Monday, 24 February


Rightsholders Want Google and Facebook to Scrub Links to Pirate Sites [TorrentFreak]

Australia has often been described as a hotbed for piracy.

Some people link this phenomenon to long release delays and high prices. However, former Village Roadshow CEO Graham Burke and many other industry insiders disagree.

They mainly point the finger at the ease of access to pirate sites, which is facilitated by services such as Google.

While Burke stepped down from his position as movie studio CEO last year, he remains heavily involved in anti-piracy issues. He is currently the Chair of Creative Content Australia, an industry group that unites several major companies in the entertainment business.

In recent years the group supported broader anti-piracy measures such as website blocking. However, it also believes that more has to be done. In particular, they see a major role for third-party intermediaries including search engines such as Google.

The Australian government previously highlighted the responsibility of these online services in curbing piracy but despite the encouragement to do more, copyright holders say they have noticed little change.

“What is happening is that the government, with legislation, shut the front door by blocking websites by ISP, but the search engines, namely Google, are taking people to pirate process proxy sites,” Burke told The Australian.

“If you google PIR you get taken to Pirate Bay proxies, where they say unashamedly, if the government blocked your Pirate Bay access through your ISP we can re-engage you right here.”

Interestingly, last year Burke was the one who reported that Google has started to remove hundreds of pirate sites from its search result following a voluntary agreement. While that was touted as a victory, it didn’t result in the desired effect.

Creative Content Australia believes that search engines are not taking enough responsibility. Therefore, the group asked the government to step in to make sure that blocked sites are not findable through these third-party platforms.

This applies to search engines, including Google, as well as social media platforms such as Facebook. According to the rightsholders, these companies ignore the government’s recommendations as laid out in ACCC’s review.

With its call to action, Creative Content Australia is obviously looking out for the financial interests of its members. However, the group also stresses that pirate sites pose a danger to the public.

The industry group has repeatedly highlighted the risk of malware and other nefarious activities people can run into. Burke reiterates these comments and now notes that pirate sites can suck up passwords and empty people’s bank accounts.

“When piracy first started they had advertising and they’re still doing some of that, but the big profit, huge profit, comes from getting someone’s credit card details and emptying their bank account.

“Even just by clicking on to a ­pirate website, they’re so sophisticated they can suck up all your ­information, your passwords and everything,” Burke adds.

These statements go quite far and come without any evidence. While there certainly are some scammy sites online, we’re not aware of any regular pirate sites that steal people’s information and money.

In the past, the industry group also pointed out that pirate sites are the number one way through which malicious software is spread. While we previously debunked that claim, Burke continues to hammer on the threat.

Time will tell whether the renewed pressure on the Australian government will have any effect. At the time of writing, links to The Pirate Bay and other blocked sites remain widely available through search engines and social media platforms.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.



Comic: Michael Crichton’s Twitter [Penny Arcade]

New Comic: Michael Crichton’s Twitter


1377 [Looking For Group]

The post 1377 appeared first on Looking For Group.

Girl Genius for Monday, February 24, 2020 [Girl Genius]

The Girl Genius comic for Monday, February 24, 2020 has been posted.


Prioritizing ending greenhouse emissions [Richard Stallman's Political Notes]

Australia's main opposition party now calls for prioritizing ending greenhouse emissions.

His plans have the usual faults — too late, and too little (net-zero emissions sounds nice but offsetting tends to be self-delusion). Nonetheless, this is a big step forward.

Too bad it is over 2 years to the next election there.

Warren and others put Bloomberg on the spot [Richard Stallman's Political Notes]

Warren and other candidates put Bloomberg on the spot in the Democratic debate, mostly for his personal politics, but also for his political positions.

The Onion's satire in which the DNC asks the bullshitter to run as a Democrat is just a small exaggeration of what it is doing by facilitating his fellow billionaire, Bloomberg.

"If he wins the presidency, striking a 'grand bargain' with Mitch McConnell to cut our earned benefits is likely to be among his top priorities."

Australians accused of supporting PISSI [Richard Stallman's Political Notes]

Australia seeks to arrest and try the Australians accused of supporting PISSI, who are now in prison in Syria.

That is the right thing to do with them — not exile them.

Terrorist inspired by US right-wing conspiracy theories [Richard Stallman's Political Notes]

A white-supremacist terrorist murdered 9 people in bars in Germany, then killed himself. He was inspired by US right-wing extremist conspiracy theories.

The Nazi-like AfD party is accused of fomenting this hatred.

Ironically, there really is a conspiracy in the US to abuse and torture children (plus a larger number of teenagers), operating at locations that are inaccessible. It is a right-wing conspiracy, created by the bully and operated by the US Department of Hatred and Suffering (DHS). Its victims are imprisoned immigrants.

UK university staff strike [Richard Stallman's Political Notes]

Low-paid UK university staff, including teachers, are on strike.

Colorado River slowly drying [Richard Stallman's Political Notes]

Global heating is slowly drying up the Colorado River. The resulting drought could force millions of people to move.

California is also drying due to global heating.

Russian disinformation army [Richard Stallman's Political Notes]

Congressional representatives say that US intelligence warned them that the Russian disinformation army is still at work, supporting the conman.

Russian election meddling is a real danger, but I expect that Koch election meddling and Bloomberg election meddling are bigger dangers.

Methane emissions from fossil fuel extraction [Richard Stallman's Political Notes]

Methane emissions from fossil fuel extraction seems to be 25%-40% more than previously thought. This implies that cuts in extraction will make an even bigger and faster difference. Let's get cracking!


Russ Allbery: Book haul [Planet Debian]

I have been reading rather more than my stream of reviews might indicate, although it's been almost all non-fiction. (Since I've just started a job in astronomy, I decided I should learn something about astronomy. Also, there has been some great non-fiction published recently.)

Ilona Andrews — Sweep with Me (sff)
Conor Dougherty — Golden Gates (non-fiction)
Ann K. Finkbeiner — A Grand and Bold Thing (non-fiction)
Susan Fowler — Whistleblower (non-fiction)
Evalyn Gates — Einstein's Telescope (non-fiction)
T. Kingfisher — Paladin's Grace (sff)
A.K. Larkwood — The Unspoken Name (sff)
Murphy Lawless — Raven Heart (sff)
W. Patrick McCray — Giant Telescopes (non-fiction)
Terry Pratchett — Men at Arms (sff)
Terry Pratchett — Soul Music (sff)
Terry Pratchett — Interesting Times (sff)
Terry Pratchett — Maskerade (sff)
Terry Pratchett — Feet of Clay (sff)
Ethan Siegel — Beyond the Galaxy (non-fiction) (ed.) — Some of the Best from Tor.Com 2019 (sff anthology)

I have also done my one-book experiment of reading Terry Pratchett on the Kindle and it was a miserable experience due to the footnotes, so I'm back to buying Pratchett in mass market paperback.

Just Enough Suffering [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Would you rather give up coffee or the internet?


Russ Allbery: Review: Sweep with Me [Planet Debian]

Review: Sweep with Me, by Ilona Andrews

Series: Innkeeper Chronicles #5
Publisher: NYLA
Copyright: 2020
ISBN: 1-64197-136-3
Format: Kindle
Pages: 146

Sweep with Me is the fifth book in the Innkeeper Chronicles series. It's a novella rather than a full novel, a bit of a Christmas bonus story. Don't read this before One Fell Sweep; it will significantly spoil that book. I don't believe it spoils Sweep of the Blade, but it may in some way that I don't remember.

Dina and Sean are due to appear before the Assembly for evaluation of their actions as Innkeepers, a nerve-wracking event that could have unknown consequences for their inn. The good news is that this appointment is going to be postponed. The bad news is that the postponement is to allow them to handle a special guest. A Drífan is coming to stay in the Gertrude Hunt.

One of the drawbacks of this story is that it's never clear about what a Drífan is, only that they are extremely magical, the inns dislike them, and they're incredibly dangerous. Unfortunately for Dina, the Drífan is coming for Treaty Stay, which means she cannot turn them down. Treaty Stay is the anniversary of the Treaty of Earth, which established the inns and declared Earth's neutrality. During Treaty Stay, no guest can be turned away from an inn. And a Drífan was one of the signatories of the treaty.

Given some of the guests and problems that Dina has had, I'm a little dubious of this rule from a world-building perspective. It sounds like the kind of absolute rule that's tempting to invent during the first draft of a world background, but that falls apart when one starts thinking about how it might be abused. There's a reason why very few principles of law are absolute. But perhaps we only got the simplified version of the rules of Treaty Stay, and the actual rules have more nuance. In any event, it serves its role as story setup.

Sweep with Me is a bit of a throwback to the early books of the series. The challenge is to handle guests without endangering the inn or letting other people know what's going on. The primary plot involves the Drífan and an asshole businessman who is quite easy to hate. The secondary plots involve a colloquium of bickering, homicidal chickens, a carnivorous hunter who wants to learn how Dina and Sean resolved a war, and the attempts by Dina's chef to reproduce a fast-food hamburger for the Drífan.

I enjoyed the last subplot the best, even if it was a bit predictable. Orro's obsession with (and mistaken impressions about) an Earth cooking show are the sort of alien cultural conflict that makes this series fun, and Dina's willingness to take time away from various crises to find a way to restore his faith in his cooking is the type of action that gives this series its heart. Caldenia, Dina's resident murderous empress, also gets some enjoyable characterization. I'm not sure what I thought a manipulative alien dictator would amuse herself with on Earth, but I liked this answer.

The main plot was a bit less satisfying. I'm happy to read as many stories about Dina managing alien guests as Andrews wants to write, but I like them best when I learn a lot about a new alien culture. The Drífan feel more like a concept than a culture, and the story turns out to revolve around human rivalries far more than alien cultures. It's the world-building that sucks me into these sorts of series; my preference is to learn something grand about the rest of the universe that builds on the ideas already established in the series and deepens them, but that doesn't happen.

The edges of a decent portal fantasy are hiding underneath this plot, but it all happened in the past and we don't get any of the details. I liked the Drífan liege a great deal, but her background felt disappointingly generic and I don't think I learned anything more about the universe.

If you like the other Innkeeper Chronicles books, you'll probably like this, but it's a minor side story, not a continuation of the series arc. Don't expect too much from it, but it's a pleasant diversion to bide the time until the next full novel.

Rating: 7 out of 10


Steve McIntyre: What can you preseed when installing Debian? [Planet Debian]

Preseeding is a very useful way of installing and pre-configuring a Debian system in one go. You simply supply lots of the settings that your new system will need up front, in a preseed file. The installer will use those settings instead of asking questions, and it will also pass on any extra settings via the debconf database so that any further package setup will use them.

There is documentation about how to do this in the Debian wiki at, and an example preseed file for our current stable release (Debian 10, "buster") in the release notes.

One complaint I've heard is that it can be difficult to work out exactly the right data to use in a preseed file, as the format is not the easiest to work with by hand. It's also difficult to find exactly what settings can be changed in a preseed.

So, I've written a script to parse all the debconf templates in each release in the Debian archive and dump all the possible settings in each. I've put the results up online at my debian-preseed site in case it's useful. The data will be updated daily as needed to make sure it's current.


Link [Scripting News]

I just finished Long Strange Trip, a documentary about the Grateful Dead. Beautifully done. I went to a lot of Dead shows, going back to the early 70s, on both coasts and in Madison, but never considered myself a Deadhead. I liked a lot of other bands. But I keep coming back to the Dead. Their songs are anthems for my life and work. I think we should play US Blues at baseball games and Fourth of July picnics. That's the America I come from. And of course the incredibly versatile slogan of this blog is from Touch of Grey. That one line is full of so much meaning, but yet so are many lines from many Dead songs.

Link [Scripting News]

Maybe Twitter should offer the option of no-replies on a message by message basis. You can RT my post if you want, but I'm not interested in spam.

Link [Scripting News]

!!Con 2020 -- The joy, excitement and surprise of computing.

Link [Scripting News]

I watched the MSNBC segment where Chris Matthews and Joy Reid talked about the disaster that Sanders is as a candidate. I thought it was fine. I think they should do more of that. I want to hear what they think out in the open instead of between the lines.

Link [Scripting News]

Also I'm not sure Anand Giridharadas is right. We've been through this before. Eugene McCarthy, George McGovern, Jimmy Carter, John Anderson, Barack Obama. All these candidates had Sanders-like pitches. I'm transformative, they said. When I am president, everything will change. Problem is if they actually believe it and are elected, they and we are fucked. They turn out most definitely not to be transformative. The United States is a huge ship and it takes a lot of compromise and time to get it to turn. Giridharadas points out that Sanders is the son of a Holocaust survivor, well, so am I, and I don't like Hail Mary passes unless that's the only option left. This is not a normal election, and Sanders is way too risky. We need to get solidly off the path we're on, bringing as many people as possible along with us. Then let's go for a Sanders-like candidate, maybe when AOC is old enough to run for president.


Enrico Zini: Assorted wonders [Planet Debian]

Daily Science Fiction :: Rules For Living in a Simulation by Aubrey Hirsch

«Listen. We're fairly certain it's true. The laws of the universe just don't make sense the way they should and it's more and more apparent with every atom of gold we run through the Relativistic Heavy Ion Collider and every electron we smash up at the Large Hadron Collider that we are living in a universe especially constructed for us. And, since we all know infinities cannot be constructed, we must conclude that our universe has been simulated.…»
The Missionary Church of Kopimism (in Swedish Missionerande Kopimistsamfundet), is a congregation of file sharers who believe that copying information is a sacred virtue and was founded by Isak Gerson, a 19-year-old philosophy student, and Gustav Nipe in Uppsala, Sweden in the autumn of 2010.[6] The Church, based in Sweden, has been officially recognized by the Legal, Financial and Administrative Services Agency as a religious community in January 2012, after three application attempts.
I cannibali Korowai vivono in cima agli alberi. Ma è tutto vero? The Korowai cannibals live on top of trees. But is it true?
“Siccome @ciocci mi ha confessato che la cosa gli stava facendo esplodere la testa, e siccome io stesso da tempo ero alla ricerca di risposte adeguate sul tema, ho fatto un po’ di ricerche sull'usanza tutta islandese di celebrare il Natale intonando canzoni pop italiane 🎄🇮🇸🇮🇹”
Sono qui riportate le conversioni tra le antiche unità di misura in uso nel circondario di Bologna e il sistema metrico decimale, così come stabilite ufficialmente nel 1877. Nonostante l'apparente precisione nelle tavole, in molti casi è necessario considerare che i campioni utilizzati (anche per le tavole di epoca napoleonica) erano di fattura approssimativa o discordanti tra loro.[1]
Elenco di popolari creature leggendarie e animali mitologici presenti nei miti, leggende e folclore dei diversi popoli e culture del mondo, in ordine alfabetico. Note Questa lista elenca solo creat…
Last week I wrote about about Meido, the Japanese Underworld, and how it has roots in Indian Buddhism and Chinese Buddhist-Taoist concepts. Today I'll write a little bit about where some unlucky
The Vegetable Lamb of Tartary (Latin: Agnus scythicus or Planta Tartarica Barometz[1]) is a legendary zoophyte of Central Asia, once believed to grow sheep as its fruit. It was believed the sheep were connected to the plant by an umbilical cord and grazed the land around the plant. When all accessible foliage was gone, both the plant and sheep died.

Sunday, 23 February


Copyright Troll Now Has its Own Piracy Tracking Tool [TorrentFreak]

Three years ago, Strike 3 Holdings had never filed a single lawsuit, but today the company has thousands of cases on its record.

These lawsuits are being filed across the United States, targeting people whose Internet connections were allegedly used to download and share copyright-infringing content via BitTorrent.

