Today's anonymous submitter supplies us with a classic antipattern: padding via switch:

string TransactionOrder = (string)dr["TransactionOrder"].ToString().Trim();

switch (TransactionOrder.Length)
{
        case 1:
                TransactionOrder = "000" + TransactionOrder;
                break;
        case 2:
                TransactionOrder = "00" + TransactionOrder;
                break;
        case 3:
                TransactionOrder = "0" + TransactionOrder;
                break;
        default:
                TransactionOrder = TransactionOrder;
                break;
}

There's not much to say here, as we've seen this before, and we'll see it again. It's wrong, it's not how anything should be done, yet here it is, yet again. In this case, it's C#, which also has a lovely set of built-in options for doing this, making this code totally unnecessary.

[Advertisement] ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.

Author: Julian Miles, Staff Writer “DAY-NA!” The roar of anger is so loud it stops everyone. Dayna, presumably the being we’ve managed to corner after a three-hour citywide chase, was dubbed ‘Jaqueline the Ripper’ by the newsfeeds. Surrounded by rings of armoured vehicles and furious enforcers, she was laughing. Now she looks scared. What’s coming? […]

The post Just One More Bite appeared first on 365tomorrows.

Starting next year:

Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

Because we’ve done so much to encourage automation over the past decade, most of our subscribers aren’t going to have to do much in order to switch to shorter lived certificates. We, on the other hand, are going to have to think about the possibility that we will need to issue 20x as many certificates as we do now. It’s not inconceivable that at some point in our next decade we may need to be prepared to issue 100,000,000 certificates per day.

That sounds sort of nuts to me today, but issuing 5,000,000 certificates per day would have sounded crazy to me ten years ago.

This is an excellent idea.

Slashdot thread.

Review: Finders, by Melissa Scott

Finders is a far future science fiction novel with cyberpunk vibes. It is the first of a series, but the second (and, so far, only other) book of the series is a prequel. It stands alone reasonably well (more on that later).

Cassilde Sam is a salvor. That means she specializes in exploring ancient wrecks and ruins left behind by the Ancients and salvaging materials that can be reused. The most important of those are what are called Ancestral elements: BLUE, which can hold programming; GOLD, which which reacts to BLUE instructions; RED, which produces actions or output; and GREEN, the rarest and most valuable, which powers everything else. Cassilde and her partner Dai Winter file claims on newly-discovered or incompletely salvaged Ancestor sites and then extract elemental material and anything else of value in their small salvage ship.

Cassilde is also dying. She has Lightman's, an incurable degenerative disease that can only be treated with ever-increasing quantities of GREEN. It's hard to sleep, hard to get warm, hard to breathe, and eventually she'll run out of money to pay for the GREEN and she'll die.

To push that day off into the future, she and Dai need work. The good news is that the wreckage of a new Ancestor sky palace was discovered in a long orbit and will create enough salvage work for every experienced salvor in the system. The bad news is that they're not qualified to bid on it. They need a scholar with a class-one license to bid on the best sections, and they haven't had a reliable scholar since their former partner and lover Summerland Ashe picked the opposite side in the Troubles and left the Fringe for the Entente, the more densely settled and connected portion of human space.

But, unexpectedly and suspiciously, Ashe may be back and offering to work with them again.

So, first, I love this setting. This is far from the first SF novel that is set in the aftermath of a general collapse of human civilization and revolving around discovering lost mysteries. Most examples of that genre are post-apocalyptic novels limited to Earth or the local solar system, but Kate Elliott's Unconquerable Sun comes immediately to mind. It's also not the first space archaeology series I've read; Kristine Kathyrn Rusch's story series starting with "Diving into the Wreck" also came to mind. But I don't recall the last time I've seen the author sell the setting so effectively.

This is a world with starships and spaceports and clearly advanced technology, but it feels like a post-collapse society that's built on ruins. It's not just that technology runs on half-understood Ancestral elements and states fight over control of debris fields. It's also that the society repurposes Ancestral remnants in ways that both they and the reader know weren't originally intended, and that sometimes are more ingenious or efficient than how the Ancestors probably used them. There's a creative grittiness here that reminds me of good cyberpunk.

It's not just good atmospheric writing, though. Scott makes a world-building decision that is going to sound trivial when I say it, but that has brilliant implications for the rest of the setting. There was not just one collapse; there were two.

The Ancestor civilization, presumed to be the first human civilization, has passed into myth, quite literally when it comes to the stories around its downfall in the aftermath of a war against AIs. After the Ancestors came the Successors, who followed a similar salvage and rebuild approach and got as far as inventing their own warp drive technology that was based on but different than the Ancestor technology. Then they also collapsed, leaving their adapted technology and salvage operations layered over Ancestor sites. Cassilde's civilization is the third human starfaring civilization, and it is very specifically the third, neither the second nor one of dozens.

This has so many small but effective implications that improve this story. A fall happened twice, so it feels like a pattern that makes Cassilde's civilization paranoid, but it happened for two very different reasons, so there is room to argue against it being a pattern. Salvage is harder because of the layering of Ancestor and Successor activity. Successors had their own way of controlling technology that is not accessible to Cassilde and her crew but is also not how the technology was intended to be used, which sends small ripples of interesting complexity through the background. And salvors are competing not only against each other but also against Successor salvage operations for which they have fragmentary records. It's a beautifully effective touch.

Melissa Scott has been publishing science fiction for forty years, and it shows in this book. The protagonists are older characters: established professionals with resource problems but also social connections and an earned reputation, people who are trying to do a job and live their lives, not change the world. The writing is competent, deft, and atmospheric, with the confidence of long practice, but it also has the feel of an earlier era of science fiction. I mentioned the cyberpunk influence, which shows in the grittiness of the descriptions, the marginality of the characters in society, and the background theme of repurposing and reusing technology in unintended ways. This is the sort of book that feels solidly in the center of science fiction, without the genre mixing into either fantasy or romance that has become somewhat more common, and also without the dramatics of space opera (although the reader discovers that the stakes of this novel may be higher than anyone realized).

And yet, so much of this book is about navigating a complicated romantic relationship, and that's where the story structure felt a bit odd. Cassilde, Dai, and Ashe were a polyamorous triad (polyamory also shows up in Scott's excellent Roads of Heaven series), and much of the first third of the book deals with the fracturing of trust with Ashe and their renegotiation of that relationship given his return. This is refreshingly written as the thoughtful interaction of three adults who take issues of trust seriously, but that also means it's much less dramatic than it sounds, and that means this book starts exceptionally slow. Scott is going somewhere, and the slow build became engrossing around the midpoint of the book, but I had to fight to stick with it at the start.

About 80% of the way through this book, I had no idea how Scott was going to wrap things up in the pages remaining and was bracing myself for some sort of series cliffhanger. This is not what happens; the plot is not fully resolved in every detail, but it reaches a conclusion of sorts that does not mandate a sequel. I did think the end was a little bit unsatisfying, though, and I want another book that explores the implications of the ending. I think it would have to be a much different book, and the tonal shift might be stark.

I've had this book on my to-read list for a while and kept putting it off because I wasn't sure I was in the mood for something precarious and gritty. This turned out to be an accurate worry: this is literally a book about salvaging the pieces of something full of wonders inextricably connected to dangers. You have to be in a cyberpunk sort of mood. But I've never read a bad Melissa Scott book, and this is no exception. The simplicity and ALL-CAPSNESS of the Ancestral elements grated a bit, but apart from that, the world-building is exceptional and well worth the trip. Recommended, although be warned that, if you're like me, it may not grab you from the first page.

Followed by Fallen, but that book is a prequel that does not share any protagonists.

Content notes: disability and degenerative illness in a universe where magical cures are possible, so be warned if that specific thematic combination is not what you're looking for.

Rating: 7 out of 10

In 2025, AI is poised to change every aspect of democratic politics—but it won’t necessarily be for the worse.

India’s prime minister, Narendra Modi, has used AI to translate his speeches for his multilingual electorate in real time, demonstrating how AI can help diverse democracies to be more inclusive. AI avatars were used by presidential candidates in South Korea in electioneering, enabling them to provide answers to thousands of voters’ questions simultaneously. We are also starting to see AI tools aid fundraising and get-out-the-vote efforts. AI techniques are starting to augment more traditional polling methods, helping campaigns get cheaper and faster data. And congressional candidates have started using AI robocallers to engage voters on issues. In 2025, these trends will continue. AI doesn’t need to be superior to human experts to augment the labor of an overworked canvasser, or to write ad copy similar to that of a junior campaign staffer or volunteer. Politics is competitive, and any technology that can bestow an advantage, or even just garner attention, will be used.

Most politics is local, and AI tools promise to make democracy more equitable. The typical candidate has few resources, so the choice may be between getting help from AI tools or getting no help at all. In 2024, a US presidential candidate with virtually zero name recognition, Jason Palmer, beat Joe Biden in a very small electorate, the American Samoan primary, by using AI-generated messaging and an online AI avatar.

At the national level, AI tools are more likely to make the already powerful even more powerful. Human + AI generally beats AI only: The more human talent you have, the more you can effectively make use of AI assistance. The richest campaigns will not put AIs in charge, but they will race to exploit AI where it can give them an advantage.

But while the promise of AI assistance will drive adoption, the risks are considerable. When computers get involved in any process, that process changes. Scalable automation, for example, can transform political advertising from one-size-fits-all into personalized demagoguing—candidates can tell each of us what they think we want to hear. Introducing new dependencies can also lead to brittleness: Exploiting gains from automation can mean dropping human oversight, and chaos results when critical computer systems go down.

Politics is adversarial. Any time AI is used by one candidate or party, it invites hacking by those associated with their opponents, perhaps to modify their behavior, eavesdrop on their output, or to simply shut them down. The kinds of disinformation weaponized by entities like Russia on social media will be increasingly targeted toward machines, too.

AI is different from traditional computer systems in that it tries to encode common sense and judgment that goes beyond simple rules; yet humans have no single ethical system, or even a single definition of fairness. We will see AI systems optimized for different parties and ideologies; for one faction not to trust the AIs of a rival faction; for everyone to have a healthy suspicion of corporate for-profit AI systems with hidden biases.

This is just the beginning of a trend that will spread through democracies around the world, and probably accelerate, for years to come. Everyone, especially AI skeptics and those concerned about its potential to exacerbate bias and discrimination, should recognize that AI is coming for every aspect of democracy. The transformations won’t come from the top down; they will come from the bottom up. Politicians and campaigns will start using AI tools when they are useful. So will lawyers, and political advocacy groups. Judges will use AI to help draft their decisions because it will save time. News organizations will use AI because it will justify budget cuts. Bureaucracies and regulators will add AI to their already algorithmic systems for determining all sorts of benefits and penalties.

Whether this results in a better democracy, or a more just world, remains to be seen. Keep watching how those in power uses these tools, and also how they empower the currently powerless. Those of us who are constituents of democracies should advocate tirelessly to ensure that we use AI systems to better democratize democracy, and not to further its worst tendencies.

This essay was written with Nathan E. Sanders, and originally appeared in Wired.

It’s been the biggest year for elections in human history: 2024 is a “super-cycle” year in which 3.7 billion eligible voters in 72 countries had the chance to go the polls. These are also the first AI elections, where many feared that deepfakes and artificial intelligence-generated misinformation would overwhelm the democratic processes. As 2024 draws to a close, it’s instructive to take stock of how democracy did.

In a Pew survey of Americans from earlier this fall, nearly eight times as many respondents expected AI to be used for mostly bad purposes in the 2024 election as those who thought it would be used mostly for good. There are real concerns and risks in using AI in electoral politics, but it definitely has not been all bad.

The dreaded “death of truth” has not materialized—at least, not due to AI. And candidates are eagerly adopting AI in many places where it can be constructive, if used responsibly. But because this all happens inside a campaign, and largely in secret, the public often doesn’t see all the details.

Connecting with voters

One of the most impressive and beneficial uses of AI is language translation, and campaigns have started using it widely. Local governments in Japan and California and prominent politicians, including India Prime Minister Narenda Modi and New York City Mayor Eric Adams, used AI to translate meetings and speeches to their diverse constituents.

Even when politicians themselves aren’t speaking through AI, their constituents might be using it to listen to them. Google rolled out free translation services for an additional 110 languages this summer, available to billions of people in real time through their smartphones.

Other candidates used AI’s conversational capabilities to connect with voters. U.S. politicians Asa Hutchinson, Dean Phillips and Francis Suarez deployed chatbots of themselves in their presidential primary campaigns. The fringe candidate Jason Palmer beat Joe Biden in the American Samoan primary, at least partly thanks to using AI-generated emails, texts, audio and video. Pakistan’s former prime minister, Imran Khan, used an AI clone of his voice to deliver speeches from prison.

Perhaps the most effective use of this technology was in Japan, where an obscure and independent Tokyo gubernatorial candidate, Takahiro Anno, used an AI avatar to respond to 8,600 questions from voters and managed to come in fifth among a highly competitive field of 56 candidates.

Nuts and bolts

AIs have been used in political fundraising as well. Companies like Quiller and Tech for Campaigns market AIs to help draft fundraising emails. Other AI systems help candidates target particular donors with personalized messages. It’s notoriously difficult to measure the impact of these kinds of tools, and political consultants are cagey about what really works, but there’s clearly interest in continuing to use these technologies in campaign fundraising.

Polling has been highly mathematical for decades, and pollsters are constantly incorporating new technologies into their processes. Techniques range from using AI to distill voter sentiment from social networking platforms—something known as “social listening“—to creating synthetic voters that can answer tens of thousands of questions. Whether these AI applications will result in more accurate polls and strategic insights for campaigns remains to be seen, but there is promising research motivated by the ever-increasing challenge of reaching real humans with surveys.

On the political organizing side, AI assistants are being used for such diverse purposes as helping craft political messages and strategy, generating ads, drafting speeches and helping coordinate canvassing and get-out-the-vote efforts. In Argentina in 2023, both major presidential candidates used AI to develop campaign posters, videos and other materials.

In 2024, similar capabilities were almost certainly used in a variety of elections around the world. In the U.S., for example, a Georgia politician used AI to produce blog posts, campaign images and podcasts. Even standard productivity software suites like those from Adobe, Microsoft and Google now integrate AI features that are unavoidable—and perhaps very useful to campaigns. Other AI systems help advise candidates looking to run for higher office.

Fakes and counterfakes

And there was AI-created misinformation and propaganda, even though it was not as catastrophic as feared. Days before a Slovakian election in 2023, fake audio discussing election manipulation went viral. This kind of thing happened many times in 2024, but it’s unclear if any of it had any real effect.

In the U.S. presidential election, there was a lot of press after a robocall of a fake Joe Biden voice told New Hampshire voters not to vote in the Democratic primary, but that didn’t appear to make much of a difference in that vote. Similarly, AI-generated images from hurricane disaster areas didn’t seem to have much effect, and neither did a stream of AI-faked celebrity endorsements or viral deepfake images and videos misrepresenting candidates’ actions and seemingly designed to prey on their political weaknesses.

AI also played a role in protecting the information ecosystem. OpenAI used its own AI models to disrupt an Iranian foreign influence operation aimed at sowing division before the U.S. presidential election. While anyone can use AI tools today to generate convincing fake audio, images and text, and that capability is here to stay, tech platforms also use AI to automatically moderate content like hate speech and extremism. This is a positive use case, making content moderation more efficient and sparing humans from having to review the worst offenses, but there’s room for it to become more effective, more transparent and more equitable.

There is potential for AI models to be much more scalable and adaptable to more languages and countries than organizations of human moderators. But the implementations to date on platforms like Meta demonstrate that a lot more work needs to be done to make these systems fair and effective.

One thing that didn’t matter much in 2024 was corporate AI developers’ prohibitions on using their tools for politics. Despite market leader OpenAI’s emphasis on banning political uses and its use of AI to automatically reject a quarter-million requests to generate images of political candidates, the company’s enforcement has been ineffective and actual use is widespread.

The genie is loose

All of these trends—both good and bad—are likely to continue. As AI gets more powerful and capable, it is likely to infiltrate every aspect of politics. This will happen whether the AI’s performance is superhuman or suboptimal, whether it makes mistakes or not, and whether the balance of its use is positive or negative. All it takes is for one party, one campaign, one outside group, or even an individual to see an advantage in automation.

This essay was written with Nathan E. Sanders, and originally appeared in The Conversation.

