings together the ideas from TED Talks and live studio guests who have a personal connection to them. Screens throughout the studio allow for rich imagery. Photo: Courtesy of Soy TED

Soy TED brings together the ideas from TED Talks and live studio guests who have a personal connection to them. Host Eduardo Hauser describes the show as, “a postgraduate degree in 13 episodes.” Photo: Courtesy of Soy TED

Planet DebianSven Hoexter: Ubuntu 14.04 php-apcu 4.0.7 backport

Looks like the php-apcu release shipped with Ubuntu 14.04 is really buggy. Since nobody at Ubuntu seems to care about packages in universe I've added a backport of php-apcu 4.0.7 to my ppa. It's just a rebuild, so no magic involved.

Update: I've used the requestbackport thingy now to request a backport the Ubuntu way.

Planet DebianSven Hoexter: getting rid of xchat

I'm lazy. So I sticked to xchat for way too long. It seems to be dead since 2010 but luckily some good souls maintain a fork called hexchat. That's what I moved myself to a few weeks ago.

Now looking at the Debian xchat package I feel the urgent need to fill a request for removal. Sine I'm not a member of QA I asked for some advice, but the feedback is a bit sparse so far.

Maybe everyone still using xchat could just switch to hexchat so we can remove xchat next year and nobody would notice it? The only obvious drawback I can see at the moment is the missing Tcl plugin. The rest of the migration is more or less reconfiguring everything to your preferences.

Planet DebianSven Hoexter: whiteboards

If you visit your potentially new team in the office and there is no whiteboard, or only a barely used one, you might be better off looking for a different team.

Sociological ImagesTalking about love and marriage

Flashback Friday.

In her fantastic book, Talk of Love (2001), Ann Swidler investigates how people use cultural narratives to make sense of their marriages.

She describes the “romantic” version of love with which we are all familiar.  In this model, two people fall deeply in love at first sight and live forever and ever in bliss .  We can see this model of love in movies, books, and advertisements:

She finds that, in describing their own marriages, most people reject a romantic model of love out-of-hand.

Instead, people tended to articulate a “practical” model of love.  Maintaining love in marriage, they said requires trust, honesty, respect, self-discipline, and, above all, hard work.  This model manifests in the therapeutic and religious self-help industry and its celebrity manifestations:

But even though most people favored a practical model of love in Swidler’s interviews, even the most resolute realist would occasionally fall back on idealist versions of love. In that sense, most people would articulate contradictory beliefs. Why?

Swidler noticed that people would draw on the different models when asked different kinds of questions. When she would ask them “How do you keep love alive from day to day?” they would respond with a practical answer. When she asked them “Why do you stay married?” or “Why did you get married?” they would respond with a romantic answer.

So, even though most people said that they didn’t believe in the ideal model, they would invoke it. They did so when talking about the institution of marriage (the why), but not when talking about the relationship they nurtured inside of that institution (the how).

Swidler concludes that the ideal model of love persists as a cultural trope because marriage, as an institution, requires it. For example, while people may not believe that there is such a thing as “the one,” marriage laws are written such that you must marry “one.” She explains:

One is either married or not; one cannot be married to more than one person at a time; marrying someone is a fateful, sometimes life-transforming choice; and despite divorce, marriages are still meant to last (p. 117-118).

That “one,” over time, becomes “the one” you married. “The social organization of marriage makes the mythic image true experientially…” (p. 118, my emphasis).

If a person is going to get married at all, they must have some sort of cultural logic that allows them to choose one person. Swidler writes:

In order to marry, individuals must develop certain cultural, psychological, and even cognitive equipment. They must be prepared to feel, or at least convince others that they feel, that one other person is the unique right ‘one.’ They must be prepared to recognize the ‘right person’ when that person comes along.

The idea of romantic love does this for us. It is functional given the way that contemporary institutions structure love relationships. And, that, Swidler says, is why it persists:

The culture of [romantic] love flourishes in the gap between the expectation of enduring relationships and the free, individual choice upon which marriage depends… Only if there really is something like love can our relationships be both voluntary and enduring (p. 156-157).

Presumably if marriage laws didn’t exist, or were different, the romantic model of love would disappear because it would no longer be useful.

The culture of love would die out, lose its plausibility, not if marriages did not last (they don’t) but if people stopped trying to form and sustain lasting marriages (p. 158).

Even when individuals consciously disbelieve dominant myths [of romantic love], they find themselves engaged with the very myths whose truths they reject—because the institutional dilemmas those myths capture are their dilemmas as well (p. 176).

Cultural tropes, then, don’t persist because we (or some of us) are duped by movies and advertisements, they persist because we need them.

Originally posted in 2010.

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

CryptogramPeople Who Need to Pee Are Better at Lying

No, really.

Abstract: The Inhibitory-Spillover-Effect (ISE) on a deception task was investigated. The ISE occurs when performance in one self-control task facilitates performance in another (simultaneously conducted) self-control task. Deceiving requires increased access to inhibitory control. We hypothesized that inducing liars to control urination urgency (physical inhibition) would facilitate control during deceptive interviews (cognitive inhibition). Participants drank small (low-control) or large (high-control) amounts of water. Next, they lied or told the truth to an interviewer. Third-party observers assessed the presence of behavioral cues and made true/lie judgments. In the high-control, but not the low-control condition, liars displayed significantly fewer behavioral cues to deception, more behavioral cues signaling truth, and provided longer and more complex accounts than truth-tellers. Accuracy detecting liars in the high-control condition was significantly impaired; observers revealed bias toward perceiving liars as truth-tellers. The ISE can operate in complex behaviors. Acts of deception can be facilitated by covert manipulations of self-control.

News article.

Planet DebianChristian Perrier: Bugs #780000 - 790000

Thorsten Glaser reported Debian bug #780000 on Saturday March 7th 2015, against the gcc-4.9 package.

Bug #770000 was reported as of November 18th so there have been 10,000 bugs in about 3.5 months, which was significantly slower than earlier.

Salvatore Bonaccorso reported Debian bug #790000 on Friday June 26th 2015, against the pcre3 package.

Thus, there have been 10,000 bugs in 3.5 months again. It seems that the bug report rate stabilized again.

Sorry for missing bug #780000 annoucement. I'm doing this since....November 2007 for bug #450000 and it seems that this lack of attention is somehow significant wrt my involvment in Debian. Still, this involvment is still here and I'll try to "survive" in the project until we reach bug #1000000...:-)

See you for bug #800000 annoucement and the result of the bets we placed on the date it would happen.

Worse Than FailureError'd: The Little Application That Couldn't

"I don't know what it was trying to do, but it just couldn't do it," Bert writes, "It also looks like it couldn't finish the error message."


"After a decade and a half, I thought that we were past using Windows 2000, but apparently the sketchiest arcade I've ever set foot in disagrees," writes Erik M..


"I question the integrity of the London Free Press if they aren't going to attribute their quotes," wrote Kate D.


"Signing up for a free course 'Oracle Massive Open Online Course: Java SE 8 Lambdas and Streams', I was invited to complete my user profile," Ed R. wrote, "My email address was already pre-filled, the only option was to select my time zone. Upon pressing 'Create', this reward was immediate and highly satisfactory."


Erik wrote, "I was checking my portfolio at Avanza when I noticed some very strange temporal things had been going on in Dow Jones World Index this last month."


"I came across a very bombastic find in a vendor's Bill of Materials software," Mike N. writes.


Dave C. wrote, "Now that's what I call a long running transaction."


"Alright! I win!...wait a minute, that's a familiar looking IP", wrote Nicolas.


[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Planet DebianChristian Perrier: Bug #800000 has been reported...Tomasz Muras wins a 2.5-year-old bet..:-)

Here it is.

Debian had eight hundred thousand bugs reported in its history.

Tomasz Muras guessed, more than 2 years ago, that it would be reported on September 24h, and it has been reported on 25th. Good catch!

Chris Lamb is the happy bug submitter for this release critical bug against the vdr-plugin-prefermenu package.

Of course, I will soon open the wiki page for the bug #900000 bet, which will again include a place where you can also bet for bug #1000000. Be patient, the week-end is coming..:-)

It took two years, 7 months and 18 days to report 100,000 bugs in Debian since bug #700000 was reported.

Geek FeminismBattlestar Linkspam

  • Half of Australian universities sign up to SAGE gender-equity program | The Age (September 16): “More than half of the country’s universities and medical research institutions have signed up to the Science in Australia Gender Equity (SAGE) pilot, which rates organisations based on their gender equity policies and practices, rewarding them with gold, silver or bronze awards.”
  • What it’s like to be a woman working in science, and how to make it better | The Conversation (September 16): “This Wednesday saw the launch of the Science in Australia Gender Equity (SAGE) pilot program by the Australian Academy of Science (AAS) in partnership with the Academy of Technological Science and Engineering (ATSE). (…) The Conversation asked women in the sciences to reflect on their experiences working in the field and comment the significance of the SAGE initiative.”
  • Wanted: Fit, Fearless Scientist for Huge Underground Find | National Geographic (September 17): “Since the find was made public, Peixotto has been a bit irked at the focus on her tiny size instead of on her professional accomplishments. She has two master’s degree and is finishing a Ph.D. that focuses on community building among escaped slaves.”
  • Double Union — Double Union is moving and needs your help! (September 22): “After two awesome years of running our space in the Mission neighborhood, it’s time to find a new home. The building we’ve been renting space in was recently sold to new owners who are evicting all tenants to prepare for long-term renovation. “
  • What Happens When You Get Your Period In Space? | Shots (September 17): “I remember the engineers trying to decide how many tampons should fly on a one-week flight; they asked, ‘Is 100 the right number?’ – ‘No. That would not be the right number.’ So what does happen when you get your period in space?”
  • Review: In ‘Photograph 51,’ Nicole Kidman Is a Steely DNA Scientist | The New York Times (September 14): “When Nicole Kidman steps out of the shadows, breaking off from a wall of men, and onto the edge of the stage at the Noël Coward Theater, where Anna Ziegler’s “Photograph 51” opened here on Monday night, her eyes beam undiluted willpower. It is a gaze that both chills and warms, radiating and demanding trust in this singularly self-possessed presence. Ms. Kidman makes it clear that she is in charge here, and woe unto those of us who doubt it.”
  • Nourish Your Brains With This STEM News Roundup | Autostraddle (September 23): loads more links to excellent geekfeminist news
  • Why we need to stop car crash ‘women in tech’ panels and actually break the glass ceiling | The Sydney Morning Herald (September 21): “Yes, you heard right: Just a few minutes into a panel discussion Wojcicki was asked whether her children were of the same father.
    Missing from the panel was a discussion of Wojcocki’s accomplishments in physics at Stanford University, of history and literature at Harvard, her not one but two Masters – one in science of economics from the University of California, the other in business admin from UCLA Anderson School of Management. Also omitted from the event was her professional growth at Google from the Doodle department to heading up the departments that created AdWords, Adsense and Google Analytics, (you know, the stuff that makes Google money), before becoming CEO of YouTube.”
  • Meet a traveller: Mireya Mayor, primatologist and world explorer – Lonely Planet (September 10): “Dubbed the ‘female Indiana Jones’, Mireya Mayor is an adventurer and then some… Taking the career path less travelled – going from NFL cheerleader to anthropologist – Mayor’s love for exploration and conservation has led her to some of the most biodiverse places in the world.”
  • Feminisms in Digital Humanities | Digital Humanities Quarterly: Preview “In calling for a more sustained consideration of relationships between feminist theories and digital humanities, we were calling for engagements that helped enrich our sense of why feminisms mattered to DH, beyond simply getting more women in the rooms. In addition to issues of equity and access, at stake in the conception of this special issue were the ethics and commitments in digital humanities scholarship and teaching.”
  • NASA Chief Scientist Ellen Stofan Discusses Space Science, Her Career | World Science Festival : “In our Pioneers program, Stofan discussed the intertwined subjects of her planetary discoveries and career, which included an inspired but ultimately unsuccessful proposal for a sail-propelled probe that would explore the methane lakes of Saturn’s moon Titan. Yet Stofan’s career demonstrates that bumps in the road can be opportunities instead of obstacles.”
  • Two Seattle girls launched a balloon to the edge of space this weekend, and have the video to prove it | GeekWire (September 7): “On Saturday, a handmade craft rose 78,000 feet to capture the view from the edge of space. The craft, built by two Seattle youngsters, reached speeds of over 100 km/h on its journey over central Washington.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet DebianNorbert Preining: jfontmaps release 20150923.0

After a year without a release we finally pushed out a new version of the Japanese font maps. The main addition is support for the fonts shipped in the upcoming El Capitan OSX release, which brings a whole new set of Hiragino fonts, most of them in Truetype collections.