In the case of Strike 3, this refers to adult videos that are made available via the Blacked, Tushy, and Vixen websites. The company’s legal campaign has kept the courts busy and contributed to a record-breaking breaking number of piracy lawsuits.

Last summer the company suddenly stopped filing new lawsuits in federal court, but in December its efforts started up again. While the new complaints were very similar to the previous ones, there is a striking difference.

Previously, Strike 3 relied on evidence from the German company IPP International, which tracks file-sharing activity that takes place via BitTorrent networks. However, in the new cases Strike 3 is relying on evidence produced by its own tracking system.

“Plaintiff has developed, owns, and operates an infringement detection system,” Strike 3 wrote. In a complaint filed this week, it gets more specific by adding a name for its system: ‘VXN Scan’.

“Using VXN Scan, Plaintiff discovered that Defendant used the BitTorrent file network to illegally download and distribute Plaintiff’s copyrighted motion pictures,” Strike 3 informed a Virginia federal court.

The switch to the in-house tracking system coincided with Strike 3’s hiatus in filing new federal lawsuits. It’s unclear, however, why that happened. It could be an effort to save costs or the company may have severed its ties to IPP International for another reason.

The mention of the new detection system was highlighted by defense attorney Jeffrey Antonelli who also observed another change in Strike 3’s strategy. In addition to the torrent hash, the copyright holder now lists a file-hash as evidence as well.

This addition may very well be a response to a recent order in a Washington federal court, where Judge Zilly ordered Strike 3 to pay $47,777 to cover the fees and costs of an accused man. In this case, the Judge noted that torrent hashes are not sufficient to pinpoint an infringing file.

The complaint also mentions that the defendant is not the subscriber of the linked IP-address. This case address was previously mentioned in another case, so it’s possible that Strike 3 obtained extra information about the alleged pirate from the account holder.

Whether the new complaint and in-house tracking system will be able to withstand scrutiny from defense lawyers has yet to be seen. Thus far, Strike 3’s technology hasn’t been tested in court.

That said, the description does raise some questions. According to the adult video producer, VXN Scan doesn’t “upload content to any BitTorrent user” because “it is incapable of doing so.” At the same time, however, the defendants are accused of “downloading” pirated content.

Technically, a tracking system that merely downloads content can’t prove that other users downloaded anything, only that they uploaded material. That said, the complaint would still be valid if defendants only uploaded files, when they are not authorized to do so.

All in all, it’s clear that Strike 3 doesn’t plan to halt its legal efforts anytime soon. The company previously started experimenting by filing lawsuits in county court and with its own tracking system, the related scheme may become even more profitable.

A copy of Strike 3’s complaint mentioning the new VXN Scan detection system is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.



Apple weighs letting users switch default iPhone apps to rivals [OSnews]

Apple Inc. is considering giving rival apps more prominence on iPhones and iPads and opening its HomePod speaker to third-party music services after criticism the company provides an unfair advantage to its in-house products.

The technology giant is discussing whether to let users choose third-party web browser and mail applications as their default options on Apple’s mobile devices, replacing the company’s Safari browser and Mail app, according to people familiar with the matter. Since launching the App Store in 2008, Apple hasn’t allowed users to replace pre-installed apps such as these with third-party services. That has made it difficult for some developers to compete, and has raised concerns from lawmakers probing potential antitrust violations in the technology industry.

Just the mere possibility of antitrust action is making Apple considering changes to improve competition – the strength of legal action. Of course, these concessions are way too little, and especially the EU will want more than just competing Safari skins – that’s all third-party iOS browsers really are – and mail clients.

Quibble: a custom, open source Windows bootloader [OSnews]

Quibble is the custom Windows bootloader – an open-source reimplementation of the files bootmgfw.efi and winload.efi, able to boot every version of Windows from XP to Windows 10 1909. Unlike the official bootloader, it is extensible, allowing you to boot from other filesystems than just NTFS.

This is only a proof of concept at this stage – don’t use this for anything serious.

Quibble can boot Windows from Btrfs, which is impressive enough in its own right.

An /e/ phone in 2020 [OSnews]

One of the projects I have been watching with curiosity over the past year is /e/ (formerly Eelo), a mobile operating system that is based on Android, but with the pieces associated with Google’s software and services removed.

The removed pieces have been replaced with alternatives, so that it still functions as a complete mobile operating system. DistroWatch is quite impressed with the release, while noting it still has some rough edges.

The /e/ phone does not offer all the apps Android does, and it might not be entirely polished yet in the re-branding experience. However, it does provide a very solid, mostly Android compatible experience without the Google bits. The /e/ team offers a wider range of hardware support than most other iOS and Android competitors, it offers most of the popular Android apps people will probably want to use (I only discovered a few missing items I wanted), and the on-line cloud services are better than those of any other phone I’ve used (including Ubuntu One and Google).

I’d certainly recommend /e/ for more technical users who can work around minor rough edges and who won’t get confused by the unusual branding and semi-frequent permission prompts. I’m not sure if I’d hand one of these phones over to an Android power-user who uses a lot of niche apps, but this phone would certainly do well in the hands of, for instance, my parents or other users who tend to interact with their phones for texting, phone calls, and the calendar without using many exotic applications.

That’s quite impressive, and while unlikely, it would be great to have a stable, fully functional Android ROM that’s Google-free.


YouTube Fair Use: Documentary Makers Defeat Gaye, Thicke, Bee Gees & Jackson [TorrentFreak]

Late last year, TorrentFreak covered issues facing, a group dedicated to informing the public on copyright-related matters.

As architects of the web-series Creativity Delusion, Copy-Me had published an episode entitled “Geniuses Steal”, which explored the notion that no one really creates something out of nothing and even the greatest minds rely upon the inspiration of others. Unfortunately, the work fell victim to claims from not one but four separate directions.

According to the automated claims that appeared in the group’s YouTube panel, their use of snippets of songs by Marvin Gaye, Robin Thicke, Bee Gees and Michael Jackson constituted an infringement of the various labels’ rights, despite being fairly obvious examples of fair use.

However, after a bold fightback, Copy-Me has now emerged victorious, as the group’s Alex Lungu explains.

“The claims in question were on samples from different songs we used to talk about the ethical & legal problems when dealing with art and copyright. The Marvin Gaye vs Blurred Lines case is one of the biggest copyright suits ever. Marvin Gaye’s family won five million dollars and we find that insane,” Lungu informs TF.

“So to prove how similar Marvin Gaye’s song is to plenty of other songs from its time, we played them side by side with You Should Be Dancing (Bee Gees), Don’t Stop ‘Til You Get Enough (Michael Jackson), Everybody Dance (Chic) and September (Earth, Wind & Fire).

The group received copyright claims on four samples – Got to Give It Up, Blurred Lines, You Should Be Dancing and Don’t Stop ‘Til You Get Enough. That meant that Sony Music Entertainment and Universal Music Group got to play ads against the documentary show, even though Copy-Me never monetized the content in the first place.

“I filed disputes immediately on the grounds of fair use. We used small samples and we didn’t affect the owner’s market, so I knew the video was safe,” Lunge says.

“But the thing with Youtube’s copyright claim system is that it doesn’t matter how legal or illegal the use is. It’s in its own world. The copyright claimant is the judge and jury and there’s no third party assessing the claim. There’s no penalty if the claim is wrong or the claimant lies. So you’re left with reading up on the law, fully understanding the forms YouTube asks you to fill and hoping for the best.”

The responses to the disputes were mixed. Three received absolutely no response from the claimants and after 30 days waiting, were automatically dropped by YouTube’s system. But that still left the fourth claim and dispute concerning Don’t Stop ‘Til You Get Enough up in the air. That proved less easy to purge.

“One dispute was rejected (Michael Jackson, Sony Music Entertainment/SME), so there was probably a real person there who thought they can actually make money off our work. So we were left with a video which was monetized in some countries by SME on the grounds that SME alone thought we were illegally using their song – which we weren’t,” Lunge says.

Lunge admits that at this point, he was “a bit afraid” to file an appeal on the grounds that he would have to give all of his personal information to Sony who could then sue him or delete the documentary. Again, with no oversight or penalty if their claim wasn’t valid, all “on the whim” of a “company intern”.

Lunge decided to go all the way, filed an appeal and explained himself yet again. He received no reply but with the clock ticking, things went his way. One month later the appeal expired and the claim against the documentary was released. Nevertheless, that wasn’t without cost. Not counting all of the administrative work and upheaval, it still took two months to counter all of the claims and get back on an even keel.

“That’s an incredible amount of time to have your video in copyright purgatory. I can’t even imagine what must go on inside someone’s mind who makes Youtube videos for a living,” he says.

“There are plenty of completely legal uses one can make with a song, without asking for any permission: criticism, parody, quotation and so on. Automated claims will never distinguish between legal and illegal ones. Only a judge can do that, but it’s insane to think one should decide for the thousands of videos uploaded every second.

“And I am genuinely concerned about the nature of online videos when big platforms like Youtube and Facebook will be forced to abide by the new European Directive on copyright filters,” Lunge concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Wasting it [Seth's Blog]

When you bought your first smartphone, did you know you would spend more than 1,000 hours a year looking at it?

Months later, can you remember how you spent those hours?

When you upgraded to a new smartphone, so you could spend more hours on it, did you think about how you had spent so much of your ‘free’ time the year before?

If we wasted money the way we waste time, we’d all be bankrupt.


Internet in a box [RevK®'s rants]

I have finished my cruise now, which was mostly holiday, but also some work. I did some training for my mates (mainly in C coding) and we did various coding as well (there were a few sea days). But now I am back I am making up the next version of my "internet in a box" that I take on cruises like this. I'm doing it now whilst I remember the last cruise in detail, even though my next cruise is some way off.

OK, that is not it - we have one of those, and it would be really cool if I could fit the bits in that box, but at present is is a tad larger... More like this...

So, what's in the box?
  • FireBrick FB2900
  • Aruba 501
  • 2x Aruba AP-303H
  • 3x PoE injectors
  • 1x 4 way power strip
  • Magic tape to hold it all in place
This is obviously somewhat overkill, so worth some explanation...

FireBrick FB2900

The FireBrick is a "swiss army knife" or network contraptions. It does a lot.

When you are trying to use internet on a ship you have a challenging, even hostile, environment. There are blocked ports and protocols, 700ms round trip latency (or randomly much more), packet loss at various levels, strange MTU issues, and seriously messing with TCP packets (acceleration). This can all change on the fly as you travel (the Panama trip was especially complicated).

To be clear, this is not stealing internet service - it is expensive and we pay for the premium, unlimited, steaming package for multiple devices. This does allow connection of devices that do not have WiFi or have a browser.

Whenever I take a FireBrick on a cruise we find new ways to improve it. This can be changes to handle high latency, or new features to handle some of the limitations. Even simple higher level protocols can struggle with the very high latency and low level packet loss. A lot of new features are the result of testing in this harsh environment and have benefitted the FireBrick code. Not sure I can expense my cruises as R&D just yet though, shame.

So, this alone, is one of the reasons for the crazy set up. The FireBrick can do various VPNs, UDP over faked TCP, TCP relaying, all sorts.

The main objective is to connect to the ship internet (WiFi) and provide internet to laptop or apple TV. For the apple TV to work in any expected way without regional blocks, it needs a working UK IP address in some way, and the FireBrick can do that.

The FireBrick can also monitor the connection in various ways and fall back, even to simple NAT over the ship's WiFi as last resort, and report status on an LED to make it obvious. If ever I fit this in one of those black boxes, the LED will not just blink red :-)

Aruba 501

This is a rather nice WiFi client. It connects to the WiFi and can do MAC cloning, where it will associate using the same MAC address the FireBrick is using. We found that the WiFi on ship filters other MAC addresses, and even locks down the connection after a little while if it sees more than one MAC. We were changing MACs every day until we managed to lock it down to no see any others.

Aruba AP-303H

Having connected to the Internet, and set up a VPN, we then provide internet over WiFi. It can be done with cables, but WiFi is fine and not as messy or such a trip hazzard. Previously I took a larger ceiling mount AP, but that gets hot, especially if not ceiling mounted. So this time I have smaller, and lower power, AP-303H units. I also have two, one facing each way, so the box can go in the corridor. Ships have big metal walls which make WiFi tricky. Even so, I am taking some 10m ethernet cables to allow me to place the APs to cover the whole cabin if necessary.

We actually had to set a hidden SSID, as we found that in at least one port we were seeing de-auth attacks. Interestingly this was not happening once we changed to hidden SSID. Even with the metal walls, we often see people running personal hotspots when in port, so it may be an attempt to stop that (AFAIK not legal to de-auth people like that, but who knows on a ship).

Update: Having two APs powered by PoE means I have more options - running a cable to place one, or both, APs, in more suitable locations in the cabin if they don't work in the box.

PoE injectors

This is another change from previous cruise - the last couple of times I took a nice 8 port Aruba PoE switch, which is quite big and has a big chunky power supply. This time I have three small PoE injectors which take a lot less space overall. There are some multiple port in-line PoE injectors which may be a good alternative to consider, but even with just one such unit I still need a power strip to power it and the FireBrick.

The AP-303H includes a switch, so if I need more Ethernet ports, they can provide them, so the bigger switch was not needed.

Power strip

The three PoE injectors and FireBrick mean a 4 way power strip - though I am considering making a lead with daisy chained C13 plugs and a C8 all on one lead perhaps. However, the 4 way strip fits fine. One option may be an IEC socket in the side of the Peli case so it can be closed. It looks like the whole lot is not generating enough heat for that to be an issue, but something to test.

Update: One idea is to use a 4 way IEC distribution board instead, which may well take less space.

Spare space

The whole box, even with all those bits taped in to place, has a lot of space. In fact I can pack my laptop, charger, mouse, mat, Apple TV, spare cables, phone charger, and so on, all in the one case. This means all of the tech in one small Peli case which then just sits in the corridor to provide "internet in a box".


Update: This allows me to bypass much of the hostile environment, and have clean Internet access on my own IP addresses. It even allows me to have a standard VoIP phone on the table in the cabin if I want. It allows devices that could not connect to ship's WiFi on their own (I had some of my IoT stuff on it). It is not trying to be the cheapest, or even the smallest (though I am trying to make it smaller). It mainly allows testing and development of the FireBrick in such an environment, and it is fun (for me), even if it is overkill.


Martin Michlmayr: ledger2beancount 2.0 released [Planet Debian]

I released version 2.0 of ledger2beancount, a ledger to beancount converter.

Here are the changes in 2.0:

  • Handle comments in account and commodity declarations
  • Handle transactions with a single posting (without bucket)
  • Handle empty metadata values
  • Rewrite Emacs modeline

You can get ledger2beancount from GitHub.


Tales from the Cat Planet [Skin Horse]

Shaenon: Page from a graphic novel in progress. Art by Jason Thompson and me, colors by Jumana Al Hashal.

Channing: I am forced to assume that Robin Garrity takes top writing credit. I’m super enthusiastic about this one.


Russ Allbery: Review: Exit Strategy [Planet Debian]

Review: Exit Strategy, by Martha Wells

Series: Murderbot Diaries #4
Copyright: October 2018
ISBN: 1-250-18546-7
Format: Kindle
Pages: 172

Exit Strategy is the fourth of the original four Murderbot novellas. As you might expect, this is not the place to begin. Both All Systems Red (the first of the series) and Rogue Protocol (the previous book) are vital to understanding this story.

Be warned that All Systems Red sets up the plot for the rest of the series, and thus any reviews of subsequent books (this one included) run the risk of spoiling parts of that story. If you haven't read it already, I recommend reading it before this review. It's inexpensive and very good!

