Planet Russell


Falkvinge - Pirate PartyWhy I’ve Chosen To Go With Private Internet Access

Image of padlock

Civil Liberties: Some people have noticed I’m writing for a VPN service, and having my regular commentary on liberties presented by that VPN service: by Private Internet Access VPN. Seeing my previous stance on advertising, I think it merits some explanation why I’m choosing to associate with a service brand.

When I was posting once a day, this blog had one million visits a month. If you monetize that on advertising, it becomes quite a decent income – on the order of $3,000 a month, or frankly, enough to pay food and board for anywhere outside of San Francisco, Tokyo, or Hong Kong. And yet I didn’t. Why?

Because I posted from insight into high-level politics in Brussels, and my reasons were always political; I could not afford to have those motives questioned. Having even a little small advertising would make it possible to interpret my motives for outrage and frustration as simple clickbait – especially so when I was speculating on something or reporting on more subtle developments that might never materialize. Putting it in real terms, keeping my motives straight came with a price tag of several thousand US dollars a month, money that I chose to leave on the table.

Therefore, I would not agree to sponsoring lightly – not given the name I’ve worked hard to build. Especially given my very early investment in bitcoin (2011); I’m not starving, even if Gox ate a lot of my coin. However, it’s also the case that there are few people who both do things right on the net, and do things right for the right reasons, and I think these people deserve to be called out as good examples to be followed.

Bahnhof is one such actor, the Swedish ISP. They have consistently and tenaciously defended liberty online against governmental overreach and tabloid-fueled moral panic alike. When the Security Police came to visit their offices, to convince and pressure them to rat out their users in realtime bulk wiretaps, they famously recorded and published that conversation instead, causing huge headlines in Swedish media and rightfully shaming the Security Police into submission. That wasn’t a one-off, either – they keep doing things like that. However, their scope and offering is limited to Scandinavia, which is why I don’t write about them much on an English blog.

(Yes, my 100-megabit fiber, the one you’re reading this from and the one I’m writing this at, is indeed served by Bahnhof.)

So when the idea of sponsorship appeared, I was reluctant and cautious at first until I had looked at Private Internet Access VPN more in depth. A VPN company does provide a valuable service for liberty today, but do they also do things the right way and for the right reasons?

One such divider is whether a VPN provider accepts bitcoin. Another whether they save logs for “lawful use”, which can mean getting people killed in jurisdictions where it’s illegal to protest against the regime. Accepting bitcoin would mean that they honestly had no way of identifying a user, even if they wanted; there would be nothing to link to. Saving logs “for lawful use”, in contrast, would be an indicator that a VPN company didn’t have their head screwed on straight: the whole point is to defend liberty at a much more fundamental level than the laws on the books just right now. The perspective is centuries, not years or months.

It turns out that Private Internet Access not only satisfies criteria like these, but have walked an extra mile to run operations in jurisdictions that maximize liberty. From where I stand, they seem to operate under the principle that a successful business always follows passion for a good cause, and not the other way around.

Now, a VPN service – all of them, even – isn’t enough to save the net and liberty from kleptocratic politicians. But a liberty attitude combined with a service attitude is. Courage is contagious. And a VPN service is a good part of your overall security portfolio, even if it should never be the only one.

You’ll notice that TorrentFreak ran an article on which VPN services to trust in a “2015 edition” review yesterday. Private Internet Access is the first service listed. While I’d recommend reading all of it, I’m choosing a few highlights:

We do not log, period. This includes, but is not limited to, any traffic data, DNS data or meta (session) data. Privacy IS our policy. … We do not log and therefore are unable to provide information about any users of our service. We have not, to date, been served with a valid court order that has required us to provide something we do not have. … We do not attempt to filter, monitor, censor or interfere in our users’ activity in any way, shape or form. BitTorrent is, by definition, allowed.

Feel free to compare this stance to your current ISP. Do read it again if you like.

So to answer the initial question, why do I associate with a service brand? Because I think good people deserve recognition, and they deserve to be the measuring stick for the industry as a whole. This is the kind of attitude – both Bahnhof’s and Private Internet Access’s – that the rest of the Internet industry should aspire to, and needs to aspire to. (If other players need a nudge in that direction, it’s also enormously good business sense to put the interests of your customers before the invasive whims of your governments and authorities.)

As a final note for the sake of transparency, just to overcommunicate that point, I do get sponsorship funds from Private Internet Access for writing and talking about liberty in general – though not for writing this specific article; I’m doing that because I want to explain my motives. But as a sponsoree, I do have affiliate links for signing up, and if you want to use such a link, mine is here. They’re also reachable from TorrentFreak, presumably with TF’s affiliate program if you’re thinking of signing up and would rather send a little affiliate portion to TorrentFreak’s good reporting.

TEDWhy I chose to stand up, alone: TED Fellow Boniface Mwangi on risking his life for justice in Kenya

Boniface Mwangi portrait

Boniface Mwangi stands in front of one of the murals he helped create. The main character is “the Vulture” — a stand-in for Kenya’s corrupt politicians. Photo: Allan Gichingi

Award-winning photojournalist Boniface Mwangi captured the 2007-2008 post-election violence in Kenya unflinchingly through the lens of his camera. But the horrors he witnessed propelled him into a new career as an activist and artist. Here, Mwangi talks to the TED Blog about the events that led him to stand up against injustice, literally, rather than simply document it.

Tell us about your experience on the front lines of the post-election violence in Kenya.

At the time, I was a photographer working for The Standard, one of the largest newspapers in Kenya. It was a routine election, though hotly contested. There were two contenders: Raila Odinga and Mwai Kibaki. Kibaki won — at least he claimed that he won — while Raila claimed that he was the rightful winner and that Kibaki had rigged the election. So the supporters of the two politicians erupted into fighting over the results. What followed was ugly, bloody, terrible violence. More than a thousand people were killed, and more than half a million displaced. My job was just to document this violence as a photographer.

Why do you think this particular event created such a violent response?

During the build-up of the election, there was a lot of terrible tribal rhetoric. The politicians were inciting people, slowly. Whatever the outcome was, the losing side would not be ready to accept the results. There were a lot of underlying, unresolved issues; a violent response was inevitable. It didn’t just happen. It was very deliberate.

Boniface Mwangi documented post-election violence in Kenya in 2007, an experience that made him turn to art and activism. Photo: Boniface Mwangi

Boniface Mwangi was assigned to photograph the post-election violence in Kenya in 2007. His photos are unflinching, capturing violence from both civilians and soldiers. Photo: Boniface Mwangi

Did you see it coming?

No. No one saw it coming. You see, we’d had elections before in 1992 and 1997 where people died — maybe 10, 20, 50, 100 — but it was a scattered number and relatively few. The sheer brutality of 2007’s events — this level of orchestrated violence — had never been seen before in Kenya.

Did other Kenyans try to stop it?

The violence was in low-income neighborhoods, and most Kenyans did not know the extent of what was going on. If you are extremely poor, you only get your news on the radio. All those communities heard about were numbers of the dead and displaced, and they couldn’t relate. If you’re middle class, you might get the paper or watch TV, but graphic pictures were not shown because TV content is classified for family audiences. Most Kenyans did not see what really happened.

What were the police doing while this was happening?

By and large, the monstrosity of the violence overwhelmed them. Unfortunately, the police were perpetrators as well. I took pictures of women who had been raped by the policemen who were meant to protect them. I saw innocent kids being killed by police. During the violence, I only broke down once — when a girl was killed. She was about 12 years old, and she looked like my younger sister. That made me wail like a baby.

How do you take pictures in the face of such violence? Are you concerned about your personal safety?

When I’m taking pictures, I’m not thinking about the person. I’m thinking about lighting, framing, composition. There is so much adrenaline in your body that you’re not thinking about death. You’re not careless — you’re careful while you’re doing your work — but at the same time you realize that you have to do a job. If you’re a news photographer, or any photographer, and you get a chance to cover hard news like war, it’s stimulating and also humbling. It’s every news photographer’s dream to cover war. So at that particular time, I wasn’t really thinking about safety.

Boniface Mwangi Kenya 1

What Boniface Mwangi saw during the post-election violence in Kenya in 2007 led him turn to art and activism. Photo courtesy of Boniface Mwangi

What became of the half a million Kenyans who were displaced?

Some of them have gone back to their homes now, but many are not being welcomed back into the community from which they had been expelled. Even years later, the wounds of conflict have not healed. Some have been resettled, but many more remain displaced. Kenya has 44 million people, and about 42 tribes. Each tribe is unique, so some people ended up in a community where they were essentially foreign — as foreign as if you were to move to a country with a different language, culture and values. How can you go back to a community where your neighbors tried to kill or rape you or your family? There’s still a lot of animosity. The politicians will try and downplay it, but the truth is that tensions still remain.

What did you do in the aftermath of this terrible violence?

Eventually, the two candidates settled on a power-sharing agreement and — when they did they meet — it was over a cup of coffee. I’m serious — one guy had tea, the other guy had orange juice, and Kofi Annan was there as the mediator. They agreed to share the government and to form a government of national unity.

What disturbed me is that I had just come from the midst of the violence and watching the atrocities. It wasn’t just stories I’d heard — I was a witness to the killings. And then I was assigned to go and cover the same politicians doing this. That bothered me. I watched them meet, laugh and get into their motorcades. They were swimming in their trappings of power and pomposity. They moved on and forgot the victims. They forgot that the country went to war because of them.

So I quit my job out of frustration — out of anger and bitterness. I was extremely upset. My wife says that I was a hard man to live with then. I was at the point where my response was, essentially, “How do you bring down the government?” I thought the way to do that was to protest, but it didn’t work out. So I started to organize my friends to confront the violence and killings. We planned for many months to go and heckle the president during a live, nationally broadcast public speech. We would embarrass him, and maybe get his attention. For months we planned, discussed, encouraged each other.

The moment of truth: Boniface Mwangi stands up alone to protest on June 1, 2009. He was arrested, beaten and jailed. Photo courtesy of Boniface Mwangi

The moment of truth: Boniface Mwangi stands up alone to protest the president on June 1, 2009. Photo: Courtesy of Boniface Mwangi

Then the day came. It was June 1, 2009. I went to the stadium where the president was speaking. No one else turned up. I tried calling my friends. One said, “Oh, I have a flight to catch.” Another said,  “I’m washing my clothes.” Some switched off their phones. Others did not take my calls. I found myself all alone. I thought, “Man, will I do this?” It was a scary day. I had left a pregnant wife at home, and went to the stadium not knowing what would happen to me.

Did you worry that you might be hurt or killed for standing up?

Yes.At the very least, I knew I would get arrested. They wouldn’t necessarily shoot me — they would more likely beat me to a pulp so that I’d never walk again or be left brain-dead. That happened to many others. I knew I would get beaten — but to what extent I did not know. But my body was prepared for the beating, that’s for sure.

Sitting there, I knew I had a decision to make. I could easily just choose to sit and do nothing. But on the other hand, I had to be true to my ideals and beliefs. This was not about me — it was about something much bigger. So in the end, I stood up and shouted. It was terrifying. I stood up. They pounced on me, beat me thoroughly and took me to jail.

Did they break anything?

No, and I consider myself very lucky. I had a sprained ankle where they hit me with a baton, but they left their marks on me. They grabbed my private parts. If cops are beating you, this is what you do: you get into the fetal position, tuck in your private parts and protect your head. Those are the things they hit. Ensure that your fundamentals are protected. So that’s what I did. I had learned this as a photographer, watching police beat people.

I spent one night in jail, went to court, and was released on cash bail. Then I had a court case for a whole year. People thought I was nuts. They thought I was crazy.

Boniface Mwangi Kenya 3

Boniface Mwangi was arrested, beaten and jailed for protesting. His court case dragged on for a year. Photograph: Courtesy of Boniface Mwangi

How did you carry on after that day?

The sad thing is that the following day, my wife lost the baby. She had a miscarriage. It wasn’t related to my beating, it was just a complication. It was not easy on me at all. You can never explain what it feels like to lose a baby. You can’t even describe the pain that you go through, though I know for sure that it affected my wife more. But I carried on, trying to survive as a photographer. I shot boring assignments like models and weddings.

It was during this period that my journey as an activist began. I thought, “What now?” And the idea of Picha Mtaani, a street exhibition of my photographs of the post-election violence, was born. One of the reasons the violence had gone unpunished was that many Kenyans had not seen it happening. So with Picha Mtaani I would display my photographs of election violence in public spaces, and tour all over the country so that Kenyan people could see it for themselves.

What was the response?

It was good. People loved it. But in certain places the government denied us approval to hold exhibitions. In other places, politicians hired people to come and demolish the exhibitions. Consequently we had violent disruptions, temporary arrests, pictures being impounded by the police. It was an interesting and fun journey, though. We traveled the country, and preached peace.

Along the way I realized, “We’re talking about peace, but do Kenyans really know how they should vote?” So I have now moved away from preaching peace and turning more to political activism.

What is your message now?

In 2012, in the lead-up to the elections, our message was: “You know why the violence happened? It’s because we voted for bad leaders. We need to vote for different leaders.” Realizing that my photographs were limited in terms of the message they could communicate, I turned to political graffiti as a way of educating Kenyans about bad and good leadership, and encouraging them to value the vote. Peace cannot be achieved when we are unable to vote for leaders who will protect and uphold us.

The art was centered around a character called “the Vulture.” I got a bunch of graffiti artists together to paint murals in the streets of Nairobi showing bad politicians as vultures. The message said: “You don’t have to vote for a Vulture, because these people are Vultures.”

It’s interesting how you made such a radical shift from journalism to art and activism.

It was not deliberate. The shift was compelled by slowly realizing that, as much as I’d like to be normal, I am not normal. I’ve seen things that most people have never seen, and I have a responsibility not to be silent about it.

Mwangi and fellow activists wrote the names of government ministers on pigs in blood to demonstrate  against the greed of Kenya's members of parliament, who were seeking higher salaries. Photo: Boniface Mwangi

Using blood, Mwangi and fellow activists wrote the names of Kenyan members of parliament on pigs to demonstrate against their greed. Photo: Boniface Mwangi

One of your 2013 actions  involved pouring blood on pigs to protest excessive pay for government ministers. It’s quite shocking. Why did you feel the need to do this?

The pigs represented the greed of our members of parliament. They shamelessly wanted to burden taxpayers by increasing their own salaries, and to me, this was akin to sucking our blood. We needed to send a message that would never be forgotten, and I think we did. One of the reasons we need the shock factor is that we do not have a big budget to buy media space, or put up billboards, or run TV commercials. Whatever small amount of money we have, the impact of our message must be amplified.

On the lighter side, you’ve also started an art space called PAWA254. Tell us about that.

PAWA254 is awesome. If you want to invent, you can never invent alone. Before PAWA, there was no place in Nairobi for people like me — patriotic, eccentric, a bit crazy and wanting to do creative stuff. I decided to create a community where people who relate to what I do can actually hang out. “PAWA” is the English word “power” corrupted in Kenyan slang, and 254 is our country code. It stands for unity. It’s now a community made up of filmmakers, graffiti artists, writers, poets, journalists, activists and so on. PAWA254 is a place we call home, and it’s where we meet — an everyday haven where we have a place to support and encourage each other.

How did you get this space without money?

I resigned from The Standard in December of 2008, and PAWA254 opened in late 2011. After quitting my job, I worked as a freelance photographer for international NGOs and newswire agencies. I also owned a photography studio in Nairobi’s central business district.

I sold everything I had — my wife’s car, my two cars, the studio — and I put up the space. Along the way, my friend’s father loaned me $10,000. The Swiss ambassador Jacques Pitteloud loaned us a laptop, and photographer James Quest brought the first chair to the space. In 2012, we attracted different partners whose support has helped us work — and empower creatives. This year, the Swedish embassy — who are our main partners in 2015 — are helping us set up the first public theatre in Nairobi in 30 years. Without these partners, we would have struggled.

But this also means I’ve become a desk guy, always trying to raise funds for our creative programs. I’m the guy who’s always going to meetings, so I do more paper-pushing than real photography. But the result is that we’ve been able to change people’s lives. More than 1,500 artists and other youth have directly benefitted from our free workshops and trainings.

What kind of people come to PAWA?

We have two kinds of people: people who need work space because they have a job, or people who come because they have no other place to go. But when they hang out at PAWA, they learn skills. We give workshops on photography, citizen journalism, videography, graffiti. Through the opportunities we offer, artists learn new skills to become more effective in their genres and earn a living from their productions.  We have made a choice to creatively use art and culture to continue making a contribution toward the struggle for good governance and accountability. At the center of our work is our deep love for our country, Kenya.

A communal workspace at PAWA254, Nairobi's hub for activists and artists. Photo: PAWA254

A communal workspace at PAWA254, Nairobi’s hub for activists and artists. Photo: PAWA254

What’s next for you?

We are working on a film called Defiance. We want to do a story about activism in Kenya from the colonial period to today.

It doesn’t take an extraordinary individual to be an active citizen. You have the right to protest, speak your mind, and stand up for what you believe in. You have a right to raise your voice when you want to. Most people never do that. You see, there’s a feeling in Kenya that you don’t question authority. That’s what we want to challenge with the film.

What about those friends that deserted you in the stadium? Have any of them ever come back to join you in your work?

Along the way, some of them came back, and we formed a community. I think that one act of courage made people believe in what we are trying to do. Of course, the experience left me broken, but I moved on and understood that maybe it was harder for others to stand up.

Someone who is now a very good friend of mine, Shamit, was at home during my lone protest. When he saw it, he said, “The next time this guy stands up, he’ll never be alone.” And it’s true. I’m never alone anymore.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src=";rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>

Watch this video of Boniface Mwangi’s story, which shows many more of his images. Warning: Some are hard to look at. But all are powerful. 

TEDBarack Obama sits down for a StoryCorps interview with a White House mentee


In a new StoryCorps interview, Barack Obama talks to 18-year-old White House mentee Noah McQueen about work, their relationships to their fathers, and teenage mistakes. Photo: Courtesy of StoryCorps

Some people might not take kindly to being called a knucklehead by their boss. Not Noah McQueen. But if your boss were President Barack Obama, you’d probably give him a pass, too.

In a Storycorps interview that aired this morning, President Obama interviewed McQueen, an 18-year-old White House mentee in the My Brother’s Keeper initiative, which celebrates its first anniversary today. The program supports young men of color to succeed through increased access to opportunity.

McQueen, an at-risk youth who spent time in and out of the juvenile system, notes that it was his mother forcing him to attend a Christian retreat that helped him turn his life around.

“So Mama intervened,” joked Obama. “‘Lord, please help my knucklehead son Noah straighten out.'”

The two found common ground in their distant relationships with their fathers, and in the pressure they face as successful men of color.

“Every time we step into the room we have to be on top of our game,” said Noah. “It’s hard to always make the right decision and it’s hard to always be the leader.”

But his president had nothing but confidence in him and his future.

“Stay true to that voice that clearly knows what’s right and what’s wrong,” he said. “I know you are going to do great things.”

StoryCorps was founded by Dave Isay, the winner of the 2015 TED Prize, to provide people of all backgrounds with the opportunity to record and preserve the stories of their lives. On March 17, at the TED2015 conference, watch as Isay shares an audacious wish on behalf of StoryCorps. This session will be livestreamed for free, so tune in starting at 5pm PDT.

Dave Isay, the founder of StoryCorps, edits Barack Obama’s interview with StoryCorps executive producer Michael Garofalo.  Photo: Amy S. Choi

Dave Isay, the founder of StoryCorps, edits Barack Obama’s interview with StoryCorps executive producer Michael Garofalo. Photo: Amy S. Choi

TED12 tips for hosting a TED Live party

A new venue for TED Conferences: your living room. You can watch TED's full sessions live or after the fact. Friends invited.

A new venue for TED Conferences: your living room. You can watch TED2015 sessions live or after. With friends.

Ideas are best when shared in good company. So invite the gang, grab some popcorn and enjoy TED2015 via TED Live, our high-definition webstream that beams the TED Conference, either in the moment or after the fact, into your living room, office or classroom. The on-demand conference, to watch anytime, costs $100, or you can watch it live for $500 (which also gives you access to the on-demand archives). And so: it is party time.

We’ve gathered 12 tips for throwing a TED Live party that your guests won’t stop buzzing about.

  1. If you are bringing together people who might not know each other, take inspiration from our conference and make name badges for your guests. Help break the ice by including a section that reads: “Talk to me about …’ and have each person share three things they love to discuss — whether it’s funk music, ancient Greece, or varieties of dark chocolate.
  2. Make it a dinner party and ask each guest to bring a dish inspired by a speaker or session in the TED2015: Truth and Dare program.
  3. Talks aren’t just for the speakers we’ve chosen for the stage. Ask a few of your guests ahead of time if they’d like to give a short talk on an idea they’re passionate about. Or, if you think your guests are up for it, assign a topic on the spot for an improv talk.
  4. Ideas worth sharing often come in books worth swapping. Ask each guest to bring a book to the party that represents an idea they want to share with others, and plan a book swap.
  5. For the TED superfan, make TED Talk bingo cards for things you know are bound to come up during the session. (You can cheat and consult the speaker lineup.) Might we suggest a child prodigy? an unbelievable demo? a dramatic hand gesture?
  6. In between sessions, play a little TED Trivia. (Have a few prizes on hand.)
  7. Talks spark curiosity. So go around in a circle after a few sessions and ask each person to pose a question to the group about a speaker they found intriguing. If your event is large, break up into smaller circles and encourage folks to strike out on their own instead of clumping with friends. The more varied the expertise of the people talking, the cooler the conversation will be.
  8. Play charades, TED-style. During sessions, ask your guests to write down interesting, amusing or surprising words and phrases on slips of paper. At the break, put them all in a bag. Break into teams and watch as your guests try to act out phrases like “astrobiologist” and “surf photography.”
  9. Or play some good old-fashioned Truth and Dare, to honor this year’s conference theme. Ask your guests to write down a truth and a dare on a slip of paper and put them into a bag. During a session break, ask people, one by one, to pull a slip. The catch: no skips — if you’re at the party, you have to pick one!
  10. The TED Conference is about discovery. So have each guest make a playlist to swap that features artists and bands they think others should know about. Bonus if these songs address an issue they care about, or tie into a theme at the conference.
  11. Give your guests notepads when they arrive and, during the talks, encourage them to express a speaker’s ideas via doodles. (If you have a whiteboard at your disposal, even better.) Stick figures are highly encouraged. Perhaps a prize for the most moving sketch?
  12. Or have your guests cook up some cool ideas in the moment. Hit the grocery store for some basic ingredients for a meal, and arrange them into a few different mystery packs. After you watch TED, split your guests into teams and ask them to — with a ticking clock — cook up a snack or dish based on a talk. For example: A talk on artificial intelligence could inspire a dish that a robot might want to eat for dinner. For Stephen Pyne’s talk on fire, perhaps party guests can experiment with extra spice? (Be ready to order pizza.)

You and your guests can join the conversation on social media using the #TED2015 hashtag. Share favorite quotes, ideas and reactions with other TED Live viewers and conference attendees — and read out great things they see others sharing.

<iframe allowfullscreen="true" class="youtube-player" frameborder="0" height="360" src=";rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent" type="text/html" width="586"></iframe>


TEDAbraham Lincoln’s pocket watch, a musical trip down the Nile, plus a tasty menu á la TED


As usual, the TED community has been very busy over the past week. Below, a few newsy highlights.

Overlooked treasures. A bed, a watch, a shoe: all mundane items unappreciated in the moment. But through history’s eyes, they gain new meaning. In this beautiful “Portraits in Creativity” documentary, Maira Kalman talks about curating the exhibit “Maira Kalman Selects” for the Cooper Hewitt, Smithsonian Design Museum. It chronicles “the memories, dreams and reflections” of people through objects like a 100-year-old French army cot and Abraham Lincoln’s pocket watch. And each object is accompanied by a whimsical painted rendition by the artist. (Watch Maira’s TED Talk, “The illustrated woman,” and read our coverage of the new Cooper Hewitt, Smithsonian.)

A magazine makeover. With a 119-year history and a weekend readership of more than 4 million, The New York Times Magazine has launched a new and improved version. The alterations are meant to create “a new spirit of inquiry that is both subversive and sincere.” The magazine created a new suite of typefaces and an updated logo, both designed by Matthew Carter. (Watch his TED Talk, “My life in typefaces.”) Readers can look forward to rebooted columns, including regular entries from Michael Pollan on telling words and phrases (watch Michael’s talk, “A plant’s eye view”) and Adam Davidson on money (watch Adam’s talk, “What we learned from teetering on the fiscal cliff.”) Instrumental in the redesign is photo editor Stacey Baker, who’ll speak next month at TED2015.

A swing against racism. Serena Williams is returning to the courts of Indian Wells, California, where she won her first professional tennis match in 1997. She had vowed never to play there again, after a 2001 victory was clouded by racism. “As I walked out onto the court, the crowd immediately started jeering and booing,” she writes in Time magazine. “The under­current of racism was painful.” For her return, Williams is partnering with Bryan Stevenson’s Equal Justice Initiative to combat racial inequality head-on. She is asking fans to donate $10 to the organization for a chance to hang out with her at the courts and “shine on a much greater light on the work of the EJI.” (Watch Bryan Stevenson’s TED Talk, “We need to talk about an injustice.”)


Rolling down the river. The Nile, the longest river in the world, runs through 11 countries, each one with its own vibrant cultures and languages. The Nile Project connects them through music. This project, from TED Fellow Meklit Hadero and ethnomusicologist Mina Girgis, is launching its first North American tour. The band features musicians who sing in 10 languages and play instruments like the Ethiopian masenko, the Egyptian ney and the Rwandan inanga. In an explosive celebration of African culture, they hope to highlight the true diversity of Africa. “It’s an excursion down the river,” Girgis tells the New York Daily News, “like meeting all the people on this river and they’re all playing together somehow.” (Read about Meklit’s music.)

Fighting extremism with comics. Element Zero, a comic book secret agent, fights extremism with colorful POW!s and BOOM!s that leap off the page. Last week, CNN took a look at the character’s creator, TED Fellow Suleiman Bakhit, and how he uses art and imagination to counter terrorism. “The biggest threat we face in the Middle East is terrorism disguised as heroism,” he says in the clip. “They pitch their extremist ideology as a hero journey, providing youth with a sense of purpose.” By creating heroes who define themselves through acts of service and hope, Bakhit gives children an alternative narrative. (Read about Suleiman’s work.)

TED Talk du jour. Why not treat yourself to some wholesome comfort food with a side of TED Talks to wash it down? Ozimi, a vegetarian restaurant in Lausanne, Switzerland, is doing just that. Each week, it publishes a daily menu and pairs it with a list of TED Talks “à déguster sans retenue,” or, “ to enjoy without restraint.” This just might hit the spot.

Have a news item to share? Write us at and you may see it included in this weekly round-up.

TED{A satirical TED Talk, inspired by Dostoevsky and given by a 10-year-old}

In "The Thought Leader" by Liz Magic Laser, 10-year-old Alex Ammerman gives a TED Talk that ponders the "dark chasm of meaninglessness." Photo: Courtesy of Liz Magic Laser

In “The Thought Leader,” a satire created by artist Liz Magic Laser, 10-year-old Alex Ammerman gives a TED Talk that ponders the “dark chasm of meaninglessness.” And he does it perfectly. Photo: Courtesy of Various Small Fires, Los Angeles

On the surface, the talk is “TED-like”: the round red carpet, the well-rehearsed speaker, the shadowy audience, the headset mic.

But quickly, discordant elements begin to register: the strange parenthetical markings on the floor, the inappropriate audience responses, the fact that the speaker himself is a 10-year-old boy.

Welcome to “The Thought Leader,” a satire on media spectacle and mindless optimism created by artist Liz Magic Laser for her solo exhibition at the Los Angeles gallery Various Small Fires. In “The Thought Leader,” Laser plays with the impact of delivering a bleak message in the TED Talk format.

See, in watching talks, Laser noticed a theme — a certain optimism about how an individual’s work could benefit the greater good. This reminded her of the 19th-century concept of “enlightened self-interest,” and the muse led her to Fyodor Dostoevsky’s Notes From Underground, his response to the concept, considered by many to be the first existentialist novel. “It provided an uncomfortable and revealing counterpoint,” Laser says. “More than a 150 years later, Dostoevsky’s nihilistic critique still holds water.”

For the star of her talk, Laser cast a child actor, Alex Ammerman, to subvert notions of children as a “symbol of hope and change.” Ammerman flawlessly mirrors gestures of stereotypical TED speakers as he delivers his opening lines, which Laser derived from a David Foster Wallace essay: “I am a sick man, I am a spiteful man. Are you a good person? Deep down, do you even really want to be a good person?”

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="" title=""The Thought Leader", Liz Magic Laser WITH actor Alex Ammerman" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

So how did a bright-eyed, dimpled 10-year-old come to grasp the gloom of his monologue? “We had some challenging conversations early on,” says Laser. “But as we worked together, Alex came to an understanding of the ideas at hand.” It’s true — his delivery of Dostoevsky’s bleakest ideas is both knowing and spot-on.

To film this mock-talk, Laser invited actors, friends and former students to gather in a theater in Kickstarter’s Brooklyn office. The atmosphere was festive at first, but after five numbing hours of shooting, the audience settled into palpable boredom. Despite the faithful echo of TED camerawork by cinematographers Chris Heinrich and Tom Richmond, the long dolly shots over rows of impassive faces only enhance “The Thought Leader’s” sinister aura.

Then there’s the editing. Laser removes audience reactions from their contexts, re-inserting their laughter and silence in inappropriate places, and creating “a representation of public apathy that is aggressive rather than passive,” as she puts it. Overall, it creates an atmosphere of menace.

But perhaps the most mysterious element of “The Thought Leader” is the enigmatic parentheses painted on the carpet — the focus of the opening and closing shots of the video. In part, they mirror the last line of Ammerman’s talk: “Perhaps I’m only imagining an audience in order to feel more dignified as I stand here in parenthesis.” It’s also a comment on the diminished, secondary nature of the individual standing in a forum before an indifferent and hostile audience. It adds a bleak veneer.

The Los Angeles Times’ review of Laser’s show reads, “[TED Talks] are meant to motivate and inspire. Speakers don’t typically ponder ‘the dark chasm of meaninglessness.’” And while this reflects a common misconception of TED Talks — they are meant to share ideas both hopeful and challenging — “The Thought Leader” reminds viewers that critical thinking is very much an idea worth spreading.

PS: If you are looking for a few TED Talks that do in fact ponder ‘the dark chasm of meaninglessness,’ may we suggest:

<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="" webkitallowfullscreen="webkitAllowFullScreen" width="585"></iframe>
<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="" webkitallowfullscreen="webkitAllowFullScreen" width="439"></iframe>
<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="" webkitallowfullscreen="webkitAllowFullScreen" width="439"></iframe>
<iframe allowfullscreen="allowFullScreen" frameborder="0" height="329" mozallowfullscreen="mozallowfullscreen" scrolling="no" src="" webkitallowfullscreen="webkitAllowFullScreen" width="585"></iframe>

TEDBooks to get you ready for TED2015

T15_index_r2Counting the days ’til TED2015? Yeah: we are, too. Before the conference begins on March 16, dive into a great book written by one of our speakers.

Books from speakers in Session 1, “Opening Gambit”

National Insecurity: American Leadership in an Age of Fear, by David Rothkopf. The foreign policy specialist examines the way U.S. leaders have coped with our unprecedented state of vulnerability, threat and crisis.

Marina Abramovic: 512 Hours, by Marina Abramovic. A catalogue of works from throughout the legendary performance artist’s career.

Books from speakers in Session 2, “What Are We Thinking?”

Struck by Genius: How a Brain Injury Made Me a Mathematical Marvel, by Jason Padgett. Ever since a violent mugging, Padgett has seen the world in a completely new way. In this book, he explains how his brain injury gave him an unusual perspective.

Automotive Lighting and Human Vision, by Donald D. Hoffman et al. A textbook survey of the fundamentals of visual perception.

Incognito: The Secret Lives of the Brain, by David Eagleman. The neuroscientist takes us into the far reaches of the subconscious brain.

Books from speakers in Session 3, “Machines That Learn”

Superintelligence: Paths, Dangers, Strategies, by Nick Bostrom. The philosopher parses the weighty issue of what it will mean when machines’ intelligence exceeds our own, and whether the force of this “superintelligence” will be beyond our control.

Books from speakers in Session 4, “Out of This World”

Exoplanet Atmospheres: Physical Processes, by Sara Seager. In this textbook, the astrophysicist lays out the common properties of all planetary atmospheres, focusing on “exoplanets” — that is, planets that don’t orbit our sun.

Lakes on Mars, edited by Nathalie Cabrol. In this volume, Cabrol and her co-editor, Edmond Grin, examine what we can learn about Mars’ history, present and possible future by studying its bodies of water.

How We’ll Live on Mars, by Stephen Petranek. You won’t be able to pick up this TED Book until after the conference (mark your calendar, it comes out in July), but in it, Petranek argues that our future residency on Mars is inevitable, and will come sooner than we might think.


Books from speakers in Session 5, “Life Stories”

The True American: Murder and Mercy in Texas, by Anand Giridharadas. In this stirring work of nonfiction, journalist Giridharadas focuses on two lives that intertwine — a Bangladeshi immigrant to the United States who went on a quest to save his near-killer, an American, from death row.

Let IT Go, by Dame Stephanie Shirley with Richard Askwith. In this memoir, Shirley — an entrepreneur and philanthropist — tells her story, from arriving in England via Kindertransport to creating an incredibly successful software company staffed almost entirely with women.

Virtually Human: The Promise—and the Peril—of Digital Immortality, by Martine Rothblatt. A fascinating examination of the ethical issues related to digital lifeforms.

Ties That Bind: Stories of Love and Gratitude from the First Ten Years of StoryCorps, by Dave Isay. A compilation from the founder of the oral history project StoryCorps, who happens to be our 2015 TED Prize winner. It curates stories from the project that capture the depth and beauty of human relationships.

Books from speakers in Session 6, “Genes, Bugs, Animals, Us”

Tomorrow’s Table: Organic Farming, Genetics, and the Future of Food, by Pamela Ronald and Raoul Adamchak. Plant researcher Ronald and her coauthor, an organic farmer, argue that a combination of genetic engineering and organic farming is the key to sustainable agriculture.

Superbug: The Fatal Menace of MRSA, by Maryn McKenna. The public health journalist examines how antibiotic-resistant staph infections spread — and the danger they pose.

The Emperor of All Maladies: A Biography of Cancer, by Siddhartha Mukherjee. This Pulitzer Prize-winning book chronicles cancer’s history over the course of 4,000 years.

Drawing the Line: Science and the Case for Animal Rights, by Stephen Wise. The animal rights lawyer examines what level of cognitive development in animals should allow them to be treated as people under the law.

Books from speakers in Session 7, “Creative Ignition”

The Book of Trees: Visualizing Branches of Knowledge, by Manuel Lima. The tree diagram — showing relations between branches of knowledge, forms of life, even languages development — dates back to the 12th century. In this book, a data visualization researcher examines its history.

Books from speakers in Session 8, “Pop-Up Magazine”

A Kim Jong-II Production: The Extraordinary True Story of a Kidnapped Filmmaker, His Star Actress, and a Young Dictator’s Rise to Power, by Paul Fischer. Classified as a “nonfiction thriller,” this book tells the story of Kim Jong-II’s kidnapping of a South Korean actress and her director husband, whom he then forced to make films.

Anything That Moves: Renegade Chefs, Fearless Eaters, and the Making of a New American Food Culture, by Dana Goodyear. Through narrative and analysis, the New Yorker writer examines contemporary American cuisine.

Without You, There Is No Us: My Time with the Sons of North Korea’s Elite, by Suki Kim. In this investigative memoir, Kim describes teaching English to the sons of North Korea’s ruling class under Kim Jong-Il.

Hidden Kitchens: Stories, Recipes, and More from NPR’s The Kitchen Sisters, by Nikki Silva and Davia Nelson. Silva and Nelson, a radio production duo known as The Kitchen Sisters, share stories from the radio series and their listeners.

Powering the Dream: The History and Promise of Green Technology, by Alexis Madrigal. Madrigal investigates the technological experimentation that has paved the way for a green future.

NeuroTribes: The Legacy of Autism and the Future of Neurodiversity, by Steve Silberman. In his forthcoming book, Silberman presents findings from early autism research that will require a complete rethinking of the history of autism.

Songbook, by Alec Soth. A compendium of the photographer’s depictions of life across the United States.


Books from speakers in Session 9, “Just and Unjust”

The Locust Effect: Why the End of Poverty Requires the End of Violence, by Gary Haugen. The human rights attorney examines the everyday violence that plagues impoverished communities and undermines anti-poverty efforts.

Books from speakers in Session 10, “Building from Scratch”

Fire: Nature and Culture, by Stephen Pyne. A history of humans’ use of fire, charting how the ability to control fire has given us the power to reshape the world for our own benefit, and been the source of disasters that have leveled cities and defined cultures.

The Knowledge: How to Rebuild Our World from Scratch, by Lewis Dartnell. A thought experiment about how to start over in a post-apocalyptic world, this book explains the fundamentals of how our modern technologies work.

Books from speakers in Session 11, “Passion and Consequence”

Distant Shores: Surfing the Ends of the Earth, by Chris Burkard. A showcase of the surf photographer’s work, which features ice just as prominently as it does sunshine.

Hussein Chalayan: From Fashion and Back, by Hussein Chalayan. A monograph of the fashion designer’s work, including catwalk and studio photography, as well as film stills.

Mating in Captivity: Unlocking Erotic Intelligence, by Esther Perel. The relationship therapist examines what it takes to infuse domestic life with sexual desire. Watch her powerful TED Talk on the subject.

Books from speakers in Session 12, “Endgame”

Full Circle: My Life And Journey, by Ellen MacArthur. In this memoir, published just as MacArthur retired from sailing, tells the story of her career — including what it was like to circumnavigate the world on her own, spending 71 days alone at sea.

On the Run: Fugitive Life in an American City, by Alice Goffman. Goffman, a sociologist, lived side-by-side with a group of young African-American men in a distressed community in Philadelphia for six years. In this book, she chronicles the forces that marginalize entire communities.

How to Be Black, by Baratunde Thurston. This memoir and satirical self-help book is an incisive commentary on American racism.

TED2015 will be held March 16 to 20 in Vancouver, Canada. Stay tuned to the TED Blog for live coverage and behind-the-scenes surprises. Want to watch along at home? TED Live brings the conference experience into your living room, office or classroom. Find out more »

LongNowThe Near and Far Future of Libraries


The Near and Far Future of Libraries“, an article in the new publication “Hopes & Fears”, includes an interview with Long Now’s Dr. Laura Welcher on the dangers of the “digital dark age”.

Laura Welcher is Director of the Rosetta Project, The Long Now Foundation’s language-preservation effort that explores storage mediums that will last thousands of years.



Planet DebianCarl Chenet: Backup Checker 1.2 : verify remote backups

Follow me on  or Twitter  or Diaspora*diaspora-banner

Backup Checker is a command line software developed in Python 3.4, allowing users to verify the integrity of archives (tar,gz,bz2,lzma,zip,tree of files) and the state of the files inside an archive in order to find corruptions or intentional of accidental changes of states or removal of files inside an archive.

The major feature of this new version is the ability of Backup Checker to use Unix streams. Using classic Unix tools like OpenSSH or wget, Backup Check is able to verify a remote tar.{gz,bz2,xz} archive. The following example verifies a tar.gz archive located on remote server through SSH:

$ ssh -q server "cat /tmp/backup.tar.gz" | ./ -c . -

Another short example with the FTP protocol, to verify a tar.bz2 archive located on a remote server through FTP:

$ wget --quiet -O - ftp://user:pass@server/backup.tar.gz | ./ -c . -

Moreover in this release, a new option –configuration-name allows the user to define a custome name for the files generated by Backup Checker (default is defined from the name of the archive using the -g or -G options).

It is a major step for Backup Checker. It is indeed easier and easier to use Backup Checker in your own scripts, allowing to fully automate your backup controls.

Several companies now use Backup Checker to secure their backups. Let us know if we can help you.

As usual, any feedback is welcome, through bug reports, emails of the author or comments on this blog.

Planet DebianJonathan Dowland: Debian and Docker

I've been playing around with Debian and Docker a little bit. I found Joey Hess' post about Docker trust interesting reading, in particular this advice:

I'd recommend only trusting docker images you build yourself. I have some docker images published somewhere that are built with 100% straight debootstrap with no modifications (...) But I'm not going to link to them, because again, you should only trust docker images you built yourself.

On that advice, I did exactly that. I've pushed the basic scripts I used to build my images to github:jmtd/debian-docker. Suggestions welcome!

However, I am planning to share the images I build, at least for my own convenience, on the Docker repository. I'm hoping to publish some PGP-signed sums somewhere so you could verify the binary images on the Docker registry if you so wish.

The three images I'm currently maintaining are:

  • jmtd/debian:buildd: a sid image, variant buildd, to use as the base for package builds
  • jmtd/debian:wheezy: a minbase wheezy
  • jmtd/debian:wheezy-i386: a minbase wheezy, i386

(note: I haven't pushed them all yet.)

With docker 1.5.x at least, the i386 image works fine on amd64 hosts. I've used it as the basis for running wine and Windows binaries. I might push a wine image if I generalise it enough to be more useful.

The Docker folks recommend using Debian as a base image because it's a small size (approx. 163M for my base image, 85.01M for the semi-official one: See Joey's blog for some of the differences) but with a good set of tools. I wondered whether I could leverage the efforts of the Emdebian project to get an even smaller base image.

Unfortunately, the Emdebian project discontinued their 'Grip' project midway through last year. A basic Emdebian grip install is a fair bit smaller than the equivalent wheezy image, but once you've applied security updates most of the difference is lost. I suspect that some of Emdebian's minimisation techniques would be useful and applicable for shrinking Docker base images.

Planet DebianZlatan Todorić: Debian priglavci

Mom and Debian is an awesome combination. :)

Debian pape

Planet DebianWouter Verhelst: NBD 3.9

I just released NBD 3.9

When generating the changelog, I noticed that 3.8 happened two weeks shy of a year ago, which is far too long. As a result, the new release has many new features:

  • AF_UNIX support
  • New "treefiles" mode, which exports a gazillion of page-sized files; useful for exporting things which are stored on an SSHFS or amazon AWS (trough FUSE) or similar, where every write causes an upload to the backend storage
  • New "cowdir" option, allowing to specify where copy-on-write files are written.
  • Minor changes so that nbd-client can now also be compiled for the Android platform. This required removal of the -swap command line option, which requires the mlockall() system call, unavailable on Android.
  • Protocol update: a reserved bit is used to avoid sending the 124 bytes of useless data at the beginning of the negotiation. The change is implemented so that things will still work with clients not supporting this option, however.
  • gznbd is now built by the same build system, rather than a separate one. Note however that gznbd is still unmaintained; it should be considered a "contrib" feature.
  • "nbd-server -V" will now output the nbd-server version number.
  • Fixed test suite on non-GNU getopt() implementations
  • Various fixes found through Coverity and the clang static analyzer, and lots of other minor things too small to mention here.

Get it at the usual place.

Rondam RamblingsA libertarian data point

We don't have to wonder what life would be like if the Ayn Rand faction of the American TEA party has its way.  They are doing that experiment in Honduras.  The results, unsurprisingly, are not pretty: [T]he police ride around in pickup trucks with machine guns, but they aren’t there to protect most people. They are scary to locals and travelers alike. For individual protection there’s an

Planet DebianDebConf team: Inviting speakers to DebConf15 (Posted by René Mayorga)

Last year for the DebConf edition that took place in Portland, we had some invited speakers that helped bring a different point of view to the matters discussed during the conference. This year we would like to do this again.

If you would like to suggest inviting someone that would not regularly attend DebConf, the DebConf Content Team encourages you to do that now. We will stop accepting new suggestions on 10 March 2015.

You can follow the simple procedure described on the Inviting Speakers page in the DebConf’s Wiki

Please keep in mind that we don’t promise to bring to Heidelberg everyone that is suggested. The final list of invited speakers will depend on the speakers’ availability and our limited budget.

Planet DebianMichal Čihař: Gammu 1.35.0

Gammu 1.35.0 has been just released. This is just bugfix release to fix some major issues introduced in 1.34.0.

Full list of changes:

  • Fixed encoding of UTF-8 for higher code points.
  • Improved provided udev rules.
  • Fixed possible lock while getting network status in SMSD.
  • Various localization updates.

You can download it from

I will not make any promises for future releases (if there will be any) as the tool is not really in active development.

Filed under: English Gammu Wammu | 0 comments | Flattr this!

Sociological ImagesWhy Don’t Men Kick Each Other in the Balls?