Author: Don Nigroni I met Nancy in college, and we got married shortly after she received her PhD. While I’m smarter than the average bear, Nancy is brilliant. I work for a stock brokerage firm, and she worked for the Department of Energy until three years ago when she joined a private consortium to do […]

The post Flatlining appeared first on 365tomorrows.

The Aim

I just bought a Hisense 65U80G 65″ Inch 8K ULED Android TV (2021 model) for $1,568 including delivery. I got that deal by googling refurbished 8K TVs and finding the cheapest one I could buy. Amazon and eBay didn’t have any good prices on second hand 8K TVs and new ones start at $3,000 on special. I didn’t assess how Hisense compares to other TVs, as far as I could determine there was only one model of 8K TV on sale in Australia in the price range I was prepared to pay. So I won’t review how this TV compares to other models but how refurbished TVs compare to other display options.

I bought this because the highest resolution monitor in my price range is 5120*2160 [1]. While I could get a 5128*2880 monitor for around $1,500 paying 3* the money for 33% more pixels is bad value for money. Getting 4* the pixels for under 3* the price is good value even when it’s a TV with the lower display quality that involves.

Before buying this TV I read this blog post by Daniel Lawrence about using an 8K TV as a primary monitor [2]. While he has an interesting setup with a 65″ TV on a large desk it’s not what I plan to do at this time.

My Plans for Use

I don’t plan to make it a main monitor. While 5120*2160 isn’t as good as I like on my desk it’s bearable and the quality of the display is high. High resolution isn’t needed for all tasks, for example I’m writing this blog post on my laptop while watching a movie on the 8K TV.

One thing I’d like to do with the 8K TV when I get it working as a monitor is to share the screen for team programming projects. I don’t have any specific plans other than team coding projects at the moment. But it will be interesting to experiment with it when I get it working.

Technical Issues with High Resolution Monitors

Hardware Needed

A lot of the graphic hardware out there don’t support resolutions higher than 5120*2880. It seems that most laptops don’t support resolutions higher than that and higher resolutions than 4K are difficult. Only quite recent and high end video cards will do 8K. Apparently the RTX 2080 is one of the oldest ones that does and that’s $400 on ebay. Strangely the GPU chipset spec pages don’t list the maximum resolution and there’s the additional complication that the other chips might not support the resolutions that the GPU itself can support.

As an aside I don’t use NVidia cards for regular workstations due to reliability problems. But they are good for ML work and for special purpose systems.

Interface Versions

To do 8K video it seems that you need HDMI 2.1 (or maybe 2.0 with 4:2:0 chroma subsampling) or DisplayPort 1.3 for 30Hz with 24bit color and 2.0 for higher refresh rates. But using a particular version of the interface doesn’t require supporting all the resolutions that it might support. This TV has HDMI 2.1 inputs, I’ve bought an adaptor cable that does DisplayPort 1.4 to HDMI 2.1 at 8K resolution. So I need a video card that does DisplayPort 1.4 or HDMI 2.1 output. That doesn’t mean that the card will work, but it could work.

It’s a pity that no-one has made a USB-C video controller that has a basic frame-buffer supporting 8K and the minimal GPU capabilities. The consensus of opinion is that no games will run well at 8K at this time so anyone using 8K resolution doesn’t need GPU power unless it’s for ML stuff.

I’m thinking of making a system that can be used as a ML server and X/Wayland server so a GPU with a decent amount of RAM and compute power would be good. I’m not particularly interested in spending $1,500+ to get a GPU that can drive a $1,568 TV. I’m looking into getting a RTX A2000 with 12G of RAM which should be adequate for ML experiments and can handle 8K@60Hz output.

I’ve ordered a DisplayPort to HDMI converter cable so if I get a DisplayPort card it will work.

Software Support

When I first got started with 4K monitors I had significant problems in adjusting the UI to be usable. The support for scaling software is much better now than it was then and 8K 65″ has a lower DPI than 4K 32″. So I hope this won’t be an issue.

Progress So Far

My first Hisense 8K TV stopped working properly. It would change to a mostly white screen after being used for some time. The screen would change in ways that correlate to changes in what should appear, but not in a way that was usable. It was just a different pattern of white blobs when I changed to a menu view not anything that allowed using it. I presume that this was the problem that drove a need for refurbishment as when I first got the TV it was still signed in to Google accounts for YouTube and to NetFlix.

Best Buy Electrical was good about providing a quick replacement, they took away the old TV and delivered a new one on the same visit and it’s now working well.

I’ve obtained a NVidia card that can allegedly do 8K output and a combination of cables that might be able to carry an 8K signal. Now I just need to get the NVidia drivers to not cause a kernel panic to get things to work.

• [1] https://etbe.coker.com.au/2024/07/23/more-5120×2160-monitor/
• [2] https://daniel.lawrence.lu/blog/y2023m12d15/

I recently got a OnePlus 6 for the purpose of running Debian, here’s the Debian wiki page about it [1]. It runs Debian nicely and the basic functions all work, but the problem I’m having now is that AldiMobile (Telstra) and KoganMobile (Vodafone) don’t enable VoLTE for that and all the Australian telcos have turned off 3G. The OnePlus 6 does VoLTE with Chinese SIMs so the phone itself can do it.

The OnePlus 6 was never sold in Australia by the telcos, so they are all gray-market imports which aren’t designed by OnePlus to work in Australia. Until recently that wasn’t a problem, but now that the 3G network has been turned off we need VoLTE and OnePlus didn’t include that in the OS. Reddit has documentation on how to fix this but it has to be done on Android [2]. So I had to go back from Mobian to Android to get VoLTE (and VoWifi) working and then install Mobian again.

For people with similar issues Telstra has a page for checking which phones are supported [3], it’s the only way to determine if it’s the phone or the network that makes VoLTE not work – Android isn’t informative about such things. Telstra lists the OP6 as a suitable phone.

Now after doing this I still can’t get the OP6 working for phone calls on Phosh or PlasmaMobile and I’m not sure why. I’m going to give the PinePhone Pro another go and see if it now works better. In the past I had problems with the PinePhonePro battery discharging too fast, charging too slowly, and having poor call quality [4]. The battery discharge issue should be at least alleviated by some of the changes in the Plasma 6 code that’s now in Debian/Unstable.

I’ve also been lent a PinePhone (non-pro) and been told that it will have better battery life in many situations. I’ll do some tests of that. The PinePhonePro isn’t capable of doing the convergence things I was hoping to do so the greater RAM and CPU power that it has aren’t as relevant as they otherwise would be.

I have a vision for how phones should work. I am not discouraged by the Librem 5, PinePhonePro, Note 9, and OnePlus 6 failing in various ways to do what I hoped for. I will eventually find a phone that I can get working well enough.

• [1] https://wiki.debian.org/InstallingDebianOn/OnePlus/OnePlus6
• [2] https://tinyurl.com/29lo6srp
• [3] https://tinyurl.com/23ta7pjf
• [4] https://etbe.coker.com.au/2023/10/11/pinephone-status/

A Space Comedy by David Brin

The illustrated – serialized online chapter version

Or…. Return to Chapter 1.

PREVIOUSLY… Alvin Montessori, ‘human advisor’ aboard the exploration vessel Clever Gamble, has slurried down to planet Oxytocin with a landing team of demmie crewmates. Impulsive, mercurial beings, infuriating but… brilliant and kind of lovable, despite all that, A bit excitable and jumpy, the security officer fires a stun gun at a local native.  Fortunately, this particular kind of stun gun is non-lethal in… unique ways. But unfortunately…

Reprise: 

  The native – pinned to the ground like Gulliver by the stun nanos — was now much calmer, prattling at a slower pace while I set up the universal translator on its tripod. Our captain dropped to one knee, preparing for that special moment when true First Contact could begin. Colored buttons flickered as the machine scanned, seeking meaning in the slur of local speech. Abruptly, all lights turned green. The translator swiveled and fired three more nanos at the native, one for each ear and another that streaked like a smart missile down his throat.

It isn’t painful, but startlement made him stop and swallow in surprise.

“On behalf of the Federated Alliance of—” Captain Ohm began, expansively spreading his arms. Then he frowned as the impudent creature interrupted, this time speaking aristocratically-accented Demmish.

“…I don’t know who you people are, or where you come from, but you must get out of the park, quickly! Don’t you know it’s dangerous?”

Part Three

While I vaporized the rest of the stun-ropes, Guts (our medical officer) helped the poor fellow back to his feet.

I was about to resume questioning him when Nuts squeezed between us, giving me a sharp swipe of her elbow. I rubbed my ribs as she brushed leaves and sticks off the native gentleman’s clothing, getting his measure with a few demure, barely noticeable gropes.

That was when the security leader Lieutenant Gala Morrell came with bad news.

“Captain, I’m sorry to report that Crewman Wems has disappeared.”

Ohm gave an exasperated sigh. “Wems, eh? Missing, you say? Well, hm.”

He glanced at the other security men. “I guess we could send Jums and Smet to look for him.”

The two greenies paled, cringing backward two paces. I cleared my throat. The captain looked my way.

“No?”

“Not if you ever want to see them again, sir.”

The captain may be impulsive, but he’s not stupid.

“Hmm, yeah. Better save ’em for later.”

He shrugged. “Okay, we all go. Form up everybody!”

Each of us was equipped with a locator, to find the spigot in case we got separated. I tried scanning for Wems, but could pick up no sign of his signal. Either something was jamming it or he was out of range. Or the transmitter had been vaporized – and Wems along with it.

We scoured the area for the better part of an hour, while our former captive grew increasingly nervous, sucking on his lower lip and peering toward the bushes. Finally, we decided to let him choose our direction of march, flanked on one side by the captain and the other by our chief artificer, Commander-Engineer Nomlin, – or “Guts’ – who gripped his arm like a tourniquet, batting her eyes so fast the wind might have mussed his hair again, if it weren’t already coifed and greased back from a peaked forehead.

Aside from several teeth even more pointy than a demmie’s, our guide had pasty skin that he tried to keep shaded with his cloak. Taking readings, I found that the sun did emit high ultraviolet levels. Moreover, the air was laced with industrial pollutants and signs of a degraded ozone layer – fairly typical for a world passing through its Level Sixteen crisis point. If proper relations were established, we might help the natives with such problems. Perhaps enough to make up for contacting them in the first place.

The native informed Nuts that his name was “Earl Dragonlord” – at least that is how the nano in his throat forced his vocal apparatus to pronounce it, in accented demmish. He seemed unaware of any change in speech patterns, since other nanos in his ears re-translated the sounds back into his native tongue. From his perspective, we were all miraculously speaking the local lingo.

The master translator unit followed our party, watching out for more aliens to convert in this way. A typically demmie solution to the inconvenience of a polyglot cosmos.

Our chief artificer swooned all over Earl, asking him what the name of that tree was, and how did he ever get such dark eyes, and how long would it take to have a local tailor make another cape just like his. Fortunately, Nuts had to pause occasionally to breathe. During one of these intermissions, Captain Ohm broke in to ask about the “danger” Earl spoke of earlier.

“It’s become a nightmare in our city!” he related in hushed tones, glistening eyes darting nervously. “The Lik’ems are breaking their age-old vows. They no longer cull only the least-deserving Standards, but prey on anyone they wish! Why, they’ve even taken to pouncing on Nomorts like you and me! Then there’s the ongoing strike by the corpambulists…”

It sounded awfully complicated already, and we’d only gone fifty meters from the spigot. I interrupted.

“I’m sorry. Did you say – ‘like you and me?’ What do you mean by that?”

He glanced at me, noticing my human features. “I was referring to your companions and me. No offense meant. Although you are clearly a Standard, I can tell that your lineage is strong, and your bile is un-ripe. Or else, why would you mingle with these Nomorts in apparent friendship? True, your kind is used to being hunted. Nevertheless, you must realize the rules are drastically changed here. Traditional restraints no longer hold in our poor city!”

I shared a glance with the Captain. Clearly, the native thought we were visitors from another town, and that the demmies were fellow “Nomorts”… his own kind of people. Perhaps because of the similarity in dentition. In his hurry, he seemed willing to overlook our uniforms and strange tools.

The afternoon waned as our path climbed a tree-crested hill. Suddenly, spread before us, there lay the city proper… one of the more intriguing urban landscapes I ever saw.

Some skyscrapers towered eighty or more stories, with cantilevered decks protruding into a gathering mist. Many spires were linked together by graceful sky-bridges, arching across open space at giddy heights. Yet none of these towers compared with a distant edifice that shone through the sunset haze. A gleaming pyramidal structure whose apex glittered with jeweled light.

“Cal’mari!” Earl announced, gesturing with obvious pride toward his city.

“What?” blurted Nuts, briefly taking her hand from his arm. “You mean squid?”

“Yes… Squid.” Earl said with sublime dignity, as the translator took its cue from Nuts, automatically replacing one word with another. Earl seemed blithely unaware that two entirely different sounds had emerged from his voicebox.

“Squid it is,” Ohm nodded, regarding the skyscrapers. And that was that. From now on, any demmie, and any speech-converted local, would use that word to signify this town.

I sighed. After all, it was only a city. But you students should take note that several civilizations have made the mistake of declaring war on demmies, over the insult of changing their planet’s name without asking. Not that it ever did any good.

“Squid” was impressive for a pre-starflight city. At one time, it must have been even more grand. The metropolis clearly used to surround the park on all sides, though now many quarters seemed empty, devoid of life. Once-proud spires were abandoned to the ravages of time, with blank windows like blind eyes staring into space. But straight ahead, the burg still thrived – a noisy, vibrant forest of tall buildings draped in countless sheets of colored glass, resembling 20th century New York, dressed-up with ostentatious, spiral minarets.

Skeins of filmy material, like mosquito netting, spanned the spaces between most buildings. Many windows and balconies were also covered with a gauzy, sparkling sheen – screen coverings that I later learned held bits of sharp metal or broken glass. As the sun sank, Squid resembled a maze of glittering spiderwebs, festooned with drops of dew.

Broad roadways were congested with cyclopean motor cars and lorries, all jostling for space and revving their engines before racing at top speed for an open parking space. I saw that every fourth avenue was a canal carrying boats of all description. My sinuses stung at the smell of ozone and unburnt hydrocarbons.

“Well, will you looka that!”

Our doctor pointed beyond the downtown area, to where jagged terrain rose steeply toward a rocky hill, its summit topped by striking silhouettes, totally unlike the metropolitan center. Scores of midget castles stood on those heights, with dark battlements and towers jutting from every slope. Earl Dragonlord sighed with gladness to see them, and motioned for us to follow.

“Come along, cousins. Sunshine is bad enough, but we definitely should not be out by moonlight! At home I’ll fit you with more appropriate clothes. Then we can go to the Crown.”

“Uh, is that where we’ll speak to your government leaders?” Captain Ohm asked. “We do have work to do, y’know.”

The last part was directed at Nuts. Her resumed grip on our guide’s elbow might force a lesser fellow to cry uncle. Earl was clearly a man of stamina and patience, all the more alluring to a demmie female.

“Government?” he answered. “Well, in a manner of speaking. Along the way, I’ll introduce you to our local council of Nomort elders. Unless… do you actually wish to meet the mayor of Squid? A Standard?” He glanced at me. “No offense.”

“None taken,” I assured. “Actually, I think our capt… our leader refers to government on a planetary scale. Or, in lieu of a world government, then some international mediation body—”

Earl’s look of puzzlement was followed by a dawning light of understanding. But before he could speak, a low groaning sound interrupted from the city, rising rapidly to become an ululating wail. Our greenies drew their weapons. Earl’s dusky eyes darted nervously.

“The sunset siren! A welcome sound to our kind, in most cities. But alas, not in poor Squid. We must go!”

“Well then, lead on MacDuff,” Ohm said, nearly as eager to be moving along. Earl looked baffled for a moment. Then, with a swirl of his cape, he hurried east with our ship’s engineer clinging like a happy lamprey, pushing on toward the pile of gingerbread palaces that now seemed aglow against a swollen reddish sun.

“It’s lay on, Captain,” I muttered to Ohm as we hurried along. “If you fancy quoting Shakespeare, you might try to get it right.”

Lieutenant Morell chirped a chuckle from her guard position, covering our rear. Ohm winced, then ruefully grinned.

“As you say, Advisor. As you say.”

From the park, we dropped toward a dim precinct of low dwellings that lurked between us and yonder hilltop castles. I glanced back at the downtown area, noting with surprise that the streets and canals no longer thronged with traffic. In a matter of moments they had become completely, eerily, deserted.

Dusk deepened and the largest of three moons rose in the east, about two thirds the size of Luna and almost as bright. Its phase was almost full.

