Saturday, 18 August


Two rounds of stable kernels released []

Greg Kroah-Hartman has released two batches of stable kernels. The first set has fixes in various parts of the tree, while the second batch has a single fix for a problem with the page-table entry inversion that is done as a mitigation for the L1TF speculative-execution vulnerability. The first batch includes: 4.18.2, 4.17.16, 4.14.64, 4.9.121, 4.4.149, and 3.18.119. The second batch is: 4.18.3, 4.17.17, 4.14.65, 4.9.122, and 4.4.150. Users should upgrade, presumably to something in the second batch unless they are running the 3.18 series.

A next-gen, multi-switch Useless Machine that unswitches your switches in order [Boing Boing]

Coffeeman 500's Useless Box - Multi Switch project is an open-source hardware project that's an ambitious variant on the beloved "Useless Machine" -- 2010, 2010 (Lego)), 2010 Political edition), 2011 (HOWTO), 2012 (politics), 2013 (fancy), 2013 (advanced) (vs human), 2016 (most useless), 2017 (vs twisty vase). (more…)


Antivirus maker Sentinelone uses copyright claims to censor video of security research that revealed defects in its products [Boing Boing]

At this week's B-Sides Manchester security conference, James Williams gave a talk called "Next-gen AV vs my shitty code," in which he systematically revealed the dramatic shortcomings of anti-virus products that people pay good money for and trust to keep them safe -- making a strong case that these companies were selling defective goods. (more…)

Catholic League insists that it's only rape when priests "penetrate" children [Boing Boing]

Bill Donohue, the president of the ultra-conservative Catholic League, has called the Pennsylvania Supreme Court's report on the official coverups of the priestly rape of children an "obscene lie," insisting that rape was relatively rare, because most of the sexual abuse committed by the priesthood doesn't qualify as rape, because the priests didn't penetrate their victims.

Criminals have perfected the art of taking over dead peoples' online accounts [Boing Boing]

When you die, your relatives will be sad and (depending on the circumstances of your death) possibly left scrambling to make arrangements for your remains, effects, and estate. (more…)


Stolen Android Anti-Piracy Software Dumped on Github [TorrentFreak]

There are dozens of anti-piracy systems in the world designed to protect everything from music, movies and TV shows through to videogames and software.

In years gone by, many made the mistake of claiming to be impenetrable but as history has shown, most protections now act as mere stumbling blocks, to slow leaks and piracy down. What is more unusual is to hear of an anti-piracy tool itself being leaked online.

That appears to have been the case when code belonging to security company Guardsquare appeared online.

“We develop premium software for the protection of mobile applications against reverse engineering and hacking,” the company’s website reads.

“Our products are used across the world in a broad range of industries, from financial services, e-commerce and the public sector to telecommunication, gaming and media.”

One of Guardsquare’s products is Dexguard, a tool to protect Android applications from being decompiled, something that can lead to piracy, credential harvesting, tampering and cloning. Unfortunately, a version of Dexguard itself ended up on Github.

In a takedown notice filed with the Microsoft-owned code platform, Guardsquare explains that the code is unauthorized and was obtained illegally.

“The listed folders….contain an older version of our commercial obfuscation software (DexGuard) for Android applications. The folder is part of a larger code base that was stolen from one of our former customers,” Guardsquare writes.

While the repository containing the illegal copy of Dexguard was quickly taken down, the leaked code had already spread. Guardsquare found almost 300 ‘forks’ of the stolen software on Github and filed a request to have them all taken down.

That has now taken place but the account of the Github user who originally uploaded the content seems to be intact.

Using the name ‘HackedTeam’, the account contains code dating back several years. Some appears to be linked to Android spyware previously described as “one of the most professionally developed and sophisticated Android malware ever exposed.”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Transactions without conflict [Seth's Blog]

It’s only been 140 years since the price tag first appeared.

Before that, most every transaction was a negotiation. The seller tried to win by charging more, the buyer by paying less.

In many ways, that’s a good thing–treating different people differently, rewarding good customers, adding fluidity to transactions.

But for most buyers, most of the time, the certainty and convenience of transacting without fear, without conflict and without a hassle makes it worth it.

This idea is spreading.

It’s possible to negotiate a substantial contract in a few minutes by email—if both sides care more about forward motion than they care about the last decimal point. Or, to be more honest about it, if they care more about the benefits of the future than they care about the narrative of treating their partner like an opponent.

In an economy based on connection instead of scarcity, the ease of those connections, the reliability built into them, our confidence that the future will match promises made–all of these benefits dwarf the narcissistic narrative of the deal maker who simply seeks to win today, at all costs.

The essential first step is not waiting for ‘the other guy’ to go first. Each of us can go first if we care enough about getting there.


Friday Squid Blogging: Firefly Squid Museum [Schneier on Security]

The Hotaruika Museum is a museum devoted to firefly squid in Toyama, Japan.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Friday, 17 August


the summer of mild inconveniences [WIL WHEATON dot NET]

About three months ago, we discovered toxic black mold underneath our kitchen sink. Two weeks after that, Anne and I packed up some bags and moved ourselves and our dogs […]


RIAA Paid Handsomely for BitTorrent Piracy Evidence [TorrentFreak]

Regular Internet providers are being put under increasing pressure for not doing enough to curb copyright infringement.

This has already resulted in several ‘repeat infringer’ lawsuits in US federal courts. The major record labels, helped by the RIAA, are the driving force behind most of these cases.

There is another notable party of interest though. Anti-piracy company Rightscorp, known for sending settlement requests to alleged pirates through the DMCA notification system, plays a central role as well.

The company’s notices are used as ‘evidence’ to show that ISPs such as Grande and Cox Communications failed to disconnect repeat infringers from their networks. While Rightscorp settlement practices haven’t been particularly profitable, court records reveal that the company was paid handsomely for its litigation support.

In a recent court filing, which was insufficiently redacted, Grande Communications reveals that the BitTorrent piracy monitoring company was paid hundreds of thousands of dollars.

“In 2016, Rightscorp approached the Recording Industry Association of America (“RIAA”) and convinced that association to purchase Rightscorp’s Grande-related notices for $700,000,” Grande’s legal team writes.

“Rightscorp also convinced the RIAA to pay Rightscorp’s representatives hourly rates of $350-$500 to testify in this matter,” they add.

It is no secret that RIAA is a Rightscorp customer, or that Rightscorp inspired the RIAA to sue ISPs, but this is the first time we’ve read that the music industry group specifically paid for the notices. Further details on the agreement were not revealed, however.

The information comes from a motion for summary judgment that was denied near instantly, as it relied heavily on redacted elements. While a revised version will likely be submitted later, it’s quite clear that Grande rejects any attempts to hold it liable for pirating subscribers.

The company notes that the major record labels want to turn ISPs into de facto copyright enforcement agents, a strategy it clearly rejects.

“Having given up on actually pursuing direct infringers due to bad publicity, and having decided not to target the software and websites that make online file-sharing possible, the recording industry has shifted its focus to fashioning new forms of copyright liability that would require ISPs to act as the copyright police,” the denied motion reads.

Although the RIAA is not listed as a plaintiff, it is clear that the music group helped to set out the legal strategy for the labels. This prompted Grande to request information from the RIAA, in particularly its communications with Rightscorp.

The RIAA is refusing to hand over all the requested documents, however, claiming that some are protected work. Grande, therefore, filed a separate motion to compel the RIAA to hand over this information.

“Plaintiffs and the RIAA are relying on Rightscorp’s work product to support their claims in this case, while at the same time refusing to produce Rightscorp materials, and communications with Rightscorp, that may undermine those claims. The Court should not permit this sort of gamesmanship,” Grande’s legal team writes.

It appears that the ISP is trying to use Rightscorp’s evidence and its role in this case, for its defense. The company already discredited the accuracy of the notices, and described Rightscorp as little more than a “hired gun,” albeit one that was handsomely paid.

A copy of Grande’s reply in support of its motion to compel the RIAA to hand over additional information is available here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning [Krebs on Security]

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from cash machines in more than two dozen countries.

The FBI put out its alert on Friday, Aug. 10. The criminals who hacked into Pune, India-based Cosmos Bank executed their two-pronged heist the following day, sending co-conspirators to fan out and withdraw a total of about $11.5 million from ATMs in 28 countries.

The FBI warned it had intelligence indicating that criminals had breached an unknown payment provider’s network with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs.

Organized cybercrime gangs that coordinate these so-called “unlimited attacks” typically do so by hacking or phishing their way into a bank or payment card processor. Just prior to executing on ATM cashouts, the intruders will remove many fraud controls at the financial institution, such as maximum withdrawal amounts and any limits on the number of customer ATM transactions daily.

The perpetrators alter account balances and security measures to make an unlimited amount of money available at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM.

My story about the FBI alert was breaking news on Sunday, but it was just a day short of useful to financial institutions impacted by the breach and associated ATM cashout blitz.

But according to Indian news outlet, there was a second attack carried out on August 13, when the Cosmos Bank hackers transferred nearly $2 million to the account of ALM Trading Limited at Hang Seng Bank in Hong Kong.

“The bank came to know about the malware attack on its debit card payment system on August 11, when it was observed that unusually repeated transactions were taking place through ATM VISA and Rupay Card for nearly two hours,” writes TN Raghunatha for the Daily Pioneer.

Cosmos Bank was quick to point out that the attackers did not access systems tied to customer accounts, and that the money taken was from the bank’s operating accounts. The 112-year-old bank blamed the attack on “a switch which is operative for the payment gateway of VISA/Rupay Debit card and not on the core banking system of the bank, the customers’ accounts and the balances are not at all affected.”

Visa issued a statement saying it was aware of the compromise affecting a client financial institution in India.

“Our systems were able to identify the issue quickly, enabling the financial institution to take appropriate action,” the company said. “Visa is working closely with the client in supporting their ongoing investigations on the matter.”

The FBI said these types of ATM cashouts are most common at smaller financial institutions that may not have sufficient resources dedicated to staying up to date with the latest security measures for handling payment card data.

“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert read. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”

In July 2018, KrebsOnSecurity broke the news of two separate cyber break-ins at tiny National Bank of Blacksburg in Virginia in a span of just eight months that led to ATM cashouts netting thieves more than $2.4 million. The Blacksburg bank is now suing its insurance provider for refusing to fully cover the loss.

As reported by Reuters, Cosmos Bank said in a press statement that its main banking software receives debit card payment requests via a “switching system” that was bypassed in the attack. “During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system,” the bank said.

Translation: If a financial institution is not fully encrypting its payment processing network, this can allow intruders with access to the network to divert and/or alter the response that gets sent when an ATM transaction is requested. In one such scenario, the network might say a given transaction should be declined, but thieves could still switch the signal for that ATM transaction from “declined” to “approved.”

One final note: Several news outlets have confused the attack that hit Cosmos Bank with another ATM crime called “jackpotting,” which requires thieves to have physical access to the inside of the cash machine and the ability to install malicious software that makes the ATM spit out large chunks of cash at once. Like ATM cashouts/unlimited operations, jackpotting attacks do not directly affect customer accounts but instead drain ATMs of currency.

Update, 8:10 p.m. ET: An earlier version of this story incorrectly stated that there were only 25 ATMs used in the cashout against Cosmos. The figure was meant to represent the number of countries with ATMs that were used in the heist, not ATMs, and that number is 28 at last count.


Why Thanos (and Malthus) is wrong [Anarcho's blog]

Sorry for the lack of blogging and articles, but have been somewhat busy. First, I had to prepare a talk on the 1848 Revolution (which I now need to write up).

read more



News Post: I Have Questions [Penny Arcade]

Tycho: There’s times where I don’t think about a purchase at all.  It’s bought the moment it’s announced, already; there’s been an allocation of resources.  Sometimes, a game doesn’t need to be announced in order for me to have prepared a place for it.  Red Dead Redemption 2 fits into that category.  The most recent trailer, offered for your use here: was mostly a menu of features, which I would have been perfectly happy learning about when I was playing the game.  I never thought it was going to lack for features.  The main…

Comic: I Have Questions [Penny Arcade]

New Comic: I Have Questions

Today in GPF History for Friday, August 17, 2018 [General Protection Fault: The Comic Strip]

Professor Duncan instructs Harry Barker in the art of the Oculus Hack...


The PowerPC 600 series, part 10: Passing parameters, function prologues and epilogues [The Old New Thing]

We saw a little bit of the Windows NT software convention with our introduction to the table of contents. Today we'll start looking at the conventions related to the stack. (Believe it or not, this will connect back to the table of contents, but it'll take a while before we get there.)

The format of the stack is as follows:

inbound param 10
inbound param 9
inbound param 8 home space
inbound param 7 home space
inbound param 6 home space
inbound param 5 home space
inbound param 4 home space
inbound param 3 home space
inbound param 2 home space
inbound param 1 home space
reserved 6
reserved 5
reserved 4
reserved 3
reserved 2
reserved 1: previous sp ← stack pointer at function entry
saved register space
local variables
outbound parameters
beyond 8 (if any)
outbound param 8 home space
outbound param 7 home space
outbound param 6 home space
outbound param 5 home space
outbound param 4 home space
outbound param 3 home space
outbound param 2 home space
outbound param 1 home space
reserved 6
reserved 5
reserved 4
reserved 3
reserved 2
reserved 1: previous sp ← stack pointer after prologue complete

That's a big stack.

Starting at the top of the diagram (deepest on the stack) are the stack-based parameters, which are the parameters beyond the first 8.

Next is home space for the first 8 parameters. Those parameters are passed in registers, but reserve space for them on the stack in case the function needs to spill them. Even if the function has fewer than eight parameters, there is home space for all eight of them.

Integer parameters are passed in r3 through r10, and floating point parameters come in f1 through f13. The register assignment is like the Alpha AXP and MIPS, where each parameter can go into either an integer or floating point register, and if you use one, then the other goes unused.

After the home space come 24 bytes (6 words) of system-reserved space. One of them is required to hold the previous stack pointer, as we'll see soon. The others are uninitialized.

At entry to the function, the prologue needs to set up its own stack frame. It saves nonvolatile registers into the saved variable space and then atomically updates the stack pointer and links it to the previous stack frame. Here's a sample prologue. I've added blank lines to separate the major sections.

01ae2398 7c0802a6  mflr    r0           ; move return address to r0

01ae239c 93c1fff8  stw     r30,-8(r1)   ; save nonvolatile register
01ae23a0 93e1fffc  stw     r31,-4(r1)   ; save nonvolatile register

01ae23a4 9001fff4  stw     r0,-0xC(r1)  ; save return address

01ae23a8 9421ffb0  stwu    r1,-0x50(r1) ; create stack frame

The first thing a function does is save the link register in r0 so it doesn't lose the return address. In my experience, the only thing the Microsoft compiler uses the r0 register for is transferring to and from the link register.

The next thing a function does is save to the stack the nonvolatile registers it intends to use. (Recall that r1 is the stack pointer register.) This function uses two nonvolatile registers r30 and r31, and it saves them onto the stack immediately below the stack pointer, in order. I'm not sure if it's a requirement of the software convention, but the Microsoft compiler always allocates its nonvolatile registers top-down, so that the set of nonvolatile registers is a contiguous range ending at r31.¹ Furthermore, it always saves the registers in the same place: r31 goes on the stack first, then r30, and so on. Even if it's not a requirement, the Microsoft compiler is pretty consistent about it, which makes unwinding the stack in the debugger a lot easier because you always know that, for example, the saved value of r29 is at offset −12 from the inbound sp

The third step is saving the r0 register (which holds the return address). The Microsoft compiler always stores the return address immediately below the saved registers. Again, I don't know if it's a requirement, but it's a handy thing to take advantage if you need to manually unwind the stack.

The final step of the prologue is creating the stack frame with the stwu instruction. This instruction stores the current stack pointer at the specified negative offset from the top of the stack (creating the next node in the linked list) and then updates the stack pointer to the address it just stored to. This all happens atomically in a single instruction, which means that the linked list of stack frames is always preserved at any moment in time. This is great for sampling profilers, which might otherwise have a hard time building a proper stack trace if it happened to catch the prologue at a bad time.

The compiler is permitted to advance instructions from the function body proper into the prologue, provided it doesn't alter any nonvolatile registers or perform any branches.

The function epilogue also follows a consistent pattern:

01ae2444 7ca32b78  mr      r3,r5        ; set return value

01ae2448 80010044  lwz     r0,0x44(r1)  ; load return address

01ae244c 83c10048  lwz     r30,0x48(r1) ; restore nonvolatile register
01ae2450 83e1004c  lwz     r31,0x4C(r1) ; restore nonvolatile register

01ae2454 7c0803a6  mtlr    r0           ; move return address to link register

01ae2458 38210050  addi    r1,r1,0x50   ; pop the stack frame

01ae245c 4e800020  blr                  ; return

The main body of the function ends with the desired return value in r3. At this point, we enter the epilogue.

First, the epilogue loads the return address from the stack. These offsets are different from the ones used at the start of the function because they were saved before the frame was pushed, but they are being restored whlie the frame is still active. Since the size of the stack frame is 80 bytes, the values will differ by 80.

Next, the epilogue restores the nonvolatile registers.

Step three is moving the return address into the link register in preparation for the actual return.

Step four is popping off the stack frame by moving the stack pointer back to where it was when the function started.

The last step is to return back to the caller with the Windows NT-approved blr instruction.

Function prologues and epilogues are tightly-controlled because the system exception dispatcher needs to be able to unwind a function's stack even when it's in the middle of a prologue or epilogue. This means that the system needs to be able to reverse-execute a prologue and forward-execute an epilogue in order to get the registers properly set up when dispatching an exception to the caller of the function that was interrupted. (The function that was interrupted cannot have an exception handler in place because exception handlers cannot be active during a prologue or epilogue.)

The fact that the initial portion of the stack frame is constructed at negative offsets from the stack pointer means that the system must have a large enough red zone to accommodate the worst-case scenario of a function that needs to save all of the nonvolatile registers, plus the return address.

So let's do some math. Integer registers r14 through r31 are nonvolatile, so that's 18 × 4 = 72 bytes for nonvolatile integer registers. Floating point registers f14 through f31 are also nonvolatile, and floating point registers are 8 bytes in size, so that means another 18 × 8 = 144 bytes, added to the 72 we already have makes 216. And then there are the stragglers:

  • Parts of the condition register are also nonvolatile, and in practice you just save the whole thing,
  • Similarly, the floating point control register.
  • The return address.

That adds twelve more bytes, bringing us to 232 bytes. Since the stack must be 8-byte aligned, we round up to the next multiple of 8, but hey, it's already a multiple of 8, so we're good. [Corrected from 16.]

Exercise: Why don't we need to count the system reserved bytes (specifically the the link to the previous stack frame) toward the red zone?

At the start of this entry, I promised that this would lead to the table of contents eventually. We're almost there. The story continues next time.

Bonus chatter: I lied when I said that the prologue cannot contain any branch instructions. There is one branch instruction that is specifically permitted: A call to a helper function to spill the registers. There could be a lot of registers to spill, and the software convention permits you to use helpers function for the following operations:

  • Bulk-saving integer registers.
  • Bulk-saving floating point registers.
  • Bulk-restoring integer registers.
  • Bulk-restoring floating point registers.

These bulk save/restore functions must follow a specific format so that the exception unwinder understands how to recover in case an interrupt occurs inside the helper. The details are not important aside from knowing that they use the r12 register to specify where the registers go. (Obviously they can't use the standard calling convention because those registers are being used by the function whose prologue is being executed!)

Bonus bonus chatter: The size of the red zone is described in the ntppc.h header file as

#define STK_SLACK_SPACE 232

It didn't explain how the number 232 was arrived at.

The x64 software conventions for Windows NT are well-documented, but I couldn't find any documents covering the older platforms. All of the software conventions for the PowerPC were reverse-engineered by studying compiler output and reading very old kernel source code.³

¹ Doing it this way allows the bulk save/restore functions to be shared among multiple functions. Special "store multiple contiguous registers" and "load multiple contiguous registers" instructions are available in big-endian mode, but not in little-endian mode. In little-endian mode, you have to save them one at a time, hence the bulk save/restore helpers.

² Well, not always. If floating point registers need to be saved, they get saved first. But you don't see floating point in system code much, so in practice you can usually get away with pretending they don't exist.

³ The code has some nice diagrams in the comments about the stack layout. Too bad those diagrams are wrong. I suspect the ABI was redesigned at some point, and the comments and diagrams weren't fully updated to match.


Page 20 [Flipside]

Page 20 is done.

In-N-Out Box – DORK TOWER 07.08.18 [Dork Tower]

Hey! Dork Tower has a Patreon campaign with wonderful backers who help the webstrips happen. And there’s bonus comics, and swag! Sweet, sweet swag!  Check it out, why don’t you? Join the fun! FUN!


Security updates for Friday []

Security updates have been issued by Debian (intel-microcode, keystone, php-horde-image, and xen), Fedora (rsyslog), openSUSE (apache2, clamav, kernel, php7, qemu, samba, and Security), Oracle (mariadb and qemu-kvm), Red Hat (docker, mariadb, and qemu-kvm), Scientific Linux (mariadb and qemu-kvm), SUSE (GraphicsMagick, kernel, kgraft, mutt, perl-Archive-Zip, python, and xen), and Ubuntu (postgresql-10, postgresql-9.3, postgresql-9.5, procps, and webkit2gtk).

NYU makes med school free for all students [Boing Boing]

The median US med-school grad has $195,000 in loans; all 93 of NYU's freshman med-school class will have free tuition for their entire degree program, as will all future students (the 350 currently enrolled students will no longer pay tuition, same goes for the school's 9 grad students) (more…)

Chinese spies force US-based Uighurs into "voluntary" surveillance by threatening their families in China [Boing Boing]

The Chinese state crackdown on the predominantly Muslim Uighur minority -- involving the imprisonment and torture of upwards of a million people in brainwashing camps -- isn't limited to China itself. (more…)

CEO-to-worker wage gap yawns ever wider, hitting 312:1 in 2017, up by 17.6% [Boing Boing]

The CEO:worker wage ratio was stable in 2015/6, but some unnameable policy or policies, which we can only guess at, were at work in 2017, boosting the gap by 17.6% to 312:1. (more…)


Portugal proves that austerity doesn't work [Boing Boing]

Economists like Alberto Alesina and Silvia Ardagna reshaped the world when their theories of "expansionary austerity" were put into effect after the 2008 crisis: the idea that governments could "increase taxes, cut spending, and grow strongly" was powerfully tempting to the world's leaders, who saw in them a way to pull out of a recessionary spiral without limiting the number of yachts the oligarchs they depended on could afford. (more…)

Big Bang: the "stupid patent" on teledildonics has expired [Boing Boing]

Twenty years ago, the US Patent and Trademark Office granted patent number 6,368,268: "Method and device for interactive virtual control of sexual aids using digital computer networks," a minor classic of a majorly fucked-up genre, the bullshit tech patent that simply adds "with a computer" to some absolutely obvious and existing technology or technique. (more…)


Dirk Eddelbuettel: RcppArmadillo [Planet Debian]

armadillo image

A new RcppArmadillo release, based on the new Armadillo release 9.100.5 from earlier today, is now on CRAN and in Debian.

It once again follows our (and Conrad's) bi-monthly release schedule. Conrad started with a new 9.100.* series a few days ago. I ran reverse-depends checks and found an issue which he promptly addressed; CRAN found another which he also very promptly addressed. It remains a true pleasure to work with such experienced professionals as Conrad (with whom I finally had a beer around the recent useR! in his home town) and of course the CRAN team whose superb package repository truly is the bedrock of the R community.

Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab. RcppArmadillo integrates this library with the R environment and language--and is widely used by (currently) 479 other packages on CRAN.

This release once again brings a number of improvements to the sparse matrix functionality. We also fixed one use case of the OpemMP compiler and linker flags which will likely hit a number of the by now 501 (!!) CRAN packages using RcppArmadillo.

Changes in RcppArmadillo version (2018-08-16)

  • Upgraded to Armadillo release 9.100.4 (Armatus Ad Infinitum)

    • faster handling of symmetric/hermitian positive definite matrices by solve()

    • faster handling of inv_sympd() in compound expressions

    • added .is_symmetric()

    • added .is_hermitian()

    • expanded spsolve() to optionally allow keeping solutions of systems singular to working precision

    • new configuration options ARMA_OPTIMISE_SOLVE_BAND and ARMA_OPTIMISE_SOLVE_SYMPD smarter use of the element cache in sparse matrices

    • smarter use of the element cache in sparse matrices

  • Aligned OpenMP flags in the RcppArmadillo.package.skeleton used Makevars,.win to not use one C and C++ flag.

Courtesy of CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

Edited on 2018-08-17 to correct one sentence (thanks, Barry!) and adjust the RcppArmadillo to 501 (!!) as we crossed the threshold of 500 packages overnight.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


Error'd: The Illusion of Choice [The Daily WTF]

"So I can keep my current language setting or switch to Pakistani English. THERE IS NO IN-BETWEEN," Robert K. writes.   "I guess robot bears aren't allowed to have the honey, or...


Four short links: 17 August 2018 [All - O'Reilly Media]

LED Patterns, System Change, Evented I/O, and Programmer Workflow

  1. Pixelblaze -- an advanced LED pattern-development engine and controller. It makes it fast and fun to write new patterns with its web-based live editor and highly optimized expression engine.
  2. Places to Intervene in a System -- (in increasing order of effectiveness) 9. Constants, parameters, numbers (subsidies, taxes, standards). 8. Regulating negative feedback loops. 7. Driving positive feedback loops. 6. Material flows and nodes of material intersection. 5. Information flows. 4. The rules of the system (incentives, punishments, constraints). 3. The distribution of power over the rules of the system. 2. The goals of the system. 1. The mindset or paradigm out of which the system—its goals, power structure, rules, its culture—arises.
  3. libuv Book -- a small set of tutorials about using libuv as a high-performance evented I/O library that offers the same API on Windows and Unix.
  4. LEO Editor -- a PIM, IDE, and outliner that accelerates the workflow of programmers, authors, and web designers. Outline nodes may appear in more than one place, allowing multiple organizations of data within a single outline.

Continue reading Four short links: 17 August 2018.


New Ways to Track Internet Browsing [Schneier on Security]

Interesting research on web tracking: "Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies:

Abstract: Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these third-party cookies enable both cross-site attacks and third-party tracking. As a response to these nefarious consequences, various countermeasures have been developed in the form of browser extensions or even protection mechanisms that are built directly into the browser.

In this paper, we evaluate the effectiveness of these defense mechanisms by leveraging a framework that automatically evaluates the enforcement of the policies imposed to third-party requests. By applying our framework, which generates a comprehensive set of test cases covering various web mechanisms, we identify several flaws in the policy implementations of the 7 browsers and 46 browser extensions that were evaluated. We find that even built-in protection mechanisms can be circumvented by multiple novel techniques we discover. Based on these results, we argue that our proposed framework is a much-needed tool to detect bypasses and evaluate solutions to the exposed leaks. Finally, we analyze the origin of the identified bypass techniques, and find that these are due to a variety of implementation, configuration and design flaws.

The researchers discovered many new tracking techniques that work despite all existing anonymous browsing tools. These have not yet been seen in the wild, but that will change soon.

Three news articles. BoingBoing post.


Sune Vuorela: Invite me to your meetings [Planet Debian]

I was invited by my boss to a dinner. He uses exchange or outlook365 or something like that. The KMail TNEF parser didn’t succeed in parsing all the info, so I’m kind of trying to fix it.

But I need test data. From Exchange or outlook or outlook365. That I can add to the repoository for unit tests.

So if you can help me generate test data, please setup a meeting and invite me.

Just to repeat. The data will be made public.


Ringing vs wringing [Seth's Blog]

Ringing is resonant. A small force causes sympathetic vibrations, and magic happens.

Wringing requires significant effort and can even destroy the object it is applied to.

When you ring a bell for your clients, you’ve delivered with care and empathy.

But when you seek to wring every dollar out of a transaction, you’ve probably engaged for the last time.


TheISOZone: Yet Another Retro Gaming Site Shuts Down [TorrentFreak]

Last month, Nintendo flexed its considerable muscles by targeting two retro-gaming platforms.

The Japanese gaming giant filed a complaint at a federal court in Arizona, targeting and for copyright and trademark infringement.

With potentially millions of dollars in damages at stake, both sites quickly shut down, taking libraries of gaming ROMs with them. But for fans of emulators and retro-gaming, the bad news wasn’t over yet.

In an announcement last week, EmuParadise, one of the web’s longest standing emulator and ROM download portals, announced that it will no longer be offering game ROMs for download. After 18 years of service, EmuParadise had fallen, largely because of Nintendo’s aggressive actions elsewhere.

This chain of events caused shockwaves in the retro-gaming community, waves that are already beginning to widen. A statement just published by fellow gaming site TheISOZone indicates that it too will make a sharp exit from the scene.

“Copyright infringement laws vary from country to country, but the premise in a nutshell is that copyright infringement is the cause of monetary loss or damage to the copyright holder. With retro gaming, there are no ways of purchasing the games – let alone the systems to play them on – in a way that would still generate the copyright holders revenue. None whatsoever,” TiZ from the site said.

“This is why retro roms have always been a grey area. The distribution of their works, although frowned upon, were never actioned against as in a court of law that is what they would have to prove – monetary loss or damages. And they couldn’t – because it’s simply not true.”

While lawyers in various jurisdictions will queue up to dissect his take on the law, TiZ says that times are changing, perhaps in a way that will allow copyright holders to more easily demonstrate monetary losses.

“There are now growing ways of obtaining these retro titles through avenues which DO benefit the copyright holders and it seems clear due to recent events, that there are a lot more avenues in development,” TiZ says.

“This is why we decided to throw in the towel of our own accord. It was a good ride and it was a just ride, however it is clear that in the not so distant future, distributing retro titles could be a serious case of copyright infringement.”

TiZ isn’t optimistic that any legal offerings by games companies will get the formula right, so he’s suggesting that operators of retro sites could team up with copyright holders to target gamers in the right way.

“We have ideas on how the archiving of retro titles and the pleasing of the copyright holders should be done and would love to pursue it eventually,” he writes.

“We think the webmasters of retro rom sites should come together and work with the copyright holders. It does not have to be this hard – and criminals should not be made out of passionate enthusiasts.”

In short, TiZ would like to see a Spotify for retro games. However, he also says he’s aware of a new project, run by retro gaming enthusiasts, that could see TheISOZone’s ROM archives rebuilt and offered to the public.

So, another life lost perhaps……but it’s not quite Game Over yet.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Obesophobia [George Monbiot]

In 1976, we ate more than we do today. So why are we fatter?