In Greco-Roman wrestling, boxing, and mixed martial arts, there is a rule that you never hit “below the belt.” The area of biggest concern is the testicles. As the Ultimate Fighting Championship rules specify, “groin attacks of any kind” are a foul. This is probably because groin attacks might make for short fights or ones where everyone just goes around protecting their balls. In any case, the skills being tested are of a different kind. But, even aside from that, this seems like a good idea and very civilized. I do not advocate for testicle kicking, not groin attacks of any kind, for what it’s worth.

I do think it’s somewhat odd, though, that men who fight each other outside of controlled conditions—men in street fights, bar brawls, and parking lot scuffles—also usually avoid hitting below the belt. These fights aren’t about training or skill, like those between professional athletes, they’re real attempts to do some damage out of anger or defensiveness. So, why no hits to the balls?

The question was posed by a woman on Yahoo! Answers: “If you dislike each other enough to want them to get hurt,” she asked, “why not do the worst?”

The answers, admittedly unscientific, were interesting. One of the common responses involved the idea that not hitting below the belt was “an unspoken rule.” Maybe it’s the Golden Rule—do onto others as you would have them do unto you—and some men mentioned that, but others suggested that it was a rule specific to manhood. It’s a “cheap shot,” said one. A “low blow,” said another.

But why? Why do men agree not to kick each other in the balls? Why is that part of the code?

I think it’s because it serves to protect men’s egos as well as men’s balls.

What would street fights between guys look like—or professional fights for that matter—if one could go below the belt? For one, there’d be a lot more collapsing. Two, a lot more writhing in pain. Three, a lot less getting up. All in all, it would add up to less time looking powerful and more time looking pitiful. And it would send a clear message that men’s bodies are vulnerable.

Chris Tuchscherer not having been just hit in the balls:


Chris Tuchscherer having been just hit in the balls:


Not hitting below the belt, then, protects the idea that men’s bodies are fighting machines. It protects masculinity, the very idea that men are big and strong, pain- and impact-resistant, impenetrable like an edifice. So not hitting below the belt doesn’t just protect individual men from pain, it protects our ideas about masculinity.

When a man hits below the belt, he is revealing to everyone present that masculinity is a fiction. That’s why one guy said: “For ‘alpha male’ fights, nut shots are just wrong.” Alpha male fights are about figuring out which male is alpha, while preserving the idea that the alpha male is a thing that matters.

This is why men are quick to criticize other men who break the code. One of the best ways to control men is to threaten to kick them out of the man club. “If a guy kicks another guy in the balls on purpose during a fight,” one replied to the question on Yahoo, “he will forever be banished from manhood.” Another said: “Winning like this means that you cannot beat up the other guy by ‘real’ fighting.” It’s a matter of one’s own reputation: “A man who kicks another man in the balls,” said a third, “immediately loses all manliness and respect.”

So, men generally agree to pretend that the balls just aren’t there. The effect is that we tend to forget just how vulnerable men are to the right attack and continue to think of women as naturally more fragile.

I still don’t want anyone to get kicked in the balls, though, just to be clear.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

CryptogramThe Democratization of Cyberattack

The thing about infrastructure is that everyone uses it. If it's secure, it's secure for everyone. And if it's insecure, it's insecure for everyone. This forces some hard policy choices.

When I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA's program for what is called packet injection--basically, a technology that allows the agency to hack into computers.

Turns out, though, that the NSA was not alone in its use of this technology. The Chinese government uses packet injection to attack computers. The cyberweapons manufacturer Hacking Team sells packet injection technology to any government willing to pay for it. Criminals use it. And there are hacker tools that give the capability to individuals as well.

All of these existed before I wrote about QUANTUM. By using its knowledge to attack others rather than to build up the internet's defenses, the NSA has worked to ensure that anyone can use packet injection to hack into computers.

This isn't the only example of once-top-secret US government attack capabilities being used against US government interests. StingRay is a particular brand of IMSI catcher, and is used to intercept cell phone calls and metadata. This technology was once the FBI's secret, but not anymore. There are dozens of these devices scattered around Washington, DC, as well as the rest of the country, run by who-knows-what government or organization. By accepting the vulnerabilities in these devices so the FBI can use them to solve crimes, we necessarily allow foreign governments and criminals to use them against us.

Similarly, vulnerabilities in phone switches--SS7 switches, for those who like jargon--have been long used by the NSA to locate cell phones. This same technology is sold by the US company Verint and the UK company Cobham to third-world governments, and hackers have demonstrated the same capabilities at conferences. An eavesdropping capability that was built into phone switches to enable lawful intercepts was used by still-unidentified unlawful intercepters in Greece between 2004 and 2005.

These are the stories you need to keep in mind when thinking about proposals to ensure that all communications systems can be eavesdropped on by government. Both the FBI's James Comey and UK Prime Minister David Cameron recently proposed limiting secure cryptography in favor of cryptography they can have access to.

But here's the problem: technological capabilities cannot distinguish based on morality, nationality, or legality; if the US government is able to use a backdoor in a communications system to spy on its enemies, the Chinese government can use the same backdoor to spy on its dissidents.

Even worse, modern computer technology is inherently democratizing. Today's NSA secrets become tomorrow's PhD theses and the next day's hacker tools. As long as we're all using the same computers, phones, social networking platforms, and computer networks, a vulnerability that allows us to spy also allows us to be spied upon.

We can't choose a world where the US gets to spy but China doesn't, or even a world where governments get to spy and criminals don't. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It's security or surveillance.

As long as criminals are breaking into corporate networks and stealing our data, as long as totalitarian governments are spying on their citizens, as long as cyberterrorism and cyberwar remain a threat, and as long as the beneficial uses of computer technology outweighs the harmful uses, we have to choose security. Anything else is just too dangerous.

This essay previously appeared on Vice Motherboard.

Worse Than FailureCodeSOD: Polish Elections

Far away across the Atlantic, in the mythical land of Eastern Europe, where the sun don't shine and wild beasts roam the roads, lies a little country called Poland. Known in the world for its cheap manual labor and fondness for strong alcohol, it has for years been the butt of every national joke in almost all parts of the globe. But people here (or at least those who haven't run away yet) have been working hard to combat those pesky Eastern Bloc stereotypes, and as such, the country has in recent years seen a lot of social and technological progress. That last one, of course, comes with one notable exception: the government sector.

2010 Poland elections round 2 ballot box

Obviously, most countries' governments have a love-hate relationship with technology- but the Polish government invariably tends to be special. Between national-level exams being leaked by putting them in an unprotected folder with directory listing turned on, and the Social Insurance department buying 130,000 floppy disks in the year 2008, our government's technological proficiency has us ranking slightly below Elbonia. And so, when it was announced that the next local elections would be far more computerized than any of the previous ones, everyone trembled in fear.

The election day came and passed. At that point, everything was still done using pen and paper, so nothing had a chance to break. But soon after, the Polish Electoral Commission announced that the election results might be "slightly delayed". At the same time, someone in one of the local commissions with access to the software used in vote processing noticed an odd .pdb file with debugger symbols in the program folder. Being a good citizen, they immediately took a decompiler, restored the source code in full, and put it on GitHub for everyone to see.

Now, the following part might not be for the faint of heart. Here's one of the most notable source files from that GitHub repository.

This particular piece of code had one simple task: taking XML files with election results and generating an HTML file with an official election protocol. There are many ways to approach that task. The more clever people would probably go for an XSL transformation. The slightly less clever ones would use an HTML template and fill it with data. This code, however, does not try to be clever. It aims to keep things simple, using an old and trusted way to achieve its goal:

this.header = "<!DOCTYPE HTML><html><head><meta charset='UTF-8'><title></title><link rel='stylesheet' type='text/css' href='" + System.IO.Path.GetDirectoryName(Application.StartupPath) + "\\tmp\\printTmp\\css\\styl.css'>”;

And it’s all downhill from there. Down a very rocky hill, full of cliffs and jagged edges, whose exact shape can be seen by scrolling down the GitHub page. After just a bit of introductory code comes the getProtocol method- a massive, 2000-line behemoth full of foreaches, ifs, and elses iterating over the XML document and nested so deeply that some lines simply fail to fit on the screen.

Other WTFs include, but aren’t limited to:

  • standing on the shoulders of giants by porting good old On Error Resume Next in the form of catch (System.Exception) {}
  • taking the lesson from 90’s web designers with response += "<br><br><br><br><br><br><br>”;
  • taking StringBuilders to be too 2000’s and using good old performance-murdering string concatenation
  • trying to create a directory and, if it doesn’t exist, catching all sorts of exceptions that can occur in the process, showing a warning to the user, then writing to the nonexistent directory anyway
  • fixing up broken CSS by adding a script to the page that sets up magic number margins after the page is loaded

After that leak, the news a few days later that the results will be delayed even further came as no surprise to anyone even remotely tech-savvy. Oh, and the part of the code that failed? The protocol printing module, a.k.a. today’s Exhibit A.

<style>code { font-family: Consolas, monospace; } ul { list-style: disc inside none; margin-left: 1.5em; }</style>
[Advertisement] Release! is a light card game about software and the people who make it. Play with 2-5 people, or up to 10 with two copies - only $9.95 shipped!

Krebs on SecurityNatural Grocers Investigating Card Breach

Sources in the financial industry tell KrebsOnSecurity they have traced a pattern of fraud on customer credit and debit cards suggesting that hackers have tapped into cash registers at Natural Grocers locations across the country. The grocery chain says it is investigating “a potential data security incident involving an unauthorized intrusion targeting limited customer payment card data.”

ngrocerIn response to questions from KrebsOnSecurity about a possible security breach, Lakewood, Colo. based Natural Grocers by Vitamin Cottage Inc. said it has hired a third-party data forensics firm, and that law enforcement is investigating the matter.

Natural Grocers emphasized that it “has received no reports of any fraudulent use of payment cards from any customer, credit card brand or financial institution.”

“In addition, there is no evidence that PIN numbers or card verification codes were accessed,” the company’s statement continued. “Finally, no personally identifiable information, such as names, addresses or Social Security numbers, was involved, as the company does not collect that data as part of its payment processing system.”

Perhaps they aren’t reporting the fraud to Natural Grocer, but banking sources have told this author about a pattern of card fraud indicating cards stolen from the retailer are already on sale in the cybercrime underground.

According to a source with inside knowledge of the breach, the attackers broke in just before Christmas 2014, by attacking weaknesses in the company’s database servers. From there, the attackers moved laterally with Natural Grocers’ internal network, eventually planting card-snooping malware on point-of-sale systems.

Natural Grocers said that while its investigation is ongoing, the company has accelerated plans to upgrade the point-of-sale system in all of its store locations with a new PCI-compliant system that provides point-to-point encryption and new PIN pads that accept secure “chip and PIN” cards.

“These upgrades provide multiple layers of protection for cardholder data,” Natural Grocer’s emailed statement concludes. “The company is in the process of installing this new system at all 93 Natural Grocers stores in 15 states. The company takes data security very seriously and is committed to protecting its customers’ information. This is all the information the company is able to provide at this time, as the investigation into the incident is ongoing.”

Geek FeminismCreating just online social spaces

Aria Stewart is a programmer living in Boston working on open source, Unschooler, former owner of an Internet service provider in Colorado, a hiker, lover of science fiction, and studies networks (both social and computer) online interaction and social structures as a matter of habit.

The last two months have seen two Slack chats start to support marginalized groups in the technology field, LGBTQ* Technology and Women in Technology, and we’ve had a lot of discussions about how to run the spaces effectively, not just being a place for those who it says on the tin, but to support, encourage and not be terrible to people who are marginalized in other ways than the one the particular group is trying to represent.

This is a sort of how-to guide for creating a social Slack that is inclusive and just, and a lot of of this will apply to other styles and mediums for interaction.

The problem begins thus: How do you keep a Slack started by a white gay cisgender man from reflecting only that as a core group? How do you keep a women in technology chat from being run entirely by white women of (relative) affluence afforded by tech industry positions, leaving women of color, trans women, people with disabilities out in the cold?

Making just social spaces is not a one time structural setup, though things like a good Code of Conduct is an important starting place, and there are difficult balances to strike.

Make sure there is sufficient representation. Social spaces grow from their seed members, and as it’s been studied, people’s social networks tend to be racially and genderwise insular; White members beget more white members; men bring more men, especially in technology as we’ve found. If a space is insufficiently representative of the diversity of experiences that should be there, people will leave, having seen yet another space that isn’t “for” them. So, too, power structures reflect the initial or core body of a social group, and a social group will tend to reflect the demographics of those in positions of power, creating a feedback cycle that will be hard to break without a lot of effort. Seed your network as broadly as you can, and put people without homogenous backgrounds in power.

Empower a broad group. A few admins can’t guide and create the shape of the space alone, so empower users to make positive change themselves.

Plan for timezones. If your chat starts off with US users, you will find that they will dominate the space during US waking hours. You may find an off-peak group in Europe, with an almost entirely separate culture. Bridging the gap with admins in other timezones to help consistently guide the shape of the group can be helpful.

Your users will have reactions to media posted. In particular, seizure disorders can be triggered by flashing animated GIFs. Building an awareness into your social space early can help make sure these are not posted or restricted to certain channels. Likewise, explicit imagery, upsetting news and articles can be marked or restricted, even without banning it entirely.

Plan for how to resolve conflicts. While outright malicious violation of a Code of Conduct can be solved by ejecting members, most cases of conflict are more nebulous, or not so extreme nor malicious that a first offense should involve removal from the space. Slack in particular has let the LGBTQ* Tech group practice a group form of conflict resolution. We created a #couldhavegonebetter channel. When a conversation strays off the rails, into vindictive, oppressive by a member of a relatively privileged group, or evangelizing views that make others uncomfortable, a strategy that has worked well is to end the conversation with “That #couldhavegonebetter”, force-invite the users involved into the channel, and start with a careful breakdown of how the discussion turned problematic. This gives a place to discuss that isn’t occupying the main space; those who care about conflict resolution can join the channel. It’s not super private, but it’s equivalent of taking someone aside in the hallway at a conference rather than calling them out in front of an auditorium full of their peers. De-escalation works wonderfully.

Keep meta-discussion from dominating all spaces. It’s a human tendency to navel-gaze, doubly so in a social space, where the intent of the members shapes the future of the space. That said, it can dominate discussion quickly, and so letting meta-discussion happen in channels separate from the thing it’s discussing can keep the original purpose of channels intact.

Allow the creation of exclusive spaces. Much of the time, especially socially, marginalized people need a place that isn’t dominated or doesn’t have the group who talks over them most: people of color need to escape white people, trans people need to escape cisgender people, people outside the US need space to be away from American-centric culture and assumptions, and not-men need to be able to have space that is not dominated by men. It has ended up being the least problematic to allow the creation of spaces that are exclusive of the dominant group, just to give breathing room. It feels weird, but like a slack focused on a marginalized group as a whole, sometimes even breaking things down further lets those at the intersection of multiple systems of oppression lighten the load a bit.

A chat system with a systemwide identity has different moderation needs than one that does not. A problem found on IRC is that channels are themselves the unit of social space allocation. There is no related space that is more or less intimate than the main group, and so conversations can’t be taken elsewhere, and channelization balkanizes the user group. With Slack, this is not true. Channels are cheap to create, and conversations can flow between channels thanks to hyperlinks.

Allow people to opt out generally, and in to uncomfortable or demanding situations. A great number of problems can be avoided by making it possible to opt out without major repercussions. Avoid lots of conversation in the must-be-present #general channel, howver it’s been renamed. (#announcements in one place, #meta in another). Default channels, auto-joined by new users should be kept accessible. Work-topical channels should be kept not-explicit, non-violent spaces, so they are broadly accessible. Leave explicit imagery in its own channels, let talk about the ills of the world be avoided. And keep the volume low in places people can’t leave if they’ll be in the Slack during their workday.

Good luck, and happy Slacking!

Valerie AuroraStarting your own feminist backchannel

If you’re a feminist with an online presence, you know how hard it is to have a public conversation with your friends without some rando sea-lioning in to the middle of your discussion with his very important man-sights. Maybe they are just explaining your joke to you, maybe they are tone policing, maybe they are sliding into your DMs, maybe they are just boring self-entitled narcissists. Whatever the case, you’d like to be able to have conversations with your friends on the regular without the constant background noise of entitled misogyny leaking in.

I have good news for you: you (yes, you!) can start your own personal feminist backchannel! A backchannel is a alternate conversation happening outside of the “mainstream” discussion, often commenting on or related to the main discussion. Backchannels are incredibly useful to marginalized groups who are looking to build community, mutually support each other, and share useful information for their survival and success. That’s one reason why backchannels are often maligned by the privileged group (unless it is a backchannel for the use of the privileged group, in which case it is “just normal, friends talking”).

When women ask for a women-only discussion group in a mixed gender group, sometimes men in the group get very upset, sometimes to the point of angry shouting and turning red. When I ask them why, they say things like, “Well, they will be talking about stuff and I won’t know what it is,” or “Will they be talking about men – will they be talking about ME?” In addition to the normal human desire to be nosy, they realize that if women (or any other marginalized group) are allowed to talk to each without being monitored by the privileged group, the privileged group might be in danger of losing some of its perks. (E.g., the ability to serially abuse women more easily because their previous victims weren’t able to warn their future victims.)

But the main reason to start your own feminist backchannel is: FUN.

Hey, you like making misandry jokes? So do a whole bunch of other women like you, and you can do it without worrying about a poorly timed “Not all men!” ruining your hilarious riff. Are you super interested in energy policy but most of your friends are bored by it? Start your own backchannel with the other 5 people interested in feminism and energy policy and have conversations you’ve never had outside your own head! Love programming AND sewing? So do literally hundreds of thousands of other people, and you probably know at least 10 of them.

Twitter in particular cries out for feminist backchannels, but I have sad news: group DMs lack the features needed to make a good backchannel. I’ve started or been part of many feminist backchannels in years past, and lately I’ve been surprised by being invited to several new feminist backchannels by people I don’t even know. I thought it was time for a step-by-step guide to starting and maintaining your own feminist backchannel, in the style of “Start your own b(r)and: Everything I know about starting collaborative, feminist publications” which I had fun co-writing with Amelia Greenhall.

Keep your feminist backchannel a secret

The first rule of Feminist Backchannel is: don’t talk about Feminist Backchannel.

Because your backchannel is probably not composed of macho egotistical competitive dudes, you really don’t talk about your feminist backchannel except to people you are inviting to join it. A key element of a successful backchannel is that you only invite people who are a good fit for the backchannel’s social style, which is only a small subset of your friends. But your friends will feel left out and rejected if they learn they haven’t been invited to your backchannel. The only way out of this dilemma is to keep your backchannel secret outside of its current members. (That’s part of why I’m writing this how-to guide, because the people who invited me to their backchannels can’t say anything about starting backchannels without making their uninvited friends feel sad.)

Choose your purpose and scope

You need a vision for your group beyond “People I like,” though that’s a good start! What style of social interaction do you want: warm and sincere, joking and absurdist, cutting sarcasm at all times, everyone pretends to be robots, everyone pretends to be cats? And what is in scope for conversation: technology, cats, the weather, RC cars, doing your nails, complaining about work? You have lots of friends with lots of different social styles, and many of them aren’t going to get along long-term in a backchannel. What is important here is that your group’s overall social style is seldom grating to the people who are in the group. That’s why it’s important to have spelled-out social norms (hey, perhaps even a code of conduct!) and clear rules on acceptable topics.

Find some co-founders

Life happens, and while you might think running a feminist backchannel is totally doable on your own, everyone will be happier if you have a co-founder or two. It helps to have someone to talk to about the scope, style, and membership of the channel, especially when you are considering inviting someone you don’t have a lot of experience with in a social context. Sometimes you are oblivious to a specific person’s most irritating personality faults but they are obvious to your co-founders. (It only takes one irritating person to torpedo a backchannel — keep reading for more about what to do when that happens.)

Choose your medium

I’ll be honest, the answer here is probably Slack. It’s the best private group chat solution I’ve ever seen, by a mile, and the user experience is warm and welcoming. You may also consider old-fashioned IRC, a Mailman mailing list, or a Google Group, but they all have major drawbacks around administration overhead and usability. Slack is free unless you want to keep more than 10,000 messages in your user-accessible history or have custom message retention policies (keep reading for why you might want this). Another advantage of Slack is that if you use it for work, you can login to multiple Slack instances at the same time in the app, so it’s hard to tell that you’re not working!

Be incredibly picky about who you invite

You do not have to invite everyone you kind of like or have something in common with. Especially in fields with relatively few women, we get used to not being picky about who we spend time with – the concept of being able to choose WHICH women in open source software I wanted to hang out with, based on compatible personalities or other interests, was an incredible luxury for me! Your feminist backchannel is going to be a little bit like working in a shared open-plan office with everyone you invite, so if there’s someone who rubs you a little the wrong way, or has opinions about activism that you don’t agree with, or tends towards infectious, unconsolable self-pity, feel free not to invite them. They can start their own feminist backchannel with people who have the same quirks and social styles.

Create and enforce rules about conduct

You should have explicit rules about how people act in your space. Since it’s your space, you get to make up arbitrary additional rules in addition to the usual base assumptions. You can make rules that everyone has to pretend to be a cat when they join the backchannel, or you can make a rule that no one can pretend to be a cat ever – whichever you prefer! The Geek Feminism community code of conduct is a good place to start.

Kick people out when necessary

A few people who don’t have a compatible social style with the group will ruin the entire group. It’s up to the backchannel co-founders, or their duly appointed representatives, to ask people to leave when they are negatively impacting the vibe. This is true even if they haven’t violated your formal code of conduct or done something “awful” enough. Just wishing someone wasn’t in the channel at a vague subconscious level is a good enough reason to ask them to leave. It’s tough to ask people to leave, especially when you like them in other contexts, but crucial to the survival of the group. Watch for when your favorite people start to drift away or go silent – it could be that they are too busy to take part at the moment, but they could also have decided to just leave your group instead of tell you that another member is making them unhappy.

Allow people to choose what topics of conversation they participate in

The conversation in your feminist backchannel is going to range over a wide variety of topics, some that bring up a lot of strong emotions, positive or negative, and some that are just plain boring to others. The best practice here is to split conversations into multiple channels of communication that allow people to choose what they want to participate in (this is easy in a Slack or private IRC server). Some suggested channels:

  • general: for everything that doesn’t go elsewhere
  • rants: for complaining
  • cute: for pictures of kittens, happy children, and flowers, and uplifting stories and things
  • news: to talk about current topics
  • advice: where people can ask for and give advice
  • triggers: place where people discuss commonly triggering topics

Any time you aren’t sure if the rest of the people in the general channel want to talk about a thing, describe what you’d like to talk about and ask if you should start a new channel. If everyone wants to talk about the subject in the general channel, you’ll find out, but most likely you’ll find that you have an enthusiastic subgroup that will excitedly join your new topic of conversation.

Accept the fleeting nature of backchannels

Like any other social group, backchannels don’t last forever. If you’re lucky, you’ll have a constant low-level rotation of old people leaving the backchannel and new people joining and it will stay fresh and interesting for many years. But in most cases, the life of a successful, healthy backchannel is measured in the single digits of years. Don’t be afraid to dissolve it if no one is enjoying themselves as much any more. It will probably give birth to several new slightly better backchannels.

Be aware of the potential for subpoenas

One possibility to be aware of is that if anyone who is part of your feminist backchannel is subpoenaed for a court case related to anything they discussed in the backchannel, and they have kept records of it, they may have to turn them over to the opposing side (probably awful people you detest). There are two ways to avoid having a bunch of lawyers poring over your chat records discussing your ex-partner’s annoying sex habits: have an explicit policy of not keeping the records, or don’t talk about things that might become the subject of court cases.

Unfortunately, this is a place where the free version of Slack doesn’t work well: They keep all of your messages but only let you access the most recent 10,000 of them. I am not a lawyer, but presumably this means Slack could be subpoenaed directly to get the messages that you can’t read.

Hey Slack folks! You have a great product. As a way to support women and marginalized folks of all sorts, I’d like to see Slack add an additional option to the free offering that allows people to choose to permanently delete messages that they can’t access themselves. That would be sweet!

How to join an existing feminist backchannel

Sometimes, the feminist backchannel you want to create already exists and is a good fit for you, and the founders just haven’t thought of asking you to join. Your best course of action in this case is the same as if the backchannel doesn’t already exist: Talk wistfully about wanting to start a backchannel with particular qualities with the people you would like to be part of that backchannel. If it already exists and you are compatible, you will probably get invited to join it. Otherwise, you’re already on your way to being the feminist backchannel you want to see in the world!

Tagged: feminism


Planet DebianRobert Edmonds: Converting to --upstream-vcs-tag

Recently, the Google protobuf developers announced a migration of their project's source code from an svn repository to a git repository. Up until this point, the Debian protobuf package repository had only tracked upstream development by embedding upstream release tarballs using gbp import-orig with pristine-tar. It would be nice to smoothly migrate the packaging repository to additionally make use of the --upstream-vcs-tag option to gbp import-orig, the advantages of which have been well described by Russ Allbery.

This turned out to be harder than expected, so for reference I documented the steps I took below. Note that this packaging repository uses the default gbp import-orig repository layout, where upstream sources are placed on a branch named upstream, and the Debian branch is named master.

Add an upstream remote configured to track the upstream repository's master branch and tags.

$ git remote add --tags --track master upstream

The upstream remote shouldn't be confused with our upstream branch. Note that git-remotes are local to the repository, so the upstream remote should probably be documented in the debian/README.source file.

Fetch the upstream branch and tags.

$ git fetch upstream
warning: no common commits
remote: Counting objects: 5210, done.
remote: Compressing objects: 100% (861/861), done.
remote: Total 5210 (delta 3869), reused 5194 (delta 3855)
Receiving objects: 100% (5210/5210), 3.57 MiB | 1.43 MiB/s, done.
Resolving deltas: 100% (3869/3869), done.
 * [new branch]      master     -> upstream/master
 * [new tag]         v2.6.0     -> v2.6.0

We now have a git-remote upstream, a remote-tracking branch upstream/master which corresponds to the master branch that upstream makes releases from, and a release tag v2.6.0. Note that the remote-tracking branch upstream/master shouldn't be confused with our master branch.

Up until this point, our upstream branch has been synthetically generated by importing upstream's release tarballs with gbp import-orig. We need to merge this synthetic history with upstream/master. Unfortunately, I couldn't find a way to do this without using a temporary branch.

$ git checkout -b tmp upstream/master
Branch tmp set up to track remote branch master from upstream.
Switched to a new branch 'tmp'
$ git merge -s ours -m \
  "Merge the original 'upstream' branch with upstream's new master branch" upstream
Merge made by the 'ours' strategy.
$ git checkout upstream
Switched to branch 'upstream'
Your branch is up-to-date with 'origin/upstream'.
$ git merge --ff-only tmp
Updating 7ed940b..9ba221e
 CHANGES.txt                                                     |    49 +-
 COPYING.txt => LICENSE                                          |     0                                                     |    64 +-                                                     |  1041 --
 README.txt =>                                         |    49 +-
[...many more lines...]
$ git branch -D tmp
Deleted branch tmp (was 5f18f02).

There are now an additional 400 or so commits on our upstream branch, corresponding to the new git repository history published by upstream.

Import the 2.6.0 release tarball against the upstream v2.6.0 tag, using the --upstream-vcs-tag option.

$ git checkout master
Switched to branch 'master'
Your branch is up-to-date with 'origin/master'.
$ gbp import-orig -u 2.6.0 --upstream-vcs-tag=v2.6.0 ~/debian/tarballs/protobuf_2.6.0.orig.tar.gz
gbp:info: Importing '/home/edmonds/debian/tarballs/protobuf_2.6.0.orig.tar.gz' to branch 'upstream'...
gbp:info: Source package is protobuf
gbp:info: Upstream version is 2.6.0
pristine-tar: committed to branch pristine-tar
gbp:info: Merging to 'master'
gbp:info: Successfully imported version 2.6.0 of /home/edmonds/debian/tarballs/protobuf_2.6.0.orig.tar.gz

The upstream branch now contains a mixture of the original series of release tarball content imported by plain gbp import-orig and the upstream/master branch as published by upstream.

Updating the Debian packaging repository when new upstream releases occur only requires a git fetch to pull down upstream's updated git history and release tag and using the --upstream-vcs-tag option when importing the release tarball with gbp import-orig.

Geek FeminismYou’re The Linkspam That I Want (1 March 2015)

  • The Hand on the Knee: A Guide to Twitter DM Etiquette for Men | Amelia Greenhall (February 24): “The “Hand on the Knee” metaphor makes an important point: getting DMs from unknown men does feel… well, here’s how it feels for me: even though 1 in 10 of my unsolicited-DMs-from-men interactions feel ok, usually they feel gross, creepy or patronizing.”
  • Not a “Good Guy” | Anil Dash (February 24): “But I’m a regular guy, just like most of the people who read this site are regular folks. I am dedicated to improving the deep and pervasive sexism in our industry. I am also a man who doesn’t do his share of work around the house. I disproportionately foist the burden of childcare on to my wife, despite the fact that she is, in addition to the best person I’ve ever met, an actual Woman In Technology.”
  • There’s No Morality in Exercise: I’m a Fat Person and Made a Successful Fitness App | Matter | Medium (February 12): “the story I got told about what it meant to have a fat body, that it must mean that I sat around all day eating deep-fried stuffed-crust pizza and watching TV—that story just wasn’t true. The story about how people who look like me hate to exercise just isn’t true. It’s so easy to let the media you see or the discourse you hear define who you are before you’ve even learned about yourself. And I bought into it for too long.”
  • Revenge porn boss wants Google to remove his “identity related” info | Ars Technica (February 24): “What do you do if you’re a revenge porn site operator and the Federal Trade Commission has barred you from publishing nude images of people without their consent? You demand that Google remove from its search engine links to news accounts about the FTC’s action and other related stories, citing “unauthorized use of photos of me and other related information.””
  • How one lawyer is making a dent in the tech world’s gender imbalance | Fortune (February 24): “More people have expressed support than criticized or quietly protested. He’s noticed more women showing up to his events because they know they won’t be the only females in the room. He’s had event organizers reach out to him for suggestions of qualified women speakers. “
  • The Time Everyone “Corrected” the World’s Smartest Woman | Pricenomics (February 19): “The outcry was so tremendous that vos Savant was forced to devote three subsequent columns to explaining why her logic was correct. Even in the wake of her well-stated, clear responses, she continued to be berated. “I still think you’re wrong,” wrote one man, nearly a year later. “There is such a thing as female logic.””
  • I Spoke About Feminism to a Buncha Dudes at a Tech Conf & it Was Actually Pretty Good | Puppet Labs (February 11): “Being inclusive is tough, especially if you are trying to include people who are so used to being on the outside that they keep themselves there. For example, I’m offered the chance of a lifetime to fly to Barcelona to talk about feminism, and my response is to feel microscopic. Shouldn’t an opportunity like that make me feel big, or at least not-bad? And there’s the fact that I didn’t feel technical enough to give a talk about the work that I do every day, and I still don’t”
  • The Hidden Story of Harley Quinn and How She Became the Superhero World’s Most Successful Woman | Vulture (February 17): “”Feminism is about showing women as fully fleshed out human beings, and that’s what Harley is,” Strand said. “She doesn’t make choices that are smart or good for a woman, but she gets to make those choices. Men are allowed to be fuck-ups in all kinds of characters, and women aren’t. We have to be idealized. She gets to not be.””
  • Why the ‘Women in Tech’ Problem May Actually Be a Silicon Valley Problem | Inc (February 25): “But some new research from SmartAsset, which draws on data from the U.S. Census Bureau, shows that if you’re a woman working in tech, Silicon Valley really isn’t all it’s cracked up to be. For women, the hotbed of tech innovation is more likely to be New York, where the sheer of women working in tech is three times that of Silicon Valley. And while women face a substantial pay gap compared to men in Silicon Valley, there are two other major metro areas where women working in tech actually get paid more, on average, then their male colleagues.”
  • Institutional Barriers for Women of Color at Code Schools | Model View Culture (February 24): “Unfortunately, for many of the same reasons that WoC don’t make it into the interview rooms of tech companies, we often don’t make it into the interview rooms of these tuition-free or scholarship-providing code schools. We can trace this back to the pipeline problem, imposter syndrome, and the reality that many of us are caretakers who have people that rely on our time and our income.”
  • Silicon Valley Could Learn a Lot From Skater Culture. Just Not How to Be a Meritocracy | Wired (February 23): “If we’re going to talk about skate culture as a positive influence, we must take lessons from the good and the bad. Especially the bad. To ignore skate culture’s utter disrespect for women while celebrating it as cool and innovative is tacit acceptance of its sexism. We can do better. We must do better. We are better. And way deep down, I still hold out hope that skate culture might get better too.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Chaotic IdealismDay of Mourning 2015: Murder of the Disabled Q&A

Today I'll be joining an online vigil for the 2015 Day of Mourning. The point of the vigil is to commemorate people with disabilities who were murdered by their families and caretakers--killed by the people who were supposed to protect them.

Filicide of the Disabled: What is it?
"Filicide" is a subcategory of homicide. It refers to the killing of a child by the parent. This vigil focuses on disabled people who were killed by their caregivers--usually the parents, but sometimes siblings, relatives, or unrelated household members. Technically, these aren't all filicides, but there's no word for "the killing of a disabled person by their caregiver". Maybe there should be. Or maybe we can just use the term "murder", because of course, that's what it is.

Murder is already a crime. Why is murder of the disabled a special case?
Because the disabled are much more likely to become murder victims. That implies that there are factors in our lives that make us more vulnerable, and by extension, it implies that if we were to analyze and address those factors, we might be able to protect potential victims and save lives. In a weird way, it's a hopeful sign. Improvement is possible. What is it about being non-disabled that lowers a person's risk of becoming a murder victim? Can we give those same protective factors to disabled people?

So how often does it happen?
We know that the risk is much greater, but we don't know exactly how much greater. I've seen figures as low as double the general population's murder rate, and as high as ten times. Homicides are recorded, but whether the victim was disabled often isn't.

We also don't know how often homicides go unreported. Disabled people often have health problems on which their deaths can easily be blamed. Many disabled murder victims have their deaths recorded as "heart failure" or "sudden death". Sometimes, one family member covers for another. Some disabled homicide victims simply vanish.

What happens to the offenders?
You're probably aware that when someone kills a person with a disability, they often go unpunished or receive a lesser sentence than someone who kills a non-disabled person. That's still the case today, but it's getting better. The attempted murder of Issy Stapleton was prosecuted about as severely as any other attempted murder, partly due to outcry by the general public. The London McCabe case is drawing a similar demand for justice.

How the offender is punished often depends on how the court (and the media) see the crime. Is it a nefarioius villain taking advantage of the vulnerability of a disabled innocent, or is it a loving but distraught parent who has "snapped", "reached their limit", and killed their child because of "lack of support"? Personally, I would prefer that they go to neither extreme--that the disabled victim be treated like any other murder victim, neither a martyred saint nor a loathesome burden, but simply a neighbor, a friend, a fellow person who was killed and who deserves justice.

Awareness is improving. Incidents that used to be unreported are now reported; incidents that used to be secret make it to the news, and increasingly to the national news. That means that as things get better, for a while they will seem to be getting worse as we learn more and more names of those killed, essentially, because they were disabled. But awareness is necessary, and the horror we feel as we realize the scope of the problem is a step on the road to solving it.

How does it happen?
There are a few basic types of deaths.

Murder-suicide or attempted murder-suicide is the case of a caregiver killing the disabled person just before they take their own life. An example is the case of Robert Robinson, whose mother poisoned him and then herself. She left a note about "lack of services". Sometimes, the murder is completed but the suicide is not. This combination of a murder and a suicide gesture could be seen as an attempt to justify the murder to others ("See, I was so upset I tried to kill myself too!"), or to oneself, ("I'm not a killer; I just couldn't stand to leave my child alone."). Murder-suicide is a psychological phenomenon different from suicide and murder, but it shares more factors with murder than with suicide.

Deliberate Neglect is a more subtle type of murder, but no less excruciating for the victim. These people die because their basic needs aren't cared for--whether that's the typical needs that everyone has, like food and warmth, or needs associated with the disability, like medication or supervision. Neglect has, for the killer, the benefit of allowing them to pretend that they are not actually killing their victim.

Jarrod Tutko Jr. died alone in his attic, starved and dehydrated, denied medical care or therapy. His parents had rejected offered nursing care and did not enroll Jarrod in school, where he could have gotten therapy and education. Like Jarrod's parents, neglectful parents have the resources to care for their children--but they don't use them. They may even steal and spend money designated for the disabled person's care on themselves.

Abuse-related killings happen when child abuse causes injury or illness that eventually kills the child. The intent to kill isn't conscious, but the intent to torture, terrorize, and dominate are there, and the killer's actions result in the death of the disabled person. People with disabilities are particularly vulnerable to abuse because it is harder for them to find help; sometimes they cannot communicate very clearly, and other times they are simply not believed. Once a person with a disability is stereotyped as "manipulative", it can be impossible to find someone who will believe them when they say someone is hurting them. Other disabled people have been abused for so long that they have difficulty understanding that what is happening to them is wrong. And some are abused openly, with the abuse called "therapy".

An example of an abuse killing is that of Otto Smith, an eighteen-year-old young man who was so terrified of returning home from a residential center that he tried to jump out of a car. He was justified; only weeks after he returned home, his mother's boyfriend killed him. Despite his obvious fear and a hospital visit for abuse-related injuries (which were blamed on his autism), no one seems to have seen the problem.

"Mercy-killing" is a type of deliberate homicide justified by the killer, to themselves or others, by the belief that the victim is better off dead. When we talk about "mercy-killing", the mental image that many people have is of someone in horrible pain, whose existence is a living hell, and whose loved ones make the wrenching decision to commit murder to relieve them of that pain. But that's not the reality. What makes a "mercy-killing" homicide happen is actually the killer's viewpoint--not the victim's. The killer is the one who is making the judgment that the victim's life is not worth living; in reality, the victim is often living a very happy, fulfilling life, or at least they're living a life they're as satisfied with as the average person is with theirs. But the killer doesn't see it that way.

(I should touch on voluntary euthanasia here: Truly voluntary euthanasia is a choice made by a competent individual. It is neither forced nor imposed on them by anyone else. Opinions on its legality and morality differ, but in any case it is a very different thing from an externally-imposed "mercy killing" or "euthanasia", which is a type of murder and is based on the killer's evaluation of the victim's life, regardless of the victim's actual opinion or experiences. Even people living with chronic pain or locked-in syndrome can describe their lives as happy and fulfilling; "quality of life" cannot be judged externally.)

Ten-year-old Katie Lynn Baker was described by everyone who knew her as a happy child who loved life. Like many girls with Rett syndrome, she had trouble with constipation, which would cause her to lose her appetite. In response, her mother starved her to death, and was never punished. She could not see her daughter's happiness; she only saw her daughter's disability, and interpreted her loss of appetite as a desire to die.

What causes people to kill their disabled family members?
This is a complex question that no one has fully answered yet, but I can give a rough, simple answer that I think we should all keep in mind: When someone kills a disabled family member, it is because they chose to kill their disabled family member. I know that sounds simplistic, but we shouldn't lose sight of it. Deliberately killing, abusing, or neglecting another human being is a choice made by the perpetrator.

Murders of disabled people are often not so different from murder in general. All the same risk factors apply. The biggest one, as always, is that the killer has usually been abusive in the past. Murders happen more often when the family is isolated, when abuse is seen as normal, and when there is a murder weapon easily available.

When a disabled child is involved, there are other factors that relate to the disability.

Some killer caretakers seem to love not the child they actually have, but the child they imagine they would have if the child were not disabled. There's a lot of talk about the disability "stealing" the child, about the parent having to "rescue" the child. Many of these caretakers will have spent a lot of time and effort trying to cure their child--perhaps through alternative medicine, or perhaps through intensive therapy. They may make statements like, "I love my child, but I hate their disability."

Other killers have identities that seem to have enmeshed themselves with their disabled child's. They do not see the child as a separate individual, and seem unable to understand that the child has a separate existence and a separate perspective. When they kill themselves, they also kill the child because that child has become a part of them, and they cannot conceive of anyone else possibly taking better care of the child than they can. Some of these killers take the disabled person out of a residential placement to kill them, or kill them just before such a placement is to occur. The threat of separation leads them to reason, "If I cannot have them, then no one will." Or, "I couldn't stand to leave them alone."

Some homicides happen simply because the caretaker doesn't care. These are the neglect killings and some of the abuse killings, as well as some of the premeditated murders. The disabled person is a hassle, an obstacle, or an unwanted "burden". Neglect killers often ease into things slowly--at first, they give the person the bare minimum, then a little less, then a little less; then when people start to notice, they lock the disabled person away in a room, and eventually, they ignore them altogether. Each small step is easy once the one before has been performed. The more the disabled person is neglected, the less the killer sees them as lovable. They become dirty, unkempt, upset; they try to ask for help and become "annoying" to the caretaker. As time goes on, murder becomes less and less inconceivable.

Some killers seem to have started out with the idea that living as a disabled person is unacceptable, and they impose that idea on their victims. When it becomes clear that the disabled person will stay disabled; when the disabled person will clearly need to live in a group home; when the disabled person is getting older and not getting better--that is when they decide that death is better. These are the "mercy killings", the murders that are justified by the killer's belief that disability is worse than death. As though they are living in a movie, these killers seem to think that a disabled person's story must end either in cure or in death--that it is unacceptable for a disabled person to live, as a disabled person, past the ending credits.

Can we predict it?
Yes and no. There are red flags... but not every killing is preceded by red flags, and most red flags don't mean a killing is inevitable.

What should we watch for?
If you see any of the following danger signals, a disabled person may be in trouble:

  • A jealous or possessive caretaker is threatened with separation from the disabled person.

  • A parent who sees residential placement as "worse than death".

  • A suicidal caretaker who does not believe that the disabled person could live without them.

  • A family that isolates itself, or the disabled person in particular, from the community. (Most home-schooled children participate in their communities. It can be used as an excuse to isolate the child, though.)

  • A child is withdrawn from school after neglect or abuse is noted.

  • Caretaker spends a great deal of time and effort trying to "cure" the disabled person, and seems to see continued disability as "not an option".

  • Warning signs of suicide in a caretaker who seems to be preparing for death, but does not make any effort to ensure the safety of their disabled family member.

  • A child whose condition worsens over weekends, vacations, or summer. An adult whose condition worsens after graduation from high school.

  • Disabled person is withdrawn from institutional placement by caretaker who has no plans for the person's future.

  • Caregiver does not seem to see the disabled person's perspective as separate from their own. They may share personal, private, or embarrassing details about the disabled person without their permission, talk as though the disabled person is not there, or "speak for" the disabled person.

  • Frequent use of restraints; marks of restraints on the body.

  • Disabled person is constantly searching for food, hoards or steals food, eats food from the trash.

  • Disabled person has been missing doctor's appointments, therapy visits, etc.

  • Caregiver seems to be primarily focused on being "stressed out" or "trapped".

  • Child's absenteeism from school worsens.

  • Disabled person shows fear of a certain person or location, or persistently leaves that location. "Wandering" may be used as an explanation.

  • A disabled person tells you they are being mistreated. Seriously. Believe them and do something.

  • Behavior changes, especially fearful, fearful-aggressive, or becoming unusually trusting of strangers.

  • Deterioration in coping skills or functioning level.

How can we prevent murder of disabled people by caregivers?

  • Keep disabled people involved in our communities. Don't segregate; instead, make public spaces available to everyone. If we don't know that someone exists, we won't know when they're in trouble.

  • Make it clear to caretakers that they always have a "last resort" that doesn't involve killing the disabled person. Many killers feel "forced" into killing; if we give them an outlet--such as leaving the disabled person at a hospital, for example--we might prevent some of them from going through with it.

  • Train caregivers. Not only does this help them become better caregivers, it also creates social connections that make warning signs more obvious to others. But beware: "Support groups" composed primarily of caregivers who spend most of their time talking about the "burden" of disability can become poisonous.

  • Reform institutions. And I'm talking group homes here, too; they're mini-institutions and there's no semantics that can change that. People who live in group homes should know their neighbors, and their staff should be staff rather than overlords.

  • A residential placement should not be something that a possessive caretaker fears so much that they will kill rather than allow a disabled person to live there. To accomplish that, we need to make group homes and other residential placements visible and familiar--to give the general public a real picture of a decent place to live.

  • Listen to the disabled. When we say we're being hurt, we're not "acting out"; we're asking for help. For some of us, the cognitive struggle of even understanding that we are being hurt and that we can ask for help, and the logistical problem of how to ask for help, is an extremely difficult accomplishment. Don't throw it away. Some disabled people don't talk or have been silenced so repeatedly that they no longer know how to protest abuse. These people have only their behavior to communicate to you. Listen to it.