When I got back to HaveRotten Station, a bunch of humans tried to kill me. Considering how much I'd been thinking about killing a bunch of humans, it was only fair.

Murderbot is now in possession of damning evidence against GrayCris. GrayCris knows that, and is very interested in catching Murderbot. That problem is relatively easy to handle. The harder problem is that GrayCris has gone on the offensive against Murderbot's former client, accusing her of corporate espionage and maneuvering her into their territory. Dr. Mensah is now effectively a hostage, held deep in enemy territory. If she's killed, the newly-gathered evidence will be cold comfort.

Exit Strategy, as befitting the last chapter of Murderbot's initial story arc, returns to and resolves the plot of the first novella. Murderbot reunites with its initial clients, takes on GrayCris directly (or at least their minions), and has to break out of yet another station. It also has to talk to other people about what relationship it wants to have with them, and with the rest of the world, since it's fast running out of emergencies and special situations where that question is pointless.

Murderbot doesn't want to have those conversations very badly because they result in a lot of emotions.

I was having an emotion, and I hate that. I'd rather have nice safe emotions about shows on the entertainment media; having them about things real-life humans said and did just led to stupid decisions like coming to TransRollinHyfa.

There is, of course, a lot of the normal series action: Murderbot grumbling about other people's clear incompetence, coming up with tactical plans on the fly, getting its clients out of tricky situations, and having some very satisfying fights. But the best part of this story is the reunion with Dr. Mensah. Here, Wells does something subtle and important that I've frequently encountered in life but less commonly in stories. Murderbot has played out various iterations of these conversations in its head, trying to decide what it would say. But those imagined conversations were with its fixed and unchanging memory of Dr. Mensah. Meanwhile, the person underlying those memories has been doing her own thinking and reconsideration, and is far more capable of having an insightful conversation than Murderbot expects. The result is satisfying thoughtfulness and one of the first times in the series where Murderbot doesn't have to handle the entire situation by itself.

This is one of those conclusions that's fully as satisfying as I was hoping it would be without losing any of the complexity. The tactics and fighting are more of the same (meaning that they're entertaining and full of snark), but Dr. Mensah's interactions with Murderbot now that she's had the time span of two intervening books to think about how to treat it are some of the best parts of the series. The conclusion doesn't answer all of the questions raised by the series (which is a good thing, since I want more), but it's a solid end to the plot arc.

The sequel, a full-length Murderbot novel (hopefully the first of many) titled Network Effect, is due out in May of 2020.

Rating: 9 out of 10

Dirk Eddelbuettel: digest 0.6.25: Spookyhash bugfix [Planet Debian]

And a new version of digest is getting onto CRAN now, and to Debian shortly.

digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64, murmur32, and spookyhash algorithms) permitting easy comparison of R language objects. It is a fairly widely-used package (currently listed at 889k monthly downloads with 255 direct reverse dependencies and 7340 indirect reverse dependencies) as many tasks may involve caching of objects for which it provides convenient general-purpose hash key generation.

This release is a one issue fix. Aaron Lun noticed some issues when spookyhash is used in streaming mode. Kendon Bell, who also contributed spookyhash quickly found the issue which is a simple oversight. This was worth addressing in new release, so I pushed 0.6.25.

CRANberries provides the usual summary of changes to the previous version.

For questions or comments use the issue tracker off the GitHub repo.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


Link [Scripting News]

I thought Sanders' speech was good tonight. I was surprised. I think this may be the first time I've heard him give a speech. Previously I'd only seen him in debates, where he's a prick. Sorry, that's what I see. Even so, he really never has had a negative campaign run against him, and it'll be too late for all of us when the Repubs do. I can't imagine his past is not filled with lots of really awful stuff.

How does Twitter threading work? [Scripting News]

This came up in an email discussion.

Doc said he doesn't really understand how Twitter threading works. I'm not sure I understand it either, and I've implemented it in two of my tools, first Electric Pork and now LO2.

Here's how I do it.

Suppose you have a sequence of four bits of text you want to turn into a Twitter thread.

Label them A, B, C and D.

When you post a tweet you can optionally specify which tweet it is in reply to.

First I post A to Twitter, not a reply.

  • Then I post B, in reply to A.
    • Then C, in reply to B.
      • And D, in reply to C.

Twitter will display that as a thread. Like this.

Could I have had them all in reply to A? Not sure. I haven't tried it.


Chance to kill "unitary patent" agreement [Richard Stallman's Political Notes]

FFII contends that the departure of Britain from the EU has invalidated the "unitary patent" agreement, and this offers a chance to kill it permanently.

This is important because that deal would make the European Patent Office effectively autonomous regarding the question of which ideas are patentable — and it would certainly take advantage of that to rule that computational ideas are patentable.

This offers one more chance to try to save software from patents in Europe. FFII will campaign to do this, and I will offer my help.

Preventing the insect apocalypse [Richard Stallman's Political Notes]

There is no time to wait for more data before taking action to prevent the insect apocalypse. The danger is desperately urgent.

When you need to stop the train before it runs off the broken bridge, you can't afford to spend a minute calculating precisely how hard to push the brakes.

Google to move data about UK residents to US [Richard Stallman's Political Notes]

After the UK's exit from the European Union, Google plans to move the data about UK residents to the US. It will be able to do this because the GDPR will no longer apply

The GDPR are inherently weak, because they aim at "protection of data" already collected, rather than at preventing the collection of data about people's activities.

US blocks investigator of human rights violations [Richard Stallman's Political Notes]

The US has blocked Eyal Weizman from visiting Miami to open an exhibit about his work. He leads Forensic Architecture, which investigates human rights violations world-wide.

The border thugs said that a computer program suggested he was a security threat. However, it was the humans who decided to heed that suggestion. They demand a list of all citizens of Syria, Iran, Iraq, Yemen or Somalia that he has met, and invite him to volunteer names of everyone else he knows who might perhaps be somehow suspect. In effect, "conduct a fishing expedition on yourself."

In the course of investigating human rights violations he has talked with witnesses from those countries, people of various political affiliations. To turn him into a US spy on all of them could benefit the US government, both by getting more information for its giant data bases, and by getting a lever with which to ruin his career at any time. It could use that lever to stop him from investigating human rights violations committed by the US.

He was wise to this danger, and refused to give the information.

In the past, being caught doing this would have chastened the US. The bullshitter will boast of having damaged two birds (human rights investigation, and justice) with one lie.

Large trees protect crops from hurricane [Richard Stallman's Political Notes]

In Fiji, large trees protected crops from the wind and waves of a hurricane — in farms that had not cut the trees down.

(For reasons of tradition, the term "hurricane" is not used for storms in the South Pacific, but it's the same kind of storm.)

Nonfree preinstalled firmware [Richard Stallman's Political Notes]

Many kinds of computer components have processors which contain nonfree preinstalled firmware that can be altered maliciously by anyone with bad intentions.

Some require the firmware to be signed with a particular key. In those, to alter the firmware maliciously requires the aid (willing or unwilling) of the manufacturer. Still not secure.

Real security requires that the device not allow modification of the firmware through the connectors for normal use of the device.

Emotions and facial expressions [Richard Stallman's Political Notes]

AI programs that are claimed to recognize emotions from facial expressions have to be bogus, because different people express the same emotion with different expressions.

Saturday, 22 February


Norbert Preining: QOwnNotes for Debian [Planet Debian]

QOwnNotes is a cross-platform plain text and markdown note taking application. By itself, it wouldn’t be something to talk about, we have vim and emacs and everything in between. But QOwnNotes integrates nicely with the Notes application from NextCloud and OwnCloud, as well as providing useful integration with NextCloud like old version of notes, access to deleted files, watching changes, etc.

The program is written using Qt and contains, besides language files and desktop entries only one binary. There is a package in a PPA for Ubuntu, so it was a breeze to package, converting the cdbs packaging from the ppa to debhelper on the way.

Source packages and amd64 binaries for sid/testing and buster are available at

deb unstable main
deb-src unstable main


deb buster main
deb-src buster main

respectively. The git repository is als available.



[1096] Party's Over [Twokinds]

Comic for February 22, 2020


Canal+ Warns Torrent Site Not to Pirate Upcoming TV-Series [TorrentFreak]

It’s commonly known that copyright holders regularly send takedown notices to torrent sites, asking the operators to remove pirated content.

While not all sites comply with these, many do, to avoid drawing any unnecessary attention.

This week we were contacted by the operator of one of the larger torrent sites, who prefers to remain anonymous. He also processes takedown notices regularly. However, one request he received this week seemed a little out of the ordinary.

The site operator was contacted by the anti-piracy department of the entertainment company CANAL+. Unlike other notices, where the site is asked to remove content, this request was sent to protect content that hasn’t even aired yet.

The notice in question mentions the Polish series Mały Zgon (Little Death) to which Canal+ has the exclusive rebroadcasting rights. However, the company fears that it will end up at the targeted torrent site as well.

Canal+ stresses that the torrent site and its users don’t have the right to distribute the upcoming series. If the site’s operator fails to remove or disable content when it’s made available, it can be held liable, the company explains.

“Thus, this letter gives you actual knowledge of illegal activity or information as regulated in [the EU e-commerce directive] and its receipt obliges you to act expeditiously and remove or to disable access to any of the above mentioned files from the Website – otherwise you will not be able to take advantage of the release from liability for unlawful sharing of files containing the episodes of the Series on the Website,” the letter adds.

In order to help the site operator a bit, Canal+ shared the series release schedule. The first two episodes are set to come out on March 8 and it ends on April 5, with two new episodes coming out every week.

In addition, the anti-piracy department has another tip. The letter notes that most illegal activity will likely take place shortly after the episodes come out, so Canal+ encourages the site operator to be extra vigilant during that time.

“Based on the experience gained during work on the protection of copyrights and related rights vested in the Company, I can point out that the highest probability of increased activity of the Website’s users will occur within a few days of the release of the subsequent episodes – for this reason I recommend special vigilance in these periods,” the notice adds.

These type of preemptive takedown notices are rather unusual. At this point, there is nothing for the site operator to take down. While Canal+ may hope that the site will install some kind of filtering mechanism, we doubt that this will happen.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Link [Scripting News]

I just saw pictures of a friend's teenage sons in current passport pictures. I've been following their travels via Facebook for years. They were always boys, but now you can see the men. There's a gravitas in the outward view. Thought. These boys were raised to be men. What a great word, raised. I don't think I was actually raised myself. Maybe here and there. Fed. Sometimes cared for. Mostly left to figure it out for myself.


Link [Scripting News]

Loyalty to Trump is, today, an issue for people who work in the US government. Soon it will be an issue for everyone who lives in the US. You will have to sign a loyalty oath. We're way past the time when anyone should be working just for themselves.

Link [Scripting News]

Today I learned that Sanders will be the presumptive Democratic Party nominee in eleven days, unless something happens to shake that up. If you don't believe it, read this piece.

Link [Scripting News]

This piece is so chock-full of smarts, it should be a Twitter thread.


Today in GPF History for Saturday, February 22, 2020 [General Protection Fault: The Comic Strip]

Fooker takes the first trip into Professor Wisebottom's VR Fractal Explorer...


Pluralist, your daily link-dose: 22 Feb 2020 [Cory Doctorow's]

Today’s links

  1. Tax Justice Network publishes a new global Financial Secrecy Index: US and UK, neck-and-neck
  2. What Marc Davis lifted from the Addams Family while designing the Haunted Mansion: Amateurs plagiarize, artists steal
  3. ICANN should demand to see the secret financial docs in the .ORG selloff: at least it’s an Ethos
  4. Wells Fargo will pay $3b for 2 million acts of fraud: they shoulda got the corporate death penalty
  5. This day in history: 2019, 2015, 2010
  6. Colophon: Recent publications, current writing projects, upcoming appearances, current reading

Tax Justice Network publishes a new global Financial Secrecy Index (permalink)

The Tax Justice Network just published its latest Financial Secrecy Index, the leading empirical index of global financial secrecy policies. The US continues to make a dismal showing, as does the UK (factoring in overseas territories).

Both Holland and Switzerland backslid this year.

Important to remember that “bad governance” scandals in poor countries (like the multibillion-dollar Angolaleaks scandal) involve rich financial secrecy havens as laundries for looted national treasure.

As Tax Justice breaks it down: “The secrecy world creates a criminogenic hothouse for multiple evils including fraud, tax cheating, escape from financial regulations, embezzlement, insider dealing, bribery, money laundering, and plenty more. It provides multiple ways for insiders to extract wealth at the expense of societies, creating political impunity and undermining the healthy ‘no taxation without representation’ bargain that has underpinned the growth of accountable modern nation states. Many poorer countries, deprived of tax and haemorrhaging capital into secrecy jurisdictions, rely on foreign aid handouts.”

Talk about getting you coming and going! First we make bank helping your corrupt leaders rob you blind, then we loan you money so you can keep the lights on and get fat on the interest (and force you to sell off your looted, ailing state industries as “economic reforms”).

The Taxcast, which is the Network’s podcast, has a great special edition in which the index’s key researchers explain their work. It’s always a good day when a new Taxcast drops.

What Marc Davis lifted from the Addams Family while designing the Haunted Mansion (permalink)

It’s always a good day — a GREAT day — when the Long Forgotten Haunted Mansion blog does a new post, but today’s post, on the influence of the Addams Family TV show on Mansion co-designer Mark Davis? ::Chef’s Kiss::

It’s clear that Davis was using Addams’s comics as reference, but, as Long Forgotten shows, the Davis sketches and concepts are straight up lifted from the TV show: “Amateurs plagiarize, artists steal.”

Some of these lifts are indisputable.

“Finally, it’s possible that Davis took a further cue from the insanely long sweater Morticia is knitting in ‘Fester’s Punctured Romance’ (Oct 2, 1964), but in this case I wouldn’t insist upon it.”

Likewise, from the TV show, “Bruno” the white bear rug that periodically bites people was obviously the inspiration for this Davis sketch for the Mansion. Long Forgotten is less certain about “Ophelia,” but I think it’s pretty clear where Davis was getting his ideas from here.

Davis was an unabashed plunderer and we are all better for it! “We’ve seen many other examples of Marc Davis taking ideas from here, there, and anywhere he could find them, but not many other examples of multiple inspiration from a single source.”

ICANN should demand to see the secret financial docs in the .ORG selloff (permalink)

ISOC — the nonprofit set up to oversee the .ORG registry — decided to sell off this asset (which they were given for free, along with $5M to cover setup expenses) to a mysterious private equity fund called Ethos Capital.

Some of Ethos’s backers are known (Republican billionaire families like the Romneys and the Perots) but much of its financing remains in the shadows. We do know that ICANN employees who help tee up the sale now work for Ethos, in a corrupt bit of self-dealing.

The deal was quietly announced and looked like a lock, but then public interest groups rose up to demand an explanation. Not only could Ethos expose nonprofits to unlimited rate-hikes (thanks to ICANN’s changes to its rules), they could do much, much worse.

If a .ORG registrant dropped its domain, Ethos could sell access to misdirected emails and domain lookups – so if you watchdog private equity funds and get destroyed by vexation litigation, Ethos could sell your bouncing email to the billionaires who crushed you.

More simply, Ethos could sell the kind of censorship-as-a-service it currently sells through its other registry, Donuts, which charges “processing fees” to corrupt governments and bullying corporations who want to censor the web by claiming libel or copyright infringement.

Ethos offered ISOC $1.135b for the sale, but $360m of that will come from a loan that .ORG will have to pay back, a millstone around its neck, dragging it down. Debt-loading healthy business as a means of bleeding them dry is a tried-and-true PE tactic – it’s what did in Toys R Us, Sears, and many other firms. The PE barons get a fortune, everyone else gets screwed.