In order to reach the elegant towers where Earl lived, we first had t2o cross a sprawling zone of dark roofs and small, overgrown lots, laid along an endless series of curvy lanes and cul-de-sacs.

“Urbs,” Earl Dragonlord commented with apparent distaste.

“Hold on a minute,” offered Guts, rummaging through his medical bag. “I think I’ve got some bicarbonate for that.”

“No, no.” The native grimaced. “Urbs. These are the surface dwellings where Lik’ems make their homes for the greater part of each month, feigning to live as Standards used to, long ago, before the Great Change, in tacky private dwelling places, depressingly alike. All blissfully equipped with linoleum floors and formica counter tops, with doilies on the armrests and bowling trophies on the mantelpiece. And never forget a lawn mower in the garage, along with the hedge trimmer, weed-eater, automatic mulcher, leaf blower, snow blower, and razor edged pole-pruner…”

Of course these terms were produced in demmish by the translator in his throat. They might only approximate the actual meanings in Earl’s mind.

“Sounds awful,” Guts commiserated, patting the arm not held in a hammerlock by Nuts.

“Yes. But that is just the beginning. For under the floor of each innocent-looking house, there lurks—”

He paused as the demmies all leaned toward him, wide-eyed.

“Yes? Yes? What lurks!”

Earl’s voice hushed.

“There lurks a trap door…”

“A secret entrance?”Captain Ohm asked in a whisper.

Our guide nodded.

“…leading downward to catacombs below the urb. In other words, to the sub-urbs, where…”

I cut in, coughing behind my hand. I did not want my crewmates slipping into a storytelling trance right then.

“Hadn’t we better move on then, while there’s still light?”

Earl cast me a sour glance. “Right. Follow me this way.”

Soon we passed down an avenue lined by bedraggled trees. No light shone from any of the rusty lampposts onto narrow ribbons of buckled sidewalk bordering small fenced lots. Most of the houses were dark and weedy, with broken tile roofs and missing windows, but one in four seemed well-tended, with flower beds and neatly edged lawns. Dim illumination passed through drawn curtains. Once or twice, I glimpsed dark silhouettes moving within.

The demmies, their eager imaginations stirred by Earl’s testimony, kept swiveling nervously, peering into the darkness, shying away from the gaping storm drains. Our greenies, especially, looked close to panic. They kept dropping back from their scout positions, trying to get as close to the captain as possible, much to his annoyance. At one point, Ohm dialed his blaster and shot Corporal Jums with a dose of itch-nanos. The poor fellow yelped and immediately ran back to position, scratching himself furiously, effectively distracted from worrying about spooks for a while.

I admired how efficiently Earl had accomplished this transformation. His uninformative hints managed to put my crewmates into a real state. I wondered – did he do it on purpose?

Remember, students, almost anything can set off demmie credulity. Once, during an uneventful voyage, I read aloud to the crew from Edgar Allan Poe’s “The Telltale Heart.”

Mistake! For a week thereafter we kept getting jittery reports of thumping sounds, causing Maintenance to rip out half of the ship’s air ducts. The bridge weapons team vaporized nine or ten passing asteroids that they swore were “acting suspicious,” and the infirmary treated dozens for stun wounds inflicted by nervous co-workers. Actually, if truth be told, I never had a better time aboard the Clever Gamble, and neither did the demmies. Still, Healer Paolim took me aside afterward and demanded that I never do it again.

The urb became a maze. Few of the streets were straight, and most terminated in outrageously inconvenient dead-ends that the translator described as culled-socks – an uninviting and unappetizing name. Even in better days, it must have been a nightmare journey of many kilometers to travel between two points only a block apart.

I felt as if we had slipped into a type of warped space, like a fractal structure whose surface is small, but whose perimeter is practically infinite – a true nightmare of insane urban planning. We might march forever and never get beyond this endless tract of boxlike houses. Captain Ohm shared my concern, and while the other demmies peered wide-eyed at shadows, he kept his sidearm nonchalantly poised toward Earl’s back, in case the native showed any sign of bolting.

I scanned selected dwellings with my multispec. Blurry infrared signals indicated humanoid forms within. From carbon scintillation counts, it seemed this part of the city must be as old as the downtown area. I wondered about the apparent fall in population. Were things like this planetwide? Or did these symptoms relate particularly to the local crisis our guide had mentioned?

Surreptitiously, I pressed my uniform collar, turning it into a throat microphone to call the ship with an info-quest. Soon, the nanos in my ear canal whispered with the voice of Ensign Nota Taken, now on duty at the Clever Gamble’s sensor desk.

“Planetary surface scanning underway, Advisor Montessori. Preliminary indications show that paved cities comprise over six percent of total land area, an unusually high proportion, even for a world passing through stage eighteen, though much contraction appears to have occurred recently. Gosh, I wish I was down there exploring with you guys, instead of stuck up here.”

“Ensign Taken,” I murmured firmly.

“Um… survey also shows considerable environmental degradation in agricultural zones and coastal waters, with twenty-eight percent loss of topsoil accompanied by profound silting. Say, will you bring me back a souvenir? Last time you promised you’d—”

“Ensign—”

“All right, so you didn’t exactly promise, but you didn’t say no either. Remember the party in hydroponics last week? You were talking about detection thresholds for supernova neutrinos, but I could tell you kept looking down my—”

“Ensign!”

“The worst environmental damage seems to have occurred about a century ago, with gradual reforestation now underway in temperate zones. Um, I’ve just been handed a preliminary estimate of the decline in the humanoid population. Approximately sixty percent in the last century! Now that’s puzzling, I see no sign of major warfare or disease. And there are some other anomalies.”

“Anomalies?”

“Bio section urgently asks that you guys send up some live samples of the planet’s flora and fauna. Two of every species will do, if that won’t be too much trouble. Male and female, they say… as if a brilliant man like you would ever forget a detail like that.”

Exerting patience, I sighed. Subvocalizing lowly, I repeated—

“Anomalies? What anomalies are you talking about?”

“It’s got me worried. I admit it. I haven’t seen you since the party. You don’t answer my calls. Doctor… was I too forward? Why don’t you come to my quarters after you get back and I’ll make it up to—”

I let go of my collar. The connection broke and my ear-nanos went quiet, letting night sounds float back… including a faint rustling that I hadn’t noticed before. A creaking… then a scrape that might have been leather against pavement.

The captain halted abruptly and I collided with his back. Through his tunic I felt the tense bristles of demmie hackle-ridges, standing on end. Ohm’s pompadour just reached my eyes, so I couldn’t see ahead. But a glance left showed the ship’s healer also stopped in his tracks, staring, utterly transfixed by something.

Lieutenant Morell hurried forward and gasped, fumbling the dial of her blaster.

A sudden, grating sound echoed behind me, followed by a clang of heavy metal on concrete.

As I turned, a horrific howl pealed. Then another, and still more from all sides, baying like hounds from hell.

Before I could finish spinning about, a dark, flapping shape descended over me, enveloping my face in stifling folds and choking off my scream.

***

====

THE ANCIENT ONES continues online… in Part 4. Or return to Chapter 1.

Impatient to read the rest?  Order The Ancient Ones.

Comments welcome below.

=============================================

© 2019, 2024 David Brin. Cover & interiors prompt-designed by Eric Storm. More interiors by Patrick Farley

This is a current list of where and when I am scheduled to speak:

• I’m speaking at a joint meeting of the Boston Chapter of the IEEE Computer Society and GBC/ACM, in Boston, Massachusetts, USA, at 7:00 PM ET on Thursday, January 9, 2025. The event will take place at the Massachusetts Institute of Technology in Room 32-G449 (Kiva), as well as online via Zoom. Please register in advance if you plan to attend (whether online or in person).

The list is maintained on this page.

Author: David C. Nutt I took a swig straight out of the bottle of the rare, vintage wine- didn’t even let the damn thing breathe. It cost me only $8,420.00 USD, on sale from $10,000.00. As a relatively new multi-billionaire I didn’t even feel the cost. The wine sucked. Tasted like grape flavored caustic lye. […]

The post As Always with Tyrants appeared first on 365tomorrows.

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:

On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.

Lots more details at that link. Also here.

Seth Michael Larson—the security developer in residence with the Python Software Foundation, responsible for, among other things, securing PyPi—has a good summary of what should be done next:

From this story, we can see a few places where PyPI can help developers towards a secure configuration without infringing on existing use-cases.

• API tokens are allowed to go unused alongside Trusted Publishers. It’s valid for a project to use a mix of API tokens and Trusted Publishers because Trusted Publishers aren’t universally supported by all platforms. However, API tokens that are being unused over a period of time despite releases continuing to be published via Trusted Publishing is a strong indicator that the API token is no longer needed and can be revoked.
• GitHub Environments are optional, but recommended, when using a GitHub Trusted Publisher. However, PyPI doesn’t fail or warn users that are using a GitHub Environment that the corresponding Trusted Publisher isn’t configured to require the GitHub Environment. This fact didn’t end up mattering for this specific attack, but during the investigation it was noticed as something easy for project maintainers to miss.

There’s also a more general “What can you do as a publisher to the Python Package Index” list at the end of the blog post.

This essay was written with Nathan E. Sanders. It originally appeared as a response to Evgeny Morozov in Boston Review‘s forum, “The AI We Deserve.”

For a technology that seems startling in its modernity, AI sure has a long history. Google Translate, OpenAI chatbots, and Meta AI image generators are built on decades of advancements in linguistics, signal processing, statistics, and other fields going back to the early days of computing—and, often, on seed funding from the U.S. Department of Defense. But today’s tools are hardly the intentional product of the diverse generations of innovators that came before. We agree with Morozov that the “refuseniks,” as he calls them, are wrong to see AI as “irreparably tainted” by its origins. AI is better understood as a creative, global field of human endeavor that has been largely captured by U.S. venture capitalists, private equity, and Big Tech. But that was never the inevitable outcome, and it doesn’t need to stay that way.

The internet is a case in point. The fact that it originated in the military is a historical curiosity, not an indication of its essential capabilities or social significance. Yes, it was created to connect different, incompatible Department of Defense networks. Yes, it was designed to survive the sorts of physical damage expected from a nuclear war. And yes, back then it was a bureaucratically controlled space where frivolity was discouraged and commerce was forbidden.

Over the decades, the internet transformed from military project to academic tool to the corporate marketplace it is today. These forces, each in turn, shaped what the internet was and what it could do. For most of us billions online today, the only internet we have ever known has been corporate—because the internet didn’t flourish until the capitalists got hold of it.

AI followed a similar path. It was originally funded by the military, with the military’s goals in mind. But the Department of Defense didn’t design the modern ecosystem of AI any more than it did the modern internet. Arguably, its influence on AI was even less because AI simply didn’t work back then. While the internet exploded in usage, AI hit a series of dead ends. The research discipline went through multiple “winters” when funders of all kinds—military and corporate—were disillusioned and research money dried up for years at a time. Since the release of ChatGPT, AI has reached the same endpoint as the internet: it is thoroughly dominated by corporate power. Modern AI, with its deep reinforcement learning and large language models, is shaped by venture capitalists, not the military—nor even by idealistic academics anymore.

We agree with much of Morozov’s critique of corporate control, but it does not follow that we must reject the value of instrumental reason. Solving problems and pursuing goals is not a bad thing, and there is real cause to be excited about the uses of current AI. Morozov illustrates this from his own experience: he uses AI to pursue the explicit goal of language learning.

AI tools promise to increase our individual power, amplifying our capabilities and endowing us with skills, knowledge, and abilities we would not otherwise have. This is a peculiar form of assistive technology, kind of like our own personal minion. It might not be that smart or competent, and occasionally it might do something wrong or unwanted, but it will attempt to follow your every command and gives you more capability than you would have had without it.

Of course, for our AI minions to be valuable, they need to be good at their tasks. On this, at least, the corporate models have done pretty well. They have many flaws, but they are improving markedly on a timescale of mere months. ChatGPT’s initial November 2022 model, GPT-3.5, scored about 30 percent on a multiple-choice scientific reasoning benchmark called GPQA. Five months later, GPT-4 scored 36 percent; by May this year, GPT-4o scored about 50 percent, and the most recently released o1 model reached 78 percent, surpassing the level of experts with PhDs. There is no one singular measure of AI performance, to be sure, but other metrics also show improvement.

That’s not enough, though. Regardless of their smarts, we would never hire a human assistant for important tasks, or use an AI, unless we can trust them. And while we have millennia of experience dealing with potentially untrustworthy humans, we have practically none dealing with untrustworthy AI assistants. This is the area where the provenance of the AI matters most. A handful of for-profit companies—OpenAI, Google, Meta, Anthropic, among others—decide how to train the most celebrated AI models, what data to use, what sorts of values they embody, whose biases they are allowed to reflect, and even what questions they are allowed to answer. And they decide these things in secret, for their benefit.

It’s worth stressing just how closed, and thus untrustworthy, the corporate AI ecosystem is. Meta has earned a lot of press for its “open-source” family of LLaMa models, but there is virtually nothing open about them. For one, the data they are trained with is undisclosed. You’re not supposed to use LLaMa to infringe on someone else’s copyright, but Meta does not want to answer questions about whether it violated copyrights to build it. You’re not supposed to use it in Europe, because Meta has declined to meet the regulatory requirements anticipated from the EU’s AI Act. And you have no say in how Meta will build its next model.

The company may be giving away the use of LLaMa, but it’s still doing so because it thinks it will benefit from your using it. CEO Mark Zuckerberg has admitted that eventually, Meta will monetize its AI in all the usual ways: charging to use it at scale, fees for premium models, advertising. The problem with corporate AI is not that the companies are charging “a hefty entrance fee” to use these tools: as Morozov rightly points out, there are real costs to anyone building and operating them. It’s that they are built and operated for the purpose of enriching their proprietors, rather than because they enrich our lives, our wellbeing, or our society.

But some emerging models from outside the world of corporate AI are truly open, and may be more trustworthy as a result. In 2022 the research collaboration BigScience developed an LLM called BLOOM with freely licensed data and code as well as public compute infrastructure. The collaboration BigCode has continued in this spirit, developing LLMs focused on programming. The government of Singapore has built SEA-LION, an open-source LLM focused on Southeast Asian languages. If we imagine a future where we use AI models to benefit all of us—to make our lives easier, to help each other, to improve our public services—we will need more of this. These may not be “eolithic” pursuits of the kind Morozov imagines, but they are worthwhile goals. These use cases require trustworthy AI models, and that means models built under conditions that are transparent and with incentives aligned to the public interest.

Perhaps corporate AI will never satisfy those goals; perhaps it will always be exploitative and extractive by design. But AI does not have to be solely a profit-generating industry. We should invest in these models as a public good, part of the basic infrastructure of the twenty-first century. Democratic governments and civil society organizations can develop AI to offer a counterbalance to corporate tools. And the technology they build, for all the flaws it may have, will enjoy a superpower that corporate AI never will: it will be accountable to the public interest and subject to public will in the transparency, openness, and trustworthiness of its development.

Author: Clare Strahan Pat had to turn the drone over, to get to the metal hatch door and unscrew the screws that fixed it to the body. What did the drone think of, when Pat wasn’t there? Did it remember the battlefield, the shrapnel and wounding, the fall into the ocean, the washing up on […]

The post It would be Pat’s fault appeared first on 365tomorrows.

The weather isn't the only thing that's balmy around this parts.

For instance Bruce, who likes it hot. "Westford, MA is usually bracing for winter in December, but this year we got another day of warm temperatures. The feels like temperature was especially nice."

And Robert who wailed "Not only do I have to enter Coupon Code Invalid:3, but the small print pretty much prevents me from using the coupon in the first place!" But did he TRY the code to see if it worked? You never know.

But not Steven B. who sagely noted that "Datetime is hard, even for Facebook."

And definitely not this incensed anonymous reader who ranted "What do you call web devs in 2024? Web devs, obviously. What do you call web devs that don't know in 2024 how to correctly implement email validation for top level domains with more than 3 letters? I'm still trying to figure that one out since nothing nice has come to mind and I am trying not to offend. And to be clear Falabella isn't some small business that can't afford to hire proper devs but one of the largest retail and online marketplaces in Latin America. Where in some countries you say Amazon, in most of Latin America you say Falabella."

That's it! Time's up for now, but not for Phillip J. who has just a little bit extra. Tick tock, Phillip.

Like each month, have a look at the work funded by Freexian’s Debian LTS offering.