  • Make it harder for a disabled person to "vanish". When a person misses a doctor's appointment, are they still getting the care they need? If a child isn't in school, are they still learning? There's a birth certificate, but no medical records; why? Yes, the family moved away, but where are they now, and are they connected to medical and social support in their new location? This young adult just graduated from high school; what will they do next (or, even better: This fourteen-year-old just entered high school; what will they do when they graduate)? Complaints of abuse need to be recorded and accessible so that when sixteen different reports come in, anyone receiving one of them knows about the other fifteen.

  • Take crimes against disabled people as seriously as any other crime. Most crimes against people with disabilities go unreported and unpunished. When one does get reported, the criminal often gets away with very little punishment. This needs to change. Especially for crimes that take place in schools and residential centers, it's important that when a crime is reported, it gets prosecuted, and when it's prosecuted, the perpetrator is sentenced just like someone who committed a similar crime against a non-disabled person.

  • Create accommodations and technology that supports a disabled person's self-determination. Yes, disability means we need help, but that's not the point. If I am completely paralyzed and I use an eye-tracker to tell my caretaker that I want to wear a pink shirt today, I have made that decision as truly as someone who is fully mobile and pulls that pink shirt out of their own closet. We need to make sure that when we create a space that either disabled people or the general public will use, we make it possible for disabled people to run their own lives, say their own words, and make their own decisions. Making your own decision, as a disabled person, shouldn't be a privilege that is granted you by a benevolent guarding; rather, it should be a right that you have, by default. Only when you actually cannot make a decision yourself should it ever be made for you.

  • Empower disabled people, especially children. Teach them that they have rights, and that they can stand up for their rights. Teach them to be assertive rather than submissive. Teach them, if you have to, that it's all right to bite someone for being mean to you; that you're not misbehaving if you're running from someone who's hurting you; that you don't have to earn the right to be treated with decency and respect. Give them technology that lets them make their wishes known and control their own environments. Teach them skills that let them protect themselves.

This isn't a problem we're going to solve in a day, a year, or a decade. Awareness is increasing, but it's better for cute, young, white disabled people than for disabled people who are too old to be cute, or institutionalized, or who for some reason don't make good poster children. Disabled people still have to seem completely innocent to be seen as not responsible for their own murders; if they were badly behaved, aggressive, rebellious, or just imperfect human beings, many people still seem to think that their murder was justified.

We need to teach the general public to see disabled people as individuals. If they did, then when someone said "autism" they would think, "Oh, that's like my neighbor; my co-worker; my friend," rather than thinking, "One in sixty-six. Can't talk. Lines things up. How tragic." If they could be taught that "People" and "Autistic people" are not separate categories, they could begin to apply the things they know about "People" to everyone, autistic and not--things that include being valuable, being worth listening to, being capable of happiness and worthy of life.

Planet DebianDirk Eddelbuettel: drat 0.0.2: Improved Support for Lightweight R Repositories

A few weeks ago we introduced the drat package. Its name stands for drat R Archive Template, and it helps with easy-to-create and easy-to-use repositories for R packages. Two early blog posts describe drat: First Steps Towards Lightweight Repositories, and Publishing a Package.

A new version 0.0.2 is now on CRAN. It adds several new features:

  • beginnings of native git support via the excellent new git2r package,
  • a new helper function to prune a repo of older versions of packages (as R repositories only show the newest release of a package),
  • improved core functionality in inserting a package, and adding a repo.

Courtesy of CRANberries, there is a comparison to the previous release. More detailed information is on the drat page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-02-23 to 2015-03-01

Planet DebianThorsten Alteholz: My Debian Activities in February 2015

FTP assistant

Processing the new queue got off the ground again. This month I marked 154 packages for accept and rejected 20 packages.

Some emails I got were rather funny and people are very creative when trying to interpret the license of upstream. But hey, most of the time upstream has a reason to choose a specific wording. You can try to interpret those words, but don’t waste your time. Better ask upstream about their intention and whether this fits into the world of Debian. It only sounds strange when upstream publishes their stuff under licenseA and wants to distribute their files under licenseB but insists on keeping the wording of licenseA. That’s life!

Squeeze LTS

This was my eighth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 14.5h and I spent these hours to upload new versions of:

  • [DLA-145-2] php5 regression update
  • [DLA 146-1] krb5 security update
  • [DLA 150-1] unzip security update
  • [DLA 151-1] libxml2 security update
  • [DLA 162-1] e2fsprogs security update

For whatever reason, the DLA-145-2 didn’t reach debian-lts-announce. As the listmaster didn’t find any reason for this (at least the other emails all appeared), I think there has been some extraterrestrial influence (“The Truth Is Out There”).

Anyway, I also worked on an upload for binutils, but one patch is a real 100kB-beast. Meanwhile I am down to only one regression in one source file, so I hope that there will be an upload in March.

I also uploaded one DLA for libgtk2-perl ([DLA 161-1] libgtk2-perl security update although no LTS sponsor indicated any interest.

Other packages

I didn’t do any work on other packages, but looking at the bug count, the number of bugs has increased. So, sorry, if you sent in a bug report and I didn’t answer. It is not forgotten.


After adding some micro payment buttons to my blog in January, I already got a donation of 20€ in February. I really appreciate this and I feel vindicated that my contributions to Debian are still useful.

Sociological ImagesJust for Fun: Is Truncating the Y-Axis Dishonest?

What do you think?


Thanks to @WyoWeeds!

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

Planet Linux AustraliaClinton Roy: clintonroy

A quite full on day.

Woke up early because..that’s what I do. Headed out to Sunnybank library in the morning, CoderDojo, then back to The Edge for minicomicon, where I picked up a few small freebies, but didn’t spot anything that I felt like buying. I spent a little time coding up a simple Markov generator, hopefully simple enough for the coder dojo folks to follow. After all that, out to Humbug.

Filed under: diary

Rondam RamblingsAT&T: the saga continues

We just closed out the second day of AT&T technicians trying to figure out why our uVerse internet isn't working.  We had three techs here today for a total of nine hours, and they still weren't able to get it to work.  One of the three really seems to know what he's doing, and he claims to have found and fixed all kinds of problems with the lines leading up to our house.  Despite this, it's


Planet DebianBen Hutchings: Debian LTS work, February 2015

This was my third month working on Debian LTS, and the first where I actually uploaded packages. I also worked on userland packages for the first time.

In the middle of February I finished and uploaded a security update for the kernel package (linux-2.6 version 2.6.32-48squeeze11, DLA 155-1). I decided not to include the fix for CVE-2014-9419 and the large FPU/MMX/SSE/AVX state management changes it depends on, as they don't seem to be worth the risk.

The old patch system used in linux-2.6 in squeeze still frustrates me, but I committed a script in the kernel subversion repository to simplify adding patches to it. This might be useful to any other LTS team members working on it.

In the past week I uploaded security updates for cups (version 1.4.4-7+squeeze7, DLA 159-1) and sudo (1.7.4p4-2.squeeze.5, DLA 160-1). My work on the cups package was slowed down by its reliance on dpatch, which thankfully has been replaced in later versions. sudo is a more modern quilt/debhelper package, but upstream has an odd way of building manual pages. In the version used in squeeze the master format is Perl POD, while in wheezy it's mandoc, but in both cases the upstream source includes pre-generated manual pages and doesn't rebuild them by default. debian/rules is supposed to fix this but doesn't (#779363), so I had to regenerate 'by hand' and fold the changes into the respective patches.

Finally, I started work on addressing the many remaining security issues in eglibc. Most of the patches applied to wheezy were usable with minimal adjustment, but I didn't have time left to perform any meaningful testing. I intend to upload what I've done to for testing by interested parties and then make an upload early in March (or let someone else on the LTS or glibc team do so).

Update: I sent mail about the incomplete eglibc update to the debian-lts list.

Planet DebianPetter Reinholdtsen: The Citizenfour documentary on the Snowden confirmations to Norway

Today I was happy to learn that the documentary Citizenfour by Laura Poitras finally will show up in Norway. According to the magazine Montages, a deal has finally been made for Cinema distribution in Norway and the movie will have its premiere soon. This is great news. As part of my involvement with the Norwegian Unix User Group, me and a friend have tried to get the movie to Norway ourselves, but obviously we were too late and Tor Fosse beat us to it. I am happy he did, as the movie will make its way to the public and we do not have to make it happen ourselves. The trailer can be seen on youtube, if you are curious what kind of film this is.

The whistle blower Edward Snowden really deserve political asylum here in Norway, but I am afraid he would not be safe.

Planet DebianZlatan Todorić: Interviews with FLOSS developers: Joey Hess

Edit: Now translated to Chinese. Thanks zhang wei!

There is really hardly a better way to open a series of interviewing with developers behind Free Libre Open Source Software project, then with incredible mind such as Joey Hess. To write his contributions to Free software ecosystem, especially in Debian, would be a book by itself. His impact exceeds even his projects - people literally follow his blog posts to see what he is doing and how is he living. A hacker from cabin. If you really need to have a picture of true hacker, then Joey is the one. As this isn't a book I will just mention few projects that he has been behind - git-annex, ikiwiki, etckeeper, debian installer, parts of dpkg, debhelper, devscripts, taskel. So without further waiting here it is.

Picture of Joey Hess

me: Who are you?

joeyh: I'm Joey --

me: How did you start programming?

joeyh: Atari 130XE which came with BASIC and a boring word processor and not much else. No other friends had one, so the only way to get software was to type in demo programs from manual and then begin to change and write my own. So, the easy way to learn. Also some Logo in school.

me: How would you now advise others to start programming?

joeyh: Difficult question, it seems much harder to get an intimate understanding of things than when I started, and much harder to be motivated to program when there's so much stuff easily available. Maybe simple bare-metal systems like Arduino coupled with real-world interaction are the answer.

I've recently been mentoring my nephew who is learning python and Python the Hard Way has gotten him far impressively fast.

me: Setup of your development machine?

joeyh: Lenovo laptop de-spywared with Debian unstable, xmonad, xfce, vim.

me: Your thoughts on Purism (the open hardware laptop initiative that got recently funded on CrowdSupply)?

joeyh: I don't know much about that one, but it seems that consumer level hardware has gotten so low quality, and so closed and untrustworthy that it makes sense to either build alternatives that are open, or pick out, as a community, the stuff we can adapt to our needs and concentrate on it. Several projects are trying, I hope they succeed.

me: How do you see future of Debian development?

joeyh: Well, I've mostly stopped worrying about it. If you look back at my presentations at the past 2 or 3 DebConfs, you'll find my best thoughts on the matter.

me: You retired as Debian developer - do you intend sometime soon to come back and/or do you plan to join some other communities?

joeyh: It would be glorious to come back, wouldn't it? But I don't think I will. Can't step in the same river twice, and all.

Instead, Debian will probably have to put up with me as an annoying upstream author who doesn't ship tarballs, but does ship debian/ directories, and as a bug reporter who enjoys reporting amusing bugs like -0 NaN.

I seem to have more time to spend in other online communities since I left Debian, but in a more diffuse way. Maybe that's just what it's like, to be involved in Free Software but not in the embrace of a big project like Debian.

me: Some memorable moments from Debian conferences?

joeyh: There are so many! Picnicing on berries and tamales at the Portland farmer's market right outside the venue; rainbows and bonfire in Switzerland after crazy busy days; impromptu pipe organ repair in a weird night venue in Edinburgh; walking through Porto Alegre at night with Ian Murdock and how humble he was about what he'd started; hacking all night in Spain; failing to sleep through midnight sun and incessent partying Finland; hanging out in the hotel lobby in Atlanta where we designed Build-Depends.

me: Are you a gamer? Valve Steam games are offered for free to Debian Developers - do you use steam and play Valve games?

joeyh: I've played through Half Life and Portal, but nethack has claimed more of my time. I mostly enjoy short, indie games, or games that tell us something new about the medium of games, A recent favorite was A Dark Room.

But really, I have more pure fun playing real world Tabletop games with friends, like Carcassanne Discovery and Hive.

In March, I am going to try to write a roguelike game in one week, in Haskell, for the Seven Day Roguelike Challenge and I'll be blogging about my progress daily.

me: You are nowdays a Haskell hacker (git-annex) - what would you like to say about this language and how does it compare to Python, C, JavaScript, Ruby and Perl?

joeyh: Not just git-annex; all my current projects are written in Haskell.

I think it's amazing how much we expect programmers to keep in their heads while writing code. Is that buffer going to overflow? Is changing the value of that global variable going to break some other part of the code? Is that input sanitized yet? Did that interface change? Haskell solves some of these outright, but more, it makes you start noticing this kind of pervasive issue, and it provides ways to completely eliminate a class of problems from your code.

For example The class of bugs I avoided there had never affected my code even once, but it was still worth preventing that whole class of bugs, so I don't have to worry about them ever again.

me: Would you suggest Haskell as first language to learn especially for those that have an itch for mathematics?

joeyh: I think that can work well. Or it can go other the way -- I had an affinity to mathematics when I was young, but it got knocked out of me in the way that happens to many people, and languages like perl and C don't do much to make you want to learn more about higher-order math. I've been picking up a bit more here and there via Haskell.

me: How do you compare your productivity in Haskell compared to your Perl days?

joeyh: It's very different; I'm a very different programmer now. I probably would bang out quick hacks more quickly when I was writing Perl. But, they tended to stay quick hacks. Now, I might take a little longer to get there, but the code seems a lot more solid, while also being more malleable to turn into larger or different programs.

I'm also a lot more drawn toward writing software libraries.

me: Can you describe your philosophy of life (you live in cabin, in forest, using a lot of solar power - many people are intrigued (including myself) what drives you towards that kind of life and how does it impact your overall quality of life and happiness. Looking the todays modern predator capitalistic society, in which you could easily earn more then $10.000 a month, you seem to be an anarchist and very humble human)?

joeyh: I want to build worthwhile things that might last. Which is super hard in the world of software, both because it's hard to think far ahead at all, and because most jobs don't emphasize that kind of real value. I've been lucky and bootstrapped up to a point where I've been able to work full time on free software for years, and I'm willing to forgo a lot to continue that.

Living in the woods without modern conveniences is great, because it's quiet and you can think as much as you like; the internet is just as close as it is anywhere else (maybe a bit slower); and when you've spent too much time quietly thinking you'll need to go chop wood, or haul water, or jump in the river to cool off, depending on the season.

(Humble? Like most programmers, I am internally a flaming tower of ego...)

Vote on Hacker News

Planet Linux AustraliaDavid Rowe: SM1000 Part 11 – Accepting Pre-orders!

The first batch of 100 SM1000s are being built in China right now and we estimate shipping will start in late March. Due to popular demand I am accepting pre-orders right now!

Australian customers can buy directly from my Store, rest of the world please use the Aliexpress Store for direct shipping from Shenzhen, China.

Thanks Rick KA8BMA and Edwin from Dragino for all your kind help!

Planet DebianMathieu Parent: Hello Planet Debian

After more than five years of being a Debian developer, here is my first post on Planet Debian!

I currently maintain 165 packages. My focus has changed since 2009, but those are still mostly sysadmin packages:

  • ctdb (under the pkg-samba umbrella), the clustered database used by samba
  • c-icap and c-icap-modules: a c-icap server mostly useful with squid and providing url blacklists and antivirus filtering
  • pkg-php-tools: easy packaging of PHP packages (PEAR, PECL and Composer) as .deb
  • 124 php-horde* (Horde) packages: A groupware and webmail, written in PHP
  • 12 PHP PEAR, Composer, or PECL packages (those are Horde dependencies)
  • I’m mostly maintaining alone the above packages. Any help is appreciated!
  • python-ceres, graphite-carbon and graphite-web: Graphite is an high performance monitoring and graphing software. Jonas Genannt is maintaining the packages well and I only do review
  • 20 shinken packages : a monitoring solution, compatible with nagios configuration files and written in python. Thibault Cohen is doing most of the packaging, and I give advice
  • svox: The TTS from Android (unfortunately non-free because of missing or outdated sources). This is now under the Debian Accessibility Team umbrella
  • kolabadmin: this is the last remaining piece from my former pkg-kolab membership (unfortunately kolab server won’t be in jessie, you can help the team for Stretch)

Now that the first post is online, I will try to keep up!

Don MartiPersonal data, politics, and an opportunity

Charles Stross, in A different cluetrain:

"Our mechanisms for democratic power transfer date to the 18th century. They are inherently slower to respond to change than the internet and our contemporary news media."

Bruce Schneier, on Ars Technica:

"Facebook could easily tilt a close election by selectively manipulating what posts its users see. Google might do something similar with its search results."

The bias doesn't have to be deliberate, though. Eric Raymond posted an example on Google Plus.

G+ may be engaging in non-viewpoint-neutral censorship of news articles relating to firearms.

Turned out that there was a bug in how Google Plus interacted with the CMS on a pro-Second-Amendment site. Not a deliberate political conspiracy, but software is full of bugs, especially when independently developed projects interact. When bugs affecting some political content are quietly fixed faster than bugs affecting others, it's not a sneaky conspiracy. It's just the natural result of programmers and early adopters choosing to test with less of the content that isn't a "cultural fit". Software developers have political views, and those views tend to escape into their software, and affect the software's users.

Google and Facebook don't have to decide to manipulate elections. Manipulation is an emergent property of networked software development. On the Planet of Classical Economics, Facebook and Google would sell their user-manipulating power to the highest bidder. But here isn't there. In the USA, the Data Party (mostly for mental extraction, mostly "blue") has the mainstream Internet businesses, and the Carbon Party (mostly for resource extraction, mostly "red") doesn't.

Which is the same problem that Roger Ailes had for TV in 1970, and we know how he ended up solving that one.

Today, is somebody on the Carbon Party side doing for their "SJW in our people's pockets" problem what Ailes did for their "liberal in our people's living rooms" problem? Yes, a Data Party has a head start over a Carbon Party in a race to build a mobile platform, but plenty of "red state" people can code, write checks, and place orders from the countries that still know how to make things.

Are we going to get two parallel user-tracking industries in the USA, the same way we have two factions in broadcast and cable media? And will each one offer tools to protect users from the other? I might buy a Koch-o-Phone just to watch the OS and the inevitable PLA spyware fight over my Facebook timeline.

Planet DebianDirk Eddelbuettel: RcppEigen

A new release of RcppEigen is now on CRAN and in Debian. It synchronizes the Eigen code with the 3.2.4 upstream release, and updates the RcppEigen.package.skeleton() package creation helper to use the kitten() function from pkgKitten for enhanced package creation.

The NEWS file entry follows.

Changes in RcppEigen version (2015-02-23)

  • Updated to version 3.2.4 of Eigen

  • Update RcppEigen.package.skeleton() to use pkgKitten if available

Courtesy of CRANberries, there is also a diffstat report for the most recent release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Sociological ImagesThis Month in SocImages (February 2015)

SocImages News:

You like!  Here are our most appreciated posts this month:

We had one BIG winner this month! In “Where Do Negative Stereotypes about Feminists Come From,” I collected some pre-1920s anti-suffrage propaganda that revealed that stereotypes about feminists are 100 years old or more.  It got 5,200 likes here on SocImages and 16,250 notes on our Tumblr. Thanks everybody!

Editor’s pick:

My favorite was the one about tomatoes.

Upcoming Lectures and Appearances:

  • If anyone’s going to MSS this year, I’d love to say “hi”! I’ll be giving a plenary on March 27th titled “Doing Public Sociology: Notes from a Practitioner.”
  • Afterward I’ll be dropping by to the University of Missouri, Columbia to give a talk on hookup culture. Drop me a line if you’d like to meet up!

Follow us!


I’ve started a little side project. Just a place to store and collect my thoughts about New Orleans. Most of what’s on there now has already been posted here, and I can’t promise that won’t be the case for what comes next. But if you’d like to follow along, please be my guest. It’s part of my long-term fantasy of writing a social science-inspired guidebook to the city. You know, for nerds.2 (1)

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

Planet DebianGunnar Wolf: Welcome to the world, little ones!

Welcome to the world, little ones!

Welcome little babies!

Yesterday night, we entered the hospital. Nervous, heavy, and... Well, would we ever be ready? As ready as we could.

A couple of hours later, Alan and Elena Wolf Daichman became individuals on their own right. As is often the case in the case of twins, they were brought to this world after a relatively short preparation (34 weeks, that's about 7.5 months). At 1.820 and 1.980Kg, they are considerably smaller than either of the parents... But we will be working on that!

Regina is recovering from the operation, the babies are under observation. As far as we were told, they seem to be quite healthy, with just minor issues to work on during neonatal care. We are waiting for our doctors to come today and allow us to spend time with them.

And as for us... It's a shocking change to finally see the so long expected babies. We are very very very happy... And the new reality is hard to grasp, to even begin understanding :)

PS- Many people have told me that my blog often errors out under load. I expect it to happen today :) So, if you cannot do it here, there are many other ways to contact us. Use them! :)


TEDTruth meets dare: Our curators on the speakers and themes of TED2015


Content director Kelly Stoetzel and curator Chris Anderson have spent more than a year creating the program for TED2015, “Truth and Dare.” Here, they discuss the themes.

At the end of TED2015, curator Chris Anderson and content director Kelly Stoetzel want people to walk away feeling like “they’ve had with their worldview challenged in a productive, satisfying way.”

For this conference, whose theme is “Truth and Dare,” they’ve crafted a speaker lineup that ranges from neuroscientists to machine-learning experts to newly minted activist Monica Lewinsky. A month before TED2015, we sat down with Anderson and Stoetzel to talk about the themes that will run through the conference and the speakers they can’t wait to see onstage.

How did you come up with the theme “Truth and Dare?”

Anderson: Well, we were playing this game… No, how did we come to it? What happens with all themes is: you throw around a bunch of ideas. We’re looking for things that are bold and striking, but not too narrow, because we’ve got to encompass a lot of content. It’s the broadest of broad lenses. We started off with the idea of challenging truths — that there are all these perceived facts out there in the world that don’t seem to be quite right. We thought of TED’s role as going deeper — going behind surface truth, resetting people’s ideas.

Stoetzel: We initially built off the phrase “Ideas worth challenging.” We wanted to include speakers who would argue against perceived wisdom, speakers who have sound, ingenious solutions and speakers who are a bit controversial. We came up a lot of ideas that we loved with that theme, but ultimately we felt that it was limiting.

Anderson: You can imagine, at the end of the day, that being quite an exhausting TED.

Stoetzel: So we started exploring other word combinations. “Truth and Dare” just felt right. To me, ‘truth’ is about people sharing a deep truth that they’ve delved into in their work or research. Then the ‘dare’ part is including people who are right on the edge of something brave: they’re innovating in a smart way; they’re doing something that’s not business as usual; they’re challenging conventional wisdom.

Who are some of the speakers in the program who people might not know yet, but will be totally fascinated by?

Anderson: Certainly Anand Giridharadas, an author who came out with a book last year that is breathtaking. It’s a parable of two Americans, and I think it will be an incredibly powerful talk.

I also spent an hour yesterday talking to Martine Rothblatt, whose story is astounding. She’s founded a couple of companies, including one that saved her daughter’s life. I’m excited that I get to interview her.

Stoetzel: One speaker I think is really interesting is Alan Eustace. He broke Felix Baumgartner’s record for the space jump, but he didn’t have a big PR push behind it, so didn’t have the prominence in the media that Baumgartner did. I think hearing his story of how and why he did that is really great.

I’m also really excited about David Eagleman, a neuroscientist who studies the plasticity of the brain. And about Fei-Fei Li, who is working at the edge of machine learning. She is going to show us some incredible innovation that I think will be mind-blowing.

Session 3 is called “Machines that learn.” How did that emerge as a theme for the conference?

Anderson: It’s probably the most important technological trend at the moment. Most of the new things happening right now that feel like magic — whether it’s self-driving cars or translations suddenly getting much better — there’s machine learning behind it. What’s about to come, I think, is more remarkable still. Machine learning is moving so fast and the implications are both amazing and potentially alarming. One of the speakers we have is Nick Bostrom, who has written a book about superintelligence and its risks — and how we avoid them. The worst risk is artificial intelligence taking over the world, and there are a lot of people genuinely concerned about that. But in the meantime, some of the advances are mind-boggling. We are showcasing those too.

Looking over the lineup, there are many names that people will recognize. Who will give talks that might surprise us?

Anderson: Marina Abramović. I am really captivated by her intensity and charisma, and her ability to use her art to really move people. She demands a big reaction. So we’re definitely excited about that.

Tony Fadell, the creator of the iPod, who has had a huge impact on all of our lives. He’s a strong advocate for integrated design that is both beautiful and intuitive. What he’s done with Nest is remarkable, and hearing his takeaways for how we should think about design for the future is exciting.

Stoetzel: And, of course, there’s Monica Lewinsky.

Did you have any concerns with inviting her to speak? What made you feel like she was someone people needed to hear from now?

Anderson: Well, it is “Truth and Dare.” For someone in her situation, it does take courage to stand on a public stage. I think she has important insights to share.

Stoetzel: Yeah, this will be only the second time she’s spoken publicly. She calls herself Patient Zero for online bullying. She has a lot to say, as someone who has experienced it for half of her life.

For Session 8, you’re handing over the reins to Pop-Up Magazine. How will that session work?

Anderson: I’m excited by Pop-Up Magazine’s whole format and approach. They’ve got about 12 speakers total, so their session will move very fast. Some of the talks are read, some have images and music. Their show always evokes intense reactions — people get really moved and inspired — so we’re excited to see how people respond at TED. We are very conscious about wanting to innovate around format, so it’s exciting to bring in someone who produces with a different set of eyes.

Session 2 is all about perception. Talk about why you wanted to explore that.

Anderson: I’ve long been obsessed by topics in that area. When you think about “Truth and Dare,” one of the truths that seems most worth challenging is our everyday sense of what the world is. It’s probably completely wrong; it’s likely that we’re wired to be deceived by our senses. If you’re going to challenge truth, why not start with something as fundamental as that? When you dig into it, you see how much of what we see is a model built by our brains — often for purposes other than seeing the world for what it is. So what is the world? Can we know it? David Eagleman and Donald Hoffman, for example, both have very interesting takes.

There’s also a session called “Passion and Consequence.” Passion is always percolating in TED Talks. What made it the focus for a session?

Anderson: That session is on the final evening — the penultimate session of TED2015. By that point of the conference, people have explored a lot of different areas and they’ve sort of opened up. I think it’s a great time to just hear from people who care a lot about something. It’s people in wildly different areas who have that in common, all of whom you’ll end up inspired by.

And the last session, “Endgame,”  is two and a half hours long. Why the super-sizing?

Anderson: We want the conference to feel like it’s got a climax. That final day is often the most special day of TED, and we wanted to dial that up and build a fantastic final session with some of the most inspiring speakers and music. The goal is that all you’ve been thinking about in the previous days is allowed to land, to motivate. That you’re allowed to interpret: what does this mean for me going forward?

Stoetzel: It’s interesting for us to have a session that does have more speakers in it. We get to think about how that works as a narrative.

Anderson: And I should also say that there will be a short break in the middle. It’s an experiment, one I’m excited by. I think it’s the right way to do the final session.

At the end of the program, what do you hope the audience will walk away feeling?

Anderson: I’d like to think that that people will feel like they’ve had their worldview challenged in a productive, satisfying way. That they’ve got a new lens on an array of topics, and that they feel inspired to go out and be bold.

Stoetzel: Yes! That they can go out and do better than they had before.

What surprised you most in the curation process this year?

Stoetzel: I’m always surprised by how the program feels like a living, breathing thing. Last Thursday, we reorganized the program a bit and it was an exciting day for us, because just moving speakers around, it emerged with a new vigor. That’s always interesting to see.

Anderson: Every year, I get a little more awed at the amount of effort speakers are willing to put into this. They engage so deeply. People spend a great deal of time crafting something remarkable for TED. It’s a huge honor to be on the receiving end of that.

Did the curation process reveal anything to you about where we are in the world right now?

Anderson: I’m feeling more optimistic than I was at the start of 2014. The pace of innovation right now is exhilarating. There’s no shortage of scary things — and many will be covered in the conference — but it feels to me like there are really exciting ideas and technologies coming in that are going to make a difference. There are even counter-narratives to our perception of systemic dysfunction in the world. One example is the heroic global response to Ebola. The fact that, all things considered, Ebola appears to have been brought under control is incredible; there’s a parallel universe out there where millions of people got wiped out in the most horrifying way. When you actually look for a minute, there are lots of instances this year of humanity acting quite thoughtfully and collaboratively to tackle big things. That gives me hope.

TED2015 is sold out. But you can still join us for TEDActive 2015, an action-packed simulcast event that runs parallel to the annual conference. You can also enjoy the live TED experience from your home, office or classroom via TED Live. And of course, we’ll be covering the conference live on the TED Blog, and sharing select talks from TED2015 throughout the year on Stay tuned.


Rondam RamblingsAT&T just accused me of being a racist

Just when I thought things couldn't possibly get any more frustrating, an AT&T supervisor essentially accused me of being a racist.  I've been going around in circles with them all day about having a technician enter our house.  I'm a little leery about letting strangers into the house after learning that the government has used repair people to do end runs around the fourth amendment.  I'm not

CryptogramFriday Squid Blogging: Humboldt Squid Communicate by Flashing Each Other

Scientists are attaching cameras to Humboldt squid to watch them communicate with each other.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Rondam RamblingsAT&T: the nightmare continues

Today a technician from AT&T showed up to try to restore our uVerse internet service that was cut off a week and a half ago for no apparent reason.  After three hours, one factory reset, and one new modem, we are still without service.  The tech told me that the underlying problem was that our service had been "upgraded" from DSL to vDSL, and this was incompatible with our house's wiring.  (Our

CryptogramData and Goliath Book Tour

Over the next two weeks, I am speaking about my new book -- Data and Goliath, if you've missed it -- in New York, Boston, Washington, DC, Seattle, San Francisco, and Minneapolis. Stop by to get your book signed, or just to say hello.

LongNowShooting for 10,000 Autoglossonyms

How many autoglossonyms do you know? Presumably, “English”; probably “español”, “français”, and “Deutsch”; perhaps “русский”, “日本語”, “עברית”, or “हिंदी”.

As you may have guessed, an autoglossonym is the name of a language in that language. While most people know a few of them, PanLex, as a Long Now project, aims to discover and document all of them that can be found, all the way into the farthest corners of the world and the remotest eras in time.

PanLex has amassed facts about words in nearly 10,000 language varieties (languages and their dialects). PanLex prefers to use autoglossonyms in naming language varieties; so far we have collected about 9,000, which we believe to be the largest such collection in existence. In some cases we find phrases that mean “language of the X people” or “language of X region” or “our language” used as autoglossonyms. But in about a thousand cases the PanLex team has not yet found autoglossonyms of any kind, and then we substitute exoglossonyms—names used by outsiders.

Finding autoglossonyms is hardest for extinct languages, languages of small groups, and obscure dialects. For example, PanLex has documented eight varieties of Shoshoni, a Uto-Aztecan language of Nevada, Idaho, Wyoming, and Utah, and for three of these we haven’t found autoglossonyms. Our database contains over 2,600 expressions in Big Smokey Valley Shoshoni, but we still don’t know its autoglossonym. It’s possible that speakers of this variety did not have a name for it, or the name has never been recorded. The search continues.

Using exoglossonyms when autoglossonyms are not available can be a delicate issue. As with names for racial and ethnic groups, names that outsiders give to languages are sometimes considered offensive by the people whose languages are being labeled. The words “Lapp” and “Hottentot”, for example, are generally recognized as pejorative terms for the Saami and Nama languages, respectively. But in many cases a non-native speaker would not recognize a language name as pejorative (for example, “Ngiao” for Shan and “Quottu” for Eastern Oromo).

Autoglossonyms can often be found in the documentation produced by other projects, including Ethnologue, Geonames, Lexvo, and Wikipedia. We use data from all these projects, and we make our data available to them in return.

You can see PanLex’s labels for language varieties on the home page of the expert PanLex interface. If you see any autoglossonyms there that you know to be incorrect, or exoglossonyms that you can replace with autoglossonyms, please notify

Geek FeminismGreat links, less spamming (27 February 2015)

  •  You’re Excluding Stories By Straight, White, Cis Men? J’accuse! J’accuse! | K Tempest Bradford (February 22): “Reading only women for a year takes some thought and effort. And if you do that, people hardly ever assume that it happened Just Because or On Accident or because you were Just Reading The Best Books Regardless Of The Identity Of The Author. […] A reviewer who makes the choice to focus exclusively on marginalized voices is making a good choice. There are plenty of places for the privileged to get and gain attention. Making a space for everyone else is not bias, it’s a step towards balance.”
  • Teachers’ gender bias in maths affects girls later | Sue Wilson at The Conversation (February 25): “The researchers followed nearly 3000 students from 6th grade to the end of high school. As a measure of teacher bias, they compared school 6th grade test marks given by teachers who knew the students’ sex, with external test marks for the same students, but with no identifying characteristics provided. The researchers identified that a worrying number of teachers gave boys higher maths test results than girls of the same ability. They also studied the long-term effects of this bias. The study found that the effects of teacher bias (measured by giving lower marks in mathematics for the same standard of work as boys) persisted for girls, leading to poorer results through their high school years. However, many boys whose teachers over-assessed their performance in the early years went on to be successful in mathematics and science.”
  • JamForLeelah: Trans Positive Game Jam | Matthew Boucher and Kara Jayne (February 22): [warning for discussion of abuse and suicide] “JamForLeelah is a month long trans positive game jam to raise awareness on LGBTIQ issues, specifically trans youth issues and Leelah’s Law as well as an attempt to raise money for trans specific charities such as the Transgender Law Center, Camp Aranu’tiq, and the Sylvia Rivera Law Project. […] Leelah expressed an intense interest in not only gaming, but game development as well. She made this clear on both her Tumblr and Reddit accounts, so an indie game jam felt like a possible way to raise awareness for Leelah’s plea for social change, in a method she may not have only approved of, but also taken part in.”
  • The Future’s Been Here Since 1939: Female Fans, Cosplay, and Conventions | Uncanny Magazine (Jan/Feb): [warning for descriptions of violence] “Cosplay has been around since the very first science fiction fan conventions in the 1930s and before the word “cosplay” was invented. The first recorded cosplayers, Myrtle R. Jones and Forrest J. Ackerman, wore what they called “futuristicostume” during the first Worldcon in 1939.”
  • I tried tracking my period and it was even worse than I could have imagined | Maggie Delano at Medium (February 23): “yet another example of technology telling queer, unpartnered, infertile, and/or women uninterested in procreating that they aren’t even women. It’s telling women that the only women worth designing technology for are those women who are capable of conceiving and who are not only in a relationship, but in a sexual relationship, and in a sexual relationship with someone who can potentially get them pregnant. Read: straight, sexually active, partnered, cis women with enough money for a smartphone to run the app.”
  • Man Who Terrorized Brianna Wu For Months Says He Was Just Kiddin Around | Jezebel (February 24): [warning for discussion of threats and harassment] “The problem with Gamergate is you can’t satirize these people. I can’t stress this enough: the wider point here is the gamification of the harassment of women.” It’s already hard enough to get law enforcement to take threats against women online seriously. Wu worries that Rankowski’s hilarious joke will give police yet another excuse not to investigate violent threats online.”
  • The Harassment Game | Mikki Kendall at Model View Culture (February 23): [warning for discussion of threats and harassment] “And it dawned on me, there is no life after being harassed if you’re a marginalized person speaking up on the internet. Whether my harassment comes from talking about race in 2009, abortion in 2011, feminism in 2013, or some brand new topic in 2015, it’s clearly a part of my life. My choices are never speak, or be harassed for speaking. The topics really don’t matter. Because none of this is about ethics in game journalism, protecting the unborn, or defending feminism, comics, or science fiction from the perceived threat of people wanting them to be more inclusive.”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet DebianRichard Hartmann: Release Critical Bug report for Week 09

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1072 (Including 181 bugs affecting key packages)
    • Affecting Jessie: 152 (key packages: 117) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 101 (key packages: 80) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 23 bugs are tagged 'patch'. (key packages: 17) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 6 bugs are marked as done, but still affect unstable. (key packages: 4) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 72 bugs are neither tagged patch, nor marked done. (key packages: 59) Help make a first step towards resolution!
      • Affecting Jessie only: 51 (key packages: 37) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 35 bugs are in packages that are unblocked by the release team. (key packages: 27)
        • 16 bugs are in packages that are not unblocked. (key packages: 10)

How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92) 175 (124+51)
6 release! 212 (129+83) 161 (109+52)
7 release+1 194 (128+66) 147 (106+41)
8 release+2 206 (144+62) 147 (96+51)
9 release+3 174 (105+69) 152 (101+51)
10 release+4 120 (72+48)
11 release+5 115 (74+41)
12 release+6 93 (47+46)
13 release+7 50 (24+26)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

Sociological ImagesWhat Do Women (Seeking Men) Want?

Flashback Friday.

Dating site OKCupid did an analysis of 500,000 inquiry messages to determine what keywords correlate most strongly with getting a reply.  It has some great lessons about dating and some counter-stereotypical news about what heterosexual women want from men.

This first graph shows that mentioning someone’s level of attractiveness decreased the likelihood of getting a response (for both men and women), though men were more likely to mention looks.  But general compliments about one’s profile increased the likelihood of getting a response (the middle line is the average number of responses, the green bars signify an increase in the number of responses, and the red bars a decrease):


A good lesson in operationalization: “pretty” is used in two ways in our culture, so when they made sure to differentiate between pretty (meaning “sort of”) and pretty (meaning “attractive”), you can see clearly the way that commenting on looks decreases the recipients’ interest:

So, in contrast to stereotypes, many women cannot be flattered into a date (though the figure above includes men and women, I’m assuming most people being called “pretty” are female).

Further, the site found that when men sent messages, female recipients preferred humility to bold self-confidence.  The words below all increased the chances of a woman responding to a man’s inquiry:

Instead of bravado and flattery, women appear to actually like men who take an interest in them.  They respond positively to phrases that indicate that a guy actually read their profile and is interested in the content of their person:

The lesson: Treat a woman (on the OK Cupid dating site) like a human being and she will respond positively.

And to answer the question, “What do women want?”  As my dear friend David Landsberg would say: “Everything!

This post originally appeared in 2009.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

Planet DebianEnrico Zini: python-api-stability

Another day in the life of a poor developer

    # After Python 3.3
    from import Iterable
except ImportError:
    # This has changed in Python 3.3 (why, oh why?), reinforcing the idea that
    # the best Python version ever is still 2.7, simply because upstream has
    # promised that they won't touch it (and break it) for at least 5 more
    # years.
    from collections import Iterable

import shlex
if hasattr(shlex, "quote"):
    # New in version 3.3.
    shell_quote = shlex.quote
    # Available since python 1.6 but deprecated since version 2.7: Prior to Python
    # 2.7, this function was not publicly documented. It is finally exposed
    # publicly in Python 3.3 as the quote function in the shlex module.
    # Except everyone was using it, because it was the only way provided by the
    # python standard library to make a string safe for shell use
    # See
    import pipes
    shell_quote = pipes.quote

import shutil
if hasattr(shutil, "which"):
    # New in version 3.3.
    shell_which = shutil.which
    # Available since python 1.6:
    from distutils.spawn import find_executable
    shell_which = find_executable

Worse Than FailureError'd: An Odd Form Factor

"I was searching on Texas Instruments' web site when I found a block diagram for an oddly-shaped tablet," writes Renan B., "I mean, Gigabit Ethernet? PCI Express? I had no idea that they could squeeze in all these features!"


Jason wrote, "I knew the Doctor was a time traveler, but it took Hulu to inform me that episodes of Doctor Who came from the future."


"I wonder if this is Comcast's way of telling me that my Internet is really, really slow," writes Kurtis.


"Adding a password is a good idea, but I'm not sure about this site's implementation," writes Mike.


"Thanks for the help, Mathematica! I know exactly what I need to fix now!" Michael E. wrote.


Jeff T. writes, "While trying to purchase a replacement filter for my fridge from my phone, I encountered this fun math at Amazon."


" it or not...looks like I'm getting email updates," Dan V. wrote.


Ben A. writes "On the bright side, after I took this screen-shot, the computer proceeded to run for the next hour with the little exclamation mark on the battery icon".


[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!

Cory DoctorowInternet-fired elections and the politics of business as usual

I’ve got a new Guardian column, Internet-era politics means safe seats are a thing of the past, which analyzes the trajectory of Internet-fuelled election campaigning since Howard Dean, and takes hope in the launch of I’ll Vote Green If You Do.

The Obama campaigns went further. Building on the Dean campaign, two successive Obama campaigns raised millions in small-money donations, creating purpose-built Facebook-like social networks and using them to recruit highly connected supporters to work their way through their social graphs, contacting friends and friends-of-friends to pitch them on donating and voting.

But both times, Obama took office and immediately shut down these grassroots networks. The Obama governance style is big on closed-door, back-room horse-trading – Obama came out of Chicago Democratic Machine politics, after all – and this is fundamentally incompatible with having a bunch of true believers running around waving the flag, making categorical statements about which compromises are (and are not) acceptable.

Governing in tandem with a grassroots is a hard problem. The best example we have of this is the Tea Party, which, despite the big-money backers who bankrolled it, is composed of people who are genuinely passionate about politics and are serious about insisting that the politicians they backed act in accord with their principles.

Leaving aside my political differences with the Tea Party, it’s fair to say that this has been a mixed bag for Republican lawmakers, whose caucus has been responsible for a congressional deadlock that’s run on for years, so that it’s become normal for vital US governmental agencies to shut down and send everyone home until a budget can be passed.

Internet-era politics means safe seats are a thing of the past [The Guardian]

Planet Linux AustraliaClinton Roy: clintonroy

I went to bed really early last night due to my weird ongoing headache. I had a little help getting to sleep. This meant I basically had a full nights sleep by three o’clock. So I ended up walking to work stupidly early and arriving before five am. I still had some residual effects of the whatever-the-heck headache in the morning, but it’s gone by the evening.

The internet was really weird today, llamas and dresses for some reason.

Doing some conf stuff at The Edge. See three friends walk past on the walkway :)

Filed under: diary

Planet Linux AustraliaBinh Nguyen: Fried Rice Recipe

This is based on a family recipe, recipes online, and an interpretation by local restaurants that I used to frequent. While there are other alternative recipes that possibly taste better, I find that this is the quickest and easiest version.
- chinese sausage
- rice
- eggs
- onion
- garlic
- tomato sauce
- salt
- sugar
- soy sauce
- spring onion (optional)
 - dried shrimp (optional)
- shitake mushrooms (optional)
- lettuce (optional)
- fried shallot (optional)
- prawns (optional)
- Chinese BBQ Pork (also called char-siu/charsiu. See elsewhere on this blog for this recipe)

Sautee onion, garlic, chinese sausage in pan. Fry egg and then shred so that it can be mixed through rice more easily later on. Add rice and then add the rest of the diced/chopped ingredients. Add salt, sugar, soy sauce, etc... to taste. Garnish with shredded lettuce and fried shallots.

The following is what it looks like.

Planet DebianDirk Eddelbuettel: RcppArmadillo 0.4.650.1.1 (and also 0.4.650.2.0)

A new Armadillo release 4.650.1 was released by Conrad a few days ago. Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab.

It turned out that this release had one shortcoming with respect to the C++11 RNG initializations in the R use case (where we need to protect the users from the C++98 RNG deemed unsuitable by the CRAN gatekeepers). And this lead to upstream release 4.650.1 which we wrapped into RcppArmadillo 0.4.650.1.1. As before this, was tested against all 107 reverse dependencies of RcppArmadillo on the CRAN repo.

This version is now on CRAN, and was just uploaded to Debian. Its changes are summarized below based on the NEWS.Rd file.

Changes in RcppArmadillo version 0.4.650.1.1 (2015-02-25)

  • Upgraded to Armadillo release Version 4.650.1 ("Intravenous Caffeine Injector")

    • added randg() for generating random values from gamma distributions (C++11 only)

    • added .head_rows() and .tail_rows() to submatrix views

    • added .head_cols() and .tail_cols() to submatrix views

    • expanded eigs_sym() to optionally calculate eigenvalues with smallest/largest algebraic values fixes for handling of sparse matrices

  • Applied small correction to main header file to set up C++11 RNG whether or not the alternate RNG (based on R, our default) is used

Now, it turns out that another small fix was needed for the corner case of a submatrix within a submatrix, ie V.subvec(1,10).tail(5). I decided not to re-release this to CRAN given the CRAN Repository Policy preference for releases “no more than every 1–2 months”.