The update is available from CTAN and will be in TeX Live within one or two days.

For suggestions and improvements, please use the issue system at the github development place.

Planet DebianDirk Eddelbuettel: RcppEigen

A bugfix release of RcppEigen is now on CRAN and in Debian. The NEWS file entry follows.

Changes in RcppEigen version (2015-09-23)

  • Corrected use of kitten() thanks to Grant Brown (#21)

  • Applied upstream change to protect against undefined behaviour with null pointers

Courtesy of CRANberries, there is also a diffstat report for the most recent release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet DebianSteve McIntyre: Linaro VLANd v0.4

VLANd is a python program intended to make it easy to manage port-based VLAN setups across multiple switches in a network. It is designed to be vendor-agnostic, with a clean pluggable driver API to allow for a wide range of different switches to be controlled together.

There's more information in the README file. I've just released v0.4, with a lot of changes included since the last release:

  • Large numbers of bugfixes and code cleanups
  • Code changes for integration with LAVA:
    • Added db.find_lowest_unused_vlan_tag()
    • create_vlan() with a tag of -1 will find and allocate the first unused tag automatically
  • Add port numbers as well as names to the ports database, to give human-recognisable references. See README.port-numbering for more details.
  • Add tracking of trunks, the inter-switch connections, needed for visualisation diagrams.
  • Add a simple http-based visualisation feature:
    • Generate network diagrams on-demand based on the information in the VLANd database, colour-coded to show port configuration
    • Generate a simple website to reference those diagrams.
  • Allow more ports to be seen on Catalyst switches
  • Add a systemd service file for vland

VLANd is Free Software, released under the GPL version 2 (or any later version). For now, grab it from git; tarballs will be coming shortly.


Planet DebianLars Wirzenius: FUUG grant for Obnam development

I'm very pleased to say that the FUUG foundation in Finland has awarded me a grant to buy some hardware to help development of Obnam, by backup program. The announcement has more details in Finnish.

LongNowAncient Venture Capitalism and its Lessons for the Modern Economy

Our understanding of ancient civilizations can be spotty. Because not all cultural artifacts withstand the test of time, we have to piece together our portraits of these societies with partial clues, making inferences where needed to cover gaps in the archaeological record.

But one of these clues offers a remarkably detailed picture of economic life in an Assyrian market town. As a recent feature in the New York times explains, archaeologists have discovered an uncharacteristically complete set of records kept by businessmen who ran importing enterprises in Kanesh, an ancient trading hub in what is now Turkey.

Dating back to the 19th century BC, these records have allowed Assyriologists to construct an intimate and detailed portrait of the lives these traders led, and the socio-economic policies that shaped their businesses.

The picture that emerged of economic life is staggeringly advanced. The traders of Kanesh used financial tools that were remarkably similar to checks, bonds, and joint-stock companies. They had something like venture-capital firms that created diversified portfolios of risky trades. And they even had structured financial products: People would buy outstanding debt, sell it to others and use it as collateral to finance new businesses. The 30 years for which we have records appear to have been a time of remarkable financial innovation.

It’s impossible not to see parallels with our own recent past. Over the 30 years covered by the archive, we see an economy built on trade in actual goods – silver, tin, textiles – transform into an economy built on financial speculation, fueling a bubble that then pops. After the financial collapse, there is a period of incessant lawsuits, as a central government in Assur desperately tries to come up with new regulations and ways of holding wrongdoers accountable … The entire trading system enters a deep recession lasting more than a decade. The traders eventually adopt simpler, more stringent rules, and trade grows again.

But as the quote above implies, these records – as does much of history – also contain lessons for the present. The comparison of this ancient market to our modern-day economy offers a rare opportunity to assess what features are inherent to the nature of trading systems, and what is the product of specific cultural or political forces.

The remarkable similarities between this ancient market and the contemporary global economy suggest that most attempts at trade regulation may be ineffective: fluctuations in things like the volume of trade, or the distribution of profits, may ultimately be part of the nature of trading systems. But what we can do is anticipate and regulate the impact of global trade on our local economy.

That, in fact, is what the [Assyrians] did, 4,000 years ago … Trade brought enormous wealth to a dozen or so families. But rather than hold all of it for themselves, the wealthy were made to redistribute a high percentage of their earnings through taxes and religious foundations that used the money for the public good. This way, the wealth created by trading with Kanesh made nearly everybody – at least every free citizen – better off.

CryptogramLiving in a Code Yellow World

In the 1980s, handgun expert Jeff Cooper invented something called the Color Code to describe what he called the "combat mind-set." Here is his summary:

In White you are unprepared and unready to take lethal action. If you are attacked in White you will probably die unless your adversary is totally inept.

In Yellow you bring yourself to the understanding that your life may be in danger and that you may have to do something about it.

In Orange you have determined upon a specific adversary and are prepared to take action which may result in his death, but you are not in a lethal mode.

In Red you are in a lethal mode and will shoot if circumstances warrant.

Cooper talked about remaining in Code Yellow over time, but he didn't write about its psychological toll. It's significant. Our brains can't be on that alert level constantly. We need downtime. We need to relax. This is why we have friends around whom we can let our guard down and homes where we can close our doors to outsiders. We only want to visit Yellowland occasionally.

Since 9/11, the US has increasingly become Yellowland, a place where we assume danger is imminent. It's damaging to us individually and as a society.

I don't mean to minimize actual danger. Some people really do live in a Code Yellow world, due to the failures of government in their home countries. Even there, we know how hard it is for them to maintain a constant level of alertness in the face of constant danger. Psychologist Abraham Maslow wrote about this, making safety a basic level in his hierarchy of needs. A lack of safety makes people anxious and tense, and the long term effects are debilitating.

The same effects occur when we believe we're living in an unsafe situation even if we're not. The psychological term for this is hypervigilance. Hypervigilance in the face of imagined danger causes stress and anxiety. This, in turn, alters how your hippocampus functions, and causes an excess of cortisol in your body. Now cortisol is great in small and infrequent doses, and helps you run away from tigers. But it destroys your brain and body if you marinate in it for extended periods of time.

Not only does trying to live in Yellowland harm you physically, it changes how you interact with your environment and it impairs your judgment. You forget what's normal and start seeing the enemy everywhere. Terrorism actually relies on this kind of reaction to succeed.

Here's an example from The Washington Post last year: "I was taking pictures of my daughters. A stranger thought I was exploiting them." A father wrote about his run-in with an off-duty DHS agent, who interpreted an innocent family photoshoot as something nefarious and proceeded to harass and lecture the family. That the parents were white and the daughters Asian added a racist element to the encounter.

At the time, people wrote about this as an example of worst-case thinking, saying that as a DHS agent, "he's paid to suspect the worst at all times and butt in." While, yes, it was a "disturbing reminder of how the mantra of 'see something, say something' has muddied the waters of what constitutes suspicious activity," I think there's a deeper story here. The agent is trying to live his life in Yellowland, and it caused him to see predators where there weren't any.

I call these "movie-plot threats," scenarios that would make great action movies but that are implausible in real life. Yellowland is filled with them.

Last December former DHS director Tom Ridge wrote about the security risks of building a NFL stadium near the Los Angeles Airport. His report is full of movie-plot threats, including terrorists shooting down a plane and crashing it into a stadium. His conclusion, that it is simply too dangerous to build a sports stadium within a few miles of the airport, is absurd. He's been living too long in Yellowland.

That our brains aren't built to live in Yellowland makes sense, because actual attacks are rare. The person walking towards you on the street isn't an attacker. The person doing something unexpected over there isn't a terrorist. Crashing an airplane into a sports stadium is more suitable to a Die Hard movie than real life. And the white man taking pictures of two Asian teenagers on a ferry isn't a sex slaver. (I mean, really?)

Most of us, that DHS agent included, are complete amateurs at knowing the difference between something benign and something that's actually dangerous. Combine this with the rarity of attacks, and you end up with an overwhelming number of false alarms. This is the ultimate problem with programs like "see something, say something." They waste an enormous amount of time and money.

Those of us fortunate enough to live in a Code White society are much better served acting like we do. This is something we need to learn at all levels, from our personal interactions to our national policy. Since the terrorist attacks of 9/11, many of our counterterrorism policies have helped convince people they're not safe, and that they need to be in a constant state of readiness. We need our leaders to lead us out of Yellowland, not to perpetuate it.

This essay previously appeared on

EDITED TO ADD (9/25): UK student reading book on terrorism is accused of being a terrorist. He was reading the book for a class he was taking. I'll let you guess his ethnicity.

Chaotic IdealismTo the Muslims of the World

The other day I looked back over the diaries I kept when I first went to college, and I looked at the entries I made just after 9/11. Much of it was just my writing down what I learned from the news, as I learned it, and talking about how it affected our daily lives; but some of it was oddly prescient. Some excerpts:

September 16, 2001:
"Nationalism--patriotism--is perfectly all right, but when it gets to the point when you hate all other people, you're going way too far. That's what got the Muslims in America scared. Here--in the land of religious freedom--we're persecuting Muslims? Shame on you, America!"

September 26, 2001:
"They have killed an Egyptian Christian in L.A. just because he was middle-eastern looking... As a student of German history, I am worried. Okay, here's the scenario. A newly-elected president, elected by a small majority, escapes a terrorist attack meant for him and rallies the people to his side. Bush? Yes. Hitler? Also yes.... When a popular leader takes control during a crisis, promising security, often people are willing to give up rights for security, give the leader more power than he ought to have, and look the other way when he commits terrible atrocities."

When I wrote this, I was at Pensacola Christian College, the ultra-conservative Florida unaccredited college I had enrolled in primarily because I didn't know any better and was, back then, quite conservative myself. I had turned 18 the summer before, and three months later was to leave the school; but I was still in the extremely censored environment of PCC. I had no access to "liberal propaganda" of any sort--even the news was censored there. But unlike most of my fellow students, I had the benefit of being, at that time, a German citizen interested enough in the history of my birth country to want to understand how and why the Holocaust had happened, and how average Germans let it happen. I saw the parallels.

We staged invasions, sent soldiers, created chaos. Most of it was comfortably far away from home. The Middle East is in chaos. And now some politicians, looking for presidential nominations, are tacitly agreeing when people say we ought to "get rid of" Muslims.

This makes me very sad. I've been naturalized now, and America is my home. I follow the international news, and I feel helpless; but I also feel ashamed of my country. We've done things that were wrong. Not just mistakes or screw-ups, but plain wrong. Evil. And the average American didn't really notice.

At least in the US, a relatively large number of people speak out against it. The abuses at Guantanamo Bay became a scandal rather than par for the course. People are used to democracy here; in Germany, they had only a few decades' experience with it. I have hope that America will shed its xenophobia, at least to the extent of not killing people for being different from ourselves; I have hope that some day we will promote true religious freedom and see ourselves as equals with the rest of the world, not as superiors.