Debian LTS contributors

In November, 20 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 14.0h (out of 6.0h assigned and 8.0h from previous period).
• Adrian Bunk did 53.0h (out of 15.0h assigned and 85.0h from previous period), thus carrying over 47.0h to the next month.
• Andrej Shadura did 7.0h (out of 7.0h assigned).
• Arturo Borrero Gonzalez did 1.0h (out of 10.0h assigned), thus carrying over 9.0h to the next month.
• Bastien Roucariès did 20.0h (out of 20.0h assigned).
• Ben Hutchings did 0.0h (out of 24.0h assigned), thus carrying over 24.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Daniel Leidert did 17.0h (out of 26.0h assigned), thus carrying over 9.0h to the next month.
• Emilio Pozuelo Monfort did 40.5h (out of 60.0h assigned), thus carrying over 19.5h to the next month.
• Guilhem Moulin did 7.25h (out of 7.5h assigned and 12.5h from previous period), thus carrying over 12.75h to the next month.
• Jochen Sprickerhof did 3.5h (out of 10.0h assigned), thus carrying over 6.5h to the next month.
• Lee Garrett did 14.75h (out of 15.25h assigned and 44.75h from previous period), thus carrying over 45.25h to the next month.
• Lucas Kanashiro did 10.0h (out of 54.0h assigned and 10.0h from previous period), thus carrying over 54.0h to the next month.
• Markus Koschany did 20.0h (out of 40.0h assigned), thus carrying over 20.0h to the next month.
• Roberto C. Sánchez did 6.75h (out of 9.75h assigned and 14.25h from previous period), thus carrying over 17.25h to the next month.
• Santiago Ruano Rincón did 24.75h (out of 23.5h assigned and 1.5h from previous period), thus carrying over 0.25h to the next month.
• Sean Whitton did 2.0h (out of 6.0h assigned), thus carrying over 4.0h to the next month.
• Sylvain Beucler did 21.5h (out of 9.5h assigned and 50.5h from previous period), thus carrying over 38.5h to the next month.
• Thorsten Alteholz did 11.0h (out of 11.0h assigned).
• Tobias Frost did 12.0h (out of 10.5h assigned and 1.5h from previous period).

Evolution of the situation

In November, we have released 38 DLAs.

The LTS coordinators, Roberto and Santiago, delivered a talk at the Mini-DebConf event in Toulouse, France. The title of the talk was “How LTS goes beyond LTS”. The talk covered work done by the LTS Team during the past year. This included contributions related to individual packages in Debian (such as tomcat, jetty, radius, samba, apache2, ruby, and many others); improvements to tooling and documentation useful to the Debian project as a whole; and contributions to upstream work (apache2, freeimage, node-dompurify, samba, and more). Additionally, several contributors external to the LTS Team were highlighted for their contributions to LTS. Readers are encouraged to watch the video of the presentation for a more detailed review of various ways in which the LTS team has contributed more broadly to the Debian project and to the free software community during the past year.

We wish to specifically thank Salvatore (of the Debian Security Team) for swiftly handling during November the updates of needrestart and libmodule-scandeps-perl, both of which involved arbitrary code execution vulnerabilities. We are happy to see increased involvement in LTS work by contributors from outside the formal LTS Team.

The work of the LTS Team in November was otherwise unremarkable, encompassing the customary triage, development, testing, and release of numerous DLAs, along with some associated contributions to related packages in stable and unstable.

Thanks to our sponsors

Sponsors that joined recently are in bold.

• Platinum sponsors:
  • Toshiba Corporation (for 110 months)
  • Civil Infrastructure Platform (CIP) (for 78 months)
  • VyOS Inc (for 42 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 120 months)
  • Akamai - Linode (for 114 months)
  • Babiel GmbH (for 104 months)
  • Plat’Home (for 103 months)
  • CINECA (for 78 months)
  • University of Oxford (for 60 months)
  • Deveryware (for 47 months)
  • EDF SA (for 32 months)
  • Dataport AöR (for 7 months)
  • CERN (for 5 months)
• Silver sponsors:
  • Domeneshop AS (for 125 months)
  • Nantes Métropole (for 119 months)
  • Univention GmbH (for 111 months)
  • Université Jean Monnet de St Etienne (for 111 months)
  • Ribbon Communications, Inc. (for 105 months)
  • Exonet B.V. (for 95 months)
  • Leibniz Rechenzentrum (for 89 months)
  • Ministère de l’Europe et des Affaires Étrangères (for 73 months)
  • Cloudways by DigitalOcean (for 62 months)
  • Dinahosting SL (for 60 months)
  • Bauer Xcel Media Deutschland KG (for 54 months)
  • Platform.sh SAS (for 54 months)
  • Moxa Inc. (for 48 months)
  • sipgate GmbH (for 46 months)
  • OVH US LLC (for 44 months)
  • Tilburg University (for 44 months)
  • GSI Helmholtzzentrum für Schwerionenforschung GmbH (for 35 months)
  • Soliton Systems K.K. (for 32 months)
  • THINline s.r.o. (for 8 months)
  • Copenhagen Airports A/S
• Bronze sponsors:
  • Evolix (for 125 months)
  • Seznam.cz, a.s. (for 125 months)
  • Intevation GmbH (for 122 months)
  • Linuxhotel GmbH (for 122 months)
  • Daevel SARL (for 121 months)
  • Bitfolk LTD (for 120 months)
  • Megaspace Internet Services GmbH (for 120 months)
  • Greenbone AG (for 119 months)
  • NUMLOG (for 119 months)
  • WinGo AG (for 118 months)
  • Entr’ouvert (for 110 months)
  • Adfinis AG (for 107 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 102 months)
  • Tesorion (for 102 months)
  • GNI MEDIA (for 101 months)
  • Bearstech (for 93 months)
  • LiHAS (for 93 months)
  • Catalyst IT Ltd (for 88 months)
  • Supagro (for 83 months)
  • Demarcq SAS (for 82 months)
  • Université Grenoble Alpes (for 68 months)
  • TouchWeb SAS (for 60 months)
  • SPiN AG (for 57 months)
  • CoreFiling (for 53 months)
  • Institut des sciences cognitives Marc Jeannerod (for 48 months)
  • Observatoire des Sciences de l’Univers de Grenoble (for 44 months)
  • Tem Innovations GmbH (for 39 months)
  • WordFinder.pro (for 38 months)
  • CNRS DT INSU Résif (for 37 months)
  • Alter Way (for 30 months)
  • Institut Camille Jordan (for 20 months)
  • SOBIS Software GmbH (for 5 months)

Welcome to the 44th post in the $R^4 series.

A few weeks ago, and following an informal ‘call for talks’ by James Lamb, I had an opportunity to talk about r2u to the Chicago ML and MLops meetup groups. You can find the slides here.

Over the last 2 1/2 years, r2u has become a widely-deployed mechanism in a number of settings, including (but not limited to) software testing via continuous integration, deployment on cloud servers—besides of course to more standard use on local laptops or workstation. 30 million downloads illustrate this. My thesis for the talk was that this extends equally to ML(ops) where no surprises, no hickups automated deployments are key for large-scale model training, evaluation and of course production deployments.

In this context, I introduce r2u while giving credit both to what came before it, the existing alternatives (or ‘competitors’ for mindshare if one prefers that phrasing), and of course what lies underneath it.

The central takeaway, I argue, is that r2u can and does take advantage of a unique situation in that we can ‘join’ the package manager task for the underlying (operating) system and and the application domain, here R and its unique CRAN repository network. Other approaches can, and of course do, provide binaries, but by doing this outside the realm of the system package manager can only arrive at a lesser integration (and I show a common error arising in that case). So where r2u is feasible, it dominates the alternatives (while the alternatives may well provide deployment on more platforms which, even when less integrated, may be of greater importance for some). As always, it all depends.

But the talk, and its slides, motivate and illustrate why we keep calling r2u by its slogan of r2u: Fast. Easy. Reliable. Pick All Three.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. If you like this or other open-source work I do, you can now sponsor me at GitHub. Please report excessive re-aggregation in third-party for-profit settings.

A sticker for your water bottle.

Blog moderation policy.

• These aren't fixed - MAC addresses are trivially reprogrammable, and serial numbers are typically stored in reprogrammable flash at their most protected
  
• A malicious device could simply lie about them
  

Phil's company hired a contractor. It was the typical overseas arrangement: bundle up a pile of work, send it off to another timezone, receive back terrible code, push back during code review, then the whole thing blows up when the contracting company pushes back about how while the code review is in the contract if you're going to be such sticklers about it, they'll never deliver, and then management steps in and says, "Just keep the code review to style comments," and then it ends up not mattering anyway because the contractor assigned to the contract leaves for another contracting company, and management opts to use the remaining billable hours for a new feature instead of finishing the inflight work, so you inherit a half-finished pile of trash and somehow have to make it work.

Like I said, pretty standard stuff.

Phil found this construct scattered all over the codebase:

if cond1 and cond2:
	pass
elif cond1 or cond2:
	# do actual work

I hesitate to post this, because what we're looking at is just an attempt at doing a xor operation. And it's not wrong- it's an if statement way of writing (not a and b) or (a and not b). And if we're being nit-picky, while Python has a xor operator, it's technically a bitwise xor, so I could see someone not connecting that they could use it in this case- cond1 ^ cond2 would work just fine, so long as both conditions are actual booleans. But Python often uses non-boolean comparisons, like:

text = ""
if text:
  print("This won't print.")

This is playing with truthiness, and the problem here is that you can't use a xor to chain these conditions together.

if text ^ otherText:
	# do stuff

That's a runtime error, as the ^ is only defined for integral types. You'd have to write:

if bool(text) ^ bool(otherText):
	# do stuff

So, would it have been better to use one of the logical equivalences for xor? Certainly. Would it have been even better to turn that equivalence into a function so you could actually call a xor function? Absolutely.

But I also can't complain too much about this one. I hate it, don't get me wrong, but it's not a trainwreck.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

Author: Trinity J. Choi “W-who are you?” Those were the three most painful words I’d heard my entire life. “Someone who loves you dearly.” I responded, unable to control the slight crack in my voice. I could see my face shining back at me through her empty eyes. The reflection of a sister she doesn’t […]

The post 3094 appeared first on 365tomorrows.

A new release 0.2.13 of RcppCCTZ is now on CRAN.

RcppCCTZ uses Rcpp to bring CCTZ to R. CCTZ is a C++ library for translating between absolute and civil times using the rules of a time zone. In fact, it is two libraries. One for dealing with civil time: human-readable dates and times, and one for converting between between absolute and civil times via time zones. And while CCTZ is made by Google(rs), it is not an official Google product. The RcppCCTZ page has a few usage examples and details. This package was the first CRAN package to use CCTZ; by now several others packages (four the last time we counted) include its sources too. Not ideal, but beyond our control.

This version include most routine package maintenance as well as one small contributed code improvement. The changes since the last CRAN release are summarised below.

Changes in version 0.2.13 (2024-12-11)

• No longer set compilation standard as recent R version set a sufficiently high minimum

• Qualify a call to cctz::format (Michael Quinn in #44)

• Routine updates to continuous integration and badges

• Switch to Authors@R in DESCRIPTION

Courtesy of my CRANberries, there is a diffstat report relative to to the previous version. More details are at the RcppCCTZ page; code, issue tickets etc at the GitHub repository. If you like this or other open-source work I do, you can sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which are physically located there.

Richard Sanders is a blockchain analyst and investigator who advises the law enforcement and intelligence community. Sanders spent most of 2023 in Ukraine, traveling with Ukrainian soldiers while mapping the shifting landscape of Russian crypto exchanges that are laundering money for narcotics networks operating in the region.

More recently, Sanders has focused on identifying how dozens of popular cybercrime services are getting paid by their customers, and how they are converting cryptocurrency revenues into cash. For the past several months, he’s been signing up for various cybercrime services, and then tracking where their customer funds go from there.

The 122 services targeted in Sanders’ research include some of the more prominent businesses advertising on the cybercrime forums today, such as:

-abuse-friendly or “bulletproof” hosting providers like anonvm[.]wtf, and PQHosting;
-sites selling aged email, financial, or social media accounts, such as verif[.]work and kopeechka[.]store;
-anonymity or “proxy” providers like crazyrdp[.]com and rdp[.]monster;
-anonymous SMS services, including anonsim[.]net and smsboss[.]pro.

The site Verif dot work, which processes payments through Cryptomus, sells financial accounts, including debit and credit cards.

Sanders said he first encountered some of these services while investigating Kremlin-funded disinformation efforts in Ukraine, as they are all useful in assembling large-scale, anonymous social media campaigns.

According to Sanders, all 122 of the services he tested are processing transactions through a company called Cryptomus, which says it is a cryptocurrency payments platform based in Vancouver, British Columbia. Cryptomus’ website says its parent firm — Xeltox Enterprises Ltd. (formerly certa-pay[.]com) — is registered as a money service business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).

Sanders said the payment data he gathered also shows that at least 56 cryptocurrency exchanges are currently using Cryptomus to process transactions, including financial entities with names like casher[.]su, grumbot[.]com, flymoney[.]biz, obama[.]ru and swop[.]is.

These platforms are built for Russian speakers, and they each advertise the ability to anonymously swap one form of cryptocurrency for another. They also allow the exchange of cryptocurrency for cash in accounts at some of Russia’s largest banks — nearly all of which are currently sanctioned by the United States and other western nations.

A machine-translated version of Flymoney, one of dozens of cryptocurrency exchanges apparently nested at Cryptomus.

An analysis of their technology infrastructure shows that all of these exchanges use Russian email providers, and most are directly hosted in Russia or by Russia-backed ISPs with infrastructure in Europe (e.g. Selectel, Netwarm UK, Beget, Timeweb and DDoS-Guard). The analysis also showed nearly all 56 exchanges used services from Cloudflare, a global content delivery network based in San Francisco.

“Purportedly, the purpose of these platforms is for companies to accept cryptocurrency payments in exchange for goods or services,” Sanders told KrebsOnSecurity. “Unfortunately, it is next to impossible to find any goods for sale with websites using Cryptomus, and the services appear to fall into one or two different categories: Facilitating transactions with sanctioned Russian banks, and platforms providing the infrastructure and means for cyber attacks.”

Cryptomus did not respond to multiple requests for comment.

PHANTOM ADDRESSES?

The Cryptomus website and its FINTRAC listing say the company’s registered address is Suite 170, 422 Richards St. in Vancouver, BC. This address was the subject of an investigation published in July by CTV National News and the Investigative Journalism Foundation (IJF), which documented dozens of cases across Canada where multiple MSBs are incorporated at the same address, often without the knowledge or consent of the location’s actual occupant.

This building at 422 Richards St. in downtown Vancouver is the registered address for 90 money services businesses, including 10 that have had their registrations revoked. Image: theijf.org/msb-cluster-investigation.

Their inquiry found 422 Richards St. was listed as the registered address for at least 76 foreign currency dealers, eight MSBs, and six cryptocurrency exchanges. At that address is a three-story building that used to be a bank and now houses a massage therapy clinic and a co-working space. But they found none of the MSBs or currency dealers were paying for services at that co-working space.

The reporters found another collection of 97 MSBs clustered at an address for a commercial office suite in Ontario, even though there was no evidence these companies had ever arranged for any business services at that address.

Peter German, a former deputy commissioner for the Royal Canadian Mounted Police who authored two reports on money laundering in British Columbia, told the publications it goes against the spirit of Canada’s registration requirements for such businesses, which are considered high-risk for money laundering and terrorist financing.

“If you’re able to have 70 in one building, that’s just an abuse of the whole system,” German said.

Ten MSBs registered to 422 Richard St. had their registrations revoked. One company at 422 Richards St. whose registration was revoked this year had a director with a listed address in Russia, the publications reported. “Others appear to be directed by people who are also directors of companies in Cyprus and other high-risk jurisdictions for money laundering,” they wrote.

A review of FINTRAC’s registry (.CSV) shows many of the MSBs at 422 Richards St. are international money transfer or remittance services to countries like Malaysia, India and Nigeria. Some act as currency exchanges, while others appear to sell merchant accounts and online payment services. Still, KrebsOnSecurity could find no obvious connections between the 56 Russian cryptocurrency exchanges identified by Sanders and the dozens of payment companies that FINTRAC says share an address with the Cryptomus parent firm Xeltox Enterprises.