But fear not, for we now have drat. I created a drat package repository in the RcppCore account (to not put a larger package into my main drat repository often used via a fork to initialize a drat). So now with these two simple commands

## if needed, first install 'drat' via:   install.packages("drat")

you will get the newest RcppArmadillo via this drat package repository. And course install.packages("RcppArmadillo") would also work, but takes longer to type :)

Lastly, courtesy of CRANberries, there is also a diffstat report for the most recent CRAN release. As always, more detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Planet Linux AustraliaJeff Waugh: A(nother) new era of WordPress

The other night at WordPress Sydney, I dropped a five minute brain-dump about some cool things going on in the web ecosystem that herald a new era of WordPress. That’s a decent enough excuse to blog for the first time in two years, right?

I became a WordPress user 9 years ago, not long after the impressive 2.0 release. I was a happy pybloxsom user, but WordPress 2.0 hit a sweet spot of convenience, ease of use, and compelling features. It was impossible to ignore: I signed up for Linode just so I could use WordPress. You’re reading the same blog on (almost) the same Linode, 9 years later!

WordPress 2.0


Fast forward to 2015 and WordPress powers 20% of the web. It’s still here because it is a great product.

It’s a great product because it’s built by a vibrant, diverse Open Source community with a fantastic core team, that cares deeply about user experience, that mentors and empowers new contributors (and grooms or cajoles them to become leaders), and isn’t afraid of the ever-changing web.

Another reason for the long term success of WordPress is that it’s built on the unkillable cockroach of the world wide web: PHP.

I won’t expound on the deficiencies of PHP in this post. Suffice to say that WordPress has thrived on PHP’s ubiquity and ease of adoption, while suffering its mediocrity and recent (albeit now firmly interrupted) stagnation.


The HipHop Virtual Machine is Facebook’s high performance PHP runtime. They started work on an alternative because PHP is… wait for it… not very efficient.

Unless you’ve goofed something up, the slowest part of your PHP-based application should be PHP itself. Other parts of your stack may exhibit scaling problems that affect response times, but in terms of raw performance, PHP is the piggy in the middle of your web server and data stores.

“But like I said, performance isn’t everything.” — Andi Gutmans

What is the practical implication of “performance isn’t everything”? Slow response times, unhappy users, more servers, increased power utilisation, climate change, and death.

Facebook’s project was released in 2010 as the HipHop compiler, which transpiled PHP code into C++ code, which was then compiled into a gigantic monolithic binary, HTTP server included.

In early 2013, HipHop was superseded by HHVM, a jitting virtual machine. It still seemed pretty weird and awkward on the surface, but by late 2013 the HHVM developers added support for FastCGI.

So today, deployment of HHVM looks and feels familiar to anyone who has used php-fpm.

Want to strap a rocket to your WordPress platform? I strongly recommend experimenting with HHVM, if not putting it into production… like, say, Wikipedia.


Not content with nuking PHP runtime stagnation, the HHVM developers decided to throw some dynamite in the pants of PHP language stagnation by announcing their new Hack language. It’s a bunch of incremental improvements to PHP, bringing modern features to the language in a familiar way.

Imagine you could get in a DeLorean, go back to 2005, and take care of PHP development properly. You’d end up with something like Hack.

Hack brings performance opportunities to the table that the current PHP language alone could not. You’ve heard all those JavaScript hipsters (hi!) extolling the virtues of asynchronous programming, right? Hack can do that, without what some describe as “callback hell”.

Asynchronous programming means you can do things while you wait. Such as… turning database rows into HTML while more database rows are coming down the wire. Which is pretty much what WordPress does. Among other things.

Based on the WordPress team’s conservative approach to PHP dependency updates, it’s unlikely we’ll see WordPress using Hack any time soon. But it has let the PHP community (and particularly Zend) taste the chill wind of irrelevance, so PHP is moving again.


Much closer to WordPress itself, the big change on the horizon is WP-API, which turns your favourite publishing platform into a complete and easy-to-use publishing API.

If you’re not familiar with APIs, think about it this way: If you cut off all the user interface bits of WordPress, but kept all the commands for managing your data, and then made them really easy to use from other applications or web sites, you’d have a WordPress API.

But what’s the point of stripping off all the user interface bits of WordPress? Aren’t they the famously good bits? Well, yes. But you could make even better ones built on top of the API!

Today, there’s a huge amount of PHP code in WordPress dedicated to making the admin user interface so damn good. There’s also a lot of JavaScript code involved, making it nice and interactive in your browser.

With WP-API, you could get rid of all that PHP code, do less work on the server, and build the entire admin user interface in the browser with JavaScript. That might sound strange, but it’s how most modern web applications are built today. WordPress can adapt… again!

One of the things I love about WordPress is that you can make it look like anything you wish. Most of the sites I’ve worked on don’t look anything like traditional blogs. WP-API kicks that up a notch.

If you’ve ever built a theme, you’ll know about “the loop”. It’s the way WordPress exposes data to themes, in the form of a PHP API, and lots of themers find it frustrating. Instead of WordPress saying, “here are the posts you wanted, do what you like”, it makes you work within the loop API, which drip-feeds posts to you one at a time.

WP-API completely inverts that. You ask WordPress for the data you want — say, the first ten posts in May — then what you do with it, and how, is 100% up to you.

There’s way more potential for a WordPress API, though. A fully-featured mobile client, integration with legacy publishing systems at your newspaper, custom posting interfaces for specific kinds of users, etc., etc., etc.

The best bit is that WP-API is going to be part of WordPress. It’s a matter of “when”, not “if”, and core WordPress features are being built today with the WP-API merge in mind.


According to its creators, “React is a JavaScript library for building user interfaces”, but it’s way cooler than that. If you’re building complex, interactive interfaces (like, say, the admin back-end of a publishing platform), the React way of thinking is fireworks by the megaton.

For all the hype it enjoys today, Facebook launched React in 2013 to immense wailing and gnashing of teeth. It mixed HTML (presentation) and JavaScript (logic) in a way that reminded developers of the bad old days of PHP. They couldn’t see past it. Some still can’t. But that was always a facile distraction from the key ideas that inspired React.

The guts beneath most user interfaces, on the web or desktop, look like a mad scientist’s chemistry lab. Glass everywhere, weird stuff bubbling over a Bunsen burner at one end, an indecipherable, interdependent maze of piping, and dangerous chemical reactions… you’d probably lose a hand if you moved anything.

React is a champagne pyramid compared to the mad chemistry lab of traditional events and data-binding.

It stresses a one-way flow: Data goes in one end, user interface comes out the other. Data is transformed into interface definitions by components that represent logical chunks of your application, such as a tool bar, notification, or comment form.

Want to make a change? Instead of manipulating a specific part of the user interface, just change the data. The whole user interface will be rebuilt — sounds crazy, right? — but only the changes will be rendered.

The one-way data flow through logical components makes React-based code easy to read, easy to reason about, and cranks your web interface to Ludicrous Speed.

Other libraries and frameworks are already borrowing ideas, but based on adoption to date, number of related projects, and quality of maintenance, I reckon React itself will stick around too.

Connecting the Dots

It won’t happen overnight, but WP-API will dramatically reduce the amount of active PHP code in WordPress, starting with the admin back-end. It will become a JavaScript app that talks to the WP-API sooner than anyone suspects.

Front-end (read: theme) development will change at a slower pace, because rendering HTML on the server side is still the right thing to do for performance and search. But themers will have the option to ditch the traditional loop for an internal, non-remoting version of the WP-API.

There’ll be some mostly-dead code maintained for backwards compatibility (because that’s how the dev team rolls), but on the whole, the PHP side of WordPress will be a lean, mean, API-hosting machine.

Which means there’s going to be even more JavaScript involved. Reckon that’s going to be built the same way as today? Nuh-uh. One taste of React in front of WP-API, and I reckon the jQuery and Backbone era will be finished.

In WordPress itself, most of this will affect how the admin back-end is built, but we’ll also see some great WordPress-as-application examples in the near future. Think Parse-style app development, but with WordPress as the Open Source, self-hosted, user-controlled API services layer behind the scenes.

What about HHVM? You’re going to want your lean, mean, API-hosting machine to run fast and, in some cases, scale big. Unless the PHP team surprises everyone by embracing the JVM, I reckon the future looks more like HHVM than FPM (even with touted PHP 7 performance improvements).

Once HHVM is popular enough, having side-by-side PHP and Hack implementations of  core WordPress data grinding functions will begin to look attractive. If you’ve got MySQL on one side, a JSON consumer on the other, and asynchronous I/O available in between, you may as well do it efficiently. (Maybe PHP will adopt async/await. See you in 2020?)


Look, what I’m trying to say is that it’s a pretty good time to be caught up in the world of WordPress, isn’t it? :-)

Champagne Pyramid

LongNowBrewster Kahle: Universal Access to All Knowledge — 02011 Seminar Flashback

In November 02011 Brewster Kahle, the founder of the Internet Archive, spoke for Long Now. “We are really striving to build The Library of Alexandria version 2,” says Brewster, near the start of his talk, “So that everyone anywhere who is curious to want access can access the world’s knowledge.” He proceeds to assess, one media type at a time what it will take in effort and disk space to get all the books, recorded music, TV, software, web pages, etc. into an online database. The overall message: “Universal access to all knowledge is within our grasp.”

Long Now members can watch this video here. The audio is free for everyone on the Seminar page and via podcastLong Now members can see all Seminar videos in HD. Video of the 12 most recent Seminars is also free for all to view.

<iframe frameborder="no" height="166" scrolling="no" src=";color=ff5500&amp;auto_play=false&amp;hide_related=false&amp;show_comments=true&amp;show_user=true&amp;show_reposts=false" width="100%"></iframe>

From Stewart Brand’s summary of the talk (in full here):

The Web itself. When the Internet Archive began in 1996, there were just 30 million web pages. Now the Wayback Machine copies every page of every website every two months and makes them time-searchable from its 6-petabyte database of 150 billion pages. It has 500,000 users a day making 6,000 queries a second.

In 02015, less than 4 years later, the Internet Archive’s web archive has grown to over 400 billion pages; and the ever-expanding collections of books, movies, and music have now pushed the total Archive database size over 20 petabytes.

You’ll hear in this talk that Brewster and the Archive’s association with The Long Now Foundation goes way back. In fact the first prototype of the 10,000 Year Clock “bonged” twice to mark the year 02000 in a building shared with the Archive. Long Now continues to partner with the Archive in many ways including on Rosetta Project activities and the Manual for Civilization. And we intend for our partnership to continue for at the very least a few more millennia.

Brewster Kahle is the founder and chairman of the Internet Archive. He earned a B.S. from MIT in 1982, where he studied artificial intelligence with Long Now co-founder Daniel Hillis. Brewster Kahle serves on the boards of the Electronic Frontier Foundation, Public Knowledge, the European Archive, the Television Archive, and the Internet Archive.

Brewster Kahle and the Archive servers
Photo by Rudy Rucker

The Seminars About Long-term Thinking series began in 02003 and is presented each month live in San Francisco. It is curated and hosted by Long Now’s President Stewart Brand. Seminar audio is available to all via podcast.

Everyone can watch full video of the 12 most recent Long Now Seminars. Long Now members can watch video of this Seminar video or more than ten years of previous Seminars in HD. Membership levels start at $8/month and include lots of benefits.

You can join Long Now here.


Planet DebianDaniel Pocock: PostBooks accounting and ERP suite coming to Fedora

PostBooks has been successful on Debian and Ubuntu for a while now and for all those who asked, it is finally coming to Fedora.

The review request has just been submitted and the spec files have also been submitted to xTuple as pull requests so future upstream releases can be used with rpmbuild to create packages.

Can you help?

A few small things outstanding:

  • Putting a launcher icon in the GNOME menus
  • Packaging the schemas - they are in separate packages on Debian/Ubuntu. Download them here and load the one you want into your PostgreSQL instance using the instructions from the Debian package.

Community support

The xTuple forum is a great place to ask any questions and get to know the community.


Here is a quick look at the login screen on a Fedora 19 host:

Planet Linux AustraliaBinh Nguyen: Chicken Curry Recipe

This is based on a family recipe.
- chicken
- sugar
- salt
- pepper
- garlic
- curry
- onion
- carrot
- potato
- fish sauce
- coconut milk
- curry mix (powder or liquid)(optional)
- tomatoes (optional)

Marinate chicken in sugar/salt/pepper/garlic/curry powder mixture. Brown off chicken in pan. In the meantime, dice vegetables and put into microwave for short period to speed up cooking time. Put all vegetables into pan. Add coconut milk and possibly a curry mix (to boost the flavour) to pan to create sauce. Use fish sauce to taste. Goes well with white rice or else bread.

The following is what it looks like.

Planet Linux AustraliaBinh Nguyen: Szechuan Pork Mince Recipe

This is based on recipes online and an interpretation by a local restaurants that I used to frequent. While there are other alternative recipes that possibly taste better, I find that this is the quickest and easiest version.  
- pork mince
- salt
- sugar
- pepper
- chilli bean paste
- rice wine
- soy sauce
- tofu (fried or fresh)
- soy sauce
- garlic (optional)
- ginger (optional)
- caramel (optional)
- green beans (optional)

Marinade pork mince in salt/sugar/pepper/rice wine/soy sauce. Fry off off mince in wok/pan. Add chilli bean taste. Add sugar, pepper, soy, caramel, etc... sauce to taste. Slice tofu, put into microwave for 30 seconds and drain liquid, and stir through sauce. Fry off green beans in the meantime and add into mixture if you want at this point. Water down sauce if it gets too thick.

Goes well with a asian chicken soup (use pre-made or make a quick one using carrots, celery, onion, chicken bones, water, pepper, salt, pepper, soy sauce, and fish sauce) and steamed white rice.

The following is what it looks like.

Krebs on SecuritySpam Uses Default Passwords to Hack Routers

In case you needed yet another reason to change the default username and password on your wired or wireless Internet router: Phishers are sending out links that, when clicked, quietly alter the settings on vulnerable routers to harvest online banking credentials and other sensitive data from victims.

tp-link WDR4300Sunnyvale, Calif. based security firm Proofpoint said it recently detected a four-week spam campaign sent to a small number of organizations and targeting primarily Brazilian Internet users. The emails were made to look like they were sent by Brazil’s largest Internet service provider, alerting recipients about an unpaid bill. In reality, the missives contained a link designed to hack that same ISP’s router equipment.

According to Proofpoint, the link in the spam campaign led to a page that mimicked the telecom provider. The landing page included code that silently attempted to execute what’s known as a cross-site request forgery attack on known vulnerabilities in two types of routers, UT Starcom and TP-Link. The malicious page would then invoke hidden inline frames (also known as “iframes”) that try to log in to the administration page of the victim’s router using a list of known default credentials built into these devices.

If successful, the attacker’s script would modify the domain name system (DNS) settings on the victim’s router, adding the attacker’s own DNS server as the primary server while assigning the secondary DNS server to Google’s public DNS ( Such a change would allow the attackers to hijack the victim’s traffic to any Web site, redirecting it away from the legitimate site to a look-alike page designed to siphon the victim’s credentials. In the event that the attacker’s DNS server was unresponsive for any reason, the victim’s router would still function normally.

The malicious script used by the spammers in this campaign tries multiple default multiple default credentials in a bid to hijack routers with factory-default settings. Image: Proofpoint.

The malicious script used by the spammers in this campaign tries multiple default credentials in a bid to hijack routers with factory-default settings. Image: Proofpoint.

The real danger of attacks like these is that they bypass antivirus and other security tools, and they are likely to go undetected by the victim for long periods of time.

“There is virtually no trace of this thing except for an email,” said Kevin Epstein, vice president of advanced security and governance at Proofpoint. “And even if your average user knows to look at his router’s DNS settings, he’s unlikely to notice anything wrong or even know what his normal DNS settings should be.”

Many modern routers have built-in defenses against such attacks (including countermeasures known as CSRF tokens), but new vulnerabilities in existing routers — even recent model routers — are constantly being uncovered. I asked Proofpoint whether such protections — or security improvements built into most modern browsers — would have stopped this attack. Their experts seemed to think not.

“The routers being attacked in our example were not so diligent and so were vulnerable to this attack,” Proofpoint’s lead analyst wrote in an email response to my question. “What you’re likely thinking of is the cross-origin policy, which is designed to prevent attacks similar (but not identical) to this one (it mostly focuses on javascript). In this case, iframes are permitted by default, so modern browsers (by design) will happily participate in the attack we documented.”

In any case, I hope it’s clear by now that leaving the default credentials in place on your router is merely inviting trouble. Last month, I wrote about how the botnet used to take down Sony and Microsoft‘s online gaming networks was built on the backs of hacked home routers that were all running factory-default administrative credentials.

If you haven’t changed the default credentials on your router, it’s time to do that. If you don’t know whether you’ve changed the default administrative credentials for your wired or wireless router, you probably haven’t. Pop on over to and look up the make and model of your router.

To see whether your credentials are the default, you’ll need to open up a browser and enter the numeric address of your router’s administration page. For most routers, this will be or This page lists the default internal address for most routers. If you have no luck there, here’s a decent tutorial that should help most users find this address. And check out my Tools for a Safer PC primer for more tips on how to beef up the security of your router and your Web browser.

Read more about this attack at Proofpoint’s blog post.

Geek FeminismLet’s all build a hat rack: an interview with Leslie Hawthorn

An internationally known community manager, speaker and author, Leslie Hawthorn has spent the past decade creating, cultivating and enabling open source communities. She created the world’s first initiative to involve pre-university students in open source software development, launched Google’s #2 Developer Blog, received an O’Reilly Open Source Award in 2010 and gave a few great talks on many things open source. In August 2013, she joined Elasticsearch as Director of Developer Relations, where she leads community relations efforts.

I’ve known Leslie for years now, and she is forever inspiring me with her ability not only to find visionary ways to improve the world, but also to follow-through with the rabble-rousing, cat herding, paperwork, and everything else that’s needed to take ideas from “wouldn’t it be nice if?” to “this is how we’re going to do it.”  I really enjoyed her recent blog post, A Place to Hang Your Hat, and asked Leslie if she had a bit of time for an interview to tell Geek Feminism blog readers a bit more about the idea.

For people who haven’t read your blog post yet, can you give us the point of “let’s all build a hat rack” in a few sentences?

In open source software projects – and life in general – there are any number of contributions that are underappreciated or go unacknowledged. I’m very aware of how often that underappreciation or lack of acknowledgement is due to socialization around what labor is considered valuable vs. what is largely invisible – we are taught to value and celebrate the accomplishments of white men and minimize the impact of the labor of women, people of color, transpeople, differently abled people, etc.

The let’s all build a hat rack project is a call to acknowledge all the diverse contributors and contributions in our work lives and volunteer projects, with a special emphasis on acknowledging folks who are not like you first. You can do this easily by writing them a recommendation on LinkedIn – which they can decide to approve for inclusion on their profile – or just sending them a thank you note they can use later. Bonus points for sharing your appreciation on social media using hashtag #LABHR.

Recommendation on LinkedIn: Holly Ross is, quite simply, amazing. She has completely transformed the Drupal Association into a well-run organization that is able to respond proactively, rather than reactively, to fast-paced changes in the larger Drupal ecosystem. She deeply understands the importance of communicating “early and often,” and has brought an enormous amount of transparency to our organization. She’s also extremely savvy about the unique challenges in an enormous, globally diverse, and largely unpaid community of contributors, and conscientious about how to balance that with the needs of our staff and our sponsors. I’ve never seen her back down from a challenge, and every time I have the pleasure of working with her, we always get tons of stuff done, and have tons of fun in the process.

Today, in the further adventures of #LABHR, a LinkedIn recommendation for the indefatigable @drupalhross!

— webchick (@webchick) February 18, 2015

What inspired the project?

It came about for a few reasons, but first and foremost I want to acknowledge Deb Nicholson for inspiring the phrase “let’s all build a hat rack.” There’s more about Deb’s contributions to my thinking and the open source community in the post, so please check it out.

Beyond that, the project came about largely due to the intersection of two frustrations: the lack of understanding people have for everything I – and friends like Deb – have accomplished, and the seemingly unending cycle of horrible news in the tech industry. While it’s important to have a clear and candid dialog about sexism, racism, ableism, transphobia and other issues impacting the diversity of the technical community, that seems to be all I am reading lately. The news is usually sensationalistic and often depressing.

I wanted to give myself and everyone I know something uplifting and useful to read, to encourage all of us to show gratitude and appreciation, and to make that show of gratitude a useful way for contributors who are usually not acknowledged to get the credit they deserve. Not just because they deserve it, but because that public acknowledgement of their work helps with acquiring jobs, landing their next big project and feeling good about continued contributions.

What tips do you have for people struggling to find someone to recommend?

You know, I figured this project would be really easy until I started writing up recommendations. To my earlier point about being socialized to see some labor as invisible or less valuable, I had no trouble thinking up white dudes who had done things I appreciate. I had to push myself harder to think about the women in my life who have made significant contributions, even though they are numerous. I can imagine that some humans, specifically male humans, are having the same issues.

So, to get started, think about things /actions / projects that have meant a great deal to you. Was there a conference you attended where you had an “ah ha” moment? Were you able to solve a problem thanks to great support on a project’s web forum or in their IRC channel? Did you read a blog post that was filled with brilliance and inspired you to be better at your craft? Cool. Were there people involved who were not like you? Great! Not sure exactly what they did? I’d call that an excellent opportunity to find out more about their involvement, thank them for educating you and their contribution, and then use that information to write a recommendation.

I’m not going to lie to anyone – you’re may have to think hard about this at first and it will be uncomfortable. You have to internalize the fact that you’ve been taught to see some very amazing work as non-existent or, at best, mere window dressing. That’s OK, too. The first step toward progress is thinking through that discomfort, then finding the humans to thank at the end of it.

If you’re still having trouble thinking of someone, that’s OK. Talk to your friends or fellow project members for suggestions. Tell them you’re thinking about participating in the #LABHR project, but need help getting started. Friends can help you think of people you’ve missed celebrating, and they may also want to join the experiment and recommend people, too!

I’ve always been impressed with your gracious ways of thanking and recommending people, so I feel like you must have some insight into writing good recommendations. Are there any suggestions you have for people who want to write a great ones?

Keep it short and simple. One of the things that makes writing recommendations hard is that we’re trying to encapsulate so many good qualities into a few short sentences. You don’t have to write down everything wonderful about the person you’re recommending, just the 3-5 ways they’ve been most impactful in your project / company / life. In a pinch, concentrate on things employers want to hear about, as that will make your recommendation most useful.

What impact do you hope to have on people’s lives with LABHR?

I’d like this experiment to give the technical community a reason to express more gratitude for all contributions. I especially want to give white male allies a clear, actionable path to improving things for underrepresented groups. Writing a recommendation will take you about 15 minutes, but it can have immeasurable impact on someone’s future career prospects.

I’m really excited to say that I’ve seen 15 permanent recommendations go by and a whole lot of shout-outs under the #LABHR hashtag so far. I hope many more recommendations will come.

Want to see more inspirational LABHR entries? Check out the #LABHR hashtag on twitter and then write your own!

Planet DebianEvolvisForge blog: tomcat7 log encoding

TIL: the encoding of the catalina.out file is dependent on the system locale, using standard Debian wheezy tomcat7 package.

Fix for ‘?’ instead of umlauts in it:

cat >>/etc/default/tomcat7 <<EOF
export LC_CTYPE

My “problem” here is that I have the system locale be the “C” locale, to get predictable behaviour; applications that need it can set a locale by themselves. (Many don’t bother with POSIX locales and use different/separate means of determining especially encoding, but possibly also i18n/l10n. But it seems the POSIX locales are getting more and more used.)

Update: There is also adding -Dfile.encoding=UTF-8 to $JAVA_OPTS which seems to be more promising: no fiddling with locales, no breakage if someone defined LC_ALL already, and it sets precisely what it should set (the encoding) and nothing else (since the encoding does not need to correlate to any locale setting, why should it).

TEDTED scientists get the LEGO treatment


LEGOs are for building spaceships, crafting castles and getting lost in your couch. But what if they could be used not just to dream of lands long ago and times far away, but to inspire future scientists? That’s what writer Maia Weinstock had in mind when she made these STEM scientist action figures.

Weinstock has turned TED Fellows Jedidah Isler (an astrophysicist), Danielle N. Lee (a biologist) and David Sengeh (a bio-engineer), as well as TED speaker Mae Jemison (an astronaut) into miniature figurines using LEGOs. In the Scientific American article “It’s time for more diversity in STEM toys,” she explains why: increased racial diversity in STEM toys can help kids imagine (and then create) a world where Hispanic programmers and African-American chemists are the norm instead of notable exceptions.

STEM — Science, Technology, Engineering and Math — is a place where students in the United States are lagging behind. And minority students are left out disproportionately, says Weinstock, who cites these numbers: African-Americans make up about 12% of the US population, but only earn 7% of STEM bachelor degrees and 2% of STEM PhDs. Among the causes, Weinstock suggests, are disparities in access to AP courses and after-school programs that would prepare kids adequately for them.

And then there’s the toys.

Toys alone cannot solve the problem, of course, but they can create a framework of representation. And despite the fact that racial demographics are shifting rapidly in the US, most toys that depict people still default to a Caucasian/white skin tone. It may seem trivial, but it sends kids a clear message about their potential.

“It’s time to encourage underrepresented kids’ interest in STEM with more toys and media demonstrating that they belong in these fields,” writes Weinstock.

Minority representation in STEM toys can encourage minority students to have the same STEM aspirations as their white peers. And so Weinstock created these custom figurines to serve as an example to companies like LEGO, and as an encouragement for toy companies that are already increasing their minority representations in toys. Weinstock’s figures include scientists in their element, complete with tiny lab equipment.

All the TEDsters featured are active advocates of empowering minority students. As Danielle N. Lee put it, “As an ‘Other’ in science, I have witnessed how ‘traditional’ science education fails urban students.”

Jedidah Isler echoes, “I believe STEM can be used as social uplift.”

Planet DebianZlatan Todorić: Useless web

Or maybe they want to say use less web? Who would know but once you get into it, its hard to get out. You get taken. You become addicted. You know you want it. Say please. You welcome.

Don MartiAd blocking, bullshit and a point of order

(Bob Hoffman says that the B word in a post title is good for more traffic so let's try it.)

Alex Kantrowitz for Advertising Age: Publishers Watch Closely as Adoption of Ad Blocking Tech Grows.

Adblock Plus, for instance, recently surpassed 300 million installs, according to spokesman Mark Addison, who said it stood at 200 million roughly a year ago. Mozilla has seen more than 200,000 downloads of Adblock Plus nearly every day since Sept. 1. Mr. Addison attributed the extension's popularity primarily to the fact that it is now available on every browser.

Lots of stuff is "available on every browser" but sank without a splash. There must be something more going on.

No One Should Be Outed By an Ad: Marc Groman of the Network Advertising Initiative points out that

A young man or (woman) searches on his computer in the privacy of his home for information about sexual orientation or coming out as gay. Hours or days later, he receives ads for gay-related products or services while surfing on totally unrelated websites. Maybe this happens while at school, in the office or when sharing his computer with family members. Recent developments in cross-device tracking mean that ads for gay events or venues could surface not only on his home computer where he originally searched for the information, but on his work laptop or tablet. In addition, the ads could even be displayed on his parents’ computers, which could unknowingly be linked to his PC because they appear to be part of the same household.

According to Groman, "nearly 100 of the most responsible companies in online advertising today" won't do this.

But as for the remaining, less scrupulous adtech firms, the take-away is: better get your ad blocker on.

Brian Merchant on Motherboard:

72 percent of US internet users look up health-related information online. But an astonishing number of the pages we visit to learn about private health concerns—confidentially, we assume—are tracking our queries, sending the sensitive data to third party corporations, even shipping the information directly to the same brokers who monitor our credit scores.

What could possibly go wrong?

That's just a couple of targeted advertising stories from the past week. And the IAB is worried that ad blockers are a thing? That's like crapping on the sidewalk and complaining about people wearing rubber boots.

"Online advertising" is turning into a subset of "creepy scary stuff on the Internet." Advertising done right can be a way to pay for things that people want to read, but what we have on the web now is not working.

So why do publishers put up with this? Why not just run only first-party ads? It's a long story, but basically because other publishers do.

If websites could coordinate on targeting, proposition 1 suggests that they might want to agree to keep targeting to a minimum. However, we next show that individually, websites win by increasing the accuracy of targeting over that of their competitors, so that in the non- cooperative equilibrium, maximal targeting results.

So the gamesmanship of it all means that publishers end up in a spiral of crap.

Ad blocking isn't helping. The AdBlock Plus "acceptable ads" racket will pass ads that are superficially less annoying, but still have fundamental tracking problems. It's "acceptable" to split a long article into multiple annoying pages to put ads at top and bottom, but not to put ads within the flow of a modern long-scrolling article. "Acceptable ads" requires 1990s-vintage design and avoids fixing the real problems.

Fortunately, there's a solution that works for users and for publishers. Tracking protection is a safe, publisher-friendly alternative to ad blocking. Blocks the creepy stuff, to help publishers, without dictating design or interfering with advertising in general.

  • Tracking Protection on Firefox filters out tracking, while letting quality ads through. There's no "acceptable" program to join, and no limits on design.

  • Disconnect is a browser extension to protect users from the "web of invisible trackers."

Tracking protection helps publishers solve the big problem, the problem that the IAB doesn't want to talk about. Data leakage.

The prime "bovine-fertilizer-based information solution" here is all the verbiage about trying to break out the ad blocking problem from the ad fraud problem from the "print dollars to digital dimes" problem. It's all connected. Shovel through it all and you get something like:

  • Adtech as we know it is based on data leakage.

  • Ad blocking, along with adtech fraud, is a side-effect of the data leakage problem.

  • In the short term, data leakage is bad for publishers and good for adtech.

Having meetings to express grave concern about ad blocking isn't the answer, any more than having meetings to express grave concern about ad fraud is the answer.

Arguing about how to clean the carpet while the sewer pipe is still broken is not the answer.

Getting more users onto tracking protection, as an alternative to ad blocking? A way to fix data leakage at the source? For publishers, that's a good step toward the answer.

Point of order: I'm now avoiding the word "privacy" except in a direct quotation or a "Privacy Policy" document.

If I say it again, it's $1 in the jar for the EFF.

Terms to try to use instead:

  • tracking protection

  • data leakage

  • brand safety

Privacy is a big hairy problem, like the "freedom" in "free software." Plenty of people are philosophizing about it. But working with the web every day, the fixes that need to happen are not in the philosophy department, but in plugging the leaks that enable dysfunctional ads and building the systems to enable better ones.

Planet DebianEvolvisForge blog: tomcat7 init script is asynchronous

TIL: the init script of tomcat7 in Debian is asynchronous.

For some piece of software, our rollout (install and upgrade) process works like this:

  • service tomcat7 stop
  • rm -rf /var/lib/tomcat7/webapps/appname{,.war}
  • cp newfile.war /var/lib/tomcat7/webapps/appname.war
  • service tomcat7 start # ← here
  • service tomcat7 stop
  • edit some config files under /var/lib/tomcat7/webapps/appname/WEB-INF/
  • service tomcat7 start

The first tomcat7 start “here” is just to unzip the *.war files. For some reason, people like to let tomcat7 do that.

This failed today; there were two webapps. Manually unzipping it also did not work for some reason.

Re-doing it, inserting a sleep 30 after the “here”, made it work.

In a perfect world, initscripts only return when the service is running, so that the next one started in a nice sequential (not parallel!) init or manual start sequence can do what it needs to, assuming the previous command has fully finished.

In this perfect world, those who do wish for faster startup times use a different init system, one that starts things in parallel, for example. Even there, dependencies will wish for the depended-on service to be fully running when they are started; even more so, since the delays between starting things seem to be less for that other init system.

So, this is not about the init system, but about the init script; a change that would be a win-win for users of both init schemes.

Update: Someone already contacted me with feedback: they suggested to wait until the “shutdown port” is listened on by tomcat7. We’ll look at this later. In the meantime, we’re trying to also get rid of the “config (and logs) in webapps/” part…

PS: If someone is interested in an init script (Debian/LSB sysvinit, I made the effort to finally learn that… some months before the other system came) that starts Wildfly (formerly known as JBoss AS) synchronously, waiting until all *.?ar files are fully “deployed” before returning (though with a timeout in case it won’t ever finish), just ask (maybe it will become a dialogue, in which we can improve it together). (We have two versions of it, the more actively maintained one is in a secret internal project though, so I’d have to merge it and ready it for publication though, plus the older one is AGPLv3, the newer one was relicenced to a BSDish licence.)

Sociological ImagesJay Smooth on the Idea of the “Good Person”

“First, let me say that I’m tired of all of this talk about ‘snubs,'” said an anonymous member of the Academy of Motion Picture Arts and Sciences. And continued:

And as far as the accusations about the Academy being racist? Yes, most members are white males, but they are not the cast of Deliverance — they had to get into the Academy to begin with, so they’re not cretinous, snaggletoothed hillbillies.

In the video below, Jay Smooth takes on the idea that only “hillbillies” are racist and asks about the idea of the “good person” and what it actually takes to be one.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="" width="560"></iframe>

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

CryptogramEveryone Wants You To Have Security, But Not from Them

In December, Google's Executive Chairman Eric Schmidt was interviewed at the CATO Institute Surveillance Conference. One of the things he said, after talking about some of the security measures his company has put in place post-Snowden, was: "If you have important information, the safest place to keep it is in Google. And I can assure you that the safest place to not keep it is anywhere else."

The surprised me, because Google collects all of your information to show you more targeted advertising. Surveillance is the business model of the Internet, and Google is one of the most successful companies at that. To claim that Google protects your privacy better than anyone else is to profoundly misunderstand why Google stores your data for free in the first place.

I was reminded of this last week when I appeared on Glenn Beck's show along with cryptography pioneer Whitfield Diffie. Diffie said:

You can't have privacy without security, and I think we have glaring failures in computer security in problems that we've been working on for 40 years. You really should not live in fear of opening an attachment to a message. It ought to be confined; your computer ought to be able to handle it. And the fact that we have persisted for decades without solving these problems is partly because they're very difficult, but partly because there are lots of people who want you to be secure against everyone but them. And that includes all of the major computer manufacturers who, roughly speaking, want to manage your computer for you. The trouble is, I'm not sure of any practical alternative.

That neatly explains Google. Eric Schmidt does want your data to be secure. He wants Google to be the safest place for your data ­ as long as you don't mind the fact that Google has access to your data. Facebook wants the same thing: to protect your data from everyone except Facebook. Hardware companies are no different. Last week, we learned that Lenovo computers shipped with a piece of adware called Superfish that broke users' security to spy on them for advertising purposes.

Governments are no different. The FBI wants people to have strong encryption, but it wants backdoor access so it can get at your data. UK Prime Minister David Cameron wants you to have good security, just as long as it's not so strong as to keep the UK government out. And, of course, the NSA spends a lot of money ensuring that there's no security it can't break.

Corporations want access to your data for profit; governments want it for security purposes, be they benevolent or malevolent. But Diffie makes an even stronger point: we give lots of companies access to our data because it makes our lives easier.

I wrote about this in my latest book, Data and Goliath:

Convenience is the other reason we willingly give highly personal data to corporate interests, and put up with becoming objects of their surveillance. As I keep saying, surveillance-based services are useful and valuable. We like it when we can access our address book, calendar, photographs, documents, and everything else on any device we happen to be near. We like services like Siri and Google Now, which work best when they know tons about you. Social networking apps make it easier to hang out with our friends. Cell phone apps like Google Maps, Yelp, Weather, and Uber work better and faster when they know our location. Letting apps like Pocket or Instapaper know what we're reading feels like a small price to pay for getting everything we want to read in one convenient place. We even like it when ads are targeted to exactly what we're interested in. The benefits of surveillance in these and other applications are real, and significant.

Like Diffie, I'm not sure there is any practical alternative. The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view. Someone else is taking care of it. We want strong security, but we also want companies to have access to our computers, smart devices, and data. We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices.

Those "someones" will necessarily be able to violate our privacy, either by deliberately peeking at our data or by having such lax security that they're vulnerable to national intelligence agencies, cybercriminals, or both. Last week, we learned that the NSA broke into the Dutch company Gemalto and stole the encryption keys for billions ­ yes, billions ­ of cell phones worldwide. That was possible because we consumers don't want to do the work of securely generating those keys and setting up our own security when we get our phones; we want it done automatically by the phone manufacturers. We want our data to be secure, but we want someone to be able to recover it all when we forget our password.

We'll never solve these security problems as long as we're our own worst enemy. That's why I believe that any long-term security solution will not only be technological, but political as well. We need laws that will protect our privacy from those who obey the laws, and to punish those who break the laws. We need laws that require those entrusted with our data to protect our data. Yes, we need better security technologies, but we also need laws mandating the use of those technologies.

This essay previously appeared on

Worse Than FailureConsultant Designed Success

Circa 2005, using XML and XSLT to generate HTML was all the rage. It was cool. It was the future. Anyone who was anyone was using it to accomplish all-things-web. If you were using it, you were among the elite. You were automatically worth hiring for any programming-related task.

Overly complex UML diagram

Back then, Richard was working at a small web development company. In this case, "small" means the boss, whoe was a bright guy, but who had absolutely no knowledge of anything -web, -computer or -technology related would make all decisions relating to hiring, purchasing technology and creating technology procedures.

Although Richard was trained as a developer, he had been doing some integration work on small client web sites while the company pursued bigger goals of developing a web portal framework that would allow them to pump out dozens of web portals. To help with the overall architecture, the boss hired an Architect who specialized in intelligent transactional agents. One of his claims to fame was a system he had previously built to map data to presentation HTML via XML and XSLT. The boss was impressed by his understanding and use of these technologies, and based almost entirely on just that, hired him.

The architect spent several months analyzing the underlying data and all the state transitions that would be required, as well as the target HTML into which it had to be morphed. Then he spent several more months coding up the framework. One of the key pillars on which this framework was built was the extensive use of XML and XSLT to convert all the data into something a browser could interpret to render.

When the consultant began to integrate his work with the rest of the infrastructure, lots of little problems started to pop up. For example, source control was really just copying the source tree to a dedicated directory on one developer's laptop. When the consultant had to deploy his latest jar, he would copy it to a network share, from which the developers would copy it locally to use it. However, at some point, the moving of the jar file became significantly less important than the using of the contents of the jar file, and the bug reports began to pile up.

This particular application was basically a corporate directory categorized by region, commerce-type and category/sub-category/actual-category. There were 13 regions with about 4000 businesses, 4 commerce-types and about 300 categories. Any experienced developer would expect that searching for a specific business in region A, type B and category C would be quite fast. It would be reasonable to expect the query to complete in far less than one second. In practice, when all criteria were used, the web server timed out most search queries at 30 seconds.

Apparently, the consultant decided that every little thing should be its own class. No matter how small. A data object containing a Date was insufficient. No, there were separate objects to hold day, month and year, all of which were wrapped in a MyDate object. Ditto for time. Ditto for day of week. Ditto for everything else you could imagine. Then, to really test the capabilities of the IO subsystem, network and silicon, he would query every record in the entire database, construct objects for every component, sub-component, sub-sub-component, and so forth via Hibernate, and scan the list using the slowest possible mechanism in the Java language: instanceof, to see if an object was of a particular type before attempting to use it for purposes of comparison. To make matters worse, it repeated this entire process three times for each query; once to check if each business was of the proper instance for the region, once for the commerce-type and once more for the category.

Richard replaced the whole thing with a simple stored procedure that ran in less than 100ms.

Having dealt with that, Richard and peers told their boss what they went through and asked him to fire the consultant. He agreed, but only after the consultant would modify his framework to support multiple portals on the same system.

After two weeks, the consultant proudly proclaimed that the system now supported as many portals as they wanted. The procedure to enable this capability was to copy the entire project and rename it for each additional web portal.

Having ripped out all of that framework, they never even got to try out the part of the framework that morphed data into XML to be XSLT'd into HTML.

In the end, everything that the consultant did was trashed and rewritten by Richard and his peers in about a month.

Upon reflection, Richard learned that just because you have knowledge of how to use one tool doesn't mean that you are an expert in everything. He also learned that an otherwise intelligent boss can make really stupid decisions if he doesn't have the requisite experience in the relevant field.

[Advertisement] Use NuGet or npm? Check out ProGet, the easy-to-use package repository that lets you host and manage your own personal or enterprise-wide NuGet feeds and npm repositories. It's got an impressively-featured free edition, too!

Planet Linux AustraliaBinh Nguyen: Vietnamese Grilled Lemongrass Pork Chop Recipe

This is based on recipes online and an interpretation by a korean/japanese fusion restaurant that I used to frequent. While there are other alternative recipe that possibly taste better, I find that this is the quickest and easiest version. 
- pork chops
- sugar
- garlic
- shallot or yellow onion
- lemongrass
- pepper
- soy sauce
- fish sauce
- rice wine vinegar
- oil

Coat pork with bicarbonate soda if desired (meat tenderiser) and then wash off in cold water. Create marinade sauce by starting with liquids and then adding sugar, soy sauce, garlic, etc... Marinade pork with sauce. Cook rice in meantime. Pan fry pork and then place under grill for quicker results or else place directly in grill/oven/bbq from start to finish. 
Goes well with a asian chicken soup (use pre-made or make a quick one using carrots, celery, onion, chicken bones, water, pepper, salt, pepper, soy sauce, and fish sauce) and steamed white rice, fried eggs, pickled carrot or cucumber (sliced finely and dressed with vinegar and sugar) and nuoc mam as a sauce.

The following is what it looks like. 

Planet DebianMichael Banck: 26 Feb 2015

My recent Debian LTS activities

Over the past months, my employer credativ has sponsored some of my work time to keep PostgreSQL updated for squeeze-lts. Version 8.4 of PostgreSQL was declared end-of-life by the upstream PostgreSQL Global Development Group (PGDG) last summer, around the same time official squeeze support ended and squeeze-lts took over. Together with my colleagues Christoph Berg (who is on the PostgreSQL package maintainer team) and Bernd Helmle, we continued backpatching changes to 8.4. We tried our best to continue the PGDG backpatching policy and looked only at commits at the oldest still maintained branch, REL9_0_STABLE.

Our work is publicly available as a separate REL8_4_LTS branch on Github. The first release (called 8.4.22lts1) happened this month mostly coinciding with the official 9.0, 9.1, 9.2, 9.3 and 9.4 point releases. Christoph Berg has uploaded the postgresql-8.4 Debian package for squeeze-lts and release tarballs can be found on Github here (scroll down past the release notes for the tarballs).

We intend to keep the 8.4 branch updated on a best-effort community basis for the squeeze-lts lifetime. If you have not yet updated from 8.4 to a more recent version of PostgreSQL, you probably should. But if you are stuck on squeeze, you should use our LTS packages. If you have any questions or comments concerning PostgreSQL for squeeze-lts, contact me.

Planet Linux AustraliaBinh Nguyen: Chinese Roast (BBQ/Char-Siu) Pork Recipe

This is based on recipes online and an interpretation by local restaurants that I used to frequent. While there are other alternative recipe that possibly taste better, I find that this is the quickest and easiest version.
- pork
- soy sauce
- hoisin sauce
- Chinese rice cooking wine
- sugar
- garlic
- honey (optional)
- pepper (optional)
- oyster sauce (optional)
- star anise (optional)
- red food colouring (powder or liquid)
Split (if too large to fit into oven/grill) pork if required. Coat pork with bicarbonate soda if desired (meat tenderiser) and then wash off in cold water. Create marinade sauce by starting with hoy sin sauce and then adding sugar, soy sauce, garlic, etc... Marinade pork with sauce. Cook rice in meantime. Pan fry pork and then place under grill for quicker results or else place directly in grill/oven/bbq from start to finish. 

Goes well with a asian chicken soup (use pre-made or make a quick one using carrots, celery, onion, chicken bones, water, pepper, salt, pepper, soy sauce, and fish sauce) and steamed white rice.

The following is what it looks like.

Planet Linux AustraliaBinh Nguyen: Korean/Japanese Pork Bolgogi (BBQ Pork) Recipe

This is based on recipes online and an interpretation by a korean/japanese fusion restaurant that I used to frequent. While there are other alternative recipe that possibly taste better, I find that this is the quickest and easiest version.
- pork (purchase offcuts/pre-sliced pork belly in some stores for a more timely meal)
- bolgogi sauce
- sugar
- mirin or rice cooking wine
- crushed/diced garlic or powder
- soy sauce
- ginger (optional)
- pepper (optional)
- spring onion (optional)
- shichimi togarashi spice mix

Slice pork if required. Coat pork with bicarbonate soda if desired (meat tenderiser) and then wash off in cold water. Create marinade sauce by starting with bolgogi sauce and then adding sugar, soy sauce, garlic, ginger, shichimi togarashi spice mix, etc... Marinade pork with sauce. Cook rice in meantime. Pan fry pork and then place under grill for quicker results or else place directly in grill/oven/bbq from start to finish.