But if we don't, if it gets worse, then I won't be one of the people averting their eyes while cattle-cars pass through my town. I can't; I couldn't bear it. Right now, all I can do is vote for those politicians who have good track records in international diplomacy and reasonable skill at understanding other peoples' perspectives. I'm still depending on democracy to turn us back around to doing the right thing. But if democracy fails, then serving my country means I can't stand by and do nothing.

To my Muslim friends, neighbors, fellow students, and fellow citizens of Earth:
I see you out there, unapologetically Muslim. I see your courage, making yourselves known, letting us see that you exist and that you are everyday people. And I get the message: You are different from me, but you are as human as I am, and the differences do not change your rights or your value. When you wear a headscarf and attend the same classes I do, your differences become familiar. The awkwardness diminishes. You become just another student. But initially you had to take a risk to openly identify yourselves as Muslims, and I applaud you.

I'm a Christian, and in that respect I'm part of the American majority, so I don't really know what it's like to be part of a minority religion. My experiences of being the target of prejudice mostly come from being disabled and deciding that, despite autistic people being mistreated for being autistic, I wasn't going to try to hide my autism.

That's not particularly similar to what it must be like to be a Muslim in a majority-Christian country, but it did give me some ideas to start with. There are some universals that apply to everyone--the right to hold our own beliefs, practice our faith, and be true to ourselves. Both Christians and Muslims worship the God of Abraham, though we have different ideas about who he is. I think you're wrong, and you think I'm wrong; but acknowledging those differences, in values and lifestyle and faith, doesn't mean I am going to forget about the fact that God loves you every bit as much as anyone else, and expects me to love you every bit as much as I would love a Christian with the exact same set of beliefs that I hold. You are fellow humans, and that is all that really matters. You are infinitely valuable.

In the past, Muslims and Christians have killed each other, but that's not you, and it's not me. We're only people. We aren't responsible for that animosity any more than I'm responsible for Auschwitz because I'm German. But I have the responsibility to learn from Germany, to care about people who are in other countries, who have different faiths, and whom our government has branded "terrorists" and "terrorist sympathizers". Well, if I'm not a Nazi, then I don't think you're a terrorist. You're mostly trying to get on with your lives, just like I am. We can reject all of that and see in each others' eyes simply another human being; we can replace hate with curiosity, xenophobia with an honest desire to understand how the other person sees the world.

If it really comes down to it, if you need help, I'll be there for you. So will many, many other Americans. I'm not the only one who is disturbed at the way our government has been treating anyone who seems "foreign" (even those who have been American citizens for generations!). If you are mistreated, we'll stand up against it; if you are excluded, we'll refuse to participate. When we help each other, help our neighbors and friends and co-workers and fellow students, you'll be included in that group; we know you'll help us when we need it. We won't let them divide our communities into little chunks fighting against each other. We're neighbors--in the biblical sense, even if we don't live next door. We know you're different, and we might feel awkward, maybe even accidentally insult you; but beyond that awkwardness of interacting with those who are different is the firm belief that they are human and have rights and are worth protecting.

Point being: If they want to mess with you, they've got to go through me first. And through everybody else who agrees with me, which is an awful lot of people. You're not alone.

Planet DebianJonathan McDowell: New GPG key

Just before I went to DebConf15 I got around to setting up my gnuk with the latest build (1.1.7), which supports 4K RSA keys. As a result I decided to generate a new certification only primary key, using a live CD on a non-networked host and ensuring the raw key was only ever used in this configuration. The intention is that in general I will use the key via the gnuk, ensuring no danger of leaking the key material.

I took part in various key signings at DebConf and the subsequent UK Debian BBQ, and finally today got round to dealing with the key slips I had accumulated. I’m sure I’ve missed some people off my signing list, but at least now the key should be embedded into the strong set of keys. Feel free to poke me next time you see me if you didn’t get mail from me with fresh signatures and you think you should have.

Key details are:

pub   4096R/0x21E278A66C28DBC0 2015-08-04 [expires: 2018-08-03]
      Key fingerprint = 3E0C FCDB 05A7 F665 AA18  CEFA 21E2 78A6 6C28 DBC0
uid                 [  full  ] Jonathan McDowell <>

I have no reason to assume my old key (0x94FA372B2DA8B985) has been compromised and for now continue to use that key. Also for the new key I have not generated any subkeys as yet, which caff handles ok but emits a warning about unencrypted mail. Thanks to those of you who sent me signatures despite this.

[Update: I was asked about my setup for the key generation, in particular how I ensured enough entropy, given that it was a fresh boot and without networking there were limited entropy sources available to the machine. I made the decision that the machine’s TPM and the use of tpm-rng and rng-tools was sufficient (i.e. I didn’t worry overly about the TPM being compromised for the purposes of feeding additional information into the random pool). Alternative options would have been flashing the gnuk with the NeuG firmware or using my Entropy Key.]

Sociological ImagesUnemployment can change your race

In the 6-minute video below, Stanford sociologist Aliya Saperstein discusses her research showing that the perception of other peoples’ race is shaped by what we know about them. She uses data collected through a series of in-person interviews in which interviewers sit down with respondents several times over many years, learn about what’s happened and, among other things, make a judgment call as to their race. You may be surprised how often racial designations. In one of her samples, 20% of respondents were inconsistently identified, meaning that they were given different racial classifications by different interviewers at least once.

Saperstein found that a person judged as white in an early interview was more likely to be marked as black in a later interview if they experienced a life event that is stereotypically associated with blackness, like imprisonment or unemployment.

She and some colleagues also did an experiment, asking subjects to indicate whether people with black, white, and ambiguous faces dressed in a suit or a blue work shirt were white or black. Tracing their mouse paths, it was clear that the same face in a suit was more easily categorized as white than the one in a work shirt.


Race is a social construction, not just in the sense that we made it up, but in that it’s flexible and dependent on status as well as phenotype.

She finishes with the observation that, while phenotype definitely impacts a person’s life chances, we also need to be aware that differences in education, income, and imprisonment reflect not only bias against phenotype, but the fact that success begets whiteness. And vice versa.

Watch the whole thing here:

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="" width="560"></iframe>

Lisa Wade is a professor at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. Find her on TwitterFacebook, and Instagram.

(View original at

Planet Linux AustraliaJames Purser: New episode out this weekend

So I finally managed to catch up with Chris Arnade and have a chat about his Faces of Addiction project last friday night. I don't think I was at my best (but, after a year off and the interview being at 11pm I'm going to cut myself a little slack).

I'll be putting the episode out this weekend and will let everyone know when it's up.


Worse Than FailureCodeSOD: Sorting Cabinets

Sorting. It’s a well-studied class of problem, with a number of well-understood solutions. These days, pretty much any time you need to sort a collection, there’s a language-or-framework-provided function that handles it for you. Sure, a Better Idiot™ might try and implement their own sorting algorithm from scratch, but your Regular <script src="" type="text/javascript"></script> Idiot™ just has to call .sort- it’s Idiot Proof™, right

Well, David S. found a better idiot.

    public List<CabinetAjax> getAllCabinets() {
        try {
            List m = new Vector<CabinetAjax>();
            List cabinets = SpecificObjectManager.getAllPrograms();
            Iterator it = cabinets.iterator();
            while (it.hasNext()) {
                CabinetAjax ca = new CabinetAjax();
                SearchProgramShell cabinet = (SearchProgramShell);
                Collections.sort(m, new CabinetAjaxTitleComparator());
            return m;
        } catch (Exception e) {
            log.error(e.toString(), e);
        } finally {
        return null;

The goal here is to return sorted list of Cabinet details- which you’ll note is just an ID and Title, meaning this could just be a map instead of a class, but that’s barely a WTF. No, it’s the call to sort every time. According to David, there are 12,000 Cabinet objects, so that’s 12,000 sorts, with one more element each time. I leave the total Big-O for this implementation up to the reader.

Even better- that call to sort happens before the object is added to the collection, which means the list returned will always be sorted except for the last element in the list.

So not only is it inefficient, but it doesn’t actually work. Oh, and that exception handler is one step up from an empty catch block, and a small step at that.

<link href="" rel="stylesheet"/> <script src=""></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

Planet Linux AustraliaOpenSTEM: Trolling Self-Driving Cars

XKCD’s Randall nails it beautifully, as usual…

sure you can code around this particular “attack vector”, but there are infinite possibilities… these are things we do have to consider along the way.

Planet Linux AustraliaMichael Still: How we got to test_init_instance_retries_reboot_pending_soft_became_hard

I've been asked some questions about a recent change to nova that I am responsible for, and I thought it would be easier to address those in this format than trying to explain what's happening in IRC. That way whenever someone compliments me on possibly the longest unit test name ever written, I can point them here.

Let's start with some definitions. What is the difference between a soft reboot and a hard reboot in Nova? The short answer is that a soft reboot gives the operating system running in the instance an opportunity to respond to an ACPI power event gracefully before the rug is pulled out from under the instance, whereas a hard reboot just punches the instance in the face immediately.

There is a bit more complexity than that of course, because this is OpenStack. A hard reboot also re-fetches image meta-data, and rebuilds the XML description of the instance that we hand to libvirt. It also re-populates any missing backing files. Finally it ensures that the networking is configured correctly and boots the instance again. In other words, a hard reboot is kind of like an initial instance boot, in that it makes fewer assumptions about how much you can trust the current state of the instance on the hypervisor node. Finally, a soft reboot which fails (probably because the instance operation system didn't respond to the ACPI event in a timely manner) is turned into a hard reboot after libvirt.wait_soft_reboot_seconds. So, we already perform hard reboots when a user asked for a soft reboot in certain error cases.

Its important to note that the actual reboot mechanism is similar though -- its just how patient we are and what side effects we create that change -- in libvirt they both end up as a shutdown of the virtual machine and then a startup.

Bug 1072751 reported an interesting edge case with a soft reboot though. If nova-compute crashes after shutting down the virtual machine, but before the virtual machine is started again, then the instance is left in an inconsistent state. We can demonstrate this with a devstack installation:

    Setup the right version of nova cd /opt/stack/nova git checkout dc6942c1218279097cda98bb5ebe4f273720115d Patch nova so it crashes on a soft reboot cat - > /tmp/patch <<EOF > diff --git a/nova/virt/libvirt/ b/nova/virt/libvirt/ > index ce19f22..6c565be 100644 > --- a/nova/virt/libvirt/ > +++ b/nova/virt/libvirt/ > @@ -34,6 +34,7 @@ import itertools > import mmap > import operator > import os > +import sys > import shutil > import tempfile > import time > @@ -2082,6 +2083,10 @@ class LibvirtDriver(driver.ComputeDriver): > # is already shutdown. > if state == power_state.RUNNING: > dom.shutdown() > + > + # NOTE(mikal): temporarily crash > + sys.exit(1) > + > # NOTE(vish): This actually could take slightly longer than the > # FLAG defines depending on how long the get_info > # call takes to return. > EOF patch -p1 < /tmp/patch restart nova-compute inside devstack to make sure you're running the patched version... Boot a victim instance cd ~/devstack source openrc admin glance image-list nova boot --image=cirros-0.3.4-x86_64-uec --flavor=1 foo Soft reboot, and verify its gone nova list nova reboot cacf99de-117d-4ab7-bd12-32cc2265e906 sudo virsh list ...virsh list should now show no virtual machines running as nova-compute crashed before it could start the instance again. However, nova-api knows that the instance should be rebooting... $ nova list +--------------------------------------+------+---------+----------------+-------------+------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+---------+----------------+-------------+------------------+ | cacf99de-117d-4ab7-bd12-32cc2265e906 | foo | REBOOT | reboot_started | Running | private= | +--------------------------------------+------+---------+----------------+-------------+------------------+ start nova-compute again, nova-compute detects the missing instance on boot, and tries to start it up again... sg libvirtd '/usr/local/bin/nova-compute --config-file /etc/nova/nova.conf' \ > & echo $! >/opt/stack/status/stack/; fg || \ > echo "n-cpu failed to start" | tee "/opt/stack/status/stack/n-cpu.failure" [...snip...] Traceback (most recent call last): File "/opt/stack/nova/nova/conductor/", line 444, in _object_dispatch return getattr(target, method)(*args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/oslo_versionedobjects/", line 213, in wrapper return fn(self, *args, **kwargs) File "/opt/stack/nova/nova/objects/", line 728, in save columns_to_join=_expected_cols(expected_attrs)) File "/opt/stack/nova/nova/db/", line 764, in instance_update_and_get_original expected=expected) File "/opt/stack/nova/nova/db/sqlalchemy/", line 216, in wrapper return f(*args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/oslo_db/", line 146, in wrapper ectxt.value = e.inner_exc File "/usr/local/lib/python2.7/dist-packages/oslo_utils/", line 195, in __exit__ six.reraise(self.type_, self.value, self.tb) File "/usr/local/lib/python2.7/dist-packages/oslo_db/", line 136, in wrapper return f(*args, **kwargs) File "/opt/stack/nova/nova/db/sqlalchemy/", line 2464, in instance_update_and_get_original expected, original=instance_ref)) File "/opt/stack/nova/nova/db/sqlalchemy/", line 2602, in _instance_update raise exc(**exc_props) UnexpectedTaskStateError: Conflict updating instance cacf99de-117d-4ab7-bd12-32cc2265e906. Expected: {'task_state': [u'rebooting_hard', u'reboot_pending_hard', u'reboot_started_hard']}. Actual: {'task_state': u'reboot_started'}