SANCTIONS EVASION

In August 2023, Binance and some of the largest cryptocurrency exchanges responded to sanctions against Russia by cutting off many Russian banks and restricting Russian customers to transactions in Rubles only. Sanders said prior to that change, most of the exchanges currently served by Cryptomus were handling customer funds with their own self-custodial cryptocurrency wallets.

By September 2023, Sanders said he found the exchanges he was tracking had all nested themselves like Matryoshka dolls at Cryptomus, which adds a layer of obfuscation to all transactions by generating a new cryptocurrency wallet for each order.

“They all simply moved to Cryptomus,” he said. “Cryptomus generates new wallets for each order, rendering ongoing attribution to require transactions with high fees each time.”

“Exchanges like Binance and OKX removing Sberbank and other sanctioned banks and offboarding Russian users did not remove the ability of Russians to transact in and out of cryptocurrency easily,” he continued. “In fact, it’s become easier, because the instant-swap exchanges do not even have Know Your Customer rules. The U.S. sanctions resulted in the majority of Russian instant exchanges switching from their self-custodial wallets to platforms, especially Cryptomus.”

Russian President Vladimir Putin in August signed a new law legalizing cryptocurrency mining and allowing the use of cryptocurrency for international payments. The Russian government’s embrace of cryptocurrency was a remarkable pivot: Bloomberg notes that as recently as January 2022, just weeks before Russia’s full-scale invasion of Ukraine, the central bank proposed a blanket ban on the use and creation of cryptocurrencies.

In a report on Russia’s cryptocurrency ambitions published in September, blockchain analysis firm Chainalysis said Russia’s move to integrate crypto into its financial system may improve its ability to bypass the U.S.-led financial system and to engage in non-dollar denominated trade.

“Although it can be hard to quantify the true impact of certain sanctions actions, the fact that Russian officials have singled out the effect of sanctions on Moscow’s ability to process cross-border trade suggests that the impact felt is great enough to incite urgency to legitimize and invest in alternative payment channels it once decried,” Chainalysis assessed.

Asked about its view of activity on Cryptomus, Chainanlysis said Cryptomus has been used by criminals of all stripes for laundering money and/or the purchase of goods and services.

“We see threat actors engaged in ransomware, narcotics, darknet markets, fraud, cybercrime, sanctioned entities and jurisdictions, and hacktivism making deposits to Cryptomus for purchases but also laundering the services using Cryptomos payment API,” the company said in a statement.

SHELL GAMES

It is unclear if Cryptomus and/or Xeltox Enterprises have any presence in Canada at all. A search in the United Kingdom’s Companies House registry for Xeltox’s former name — Certa Payments Ltd. — shows an entity by that name incorporated at a mail drop in London in December 2023.

The sole shareholder and director of that company is listed as a 25-year-old Ukrainian woman in the Czech Republic named Vira Krychka. Ms. Krychka was recently appointed the director of several other new U.K. firms, including an entity created in February 2024 called Globopay UAB Ltd, and another called WS Management and Advisory Corporation Ltd. Ms. Krychka did not respond to a request for comment.

WS Management and Advisory Corporation bills itself as the regulatory body that exclusively oversees licenses of cryptocurrencies in the jurisdiction of Western Sahara, a disputed territory in northwest Africa. Its website says the company assists applicants with bank setup and formation, online gaming licenses, and the creation and licensing of foreign exchange brokers. One of Certa Payments’ former websites — certa[.]website — also shared a server with 12 other domains, including rasd-state[.]ws, a website for the Central Reserve Authority of the Western Sahara.

The website crasadr dot com, the official website of the Central Reserve Authority of Western Sahara.

This business registry from the Czech Republic indicates Ms. Krychka works as a director at an advertising and marketing firm called Icon Tech SRO, which was previously named Blaven Technologies (Blaven’s website says it is an online payment service provider).

In August 2024, Icon Tech changed its name again to Mezhundarondnaya IBU SRO, which describes itself as an “experienced company in IT consulting” that is based in Armenia. The same registry says Ms. Krychka is somehow also a director at a Turkish investment venture. So much business acumen at such a young age!

For now, Canada remains an attractive location for cryptocurrency businesses to set up shop, at least on paper. The IJF and CTV News found that as of February 2024, there were just over 3,000 actively registered MSBs in Canada, 1,247 of which were located at the same building as at least one other MSB.

“That analysis does not include the roughly 2,700 MSBs whose registrations have lapsed, been revoked or otherwise stopped,” they observed. “If they are included, then a staggering 2,061 out of 5,705 total MSBs share a building with at least one other MSB.”

Kim Carson will explore the profound question of how to rediscover and define human purpose in the age of AI. With influences ranging from Brene Brown’s courage-centered leadership to Paulo Coelho’s exploration of personal destiny, Kim’s work weaves together practical strategies and philosophical insights, guiding audiences in understanding how AI can serve as a partner in awakening creativity, navigating uncertainty, and fostering a deeper connection with others and ourselves.

Her perspective also embraces the Dalai Lama’s call for compassion and balance, advocating for AI systems that enhance collective well-being while honoring the uniqueness of the individual. Carson invites audiences to experience AI not as a threat to human identity but as a catalyst for discovery and growth, empowering us to become co-creators of a future where technology supports our highest aspirations.

Discovering Open Source: How I Got Introduced
Hey there! I’m Divine Attah-Ohiemi, a sophomore studying Computer Science. My journey into the world of open source was anything but grand. It all started with a simple question to my sister: “How do people get jobs without experience?� Her answer? Open source! I dove into this vibrant community, and it felt like discovering a hidden treasure chest filled with knowledge and opportunities.

Choosing Debian: Why This Community?
Why Debian, you ask? Well, I applied to Outreachy twice, and both times, I chose Debian. It’s not just my first operating system; it feels like home. The Debian community is incredibly welcoming, like a big family gathering where everyone supports each other. Whether I was updating my distro or poring over documentation, the care and consideration in this community were palpable. It reminded me of the warmth of homeschooling with relatives. Plus, knowing that Debian's name comes from its creator Ian and his wife Debra adds a personal touch that makes me feel even more honored to contribute to making the website better!

Why I Applied to Outreachy: What Inspired Me
Outreachy is my golden ticket to the open source world! As a 19-year-old, I see this internship as a unique opportunity to gain invaluable experience while contributing to something meaningful. It’s the perfect platform for me to learn, grow, and connect with like-minded individuals who share my passion for technology and community.

I’m excited for this journey and can’t wait to see where it takes me! 🌟

One of the long-tenured developers, Douglas at Patrick's company left, which meant Patrick was called upon to pick up that share of the work. The code left behind by Douglas the departing developer was, well… code.

For example, this block of Java:

private String[] getDomainId(Collection<ParticularCaseEntity> particularCase) {
       
    // Get all domainId
    Collection<String> ids = new ArrayList<String>();
    for (ParticularCaseEntity case : particularCase) {
        ids.add(case.getDomainId());
    }

    Set<String> domainIdsWithoutRepeat = new HashSet<String>();
    domainIdsWithoutRepeat.addAll(ids);

    Collection<String> domainIds = new ArrayList<String>();
    for (String domainId : domainIdsWithoutRepeat) {
        domainIds.add(domainId);
    }
    return domainIds.toArray(new String[0]);       
}

The purpose of this code is to get a set of "domain IDs"- a set, specifically, because we want them without duplicates. And this code takes the long way around to do it.

First, it returns a String[]- but logically, what it should return is a set. Maybe it's meant to comply with an external interface, but it's a private method- so I actually think this developer just didn't understand collection types at all.

And I have more evidence for that, which is the rest of this code.

We iterate across our ParticularCaseEntitys, and add each one to an array list. Then we create a hash set, and add all of those to a hash set. Then we create another array list, and add each entry in the set to the array list. Then we convert that array list into an array so we can return it.

At most, we really only needed the HashSet. But this gives us a nice tour of all the wrong data structures to use for this problem, which is helpful.

Speaking of helpful, it didn't take long for Patrick's employer to realize that having Patrick doing his job, and also picking up the work that Douglas used to do was bad. So they opened a new position, at a higher pay grade, hoping to induce a more senior developer to step in. And wouldn't you know, after 6 months, they found a perfect candidate, who had just finished a short six month stint at one of their competitors: Douglas!

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Author: Majoki On Splinx, you have to follow the rules if you wanna break the law. Rule 1: Phasespace is your friend. Rule 2: In phasespace you have no friends. Seems simple enough until you try to skirt the laws of thermodynamics and attempt the biggest heist in quantum gambling history. And Splinx, being the […]

The post Splynx appeared first on 365tomorrows.

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks.

The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that could let an authenticated attacker gain “system” level privileges on a vulnerable Windows device.

The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years.

“Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett, lead software engineer at Rapid7. “Expect more CLFS zero-day vulnerabilities to emerge in the future, at least until Microsoft performs a full replacement of the aging CLFS codebase instead of offering spot fixes for specific flaws.”

Elevation of privilege vulnerabilities accounted for 29% of the 1,009 security bugs Microsoft has patched so far in 2024, according to a year-end tally by Tenable; nearly 40 percent of those bugs were weaknesses that could let attackers run malicious code on the vulnerable device.

Rob Reeves, principal security engineer at Immersive Labs, called special attention to CVE-2024-49112, a remote code execution flaw in the Lightweight Directory Access Protocol (LDAP) service on every version of Windows since Windows 7. CVE-2024-49112 has been assigned a CVSS (badness) score of 9.8 out of 10.

“LDAP is most commonly seen on servers that are Domain Controllers inside a Windows network and LDAP must be exposed to other servers and clients within an enterprise environment for the domain to function,” Reeves said. “Microsoft hasn’t released specific information about the vulnerability at present, but has indicated that the attack complexity is low and authentication is not required.”

Tyler Reguly at the security firm Fortra had a slightly different 2024 patch tally for Microsoft, at 1,088 vulnerabilities, which he said was surprisingly similar to the 1,063 vulnerabilities resolved in 2023 and the 1,119 vulnerabilities resolved in 2022.

“If nothing else, we can say that Microsoft is consistent,” Reguly said. “While it would be nice to see the number of vulnerabilities each year decreasing, at least consistency lets us know what to expect.”

If you’re a Windows end user and your system is not set up to automatically install updates, please take a minute this week to run Windows Update, preferably after backing up your system and/or important data.

System admins should keep an eye on AskWoody.com, which usually has the details if any of the Patch Tuesday fixes are causing problems. In the meantime, if you run into any problems applying this month’s fixes, please drop a note about in the comments below.

As someone who daily drives rolling release operating systems, having a bootable USB stick with a live install of Debian is essential. It has saved reverting broken packages and making my device bootable again at least a couple of times. However, creating a bootable USB stick usually uses the entire storage of the USB stick, which seems unnecessary given that USB sticks easily have 64GiB or more these days while live ISOs still don’t use more than 8GiB.

In this how-to, I will explain how to create a bootable USB stick, that also holds a FAT32 partition, which allows the USB stick used as usual.

Creating the partition partble

The first step is to create the partition table on the new drive. There are several tools to do this, I recommend the ArchWiki page on this topic for details. For best compatibility, MBR should be used instead of the more modern GPT. For simplicity I just went with the GParted since it has an easy GUI, but feel free to use any other tool. The layout should look like this:

Type  │ Partition │ Suggested size
──────┼───────────┼───────────────
EFI   │ /dev/sda1 │           8GiB
FAT32 │ /dev/sda2 │      remainder

Notes:

• The disk names are just an example and have to be adjusted for your system.
• Don’t set disk labels, they don’t appear on the new install anyway and some UEFIs might not like it on your boot partition.
• If you used GParted, create the EFI partition as FAT32 and set the esp flag.

Mounting the ISO and USB stick

The next step is to download your ISO and mount it. I personally use a Debian Live ISO for this. To mount the ISO, use the loop mounting option:

mkdir -p /tmp/mnt/iso
sudo mount -o loop /path/to/image.iso /tmp/mnt/iso

Similarily, mount your USB stick:

mkdir -p /tmp/mnt/usb
sudo mount /dev/sda1 /tmp/mnt/usb

Copy the ISO contents

To copy the contents from the ISO to the USB stick, use this command:

sudo cp -r -L /tmp/mnt/iso/. /tmp/mnt/usb

The -L option is required to deference the symbolic links present in the ISO, since FAT32 does not support symbolic links. Note that you might get warning about cyclic symbolic links. Nothing can be done to fix those, except hoping that they won’t cause a problem. For me this never was a problem though.

Finishing touches

Umnount the ISO and USB stick:

sudo umount /tmp/mnt/usb
sudo umount /tmp/mnt/iso

Now the USB stick should be bootable and have a usable data partition that can be used on essentially every operating system. I recommend testing that the stick is bootable to make sure it actually works in case of an emergency.

Rob's co-worker needed to write a loop that iterated across every element in an array. This very common problem, and you'd imagine that a developer would use one of the many common solutions to this problem. The language, in this case, is JavaScript, which has many possible options for iterating across an array.

Perhaps that buffet of possible options was too daunting. Perhaps the developer thought to themselves, "a for each loop is easy mode, I'm a 10x programmer, and I want a 10x solution!" Or perhaps they just didn't know what the hell they were doing.

Regardless of why, this is the result:

try {
  var index = 0;
  while (true) {
    var nextItem = someArray[index];
    doSomethingWithItem(nextItem);
    index++;
  }
} catch (e) { }

This code iterates across the array in an infinite while loop, passing each item to doSomethingWithItem. Eventually, they hit the end of the array, and someArray[index] starts returning undefined. Somewhere, deep in doSomethingWithItem, that causes an exception to be thrown.

That is how we break out of the loop- eventually something chokes on an undefined value, which lets us know there's nothing left in the array.

Which puts us in an interesting position- if anyone decided to add better error handling to doSomethingWithItem, the entire application could break, and it wouldn't be obvious why. This is a peak example of "every change breaks somebody's workflow", but specifically because that workflow is stupid.

Author: Don Nigroni From my source, I knew there was a lot of debate concerning whether we should blow up that spacecraft before it got near Earth. It had suddenly and inexplicably appeared between Mars and Earth last night. It was obviously from another planet and might have been manned, but the fear was that, […]

The post A Fresh Start appeared first on 365tomorrows.

I haven't made one of these posts since... last year? Good lord. I've therefore already read and reviewed a lot of these books.

Kemi Ashing-Giwa — The Splinter in the Sky (sff)
Moniquill Blackgoose — To Shape a Dragon's Breath (sff)
Ashley Herring Blake — Delilah Green Doesn't Care (romance)
Ashley Herring Blake — Astrid Parker Doesn't Fail (romance)
Ashley Herring Blake — Iris Kelly Doesn't Date (romance)
Molly J. Bragg — Scatter (sff)
Sarah Rees Breenan — Long Live Evil (sff)
Michelle Browne — And the Stars Will Sing (sff)
Steven Brust — Lyorn (sff)
Miles Cameron — Beyond the Fringe (sff)
Miles Cameron — Deep Black (sff)
Haley Cass — Those Who Wait (romance)
Sylvie Cathrall — A Letter to the Luminous Deep (sff)
Ta-Nehisi Coates — The Message (non-fiction)
Julie E. Czerneda — To Each This World (sff)
Brigid Delaney — Reasons Not to Worry (non-fiction)
Mar Delaney — Moose Madness (sff)
Jerusalem Demsas — On the Housing Crisis (non-fiction)
Michelle Diener — Dark Horse (sff)
Michelle Diener — Dark Deeds (sff)
Michelle Diener — Dark Minds (sff)
Michelle Diener — Dark Matters (sff)
Elaine Gallagher — Unexploded Remnants (sff)
Bethany Jacobs — These Burning Stars (sff)
Bethany Jacobs — On Vicious Worlds (sff)
Micaiah Johnson — Those Beyond the Wall (sff)
T. Kingfisher — Paladin's Faith (sff)
T.J. Klune — Somewhere Beyond the Sea (sff)
Mark Lawrence — The Book That Wouldn't Burn (sff)
Mark Lawrence — The Book That Broke the World (sff)
Mark Lawrence — Overdue (sff)
Mark Lawrence — Returns (sff collection)
Malinda Lo — Last Night at the Telegraph Club (historical)
Jessie Mihalik — Hunt the Stars (sff)
Samantha Mills — The Wings Upon Her Back (sff)
Lyda Morehouse — Welcome to Boy.net (sff)
Cal Newport — Slow Productivity (non-fiction)
Naomi Novik — Buried Deep and Other Stories (sff collection)
Claire O'Dell — The Hound of Justice (sff)
Keanu Reeves & China Miéville — The Book of Elsewhere (sff)
Kit Rocha — Beyond Temptation (sff)
Kit Rocha — Beyond Jealousy (sff)
Kit Rocha — Beyond Solitude (sff)
Kit Rocha — Beyond Addiction (sff)
Kit Rocha — Beyond Possession (sff)
Kit Rocha — Beyond Innocence (sff)
Kit Rocha — Beyond Ruin (sff)
Kit Rocha — Beyond Ecstasy (sff)
Kit Rocha — Beyond Surrender (sff)
Kit Rocha — Consort of Fire (sff)
Geoff Ryman — HIM (sff)
Melissa Scott — Finders (sff)
Rob Wilkins — Terry Pratchett: A Life with Footnotes (non-fiction)
Gabrielle Zevin — Tomorrow, and Tomorrow, and Tomorrow (mainstream)

That's a lot of books, although I think I've already read maybe a third of them? Which is better than I usually do.