The interest on .ORG’s loan will suck up $24m/year — TWO THIRDS of the free money that .ORG generates. .ORG is a crazily profitable nonprofit – it charges dollars to provide a service that costs fractional pennies, after all. In response to getting slapped around by some Members of Congress, the Pennsylvania AG, and millions of netizens, Ethos has made a promise to limit prices increases…for a while. And they say that they’ll be kept honest by the nonbinding recommendations of an “advisory council” whose members Ethos will appoint and who will serve at Ethos’s pleasure.

In a letter to ICANN, EFF and Americans for Financial Reform have called for transparency on the financing behind the sale: “hidden costs, loan servicing fees, and inducements to insiders.”

Wells Fargo will pay $3b for 2 million acts of fraud (permalink)

Wells Fargo stole from at least two million of its customers, pressuring its low-level employees to open fake accounts in their names, firing employees who refused (refuseniks were also added to industry-wide blacklists created to track crooked bankers). These fake accounts ran up fees for bank customers, including penalties, etc. In some cases, the damage to the victims’ credit ratings was so severe that they were turned down for jobs, unable to get house loans or leases, etc.

The execs who oversaw these frauds had plenty of red flags, including their own board members asking why the fuck their spouses had been sent mysterious Wells Fargo credit cards they’d never signed up for. Though these execs paid fines, they got to keep MILLIONS from this fraud (which was only one of dozens of grifts Wells Fargo engaged in this century, including stealing from small businesses, homeowners, military personnel, car borrowers, etc). Some of them may never work in banking again, but they’re all millionaires for life.

Now, Wells Fargo has settled with the DoJ for $3b, admitting wrongdoing and submitting to several years of oversight. That’s a good start, but it’s a bad finish.

The largest bank in America was, for DECADES, a criminal enterprise, preying on Americans of every description. It should no longer exist. It should be broken into constituent pieces, under new management. There would be enormous collateral damage from this (just as the family of a murderer suffers when he is made to face the consequences of his crimes). But what about the collateral damage to everyone who is savaged by a similarly criminal bank in the future, emboldened by Wells Fargo’s impunity?

Wells Fargo is paying a fine, but will have NO criminal charges filed against it.

If you or I stole from TWO MILLION people, we would not be permitted to pay a fine and walk away.

“I’ll believe corporations are people when the government gives one the death penalty.”

This day in history (permalink)

#15yrsago: Kottke goes full-time

#15yrsago: New Zealand’s regulator publishes occupational safety guide for sex workers:

#10yrsago: Principal who spied on child through webcam mistook a Mike n Ike candy for drugs:

#10yrsago: School where principal spied on students through their webcams had mandatory laptop policies, treated jailbreaking as an expellable offense

#10yrsago: Parents file lawsuit against principal who spied on students through webcams:

#1yrago: Cybermercenary firm with ties to the UAE want the capability to break Firefox encryption

#1yrago: Fraudulent anti-Net Neutrality comments to the FCC traced back to elite DC lobbying firm

Colophon (permalink)

Today’s top sources: Naked Capitalism (

Hugo nominators! My story “Unauthorized Bread” is eligible in the Novella category and you can read it free on Ars Technica:

Upcoming appearances:

Currently writing: I just finished a short story, “The Canadian Miracle,” for MIT Tech Review. It’s a story set in the world of my next novel, “The Lost Cause,” a post-GND novel about truth and reconciliation. I’m getting geared up to start work on the novel now, though the timing is going to depend on another pending commission (I’ve been solicited by an NGO) to write a short story set in the world’s prehistory.

Currently reading: I finished Andrea Bernstein’s “American Oligarchs” this week; it’s a magnificent history of the Kushner and Trump families, showing how they cheated, stole and lied their way into power. I’m getting really into Anna Weiner’s memoir about tech, “Uncanny Valley.” I just loaded Matt Stoller’s “Goliath” onto my underwater MP3 player and I’m listening to it as I swim laps.

Latest podcast: Persuasion, Adaptation, and the Arms Race for Your Attention:

Upcoming books: “Poesy the Monster Slayer” (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here:

(we’re having a launch for it in Burbank on July 11 at Dark Delicacies and you can get me AND Poesy to sign it and Dark Del will ship it to the monster kids in your life in time for the release date).

“Attack Surface”: The third Little Brother book, Oct 20, 2020.

“Little Brother/Homeland”: A reissue omnibus edition with a very special, s00per s33kr1t intro.


Dirk Eddelbuettel: RcppSimdJson 0.0.2: First Update! [Planet Debian]

Following up on the initial RcppSimdJson release, a first updated arrived on CRAN yesterday.

RcppSimdJson wraps the fantastic simdjson library by Daniel Lemire which truly impressive. Via some very clever algorithmic engineering to obtain largely branch-free code, coupled with modern C++ and newer compiler instructions, it results in persing gigabytes of JSON parsed per second which is quite mindboggling. I highly recommend the video of the recent talk by Daniel Lemire at QCon (which was also voted best talk). The best-case performance is ‘faster than CPU speed’ as use of parallel SIMD instructions and careful branch avoidance can lead to less than one cpu cycle use per byte parsed.

This release syncs the simdjson headers with upstream, and polishes the build a little by conditioning on actually having a C++17 compiler rather than just suggesting it. The NEWS entry follows.

Changes in version 0.0.2 (2020-02-21)

  • Sychronized with upstream (Dirk in #4 and #5).

  • The R side of validateJSON now globs the file argument, expanding symbols like ~ appropriately.

  • C++ code in validateJSON now conditional on C++17 allowing (incomplete) compilation on lesser systems.

  • New helper function returning value of __cplusplus macro, used in package startup to warn if insufficient compiler used.

For questions, suggestions, or issues please use the issue tracker at the GitHub repo.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


Time shifting [Seth's Blog]

If the people you seek to engage with have a choice, they’re likely to make a choice that’s in their self-interest.

The question is: When?

Is it in a high school student’s self-interest to light up a cigarette on a Friday night? In the short run, the answer might be yes. Ask that person in forty years if it was a good idea to be tricked by advertising and peer pressure into a lifetime of expense and illness, and the answer is probably ‘no’.

When we try to change behavior to make culture better, what we’re actually doing is trying to get people to change their timeframe. The more sophisticated an audience believes it is, the easier it is to help them see that there’s more than the next ten seconds in front of them. Mobs, on the other hand, only care about what feels good in this very moment.

The insight is in understanding that perception of time–not just money, not just features, not just narrative–is actually the driving force of much of what is happening when we try to change minds.

Not, “is this a good idea?” but “when?”

12:21 Berlin Lispers Meetup, Monday, 24th February 2020 [Planet Lisp]

We meet again on Monday 8pm, 24th February.

Berlin Lispers is about all flavors of Lisp including Clojure, Common Lisp, and Scheme.

We have no talk announced for this time. We meet therefore for dinner at 3 Schwestern restaurant in Bethanien in Berlin-Kreuzberg.

But there are plenty of Lisp talks this week in Berlin!

Racketfest -

:clojureD -

Bob2020 -

And also Clojure data science [1] and the Clojure music gathering [2]. Most of the events will have official or unofficial pre and after dinners.




3 Schwestern, Mariannenplatz 2, Berlin-Kreuzberg,

It is located in 10min walking distance from U Görlitzer Bahnhof or U Kottbusser Tor or Ostbahnhof. In case of questions call Christian +49 1578 70 51 61 4.


MPA Targets Pirate App TeaTV, Asks Github to Consider Repeat Infringer Policy [TorrentFreak]

Accessing regular websites in order to stream copies of the latest movies and TV shows is still popular among Internet users but the rise of set-top boxes and portable devices has fueled the uptake of app-based piracy tools.

It’s a cramped marketplace but last year TeaTV gained notable traction and was installed by hundreds of thousands, maybe even millions, of pirates looking to access video at zero cost. This momentum earned TeaTV a place in an October 2019 CNBC feature, something which triggered even more interest in the tool and its disappearance from the web.

In the wake of that piece, a source close to TeaTV informed TF that the software (which is available for Android, Windows and macOS) would be back, a promise that was later fulfilled. However, it now transpires that Hollywood is attempting to disrupt access to the tool via complaints filed with code development platform Github.

A notice filed by the Motion Picture Association (MPA) this week begins by referencing the CNBC article, noting that TeaTV “is an app notoriously devoted to copyright infringement.” It reveals previous correspondence with Github during October and November 2019, and January 2020, and thanks Github “for its additional guidance” offered by the Microsoft-owned platform late December 2019.

“We previously provided you links to the Github repositories that TeaTV is using and are now providing you with the attached file titled ‘GitHub-Code’ which shows code hosted on Github that provides links to pirate sites with infringing copies of motion pictures and television shows that are scraped by the TeaTV app to provide access to the infringing content users are looking for,” the complaint reads.

Four repositories listed by the MPA in previous notices have already been taken down but the MPA has now taken further action by demanding the deletion of repos carrying the three executable files for the Android, Windows, and macOS variants of TeaTV.

“Also attached is a file titled ‘GitHub-Executables’ which shows that the final version of the app is available for download from the GitHub platform. These executable files are pre-configured to infringe copyright-protected motion pictures and television shows that are owned or controlled by our Members,” the MPA writes.

Additionally, the Hollywood group says it carried out a network traffic analysis on the TeaTV app and found that its API connected to accounts on Github, located at three URLs, all of which should be removed.

After the MPA reminded Github of the 2005 MGM v. Grokster decision, noting that “the distribution of a product can itself give rise to liability where evidence shows that the distributor intended and encouraged the product to be used to infringe”, Github removed all of the URLs listed in the complaint, leaving the familiar “unavailable” notice behind.

While the MPA will be satisfied with the suspension of the pages, its takedown notice also asks Github to consider 17 U.S.C. § 512(i)(1)(A), which grants an exemption from liability for service providers when they take action against repeat infringers.

“The limitations on liability established by this section shall apply to a service provider only if the service provider…has adopted and reasonably implemented, and informs subscribers and account holders of the service provider’s system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers,” the code reads.

The main TeaTV account and repository are currently active but with no content available., however, is still online, as is the .XYZ domain from where the clients can be downloaded and movies and TV shows streamed, albeit in a cumbersome fashion when compared to the app.

TorrentFreak requested comment from the operators of TeaTV as to whether the MPA had been in touch directly. At the time of publishing, we were yet to receive a response.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Russ Allbery: Review: All About Emily [Planet Debian]

Review: All About Emily, by Connie Willis

Publisher: Subterranean
Copyright: 2011
ISBN: 1-59606-488-9
Format: Kindle
Pages: 96

Claire Havilland is a Broadway star, three-time Tony winner, and the first-person narrator of this story. She is also, at least in her opinion, much too old to star in the revival of Chicago, given that the role would require wearing a leotard and fishnet stockings. But that long-standing argument with her manager was just the warm-up request this time. The actual request was to meet with a Nobel-Prize-winning physicist and robotics engineer who will be the Grand Marshal of the Macy's Day Parade. Or, more importantly, to meet with the roboticist's niece, Emily, who has a charmingly encyclopedic knowledge of theater and of Claire Havilland's career in particular.

I'll warn that the upcoming discussion of the background of this story is a spoiler for the introductory twist, but you've probably guessed that spoiler anyway.

I feel bad when someone highly recommends something to me, but it doesn't click with me. That's the case with this novella. My mother loved the character dynamics, which, I'll grant, are charming and tug on the heartstrings, particularly if you enjoy watching two people geek at each other about theater. I got stuck on the world-building and then got frustrated with the near-total lack of engagement with the core problem presented by the story.

The social fear around robotics in All About Emily is the old industrialization fear given new form: new, better robots will be able to do jobs better than humans, and thus threaten human livelihoods. (As is depressingly common in stories like this, the assumptions of capitalism are taken for granted and left entirely unquestioned.) Willis's take on this idea is based on All About Eve, the 1950 film in which an ambitious young fan maneuvers her way into becoming the understudy of an aging Broadway star and then tries to replace her. What if even Broadway actresses could be replaced by robots?

As it turns out, the robot in question has a different Broadway role in mind. To give Willis full credit, it's one that plays adroitly with some stereotypes about robots.

Emily and Claire have good chemistry. Their effusive discussions and Emily's delighted commitment to research are fun to read. But the plot rests on two old SF ideas: the social impact of humans being replaced by machines, and the question of whether simulated emotions in robots should be treated as real (a slightly different question than whether they are real). Willis raises both issues and then does nothing with either of them. The result is an ending that hits the expected emotional notes of an equivalent story that raises no social questions, but which gives the SF reader nothing to work with.

Will robots replace humans? Based on this story, the answer seems to be yes. Should they be allowed to? To avoid spoilers, I'll just say that that decision seems to be made on the basis of factors that won't scale, and on experiences that a cynic like me thinks could be easily manipulated.

Should simulated emotions be treated as real? Willis doesn't seem to realize that's a question. Certainly, Claire never seems to give it a moment's thought.

I think All About Emily could have easily been published in the 1960s. It feels like it belongs to another era in which emotional manipulation by computers is either impossible or, at worst, a happy accident. In today's far more cynical time, when we're increasingly aware that large corporations are deeply invested in manipulating our emotions and quite good at building elaborate computer models for how to do so, it struck me as hollow and tone-deaf. The story is very sweet if you can enjoy it on the same level that the characters engage with it, but is not of much help in grappling with the consequences for abuse.

Rating: 6 out of 10

Friday, 21 February


Link [Scripting News]

Doc posts a monster thread from LO2 to twitter. Here's the thread, and the outline. I just made a small change to the reader so that when you click on a tweet node, it opens the tweet in Twitter.


Friday Squid Blogging: 13-foot Giant Squid Caught off New Zealand Coast [Schneier on Security]

It's probably a juvenile:

Researchers aboard the New Zealand-based National Institute of Water and Atmospheric Research Ltd (NIWA) research vessel Tangaroa were on an expedition to survey hoki, New Zealand's most valuable commercial fish, in the Chatham Rise ­ an area of ocean floor to the east of New Zealand that makes up part of the "lost continent" of Zealandia.

At 7.30am on the morning of January 21, scientists were hauling up their trawler net from a depth of 442 meters (1,450 feet) when they were surprised to spot tentacles in amongst their catch. Large tentacles.

According to voyage leader and NIWA fisheries scientist Darren Stevens, who was on watch, it took six members of staff to lift the giant squid out of the net. Despite the squid being 4 meters long and weighing about 110 kilograms (240 pounds), Stevens said he thought the squid was "on the smallish side," compared to other behemoths caught.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.



Pathfinder Kingmaker Game [Humble Bundle Blog]

In the game Pathfinder Kingmaker, you are placed in control of the Stolen Lands, a kingdom that has seen hundreds

Continue reading

The post Pathfinder Kingmaker Game appeared first on Humble Bundle Blog.


News Post: Incremental [Penny Arcade]

Tycho: Ol' Greasy Gribbs and I really enjoyed the first season of The Dream, a podcast which was (at that time) concerned with Multi-Level Management schemes, the shoddy products they sell, and the legal framework they've accreted over time to provide nearly impenetrable cover for something like parasitic fraud. The second season isn't as good, but I do like the topic, which is "wellness." It's a natural evolution of the MLM thrust because much of what an MLM sells is intangible.  I don't think my mom reads this every day, so maybe I can say this and now be made to…


New Books and ARCs, 2/21/20 [Whatever]

And now, for your delight and edification: This week’s stack of new books and ARCs at the Scalzi Compound!

(Yes, I took the photo before I went to LA.)

What here is drawing your attention and admiration? Share your feelings in the comments!