So what happened here? This is a bit confusing because we asked for a soft reboot of the instance, but the error we are seeing here is that a hard reboot was attempted -- specifically, we're trying to update an instance object but all the task states we expect the instance to be in are related to a hard reboot, but the task state we're actually in is for a soft reboot.

We need to take a tour of the compute manager code to understand what happened here. nova-compute is implemented at nova/compute/ in the nova code base. Specifically, ComputeVirtAPI.init_host() sets up the service to start handling compute requests for a specific hypervisor node. As part of startup, this method calls ComputeVirtAPI._init_instance() once per instance on the hypervisor node. This method tries to do some sanity checking for each instance that nova thinks should be on the hypervisor:

  • Detecting if the instance was part of a failed evacuation.
  • Detecting instances that are soft deleted, deleting, or in an error state and ignoring them apart from a log message.
  • Detecting instances which we think are fully deleted but aren't in fact gone.
  • Moving instances we thought were booting, but which never completed into an error state. This happens if nova-compute crashes during the instance startup process.
  • Similarly, instances which were rebuilding are moved to an error state as well.
  • Clearing the task state for uncompleted tasks like snapshots or preparing for resize.
  • Finishes deleting instances which were partially deleted last time we saw them.
  • And finally, if the instance should be running but isn't, tries to reboot the instance to get it running.

It is this final state which is relevant in this case -- we think the instance should be running and its not, so we're going to reboot it. We do that by calling ComputeVirtAPI.reboot_instance(). The code which does this work looks like this:

    try_reboot, reboot_type = self._retry_reboot(context, instance) current_power_state = self._get_power_state(context, instance) if try_reboot: LOG.debug("Instance in transitional state (%(task_state)s) at " "start-up and power state is (%(power_state)s), " "triggering reboot", {'task_state': instance.task_state, 'power_state': current_power_state}, instance=instance) self.reboot_instance(context, instance, block_device_info=None, reboot_type=reboot_type) return [...snip...] def _retry_reboot(self, context, instance): current_power_state = self._get_power_state(context, instance) current_task_state = instance.task_state retry_reboot = False reboot_type = compute_utils.get_reboot_type(current_task_state, current_power_state) pending_soft = (current_task_state == task_states.REBOOT_PENDING and instance.vm_state in vm_states.ALLOW_SOFT_REBOOT) pending_hard = (current_task_state == task_states.REBOOT_PENDING_HARD and instance.vm_state in vm_states.ALLOW_HARD_REBOOT) started_not_running = (current_task_state in [task_states.REBOOT_STARTED, task_states.REBOOT_STARTED_HARD] and current_power_state != power_state.RUNNING) if pending_soft or pending_hard or started_not_running: retry_reboot = True return retry_reboot, reboot_type

So, we ask ComputeVirtAPI._retry_reboot() if a reboot is required, and if so what type. ComputeVirtAPI._retry_reboot() just uses nova.compute.utils.get_reboot_type() (aliased as compute_utils.get_reboot_type) to determine what type of reboot to use. This is the crux of the matter. Read on for a surprising discovery!

nova.compute.utils.get_reboot_type() looks like this:

    def get_reboot_type(task_state, current_power_state): """Checks if the current instance state requires a HARD reboot.""" if current_power_state != power_state.RUNNING: return 'HARD' soft_types = [task_states.REBOOT_STARTED, task_states.REBOOT_PENDING, task_states.REBOOTING] reboot_type = 'SOFT' if task_state in soft_types else 'HARD' return reboot_type

So, after all that it comes down to this. If the instance isn't running, then its a hard reboot. In our case, we shutdown the instance but haven't started it yet, so its not running. This will therefore be a hard reboot. This is where our problem lies -- we chose a hard reboot. The code doesn't blow up until later though -- when we try to do the reboot itself.

    @wrap_exception() @reverts_task_state @wrap_instance_event @wrap_instance_fault def reboot_instance(self, context, instance, block_device_info, reboot_type): """Reboot an instance on this host.""" # acknowledge the request made it to the manager if reboot_type == "SOFT": instance.task_state = task_states.REBOOT_PENDING expected_states = (task_states.REBOOTING, task_states.REBOOT_PENDING, task_states.REBOOT_STARTED) else: instance.task_state = task_states.REBOOT_PENDING_HARD expected_states = (task_states.REBOOTING_HARD, task_states.REBOOT_PENDING_HARD, task_states.REBOOT_STARTED_HARD) context = context.elevated()"Rebooting instance"), context=context, instance=instance) block_device_info = self._get_instance_block_device_info(context, instance) network_info = self.network_api.get_instance_nw_info(context, instance) self._notify_about_instance_usage(context, instance, "reboot.start") instance.power_state = self._get_power_state(context, instance) [...snip...]

And there's our problem. We have a reboot_type of HARD, which means we set the expected_states to those matching a hard reboot. However, the state the instance is actually in will be one correlating to a soft reboot, because that's what the user requested. We therefore experience an exception when we try to save our changes to the instance. This is the exception we saw above.

The fix in my patch is simply to change the current task state for an instance in this situation to one matching a hard reboot. It all just works then.

So why do we decide to use a hard reboot if the current power state is not RUNNING? This code was introduced in this patch and there isn't much discussion in the review comments as to why a hard reboot is the right choice here. That said, we already fall back to a hard reboot in error cases of a soft reboot inside the libvirt driver, and a hard reboot requires less trust of the surrounding state for the instance (block device mappings, networks and all those side effects mentioned at the very beginning), so I think it is the right call.

In conclusion, we use a hard reboot for soft reboots that fail, and a nova-compute crash during a soft reboot counts as one of those failure cases. So, when nova-compute detects a failed soft reboot, it converts it to a hard reboot and trys again.

Tags for this post: openstack reboot nova nova-compute
Related posts: One week of Nova Kilo specifications; Specs for Kilo; Juno nova mid-cycle meetup summary: nova-network to Neutron migration; Juno Nova PTL Candidacy; Juno nova mid-cycle meetup summary: scheduler; Juno nova mid-cycle meetup summary: ironic


Planet Linux AustraliaBlueHackers: Suicide doesn’t take away the pain, it gives it to someone else

"Suicide doesn't take away the pain, it gives it to someone else"This is something that I feel quite strongly about. Both of my parents have tried to commit suicide when I was young, at different times and stages of my life. The first one was when I was about 11 and I don’t remember too much about it, there was a lot of pain flying around the family at that time and I was probably shielded from the details. The second parent (by then long divorced from the other parent) tried when I was 21 and away at uni in a different city. That one I remember vividly, even though I wasn’t there.

My reactions to the second were still those of a child. Perhaps when it’s a parent, one’s reactions are always those of a child. For me the most devastating thought was a purely selfish one (as fits a child) “Do I mean that little to them? Am I not even worth staying alive for?” The pain of that thought was overwhelming.

At the time I was young, saw myself as an optimist and simply could not relate in any way to the amount of pain that would bring one to such an action. I was angry. I described suicide as “the most selfish act anyone could do”.

Now decades of time and a world of life experience later, I have stared into that dark abyss myself and I know the pain that leads one there. I know how all-encompassing the pain and darkness seems and how the needs of others fade. An end to the pain is all one wants and it seems inconceivable that one’s life has any relevance any more. In fact, one can even argue to oneself that others would be better off without one there.

In those dark times it was the certain knowledge of that pain I had experienced myself as one (almost) left behind that kept me from that road more firmly than anything else. By then I was a parent myself and there was just no way I was going to send my children the message that they meant so little to me they were not even worth living for.  Although living seemed to be the hardest thing I could do, there was no hesitation that they were worth it.

And beyond the children there are always others. Others who will be affected by a suicide, no matter of whom. None of us is truly alone. We all have parents, we may have siblings. Even if all our family is gone and we feel we have no friends, it is likely that there are people who care. The person at the corner shop from whom you buy milk on weekends and who may think “should I have known? Is there anything I could have done?” Even if you can argue that there is no-one that would notice or care, let’s be frank, someone is going to have to deal with the body and winding up of financial and other affairs. And I’m sure it’s really going to make their day!

Whenever I hear about trains being delayed because of incidents on the track I am immediately concerned for those on the train, not least of all the drivers. What have they ever done to that person to deserve the images that will now be impossible to erase from memory, which will haunt their nights and dark moments and which may lead them to require therapy.

There are many people, working for many organisations, some sitting at telephones in shifts 24 hrs a day, who want more than anything else to help people wrestling with these dark issues. They care. They really do. About everyone.

Help is always available. So let’s all acknowledge that suicide Always causes pain to others.

Need help?

Planet Linux AustraliaTridge on UAVs: APM:Plane 3.4.0 released

The ArduPilot development team is proud to announce the release of version 3.4.0 of APM:Plane. This is a major release with a lot of changes so please read the notes carefully!

First release with EKF by default

This is the also the first release that enables the EKF (Extended Kalman Filter) for attitude and position estimation by default. This has been in development for a long time, and significantly improves flight performance. You can still disable the EKF if you want to using the AHRS_EKF_USE parameter, but it is strongly recommended that you use the EKF. Note that if an issue is discovered with the EKF in flight it will automatically be disabled and the older DCM system will be used instead. That should be very rare.

In order to use the EKF we need to be a bit more careful about the setup of the aircraft. That is why in the last release we enabled arming and pre-arm checks by default. Please don't disable the arming checks, they are there for very good reasons.

Last release with APM1/APM2 support

This will be the last major release that supports the old APM1/APM2 AVR based boards. We have finally run out of flash space and memory. In the last few releases we spent quite a bit of time trying to squeeze more and more into the small flash space of the APM1/APM2, but it had to end someday if ArduPilot is to continue to develop. I am open to the idea of someone else volunteering to keep doing development of APM1/APM2 so if you have the skills and inclination do please get in touch. Otherwise I will only do small point release changes for major bugs.

Even to get this release onto the APM1/APM2 we had to make sacrifices in terms of functionality. The APM1/APM2 release is missing quite a few features that are on the Pixhawk and other boards. For example:

  • no rangefinder support for landing
  • no terrain following
  • no EKF support
  • no camera control
  • no CLI support
  • no advanced failsafe support
  • no HIL support (sorry!)
  • support for far fewer GPS types

that is just the most obvious major features that are missing on APM1/APM2. There are also numerous other smaller things where we need to take shortcuts on the APM1/APM2. Some of these features were
available on older APM1/APM2 releases but needed to be removed to allow us to squeeze the new release onto the board. So if you are happy with a previous release on your APM2 and want a feature that is in that older release and not in this one then perhaps you shouldn't upgrade.