A bit of history: Drupal at my workplace (and in Debian)

My main day-to-day responsibility in my workplace is, and has been for 20 years, to take care of the network infrastructure for UNAM’s Economics Research Institute. One of the most visible parts of this responsibility is to ensure we have a working Web presence, and that it caters for the needs of our academic community.

I joined the Institute in January 2005. Back then, our designer pushed static versions of our webpage, completely built in her computer. This was standard practice at the time, and lasted through some redesigns, but I soon started advocating for the adoption of a Content Management System. After evaluating some alternatives, I recommended adopting Drupal. It took us quite a bit to do the change: even though I clearly recall starting work toward adopting it as early as 2006, according to the Internet Archive, we switched to a Drupal-backed site around June 2010. We started using it somewhere in the version 6’s lifecycle.

As for my Debian work, by late 2012 I started getting involved in the maintenance of the drupal7 package, and by April 2013 I became its primary maintainer. I kept the drupal7 package up to date in Debian until ≈2018; the supported build methods for Drupal 8 are not compatible with Debian (mainly, bundling third-party libraries and updating them without coordination with the rest of the ecosystem), so towards the end of 2016, I announced I would not package Drupal 8 for Debian.

By March 2016, we migrated our main page to Drupal 7. By then, we already had several other sites for our academics’ projects, but my narrative follows our main Web site. I did manage to migrate several Drupal 6 (D6) sites to Drupal 7 (D7); it was quite involved process, never transparent to the user, and we did have the backlash of long downtimes (or partial downtimes, with sites half-available only) with many of our users. For our main site, we took the opportunity to do a complete redesign and deployed a fully new site.

You might note that March 2016 is after the release of D8 (November 2015). I don’t recall many of the specifics for this decision, but if I’m not mistaken, building the new site was a several months long process — not only for the technical work of setting it up, but for the legwork of getting all of the needed information from the different areas that need to be represented in the Institute. Not only that: Drupal sites often include tens of contributed themes and modules; the technological shift the project underwent between its 7 and 8 releases was too deep, and modules took a long time (if at all — many themes and modules were outright dumped) to become available for the new release.

Naturally, the Drupal Foundation wanted to evolve and deprecate the old codebase. But the pain to migrate from D7 to D8 is too big, and many sites have remained under version 7 — Eight years after D8’s release, almost 40% of Drupal installs are for version 7, and a similar proportion runs a currently-supported release (10 or 11). And while the Drupal Foundation made a great job at providing very-long-term support for D7, I understand the burden is becoming too much, so close to a year ago (and after pushing several times the D7, they finally announced support will finish this upcoming January 5.

Drupal 7 must go!

I found the following usage graphs quite interesting: the usage statistics for all Drupal versions follows a very positive slope, peaking around 2014 during the best years of D7, and somewhat stagnating afterwards, staying since 2015 at the 25000–28000 sites mark (I’m very tempted to copy the graphs, but builtwith’s terms of use are very clear in not allowing it). There is a sharp drop in the last year — I attribute it to the people that are leaving D7 for other technologies after its end-of-life announcement. This becomes clearer looking only at D7’s usage statistics: D7 peaks at ≈15000 installs in 2016 stays there for close to 5 years, and has a sharp drop to under 7500 sites in the span of one year.

D8 has a more “regular� rise, peak and fall peaking at ~8500 between 2020 and 2021, and down to close to 2500 for some months already; D9 has a very brief peak of almost 9000 sites in 2023 and is now close to half of it. Currently, the Drupal king appears to be D10, still on a positive slope and with over 9000 sites. Drupal 11 is still just a blip in builtwith’s radar, with… 3 registered sites as of September 2024 :-�

After writing this last paragraph, I came across the statistics found in the Drupal webpage; the methodology for acquiring its data is completely different: while builtwith’s methodology is their trade secret, you can read more about how Drupal’s data is gathered (and agree or disagree with it 😉, but at least you have a page detailing 12 years so far of reported data, producing the following graph (which can be shared under the CC BY-SA license 😃):

This graph is disgregated into minor versions, and I don’t want to come up with yet another graph for it 😉 but it supports (most of) the narrative I presented above… although I do miss the recent drop builtwith reported in D7’s numbers!

And what about Backdrop?

During the D8 release cycle, a group of Drupal developers were not happy with the depth of the architectural changes that were being adopted, particularly the transition to the Symfony PHP component framework, and forked the D7 codebase to create the Backdrop CMS, a modern version of Drupal, without dropping the known and tested architecture it had. The Backdrop developers keep working closely together with the Drupal community, and although its usage numbers are way smaller than Drupal’s, seems to be sustainable and lively. Of course, as I presented their numbers in the previous section, you can see Backdrop’s numbers in builtwith… are way, way lower.

I have found it to be a very warm and welcoming community, eager to receive new members. And, thanks to its contributed D2B Migrate module, I found it is quite easy to migrate a live site from Drupal 7 to Backdrop.

Migration by playbook!

So… Well, I’m an academic. And (if it’s not obvious to you after reading so far 😉), one of the things I must do in my job is to write. So I decided to write an article to invite my colleagues to consider Backdrop for their D7 sites in Cuadernos Técnicos Universitarios de la DGTIC, a young journal in our university for showcasing technical academical work. And now that my article got accepted and published, I’m happy to share it with you — of course, if you can read Spanish 😉 But anyway…

Given I have several sites to migrate, and that I’m trying to get my colleagues to follow suite, I decided to automatize the migration by writing an Ansible playbook to do the heavy lifting. Of course, the playbook’s users will probably need to tweak it a bit to their personal needs. I’m also far from an Ansible expert, so I’m sure there is ample room fo improvement in my style.

But it works. Quite well, I must add.

But with this size of database…

I did stumble across a big pebble, though. I am working on the migration of one of my users’ sites, and found that its database is… huge. I checked the mysqldump output, and it got me close to 3GB of data. And given the D2B_migrate is meant to work via a Web interface (my playbook works around it by using a client I wrote with Perl’s WWW::Mechanize), I repeatedly stumbled with PHP’s maximum POST size, maximum upload size, maximum memory size…

I asked for help in Backdrop’s Zulip chat site, and my attention was taken off fixing PHP to something more obvious: Why is the database so large? So I took a quick look at the database (or rather: my first look was at the database server’s filesystem usage). MariaDB stores each table as a separate file on disk, so I looked for the nine largest tables:

# ls -lhS|head
total 3.8G
-rw-rw---- 1 mysql mysql 2.4G Dec 10 12:09 accesslog.ibd
-rw-rw---- 1 mysql mysql 224M Dec  2 16:43 search_index.ibd
-rw-rw---- 1 mysql mysql 220M Dec 10 12:09 watchdog.ibd
-rw-rw---- 1 mysql mysql 148M Dec  6 14:45 cache_field.ibd
-rw-rw---- 1 mysql mysql  92M Dec  9 05:08 aggregator_item.ibd
-rw-rw---- 1 mysql mysql  80M Dec 10 12:15 cache_path.ibd
-rw-rw---- 1 mysql mysql  72M Dec  2 16:39 search_dataset.ibd
-rw-rw---- 1 mysql mysql  68M Dec  2 13:16 field_revision_field_idea_principal_articulo.ibd
-rw-rw---- 1 mysql mysql  60M Dec  9 13:19 cache_menu.ibd

A single table, the access log, is over 2.4GB long. The three following tables are, cache tables. I can perfectly live without their data in our new site! But I don’t want to touch the slightest bit of this site until I’m satisfied with the migration process, so I found a way to exclude those tables in a non-destructive way: given D2B_migrate works with a mysqldump output, and given that mysqldump locks each table before starting to modify it and unlocks it after its job is done, I can just do the following:

$ perl -e '$output = 1; while (<>) { $output=0 if /^LOCK TABLES `(accesslog|search_index|watchdog|cache_field|cache_path)`/; $output=1 if /^UNLOCK TABLES/; print if $output}' < /tmp/d7_backup.sql  > /tmp/d7_backup.eviscerated.sql; ls -hl /tmp/d7_backup.sql /tmp/d7_backup.eviscerated.sql
-rw-rw-r-- 1 gwolf gwolf 216M Dec 10 12:22 /tmp/d7_backup.eviscerated.sql
-rw------- 1 gwolf gwolf 2.1G Dec  6 18:14 /tmp/d7_backup.sql

Five seconds later, I’m done! The database is now a tenth of its size, and D2B_migrate is happy to take it. And I’m a big step closer to finishing my reliance on (this bit of) legacy code for my highly-visible sites 😃

Good survey paper.

Blog moderation policy.

Surprising no one, it’s easy to trick an LLM-controlled robot into ignoring its safety instructions.

This is going to be interesting.

It’s a video of someone trying on a variety of printed full-face masks. They won’t fool anyone for long, but will survive casual scrutiny. And they’re cheap and easy to swap.

Debian LTS

This was my hundred-twenty-fifth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. During my allocated time I uploaded or worked on:

• [DLA 3968-1] netatalk security update to fix four CVEs related to heap buffer overflow and writing arbitrary files. The patches have been prepared by the maintainer.
• [DLA 3976-1] tgt update to fix one CVE related to not using a propper seed for rand()
• [DLA 3977-1] xfpt update to fix one CVE related to a stack-based buffer overflow
• [DLA 3978-1] editorconfig-core update to fix two CVEs related to buffer overflows.

I also continued to work on a fix for glewlwyd, which is more difficult than expected. Besides I started to work on ffmpeg and haproxy.

Last but not least I did a week of FD this month and attended the monthly LTS/ELTS meeting.

Debian ELTS

This month was the seventy-sixth ELTS month. During my allocated time I uploaded or worked on:

• [ELA-1259-1]editorconfig-core security update for two CVEs in Buster to fix buffer overflows.

I also started to work on a fix for kmail-account-wizzard. Unfortunately preparing a testing environment takes some time and I did not finish testing this month. Besides I started to work on ffmpeg and haproxy.

Last but not least I did a week of FD this month and attended the monthly LTS/ELTS meeting.

Debian Printing

Unfortunately I didn’t found any time to work on this topic.

Debian Matomo

Unfortunately I didn’t found any time to work on this topic.

Debian Astro

This month I uploaded new packages or new upstream or bugfix versions of:

• … planetary-system-stacker

I also sponsored an upload of calceph.

Debian IoT

This month I uploaded new upstream or bugfix versions of:

• … libjwt
• … libmatthew-java

Debian Mobcom

This month I uploaded new packages or new upstream or bugfix versions of:

• … libosmo-cc (package prepared by Nathan)
• … libosmo-abis

misc

This month I uploaded new upstream or bugfix versions of:

• … setserial
• … rplay

I also did some NMU of opensta, kdrill, glosstex, irsim, pagetools, afnix, cpm, to fix some RC bugs.

FTP master

This month I accepted 266 and rejected 16 packages. The overall number of packages that got accepted was 269.

Alice has the dubious pleasure of working with SalesForce. Management wants to make sure that any code is well tested, so they've set a requirement that all deployed code needs 75% code coverage. Unfortunately, properly configuring a code coverage tool is too hard, so someone came up with a delightful solution: just count how many lines are in your tests and how many lines are in your code, and make sure that your tests make up 75% of the total codebase.

Given those metrics, someone added this test:

public void testThis() {
    int i = 0;
    i++;
    i++;
    i++;
    i++;
    i++;

    // snip 35,990 lines

    i++;
    i++;
    i++;
    i++;
}

Keep adding lines, and you could easily get close to 100% code coverage, this way. Heck, if you get close enough to round up, it'll look like 100% code coverage.

Author: Julian Miles, Staff Writer My principal settles comfortably and waves us off, indicating we should exit and close the door. We’re just by that door when all our proximity alerts shriek. As one, we spin about and rush to protect him. After all, if he dies, we don’t get paid – and quite possibly […]

The post Near Miss appeared first on 365tomorrows.

Focus

This month I didn't have any particular focus. I just worked on issues in my info bubble.

Changes

• swh-web: adjust admin contact wording
• zygolophodon: add option to output links
• ArchiveBot: ignore more URL sharing sites, add option to hide filtered jobs
• Debian wiki pages: PortsDocs/New, bugs.debian.org/usertags, Statistics, Teams/Debbugs/ArchitectureTags

Issues

• Feature in trurl
• Warnings in imediff

Review

• Patches: plasma-browser-integration webext

  Administration

• Debian IRC: set secret mode for an unused channel that traps people

Communication

• Respond to queries from Debian users and contributors on IRC

Sponsors

The SWH work was sponsored. All other work was done on a volunteer basis.

If Australia wins the current Test series against India, it would be the first time since 1968-69 that it has won a five-game series at home after losing the first Test. That season, Australia played the West Indies and lost the first Test at Brisbane.

But the locals then bounced back with wins in Melbourne and Sydney, before a thriller in Adelaide ended in a draw. The fifth and final game saw the West Indies thrashed by 382 runs in Sydney, giving the home team a 3-1 series win.

Australia’s win against India in the second Test of the current series has levelled things at 1-1, with three games left. Brisbane, Melbourne and Sydney will host those three Tests. Given the way the series has see-sawed thus far, it is difficult to predict with any degree of certainty the outcome of these three games.

I remember the 1968-69 series as if it were yesterday because I listened to commentary on the games from Radio Ceylon (the old name for Sri Lanka). Commentary was broadcast from both England and Australia – despite the fact that Ceylon was not even close to gaining admission to the club of Test-playing nations. I was then a 11-year-old, obsessed with the game and more so when the West Indies were involved.

I recall clearly the gravelly tone of Australian expert Alan McGilvray and the language of West Indies ace Tony Cozier as they covered the game. Their knowledge of the game was vast, they both had extensive vocabularies and their commentary was both entertaining and exciting.

The 1968-69 West indies team was an ageing one with the pace duo of Wes Hall and Charlie Griffith heading the bowling attack. Lance Gibbs was the main spinner while Gary Sobers was captain. The team was not expected to do well against a strong Australian outfit which included Ian Chappell, Doug Walters and Ian Redpath. Leading the team was one of the meanest captains of all time: Bill Lawry.

Surprisingly, the West Indies took the lead in Brisbane, despite a first-day collapse, when they floundered from 188 for one to 267 for nine at the end of the first day. Ending on 296, they, again surprisingly, bowled out Australia for 284, a total largely built on centuries from Lawry and Chappell.

The West Indies’ second innings seemed to be going nowhere until Clive Lloyd stepped in with a blistering knock of 129. He was aided by opener Joey Carew who was batting down the order due to an injury and contributed 71. The West Indies set Australia 366 to win.

Sobers opened the bowling and came up with a superlative performance, in fact returning what would turn out to be his best Test figures of six for 73, to ensure a 125-run for the visitors.

At the MCG, on what was the first Boxing Day Test, the West Indies went into reverse. Apart from Roy Fredericks, who was making his debut and contributed 76, the Windies had no answer to Graham McKenzie who took eight for 71.

Lawry (205) and Chappell (165), along with Walters’ contribution of 76, ensured a 310-run lead for the home team. Only Seymour Nurse (74) and Sobers (67) made any scores of note in the West Indies second effort as they were soundly beaten by an innings and 30 runs. Leggie John Gleeson grabbed five wickets in this rout.

Come the third Test and it was more of the same. The West Indies batted first after winning the toss and could only muster 264. Australia, with Walters scoring the first of his centuries in the series, took a 283-run lead and then kept the Windies down to 324 in their second innings. Basil Butcher top-scored with 101 and Rohan Kanhai got 69 but they were the only two to make meaningful scores. Australia needed only 42 in the fourth innings to take a 2-1 lead.