Pluralist, a daily link-dose: 21 Feb 2020 [Cory Doctorow's]

Today’s links

  1. Bloomberg’s campaign NDA is a gag order that covers sexual abuse and other crimes: Bloomberg’s lowest moment at the debate came when he fumfuhed over whether he’d release women from his corporate NDAs.
  2. Private Equity has sabotaged every attempt to end emergency room “surprise billing”: AKA, “Why didn’t you ask your ambulance driver to shop around?”
  3. The Parkland kids have launched a zine: “Unquiet” is a gorgeous, haunting zine from the March For Our Lives, debuted on Teen Vogue.
  4. Tumblr’s ad policy: you can’t block ads because we don’t live in a post-scarcity society.
  5. Gopher shows us how adversarial interoperability was there from the start: the web’s precursor depended on adversarial interop to win its place in history, and the web vanquished gopher with yet more adversarial interop
  6. A line of hardcovers designed to double as decor accents: I want to hate this, but they’re so pretty!
  7. $2b later, Blue Apron is broke: incoming podcast apocalypse in 3, 2, 1….
  8. Tour Cards Against Humanity’s incredible board-game cafe: when amazing people spend amazing sums.
  9. The team behind Frozen are making a musical out of Jen Wang’s Prince and the Dressmaker: holy smokes, is this ever great news!
  10. This day in history: 2019, 2015, 2010
  11. Colophon: Recent publications, current writing projects, upcoming appearances, current reading

Bloomberg’s campaign NDA is a gag order that covers sexual abuse and other crimes

Bloomberg had a Very Bad Night at the Nevada debates but the lowest point was when he weaseled in response to Liz Warren’s insistence that he voluntarily end the nondisclosure obligations of women who’d left his companies after alleging various kinds of abuse.

Now, someone has leaked the Bloomberg campaign’s NDA to The Nation’s Ken Klippstein, and holy smokes is it ever terrible.

It runs to NINE pages, and is so overbroad that it bars Bloomberg campaign staff from speaking out against criminal workplace harassment and abuse, and binds them to an ETERNAL nondisparagement obligation, meaning they can never, ever criticize Bloomberg.

Needless to say, rich and powerful men with long histories of presiding over coverups of abuse do not deploy these nondisclosures because they know you’ll be pleasantly surprised when they finally come clean and they just don’t want any spoilers.

Incidentally, the Warren campaign’s NDA has also leaked, and it’s 2.5 pages long, and it explicitly does NOT require silence for survivors of workplace harassment and abuse.


Private Equity has sabotaged every attempt to end emergency room “surprise billing”

“Surprise billing” is when you go to the ER and discover that the doc, the specialist, or the test you got were performed by “independent contractors” who are not part of the hospital’s deal with your insurer. It means bills for thousands (literally) for an ice-pack.

The surprise billing epidemic has an unsurprising root cause: private equity looters who buy up doctor’s groups and specialists’ practices for the express purpose of gouging people experiencing medical emergencies (or their parents – it’s rampant in NICUs).

It’s working: “The odds of getting a surprise bill increased from 32% (2010) to 43% (2016), with amounts rising from $220 to $628. Out of network billing raises health care costs by $40 billion per year.”

The PE firms behind it are the largest in the world: Teamhealth (formerly Blackrock, now KKR) raised ER bills by 68%. They have plenty left over to lobby for expanded shenanigan powers.

Two Congressional bills to address surprise billing were killed by PE astroturf operations where fake groups like “Physicians for Fair Coverage” ($1.2m) and Doctor Patient Unity ($28m) spent millions lobbying and advertising against the bills.

One measure nearly squeaked through, only to be sabotaged by Rep Richard Neal [D-MA], who snuck in a “compromise” that sent all disputes to a corporate arbitrator on the payroll of the PE firms, who would decide whether their paymasters had acted unfairly when they billed you.

The measure rescued the share-price of Envision and Teamhealth, reassuring investors that the gouging could continue uninterrupted.


The Parkland kids have launched a zine

Congrats to the March for Our Lives and Teen Vogue on the launch of Unquiet, a zine edited by the amazing Emma Gonzales.

It’s home to some brilliant poetry, collages, remembrances, posters (and more).


Tumblr’s ad policy

Tumblr got sold for more than a billion dollars to Yahoo. Yahoo sold its digital portfolio to Verizon for $4.5B. Verizon sold Tumblr to Automattic (aka WordPress) for a rumored $3m. Automattic is ten million times better than Yahoo and Verizon combined, on the best day of their corporate lives.

Now, Tumblr has updated its ad policy support page with the kind of verve and wit we expect from Automattic.

“HOW TO TURN OFF ADS: Unfortunately, until we live in a post-consumerist society built on an economy of surplus instead of scarcity that would enable us to procure both labor and materials at zero marginal cost, there is no way to remove ads from your Tumblr experience.”

I love this, but.

There’s an equilibrium between ads and readers, and it is maintained by ad-blockers. The way we killed ubiquitous pop-up ads was with on-by-default pop-up blockers (thanks, Opera and Mozilla!). They won the argument publishers had, until then, lost with their advertisers.

Instead of saying, “Ugh, we don’t want pop-up ads because they make our website terrible,” publishers could say, “Sure, you have the market power, so if you insist we’ll have pop-ups. But you should know that no one will see ’em, because they’re blocked by default.”

Markets are places where bargains are struck. In a world where there is a glut of publishing inventory chasing ads, publishers are not a good proxy for their readers’ interests. Ad-block is the way that readers bargain directly with advertisers.

As Doc Searls says, ad-blocking is the largest consumer revolt in history.

Gopher shows us how adversarial interoperability was there from the start

The latest in my series of case histories of Adversarial Interoperability and the role it played in keeping tech competitive is the history of Gopher, which I was able to write thanks to the generous assistance of Gopher’s co-inventor Paul Lindner.

Gopher was the web’s immediate predecessor, created by a student-support team at UMN, who burrowed under the mainframe systems’ guardians and created a menu-driven interface to campus resources, then the whole internet.

They swallowed up FTP, broke open the silos on digital library catalogs, used terminal automation to give anyone access to the Weather Underground service at UMich (who first told them to stop, then asked for usage data for their NSF grant renewal!).

They called it “internet duct tape” – scripts and tools that let them lash together all the disparate services of the net in rough-and-ready, file-to-fit, paint-to-cover fashion. And even as they were doing unto others, others were doing unto them. People created competing gopherspace search-engines (VERONICA and JUGHEAD, to complement ARCHIE, which searched FTP).

The endgame of this was an obscure Anglo-Swiss research project called “The World Wide Web.” Browser vendors swallowed gopherspace whole, incorporating it by turning gopher:// into a way to access anything on any Gopher server. Gopher served as the booster rocket that helped the web attain a stable orbit. But the tools that Gopher used to crack open the silos, and the move that the web pulled to crack open Gopher, are radioactively illegal today.

If you wanted do to, say, Facebook, or Ios, or Google Play, what Gopher did to the mainframes, you would be pulverized by the relentless grinding of software patents, terms of service, anticircumvention law, bullshit theories about APIs being copyrightable.

Big Tech tells you it’s big due to “network effects” but this is counsel of despair. If mystical, great historic forces are what keeps it big then there’s no point in trying to make it small. Better to turn it into a regulated monopoly that need never fear competitors.

(I see you, Zuck)

And Big Tech’s critics swallow this line, demanding that Big Tech be given state-like duties to police user conduct that require billions in monopoly rents, AND total control over their platforms, to perform, guaranteeing tech monopolists perpetual dominance.

But the lesson of Gopher is that adversarial interop is judo for network effects. If companies can’t use the law to maintain their walled gardens, then they become game-preserves to be stalked by competitors, convenient places to find everyone who might want to switch.

Gopher isn’t a one-off. Look close at the history of any of our key technologies and you’ll find an adversarial interop story. Check out my growing list of case-histories for more.


A line of hardcovers designed to double as decor accents

Coralie Bickford-Smith designed a line of clothbound Penguin Classics reissues with gorgeous covers and even more gorgeous spines, designed to serve as decor elements as well as literary fodder.

Part of me wants to be snobby about these because books are for reading, dammit, and there are sociopaths who SHELVE THEIR BOOKS BACKWARDS to create a uniform, off-white decor courtesy of the page-edges.

But the fact is these are fucking gorgeous editions, and having them in my house would make me happy not just because they’re great books, but because they are edibly pretty.


$2b later, Blue Apron is broke

Blue Apron blew through $2b chasing the elusive market of people rich enough to subscribe to a meal-kit delivery service, but not rich enough to get takeout, buy groceries, etc.

Incredibly the company IPOed and founders and investors got to cash out onto suckers who bought at $11 and now are holding at $3.60 (up from <$1 in 2018!).

But don’t worry, Goldman Sachs turned a profit!

Blue Apron was a #bezzle, just like Uber. Its prospectus predicted profitability just as soon as it captured 99% of the home-cooking market (just as Uber told investors it would be profitable once it replaced every public transit system on Earth).

Like many of the companies that flooded podcasting with massive advertising buys, (cough Casper cough), there was never any future for Blue Apron, just as Uber/Lyft are destined to collapse and leave behind smoking transport wreckage in the near future.


Tour Cards Against Humanity’s incredible board-game cafe

Cards Against Humanity opened up a gorgeous, amazing, incredible board-game cafe in Chicago. Eater’s gallery of photos makes me want to go RIGHT NOW.


The team behind Frozen are making a musical out of Jen Wang’s Prince and the Dressmaker

Holy smokes! SO MANY CONGRATS to Jen Wang on the news that her MAGNIFICENT, awesomely queer YA graphic novel The Prince and the Dressmaker is being adapted as a musical by Kristen and Bobby Lopez, the team behind Frozen!

I’ve loved Jen’s work since Koko Be Good, and was so honored and delighted that she adapted my story Anda’s Game for our graphic novel In Real Life.

The Prince and the Dressmaker is about a nonbinary prince and the confidante/dressmaker who helps him become the person he knows himself to be. It’s a gorgeous, understated, sweet and wrenching story about being true to yourself, and the power of friendship.

Jen is just wonderful, and this is wonderful news!


This day in history

#10yrsago The #ACTA internet enforcement chapter leaked:

#5yrsago San Francisco’s Borderlands Books saved by crowdfunding campaign:

#1yrago Googler walkout ends forced arbitration for employees:

#1yrago Tucker Carlson invites anti-billionaire historian onto his show, then tells him to “go fuck yourself”

#1yrago My interview with Rebecca Giblin on what a copyright designed for creators (not corporations) would look like



Today’s top sources: Memex 1.1 (, Super Punch ( and Naked Capitalism (

Hugo nominators! My story “Unauthorized Bread” is eligible in the Novella category and you can read it free on Ars Technica:

Upcoming appearances:

Currently writing: I just finished a short story, “The Canadian Miracle,” for MIT Tech Review. It’s a story set in the world of my next novel, “The Lost Cause,” a post-GND novel about truth and reconciliation. I’m getting geared up to start work on the novel now, though the timing is going to depend on another pending commission (I’ve been solicited by an NGO) to write a short story set in the world’s prehistory.

Currently reading: I finished Andrea Bernstein’s “American Oligarchs” this week; it’s a magnificent history of the Kushner and Trump families, showing how they cheated, stole and lied their way into power. I’m getting really into Anna Weiner’s memoir about tech, “Uncanny Valley.” I just loaded Matt Stoller’s “Goliath” onto my underwater MP3 player and I’m listening to it as I swim laps.

Latest podcast: Persuasion, Adaptation, and the Arms Race for Your Attention:

Upcoming books: “Poesy the Monster Slayer” (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here:

(we’re having a launch for it in Burbank on July 11 at Dark Delicacies and you can get me AND Poesy to sign it and Dark Del will ship it to the monster kids in your life in time for the release date).

“Attack Surface”: The third Little Brother book, Oct 20, 2020.

“Little Brother/Homeland”: A reissue omnibus edition with a very special, s00per s33kr1t intro.



Inrupt, Tim Berners-Lee's Solid, and Me [Schneier on Security]

For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the world-sized robot that is the Internet of Things, and how digital security is now a matter of public safety. And most recently, I have been writing and speaking about how technologists need to get involved with public policy.

All of this is a long-winded way of saying that I have joined a company called Inrupt that is working to bring Tim Berners-Lee's distributed data ownership model that is Solid into the mainstream. (I think of Inrupt basically as the Red Hat of Solid.) I joined the Inrupt team last summer as its Chief of Security Architecture, and have been in stealth mode until now.

The idea behind Solid is both simple and extraordinarily powerful. Your data lives in a pod that is controlled by you. Data generated by your things -- your computer, your phone, your IoT whatever -- is written to your pod. You authorize granular access to that pod to whoever you want for whatever reason you want. Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It's yours. If you want your insurance company to have access to your fitness data, you grant it through your pod. If you want your friends to have access to your vacation photos, you grant it through your pod. If you want your thermostat to share data with your air conditioner, you give both of them access through your pod.

The ideal would be for this to be completely distributed. Everyone's pod would be on a computer they own, running on their network. But that's not how it's likely to be in real life. Just as you can theoretically run your own email server but in reality you outsource it to Google or whoever, you are likely to outsource your pod to those same sets of companies. But maybe pods will come standard issue in home routers. Even if you do hand your pod over to some company, it'll be like letting them host your domain name or manage your cell phone number. If you don't like what they're doing, you can always move your pod -- just like you can take your cell phone number and move to a different carrier. This will give users a lot more power.

I believe this will fundamentally alter the balance of power in a world where everything is a computer, and everything is producing data about you. Either IoT companies are going to enter into individual data sharing agreements, or they'll all use the same language and protocols. Solid has a very good chance of being that protocol. And security is critical to making all of this work. Just trying to grasp what sort of granular permissions are required, and how the authentication flows might work, is mind-altering. We're stretching pretty much every Internet security protocol to its limits and beyond just setting this up.

Building a secure technical infrastructure is largely about policy, but there's also a wave of technology that can shift things in one direction or the other. Solid is one of those technologies. It moves the Internet away from overly-centralized power of big corporations and governments and towards more rational distributions of power; greater liberty, better privacy, and more freedom for everyone.

I've worked with Inrupt's CEO, John Bruce, at both of my previous companies: Counterpane and Resilient. It's a little weird working for a start-up that is not a security company. (While security is essential to making Solid work, the technology is fundamentally about the functionality.) It's also a little surreal working on a project conceived and spearheaded by Tim Berners-Lee. But at this point, I feel that I should only work on things that matter to society. So here I am.

Whatever happens next, it's going to be a really fun ride.

EDITED TO ADD (2/23): News article. HackerNews thread.


Movie Company Links ‘Notorious Copyright Thief’ Peter Sunde to MKVCage Lawsuit [TorrentFreak]

A group of movie companies, operating under the parent company Millennium Funding, is pursuing legal action against key piracy players.

Through various copyright infringement lawsuits and DMCA subpoenas they have gone after targets ranging from Popcorn Time through YTS, to Showbox and MKVCage.

The case against MKVCage, filed last summer, had an immediate effect. Not long after the complaint was submitted to a Hawaii District Court, MKVCage became unreachable. At the same time, the uploader stopped pushing torrents to other sites as well.

Aside from a brief comeback, the site remains missing in action today. However, that doesn’t mean that the lawsuit is over too. A few days ago, the makers of the film Hellboy submitted an amended complaint against the alleged operator, a Pakistani man named Muhammad Faizan.

Hellboy Productions accuses Faizan of promoting and distributing pirated copies of its movie. The complaint also lists 35 John Doe defendants, who presumably downloaded the film.