By George Monbiot, published in the Guardian 15th August 2018

When I saw the photo, I could scarcely believe it was the same country. The picture of Brighton Beach in 1976 featured in the Guardian a few weeks ago appeared to show an alien race. Almost everyone was slim. I mentioned it on social media, then went on holiday.

When I returned, I found that people were still debating it. The heated discussion prompted me to read more. How have we changed so far, so fast? To my astonishment, almost every explanation proposed in the thread turned out to be untrue.

Unfortunately, there are no consistent obesity data in the United Kingdom before 1988, at which point the incidence was already rising sharply. But in the US, the figures go back further. They show that, by chance, the inflection point was more or less 1976. Suddenly, at around the time when the photograph was taken, people started becoming fatter, and the trend has continued ever since.

The obvious explanation, many of those debating the photo insisted, is that we’re eating more. Several pointed out, not without justice, that food was generally disgusting in the 1970s. It was also more expensive. There were fewer fast food outlets and the shops shut earlier, ensuring that if you missed your tea, you went hungry. So here’s the first big surprise: we ate more in 1976.

According to government figures, we currently consume an average of 2131 kcals per day, a figure that appears to include sweets and alcohol. But in 1976, we consumed 2280 kcal, excluding alcohol and sweets, or 2590 when they’re included. Can this really be true? I have found no reason to discredit the figures.

Others insisted that the cause is a decline in manual labour. Again, this seems to make sense, but again the data don’t support it. A paper in the International Journal of Surgery states that “adults working in unskilled manual professions are over 4 times more likely to be classified as morbidly obese compared with those in professional employment”.

So how about voluntary exercise? Plenty of people argued that, as we drive rather than walk or cycle, are stuck to our screens and order our groceries online, we exercise far less than we did. It seems to make sense – so here comes the next surprise. According to a long-term study at Plymouth University, children’s physical activity is the same as it was 50 years ago. A paper in the International Journal of Epidemiology finds that, corrected for body size, there is no difference between the amount of calories burnt by people in rich countries and in poor ones, where subsistence agriculture remains the norm. It proposes that there is no relationship between physical activity and weight gain. Many other studies suggest that exercise, while crucial to other aspects of good health, is far less important than diet in regulating our weight. Some suggest it plays no role at all, as the more we exercise, the hungrier we become.

Other people pointed to more obscure factors: adenovirus-36 infection, antibiotic use in childhood and endocrine-disrupting chemicals. While there is evidence suggesting they might all play a role, and while they could explain some of the variation in the weight gained by different people on similar diets, none appear powerful enough to explain the general trend.

So what has happened? The light begins to dawn when you look at the nutrition figures in more detail. Yes, we ate more in 1976, but differently. Today, we buy half as much fresh milk per person, but five times more yoghurt, three times more ice cream and – wait for it – 39 times as many dairy desserts. We buy half as many eggs as in 1976, but a third more breakfast cereals and twice the cereal snacks; half the total potatoes, but three times the crisps. While our direct purchases of sugar have sharply declined, the sugar we consume in drinks and confectionery is likely to have rocketed (there are purchase numbers only from 1992, at which point they were rising rapidly. Perhaps, as we consumed just 9kcal per day in the form of drinks in 1976, no one thought the numbers were worth collecting). In other words, the opportunities to load our food with sugar have boomed. As some experts have long proposed, this seems to be the issue.

The shift has not happened by accident. As Jacques Peretti argued in his film The Men Who Made Us Fat, we have been deliberately and systematically outgunned. Food companies have invested heavily in designing products that use sugar to bypass our appetite control mechanisms, and packaging and promoting them to break down what remains of our defences, including through the use of subliminal scents. They employ an army of food scientists and psychologists to trick us into eating more junk (and therefore less wholesome food) than we need, while their advertisers use the latest findings in neuroscience to overcome our resistance.

They hire biddable scientists and thinktanks to confuse us about the causes of obesity. Above all, just as the tobacco companies did with smoking, they promote the idea that weight is a question of “personal responsibility”. After spending billions on overriding our willpower, they blame us for failing to exercise it.

To judge by the debate the photo triggered, it works. “There are no excuses. Take responsibility for your own lives, people!”. “No one force feeds you junk food, it’s personal choice. We’re not lemmings.” “Sometimes I think having free healthcare is a mistake. It’s everyone’s right to be lazy and fat because there is a sense of entitlement about getting fixed.” The thrill of disapproval chimes disastrously with industry propaganda. We delight in blaming the victims.

More alarmingly, according to a paper in the Lancet, over 90% of policymakers believe that “personal motivation” is “a strong or very strong influence on the rise of obesity.” Such people propose no mechanism by which the 61% of English people who are overweight or obese have lost their willpower. But this improbable explanation seems immune to evidence.

Perhaps this is because obesophobia is often a fatly-disguised form of snobbery. In most rich nations, obesity rates are much higher at the bottom of the socio-economic scale. They correlate strongly with inequality, which helps to explain why the UK’s incidence is greater than in most European and OECD nations. The scientific literature shows how the lower spending power, stress, anxiety and depression associated with low social status makes people more vulnerable to bad diets.

Just as jobless people are blamed for structural unemployment and indebted people are blamed for impossible housing costs, fat people are blamed for a societal problem. Yes, willpower needs to be exercised – by governments. Yes, we need personal responsibility – on the part of policymakers. Yes, control needs to be exerted – over those who have discovered our weaknesses and ruthlessly exploit them.


Theories of Attachment [Diesel Sweeties webcomic by rstevens]

sleep is dumb

Tonight's comic is lucky it's not made of coffee.

PS: Hey, I did the first reprint of Bacon is a Vegetable shirts in a thousand years!

Girl Genius for Friday, August 17, 2018 [Girl Genius]

The Girl Genius comic for Friday, August 17, 2018 has been posted.


Cartoon for Friday, August 17, 2018 [General Protection Fault: The Comic Strip]

Current Story: Ultra Cyber Power Warriors GPF!


Gearing Up For Back to School [Whatever]

Hello, everyone! Summer is coming to a close, which means I only have one week left of posting on here. It also means that I move into my dorm next week, and will be starting classes soon after.

Last year, I definitely went overboard on back-to-school clothes and supplies shopping, but that just means I have supplies for this year and don’t have to go out and buy new stuff, so really it was a smart move in the long run, right? Turns out at college you need approximately one pen and one notebook, and that’s only occasionally.

Going back to school has its pros and cons. I mean, I can just walk to any restaurant or store in town, so that’s pretty cool. It’s like a little city, it has everything you could need close by, unlike Bradford, where you have to drive twenty minutes for literally anything. On the downside, I will be living in a dorm, which has communal bathrooms and definitely does not have my huge comfy bed in it, so that sucks. Worst of all, though, I won’t be around the cats. Sugar, Spice, Smudge, and that one that starts with a Z no one remembers. I will miss them all dearly. Another plus, though, is that Miami has therapy dog petting sessions, like, every Monday for an hour, so at least I’ll get the chance to pet some good bois.

Last year, I didn’t join any clubs. I definitely wish I had, and I plan to this semester. Miami has, like, hundreds of clubs, and one I would really like to try out for is one of the singing groups, Just Duet. I wanted to audition last year, but already had plans for when they were holding the auditions, so I didn’t. Also, I’m afraid of rejection, because who isn’t? So, wish me luck! I’m not sure what I’ll sing yet. Oh, and if you would like to hear what they sound like you can check out this video of them that I think is pretty awesome.

So, for the next week, I’ll be busy frantically packing and making a hundred checklists before setting off to Oxford. I’ll also be thinking of what my final few posts should be about.

Do any of you have kids about to go off to their first year of college? Tell me about it in the comments, and as always, have a great day!


Dirk Eddelbuettel: RcppArmadillo [Planet Debian]

armadillo image

A new RcppArmadillo release, based on the new Armadillo release 9.100.5 from earlier today, is now on CRAN and in Debian.

It once again follows our (and Conrad's) bi-monthly release schedule. Conrad started with a new 9.100.* series a few days ago. I ran reverse-depends checks and found an issue which he promptly addressed; CRAN found another which he also very promptly addressed. It remains a true pleasure to work with such experienced professionals as Conrad (with whom I finally had a beer around the recent useR! in his home town) and of course the CRAN team whose superb package repository truly is the bedrock of the R community.

Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab. RcppArmadillo integrates this library with the R environment and language--and is widely used by (currently) 479 other packages on CRAN.

This release once again brings a number of improvements to the sparse matrix functionality. We also also one use case of the OpemMP compiler and linker flags which will likely hit a number of the by now 499 (!!) CRAN packages using RcppArmadillo.

Changes in RcppArmadillo version (2018-08-16)

  • Upgraded to Armadillo release 9.100.4 (Armatus Ad Infinitum)

    • faster handling of symmetric/hermitian positive definite matrices by solve()

    • faster handling of inv_sympd() in compound expressions

    • added .is_symmetric()

    • added .is_hermitian()

    • expanded spsolve() to optionally allow keeping solutions of systems singular to working precision

    • new configuration options ARMA_OPTIMISE_SOLVE_BAND and ARMA_OPTIMISE_SOLVE_SYMPD smarter use of the element cache in sparse matrices

    • smarter use of the element cache in sparse matrices

  • Aligned OpenMP flags in the RcppArmadillo.package.skeleton used Makevars,.win to not use one C and C++ flag.

Courtesy of CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


[$] The first half of the 4.19 merge window []

As of this writing, Linus Torvalds has pulled just over 7,600 non-merge changesets into the mainline repository for the 4.19 development cycle. 4.19 thus seems to be off to a faster-than-usual start, perhaps because the one-week delay in the opening of the merge window gave subsystem maintainers a bit more time to get ready. There is, as usual, a lot of interesting new code finding its way into the kernel, along with the usual stream of fixes and cleanups.


A River In Egypt [QC RSS]

I will be at DCAF this weekend! If you come by you might even get to meet my new pupper :3


The Problems and Promise of WebAssembly (Project Zero) []

Over at Google's Project Zero blog, Natalie Silvanovich looks at some of the bugs the project has found in WebAssembly, which is a binary format to run code in the browser for web applications. She also looks to the future: "There are two emerging features of WebAssembly that are likely to have a security impact. One is threading. Currently, WebAssembly only supports concurrency via JavaScript workers, but this is likely to change. Since JavaScript is designed assuming that this is the only concurrency model, WebAssembly threading has the potential to require a lot of code to be thread safe that did not previously need to be, and this could lead to security problems. WebAssembly GC [garbage collection] is another potential feature of WebAssembly that could lead to security problems. Currently, some uses of WebAssembly have performance problems due to the lack of higher-level memory management in WebAssembly. For example, it is difficult to implement a performant Java Virtual Machine in WebAssembly. If WebAssembly GC is implemented, it will increase the number of applications that WebAssembly can be used for, but it will also make it more likely that vulnerabilities related to memory management will occur in both WebAssembly engines and applications written in WebAssembly."

Thursday, 16 August


Debian: 25 years and counting []

The Debian project is celebrating the 25th anniversary of its founding by Ian Murdock on August 16, 1993. The "Bits from Debian" blog had this to say: "Today, the Debian project is a large and thriving organization with countless self-organized teams comprised of volunteers. While it often looks chaotic from the outside, the project is sustained by its two main organizational documents: the Debian Social Contract, which provides a vision of improving society, and the Debian Free Software Guidelines, which provide an indication of what software is considered usable. They are supplemented by the project's Constitution which lays down the project structure, and the Code of Conduct, which sets the tone for interactions within the project. Every day over the last 25 years, people have sent bug reports and patches, uploaded packages, updated translations, created artwork, organized events about Debian, updated the website, taught others how to use Debian, and created hundreds of derivatives." Happy birthday to the project from all of us here at LWN.

Steve McIntyre: 25 years... [Planet Debian]

We had a small gathering in the Haymakers pub tonight to celebrate 25 years since Ian Murdock started the Debian project.

people in the pub!

We had 3 DPLs, a few other DDs and a few more users and community members! Good to natter with people and share some history. :-) The Raspberry Pi people even chipped in for some drinks. Cheers! The celebrations will continue at the big BBQ at my place next weekend.


1135: OMG [Order of the Stick]


Inside the die of Intel's 8087 coprocessor chip [OSNews]

Looking inside the Intel 8087, an early floating point chip, I noticed an interesting feature on the die: the substrate bias generation circuit. In this articleI explain how this circuit is implemented, using analog and digital circuitry to create a negative voltage. Intel introduced the 8087 chip in 1980 to improve floating-point performance on 8086/8088 computers such as the original IBM PC. Since early microprocessors were designed to operate on integers, arithmetic on floating point numbers was slow, and transcendental operations such as trig or logarithms were even worse. But the 8087 co-processor greatly improved floating point speed, up to 100 times faster. The 8087's architecture became part of later Intel processors, and the 8087's instructions are still a part of today's x86 desktop computers.

A detailed and very technical article.

The jury is in: monolithic OS design is flawed [OSNews]

The security benefits of keeping a system's trusted computing base (TCB)small has long been accepted as a truism, as has the use of internal protection boundaries for limiting the damage caused by exploits. Applied to the operating system, this argues for a small microkernel as the core of the TCB, with OS services separated into mutually-protected components (servers) - in contrast to "monolithic" designs such as Linux, Windows or MacOS. While intuitive, the benefits of the small TCB have not been quantified to date. We address this by a study of critical Linux CVEs, where we examine whether they would be prevented or mitigated by a microkernel-based design. We find that almost all exploits are at least mitigated to less than critical severity, and 40% completely eliminated by an OS design based on a verified microkernel, such as seL4.

China's first 'fully homegrown' browser is a Chrome clone [OSNews]

A Chinese software startup has become a laughing stock on Chinese social media after claiming to have developed China's first fully homegrown browser only to be promptly exposed for copying Google.

I think it's entirely normal for countries - especially large ones - to press the "local products" angle, and I see nothing wrong with Chinese companies and consumers trying to run with the concept. However, try not to fall flat on your face like this.


Steinar H. Gunderson: Solskogen 2018: Tireless wireless (a retrospective) [Planet Debian]

These days, Internet access is a bit like oxygen—hard to get excited about, but living without it can be profoundly annoying. With prevalent 4G coverage and free roaming within the EU, the need for wifi in the woods has diminished somewhat, but it's still important for computers (bleep bloop!), and even more importantly, streaming.

As Solskogen's stream wants 5 Mbit/sec out of the party place (we reflect it outside, where bandwidth is less scarce), we were a bit dismayed when we arrived a week before the party for pre-check and discovered that the Internet access from the venue was capped at 5/0.5. After some frenzied digging, we discovered the cause: Since Solskogen is the only event at Flateby that uses the Internet much, they have reverted to the cheapest option except in July—and that caused us to eventually being relegated to an ADSL line card in the DSLAM, as opposed to the VDSL we've had earlier (which gave us 50/10). Even worse, with a full DSLAM, the change back would take weeks. We needed a plan B.

The obvious first choice would be 4G, but it's not a perfect match; just the stream alone would be 150+ GB (although it can be reduced or turned off when there's nothing happening on the big screen), and it's not the only thing that wants bandwidth. In other words, it would have a serious cost issue, and then there was the question to what degree it could deliver rock-stable streaming or not. There would be the option to use multiple providers and/or use the ADSL line for non-prioritized traffic (ie., participant access), but in the end, it didn't look so attractive, so we filed this as plan C and moved on to find another B.

Plan B eventually materialized in the form of the Ubiquiti Litebeam M5, a ridiculously cheap ($49 MSRP!) point-to-point link based on a somewhat tweaked Wi-Fi chipset. The idea was to get up on the roof (køb min fisk!), shoot to somewhere else with better networking and then use that link for everything. Øyafestivalen, by means of Daniel Husand, borrowed us a couple of M5s on short notice, and off we went to find trampolines on Google Maps. (For the uninitiated, trampolines = kids = Internet access.)

We considered the home of a fellow demoscener living nearby—at 1.4 km, it's well within the range of the M5 (we know of deployments running over 17 km).. However, the local grocery store in Flateby, Spar, managed to come up with something even more interesting; it turns out that behind the store, more or less across the street, there's a volunteer organization called Frivillighetssentralen that were willing to borrow out their 20/20 fiber Internet from Viken Fiber. Even better, after only a quick phone call, the ISP was more than willing to boost the line to 200/200 for the weekend. (The boost would happen Friday or so, so we'd run most of our testing with 20/20, but even that would be plenty.)

After a trip up on the roof of the party place, we decided approximately where to put the antenna, and put one of the M5s in the window of Frivillighetssentralen pointing roughly towards that spot. In a moment of hubris, we decided to try without going up on the roof again, just holding the other M5 out of the window, pointed it roughly in the right directoin… and lo and behold, it synced on 150 Mbit/sec both ways, reporting a distance of 450 meters. (This was through another house that was in the way, ie., no clear path. Did we mention the M5s are impossibly good for the price?)

So, after mounting it on the wall, we started building the rest of the network. Having managed switches everywhere paid off; instead of having to pull a cable from the wireless to the central ARM machine (an ODROID XU4) running as a router, we could just plug it into the closest participant switch and configure the ports. I'm aware that most people would consider VLANs overkill for a 200-person network, but it really helps in flexibility when something unexpected happens—and also in terms of cable.

However, as the rigging progressed and we started getting to the point where we could run test streams, it became clear that something was wrong. The Internet link just wasn't pushing the amount of bandwidth we wanted it to; in particular, the 5 Mbit/sec stream just wouldn't go through. (In parallel, we also had some problems with access points refusing to join the wireless controller, which turned out to be a faulty battery that caused the clock on the WLC to revert to year 2000, which in turn caused its certificate to be invalid. If we'd had Internet at that stage, it would have had NTP and never seen the problem, but of course, we didn't because we were still busy trying to figure out the best place on the roof at the time!)

Of course, frantic debugging ensued. We looked through every setting we could find on the M5s, we moved them to a spot with clear path and pointed them properly at each other (bringing the estimated link up to 250 Mbit/sec) and upgraded their software to the latest version. Nothing helped at all.

Eventually, we started looking elsewhere in our network. We run a fairly elaborate shaping and tunneling setup; this allows us to be fully in control over relative bandwidth prioritization, both ways (the stream really gets dedicated 5 Mbit/sec, for example), but complexity can also be scary when you're trying to debug. TCP performance can also be affected by multiple factors, and then of course, there's the Internet on its way. We tried blasting UDP at the other end full speed, which the XU4 would police down to 13 Mbit/sec, accurate to two decimals, for us (20 Mbit uplink, minus 5 for the stream, minus some headroom)—but somehow, the other end only received 12. Hmm. We reduced the policer to 12 Mbit/sec, and only got 11… what the heck?

At this point, we understood we had a packet loss problem on our hands. It would either be the XU4s or the M5s; something dropped 10% or so of all packets, indiscriminately. Again, the VLANs helped; we could simply insert a laptop on the right VLAN and try to send traffic outside of the XU4. We did so, and after some confusion, we figured out it wasn't that. So what was wrong with the M5s?

It turns out the latest software version has iperf built-in; you can simply ssh to the box and run from there. We tried the one on the ISP side; it got great TCP speeds to the Internet. We tried the one on the local side; it got… still great speeds! What!?

So, after six hours of debugging, we found the issue; there was a faulty Cat5 cable between two switches in the hall, that happened to be on the path out to the inner M5. Somehow it got link at full gigabit, but it caused plenty of dropped packets—I've never seen this failure mode before, and I sincerely hope we'll never be seeing it again. We replaced the cable, and tada, Internet.

Next week, we'll talk about how the waffle irons started making only four hearts instead of five, and how we traced it to a poltergeist that we brought in a swimming pool when we moved from Ås to Flateby five years ago.


ISP Has No ‘Safe Harbor’ Defense in Piracy Case, Record Labels Argue [TorrentFreak]

Last year several major record labels, represented by the RIAA, filed a lawsuit against ISP Grande Communications accusing it of turning a blind eye to pirating subscribers.

According to the RIAA, the Internet provider knew that some of its subscribers were frequently distributing copyrighted material, but failed to take any meaningful action in response.

Grande refuted the accusations and filed a motion to dismiss the case. The ISP partially succeeded as the claims against its management company Patriot were dropped. The same was true for the vicarious infringement allegations, as the court saw no evidence that the ISP had a direct financial interest in the infringing activity.

The labels were not willing to let go so easily.

They submitted a motion for leave to file an amended complaint including new evidence obtained during discovery. And a few days ago, they upped the pressure with a motion for summary judgment, arguing that Grande has no safe harbor defense.

In order to get safe harbor protection, the DMCA requires ISPs to adopt and reasonably implement a policy for terminating the accounts of repeat copyright infringers. According to the motion, it is clear that Grande failed to do so. As such, the company should be held directly liable.

“For years, Grande claimed in its online ‘Acceptable Use Policy’ that it had a policy of terminating repeat infringers. Grande continued to assert that claim in its pleadings and written discovery responses in this suit.

“None of that was true. The undisputed record evidence establishes that Grande’s Acceptable Use Policy was a sham,” the labels’ motion reads.

There can be little dispute over Grande’s failing policy, the labels state. They point out that corporate paperwork and testimony of Grande’s senior executives clearly show that there wasn’t an adequate repeat infringer policy.

“Indeed, the documents and testimony demonstrate that rather than a policy for terminating repeat infringers, Grande consciously chose the opposite: a policy allowing unlimited infringement by its subscribers,” the labels write.

At the same time, there was no lack of DMCA notices. The labels note that the ISP received at least 1.2 million notices of alleged copyright infringement between 2011 and 2016. This includes hundreds of thousands of notices from Rightscorp.

Despite these repeated warnings, the company didn’t terminate a single subscriber from October 2010 until June 2017, the labels allege. This changed after the lawsuit was filed, but even then the number remained minimal, with ‘only’ twelve terminations.

Based on the provided information, the record labels ask for a summary judgment in their favor.

“Grande’s failure to adopt and reasonably implement a repeat infringer policy renders Grande ineligible for the DMCA safe harbor. The Court should grant Plaintiffs’ motion for partial summary judgment and reject Grande’s DMCA safe harbor defense as a matter of law,” the labels say.

If the court sides with the record labels, Grande will be at a severe disadvantage, to say the least.

Without safe harbor protection, the company can be held liable for the copyright infringements of its users, which could potentially lead to dozens of millions of dollars in damages.

A copy of the record labels motion is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Link [Scripting News]

Poll: Is Manafort guilty or not guilty?


1,000 Googlers sign petition opposing Google's plan to launch a censored Chinese search engine [Boing Boing]

Over 1,000 Google employees have signed a petition urging senior management to reconsider the company's plan to launch a censored Chinese search product (codename: Dragonfly), a revolt that's been in the works since the news broke; the employees demand transparency about the project and point out that it violates the Association of Computing Machinery's code of ethics.

Chicago police data reveals how dirty cops spread corruption like a disease [Boing Boing]

In 2009, after a successful public records lawsuit, the Invisible Institute received data on complaints against Chicago Police Department officers since 1988 -- the complaints often list multiple officers, and by tracing the social graph of dirty cops over time, The Intercept's Rob Arthur was able to show how corruption spread like a contagion, from senior officers to junior ones, teaching bad practices ranging from brutality to falsifying evidence to torture to racism to plotting to murder whistleblowing cops. (more…)

Billionaire making a bid for Democratic Florida Governor nomination invested millions in Puerto Rican debt [Boing Boing]

Jeff Greene is a billionaire who made his fortune shorting subprime real-estate while Floridians were facing mass evictions; now he's hoping to be the Democratic candidate for Governor of Florida and his financial disclosures reveal a raft of extremely toxic investments, including millions in Puerto Rican debt (Florida is full of Puerto Rican refugees who had to flee their homes after debt-holders starved the state of infrastructure money so it could neither defend itself against hurricanes, nor rebuild in their wake), Argentinian debt (another go-to for vulture capitalists), and "oil and gas stocks Exxon, Hess, Kinder Morgan, and Apache." (more…)


Get Orwell: Keeping an Eye On You for FREE! It’s available... [Humble Bundle Blog]

Get Orwell: Keeping an Eye On You for FREE! 

It’s available for 48 hours only (or while supplies last) on the Humble Store!

Targeting vulnerable GOP Senator: don't confirm Kavanaugh or we'll give tons of money to your opponent [Boing Boing]

Ady Barkan's Be a Hero campaign has made an offer to vulnerable Republican Senator Susan Collins [Maine]: confirm Brett Kavanaugh for the Supreme Court and we'll give all of our fundraised dollars to your Democratic opponent in the 2020 election; block Kavanaugh and we'll give the money back to our donors. They're looking for $20.20 pledges (I gave). (Image: Joe Ravi, CC-BY-SA)

Excellent advice for new law students [Boing Boing]

Ken "Popehat" White (previously), a former Federal prosecutor turned criminal defense attorney, has some excellent advice for all you newbie law-students who are just starting your law school career. (more…)

Elizabeth Warren wants to save capitalism from itself [Boing Boing]

President Elizabeth Warren (2020-2028) has proposed the Accountable Capitalism Act, which will subject US corporations with $1B/year or more in revenue to the "German model" of corporate governance, in which workers get board-seats and financial decisionmaking must take into consideration the impact that decisions will have on "stakeholders" including workers, investors, suppliers, retailers, and residents near plants or facilities. (more…)

Hanging Up on Mobile in the Name of Security [Krebs on Security]

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely.

The claims come in a lawsuit filed this week in Los Angeles on behalf of Michael Terpin, who co-founded the first angel investor group for bitcoin enthusiasts in 2013. Terpin alleges that crooks stole almost $24 million worth of cryptocurrency after fraudulently executing a “SIM swap” on his mobile phone account at AT&T in early 2018.

A SIM card is the tiny, removable chip in a mobile device that allows it to connect to the provider’s network. Customers can legitimately request a SIM swap when their existing SIM card has been damaged, or when they are switching to a different phone that requires a SIM card of another size.

But SIM swaps are frequently abused by scam artists who trick mobile providers into tying a target’s service to a new SIM card and mobile phone that the attackers control. Unauthorized SIM swaps often are perpetrated by fraudsters who have already stolen or phished a target’s password, as many banks and online services rely on text messages to send users a one-time code that needs to be entered in addition to a password for online authentication.

Terpin alleges that on January 7, 2018, someone requested an unauthorized SIM swap on his AT&T account, causing his phone to go dead and sending all incoming texts and phone calls to a device the attackers controlled. Armed with that access, the intruders were able to reset credentials tied to his cryptocurrency accounts and siphon nearly $24 million worth of digital currencies.

According to Terpin, this was the second time in six months someone had hacked his AT&T number. On June 11, 2017, Terpin’s phone went dead. He soon learned his AT&T password had been changed remotely after 11 attempts in AT&T stores had failed. At the time, AT&T suggested Terpin take advantage of the company’s “extra security” feature — a customer-specified six-digit PIN which is required before any account changes can be made.

Terpin claims an investigation by AT&T into the 2018 breach found that an employee at an AT&T store in Norwich, Conn. somehow executed the SIM swap on his account without having to enter his “extra security” PIN, and that AT&T knew or should have known that employees could bypass its customer security measures.

Terpin is suing AT&T for his $24 million worth of cryptocurrencies, plus $200 million in punitive damages. A copy of his complaint is here (PDF).

AT&T declined to comment on specific claims in the lawsuit, saying only in a statement that, “We dispute these allegations and look forward to presenting our case in court.”


Mobile phone companies are a major weak point in authentication because so many companies have now built their entire procedure for authenticating customers on a process that involves sending a one-time code to the customer via SMS or automated phone call.

In some cases, thieves executing SIM swaps have already phished or otherwise stolen a target’s bank or email password. But many major social media platforms — such as Instagramallow users to reset their passwords using nothing more than text-based (SMS) authentication, meaning thieves can hijack those accounts just by having control over the target’s mobile phone number.

Allison Nixon is director of security research at Flashpoint, a security company in New York City that has been closely tracking the murky underworld of communities that teach people how to hijack phone numbers assigned to customer accounts at all of the major mobile providers.

Nixon calls the current SIM-jacking craze “a major identity crisis” for cybersecurity on multiple levels.

“Phone numbers were never originally intended as an identity document, they were designed as a way to contact people,” Nixon said. “But because of all these other companies are building in security measures, a phone number has become an identity document.”

In essence, mobile phone companies have become “critical infrastructure” for security precisely because so much is riding on who controls a given mobile number. At the same time, so little is needed to undo weak security controls put in place to prevent abuse.

“The infrastructure wasn’t designed to withstand the kind of attacks happening now,” Nixon said. “The protocols need to be changed, and there are probably laws affecting the telecom companies that need to be reviewed in light of how these companies have evolved.”

Unfortunately, with the major mobile providers so closely tied to your security, there is no way you can remove the most vulnerable chunks of this infrastructure — the mobile store employees who can be paid or otherwise bamboozled into helping these attacks succeed.

No way, that is, unless you completely disconnect your mobile phone number from any sort of SMS-based authentication you currently use, and replace it with Internet-based telephone services that do not offer “helpful” customer support — such as Google Voice.

Google Voice lets users choose a phone number that gets tied to their Google account, and any calls or messages to that number will be forwarded to your mobile number. But unlike phone numbers issued by the major mobile providers, Google Voice numbers can’t be stolen unless someone also hacks your Google password — in which case you likely have much bigger problems.

With Google Voice, there is no customer service person who can be conned over the phone into helping out. There is no retail-store employee who will sell access to your SIM information for a paltry $80 payday. In this view of security, customer service becomes a customer disservice.

Mind you, this isn’t my advice. The above statement summarizes the arguments allegedly made by one of the most accomplished SIM swap thieves in the game today. On July 12, 2018, police in California arrested Joel Ortiz, a 20-year-old college student from Boston who’s accused of using SIM swaps to steal more than $5 million in cryptocurrencies from 40 victims.

Ortiz allegedly had help from a number of unnamed accomplices who collectively targeted high-profile and wealthy people in the cryptocurrency space. In one of three brazen attacks at a bitcoin conference this year, Ortiz allegedly used his SIM swapping skills to steal more than $1.5 million from a cryptocurrency entrepreneur, including nearly $1 million the victim had crowdfunded.

A July 2018 posting from the “OG” Instagram account “0”, allegedly an account hijacked by Joel Ortiz (pictured holding an armload of Dom Perignon champagne).

Ortiz reportedly was a core member of OGUsers[dot]com, a forum that’s grown wildly popular among criminals engaging in SIM swaps to steal cryptocurrency and hijack high-value social media accounts. OG is short for “original gangster,” and it refers to a type of “street cred” for possession of social media account names that are relatively short (between one and six characters). On ogusers[dot]com, Ortiz allegedly picked the username “j”. Short usernames are considered more valuable because they confer on the account holder the appearance of an early adopter on most social networks.