Serve with Miso soup, sweet potato fries, and rice. Garnish pork with shichimi togarashi spice mix and rice with soy sauce. Add kimchi to meal if desired.

You can change the meat to chicken or even beef if the sauce is changed to the appropiate one.

The following is what it looks like.

Planet Linux AustraliaBinh Nguyen: Simple Pasta Recipes

As the title states the following are a bunch of recipes that I sometimes use for pasta. This is being placed here for my own possible records and for others to use if so desired.

The point of these recipes is to achieve the best taste, in the quicket possible time, at the cheapest possible price. That's why the ingredients are somewhat non-traditional at times. Here's the other thing, it's obvious that they can be altered quickly and easily to suit other core ingredients. Don't be afraid to experiment.

Bacon and Mushroom Carbonara with Pasta
- white pasta sauce (can be any. We will modify to suit our tastes but most are roughly the same. Alfredo is often the easiest/closest to what we finally want though)
- mushrooms (buy them pre-sliced and you'll have the sauce done for this recipe done in no time)
- bacon (buy it pre-diced and you'll have the sauce done for this recipe done in no time)
- sugar (to taste)
- salt (to taste)
- soy sauce (to taste)
- pepper (to taste)
Fry off bacon then mushroom in a pan. Add pasta sauce. In the meantime, cook pasta with some salted water. Use sugar/salt/soy sauce to change sauce if too tart, sweet, etc... Garnish pasta and sauce with parmessan if desired.

Spaghetti Bolognese with Pasta
- pasatta or tomato based pasta sauce
- beef mince
- onion (optional)
- garlic (optional)
- fresh chilli or chilli flakes (to taste)
- salt (to taste)
- sugar (to taste)
- soy sauce (to taste) 
- pepper (to taste)
- tomato sauce (to taste)
Sautee onion, garlic, and chilli. Brown mince (remove excess liquid if desired. It will change the nature of the sauce if there is excess liquid). Add pasta sauce. In the meantime, cook pasta with some salted water. Use sugar/salt/pepper/soy sauce to change sauce if too tart, sweet, etc... Garnish pasta and sauce with parmessan if desired.

Spaghetti Bolognese (Asian Interpretation) with Pasta
- pasatta
- sliced beef
- onion (optional)
- garlic (optional)
- fresh chilli, sriracha chilli sauce, or chilli flakes (to taste)
- salt (to taste)
- sugar (to taste)
- soy sauce (to taste) 
- fish sauce (to taste) 
- pepper (to taste)
Sautee onion, garlic, and chilli. Brown mince (remove excess liquid if desired. It will change the nature of the sauce if there is excess liquid). Add pasta sauce. In the meantime, cook pasta with some salted water. Use sugar/salt/pepper/sriracha chilli sauce/soy sauce to change sauce if too tart, sweet, etc... Garnish pasta and sauce with parmessan if desired.

Seafood or Chill Prawn Tomato Sauce with Pasta
- pasatta or tomato based pasta sauce
- prawns or seafood
- onion (optional)
- garlic (optional)
- fresh chilli or chilli flakes (to taste)
- sriracha chilli sauce, sambal oelek, or chilli bean paste (to taste)
- salt (to taste)
- sugar (to taste)
- soy sauce (to taste) 
- pepper (to taste)
- tomato sauce (to taste)
- diced fresh tomato (optional)(buy pre-diced canned if pressed for time)
- olives (optional)(buy canned, pre-sliced, and drain holding liquid if pressed for time)
Sautee onion, garlic, and chilli. Sear seafood (remove excess liquid if desired. It will change the nature of the sauce if there is excess liquid). Add pasta sauce, and fresh tomato and olives (if desired). In the meantime, cook pasta with some salted water. Use sugar/salt/pepper/sriracha chilli sauce/soy sauce to change sauce if too tart, sweet, etc... Garnish pasta and sauce with parmessan if desired.

Pork Chops With White Sauce with Pasta
- pork chops
- cream
- tomato sauce
- garlic
- salt (to taste)
- sugar (to taste)
- soy sauce (to taste) 
- pepper (to taste)
- tomato sauce (to taste)
Sear pork chop with garlic to level desired (remove excess liquid if desired. It will change the nature of the sauce if there is excess liquid) and remove from pan. Add cream to deglaze pan and create sauce. In the meantime, cook pasta with some salted water. Use sugar/salt/pepper/tomato sauce/soy sauce to change sauce if too tart, sweet, etc... Garnish pasta and sauce with parmessan if desired.

Planet DebianWouter Verhelst: Dear non-Belgian web developer,

Localization in the web context is hard, I know. To make things easier, it may seem like a good idea to use GeoIP to detect what country an IP is coming from and default your localization based on that. While I disagree with that premise, this blog post isn't about that.

Instead, it's about the fact that most of you get something wrong about this little country. I know, I know. If you're not from here, it's difficult to understand. But please get this through your head: Belgium is not a French-speaking country.

That is, not entirely. Yes, there is a large group of French-speaking people who live here. Mostly in the south. But if you check the numbers, you'll find that there are, in fact, more people in Belgium who speak Dutch rather than French. Not by a very wide margin, mind you, but still by a wide enough margin to be significant. Wikipedia claims the split is 59%/41% Dutch/French; I don't know how accurate those numbers are, but they don't seem too wrong.

So please, pretty please, with sugar on top: next time you're going to do a localized website, don't assume my French is better than my English. And if you (incorrectly) do, then at the very least make it painfully obvious to me where the "switch the interface to a different language" option in your website is. Because while it's annoying to be greeted in a language that I'm not very good at, it's even more annoying to not be able to find out how to get the correctly-localized version.


Planet Linux AustraliaClinton Roy: clintonroy

Another weird day really.

The headache from yesterday did not improve, after physio and tablets. I went to bed early and woke up around 2am with my head still banging.

Work has a construction site across the road and it’s still very noisy at times, it was very difficult dealing with both a headache throbbing inside my head and the builders machines throbbing the outside of my head.

I had lunch offsite with H, who is always doing a million and one things and making me feel lazy.

I decided I didn’t want to deal with the headache and noise in the afternoon and headed home.

Filed under: diary

Krebs on SecurityWebnic Registrar Blamed for Hijack of Lenovo, Google Domains

Two days ago, attackers allegedly associated with the fame-seeking group Lizard Squad briefly hijacked Google’s Vietnam domain ( On Wednesday, was similarly attacked. Sources now tell KrebsOnSecurity that both hijacks were possible because the attackers seized control over, the Malaysian registrar that serves both domains and 600,000 others.

On Feb. 23, briefly redirected visitors to a page that read, “Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas).” The message also included a link to the group’s Twitter page and its Lizard Stresser online attacks-for-hire service.

Today, the group took credit for hacking, possibly because it was recently revealed that the computer maker was shipping the invasive Superfish adware with all some new Lenovo notebook PCs (the company has since said Superfish is now disabled on all Lenovo products and that it will no longer pre-load the software).

According to a report in, the HTML source code for was changed to read, “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey.”

The Verge story notes that both men have been identified as members of the Lizard Squad; to my knowledge this has never been true. In fact, both used to be part of a black hat and now-defunct hacker collective known as Hack The Planet (HTP) along with one of the main current LizardSquad members — Julius “Zeekill” Kivimaki (for more on Julius, see these stories). However, both King (a.k.a “Starfall”) and Godfrey (“KMS”) have been quite publicly working to undermine and expose the group for months.

Reached via instant message, both King and Godfrey said the Lizard Squad used a command injection vulnerability in to upload a rootkit — a set of hacking tools that hide the intruder’s presence on a compromised system and give the attacker persistent access to that system. is currently inaccessible. A woman who answered the phone at the company’s technical operations center in Kuala Lumpur acknowledged the outage but said Webnic doesn’t have any additional information to share at this time. “We’re still in the investigation stage,” said Eevon Soh, a Webnic customer support technician.


It appears the intruders were able to leverage their access at to alter the domain name system (DNS) records for the Google and Lenovo domains, effectively giving them the ability to redirect the legitimate traffic away from the domains to other servers — including those under the attackers’ control.

King and Godfrey said the Lizard Squad also gained access to Webnic’s store of “auth codes” (also known as “transfer secrets” or “EPP” codes), unique and closely-guarded codes that can be used to transfer any domain to another registrar. As if to prove this level of access, the Lizard Squad tweeted what they claim is one of the codes.

Starfall and KMS say the rootkit has been removed from Webnic’s servers, meaning the Lizard Squad should no longer be able to hijack Webnic domains with the same method they used to redirect or Google Vietnam.

This is not the first time these actors have messed with Web Commerce Communications Ltd. (Webnic) is a popular registrar among hacker forums and underground stores that traffic in stolen credit cards and identity information, and a great number of those sites are registered through Webnic. It was hardly a coincidence that many of these criminal storefronts which have been hacked over the past couple of years — including rescator[dot]so, and ssndob — were registered at Webnic: All of the same players involved this week’s drama were involved in those hacks as well.

Kelvin ThomsonUnited Nations Security Council Veto

On Monday in Parliament I moved a motion stressing the superiority of collective security through the United Nations over unilateral action. In my speech I drew attention to the increasing level of global violence and asked the question, why doesn't the United Nations do more to make civilians safe?<o:p></o:p>

The answer I gave was that the permanent members of the UN Security Council, who have a veto power over UN action, are prepared to turn a blind eye to, to cover up, the sins and misdeeds of their allies and supporters. I urged that we be less fatalistic about the conduct of the big powers, and demand that they allow the United Nations to do its job of protecting civilians.<o:p></o:p>

I therefore welcome the call by Amnesty International's Secretary-General, Salil Shetty, in Amnesty's Annual Report for the UN Security Council to adopt a code of conduct agreeing to voluntarily refrain from using the Veto in a way which would block Security Council action in situations of genocide, war crimes and crimes against humanity. The Secretary-General notes that such a step could save many lives, and that the proposal is now backed by 40 governments. He said the Security Council’s permanent members were using their power of veto to “promote their political self-interest or geopolitical interest above the interest of protecting civilians”.<o:p></o:p>

Amnesty International's 2014/15 Report documents a frightening catalogue of human rights abuses and increasing global violence. It describes 2014 as a devastating year for those seeking to stand up for human rights, and those caught up in war zones. It's findings are consistent with those of the Institute for Economics and Peace, which found that since 2000 there has been a five-fold increase in the number of people killed by terrorism.<o:p></o:p>

We can do better than this. The permanent members of the UN Security Council should stop using their veto to try to gain strategic advantage for their country, and start using the United Nations for the purpose for which it was established - to protect civilians and prevent conflict.<o:p></o:p>

The Hon. Kelvin Thomson<o:p></o:p>

Federal Member for Wills<o:p></o:p>


Planet DebianHolger Levsen: 20150225-apparmor-user-stories

Developing is a use case too

For whatever reason Ulrike's blog post about AppArmor user stories and user tags was not syndicated to planet.d.o, despite it should have been and despite planet admins nicely having looked into it. Whatever...

As you might have guessed by now, the user stories referred to in this blog post are about developers supporting AppArmor (a kernel module for restricting capabilities of processes) in their Debian packages. So if you're maintaining packages and have always been pondering to look into this apparmor thingy, go read that blog post!

Hopefully the next post will "magically" appear on planet again ;-)

Planet DebianJoachim Breitner: DarcsWatch End-Of-Life’d

Almost seven years ago, at a time when the “VCS wars” have not even properly started yet, GitHub was seven days old and most Haskell related software projects were using Darcs as their version control system of choice, when you submitted a patch, you simply ran darcs send and mail with your changes would be sent to the right address, e.g. the maintainer or a mailing list. This was almost as convenient as Pull Requests are on Github now, only that it was tricky to keep track of what was happening with the patch, and it would be easy to forget to follow up on it.

So back then I announced DarcsWatch: A service that you could CC in your patch submitting mail, which then would monitor the repository and tell you about the patches status, i.e. whether it was applied or obsoleted by another patch.

Since then, it quitely did its work without much hickups. But by now, a lot of projects moved away from Darcs, so I don’t really use it myself any more. Also, its Darcs patch parser does not like every submissions by a contemporary darcs, so it is becoming more and more unreliable. I asked around on the xmonad and darcs mailing lists if others were still using it, and noboy spoke up. Therefore, after seven years and 4660 monitored patches, I am officially ceasing to run DarcsWatch.

The code and data is still there, so if you believe this was a mistake, you can still speak up -- but be prepared to be asked to take over maintaining it.

I have a disklike for actually deleting data, so I’ll keep the static parts of DarcsWatch web page in the current state running.

I’d like to thank the guys from for hosting DarcsWatch on urching for the last 5 years.

Planet DebianZlatan Todorić: Net neutrality for average Joe

If you are still unsure what it means, here is perfectly simple example.

Sociological ImagesChildren of the Prison Boom

The United States imprisons more people than any other country. This is true whether you measure by percentage of the population or by sheer, raw numbers. If the phrase mass incarceration applies anywhere, it applies in the good ol’ U. S. of A.

It wasn’t always this way. Rates of incarceration began rising as a result of President Reagan’s “war on drugs” in the ’80s (marijuana, for example), whereby the number of people imprisoned for non-violent crimes began climbing at an alarming rate. Today, about one-in-31 adults are in prison. his is a human rights crisis for the people that are incarcerated, but its impact also echoes through the job sector, communities, families, and the hearts of children. One-in-28 school-age children — 2.7 million — have a parent in prison.

2 (1)

In a new book, Children of the Prison Boom, sociologists Christopher Wildeman and Sara Wakefield describe the impact of parental imprisonment on children: an increase in poverty, homelessness, depression, anxiety, learning disorders, behavioral problems, and interpersonal aggression. Some argue that taking parents who have committed a crime out of the family might be good for children, but the data is in. It’s not.

Parental incarceration is now included in research on Adverse Childhood Experiences and it’s particular contours include shame and stigma alongside the trauma. It has become such a large problem that Sesame Street is incorporating in their Little Children, Big Challenges series and has a webpage devoted to the issue. Try not to cry as a cast member sings “you’re not alone” and children talk about what it feels like to have a parent in prison:

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" src="" width="560"></iframe>

Wildeman and Wakefield, alongside another sociologist who researches the issue, Kristin Turney, are interviewed for a story about the problem at The Nation. They argue that even if we start to remedy mass incarceration — something we’re not doing — we will still have to deal with the consequences. They are, Wildeman and Wakefield say, “a lost generation now coming of age.”

The subtitle of their book, Mass Incarceration and the Future of Inequality, points to how that lost generation might exacerbate the already deep race and class differences in America. At The Nation, Katy Reckdahl writes:

One in four black children born in 1990 saw their father head off to prison before they turned 14… For white children of the same age, the risk is one in thirty. For black children whose fathers didn’t finish high school, the odds are even greater: more than 50 percent have dads who were locked up by the time they turned 14…

Even well-educated black families are disproportionately affected by the incarceration boom. Wakefield and Wildeman found that black children with college-educated fathers are twice as likely to see them incarcerated as the children of white high-school dropouts.

After the Emancipation Proclamation, Jim Crow hung like a weight around the shoulders of the parents of black and brown children. After Jim Crow, the GI Bill and residential redlining strangled their chances to build wealth that they could pass down. The mass incarceration boom is just another in a long history of state policies that target black and brown people — and their children — severely inhibiting their life chances.

Hat tip Citings and Sightings. Cross-posted at A Nerd’s Guide to New Orleans.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

Planet DebianClint Adams: Juliet did not show up on cue

I brought a dozen cupcakes. There were 3 carrot, 3 red velvet, 2 marble, 2 peanut butter fudge swirl, and 2 of some chocolate-chocolate-chocolate thing that I forgot the name of because it sounded so disgusting.

He had a romcom fantasy about her a year before. She did not live up to his expectations, so things went sideways.

Now she was having a romcom fantasy all by herself, waiting patiently for hours for him to do something in particular.

You could have graphed her hopes falling. In the end, she left dejected. He didn't understand why. Then he left town.

He was much more excited about the cupcakes than she was.

Planet DebianJonathan Dowland: CD ripping on Linux

A few months ago I decided it would be good to re-rip my CD collection, retaining a lossless digital copy, and set about planning the project. I then realised I hadn't the time to take the project on for the time being and parked it, but not before figuring a few bits and pieces out.

Starting at the beginning, with ripping the CDs. The most widely used CD ripping software on Linux systems is still cdparanoia, which is pretty good, but it's still possible to get bad CD rips, and I've had several in a very small sample size. On Windows systems, the recommended ripper is Exact Audio Copy, or EAC for short. EAC calculates checksums of ripped CDs or tracks and compares them against an online database of rips called AccurateRip. It also calibrates your CD drive against the same database and uses the calculated offset during the rip.

I wasn't aware of any AccurateRip-supporting rippers until recently when Mark Brown introduced me to morituri. I've done some tentative experiments and it appears to be produce identical rips to EAC for some sample CDs (with different CD reading hardware too).

Fundamentally, AccurateRip is a proprietary database, and so I think the longer term goal in the F/OSS community should be to create an alternative, open database of rip checksums and drive offsets. The audio community has already been burned by the CDDB database going proprietary, but at least we now have the—far superior—MusicBrainz.

CryptogramSnowden-Greenwald-Poitras AMA

Glenn Greenwald, Laura Poitras, and Edward Snowden did an "Ask Me Anything" on Reddit.

Point out anything interesting in the comments.

And note that Snowden mentioned my new book:

One of the arguments in a book I read recently (Bruce Schneier, "Data and Goliath"), is that perfect enforcement of the law sounds like a good thing, but that may not always be the case.

Planet DebianEddy Petrișor: Occasional Rsnapshot v1.3.0

It is almost exactly 1 year and a half since I came up with the idea of having a way of making backups using Rsnapshot automatically triggered by my laptop when I have the backup media connected to my laptop. This could mean connecting a USB drive directly to the laptop or mounting a NFS/sshfs share in my home network. Today I tagged Occasional Rsnapshot the v1.3.0 version, the first released version that makes sure even when you connect your backup media occasionally, your Rsnapshot backups are done if and when it makes sense to do it, according to the rsnapshot.conf file and the status of the existing backups on the backup media.

Quoting from the README, here is what Occasional Rsnapshot does:

This is a tool that allows automatic backups using rsnapshot when the external backup drive or remote backup media is connected.

Although the ideal setup would be to have periodic backups on a system that is always online, this is not always possible. But when the connection is done, the backup should start fairly quickly and should respect the daily/weekly/... schedules of rsnapshot so that it accurately represents history.

In other words, if you backup to an external drive or to some network/internet connected storage that you don't expect to have always connected (which is is case with laptops) you can use occasional_rsnapshot to make sure your data is backed up when the backup storage is connected.

occasional_rsnapshot is appropriate for:
  • laptops backing up on:
    • a NAS on the home LAN or
    • a remote or an internet hosted storage location
  • systems making backups online (storage mounted locally somehow)
  • systems doing backups on an external drive that is not always connected to the system
The only caveat is that all of these must be mounted in the local file system tree somehow by any arbitrary tool, occasional_rsnapshot or rsnapshot do not care, as long as the files are mounted.

So if you find yourself in a simillar situation, this script might help you to easily do backups in spite of the occasional availability of the backup media, instead of no backups at all. You can even trigger backups semi-automatically when you remember to or decide is time to backup, by simply pulging in your USB backup HDD.

But how did I end up here, you might ask?

In December 2012 I was asking about suggestions for backup solutions that would work for my very modest setup with Linux and Windows so I can backup my and my wife's system without worrying about loss of data.

One month later I was explaining my concept of a backup solution that would not trust the backup server, and leave to the clients as much as possible the decision to start the backup at their desired time. I was also pondering on the problems I might encounter.

From a security PoV, what I wanted was that:
  1. clients would be isolated from each other
  2. even in the case of a server compromise:
      • the data would not be accessible since they would be already encrypted before leaving the client
      • the clients could not be compromised

    The general concept was sane and supplemental security measures such as port knocking and initiation of backups only during specific time frames could be added.

    The problem I ran to was that when I set up this in my home network a sigle backup cycle would take more than a day, due to the fact that I wanted to do backup of all of my data and my server was a humble Linksys NSLU2 with a 3TB storage attached on USB.

    Even when the initial copy was done by attaching the USB media directly to the laptop, so the backup would only copy changed data, the backup with the HDD attached to the NSLU2 was not finished even after more than 6 hours.

    The bottleneck was the CPU speed and the USB speed. I tried even mounting the storage media over sshfs so the tiny xscale processor in the NSLU2 would not be bothered by any of the rsync computation. This proved to an exercise in futility, any attempt to put the NSLU2 anywhere in the loop resulted in an unacceptable and impractically long backup time.

    All these attempts, of course, took time, but that meant that I was aware I still didn't have appropriate backups and I wasn't getting closer to the desired result.

    So this brings us August 2013, when I realized I was trying to manually trigger Rsnapshot backups from time to time, but having to do all sorts of mental gymnastics and manual listing to evaluate if I needed to do monthly, weekly and daily backups or if weekly and daily was due.

    This had to stop.
    Triggering a backup should happen automatically as soon as the backup media is available, without any intervention from the user.
    I said.

    Then I came up with the basic concept for Occasional Rsnapshot: a very silent script that would be called from  cron every 5 minutes, would check if the backup media is mounted, if is not, exit silently to not generate all sorts of noise in cron emails, but if mounted, compute which backup intervals should be triggered, and trigger them, if the appropriate amount of time passed since the most recent backup in that backup interval.

    Occasional Rsnapshot version v1.3.0 is the 8th and most recent release of the script. Even if I used Occasional Rsnapshot since the day 1, v1.3.0 is the first one I can recommend to others, without fearing they might lose data due to it.

    The backup media can be anything, starting from your regular USB mounted HDD, your sshfs mounted backup partition on the home NAS server to even a remote storage such as Amazon S3 online storage, and there are even brief instructions on how to do encrypted backups for the cases where you don't trust the remote storage.

    So if you think you might find anything that I described remotely interesting, I recommend downloading the latest release of Occasional Rsnapshot, go through the README and trying it out.

    Feedback and bug reports are welcome.
    Patches are welcomed with a 'thank you'.
    Pull requests are eagerly waited for :) .

Planet DebianAndrew Cater: Cubietruck now running Debian :)

Following a debootstrap build of sid on one machine to complete the cross-compilation of mainline u-boot, I managed to get vanilla Debian installed on my Cubietruck

A USB-serial cable is a must for the install and for any subsequent major reconfiguration as the stock Debian installer does not have drivers for the video / audio. Various Cubietruck derivative distributions do - but the Sunxi kernel appears flaky

All was fine for a few days, then I decided to try and configure the Wifi by hand configuring /etc/network/interfaces and wpasupplicant files. I managed to break the network connectivity by doing things in a hurry and typing blind. I'd put it into the appropriate closed metal case so was rather stuck.

A friend carefully took the case apart by easing off the metal cover plates, removed two screws holding the whole thing together and precision drilled  the metal cover plates on one side so that four screws can be undone and the entire inner part of the case can slide out as one while the other metal clover plate remains captive. He will follow this procedure with his two later.

Very pleased with the way it's turned out. The WiFi driver has non-free firmware but I now have a tiny, silent machine, drawing about 3W tops and both interfaces are now working.

TEDWhat is a “smart” syringe? By 2020, you’ll be getting all your shots with one

An outbreak of HIV that traces back to syringe reuse has rocked the village of Roka in Cambodia.  Photo: Marc Koska/LifeSaver

An outbreak of HIV that traces back to syringe reuse has rocked the village of Roka in Cambodia. A Buddhist monk and several school students are among the infected. Photo: Marc Koska/LifeSaver

In the small village of Roka in western Cambodia, 272 people have tested positive for HIV since the end of 2014. Among those diagnosed: an 82-year-old celibate Buddhist monk, several babies and 19 members of the same family. This tragic outbreak has been traced to a source: Yem Chrin, a popular medical practitioner who operated without a license in the village. While he was — and, to some extent, still is — beloved by many in the village for treating those who couldn’t afford to pay, it has come to light that he reused syringes from patient to patient, spreading the disease shockingly quickly.

Marc Koska visited Roka earlier this month with a camera crew from the BBC. He wanted to visit because this village’s tragedy underscores the importance of a product he has spent the last 30 years advocating for: safe syringes, designed to be used only once.

Yem Chrin wasn’t necessarily malicious, says Koska, and he wasn’t doing anything all that different from doctors in similar communities.

“Any doctor in the developing world faces that challenge, whether they’re a quack or a nurse in a hospital,” he says. “There are an enormous number of pressures that make them reuse equipment.”

In Koska’s TED Talk, “1.3m reasons to re-invent the syringe,” he lists some of these pressures. People around the world have been sold on the efficacy of medicine delivered via syringe, so they ask doctors and nurses for shots rather than oral medications. This leads not only to reuse, but to a black market of used syringes. In the talk, Koska shared what his charity, SafePoint, was doing to help: designing a syringe that locks up and breaks if a second use is attempted.

Today, the World Health Organization announced a new policy on injection safety, mandating a full transition to safety-engineered “smart” syringes by 2020. The organization called this “an urgent priority for all countries.” At the same time, they’re launching a global campaign to raise awareness and help countries around the world tackle the issue of unsafe injections.

For Koska, this is a historic moment. “It took me 15 years of lobbying the WHO,” he says. He got a glimmer of hope in 1999, when the WHO mandated single-use syringes for immunizations. But immunizations only represent 5% of the 16 billion injections given annually in the world — the other 95% deliver therapeutic treatments, and no smart syringe mandate followed for those. The discrepancy is simple, says Koska. “No one cares,” he says. “Manufacturers certainly don’t care, and they weren’t being forced by the leadership of the world to.”


A turning point came three years ago, when Koska had a meeting with the WHO Director-General, Margaret Chan. “I gave her a very hard time,” says Koska. “There was swearing, there was rudeness.” But it became clear that they were on the same page. Koska became an external reviewer as the new global mandate was drafted.

The WHO’s campaign is six-pronged. The WHO has issued new guidelines on syringe and needle use; health workers will be educated; manufacturers will be required to switch to safe designs; ministers of health will be encouraged to make their countries leaders in compliance; funders who give healthcare aid to the developing world will be encouraged not to give money unless a country is working toward the mandate. Meanwhile, the WHO will be running a public awareness to let people know about the importance of smart syringes.

This campaign will save lives, says Koska, and it will have economic benefits to boot. “Every dollar invested in the future of safe syringes — on waste disposal, on health care worker training, on lobbying, on advocacy, on public awareness — will save a developing world country $14.57,” says Koska, quoting a report. “That is one of the highest margins anyone has seen in public health.”

The key to this campaign is manufacturers adopting safe syringe and needle designs — the sooner, the better. “There are four or five designs out there in the marketplace and they’re all great and funky,” says Koska. “It’ll be a design race, like it is with phones or computers or anything else.”

He backs up to explain, pointing out that standard syringes cost 3 to 4 cents while smart syringes cost twice as much. “Syringes are commodities. They are made for the lowest cost, and they’re sold with the smallest margin. They’re used as a loss leader for a brand to gain market share,” he says. “Once the brand has that, then they try and sell higher-priced products.”

More residents of the village of Roka in Cambodia, where 272 have tested positive for HIV since late December. Photo: Marc Koska/LifeSaver

More residents of the village of Roka in Cambodia, where 272 have tested positive for HIV since late December. Photo: Marc Koska/LifeSaver

Koska predicts that two things will happen with this WHO mandate. Currently, SafePoint and others in the business of smart syringes account for approximately 2 billion syringes annually — but the WHO mandate will create a global demand of about 16 billion syringes. At first, Koska says that the mandate will create over-demand compared to supply, which will lead to a rise in prices. Manufacturers will react, switching over their production of standard syringes to smart ones, as there is money to be made. At a certain point, supply will catch up and prices will stabilize. Then it will become about which manufacturers can create the most economical design.

SafePoint, which sells about 800 million of its LifeSaver syringes a year, has an idea for how to accelerate this process. “We have 2.5 years left on our syringe patent, and we have 15 years left on our needle patent,” says Koska. “We want factories to apply for a credit against production. They can say, ‘Look, we would make a lot more if we didn’t have to pay you your 4% or 5% royalty, so could you let us off if we invest that in more syringes?’ We’re very happy to allow that royalty to go back into the market rather than to us … It means the policy will get more traction quicker.”

“It’s holistic — it’s the only way we’re going to get this right,” says Koska. “We’ve got to tie all the elements together in one movement to make this a success.”

Koska himself is an unlikely activist. In 1984, he was living in Saint Croix and working as a forensic modelmaker during the advent of AIDS. “There was this huge wave of panic, to the point where on this paradise island, all the restaurants changed over to plastic cutlery and had sprays for the toilet seats,” he says. He happened upon an article in The Guardian that predicted syringes would be a major transmission route for HIV — and realized no one ws working on the problem. And that he could make an impact on the world by stepping up.

He studied the problem for three years, traveling to syringe factories to understand the industry and visiting hospitals to see how nurses gave injections. “I realized that the solution had to be simple and made on existing machinery for the same price,” he says. “There were people out there making much better products, but none of them made it to market because they were just too expensive to manufacture. I made the Ford, not the Rolls Royce.”

Still, it took 14 more years to sell his first syringe — to UNICEF in 2001. He started SafePoint in 2006.

Today, with the WHO announcement, is a big day for Koska. “To see this come around is reasonably emotional,” he says. “It’s the beginning of the next chapter.”

And while Koska plans to remain an evangelist for smart syringes, he has got his eye on the next big problem too: he’s working on a low-cost, low-dose vaccine product. This time, he plans to try a different approach to get to global liftoff moment more quickly. “What I want to do, to not go on another 30-year journey, is give the patent away to the world. I want it to be patronized. I want someone to pay me a small amount of money to give the patent away,” he says. “We’re not saving lives by being competitive.”

He laughs and adds, “I hope that on my gravestone, it says: ‘I did this ten times.’”

Marc Koska spoke at TEDMED 2014 about progress since his TED Talk in 2009. Photo: Courtesy of TEDMED

Marc Koska spoke at TEDMED 2014 about progress since his TED Talk in 2009. Photo: Courtesy of TEDMED

TEDLast night’s Academy Awards: The TED connection

Citizenfour at Oscars 2015

Journalist Glenn Greenwald stands stage center as Citizenfour gets the Oscar for Best Documentary.

TED was well-represented at the 87th annual Academy Awards last night.

Documentary filmmaker Laura Poitras took home the Oscar for Best Documentary Feature for Citizenfour, and brought journalist Glenn Greenwald (watch his TED Talk) onstage with her to accept the award. The film dives into the world of Edward Snowden (watch his Q&A at TED2014), even showing him in the hotel room in Hong Kong where he first revealed his information to Greenwald. “Thank you to Edward Snowden for his courage,” said Poitras in her acceptance speech. “I share this with Glenn Greenwald and the other journalists who are exposing truth.” (Side note: Citizenfour debuts on HBO tonight. Check out Poitras, Greenwald and Snowden’s just-completed AMA about it.)

Later in the evening, John Legend (watch his TED Talk) and Common’s performance of the original song “Glory” received a tearful standing ovation. The song was written for the movie Selma, directed by TEDster Ava DuVernay (read our Q&A with her). While the film lost out to Birdman for Best Picture, it did win the award for Best Original Song. In his acceptance speech, Common reflected on how he and Legend recently performed the song on the famous bridge in Selma where King marched 50 years ago. “This bridge was once a landmark for a divided nation, but now it’s a symbol for change,” he said. To which Legend added, “We wrote this song for a film that was based on events 50 years ago, but we say that Selma is now. The struggle for justice is right now.”

John Legend and Common at Oscars 2015

Common and John Legend accept the award for Best Original Song.

Meanwhile, Eddie Redmayne picked up the award for Best Actor for his portrayal of Stephen Hawking (watch his TED Talk) in The Theory of Everything. “This Oscar belongs to all of those people around the world battling ALS,” he says. “It belongs to one exceptional family — Stephen, Jane, Jonathan and the Hawking children. I promise to be its custodian.” Hawking’s response, posted on Facebook today:

<fb:post href=""></fb:post>

TEDOctopus’s garden: A TED Fellow with a radical approach to saving fisheries

Alastair Harris 1

Eco-entrepreneur Alasdair Harris is passionate about conserving marine biodiversity, and he’s doing it in unusual ways. While most marine conservationists focus on what’s in the water, Harris’ company Blue Ventures works with people in poverty-stricken coastal communities to engage them in rebuilding tropical fisheries and in the process of protecting both their ecosystems and livelihoods. The company’s approach: eco-tourism.

We spoke to Harris about why humanity’s marine conservation efforts to date haven’t worked — and his vision to change that.

How did Blue Ventures get started?

I was studying zoology in 2000, learning about the enormous threats that were wreaking havoc on the world’s coral reefs, which are the rainforests of the ocean. I was already a keen scuba diver, and this got me asking myself: how on Earth can an undergraduate student in Scotland do something meaningful to help tackle the mass extinction that’s taking place beneath the waves?

I set to work raising money to take a group of fellow students to the Indian Ocean to learn more about what was happening, and contribute in some small way to studying these unprecedented changes. My initial focus was on coral reefs in Madagascar, because this part of the Indian Ocean is one of those regions where we just didn’t know what’s there — there’s a huge gap in the literature. Sadly, this is true for many places; we understand tragically little about so much of our oceans, and marine biodiversity is being lost before we even know it exists.

This isn’t just a tragedy for nature. It’s also a critical issue for many of the world’s poorest and most vulnerable people. Almost 1-and-a-half billion of us live around our tropical coasts. Hundreds of millions of these people depend on fishing for survival. Our planet’s so-called small-scale fisheries are anything but small — they’re a lifeline underpinning cultures, food security and livelihoods. So tropical marine conservation isn’t just about conserving marine wilderness to satisfy the curiosity of biologists. It’s a human issue of enormous global importance, at the intersection of food security, conservation, and development. It’s an issue on the front line of climate change.

That first trip was an old-fashioned expedition, funded by Edinburgh University and the Royal Geographical Society, among others. Our goal then was simply — perhaps naively — to put these reefs on the map. But it quickly became apparent that we couldn’t hope to change anything simply by carrying out research. The money was spent and we put together some species lists, but we didn’t achieve anything practical in terms of helping either the reefs or the people that depended on them. The only real winners were those of us getting to dive in these fabulous seas.

This troubled me — it was clear that conservation was about much more than simply indulging a scientific interest in these extraordinary underwater ecosystems. Conservation today is about people, markets and behavioral change. And making change happen requires a totally different approach to simply publishing papers and hoping someone might read them: it means listening to what communities need, developing a deep understanding of local issues — and all that requires a permanent presence and commitment — plus funding for the long haul.

After that first trip, I decided to raise the bar. Each summer for over the next two years, our team went back to the Indian Ocean — to Madagascar and the adjacent republics of Comoros and Tanzania. We raised money during the year as students, running marathons and shaking buckets in the streets of Edinburgh and Oxford.

Madagascar was then recovering from political turmoil following disputed elections in 2002, and there was an overwhelming need to build capacity in the environmental sector. This provided the impetus for me to bite the bullet. It was really just saying, “I’m setting up an organization that will continue the work we’ve started.” That was Blue Ventures. It kicked off the day I left university.

The reef octopus is a cash crop for tens of thousands of subsistence fishers in the Indian Ocean, providing a foot in the door for Blue Ventures' "community catalyst" approach to conservation. Photo: Garth Cripps

The reef octopus is a cash crop for tens of thousands of subsistence fishers in the Indian Ocean. Blue Ventures looks to get them invested in the conservation process. Photo: Garth Cripps

Why did you decide to set up a tourism business to fund conservation programs, rather than just start a conservation organization?

Having the idea was one thing, but finding the means to finance the vision was a whole new challenge. No donor or philanthropic foundation in their right mind would give a 23-year-old support for this kind of vision. So by default I had to look at entrepreneurship. And the solution was there all along. Those expeditions I’d been running were incredible opportunities for people from all walks of life to learn about the ocean, to experience new cultures and the enormous challenges of making conservation work on the ground. We had a business opportunity in our hands. So Blue Ventures Expeditions went live with £500 from my student overdraft, and the business was born.

Since then, we’ve welcomed hundreds of volunteers every year to our field programs around the world. These volunteers contribute to the running costs of our conservation work. They learn to dive with us, play a key role collecting data underwater and participate in our research and outreach work. Crucially, they also provide year-round financial sustainability to the organization, helping keep the lights on as we support a global team of more than 100 conservationists.

Any profits we make get reinvested in the charity, strengthening our conservation programs. It’s this social business that’s provided the catalyst for all our conservation work. We’ve expanded our reach beyond Madagascar — to Malaysia, Fiji and Belize — and we’re launching new country programs later this year.

How does the tourism enterprise work? 

We accept volunteers who want to come and learn about conservation. Say you want a career break, or you want to learn to scuba dive for six weeks, or reboot your career in conservation or development. We even get families looking for a new experience. Each expedition lasts six weeks and involves a series of intensive training programs in diving, marine science and underwater surveying. You then live and work alongside our conservation staff, getting hands-on experience of the issues that we confront on a daily basis, in incredibly remote settings.

Another great thing is the network Blue Ventures has formed. We have an inspiring community of more than 2,000 alumni around the world, all of whom have lived and worked with us for extended periods of time and are very close to the spirit and culture of the enterprise.

Your view of marine conservation today must have been very different 11 years ago.

Absolutely. By approaching conservation as an entrepreneur, the challenges and limitations of “conventional” funding models are made very apparent to us. Marine reserves — areas of ocean protected from fishing, within which ecosystems can recover and help rebuild and replenish fisheries — are the end goal for any marine conservationist. They’re our currency. And given the threats our seas are facing — from overfishing and pollution to climate change — science tells us that we need to be setting aside about 30% of our seas within these marine reserves if we’re to have any hope of safeguarding our seas from the soaring stresses that humankind is unleashing.

But we have some serious problems in reaching that 30% target. Firstly, these conservation zones are typically funded by donors or governments in short-term project cycles, with no real hope of attaining financial sustainability for the protected area. Compounding this is the issue of scale: despite tireless efforts and commitment from thousands of conservationists and marine park managers working for this cause from the Arctic to the Southern Ocean, at best we’re fully protecting barely 1% of our seas. Worse still, the funding available for conservation isn’t growing in any significant way.

For Madagascar's semi-nomadic Vezo communities, fishing is more than a job. On the island's Mozambique Channel coast, fishing is the basis of Vezo cultural identity. Photo: Garth Cripps

For Madagascar’s semi-nomadic Vezo communities, fishing is more than a job. On the island’s Mozambique Channel coast, fishing is the basis of Vezo cultural identity. Photo: Garth Cripps

Secondly, these marine reserves are often promoted from the top down, typically by governments or outside organizations with little consultation with the people that use the sea. Conservation is often “imposed” at the expense of the livelihoods of people who might depend on those same fishing grounds for their survival. So reserves get created and alienate the very people who should be championing their existence. The result is that fishermen and women who have the greatest interest in conservation fight against it. Of course, I’m painting a simplistic picture here, but we have a major problem on our hands: unless we find ways to rally communities behind marine protection, we have no hope of making ocean conservation truly effective or sustainable.

But turn this paradox on its head, and we can also see this as an opportunity. If we can identify ways to deliver meaningful benefits from conservation, then we can mobilize fishing communities — who generally understand the ocean far more deeply than us scientists — to support our efforts to protect that 30%. If we can make conservation work for people, we can rally a global constituency of ambassadors supporting the protection of our seas.

We need to move quickly to identify these incentives if we’re to have any hope of reversing current trends of biodiversity loss. That, in a nutshell, is Blue Ventures’ raison d’ȇtre: we’re seeking those catalysts, and innovating ways to help build grassroots buy-in to marine conservation.

In order to do that, you’ve developed a variety of conservation models on top of your tourism enterprise. Can you tell us about a few?

We focus on ways to help communities manage coastal fisheries to generate real benefits in time frames that work for people. The time frame issue is critical, because an East African fishing village struggling with severe poverty and collapsing fisheries can’t always bear any interruption to fishing. If I’m struggling to find fish to feed my family from one day to the next, a five-year wait for recovery is not something I can afford to consider. Yet this short-term sacrifice is exactly what’s required for fish stocks to recover in a typical marine reserve.

Our earliest work started with an unlikely eight-legged ally — the octopus. It just so happens that in many parts of the Indian Ocean, communities depend heavily on fishing octopi. They are often sold locally to collectors who sell on to international exporters, connecting — for example — women in rural Madagascar to lucrative seafood markets in Italy. Octopi live fast — very fast — and die young, so they are a prime candidate for temporary closure to allow stocks to recover. Reef octopus in Madagascar increase in size exponentially through their 18-month lives: an octopus weighing a few hundred grams today might weigh a few kilograms two or three months from now. So if I’m paid per kilo for what I catch, that’s a strong incentive for me to leave that octopus on the reef for a few months.

So ten years ago, we piloted a temporary closure of a local octopus fishing ground in Madagascar. The 200-hectare site was closed for six months, during which the community continued to fish at other sites. When the fishing ground reopened, people landed octopi larger than anything most had seen before! People talk. Soon neighbors were replicating this model. In a decade, it’s gone viral along hundreds of kilometers of coastline. The idea has crossed borders, inspiring new fishing policy. It has been adapted to other fisheries — most recently crabs and lobsters — in other ecosystems.

By making conservation work for people, Blue Ventures works to mobilize fishing communities to support marine protection. Photo: Garth Cripps

By making conservation work for people, Blue Ventures works to mobilize fishing communities to support marine protection. Photo: Garth Cripps

Most astonishing to us is that these same communities are now interested in much more ambitious conservation interventions — including marine reserves. This would have been unimaginable a decade ago. It’s growing every year — we’re helping communities from countries all over this region share their experiences to learn about the benefits of conservation — learning from fellow fishermen who can empathize with their needs, rather than from outside ecologists like me.

We liken our programs to labs, within which we’re constantly looking for new ways to provide that foot in the door for conservation. For example, we’re helping people diversify economically by establishing aquaculture farms — growing sea cucumbers and seaweed for export to other markets. We’re looking into the feasibility of creating new incentives through carbon markets to help communities protect mangrove forests — critical coastal ecosystems that are being lost faster than any other forest type on Earth. And we’re exploring eco-labeling schemes to create market incentives for sustainability in small-scale African fisheries. We also do work in reproductive health.

How is reproductive health related to marine conservation?

They may seem miles apart at first glance, but in reality they’re intimately linked. When we started working with communities in southwest Madagascar on fisheries management, they challenged us to appreciate the ways that human and ecosystem health are intertwined. Often, conservation groups are the only organizations working in such remote areas — that’s why there’s biodiversity left. But with this isolation, there are often also severe unmet community health needs.

Our partner communities thought that fish stocks would collapse without improved access to family planning, and we saw that we were ideally positioned to address this need. So we responded, and supported local women to provide reproductive health education and services in their villages.

Give women the ability to choose the number and spacing of their births, and everything changes. Since gaining access to family planning, women are becoming more and more involved in fisheries management and sea cucumber farming. The conservation benefits of enabling couples to achieve their desired family size are also huge — our reproductive health services are estimated to have averted more than 1,000 unintended pregnancies to date. Not only does this reduce pressure on coastal resources, it also means couples can invest more in the education of each of their children. It means a wider variety of future livelihood opportunities for them.

All this must take a lot of manpower. How are you organized?

Being a locally embedded business is key to our work. We manage our different country programs from our central office in London, but the majority of our staff is based in our partner villages. We have about 75 staff members in Madagascar — where we have the biggest operation — living across eight or nine villages. These teams serve dozens of villages around each hub.

We base our conservation staff in-country so they become a part of the communities they’re working to serve. This is key: because we live and work in villages, we develop strong community relationships. We are able to listen to people and find out what their challenges are. We don’t fly people in just to advise. This allows us to come up with our creative — sometimes unusual — interventions.

Vezo children on fishing beach within Velondriake, Madagascar's first locally managed marine protected area. Photo: Garth Cripps

Vezo children on a fishing beach in Velondriake, Madagascar’s first locally managed marine protected area. Photo: Garth Cripps

How does fisheries management in a place like Madagascar compare to the UK’s?

What we’ve witnessed in places like Madagascar is nothing short of a local marine conservation revolution; being led by some of the poorest communities on Earth, at a pace and scale that are unprecedented in the Indian Ocean. More than 10 percent of Madagascar’s seabed is now under management by local communities, and the president recently committed to more than triple the country’s marine protected areas.

Contrast this with the situation in my home country, which is one of the richest on Earth. In the UK, my government made a commitment to create a comprehensive network of marine protected areas as a means of rebuilding our seas, after two centuries of industrial overfishing literally pulverised our seabeds and stripped our waters of the prolific fisheries that once supported thriving coastal economies.