While many of these allegations were already present in the original complaint, the new version does introduce a new name into the mix. According to Hellboy Productions, MKVCage is linked to a ‘notorious copyright thief.’

The movie company writes that Faizan began “operating the website” together with 1337 Services LLC, which is associated with Pirate Bay co-founder Peter Sunde.

“1337 was created and is controlled by Peter Sunde Kolmisoppi,” Hellboy writes, adding that “Peter Sunde Kolmisoppi is a notorious copyright thief who was sentenced to prison in Sweden for his creation of The Pirate Bay.”

This sounds rather ominous. However, the complaint fails to mention that 1337 Services LLC is the company behind Njalla, which is a service that allows people to privately register domain names. And indeed, a Whois lookup for shows 1337 Services as the registrant.

This pushes the joint operation claim into an entirely different light. Njalla has many customers, including the Catalonian government, but it doesn’t operate the sites which are tied to these domains.

Peter Sunde informs TorrentFreak that he’d never heard of MKVcage until now. He is also not aware of any abuse emails regarding the domain name.

“As far as I know we haven’t even received an abuse e-mail regarding MKVcage, but I guess that’s their strategy. If they send abuse e-mails they might get services suspended and thus not being able to sue people,” Sunde says.

The Pirate Bay co-founder stresses that 1337 Services LLC is owned by a foundation, which is information they would have gladly shared if asked. The company is operated by many people who may feel left out now, as they may also want to be labeled as copyright thieves.

“My co-workers may be upset that they don’t get any credit for 1337’s work now, so I’m so sorry. They also want to be notorious copyright thieves,” Sunde notes.

Hellboy Productions attorney Kerry Culpepper informs TorrentFreak that he did send a letter (pdf) to 1337 Services’ registered address, a PO Box in Nevis. As the letter suggests, they would have preferred to resolve this matter directly with Njalla.

That said, the letter would probably not have sorted any effect as Njalla doesn’t generally suspend domain names following requests from copyright holders.

Culpepper preferred not to comment on the allegation that 1337 Services is operating MKVcage together with Faizan.

Neither Sunde nor 1337 Services are defendants in the case. They are little more than a passing mention, perhaps to make it appear as if there’s something more going on than there is.

In earlier court filings the movie company actually referred to 1337 Services as a privacy service, which wasn’t clarified in the most recent filing.

Finally, Sunde points out that he’s not really a copyright thief. While he may have duplicated a file or two, he never ‘stole’ anyone’s copyright, which is simply impossible. This is something the US Copyright Office can confirm.

While Sunde is not in any trouble, in this case, Faizan is. Hellboy Productions accuses him of direct and contributory copyright infringement. The movie company claims to have suffered $270,902.58 in damages and would like to have that compensated.

Update: The article was updated to add the comments of Hellboy’s attorney.

A copy of the amended complaint Hellboy Productions filed against Muhammad Faizan is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Link [Scripting News]

I buy too many domains. Latest:

Link [Scripting News]

Joe Trippi: "Here’s an idea. Why not hold House hearings on what every American should watch for and be on guard against in terms of how Russia or any other foreign actor tries to influence our election? Or maybe a network do a one hour special? No one knows what meddling means."

Link [Scripting News]

Meddlers enhance divisions. Start with a crack, and grow it. Look at how Bloomberg is being invalidated. He's a powerful force in Democratic politics. In whose interest is it to undermine that? They have to be investing in that. The meddlers, whoever they are.


Four short links: 22 February 2020 [Radar]

  1. Teachable Machine — Google’s codeless ML training.
  2. Google AI No Longer Uses Binary Gender Tags on People (Input Mag) — the change is already in effect. Credited to their new AI Principles.
  3. VP of Something (Matt Webb) — It’s pretty clear to me that in 10 years time, sustainability will have to be a VP role, if not a C-level role, and “circular transformation” (I just made that up; you can have it) will be a phrase for the 2020s, just as “digital transformation” was the business mantra for the 2010s.
  4. DeepSqueakDeveloped by researchers Russell Marx and Kevin Coffey at the University of Washington School of Medicine, the software uses sophisticated deep learning algorithms (hence the name “DeepSqueak”) to automatically pick rodent calls out of raw audio, compare them to calls with similar characteristics, and even look for patterns in the squeaks’ order. Not much is currently known about what all those squeaks mean, but Coffey hopes that once enough biologists compile enough calls, a sort of murine “Rosetta Stone” will emerge.



Call of Duty Endowment Charity [Humble Bundle Blog]

Hey Humble fans, This month we’re on a mission to help U.S. and U.K. veterans. For our February 2020 edition

Continue reading

The post Call of Duty Endowment Charity appeared first on Humble Bundle Blog.


News Post: PAX East Pins [Penny Arcade]

Gabe: I've got a bit of bad news to deliver unfortunately. Here's a message from PA about our pin selection at PAX East this year.    Walkers of the path Unfortunately, we can’t always come to you with good news. In an ideal world, we’d be bringing you news of the PAX East Pin Quest at this time, but instead, we have to let you know that we’re likely to have delays with pins at PAX East. Issues stemming from the Coronavirus are affecting supply lines globally, and this means we won’t be able to bring as broad a selection of Pinny Arcade pins as…


[$] CAP_PERFMON — and new capabilities in general []

The perf_event_open() system call is a complicated beast, requiring a fair amount of study to master. This call also has some interesting security implications: it can be used to obtain a lot of information about the running system, and the complexity of the underlying implementation has made it more than usually prone to unpleasant bugs. In current kernels, the security controls around perf_event_open() are simple, though: if you have the CAP_SYS_ADMIN capability, perf_event_open() is available to you (though the system administrator can make it available without any privilege at all). Some current work to create a new capability for the perf events subsystem would seem to make sense, raising the question of why adding new capabilities isn't done more often.

Ending immigration of low-wage workers [Richard Stallman's Political Notes]

The UK plans to push hard to end immigration of low-wage workers. We will find out if it really achieves a increase of standards of living and of productivity.

Scandinavian countries have a different approach: tax the rich more and spend more on helping people. That method visibly does work.

Fear marketing [Richard Stallman's Political Notes]

Amazon's Ring surveillance cameras are marketed as a way to catch burglars and reduce burglary, but there is no evidence that they really do either one.

This seems to be a campaign of marketing that uses fear to manipulate people.

Quarantine in an authoritarian country [Richard Stallman's Political Notes]

China's early coverup for Covid-19, and the resulting epidemic, has led to mass demand for freedom of speech, just as the state is applying quarantine via threats far beyond the normal level of cruelty.

One example is Chen Qiushi, who has reported from Wuhan. A week ago, he was apparently disappeared and his mother could not find him.

Impunity for torturers [Richard Stallman's Political Notes]

*Impunity Guaranteed for Torturers (and Presidents).* None of the US government's torturers has been held responsible. Before the bully, Dubya and Obama protected them.

Military against climate change [Richard Stallman's Political Notes]

*Buttigieg and Centrist Dems Want a Military Response to Climate Change. That’s Dangerous.*

They want to enhance the military's capacity to fend off refugees and flood waters. That won't enable the United States of 2060 to survive as a free and stable country.

Fake recycling [Richard Stallman's Political Notes]

*Greenpeace Finds Labels on Plastic Products "Mislead the Public and Harm America's Recycling Systems"*. Many plastic objects that are labeled for recycling cannot really be recycled in the US today.

Eradicating tropical diseases [Richard Stallman's Political Notes]

"Neglected" tropical diseases have harmed hundreds of millions of people. We are on the verge of eradicating some of them, but if we don't push on and reach that point, they will spread again.

Reality check [Richard Stallman's Political Notes]

Utah Republicans have become aware all of a sudden of harm global heating can do.


Today in GPF History for Friday, February 21, 2020 [General Protection Fault: The Comic Strip]

"Alt-Trudy" insists that "prime" Trudy accompany our heroes into the "Negaverse"...


Raphaël Hertzog: Freexian’s report about Debian Long Term Support, January 2020 [Planet Debian]

A Debian LTS logo Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In January, 252 work hours have been dispatched among 14 paid contributors. Their reports are available:

Evolution of the situation

January started calm until at the end of the month some LTS contributors met, some for the first time ever, at the Mini-DebCamp preceeding FOSDEM in Brussels. While there were no formal events about LTS at both events, such face2face meetings have proven to be very useful for future collaborations!
We currently have 59 LTS sponsors sponsoring 219h each month. Still, as always we are welcoming new LTS sponsors!

The security tracker currently lists 42 packages with a known CVE and the dla-needed.txt file has 33 packages needing an update.

Thanks to our sponsors

New sponsors are in bold (none this month).

No comment | Liked this article? Click here. | My blog is Flattr-enabled.


Quicklisp news: February 2020 Quicklisp dist update now available [Planet Lisp]

New projects:

  • cl-isolated — A isolated environment for Common Lisp code evaluation — AGPLv3+
  • cl-maxminddb — CL MaxMind DB — GNU Lesser General Public License, v3
  • cl-semver — Semantic Version implementation — MIT
  • cl-tui — High-level library for making Text User Interfaces — MIT
  • cl-wavelets — Wavelet transform library — 2-clause BSD
  • cl-zyre — Zyre is a ZeroMQ-based network protocol for clusters and service discovery. — MIT
  • lisp-preprocessor — Common Lisp embedded template engine — MIT
  • lispcord — A client library for the discordapp bot api — MIT
  • magic-ed — Edit your code from REPL. — MIT
  • mbe — Scheme Macros for Common Lisp — LGPL 2.1
  • minilem — Minimal version of lem, emacs-like editor. A minimal self-modifying Common Lisp editor — MIT
  • ops5 — The Ops5 programming language for production systems — Public Domain
  • ratmath — Math utilities for working with rational numbers and intervals. — MIT
  • rs-colors — A color data type for Common Lisp. — Modified BSD License
  • s-graphviz — a s-expression presentation of GraphViz DOT language — MIT
  • srfi-1 — List Library — MIT
  • srfi-23 — SRFI 23: Error reporting mechanism — Unlicense
  • srfi-6 — SRFI-6: Basic String Ports — Unlicense
  • srfi-98 — SRFI 98: get-environment-variable — Unlicense
  • trivial-coverage — A simple Common Lisp library to print out the code coverage collected. Supports SBCL and CCL. — MIT
  • truetype-clx — Ripped out rendering from clx-truetype — MIT
  • uax-15 — Common lisp implementation of Unicode normalization functions :nfc, :nfd, :nfkc and :nfkd (Uax-15) — MIT
Updated projects3b-bmfont3d-vectorsadoptalexandriaalso-alsaaprilasdf-vizassoc-utilsatomicsbabelbdefbeastbikebinary-iobobbinbpcardiogramcerberuscffichancerychanlcl-anacl-ansi-textcl-argparsecl-asynccl-autowrapcl-charmscl-collidercl-colors2cl-conllucl-containerscl-db3cl-dbicl-digraphcl-ecma-48cl-elasticcl-emojicl-enumerationcl-fadcl-formscl-gamepadcl-gobject-introspectioncl-hamtcl-krakencl-lascl-ledgercl-libusbcl-maxsatcl-mount-infocl-netpbmcl-patternscl-pcgcl-piglowcl-pslibcl-pslib-barcodecl-random-forestcl-rdkafkacl-satcl-sdl2cl-sdl2-ttfcl-shlexcl-simple-fsmcl-skkservcl-storecl-strcl-unificationcladclazyclemclmlcloser-mopclxcodata-recommended-valuescommon-lisp-jupytercommonqtconiumcontextlcroatoancurry-compose-reader-macrosdefclass-stddefenumdefinitionsdeflatedeploydexadoreasy-audioeasy-routeseclectoresrapfare-scriptsflowfsetgendlgeneric-clgolden-utilsgraphhelambdaphu.dwim.stefilhu.dwim.walkerironcladjsonrpcjsownkenzolinear-programminglisp-binarylisp-criticlisp-zmqliterate-lisplquerymaidenmcclimmetabang-bindmeteringmitonamed-readtablesnew-opnodguinumclookoriginpapyrusparachuteparse-floatpetalispphoe-toolboxpjlinkplokamipngloadpolicy-condportable-threadspostmodernprotestprotobufproveqlotqtools-uiquilcqvmrereaderregular-type-expressionsanity-clausescalplsealable-metaobjectsselserapeumsha1shadowsimple-actorssimple-configslyspinneretstatic-dispatchstumpwmsucleswank-clientswank-crewteepeedee2tmpdirtootertriviatrivial-featurestrivial-package-local-nicknamestrivial-utilitiesuiopumbrautils-ktutmvernacularxhtmlambdaxml-emitter.

Removed projects: bodge-nanovg, cl-fixtures, cl-gambol, cl-grace, cl-torrents, cl-transmission, clon, clx-cursor, clx-truetype, dbd-oracle, m2cl, x.fdatatypes, x.let-star.

This month has an unusually high number of removed projects. There are a couple causes. First, a number of projects have simply disappeared - they are gone from their source locations and there's no sign of a new home. Second, some projects stopped building (sometimes because of missing libraries in the first group, but not always) and weren't fixed in time for this release.

If you depend on one of these removed projects, I can try to help you get in touch with the author to get them back into Quicklisp. Otherwise, you may wish to stick with an older Quicklisp dist where they are still present.

To get this update, use (ql:update-dist "quicklisp").


The Big Idea: J.R.H. Lawless [Whatever]

The thing with satire is that it has to have a relationship to the world we live in — and if we’re not careful the line between the two becomes blurred. As J.R.H. Lawless notes, in this Big idea for his novel Always Greener.


The Big Idea of this novel is, unsurprisingly, a direct result of where I was when I wrote it: Split between the office at the French National Assembly in Paris where I worked and slept, on one hand, and the black and white cottage in rural England where I’d work at a distance and take care of our new-born daughter when I wasn’t needed in Paris, on the other.

It should therefore be no surprise, once again, that the fundamental Big Idea ended up being that the power dynamics of our societies are fundamentally effed and that we, and our children, are all seriously boned if we don’t do something about it.

Not the most original of Big Ideas, certainly — but then again, there’s a reason for that; it’s because the warning remains as valid as it was when all the great dystopian writers penned their warnings about what would happen “if this goes on”. If not more so. But back in the sweet, innocent days of 2007 when I first started working on the piece, I came up with a series of hopefully interesting answers to the question of how best to develop that core dystopian Big Idea.

The first question was: What is the best way of showing the dehumanising effects of where we are headed on individuals, all around the world? The answer was: To show examples of some of the lives affected the most.

Which lead to the second question: What book premise could I come up with that would let me show those lives most naturally and effectively? That’s when I cooked up the core conceit for Always Greener: A future reality show where contestants compete for the title of “greatest victim” of the Corporate-run world, with lens implants allowing people around the globe to experience life through their eyes, 24/7, so they can vote on who the biggest losers are at the big weekly elimination feature shows.

Obviously, the right POV was an important third question, which lead me to my MC, Liam Argyle: A fundamentally optimistic man who accepts the job offer to become the host of this hot new reality show in hopes that it’ll give him a chance to finally make a difference in the world; without realising how violently the realities of the show, and of his contestants’ sorry lives, will challenge his faith in humanity.

Finally, developing the Big Idea meant deciding what tone would best carry that message home. And there was only one choice here, fuelled by the Pratchett and Adams I was surrounded by in my rural English cottage: Dark, uncompromising humour.

Wrap that all together, and the result is an adult SF comedy novel that’s been a long time in the making and hopefully kicks this series off with a bang, before the sequel, The Rude Eye of Rebellion, also hits the shelves in Fall 2020. The book is chock full of the most absurd situations and etymological footnotes I could come up with.