Discussions on the Ogusers forum indicate Ortiz allegedly is the current occupant of perhaps the most OG username on Twitter — an account represented by the number zero “0”. The alias displayed on that twitter profile is “j0”. He also apparently controls the Instagram account by the same number, as well as the Instagram account “t”, which lists its alias as “Joel.”

Shown below is a cached snippet from an Ogusers forum posting by “j” (allegedly Ortiz), advising people to remove their mobile phone number from all important multi-factor authentication options, and to replace it with something like Google Voice.

Ogusers SIM swapper “j” advises forum members on how not to become victims of SIM swapping. Click to enlarge.


All four major wireless carriers — AT&T, Sprint, T-Mobile and Verizon — let customers add security against SIM swaps and related schemes by setting a PIN that needs to be provided over the phone or in person at a store before account changes should be made. But these security features can be bypassed by incompetent or corrupt mobile store employees.

Mobile store employees who can be bought or tricked into conducting SIM swaps are known as “plugs” in the Ogusers community, and without them SIM swapping schemes become much more difficult.

Last week, KrebsOnSecurity broke the news that police in Florida had arrested a 25-year-old man who’s accused of being part of a group of at least nine individuals who routinely conducted fraudulent SIM swaps on high-value targets. Investigators in that case say they have surveillance logs that show the group discussed working directly with mobile store employees to complete the phone number heists.

In May I wrote about a 27-year-old Boston man who had his three-letter Instagram account name stolen after thieves hijacked his number at T-Mobile. Much like Mr. Terpin, the victim in that case had already taken T-Mobile’s advice and placed a PIN on his account that was supposed to prevent the transfer of his mobile number. T-Mobile ultimately acknowledged that the heist had been carried out by a rogue T-Mobile store employee.

So consider establishing a Google Voice account if you don’t already have one. In setting up a new number, Google requires you to provide a number capable of receiving text messages. Once your Google Voice number is linked to your mobile, the device at the mobile number you gave to Google should notify you instantly if anyone calls or messages the Google number (this assumes your phone has a Wi-Fi or mobile connection to the Internet).

After you’ve done that, take stock of every major account you can think of, replacing your mobile phone number with your Google Voice number in every case it is listed in your profile.

Here’s where it gets tricky. If you’re all-in for taking the anti-SIM-hacking advice allegedly offered by Mr. Ortiz, once you’ve changed all of your multi-factor authentication options from your mobile number to your Google Voice number, you then have to remove that mobile number you supplied to Google from your Google Voice account. After that, you can still manage calls/messages to and from your Google Voice number using the Google Voice mobile app.

And notice what else Ortiz advises in the screen shot above to secure one’s Gmail and other Google accounts: Using a physical security key (where possible) to replace passwords. This post from a few weeks back explains what security keys are, how they can help harden your security posture, and how to use them. If Google’s own internal security processes count for anything, the company recently told this author that none of its 85,000 employees had been successfully phished for their work credentials since January 2017, when Google began requiring all employees to use physical security keys in place of one-time passwords sent to a mobile device.

Standard disclaimer: If the only two-factor authentication offered by a company you use is based on sending a one-time code via SMS or automated phone call, this is still better than relying on simply a password alone. But one-time codes generated by a mobile phone app such as Authy or Google Authenticator are more secure than SMS-based options because they are not directly vulnerable to SIM-swapping attacks.

The web site breaks down online service providers by the types of secondary authentication offered (SMS, call, app-based one-time codes, security keys). Take a moment soon to review this important resource and harden your security posture wherever possible.


Bdale Garbee: Mixed Emotions On Debian Anniversary [Planet Debian]

When I woke up this morning, my first conscious thought was that today is the 25th anniversary of a project I myself have been dedicated to for nearly 24 years, the Debian GNU/Linux distribution. I knew it was coming, but beyond recognizing the day to family and friends, I hadn't really thought a lot about what I might do to mark the occasion.

Before I even got out of bed, however, I learned of the passing of Aretha Franklin, the Queen of Soul. I suspect it would be difficult to be a caring human being, born in my country in my generation, and not feel at least some impact from her mere existence. Such a strong woman, with amazing talent, whose name comes up in the context of civil rights and women's rights beyond the incredible impact of her music. I know it's a corny thing to write, but after talking to my wife about it over coffee, Aretha really has been part of "the soundtrack of our lives". Clearly, others feel the same, because in her half-century-plus professional career, "Ms Franklin" won something like 18 Grammy awards, the Presidential Medal of Freedom, and other honors too numerous to list. She will be missed.

What's the connection, if any, between these two? In 2002, in my platform for election as Debian Project Leader, I wrote that "working on Debian is my way of expressing my most strongly held beliefs about freedom, choice, quality, and utility." Over the years, I've come to think of software freedom as an obvious and important component of our broader freedom and equality. And that idea was strongly reinforced by the excellent talk Karen Sandler and Molly de Blanc gave at Debconf18 in Taiwan recently, in which they pointed out that in our modern world where software is part of everything, everything can be thought of as a free software issue!

So how am I going to acknowledge and celebrate Debian's 25th anniversary today? By putting some of my favorite Aretha tracks on our whole house audio system built entirely using libre hardware and software, and work to find and fix at least one more bug in one of my Debian packages. Because expressing my beliefs through actions in this way is, I think, the most effective way I can personally contribute in some small way to freedom and equality in the world, and thus also the finest tribute I can pay to Debian... and to Aretha Franklin.


Link [Scripting News]

One of the great things about having archives that go back to the dawn of time is you re-discover gems like this Apple vs PC ad from 2009.


Laser cutters and 3D printers revive century-old a magic lantern show of Erewhon at the Edinburgh Fringe [Boing Boing]

James Coutts writes, "Indiana University Victorian Studies PhD candidate Mary Borgo Ton assembled an international group of artists/makers, a media archaeologist, laser cutters and 3D printers to create magic lantern slides that have not been made in 100 years for a show running in the Edinburgh Festival Fringe called Erewhon: "An antique magic lantern projector, an iPhone and a live musical score shine a new light on Samuel Butler’s classic sci-fi novel. A Victorian explorer discovers a colony of refugees; time travellers from the 21st century escaping their dependence on its technology. This delightful neo-historical head-scratcher playfully welds future, past and present into a glittering bracelet of time." (more…)

Award-winning security research reveals a host of never-seen, currently unblockable web-tracking techniques [Boing Boing]

Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies won the Distinguished Paper prize at this year's Usenix Security Conference; its authors, researchers at Belgium's Catholic University in Leuven, revealed a host of devastating, never-seen tracking techniques for identifying web-users who were using privacy tools supplied by browser-vendors and third-party tracking-blocking tools. (more…)


Speculation Attack Against Intel's SGX [Schneier on Security]

Another speculative-execution attack against Intel's SGX.

At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users' data even if the entire system falls under the attacker's control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine's private attestation key. Making things worse, due to SGX's privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem.

News article.

The details of the Foreshadow attack are a little more complicated than those of Meltdown. In Meltdown, the attempt to perform an illegal read of kernel memory triggers the page fault mechanism (by which the processor and operating system cooperate to determine which bit of physical memory a memory access corresponds to, or they crash the program if there's no such mapping). Attempts to read SGX data from outside an enclave receive special handling by the processor: reads always return a specific value (-1), and writes are ignored completely. The special handling is called "abort page semantics" and should be enough to prevent speculative reads from being able to learn anything.

However, the Foreshadow researchers found a way to bypass the abort page semantics. The data structures used to control the mapping of virtual-memory addresses to physical addresses include a flag to say whether a piece of memory is present (loaded into RAM somewhere) or not. If memory is marked as not being present at all, the processor stops performing any further permissions checks and immediately triggers the page fault mechanism: this means that the abort page mechanics aren't used. It turns out that applications can mark memory, including enclave memory, as not being present by removing all permissions (read, write, execute) from that memory.

EDITED TO ADD: Intel has responded:

L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We've provided more information on our web site and continue to encourage everyone to keep their systems up-to-date, as it's one of the best ways to stay protected.

I think this is the "more information" they're referring to, although this is a comprehensive link to everything the company is saying about the vulnerability.


That time Phyllis Diller roasted the Haunted Mansion [Boing Boing]

Back in 1972-3, Disney ran a short-lived variety show called The Mouse Factory that intercut classic animation with live action, framed by celebrity hosts that kind of threaded it all together into a mashed-up, loose storyline. (more…)


Today in GPF History for Thursday, August 16, 2018 [General Protection Fault: The Comic Strip]

As two aliens make their escape, Nick and "Nega-Nick" come to a surprising consensus...


Link [Scripting News]

My plan for Apple in 1996. It wasn't that far from the plan that Jobs implemented when he came back to Apple in 1997. I describe the iMac, very clearly. The major difference is that I wanted to invest in developers. Jobs pretty much did the opposite.


The PowerPC 600 series, part 9: The table of contents [The Old New Thing]

We saw that the PowerPC 600 series gives you absolute addressing to the top and bottom 32KB of address space. But that doesn't buy you much on Windows NT programs, because all of those addresses are not usable by 32-bit programs. By convention, the r2 register contains a value called the table of contents, which is a pointer to a list of interesting constants the function needs. You can put addresses of global variables here, or you can put other useful constants.

In principle, each function gets its own table of contents, but in practice, the Microsoft compiler generates a single table of contents for the entire module, similar to what the Itanium does. In theory, you could even put your variables directly in the table of contents (which is what the Itanium does), but the Microsoft compiler doesn't. It puts the table of contents in read-only memory. In Itanium-speak you might say that every global variable is considered large. I'm guessing this is to improve page sharing between processes since the table of contents would otherwise be a mix of read-write data and read-only data, but it does mean that accessing any global variable requires two memory accesses:

    lwz     r3, n(r2)       ; load pointer to variable from toc
    lwz     r3, (r3)        ; load the variable's value

The displacement field of the load instruction has a reach of ±32KB, which means that your table of contents has a comfortable maximum size of 64KB. (You would naturally set your table of contents pointer to be 32KB past the start of the table of contents, so that you could take advantage of negative offsets.) But what if you have more than 16384 global objects? No problem, because you don't need a separate pointer in the table of contents for each global object. You can group your global objects into chunks of 64KB and use a single pointer to access the entire chunk. If you have 16384 pointers, each of which can access 64KB of memory, the total amount of memory addressible from the table of contents is one gigabyte, which is hopefully enough to cover all your global objects.

(Also, if you have a monstrous 1-gigabyte global array, you can dedicate a single table of contents entry to that global array. You don't need a separate entry for each 64KB chunk.)

Note that you can have global things other than variables. For example, you'll probably have jump tables for switch statements and vtables for virtual functions.

Since each function requires its table of contents to be set properly, a function pointer on PowerPC is not a pointer to the first instruction. Instead, it's a pointer to a structure consisting of two pointers: The first pointer points to the first instruction of the function, and the second pointer is the table of contents for the function.¹

The sequence for calling through a function pointer goes like this:

    ; call the function pointed to by r11
    ; assumes that our function's toc is saved on the stack at n(r1)
    lwz     r12, (r11)   ; get the code pointer
    lwz     r2, 4(r11)   ; set r2 to the toc for the function being called
    mtctr   r12          ; put code pointer in ctr
    bctrl                ; branch to ctr and link
    lwz     r2, n(r1)    ; restore our toc

We load the code pointer and put it into ctr. We also load the table of contents for the target function into r2 so it can access its global variables. We then call the function by calling through ctr, and when the function returns, we restore our function's r2 from wherever we had saved it (typically the stack).

If you're calling a function within the same module, you don't need to update r2 because all the functions in a module use the same table of contents.

But what if you don't know whether the function is in the same module? For example, it might be an import stub for a naïvely-imported function. Now, in the modern days of link-time code generation, you can tell whether the destination is in the module or not, but in the old days of classical compiling and linking, the only time the compiler would be certain that the target function is in the same module is when the target function is defined in the same translation unit. Otherwise, the compiler isn't quite sure. It could do like the Itanium does and always include a reload of r2 after the call returns, just in case. But that costs a memory access, so the PowerPC does things a little differently. To dig into what happens, we need to learn about the rest of the PowerPC calling convention, which we'll start looking at next time.

¹ Other ABIs add a third pointer to the structure, called the "environment". Windows NT makes do with just two pointers.


Automattic and speech [Scripting News]

Update: After writing this piece, I got a correction via Twitter DM from Automattic founder and CEO Matt Mullenweg: "Automattic doesn't host Alex Jones and I don't think ever has." I probably didn't read the NYT piece carefully enough, and came to the incorrect conclusion about the sites in question. However the gist of this piece remains valid. There is a higher level question to answer, where if anywhere is there a line that protects speech on the net, or does every service vendor have a say in what their platform is used for, or are some required to be neutral?

We're having an ill-defined debate over when silos have to yield to public pressure and deny access to members who are deemed undesirable by a vocal group of objectors. There's no process. People have pointed out that as private companies they are free to do as they please. I'm not entirely sure that's true, especially when combined they control virtually all the speech on the net. While that might not be a violation of the First Amendment, it could easily be a violation of antitrust laws. Having run a couple of companies I know how often companies come up against those laws, even small companies, far from having a controlling stake in a large market.

Alex Jones is the first major test of this new system of speech governance. He has been banned by Facebook, YouTube, and put on a timeout by Twitter. Now the question has been raised whether Automattic, the operators of should be pressured to force the Jones site off their platform. A major article in Monday's NY Times raises that question, and my friend Davis Shaver opines. But there's a problem in this analysis because isn't like the others, it isn't a silo, so banning him from that service will not necessarily have any affect on the presence of his site. He will be able to export his site, set up his own server, point the DNS entry at that server, and proceed on the open web and it will appear to outside viewers as if nothing happened. This will be the end of the discussion, unless the anti-speech advocates try to exert pressure on the open web. There they will find there is no CEO, no corporate headquarters, no shareholders afraid of losing value, none of the usual pressure points. If the web maintains its integrity, Alex Jones will be able to spread his vile hateful and possibly libelous ideas without further accosting. I for one am rooting for the open web, and in this way rooting for Mr. Jones.

People should take two steps back from this debate and think. Where exactly is the line? What if a vocal minority of Internet users decided the ACLU shouldn't have a place to opine its hateful and disloyal fake news? What if it was decided that any site that didn't show proper reverence for Dear Leader Chairman Trump should be denied access to the public square? There must be a line in here somewhere. I ask the thinkers to consider, where exactly is that line? Alex Jones is on the wrong side, but who is on the right side, whose speech do we want to protect? Or is there a line at all? Perhaps dissent a quaint old idea of the past?


New stable kernels []

Greg Kroah-Hartman has released a new batch of stable kernels: 4.18.1, 4.17.15, 4.14.63, 4.9.120, and 4.4.148. These include the fixes for the L1 terminal fault vulnerability and a few other fixes here and there. Users should upgrade.


Security updates for Thursday []

Security updates have been issued by Debian (fuse), Fedora (cri-o, gdm, kernel-headers, postgresql, units, and wpa_supplicant), Mageia (iceaepe, kernel-linus, kernel-tmb, and libtomcrypt), openSUSE (aubio, libheimdal, nemo-extensions, and python-Django1), Red Hat (flash-plugin), SUSE (apache2, kernel, php7, qemu, samba, and ucode-intel), and Ubuntu (gnupg).


Simplifying machine learning lifecycle management [All - O'Reilly Media]

The O’Reilly Data Show Podcast: Harish Doddi on accelerating the path from prototype to production.

In this episode of the Data Show, I spoke with Harish Doddi, co-founder and CEO of Datatron, a startup focused on helping companies deploy and manage machine learning models. As companies move from machine learning prototypes to products and services, tools and best practices for productionizing and managing models are just starting to emerge. Today’s data science and data engineering teams work with a variety of machine learning libraries, data ingestion, and data storage technologies. Risk and compliance considerations mean that the ability to reproduce machine learning workflows is essential to meet audits in certain application domains. And as data science and data engineering teams continue to expand, tools need to enable and facilitate collaboration.

As someone who specializes in helping teams turn machine learning prototypes into production-ready services, I wanted to hear what Doddi has learned while working with organizations that aspire to “become machine learning companies.”

Continue reading Simplifying machine learning lifecycle management.


It's time to establish big data standards [All - O'Reilly Media]

The deployment of big data tools is being held back by the lack of standards in a number of growth areas.

Technologies for streaming, storing, and querying big data have matured to the point where the computer industry can usefully establish standards. As in other areas of engineering, standardization allows practitioners to port their learnings across a multitude of solutions, and to more easily employ different technologies together; standardization also allows solution providers to take advantage of sub-components to expeditiously build more compelling solutions with broader applicability.

Unfortunately, little has been done to standardize big data technologies so far. There are all sorts of solutions but few standards to address the challenges just mentioned. Areas of growth that would benefit from standards are:

  • Stream processing
  • Storage engine interfaces
  • Querying
  • Benchmarks
  • Security and governance
  • Metadata management
  • Deployment (including cloud / as a service options)
  • Integration with other fast-growing technologies, such as AI and blockchain

The following sections will look at each area.


Big data came about with the influx of the high volumes and velocity of streaming data. Several products offer solutions to process streaming data, both proprietary and open source: Amazon Web Services, Azure, and innumerable tools contributed to the Apache Foundation, including Kafka, Pulsar, Storm, Spark, and Samza. But each has its own interface. Unlike SQL, there is no standard API or interface to handle this data, although Apache is now promoting a meta-interface called Beam. This makes it hard for solution providers to integrate with these rapidly evolving solutions.

Also, there is no easy way for Internet of Things (IoT) application developers to leverage these technologies interchangeably, and have portability so they don’t get tied down by proprietary interfaces—essentially the same guiding principles as were behind the ANSI SQL standards.

Storage engine interfaces

With the proliferation of a large number of NoSQL storage engines (CouchDB, Cassandra, HBase, MongoDB, etc.) we again face a plethora of incompatible APIs. In addition, new types of applications call for a radical rethinking of how to process data. Such rethinking includes document stores (with JSON becoming the prevalent data interchange format), and graph databases: Gremlin, SPARQL (which is a W3C standard), and Cypher as interfaces to Neo4J, JanusGraph, and other databases. GIS systems provide a very different model for interacting with their complex form of data. Apache Lucene, and related search engines, are also unique in the extensive capabilities they provide.

Applications cannot swap storage engines if needed. Also, SQL query engines such as Apache Trafodion, EsgynDB, Apache Spark, Apache Hive, and Apache Impala must interact independently with each storage engine.

Just as ODBC and JDBC facilitated the development of many BI and ETL tools that work with any database engine, a standard interface could facilitate access to data from any of these storage engines. Furthermore, it would substantially expand the ecosystem of solutions that could be used with the storage engine.

Finally, even though parallelism is important for data flow between the query and the storage engine, it is not facilitated by any standard interface. Partitioning can vary during such flows.


Data models supported by NoSQL databases differ just as much as their interfaces. The main standard with some applicability to big data is ANSI SQL. Although it was explicitly rejected in the first decade of the 2000s by many of the NoSQL databases, it has now been adopted by many of them as an alternative API because of its prevalence, its familiarity amongst developers, and the ecosystem supporting it. SQL is still evolving and is doing a credible job in handling the big data challenges. For instance, JSON support and Table Valued predicates were added in the 2016 standard.

But even SQL has not keep pace with the changes in the big data space, given that standards take a lot of collaboration, deliberation, and effort to get right and set. Two other familiar standards in the relational database world—ODBC and JDBC—have not changed much for quite some time, especially given the needs of big data to handle parallelism for large volumes of data, the variety of data structures and models, and the changed paradigm of streaming data velocity.

The SQL standard needs to evolve to support:

  • Streaming data
  • Publish/subscribe interfaces
  • Windowing on streams:
    • Time, count, and content triggers
    • Tumbling, sliding, and session windows
    • Event versus time processing
  • Rules for joining streams of data
  • Interfaces to sophisticated search solutions
  • Interfaces to GIS systems
  • Interfaces to graph databases, so that users can submit standard queries against graph databases and map the results to a tabular format, similar to the elegant JSON-to-relational mapping in the ANSI SQL 2016 standard for JSON


The workloads for big data span the gamut from streaming to operational to reporting and ad hoc querying to analytical; many of these have real-time, near real-time, batch, and interactive aspects. Currently, no benchmark assesses the price/performance of these hybrid operational and analytical processing workloads. Many vendors claim to support these varied workloads, but definitions are lacking, and no benchmarks exist to test them.

To evaluate potential big data products, most customers turn to benchmarks created by the Transaction Processing Performance Council (TPC). The TPC-DS standard, intended to benchmark BI and analytical workloads, offered considerable promise. But this promise was subverted in two ways. First, vendors present customers with altered versions of the benchmark, distorted to favor the vendor's product. Many of the TPC-DS results shared by vendors do not account for common usage, including queries and other workloads running at different levels of concurrency and at the scale of big data, as outlined in the specification. Secondly, unlike most TPC standards, the TPC-DS standard was never bolstered by audited results that enable customers to assess relative price/performance.

Security and governance

There are various security and governance infrastructures for big data deployments. For instance, the Hadoop environment has Apache Ranger and Apache Sentry. Each cloud provider has security information and event management systems. For applications and solution providers to integrate with these environments is difficult, again, since each implementation has a different API.

Standardizing the API for security administration and monitoring would be very beneficial, allowing enterprises to use standard mechanisms to configure and enforce security. These standards would enable more solutions to use these security systems. Consider the integration of crucial security events across various enterprise data sources. If the security products used a standard API, it would be a lot easier for them to interface with any data source, providing the client more choice and flexibility. The same holds true when deploying role and user privileges across enterprise data sources.

More conveniently, when data is moved to another data storage system, or accessed by another sub-system, the access rights to that data could move automatically and without sysadmin effort, so that the same people would still have access to the same fields and rows, regardless of the tools they use to access that data.

Metadata management

With the proliferation of data across multiple storage engines, the metadata for that data needs a central repository. Regardless of whether a table is in HBase, ORC, Parquet, or Trafodion, if it were registered in one set of metadata tables, it would be much easier for client tools to access this data than the current situation, where clients have to connect to different metadata tables.

The proper goal here is to standardize the information schema for these client tools and centralize all security administration. That would present a federated view of all the database objects.

Extending this metadata with business information for the objects would facilitate governance and data lineage, instead of having to provide these services again across different metadata repositories. This would make metadata or master data management easier.


Each cloud provider requires its own way to provision, configure, monitor, and manage a database and the resources it needs. This means that any client who wants to change cloud providers, or make databases on different providers work together, must change all their procedures and scripts, and perhaps much more.

A standard set of APIs would make this task easier, regardless of whether the customer was deploying the database on a public or private cloud, or as a hybrid deployment. Standards have been proposed but have not succeeded in the market. For instance, OpenStack has open source, community-driven interfaces for many of these tasks, but these have gained no adoption among the services chosen by most customers (, Google, Microsoft's Azure). VMware defined a vSphere standard some years ago, but it is almost completely ignored.

When cloud providers offer comparable services, these should be standard as well. For instance, an application that needs object storage such as AWS S3 or Azure Blob, should be able to get access through a standard interface.

Integration with other emerging technologies

It is also important to think about how to standardize the integration between databases and technologies such as machine learning algorithms and tools such as TensorFlow, R, Python libraries, the analysis of unstructured data such as sentiment analysis, image processing, natural language processing (NLP), blockchain, etc. Today, each solution in these areas has a unique interface. Therefore, integrating them with the database is always a custom effort.

Whereas user-defined functions and table user-defined functions have good standards, there is no way for one database to call user-defined functions, or even stored procedures, written for some other database. It would be so much more effective if users could use a large library of UDFs developed for any database as a plug-and-play technology. Such a library would also provide the developers of these functions a large customer base where their functions could be deployed.


The deployment of big data tools is now being held back by the lack of standards in the areas I have listed. The development of these standards is in no way intended to thwart innovation or keep providers from providing unique solutions. On the contrary—look at the ANSI SQL standard: it has facilitated the dramatic growth of a large number of database solutions.

An important aspect of standards is ensuring compliance. The National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce did that for SQL. Although SQL has admirably broad adoption as a standard, this does not guarantee smooth interoperability. First of all, SQL has evolved, so vendors can pick and choose which version of the standard to adhere to. Even there, how much of that version they adhere to is not clear without a certification. Second, numerous non-standard enhancements are offered.

Some of the areas identified may provide more value to users and providers. A prioritization determining which standard would provide the most value, based on input from the user and vendor community, could help guide efforts to develop standards.

These efforts could be facilitated via new standards bodies or with the cooperation and under the tutelage of existing standards bodies such as ANSI, ISO, TPC, and W3C. The committee members of these standards organizations have tremendous experience in developing excellent standards. They can skillfully navigate the bumpy road to achieve consensus across participants who otherwise compete. But it is up to the end users and providers to apply the pressure. Do we think we can start a movement to do so?

Continue reading It's time to establish big data standards.

Four short links: 16 August 2018 [All - O'Reilly Media]

Distributed Execution, Roaming SIM, Social Robot, and Bad Design

  1. Ray -- a flexible, high-performance distributed execution framework from OpenAI, targeting AI applications including reinforcement learning. (via "Notes from the first Ray meetup")
  2. KnowRoaming Global SIM Sticker -- Put your SIM card back in your phone. When you’re at home, the sticker. (via Engadget)
  3. Haru (IEEE Spectrum) -- inside Honda's new social robot.
  4. Botched CIA Communications System Helped Blow Agents' Cover (Foreign Policy) -- In the words of one of the former officials, the CIA had “fucked up the firewall” between the two systems. When bad systems architecture kills people...

Continue reading Four short links: 16 August 2018.


Representative Line: Tern This Statement Around and Go Home [The Daily WTF]

When looking for representative lines, ternaries are almost easy mode. While there’s nothing wrong with a good ternary expression, they have a bad reputation because they can quickly drift out...


Site reliability engineering (SRE): A simple overview [All - O'Reilly Media]

Get a basic understanding of site reliability engineering (SRE) and then go deeper with recommended resources.

Curious about site reliability engineering (SRE)?

The following overview is for you. It covers some of the basics of SRE: what it is, how it’s used, and what you need to keep in mind before adopting SRE methods.

Continue reading Site reliability engineering (SRE): A simple overview.


The problem with coming attractions [Seth's Blog]

“Knock, knock…”

That’s not a coming attraction. It’s an invitation. An opening. A bit of tension in terms of closure.

A coming attraction, on the other hand, gives it all away. It says, “here’s a bit of what we’ve got, and the rest of it is just like this, but almost as loud and almost as shiny.”

In the short run, coming attractions work faster. They get you a certain kind of audience and they lead to less disappointment.

But the alternative, the hard work of creating tension and then delivering on it–that’s where our best path lies. It requires trust, not proof, and the patience to find an audience that cares enough to work with you to get to where they’d like to go.

If someone insists on experiencing your experience before you give them the experience, it’s really unlikely you’re going to be able to delight them.


TRON: Our BitTorrent Plan Might Take Two Decades [TorrentFreak]

Back in May, TF broke the news that Justin Sun, the entrepreneur behind the popular cryptocurrency TRON, was in the process of acquiring BitTorrent Inc.

Two months later, BitTorrent Inc. and the TRON Foundation confirmed the acquisition.

“With this acquisition, BitTorrent will continue to provide high quality services for over 100M users around the world. We believe that joining the TRON network will further enhance BitTorrent and accelerate our mission of creating an Internet of options, not rules,” BitTorrent Inc. said.

TRON’s Justin Sun added that the acquisition of BitTorrent supports his foundation’s goal to decentralize the web but more concrete details beyond this vision have proven elusive. The entrepreneur has mentioned the possibility of rewarding BitTorrent seeders but that raises even more questions.

This week, in celebration of TRON’s US and China teams meeting up for the first time, Sun dangled some additional information on why the acquisition took place and what TRON’s plans are for the future.

“Contrary to speculation, the main reason for the acquisition isn’t BitTorrent’s more than 100M active users, and it isn’t for an amazing commercial opportunity,” Sun said.

“Yes, these things are great perks, but the more important reason is that BitTorrent has always been committed to one value, which is ‘Democratize the Internet.’ This is very much in line with TRON’s ‘Decentralize the Web.’ The fact that our values are in sync is the driving force behind this acquisition.”

Following a short history lesson on Web 1.0 through to today’s Web 3.0, Sun highlighted BitTorrent achievements in the decentralized arena, which enabled people to envision a totally decentralized Internet in the future. However, “profit-focused” companies like Google, Apple, Facebook, Amazon, and Netflix eventually stepped in with models that only served to further centralize the Internet.

“The mistrust in centralization naturally results in a public reaction where people are expecting government intervention to monitor big tech companies. However, history itself has been telling us repeatedly that the involvement of a more centralized power will only worsen the problem,” Sun said.

According to TRON’s founder, the solution to the above is his Web 4.0, “a decentralized, mass-collaborative Internet governed by the community, with highly effective, available, and convenient Internet apps and services.”

Unlike most standard apps used by people today (such as those used to access Facebook etc), ‘DApps’ – decentralized apps – are software applications that run on the blockchain. While the former access and provide data for centralized systems, the latter use the decentralized resources of other network users.

Sun wants TRON to become the largest decentralized Internet ecosystem in the world and this week offered four promises in respect of the TRON/BitTorrent partnership.

1. We will develop the TRON Protocol and make sure it grows to be the largest and the most dynamic blockchain protocol in the world.
2. We will develop the BitTorrent Protocol and its applications to guarantee BitTorrent’s dominance in global decentralized content distribution. We will also work to optimize the BitTorrent Protocol with blockchain technology.
3. We will explore and develop other decentralized Internet protocols, in areas such as decentralized storage and cloud computing.
4. We will develop a series of decentralized apps based on decentralized protocols, so that everyone in the world can enjoy decentralized Internet services.

But for those wanting a slice of exciting decentralized cake today, it may be wise to put on a pot of coffee – after first planting and then growing the beans several times over.

“This is a long-term mission which will take 10 to 20 years to complete. I’m 28 now. I will devote my whole life to the revolution of Internet decentralization,” Sun says.

“TRON is committed to rejuvenating the revolution led by BitTorrent at the beginning of the 21st century, saving the Internet from centralized monopolies, and establishing a free, transparent, and decentralized Web 4.0.”

We’ll have an update in 2028, see you then.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


1218 [LFG Comics]

The post 1218 appeared first on Looking For Group.

1216 [LFG Comics]

The post 1216 appeared first on Looking For Group.

1214 [LFG Comics]

The post 1214 appeared first on Looking For Group.

1213 [LFG Comics]

The post 1213 appeared first on Looking For Group.

1211 [LFG Comics]

The post 1211 appeared first on Looking For Group.