Five years after the British marine act came into force, governmental cowardice gave in to industry lobbying against marine protection. Not one of the 127 proposed marine conservation zones has received any actual protection. That’s how little regard we have for our seas, and the communities that depend on them. In the UK, our government consistently disregards the interests of our largely sustainable small-scale fleet in favor of satisfying the commercial greed of destructive industrial fleets. The great irony here is that these same fishing industry bodies fighting against conservation stand to benefit the most from the protection of our seas and the recovery of life beneath the waves.

Does your work attract controversy from the scientific “establishment?”

It’s incredibly important that we remain open to scrutiny from our scientific colleagues, since we still have so much to learn. For example, fisheries scientists might be concerned that the method of temporary closures damages the resource, or that it has a negative impact on the supply chain. Conservationists might question whether the surge in fishing effort after one of these closures is reopened will have a negative impact on that stock, or on other species. So we evaluate everything we’re doing rigorously. We have a lot of scientists on our team — everything has to be thoroughly tested and, wherever possible, published. We have no problem opening our data books to new partners. Validation is a key part of taking our work to scale.

What is your ultimate message?

My message is: find a way to make conservation work for people, and it will run with itself. Any other model is not going to work at the scale we need. What we’re trying to achieve at Blue Ventures is to demonstrate that conservation, when it makes sense to people, can achieve a far greater scale than anyone’s ever imagined — and in the process fund itself. Given the enormous threats we’re facing today, we’re delusional if we think we’re going to be able to safeguard our seas with the existing pot of money available. We need a radically new approach to the way we’re engaging people in protecting our natural environment.

I’d love to see our approach of promoting integration across conservation, health and development continue to grow. I want to get to the point that when someone says, “I’m a conservationist,” no one assumes they’re a biologist. He or she could just as well be a journalist, an economist, a teacher, a policy expert, a lawyer, a midwife, or a human rights activist.

Perhaps Blue Ventures’ most significant contribution to conservation has been in demonstrating that integrative, market-based entrepreneurial approaches to conservation are not just highly effective — they’re essential.

Alastair Harris 2

Alasdair Harris speaks at TEDGlobal 2014. Photo: Ryan Lash/TED


TEDDrew Curtis of is running for governor of Kentucky. How a TED Talk inspired his campaign—and why he hopes it’ll inspire you too

Drew Curtis is running for governor of Kentucky, to see if he can TK. His running mate is his wife, Heather Curtis,  TK of Fark. Photo: Courtesy of Drew Curtis

Drew Curtis is running for governor of Kentucky, to see if he can end “the vicious cycle of influence money in politics.” His running mate is his wife, Heather Curtis, COO of Fark. 

Drew Curtis is not a politician. The curator of, the legendary online community of news jokes and funny Photoshops, he proudly proclaims this fact on homepage of his latest website. This declaration is only surprising because, just a few inches above, the intention of the website is revealed: “Drew Curtis for Governor.”

See, politics have long irked Curtis. On Fark, he found himself having the same conversations over and over again that so many of us have — why does the political system seem so broken? why is heading to the polls always a choice between two mediocre options? One night in 2010, Curtis even deleted the “politics” tab on Fark, because the arguments there just felt so pointless and interminable.

Then last year, as he wrote on the site, “A friend challenged me: People who are capable of running for office and winning have no right to complain about the system when they have the ability to change it.”

Which is why Curtis — who gave a hilarious TED Talk three years ago on how to beat a patent troll — decided that he was going to run for the governor of Kentucky with his wife, Heather Curtis, Fark’s COO, as his running mate.

Curtis’ ambition isn’t just the governor’s mansion. No, he wants to take on a political system that makes politicians beholden to large donors, at the expense of the people they govern. It’s a mission sparked by another TED Talk, from political activist Larry Lessig — and Curtis hopes that his campaign will become a blueprint for others who want to try this. We called Curtis at his home in Kentucky to find out more.

What inspired you to run for governor?

It was a number of things: mostly a general dislike for the type of candidates that we’ve gotten, and a wondering if there are better ways to do this. I’m a pattern guy, and one of the patterns I realized was: political parties are really just 19th-century social networks. In a pre-technology society, how else would anybody find out about you if you didn’t have the backing of an organization that could get the word out? But the rules have changed. The parties and the media are not the gatekeepers of influence anymore.

Another piece that came into play: Larry Lessig’s talk on the influence of money on politics. I was there when he gave the talk and I just hadn’t really thought about the the fact that there are so few people donating so much money [to political campaigns] before. Lessig nailed it. And now we have issues like net neutrality — which should not be a partisan issue at all — becoming highly polarized, mainly because telecoms needed to buy the legislature. Watching that shift happen bothered me. What chance is there that we are going to have politicians that can take a good, hard look at legislation and make a research- or data-driven decision? The way it works now is: here’s a bill, check my donor list, vote accordingly. Whether it’s good for the public never even comes into the conversation.

I talked to [Larry] briefly after his talk, and have spoken with him a couple of times since. I thought it was interesting that he wasn’t considering [a run] at a state level. One of the reasons why I’m shooting for governor is because as a legislator who is anti-influence money, you’re just one person out of however many. But if you are an executive who is anti-influence money, you can shut everything down immediately.

What would data-driven decisions look like in practice?

The way you do it is: Step one, recognize your bias, and put that aside for a second. Step two, examine both sides of the issue, and see what data is available. Step three, look at who put out the data and pick out the bad math. Take a look at every issue. It’s unlikely that there are going to be obvious solutions. But what I would do is look around at other states and say, “Hey, has anybody got anything that worked on public/private partnerships for planning infrastructure?” We don’t have to come up with things in a vacuum. Rather than conjecture about what would be best, let’s look around and see what’s worked.

Now, I know that this is a really weird pitch. Political junkies don’t know how to deal with this framework at all.


You’ve said that you wanted to retool the executive branch to better interface with customers. What are some ways that could work?

I’ll give you an example — a friend of mine was recently talking about retail theory. It’s insane: when they send out clothes, it comes with a packing list that says exactly what order to stack up the stuff when you unpack it. They’ve figured out, based on algorithms, how to predict demand. I was thinking: how you could apply that to government? You could start predicting a really busy day at the DMV, and then staff up or down accordingly.

Another example: Instead of having to go down and get my car registration renewed with cash or a check, let’s have the government hold a credit card on file that they could just run every year and mail me the registration. Then the 10% of people who don’t have access to technology that allows them to do that will get better assistance when they show up, because the lines will be a lot shorter.

We could go down the row with these little, tiny, easy ideas. Another one: I want to talk to companies that have franchises. They use algorithms to determine where they’re going to put their next restaurant, and they are not just looking at right now but how things will be in five years. I would like to ask, “What are you seeing? Who just missed the cut? Is there something the government could do?” If they have the data, they might share it. We do not have to reinvent the wheel.

I’m so tired of politicians using air quotes when they use the word internet. This technology is 30 years old now — it’s so ubiquitous, my kids think of it as air. We have a generation like that coming up, and we need to start thinking about improving the little things. I would like to make 10,000 small changes. That will make a huge difference in the way that people interface with the government.

How long have you lived in Kentucky?

I was born and raised here. I went away to college, but then I ended up taking a summer job here that lasted six months. Then I started my business.

The nice thing about being in Kentucky is that we don’t have to be number one — for the most part, we’re 45th in everything, so there’s lots of room for improvement.

Kentucky is a state that has a lot of stereotypes attached to it. What would you like to show the country about your state?

It’s more progressive than you think. Lexington just re-elected an openly gay mayor, and that issue was not even mentioned once by either of his opponents. I describe the people here as ‘accidentally progressive.’ People will say they’re conservative, but when you talk to them, they more or less aren’t. I’m not saying that they’re super liberal, but you can tell somebody from Kentucky, “Here’s a thing we should try — it makes sense.” And they want to see what happens. 

I’ve been advocating for Kentucky in Silicon Valley for years now. We have an abundance of engineering talent here that would love to get involved in startups. I’ve been telling people to open up satellite offices here — we’ve got mountains, nature, a low cost of living. My venture capitalist and TED friends are more or less convinced, so it just seems like success waiting to happen.


How has being part of the TED community influenced your decision to run for office?

It made me think I was capable of doing this. Being at TED, around all these amazing people, you just sort of think, “Why not?” There are all these people who do awesome things for a living, and suddenly I can call out to this network and ask, “Hey, does anybody know anything about _____?” It connects you to thought leaders who have no political axe to grind and really just want to solve problems.

If you’re elected Governor, anything you would change about patent law?

Oh, yeah—definitely.

What will make Heather Curtis an excellent lieutenant governor?

To give you an anecdotal answer, I have a friend who I met at TED who has been very much against [my running] the entire year — until he found out that Heather was going to be my lieutenant governor. Then he was like, “Wow, actually this could work.”

Everybody who knows us gets it. She’s been Fark’s COO for 16 years, and we work in tandem on strategy and execution. She is detail and ops, so it just made sense for her to run with me, considering that she was likely to be doing that job behind the scenes anyhow. So far, she’s been great in making sure that I’m on track and staying focused. We’re just a really good two-person team.

Tell us more about your idea of building a blueprint that other people can use to run for office. How are you making this replicable?

I’m going to do campaign speeches, and keep updating people on where we’re at. Surprisingly, once you’ve filed, it’s rather smooth. But before you get to that stage, there are lock-outs at many levels. For example, I have to produce 5,000 signatures by August — Democrats and Republicans in the race don’t have to do that.

Then there’s a lock-out on the media level. A lot of people have said to me, “I’ve thought about [running], but I have too many skeletons in my closet.” When I ask them what they are, nine times out of ten it’s not a showstopper. It’ll be, “Oh, there are photos of me in my fraternity.” Everybody has something like that. We need to redefine what an actual skeleton in the closet is, because I think this concept is being used as a lock-out tool to scare people from getting involved unless they’ve come through the traditional channels.

But the biggest lock-out I’m going to have to figure out is: how do you fundraise for a campaign that is burning all chance of getting influence money? I don’t want influence money because I don’t want to be influenced — but that’s 90% of the money a campaign raises. How do you navigate around that?

If you told your teenage self that you were running for governor, what would he have said?

I just had my 20th high school reunion, and everybody there said they were not surprised. So I don’t know if my teenage self would’ve predicted it, but my high school classmates would have. My teenage self would probably wonder how I reached this decision, because it wasn’t something I wanted to do all along. It’s still only something I only want to do if I can do it my way. 

I got a long, unsolicited advice note from somebody in politics recently, and there were so many bullet points that I was just slapping my forehead. The first one was: never admit you don’t know the answer to a question. That rubs me the wrong way, because I don’t know the answer to a lot of questions.

I’m still out there in the theory-space right now. I’m planning on doing this completely against the rule book. So what exactly is it that I should be doing instead? I’ve got ideas, but if anybody who reads this has thoughts, I would love to hear them.

Krebs on SecurityFBI: $3M Bounty for ZeuS Trojan Author

The FBI this week announced it is offering a USD $3 million bounty for information leading to the arrest and/or conviction of one Evgeniy Mikhailovich Bogachev, a Russian man the government believes is responsible for building and distributing the ZeuS banking Trojan.

Bogachev is thought to be a core architect of ZeuS, a malware strain that has been used to steal hundreds of millions of dollars from bank accounts — mainly from small- to mid-sized businesses based in the United States and Europe. Bogachev also is accused of being part of a crime gang that infected tens of millions of computers, harvested huge volumes of sensitive financial data, and rented the compromised systems to other hackers, spammers and online extortionists.

So much of the intelligence gathered about Bogachev and his alleged accomplices has been scattered across various court documents and published reports over the years, but probably just as much on this criminal mastermind and his associates has never seen the light of day. What follows is a compendium of knowledge — a bit of a dossier, if you will — on Bogachev and his trusted associates.

I first became aware of Bogachev by his nickname at the time –“Slavik” — in June 2009, after writing about a $415,000 cyberheist against Bullitt County, Kentucky. I was still working for The Washington Post then, but that story would open the door to sources who were tracking the activities of an organized cybercrime gang that spanned from Ukraine and Russia to the United Kingdom.

Yevgeniy Bogachev, Evgeniy Mikhaylovich Bogachev, a.k.a. "lucky12345", "slavik", "Pollingsoon". Source: "most wanted, cyber.

Yevgeniy Bogachev, Evgeniy Mikhaylovich Bogachev, a.k.a. “lucky12345″, “slavik”, “Pollingsoon”. Source: “most wanted, cyber.

Not long after that Bullitt County cyberheist story ran, I heard from a source who’d hacked the Jabber instant message server that these crooks were using to plan and coordinate their cyberheists. The members of this crew quickly became regular readers of my Security Fix blog at The Post after seeing their exploits detailed on the blog.

bullittcar-thumb-250x110They also acknowledged in their chats that they’d been in direct contact with the Zeus author himself — and that the gang had hired the malware author to code a custom version of the Trojan that would latter become known as “Jabberzeus.” The “jabber” part of the name is a reference to a key feature of the malware that would send an Jabber instant message to members of the gang anytime a new victim logged into a bank account that had a high balance.

Here’s a snippet from that chat, translated from Russian. “Aqua” was responsible for recruiting and managing a network of “money mules” to help cash out the payroll accounts that these crooks were hijacking with the help of their custom Jabberzeus malware. “Dimka” is Aqua’s friend, and Aqua explains to him that they hired the ZeuS author to create the custom malware and help them troubleshoot it. But Aqua is unhappy because the ZeuS author declined to help them keep it undetectable by commercial antivirus tools.

dimka: I read about the king of seas, was that your handiwork?

aqua: what are you talking about?

dimka: zeus

aqua: yes, we are using it right now. its developer sits with us on the system

dimka: it seems to be very popular right now

aqua: but that fucker annoyed the hell out of everyone. he refuses to write bypass of [anti-malware] scans, and trojan penetration is only 35-40%. we need better

aqua: read this. here you find almost everything about us

aqua: we’re using this [custom] system. we are the Big Dog. the rest using Zeus are doing piddly crap.

Days later, other members of the Jabberzeus crew  were all jabbering about the Bullitt County cyberheist story. The individual who uses the nickname “tank” in the conversation below managed money mules for the gang and helped coordinate the exchange of stolen banking credentials. Tank begins the conversation by pasting a link to my Washington Post story about the Bullitt County hack. That is about us. Only the figures are fairytales. This was from your botnet account. Apparently, this is why our hosters in service rejected the old ones. They caused a damn commotion. I have already become paranoid over this. Such bullshit as this in the Washington Post. I almost dreamed of this bullshit at night. He writes about everything that I touch in any manner…Klik Partners, ESTHost, MCCOLO… Now you are not alone.  Just 2 weeks before this I contacted him as an expert to find out anything new. It turns out that he wrote this within 3 days. Now we also will dream about him.

In a separate conversation between Tank and the Zeus author (using the nickname “lucky12345″ here), the two complain about news coverage of Zeus:

tank: Are you there?

tank: This is what they damn wrote about me.

tank: [pasting a link to the Washington Post story]

tank: I’ll take a quick look at history

tank: Originator: BULLITT COUNTY FISCAL Company: Bullitt County Fiscal Court

tank: Well, you got it from that cash-in.

lucky12345: From 200k?

tank: Well, they are not the right amounts and the cash out from that account was shitty.

tank: Levak was written there.

tank: Because now the entire USA knows about Zeus.

tank: :(

lucky12345: It’s fucked.

After the Bullitt County story, my source and I tracked this gang as they hit one small business after another. In the ensuing six months before my departure from The Post, I wrote about this gang’s attacks against more than a dozen companies in the United States.

By this time, Slavik was openly selling the barebones ZeuS Trojan code that Jabberzeus was built on to anyone who could pay several thousand dollars for the crimeware kit. There is evidence he also was using his own botnet kit or at least taking a fee to set up instances of it on behalf of buyers. In late 2009, security researchers had tracked dozens of Zeus control servers that phoned home to domains which bore his nickname, such as, slavik1[dot]com, slavik2[dot]com, slavik3[dot]com, and so on.

On Dec. 13, 2009, one of the Jabberzeus gang’s money mule recruiters –a crook who used the pseudonym “Jim Rogers” — somehow intercepted news I hadn’t shared beyond a few trusted friends at that point: That the Post had eliminated my job in the process of merging the newspaper’s Web site with the dead tree edition. The following is an exchange between Jim Rogers and the above-quoted “tank”.

jim_rogers@<wbr></wbr> There is a rumor that our favorite (Brian) didn’t get his contract extension at Washington Post. We are giddily awaiting confirmation :) Good news expected exactly by the New Year! Besides us no one reads his column :) Mr. Fucking Brian Fucking Kerbs!

I continued to write about new victims of this gang even as I was launching this blog, and in the first year I profiled dozens more companies that were robbed of millions. I only featured victims that had agreed to let me tell their stories. For every story I wrote, there were probably 10-20 victim organizations I spoke with that did not wish to be named.

By January 2010, Slavik was selling access to tens of thousands of hacked PCs to spammers, as well as large email lists from computer systems plundered by his malware. As I wrote in the story, Zeus Trojan Author Ran With Spam Kingpins, Slavik was active on multiple crime forums, not only finding new clients and buyers for his malware, but for the goods harvested by his own botnets powered by ZeuS.

jabberzeuscrewEight months later, authorities in the United Kingdom arrested 20 individuals connected to the Jabberzeus crime ring, and charged 11 of them with money laundering and conspiracy to defraud, including Yevhen “Jonni” Kulibaba, the ringleader of the gang, and Yuri “JTK” Konovalenko.

In conjunction with that action, five of the gang’s members in Ukraine also were detained, but very soon after released, including the aforementioned Vyacheslav “Tank” Penchukov and a very clever programmer named Ivan “petr0vich” Klepikov.  More details about these two and others connected with the Jabberzeus crew is available from this unsealed 2012 complaint (PDF) from the U.S. Justice Department.

Unsurprisingly, not long after the global law enforcement crackdown, Slavik would announce he was bowing out of the business, handing over the source code for Zeus to a hacker named “”Harderman” (a.k.a. “Gribodemon”), the author of a competing crimeware kit called SpyEye (25-year-old Russian man Alexsander Panin pleaded guilty last year to authoring SpyEye).

Near as I can tell, Slavik didn’t quit developing Zeus after the code merger with SpyEye, he just stopped selling it publicly. Rather, it appears he began developing a more robust and private version of Zeus.

Ivan "petr0vich" Klepikov, in an undated photo from his LiveJournal blog.

Ivan “petr0vich” Klepikov, in an undated photo from his LiveJournal blog.

By late 2011, businesses in the United States and Europe were being hit with a new variant of Zeus called “Gameover” Zeus, which used the collective, global power of the PCs infected with Gameover Zeus to launch crippling distributed denial-of-service (DDoS) attacks against victims and their banks shortly after they were robbed.

In late March 2012, Microsoft announced it had orchestrated a carefully planned takedown of dozens of botnets powered by ZeuS and SpyEye. In so doing, the company incurred the wrath of many security researchers when it published in court documents the nicknames, email addresses and other identifying information on the Jabberzeus gang and the Zeus author.

A few months later, the Justice Department officially charged nine men in the Jabberzeus conspiracy, including most of the above named actors and two others — a money mover named Alexey Dmitrievich Bron (a.k.a.”TheHead”) and Alexey “Kusanagi” Tikonov, a programmer from Tomsk, Russia. Chat records intercepted from the server that this crew used for its Jabber instant message communications strongly suggest that Bron and Penchukov (“Tank”) were co-workers in Donetsk, Ukraine, possibly even in the same building.

In June 2014, the U.S. Justice Department joined authorities in many other countries and a large number of security firms in taking down the Gameover ZeuS botnet, which at the time was estimated to have infected more than a million PCs.

It’s nice that the Justice Department has put up such a large bounty for a man responsible for so much financial ruin and cybercrime. Kulibaba (“Jonni”) and his buddy Konovalenko (“Jtk0″) were extradited to the United States. Unfortunately, the rest of the Jabberzeus crew will likely remain free as long as they stick within the borders of Ukraine and/or Russia.


Cryptogram"Surreptitiously Weakening Cryptographic Systems"

New paper: "Surreptitiously Weakening Cryptographic Systems," by Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart.

Abstract: Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number of historical examples to drive development of a weaknesses taxonomy. This allows comparing different approaches to sabotage. We categorize a broader set of potential avenues for weakening systems using this taxonomy, and discuss what future research is needed to provide sabotage-resilient cryptography.

Worse Than FailureCodeSOD: The Address Shuffle

The best thing about being a consultant, in Ashleigh's opinion, was that you got to leave at the end of a job- meaning you never had to live with the mistakes your pointy-haired supervisor forced on you.

August 1970 DETAIL ORNAMENTED MAILBOX - Morris-Butler House, 1204 North Park Avenue, Indianapolis, Marion County, IN HABS IND,49-IND,9-13

This client, an online retailer, just needed an update to their Web.release.config file to resolve their session-management issue. Ashleigh had been hired for a two-week contract, and on Wednesday of week two, the fix went live. Of course, she wouldn't get paid if she didn't manage to look busy, so Thursday morning, she was scrambling for a quick fix to add to the pile.

That's when Betsy, the manager, popped by the temp cube. "Hey, I just got some new code from the offshore team. Mind taking a look at it?"

Normally, Ashleigh would decline such a dubious honor; today, however, it seemed easier than digging at the growing pile of minor defects, so she agreed. The method in question was meant to eliminate blank lines in the middle of the address on an invoice, because it "looked weird" to the accounting department.

Sure, whatever, Ashleigh thought. Dubious cost-savings were hardly unusual in a company that offshored their main development team and paid Ashleigh's exorbitant fees to clean up after them.

private string FormatAddress(Address address)
  if (address.Line1 == null or address.Line1 == "")
    address.Line1 = address.Line2;
    address.Line2 = address.Line3;
    address.Line3 = address.City;
    address.City = address.PostalCode;
    address.PostalCode = address.Country;
    address.Country = null;

  if (address.Line2 == null or address.Line2 == "")
    address.Line2 = address.Line3;
    address.Line3 = address.City;
    address.City = address.PostalCode;
    address.PostalCode = address.Country;
    address.Country = null;

  if (address.Line3 == null or address.Line3 == "")
    address.Line3 = address.City;
    address.City = address.PostalCode;
    address.PostalCode = address.Country;
    address.Country = null;

  if (address.City == null or address.City == "")
    address.City = address.PostalCode;
    address.PostalCode = address.Country;
    address.Country = null;

  if (address.PostalCode == null or address.PostalCode == "")
    address.PostalCode = address.Country;
    address.Country = null;

  return address.Line1 + "<br />" +
         address.Line2 + "<br />" +
         address.Line3 + "<br />" +
         address.City + "<br />" +
         address.PostalCode + "<br />" +

The best part, Ashleigh mused as she skimmed over the code for a third time, is that it fails miserably at its goal. It always returns the same number of lines. And if both lines 2 and 3 are empty- probably the majority case- it still leaves a gap in between.

A moment's browsing of the rest of the codebase revealed an even better part: it modified the fields on the address, leading to odd validation bugs later on when the city (which might contain the postcode now, or even the country) or postcode were used.

"My recommendation?" Ashleigh typed into an email she knew she wouldn't send. "Fire the offshore team altogether. Or at least stop paying them by the line."

<link href="" rel="stylesheet"/> <script src=""></script> <script>hljs.initHighlightingOnLoad();</script>
[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Planet Linux AustraliaClinton Roy: clintonroy

Bit of an odd day today.

Physio appointment in the morning, specifically looking at my right forearm, I was concerned I was seeing the initial stages of RSI, but the physio relieved those anxiety’s at least. They physio used dry needles to  settle down the muscle that was acting up, that was a first and quite an interesting experience.

Next up I went out to the UQ Market day to rendezvous with the UQCS club, to give them some pamphlets describing PyCon Australia  and Humbug a little. Most of our volunteers last year were UQ students, and I’d be delighted if that were the case again this year.

I’ve ended up with a headache at the end of the day, maybe because I didn’t have any coffee till after lunch?

Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

Walked to work.

While doing some conference stuff, discovered that I hate printers. It took something like an hour to print out two pages of basic text and one image. Whatever pdf version every tool was spitting out, was not handled at all well by either printer.

Filed under: Uncategorized

Planet Linux AustraliaClinton Roy: clintonroy

Did not walk in today.

Did go and see _Juptier Ascending_ which I really quite liked. If the main baddy wasn’t so completely over the top, I would have quite enjoyed it.

Filed under: diary

Planet DebianPetter Reinholdtsen: The Norwegian open channel Frikanalen - 24x7 on the Internet

The Norwegian nationwide open channel Frikanalen is still going strong. It allow everyone to send the video they want on national television. It is a TV station administrated completely using a web browser, running only Free Software, providing a REST api for administrators and members, and with distribution on the national DVB-T distribution network RiksTV. But only between 12:00 and 17:30 Norwegian time. This has finally changed, after many years with limited distribution. A few weeks ago, we set up a Ogg Theora stream via icecast to allow everyone with Internet access to check out the channel the rest of the day. This is presented on the Frikanalen web site now. And since a few days ago, the channel is also available via multicast on UNINETT, available for those using IPTV TVs and set-top boxes in the Norwegian National Research and Education network.

If you want to see what is on the channel, point your media player to one of these sources. The first should work with most players and browsers, while as far as I know, the multicast UDP stream only work with VLC.

The Ogg Theora / icecast stream is not working well, as the video and audio is slightly out of sync. We have not been able to figure out how to fix it. It is generated by recoding a internal MPEG transport stream with MPEG4 coded video (ie H.264) to Ogg Theora / Vorbis, and the result is less then stellar. If you have ideas how to fix it, please let us know on frikanalen (at) We currently use this with ffmpeg2theora 0.29:

./ffmpeg2theora.linux <OBE_gemini_URL.ts> -F 25 -x 720 -y 405 \
 --deinterlace --inputfps 25 -c 1 -H 48000 --keyint 8 --buf-delay 100 \
 --nosync -V 700 -o - | oggfwd 8000 <pw> /frikanalen.ogv

If you get the multicast UDP stream working, please let me know, as I am curious how far the multicast stream reach. It do not make it to my home network, nor any other commercially available network in Norway that I am aware of.

Rondam RamblingsAn AT&T service nightmare

It's unfortunate that nowadays the only way to motivate big companies to provide even a minimally acceptable level of customer service is to resort to public shaming.  I am in the midst of the most nightmarish catch-22 scenario I have ever experienced in my life (and that is saying something because our cable provider is Comcast.)  The situation is so complicated I hardly know where to begin.


TEDThe TED2015 speaker lineup revealed

TED2015-speakerannouncement correctThe phrase “truth or dare” is a false binary — facing the truth often requires daring action, and vice versa. That’s why, at TED2015: Truth and Dare, the two go hand-in-hand. TED2015 happens March 16-20 in Vancouver and Whistler, and we dare to think this will be the most provocative, invigorating, mind-shifting TED yet.

The 58 speakers on our lineup (soon to be joined by a few more) will be questioning received wisdom in search of deeper truth, richer understanding, better questions — and sharing their visions with us. Who has the ideas that will create a future we actually want? They’re out there. And we need to hear from them like never before.

Visual thinkers, check out our program guide of speakers. And for the completists among you, read much more about each speaker in our A to Z speaker guide. And stay tuned to the TED Blog for full coverage of the conference as well as behind-the-scenes goodies.

Session 1: Opening Gambit

We start with a session all about reframing the things we think we know.

As the Prime Minister of Australia, Kevin Rudd helped keep the country out of a recession. Now, he studies alternative paths for US-China relations, and has come to an ominous conclusion: conflict is on the horizon.

David Rothkopf is the CEO and Editor of FP Group, which owns Foreign Policy, and the author of the book National Insecurity. He helps people navigate the complexities of our geopolitical landscape — and find opportunities within them.

The CEO of Carbon3D, Joseph DeSimone has made breakthrough contributions to the field of 3D printing.

Two saxophone players and a drummer, Moon Hooch whip up a raw, infectiously danceable sound..

Marina Abramović’s iconic performance art explores the relationship between the artist and audience. She’s been cut, burned, and nearly shot — but her boldest work yet is an institute dedicated to transformation through art.

Session 2: What Are We Thinking?

A look at how we perceive the world and how we can transcend our assumptions …

Cognitive researcher Laura Schulz is helping change our understanding of what babies know — and how early they know it.

After a severe head injury, Jason Padgett began to see the world as a web of complex shapes. His eye-popping geometric drawings capture this unique perspective.

Our visual perception has been guided by millions of years of natural selection. Donald Hoffman studies how this influences every aspect of our everyday reality.

Daniel Kish is a pioneer of human echolocation, a sound-based tool that gives visually impaired people a new way to know — and navigate — their surroundings.

David Eagleman decodes the mysteries of our brains. “Somehow our thoughts, our hopes, and our dreams are contained in these three pounds of wet biological material,” he has said.

Session 3: Machines That Learn

Explore the possibilities of artificial intelligence, and how it could transform … pretty much everything.

Fei-Fei Li directs Stanford’s Artificial Intelligence Lab and Vision Lab. There, she thinks about some of AI’s thorniest problems — like how machines can develop language processing and image recognition.

Through his startup Second Spectrum, Rajiv Maheswaran uses data analysis tools to help basketball teams up their game.

Chris Urmson develops self-driving cars that thrive in both urban and off-roading environments. As the Director of Self-Driving Cars at Google[x], his team has developed cars that have driven over three quarters of a million miles.

Mathematician and code breaker Jim Simons had already revolutionized geometry when he founded Renaissance hedge fund. Now he is mastering yet another field: philanthropy.

At Oxford’s Future of Humanity Institute, Nick Bostrom asks big questions. For example: What does it mean to be human? And can we improve our human nature with technological enhancements?

Abe Davis is a creator of the “visual microphone,” an algorithm that takes the vibrations of ordinary objects in video footage — say, a potato chip bag — and extracts the audio track of what’s going on around them.

Session 4: Out of This World

In this session, space-enthusiasts will travel to Mars, exoplanets and Comet 67P/Churyumov-Gerasimenko.

Sara Seager’s research led to the discovery of the first planet outside our solar system with an atmosphere. She is now on the hunt for a twin Earth.

As manager of the Rosetta mission — which landed a probe on a comet — Fred Jansen is in charge of a project that could be instrumental in uncovering clues to the origins of life on earth.

Nathalie Cabrol explores one of Earth’s most extreme environments: high-elevation lakes and deserts in the Andes. She does this to research technologies for future missions to Mars.

Writer and technologist Stephen Petranek looks at what is emerging, and predicts which breakthroughs will become fixtures of our future lives.

In October of 2014, Alan Eustace leapt to earth from the edge of the stratosphere wearing only a spacesuit. In the process, he broke Felix Baumgartner’s record — and might just have revolutionized the commercial space industry.

Session 5: Life Stories

The speakers in this session have led the kind of lives that would make tremendous biopics.

Journalist Anand Giridharadas, author of the book The True Americanwrites about people and cultures caught amid the great forces of our time.

Dame Stephanie Shirley used to go by “Steve.” Because when she launched her software company in 1962, people were more likely to respond to a man than to a woman.

She’s invented satellite radio, developed life-saving drugs and is working on digitizing the human mind. Martine Rothblatt has a knack for turning visionary ideas into commonplace technology.

Another special surprise speaker

Ten years ago, Dave Isay founded StoryCorps, an initiative to archive interviews of everyday people. The 2015 TED Prize winner, he has a bold wish for the world to take the art of listening to the next level.

Session 6: Radical reframe

Yes, nature has laws. But in this session, we’ll rethink many of them.

Pamela Ronald develops rice that will resist disease and withstand major environmental stress. She embraces both sustainable agricultural practices and genetically improved seeds, with an eye toward enhancing food security.

Nicknamed “scary disease girl,” Maryn McKenna investigates drug-resistant diseases and other terrifying public health challenges. Her new book takes a look at the relationship between food production and antibiotics.

The author of The Emperor of Maladies, Siddhartha Mukherjee wrote a 4,000-year biography of cancer. He also works to discover the link between stem cells and malignant blood disease.

Lawyer Steven Wise seeks to grant cognitively advanced animals fundamental rights, by challenging our notions of “personhood.”

At his startup Magic Leap, Rony Abovitz aims to create magical digital experiences that integrate with the real world when you don a special set of glasses.

Session 7: Creative Ignition

From the products in your home to films that keep you on the edge of your seat, creativity in its many forms.

Tony Fadell created the iPod for Apple and, with Nest, is taking aim at technology’s most elusive targets: household appliances.

Manuel Lima is interested in humanity’s long history of visualizing information — from the tree diagram’s development in the 12th century to the big data artists of today.

From big-screen classics like A Beautiful Mind and Apollo 13 to small-screen favorites like 24, Arrested Development and Empire, producer Brian Grazer fuels his cinematic creations with his insatiable curiosity.

Dustin Yellin’s sculptures are three-dimensional collages suspended in glass. Through Pioneer Works, his mammoth Brooklyn art center, he’s nourishing new voices in the art world.

Daredevil Chuck Berry wasn’t a pioneer of rock n’ roll — but he was the first person to skydive using only a tent. He also BASE jumps, wingsuits and hang-glides, and was winner of our public callout for a talk on how wearable cameras are changing adventure.

Rodrigo y Gabriela fuse metal, jazz and Latin guitar into an exhilarating cocktail of virtuoso musicianship.

Session 8: Pop-Up Magazine

For this session, we’ve handed over curation to Pop-Up Magazine, a fast-paced event that mashes up stories, film, art and sound.

Stacey Baker, photo editor at The New York Times Magazine, works with photographers all over the world to shape images for the weekly publication.

Minna Choi is the founder and music director of Magik*Magik Orchestra, a made-to-order orchestra that has ranged in size from a single violinist to a 80-piece symphony and choir.

With his production company Ten Cent Adventures, Paul Fischer makes short, smart films — and the feature documentary Radioman.

Dana Goodyear is a staff writer at The New Yorker, where she writes about food, culture and technology in the West. She co-founded Figment, an online literary community for young-adult fiction lovers.

Documentary filmmaker Sam Green’s latest, The Measure of All Things, comes complete with in-person narration and a live soundtrack. His unconventional films also include a cinematic collaboration with indie rock band, Yo La Tengo.

Suki Kim‘s investigative memoir, Without You, There Is No Us: My Time with the Sons of North Korea’s Elite, chronicles her six months undercover reporting from North Korea.

In their NPR Morning Edition segment Hidden Kitchens, Davia Nelson and Nikki Silva aka The Kitchen Sisters — take us to secret, unexpected cooking spaces across the United States. These radio producers are dedicated to building community through storytelling.

Dawn Landes is a singer-songwriter whose thoughtful music is popular with television music supervisors, thanks to her supple voice and restless imagination.

Known for his insightful writing, Alexis Madrigal is the Silicon Valley Bureau Chief for Fusion, and the author of Powering the Dream: The History and Promise of Green Technology.

Latif Nasser directs research at NPR’s Radiolab, where he has reported on topics that range from snowflake photography to 16th-century self-operating machines.

A writer and contributing editor at Wired, Steve Silberman covers science and society. His newest book explores neurodiversity and the link between autism and genius.

Photographer Alec Soth’s projects capture the landscape of Middle America — and the dreams and heartache contained within them.

Anand Varma‘s photos tell the story behind the science on everything from primate behavior and hummingbird biomechanics to amphibian disease and forest ecology.

Session 9: Just and Unjust

Tough realities — human trafficking, gang violence, bullying — and insight for how we can break through them.

Through the International Justice Mission, Gary Haugen fights the global epidemic of everyday violence against the poor, rescuing victims of slavery, trafficking and more.

Journalist Noy Thrupkaew reports on human trafficking and the economics of exploitation through the lens of labor rights.

Sarah Jones is a chameleon on-stage, morphing between roles at a rapid clip. Offstage, she wears just as many hats — as a UNICEF ambassador, firebrand and FCC-fighting poet.

Jeffrey Brown is a Baptist minister who was a key player in the “Boston miracle” that lowered the rate of youth crime and gang violence.

Monica Lewinsky was at the epicenter of a media maelstrom in 1998. Now, she advocates for a safer and more empathic social media environment, drawing from her unique experiences.

Session 10: Building from Scratch

These makers are rethinking the way we create.

Fire played a big role in building earth’s ecosystems and cultures. Historian Stephen Pyne traces how our relationship to fire has changed over time — and the catastrophic dangers we face due to short-sighted fire management.

Lewis Dartnell is a science writer who imagined how humans could rebuild civilization after a global catastrophe in his book, The Knowledge. Also an astrobiologist, his research focuses on the hunt for microbial life on Earth’s neighboring planets.

Neri Oxman’s approach is called “Material Ecology.” She imagines and creates structures and objects that are inspired, informed and engineered by, for and with nature.

Roman Mars is interested in “invisible design,” those objects so well-conceived that we barely notice them. With his radio show and podcast 99% Invisible, he spins riveting tales of design.

Session 11: Passion and Consequence

The speakers in this session are propelled forward by a deep fire inside.

With the runaway success of shows like Scandal and Grey’s Anatomy, Shonda Rhimes has become one of Hollywood’s most powerful icons, shattering its much-storied glass ceiling.

For most people, surfing evokes sunny sand and warm, blue water. But Chris Burkard turns traditional surf photography on its head by traveling to remote, risky, and often frigid locations.

Designer Hussein Chalayan’s clothes have a techy vibe. He melds technology, politics and architectural forms in runway shows that blur the line between art and fashion.

The comfort of happy relationships and the thrill of sexual attraction don’t always perfectly overlap. In her psychotherapy practice and writing, Esther Perel helps loving couples navigate between the two.

Teitur laces his deceptively innocent songs with stinging hooks that are sung in English as well as in his native language, Faroese.

Session 12: Endgame

TED2015 will close with our most ambitious session ever: two and a half hours of action-packed talks — several still to be announced.

Ellen MacArthur won accolades as a sailor for circumnavigating the world twice — once on her own. But her travels sent her in a new direction: she now advocates for a “circular” economy, where resources and power recirculate and regenerate.

While seeking out the neurological basis of communication and studying the science of laughter, Sophie Scott stumbled upon a surprising second vocation: making audiences laugh as a stand-up comic.

An 11-year-old piano prodigy from Indonesia, Joey Alexander has a passion for jazz — a genre he discovered listening to his father’s records and that he is now bending inside-out with his debut album.

Alice Goffman lived side-by-side with a group of African-American young men in a distressed neighborhood in Philadelphia. Her book about the experience, On the Run, sheds harsh light on a justice system that creates suspects out of citizens.

Using empathy and a clear-eyed view of mortality, palliative caregiver BJ Miller pays attention to healthcare’s most ignored facet: preparing for death.

Kailash Satyarthi won the Nobel Peace Prize in 2014 along with Malala Yousafzai for “their struggle against the suppression of children and young people.” He fights hard to protect the rights of child laborers, in India and beyond.

With timely and hilarious insights, Baratunde Thurston skewers racial stereotypes and politics-as-usual — and the pundits that perpetuate them.

The TED Blog will be your hub for all things TED2015 from March 16 to 20, 2015. Check back regularly for recaps of these talks — as well as glimpses of what’s going on behind-the-scenes.

This post originally ran on February 3, 2015. It was updated on February 17 with new speakers.

Planet DebianSven Hoexter: admiration

I recently learnt that my former coworker Jonny took his efforts around his own monitoring system Bloonix and moved to self-employment.

If you're considering to outsource your monitoring consider Bloonix. :) As a plus all the code is open under GPLv3 and available on GitHub. So if you do not like to outsource it you can still build up an instance on your own. Since this has been a one man show for a long time most of the documentation is still in german. Might be a pro for some but a minus for others, if you like Bloonix I guess documentation translations or a howto in english is welcome. Beside of that Jonny is also the upstream author of a few Perl modules like libsys-statistics-linux-perl.

So another one has taken the bold step to base his living on free and open source software, something that always has my admiration. Jonny, I hope you'll succeed with this step.

Planet DebianEvolvisForge blog: Java™, logging and the locale

A coworker and I debugged a fascinating problem today.

They had a tomcat7 installation with a couple of webapps, and one of the bundled libraries was logging in German. Everything else was logging in English (the webapps themselves, and the things the other bundled libraries did).

We searched around a bit, and eventually found that the wrongly-logging library (something jaxb/jax-ws) was using, after unravelling another few layers of “library bundling another library as convenience copy” (gah, Java!), which contains quite a few com.sun.istack.localization.Localizable members. Looking at the other classes in that package, in particular Localizer, showed that it defaults to the java.util.Locale.getDefault() value for the language.

Which is set from the environment.

Looking at /proc/pid-of-JVM-running-tomcat7/environ showed nothing, “of course”. The system locale was, properly, set to English. (We mostly use en_GB.UTF-8 for better paper sizes and the metric system (unless the person requesting the machine, or the admin creating it, still likes the system to speak German *shudder*), but that one still had en_US.UTF-8.)

Browsing the documentation for java.util.Locale proved more fruitful: it also contains a setDefault method, which sets the new “default” locale… JVM-wide.

Turns out another of the webapps used that for some sort of internal localisation. Clearly, the containment of tomcat7 is incomplete in this case.

Documenting for the larger ’net, in case someone else runs into this. It’s not as if things like this would be showing up in the USA, where the majority of development appears to happen.

Worse Than FailureAnnouncements: Free (New) TDWTF Mug Day!

Last year around this time, we did a Free T-Shirt Day. You all gave some great feedback, so I thought we'd try it again with a Free Mug Day!

My company, Inedo, will be once again sponsoring this round of The Daily WTF mugs. Although we haven't yet released our v5 of BuildMaster yet, we've made a lot of big improvements since last year, and thought this would be a good opportunity to show them off. The mugs will be the same, serious grade as always -- but this time, they'll feature the brand-new logo (unlike the one below).

Mug with the old logo

To get one, all you have to do is download and install BuildMaster, run through this quick configuration, and then fill out the form with your address, etc. It's the same process as last time, but it's a much different (and much easier) exercise — it shouldn't take more than fifteen minutes or so.

Everything's free, and there's no credit card needed, or anything like that. This is just Inedo's way of thanking you for trying out BuildMaster. Afterwards, you can use the Express Edition for free, or upgrade to the Enterprise Edition.

This offer expires on March 29, 2015, and Supply is limited to 250, so sign up soon! To get started, just follow this link and, in a few weeks time, you'll not only be more knowledgeable about BuildMaster, but you'll be enjoying beverages much more fashionably with these nice, hefty The Daily WTF mugs.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Sociological ImagesPesticide Drift and the Politics of Scale

California’s Central Valley is a bread basket of America. It is the source of much of the country’s grapes, tree fruit, nuts, and vegetables. Many of the farms are massive, requiring large amounts of capital, land, and labor.

In the nearby small towns are the homes of the state’s farm laborers. They are primarily Latino. About half are undocumented. Most are poor and few have health care. Politically and economically weak, they are the primary human victims of pesticide drift.

Pesticide drift occurs when chemicals leave the fields for which they’re intended and travel to where humans can be exposed. According to data summarized by geographer Jill Harrison for her article on the topic, California is a pesticide-intensive state. It accounts for 2-3% of all cropland in the U.S., but uses 25% of the pesticides. One in ten of registered pesticides are prone to drift and a third include chemicals that are “highly acutely toxic” or cause cancer, reproductive or developmental disorders, or brain damage. Officially, there are an average of 370 cases of pesticide poisoning due to drift every year, but farmworker advocates say that this captures 10% of the victims at best.

Teresa DeAnda, an environmental justice advocate, stands on the dirt road between an agricultural field and her neighborhood (image from Voices from the Valley):

State officials and representatives of agriculture business minimize pesticide drift; Harrison calls this “down-scaling.” They claim it’s accidental, rare, and not an integral part of the system when it operates well. “Unfortunately from time to time we have tragic accidents,” says one Health Department official. “I think the number of incidents that have occurred given the, are really not that significant…” says another. “The system works,” says an Agricultural Commissioner, “Unfortunately, we have people who don’t follow the law.” All of these tactics serve to make the problem seem small and localized.

It’s not easy to get politicians to pay attention to some of the weakest of their constituents, but activists have made some headway by what Harrison calls “pushing it up the scale.” Contesting its framing it as small problem by virtue of its frequency or impact, they argue that pesticide drift is routine, regular, and systemic. “These things happen every day,” says one resident. “You can smell [the pesticide use],” says another. “You can see it. When you drive, it gets on your windshield.” An activist argues: “The art of pesticide application is not precision delivery. It’s sloppy, and it often spills.” They further contest the downscaling by arguing that pesticide drift is harming the overall air quality. By describing it as air pollution, they make it a state of California problem, one that affects everyone. This makes it more difficult for big agriculture to say it’s no big deal.