Everything in this book would be ridiculous — should be ridiculous — if it weren’t so damn likely to become reality in the not-so-distant future. Unless we find some way to get off our collective arses and do something about it, that is.


Always Greener: Amazon|Barnes and Noble|Google Books|Kobo

Visit the author’s site. Follow him on Twitter.


How to Write Usefully [Paul Graham: Unofficial RSS Feed]

"Now, thanks to the internet, there's a path. Anyone can publish essays online. You start in obscurity, perhaps, but at least you can start. You don't need anyone's permission."


Andrej Shadura: Follow-up on the train journey to FOSDEM [Planet Debian]

Here’s a recap of my train journey based on the Twitter thread I kept posting as I travelled.


The departure from Bratislava was as planned:

Ready to depart from Bratislava hl. st.Ready to depart from Bratislava hl. st.

Half an hour in Vienna was just enough for me to grab some coffee and breakfast and board the train to Frankfurt without a hurry:

Boarding a Deutsche Bahn ICE to Frankfurt am MainBoarding a Deutsche Bahn ICE to Frankfurt am Main

Unfortunately, soon after we left Linz and headed to Passau, the train broke down. Apparently, it powered down and the driver was struggling to reboot it. After more than an hour at Haiding, we finally departed with a huge delay:

ICE standing at a platform of a railway station at HaidingTrapped in Haiding near Linz

Since the 18:29 train to Brussels I needed to catch in Frankfurt was the last one that day, I was put into a hotel Leonardo across the street from Frankfurt Hbf, paid by Deutsche Bahn, of course. By the time of our arrival in Frankfurt, the delay was 88 minutes.

Hotel room in Frankfurt am MainHotel room in Frankfurt am Main

Luckily, I didn’t have to convince Deutsche Bahn to let me sleep in the morning, they happily booked me (for free) onto a 10:29 ICE to Brussels so I had an opportunity to have a proper breakfast at the hotel and spend some time at Coffee Fellows at the station.

Frankfurt Hbf building in the morningGuten Morgen Frankfurt
ICE 16 to Brussels waiting at platform 19About to depart for Brussels

Fun fact: Aachen is called Cáchy in Czech, apparently as a corruption of an older German form ze Aachen.

Platform sign saying Aachen Hbf with a double-decker red DB regional trainStopping at Aachen

Having met some Debian people on the train, I have finally arrived in Brussels, albeit with some delay. This, unfortunately meant that I haven’t gone to Vilvoorde to see a friend, so the regional tickets I bought online were useless.

Platform at Bruxelles-MidiFinally, Brussels!

… and back!

The trip home was much better in terms of missed trains, only if a tiny bit more tiring since I took it in one day.

Platform at Bruxelles-Midi with an ICE almost ready to be boardedLeaving Brussels on time

Going to Frankfurt, I’ve spent most of the time in the bistro carriage. Unfortunately, the espresso machine was broken and they didn’t have any croissants, but the tea with milk was good enough.

In the bistro carriageIn the bistro carriage

I’ve used the fifty minutes I had in Frankfurt to claim the compensation for the delay, which (€33) I received in my bank account the next week.

The ICE train to Wien Hbf is about to departThe ICE train to Wien Hbf is about to depart
The view out of the window: going along the river from Passau to LinzHerzlich willkommen in Österreich!
The ICE train at platform 11Arrived at Wien Hbf
The REX to Bratislava waiting at platform 4The last leg

Finally, exactly twelve hours and one minute after the departure, almost home:

The REX from Vienna arrived at platform 2Finally home

Why you might need additional control over the secret event hiding inside the file object [The Old New Thing]

Some time ago, I noted that the Set­File­Completion­Notification­Modes function provides a small amount of additional control over the secret event hiding inside the file object, but I noted that I could not come up with a scenario where you would need to exercise that much control.

The purpose of the FILE_SKIP_SET_EVENT_ON_HANDLE flag is to prevent the kernel from messing with the secret event hiding inside the file object. But if you aren’t using that secret event anyway, why does it matter what the kernel does with it?

Malcolm Smith explained to me why it matters: It’s to avoid contention.

In high-performance scenarios, you may have tons of outstanding I/O operations on a handle. Those operations are all queueing to an I/O completion port. They don’t need an explicit event handle, nor do they need to synchronize on the secret handle hiding inside the file object.

The normal behavior at I/O completion on an overlapped handle is that the kernel signals the event provided in the OVERLAPPED structure, if present. If the event handle in the OVERLAPPED structure is nullptr, then the kernel signals the secret event inside the file object.

If you’re doing I/O on an overlapped handle, then the secret event inside the file object is useless once you have two outstanding I/O operations on the file handle, because they will both try to use the event and end up confusing each other. You would have to ensure that only one I/O operation is active at a time, which sort of defeats the point of overlapped I/O.

Okay, I can think of one scenario where it’s useful: If you are using overlapped I/O solely for its asynchronous behavior and not for the ability to have multiple outstanding I/O at a time. But even then, just create your own event already. Don’t rely on the secret event inside the file object.

In the case of overlapped I/O issued on a handle bound to an I/O completion port, you definitely don’t care about the secret event hiding inside the file object, and making the kernel set it at completion is just another multithreading bottleneck. The FILE_SKIP_SET_EVENT_ON_HANDLE flag lets you tell the kernel to skip that step entirely.

Incorporating the FILE_SKIP_SET_EVENT_ON_HANDLE flag into the I/O completion process results in this pseudo-code:

  if (hEvent present) {
  } else if (FILE_SKIP_SET_EVENT_ON_HANDLE is clear) {
  } else {
    do nothing;

Now, you might think you could avoid the bottleneck on the secret event hiding inside the file object by passing an event in the OVERLAPPED structure. According to the algorithm above, this means that the kernel will set the event in the OVERLAPPED structure and ignore the secret event in the file object. Since each I/O has its own event (if you know what’s good for you), the SetEvent(hEvent) will not experience contention, so it will be fast. It’s still annoying having to create an event that you have no use for, but its purpose is to be a decoy so the kernel won’t try to set the secret event hiding inside the file object.

Unfortunately, this solution runs into its own bottleneck. When the I/O completes, the I/O manager returns to the original issuing thread in order to set the event,¹ and then queues the completion to the I/O completion port, This introduces an extra thread switch to the I/O operation, as well as additional contention into I/O completion bookkeeping.²

The secret event hiding inside the file object is useful only in the case of synchronous I/O. If you’re doing asychnronous I/O, all it does is get in your way. The FILE_SKIP_SET_EVENT_ON_HANDLE flag lets you move it out of your way.

¹ I suspect the “return to the original issuing thread” is an artifact of the fact that completion callbacks are delivered to the original issuing thread.

² The cure ends up being worse than the disease if the I/O originated from an I/O completion port thread, which is highly likely if the handle is associated with an I/O completion port in the first place. I/O completion ports keep track of how many threads are running and how many are blocked, so that they don’t oversubscribe the associated thread pool. When the thread is woken to set the event, the I/O completion port updates the bookkeeping to account for an idle thread being woken, and when the thread goes back to sleep after setting the event, the I/O completion port updates the bookkeeping once again to account for the thread going back to idle. That’s two more points of contention on a very busy I/O completion port. So your attempt to remove one contention point on a busy file object turned into the addition of two contention points on an even busier I/O completion port!


The post Why you might need additional control over the secret event hiding inside the file object appeared first on The Old New Thing.

Still in LA [Whatever]

This photo is in many ways a perfect encapsulation of LA: A calm, serene pond with landscaping and trees, and directly behind it, as you can see through the aforementioned trees, a freeway, jammed with cars. Which I then had to get on at some point to get to my next meeting.

It was a good day regardless. A talked to some folks about a show I have in development, talked to other people about a script I wrote, talked still other people about other possible projects and had a glazed with sprinkles from Trejo’s Coffee and Donuts. Truly, an LA experience all around.

Three more meetings today. Off we go.


A serious question [Charlie's Diary]

(Because I am still elbow-deep in the guts of "Invisible Sun", blogging is sparse right now ...)

I just asked a couple of questions on twitter, and I thought you might like to share the misery.

SERIOUS QUESTION for space geeks:

  1. The flight of Apollo 11. Postulate that Mike Collins is a werewolf. At what point during trans-Lunar injection does he go furry? And how many times during the mission profile is he forced to shapeshift by the light of the full Moon?


  1. A full Moon must subtend an angle of at least 0.5 degrees to trigger shapeshifting in werewolves. A werewolf is aboard a spaceship bound for Ganymede, largest moon of Jupiter. In low Ganymede orbit, how many Jovian moons trigger shapeshifting?


  1. Werewolves are real.

  2. Shapeshifting is not triggered by direct exposure to the light of the full Moon, but by the existence of a full, uneclipsed Moon in the sky (otherwise werewolves could just hole up indoors to avoid furry hijinks).

  3. Werewolves shapeshift involuntarily in an arbitrary short period of time (WARNING: any discussion of relativitic effects or the use of werewolves as an FTL signaling mechanism will be firmly discouraged).

  4. A Moon other than Earth's moon suffices, but it must be a primary Moon (by IAU definition) and not a Moon of a Moon, and also it must subtend an angle of no less than 0.5 degrees to be effective. Earthrise, from Lunar orbit, is not a lycanthropy trigger.

  5. The first rule of Vampires is: Vampires do not exist. (See also "The Rhesus Chart").

Have at it!


Bloomberg, part 3 [Scripting News]

Bloomberg was NYC mayor after 9/11, during and after the 2008 financial crisis and Hurricane Sandy. The city recovered from all, though we could discuss his mistakes during all.

In the debate we should’ve talked about how we’re going to restore Congress, rule of law, the Constitution, courts in the aftermath of Trump, which will be like all three NYC disasters Bloomberg dealt with.

I don’t think Bloomberg had any possible response to Warren's attacks, any more than Al Franken could respond to the attacks that forced him to resign.

We need all hands on deck to rebuild after the superstorm terrorist attack happening right now in the US. Bloomberg will be part of that, whether or not he's the candidate.

The greed and selfishness on that stage was appalling. From Warren and Sanders, who I will vote against every chance I get (except if the other choice is trump of course).


Security updates for Friday []

Security updates have been issued by CentOS (openjpeg2), Debian (cloud-init, jackson-databind, and python-reportlab), Red Hat (ksh, python-pillow, systemd, and thunderbird), Slackware (proftpd), SUSE (java-1_7_0-ibm, nodejs10, and nodejs12), and Ubuntu (ppp and squid, squid3).


Policy vs Technology [Schneier on Security]

Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don't remember who else. We met with then Massachusetts Representative Ed Markey. (He didn't become a senator until 2013.) Back then, he and Vermont Senator Patrick Leahy were the most knowledgeable on this issue and our biggest supporters against government backdoors. They still are.

Markey was against forcing encrypted phone providers to implement the NSA's Clipper Chip in their devices, but wanted us to reach a compromise with the FBI regardless. This completely startled us techies, who thought having the right answer was enough. It was at that moment that I learned an important difference between technologists and policy makers. Technologists want solutions; policy makers want consensus.

Since then, I have become more immersed in policy discussions. I have spent more time with legislators, advised advocacy organizations like EFF and EPIC, and worked with policy-minded think tanks in the United States and around the world. I teach cybersecurity policy and technology at the Harvard Kennedy School of Government. My most recent two books, Data and Goliath -- about surveillance -- and Click Here to Kill Everybody -- about IoT security -- are really about the policy implications of technology.

Over that time, I have observed many other differences between technologists and policy makers -- differences that we in cybersecurity need to understand if we are to translate our technological solutions into viable policy outcomes.

Technologists don't try to consider all of the use cases of a given technology. We tend to build something for the uses we envision, and hope that others can figure out new and innovative ways to extend what we created. We love it when there is a new use for a technology that we never considered and that changes the world. And while we might be good at security around the use cases we envision, we are regularly blindsided when it comes to new uses or edge cases. (Authentication risks surrounding someone's intimate partner is a good example.)

Policy doesn't work that way; it's specifically focused on use. It focuses on people and what they do. Policy makers can't create policy around a piece of technology without understanding how it is used -- how all of it's used.

Policy is often driven by exceptional events, like the FBI's desire to break the encryption on the San Bernardino shooter's iPhone. (The PATRIOT Act is the most egregious example I can think of.) Technologists tend to look at more general use cases, like the overall value of strong encryption to societal security. Policy tends to focus on the past, making existing systems work or correcting wrongs that have happened. It's hard to imagine policy makers creating laws around VR systems, because they don't yet exist in any meaningful way. Technology is inherently future focused. Technologists try to imagine better systems, or future flaws in present systems, and work to improve things.

As technologists, we iterate. It's how we write software. It's how we field products. We know we can't get it right the first time, so we have developed all sorts of agile systems to deal with that fact. Policy making is often the opposite. U.S. federal laws take months or years to negotiate and pass, and after that the issue doesn't get addressed again for a decade or more. It is much more critical to get it right the first time, because the effects of getting it wrong are long lasting. (See, for example, parts of the GDPR.) Sometimes regulatory agencies can be more agile. The courts can also iterate policy, but it's slower.

Along similar lines, the two groups work in very different time frames. Engineers, conditioned by Moore's law, have long thought of 18 months as the maximum time to roll out a new product, and now think in terms of continuous deployment of new features. As I said previously, policy makers tend to think in terms of multiple years to get a law or regulation in place, and then more years as the case law builds up around it so everyone knows what it really means. It's like tortoises and hummingbirds.

Technology is inherently global. It is often developed with local sensibilities according to local laws, but it necessarily has global reach. Policy is always jurisdictional. This difference is causing all sorts of problems for the global cloud services we use every day. The providers are unable to operate their global systems in compliance with more than 200 different -- and sometimes conflicting -- national requirements. Policy makers are often unimpressed with claims of inability; laws are laws, they say, and if Facebook can translate its website into French for the French, it can also implement their national laws.

Technology and policy both use concepts of trust, but differently. Technologists tend to think of trust in terms of controls on behavior. We're getting better -- NIST's recent work on trust is a good example -- but we have a long way to go. For example, Google's Trust and Safety Department does a lot of AI and ethics work largely focused on technological controls. Policy makers think of trust in more holistic societal terms: trust in institutions, trust as the ability not to worry about adverse outcomes, consumer confidence. This dichotomy explains how techies can claim bitcoin is trusted because of the strong cryptography, but policy makers can't imagine calling a system trustworthy when you lose all your money if you forget your encryption key.

Policy is how society mediates how individuals interact with society. Technology has the potential to change how individuals interact with society. The conflict between these two causes considerable friction, as technologists want policy makers to get out of the way and not stifle innovation, and policy makers want technologists to stop moving fast and breaking so many things.

Finally, techies know that code is law­ -- that the restrictions and limitations of a technology are more fundamental than any human-created legal anything. Policy makers know that law is law, and tech is just tech. We can see this in the tension between applying existing law to new technologies and creating new law specifically for those new technologies.

Yes, these are all generalizations and there are exceptions. It's also not all either/or. Great technologists and policy makers can see the other perspectives. The best policy makers know that for all their work toward consensus, they won't make progress by redefining pi as three. Thoughtful technologists look beyond the immediate user demands to the ways attackers might abuse their systems, and design against those adversaries as well. These aren't two alien species engaging in first contact, but cohorts who can each learn and borrow tools from the other. Too often, though, neither party tries.

In October, I attended the first ACM Symposium on Computer Science and the Law. Google counsel Brian Carver talked about his experience with the few computer science grad students who would attend his Intellectual Property and Cyberlaw classes every year at UC Berkeley. One of the first things he would do was give the students two different cases to read. The cases had nearly identical facts, and the judges who'd ruled on them came to exactly opposite conclusions. The law students took this in stride; it's the way the legal system works when it's wrestling with a new concept or idea. But it shook the computer science students. They were appalled that there wasn't a single correct answer.