Bits from Debian: 25 years and counting [Planet Debian]

Debian is 25 years old by Angelo Rosa

When the late Ian Murdock announced 25 years ago in comp.os.linux.development, "the imminent completion of a brand-new Linux release, [...] the Debian Linux Release", nobody would have expected the "Debian Linux Release" to become what's nowadays known as the Debian Project, one of the largest and most influential free software projects. Its primary product is Debian, a free operating system (OS) for your computer, as well as for plenty of other systems which enhance your life. From the inner workings of your nearby airport to your car entertainment system, and from cloud servers hosting your favorite websites to the IoT devices that communicate with them, Debian can power it all.

Today, the Debian project is a large and thriving organization with countless self-organized teams comprised of volunteers. While it often looks chaotic from the outside, the project is sustained by its two main organizational documents: the Debian Social Contract, which provides a vision of improving society, and the Debian Free Software Guidelines, which provide an indication of what software is considered usable. They are supplemented by the project's Constitution which lays down the project structure, and the Code of Conduct, which sets the tone for interactions within the project.

Every day over the last 25 years, people have sent bug reports and patches, uploaded packages, updated translations, created artwork, organized events about Debian, updated the website, taught others how to use Debian, and created hundreds of derivatives.

Here's to another 25 years - and hopefully many, many more!


The Coffee Was Inside Me the Whole Time [Diesel Sweeties webcomic by rstevens]

sleep is dumb

It's like they say, you are what you excrete.


[$] Weekly Edition for August 16, 2018 []

The Weekly Edition for August 16, 2018 is available.

Norbert Preining: DebConf 18 – Day 3 [Planet Debian]

Most of Japan is on summer vacation now, only a small village in the north resists the siege, so I am continuing my reports on DebConf. See DebConf 18 – Day 1 and DebConf 18 – Day 2 for the previous ones.

With only a few talks of interest for me in the morning, I spent the time preparing my second presentation Status of Japanese (and CJK) typesetting (with TeX in Debian) during the morning, and joined for lunch and the afternoon session.

First to attend was the Deep Learning BoF by Mo Zou. Mo reported on the problems of getting Deep Learning tools into Debian: Here not only the pure software, where proprietary drivers for GPU acceleration are often highly advisable, but also the data sets (pre-trained data) which often fall under a non-free license, pose problems with integration into Debian. With several deep learning practitioners around, we had a lively discussion how to deal with all this.

Next up was Markus Koschany with Debian Java, where he gave an overview on the packaging tools for Java programs and libraries, and their interaction with the Java build tools like Maven, Ant, and Gradle.

After the coffee break I gave my talk about Status of Japanese (and CJK) typesetting (with TeX in Debian), and I must say I was quite nervous. As a non CJK-native foreigner speaking about the intricacies of typesetting with Kanji was a bit a challenge. At the end I think it worked out quite well, and I got some interesting questions after the talk.

Last for today was Nathan Willis’ presentation Rethinking font packages—from the document level down. With design, layout, and fonts being close to my personal interests, too, this talk was one of the highlights for me. Starting from a typical user’s workflow in selecting a font set for a specific project, Nathan discussed the current situation of fonts in Linux environment and Debian, and suggested improvements. Unfortunately what would be actually needed is a complete rewrite of the font stack, management, system organization etc, a rather big task at hand.

After the group photo shot by Aigars Mahinovs who also provided several more photos and a relaxed dinner I went climbing with Paul Wise to a nearby gym. It was – not surprisingly – quite humid and warm in the gym, so the amount of sweat I lost was considerable, but we had some great boulders and a fun time. In addition to that, I found a very nice book, nice out of two reasons: first, it was about one of my (and my daughters – seems to be connected) favorite movies, Totoro by Miyazaki Hayao, and second, it was written in Taiwanese Mandarin with some kind of Furigana to aid reading for kids – something that is very common in Japan (even in books for adults in case of rare readings), but I have never seen before with Chinese. The proper name is Zhùyīn Zìmǔ 註音字母 or (or more popular) Bopomofo.

This interesting and long day finished in my hotel with a cold beer to compensate for the loss of minerals during climbing.



View From a Hotel Window, 8/15/18: San Jose [Whatever]

It’s a lovely day in San Jose, despite a certain amount of particulate matter in the air, cause by parts of California being deeply aflame. Here you can see the convention center in which we’ll have Worldcon 76, which starts tomorrow and runs through Monday. It’s nice to be in California again.

Aaaaand now I think I might take a nap.


One more week of the Humble Comics Bundle: Valiant... [Humble Bundle Blog]

One more week of the Humble Comics Bundle: Valiant Universe! 

This bundle has over $470 worth of digital comics, including X-O Manowar Deluxe Edition Book 1, Faith and the Future Force, Divinity: The Complete Trilogy Deluxe Edition, and more! So you get a lot of Vali-entertainment value.

Assets for Press and Partners

Wednesday, 15 August


Link [Scripting News]

I have a Brainy Quotes page, for what it's worth.



[$] The Data Transfer Project []

Social networks are typically walled gardens; users of a service can interact with other users and their content, but cannot see or interact with data stored in competing services. Beyond that, though, these walled gardens have generally made it difficult or impossible to decide to switch to a competitor—all of the user's data is locked into a particular site. Over time, that has been changing to some extent, but a new project has the potential to make it straightforward to switch to a new service without losing everything. The Data Transfer Project (DTP) is a collaborative project between several internet heavyweights that wants to "create an open-source, service-to-service data portability platform".

How a civic hacker used open data to halve tickets at Chicago's most confusing parking spot [Boing Boing]

Matt Chapman used the Freedom of Information Act to get the City of Chicago's very mess parking ticket data; after enormous and heroic data normalization, Chapman was able to pinpoint one of the city's most confusing parking spots, between 1100-1166 N State St, which cycled between duty as a taxi-stand and a parking spot with a confusingly placed and semi-busted parking meter. (more…)


Truthful security disclosures should always be legal. Period. [Boing Boing]

After a week of blockbuster security revelations from Defcon it's important to take a step back and address the ongoing battle by companies to seize a veto over who can reveal defects in their products. (more…)


Crab City 2049 [Scenes From A Multiverse]

Have you good people seen Blade Runner 2049? Me neither.

Welcome back to the future of Crab City! Crab City is the city made for crabs, by crabs, from crabs. Crab City!


Link [Scripting News]

Yesterday I asked about bike-mounted speakers, and got lots of great advice. For some reason a search on Amazon yielded nothing but crap, but if you know what you're looking for you get some pretty nice stuff. Rex Hammock recommended JBL Flip. And Jason Gilman recommended Clearon. Roland Tanglao said he loves his UE Roll 2, and I have one of those, but it didn't occur to me it could be bike-mounted. The bungee that's built in works fine on a bike, and I took it for a spin just now and it's perfect. Great sound. Totally loud enough to be heard over NYC street noise, with great frequency range and thumpin base to keep the wheels turning. A really great answer. Davey's a happy cyclist. Thanks everyone for the great advice. I want to try all of these speakers.



Talking surveillance, elections, monopolies, and Facebook on the Bots and Ballots podcast [Boing Boing]

Grant Burningham interviewed me for his Bots and Ballots podcast (MP3), covering a bunch of extremely timely tech-politics issues: Facebook and the impact of commercial surveillance on democratic elections; Alex Jones, censorship and market concentration; and monopolism and the future of the internet.


Talking surveillance, elections, monopolies, and Facebook on the Bots and Ballots podcast [Cory Doctorow's]

Grant Burningham interviewed me for his Bots and Ballots podcast (MP3), covering a bunch of extremely timely tech-politics issues: Facebook and the impact of commercial surveillance on democratic elections; Alex Jones, censorship and market concentration; and monopolism and the future of the internet.

Link [Scripting News]

If you want to read feeds of any kind in a Node app, my feedRead package is the easiest way to get something up and running super quick. Simple example code for reading a feed over the web or from a local file. I use it in River5 so it's been extensively burned in with all manner of feeds.


tinywm, a tiny window manager [OSNews]

TinyWM is a tiny window manager that I created as an exercise in minimalism. It is also maybe helpful in learning some of the very basics of creating a window manager. It is only around 50 lines of C. There is also a Python version using python-xlib.


Trou: a soft, CCTV-bugged interactive sculpture that you ram your hand and arm into [Boing Boing]

Trou is an interactive sculpture from Valencia, Spain's Mireia Donat Melús: the nylon and silicon fiber blob invites viewers to don a surgical glove and insert their hands and arms into an elastic orifice in the sculpture's surface -- and watching their probing appendage from within via a live video-feed. (more…)

Insecure medical equipment protocols let attackers spoof diagnostic information [Boing Boing]

Douglas McKee of McAffee presented his research into the security of medical diagnostic equipment at last week's Defcon conference in Las Vegas. (more…)


The Humble Audiobook Bundle: More Torchwood & Doctor Who... [Humble Bundle Blog]

The Humble Audiobook Bundle: More Torchwood & Doctor Who presented by Big Finish 

Who’s back! And Torchwood, too. The Torchwood & Doctor Who audiobook bundle has regenerated with a new lineup of titles! 

Get Doctor Who - 8th Doctor Adventures: Dark Eyes 1, Big Finish Audiobooks: Tom Baker at 80, Torchwood - Special Releases: The Torchwood Archive, and lots more.

Assets for Press and Partners

Richard Stallman - "El software libre y libertad -- en la vida y en la educación" (Rancagua, Chile) [Events]

Richard Stallman will speak about the goals and philosophy of the Free Software Movement, and the status and history of the GNU operating system, which in combination with the kernel Linux is now used by tens of millions of users world-wide.

Esa charla de Richard Stallman no será técnica y será abierta al público; todos están invitados a asistir.

Lugar: Bernardo O'Higgins Auditorio Regional, Plaza de los Héroes 445, Rancagua, Región del Libertador Gral, Rancagua, Chile

Favor de rellenar este formulario, para que podamos contactarle acerca de eventos futuros en la región de Rancagua.


Majority of young Americans distrust capitalism, embrace socialism [Boing Boing]

Who likes socialism and mistrust capitalism? Democrats and young people, who are mostly the same people. (more…)


News Post: Bad Enough Dudes [Penny Arcade]

Tycho: After this Madden Ultimate Team shit, plus a Call of Duty beta I played with Keek and Glamdring every possible second, our descent into performative masculinity is complete.  The only question now is whether or not this constitutes our final form, or if this is a kind of moist, pupal proto-bro scenario that ultimately results in something more firm.  We’ll see. Later on today, specifically at 4pm PDT, Acquisitions Incorporated: The “C” Team returns - get caught up with Kris and Ryan’s funny video for the last arc, and come hang with us tonight! Over the…


New Zealand bans most offshore residential real-estate ownership [Boing Boing]

With today's passage of the Overseas Investment Amendment Bill, the Parliament of New Zealand has banned nonresidents from buying most residential property in the country, in an effort to end the skyrocketing housing expenses (Auckland is one of the world's least-affordable cities) by freezing out overseas speculators, though these account for less than 3% of total real-estate transactions, with the majority coming from China. (more…)


Europeans Take “Upload Filter” Protests to The Streets [TorrentFreak]

After years of careful planning and negotiating, the European Parliament was ready to vote on its new copyright directive last month.

With backing from large political factions and pretty much the entire entertainment industry, many assumed that proposal would pass.

They were wrong.

The Copyright Directive was sent back to the drawing board following protests from legal scholars, Internet gurus, activists, and many members of the public. Article 13, often referred to as the “upload filter” proposal, was at the center of this pushback.

The vote was a massive blow to those who put their hope on the EU’s proposed copyright changes. Following the failure of SOPA and ACTA, this was another disappointment, which triggered several entertainment industry insiders to call foul play.

They claimed that the grassroots protests were driven by automated tools, which “spammed” Members of Parliament were with protest messages, noting that large tech companies such as Google were partly behind this.

This narrative is gaining attention from the mainstream media, and there are even calls for a criminal investigation into the matter.

Opponents of the upload filters clearly disagree. In part triggered by the criticism, but more importantly, to ensure that copyright reform proposals will change for the better, they plan to move the protests to the streets of Europe later this month.

Julia Reda, the Pirate Party’s Member of European Parliament, is calling people to join these protests, to have their voices heard, and to show the critics that there are real people behind the opposition.

“We haven’t won yet. After their initial shock at losing the vote in July, the proponents of upload filters and the ‘link tax’ have come up with a convenient narrative to downplay the massive public opposition they faced,” Reda writes.

“They’re claiming the protest was all fake, generated by bots and orchestrated by big internet companies. According to them, Europeans don’t actually care about their freedom of expression. We don’t actually care about EU lawmaking enough to make our voices heard. We will just stand idly by as our internet is restricted to serve corporate interests.”

Thus far, nearly a million people have voiced their discontent with the copyright reform plans through an online petition. And if it’s up to Reda, these people should do the same away from their keyboard.

On September 12th, Members of Parliament will vote on the future of the Copyright Directive and the protests are planned two weeks earlier, on August 26th.

“Our goal is clear: The Parliament must adopt alternatives for Article 11 and Article 13 that don’t force platforms to install upload filters and don’t threaten links and snippets with an extra layer of copyright,” Reda notes.

The public protests will take place in several cities including Berlin, Ljubljana, Prague, Stockholm, Vienna, and Warsaw. The organizers hope to gain the same momentum as the ACTA protests did when hundreds of thousands of people marched the streets.

That would certainly make an impact.

Meanwhile, the tension between opponents and proponents of the Copyright Directive keeps growing. The latter will hope that the protests will only draw a small crowd, but if the turnout is high, they can always point out that many of the protest cities have Google offices.

Protest locations

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Today in GPF History for Wednesday, August 15, 2018 [General Protection Fault: The Comic Strip]

Mercedes de la Croix sees lucrative possibilities in Trent's libel case against Fred...


Comic: Bad Enough Dudes [Penny Arcade]

New Comic: Bad Enough Dudes


Patch Tuesday, August 2018 Edition [Krebs on Security]

Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two “zero-day” flaws that attackers were already exploiting before Microsoft issued patches to fix them.

According to security firm Ivanti, the first of the two zero-day flaws (CVE-2018-8373) is a critical flaw in Internet Explorer that attackers could use to foist malware on IE users who browse to hacked or booby-trapped sites. The other zero-day is a bug (CVE-2018-8414) in the Windows 10 shell that could allow an attacker to run code of his choice.

Microsoft also patched more variants of the Meltdown/Spectre memory vulnerabilities, collectively dubbed “Foreshadow” by a team of researchers who discovered and reported the Intel-based flaws. For more information about how Foreshadow works, check out their academic paper (PDF), and/or the video below. Microsoft’s analysis is here.

One nifty little bug fixed in this patch batch is CVE-2018-8345. It addresses a problem in the way Windows handles shortcut files; ending in the “.lnk” extension, shortcut files are Windows components that link (hence the “lnk” extension) easy-to-recognize icons to specific executable programs, and are typically placed on the user’s Desktop or Start Menu.

That description of a shortcut file was taken verbatim from the first widely read report on what would later be dubbed the Stuxnet worm, which also employed an exploit for a weakness in the way Windows handled shortcut (.lnk) files. According to security firm Qualys, this patch should be prioritized for both workstations and servers, as the user does not need to click the file to exploit. “Simply viewing a malicious LNK file can execute code as the logged-in user,” Qualys’ Jimmy Graham wrote.

Not infrequently, Redmond ships updates that end up causing stability issues for some users, and it doesn’t hurt to wait a day or two before seeing if any major problems are reported with new updates before installing them. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update.

It’s a good idea to get in the habit of backing up your computer before applying monthly updates from Microsoft. Windows has some built-in tools that can help recover from bad patches, but restoring the system to a backup image taken just before installing updates is often much less hassle and an added peace of mind while you’re sitting there praying for the machine to reboot successfully after patching.

Adobe’s Flash update brings the program to v. for Windows, macOS, Chrome and Linux. Most readers here know how I feel about Flash, which is a major security liability and a frequent target of browser-based attacks. The updates from Microsoft include these Flash fixes for IE, and Google Chrome has already pushed an update to address these five Flash flaws (although a browser restart may be needed).

But seriously, if you don’t have a specific need for Flash, just disable it already. Chrome is set to ask before playing Flash objects, but disabling Flash in Chrome is simple enough. Paste “chrome://settings/content” into a Chrome browser bar and then select “Flash” from the list of items. By default it should be set to “Ask first” before running Flash, although users also can disable Flash entirely here or whitelist and blacklist specific sites.

By default, Mozilla Firefox on Windows computers with Flash installed runs Flash in a “protected mode,” which prompts the user to decide if they want to enable the plugin before Flash content runs on a Web site.

Adobe also released security updates for its PDF Reader and Acrobat products.

As always, please leave a note in the comments below if you experience any problems installing any of these updates.


100 pointless editorials [Scripting News]

I don't see what good 100 editorials tomorrow will do. The problem journalism has is that it is at war with a formidable adversary, the head of the US government. It's time to consult with people who have studied war. I suspect they will say that 100 editorials wouldn't have had much impact on Japan or Germany at the beginning of World War II. We never would have thought to respond to the 9/11 attacks with 100 stinging editorials. When attacked in an outright and clear act of war, aim at the power of the enemy, analyze and develop our own power, and fight back, to win.

In this case, the enemy is very powerful. His greatest power is that he didn't demobilize his supporters when he took office as every other presidential incumbent has. It's smart. I pleaded with Obama to do exactly that when he took office in 2009. The web was ready to take Obama's message of intellectual and just government all around the world. Instead he stuck to norms. And ran head-on into a Republican blockade. Nothing could get him out of the Rose Garden and back on the campaign trail.

Let this be a lesson from now on: Presidents must stay on the campaign trail at all times. The power of the presidency is to rally the people, and when done best it's a unifying campaign, not a divisive one, like the one Trump persists.

And that, imho is exactly what journalism must do.

Journalism has to break the biggest norm it has. Break the wall that separates it from their supposed audience, which is rapidly dissipating. They've lost the ones that follow Trump. The rest of us are losing patience. Hopefully on Friday morning, in the non-existent afterglow of the pointless editorial demonstration, they will start looking outside their cocoon for answers.


Community rank [Seth's Blog]

You’re probably familiar with class rank. Among all the kids in this high school, compared to everyone else’s GPA, where do you stand?

And you’ve heard about sports rank, #1 in the world at tennis or golf or chess.

But somehow, we don’t bother with community rank.

Of all the contributions that have been made to this community, all the selfless acts, events organized, people connected–where do you stand?

Maybe we don’t have to measure it. But it might be nice if we acted as if we did.


Security updates for Wednesday []

Security updates have been issued by CentOS (kernel), Debian (kernel, linux-4.9, postgresql-9.4, and ruby-zip), Fedora (cgit, firefox, knot-resolver, mingw-LibRaw, php-symfony, php-symfony3, php-symfony4, php-zendframework-zend-diactoros, php-zendframework-zend-feed, php-zendframework-zend-http, python2-django1.11, quazip, sox, and thunderbird-enigmail), openSUSE (python-Django and seamonkey), Oracle (kernel), Red Hat (kernel, kernel-rt, and redhat-virtualization-host), Scientific Linux (kernel), Slackware (openssl), SUSE (clamav, firefox, kernel, and samba), and Ubuntu (kernel, libxml2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-azure, linux-gcp, linux-lts-trusty, linux-lts-xenial, linux-aws, linux-raspi2, and samba).


Berkman weblogs, followup [Scripting News]

A followup to my post last Friday. I had just heard about something happening with the blogs we hosted in 2003 and beyond at I'm still not clear on what happened. I would like to know, and to see if there's anything we can do to keep the archived content available at the same address it has been at all along.

I got a response to one of my tweets from Jonathan Zittrain, a former colleague at Berkman, who is still there. He pointed me to the FAQ they posted. Not much information there about what was about to happen, or has happened since. At the very least we should know what remains, what is gone, and what is the plan for the future. And perhaps we, outside of Harvard, can help in some way. We have some experience with these issues.

I think a great university like Harvard that places a high value on learning, history, tradition, and played a big role in fostering the development of social media, both as the home of Mark Zuckerberg in the early Facebook days, and at the very same time to the nascent blogging and podcasting community, should take an active interest not only in preserving the record, but in helping to set standards for how the web can continue long-term, even in the age of silos and corporate ownership. We, collectively, have a responsibility imho to do this well.

PS: Imho this is a project that should interest librarians at Harvard and elsewhere. There are a lot of great libraries there.


The PowerPC 600 series, part 8: Control transfer [The Old New Thing]

The PowerPC 600 series has a few types of control transfer instructions. Let's look at direct branches first.

    b       target          ; branch to target
    bl      target          ; branch to target and link

The direct branch instructions perform an unconditional relative branch to the target. It has a reach of ±32MB. All the "... and link" instructions set the lr register to the return address (the instruction after the branch). This happens even for conditional branches when the branch is not taken.

There are also absolute versions of these instructions:

    ba      target          ; branch to target (absolute form)
    bla     target          ; branch to target and link (absolute form)

The absolute versions treat the displacement as an absolute address rather than as a displacement from the current instruction pointer. These are not useful in Windows NT, but could be useful in embedded systems.

Things get exciting when you look at the conditional branches. Formally, they are written as

    bc      BO, BI, target  ; branch conditional
    bcl     BO, BI, target  ; branch conditional and link

Conditional branch instructions have a reach of only ±32KB. There are also absolute variants bca and bcla which treat the displacement as an absolute address, allowing conditional branches to the top and bottom 32KB of address space. Again, absolute addressing is not that useful in Windows NT.

The magical BO and BI parameters describe the condition to be tested. You can optionally decrement the ctr register and check if the result is zero or nonzero.¹ You can also optionally check if a specific bit in the cr register is set (true) or clear (false), and sometimes you can provide a static prediction hint. The following combinations are valid:

Decrement ctr? Test a bit in cr? Prediction hint BO Mnemonic
Yes, test for nonzero No 16 dnz
Yes, test for nonzero No Not taken 24 dnz-
Yes, test for nonzero No Taken 25 dnz+
Yes, test for nonzero Test for false 0 dnzf
Yes, test for nonzero Test for true 8 dnzt
Yes, test for zero No 18 dz
Yes, test for zero No Not taken 26 dz-
Yes, test for zero No Taken 27 dz+
Yes, test for zero Test for true 10 dzt
Yes, test for zero Test for false 2 dzf
No Test for false 4 f
No Test for false Not taken 6 f-
No Test for false Taken 7 f+
No Test for true 12 t
No Test for true Not taken 14 t-
No Test for true Taken 15 t+
Unconditional Taken 20

Any BO values not in the above table are reserved for future use and should be avoided if you know what's good for you.

A static prediction hint overrides any internal branch prediction algorithm, so you'd better have very high confidence that your hint is correct.

These mnemonics save you from having to memorize the BO numbers.

    bxx     BI, target  ; branch conditional
    bxxl    BI, target  ; branch conditional and link

Except that if the mnemonic ends in a + or -, then the prediction hint goes at the very end. For example, "branch if false and link, predict not taken" is bfl-.

The bit index BI can be written as a number, but as we saw when we learned about condition registers, you can combine the condition register bit mnemonics with with the cr# mnemonics to produce a reference to a condition bit. For example, 4*cr2+gt means "The gt bit in the cr2 condition register." And since the numeric value of cr0 is zero, you can omit 4*cr0+, which results in some surprisingly readable results like

    bt       eq, target  ; branch if eq is set in cr0

The assembler goes one step further and provides a few combination mnemonics:²

Branch and condition Mnemonic Meaning
bt lt blt Branch if less than
bt gt bgt Branch if greater than
bt eq beq Branch if equal
bt so bso Branch if summary overflow
bf lt bnl Branch if not less than
bf gt bng Branch if not greater than
bf eq bne Branch if not equal
bf so bns Branch if not summary overflow

The mnemonics can separate the condition bit from the condition register, so you can get

    beq      cr4, target  ; branch if eq is set in cr4

Okay, the next type of branch instruction is the computed jump.

    bcctr    BO, BI, BH   ; branch conditional to address in ctr
    bcctrl   BO, BI, BH   ; branch conditional to address in ctr and link

    bclr     BO, BI, BH   ; branch conditional to address in lr
    bclrl    BO, BI, BH   ; branch conditional to address in lr and link

You are not allowed to use any of the "decrement ctr" branch operations with the bcctr or bcctrl instructions because shame on you for even thinking about trying it.

The BO and BI codes follow the same rules as above, and the assembler provides mnemonics for various combinations. If you go to PowerPC reference materials, you'll see horrid tables that look like some sort of dystopian declension table from a long-forgotten Slavic language. In this hypothetical language, bdnztlrl means something like "branch on odd-numbered Thursdays," I guess. (Okay, it actually means "branch, after decrementing ctr, if the result is nonzero, and if the condition bit is true, to the address in the lr register, and link.")

The BH field provides a hint for branch prediction, primarily whether the branch target is likely to be the same as the previous time the branch was encountered. Branches through an import table are likely to be the same each time. Branches through a vtable could also use this hint if the method is being dispatched from the same object in a loop. (The vtable is unlikely to change during the loop.)

The processor optimizes on the assumption that bctr is a computed jump and blr is a subroutine return,³ although the BH hints can tweak those assumptions. Furthermore, Windows NT requires that non-leaf subroutine returns be encoded exclusively as blr. You are not allowed to pull fancy tricks like beqlr to perform a conditional subroutine return. This is not a significant problem in practice because there's usually other stuff that needs to be done as part of the function epilogue. Adding this rule makes the exception unwinding code easier.

For the same reason, the conditional versions of the "and link" branches are mostly useless in practice because even if you can conditionalize the link, you still prepared the function call unconditionally. You might have been better off just branching over the function call entirely.

Okay, so great, you have these instructions that operate on the lr and ctr registers, but how do you actually get values in and out of them?

    mflr    rt           ; rt = lr
    mfctr   rt           ; rt = ctr

    mtlr    rs           ; lr = rs
    mtctr   rs           ; ctr = rs

The "move from/to lr/ctr" instructions let you move values into and out of the lr and ctr registers. (Like mfxer and mtxer, these are actually shorthand for mfspr and mtspr with the appropriate magic number for lr or ctr.)

In practice, the first instruction of a non-leaf function is mflr r0 to save the return address, and when it's ready to return, it will do a mtlr r0 to load up the return address in preparation for the blr. This is pretty much the only thing the Microsoft compiler uses the r0 register for: Transferring the return address in and out of lr.

But wait, I'm getting ahead of myself. I promised to talk about the table of contents, so let's do that next time.

Bonus chatter: PowerPC mnemonics are so absurd that there was even a short-lived parody twitter account for them. Now that you've learned most of the instructions, you may understand some of the more insidey jokes, like

¹ Note that even if you loaded a 64-bit value into the ctr register (because you detected that you had a 64-bit-capable processor), the test for zero or non-zero is performed only against the least-significant 32 bits of the ctr register when the processor is in 32-bit mode (which is what Windows NT uses).

² The assembler also provides bge (branch if greater than or equal to) as an alias for bnl (branch if not less than). I think that's misleading, because bge suggests that the test checks two bits (gt and eq) and branches if either is set. But in fact it checks whether lt is clear. Now, if the condition register was set by a comparison, then the two cases are equivalent, but if you have been playing games with condition register flags, you can get into states where the trichotomy of numbers breaks down.

³ The return address predictor gives the processor the ability to start speculating instructions at the return address even before you move the return address into the lr register!


No Flight Without the Shatter [Original Fiction –]

From the wondrous mind of Brooke Bolander, the author of The Only Harmless Great Thing, who “shares literary DNA with Le Guin” (John Scalzi).

After the world’s end, the last young human learns a final lesson from Earth’s remaining animals.



Pretend you are the land. Pretend you are a place far away, the last vibrant V of green and gold and tessellated rock before the sea and sky slither south unchecked for three thousand lonesome turns of a tern’s wing. Once upon a time the waters rose to cut you off from your mother continent, better independence through drowning. Some day soon, when the ice across the ocean turns to hungry waves, all the rest will follow, sliding beneath an oil-slick surface as warm and empty as a mortician’s handshake.

But that does not concern us—yet. You are the land, and today you are here to bear witness to a story four million years in the telling as she closes her eyes for the final time, striped haunches slowing their rise and fall as entropy hoists another tattered victory flag.

Thylacinus: from the Greek thýlakos, meaning “pouch” or “sack.” You have made her into your own image, a unique beast neither wolf nor tiger but its own striped singularity. No one at the zoo is qualified to sex such a creature. They dub her Benjamin, short omnivorous ape jaws unequipped to pronounce her true name even if anyone ever thought to ask.

The cage is very hot. There is no shade. When night falls there will be no shelter against the unseasonable cold. She paces and pants, her shadow writing the future across concrete in angular calligraphy. Beyond and through the chicken wire bland faces peer, unable to make any sense of the warning in her trot, the glassiness in her staring eyes.

But you are the land, and you read the message loud and clear: a missive from the place between being and not; a signal from the space between the final breath and whatever comes after.


Auntie Ben pats makeup over her stripes every morning. The last neighbors moved on years before, the only folks left to see are Martha and Doris and Linnea, but Auntie Ben, she has her habits. In the end, the only sense you have to make, she tells Linnea, is to yourself. And so: delicate little dabs along the lean, dusky line of her jaw, up the cheekbones sharp as taxidermy knives, all the way to her forehead, where hair the color of dirty sand dangles listless, fabric on barbed wire. Nobody knows where she found the powder. Nobody asks. Maybe it was waiting when the three arrived, like the vanity and the three beds and the yellow farmhouse itself.

“Every mammal’s got stripes,” she says. “Even you. Fella named Blaschko found ’em. Somewhere back along the line, your people took ’em off as easily as I shuck my own skin, buried them in a cigar box out back. If you could find that box again, you’d find your stripes, sure as fleas and fresh blood.”

Linnea asks Doris if this is true. Doris is stout and cheerful and most likely of the three aunties to give a true answer. She cooks, she straightens, she drives the pickup to what passes for a town these days to pick up supplies. She does not work on the ship. She lacks the imagination, she says; she was never that great at flying to begin with. The little cedar chest at the foot of her bed more often than not stays closed.

“There’s no telling with Benny,” she says, scratching at her round, flat beak of a nose. “She’s always been a reader, that one. You don’t look like you got stripes to me, though. Humans come in all shapes and sizes—most of ’em hairy or hungry, terribly hungry, how can such skinny things gobble up so many?—but I never do believe I’ve seen a striped one. Then again, not a lot of them around to study anymore ’cept you, little chick.”

She doesn’t bother climbing to the roof gables to ask Auntie Martha, staring sadly up at an empty fading sky as bronze-and-violet as her hair. Instead, Linnea wanders back inside and stands alone in front of the vanity mirror, searching for invisible stripes. The light through the bedroom curtains is a washed-out yellow, like paper or preserved hide or the end of a long, hot day.