An activist upscales in Wasco, CA (image from Voices from the Valley):

Upscaling and downscaling are both part of the politics of scale, a tactic that involves making a problem seem big or little. Harrison notes that many environmentalists advocate a local approach. “The local,’” she writes, “is commonly touted as the space in which people can most directly voice their concerns and effect political change, due to local officials’ proximity to constituents and familiarity with local issues.” This case, though, suggests that justice isn’t one size fits all.

If you’d like to know more the struggle for environmental justice in the San Joaquin Valley, sociologist Tracy Perkins has started a website, called Voices from the Valley. You can also check out Remembering Teresa for more on pesticide drift.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

Sociological ImagesHappy Birthday, Judith Butler!

Philosopher Judith Butler has been influential across many disciplines, and sociology is no stranger to her works.  She first drew widespread attention with her book Gender TroubleIn it, Butler questioned the supposed naturalness of both the male/female sex binary and the differences between men and women. Not natural at all, she argued, gender is performed.  Butler has written over a dozen books and is a great scholar to be able to quote at parties if you want to impress upon others that you know your shit.


Found at The New School Free Press, via A Serving of Sociology.

Have a scholar we should commemorate?  Send us a wacky pic and we will!

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

CryptogramAT&T Charging Customers to Not Spy on Them

AT&T is charging a premium for gigabit Internet service without surveillance:

The tracking and ad targeting associated with the gigabit service cannot be avoided using browser privacy settings: as AT&T explained, the program "works independently of your browser's privacy settings regarding cookies, do-not-track and private browsing." In other words, AT&T is performing deep packet inspection, a controversial practice through which internet service providers, by virtue of their privileged position, monitor all the internet traffic of their subscribers and collect data on the content of those communications.

What if customers do not want to be spied on by their internet service providers? AT&T allows gigabit service subscribers to opt out -- for a $29 fee per month.

I have mixed feelings about this. On one hand, AT&T is forgoing revenue by not spying on its customers, and it's reasonable to charge them for that lost revenue. On the other hand, this sort of thing means that privacy becomes a luxury good. In general, I prefer to conceptualize privacy as a right to be respected and not a commodity to be bought and sold.

EDITED TO ADD: It's actually even more expensive.

Planet Linux AustraliaDavid Rowe: Minimalist VHF Software Defined Radio Part 1

I think the future of radio hardware is a piece of wire connected to a GPIO pin.

The rest of the radio will be “gcc compilable” free software running on commodity CPU horsepower. I spoke about this at length in my recent 2015 talk.

For the last two weeks I’ve been developing a simple radio architecture that is moving in that direction. The motivation is hardware to test our VHF FreeDV ideas. I’ve got to the point where I can tune 146 MHz VHF radio signals. The performance largely meets my design specs. The radio consists of about 20 off the shelf parts and a STM32F4 Discovery board with a Bill of Materials (BOM) cost of a few $. With another design pass it will be capable of good RF performance and also run FreeDV (or the mode of your choice). Completely stand alone – no PC.

Boo Baseband IQ, Chip-sets and FPGAs

I’m not a fan of baseband IQ designs, due to issues with phase and amplitude balance, and carrier feed through. This means development time and engineering pain. IQ signals should live only in software. Nor am I a fan of semi-closed chip-sets, FPGAs, or fixed point. More pain, development time, inaccessible tools, complex hardware designs, multilayer PCBs (even for prototypes), vendor lock-in, non-portable and proprietary issues.

I’m using the STM32F4, NE602 mixer, and Si5351 LO as that’s what I had laying about. However I’m not hung up on any of them. Please free free to subsitute your favourites. What I do care about is radio architectures that minimise hardware and maximise free software.

No chip-sets or lock-in here. The hardware is very simple so major changes can be made in minutes, and prototyped by anyone who can hold a soldering iron next to a piece of blank PCB.

Design Walk Through

I prototyped the radio on a few square inches of blank PCB:

In the foreground is the Open Radio that I’m using for the Si5351 LO.

High Q filters and MacGyver Filter Tuning

It took me a few days to get a decent 10.5MHz Band Pass Filter (BPF) working. Learned all about loaded and unload Q of various inductors, filters, and rigged up a way to sweep filters using some Si5351 code:

  float f;
  unsigned long long f_ull;
  while(1) {
    for (f=8.0; f<12; f += 0.1) {
      f_ull = f*100000000ULL;
      si5351.set_freq(f_ull, 0, SI5351_CLK0);

Using my oscilloscope’s FFT function with infinite persistence selected on the display I can get a good feel for the filter performance:

I needed a pretty high Q for the BPF so I tested several inductors in a parallel 10MHz LC tuned circuit. I swept the circuit with the Si5351 and measured the insertion loss at resonance. At resonance the only impedance is the effective resistance of the inductor Rl. This forms a voltage divider with the source impedance (1500 ohms in my case).

Inductor Insertion Loss (dB) Rl Xl Qu
6T 6mm air core 200nH 16 281 12.5 22.5
FT37-61 3T 1uH 4 2565 60 43
Jaycar moulded inductor 1uH 3 1500 60 85

I eventually settled on a T50-2 toroid, which could achieve an unloaded Q of over 100 at 10MHz. A two stage coupled resonator BPF gets 40dB attenuation at 10.5 +/- 1MHz. I’m still climbing the RF learning curve but this testing was fun and useful for me. A crystal filter designed for FM radios (16 kHz bandwidth) would also do the job.

Band pass Sampling

We are using the neat trick of band pass sampling. This is a bit confusing – how do we sample a 10.5MHz signal with a sample rate of 2MHz?

OK, say you want to sample a signal at frequency f with an ADC having a sample rate Fs. Turns out the ADC can’t tell the difference between between f, Fs+f, 2Fs+f etc.

Here’s an example of a f1 = 5 Hz and f2 = 105 Hz signal sampled at Fs = 100 Hz. Note how the sampled signal is exactly the same!

That’s why we usually put a low pass filter in front of the ADC, to limit the “images” that the ADC would otherwise sample. By using a band pass filter, we can intentionally select one of the images.

So the sample and hold of the ADC can also perform a frequency translation step, saving us the need for a mixer and second local oscillator. In practice, the ADC tends to be less sensitive when sampling higher frequencies. In the case of the STM32F4 the sample and hold is a RC circuit with a -3dB point of 7MHz. As a simple RC filter rolls off slowly it still has plenty of gain at 10.5MHz.

Software IIR Tuner

The big challenge with this architecture is how to handle 2 MS/s from the ADC on a uC that is only clocked at 168 MHz. That’s only 84 instructions per sample at 100% CPU load. In this small budget we need to “tune” the 500 kHz signal so that other adjacent signals are filtered out. Then re-sample down to 44 or even 8 kHz, hopefully with enough MIPs left over to run the FreeDV stack (a GMSK modem and Codec 2).

Here is the block diagram of the tuner, the C source code is in iir_tuner.c

The ADC sees our 10.5 MHz signal as a 500 kHz signal. We use an Infinite Impulse response (IIR) bandpass filter to stomp on everything else except the signal centred on 500 kHz. IIR just means it’s recursive (uses previous outputs). This filter is the exact DSP equivalent of a LC tuned circuit, as used in the analog BPF. Once filtered, we can then safely decimate the signal (reduce the sample rate) by a factor of 45 so our poor little uC can start breathing again. Much easier to process the signal at a sampling rate of 44.4 kHz (ish) than 2 MHz.

The IIR filter is implemented in C like this:

  y[n] = x[n] - 2*sqrt(beta1)*cos(w)*y[n-1] - beta1*y[n-2]

y[n] is the latest output, x[n] the input. The w is the centre frequency of the filter in radians (w = 2*pi*f/Fs) and beta1 is the “Q” of the filter, i.e. sets how sharp it is. If you set beta1 = 0.999 you get the filter we are using. Make beta1 = 1 you get an oscillator. If you make beta1 > 1 you get overflow errors.

As we are MIPs-shy we set w=pi/2, which is one quarter of the sampling frequency of 2 MHz, or 500 kHz. This makes cos(w) = 0 and the the whole filter reduces to:

   y[n] = x[n] - beta1*y[n-2]

This executes in about 12% of the STM32F4 without any particular effort in optimisation. Good enough.

The IIR filter does make the spectrum of the signal a little spikey in the middle so we use an equaliser to flatten it out again. This is a simple Finite Impulse Response (FIR) filter that is the exact inverse of the IIR filter, but scaled for the lower sampling rate:

   y[n] = x[n] + beta2*x[n-2]

I started by simulating the tuner in Octave (adcres.m), which produced these fine plots:

I set a spec of 40dB rejection of adjacent signals, which is a function of the IIR tuner and the analog 10.5 MHz BPF.

In the plots above there are 4 signals. First the “wanted” signals at f+8 and f-7kHz (6dB down), at the edges of the desired bandwidth we need for nasty old legacy analog FM. Then I popped in an interferer f-207kHz away. If we don’t filter well enough the interferer will get aliased into the pass band. You can see that in the lower plot – the f-207kHz signal now appears about 30dB down in the pass band. Hopefully the analog BPF will push it down a bit more in practice.

The fourth signal is an impulse that effectively has energy at all frequencies, and neatly shows us the shape of the filters that implement the tuner. That’s the continuous line in each plot (0dB on top plot). I set the level of this broadband signal to 40dB less than the f+8kHz pass band signal.


Here’s an example output for a 146.0025 MHz CW signal at -30dBm and -60dBm:

These are FFTs of 10 seconds of output samples. The x axis spans about 4 kHz, and the y axis is in dB, but not relative to any reference level. The central line is at about 2 kHz, so we have down converted by 146.005MHz from the input.

There is no gain apart from the mixer. Still, we can see at the -30dBm level we have about 60dB between the wanted signal and the highest spurious lines. At the -60dBm level the signal drops 30dB as expected.

Even at -30dBm the ADC is only being driven at about 10% of it’s maximum level, so we have another 20dB of headroom available there. Some gain would let us detect signals down to an appropriate MDS.

The spurious spurs appear to be 500Hz (ish) apart, which is the ADC interrupt service routine frequency. This is probably some power supply noise which we can clean up, as I did in the SM1000 development. The current prototype construction is pretty rough, so there are bound to be some issues in a VHF plus high speed digital system.

I wrote a FM demodulator in C and ran it on the STM32F4, sampling the results. Here is a strong local signal and here is a sample of Mark, VK5QI from a repeater.

The sample from the repeater is a scratchy. The periodic noise I think is at the rate buffers are transferred up to the Host PC I used for collecting samples. However please bear in mind this is not a finished radio, there is currently only about 10dB gain in total, and no input BPF! Off air reception at this early stage was just a long shot I thought I’d try for fun. Gain is cheap, we can add that in the next pass.

The real innovation here is the extreme simplicity of the hardware.

Being an on-chip ADC I’m not expecting sparkling performance. However it might be “good enough” – especially given it comes for free and the low SNR requirements (about 6dB) we need for GMSK. We shall see.

I measured the adjacent channel rejection as -30dB at 1 MHz and -40dB at a 25 kHz offset. The 25 kHz figure is exactly as designed (40dB). The 1MHz offset figure is 10dB worse than designed for. This could be due to the ADC input impedance loading the BPF and reducing the Q.

For a real radio these figures need to be much better, so another design pass is required. However I don’t think there is any risk here, just engineering effort. This first pass has shown that the architecture works.

Next Steps

  1. Replace the NE602 mixer with one that can deliver good strong signal performance.
  2. Have another design pass to meet a reasonable spec, like MDS of -120dBm for 1200 bit/s GMSK, adjacent channel rejection of -60dB, 100dB blocking of signals at +/- 1MHz. Rationalise the sampling rates (e.g. uC clock, ADC clock) so we get exactly Fs=48kHz at the output of the tuner.
  3. Put a proper 144-148MHz BPF on the input of the mixer.
  4. See if we can tune 70cm signals as well, e.g. with a harmonic of the LO. The mixer is good to 500 MHz.
  5. Determine if the Si5351 is OK in terms of phase noise, spurious lines. We could just about use a crystal oscillator, and tune chunks of the 2M band using banks of BPFs and IIR tuner software. The ADC sample clock might also be causing problems, e.g. spectral lines or phase noise. We can test that by measuring the implementation loss of the demodulator for a given receiver input C/No.
  6. Work out a clever way to transmit a 1W constant envelope signal at VHF. Perhaps a similar architecture operating in reverse, i.e. DAC running at 2MHz, tune to the 10.5 MHz image, up convert that to VHF. However as linearity is not required, the mixer could be a XOR logic gate.
  7. With a different BPF ahead of the ADC can we tune HF signals directly (i.e. delete the NE602)? What sort of performance will it have? Will the ADC dynamic range limit adjacent signal rejection?

Planet Linux AustraliaLinux Users of Victoria (LUV) Announce: LUV Main March 2015 Meeting: CoderDojo / OpenPower and POWER8

Mar 3 2015 19:00
Mar 3 2015 21:00
Mar 3 2015 19:00
Mar 3 2015 21:00

The Buzzard Lecture Theatre. Evan Burge Building, Trinity College, Melbourne University Main Campus, Parkville.


• Kieran Nolan and Martin Harris: CoderDojo
• Stewart Smith: OpenPower and POWER8

The Buzzard Lecture Theatre, Evan Burge Building, Trinity College Main Campus Parkville Melways Map: 2B C5

Notes: Trinity College's Main Campus is located off Royal Parade. The Evan Burge Building is located near the Tennis Courts. See our Map of Trinity College. Additional maps of Trinity and the surrounding area (including its relation to the city) can be found at

Parking can be found along or near Royal Parade, Grattan Street, Swanston Street and College Crescent. Parking within Trinity College is unfortunately only available to staff.

For those coming via Public Transport, the number 19 tram (North Coburg - City) passes by the main entrance of Trinity College (Get off at Morrah St, Stop 12). This tram departs from the Elizabeth Street tram terminus (Flinders Street end) and goes past Melbourne Central Timetables can be found on-line at:

Before and/or after each meeting those who are interested are welcome to join other members for dinner. We are open to suggestions for a good place to eat near our venue. Maria's on Peel Street in North Melbourne is currently the most popular place to eat after meetings.

LUV would like to acknowledge Red Hat for their help in obtaining the Buzzard Lecture Theatre venue and VPAC for hosting.

Linux Users of Victoria Inc. is an incorporated association, registration number A0040056C.

March 3, 2015 - 19:00

read more

Worse Than FailureTales from the Interview: Limit as Sense Approaches Zeno

It’s an uncomfortable truth in our enlightened, 21st-century utopia, but we often don’t know how to deal with people that deviate slightly from the norm. Jim knows a thing or two (or three) about this, because he has a Bachelors of Science with three majors: Computer Science, English, and Mathematics. Let’s not dwell on how such a thing could be possible; consider instead the strangest reaction Jim ever encountered to his unusual credentials.

Cauchy Sequence

The developer position at Competitive Telecom Systems seemed straightforward, and a good fit for Jim’s skills and experience. When Jim’s interview time had arrived, a man found him in the reception area and shook his hand.

“You must be Jim. I’m Ted. We’re very excited to have you here today!”

Ted led Jim through a maze of beige corridors to a nondescript conference room and took a seat across from one of his associates.

“This is Fred,” Ted said, indicating the man across from him. He then nodded towards the third man, sitting between the two at the end of the table directly across from Jim. “And this is Crispin. We asked him to join us especially to meet you.”

“That’s right,” Fred said, “he came as a favour.”

Jim greeted Crispin, who said nothing, never raising his eyes from the document he was reading.

Ted began the interview with a simple programming question that Jim correctly identified as a string-reversal variant before describing an effective solution. Ted nodded, but paused for a moment before asking,

“So, what, did you take a few CS and English electives as part of your Math degree?”

“Well, no,” Jim said. “My school offered a triple-major track, and I took it. I’ve fulfilled the requirements for all three of my majors.”

“Of course, of course,” Fred said, taking the reigns from his colleague, “we just want to get an idea of where your focus lies. Would you say you consider yourself more of an Arts major that dabbles on the Science side of things, or the other way around?”

“I suppose if I had to choose, I am applying for a developer role. So I see myself as a Computer Scientist first and foremost,” Jim furrowed his brow, trying to determine what his interlocutors wanted to hear. Were they afraid he didn’t have what it took to be a developer? That the variety of subjects he’d studied meant he couldn’t commit to a given task? The conversation went back to typical questions, Ted alternating with Fred, each of them unable to resist circling back to Jim’s unusual degree. All the while, Crispin remained absorbed in the document. He turned it over and over, as though trying to memorize the words on each side of the single sheet that Jim eventually recognized as his résumé. When Fred and Ted had run out of steam, and Crispin still seemed unaware that a candidate sat across the table from him, Jim leaned forward and asked if they had any other questions for him.

Ted and Fred turned to their grim colleague, the one whose presence in Jim’s interview had been specially requested. Crispin let Jim’s résumé flutter to the desk, raised his head, narrowed his cold, grey eyes.

“I have a question, Jim. A Math major would know about integration and differentiation, right?”

“Of course,” Jim nodded. “Basic calculus…”

“Yes. And a Computer Science major would have encountered the concepts of black-box and white-box testing?”

“Yes, black-box is where you test the external interfaces of a given module without assuming knowledge of its internals, while white-box—”

“Good. And, as an English major, you must have spent a lot of time drawing comparisons between works?”

“I did, yes…” Jim leaned forward, peering at Crispin, unsure what these questions were building to.

“Okay Jim,” Fred said, “Now, listen closely.”

“This is why Crispin came today,” Ted added.

Crispin cleared his throat and glared at his lackeys. “Here’s what I need you to do, Jim,” he said. "I want you to compare the concepts of integration and differentiation with those of white- and black-box testing.

“In your own words, of course.”

Jim gaped. Ted and Fred sat back, arms crossed, expressions indicating their satisfaction.

“Crispin spent two days with your résumé, just to come up with that question,” Ted said.

“That’s right; no one comes up with questions as challenging as Crispin’s,” Fred said. “When we saw your education history, we knew we had to call him in.”

“Yes, yes,” Crispin waved them aside, “that’s fine. Well, Jim? What do you and your three majors have to say for yourselves?”

Jim racked his brain, trying to conjure anything that could relate seemingly arbitrary concepts from different disciplines to one another. He was on the brink of muttering… inverse something, when reason asserted itself. He politely explained that he saw no way to compare those particular concepts. Glowering, the triad informed him that they had no further questions, and they would let him know their decision. The attentive reader of this publication will not be surprised to learn that Jim failed to get the job, and, though his career has since taken him elsewhere, he is still considering a new course of study to determine, with academic rigour, what an acceptable answer to Crispin’s masterstroke might have been.

[Advertisement] BuildMaster is more than just an automation tool: it brings together the people, process, and practices that allow teams to deliver software rapidly, reliably, and responsibly. And it's incredibly easy to get started; download now and use the built-in tutorials and wizards to get your builds and/or deploys automated!


Planet DebianRichard Hartmann: Accuracy

Even if you disregard how amazing this is, this quote blows my proverbial mind:

The test rig is carefully designed to remove any possible sources of error. Even the lapping of waves in the Gulf of Mexico 25 miles away every three to four seconds would have showed up on the sensors, so the apparatus was floated pneumatically to avoid any influence. The apparatus is completely sealed, with power and signals going through liquid metal contacts to prevent any force being transmitted through cables.

Planet DebianSimon Josefsson: Laptop Buying Advice?

My current Lenovo X201 laptop has been with me for over four years. I’ve been looking at new laptop models over the years thinking that I should upgrade. Every time, after checking performance numbers, I’ve always reached the conclusion that it is not worth it. The most performant Intel Broadwell processor is the the Core i7 5600U and it is only about 1.5 times the performance of my current Intel Core i7 620M. Meanwhile disk performance has increased more rapidly, but changing the disk on a laptop is usually simple. Two years ago I upgraded to the Samsung 840 Pro 256GB disk, and this year I swapped that for the Samsung 850 Pro 1TB, and both have been good investments.

Recently my laptop usage patterns have changed slightly, and instead of carrying one laptop around, I have decided to aim for multiple semi-permanent laptops at different locations, coupled with a mobile device that right now is just my phone. The X201 will remain one of my normal work machines.

What remains is to decide on a new laptop, and there begins the fun. My requirements are relatively easy to summarize. The laptop will run a GNU/Linux distribution like Debian, so it has to work well with it. I’ve decided that my preferred CPU is the Intel Core i7 5600U. The screen size, keyboard and mouse is mostly irrelevant as I never work longer periods of time directly on the laptop. Even though the laptop will be semi-permanent, I know there will be times when I take it with me. Thus it has to be as lightweight as possible. If there would be significant advantages in going with a heavier laptop, I might reconsider this, but as far as I can see the only advantage with a heavier machine is bigger/better screen, keyboard (all of which I find irrelevant) and maximum memory capacity (which I would find useful, but not enough of an argument for me). The only sub-1.5kg laptops with the 5600U CPU on the market right now appears to be:

Lenovo X250 1.42kg 12.5″ 1366×768
Lenovo X1 Carbon (3rd gen) 1.44kg 14″ 2560×1440
Dell Latitude E7250 1.25kg 12.5″ 1366×768
Dell XPS 13 1.26kg 13.3″ 3200×1800
HP EliteBook Folio 1040 G2 1.49kg 14″ 1920×1080
HP EliteBook Revolve 810 G3 1.4kg 11.6″ 1366×768

I find it interesting that Lenovo, Dell and HP each have two models that meets my 5600U/sub-1.5kg criteria. Regarding screen, possibly there exists models with other screen resolutions. The XPS 13, HP 810 and X1 models I looked had touch screens, the others did not. As screen is not important to me, I didn’t evaluate this further.

I think all of them would suffice, and there are only subtle differences. All except the XPS 13 can be connected to peripherals using one cable, which I find convenient to avoid a cable mess. All of them have DisplayPort, but HP uses DisplayPort Standard and the rest uses miniDP. The E7250 and X1 have HDMI output. The X250 boosts a 15-pin VGA connector, none of the others have it — I’m not sure if that is a advantage or disadvantage these days. All of them have 2 USB v3.0 ports except the E7250 which has 3 ports. The HP 1040, XPS 13 and X1 Carbon do not have RJ45 Ethernet connectors, which is a significant disadvantage to me. Ironically, only the smallest one of these, the HP 810, can be memory upgraded to 12GB with the others being stuck at 8GB. HP and the E7250 supports NFC, although Debian support is not certain. The E7250 and X250 have a smartcard reader, and again, Debian support is not certain. The X1, X250 and 810 have a 3G/4G card.

Right now, I’m leaning towards rejecting the XPS 13, X1 and HP 1040 because of lack of RJ45 ethernet port. That leaves me with the E7250, X250 and the 810. Of these, the E7250 seems like the winner: lightest, 1 extra USB port, HDMI, NFC, SmartCard-reader. However, it has no 3G/4G-card and no memory upgrade options. Looking for compatibility problems, it seems you have to be careful to not end up with the “Dell Wireless” card and the E7250 appears to come in a docking and non-docking variant but I’m not sure what that means.

Are there other models I should consider? Other thoughts?

Rondam RamblingsWhy QM is the only possible theory of nature

Just stumbled across this absolutely gorgeous explanation of why quantum mechanics is the only possible theory of nature that both allows for complete knowledge and probabilities.  It's one of the best written pieces of science popularization I have ever read.  It takes you from zero to a pretty deep understanding in just a shade over 1000 words.  It's brilliant, almost a work of art.  If you're

LongNowDavid Keith Seminar Media

This lecture was presented as part of The Long Now Foundation’s monthly Seminars About Long-term Thinking.

Patient Geoengineering

Tuesday February 17, 02015 – San Francisco

Audio is up on the Keith Seminar page, or you can subscribe to our podcast.


Practical geoengineering – a summary by Stewart Brand

“Temporary, moderate, and responsive” should be the guidelines of responsible geoengineering, in David Keith’s view. For slowing global warming, and giving humanity time to bring greenhouse gas emissions down to zero (and eventually past zero with carbon capture), he favors the form of “solar radiation management” that reflects sunlight the way volcanoes occasionally do—with sulfate particles in the stratosphere.

The common worry about geoengineering is that because it is so cheap ($1 billion a year) and easy, civilization would become “addicted“ and have to continue it forever, while giving up on the expensive and difficult process of reducing greenhouse gas emissions, thus making the long-term problem far worse. Keith’s solution is to design the geoengineering program as temporary from start to finish. “Temporary“ means shut it down by 02200. (Keith also likes the term “patient” for this approach.)

By “moderate” he means there is no attempt to completely offset the warming caused by us, but just cut the rate of climate change in half. That would give the highest benefit at lowest risk—minimal harmful effect on ozone and rainfall patterns, and the fewest unwelcome surprises, while providing enough time (and plenty of incentive) for societies to manage their carbon dioxide mitigation and orderly adaptation. Geoengineering’s leverage is very high—one gram of particles in the stratosphere prevents the warming caused by a ton of carbon dioxide.

Responsive” means careful, gradual, and closely monitored, with the expectation there will be many adjustments along the way, along with the ability to back off entirely if needed. Though climate-change models keep improving, we still do not completely understand how climate works, and that raises the very good question: “How do you engineer a system whose behavior you don’t understand?” Keith’s answer is “feedback. We engineer and control many chaotic systems, such as high-performance aircraft, through precise feedback.” The same goes for governance of geoengineering. It is a complex system that will require sophisticated control by a global set of governing bodies, but we already do that for the far more complex system of global finance.

Keith’s specific program would begin with balloon tests in the lower stratosphere (8 miles up) releasing just 100 grams of sulfuric acid—about the amount of particles in a few minutes of normal jet contrail. “If those studies confirm safety and effectiveness,” Keith said, “then we could begin gradual deployment as early as 02020 with three business jets re-engineered for high altitude. By 02030 you could have about ten aircraft delivering a quarter million tons of sulfur per year at a cost of $700 million.“

The amount of sulfur being released might be up to a million tons by 02070, but that would still be only one-eighth of what went into the stratosphere from the Mt. Pinatubo volcanic eruption in 01991, and one-fiftieth of what enters the lower atmosphere from our current burning of fossil fuels. By then we may have developed more sophisticated particles than sulfate. It could be diamond dust, or alumina, or even something like a nanoscale “photophoretic” particle designed by Keith that would levitate itself above the stratosphere.

This is no quick fix. It is not quick, and it doesn’t try to be a complete fix. It has to be matched with total reduction of greenhouse gas emissions to zero and with effective capture of carbon, because the overload of carbon dioxide already in the atmosphere will stay there for a very long time unless removed. Keith asked, “Is it plausible that we will not figure out how to pull, say, five gigatons of carbon per year out of the air by 02075? I don’t buy it.“

Keith ended by proposing that the goal should not be just 350 parts per million (ppm) of carbon dioxide in the atmosphere. (It’s rising past 400 ppm now.) We can shoot for the pre-industrial level of the 01770s. Take carbon dioxide down to 270 ppm.

Subscribe to our Seminar email list for updates and summaries.

Google AdsenseIntroducing the new AdSense Revenue profile

Starting today, a new Revenue profile report will be available in your AdSense account. Currently, AdSense reporting shows you an average of your ad request RPM. This new report will help you understand the value of your top performing ad requests in more detail.

The AdSense ad auction handles billions of ad requests each day, channeling demand from AdWords advertisers and Google certified ad networks (via the DoubleClick Ad Exchange) to our publishers. This real-time digital ad marketplace works to serve high paying ads on your site. Now, you will be able to see the performance of these valuable ads. For example, you can now see the RPM of the top 5% of ads performing on your site.

To make sure you're getting the most out of the ads on your site, follow these best practices:

The new Revenue profile report is available if your AdSense account receives a minimum number of ad requests. It currently offers an aggregate view of your account and we are working to offer a more complete picture with detailed reporting in the future.

Find out more about the new Revenue profile in the AdSense Help Center and let us know what you think about this feature in the comments section below.

Posted by Nick Radicevic - AdSense Product Manager
Was this blog post useful? Share your feedback with us.

CryptogramCell Phones Leak Location Information through Power Usage

New research on tracking the location of smart phone users by monitoring power consumption:

PowerSpy takes advantage of the fact that a phone's cellular transmissions use more power to reach a given cell tower the farther it travels from that tower, or when obstacles like buildings or mountains block its signal. That correlation between battery use and variables like environmental conditions and cell tower distance is strong enough that momentary power drains like a phone conversation or the use of another power-hungry app can be filtered out, Michalevsky says.

One of the machine-learning tricks the researchers used to detect that "noise" is a focus on longer-term trends in the phone's power use rather than those than last just a few seconds or minutes. "A sufficiently long power measurement (several minutes) enables the learning algorithm to 'see' through the noise," the researchers write. "We show that measuring the phone's aggregate power consumption over time completely reveals the phone's location and movement."

Even so, PowerSpy has a major limitation: It requires that the snooper pre-measure how a phone's power use behaves as it travels along defined routes. This means you can't snoop on a place you or a cohort has never been, as you need to have actually walked or driven along the route your subject's phone takes in order to draw any location conclusions.

I'm not sure how practical this is, but it's certainly interesting.

The paper.

Planet DebianEnrico Zini: akonadi-client-example

Akonadi client example

After many failed attemps I have managed to build a C++ akonadi client. It has felt like one of the most frustrating programming experiences of my whole life, so I'm sharing the results hoping to spare others from all the suffering.

First thing first, akonadi client libraries are not in libakonadi-dev but in kdepimlibs5-dev, even if kdepimlibs5-dev does not show in apt-cache search akonadi.

Then, kdepimlibs is built with Qt4. If your application uses Qt5 (mine was) you need to port it back to Qt4 if you want to talk to Akonadi.

Then, kdepimlibs does not seem to support qmake and does not ship pkg-config .pc files, and if you want to use kdepimlibs your build system needs to be cmake. I ported by code from qmake to cmake, and now qtcreator wants me to run cmake by hand every time I change the CMakeLists.txt file, and it stopped allowing to add, rename or delete sources.

Finally, most of the code / build system snippets found on the internet seem flawed in a way or another, because the build toolchain of Qt/KDE applications has undergone several redesignins during time, and the network is littered with examples from different eras. The way to obtain template code to start a Qt/KDE project is to use kapptemplate. I have found no getting started tutorial on the internet that said "do not just copy the snippets from here, run kapptemplate instead so you get them up to date".

kapptemplate supports building an "Akonadi Resource" and an "Akonadi Serializer", but it does not support generating template code for an akonadi client. That left me with the feeling that I was dealing with some software that wants to be developed but does not want to be used.

Anyway, now an example of how to interrogate Akonadi exists as is on the internet. I hope that all the tears of blood that I cried this morning have not been cried in vain.

TEDDesign for dying: Alison Killing on the architecture of death

Alison Killing speaks at TEDGlobal 2014. Photo: Ryan Lash/TED

Alison Killing thinks a lot about death … and specifically, how its ubiquitous, hidden presence shapes our cities. In Death in Venice, her June 2014 exhibition on the topic, Killing mapped London’s death-associated architectural features — hospitals, cemeteries, crematoria, and so on — making visible the invisible mechanics of death and dying. She asks us to consider: What might a good death experience mean today? And how can we design differently for the dying, as well as those caring for them?

Here, the Netherlands-based British architect and urban designer, who specializes in humanitarian architecture, talks about how the project has challenged her own perception of death, and how she plans to make space for better dying.

First of all, it’s hard to miss the connection between your work and your name. Is it just a coincidence?

Yes, it’s my real name. My firm is called Killing Architects — I like to say that I started Killing Architects four years ago. [laughs]

How did you become involved in the architecture of death? Was it a long-term interest?

It began rather suddenly and recently with a call for proposals to the 2014 Venice Biennale. The theme was “fundamentals.” Most countries in the world stage their own exhibition in a national pavilion. For 2014, nations were asked to look at modernism in their own country between 1914 and 2014.

Two days before the deadline, a friend emailed me with an idea for the British Pavilion’s call for entries:  “Let’s do an exhibition about death.” He and a partner had already completed a thesis project on this topic, and I pulled in a couple more friends to build a solid team with a curatorial and research base. We didn’t get accepted, but at the end of a quite rushed process, we had a proposal that was well worked out, and an idea that we liked. So we applied for funding on our own, and produced it in Venice as an independent event, coinciding with the opening week of the Biennale.

We had about 500 people come and see the actual exhibition, a few really nice reviews and quite a lot of press attention for the project, too. Part of the funding for the exhibition came from a Kickstarter campaign, and through that we had a lot of social media buzz. We could only stay open a week, but we heard of a lot of people going to Venice for the Biennale later on and looking for Death in Venice.

What was your focus for the exhibition?

When death has been studied before, it’s usually been from a memorial standpoint — about monuments and tombstones and so on — straightforward architecture. We had a lot of background research on this aspect, but we decided to think about how, while death is something that we don’t talk about much publicly, or even think about on a day-to-day level, it’s pervasive in our lives. Hospitals, hospices, crematoria and cemeteries surround us, yet we are not aware.

The architectural history of the 20th century is often presented in terms of advances in science and technology leading to light, airy, green, healthy cities for the masses. It was a reaction to the filthy industrial slums of the previous century. The narrative is about life and increased health and progress — but death is never mentioned in this story, even though these developments have also massively changed the way we approach it.

At the start of the 20th century, people typically died at home and of infectious diseases after a short period of illness (and a huge proportion died of “other causes” that couldn’t be adequately explained at the time). Developments in medicine — like the discovery of penicillin — and in public health led to a decline in deaths from infectious disease. At the same time, the invention of heavy and expensive medical equipment, like X-ray machines, needed to be kept somewhere central, which gave us the modern hospital. Universal health care meant more people got access to proper medical treatment, which in turn created a need for more of these buildings.

A close up of one of the infographics in Death in Venice, showing changing life expectancy over the course of the 20th century. Early in the century, many children died before their 5th birthday, and the average life expectancy at the time was around 48. Today we can expect to live to almost 80. Photo: Alison Killing

A close-up of one of the infographics in Death in Venice, showing changing life-expectancy over the course of the 20th century. Early in the century, many children died before their 5th birthday, and the average life expectancy at the time was around 48. Today we can expect to live to almost 80. Photo: A. Molenda

We now overwhelmingly die of degenerative diseases, with cancer and heart disease being the two biggest killers in the Western world. It means that people tend to have a long period of chronic illness at the end of their lives in which they will spend a significant amount of time in hospitals, hospices and care homes. These buildings are also widely regarded as being pretty awful places to be, not just because you tend to be there for a negative reason, but also because the buildings themselves tend to be horrible — lots of long corridors, no natural daylight, it’s difficult to find your way around. They’ve been designed around the bureaucratic needs of very large institutions and the technology that needs to be housed there.

The centerpiece of our exhibition was a big interactive map of London, showing all of the space that is given over to death in the city — essentially showing how death has shaped the city. We worked with a team of graphic and interactivity designers called LUST, who are based in the Hague, on this. They developed the graphic identity of the exhibition and built the interactive installations. We also wanted to show how the cultural approach to death had changed over the last century, as well as take a look at where it is now. The idea was to provoke conversation.

What would you say our cultural attitude to death is now?

Death’s just become very institutionalized and very medicalized. It’s not only about the places where we die, but the experience of death, as well. On a pragmatic level, very few people want to die in hospital — the data varies depending on the survey, but it’s usually in single digits. Yet 55% of people do end up dying in hospital.

On top of that, in the NHS in the UK, about 50% of the complaints on the NHS have to do with the care of a dying person. This says that not only do we not get what we hope for in terms of our death experience, but we are unhappy with what care does exist.

Why do you think there’s such a stark contrast between what we want and what exists?

Medicine is about curing people, which sets up a conflict. It brings up a tricky ethical issue about when, if ever, doctors should stop trying to cure individuals. And how may we allow people to die with dignity, without pain?

Once I started talking with hospice workers and hearing their perspectives, I began to understand death as this really special time. You only get to do it once, and it can be a very close time for the family, very intimate. It is possible to have quite positive experiences around death, although of course losing someone you love is sad. The hospital setting isn’t conducive to those sorts of experiences, because there’s a tension between curative and palliative medicine. There’s also an argument to be made that smaller institutions are better able to treat patients in a more holistic way, taking into consideration social and spiritual needs, as well as physical. Holistic needs are perhaps more difficult to meet in a very large institution.

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="330" mozallowfullscreen="mozallowfullscreen" src="" title="Death in Venice - interactive map of London" webkitallowfullscreen="webkitallowfullscreen" width="586"></iframe>

Above: This interactive map of London, which shows how many buildings and public spaces in the city are given over to death, is the centerpiece of Death in Venice. The solid white shapes are hospitals, hospices, mortuaries, crematoria and cemeteries. As visitors wave their hands over the map, the names of the sites appear. Video: Alison Killing

What makes UK history stand out when it comes to architecture and death?

The UK’s interesting in a variety of ways. It was the first country to industrialize, which created a lot of changes in society. It’s a very secular country, and one of the first to adopt cremation. It has one of the highest rates of cremation in the world now.

It’s also the country where the modern hospice movement emerged. Palliative medicine was established by Cicely Saunders, in 1967, in South London. Before then, hospices did exist, but it was very nursing-based. They did care for people’s emotional and spiritual needs, but what was missing was the medical aspect. So a variety of factors led us to focus on the UK, but as it turned out, it was a very appropriate place to start the conversation.

In your interactive map of London, it appears that almost every other building that lights up is a death-related site. This seems like a lot. Why the density?

A lot of what’s on the map is cemeteries. By the 19th century, cemeteries were basically full in Central London, so there were many Acts of Parliament passed that allowed larger cemeteries to open on the outskirts of the city. These are not outskirts any more — places like Hampstead Heath, Kensal Green or the City Cemetery, way out east. Later on, that’s where crematoria were sited as well. So you have what I like to call the ring of fire in Zone 3, where all the crematoria are located.

The other thing that happened in the 19th century was the founding of the London Mortuary Company. Because all of the city’s graveyards were filled, the company bought land outside of the city near Woking in Surrey, where they built a huge cemetery, thinking it was a major investment opportunity. They thought they had an evergreen market, and would make massive amounts of money charging people for burial spots. They even built a special railway line that left London Waterloo to go to the cemetery.

But it didn’t work. There was mismanagement and problems in getting set up, by which time other cemeteries had been built closer to London. Also, people weren’t prepared to pay huge money for the burial plots. And they’re not very good investments because they have to be maintained long-term. They ended up selling part of the land to the UK’s Crematorium Society, who was this team of campaigning doctors who, for public health reasons, wanted more cremation. So they built London’s first crematorium on that land.

What have you learned about people’s attitudes towards death during the course of doing this project?

I guess the revelation that’s been most shocking to me is how pragmatic people can be around death — what they do with the body, funeral expenses, and so on. It turns out that people do choose cremation because it’s easier and cheaper than burying the dead.

I also learned how deeply embedded death is in our culture, yet how individuals don’t really have an outlet through which to air their experiences. The project seemed to provide an opening for people to pull out their very particular and intimate stories about their encounters with death.

Whenever I start talking to people about this work, they’ll say something like, “That’s really strange.” Then there’ll be a pause of about 30 seconds — and then they talk to me for hours, telling me all of their strange family histories and secrets, really intimate, moving stories about their uncle who was in a hospice, or what the last few days of their grandmother’s life were like. One guy even told me he’d lived next to a guy who turned out to be a serial killer. The police spent a couple of weeks digging up the entire garden next door and exhuming bodies.

A selection of postcards showing the places that people pass through on either side of death. These cards, from the 2014 set, include the coroner's process checklist when a death is unexpected or suspicious. The postcard in the top right is of a mortuary in London, where bodies are stored before burial. A century ago, the body would instead be laid out in the family living room for people to come and visit and say their goodbyes. Photo: Alison Killing

A selection of postcards showing the places that people pass through on either side of death. These cards, from 2014, include the coroner’s process checklist when a death is unexpected or suspicious. The postcard in the top right is of a mortuary in London, where bodies are stored before burial. A century ago, the body would instead be laid out in the family living room for people to visit and say their goodbyes. Photo: A. Molenda

Did the project change your personal perspective on death and space?

Actually, I had a big epiphany during the course of working on the exhibition. While talking with a colleague from Poland, I learned that there, tending the graves of one’s family is a big deal. There’s a national day of mourning every year where you go to the cemetery and light candles, plant flowers and tidy the grave.

Then she asked me, “What’s it like in the UK?” I realized my answer was: “Nothing.” It was only at that point that I realized neither of my grandmothers have a memorial stone. There’s nothing. They both got cremated at the crematorium in the west of Newcastle, and there are no memorials. I realized I didn’t even know where their ashes are. I’d never thought about it before.

Having delved into the subject, do you think you’ll take your architectural practice towards developing death-related buildings?

What I’d actually like to work on now is end-of-life care, because it seems to matter more what happens when the person’s still alive. I plan to research hospitals and health care institutions — do a fundamental study of how they work, and why, what goes right and what goes wrong. From there, I’d like to reconceive architecture associated with death to shelter that process. Looking at these buildings from the perspective of death also calls into question what these buildings are like more generally. They’re awful just to go to as a visitor, or for something minor and routine, so I’d like to look more widely at redesigning buildings for health care.

But it’s still early. We are still wrapping up Death in Venice, and are arranging our first few meetings with galleries and commissioning and funding bodies. While that’s happening, I’ll approach health care institutions to see who might commission such practice-based research.

It would also be interesting to work with hospices, institutions like Maggie’s Centres. This is an organization started by architecture critic Charles Jencks, whose wife Maggie suffered from cancer. They started the charity based on her experience of hospitals and cancer care, and now commission cancer care centers. These are essentially daycare centers, with no inpatients. Instead, they provide daytime support to patients, who can then remain at home. They might include counseling, dispensing medicines, or consultations with a doctor. They can also include social space. At Maggie’s Centres, the spaces are often centered around a kitchen table.

Interactive installation in Death in Venice: projection on smoke. The pattern being projected is based on changing life-expectancy data over the 20th century. The installation plays with the idea of the pervasive yet nearlly invisible presence of death. The smoke makes the beams of light from the projector visible. Photo: A. Molenda

Interactive installation in Death in Venice: projection on smoke. The pattern being projected is based on changing life-expectancy data over the 20th century. The installation plays with the idea of the pervasive yet nearly invisible presence of death. The smoke makes the beams of light from the projector visible. Photo: A. Molenda

You’ve been thinking about death quite heavily in the last year. What else are you working on?

I have three projects running alongside each other at the moment. One is looking at how humanitarian agencies contribute to reconstructing cities after disaster, and helping them to work better in urban areas. This project came out of undergraduate work I did in refugee shelter, and a master’s degree I did in humanitarianism. I’ve been involved in that sort of world for about a decade.

I’ve also just finished a big study on vacant buildings in cities — specifically Rotterdam, Amsterdam, London, New York, Detroit, Stuttgart, Berlin and Tel Aviv — and how they can be used by arts and community groups. Almost every city has run-down areas with high numbers of empty shops and offices, and there are already awesome examples of projects like this around the world, but they often fail, primarily for financial reasons. I’m looking at possible financial and business models for such projects, doing interviews with the people carrying them out, but also turning the spreadsheets they use for their accounts into infographics. It’s useful to make that information visible, because then we can start to have proper conversations and develop better strategies. I’d now like to start developing that research into something practical, creating strategies for regenerating city neighborhoods with lots of empty buildings.

But I am still quite focused on Death in Venice, hoping to bring it to the UK as well as the Netherlands, in order to extend the dialogue around the subject. The exhibition explained where we are now and how we had come to this point, but it left a really obvious question unanswered: what should these buildings be like in the future? That’s where I would like my work to go next.

The final room in the Death in Venice exhibition. Panels on the back wall are infographics on death-related statistics, printed as reliefs so that visitors could make souvenir newsprint-and graphite-rubbings. Tables in the foreground hold postcards with information about death-related spaces, covering 1914, 1948, 1981 and 2014. Photo: A. Molenda

The final room in the Death in Venice exhibition. Panels on the back wall are infographics on death-related statistics, printed as reliefs so that visitors could make souvenir newsprint-and graphite-rubbings. Tables in the foreground hold postcards with information about death-related spaces, covering 1914, 1948, 1981 and 2014. Photo: A. Molenda

Sociological ImagesThe Rise of the Strawberry

Strawberry shortcake, chocolate covered strawberries, strawberry daiquiris, strawberry ice cream, and strawberries in your cereal. Just delicious combinations of strawberries and things? Of course not.

According to an investigative report at The Guardian, in the first half of the 1900s, Americans didn’t eat nearly as many strawberries as they do now. There weren’t actually as many strawberries to eat. They’re a fragile crop, more prone than others to insects and unpredictable weather.

In the mid-1950s, though, scientists at the University of California began experimenting with a poison called chloropicrin. Originally used as a toxic gas in World War I, scientists had learned that it was quite toxic to fungus, weeds, parasites, bacteria, and insects. By the 1960s, they were soaking the soil underneath strawberries with the stuff. Nearly every strawberry field in California — a state that produces 80% of our strawberries — was being treated with chloropicrin or a related chemical, methyl bromide.