The fourth Test was a classic. West Indies again batted first and a swashbuckling 110 from Sobers carried them to 276. Australia ensured that they would have a massive lead once again, reaching 533 off the back of Walters (110) and half-centuries from Lawry, Keith Stackpole, Chappell, Paul Sheahan and McKenzie.

This time, however, the West Indies did not fold. They reached 261 for three at the end of day three with Carew (90) and Kanhai (80) being responsible for the resistance. The next day, there was more of the same, with even nightwatchman Griffith (44) getting among the runs, and Butcher scoring his second ton of the series.

Things seemed to be approaching the end when the West Indies were 492 for eight but then David Holford (80) and Jackie Hendricks (36) took over and carried the total beyond 600.

The final day saw Australia chasing 360 to win. Lawry (89) and Chappell (96) looked to be leading the way to victory but then a spate of run-outs – including Griffith running out Redpath who was backing up too far – saw Australia start the final over at 333 for nine, with Sheahan to face eight balls from Griffith. He managed to block those eight deliveries successfully and Australia escaped with a draw. [As an aside, the Ceylon Daily News did not know how to describe Redpath’s dismissal, so it simply printed “I. Redpath…………………..9 on its sports pages. The unofficial name for such a dismissal was being Mankaded as the first person to effect such a dismissal in the modern era was Indian Vinoo Mankad.]

The final Test was an anti-climax after the heroics of Adelaide. Sobers inserted the Australians after winning the toss – and had to watch as the home team amassed 619, with Walters getting another ton, this time a double. Lawry added to his tally as well, with 151.

The West Indies could only manage 279 in reply, but Lawry, determined to grind his opponents into the ground, batted a second time and set the visitors 735 to win. Walters got a second ton in the match, becoming the first batsman in Test history to do so. [As of today, eight batsmen have achieved this feat.]

When the West Indies collapsed (yet again) to 102 for five in pursuit of this huge target, the match looked destined to end before the final day. But Sobers and Nurse did not give up. Nurse was injured but both got centuries, and finally the West Indies ended up with 352.

With five games in a series, there can always be twists and turns in a cricket match. Only only hopes that the remaining Australia-India Tests are even half as exciting as the Adelaide Test of 1968-69.

This week on my podcast, I read the sixth and final installment of “Spill“, a new Little Brother story commissioned by Clay F Carlson and published on Reactor, the online publication of Tor Books. Also available in DRM-free ebook form as a Tor Original. Spill will be reprinted in Allen Kaster’s 2025 Year’s Best SF on Earth.

I didn’t plan to go to Oklahoma, but I went to Oklahoma.

My day job is providing phone tech support to people in offices who use my boss’s customer-relationship management software. In theory, I can do that job from anywhere I can sit quietly on a good Internet connection for a few hours a day while I’m on shift. It’s a good job for an organizer, because it means I can go out in the field and still pay my rent, so long as I can park a rental car outside of a Starbucks, camp on their WiFi, and put on a noise-canceling headset. It’s also good organizer training because most of the people who call me are angry and confused and need to have something difficult and technical explained to them.

My comrades started leaving for Oklahoma the day the Water Protector camp got set up. A lot of them—especially my Indigenous friends—were veterans of the Line 3 Pipeline, the Dakota Access Pipeline, and other pipeline fights, and they were plugged right into that network.

The worse things got, the more people I knew in OK. My weekly affinity group meeting normally had twenty people at it. One week there were only ten of us. The next week, three. The next week, we did it on Zoom (ugh) and most of the people on the line were in OK, up on “Facebook Hill,” the one place in the camp with reliable cellular data signals.

MP3

Debian Contributions: 2024-11

Contributing to Debian is part of Freexian’s mission. This article covers the latest achievements of Freexian and their collaborators. All of this is made possible by organizations subscribing to our Long Term Support contracts and consulting services.

Transition management, by Emilio Pozuelo Monfort

Emilio has been helping finish the mpi-defaults switch to mpich on 32-bit architectures, and the openmpi transitions. This involves filing bugs for the reverse dependencies, doing NMUs, and requesting removals for outdated (Not Built from Source) binaries on 32-bit architectures where openmpi is no longer available. Those transitions got entangled with a few others, such as the petsc stack, and were blocking many packages from migrating to testing. These transitions were completed in early December.

cPython 3.12.7+ update uploads, by Stefano Rivera

Python 3.12 had failed to build on mips64el, due to an obscure dh_strip failure. The mips64el porters never figured it out, but the missing build on mips64el was blocking migration to Debian testing. After waiting a month, enough changes had accumulated in the upstream 3.12 maintenance git branch that we could apply them in the hope of changing the output enough to avoid breaking dh_strip. This worked.

Of course there were other things to deal with too. A test started failing due to a Debian-specific patch we carry for python3.x-minimal, and it needed to be reworked. And Stefano forgot to strip the trailing + from PY_VERSION, which confuses some python libraries. This always requires another patch when applying git updates from the maintenance branch. Stefano added a build-time check to catch this mistake in the future. Python 3.12.7 migrated.

Python 3.13 Transition, by Stefano Rivera and Colin Watson

During November the Python 3.13-add transition started. This is the first stage of supporting a new version of Python in Debian archive (after preparatory work), adding it as a new supported but non-default version. All packages with compiled Python extensions need to be re-built to add support for the new version.

We have covered the lead-up to this transition in the past. Due to preparation, many of the failures we hit were expected and we had patches waiting in the bug tracker. These could be NMUed to get the transition moving. Others had been known about but hadn’t been worked on, yet.

Some other packages ran into new issues, as we got further into the transition than we’d been able to in preparation. The whole Debian Python team has been helping with this work.

The rebuild stage of the 3.13-add transition is now over, but many packages need work before britney will let python3-defaults migrate to testing.

Limiting build concurrency based on available RAM, by Helmut Grohne

In recent years, the concurrency of CPUs has been increasing as has the demand for RAM by linkers. What has not been increasing as quickly is the RAM supply in typical machines. As a result, we more frequently run into situations where the package builds exhaust memory when building at full concurrency. Helmut initiated a discussion about generalizing an approach to this in Debian packages. Researching existing code that limits concurrency as well as providing possible extensions to debhelper and dpkg to provide concurrency limits based on available system RAM. Thus far there is consensus on the need for a more general solution, but ideas are still being collected for the precise solution.

MiniDebConf Toulouse at Capitole du Libre

The whole Freexian Collaborator team attended MiniDebConf Toulouse, part of the Capitole du Libre event. Several members of the team gave talks:

• Santiago spoke on Linux Live Patching in Debian, presenting an update on the idea since DebConf 24. This includes the initial requirements for the livepatch package format, that would be used to distribute the livepatches.
• Stefano, Colin, Enrico, and Carles spoke on Using Debusine to Automate QA.
• Santiago and Roberto spoke on How LTS Goes Beyond LTS.
• Helmut spoke on Cross Building.
• Carles gave a lightning talk on po-debconf-manager.

Stefano and Anupa worked as part of the video team, streaming and recording the event’s talks.

Miscellaneous contributions

• Stefano looked into packaging the latest upstream python-falcon version in Debian, in support of the Python 3.13 transition. This appeared to break python-hug, which is sadly looking neglected upstream, and the best course of action is probably its removal from Debian.

• Stefano uploaded videos from various 2024 Debian events to PeerTube and YouTube.

• Stefano and Santiago visited the site for DebConf 2025 in Brest, after the MiniDebConf in Toulouse, to meet with the local team and scout out the venue.

  The on-going DebConf 25 organization work of last month also included handling the logo and artwork call for proposals.

• Stefano helped the press team to edit a post for bits.debian.org on OpenStreetMap’s migration to Debian.

• Carles implemented multiple language support on po-debconf-manager and tested it using Portuguese-Brazilian during MiniDebConf Toulouse. The system was also tested and improved by reviewing more than 20 translations to Catalan, creating merge requests for those packages, and providing user support to new users. Additionally, Carles implemented better status transitions, configuration keys management and other small improvements.

• Helmut sent 32 patches for cross build failures. The wireplumber one was an interactive collaboration with Dylan Aïssi.

• Helmut continued to monitor the /usr-move, sent a patch for lib64readline8 and continued several older patch conversations. lintian now reports some aliasing issues in unstable.

• Helmut initiated a discussion on the semantics of *-for-host packages. More feedback is welcome.

• Helmut improved the crossqa.debian.net infrastructure to fail running lintian less often in larger packages.

• Helmut continued maintaining rebootstrap mostly dropping applied patches and continuing discussions of submitted patches.

• Helmut prepared a non-maintainer upload of gzip for several long-standing bugs.

• Colin came up with a plan for resolving the multipart vs. python-multipart name conflict, and began work on converting reverse-dependencies.

• Colin upgraded 42 Python packages to new upstream versions. Some were complex: python-catalogue had some upstream version confusion, pydantic and rpds-py involved several Rust package upgrades as prerequisites, and python-urllib3 involved first packaging python-quart-trio and then vendoring an unpackaged test-dependency.

• Colin contributed Incus support to needrestart upstream.

• Lucas set up a machine to do a rebuild of all ruby reverse dependencies to check what will be broken by adding ruby 3.3 as an alternative interpreter. The tool used for this is mass-rebuild and the initial rebuilds have already started. The ruby interpreter maintainers are planning to experiment with debusine next time.

• Lucas is organizing a Debian Ruby sprint towards the end of January in Paris. The plan of the team is to finish any missing bits of Ruby 3.3 transition at the time, try to push Rails 7 transition and fix RC bugs affecting the ruby ecosystem in Debian.

• Anupa attended a Debian Publicity team meeting in-person during MiniDebCamp Toulouse.

• Anupa moderated and posted in the Debian Administrator group in LinkedIn.

A new version of our pinp package arrived on CRAN today, and is the first release in four years. The pinp package allows for snazzier one or two column Markdown-based pdf vignettes, and is now used by a few packages. A screenshot of the package vignette can be seen below. Additional screenshots are at the pinp page.

This release contains no new features or new user-facing changes but reflects the standard package and repository maintenance over the four-year window since the last release: updating of actions, updating of URLs and addressing small packaging changes spotted by ever-more-vigilant R checking code.

The NEWS entry for this release follows.

Changes in pinp version 0.0.11 (2024-12-08)

• Standard package maintenance for continuous integration, URL updates, and packaging conventions

• Correct two minor nags in the Rd file

Courtesy of my CRANberries, there is a diffstat report relative to previous release. More detailed information is on the ping page. For questions or comments use the issue tracker off the GitHub repo. If you like this or other open-source work I do, you can sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Intro

I always find it amazing the opportunities I have thanks to my contributions to the Debian Project. I am happy to receive this recognition through the help I receive with travel to attend events in other countries.

This year, two MiniDebConfs were scheduled for the second half of the year in Europe: the traditional edition in Cambridge in UK and a new edition in Toulouse in France. After weighing the difficulties and advantages that I would have to attend one of them, I decided to choose Toulouse, mainly because it was cheaper and because it was in November, giving me more time to plan the trip. I contacted the current DPL Andreas Tille explaining my desire to attend the event and he kindly approved my request for Debian to pay for the tickets. Thanks again to Andreas!

MiniDebConf Toulouse 2024 was held in November 16th and 17th (Saturday and Sunday) and took place in one of the rooms of a traditional Free Software event in the city named Capitole du Libre. Before MiniDebConf, the team organized a MiniDebCamp in November 14th and 15th at a coworking space.

The whole experience promised to be incredible, and it was! From visiting a city in France for the first time, to attending a local Free Software event, and sharing four days with people from the Debian community from various countries.

Travel and the city

My plan was to leave Belo Horizonte on Monday, pass through São Paulo, and arrive in Toulouse on Tuesday night. I was going to spend the whole of Wednesday walking around the city and then participate in the MiniDebCamp on Thursday.

But the flight that was supposed to leave São Paulo in the early hours of Monday to Tuesday was cancelled due to a problem with the airplane and I had spent all Tuesday waiting. I was rebooked on another flight that left in the evening and arrived in Toulouse on Wednesday afternoon. Even though I was very tired from the trip, I still took advantage of the end of the day to walk around the city. But it was a shame to have lost an entire day of sightseeing.

On Thursday I left early in the morning to walk around a little more before going to the MiniDebCamp venue. I walked around a lot and saw several tourist attractions. The city is really very beautiful, as they say, especially the houses and buildings made of pink bricks. I was impressed by the narrow and winding streets; at one point it seemed like I was walking through a maze. I arrived to a corner and there would be 5 streets crossing in different directions.

The riverbank that runs through the city is very beautiful and people spend their evenings there just hanging out. There was a lot of history around there.

I stayed in an airbnb 25 minutes walking from the coworking space and only 10 minutes from the event venue. It was a very spacious apartment that was much cheaper than a hotel.

MiniDebCamp

I arrived at the coworking space where the MiniDebCamp was being held and met up with several friends. I also met some new people, talked about the translation work we do in Brazil, and other topics.

We already knew that the organization would pay for lunch for everyone during the two days of MiniDebCamp, and at a certain point they told us that we could go to the room (which was downstairs from the coworking space) to have lunch. They set up a table with quiches, breads, charcuterie and LOTS of cheese :-) There were several types of cheese and they were all very good. I just found it a little strange because I’m not used to having cheese for lunch, but the experience was amazing anyway :-)

In the evening, we went as a group to dinner at a restaurant in front of the Capitolium, the city’s main tourist attraction.

On the second day, in the morning, I walked around the city a bit more, then went to the coworking space and had another incredible cheese table for lunch.

Video Team

One of my ideas for going to Toulouse was to be able to help the video team in setting up the equipment for broadcasting and recording the talks. I wanted to follow this work from the beginning and learn some details, something I can’t do before the DebConfs because I always arrive after the people have already set up the infrastructure. And later reproduce this work in the MiniDebConfs in Brazil, such as the one in Maceió that is already scheduled for May 1-4, 2025.

As I had agreed with the people from the video team that I would help set up the equipment, on Friday night we went to the University and stayed in the room working. I asked several questions about what they were doing, about the equipment, and I was able to clear up several doubts. Over the next two days I was handling one of the cameras during the talks. And on Sunday night I helped put everything away.

Thanks to olasd, tumbleweed and ivodd for their guidance and patience.

The event in general

There was also a meeting with some members of the publicity team who were there with the DPL. We went to a cafeteria and talked mainly about areas that could be improved in the team.

The talks at MiniDebConf were very good and the recordings are also available here.

I ended up not watching any of the talks from the general schedule at Capitole du Libre because they were in French. It’s always great to see free software events abroad to learn how they are done there and to bring some of those experiences to our events in Brazil.

I hope that MiniDebConf in Toulouse will continue to take place every year, or that the French community will hold the next edition in another city and I will be able to join again :-) If everything goes well, in July next year I will return to France to join DebConf25 in Brest.

More photos

Author: Jeremy Nathan Marks The wind was wet. It blew down from unseen heights and spread a damp veil across the plain. The soil, not accustomed to dampness, clotted. The surge in moisture caused large, segmented creatures with prolific legs to fall from the trees and lie twitching in the dirt. The trees, stunted, spiny, […]

The post Burn notice appeared first on 365tomorrows.

Review: Why Buildings Fall Down, by Matthys Levy & Mario Salvadori

Why Buildings Fall Down is a non-fiction survey of the causes of structure collapses, along with some related topics. It is a sequel of sorts to Why Buildings Stand Up by Mario Salvadori, which I have not read. Salvadori was, at the time of writing, Professor Emeritus of Architecture at Columbia University (he died in 1997). Levy is an award-winning architectural engineer, and both authors were principals at the structural engineering firm Weidlinger Associates. There is a revised and updated 2002 edition, but this review is of the original 1992 edition.

This is one of those reviews that comes with a small snapshot of how my brain works. I got fascinated by the analysis of the collapse of Champlain Towers South in Surfside, Florida in 2021, thanks largely to a random YouTube series on the tiny channel of a structural engineer. Somewhere in there (I don't remember where, possibly from that channel, possibly not) I saw a recommendation for this book and grabbed a used copy in 2022 with the intent of reading it while my interest was piqued. The book arrived, I didn't read it right away, I got distracted by other things, and it migrated to my shelves and sat there until I picked it up on an "I haven't read nonfiction in a while" whim.

Two years is a pretty short time frame for a book to sit on my shelf waiting for me to notice it again. The number of books that have been doing that for several decades is, uh, not small.