They never say how they got together, Linnea’s three aunties, or where they hailed from before finding her and feeding her and fetching her home, lucky orphan among grubby roadside hundreds. She doesn’t remember faces before theirs. There was a gas station with busted windows. There was a little scratched spot in the dirt beneath the old pumps where she slept at night. There was potato crisp grease, tangled hair, and the occasional sandstorm. Beyond that, Linnea’s memory is a skull picked clean; shake it and hear leaves rattle inside.

That’s okay. Now is good. Back Then was probably not-so-good. And as to what lies ahead…No. Linnea keeps that lonesomeness locked down tight as any auntie’s chest. Now is good; the rest doesn’t matter.

Endlings make for strange bedfellows, Auntie Ben often says, pounding away at sheets of rusted tin atop the rickety rope ladder. She keeps a red bandana faded to the color of bared gums tied around her forehead. Her overalls are so stitched and crookety-patched (Doris does her best, but her fingers are too thick and strong and her eyesight too bad not to mangle such tiny work) they look like a quilt tossed over her long, lean self. She keeps all her tools in a denim pouch against her belly, saws and nails and a gone ghost forest worth of toothpicks forever tumble-scattering to the dusty ground far below. Auntie Ben has a lot of teeth to keep clean. When there were fresh bones to gnaw, she says, wistful, there was no need for toothpicks.

“Wombat feet,” she says. “Those always did the best job. Itty-bitty little bones, but sturdy.” A sigh, a shake of the head. Back to soldering a seam, goggles pulled safely down, impossible jaw firmly set.

Auntie Martha mostly draws star charts, sitting atop the farmhouse with paper and pen. Sometimes she sings. Her voice is croaky and harsh and the words make no sense to Linnea: endless repetitions of the same sound tunelessly unreeled, keeho keeho keeho kee! Sometimes she cocks her head afterward, almost like she’s waiting for a response. Nothing ever halloas back. Just the windmill creaking, the screen door slamming, the bang-bang-bang-bang of Auntie Ben’s hammer smashing dusk’s purple hush to pieces like a carelessly laid egg.


Pretend you are the sky. Pretend you are a sky the faint peach and dusty slate of a dove’s wing, folded protectively over darkening fields of corn and cities where yellow lights wink on like punctilious fireflies. Some day soon you will wither and broil. Those newly-hatched smokestacks on the horizon will slide beneath feather and skin and subclavius muscle with a hypodermic’s lethal care, a payload of jaundice injected with a belch and a billow, and the resulting buildup of toxins will ensure nothing bigger than a botfly ever darkens your horizon again. Your decay will smother the world, a dead bird huddling over an empty nest.

Soon, but not today. Today you are full of life—screech owl and nightjar, cranefly and bat. They know the spaces between stars. Even the ones locked fast in cage and crate can feel the wheel turning, seasons brushing shoulders on the subway. Away I must be going, they say to the bars and the locks, the cold iron that batters the breath from their hollow bones. I’ve had a lovely life here, but spring waits for no one, and I really must insist—

Even when all the rest are gone, millions blasted from your breast and returned as smoke, she feels the pull and calls to you. Every autumn for twenty-nine years, right up until the day of her stroke. The zookeepers hang the name of a dead president’s wife around her foot like a wartime message, hoping for domesticity, but she is still Ectopistes migratorius, traveler in name and nature.

She hears the sound of phantom wings and hurls herself against the ceiling, desperate to take her place in the thunder. Her tired old body is the color of a bruise.

I’m coming, she whirrs, again and again. Wait for me! I know which way to go!


“Once upon a time,” Auntie Ben says, seated beside Linnea’s bed, “there was a cage. But that cage is rusted all to hellfire and back now, and the men who built it are bones in the dust so dry not even a dark-flanked yearling would stop to take a sniff. Nobody remembers a damn thing about those men. Nobody remembers their chickens, their guns, or their stupid cage with the concrete floor. But they remember us, my little naked joey, sharp-toothed pride of my pouch. We were beautiful and strong. Our stripes left long shadows across their minds. There were plenty left to remember us, but who will be left to remember your kind?”

“Once upon a time,” Auntie Doris says, “—and oh, it was a long time ago, fresh fruit and green grass and the Rats and the Dogs not yet come—there were nests! Nests on the ground, can you imagine, beneath trees that dropped nuts so close you didn’t have to stretch your neck out far to take them. We laid our eggs where we pleased. But then the Men came—yesyes, and the Rats, and the Dogs, the terrible slavering Dogs—and the guns went bark bark bark all the live-long day. Our nests and our eggs and our fine fat selves, we dwindled down to nothing.

“But do they remember us now, sweet milk of my crop? Bless my gizzard and claws, they do! Those hungry men stopped being hungry, oh, ages ago, and their guns and their clubs rotted like rained-on feathers. Nobody remembers much at all about them and their growling bellies, but they remember our name, you’d better believe they do. There were plenty left to make our name round and fat, but mercy, who will be left to remember your kind?”

“Once upon a time,” Auntie Martha says—her voice is so soft you have to bend your eardrums low to pick up the words, a halting thing much gentler than her evening song—“we were a thousand. We were a million. We were many, and we blotted the sky with Ourselves. We flew where we pleased, and where we flew was pleasing. We followed the starmaps, the pull in our heads that said Go here! Go here!

“But the guns brought us down, by the thousands and the millions and the many. We lost the stars. We lost ourselves. But d’you think, little squab of my breast, that they could ever forget the sound of that many wings blotting out the sun? There were plenty of mouths and memories to pass on the beating of a million wings that was our name. As to who or what will be left to remember your own kind, dwindling with no wings to bear them away…”

Auntie Martha shakes her head.

“We were many too, once,” she repeats, barely a whisper. “I really am sorry.”


Linnea has a voice, too, but she doesn’t use it much. The inside of her head is a safe place, full of futures that will never happen so long as she keeps her words under lock and key. You open doors when you say things. There’s no telling what will come out of them, or where they may carry you off to in their jaws. Linnea likes it here; she has no desire to be stolen away. The days flash by unmarked—fur-yellow, feather-purple, rust-red—and change comes in slow, sneaky bursts, the space between looking away and turning back, moments of distraction. The earth grows a little more cracked. The ship teeters a little higher into the brassy sky. The wars Elsewhere, according to the dying radio in the kitchen, are running out of bodies.

“All things run out eventually, unless you outrun them first,” says Auntie Ben. Her shadow isn’t a woman’s and leaves no question as to her identity, falling snout-to-tail down the wooden work platform. “Your people were never canny enough to plan for the one nor fast enough for the other. Poor sods. Be a love and fetch me that pair of metal shears from out the kitchen, will you?”

Linnea does as she’s told, crossing the hardpan between farmhouse and building site at a gallop so the ground doesn’t burn her bare feet. Her own shadow is small and knobby-kneed and very much human.


Pretend you are the sea. Pretend you are a life-filled veil of green and gold and black and blue covering 70 percent of the land and most of its mysteries. Some day soon you will choke on refuse. A growing knot of bottles and bags and tires and zipties and rubber duckies and microbeads and bright plastic bric-a-brac will catch fast in your throat, suffocating all life from your deep places. You’ll bloat like a dead thing, an albatross chick’s belly packed tight and stretched grotesque with all the indigestible junk you’ve been fed. And when the last coral has withered—when the final whale has sung her question to an empty abyssal plain and there’s not even a hagfish left to mourn her passing—you will rise primeval, stinking of pig effluent and rotting fish, mercury and motor oil, an entire undead ecosystem marching on the cities of the coast.

Soon, but not now, and not for many ages yet. Today you are bursting with so much life the men who ride your waves in their great wooden ships cannot conceive of an end to it all. They match the seeming limitlessness of your largess with an equally insatiable hunger, seeking and searching and grasping. The world has never seen anything like it. There is no time to prepare; blink and they’re pulling ashore with axes and dogs and fire. Sink their boats and six hundred more will follow. Flood their encampments and they simply sail to the next island, rats and pigs ravaging in their wake.

You have protected this rugged little hunk of jungle and sand well. The animals here are special, coddled by your sheltering blue arms until they barely remember what fear is. The birds nest on the ground and lay their wings aside unused, for of what possible use are wings when there’s nothing to flee? Round and happy is Raphus cucullatus. Round and happy you would have them forever, your little flightless flock, but you cannot rage hard enough or squall fierce enough to stop what’s coming.

Hobnailed sailor’s heels in the white sand, clomping up the waterline. A crunch and a thud; the first pair of curious eyes dimmed.

The killing doesn’t stop for years. Axes ring and the fires burn and the rats and the pigs pick up where the clubs and machetes leave off, shattering eggs and snatching chicks even after the first settlers grow bored and Abel Tasman bobs away to wreak civilization on other untouched shores. They eat until there’s nothing left of the flock but white sticks in your surf.

They capture a few of the young birds alive and send them back across your waters. The last will be put on display as a public attraction, a curiosity kept in a dank, dark little chamber at the back of a shop. She will huddle into herself, feathers fluffed to ward off the chill of this gray place so far from her tropical homeland. The people who pay their pennies to see her will laugh at how round she looks, how plump and silly and vacant-eyed.


Nobody left to speak through the kitchen radio. No more words. What’s left of the nearby town dries up with the rain. They take what they want from the abandoned shops and load it into the pickup and there’s not a soul left squatting inside or out to squint twice at the theft.

Linnea snoops in the cobwebs and cupboards while they loot, because once upon a gas station that was how she survived and sometimes she misses the taste of greasy crisps and dime-store jerky. There are newspapers, but they’re all from a long ways back and fat as ticks with bad tidings. There are old weather almanacs, but past a certain printing they all run a woeful rut into the dirt: rising tides, rising dust, rising temperature lines the color of sunburn. There are photographs, but they’re not from a world Linnea knows. There are clocks, but nobody’s left to wind them.

There aren’t any crisps left, either. Just plastic crinkling in the creosote bushes, as mournful in its own way as Auntie Martha’s evening songs. Linnea licks the sweat salt off her lips as they drive home, the three aunties crammed into the cab and her alone in the bed with the wind and her thoughts and the wide-stretched sky.


The first passenger is waiting when she runs downstairs for breakfast, seated at the table next to Auntie Ben like that’s the way things have always been. A muscular, sturdy, broad-shouldered lady, with slate-gray hair and a big sharp nose and tiny red-rimmed eyes behind wire spectacles, thick lips drooping southward in a permanent scowl.

“This is Fatu Ceratotherium,” says Auntie Ben. “She’ll be staying with us for a while, helping out with the ship until it’s done.”

Fatu squints down at Linnea, snorts, and continues turning the pages of the book she holds, muttering something about humans under her breath. Linnea is glad to excuse herself and escape outside. Nothing’s changed there overnight, at least. Since it’s early and the ground is still cool she visits the gorge behind their property, something hard and hot bubbling beneath her chestbone.

It’s a new feeling. Change has planted it there, and she feels more change building where she can’t quite see it. Good things—crisps, soft beds, kindly aunties who keep your hair free of snags—can never ever stay when change is on the move. If it was a thing she could bite, she would bite it. If it was a thing she could throw rocks at, she would chuck pieces of flint until her arm fell off. But there’s nothing to do but wait for whatever is coming.

So she screams.

She shrieks into the canyon until the echo makes a pack of her, big and mean and capable of keeping things the way they are forever. She shrieks until her throat gets raw inside and the sun heats the ground beneath her enough to be uncomfortable. She doesn’t cry, because that’s a waste of moisture and she’s frustrated and angry, not senseless. But she yells. She even uses a few of the more interesting words she remembers from the walls of the gas station restroom while she’s at it. And it does make her feel a little better, eventually. Not much, but enough to ease the feeling in her chest.

“They’ll never come back no matter how loud you call, you know.”

Another change: Auntie Martha is off the roof, right in the middle of the day. She lights a hand on Linnea’s shoulder, delicate but with a surprisingly strong grip.

“No, they’ll never come back, little squab of my heart,” she continues in her gentle singsong. “The nest is scattered and the shell is crushed and in the case of your people, they did it to themselves. But it…it does feel good to try, doesn’t it? You always hope something other than your own voice will fly back. And isn’t it always worth trying? Just in case?”

They’ve done their best, her aunties. There’s a gulf between them that no ship can cross, but they’ve tried very hard, and they love her despite her humanity. Linnea gropes for words, a shape to fold her feelings into. Her voice sticks like a rusted pump drawing up dust from an empty well.

“If I call,” she says, “will you come back?”

They watch the question drift to earth together. Auntie Martha sighs, soft as eiderdown, and wraps her arms around Linnea.

“Oh, little squab. Little naked thing.”


More passengers arrive—not just two-by-two, but in ones and threes and severals, all more or less shaped like human women. The radio crackles static, the horizon sizzles with heat, and the farmhouse fills with the noise of idle waiting room chatter. Figures with shadows like frogs and parrots and long-necked tortoises loiter on the porch, smoking and waiting for sundown. Some help Auntie Ben with what’s left of the ship’s construction, hammer-hammer-saw-slam-bang. Others walk the halls at night, pacing with an impatience you can feel sparking off their soles like blue lightning. The air, Auntie Doris says, feels like a chick is pecking gentle-like on the other side, looking for the best place to lay into the world’s shell with its egg-tooth.

“I still don’t see why it has to be a ship doing the cracking, though,” she adds, looking as disgruntled as she ever gets. “I don’t trust ships, even the kind that don’t go on the water. No telling what a ship will unleash, no no no there never is.”

Linnea tries to stay out of the way, but it’s hard when there are so many others around. She takes to sleeping on the roof with Auntie Martha, whose skinny fingers are an ink-stained blur now from sundown to first light as she makes her charts. Scritch-scritch-scritch goes the fountain pen, spinning delicate spider silk lines between stars. The house below them hums hot, creaky impatience in its sleep. Further out in the yard, listing in its scaffolding, the ship looms black and blue.

“Nothing has an ending. Not really.” Auntie Martha says little while she works, which means she says little at all these days. When she does bother speaking, Linnea listens, hoarding every word against future silences. “Hatching is not the end of what lies inside the egg, only the end of the shell around it. There’s no flight without the shatter, and no flock without the flight. What we’re made of will go on. A fledgling in some other place and time will look up for guidance and maybe see the path we leave behind, even when all of this as it is”—she flutters her free hand at the darkened desert—“dries and blows away. Change is comforting, in that way.”

Linnea casts a wary eye at the night. She tucks her knees in tighter beneath her chin.


Pretend you are the wind. Pretend you are the inhalations and exhalations of the land, the breath of tortoise and tree twisting windmill and grass blade alike. Some day soon you will kill everything you touch, spreading a mushroom cloud’s poison seed from desert to delta to distant island. Death will fruit as heedlessly cheerful as any invasive species mankind has ever sown, unconcerned with distance or climatological delineations, and the world will slowly return to silence. All the world’s a graveyard. Like the last soldier in some grim and cautionary fairy tale, you are tasked with whistling past its gates forever.

Soon—very soon, the thoughtful pause before a clock’s hand flicks to midnight—but not yet. Today there is still life, although it’s a scraggletailed, desperate kind of thing, struggling to grow through a coating of red dust. You blow past caravans of ragged scrabblers, towns and communities clinging to civilization like cubs clutching at a dead mother’s fur. You sweep through pockets of memory and unreality. Ghosts and grit tumble down empty highways. Sometimes they clump into things with form and will; old spirits crossing an older landscape, psychopomp trompe l’oeil. The border here is very thin. History overlays it all like a second skin, a hidden shape the eye has to unlearn everything to recognize. See the beast with stripes like a cat and jaws like a wolf? See the glaciers that carved the horizon? See the people who lived here before, their homes and their handprints, the blood they spilled in the sand?

Old roadsigns rattle and dance as you pass. Junk food containers whirl. Beside the long black scar of the highway is a gas station.

You pause to brush the little girl’s bangs back from her face. She’s lost in concentration, momentarily distracted from hunger by the task at hand, sunburned forehead creased. Her hands work the old candy bar wrapper into triangles, pyramids, arrows, flaps and furrows, halves and planes. An alchemy of geometry, transmuting garbage into a kind of escape.

At last she finishes her spell. It sits stately in her palm for a moment, a crinkled paper bird smudged by dirty fingerprints and time. She lifts her hand to you as you pass and you take the little gift, touched by the gesture.

“Goodbye,” she says. You keep on moving as always. The paper bird soars. “Goodbye.”

The farmhouse is at full capacity, as full of visitors as it can manage—restless bodies crammed cheek-to-jowl, wood-and-brass chests of varying sizes stacked in corners and jammed beneath beds. Linnea isn’t the only one who sleeps outside now. They spill down the porch and into the front yard on rude pallets, shaking sand from their ears and hair when the brassy bright mornings come. It’s very hard to avoid their eyes; there are so many of them, and they are all so watchful of her two-leggedness. The ship—finished, Auntie Ben says, as it’ll ever be, and as it’ll ever be will do just dandy for their purposes—strains at the sky. The nights grow cold and brittle.

Linnea lurks around the edges, hugs corners, and spends most of the days remaining with a fist-sized knot churning in her stomach. The passengers move their trunks and their bedding to the foot of the ship. The farmhouse deflates a little. The knot in Linnea’s stomach stays the same; deep in her heart she knows what’s coming, although not one of her aunties says a word. When their chests finally vanish from the bedroom as well one afternoon, it’s almost a relief. Three square holes in the dust at the feet of the three neatly made beds, hardwoods darker there than their surroundings. Like shadows burned into pavement, or the white chalk outline of a hand on blood-red clay.

She has no trunk, no locked box with her name on it and her true skin inside. Her shadow is nothing if not honest. It drags at her heels as she walks—no running this time—down to the gorge. There is no memory of being left behind in her head, but there is a feeling, and it has all the contours of something well-worn and familiar.

Someone is already at the canyon’s edge when she arrives. Big, broad-shouldered, gray-haired—Fatu. Linnea thinks about leaving. She thinks too loudly and too slowly, and Fatu notices her. Linnea waits to be ignored, dismissed, or snorted at. Fatu’s never had time for anything much other than working on the ship, and no time at all for a human child, no matter how beloved of her hosts. After their first meeting Linnea had done her best to stay out of Fatu’s way. Up until today she had proven pretty good at it, too.

Instead, Fatu wordlessly waves her over with a blocky hand. They sit together in silence, big and little legs dangling over the gorge’s lip. To their left the sinking sun is an angry, infected red.

“They lied about my kind when they first saw us. Dumbest damn thing.” Fatu doesn’t take her eyes off the horizon as she speaks. Her voice is a rumble Linnea feels in the unmapped interior of her chest. “This was Wayback, before cameras or jeeps or automatic weapons or any of that sort of shit. You know how many horns they said we had, when they sent word back home? Or where they said we had them growing from? Some peabrain blinder than my grandam drew a picture, and that picture, it grew some legs. It ran far. Soon everybody thought the lie was truth, all on account of one silly, stupid drawing. Nobody there to correct them. Nobody around to tell the true story, and it wasn’t as if we could speak for ourselves.” She halfheartedly flicks a pebble into the chasm. “Lies are like ticks. If you have no birds to pick ’em off, they breed, and they suckle, and they turn your world sickly. Your vastness shrinks. Your skin gets thin and pale. Soon, all you’re left with is…unicorns.”

Fatu spits this last word from her mouth like a nettle. She chews on her bottom lip for a moment, brow furrowed, nostrils flared. Linnea waits.

“A unicorn is a fine fiction,” she continues, eventually, “but it isn’t me.


On the final night, they build a fire in the ship’s shadow. They open their chests—their trunks and their suitcases, their valises and chiffoniers—and they tell stories.

A dark-skinned woman with green hair and curved lips is the first to unlock hers. Inside is a cloak covered in emerald feathers, neatly folded. She pulls it over her shoulders with an eye-dazzling flourish. In the darkness between blinks—in the waver of heat off the bonfire—she melts and changes. Now she is a green and red parrot, perched on the trunk’s open lid.

Her audience leans in.

“I was a hundred,” she says. “I was a million, although I did not know what million meant. Our forests were as green as our feathers, and just as numerous. The fruit was sweet, the chatter of my flock sweeter. ‘Silence’ was another word we did not know the meaning of, and we were happier for it. Loudest of all those millions was my mate. There was no nut her beak could not shatter. We raised many clutches together, fine and strong and shrieking.”

She lets that picture hang in the air: a green place filled with the screams of a happy, prosperous people, wings flashing in the dapple. Linnea, who has only ever known red dust, cannot see it no matter how hard she tries.

“They cut the trees down, one by one, and my people soon followed,” she finishes. “Those hills are bare now. They know the meaning of silence.”

A pause, and the parrot flies into the fire. Only her shadow emerges from the flames. It flaps into the high scaffolding surrounding the ship, lands, and waits.

The next to step forward is sharp-faced and angry and almost as short as Linnea herself. She yanks her furry brown hide from inside its chest—no nonsense, no pause for dramatic effect. A blur and a noise like teeth clicking together and a shrew glares up at the crowd with eyes like glass splinters, daring interruption.

“THE SONS OF BITCHES PLOUGHED UP MY BURROWS!” she yells. If her body is small, her voice is more than loud enough to say what needs saying. “THEY BUILT APARTMENTS THERE! APARTMENTS! GOOD RIDDANCE TO THE LOT OF THEM! I HOPE WHAT’S LEFT OF THE BUNCH ENJOYS THE MISERY THEY’VE MADE!” She shoots Linnea a triumphant, bitter look and stomps one of her little feet for emphasis before skittering into the flames. Her tiny shadow is swallowed up entirely by the ship’s massive one.

There are stripes on the cheeks of the third, and an expression that says she’s never dabbed makeup over them and might sooner cut off her own head than entertain the thought. She holds her chin high as she changes, higher still as she speaks. Her voice is a razor wrapped in velvet.

“They took my forest,” she says. “They took my prey. They took my people’s skins. Not my skin, but that didn’t matter too much in the long run, now did it?” Her tail-tip swishes. “Their fear was deadly enough, but their admiration was what crushed the windpipe. There’s nothing worse for continued survival than their wanting to be like you—to touch you, to possess you. Once they get it into their heads that you’re ‘special’…”

The tigress shakes her head disgustedly. She stalks off to meet her fate.

One by one they stand and have their say. One by one the cluster of shadows beneath the ship’s bulk thickens. Scale and fin, feather and fur. A woman with black and yellow hair and a voice like many voices buzzing together. Leather-faced, leather-skinned aunties with slow-spoken, toothless mouths. Enormous Fatu. The fire takes them all, changing them, and their stories are all different and yet, at the heart of things, all the same. Linnea watches with growing apprehension, fear coiling inside her. She cannot decide which is more terrifying: walking into the fire or being left out of it.

The sky lightens. The group thins. Three left: Auntie Ben, Auntie Doris, and Auntie Martha. Linnea wants to cry out NO!, but something solid seems lodged in her throat.

Auntie Ben goes first. With a fond, wry smile, she retrieves her skin. A long-jawed, rangy thing, neither wolf nor tiger, with stripes on her ragged flanks: that is the true shape of Auntie Ben.

“I’ve told my story about as often as anyone cares to hear it,” she says. “We were strong and swift and lived freer than scrub seed. Men came. They did what men carrying guns do. Just to add insult to injury, they stuck the last of us to die in a bloody concrete cage as a way of saying ‘sorry.’ I’m tired of blathering on about that, though. If it pleases you all—hell, even if it doesn’t—I’d rather never think about it again. I’d rather kick sand over this dead place and head for the stars, where other somewheres might be in need of fur and feathers and sharp, smart jaws full of teeth. Chicks leave the nest and joeys leave the pouch. It’s just about time for all of us to do the same.”

She doesn’t step into the fire. Not yet. Instead, she pads across the open space, stripes rippling across lean muscle. She keeps on coming until she’s so close Linnea can smell the dusty musk and fur scent of her. It’s a wild reek—which makes it slightly unnerving—but it’s also Auntie Ben, which makes Linnea abruptly sob and fall forward to hug the rangy creature around her rough neck. Auntie Ben allows the mauling, good-natured as always.

“I know you’re afraid of changing, little one,” she says softly. “Your people never were any good at it, and you’ve seen how that turned out. If I had to hazard a guess, I’d say that’s why you’ve got no skin of your own, poor naked mite.” A long pink tongue flicks out to touch Linnea on the cheek. “But whether you go or stay, change is coming for you, and it can either be the one you choose or the one you don’t. Which is it gonna be? Think you can manage the trick?”

Linnea tries to say yes. She tries to mean it. But the fire and the unknown behind it and her fear of both (she’s so afraid, she can’t help it, her knees are shaking and they won’t stop) turn her attempted “yes” to a lie, and the lie clots sour and solid so that not a word can get around it. Auntie Ben watches her struggle, unable to offer help or assistance or meaningless, soothing words that might also be lies.

Gently, firmly, she pulls away and steps back.

“It’s up to you,” she says. “We’ve done all we could.”

The creature Linnea knows as Auntie Ben turns and trots into the fire. Her shadow gives Linnea a final featureless look over its shoulder before taking her place in the crowd of shades.

Auntie Doris comes next, as serious and wide-eyed as Linnea’s ever seen her. A click of the lock and a snap of the hinges and here’s her own true self: a thick-beaked, long-necked, goggle-eyed bird with a fat, squat body and wings more like suggestions than anything approaching useful appendages. She takes a look at herself—the stout legs, the powerful claws—and chuckles fondly.

“Round as an egg, round as an egg, bless my bottom feathers. And what better way is there to be? Flight isn’t all it’s cracked up to be, no no no. I see plenty of them’s got that power standing in the ranks, and you see how well that served them. They’re passing on through the fire, same as I.” A firm nod of the bulbous head. “I admit to mistrusting fire. When the men came to our lands they carried it, and I can still remember the smell of all my aunties and uncles and cousins a-roasting over it. But they’re all gone now, and so are all those hungry, hungry men. Nothing left but my poor Linnea, and we raised her better than all that, didn’t we, girls?”

She waddles closer. Linnea hugs her as well; soft feathers over surprisingly hard muscle, like a silky, affectionate fireplug.

“You learn things, being so low to the ground,” she says. “You learn to be sturdy. You learn how to appreciate the earth you’re planted on. Nobody ever knocked me down with any club! If I settled my bottom, it was always my own decisioning. That’s important. Whatever you do, you just remember that, love. You settle your bottom where and when you feel like it. We’ll understand if the fire is too much to ask, but oh, we will miss you.”

A final affectionate butt of the head, a long, fond look, and away she goes, at as stately a pace as one of her kind can muster. She flinches at the fire’s edge—remembering those earlier fires, maybe; the dogs and the rats and the hungry sailors—but only for a moment. Auntie Doris is stronger than she looks.

Auntie Martha’s trunk is lined with yellowing maps of the stars, and the feathers of her cloak are the slate-and-peach of the pre-dawn sky. She settles on Linnea’s shoulder with a whistle-whirr of wings.

“We were more like your kind than all the others, in our way,” she says, close to Linnea’s ear. “So many of us we blotted the sun and stripped the branches. But we exist to learn, and to change in the learning, in the hopes that some day we may find ourselves changed enough to tell our stories and tell them honestly, no matter how much that may sometimes…sting. Then we can become something else, and fly on.” Her claws dig through the thin fabric of Linnea’s shirt. “I am uncomfortable with all this talk of decisions. There’s nothing wrong with needing more time. Hatchlings grow their feathers when they will. Do you feel your people are ready to have their story told?”

Linnea looks at the shadows and the rocket. She stares into the fire. All she knows is potato crisp wrappers and garbled voices on the radio. The aunties gave her love, but in their love they neglected many things.

“There are some things that cannot be taught, only learned,” Auntie Martha says, as if hearing the thoughts rattling around in her head. “That was not our story to tell, little fledging. We’re ghosts, and you are still alive, but we love you, and that makes the letting go hard. No one—not even those you care about, neither I or Ben nor Doris—can or should force you into a change you aren’t prepared for. It has to be your own decision, in your own time.”

She fluffs her feathers and rubs her head against Linnea’s cheek.

“Remember our stories while you learn your own,” she whispers. “I left star-charts for you; they’re in the bedroom in a box beneath my bed. I carry my own in my head, the same as my people always have.” A note of pride. “Catch up when you’re ready, and no sooner. Be good. Remember we love you.”


Shades marching two-by-two onto a shadowy ship—shadows of tiger and thylacine, dodo and dingo, elephant and sharp-horned rhinoceros. They hop and fly and pace up the gangplank in silence. The fire beneath them dies to embers as the light in the east grows and the last disappears inside, the rusted old hatch slamming shut behind them with a clang.

Nothing happens, at first. Then there’s a slow rumbling from within the rocket’s guts, a rust-rattling, bolt-testing shudder that grows and grows and grows until the entire ship and all the ground around-abouts it are shaking like a penny in a tin can. The first red rays of the sun set fire to the scaffoldings and fins, the soldered seams that patch the scavenged eyetooth-length of the thing together. Orange dust rises like smoke. The long, pointed shadow at its base jitters faintly.

The ship begins to topple over. At the same time, its shadow pulls itself free of the dusty ground, ascending with a noise like a hurricane wind made up of the calls of every animal to ever creep or crawl or flap or low, a joyous, cacophonous menagerie. It lifts higher and higher, charging to meet the dawn as, far below, the ship collapses completely. The air is full of sand and twigs and old litter picked up by the whirl—candy wrappers, plastic bags, feathers. Chunks of scaffolding tumble-bang to earth end-over-appetite, adding their own clattering boom and roar to the morning as the shadow pulls away. It is a cloud—a bird—a mote swimming across the eye—and then it is nothing at all.

The triumphant menagerie song fades to an echo. A trick of the wind, occasionally interrupted by another piece of the ship’s struts coming down with a tooth-rattling thud.



Every morning she gets up and brushes her own hair, makes her own bed. She eats a breakfast of whatever she’s scavenged the previous day. There are no potato crisps, but the aunties taught her long ago all was left that could be plucked, pecked, swallowed, or snapped. If the weather’s good, she takes the pickup out looking for pieces of story—diaries of neighbors, scraps of old newspapers, history books. If it isn’t (and frequently it isn’t; the storms grow worse as time spreads like a puddle), she spends her afternoons huddled in the root cellar, thinking about everything she’s learned.

She watches the seasons turn until there are no more seasons, just days, hot and identical when they aren’t memorably violent. She outgrows her clothes and takes new ones from the abandoned town. The kitchen radio coughs dry static for a little while longer before dying completely. One night the sky dances with cloudless lightning the color of blood, a crackling red net stretching from horizon to unseen horizon. The next morning the pickup won’t start.

From then on Linnea walks everywhere she needs to go. She wears out every pair of shoes the town’s got left and then her feet get as hard and tough as everything else in the dying world.