In the meantime, a major grower had collaborated with the University, creating heartier varieties of strawberries and ones that could be grown throughout the year. These developments doubled the strawberry crop. This was more strawberries than California — and the country — had ever seen. The supply now outpaced the demand.

Enter: Strawberry Shortcake.


Strawberry Shortcake was invented by American Greetings, the greeting card company. She was created in cahoots with the strawberry growers association. They made a deal, just one part of a massive marketing campaign to raise the profile of the strawberry.

The head of the association at the time, Dave Riggs, aggressively marketed tie-ins with other products, too: Bisquick, Jello, Corn Flakes, and Cheerios. Cool Whip still has a strawberry on its container and its website is absolutely dotted with the fruit.


Riggs went to the most popular women’s magazines, too — Ladies’ Home Journal, Redbook, and Good Housekeeping — and provided them with recipe ideas. It was an all out strawberry assault on America.

It worked. “Today,” according to The Guardian, “Americans eat four times as many fresh strawberries as they did in the 1970s.” We think it’s because we like them, but is it?

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

RacialiciousThe Racialicious Live-Tweet For The 2015 Oscars

If you skipped last night’s ceremony, we certainly don’t blame you. But, Kendra and Arturo were live-snarking throughout the night, and you can catch their recap of the highs and awkward lows under the cut.

<iframe allowtransparency="true" frameborder="no" height="750" src="" width="100%"></iframe><script src=""></script>
<noscript>[View the story “The Racialicious Live-Tweet For The 2015 Oscars” on Storify]</noscript>

The post The Racialicious Live-Tweet For The 2015 Oscars appeared first on Racialicious - the intersection of race and pop culture.

Sociological ImagesHappy Birthday to W.E.B. DuBois!

Source: University of Massachusetts, Amherst.

Have a scholar we should commemorate? Send us a cool pic and we will!

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

Worse Than FailureCodeSOD: A Small Closing

Dario got a call that simply said, “Things are broken.” When he tried to get more details, it was difficult for the users to pin it down more clearly. Things would work, then they wouldn’t. The application would run, then it would hang, then it would suddenly start working again.

Wells Street Station closed.jpg

He knew that his co-worker, Bob, had been doing some performance tuning, so that was probably the right place to look. “Bob, have you made any changes that might cause weird behavior?”

“No, no. I’ve just been optimizing the file-handles.”

“Are you just using jargon to sound like you know what you’re talking about?”

“No! I mean, I’ve just been optimizing how we manage our file-handles so that we don’t leave them open.”

“Oh, that makes sense. Show me. <script src="" type="text/javascript"></script>.”

Proud of his clever solution, Bob showed him:

def close_all_files():
    for fd in range(resource.getrlimit(resource.RLIMIT_NOFILE)[1]):
        except OSError:
<link href="" rel="stylesheet"/> <script src=""></script> <script>hljs.initHighlightingOnLoad();</script>

The function resource.getrlimit() returns some resource limit that controls the behavior of the Python runtime. This could be the size of the call stack, how much CPU time it’s allowed to use, or in this case, the RLIMIT_NOFILE- the number of allowed file descriptors for the current process.

On a typical system, this number could be quite large. For example, 9,223,372,036,854,775,807. Then, for each one of those integers, the code then asks the operating system to pretty-please close any files with that file descriptor. If anything goes wrong, catch the exception and ignore it.

Now, the good news is that this can’t close any files that weren’t currently opened by the Python process. The bad news is that it can close any file opened by the Python process. This triggered a cascading series of Bad file descriptor errors, and every time the function ran, it would grind the system to a halt while it tried to close every possible file ever opened.

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!

Planet DebianEnrico Zini: akonadi-build-hth

The wonders of missing documentation

Update: I have managed to build an example Akonadi client application.

I'm new here, I want to make a simple C++ GUI app that pops up a QCalendarWidget which my local Akonadi has appointments.

I open qtcreator, create a new app, hack away for a while, then of course I get undefined references for all Akonadi symbols, since I didn't tell the build system that I'm building with akonadi. Ok.

How do I tell the build system that I'm building with akonadi? After 20 minutes of frantic looking around the internet, I still have no idea.

There is a package called libakonadi-dev which does not seem to have anything to do with this. That page mentions everything about making applications with Akonadi except how to build them.

There is a package called kdepimlibs5-dev which looks promising: it has no .a files but it does have haders and cmake files. However, qtcreator is only integrated with qmake, and I would really like the handholding of an IDE at this stage.

I put something together naively doing just what looked right, and I managed to get an application that segfaults before main() is even called:

 * Copyright © 2015 Enrico Zini <>
 * This work is free. You can redistribute it and/or modify it under the
 * terms of the Do What The Fuck You Want To Public License, Version 2,
 * as published by Sam Hocevar. See the COPYING file for more details.
#include <QDebug>

int main(int argc, char *argv[])
    qDebug() << "BEGIN";
    return 0;
QT       += core gui widgets
CONFIG += c++11

TARGET = wtf

LIBS += -lkdecore -lakonadi-kde

SOURCES += wtf.cpp

I didn't achieve what I wanted, but I feel like I achieved something magical and beautiful after all.

I shall now perform some haruspicy on those oscure cmake files to see if I can figure something out. But seriously, people?

Geek FeminismThese links are made for spamming (22 February 2015)

  • DiversityMediocrityIllusion | Martin Fowler (January 13): “A common argument against pushing for greater diversity is that it will lower standards, raising the spectre of a diverse but mediocre group.” Martin Fowler explains why that’s nonsense.
  • On the Wadhwa Within, and Leaving | Medium (February): “That’s why I’m wary of the villainization of Vivek Wadhwa. For all that he is cartoonishly bad, going after him full force has the effect of drawing a bright line between Good People who see and crow over the error of Wadhwa’s ways and Bad People like Vivek. “
  • Q&A: Gillian Jacobs On Directing Her First Film And The Myth Of The Male Computer Geek | FiveThirtyEight (January 30): “This week, FiveThirtyEight launched its documentary film about Grace Hopper, a rear admiral in the U.S. Navy and the driving force behind the first compiled programming language.”
  • Video Games’ Blackness Problem | Evan Narcisse on Kotaku (February 19): “I decided to email with several prominent black critics and game developers to start a conversation. What is the source of video gaming’s blackness problem? What is to be done? I enlisted games researcher and critic Austin Walker, Treachery in Beatdown City developer Shawn Alexander Allen, Joylancer developer TJ Thomas and SoulForm developer and Brooklyn Gamery co-founder Catt Small to talk about what we all thought.”
  • I Pretended to Be a Male Gamer to Avoid Harassment | Daily Life (December 11): “Things went along smoothly until I started playing at the top level of WoW (World of Warcraft). To participate, you have to join a ‘guild’ — a large group of people who can commit to playing for long sessions. Being allowed into a guild is like a job interview, and as part of that process (like proving I had access to voice chat) I had to reveal that I was a girl.”
  • “Lean the f*** away from me”: Jessica Williams, “impostor syndrome” and the many ways we serially doubt women | (February 18): “After a week of intense speculation about who would be taking over “The Daily Show,” Jessica Williams addressed the rumors that she was (or at least should be) the heir apparent for host. In a series of tweets, Williams thanked people for the support, but said she wouldn’t be sitting behind the anchor desk any time soon. (…) A little while later, a writer for the Billfold responded to Williams’ announcement with a piece that claimed she was a “victim” of impostor syndrome, and that she needed to “lean in.” “
  • Feminist writers are so besieged by online abuse that some have begun to retire | The Washington Post (February 20): “Jessica Valenti is one of the most successful and visible feminists of her generation. As a columnist for the Guardian, her face regularly appears on the site’s front page. She has written five books, one of which was adapted into a documentary, since founding the blog She gives speeches all over the country. And she tells me that, because of the nonstop harassment that feminist writers face online, if she could start over, she might prefer to be completely anonymous.”
  • Research suggests that the pipeline of science talent may leak for men and women at the same rate | Inside Higher Ed (February 18): “For years, experts on the academic and scientific workforce have talked about a “leaky pipeline” in which women with talent in science and technology fields are less likely than men to pursue doctorates and potentially become faculty members. A study published Tuesday in the journal Frontiers in Psychology says that the pipeline may no longer be leaking more women than men.”
  • Life Hacks for the Marginalized | Medium (February 16): “Being human is hard! It’s even harder when your humanity is brought into question on a daily basis. But don’t let that get you down! So you’re not white/straight/male/abled/cisgendered/thin/rich — that doesn’t mean your life is over! It just means it’s much, much, much, much, much, much harder.
    Luckily, we have some time-saving tips that can help! By “help,” we mean “mildly mitigate your problems.” To solve them completely, try building a time machine and either engineering a whole new history that gives your people more power, or fast-forwarding to a post-patriarchy utopia.”
  • Like it or not, Supanova, popular culture is political | The Drum (Australian Broadcasting Corporation) (February 18): “Online protesters have urged Supanova to reconsider Baldwin’s attendance given the inflammatory and offensive comments he regularly makes on social media, particularly about women, transgender people and gay people. But when the expo released a statement saying it would be proceeding as planned, it showed it didn’t care about creating a safe and inclusive environment for attendees.”
  • The War for the Soul of Geek Culture | (February 16): “The irony is that while externally, geeks are being accepted as a whole, internally, the story is much different. There’s an ugly core of nastiness coming from a very vocal minority, and as geek culture continues to expand, they only grow louder. And while the nastier moments of that ugly minority are starting to be recognized and picked up by mainstream media, it’s still largely our problem. Simply put, there is a war being waged right now for the soul of geek culture. And it’s a hell of a lot uglier than you realize.”
  • Binary Coeds | BackStory with the American History Guys (February 6): “The idea [of] the male programmer may be a stereotype, but having a male-heavy workforce is a real issue for the industry. Companies see a big gender disparity when they look at their technical workforce, and many are asking themselves how to get more women into computer science. But when you look at the history of computer programming, the question actually looks a little different. It’s less about how to get women into computer science than about how to get women back into computing.”
  • How To Talk To Girls On Twitter Without Coming Off Like A Creepy Rando | Adequate Man (February 17): “So, here you are, my friend, following a lot of brilliant women on Twitter (I hope). It’s so fun, and the best part of Twitter is connecting with people, so you want to reply to some of her great tweets with your own great opinions and jokes! Cool, cool, but here are some things to keep in mind.”
  • Art+Feminism Is Hosting Its Second Ever Wikipedia Edit-a-thon To Promote Gender Equality | The Mary Sue (February 18): ” In 2011, a survey conducted by the Wikimedia Foundation found that less than 10% of Wikipedia editors identified as female, to say nothing of recent clashes between editors in the Gamergate article that resulted in several women being banned from writing about gender at all. But just talking about the problem isn’t going to create more female editors—training women who are interested will.”
  • #ScienceWoman Special Project | Amy Poehler’s Smart Girls (February 16): “Amy Poehler’s Smart Girls is teaming up with the hit PBS Digital Studios science YouTube show It’s Okay To Be Smart to celebrate amazing women in science. We’ve got a special project planned for the beginning of March, but we can’t do it without YOU!”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

Planet Linux AustraliaTridge on UAVs: APM:Plane 3.2.3 and 3.3.0beta1 released

The ArduPilot development team has a special treat for fixed wing users today - a double release!

  • A new stable 3.2.3 release with 3 fixes for 3.2.2
  • A new 3.3.0beta1 release with a lot more changes for wider testing

The 3.2.3 release is a minor update to 3.2.2 with 3 fixes:

  • A fixed to relative altitude drift when on the ground before takeoff
  • fixed TKOFF_THR_DELAY to be able to be up to 127 (for 12.7 seconds)
  • fixed INS_PRODUCT_ID (it was being reported as zero)

The most important fix is for the altitude drift, which could cause a poor altitude reference if your GPS altitude drifted while disarmed. The bug showed up as a significant drift in the reported relative altitude on the ground station when the aircraft was disarmed with the EKF enabled. The root cause of the bug was a disconnect between the EKF origin and the planes origin for relative altitudes. It only happened when the GPS altitude varied significantly while disarmed.

Start of 3.3.0 beta releases

The 3.3.0beta1 release has a lot more changes in it. The largest of the changes are internal, such as performance improvements in the NuttX operating system on Pixhawk, but given the size of the changes we want as many test users as possible.

Changes in 3.3.0beta1 include:

  • a new SerialManager library which gives much more flexible management of serial port assignment
  • changed the default FS_LONG_TIMEOUT to 5 seconds
  • raised default IMAX for roll/pitch to 3000
  • lowered default L1 navigation period to 20
  • new BRD_SBUS_OUT parameter to enable SBUS output on Pixhawk
  • large improvements to the internals of PX4Firmware/PX4NuttX for better performance
  • auto-formatting of microSD cards if they can't be mounted on boot (PX4/Pixhawk only)
  • a new PWM based driver for the PulsedLight Lidar to avoid issues with the I2C interface

I'm expecting a lot more changes will go into the 3.3.0 release as we still have a lot of pending pull requests. I will be doing regular beta updates as new patches go in (once they are flight tested).

Happy flying!

Planet Linux AustraliaMichael Still: Oakey trig

I've got to say, this trig was disappointing. It was a lunch time walk, so a bit rushed, but the trig was just boring. Not particularly far, or particularly steep, or in a particularly interesting area. That said, it wasn't terrible. It just felt generic compared with other trigs I've walked to.


Interactive map for this route.

Tags for this post: blog pictures 20150223-oakey_trig photo canberra tuggeranong bushwalk trig_point
Related posts: Big Monks; A walk around Mount Stranger; Forster trig; Two trigs and a first attempt at finding Westlake; Taylor Trig; Urambi Trig


Krebs on SecurityTurboTax’s Anti-Fraud Efforts Under Scrutiny

Two former security employees at Intuit — the makers of the popular tax preparation software and service TurboTax – allege that the company has made millions of dollars knowingly processing state and federal tax refunds filed by cybercriminals. Intuit says it leads the industry in voluntarily reporting suspicious returns, and that ultimately it is up to the Internal Revenue Service to develop industry-wide requirements for tax preparation firms to follow in their fight against the multi-billion dollar problem of tax refund fraud.

Last week, KrebsOnSecurity published an exclusive interview with Indu Kodukula, Intuit’s chief information security officer. Kodukula explained that customer password re-use was a major cause of a spike this tax season in fraudulent state tax refund requests. The increase in phony state refund requests prompted several state revenue departments to complain to their state attorneys general. In response, TurboTax temporarily halted all state filings while it investigated claims of a possible breach. The company resumed state filing shortly after that pause, saying it could find no evidence that customers’ TurboTax credentials had been stolen from its network.

Kodukula noted that although the incidence of hijacked, existing TurboTax accounts was rapidly growing, the majority of refund scams the company has to deal with stem from “stolen identity refund fraud” or SIRF. In SIRF, the thieves gather pieces of data about taxpayers from outside means — through phishing attacks or identity theft services in the underground, for example — then create accounts at TurboTax in the victims’ names and file fraudulent tax refund claims with the IRS.

Kodukula cast Intuit as an industry leader in helping the IRS identify and ultimately deny suspicious tax returns. But that portrayal only tells part of the story, according to two former Intuit employees who until recently each held crucial security positions helping the company identify and fight tax fraud. Both individuals described a company that has intentionally dialed back efforts to crack down on SIRF so as not to lose market share when fraudsters began shifting their business to Intuit’s competitors.

Robert Lee, a security business partner at Intuit’s consumer tax group until his departure from the company in July 2014, said he and his team at Intuit developed sophisticated fraud models to help Intuit quickly identify and close accounts that were being used by crooks to commit massive amounts of SIRF fraud.

But Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company’s service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.

“If I sign up for an account and file tax refund requests on 100 people who are not me, it’s obviously fraud,” Lee said in an interview with KrebsOnSecurity. “We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts.

The allegations surface just days after Senate Finance Committee Chairman Orrin Hatch (R., Utah) said his panel will be holding hearings on reports about a spike in fraudulent filings through TurboTax and elsewhere. The House Ways and Means Committee is reportedly looking into the matter and has held bipartisan staff-level discussions with the IRS and Intuit.

The Federal Trade Commission (FTC) said it received 332,646 identity theft complaints in the calendar year 2014, and that almost one-third of them — the largest portion — were tax-related identity theft complaints. Tax identity theft has been the largest ID theft category for the last five years.

According to a recent report (PDF) from the U.S. Government Accountability Office (GAO), the IRS estimated it prevented $24.2 billion in fraudulent identity theft refunds in 2013.  Unfortunately, the IRS also paid $5.8 billion that year for refund requests later determined to be fraud. The GAO noted that because of the difficulties in knowing the amount of undetected fraud, the actual amount could far exceed those estimates.


Lee said the scammers who hijack existing TurboTax accounts most often will use stolen credit cards to pay the $25-$50 TurboTax fee for processing and sending the refund request to the IRS.

But he said the crooks perpetrating SIRF typically force the IRS — and, by extension, U.S. taxpayers — to cover the fee for their bogus filings. That’s because most SIRF filings take advantage of what’s known in the online tax preparation business as a ‘refund transfer’, which deducts TurboTax’s filing fee from the total amount of the fraudulent refund request. If the IRS then approves the fraudulent return, TurboTax gets paid.

“The reason fraudsters love this system is because they don’t even have to use stolen credit cards to do it,” Lee said. “What’s really going on here is that the fraud business is actually profitable for Intuit.”

Lee confirmed Kodukula’s narrative that Intuit is an industry leader in sending the IRS regular reports about tax returns that appear suspicious. But he said the company eventually scaled back those reports after noticing that the overall fraud the IRS was reporting wasn’t decreasing as a result of Intuit’s reporting: Fraudsters were simply taking their business to Intuit’s competitors.

“We noticed the IRS started taking action, and because of this, we started to see not only our fraud numbers but also our revenue go down before the peak of tax season a couple of years ago,” Lee recalled. “When we stopped or delayed sending those fraud numbers, we saw the fraud and our revenue go back up.

Lee said that early on, the reports on returns that Intuit’s fraud teams flagged as bogus were sent immediately to the IRS.

“Then, there was a time period where we didn’t deliver that information at all,” he said. “And then at one point there was a two-week delay added between the time the information was ready and the time it was submitted to the IRS. There was no technical reason for that delay, but I can only speculate what the real justification for that was.”

KrebsOnSecurity obtained a copy of a recording made of an internal Intuit conference call on Oct. 14, 2014, in which Michael Lyons, TurboTax’s deputy general counsel, describes the risks of the company being overly aggressive — relative to its competitors — in flagging suspicious tax returns for the IRS.

“As you can imagine, the bad guys being smart and savvy, they saw this and noticed it, they just went somewhere else,” Lyons said in the recording. “The amount of fraudulent activity didn’t change. The landscape didn’t change. It was like squeezing a balloon. They recognized that TurboTax returns were getting stopped at the door. So they said, ‘We’ll just go over to H&R Block, to TaxSlayer or TaxAct, or whatever.’ And all of a sudden we saw what we call ‘multi-filer activity’ had completely dropped off a cliff but the amount that the IRS reported coming through digital channels and through their self reported fraud network was not changing at all. The bad guys had just gone from us to others.”

That recording was shared by Shane MacDougall, formerly a principal security engineer at Intuit. MacDougall resigned from the company last week and filed an official whistleblower complaint with the U.S. Securities and Exchange Commission, alleging that the company routinely placed profits ahead of ethics. MacDougall submitted the recording in his filing with the SEC.

“Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn’t do anything that would ‘hurt the numbers’,” MacDougall wrote in his SEC filing. “Complainant repeatedly offered solutions to help stop the fraud, but was ignored.”


For its part, Intuit maintains that it is well out in front of its competitors in voluntarily reporting to the IRS refund requests that the company has flagged as suspicious. The company also stresses that it has done so even though the IRS still has not promulgated rules that require TurboTax and its competitors to report suspicious returns  — or even how to report such activity. Intuit executives say they went to the IRS three years ago to request specific authority to share that information. The IRS did not respond to requests for comment.

Intuit officials declined to address Lyons’ recorded comments specifically, although they did confirm that a company attorney led an employee WebEx meeting on the date the recording was made. But David Williams, Intuit’s chief tax officer, said what’s missing from the recorded conversation excerpted above is that Intuit has been at the forefront of asking the IRS to propose industry standards that every industry player can follow — requests that have so far gone unheeded.

“We have led the industry in making suspicious activity reports, and I’d venture to say that virtually all of the returns that Mr. Lee is quoted as referring to appear in our suspicious activity reports and are stopped by the IRS,” Williams said. “Whatever else Mr. Lee may have seen, I’m not buying the premise that somehow there was a profit motive in it for us.”

Robert Lanesey, Inuit’s chief communications officer, said Intuit doesn’t make a penny on tax filings that are ultimately rejected by the IRS.

“Revenue that comes from reports included in our suspicious activity reports to the IRS has dropped precipitously as we have changed and improved our reporting mechanisms,” Lanesey said. “When it comes to market share, it doesn’t count toward our market share unless it’s a successful return. We’ve gotten better and we’ve gotten more accurate, but it’s not about money.”

Williams added that it is not up to Intuit to block returns from being filed, and that it is the IRS’s sole determination whether to process a given refund request.

“We will flag them as suspicious, but we do not get to determine if a return is fraud,” Williams said. “It’s the IRS’s responsibility and ultimately they make that decision. What I will tell you is that of the ones we report as suspicious, the IRS rejects a very high percentage, somewhere in the 80-90 percent range.”

Earlier this month, Intuit CEO Brad Smith sent a letter to the commissioner of the IRS,  noting that while Intuit sends reports to the IRS when it sees patterns of suspicious behavior, the government has been limited in the types of information it can share with parties, including tax-preparation firms.

“The IRS could be the convener to bring the States together to help drive common standards adoption,” Smith wrote, offering the assistance of Intuit staff members “to work directly with the IRS and the States in whatever ways may be of assistance…as the fight against fraud goes forward.”


Lee and MacDougall both said Intuit’s official approach to fighting fraud is guided by a policy of zero tolerance for so-called “false positives” — the problem of incorrectly flagging a legitimate customer refund request as suspicious, and possibly incurring the double whammy of a delay in the customer’s refund and an inquiry by the IRS. This is supported by audio recordings of conference calls between Intuit’s senior executives that were shared with KrebsOnSecurity.

“We protect the sanctity of the customer experience and hold it as inviolate,” Intuit’s General
Counsel Michael Lyons can be heard saying on a recorded October 2014 internal conference call. “We do everything we can to organize the best screening program we can, but we avoid false positives at all costs. Because getting a legitimate taxpayer ensnared in the ‘you’re a bad guy’ area with the IRS is hell. Once your return gets flagged as suspicious, rejected and the IRS starts investigating, you’re not in a good place. More than 50 percent of people out there are living paycheck to paycheck, and when this is the biggest paycheck of the year for them, they can’t afford to get erroneously flagged as fraud and have to prove to the IRS who they are so that they can get that legitimate refund that they were expecting months ago.”

On the same conference call, MacDougall can be heard asking Lyons why the company wouldn’t want to use security as a way to set the company apart from its competitors in the online tax preparation industry.

“We don’t use security as a marketing tactic for Intuit,” Lyons explained. “We declared that this was one of our principles. It is always possible for Intuit to build a better mousetrap. But because it doesn’t solve the systemic problem of bad guys doing this, all it really does is shoot us in the foot and make it slightly easier for IRS to continue to kick the can down the road. What it does do is artificially harm our numbers and artificially inflate the competitive numbers associated with digital tax returns.”

Intuit’s Lanesey confirmed Lee’s claim that Intuit adds a delay — it is currently three weeks — from the time a customer files a refund claim and the time it transmits “scoring” data to the IRS intended to communicate which returns the company believes are suspicious. Lanesey said the delay was added specifically to avoid false positives.

“The reason we did that was that when we started this reporting, we weren’t accurate, and were ensnaring legitimate taxpayers in that process,” Lanesey said. “We slowed down and spent more time to review to make sure we could get more accurate and we have in fact done exactly that. The match rates between what the IRS rejects and what we send are now measurably higher today with the new reporting than they were then.”

Unfortunately, three weeks is about how long the IRS takes to decide whether to reject or approve tax refund requests. In an August 2014 report to Congress on the tax refund fraud epidemic, the GAO said that for 2014, the IRS informed taxpayers that it would generally issue refunds in less than 21 days after receiving a tax return — primarily because the IRS is required by law to pay interest if it takes longer than 45 days after the due date of the return to issue a refund.

Williams said Intuit is open to shortening its reporting delay.

“As we’ve gotten better at this and the IRS has gotten better at this, we can certainly look at shortening the timeframes,” he said. “Given the fact that over the past few years we’ve improved our speed, processes and techniques for reporting accurately, we can certainly explore whether they are able to take the data we give them and we are able to provide it to them in a way that is more useful.”


The scourge of tax fraud is hardly a problem confined to TurboTax, but with nearly 29 million customers last year TurboTax is by far the biggest player in the market. In contrast, H&R Block and TaxAct each handled seven million prepared returns last year, according to figures collected by The Wall Street Journal.

Both Lee and MacDougall said they wanted to go public with their concerns because TurboTax and the rest of the industry  have for so long put off implementing stronger account security measures. MacDougall said he filed the whistleblower complaint with the SEC because he witnessed a pattern of activity within Intuit’s management that suggested the firm was not interested in stopping fraud if it meant throttling profits when none of its competitors were doing the same.

MacDougall said that about a year ago he had a meeting with the head of Intuit’s security division wherein security team members were asked to pitch their projects for the year. MacDougall said he thought his idea was certain to generate an enthusiastic response from higher-ups at the company: Build a fraud ‘honeypot.’

In information security terminology, a honeypot is a virtual holding area to which known or suspected fraudsters are redirected, so that their actions and activities can be monitored and mined for patterns that potentially aid in better identifying fraudulent activity. Honeypots also serve a more cathartic — albeit potentially just as useful — purpose: They tie up the time and attention of the fraudsters and cause them to waste tons of resources on fruitless activity.

“My project was going to be a fraud honeypot,” MacDougall recalled. “My pitch was that we would create a honeypot in TurboTax so that every time a fraudster came in and we figured it out, we’d switch them over to the honeypot version of the site so that we could waste their time, exhaust their resources, and at the end of the day they wouldn’t know they’d been scammed for several weeks, when they finally realized that none of their fraudulent returns had even been filed.”

But MacDougall said he was stunned when his boss emphatically rejected his idea for use on TurboTax accounts. Instead, she brought up the fraud-as-a-balloon analogy, MacDougall said.

“She said ‘You can use this on any other product except TurboTax’,” MacDougall said. “I asked why we wouldn’t want to use this on our flagship product, and her answer was that this was an industry problem and not just a TurboTax problem.”

whattodo copyOnly after Intuit was forced to temporarily suspend state filings earlier this month did the company’s chief executive announce plans to beef up the security of customer accounts. Intuit now says it plans to start requiring customers to validate their accounts, either via email, text message or by answering questions about their financial history relayed through the service by big-three credit bureau Experian.

Lee says those requirements are long overdue, but that they don’t go nearly far enough considering how much sensitive information Intuit holds about tens of millions of taxpayers.

“Tax preparers ought to apply similar ‘know your customer’ practices that we see in the financial markets,” he said. “When you give your most sensitive data and that of your family’s to a company, that company should offer you more security than you can get at Facebook or World of Warcraft,” Lee said, referring to two popular online businesses that have long offered the type of multi-factor authentication that Intuit just announced this month.

At a minimum, Lee said, tax preparation companies should require users to prove they have access to the phone number and email address that they assign to their account, and should bar multiple accounts from using the same phone number or email address. TurboTax and others also should allow only one account per Social Security number, he said.

“The point here is not to shame Intuit, but to educate the American public about what’s going on,” Lee said. “The industry as a whole, not just Intuit, needs to grow up and tackle this fraud problem seriously.”

Intuit’s David Williams said the company is focused on remedying some of the account issues raised by Lee and others.

“To be fair, our recent experience with the states has been a wake-up call that we are going to be more aggressive than anybody going forward, even if we were just acting consistently [with the rest of the industry] in the past,” he said. “That’s why we always talk about our anti-fraud efforts as evolving. We don’t have every great idea in the world, but we’re always looking at improving.”

Kelvin ThomsonMelbourne Heat Island Effect

Last year I did research into, and gave speeches about, the public health benefits of public open space. My view about the importance of this is reinforced by recent statements in the Moreland Leader by University of Sydney Associate Professor Tonia Gray that research shows that neighbourhoods with more green spaces are much healthier and socially cohesive. She says, "Nature has a calming effect, it recalibrates your body. Australian kids spend an average of 52 hours a week in front of a screen but an average of 40 minutes outside".<o:p></o:p>

The importance of trees and vegetation cover is also reinforced by research calling for Melbourne suburbs to increase their tree cover to combat rising temperatures. The urban heat island effect occurs when built-up areas with surfaces such as roads, concrete and buildings absorb heat on hot days. It is dangerous to public health. In 2013 and 2014 over 400 Victorians were admitted to hospital for heat related illness. Researchers say "heat islands" are only going to get hotter unless more green spaces are incorporated.<o:p></o:p>

Given this, it is folly to allow dual occupancy, multi-unit and high rise developments to lead to the cutting down of trees and shrubs and the paving over of open spaces which are presently cooling Melbourne down. We need to push back against plans by property developers and council officers to allow more buildings in what are already built up suburbs.<o:p></o:p>

Planet DebianDirk Eddelbuettel: drat Tutorial: Publishing a package


The drat package was released earlier this month, and described in a first blog post. I received some helpful feedback about what works and what doesn't. For example, Jenny Bryan pointed out that I was not making a clear enough distinction between the role of using drat to publish code, and using drat to receive/install code. Very fair point, and somewhat tricky as R aims to blur the line between being a user and developer of statistical analyses, and hence packages. Many of us are both. Both the main point is well taken, and this note aims to clarify this issue a little by focusing on the former.

Another point make by Jenny concerns the double use of repository. And indeed, I conflated repository (in the sense of a GitHub code repository) with repository for a package store used by a package manager. The former, a GitHub repository, is something we use to implement a personal drat with: A GitHub repository happens to be uniquely identifiable just by its account name, and given an (optional) gh-pages branch also offers a stable and performant webserver we use to deliver packages for R. A (personal) code repository on the other hand is something we implement somewhere---possibly via drat which supports local directories, possibly on a network share, as well as anywhere web-accessible, e.g. via a GitHub repository. It is a little confusing, but I will aim to make the distinction clearer.

Just once: Setting up a drat repository

So let us for the remainder of this post assume the role of a code publisher. Assume you have a package you would like to make available, which may not be on CRAN and for which you would like to make installation by others easier via drat. The example below will use an interim version of drat which I pushed out yesterday (after fixing a bug noticed when pushing the very new RcppAPT package).

For the following, all we assume (apart from having a package to publish) is that you have a drat directory setup within your git / GitHub repository. This is not an onerous restriction. First off, you don't have to use git or GitHub to publish via drat: local file stores and other web servers work just as well (and are documented). GitHub simply makes it easiest. Second, bootstrapping one is trivial: just fork my drat GitHub repository and then create a local clone of the fork.

There is one additional requirement: you need a gh-pages branch. Using the fork-and-clone approach ensures this. Otherwise, if you know your way around git you already know how to create a gh-pages branch.

Enough of the prerequisities. And on towards real fun. Let's ensure we are in the gh-pages branch:

edd@max:~/git/drat(master)$ git checkout gh-pages
Switched to branch 'gh-pages'
Your branch is up-to-date with 'origin/gh-pages'.

Publish: Run one drat command to insert a package

Now, let us assume you have a package to publish. In my case this was version of drat itself as it contains a fix for the very command I am showing here. So if you want to run this, ensure you have this version of drat as the CRAN version is currently behind at release 0.0.1 (though I plan to correct that in the next few days).

To publish an R package into a code repository created via drat running on a drat GitHub repository, just run insertPackage(packagefile) which we show here with the optional commit=TRUE. The path to the package can be absolute are relative; the easists is often to go up one directory from the sources to where R CMD build ... has created the package file.

edd@max:~/git$ Rscript -e 'library(drat); insertPackage("drat_0.0.1.2.tar.gz", commit=TRUE)'
[gh-pages 0d2093a] adding drat_0.0.1.2.tar.gz to drat
 3 files changed, 2 insertions(+), 2 deletions(-)
 create mode 100644 src/contrib/drat_0.0.1.2.tar.gz
Counting objects: 7, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (7/7), 7.37 KiB | 0 bytes/s, done.
Total 7 (delta 1), reused 0 (delta 0)
   206d2fa..0d2093a  gh-pages -> gh-pages

You can equally well run this as insertPackage("drat_0.0.1.2.tar.gz"), then inspect the repo and only then run the git commands add, commit and push. Also note that future versions of drat will most likely support git operations directly by relying on the very promising git2r package. But this just affect package internals, the user-facing call of e.g. insertPackage("drat_0.0.1.2.tar.gz", commit=TRUE) will remain unchanged.

And in a nutshell that really is all there is to it. With the newly drat-ed package pushed to your GitHub repository with a single function call), it is available via the automatically-provided gh-pages webserver access to anyone in the world. All they need to do is to point R's package management code (which is built into R itself and used for e.g._ CRAN and BioConductor R package repositories) to the new repo---and that is also just a single drat command. We showed this in the first blog post and may expand on it again in a follow-up.

So in summary, that really is all there is to it. After a one-time setup / ensuring you are on the gh-pages branch, all it takes is a single function call from the drat package to publish your package to your drat GitHub repository.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


Planet DebianRogério Brito: User-Agent strings and privacy

I just had my hands on some mobile devices (a Samsung's Galaxy Tab S 8.4", an Apple's iPad mini 3, and my no-name tablet that runs Android).

I got curious to see how the different browsers identify themselves to the world via their User agent strings and I must say that each browser's string reveals a lot about both the browser makers and their philosophies regarding user privacy.

Here is a simple table that I compiled with the information that I collected (sorry if it gets too wide):

Device Browser User-Agent String
Samsung Galaxy Tab S Firefox 35.0 Mozilla/5.0 (Android; Tablet; rv:35.0) Gecko/35.0 Firefox/35.0
Samsung Galaxy Tab S Firefox 35.0.1 Mozilla/5.0 (Android; Tablet; rv:35.0.1) Gecko/35.0.1 Firefox/35.0.1
Samsung Galaxy Tab S Android's 4.4.2 stock browser Mozilla/5.0 (Linux; Android 4.4.2; en-gb; SAMSUNG SM-T700 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
Samsung Galaxy Tab S Updated Chrome Mozilla/5.0 (Linux; Android 4.4.2; SM-T700 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.109 Safari/537.36
Vanilla tablet Android's 4.1.1 stock browser Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; TB1010 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
Vanilla tablet Firefox 35.0.1 Mozilla/5.0 (Android; Tablet; rv:35.0.1) Gecko/35.0.1 Firefox/35.0.1
iPad Safari's from iOS 8.1.3 Mozilla/5.0 (iPad; CPU OS 8_1_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B466 Safari/600.1.4
Notebook Debian's Iceweasel 35.0.1 Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 Iceweasel/35.0.1

So, briefly looking at the table above, you can tell that the stock Android browser reveals quite a bit of information: the model of the device (e.g., SAMSUNG SM-T700 or TB1010) and even the build number (e.g., Build/KOT49H or Build/JRO03H)! This is super handy for malicious websites and I would say that it leaks a lot of possibly undesired information.

The iPad is similar, with Safari revealing the version of the iOS that it is running. It doesn't reveal, though, the language that the user is using via the UA string (it probably does via other HTTP fields).

Chrome is similar to the stock Android browser here, but, at least, it doesn't reveal the language of the user. It does reveal the version of Android, including the patch-level (that's a bit too much, IMVHO).

I would say that the winner respecting privacy of the users among the browsers that I tested is Firefox: it conveys just the bare minimum, not differentiating from a high-end tablet (Samsung's Galaxy Tab S with 8 cores) and a vanilla tablet (with 2 cores). Like Chrome, Firefox still reveals a bit too much in the form of the patch-level. It should be sufficient to say that it is version 35.0 even if the user has 35.0.1 installed.

The bonus points with Firefox is that it is also available on F-Droid, in two versions: as Firefox itself and as Fennec.

Planet DebianZlatan Todorić: Loosing yourself

First they came for the Socialists, and I did not speak out— Because I was not a Socialist.
Then they came for the Trade Unionists, and I did not speak out—
Because I was not a Trade Unionist.
Then they came for the Jews, and I did not speak out—
Because I was not a Jew.
Then they came for me—and there was no one left to speak for me.

Martin Niemöller

Rondam RamblingsNo, Rudy, this is what not loving America looks like

If Rudy Giuliani wants to call out American citizens for not loving their country he really should start with Michael Hill, who runs an organization called the League of the South.  Among other things, the LoS is organizing a celebration of the 150th anniversary of John Wilkes Booth's assassination of "the tyrant Abraham Lincoln".  And if that left any doubt in your mind that Mr. Hill does not

Don MartiReactions from developers

When I explain the whole Targeted Advertising Considered Harmful thing to software developers who work in adtech, I keep expecting a "well, actually" from somebody. After all, the Lumascape is large so there's no way the general points I'm bringing up can possibly apply to every single company on the chart.

#NotAllAdtech, right?

Instead, I've been getting two main reactions from developers.

  • You're right, adtech is a racket, I'm surprised that clients and publishers put up with it.

  • You're missing something—another really messed-up thing about adtech is...

(example: The problem with anti-fraud measures so far is that their impact falls hardest on small legit publishers. Not only does adtech move ad revenue away from sites with real users toward fraudulent ones, but when networks attempt to stop it, they hurt the legit sites worse.)

Anyway, ad agency clients (not just CEOs) go read What Every CEO Needs To Know About Online Advertising by Bob Hoffman.

Web publishers, watch this space.

Planet Linux AustraliaSridhar Dhanapalan: Twitter posts: 2015-02-16 to 2015-02-22

Sociological ImagesJust for Fun: The Social Construction of Chest Hair

Back in the heyday of Burt Reynolds, having a hairy chest was oh-so-sexy. What a departure from the hairless chests of today’s masculine icons. At least it makes some sense to associate chest hair with masculinity, since men on average have more of it than women. It just goes to show that everything’s a social construction. But you knew that. ;)


Found at Cult of the Weird.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at

Planet Linux AustraliaMichael Still: Geocaching

I've been trapped at home with either a sick child or a sick me for the last four or five days. I was starting to go a bit stir crazy, so I ducked out for some local geocaching. An enjoyable shortish walk around the nearby nature park.

Interactive map for this route.

Tags for this post: blog canberra tuggeranong bushwalk geocaching
Related posts: Another lunch time walk; Lunchtime geocaching; Big Monks; Confessions of a middle aged orienteering marker; Geocaching in the evening, the second; Geocaching in the evening


Planet Linux AustraliaFrancois Marier: Error while running "git gc"

If you see errors like these while trying to do garbage collection on a git repository:

$ git gc
warning: reflog of 'refs/heads/synced/master' references pruned commits
warning: reflog of 'refs/heads/annex/direct/master' references pruned commits
warning: reflog of 'refs/heads/git-annex' references pruned commits
warning: reflog of 'refs/heads/master' references pruned commits
warning: reflog of 'HEAD' references pruned commits
error: Could not read a4909371f8d5a38316e140c11a2d127d554373c7
fatal: Failed to traverse parents of commit 334b7d05087ed036c1a3979bc09bcbe9e3897226
error: failed to run repack

then the reflog may be pointing to corrupt entries.

They can be purged by running this:

$ git reflog expire --all --stale-fix

Thanks to Joey Hess for pointing me in the right direction while debugging a git-annex problem.

Planet DebianHideki Yamane: New laptop ThinkPad E450

I've got a new laptop, Lenovo ThinkPad E450.

  • CPU: Intel Core i5 (upgraded)
  • Mem: 8GB (upgraded, one empty slot, can up to 16GB)
  • HDD: 500GB
  • LCD: FHD (1920x1080, upgraded)
  • wifi: 802.11ac (upgraded, Intel 7265 BT ACBGN)
nice,  it was less than $600 $500.

Well, probably you know about Superfish issue with Lenovo Laptop, but it didn't affect to me because first thing when I got it is replacing HDD with another empty one, and did fresh install Debian Jessie (of course).

Planet Linux AustraliaClinton Roy: clintonroy

Waking up at two for no discernible reason.

Breakfast with C was a better start to the morning.

Afternoon at The Edge doing conference stuff.

Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

Coder Dojo down at Sunnybank Hill library. Quite exhausting after a bad night’s sleep!

Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

Walked to work.

Caught up with a C after work, as a surprise thing rather than a planned thing.

Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

Walked to and from work, in an attempt to have a good night sleep tonight..

Tropical Cyclone Marcia has degenerated to a tropical low and is hovering around Brisbane today, making for a lot of rain. I quite like walking in the wet, as long as I’ve got my wet weather gear. Most of the work colleagues are cats and stayed home.

Conference planning later at The Edge.

Filed under: diary

Planet Linux AustraliaClinton Roy: clintonroy

Walked to and from work today.

Doing some conference planning later on.

Filed under: diary


Planet DebianFrancesca Ciceri: Dudes in dresses, girls in trousers

"As long as people still think of people like me as "a dude in a dress" there is a lot work to do to fight transphobia and gain tolerance and acceptance."

This line in Rhonda's most recent blogpost broke my heart a little, and sparked an interesting conversation with her about the (perceived?) value of clothes, respect and identity.

So, guess what? Here's a pic of a "girl in trousers". Just because.

MadameZou in her best James Dean impersonation

(Sorry for the quality: couldn't find my camera and had to use a phone. Also, I don't own a binder, so I used a very light binding)

Planet DebianDominique Dumont: Performance improvement for ‘cme check dpkg’


Thanks to Devel::NYTProf, I’ve realized that Module::CoreList was used in a not optimal way (to say the least) in Config::Model::Dpkg::Dependency when checking the dependency between Perl packages. (Note that only Perl packages with many dependencies were affected by this lack of performance)

After a rework, the performance are much better. Here’s an example comparing check time before and after the modification of libconfig-model-dpkg-perl.

With libconfig-model-dpkg-perl 2.059:
$ time cme check dpkg
Using Dpkg
loading data
Reading package lists... Done
Building dependency tree
Reading state information... Done
checking data
check done

real 0m10.235s
user 0m10.136s
sys 0m0.088s

With libconfig-model-dpkg-perl 2.060:
$ time cme check dpkg
Using Dpkg
loading data
Reading package lists... Done
Building dependency tree
Reading state information... Done
checking data
check done

real 0m1.565s
user 0m1.468s
sys 0m0.092s


All in all, a 8x performance improvement on the dependency check.

Note that, due to the freeze, the new version of libconfig-model-dpkg-perl is available only in experimental.

All the best

Tagged: Config::Model, debian, dpkg, package

Planet DebianDirk Eddelbuettel: RcppAPT 0.0.1

Over the last few days I put together a new package RcppAPT which interfaces the C++ library behind the awesome apt, apt-get, apt-cache, ... commands and their GUI-based brethren.

The package currently implements two functions which permit search for package information via a regular expression, as well as a (vectorised) package name-based check. More to come, and contributions would be very welcome.

A few examples just to illustrate follow.

R> hasPackages(c("r-cran-rcpp", "r-cran-rcppapt"))
   r-cran-rcpp r-cran-rcppapt 
          TRUE          FALSE 

This shows that Rcpp is (of course) available as a binary, but this (very new) package is (unsurprisingly) not yet available pre-built.

We can search by regular expression:

R> library(RcppAPT)
R> getPackages("^r-base-c.")
          Package      Installed       Section
1 r-base-core-dbg 3.1.2-1utopic0 universe/math
2 r-base-core-dbg           <NA> universe/math
3     r-base-core 3.1.2-1utopic0 universe/math
4     r-base-core           <NA> universe/math

With the (default) expression catching everything, we see a lot of packages:

R> dim(getPackages())
[1] 104431      3

A bit more information is on the package page here as well as as the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Sociological ImagesChart of the Week: Big Pharma Spends More on Marketing than Research

Pharmaceutical companies say that they need long patents that keep the price of their drugs high so that they can invest in research. But that’s not actually what they’re spending most of their money on. Instead, they’re spending more — sometimes twice as much — on advertising directly to doctors and consumers.

Data from the BBC, visualized by León Markovitz:

2“When do you cross the line from essential profits to profiteering?,” asked Dr Brian Druker, one of a group of physicians asking for price reductions.

Lisa Wade is a professor of sociology at Occidental College and the co-author of Gender: Ideas, Interactions, Institutions. You can follow her on Twitter and Facebook.

(View original at