Why Buildings Fall Down is a non-technical survey of structure failures. These are mostly buildings, but also include dams, bridges, and other structures. It's divided into 18 fairly short chapters, and the discussion of each disaster is brisk and to the point. Most of the structures discussed are relatively recent, but the authors talk about the Meidum Pyramid, the Parthenon (in the chapter on intentional destruction by humans), and the Pavia Civic Tower (in the chapter about building death from old age). If you are someone who has already been down the structural failure rabbit hole, you will find chapters on the expected disasters like the Tacoma Narrows Bridge collapse and the Hyatt Regency walkway collapse, but there are a lot of incidents here, including a short but interesting discussion of the Leaning Tower of Pisa in the chapter on problems caused by soil properties.

What you're going to get, in other words, is a tour of ways in which structures can fail, which is precisely what was promised by the title. This wasn't quite what I was expecting, but now I'm not sure why I was expecting something different. There is no real unifying theme here; sometimes the failure was an oversight, sometimes it was a bad design, sometimes it was a last-minute change, and sometimes it was something unanticipated. There are a lot of factors involved in structure design and any of them can fail. The closest there is to a common pattern is a lack of redundancy and sufficient safety factors, but that lack of redundancy was generally not deliberate and therefore this is not a guide to preventing a collapse. The result is a book that feels a bit like a grab-bag of structural trivia that is individually interesting but only occasionally memorable.

The writing style I suspect will be a matter of taste, but once I got used to it, I rather enjoyed it. In a co-written book, it's hard to separate the voices of the authors, but Salvadori wrote most of the chapter on the law in the first person and he's clearly a character. (That chapter is largely the story of two trials he testified in, which, from his account, involved him verbally fencing with lawyers who attempted to claim his degrees from the University of Rome didn't count as real degrees.) If this translates to his speaking style, I suspect he was a popular lecturer at Columbia.

The explanations of the structural failures are concise and relatively clear, although even with Kevin Woest's diagrams, it's hard to capture the stresses and movement in a written description. (I've found from watching YouTube videos that animations, or even annotations drawn while someone is talking, help a lot.) The framing discussion, well, sometimes that is bombastic in a way that I found amusing:

But we, children of a different era, do not want our lives to be enclosed, to be shielded from the mystery. We are eager to participate in it, to gather with our brothers and sisters in a community of thought that will lift us above the mundane. We need to be together in sorrow and in joy. Thus we rarely build monolithic monuments. Instead, we build domes.

It helps that passages like this are always short and thus don't wear out their welcome. My favorite line in the whole book is a throwaway sentence in a discussion of building failures due to explosions:

With a similar approach, it can be estimated that the chance of an explosion like that at Forty-fifth Street was at most one in thirty million, and probably much less. But this is why life is dangerous and always ends in death.

Going hard, structural engineering book!

It's often appealing to learn about things from their failures because the failures are inherently more dramatic and thus more interesting, but if you were hoping for an introduction to structural engineering, this is probably not the book you want. There is an excellent and surprisingly engaging appendix that covers the basics of structural analysis in 45 pages, but you would probably be better off with Why Buildings Stand Up or another architecture or structural engineering textbook (or maybe a video course). The problem with learning by failure case study is that all the case studies tend to blend together, despite the authors' engaging prose, and nearly every collapse introduces a new structural element with new properties and new failure modes and only the briefest of explanations. This book might make you a slightly more informed consumer of the news, but for most readers I suspect it will be a collection of forgettable trivia told in an occasionally entertaining style.

I think the book I wanted to read was something that went deeper into the process of forensic engineering, not just the outcomes. It's interesting to know what the cause of a failure was, but I'm more interested in how one goes about investigating a failure. What is the process, how do you organize the investigation, and how does the legal system around engineering failures work? There are tidbits and asides here, but this book is primarily focused on the structural analysis and elides most of the work done to arrive at those conclusions.

That said, I was entertained. Why Buildings Fall Down is a bit dated — the opening chapter on airplanes hitting buildings reads much differently now than when it was written in 1992, and I'm sure it was updated in the 2002 edition — but it succeeds in being clear without being soulless or sounding like a textbook. I appreciate an occasional rant about nuclear weapons in a book about architecture. I'm not sure I really recommend this, but I had a good time with it.

Also, I'm now looking for opportunities to say "this is why life is dangerous and always ends in death," so there is that.

Rating: 6 out of 10

For your weekend pleasure, I've posted the third installment of THE ANCIENT ONES - my SF comedy novel... that also delivers some unexpected twists on hoary sci-fi tropes. I don't see any comments under the prior postings, so I assume they were... fun? That some of the puns knocked you unconscious?

Your wit is welcome.

Okay, back to the world and varied ways to save it!

Far more important than any of the news below, is my annual suggestion for Seasonal Giving -- how your philanthropy dollars can be targeted in ways that help to achieve the world you want. If you have a dozen things you feel should be done, there’s an NGO trying for each of them. Please read. 

Save the world, your way.

== And now something for you... ==

...Well, for the prosperous sci fi aficionado. After 44 years, there is a hardcover of my first novel Sundiver. It's a lovely, collectible edition (numbered and signed) with a gorgeous new cover and interiors by Jim Burns. From Phantasia Press. (Not cheap. But wow does Phantasia do good work!)

Come by TASAT.org and see how there's a small but real chance that nerdy SciFi readers like you might one day save the world!

Or like Ray Bradbury's chillingly prescient time paradox story "The Sound of Thunder."

Science Fiction & Fantasy Stack Exchange -  
“A question and answer site for science fiction and fantasy enthusiasts.”

r/scifiwriting -
A subreddit for writers of science fiction.

r/AskScienceFiction -
"It's like Ask Science, but all questions and answers are written with answers gleaned from the universe itself."

Worldbuilding Stack Exchange -
“A question and answer site for writers/artists using science, geography and culture to construct imaginary worlds and settings.”

A Space Comedy by David Brin

The illustrated online chapter version

Chapter 2.5

PREVIOUSLY: Alvin Montessori, the human advisor aboard the demmie-crewed stellarship Clever Gamble, advised Captain Ohm (the Irresistible) against leading a party down to the surface of planet Oxytocin without taking time to assess. But demmies are demmies – bless (and cuss) ‘em! So, the ship has deployed a humungously long HOSE from a giant reel. (Why else would the whole front of a starship be a great big disk?)

Now, with Ohm and Engineer Nuts and Doctor Guts and a team of greenie security guards, Alvin enters the prep room and prepares to…

For those of you who’ve never slurried, there can be no describing what it’s like to have a beam zap through you, reading the position of every cell in your body. Then comes the rush of solvent fluid, flooding in through a hundred vents, filling the transport chamber, rising from your boots to your thighs to your neck faster than you can cry, I’m melting!

It doesn’t hurt. Really. But it is disconcerting to watch your hands dissolve right in front of you. Closing your eyelids won’t help much, since they go next, leaving a dreadful second or two until your entire skull – brain and all – crumbles like a sugar confection in hot water.

Ever since it was proved – maybe a century ago – that the mind exists independent from the body, philosophers have hoped to tap marvelous insights or great wisdom from the plane of pure abstraction. Some try to do this by peering into dreams. Others hope to sample the filtered essence of thought from people who are in a liquid state.

Oh, it’s true that something seems to happen – thoughts flow – during that strange time when your nervous system isn’t solid anymore, but a churning swirl of loose neurons and separated synapses, gurgling supersonically down a narrow pipe two hundred miles long. Giving new meaning to “brain drain.”

But in my experience, these stray thoughts are seldom anything profound. On that particular day – as I recall – my focus was on the job. The most fundamental underpinning of my task as Earthling Advisor.

Maybe they will grow up.

After all, we did, eventually.

It’s the hope we all cling to.

Or so one part of me told the rest of my myriad selves, during that timeless interval when I had no solid form. When “me” was many and a sense of detachment seemed to come naturally.

Which just goes to show you that it never pays to do any deep thinking when you’re in a slurry.

I regained full consciousness on a strange new world, watching my hands reappear in front of me as the reconstructor at the nozzle end of the Hose re-stacked my cells, one by one, in the same (more or less) relative positions they had been in, aboard ship.

Did I have that mole on my hand, before? Isn’t it a lot like one I saw on the back of Ohm’s neck…

But no. Don’t go there.

Still, while dismissing that spurious thought, I resisted the urge to shake my head or shrug. Best to let ligaments and things congeal a few extra seconds, lest something jar loose and roll away.

I did shift my eyes a bit to look through a window of the Nozzle Chamber. Overhead, the Hose stretched upward into a cloud-flecked sky, cleverly rendered invisible to radar, sonar, infrared, and most visible light. (I could see it, of course. But then, demmies are always amazed by our human ability to perceive the mystical color, “blue.”)

A final word about slurrying. In its way, it is an efficient mode of transport, and I’m not complaining. Things might have been worse. I’m told that true matter teleportation – where an object is read and replicated or “beamed,” atom-by-atom, instead of cell-by-cell, is a ridiculous impossibility. Quantum uncertainty and all that. Won’t ever happen.

Nevertheless, there is a demmie research center that refuses to give up on the idea… and demmies never cease to surprise us.

(Impossibility be damned. I recommend secretly blowing up the place, just to be sure.)

Stumbling out of the Nozzle, we retrieved our tools from container-tubes and proceeded to look around the place. We appeared to have de-licquesced behind some boulders and shrubbery in an uncrowded portion of the park. Tall buildings could be seen jutting skyward beyond a surrounding copse of trees. Vehicle sounds of a bustling city drifted toward us.

So far, so good. The greenies fanned out, very businesslike, covering all directions with their tidy blasters. I took out my scanner and surveyed various sensor bands.

“Life forms?” Ohm said, peering around my shoulder, speaking loud enough to be heard over the traffic noise.

“Yes, Captain,” I replied, patiently. “Many life forms.”

“Many,” Nuts repeated, morosely.

“Many,” Guts added, eyes filling with eagerness while he stroked his vivisection kit.

“Let’s go see,” Ohm commanded, as I counted the seconds till something happened.

Something always happens.

Sure enough, at a count of eight, we heard a scream and hurried toward the source, which turned out to be Lieutenant Morell. She panted, with one hand near her throat, pointing her blaster toward a set of bushes.

“I shot first!”

“What?” Ohm demanded, shoving others aside to charge forward. “What was it?”

She came to attention. “I don’t know, sir. Something was spying on us. I saw the weirdest pair of eyes. Whatever it was, I think I got it.”

“Um,” I stepped forward, reluctant to point out the obvious. “The rule of Simplest Hypothesis might suggest, in a calm city park, that your something just might have been… well… perhaps a local citizen?”

Lieutenant Morell gulped, looking at that moment just like a young human who had made a nervous mistake.

“Of all the damn foolishness,” Guts grumbled, hastening through the undergrowth, drawing his medical kit while I hurried after. Behind me, I heard the Lieutenant sob an apology.

“There now,” Captain Ohm answered. “I’m sure he… she… or it is just stunned. You did use stun-setting, yes?”

“Sir!”

When I glanced back, he was leading her with one arm, his other one sliding around her shoulder. I should have known.

Guts shouted when he found our prowler. A humanoid, of course, like ninety percent of Class M sapients. The poor fellow had managed to crawl a few meters before the stun nanos got organized enough to bring him down. Now he lay sprawled on his back, spread-eagled, with his arms and legs pinned by half a million microscopic fibers to the leaf-strewn loam. He strained futilely till we emerged to surround him. Then he stared with large, dark eyes, gurgling slightly behind the nano-woven gag in his mouth.

Nanomachines are often too small to see, but those that are fired at high speed by a stun blaster can be larger than an Earthling ant. At medium range, only a dozen might hit a fleeing target, and they need several seconds to devour raw matter, duplicating into thousands, before getting to work immobilizing their quarry.

There are quicker ways of subduing someone, but none quite as safe or sure. Anyway, a gulliver-gun is usually swift enough.

By now, a veritable army of little nanos swarmed over the captive, inspecting their handiwork, keeping the tiny ropes taut and jumping up and down in jubilation. Some, for lack of anything else to do, appeared to be hard at work sewing rips in the native’s dark, satin-lined cloak and black, pegged pants. Others re-coifed his mussed hair.

(Just because someone is a prisoner, that doesn’t mean he can’t look sharp.)

Guts pushed his bio-scanner toward the humanoid, having to fight through a tangle of tiny ropes while muttering something about how “…nanos are the winchers of our discontent,” in a Shakespearean accent.

Enough, I thought, drawing my blaster, flicking the setting, then sighting on the victim’s face. He cringed as I fired—

—a stream of tuned microwaves set to turn all nano fibers into harmless gas. The gag in his mouth vanished and he gasped, then began jabbering frightfully in a tongue filled with moist sibilants.

I heard a hiss as Guts injected our captive with a hypo spray, using an orange vial marked ALIEN RELAXANT #1. The native tensed for a moment, then sagged with a sigh.

Remember, students, always inspect your ship’s supply of Alien Relaxant Number One! Make sure of its purity.

Very few sentient life forms have fatal allergic reactions to 100 percent distilled water.

Nevertheless, most will respond quickly to being injected, as if a potent, local narcotic were suddenly flowing through their veins. Bless the placebo effect. Its near universality is among the few reassuring constants in an uncertain cosmos.

Guts gave me a sly wink. He knows what’s going on, so I no longer have to mix batches of “ol’ Number One” all by myself. But don’t assume your ship’s doctor will understand. Call it an “ancient human recipe” until you’re sure your medico can be trusted with the truth.

The native was much calmer, prattling at a slower pace while I set up the universal translator on its tripod. Our captain dropped to one knee, preparing for that special moment when true First Contact could begin. Colored buttons flickered as the machine scanned, seeking meaning in the slur of local speech. Abruptly, all lights turned green. The translator swiveled and fired three more nanos at the native, one for each ear and another that streaked like a smart missile down his throat.

It isn’t painful, but startlement made him stop and swallow in surprise.

“On behalf of the Federated Alliance of—” Captain Ohm began, expansively spreading his arms. Then he frowned as the impudent creature interrupted, this time speaking aristocratically-accented Demmish.

“…I don’t know who you people are, or where you come from, but you must get out of the park, quickly! Don’t you know it’s dangerous?”

THE ANCIENT ONES continues online… in Part 3

or return to the start: Chapter 1

Impatient to read the rest?  Order The Ancient Ones from Histria Books.

Comments welcome below.

=================

Art & prompted interiors designed by Eric Storm & Patrick Farley

Hi

While updating my Debian package, I often have to update a field from debian/control file.

This field is named Standards-Version and it declares which version of Debian policy the package complies to. When updating this field, one must follow the upgrading checklist.

That being said, I maintain a lot of similar package and I often have to update this Standards-Version field.

This field can be updated manually with cme fix dpkg (see Managing Debian packages with cme). But this command may make other changes and does not commit the result.

So I’ve created a new update-standards-version cme script that:

• udpate Standards-Version field
• commit the changed

For instance:

$ cme run update-standards-version 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Connecting to api.ftp-master.debian.org to check 31 package versions. Please wait...
Got info from api.ftp-master.debian.org for 31 packages.
Warning in 'source Standards-Version': Current standards version is '4.7.0'. Please read https://www.debian.org/doc/debian-policy/upgrading-checklist.html for the changes that may be needed on your package
to upgrade it from standard version '4.6.2' to '4.7.0'.

Offending value: '4.6.2'

Changes applied to dpkg-control configuration:
- source Standards-Version: '4.6.2' -> '4.7.0'
[master 552862c1] control: declare compliance with Debian policy 4.7.0
 1 file changed, 1 insertion(+), 1 deletion(-)

$ git show
commit 552862c1f24479b1c0c8c35a6289557f65e8ff3b (HEAD -> master)
Author: Dominique Dumont <dod[at]debian.org>
Date:   Sat Dec 7 19:06:14 2024 +0100

    control: declare compliance with Debian policy 4.7.0

diff --git a/debian/control b/debian/control
index cdb41dc0..e888012e 100644
--- a/debian/control
+++ b/debian/control
@@ -48,7 +48,7 @@ Build-Depends-Indep: dh-sequence-bash-completion,
                      libtext-levenshtein-damerau-perl,
                      libyaml-tiny-perl,
                      po-debconf
-Standards-Version: 4.6.2
+Standards-Version: 4.7.0
 Vcs-Browser: https://salsa.debian.org/perl-team/modules/packages/libconfig-model-perl
 Vcs-Git: https://salsa.debian.org/perl-team/modules/packages/libconfig-model-perl.git
 Homepage: https://github.com/dod38fr/config-model/wiki