Old warnings unheeded, predictions shrugged off, smokestacks belching into the sky. Extinction. She learns new words.

With the pickup broke down, food gets harder to find. Linnea’s ribs are a ladder leading directly to her throat. She dreams of the tastes of all the good things she’s ever eaten—canned corned beef, a soda she found in a vending machine once, the beloved and well-worn potato crisps. She dreams of constellations with stars like stripes along their flanks. She dreams of an airship, a low-swung thing with a sagging canvas belly above and a wooden deck below.

When she wakes from the last, she has a blueprint in her head. She’s no longer hungry or thirsty. She has all the energy in the world, a mind overflowing like a rain bucket with stories.

You’re changing, Auntie Martha might’ve said, pleased. You’re learning, growing your feathers. You’re almost ready to fly.

Saying goodbye stripped Linnea of her fear. Once the worst comes to pass, what else is there to fret about?

Now all her energy focuses on building the airship. It becomes an obsession. She gathers old sheets, pulls the curtains from the bedroom windows, raids houses and boarded-up hotels for their linens. She stitches them all together (when did she learn to sew?) into a giant patchwork bag. It gives her no free time to spend missing the aunties or thinking about food. She sits cross-legged in sandstorms with her needle and thread, head down, turning quilts and blankets to wings. She no longer feels the sun on her back or the hot wind in her hair. All that’s left is determination.

Catch up when you’re ready, and no sooner.

The farmhouse loses its clapboards. The airship gains ribs and struts and a sturdy wooden basket in a cheerful, peeling yellow. Propellers are pried off fishing boats that will never see water again. There are parts of the construction that Linnea cannot recall clearly the next day; a dark spot in her mind’s eye and the patchwork bag is stretched and nailed firmly over the frame and she has no memory whatsoever of how it got there. A feeling of finality builds. It pushes everything else out like a cat expanding to fill a sunny windowsill.

A night comes when the moon is as full and fat and yellow as a disc of dry bone in the sky. Everything is spilled ink and ivory. The airship squats near what’s left of the original rocket, waiting for Linnea as she steps out her front door. Not a sigh of wind disturbs the becalmed world. It’s as still and breathless a night as she’s seen in an unreckoned amount of time—a listening audience, a girl waiting for a bedtime story.

Or a conductor waiting for someone to fish out a ticket. She’s got no skin but her own to draw on; humans traded their stripes for words long ago.

“We weren’t very good at this,” Linnea says to the darkness.

After going so long without speaking or hearing another voice, the sound of her own voice lands like a teacup kissing concrete.

“The man who built this house used to hit his wife. He died a long time ago, before the aunties moved in, but I still know that somehow. I know a lot of stuff now. I know all the things I learned and all the things I didn’t.” Linnea lets her gaze wander over the familiar front porch landmarks—the abandoned wasp nest in the shadowy upper left corner, the pillars sandblasted down to bare, dried wood. She thinks she sees movement out of the corner of one eye. A dark bipedal shape beneath the airship’s bulk, an absence of moonlight clinging to memories of alarm clocks and apple pie. Another joins it, then another.

“I know why me and all those other kids were living around the gas station,” she continues. “I know where all the grown-ups went. I know why they went there, and why they never came back. I know why they stopped talking on the radio, and it’s all…so…dumb. Nobody would listen to one another, not even to the people they loved. Maybe they weren’t scared enough. Maybe they were scared of the wrong things. They didn’t have Auntie Ben and Auntie Martha and Auntie Doris to teach them about stuff and they wouldn’t have listened anyways, but…”

There are so many stories buzzing inside Linnea’s head it’s hard to hold on to the frayed length of her own thoughts. She gropes and pushes aside other people’s memories until she finds the end of it again. The little cluster of flickering shadows around the airship’s hull is thicker now. The patchwork bag shudders and stirs with a faint hiss.

“We weren’t very good at this,” she repeats. “And we took everybody else with us. But we weren’t all bad. We had potato crisps, and ice cream, and we built farmhouses and wrote songs and told stories. Maybe next time will be okay. Maybe we’ll turn into something better at changing once we fly.”

There is a noise—a rising wind, a thousand whispers, a sliding of fabric and a slither of inflating canvas. The horizon in the direction of the abandoned town seems to ripple.

Linnea steps off the porch into the moonlight. She strides across the yard, vaults the fence, and doesn’t stop until the shadow of the rising airship reaches out to swallow her own.


Pretend you are the land—the empty sea-lapped cities with their blank skull eyes, the blasted green glass wastes, the skeletal forests. The desert, as red and uncaring as ever. Do you feel the shadow cutting a nightjar’s swoop across your foothills? Do you see the airship that throws it, nosing noiselessly across the face of the moon?

Ghosts rise to meet the vessel, sinuous as smoke and blue as pilot flames. They cluster thickest over the cities, but even in the empty parts of the world there are always a few hurrying to catch up. The airship moves with the graceful, unbothered patience of a whale hunting for krill. It is a black mouth with a belly big enough for all of humanity, filtering souls from a night that seems endless. No need to rush, it whispers, but even in extinction humans are terrible at altering their old habits.

(Remember whales? Remember nightjars? Remember life in the sea and the sky?)

It takes forever. It takes no time at all. It crosses all the whens and wheres, all the should-have-beens and never-wills. Whoever or whatever stands at the wheel has a steady, tireless hand. The gathering goes on for exactly as long as it needs to, until there’s nobody else left to claim. The moon sets and the stars rise; so, too, does the airship. It sets a course for a constellation shaped like a long, lean predator, distant flickering suns dotting its purple flanks like stripes.

Drifting gently upward

(Remember balloons? Remember letting go of your first in the parking lot of some forgotten bank, tearfully saying goodbye as it climbed and climbed and the sun turned it to a bird?)

distance shrinks its size, taking memories of telephones and coffee tables and radio broadcasts along with it. First kisses, last breaths, friendships and fallout and fires blossoming on the horizon—they dwindle and dim, going back to the darkness all thoughts and stories come from. A final pulse of ancient light from a dead star—red-blue-green—and there’s nothing left to see and no one left to remember they ever saw it.

Pretend you are the land. Goodbye, you say, slamming a screen door in the wind. Goodbye. Better luck next time.

Text copyright © 2018 by Brooke Bolander
Art copyright © 2018 by Victo Ngai


Best practices to achieve balance between design and performance [All - O'Reilly Media]

Ways to bring designers and developers together to optimize user experience.

Continue reading Best practices to achieve balance between design and performance.

Notes from the first Ray meetup [All - O'Reilly Media]

Ray is beginning to be used to power large-scale, real-time AI applications.

Machine learning adoption is accelerating due to the growing number of large labeled data sets, languages aimed at data scientists (R, Julia, Python), frameworks (scikit-learn, PyTorch, TensorFlow, etc.), and tools for building infrastructure to support end-to-end applications. While some interesting applications of unsupervised learning are beginning to emerge, many current machine learning applications rely on supervised learning. In a recent series of posts, Ben Recht makes the case for why some of the most interesting problems might actually fall under reinforcement learning (RL), specifically systems that are able to act based upon past data and do so in a way that is safe, robust, and reliable.

But first we need RL tools that are accessible for practitioners. Unlike supervised learning, in the past there hasn’t been a good open source tool for easily trying RL at scale. I think things are about to change. I was fortunate enough to receive an invite to the first meetup devoted to RayRISE Lab’s high-performance, distributed execution engine, which targets emerging AI applications, including those that rely on reinforcement learning. This was a small, invite-only affair held at OpenAI, and most of the attendees were interested in reinforcement learning.

Here’s a brief rundown of the program:

  • Robert Nishihara and Philipp Moritz gave a brief overview and update on the Ray project, including a description of items on the near-term roadmap.
  • Eric Liang and Richard Liaw gave a quick tour of two libraries built on top of Ray: RLlib (scalable reinforcement learning) and Tune (a hyperparameter optimization framework). They also pointed a to a recent ICML paper on RLlib. Both of these libraries are easily accessible to anyone familiar with Python, and both should prove popular among industrial data scientists.
RLlib and reinforcement learning
Figure 1. RLlib and reinforcement learning. Image courtesy of RISE Lab.
  • Eugene Vinitsky showed some amazing videos of how Ray is helping them understand and predict traffic patterns in real time, and in the process help researchers study large transportation networks. The videos were some of the best examples of the combination of IoT, sensor networks, and reinforcement learning that I’ve seen.
  • Alex Bao of Ant Financial described three applications they’ve identified for Ray. I’m not sure I’m allowed to describe them here, but they were all very interesting and important use cases. The most important takeaway for the evening was Ant Financial is already using Ray in production in two of the three use cases (and they are close to deploying Ray to production for the third)! Given that Ant Financial is the largest unicorn company in the world, this is amazing validation for Ray.

With the buzz generated by the evening’s presentations and early examples of production deployments beginning to happen, I expect meetups on Ray to start springing up in other geographic areas. We are still in the early stages of adoption of machine learning technologies. The presentations at this meetup confirm that an accessible and scalable platform like Ray, opens up many possible applications of reinforcement learning and online learning.

For more on Ray:

Continue reading Notes from the first Ray meetup.


Hacking Police Bodycams [Schneier on Security]

Suprising no one, the security of police bodycams is terrible.

Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it could deliver all sorts of malicious code: a Windows exploit that could ultimately allow an attacker to gain remote access to the police network, ransomware to spread across the network and lock everything down, a worm that infiltrates the department's evidence servers and deletes everything, or even cryptojacking software to mine cryptocurrency using police computing resources. Even a body camera with no Wi-Fi connection, like the CeeSc, can be compromised if a hacker gets physical access. "You know not to trust thumb drives, but these things have the same ability," Mitchell says.

BoingBoing post.


Four short links: 15 August 2018 [All - O'Reilly Media]

Retro Hacks, Timsort, e-ink UI, and Inside Time Zones

  1. TRS-80 Galaxy Invasion on an RC2014 -- I love these retro hacks. This uses a homebrew Z80 with a Raspberry Pi Zero (!) to do the video graphics, which is painful and burdensome otherwise.
  2. Timsort -- all you need to know about Python's sorting algorithm.
  3. PaperTTY -- Python module to render a TTY on e-ink.
  4. Working with Time Zones -- the graphs are such a brilliant way of explaining it!

Continue reading Four short links: 15 August 2018.

What do computers see? [All - O'Reilly Media]

Tricks to visualize and understand how neural networks see.

In the last decade or so, computer vision has made tremendous strides forward, mostly because of developments in deep learning. It is not just that we have new and better algorithms—digital cameras and the web have provided us with a near infinite set of training data. And maybe even more importantly, graphics cards developed for computer gaming turn out to have super computer powers when it comes to training deep neural networks.

This is all good news for anybody wanting to experiment with deep learning and image recognition. All it takes to build a cat versus dog classifier these days is Keras and a Python notebook with 100 lines of code. But doing this doesn't tell us what computers see.

If we wanted to understand how humans see, we could open their skulls and try to figure out how information flows from the eye’s photoreceptor cells through the visual cortex to the rest of the brain. This would be rather hard, though. It’s much easier to poke that opened-up brain with an electrode until the subject sees the color blue. So, how do we prod a neural net with an electrode?

Modern networks typically consist of a large number of layers stacked on top of each other. The image to be recognized gets fed into the lowest layer, and as the information travels through the network, the image representation becomes more abstract until at the other end, a label comes out and the network says, I see a cat!

Poking a neural network with an electrode boils down to running this process in reverse; rather than showing the network a picture and asking it what it sees, we’re going to give the network some noise and ask it to make changes such that a particular neuron has a maximum activation. The image that does that represents what this particular neuron sees, what a human would report seeing if we prodded that neuron.

Let’s start by loading a pre-trained image-recognition network into Keras:

model = vgg16.VGG16(weights='imagenet', include_top=False)

That last statement shows us the structure of the network.

We define a loss function that optimizes the output of the given neuron, then create an iterate Keras function that optimizes toward that by changing the input image. We then start with an image filled with noise and run the iteration 16 times. (All code referred to in this post is available on GitHub as both a standalone script and a Python notebook. See the references at the end of the article.)

loss = K.mean(layer_output[:, :, :, neuron_idx])
grads = K.gradients(loss, input_img)[0]
iterate = K.function([input_img], [loss, grads])
img_data = np.random.uniform(size=(1, 256, 256, 3)) + 128.
for i in range(16):
        loss_value, grads_value = iterate([img_data])
        img_data += grads_value * step

We can try this on some random neuron and we see some artifacts appear that seem to tickle this specific neuron:

That’s cute! Not quite what I’d imagine brain-surgery-induced hallucinations look like, but it is a start! This neuron was picked from a random layer. Remember as we go through the stacked layers, the abstraction level is supposed to go up. What we can do now is sample neurons from different layers and order them by layer; that way we get an idea of the sort of features that each layer is looking out for:

This aligns nicely with our intuition that abstraction goes up as we traverse the layers. The lowest layers are looking for colors and simple patterns; if you go higher, the patterns become more complex.

Unfortunately, there’s a limit to how far this trick will get us; if you find the bit in the highest layer that represents cat-ness, you can optimize all you want, but no obvious cats will roll out.

We can get more detail, though, by zooming in on the image as we run the optimization function. The idea here is if you optimize an image for neuron activation, it tends to get stuck in a local minimum since there is no good way for it to influence the overall structure of the image. So instead of starting with a full image, we start with a small 64x64 image that we optimize. We then scale the image up a bit and optimize again. Doing this for 20 steps gives us a nice and full result that has a certain plasticity to it.

The zooming itself is somehow pleasing, like something organic unfolding.

We can make this into a movie of arbitrary length if we keep zooming, but once we reach a certain size, we also need to start center cropping so the image always remains the same size. This movie has a nice fractal-like mesmerizing effect. But why stop there? We can loop through a set of random neurons while zooming, making for a wonderful acid-like movie:

In this post, we’ve seen some tricks to visualize what a neural network sees. The visualizations are interesting and somehow compelling by themselves, but they also give us an understanding into how computer vision works. As information flows through, the level of abstraction increases, and we can to some extent show those abstractions.

The notebook version of the code can be found on GitHub. A script-based version can be found on GitHub as well.

Continue reading What do computers see?.


CodeSOD: Isn't There a Vaccine For MUMPS? [The Daily WTF]

Alex F is suffering from a disease. No, it’s not disfiguring, it’s not fatal. It’s something much worse than that. It’s MUMPS. MUMPS is a little bit infamous. MUMPS is its own WTF. Alex is a...


Top 10 Torrent Site iDope Goes Down With Domain Issues [TorrentFreak]

In the summer of 2016, shockwaves rippled through the BitTorrent scene when KickassTorrents (KAT), the world’s most popular torrent site at the time, was forcefully shut down.

The action coordinated by the US government saw alleged KAT founder Artem Vaulin taken into custody. Meanwhile, millions of former users scrambled to find alternatives elsewhere on the Internet.

Unsurprisingly, many dispersed to existing torrent giants such as The Pirate Bay and RARBG but it didn’t take long for new blood to enter the ecosystem. Soon after KAT’s demise, a new indexer called ‘iDope’ made its debut, largely as a tribute to the dismantled torrent behemoth.

“This project was developed the next day after we knew KAT was taken down, it’s very very new, and we are a very small team, so you won’t find anything about it on the Internet, especially when we never promoted it decently,” one of the site’s operators said back in 2016.

“We only intended to make simple products that everyone can enjoy, we don’t make bucks out of it, and thus we promise no annoying pop-up ads.”

In the months and years that followed, iDope gained a significant following and in January 2018, the relatively new site broke into TorrentFreak’s annual round-up of the world’s most-visited torrent sites. With similar traffic to the equally popular Zooqle, iDope bagged itself a joint tenth position in the list.

During the past week, however, problems have hit the site. Without any warning, iDope – which has operated very smoothly from the domain since its launch – went offline.

The site’s Twitter and Facebook accounts have been dormant for some time and the recent downtime didn’t result in any updates. Unfortunately, that vacuum has left people to speculate on what has caused the outage, from technical issues to problems with the authorities.

TorrentFreak contacted the last known email address associated with the iDope team expecting that to be dead too. Overnight, however, we received a response, one that leaves hope for a smooth return for the popular torrent index.

“There are some problems with our domain, We are communicating with the domain provider. We believe it can be restored within a few days,” TF was told.

While iDope was down, other domains that appeared to be clones or perhaps mirrors of iDope remained up, albeit with indexes a few days out of date. In the first instance it was unclear whether those domains were operated by the site itself but we’ve now received information which suggests that at least two are official.

“Everyone can visit our website using or,” iDope’s operator says.

At first view, the current downtime faced by iDope seems a little ironic, given that the site’s operators previously claimed that the site would never go down.

“[T]he server provider we chose will protect our servers even from hurricanes, earthquakes, nuclear bomb. Honestly [I don’t know] how they are capable of that, sounds pretty badass,” its operator previously said.

However, as the above shows, iDope’s server is actually standing strong and it’s only its .se domain that’s having a wobble.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Page 19 [Flipside]

Page 19 is done.


235 [LFG Comics]

The post 235 appeared first on Tiny Dick Adventures.


Girl Genius for Wednesday, August 15, 2018 [Girl Genius]

The Girl Genius comic for Wednesday, August 15, 2018 has been posted.


I'm Not a Loner. I'm Just Post-Social. [Diesel Sweeties webcomic by rstevens]

sleep is dumb

Today's comic goes out to all my friends who are quitting social media.



After-Work Special [QC RSS]

Panel 2 MIGHT be the cutest thing I've drawn yet???



Learn More About Me: My Favorite Movie [Whatever]

Hey, everyone! Today I thought I’d share something important to me, that being my all-time favorite movie, The Nightmare Before Christmas. Though it is technically Disney, anytime someone asks me what my favorite Disney movie is, I always forget to say The Nightmare Before Christmas, and usually say Mulan or Tangled instead, because I really think of The Nightmare Before Christmas as a Tim Burton movie, which it is, but, y’know.

There’s something about stop motion that I just love, and come to think of it, my love of it probably stemmed from The Nightmare Before Christmas, since I’ve been watching it for as long as I can remember. The Nightmare Before Christmas has some of the most interesting characters I’ve ever seen, and part of that fantastic-ness comes from their design and the way they look overall. Halloween Town is an amazing setting to begin with, and all of the characters that call it home are even cooler looking.

Besides how awesome the visuals are, the soundtrack is to die for. In case you’ve been living under a rock for the past several decades, Disney has the greatest songs, like, ever, but the greatest of the great can be found in The Nightmare Before Christmas. Danny Elfman is pretty much the best composer/musician/singer in existence. Though it’s difficult to choose a favorite song out of all the amazing ones on the soundtrack, I’d have to say the best is “Jack’s Lament”, which even if you haven’t seen the movie, is pretty good on its own (you can watch it on YouTube).

This movie has had merch available at places like Hot Topic and F.Y.E. for forever, and believe me when I say I have my fair share of stuff. There’s even video games that came out around 2005 or so.

The Nightmare Before Christmas has been my favorite movie for as long as I can remember, and I’m fairly certain it always will be. I wish I had been able to see it in theaters when it first came out, alas, it was before my time of being alive. Have you seen it before? What are your thoughts on it? What’s your favorite song from it? Is Jack your favorite character? Let me know in the comments, and as always, have a great day!


Last chance to get the Game Design & Puzzlecraft... [Humble Bundle Blog]

Last chance to get the Game Design & Puzzlecraft bundle! 

Take your skills to the next level with ebooks like The Complete Kobold Guide to Game Design, Women in Tech, Level Up!: The Guide to Great Video Game Design, and more – including some rare finds!


Savage Love [The Stranger, Seattle's Only Newspaper: Savage Love]

Permissible secret perving examined. by Dan Savage

I've been enjoying consensual nonmonogamy for the past two years, in part thanks to your column and podcast. I have a delightful young lover, and our connection has evolved into a kind of Master/slave relationship. I "allow" her to fuck other men and women, and she delights in asking my permission and recounting the details of her other trysts to me. We are curious how much of this she needs to disclose to her other lovers. They know she isn't monogamous and they are aware of her relationship with me, but so far she has chosen not to tell them the extent to which I "own" her and have jurisdiction over her body and actions. Of course, it's just an elaborate role-playing game—but is it wrong to be using these people as pawns in our game without their knowledge and consent? If so, when should she tell them? Before she sleeps with them even once? Or after she's developed a more intimate rapport with them? There's a perverse thrill in her other lovers being totally oblivious to it, but we want to be ethical in our polyamorous ways.

Masochists And Sadists Tackling Ethical Relations

This falls under the header of permissible secret perving (PSP), MASTER, and I will allow it—with one caveat.

My go-to example of PSP is the foot fetishist who works in a shoe store. So long as he's good at his job and his secret perving is undetectable—no bulges, no heavy breathing, no creepy comments—no harm done. And if he goes home and jacks off about all the sexy, sexy feet he saw and, yes, handled during his shift, he's not hurting anyone or doing anything unethical. It's important to note, however, that the foot fetishist salesclerk's perceptions aren't the ones that matter. If he thinks he's playing it cool—he thinks his perving is secret—but his customers or coworkers are creeped out by his behavior, demeanor, heavy breathing, etc., then his perving isn't secret and is therefore impermissible.

The secret perving you're doing—the girlfriend has to beg for your permission to fuck other people and report back to you afterward—is small and it's a bank shot. The other people she's fucking provide mental fodder for your D/s role-playing games, MASTER, you aren't directly involving them. Your role-playing games take place before she fucks someone else (when she asks your permission) and after she fucks someone else (when she recounts her experience). And what turns you on about your girlfriend sleeping with other people—and how you and your girlfriend talk to each other about it—is no one's business but yours.

Now for the caveat: If one of your girlfriend's lovers strongly objects to Dom/sub sex, relationships, or role-playing games, and your girlfriend is aware they object, and you two want to be exquisitely ethical, MASTER, then either your girlfriend shouldn't fuck that person or she should disclose your Master/slave dynamics to that person and allow them to decide whether they want to fuck her anyway.

Zooming out for a second: Some people in open relationships don't want to know what their partners get up to, and these couples usually have "don't ask, don't tell" agreements about sex outside the relationship. But many more people in open relationships do want to hear about their partners' adventures because it turns them on. Someone who doesn't want to risk being fodder for a couple's dirty talk or even their D/s role-playing games shouldn't be sleeping with people who are partnered and in open relationships. There are things we have a right to ask the people with whom we have casual sex—like whether they're practicing ethical nonmonogamy, if they have an STI, what kind of birth control they're using, whether they're on PrEP, etc.—but a casual fuck isn't entitled to details about your relationship.

My boyfriend of one year has refused to delete photos from his Instagram account that show him with his ex-girlfriend. They were together for three years and briefly engaged, and they broke up two years before we met. They aren't in contact in any way, so I don't have any worries there, but I think making photos of him with someone else available to his friends and family—and now my friends, too, as many are now following him—is incredibly disrespectful. We've had numerous arguments about this, and his "solution" is for me to "stop thinking about it." He also insists that no one is looking at five-year-old pictures on his Instagram account. If that's true, why not delete them? He refuses to discuss this issue, even as I lose sleep over it. I've tried calmly discussing this with him, I've tried crying, I've tried screaming my head off—nothing works.

Personal Insult Causing Stress

There's definitely something your boyfriend should delete, PICS, but it's not old photos of his ex.

The man I'm going to marry has a huge boot fetish. He has about 200 pairs of boots in his size. His size also happens to be my size—and I'm half convinced he wouldn't have proposed if we didn't have the same size feet and I couldn't wear his boots. I want to surprise him with a very special bachelor party (that we'll both attend): It would be all guys with the same size feet as us, and everyone will be wearing different pairs of boots from his collection. I'm picturing a big group of guys doing for him what I do for him: stand on him, let him lick my (actually, his) boots, make him crawl and grovel. His feet aren't an uncommon size (11.5), and I'm guessing enough of our mutual friends would fit into his boots that I could actually make this happen. He's the only fetishist I've ever been with—all my other boyfriends were vanilla—and I'm wondering how he would react if he walked into a room and found a bunch of his friends wearing his boots and then I ordered him to start licking. I think it would be way better than going to a strip club or a drag show.

Boyfriend Obsesses Over Tall Shoes

P.S. He's not really "out"about his kink.

Wow, BOOTS, you saved the most salient detail for that postscript: Your boyfriend isn't out to his friends about his kink. So unless you're talking about a small subset of his friends—only old friends that once had benefits—do not out your boyfriend as a boot fetishist to all his friends with size 11.5 feet. If your fiancé has fantasized about some sort of group boot-worshipping session, and he's shared that fantasy with you, and you want to help him realize it, that's great. But he needs to be involved in determining where, when, how, and with whom he'd like to make this fantasy a reality.

My bi girlfriend and I are getting married in a month. We're in a cuckold relationship—she sleeps with other men and women, while I am completely monogamous to her—and "my" best man is one of her regular male sex partners and her maid of honor is one her girlfriends with benefits. No one else at our big traditional church wedding (that her mother is paying for) will know. But I wanted to let you know, Dan, since reading your column is what inspired me to be open about my kinks, and our relationship—the best I've ever been in—wouldn't exist without you.

The Happy Couple

Permissible secret perving at its finest/hottest, THC. Thanks for sharing, and be sure to send me a photo of the wedding party for my records.

On the Lovecast, a sex toy expert's husband's favorite sex toy:

@fakedansavage on Twitter

[ Comment on this story ]

[ Subscribe to the comments on this story ]


Inside the iPhone repair ecosystem [OSNews]

There's a thriving market for unofficial, aftermarket iPhone parts, and in China, there are entire massive factories that are dedicated to producing these components for repair shops unable to get ahold of parts that have been produced by Apple. The entire Apple device repair ecosystem is fascinating, complex, and oftentimes confusing to consumers given the disconnect between Apple, Apple Authorized Service Providers, third-party factories, and independent repair shops, so we thought we'd delve into the complicated world of Apple repairs.

Just as for cars, all repair and spare parts information should be publicly available to third party repair shops. The fact that this even has to be a shady business to begin with is preposterous.

Why Apple had a secret meeting with app developers [OSNews]

10 years later, the App Store isn't new anymore, and Apple continues to tweak its rules so that developers can create sustainable business models, instead of selling high-quality software for a few dollars or monetizing through advertising. If Apple can't make it worthwhile for developers to make high-quality utilities for the iPhone, then the vibrant software ecosystem that made it so valuable could decay. Apple's main tool to fight the downward pricing pressure on iPhone apps is subscriptions.

The application store model is a blessing and a curse. It's a blessing since it made it very easy for developers to get their code to users, but that ease also caused the supply side of applications to grow exponentially. The end result is something we are all aware of - application stores are littered with garbage, prices of software have plummeted to unsustainable levels, which in turn has all but killed off the independent application developer. The top application lists are now dominated by either high-profile applications such as Facebook or Twitter, or predatory pay-to-win gambling "games". Doing any search in a modern application store reveals piles of useless junk.

The next step is obvious: Apple (and perhaps Google) will attempt an almost Netflix-like app subscription service, where you pay Apple a monthly fee for unlimited use of applications available in the store. It's the next step in milking the last possible drop out of third party developers, and while it will surely allow application store proponents to continue to claim the model is working, it's just a stay of execution.

Developing quality software is a time-consuming and expensive task, and the current application store model - with or without subscriptions - is simply incompatible with it. Either software delivery on modern computing devices gets rethought completely, or even the last remaining bits of quality software will simply disappear from application stores.

Tuesday, 14 August


[$] CVE-2018-5390 and "embargoes" []

A kernel bug that allows a remote denial of service via crafted packets was fixed recently and the resulting patch was merged on July 23. But an announcement of the flaw (which is CVE-2018-5390) was not released until August 6—a two-week window where users were left in the dark. It was not just the patch that might have alerted attackers; the flaw was publicized in other ways, as well, before the announcement, which has led to some discussion of embargo policies on the oss-security mailing list. Within free-software circles, embargoes are generally seen as a necessary evil, but delaying the disclosure of an already-public bug does not sit well.


Disney (yes, Disney) declares war on "overzealous copyright holders" [Boing Boing]

Disney is being sued by the Michael Jackson estate for using fair-use clips in a biopic called "The Last Days of Michael Jackson" -- in its brief, the company decries "overzealous copyright holders" whose unwillingness to consider fair use harms "the right of free speech under the First Amendment." (more…)


Link [Scripting News]

I'm looking for a good speaker for my bike, for listening to podcasts and music. I bought a Beats Pill a number of years ago, but the battery is shot. Not finding many choices, certainly no brands I've heard of and there don't seem to be any reviews. Has to mount on handlebar.


Qanon "codes" are consistent with an English-speaker mashing a QWERTY keyboard [Boing Boing]

Qanon (previously) is an eye-wateringly stupid far-right conspiracy theory whose proponents spend hours trying to decode alleged ciphertexts created by the cult's leader or leaders. (more…)

To rescue journalism, journalists must collaborate to defend free expression, not merely condemning Trump [Boing Boing]

Dan Gillmor (previously) writes that journalism is at a crisis point, as authoritarian politicians (including, but not limited to, Trump) step up their attacks on the free press, even assassinating their sharpest critics. (more…)


NVIDIA reveals next-gen Turing GPU architecture [OSNews]

Moments ago at NVIDIA's SIGGRAPH 2018 keynote presentation, company CEO Jensen Huang formally unveiled the company's much awaited (and much rumored) Turing GPU architecture. The next generation of NVIDIA's GPU designs, Turing will be incorporating a number of new features and is rolling out this year. While the focus of today's announcements is on the professional visualization (ProViz) side of matters, we expect to see this used in other upcoming NVIDIA products as well. And by the same token, today's reveal should not be considered an exhaustive listing of all of Turing's features.

If you've been holding off on upgrading a 10x0 or earlier card, you're about to be rewarded - at Gamescom next week, NVIDIA is expected to unveil the consumer cards based on the Turing architecture.

Why use an FPGA instead of a CPU or GPU? [OSNews]

Recently, Intel bought Altera, one of the largest producers of FPGAs. Intel paid a whopping $16.7 billion, making it their largest acquisition ever. In other news, Microsoft is using FPGAs in its data centers, and Amazon is offering them on their cloud services. Previously, these FPGAs were mainly used in electronics engineering, but not so much in software engineering. Are FPGAs about to take off and become serious alternatives to CPUs and GPUs?

FPGAs are used extensively by e.g. the Amiga community to recreate older chipsets.


It’s the Humble Jackbox Bundle!We teamed up with Jackbox Games... [Humble Bundle Blog]

It’s the Humble Jackbox Bundle!

We teamed up with Jackbox Games for a bundle of fun! A fun-dle, you could say. (But we would never make a bad pun.) Get The Jackbox Party Pack 1-3, Drawful 2, Fibbage XL, and more games to play with friends!