PID Tuning

While most people are happy with autotune to tune the PIDs for their planes, it is nice also to be able to do fine tuning by hand. This release includes new dataflash and mavlink messages to help with that
tuning. You can now see the individual contributions of the P, I and D components of each PID in the logs, allowing you to get a much better picture of the performance.

A simple application of this new tuning is you can easily see if your trim is off. If the Pitch I term is constantly contributing a signifcant positive factor then you know that ArduPilot is having to
constantly apply up elevator, which means your plane is nose heavy. The same goes for roll, and can also be used to help tune your ground steering.

Vibration Logging

This release includes a lot more options for diagnosing vibration issues. You will notice new VIBRATION messages in MAVLink and VIBE messages in the dataflash logs. Those give you a good idea of your
(unfiltered) vibration levels. For really detailed analysis you can setup your LOG_BITMASK to include raw logging, which gives you every accel and gyro sample on your Pixhawk. You can then do a FFT on the
result and plot the distribution of vibration level with frequency. That is great for finding the cause of vibration issues. Note that you need a very fast microSD card for that to work!

Rudder Disarm

This is the first release that allows you to disarm using the rudder if you want to. It isn't enabled by default (due to the slight risk of accidentially disarming while doing aerobatics). You can enable it
with the ARMING_RUDDER parameter by setting it to 2. It will only allow you to disarm if the autopilot thinks you are not flying at the time (thanks to the "is_flying" heuristics from Tom Pittenger).

More Sensors

This release includes support for a bunch more sensors. It now supports 3 different interfaces for the LightWare range of Lidars (serial, I2C and analog), and also supports the very nice Septentrio RTK
dual-frequency GPS (the first dual-frequency GPS we have support for). It also supports the new "blue label" Lidar from Pulsed Light (both on I2C and PWM).

For the uBlox GPS, we now have a lot more configurability of the driver, with the ability to set the GNSS mode for different constellations. Also in the uBlox driver we support logging of the raw carrier phase and pseudo range data, which allows for post-flight RTK analysis with raw-capable receivers for really accurate photo missions.

Better Linux support

This release includes a lot of improvements to the Linux based autopilot boards, including the NavIO+, the PXF and ERLE boards and the BBBMini and the new RasPilot board. If you like the idea of flying
with Linux then please try it out!

On-board compass calibrator

We also have a new on-board compass calibrator, which also adds calibration for soft iron effects, allowing for much more accurate compass calibration. Support for starting the compass calibration in the
various ground stations is still under development, but it looks like this will be a big improvement to compass calibration.

Lots of other changes!

The above list is just a taste of the changes that have gone into this release. Thousands of small changes have gone into this release with dozens of people contributing. Many thanks to everyone who helped!

Other key changes include:

  • fixed return point on geofence breach
  • enable messages for MAVLink gimbal support
  • use 64 bit timestamps in dataflash logs
  • added realtime PID tuning messages and PID logging
  • fixed a failure case for the px4 failsafe mixer
  • added DSM binding support on Pixhawk
  • added ALTITUDE_WAIT mission command
  • added vibration level logging
  • ignore low voltage failsafe while disarmed
  • added delta velocity and delta angle logging
  • fix LOITER_TO_ALT to verify headings towards waypoints within the loiter radius
  • allow rudder disarm based on ARMING_RUDDER parameter
  • fix default behaviour of flaps
  • prevent mode switch changes changing WP tracking
  • make TRAINING mode obey stall prevention roll limits
  • disable TRIM_RC_AT_START by default
  • fixed parameter documentation spelling errors
  • send MISSION_ITEM_REACHED messages on waypoint completion
  • fixed airspeed handling in SITL simulators
  • enable EKF by default on plane
  • Improve gyro bias learning rate for plane and rover
  • Allow switching primary GPS instance with 1 sat difference
  • added NSH over MAVLink support
  • added support for mpu9250 on pixhawk and pixhawk2
  • Add support for logging ublox RXM-RAWX messages
  • lots of updates to improve support for Linux based boards
  • added ORGN message in dataflash
  • added support for new "blue label" Lidar
  • switched to real hdop in uBlox driver
  • improved auto-config of uBlox
  • raise accel discrepancy arming threshold to 0.75
  • improved support for tcp and udp connections on Linux
  • switched to delta-velocity and delta-angles in DCM
  • improved detection of which accel to use in EKF
  • improved auto-detections of flow control on pixhawk UARTs
  • Failsafe actions are not executed if already on final approach or land.
  • Option to trigger GCS failsafe only in AUTO mode.
  • added climb/descend parameter to CONTINUE_AND_CHANGE_ALT
  • added HDOP to uavcan GPS driver
  • improved sending of autopilot version
  • prevent motor startup with bad throttle trim on reboot
  • log zero rangefinder distance when unhealthy
  • added PRU firmware files for BeagleBoneBlack port
  • fix for recent STORM32 gimbal support
  • changed sending of STATUSTEXT severity to use correct values
  • added new RSSI library with PWM input support
  • fixed MAVLink heading report for UAVCAN GPS
  • support LightWare I2C rangefinder on Linux
  • improved staging of parameters and formats on startup to dataflash
  • added new on-board compass calibrator
  • improved RCOutput code for NavIO port
  • added support for Septentrio GPS receiver
  • support DO_MOUNT_CONTROl via command-long interface
  • added CAM_RELAY_ON parameter
  • moved SKIP_GYRO_CAL functionality to INS_GYR_CAL
  • added detection of bad lidar settings for landing

Note that the documentation hasn't yet caught up with all the changes in this release. We are still working on that, but meanwhile if you see a feature that interests you and it isn't documented yet then please ask.


Planet Linux AustraliaDavid Rowe: SNR and Eb/No Worked Example

German Hams Helmut and Alfred have been doing some fine work with FreeDV 700B at power levels as low as 50mW and SNRs down to 0dB over a 300km path. I thought it might be useful to show how SNR relates to Eb/No and Bit Error Rate (BER). Also I keep having to work this out myself on scraps of paper so nice to get it written down somewhere I can Google.

This plot shows the Eb/No versus BER for of a bunch of modems and channels. The curves show how much (Eb/No) we need for a certain Bit Error Rate (BER). Click for a larger version.

The lower three curves show the performance of modems in an AWGN channel – a channel that just has additive noise (like a very slow fading HF channel or VHF). The Blue curve just above the Red (ideal QPSK) is the cohpsk modem in an AWGN channel. Time for some math:

The energy/bit Eb = power/bit rate = S/Rb. The total noise the demod sees is No (noise power in 1Hz) multiplied by the bandwidth B, so N=NoB. Re-arranging a bit we get:

    SNR = S/N = EbRb/NoB

or in dB:

    SNR(db) = Eb/No(dB) + 10log10(Rb/B)

So for FreeDV 700B, the bit rate Rb = 700, B = 3000 Hz (for SNR in a 3000Hz bandwidth) so we get:

    SNR = Eb/No – 6.3

Now, say we need a BER of 2% or 0.02 for speech, the lower Blue curve says we need an Eb/No = 4dB, so we get:

    SNR = 4 – 6.3 = -2.3dB

So if the modem is working down to “just” 0dB we are about 2dB worse than theoretical. This is due to the extra bandwidth taken by the pilot symbols (which translates to 1.5dB), some implementation “loss” in the sync algorithms, and non linearities in the system.

I thought it worth explaining this a little more. These skills will be just as important to people experimenting with the radios of the 21st century as Ohms law was in the 20th.

Krebs on SecurityBidding for Breaches, Redefining Targeted Attacks

A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of “targeted attacks.” These bid-and-ask forums match crooks who are looking for access to specific data, resources or systems within major corporations with hired muscle who are up to the task or who already have access to those resources.

A good example of this until recently could be found at a secretive online forum called “Enigma,” a now-defunct community that was built as kind of eBay for data breach targets. Vetted users on Enigma were either bidders or buyers — posting requests for data from or access to specific corporate targets, or answering such requests with a bid to provide the requested data. The forum, operating on the open Web for months until recently, was apparently scuttled when the forum administrators (rightly) feared that the community had been infiltrated by spies.

The screen shot below shows several bids on Enigma from March through June 2015, requesting data and services related to HSBC UK, Citibank, Air Berlin and Bank of America:

Enigma, an exclusive forum for cyber thieves to buy and sell access to or data stolen from companies.

Enigma, an exclusive forum for cyber thieves to buy and sell access to or data stolen from companies.

One particularly active member, shown in the screen shot above and the one below using the nickname “Demander,” posts on Jan. 10, 2015 that he is looking for credentials from Cisco and that the request is urgent (it’s unclear from the posting whether he’s looking for access to Cisco Corp. or simply to a specific Cisco router). Demander also was searching for services related to Bank of America ATMs and unspecified data or services from Wells Fargo.

More bids on Enigma forum for services.

More bids on Enigma forum for services, data, and access to major corporations.

Much of the information about Enigma comes from Noam Jolles, a senior intelligence expert at Diskin Advanced Technologies. The employees at Jolles’ firm are all former members of Shin Bet, a.k.a. the Israel Security Agency/General Security Service — Israel’s counterespionage and counterterrorism agency, and similar to the British MI5 or the American FBI. The firm’s namesake comes from its founder, Yuval Diskin, who headed Shin Bet from 2005 to 2011.

“On Enigma, members post a bid and call on people to attack certain targets or that they are looking for certain databases for which they are willing to pay,” Jolles said. “And people are answering it and offering their merchandise.”

Those bids can take many forms, Jolles said, from requests to commit a specific cyberattack to bids for access to certain Web servers or internal corporate networks.

“I even saw bids regarding names of people who could serve as insiders,” she said. “Lists of people who might be susceptible to being recruited or extorted.”

Many experts believe the breach that exposed tens of millions user accounts at — an infidelity site that promises to hook up cheating spouses — originated from or was at least assisted by an insider at the company. Interestingly, on June 25, 2015 — three weeks before news of the breach broke — a member on a related secret data-trading forum called the “Gentlemen’s Club” solicits “data and service” related to AshleyMadison, saying “Don’t waste time if you don’t know what I’m talking about. Big job opportunity.”

On June 26, 2015, a forum member named "Diablo" requests data and services related to

On June 26, 2015, a “Gentlemen’s Club” forum member named “Diablo” requests data and services related to

Cybercrime forums like Enigma vet new users and require non-refundable deposits of virtual currency (such as Bitcoin). More importantly, they have strict rules: If the forum administrators notice you’re not trading with others on the forum, you’ll soon be expelled from the community. This policy means that users who are not actively involved in illicit activities — such as buying or selling access to hacked resources — aren’t allowed to remain on the board for long.


In some respects, the above-mentioned forums — as exclusive as they appear to be — are a logical extension of cybercrime forum activity that has been maturing for more than a decade.

As I wrote in my book, Spam Nation: The Inside Story of Organized Cyber Crime — From Global Epidemic to Your Front Door, “crime forums almost universally help lower the barriers to entry for would-be cybercriminals. Crime forums offer crooks with disparate skills a place to market and test their services and wares, and in turn to buy ill-gotten goods and services from others.”

globeauthThe interesting twist with forums like Enigma is that they focus on connecting miscreants seeking specific information or access with those who can be hired to execute a hack or supply the sought-after information from a corpus of already-compromised data. Based on her interaction with other buyers and sellers on these forums, Jolles said a great many of the requests for services seem to be people hiring others to conduct spear-phishing attacks — those that target certain key individuals within companies and organizations.