Assets for Press and Partners

[$] Meltdown strikes back: the L1 terminal fault vulnerability []

The Meltdown CPU vulnerability, first disclosed in early January, was frightening because it allowed unprivileged attackers to easily read arbitrary memory in the system. Spectre, disclosed at the same time, was harder to exploit but made it possible for guests running in virtual machines to attack the host system and other guests. Both vulnerabilities have been mitigated to some extent (though it will take a long time to even find all of the Spectre vulnerabilities, much less protect against them). But now the newly disclosed "L1 terminal fault" (L1TF) vulnerability (also going by the name Foreshadow) brings back both threats: relatively easy attacks against host memory from inside a guest. Mitigations are available (and have been merged into the mainline kernel), but they will be expensive for some users.

Leaked FBI memo warns banks of looming "unlimited ATM cashout" [Boing Boing]

When scammers get inside of the networks of financial institutions, they sometimes stage "cashouts" where they recruit confederates around the world to all hit ATMs at the same time with cards tied to hacked accounts and withdraw the maximum the ATMs will allow; but the wilier criminals first disable the anti-fraud and withdrawal maximum features in the banks' systems, enabling confederates to drain ATMs of all the cash they contain. This is called an "unlimited cashout." (more…)

Predatory journals aren't just a scam: they're also how quacks and corporate shills sciencewash their bullshit [Boing Boing]

Inside the Fake Science Factory (German/English subtitles) documents Svea Eckert and team's years of investigation into predatory journals and the criminals behind them. (more…)


Link [Scripting News]

I finally have the Chrome that opines that my blog is NOT SECURE.


The platforms control our public discourse, and who they disconnect is arbitrary and capricious [Boing Boing]

Look, I'm as delighted as you are to see Alex Jones' ability to spread hatred curtailed -- because in a world where all the important speech takes place online, and where online speech is owned by four or five companies, being kicked off of Big Tech's services is likely to be an extinction-level event. (more…)


Link [Scripting News]

20-minute podcast. I got involved in a discussion with Mathew Ingram, Om Malik and others on Twitter on what is going on with Civil and what's needed to get journalism the support of the people that it so totally needs. I want to tell the story of the W3C and the IETF and how the tech industry made it look like the tech was open without it being open. We need journalism, and we can't afford to wait for the experiments to prove not to be the answer. I outline emphatically what needs to happen now. Journalism needs to grow, without the limits that journalism has placed on itself. This is addressed to Mathew but it's really meant for everyone. I apologize in advance for using him as a foil. 💥


PUBG: NetEase Masks Its Copyright Infringement With Game Updates [TorrentFreak]

PlayerUnknown’s Battlegrounds (PUBG) is without a doubt one of hottest games at the moment.

The success earned the company hundreds of millions of dollars, which inspired other developers to create similar games.

Some of these games are too similar, according to PUBG.

To protect its financial interests, the company, therefore, decided to take the developer of two alleged spinoffs to court. PUBG sued the Chinese company NetEase, the makers of ‘Rules of Survival’ and ‘Knives Out’, accusing it of copyright infringement.

While NetEase readily admitted that its games operate in the same genre, it refuted the copyright infringement claims. Last month the company filed a motion to dismiss the lawsuit, describing it as an attempt to monopolize the popular “battle royale” genre.

This motion triggered a response from PUBG this week, in which it describes NetEase’s defense as baseless.

“Defendants’ attack on PUBG’s complaint is baseless. PUBG is not seeking ‘to monopolize the popular ‘battle royale’ genre of video games,’ instead, it seeks to protect its creative expression of unique and distinctive elements within its BATTLEGROUNDS game,” PUBG writes.

NetEase argued that the infringement claims are unfounded, pointing at several elements that are clearly different. However, PUBG clearly disagrees, noting that individual elements and the overall selection and combination of these elements were copied.

“Those distinctive and protectable elements have been blatantly copied by Defendants in not one, but two, competing games,” the company writes.

NetEase’s defense also summed up a variety of elements that were clearly different in their games.

This is a non-issue according to PUBG, as copyright infringement is based on similarities between works. This means that the differences between the games provide no defense.

In addition, PUBG notes that this argument is improper, as many of the cited differences were introduced in updates that came out after the lawsuit was filed.

“[M]any of Defendants’ claimed ‘dissimilarities’ are a fallacy, strategically inserted by Defendants after this lawsuit was filed, in a clear attempt to mask Defendants’ blatant infringement,” PUBG writes.

The developer provides several examples of ‘Rules of Survival’ changes that were added after the complaint was filed. These range from changes to optimize the gameplay to the addition of new weapons and armor.

Many of the cited differences, were not in the ‘Rules of Survival’ game when it was first released. The same applies to ‘Knives Out.’

“Similarly, since the initial publication of KO, NetEase has implemented at least 21 updates to add dissimilarities including 9 updates since the commencement of this litigation,” PUBG writes.

Based on these and other arguments, PUBG asks the California Federal Court to deny the motion to dismiss, and let the case proceed. It is now up to the court to decide if that will indeed happen, and time will tell which side gets the chicken dinner.

A copy of PUBG’s opposition to the motion to dismiss is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


None of the Above won the 2016 election [Boing Boing]

Pew's latest very detailed survey of voting patterns in 2016 goes the extra mile, by validating whether recipients actually cast a ballot, thus forming a picture of who voted, who didn't, and what policies nonvoters favored. (more…)


Link [Scripting News]

We're a few weeks into the new Chrome way of labeling sites like Scripting News as NOT SECURE. I haven't seen any notable changes among readers. The only people questioning the security of the site, that I know of, are the same ones who followed Google's lead without considering the negative consequences on the web as an archival medium. I took a poll of my followers on Twitter and found that 68% of the Chrome users are seeing the NOT SECURE message. Here was a chance for some to express concerns, and there were none. My Chrome hasn't updated yet, apparently, so I don't see it here. I'm sure there are less draconian solutions for sites that are basically archives to Google's stated goal of assuring the content hasn't been meddled with in a MITM way while in transport. I have ideas, but so far I haven't seen much evidence of Google's interest. A bad sign for a platform manager, btw. But it's par for the course for Silicon Valley tech companies. I've had this experience with all of them, Sun, Apple, Microsoft, even the company I founded, after I left. We're the power, you're nobody, why should we listen. It's a terrible way to govern an even worse way to manage a platform.


English and Welsh local governments use "terrorism" as the excuse to block publication of commercial vacancies [Boing Boing]

Gavin Chait is an "economist, engineer, data scientist and author" who created a website called Pikhaya where UK entrepreneurs can get lists of vacant commercial properties, their advertised rents, and the history of the businesses that had previously been located in those spaces -- whether they thrived, grew and moved on, or went bust (maybe because they had a terrible location). (more…)

A Pre-Worldcon Q&A [Whatever]

Tomorrow I head out to San Jose and Worldcon 76, and before I go let me address some questions about it and related things that I’ve been asked online and in real life, through the use of my fictional interlocutor.

That’s me!

Yes, it is. Let’s begin, shall we?

Okay! So, are you nervous yet?

About what?

You’re nominated for the Hugo! For Best Novel!

Okay, and?

Well, are you nervous about winning? Or about not winning?


Why not?

I already have a Best Novel Hugo Award, for Redshirts, and two other Hugos besides. If The Collapsing Empire wins this year, great, I’m Hugo Award winner John Scalzi. If it doesn’t, great, I’m Hugo Award winner John Scalzi. I’m good either way.

Well, okay, but do you want to win?

Sure. I like Hugos, and I like my book, and I would be delighted for my book to be awarded and to have another rocket for the shelf. I’m not going to pretend that I would not find that super cool. But, and this is the thing, wanting to win doesn’t mean I will be disappointed if I don’t win.

That’s hard to believe.

Nah. One, as noted, I’ve already got a best novel Hugo, so I already accrue the social and commercial benefits of that. Two, all the other books nominated this year are really really good, and all of them are worthy of the Hugo. I’m not going to be disappointed that a worthy book has won the Hugo. As a side benefit, most of the nominees are friends, and all are colleagues. I like it when friends and colleagues get recognition for their work. I will stomp and cheer and clap for whoever wins, and be genuinely happy for them.

That’s… a suspiciously healthy response.

Well, you know. I work on having healthy responses. They don’t always come 100% naturally, I assure you. Also, I’m not going to lie, it helps that Empire’s done very well commercially, and has already won the Locus Award. I’m cool.

Well, do you think The Collapsing Empire will win the Hugo? 

Nope, I think N.K. Jemisin is gonna three-peat with The Stone Sky.

Why is that?

Uhhh, because the Broken Earth trilogy is an absolutely groundbreaking achievement (pun entirely intended) in modern science fiction and fantasy? Don’t you agree?

I guess I do since I’m actually you? 

Yes. Precisely. But even if you weren’t in fact me, you would still have to acknowledge that Nora’s work on this series is stunning, and deserving of every accolade that’s been sent her way. To be clear, saying this is not a diminution of any of the other nominated works or their authors, including me and my novel. As I said, every novel on the ballot is eminently Hugo-worthy and could win, depending on the calculus of the voters as a group. But individually, The Stone Sky is worthy, and as a part of a larger whole, it’s a remarkable work.

Hugos aside, what is the event of yours you’re most looking forward to at the Worldcon?

Well, on my schedule, The Retro Hugo party on Thursday, because at the end of it (around 10pm) I get to DJ an 80s dance and it is going to be absolutely on fire, my friend. Metaphorically. We will hopefully not actually set anything aflame.

You’re not the most intuitive person to DJ a dance.

What is that supposed to mean?

Look in the mirror, Mr. Chunky-Middle-Aged-Science-Fiction-Nerd-Dude-In-An-Aloha-Shirt.

Point taken. That said, I actually studied dance in high school, and met my wife because she admired my dancing skills, and we still go dancing when we can. Plus, in the late 80s and early 90s I was a professional music critic — it’s one way I paid for college — so I have this particular era of dance music wired. Also, now I’ve DJed at conventions and nerd-related events for years.

How did that get started?

One year I was a GoH at a convention, and they had an 80s dance, and it was terrible because the DJ was, like, nineteen and wasn’t alive when the 80s happened and was playing not great music, almost like at random. And I was all “I WAS HERE TO DANCE AND I CAN’T DANCE TO THIS AND YOU SHOULD HAVE HAD ME DJ THIS DAMN THING” and they were all “Cool, come back and do it next year,” and I did, just to make the point. And it was fun. And I’ve been doing it since.

I’m not sure I’m ready to handle you gyrating on the dance floor, though.

You’ll just have to deal with it, my friend. But honestly if you can’t handle that, you can see me, somewhat more static, on some panels and a reading.

Speaking of Worldcon programming in general, anything else you want to add about this year’s programming fracas?

Not really. There were problems with the initial program slate, people complained, it got fixed, and now most people seem happy with it, and honestly, that’s kind of how it’s supposed to work, yes? Problems arise with every Worldcon (and every convention, if we’re going to be honest about it) and then the issue is, do they get resolved? This time, they got resolved. Hooray! Credit accrues to the convention and all the people working on programming. They did good.

Some people still aren’t happy.

Those would be the people, who are not coming to Worldcon, who were thrilled to see it stumble, and when the convention managed to keep going without falling on its face, complained about how it kept its balance, yes?

Pretty much.

Fuck those dudes.

Also, you know there are some protests scheduled in front of the San Jose Convention Center on Saturday? 

Yes. As I understand it there will be four main groups: a likely very small contingent of self-promoting shitheels who disingenuously picked a protest subject to mask their desperate desire for attention of any sort; a likely larger but still small group of racist fascist assholes who glommed on to the first group’s plan; a probably larger group of anti-fascist protestors who will likely scare the shit out of the first two groups; and probably some police.

Think there will be a riot?

I seriously doubt it.

How are you going to deal with the protests?

Since my hotel is connected to the convention center and I’m busy with programming the entire time the protest is scheduled, my plan is to ignore it entirely, and I suspect other convention-goers will do the same. There are many entrances to the convention center, including ones that are ADA-compliant, away from where the protests are scheduled. So they will be easily avoided, and then they will be over.

No deeper thoughts on it?

Nope. I’m not obliged to take seriously a protest I know the initiators don’t take seriously. I have better things to do today, and will have better things to do on Saturday.

Are you looking forward to Worldcon?

I am! As with most years, I’m mostly going to hang out with friends, who will be there in abundance. When I’m not on programming, I will mostly be catching up with my pals. It’s going to be a blast.

And then you go home, yes?

Not at all! Starting on August 20, Mary Robinette Kowal and I start an epic road trip that takes us from San Jose to Phoenix/Scottsdale (where we have an event at the Poisoned Pen Bookstore on the 21st) and then to Santa Fe (where we have an event at the Cocteau Cinema) and then finally to Albuquerque, where we are guests of honor at Bubonicon 50. Mary is debuting her latest book, The Fated Sky, on this trip, so if you’re anywhere near where we’ll be, come see us!

Sounds like you’ll have a busy couple of weeks.

Yes! Worldcon! An 80s dance! (Probably) not winning a Hugo! A road trip! Another convention! It’s fun being me right now, I have to say.


Today in GPF History for Tuesday, August 14, 2018 [General Protection Fault: The Comic Strip]

Patty struggles to define her relationship with certain peers...


Minkush Jain: Google Summer of Code 2018 Final Report [Planet Debian]

This is the summary of my work done during Google Summer of Code 2018 with Debian.

Project Title: Wizard/GUI helping new interns/students get started

Final Work Product:

Mentor: Daniel Pocock

Codebase: gsoc-2018-experiments

CardBook debian/sid

What is Google Summer of Code?

Google Summer of Code is a global program focused on introducing students to open source software development. Students work on a 3-month programming project with an open source organization during their break from university.

As you can probably guess, there is a high demand for its selection as thousands of students apply for it every year. The program offers students real-world experience to build software along with collaboration with the community and other student developers.

Project Overview

This project aims at developing tools and packages which would simplify the process for new applicants in the open source community to get the required setup. It would consist of a GUI/Wizard with integrated scripts to setup various communication and development tools like PGP and SSH key, DNS, IRC, XMPP, mail filters along with Jekyll blog creation, mailing lists subscription, project planner, searching for developer meet-ups, source code scanner and much more! The project would be free and open source hosted on Salsa (Debian based Gitlab)

I created various scripts and packages for automating tasks and helping a user get started by managing contacts, emails, subscribe to developer’s lists, getting started with Github, IRC and more.

Mailing Lists Subscription

I made a script for fully automating the subscription to various Debian mailing lists. The script also automates its reply process as well to complete the procedure for a user.

It works for all ten important Debian mailing lists for a newcomer like ‘debian-outreach’, ‘debian-announce’, ‘debian-news’, ‘debian-devel-announce’ and more.

I also spent time refactoring the code with my mentors to make it work as a stand-alone script by adding utility functions and fixing the syntax.

The video demo of the script had also been added in my blog.

It inputs the email and automated reply-code received from from the user, and subscribes them to the mailing list. The script uses requests library to send data on the website and submit it on their server.

For the application task, I also created a basic GUI for the program using PyQt.

Libraries used:

  • Requests
  • Smtp
  • PyQt
  • MIME handlers

This is a working demo of the script. The user can enter any Debian mailing lists to subscribe to it. They have to enter the unique code received by email to confirm their subscription:

Thunderbird Setup

This task involved writing program to simplify the setup procedure of Thunderbird for a new user.

I made a script which kills the Thunderbird process if it is running and then edits the ‘prefs.js’ configuration file to modify configuration settings of the software.

The program overwrites the existing settings by creating ‘user.js’ with cusotm settings. It gets implemented as soon Thunderbird is re-opened.

Also added the feature to extend the script to all profiles or a specific one which would be user’s choice.


  • Examines system process to find if Thunderbird is running in background and kills it.

  • Searches dynamically in user’s system to find the configuration file’s path.

  • User can chose which profile should they allow to change.

  • Modifies the default settings to accomplish the following:

    • User’s v-card is automatically appended in mails and posts.
    • Top-posting configuration has been setup by default.
    • Reply heading format is changed.
    • Plain-text mode made default for new mails.
    • No sound and alerts for incoming mails.

and many more…

Libraries used:

  • Psutil
  • Os
  • Subprocess

Source Code Scanner

I created a program to analyse user’s project directory to find which Programming Language they are proficient.

The script would help them realise which language and skill they prefer by finding the percentage of each language present.

It scans through all the file extensions like (.py, .java, .cpp) which are stored in a separate file and examines them to display the total number of lines and percentage of each language present in the directory.

The script uses Pygount library to scan all folders for source code files. It uses pygments syntax highlighting package to analyse the source code and can examine any language.

Libraries used:

  • os (operating system interfaces)
  • pygount

I added a Python script with all common file extensions included in it.

The script could be excecuted easily by entering the directory’s path by the user.


  • Searched Python’s glob library to iterate through home directory.

  • Using Github Linguists library to analyse code.

  • Pygments library to search languages through syntax highlighter.

This is a working demo of the script. The user can enter their project’s directory and the script will analyse it to publish the result:

CardBook Debian Package

For managing contacts/calendar for a user, Thunderbird extensions need to be installed and setup.

I created a Debian package for CardBook, a Thunderbird add on for managing contact using vCard and CardDAV standards.

I have written a blog here, explaining the entire development process , as well as using tools to make it comply to Debian standards.

Creating a Debian package from scratch, involved a lot of learning from resources and wiki pages.

I created the package using debhelper commands, and included the CardBook extension inside the package. I modified the binary package files like changes, control, rules, copyright for its installation.

I also created a Local Debian Repository for testing the package.

I created four updated versions of the package, which are present in the changelog.

I used Lintian tool to check for bugs, packaging errors and policy violations. I spent some time to remove all the Lintian errors in 1.3.0 version of the package.

I took help from mentors on IRC (#debian-mentors) and mailing lists during the packaging process. Finally, I added mozilla-devscripts to build the package using xul-ext architecture.

I updated the ‘watch’ file to automatically pull tags from upstream.

I mailed Carsten Schoenert, Debian Maintainer of Thunderbird and Lightning package, who helped me a lot along with my mentor, Daniel during the packaging process.

CardBook Debian Package:


I created and setup my public and private GPG key using GnuPg and added them on

I signed the package files including ‘.changes’, ‘.dsc’, ‘.deb’ using ‘dpkg-sig’ and ‘debsign’ and then verified them with my keys.

Finally, the package has been uploaded on using dput HTTPS method.


This is video demo showing the package’s installation inside Thunderbird. As it can be clearly observed, CardBook was successfully installed as a Thunderbird add-on:

IRC Setup

One of most challenging tasks for a new contributor is getting started with Internet Relay Protocol chat and its setup.

I made an IRC Python bot to overcome the initial setup required. The script uses socket programming to connect to freenode server and send data.


*It registers new nickname for the user on Freenode server by sending user’s credentials to Nickserv. An email is received on successful registration of the nickname.

  • The script checks if the entered email is invalid or the nickname chosen by the user is already registered on the server. If this is case, the server disconnects and prompts the user again for re-entering the details.

  • It does identification for the nickname on the server before joining any channel by messaging ‘nickserv’ , if the nick registration is successful.

  • It displays the list of all available ‘#debian’ channels live on the server with minimum 30 members.

  • The script connects and joins with any IRC channel entered by the user and displays the live chat occurring on the channel.

  • Implements ping-pong protocol to keep the server live. This makes sure that the connection is not lost during the operation and simulate human interaction with the server by responding to its pings.

  • It continuously prints all data received from the server after decoding it with UTF-8 and closes the server after the operation is done.


Socket library

This is a working video demo for the IRC script.

To display one of it features, I have entered my already registered nickname (Mjain) to test it. It analyses server response to ask the user to again enter it.

Salsa and Github Registration

I created scripts using Selenium Web Driver to automate new account creation on Salsa and Github.

This task would provide a quick-start for a user to get started to contribute to Open source by registering account on web-hosting clients for version control.

I learned Selenium automation techniques in Python to accomplish it. It uses web driver to control it through automated scripts. (Tested with geckodriver for Firefox)

I used Pytest to write test scripts for both the programs which finds whether the account was successfully created or not.

Libraries used:

  • Selenium Web driver
  • Geckodriver
  • Pytest

Extract Mail Data

The aim for this task was to extract data from user’s email for ease of managing contacts.

I created a script to analyse user’s email and extract all Phone numbers present in it. The Program fetches all mails from the server using IMAP and decodes it in using UTF-8 to obtain it in readable format.


  • Easy login on mail server through user’s credentials

  • Obtains the date and time for all mails

  • Option to iterate through all or unseen mails

  • Extracts the Sender, Receiver, Subject and body of the email.

It scans the body of each message to look for phone numbers using python-phonenumbers and stores all of them along with details in a text file in external system.


  • Converts all the telephone numbers in Standard International Format E164 (adds country code if not already present)

  • Using geocoder to find the location of the phone numbers

  • Also extracts the Carrier name and Timezone details for all the phone numbers.

  • Saves all this data along with sender’s details in a file and also displays it on the terminal.

Libraries used:

  • Imaplib
  • IMAPClient
  • Python port of libphonenumbers (phoneumbers)

The original libphonenumbers is a popular Google’s library for parsing, formatting, and validating international phone numbers.

I also researched Telify Mozilla plugin for a similar algorithm to have click-to-save phone numbers.

This is a working video demo for the script:

HTTP Post Salsa Registration

I have created another script to automate the process of new account creation on Salsa using HTTP Post.

The script uses requests library to send HTTP requests on the website and send data in forms.

I used Beautiful Soup 4 library to parse and navigate HTML and XML data inside the URL and get tokens and form fields within the website.

The script checks for password mismatch and duplicate usernames and creates a new account instantly.

Libraries used:

  • Requests
  • Beautiful Soup

This is a working demo for the script. An email is received from Salsa which confirms that new account has been created:

Mail Filters Setup

One of the problems faced by a developer is filtering hundreds of unnecessary mails incoming from mailing lists, promotion websites, and spam.

Email client does the job to certain extent, still many emails are left which need to be sorted into categories.

For this purpose, I created a script which examines user’s mailbox and filters mails into labels and folders in Gmail, by creating them. The script uses IMAP to fetch mails from the server.

Libraries used:


I would like to thank Debian and Google for giving me this opportunity to work on this project.

I am grateful to my mentors Daniel Pocock, Urvika Gola, Jaminy Prabharan and Sanyam Khurana for their constant help throughout GSoC.

Finally, this journey wouldn’t have been possible without my friends and family who supported me.

Special Mention

I would like to thank Carsten Schönert and Andrey Rahmatullin for their help with Debian packaging.


Security updates for Tuesday []

Security updates have been issued by Arch Linux (thunderbird), Debian (gdm3 and samba), openSUSE (cgit and lxc), SUSE (grafana, kafka, logstash, openstack-monasca-installer and samba), and Ubuntu (gdm3 and libarchive).


Enrico Zini: DebConf 18 [Planet Debian]

This is a quick recap of what happened during my DebConf 18.

24 July:

  • after buying a new laptop I didn't set up a build system for Debian on it. I finally did it, with cowbuilder. It was straightforward to set up and works quite fast.
  • shopping for electronics. Among other things, I bought myself a new USB-C power supply that I can use for laptop and phone, and now I can have a power supply for home and one always in my backpack for traveling. I also bought a new pair of headphones+microphone, since I cannot wear in-ear, and I only had the in-ear ones that came with my phone.
  • while trying out the new headphones, I unexpectedly started playing loud music in the hacklab. I then debugged audio pin mapping on my new laptop and reported #904437
  • fixed nightly maintenance scripts, which have been mailing me errors for a while.

25 July:

26 July:

  • I needed to debug a wreport FTBFS on a porterbox, and since the procedure to set up a build system on a porterbox was long and boring, I wrote debug-on-porterbox
  • Fixed a wreport FTBFS and replaced it with another FTBFS, that I still haven't managed to track down.

27 July:

  • worked on multiple people talk notes, alone and with Rhonda
  • informal FD/DAM brainstorming with jmw
  • local antiharassment coordination with Tassia and Taowa
  • talked to ansgar about how to have debtags tags reach ftp-master automatically, without my manual intervention
  • watched a wonderful lunar eclipse

28 July:

  • implemented automatic export of debtags data for ftp-master
  • local anti-harassment team work

29 July:

30 July:

31 July:

  • Implemented F-Droid antifeatures as privacy:: Debtags tags

01 August:

  • Day trip and barbecue

02 August:

03 August:

  • Multiple People talk
  • Debug Boot of my laptop with UEFI with Steve, and found out that HP firmware updates for it can only be installed using Windows. I am really disappointed with HP for this, given it's a rather high-end business laptop.

04 August:

The PowerPC 600 series, part 7: Atomic memory access and cache coherency [The Old New Thing]

On the PowerPC 600 series, memory accesses to suitably-aligned locations by a single register are atomic,¹ meaning that even in the face of a conflicting operation on another processor, the result will be the entire previous value or the entire final value, never a mix of the two.

To perform atomic update operations (load-modify-store, also known as interlocked operations), you use the lwarx and stwcx. instructions:

    lwarx   rd, ra/0, rb      ; load rd from ra/0 + rb and reserve
    stwcx.  rd, ra/0, rb      ; store rd conditionally to ra/0 + rb, update cr0

Note that the only supported addressing mode is x. No plain instruction, and no u forms.

The lwarx instruction loads a word and creates a reservation which monitors the memory for changes. Any modification to that address or an address nearby causes the reservation to be lost. The definition of "nearby" is left up to the processor.

The stwcx. instruction tries to store rd to memory. The store will succeed if the reservation is still in effect and the store is to the same address as the most recent lwarx. The result of the operation is reported in the eq bit of cr0: eq is set on success and clear on failure. The instruction also updates the other bits of cr0 by clearing the lt and gt bits and capturing the summary overflow bit.

Note that the stwcx. instruction ends with a dot because it implicitly updates cr0. There is no undotted form.

Regardless of whether the store succeeded, the reservation is cleared.

If you attempt to store back to a location different from the most recent preceding lwarx, and the reservation is still valid, the store might or might not succeed, and the eq bit will be unpredictable; it need not reflect the actual success of the store. So don't do that.²

If you've seen the other RISC architecture atomic operations, this should feel very familiar. Here's a sample interlocked increment:

    ; atomically increment the word stored at address r3
    lwarx   r4, 0, r3         ; load with reservation
    addi    r4, r4, 1         ; increment
    stwcx.  r4, 0, r3         ; store conditional
    bne-    loop              ; if failed (unlikely), try again
    ; on exit r4 contains incremented value

You are allowed to abandon a reservation. For example, a compare-exchange starts with a reservation, but if the value is incorrect, it just gives up without ever storing anything.

    ; if the word at r3 is equal to r4, then replace it with r5
    lwarx   r6, 0, r3         ; load with reservation
    cmpw    r6, r4            ; contains correct value?
    bne-    stop              ; if not, then give up
    stwcx.  r5, 0, r3         ; store conditional
    bne-    loop              ; if failed (unlikely), try again
    ; r6 contains previous value stored at r3

As noted above, simple accesses to suitably-aligned locations are atomic, and you can use the lwarx/stwcx. instructions to construct more complex atomic operations, but none of those instructions impose any memory ordering. In practice, the interlocked operations will usually erect a memory barrier before and/or after the atomic update.

    sync                      ; full memory barrier
    isync                     ; acquire
    lwsync                    ; release

The sync instruction is a full memory barrier.

The isync instruction officially discards prefetch, but that has a side effect of preventing future memory operations from starting (because they were discarded), which is effectively an acquire. You usually use it after taking a lock, so that reads intended to be under the lock do not get advanced to before the lock is taken.

The lwsync waits for preceding loads and stores to complete, but allows future loads to start. You usually use it just before releasing a lock, so that all accesses that were intended to be protected by the lock are finished before the lock is dropped.

And then there's this guy:

    eieio                     ; enforce in-order execution of I/O

This instruction is so famous it has its own Wikipedia page. Somebody worked really hard to backronym that mnemonic. It's intended as a memory barrier for memory-mapped I/O, but it is generally useful as well. It acts like a lightweight lwsync: It ensures that all pending stores are completed, but it does not prevent future loads from starting or force preceding loads to complete. You can use this just before exiting a lock if the purpose of the lock was to update some data rather than to read some data. The compiler, of course, doesn't usually have this level of insight into your code, so you're unlikely to see this in practice.

There are other types of barriers but you're not likely to encounter them. There are also special instructions to tell the processor that you've written new code to memory, so it should discard any prefetch or instruction cache.

When reading code, you don't need to worry too much about the distinctions between these different types of barriers. You can assume that the compiler used the correct barrier. (Well, unless you're chasing a compiler bug.)

The PowerPC permits implementations to have separate I-cache and D-cache, so you cannot assume that writing code to memory will immediately take effect at execution. You have to explicitly tell the processor that instructions have changed. This is mostly relevant only for jitters, so I won't go into details. I never had to debug a jitter on this guy, and even if I were called upon to do it, I'd just assume that whoever wrote the memory barrier stuff knew what they were doing.

Next time, we'll look at control flow instructions and their absurd mnemonics.

¹ Although not available in little-endian mode, there are instructions in big-endian mode that can load and store multiple registers. Each individual register access is atomic if suitably aligned, but the entire operation is not.

² Interrupts and traps do not clear the reservation. This means that if the operating system wants to perform a context switch, it needs to perform a stwcx. to a harmless location to force the reservation to be cleared. Otherwise, the thread being switched to might be in the middle of an atomic operation, and its stwcx. might succeed based on the previous thread's reservation! This is a rare case where you will intentionally perform a stwcx. to an address that doesn't match the preceding lwarx.


3 promising areas for AI skills development [All - O'Reilly Media]

O'Reilly survey results and usage data reveal growing trends and topics in artificial intelligence.

One of the key findings of a survey we released earlier this year (How Companies are Putting AI to Work through Deep Learning) was that the leading reason holding companies back from incorporating deep learning was their lack of access to skilled people. One-fifth of respondents pointed to a skills gap as one of the reasons they haven’t integrated deep learning, and at the time of the survey, 75% of respondents indicated their company had some combination of internal and external training programs to address this issue.

We’ve continued to monitor interest in topics relevant to building AI products and systems, specifically areas that also warrant investment in skills development. In this post, I’ll share results of related studies we’ve conducted. I’ll draw from two data sources:

  • We examine usage[1] across all content formats on the O’Reilly online learning platform, as well as demand via volume of search terms.
  • We recently conducted a survey (full report forthcoming) on machine learning adoption, which included more than 6,000 respondents from North America.

I’ll use key portions of our upcoming AI Conference in San Francisco to describe how companies can address the topics and findings surfaced in these two recent studies.