“What strikes me the most about these forums is the obvious use of spear-phishing attacks, the raw demand for people who know how to map targets for phishing, and the fact that so many people are apparently willing to pay for it,” Jolles said. “It surprises me how much people are willing to pay for good fraudsters and good social engineering experts who are hooking the bait for phishing.”

Jolles believes Enigma and similar bid-and-ask forums are helping to blur international and geographic boundaries between attackers responsible for stealing the data and those who seek to use it for illicit means.

“We have seen an attack be committed by an Eastern European gang, for example, and the [stolen] database will eventually get to China,” Jolles said. “In this data-trading arena, the boundaries are getting warped within it. I can be a state-level buyer, while the attackers will be eastern European criminals.”


Jolles said she began digging deeper into these forums in a bid to answer the question of what happens to what she calls the “missing databases.” Avivah Litan, a fraud analyst with Gartner Inc., wrote about Jolles’ research in July 2015, and explained it this way:

“Where has all the stolen data gone and how is it being used? 

We have all been bombarded by weekly, if not daily reports of breaches and theft of sensitive personal information at organizations such as Anthem, JP Morgan Chase and OPM. Yet, despite the ongoing onslaught of reported breaches (and we have to assume that only the sloppy hackers get caught and that the reported breaches are just a fraction of the total breach pie) – we have not seen widespread identity theft or personal damage inflicted from these breaches.

Have any of you heard of direct negative impacts from these thefts amongst your friends, family, or acquaintances? I certainly have not.

Jolles said a good example of a cybercriminal actor who helps to blur the typical geographic lines in cybercrime is a mysterious mass-purchaser of stolen data known to many on Enigma and other such forums by a number of nicknames, including “King,” but most commonly “The Samurai.”

“According to what I can understand so far, this was a nickname was given to him and not one he picked himself,” Jolles said. “He is looking for any kind of large volumes of stolen data. Of course, I am getting my information from people who are actually trading with him, not me trading with him directly. But they all say he will buy it and pay immediately, and that he is from China.”

What other clues are there that The Samurai could be affiliated with a state-sponsored actor? Jolles said this actor pays immediately for good, verifiable databases, and generally doesn’t haggle over the price.

“People think he’s Chinese, that he’s government because the way he pays,” Jolles said. “He pays immediately and he’s not negotiating.”

The Samurai may be just some guy in a trailer park in the middle of America, or an identity adopted by a group of individuals, for all I know. Alternatively, he could be something of a modern-day Keyser Söze, a sort of virtual boogeyman who gains mythical status among investigators and criminals alike.

Nevertheless, new forums like The Gentlemen’s Club and Enigma are notable because they’re changing the face of targeted attacks, building crucial bridges between far-flung opportunistic hackers, hired guns and those wishing to harness those resources.

Google AdsenseMeet us at Pubcon Las Vegas October 6-8

We're excited to be keynoting PubCon, October 8th in Las Vegas. Join Rich Zippel and me at the event to hear more about how our AdSense Program policies are enabling a healthy advertising ecosystem.

In our keynote panel discussion, we plan on providing an overview of AdSense policies, answering questions from publishers, and offering a glimpse into the future as we discuss upcoming policy directions and new initiatives designed to help publishers.

Other keynotes scheduled at Pubcon include: Guy Kawasaki of Canva, Duane Forrester of Microsoft’s Bing, Rand Fishkin of Moz, Gary Illyes of Google, and Wil Reynolds of Seer Interactive.

Register for Pubcon here. We hope to see you there.

Posted by John Brown
Head of Publisher Policy Communications

Cory DoctorowHow to save online advertising

My latest Guardian column, How to save online advertising, looks at the writing on the wall for ad-blockers and ad-supported publishing, and suggests one way to keep ads viable.

The mistrust between advertisers and publishers has given rise to a fourth entity in this ecosystem: ad counters. These are companies that generously offer to independently count the number of times the publishers serve the advertisers’ ads – all the advertiser needs to do is tell the publisher to put the ad-counters’ “beacons” on their pages. Of course, ad counters aren’t charitable operations: they give away this independent counting function because it lets them gather titanic amounts of information about browsing habits. When you use Ghostery or Privacy Badger to examine a page and discover that a dozen (or dozens!) of companies are tracking your visit there, that’s this dynamic at play.

Ad counters are really data brokers and they’re incredibly profitable. The data is sold to marketers, to governments, and to consumer-research institutions. The only reason that data can be economically captured and aggregated is because advertisers don’t trust publishers, and insist on allowing ad counters/data brokers to act as trusted third parties to count ad-views.

The boom in ad-blocking technology is driven by three factors: annoyance at the content of ads; annoyance at the effect of ads in slowing computers to a crawl and worries about privacy. Advertisers and publishers can do something about the first two. In the early history of the web, pop-up ads climbed to a kind of terrible apogee before collapsing catastrophically because of audience pushback. Given enough pushback, advertisers will figure out ways to make their ads less obnoxious and less processor-intensive.

But the privacy concerns – always a minority issue, now a growing worry – are not so easy to address. Ashley Madison and the Office of Personnel Management weren’t the big leak-quake: they were the tremors that warned of the coming tsunami. Every day, every week, every month, there will be a mounting drumbeat of privacy disasters. By this time next year, it’s very likely that someone you know will have suffered real, catastrophic harm due to privacy breaches. Maybe it’ll be you.

How to save online advertising [The Guardian]

ads,privacy,business,web theory

CryptogramHacking the Game Show "Press Your Luck"

Fascinating story about a man who figured out how to hack the game show "Press Your Luck" in 1984.

Worse Than FailureRegistered Students

Tim C. took pride in his work. He debugged Clockaburra, a timetabling and management suite, used in Australian high schools. Oftentimes, it was a simple problem that could be reproduced after a quick phone call from a client- usually a vice principal or the secretary. It’s when a bug can’t be reproduced that things get tricky, but Tim had the solution for that as well.

Class schedule

One day, he got a call shortly after lunch from a Mrs. Harriet, the vice principal of Charles Perkins High School. “All of our mathematics classes have disappeared from the schedule,” she said. “It just happened this morning.”

“What was the last thing anyone did to the schedule before the error?”

“Oh, I wouldn’t know,” Mrs. Harriet said. “There’s a few of us who use it. It could have been anything, really.”

This was, of course, the worst-case scenario. Tim had to go with Plan B. “Okay, I’m going to need part of your registry tree.”


Standard procedure of quality assurance is to recreate the reported environment as closely as possible, then isolate all the variables which could cause the issue until you find the root cause. Due to Clockaburra’s architecture, the easiest way of recreating the user’s environment on his machine was to get the client to send him the registry tree for Clockaburra in a .res file.

“Oh, I’m not sure I could do that,” she replied. “I wouldn’t know how.”

“Oh, it’s easy,” Tim said. “I’ll walk you through it.” Although it nearly broke his stress ball, he managed to guide Mrs. Harriet through the process. Then he walked her through attaching the file to an email, which was a bit of a puzzle for her. The email arrived, titled, “VERY IMPORTANT FILE”, with a .res file attached. The file was a surprisingly large 5MB, but Tim assumed they must just have an unusual installation on their end. He updated his registry with that file and rebooted.

Identity Crisis

Tim blinked. His screen displayed a login that read Charles Perkins High School. Above that was an image of Charles Perkins in his football kit. He tried his credentials and was met with an “Invalid Username” error.

His phone rang. It was Mrs. Harriet, who was eager to get all of those mathematics classes back on the schedule.

He laughed nervously. “It’s… uh… well underway,” he said. “I’ll get back to you with a full report once we have it fixed.”

Things not well underway, it was his turn to call his tech support, Bennelong.

“This is a first for me,” BEnnelong said, after taking one look at Tim’s new login screen. “What did you do last?”

“I was updating my registry with one a client sent. She sent me the tree for Clockaburra which shouldn’t have-”

Tim remembered that the .res file Mrs. Harriet had sent was a chunky 5MB. She had sent her entire computer’s registry, not just for Clockaburra. His computer was tricked into thinking it was hers.

Academic Discretion

Bennelong used System Restore to get Tim’s system back to just before the call with Mrs. Harriet. Tim isolated the Clockaburra registry tree in the file, and soon pinpointed the issue as some invalid settings. Mrs. Harriet- or someone else- had blindly mis-configured the application in the most creative way Tim had seen yet. He returned Mrs. Harriet’s phone call late that afternoon with instructions on how to fix the problem.

“That took quite awhile,” she said. “Nothing serious, was it?”

“It was more of a snafu on my end,” Tim admitted. “I actually had to call tech support to get me out of a jam. I’m very sorry for the delay.”

“Well, I won’t tell if you won’t,” Mrs. Harriet said. “We all have our moments.”

[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

Planet Linux AustraliaLinux Users of Victoria (LUV) Announce: LUV Main October 2015 Meeting: Networking Fundamentals / High Performance Open Source Storage

Oct 6 2015 18:30
Oct 6 2015 20:30
Oct 6 2015 18:30
Oct 6 2015 20:30

6th Floor, 200 Victoria St. Carlton VIC 3053


• Fraser McGlinn, Networking Fundamentals, Troubleshooting and Packet Analysis
• Sam McLeod, High Performance, Open Source Storage

200 Victoria St. Carlton VIC 3053 (formerly the EPA building)

Before and/or after each meeting those who are interested are welcome to join other members for dinner. We are open to suggestions for a good place to eat near our venue. Maria's on Peel Street in North Melbourne is currently the most popular place to eat after meetings.

LUV would like to acknowledge Red Hat for their help in obtaining the venue and VPAC for hosting.

Linux Users of Victoria Inc. is an incorporated association, registration number A0040056C.

October 6, 2015 - 18:30

read more

Planet Linux AustraliaMichael Still: First trail run

So, now I trail run apparently. This was a test run for a hydration vest (thanks Steven Hanley for the loaner!). It was fun, but running up hills is evil.

Interactive map for this route.

Tags for this post: blog canberra trail run
Related posts: Second trail run; Chicken run; Update on the chickens; Boston; Random learning for the day


Planet Linux AustraliaChris Smart: Reset keyboard shortcuts in GNOME

Recently we had a Korora user ask how to reset the keybindings in GNOME, which they had changed.

I don’t think that the shortcuts program has a way to reset them, but you can use dconf-editor.

Open the dconf-editor program and browse to:


Anything that’s been modified should be in bold font. Select it then down the bottom on the right click the “Set to Default” button.

Hope that helps!

Planet Linux AustraliaPia Waugh: Government as an API: how to change the system

A couple of months ago I gave a short speech about Gov as an API at an AIIA event. Basically I believe that unless we make government data, content and transaction services API enabled and mashable, then we are simply improving upon the status quo. 1000 services designed to be much better are still 1000 services that could be integrated for users, automated at the backend, or otherwise transformed into part of a system rather than the unique siloed systems that we have today. I think the future is mashable government, and the private sector has already gone down this path so governments need to catch up!

When I rewatched it I felt it captured my thoughts around this topic really well, so below is the video and the transcript. Enjoy! Comments welcome.

The first thing is I want to talk about gov as an API. This is kind of like on steroids, but this goes way above and beyond data and gets into something far more profound. But just a step back, the to the concept of Government as a platform. Around the world a lot of Governments have adopted the idea of Government as a platform: let’s use common platforms, let’s use common standards, let’s try and be more efficient and effective. It’s generally been interpreted as creating platforms within Government that are common. But I think that we can do a lot better.

So Government as an API is about making Government one big conceptual API. Making the stuff that Government does discoverable programmatically, making the stuff that it does consumable programmatically, making Government the platform or a platform on which industry and citizens and indeed other Governments can actually innovate and value add. So there are many examples of this which I’ll get to but the concept here is getting towards the idea of mashable Government. Now I’m not here representing my employers or my current job or any of that kind of stuff. I’m just here speaking as a geek in Government doing some cool stuff. And obviously you’ve had the Digital Transformation Office mentioned today. There’s stuff coming about that but I’m working in there at the moment doing some cool stuff that I’m looking forward to telling you all about. So keep an eye out.

But I want you to consider the concept of mashable Government. So Australia is a country where we have a fairly egalitarian democratic view of the world. So in our minds and this is important to note, in our minds there is a role for Government. Now there’s obviously some differences around the edges about how big or small or how much I should do or shouldn’t do or whatever but the concept is that, that we’re not going to have Government going anywhere. Government will continue to deliver things, Government has a role of delivering things. The idea of mashable Government is making what the Government does more accessible, more mashable. As a citizen when you want to find something out you don’t care which jurisdiction it is, you don’t care which agency it is, you don’t care in some cases you know you don’t care who you’re talking to, you don’t care what number you have to call, you just want to get what you need. Part of the problem of course is what are all the services of Government? There is no single place right now. What are all of the, you know what’s all the content, you know with over a thousand websites or more but with lots and lots of websites just in the Federal Government and thousands more across the state and territories, where’s the right place to go? And you know sometimes people talk about you know what if we had improved SEO? Or what if we had improved themes or templates and such. If everyone has improved SEO you still have the same exact problem today, don’t you? You do a google search and then you still have lots of things to choose from and which one’s authoritative? Which one’s the most useful? Which one’s the most available?

The concept of Government as an API is making content, services, API’s, data, you know the stuff that Government produces either directly or indirectly more available to collate in a way that is user centric. That actually puts the user at the centre of the design but then also puts the understanding that other people, businesses or Governments will be able to provide value on top of what we do. So I want to imagine that all of that is available and that everything was API enabled. I want you to imagine third party re-use new applications, I mean we see small examples of that today. So to give you a couple of examples of where Governments already experimenting with this idea. obviously my little baby is one little example of this, it’s a microcosm. But whilst ever data, open data was just a list of things, a catalogue of stuff it was never going to be that high value.

So what we did when we re-launched a couple of years ago was we said what makes data valuable to people? Well programmatic access. Discovery is useful but if you can’t get access to it, it’s almost just annoying to be able to find it but not be able to access it. So how do we make it most useful? How do we make it most reusable, most high value in capacity shall we say? In potentia? So it was about programmatic access. It was about good meta data, it was about making it so it’s a value to citizens and industry but also to Government itself. If a Government agency needs to build a service, a citizen service to do something, rather than building an API to an internal system that’s privately available only to their application which would cost them money you know they could put the data in Whether it’s spatial or tabular and soon to be relational, you know different data types have different data provision needs so being able to centralise that function reduces the cost of providing it, making it easy for agencies to get the most out of their data, reduce the cost of delivering what they need to deliver on top of the data also creates an opportunity for external innovation. And I know that there’s already been loads of applications and analysis and uses of data that’s on and it’s only increasing everyday. Because we took open data from being a retrospective, freedom of information, compliance issue, which was never going to be sexy, right? We moved it towards how you can do things better. This is how we can enable innovation. This is how agencies can find each other’s data better and re-use it and not have to keep continually repeat the wheel. So we built a business proposition for that started to make it successful. So that’s been cool.

There’s been experimentation of gov as an API in the ATO. With the SBR API. With the ABN lookup or ABN lookup API. There’s so many businesses out there. I’m sure there’s a bunch in the room. When you build an application where someone puts in a business name into a app or into an application or a transaction or whatever. You can use the ABN lookup API to validate the business name. So you know it’s a really simple validation service, it means that you don’t have, as unfortunately we have right now in the whole of Government contracts data set 279 different spellings for the Department of Defence. You can start to actually get that, use what Government already has as validation services, as something to build upon. You know I really look forward to having whole of Government up to date spatial data that’s really available so people can build value on top of it. That’ll be very exciting. You know at some point I hope that happens but. Industry, experimented this with energy ratings data set. It’s a very quick example, they had to build an app as you know Ministers love to see. But they built a very, very useful app to actually compare when you’re in the store. You know your fridges and all the rest of it to see what’s best for you. But what they found, by putting the data on they saved money immediately and there’s a brilliant video if you go looking for this that the Department of Industry put together with Martin Hoffman that you should have a look at, which is very good. But what they found is by having the data out there, all the companies, all the retail companies that have to by law put the energy rating of every electrical device they sell on their brochures traditionally they did it by goggling, right? What’s the energy rating of this, whatever other retail companies using we’ll use that.

Completely out of date and unauthorised and not true, inaccurate. So by having the data set publically available kept up to date on a daily basis, suddenly they were able to massively reduce the cost of compliance for a piece of regulatory you know, so it actually reduced red tape. And then other application started being developed that were very useful and you know Government doesn’t have all the answers and no one pretends that. People love to pretend also that Government also has no answers. I think there’s a healthy balance in between. We’ve got a whole bunch of cool, innovators in Government doing cool stuff but we have to work in partnership and part of that includes using our stuff to enable cool innovation out there.

ABS obviously does a lot of work with API’s and that’s been wonderful to see. But also the National Health Services Directory. I don’t know who, how many people here know that? But you know it’s a directory of thousands, tens of thousands, of health services across Australia. All API enabled. Brilliant sort of work. So API enabled computing and systems and modular program design, agile program design is you know pretty typical for all of you. Because you’re in industry and you’re kind of used to that and you’re used to getting up to date with the latest thing that’ll make you competitive.

Moving Government towards that kind of approach will take a little longer but you know, but it has started. But if you take an API enabled approach to your systems design it is relatively easy to progress to taking an API approach to exposing that publically.

So, I think I only had ten minutes so imagine if all the public Government information services were carefully, were usefully right, usefully discoverable. Not just through using a google search, which appropriate metadata were and even consumable in some cases, you know what if you could actually consume some of those transaction systems or information or services and be able to then re-use it somewhere else. Because when someone is you know about to I don’t know, have a baby, they google for it first right and then they go to probably a baby, they don’t think to come to government in the first instance. So we need to make it easier for Government to go to them. When they go to, why wouldn’t be able to present to them the information that they need from Government as well. This is where we’re starting to sort of think when we start following the rabbit warren of gov as an API.

So, start thinking about what you would use. If all of these things were discoverable or if even some of them were discoverable and consumable, how would you use it? How would you innovate? How would you better serve your customers by leveraging Government as an API? So Government has and always will play a part. This is about making Government just another platform to help enable our wonderful egalitarian and democratic society. Thank you very much.

Postnote: adopting APIs as a strategy, not just a technical side effect is key here. Adopting modular architecture so that agencies can adopt the best of breed components for a system today, tomorrow and into the future, without lock in. I think just cobbling APIs on top of existing systems would miss the greater opportunity of taking a modular architecture design approach which creates more flexible, adaptable, affordable and resilient systems than the traditional single stack solution.


Geek FeminismA linkspam of Earthsea (22 September 2015)

  • Kate Beaton Talks Superheroes and Brontë Sisters | Vulture: “Beaton soldiers on, and this month, she’s releasing a new strip collection called Step Aside, Pops. It shows her moving into new territory, such as riffs on superhero comics… We caught up with Beaton to talk about giant robots, Tumblr arguments, and historical topics that are just too damn sad for comics.”
  • Outreachy Expands to People of Color Underrepresented in U.S. Tech | Software Freedom Conservancy: : “Outreachy’s expanded program will now include residents and nationals of the United States of any gender who are Black/African American, Hispanic/Latin@, American Indian, Alaska Native, Native Hawaiian, or Pacific Islander.”
  • Coping Mechanisms and Unlearned Skills | Accidentally in Code: “One of the things I’ve been meditating on since escaping the tech industry is what skills do you not acquire when the main skills you are learning are how to cope in a bad situation? And do you have to unlearn them to go back?”
  • The (Final?) Cost of Ben Radford’s Libel Bullying: About $5K | Skepchick: : “I think there’s a huge public interest in understanding exactly why libel threats are so often successful at censoring speech. In my experience, it comes down to two reasons: the enormous potential cost (both financial and psychological) of going to court, and the slightly lower enormous actual cost (both financial and psychological) of what happens before you even get to a courtroom.”
  • Why the ‘Kitchen of the Future’ Always Fails Us | Eater: “Around the corner, in the kitchen, our lovely future wife is making dinner. She always seems to be making dinner. Because no matter how far in the future we imagine, in the kitchen, it is always the 1950’s, it is always dinnertime, and it is always the wife’s job to make it. Today’s homes of the future are full of incredible ideas and gizmos, but while designers seems happy to extrapolate far beyond what we can do today when it comes to battery life or touch screens, they can’t seem to wrap their minds around any changes happening culturally. In a future kitchen full of incredible technology, why can we still not imagine anything more interesting than a woman making dinner alone?”
  • How Gamergate’s earliest target came to empathize with her abusers | The Verge: “In the months since, Quinn — an indie game developer known best for her cult hit Depression Quest — has spent a lot of time investigating why people who have never met her have devoted so much energy to harassing her. The more she considered the problem, she says, the more she recognized herself in her attackers. And that gave her a new insight into why users of social platforms like Facebook and Twitter are so quick to pick up pitchforks when they perceive an injustice.”
  • Ellen Pao Can Still be a Feminist Hero | Elle: “Maybe somewhere there is a CEO who will really promote women and minorities rather than just talk about it, or a whistleblower who vows not to be chilled by it all. We already know there is discrimination—unless you believe that white men are just better than everyone else, which I don’t. Regardless of any minor victory Pao may have scored here, let’s not forget that it is in the context of conceding defeat. We still have a long, long way to go. Is this the end of the Ellen Pao saga? No—because it’s ours.”
  • Party Like It’s 1995: The Rise and Fall of the Girl Game | Autostraddle: “Once there was a whole movement that wished those same things. The girl game movement was a briefly lived golden era of pink-wrapped PC games made for, and marketed to, young girls… Game developers realized they were missing out on a share of the market, so they went pink and purple (those are the only colors girl children see, you know). Girls’ games were almost all available on CD-rom, based on the idea that girls did not own the consoles that were available in the late 90s.”
  • Kiera Wilmot arrest: Florida teenager reacts to Ahmed Mohamed story | Slate: “I spoke with Wilmot—now 19 and a sophomore at Florida Polytechnic University majoring in mechanical engineering—this morning about Mohamed’s predicament. She said that her first reaction was anger: “I honestly thought, ‘How could this happen to somebody else?’”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet Linux AustraliaBinh Nguyen: More JSF Thoughts, Theme Hospital, George W. Bush Vs Tony Abbott, and More