Growing interest in key topics

Through the end of June 2018, we found double-digit growth in key topics associated with AI. Our online learning platform usage metrics encompass many content formats including books, videos, online training, interactive content, and other material:

growth in usage

Growth was strong across many topics associated with AI and machine learning. The chart below provides a sense of how much content usage (“relative popularity”) we’re seeing in some of these key topics: our users remain very interested in machine learning, particularly in deep learning.

usage by topic

It’s one thing to learn about an individual technology or a specific class of modeling techniques, but ultimately, organizations need to be able to design robust AI applications and products. This involves hardware, software infrastructure to manage data pipelines, and elegant user interfaces. For the upcoming AI Conference in San Francisco, we assembled training sessions, tutorials, and case studies on many of these important topics:

We’ve also found that interest in machine learning compares favorably with other areas of technology. We track interest in topics by monitoring search volume on our online learning platform. Alongside Kubernetes and blockchain, machine learning has been one of the fast-growing, high-volume search topics year over year:

usage year over year

Emerging topics

As I noted in the first chart above, we are seeing growing interest in reinforcement learning and PyTorch. It’s important to point out that TensorFlow is still by far the most popular deep learning framework, but as with other surveys we are seeing that PyTorch is beginning to build a devoted following. Looking closely at interest in topics within data science and AI, we found that interest in reinforcement learning, PyTorch, and Keras have risen substantially this year:

top ai data search terms

The chart below provides a ranked list of industries that are beginning to explore using reinforcement learning and PyTorch:

usage by topic

We’ve had reinforcement learning tutorial sessions and presentations from the inception of our AI Conference. As tools and libraries get simpler and more tightly integrated with other popular components, I’m expecting to see more mainstream applications of reinforcement learning. We have assembled tutorial sessions and talks at the AI Conference on reinforcement learning and on popular tools for building deep learning applications (including PyTorch and TensorFlow):

Toward a holistic view of AI applications

There is growing awareness among major stakeholders about the importance of data privacy, ethics, and security. Users are beginning to seek more transparency and control over their data, regulators are beginning to introduce data privacy rules, and there is growing interest in ethics and privacy among data professionals.

model-building checklist

There are an emerging set of tools and best practices for incorporating fairness, transparency, privacy, and security into AI systems. For our upcoming AI Conference in San Francisco, we have a wide selection of tutorials and sessions aimed at both technologists wanting to understand how to incorporate ethics and privacy into applications, and for managers needing to understand what these new tools and technologies are able to provide:

Continue reading 3 promising areas for AI skills development.


Google Tracks its Users Even if They Opt-Out of Tracking [Schneier on Security]

Google is tracking you, even if you turn off tracking:

Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored."

That isn't true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like "chocolate chip cookies," or "kids science kits," pinpoint your precise latitude and longitude ­- accurate to the square foot -­ and save it to your Google account.

On the one hand, this isn't surprising to technologists. Lots of applications use location data. On the other hand, it's very surprising -- and counterintuitive -- to everyone else. And that's why this is a problem.

I don't think we should pick on Google too much, though. Google is a symptom of the bigger problem: surveillance capitalism in general. As long as surveillance is the business model of the Internet, things like this are inevitable.

BoingBoing story.

Good commentary.


Four short links: 14 August 2018 [All - O'Reilly Media]

Hyrum's Law, Academic Torrents, Logic Textbook, and Suboptimal Fairness

  1. Hyrum's Law -- With a sufficient number of users of an API, it does not matter what you promise in the contract: all observable behaviors of your system will be depended on by somebody. (via Simon Willison)
  2. Academic Torrents -- a community-maintained distributed repository for data sets and scientific knowledge. 27GB and growing.
  3. Open Logic Project -- a collection of teaching materials on mathematical logic aimed at a non-mathematical audience, intended for use in advanced logic courses as taught in many philosophy departments. It is open source: you can download the LaTeX code. It is open: you’re free to change it whichever way you like, and share your changes. It is collaborative: a team of people is working on it, using the GitHub platform, and we welcome contributions and feedback. And it is written with configurability in mind.
  4. Delayed Impact of Fair Machine Learning (Paper a Day) -- it’s therefore possible to have a fairness intervention with the unintended consequence of leaving the disadvantaged group worse off than they were before.

Continue reading Four short links: 14 August 2018.


A Shell Game [The Daily WTF]

When the big banks and brokerages on Wall Street first got the idea that UNIX systems could replace mainframes, one of them decided to take the plunge - Big Bang style. They had hundreds of...


A quick reminder on HTTPS everywhere [All - O'Reilly Media]

HTTPS "everywhere" means everywhere—not just the login page, or the page where you accept donations. Everything.

HTTPS Everywhere! So the plugin says, and now browsers are warning users that sites not implementing https:// are security risks. Using HTTPS everywhere is good advice. And this really means "everywhere": the home page, everything. Not just the login page, or the page where you accept donations. Everything.

Implementing HTTPS everywhere has some downsides, as Eric Meyer points out. It breaks caching, which makes the web much slower for people limited to satellite connections (and that's much of the third world); it's a problem for people who, for various reasons, have to use older browsers (there are more ancient browsers and operating systems in the world than you would like to think, trust me); domain names and IP address are handled by lower-level protocols that HTTPS doesn't get to touch, so it's not as private as one would like; and more. It's not a great solution, but it's a necessary one. (Meyer's article, and the comments following it, are excellent.)

The real problem isn't HTTPS's downsides; it's that I see and hear more and more complaints from people who run simple non-commercial sites asking why this affects them. Do you need cryptographic security if your site is a simple read-only, text-only site with nothing controversial? Unfortunately, you do. Here's why. Since the ISPs' theft of the web (it's not limited to the loss of Network Neutrality, and not just an issue in the U.S.), the ISPs themselves can legally execute man-in-the-middle attacks to:

The first two are happening already; the third may be. (It's possible that GDPR, which protects European citizens regardless of where they're located, might prevent ISPs from collecting and selling browsing history. I wouldn't count on it, though.)

Yesterday, I poked around a bit and found many sites that don't use HTTPS everywhere. Those sites include an ivy league university (Cornell, get your act together!), many non-profit organizations (including several that I belong to), several well-known newspapers and magazines, local libraries, and a lot of small businesses. The irony is most of these sites accept donations, let you read restricted-access materials, and even sell stuff online, and these pages are already using HTTPS (though not always correctly). Protecting the entire site doesn't require that big a change. In many cases, using HTTPS for the entire site is simpler than protecting a limited collection of pages.

I agree that HTTPS is a significant administrative burden for simple, static sites, or sites that are run by groups that don’t have the technical ability to implement HTTPS. Services like Let's Encrypt reduce some of the burden (Let's Encrypt provides free certificates, reducing the process of setting up HTTPS to a few well-placed clicks)—but you still have to do it.

Nothing stays simple and elegant, particularly when it's under attack. And the web is under attack: from the pirate ISPs, from hostile governments (a somewhat different issue, but related), and from many other actors. HTTPS is a solution—a problematic one, I’ll grant, and one that imposes a burden on the sites least capable of dealing with technical overhead, but we don't have a better solution. Well, yes, we do have a better solution: IPSec and IPv6 solve the problem nicely. But we've been waiting for widespread adoption of those for more than 20 years, and we're still waiting. These are problems we need to solve now.

"There's nothing on my site that requires cryptography" doesn't help anyone. That's no more helpful than people who say "I have nothing to hide, so I don't need privacy." You don't need either privacy or HTTPS until you do, and then it's way, way too late. Do it for your users' sake.

Continue reading A quick reminder on HTTPS everywhere.


SevenTorrents Shuts Down, Transfers Database to New Torrent Site [TorrentFreak]

Hundreds of torrent sites have come and gone over the years with most disappearing after relatively short periods in action.

Sites like The Pirate Bay, which has just celebrated 15 years online, tend to drown out smaller players on the news front, but several have an impressive history behind them.

Take SevenTorrents, for example. The site has been serving torrents for around 10 years and last year serviced around six million unique visitors. It’s not a giant by any means but its longevity is notable in a somewhat hostile and oppressive anti-piracy environment.

Now, however, the show is over for this long-term player. In an announcement yesterday, SevenTorrents’ operator said the towel had been thrown in.

“We have been serving you for near 10 years and served over 40 Million visitors, with all troubles including copyright complaints, limitations, domain bans and …., we were able to keep this site up and running and make our visitors satisfied,” the announcement reads.

Indeed, SevenTorrents has weathered the usual storms over the years. In 2014, the site’s main domain was added to the UK’s ISP blocking system following a complaint from the Motion Picture Association and in 2015, other domains were added to the list.

Unlike other sites on a downward spiral, no single event appears to have pressured SevenTorrents’ out of existence but they clearly feel the time is right to move on. However, the site’s decision to hand over its database to another torrent site raises some questions.

“Today we have decided to retire. But this is not the end for you and we will not let you down, there is a good news for you. We have talked with the owners of our professional friend site WatchSoMuch which is doing same thing as we were doing but in a better way, it has a super fast search and modern and mobile friendly design,” SevenTorrents says.

“We have transferred all the data and members to there, please visit and continue using your account in WatchSoMuch with same password and enjoy.”

While SevenTorrents is an open index, according to its operator it has around 200,000 members, which means that WatchSoMuch – a site that only surfaced in June – now has the details those users signed up with along with any other data gathered along the way.

So, after receiving emails from users and noticing some concern on Reddit and elsewhere, TF contacted SevenTorrents to find out more about the shutdown and the hand over of data to WatchSoMuch. In polite terms, the site doesn’t believe that there should be any concern whatsoever.

TF was informed that SevenTorrents hasn’t encountered anyone who is worried about their data being passed to WatchSoMuch and the overwhelming reaction has been sadness at the site closing down.

“[T]he announcement on Facebook you can see real people reactions, none of the comments in there nor the emails we received show any worries about their data, except people are sad, and asking us not to close this site,” we were told.

“WSM owners are friends of us and very professional, they can be the no #1 movie site in next months because of what they are offering.”

Highlighting the privacy-conscious nature of current times, we pointed out that some people are indeed concerned about the transfer of data. However, SevenTorrents’ operator is insistent that there’s nothing for users to be worried about.

“Yes, logically [users] should get nervous, but they [shouldn’t],” TF was told.

“Transferring the user data to a new site should sound like an upgrade to an existing site. It’s not publishing data or selling it, which many of current torrent sites do without any notice.

“But we respect those users who don’t like to join a new site (if there are any) and I will ask new owners to add a delete account option if there isn’t any.”

While it’s impossible for outsiders to know exactly what will happen, we get the impression that SevenTorrents simply wanted to give WatchSoMuch a rolling start at being a success with a community they didn’t want to tear apart. It won’t sit well with some but this is a free pirate site we’re talking about, not Netflix.

“SevenTorrents will be up for few days but we no longer update this site,” SevenTorrents says.

“We promise this event will look like a change of address and layout to you. There is no difference, the data will be better and more complete. All data including movies, torrents, activities, comments have been transferred to WSM so you will feel like home.”

Indeed, it looks like a large number of former SevenTorrents users have already made the switch. Over the past two days, more than 6,000 are said to have logged in to WatchSoMuch.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


All other things being equal (simple contribution analysis for pricing) [Seth's Blog]

If you make a product that costs $5 to produce and package, how much should you charge for it?

I don’t know.

But there’s a simple bit of arithmetic you can do to understand sensitivity in pricing.

Should you charge $7 or $9?

Well, if you charge $7, you make $2 a unit.

If you charge $9, you make $4 a unit, or twice as much.

Which means, all other things being equal, you’ll need to sell twice as many at $7 as you’ll need to sell at $9.

It doesn’t feel that way, but it’s true. 100 sold at $9 is more profitable than 180 sold at $7. And to take it a step further, you’ll need to sell 800 at $5.50 to make as much as you would have made at $9. Eight times as many.

No one knows what your demand curve is going to be like, no one is sure what impact your pricing will have on all the other items you sell.

But be honest with yourself about contribution.

Price is a story, it’s a story we tell ourselves and others about what we have to offer. But price is also the path to being able to stay in business.


[Unrelated helpful tip: A significant bug exists in Word, one that just cost me two hours. If someone sends you a Word file as an attachment in Gmail and then you drag that to Word to start editing it (without formally downloading it first), Word will let you work on it, save it, work on it some more, close it–and then your work is gone forever. Don’t do that.]

Update! Thanks to Justin, Alan, Matt, Luis and other loyal and talented readers, I’ve put together a method that got the file back. My deep searching yesterday didn’t find it, so here it is for the next shmo who gets stuck:

  1. Repeat the process that opened in the file in the first place. In my case, drag it from Gmail to the Word icon in the dock on my Mac. The original opens.
  2. Hit ‘save as’.
  3. You’ll see the usual save window, and you can hit the name of the folder to see the location of the hidden file. In my case, the letter “T
  4. Then, you’ll need to be able to see the invisible files on your Mac. In my case, the easiest thing was to go to Terminal and turn that on.
  5. And then, folder by folder, I found my way to the magical “T” folder and there it was, gloating at me, just waiting to be re-opened and saved properly.

Thanks, team!


Satisfyr Pro Penguin by Alexander Reeder [Oh Joy Sex Toy]

I mean… it’s got a frigging BOW TIE. I don’t even know if we NEEDED Alex to do a review on top of that… Bow Tie is an Instant Buy.

We had a second one of these for ourselves and it just wasn’t really our jam – Erika’s just not a suction kinda girl. But gosh a lot of people LOVE IT. This is a great suction-toy, WAY nicer than a Womanizer, that’s for sure.

Alex, as always, is AMAZING. Take a look at some of his other OJST comics, and then when you’rE done being impressed, go and send him your love!

Buy it from one of our Friends (With Benefits)

Early To Bed has a 10% discount too! Just add ‘OHJOY’ at checkout!AND Lovehoney also has a discount code for 10% off!*All of Vibrant’s proceeds go to Planned Parenthood!
And, finally while we much prefer and encourage you to buy from a small
business, here’s an Amazon link! also gave us a 10% discount code to give you! also gave us a 10% discount code to give you! also gave us a 10% discount code to give you, just click here! also gave us a 10% discount code to give you!


Reproducible builds folks: Reproducible Builds: Weekly report #172 [Planet Debian]

Here’s what happened in the Reproducible Builds effort between Sunday August 5 and Saturday August 11 2018:

Packages reviewed and fixed, and bugs filed

diffoscope development

There were a handful of updates to diffoscope, our in-depth “diff-on-steroids” utility which helps us diagnose reproducibility issues in packages: development


This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

Athos Ribeiro: Google Summer of Code 2018 Final Report: Automatic Builds with Clang using Open Build Service [Planet Debian]

Project Overview

Debian package builds with Clang were performed from time to time through massive rebuilds of the Debian archive on AWS. The results of these builds are published on This summer project aimed to automate Debian archive clang rebuilds by substituting the current clang builds in with Open Build System (OBS) builds.

Our final product consists of a repository with salt states to deploy an OBS instance which triggers Clang builds of Debian Unstable packages as soon as they get uploaded by their maintainers.

An instance of our clang builder is hosted at and the Clang builds triggered so far can be seen here.

My Google Summer of Code Project can bee seen at

My contributions

The major contribution for the summer is our running OBS instance at

Salt states to deploy our OBS intance

We created a series of Salt states to deploy and configure our OBS instance. The states for local deploy and development are available at


The commits above were condensed and submitted as a Pull Request to the project’s mentor github account, with production deployment configurations.

OBS Source Service to make gcc/clang binary substitutions

To perform deb packages Clang builds, we substitute GCC binaries with the Clang binaries in the builders chroot during build time. To do that, we use the OBS Source Services feature, which requires a package (which performs the desired task) to be available to the target OBS project.

Our obs-service-clang-build package is hosted at


Monitor Debian Unstable archive and trigger clang builds for newly uploaded packages

We also use two scripts to monitor the debian-devel-changes mailing lists, watching for new package uploads in Debian Unstable, and trigger Clang builds in our OBS instance whenever a new upload is accepted.

Our scripts to monitor the debian-devel-changes mailing list and trigger Clang builds in our OBS instance are available at


OBS documentation contributions

During the summer, most of my work was to read OBS documentation and code to understand how to trigger Debian Unstable builds in OBS and how to perform customized Clang builds (replacing GCC).

My contributions

Pending PRs

We want to change the Clang build links at To do so, we must change Debian distro-tracker to point to our OBS instance. As of the time this post was written, we have an open PR in distro-tracker to change the URLs:

Reports written through the summer

Adding new workers to the OBS instance

To configure new workers to our current OBS instance, hosted at, just set new salt slaves and provision them with obs-common and obs-worker, from This should be done in the top.sls file.

Future work

  • We want to extend our OBS instance with more projects to provide Upstream LLVM packages to Debian and derived distributions.
  • More automation is needed in our salt states. For instance, we may want to automate SSL certificates generation using Let’s encrypt.
  • During the summer, several issues were detected in Debian Stable OBS packages. We want to work closer to OBS packages to help improving OBS packages and OBS itself.

Google Summer of Code experience

Working with Debian during the summer was an interesting experience. I did not expect to have so many problems as I did (see reports) with the OBS packages. This problems were turned into hours of debuging and reading Perl code in order to understand how OBS processes comunicate and trigger new builds. I also learned more about Debian packaging, salt and vagrant. I do expect to keep working with OBS and help maintaining the service we deployed during the summer. There’s still a lot of room for improvements and it is easy to see how the project benefits FLOSS communities.


The Secret Loves of Lord Taco Puss [Diesel Sweeties webcomic by rstevens]

sleep is dumb

I kind of love the pairing of Otakate and Lord Taco Puss.


Iustin Pop: Eiger Bike Challenge 2018 [Planet Debian]

So… another “fun” ride. Probably the most fun ever, both subjectively and in terms of Strava’s relative effort level. And that despite it being the “short” version of the race (55km/2’500m ascent vs. 88km/3’900m).

It all started very nicely. About five weeks ago, I started the Sufferfest climbing plan, and together with some extra cross-training, I was going very strong, feeling great and seeing my fitness increasing constantly. I was quite looking forward to my first time at this race.

Then, two weeks ago, after already having registered, family gets sick, then I get sick—just a cold, but with a persistent cough that has not gone away even after two weeks. The week I got sick my training plan went haywire (it was supposed to be the last heavy week), and the week of the race itself I was only half-recovered so I only did a couple of workouts.

With two days before the race, I was still undecided whether to actually try to do it or not. Weather was quite cold, which was on the good side (I was even a bit worried about too cold in the morning), then it turned to the better.

So, what do I got to lose? I went to the start of the 55km version. As to length, this is on the easy side. But it does have 2’500m of ascent, which is a lot for me for such a short ride. I’ve done this amount of ascent before—2017 BerGiBike, long route—but that was “spread” over 88km of distance and in lower temperatures and with quite a few kilograms fewer (on my body, not on the bike), and still killed me.

The race starts. Ten minutes in, 100m gained; by 18 minutes, 200m already. By 1h45m I’m done with the first 1’000m of ascent, and at this time I’m still on the bike. But I was also near the end of my endurance reserve, and even worse, at around 1h30m in, the sun was finally high enough in the sky to start shining on my and temperature went from 7-8°C to 16°. I pass Grosse Scheidegg on the bike, a somewhat flat 5k segment follows to the First station, but this flat segment still has around 300m of ascent, with one portion that VeloViewer says is around 18% grade. After pedalling one minute at this grade, I give up, get off the bike, and start pushing.

And once this mental barrier of “I can bike the whole race” is gone, it’s so much easier to think “yeah, this looks steep, let’s get off and push” even though one might still have enough reserves to bike uphill. In the end, what’s the difference between biking at 5km/h and pushing at 4.0-4.3km/h? Not much, and heart rate data confirms it.

So, after biking all the way through the first 1’100m of ascent, the remainder 1’400m were probably half-biking, half-pushing. And that might still be a bit generous. Temperatures went all the way up to 32.9°C at one point, but went back down a bit and stabilised at around 25°. Min/Avg/Max overall were 7°/19°/33° - this is not my ideal weather, for sure.

Other fun things:

  • Average (virtual) power over time as computed by VeloViewer went from 258W at 30m, to 230W at the end of first hour, 207W at 2h, 164W at 4h, and all the way down to 148W at the end of the race.
  • The brakes faded enough on the first long descend that in one corner I had to half-way jump of the bike and stop it against the hill; I was much more careful later to avoid this, which lead to very slow going down gravel roads (25-30km/h, not more); I need to fix this ASAP.
  • By last third of the race, I was tired enough that even taking a 2 minutes break didn’t relax my heart rate, and I was only able to push the bike uphill at ~3km/h.
  • The steepest part of the race (a couple of hundred meters at 22-24%) was also in the hottest temperature (33°).
  • At one point, there was a sign saying “Warning, ahead 2.5km uphill with 300m altitude gain”; I read that as “slowly pushing the bike for 2.5km”, and that was true enough.
  • In the last third of the race, there was a person going around the same speed as me (in the sense that we were passing each other again and again, neither gaining significantly). But he was biking uphill! Not much faster than my push, but still biking! Hat off, sir.
  • My coughing bothered me a lot (painful coughing) in the first two thirds, by the end of the race it was gone (now it’s back, just much better than before the race).
  • I met someone while pushing and we went together for close to two hours (on and off the bike), I think; lots of interesting conversation, especially as pushing is very monotonous…
  • At the end of the race (really, after the finish point), I was “ok, now what?” Brain was very confused that more pushing is not needed, especially as the race finishes with 77m of ascent.
  • BerGiBike 2017 (which I didn’t write about, apparently) was exactly the same recorded ascent to the meter: 2’506, which is a fun coincidence ☺

The route itself is not the nicest one I’ve done at a race. Or rather, the views are spectacular, but a lot of the descent is on gravel or even asphalt roads, and the single-trails are rare and on the short side. And a large part of the difficult descent are difficult enough that I skipped them, which in many other races didn’t happen to me. On the plus side, they had very good placements of the official photographers, I think one of the best setups I’ve seen (as to the number of spots and their positioning).

And final fun thing: I was not the last! Neither overall nor in my age category:

  • In my age category, I was place 129 our of 131 finishers, and there were another six DNF.
  • Overall (55km men), I was 391 out of 396 finishers, plus 17 DNF.

So, given my expectations for the race—I only wanted to finish—this was a good result. Grand questions:

  • How much did my sickness affect me? Especially as lung capacity is involved, and this being at between 1’000 and 2’000m altitude, when I do my training at below 500?
  • How much more could I have pushed the bike? E.g. could I push all above 10%, but bike the rest? What’s the strategy when some short bits are 20%? Or when there’s a long one at ~12%?
  • If I had an actual power meter, could I do much better by staying below my FTP, or below 90% FTP at all times? I tried to be careful with heart rate, but coupled with temperature increase this didn’t go as well as I thought it would.
  • My average overall speed was 8.5km/h. First in 55km category was 19.72km/h. In my age category and non-licensed, first one was 18.5km/h. How, as in how much training/how much willpower does that take?
  • Even better, in the 88km and my age category, first placed speed was 16.87km/h, finishing this longer route more than one hour faster than me. Fun! But how?

In any case, at my current weight/fitness level, I know what my next race profile will be. I know I can bike more than one thousand meters of altitude in a single long (10km) uphill, so that’s where I should aim at. Or not?

Closing with one picture to show how the views on the route are:

Yeah, that's me ☺ Yeah, that’s me ☺

And with that, looking forward to the next trial, whatever it will be!

Monday, 13 August


How Michael Dell saved his company from the brink [OSNews]

So CEO Michael Dell presented shareholders with a $25 billion buyout that would take the company private, giving it space away from the public limelight (and pressure from investors) to rethink and reposition the struggling computer company for the future. Fast-forward to 2018, and Dell's prospects seem far better. Dell is now worth an estimated $70 billion - nearly triple what the buyout valued it at five years ago - and it has announced a bid to return to the public sector in a $22 billion buyout. It's an astounding transformation. Dell and his investment partners at Silver Lake transformed the company from a struggling consumer electronics company into an enterprise powerhouse.

It's indeed a pretty amazing turnaround. A few years ago, I would've never seriously considered a Dell. These days, though, their XPS 13 and 15 laptops are some of the best laptops you can get, with Linux editions available as well.

We Interrupt Your Monday For This Very Important Picture of Smudge [Whatever]

I think we can all agree that this has been a vital and necessary update.

For those of you asking how well Smudge is being assimilated into the Scalzi clowder of cats, the answer is: reasonably well, but not without its problems. Smudge basically has two personality settings at the moment, “adorable” and “asshole,” which is about par of kittens generally, but even more so for him. This duality of his nature has definitely been noted by the other cats, who have varying levels of tolerance for him. Zeus is generally the most tolerant of him, and will wrestle with him for a while before he gets tired of it. Spice will also wrestle with him, for a much shorter period. Sugar is all “I will fucking cut you” when he approaches her for a tussle, and he backs away sensibly. Otherwise, he’s fearless and underfoot, which again is to expected in a kitten.

The things Smudge is the most frustrated about is that the other cats go outside and he can’t. He can’t because he’s still too small and could be marked as a snack by local raptors. The other cats go outside to do their thing and also (it has to be said) to be shut of Smudge, who can be relentless in his attention-seeking. But I don’t see giving Smudge outdoor privileges for another several months. We expect him to be a fairly big cat, so it might happen sooner than later. But for now when Smudge makes a beeline for the door, he finds them closed before he can get to them — or if he’s at the door when it’s opened he’s picked up before he can escape. It’s frustrating for him, but better alive and frustrated then a snack for a hawk.

And this has been your Smudge update for the day. Thank you for your attention.


One more week of the Humble Book Bundle: Program Your Own Games... [Humble Bundle Blog]

One more week of the Humble Book Bundle: Program Your Own Games by Mercury! 

This ebook bundle has more than $640 worth of ebooks, including Introduction to 3D Game Programming with DirectX12, Storyboarding, Classic Game Design, and more! It’s time to get creative.

Assets for Press and Partners


[$] The importance of being noisy []

Hundreds (at least) of kernel bugs are fixed every month. Given the kernel's privileged position within the system, a relatively large portion of those bugs have security implications. Many bugs are relatively easily noticed once they are triggered; that leads to them being fixed. Some bugs, though, can be hard to detect, a result that can be worsened by the design of in-kernel APIs. A proposed change to how user-space accessors work will, hopefully, help to shine a light on one class of stealthy bugs.


Identifying Programmers by their Coding Style [Schneier on Security]

Fascinating research de-anonymizing code -- from either source code or compiled code:

Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, have found that code, like other forms of stylistic expression, are not anonymous. At the DefCon hacking conference Friday, the pair will present a number of studies they've conducted using machine learning techniques to de-anonymize the authors of code samples. Their work could be useful in a plagiarism dispute, for instance, but it also has privacy implications, especially for the thousands of developers who contribute open source code to the world.


FeedRSSLast fetchedNext fetched after
XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
a bag of four grapes XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
A Smart Bear: Startups and Marketing for Geeks XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
All - O'Reilly Media XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
Anarcho's blog XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
Ansible XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August
Bad Science XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August
Black Doggerel XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
Blog – Official site of Stephen Fry XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August
Boing Boing XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
Broodhollow XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
Charlie Brooker | The Guardian XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
Charlie's Diary XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
Chasing the Sunset - Comics Only XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August
Clay Shirky XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
Coding Horror XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August
Cory Doctorow's XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
Ctrl+Alt+Del Comic XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
Cyberunions XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August
David Mitchell | The Guardian XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August
Debian GNU/Linux System Administration Resources XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
Deeplinks XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
Diesel Sweeties webcomic by rstevens XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August
Dork Tower XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
Edmund Finney's Quest to Find the Meaning of Life XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August
Eerie Cuties XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August
EFF Action Center XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August
Enspiral Tales - Medium XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August
Erin Dies Alone XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August
Events XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
Falkvinge on Liberty XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
Flipside XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
Free software jobs XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August
Full Frontal Nerdity by Aaron Williams XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
General Protection Fault: The Comic Strip XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
George Monbiot XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August
Girl Genius XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August
God Hates Astronauts XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
Graeme Smith XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
Groklaw XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
Hackney Anarchist Group XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August
Humble Bundle Blog XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August
I, Cringely XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
Irregular Webcomic! XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
Joel on Software XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August
Judith Proctor's Journal XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August
Krebs on Security XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
Lambda the Ultimate - Programming Languages Weblog XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August
LFG Comics XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
LLVM Project Blog XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August
Loomio Blog XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
Menage a 3 XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
Mimi and Eunice XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August
Neil Gaiman's Journal XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August
Nina Paley's Blog XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August
O Abnormal – Scifi/Fantasy Artist XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August
Oglaf! -- Comics. Often dirty. XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
Oh Joy Sex Toy XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
Order of the Stick XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
Original Fiction – XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
OSNews XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August
Paul Graham: Unofficial RSS Feed XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August
Penny Arcade XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
Penny Red XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August
PHD Comics XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August
Phil's blog XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
Planet Debian XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August
Planet GridPP XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August
Planet Lisp XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August
Property is Theft! XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August
QC RSS XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August
Scenes From A Multiverse XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August
Schneier on Security XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August
SCHNEWS.ORG.UK XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
Scripting News XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
Seth's Blog XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August
Skin Horse XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
Starslip by Kris Straub XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
Tales From the Riverbank XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August
The Adventures of Dr. McNinja XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August
The Bumpycat sat on the mat XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August
The Command Line XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August
The Daily WTF XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August
The Monochrome Mob XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
The Non-Adventures of Wonderella XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August
The Old New Thing XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
The Open Source Grid Engine Blog XML 16:28, Saturday, 18 August 17:15, Saturday, 18 August
The Phoenix Requiem XML 17:14, Saturday, 18 August 17:54, Saturday, 18 August
The Rogues Gallery XML 16:28, Saturday, 18 August 17:16, Saturday, 18 August
The Stranger, Seattle's Only Newspaper: Savage Love XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August
TorrentFreak XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August
towerhamletsalarm XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August
Twokinds XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
UK Indymedia Features XML 16:42, Saturday, 18 August 17:24, Saturday, 18 August
Uploads from ne11y XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August
Uploads from piasladic XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 17:07, Saturday, 18 August 17:53, Saturday, 18 August
What If? XML 16:42, Saturday, 18 August 17:23, Saturday, 18 August
Whatever XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August
Whitechapel Anarchist Group XML 17:14, Saturday, 18 August 18:03, Saturday, 18 August
WIL WHEATON dot NET XML 16:42, Saturday, 18 August 17:26, Saturday, 18 August
wish XML 16:42, Saturday, 18 August 17:27, Saturday, 18 August XML 16:35, Saturday, 18 August 17:18, Saturday, 18 August