- people in charge of running the PR behind the JSF program have handled it really badly at times. If anyone wants to really put the BVR combat perspective back into perspective they should point back to the history of other 'sealth aircraft' such as the B-2 instead of simply repeating the mantra, it will work in the future. People can judge the past, they can only speculate about the future and watch as problem after problem seems to be highlighted with the program
- for a lot of countries the single engined nature of the aircraft makes little sense. Will be interesting how the end game plays out. It seems clear that some countries have been co-erced into purchasing the JSF rather than the JSF earning it's stripes entirely on merit
Norway to reduce F-35 order?
F-35 - Runaway Fighter - the fifth estate
- one thing I don't like about the program is the fact that if there is crack in the security of the program all countries participating in the program are in trouble. Think about computer security. Once upon a time it was claimed that Apple's Mac OS X and that Google's technology was best and that Android was impervious to security threats. It's become clear that these beliefs are nonsensical. If all allies switch to stealth based technologies all enemies will switch to trying to find a way to defeat it
- one possible attack against stealth aircraft I've ben thinking of revolves around sensory deprivation of the aircrafts sensors. It is said that the AESA RADAR capability of the JSF is capable of frying other aircraft's electronics. I'd be curious to see how attacks against airspeed, attitude, and other sensors would work. Both the B-2 and F-22 have had trouble with this...
- I'd be like the US military to be honest. Purchase in limited numbers early on and test it or let others do the same thing. Watch and see how the program progresses before making joining in
- never, ever make the assumption that the US will give back technology that you have helped to develop alongside them if they have iterated on it. A good example of this is the Japanese F-2 program which used higher levels of composite in airframe structure and the world's first AESA RADAR. Always have backup or keep a local research effort going even if the US promise to transfer knowledge back to a partner country
- as I've stated before the nature of detterance as a core defensive theory means that you are effectively still at war because it diverts resources from other industries back into defense. I'm curious to see how economies would change if everyone mutually agreed to drop weapons and platforms with projected power capabilities (a single US aircraft carrier alone costs about $14B USD, a B-2 bomber $2B, a F-22 fighter $250M USD, a F-35 JSF ~$100M USD, etc...) and only worried about local, regional, defense...
- people often accuse the US of poking into areas where they shouldn't. The problem is that they have so many defense agreements that it's difficult for them not to. They don't really have a choice sometimes. The obvious thing is whether or not they respond in a wise fashion
- in spite of what armchair generals keep on saying the Chinese and Russians would probably make life at least a little difficult for the US and her allies if things came to a head. It's clear that a lot of weapons platform's and systems that are now being pursued are struggles for everyone who is engaged in them (technically as well as cost wise) and they already have some possible counter measures in place. How good they actually are is the obvious question though. I'm also curious how good their OPSEC is. If they're able to seal off their scientists entirely in internal test environments then details regarding their programs and capabilities will be very difficult to obtain owing the the heavy dependence by the West purely on SIGINT/COMINT capabilities. They've always had a hard time gaining HUMINT but not the other way around...
- some analysts/journalists say that the 'Cold War' never really ended, that it's effectively been in hibernation for a while. The interesting thing is that in spite of what China has said regarding a peaceful rise it is pushing farther out with it's weapons systems and platforms. You don't need an aircraft carrier to defend your territory. You just need longer range weapons systems and platforms. It will be interesting to see how far China chooses to push out in spite of what is said by some public servants and politicians it is clear that China wants to take a more global role
- technically, the US wins many of the wars that it chooses. Realistically, though it's not so clear. Nearly every single adversary now engages in longer term, guerilla style tactics. In Afghanistan, Iraq, Iran, Libya, and elsewhere they've basically been waiting for allied forces to clear out before taking their opportunity
- a lot of claims regarding US defense technology superiority makes no sense. If old Soviet era SAM systems are so worthless against US manufactured jets then why bother to going to such extents with regard to cyberwarfare when it comes to shutting them down? I am absolutely certain that there is no way that the claim that some classes of aircraft have never been shot down is not true
- part of me wonders just exactly how much effort and resources are the Chinese and Russians genuinely throwing at their 5th gen fighter programs. Is it possible that they are simply waiting until most of the development is completed by the West and then they'll 'magically' have massive breakthroughs and begin full scale production of their programs? They've had a history of stealing and reverse engineering a lot of technology for a long time now
- the US defense budget seems exhorbitant. True, their requirements are substantially different but look at the way they structure a lot of programs and it becomes obvious why as well. They're often very ambitious with multiple core technologies that need to be developed in order for the overall program to work. Part of me thinks that their is almost a zero sum game at times. They think that they can throw money at some problems and it will be solved. It's not as simple as that. They've been working on some core problem problems like directed energy weapons and rail guns for a long time now and have had limited success. If they want a genuine chance at this they're better off understanding the problem and then funding the core science. It's much like their space and intelligence programs where a lot of other spin off technologies were subsequently developed
- reading a lot of stuff online and elsewhere it becomes much clearer that both sides often underestimate one another (less often by people in the defense or intelligence community) . You should track and watch things based on what people do, not what they say
- a lot of countries just seem to want to stay out of the geo-political game. They don't want to choose sides and couldn't care less. Understandable, seeing the role that both countries play throughout the world now
- the funny thing is that some of the countries that are pushed back (Iran, North Korea, Russia, etc...) don't have much too lose. US defense alone has struggled to identify targets worth bombing in North Korea and how do you force a country to comply if they have nothing left to lose such as Iran or North Korea? It's unlikely China or Russia will engage in all out attack in the near to medium future. It's likely they'll continue to do the exact same thing and skirt around the edges with cyberwarfare and aggressive intelligence collection
- It's clear that the superpower struggle has been underway for a while now. The irony is that this is game of economies as well as technology. If the West attempt to compete purely via defense technology/deterrence then part of me fears they will head down the same pathway that the USSR went. It will collapse under the strain of a defense (and other industries) that are largely worthless (under most circumstances) and does nothing for the general poplation. Of course, this is partially offset by a potential new trade pact in the APAC region but I am certain that this will inevitably still be in favour of the US especially with their extensive SIGINT/COMINT capability, economic intelligence, and their use of it in trade negotiations
- you don't really realise how many jobs and money is on the line with regards to the JSF program until you do the numbers

An old but still enjoyable/playable game with updates to run under Windows 7

Watching footage about George W. Bush it becomes much clearer that he was somewhat of a clown who realised his limitations. It's not the case with Tony Abbott who can be scary and hilarious at times
Last Week Tonight with John Oliver: Tony Abbott, President of the USA of Australia (HBO)
Must See Hilarious George Bush Bloopers! - VERY FUNNY

Once upon a time I read about a Chinese girl who used a pin in her soldering iron to do extremely fine soldering work. I use solder paste or wire glue. Takes less time and using sticky/masking tape you can achieve a really clean finish!/

CryptogramBuying an Online Reputation

The story of a reporter who set up a fake business and then bought Facebook fans, Twitter followers, and online reviews. It was surprisingly easy and cheap.

CryptogramBringing Frozen Liquids through Airport Security

Gizmodo reports that UK airport security confiscates frozen liquids:

"He told me that it wasn't allowed so I asked under what grounds, given it is not a liquid. When he said I couldn't take it I asked if he knew that for sure or just assumed. He grabbed his supervisor and the supervisor told me that 'the government does not classify that as a solid'. I decided to leave it at that point. I expect they're probably wrong to take it from me. They'd probably not seen it before, didn't know the rules, and being a bit of an eccentric request, decided to act on the side of caution. They didn't spend the time to look it up."

As it happens, I have a comparable recent experience. Last week, I tried to bring through a small cooler containing, among other things, a bag of ice. I expected to have to dump the ice at the security checkpoint and refill it inside the airport, but the TSA official looked at it and let it through. Turns out that frozen liquids are fine. I confirmed this with TSA officials at two other airports this week.

One of the TSA officials even told me that what he was officially told is that liquid explosives don't freeze.

So there you go. The US policy is more sensible. And anyone landing in the UK from the US will have to go through security before any onward flight, so there's no chance at flouting the UK rules that way.

And while we're on the general subject, I am continually amazed by how lax the liquid rules are here in the US. Yesterday I went through airport security at SFO with an opened 5-ounce bottle of hot sauce in my carry-on. The screener flagged it; it was obvious on the x-ray. Another screener searched my bag, found it and looked at it, and then let me keep it.

And, in general, I never bother taking my liquids out of my suitcase anymore. I don't have to when I am in the PreCheck lane, but no one seems to care in the regular lane either. It is different in the UK.

Sociological ImagesSerena Williams responds to the “Smile!” treatment

Serena Williams, the winner of 21 Grand Slam titles and arguably the greatest living female athlete, was understandably exhausted after defeating her sister and best friend Venus Williams in the U.S. Open earlier this week. So she wasn’t having it when, during a post-match press conference on Tuesday, a reporter had the gall to ask why she wasn’t smiling.

Williams looked down and gave an exasperated sigh before shelling out the best response an athlete has given in an interview since football player Marshawn Lynch’s “I’m just here so I won’t get fined” trademark phrase.

It’s 11:30. To be perfectly honest with you, I don’t want to be here. I just want to be in bed right now and I have to wake up early to practice and I don’t want to answer any of these questions. And you keep asking me the same questions. It’s not really … you’re not making it super enjoyable.

Screen Shot 2015-09-11 at 1.17.53 PM

Nervous laughter may have broken out in the crowd, but what Williams expressed wasn’t a joke. All women are expected to perform femininity at the cost of being their authentic selves in the public sphere. Williams had just experienced what was likely one of the most emotionally and physically draining matches in her career. Taking on your sister in a high-stakes game isn’t easy. She had told the Associated Press before her win:

She’s the toughest player I’ve ever played in my life and the best person I know. It’s going against your best friend and at the same time going against the greatest competitor, for me, in women’s tennis.

It makes sense that she would not be smiling ear-to-ear during the media conference. But it turns out no matter how insanely accomplished or famous you become, you will still be subjected to the innocuous-sounding but ever-so-pernicious “why don’t you smile?” interjection from those who feel entitled to make demands of women. Williams’ retort was her attempt at dismantling that sense of entitlement. For those who say the reporter’s question was a harmless jest, they should ask themselves if Roger Federer or Rafael Nadal would ever be expected to defend their stern or tired expressions.

And the problem exists not just in the image-heavy world of professional sports. On Wednesday, Apple did little to change the public’s perception of the tech industry as a sexist one. During a launch presentation in San Francisco, the first woman to be seen on stage at the male-dominated event wasn’t a keynote speaker or even a presenter, but a model in a magazine photo. Adobe’s director of design used her image to show off the Photoshopping capabilities of the new iPad Pro.

What did he decide to Photoshop one might ask? A smile onto her face. He could have altered literally any aspect of any image he wanted but decided instead to force a woman’s visage into a grin.

Screen Shot 2015-09-11 at 1.16.15 PM

What happened at the tennis conference and the tech launch are symptoms of the same problem. Women, whether athletes or models, are often seen as products. They’re meant to be consumed and enjoyed, and expressions of personality — like not constantly grinning — distract from their role as ornaments.

It’s the reason projects like Stop Telling Women to Smile by Tatyana Fazlalizadeh have cropped up to address the microaggressions women face on a daily basis. Women don’t exist to smile for men and aren’t obligated to present a cheerful disposition to the world. To expect that denies us our humanity and only reinforces male privilege.

Anita Little is the associate editor at Ms., where this post originally appeared. You can follow her on Twitter.

(View original at

Worse Than FailureCodeSOD: The Coercive Types

Loosely typed languages may offer certain advantages in terms of ease of use and flexibility, but they bring another challenge: it’s difficult to know what it is you’re looking at. With no compiler type checking, it’s hard to compare two things, and that becomes extremely problematic when you’re working with languages like, say, JavaScript.

Ruby, in its quest to “make programmers happy”, took a simplistic approach to the Truthy vs. Falsy problem. False is false. Nil is false. Everything else is True. Ruby is often used by web developers, who may be more comfortable in languages like JavaScript and PHP.

That is presumably why Lisa found this debacle in her code base, placed there by a co-worker who preferred other web languages:

  def equivalent_values(old_value, new_value)
    if (old_value == false && new_value == "0") ||
       (old_value == "0" && new_value == false) ||
       (old_value == "1" && new_value == true) ||
       (old_value == true && new_value == "1")
      return true
    if (old_value.is_a?(Array) && old_value[0].to_s == new_value.to_s && old_value.size == 1) ||
       (new_value.is_a?(Array) && new_value[0].to_s == old_value.to_s && new_value.size == 1)
      return true

Yes, this also does some type coercion, after a fashion, so it’s a little broader that mere “Truthiness”, so my initial description may have been incomplete or misleading<script src="" type="text/javascript"></script>. For this block of code, that wouldn’t be the first time. For reasons no one can explain, this method was part of a module called TimestampHelper.

<link href="" rel="stylesheet"/> <script src=""></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] Scout is the best way to monitor your critical server infrastructure. With over 90 open source plugins, robust alerting, beautiful dashboards and a 5 minute install - Scout saves youvaluable engineering time. Try the server monitoring you'll 👍 today.Your first 30 days are free on us. Learn more at Scout.