But that's not how law works, and that's not how policy works. As the technologies we're creating become more central to society, and as we in technology continue to move into the public sphere and become part of the increasingly important policy debates, it is essential that we learn these lessons. Gone are the days when we were creating purely technical systems and our work ended at the keyboard and screen. Now we're building complex socio-technical systems that are literally creating a new world. And while it's easy to dismiss policy makers as doing it wrong, it's important to understand that they're not. Policy making has been around a lot longer than the Internet or computers or any technology. And the essential challenges of this century will require both groups to work together.

This essay previously appeared in IEEE Security & Privacy.


Error'd: Identification Without Authentication [The Daily WTF]

Mark M. wrote, "While I was reading the Feb 6th DailyWTF, Feedly chimed in with this helpful comment that really put it in context."   "I was looking for a wireless keyboard on Amazon...


Action figures [Seth's Blog]

Those little plastic figurines don’t actually move. If we’re being honest, they’re not action figures, they’re remind-us-of-action figures.

Many of the totems in our lives don’t actually do anything all on their own. Books don’t read themselves, and flowers don’t love us.

But they can represent something. They can remind us of what’s possible. They can trigger us to be in the right state of mind.

Consider surrounding yourself with totems that invite generous action. They’re souvenirs of your best self.


Activision Subpoenas Reddit to Identify Call of Duty Warzone ‘Leaker’ [TorrentFreak]

Sometime last week, speculation that a new Call of Duty ‘battle royale’ mode might be due for a March launch began to intensify.

Noted leaker TheGamingRevoYT (TheGamingRevolution) posted footage on YouTube claiming to be from the ‘Warzone’ mode and as VGC reported, players were able to glitch into menus following the Season 2 update.

It didn’t take long to work out that Activision was unhappy with the leaks. The video posted by TheGamingRevoYT was taken down, leaving a notice behind declaring that the video was no longer available due to a copyright claim by the gaming giant.

Around the same time – perhaps earlier, perhaps a little later – a Reddit user called Assyrian2410 took to Reddit’s /r/modernwarfare to post a new thread. “I found this image online. Not sure what it is. Possibly Battle Royale,” he or she wrote.

The thread linked to an image, hosted by Reddit. According to a source detailing the captured image and crediting it to the user, it shows Call of Duty soldiers standing on top of a downed chopper. Most strikingly, the text in the background shouts “CALL OF DUTY: WARZONE.”

According to a user who participated in the Reddit thread, TheGamingRevolution confirmed on Twitter that the image was “legit”. However, the tweet was removed and according to Twitter, that account has now been suspended. Another tweet, published by a moderator of the /r/modernwarfare sub-Reddit, was also “withheld in response to a report from the copyright holder.”

Whether any further action is being taken against most of the alleged leakers listed above or indeed the many others around the web remains unclear. However, documents obtained by TorrentFreak show that Activision has taken to a US court in an effort to discover the identity of Reddit user Assyrian2410.

In a filing on February 14, 2020 at a California district court, attorneys acting for Activision requested a DMCA subpoena against Reddit.

“Petitioner, Activision Publishing, Inc. through its undersigned counsel of record, hereby requests that the Clerk of this Court issue a subpoena to Reddit, Inc. to identify alleged infringers at issue, pursuant to the Digital Millennium Copyright Act (‘DMCA’), 17 U.S.C. § 512(h),” the request reads.

“The DMCA Subpoena is directed to Reddit, Inc. Reddit is the service provider to which the subject of the subpoena – Reddit user ‘Assyrian241O’ – posted infringing Activision content.”

As the image shows, the proposed subpoena provides a Reddit URL where the supposedly infringing content was published. However, rather than listing the specific Reddit URL where the actual image was hosted, it instead references the Reddit discussion thread.

No infringing content was posted in the thread itself and the actual image URL isn’t mentioned at all in the subpoena request. In any event, the image was deleted days ago.

Nevertheless, Activision claims that the image content infringes its exclusive rights under copyright law, “Specifically, it infringes Activision’s rights in its popular video game “Call of Duty: Modern Warfare,” the request adds.

The image in question is currently being used on many gaming sites in articles discussing Warzone but it’s unclear whether the Reddit user was the source of the original material. However, an aggravating factor can be found in the thread itself.

Contrary to the initial claim, that the user “found this image online”, he or she later confessed to it being sent to them by an “inside source”. That raises the question of who Activision is more interested in – the Reddit user or the person who sent them the image, possibly from inside Activision or a related company.

Despite the URL issue, the seemingly deficient subpoena request was signed off by the clerk of the court and will now be delivered to Reddit, which is required to hand over the personal details of its user by February 29, 2020.

Whether it will or can comply is currently unknown. The Assyrian241O account was deleted days ago but it’s not clear what data Reddit retains on users after such an event, particularly in light of a legal issue.

The DMCA subpoena request and related documents can be found here (1,2,3 pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Comic: Incremental [Penny Arcade]

New Comic: Incremental


Analog and D-Pad 06.32 [Ctrl+Alt+Del Comic]

*Dusts Hands*

#6 Done.

The post Analog and D-Pad 06.32 appeared first on Ctrl+Alt+Del Comic.


In Defence of Speciesism [George Monbiot]

Why might it be right to shoot deer, but not human beings?

By George Monbiot, published in the Guardian 19th February 2020

Though the protest was against me, I sympathised. When demonstrators outside the theatre where I was speaking last week asked the audience to call me out as a killer, I didn’t dispute their claim. I am a killer.

While making our film for Channel 4, Apocalypse Cow, I shot a deer. If it helps (though it didn’t help the deer), I hated every minute of it, from picking up the rifle and learning to use it, to finding and stalking the innocent animal, then shooting it through the chest from 180 metres, watching it rear into the air, stumble, spasm and die. It was a gruesome, horrible experience. I was seeking to demonstrate the realities of ecological restoration. If, I reasoned, we believe something is right, we should be prepared to do it ourselves. But do we really have the right to take another life?

The problem arises in this case because of humanity’s disastrous intervention in the ecology of the Scottish Highlands. By exterminating wolves and lynx, we released the deer from predation, and their numbers exploded. Because tree seedlings are highly nutritious, the deer selectively browse them out. A rich mosaic of habitats becomes a drab monotony of heather and rough grass. The deer I shot was one of thousands killed on the Glenfeshie estate in the Cairngorms. As a result of this cull, the trees are returning. The regenerating forests are full of birds and other mammals.

Surely, as the protesters insisted, there is an alternative? Some of us have campaigned for years for the return of wolves and lynx, but it cannot happen without widespread public consent, and this takes time. In the meantime, what should be done? Their favoured alternatives are contraception or fencing.

To fire a contraceptive dart into a deer, you have to approach to within 40 metres. But because the deer have wiped out the trees, you can rarely get that close. Even if you could find some other, ecologically-safe means of delivering the chemicals (none yet exists), suppressing fertility across a population is extremely difficult, perhaps impossible. A review of the science concluded that “for wild deer populations, contraception is not a substitute for hunting”.

Some landowners seek to fence out the deer. It’s extremely expensive, and difficult on steep mountainsides. When it works, it creates two dysfunctional and unbalanced ecosystems: one with too many herbivores, the other with none. If fencing took place on a large enough scale to make an ecological difference, huge numbers of deer, deprived of subsistence, would starve. Their deaths would be slow and agonising.

I corresponded with a member of the protest group, who raised a much deeper issue: speciesism. “If it were valid to kill deer for their environmental impact, why would it not be valid to kill humans for their far worse environmental impact? … There is no coherent argument based on different levels of cognition or even sentience, since the deer you killed was far higher in both than numerous severely mentally disabled or comatose humans, as well as newborn babies for that matter.” Though his views are clearly influenced by the philosopher Peter Singer, he – with other animal rights activists I’ve met – goes way beyond Singer’s utilitarianism. “Animal rights, like human rights,” my correspondent argued, “are individual rights. It is never acceptable to decide to sacrifice one individual in order to arguably do others good.”

But inaction in this situation is freighted with the same moral problems as action. As a result of prior human intervention (exterminating their predators), refraining from killing deer means killing other wildlife. To respect the life of the deer is to disrespect the life of the capercaillie, the crossbill, the goshawk, the wildcat, the red squirrel and the pine marten. By leaving deer alone, we sacrifice other animals individually and en masse. This conflict is sharpened by the fact that many landowners deliberately keep their deer numbers high, partly because stalking estates are valued for sale by the number of stags. For completely different reasons, like the animal activists they value the lives of the deer above those of other species.

Were we to apply a universal prohibition on killing other animals, even vegans would starve. Though a plant-based diet requires much less land (including less arable land) than a meat-based diet, it still results in the inevitable death or exclusion of other animals, from the mouse scooped up by the combine harvester to the owl that would have lived in the woods the field replaced. No animal can sustain its existence without privileging itself above other lifeforms. Even when our minds reject it, our stomachs insist on speciesism.

At the other end of this spectrum of thought, the Norwegian philosopher Ole Martin Moen contends that because wild mammals and birds endure a great deal of distress, caused by predation, disease and hunger, we should relieve it by “drastically reducing the size of wildlife populations”, and confining the survivors to parks, where humans could look after them. If he had evinced any understanding of ecology, or of the scale and consequences of the intervention he suggests, or had recognised that wild animals feel pleasure as well as pain, his argument might merit a response. Nevertheless, we seem determined to implement this ridiculous idea, if not for the reasons he proposes. 

Between these poles –  kill nothing and kill almost everything – lies the pragmatic aim of maximising the diversity and abundance of non-human life on Earth, while securing our own survival. But this doesn’t answer the activist’s central and important point. If it’s acceptable to kill wild animals to alleviate environmental damage, why is it not acceptable to kill humans? In other words, why might we see other animals’ right to life as negotiable, and the human right to life as absolute?

Because if we did otherwise, society would fall apart. The powerful would decide that the powerless must die for the greater good, as they have done many times before. Our relations would be characterised by extreme distrust and perpetual violence. We could not work together for any purpose, including environmental protection.

Yes, I am a speciesist. Not because I believe human beings are innately superior to other animals, but because I believe we cannot live together (or even alone) without privileging our own existence. We don’t have to see ourselves as the divinely appointed stewards of creation to recognise that we bear responsibility for restoring the magnificent living systems we have harmed. And we don’t have to deny our bias towards ourselves to defend the lives of other beings.


Girl Genius for Friday, February 21, 2020 [Girl Genius]

The Girl Genius comic for Friday, February 21, 2020 has been posted.


Best Friends Foreveryone [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

There's only one requirement to be Torpor's best friend.



Norbert Preining: Okular update for Debian [Planet Debian]

The quest for a good tabbed pdf viewer lead me okular. While Gnome3 has gone they way of “keep it stupid keep it simple” to appeal to less versed users, KDE has gone the opposite direction and provides lots of bells and knobs to configure their application. Not surprisingly, I am tending more and more to KDE apps away from the redux stuff of Gnome apps.

Unfortunately, okular in Debian is horrible outdated. The version shipped in unstable is 17.12.2, there is a version 18.04 in experimental, and the latest from upstream git is 19.12.2. Fortunately, and thanks to the Debian maintainers, the packaging of the version in experimental can be adjusted without too much pain to the latest version, see this git repo.

You can find the sources and amd64 packages in my Debian repository:

deb unstable main
deb-src unstable main



If you’re not keeping the parameter, then you still want to have separate T const& and T&& overloads [The Old New Thing]

Last time, I noted that if you plan on keeping the parameter anyway, then there’s no need to have separate T const& and T&& overloads. However, the converse also applies: If you’re not keeping the parameter, then you still want to have separate T const& and T&& overloads.

To recap, we started with a class like this:

class Widget
  void SetValues(std::vector<int> const& values)
    m_values = values;

  void SetValues(std::vector<int>&& values)
    m_values = std::move(values);
  std::vector<int> m_values;

We were able to simplify this to

class Widget
  void SetValues(std::vector<int> values)
    m_values = std::move(values);

  std::vector<int> m_values;

because we are going to keep the parameter either way. (The old way resulted in either a copy or a move. The new way produces either a copy+move or a move. The expectation is that a single move is relatively inexpensive.)

However, the simplification doesn’t apply if we are not the ones consuming the value.

Widget CreateWidgetWithValues(std::vector<int> values)
  Widget widget;
  return widget;

In this case, we are moving the values onward to the SetValues method, who is the final consumer. Writing the method this way generates an extra move constructor, because we have to move the value from our inbound parameter into the outbound parameter to SetValues. We also incur an extra destruction of our now-empty inbound parameter. If the parameter is passed through multiple layers, each layer adds an extra move constructor and destruction.

Since we are not the final consumer, we should forward the parameter.

template<typename Values>
Widget CreateWidgetWithValues(Values&& values)
  Widget widget;
  return widget;

Unfortunately, this causes us to break existing code, since you cannot forward uniform initialization.

// doesn't work any more
CreateWidgetWithValues({ range.begin(), range.end() });

We end up returning to the overload.

Widget CreateWidgetWithValues(const std::vector<int>& values)
  Widget widget;
  return widget;

Widget CreateWidgetWithValues(std::vector<int>&& values)
  Widget widget;
  return widget;

I’m not too happy with this, though. Maybe there’s an easier way. Let me know.

Bonus chatter: The Microsoft compiler makes the function responsible for destructing its inbound parameters, in which case the code to destruct the std::vector<int> is part of the consuming function and is therefore shared. gcc and clang make it the caller’s responsibility, so the destruction of the parameter is repeated at each call site.

The post If you’re not keeping the parameter, then you still want to have separate <CODE>T const&</CODE> and <CODE>T&&</CODE> overloads appeared first on The Old New Thing.

Thursday, 20 February



Internet of Things Candle [Schneier on Security]

There's a Kickstarter for an actual candle, with real fire, that you can control over the Internet.

What could possibly go wrong?


Italian Police Report 223 Pirate IPTV Subscribers to the Judicial Authorities [TorrentFreak]

Last summer the pirate IPTV market was thrown into turmoil when Italian authorities took down Xtream-Codes.

The IPTV management service was believed to be connected to 5,000 pirate services that catered to around 50 million end-users.

The enforcement actions caused problems at many IPTV services, with IPTV traffic dropping by half, but in the weeks that followed many providers managed to recover. That doesn’t mean, however, that law enforcement authorities are giving up.

This week the Guardia di Finanza (GdF), the law enforcement agency connected to the Italian Ministry of Economy and Finance, announced another IPTV-related enforcement operation. This time, it is targeted at customers of these pirate IPTV services.

Following an in-depth investigation, Guardia di Finanza tracked down 223 subscribers of illegal IPTV services. These people were subsequently reported to the judicial authorities, where they face further prosecution.

According to the law enforcement agency, the investigation remains ongoing. This means that more IPTV subscribers may be identified and reported in the future.

The subscribers in question are being held responsible for the crime of “receiving stolen goods.” If found guilty, they risk a penalty of 25,000 euros as well as an eight-year prison sentence, the authorities state.

The investigations were carried out with help from Italian anti-piracy group FAPAV, which provided technical assistance. FAPAV sees IPTV piracy as a major and growing threat to the entertainment industries.

Federico Bagnoli Rossi, Secretary-General of FAPAV, thanks Guardia di Finanza for its operation which he believes is needed to show that end users are also at risk.

“The operation is crucial because, for the first time in Italy, it doesn’t only focus on the operators of the pirate portals but also the users of these services,” Rossi says.

FAPAV hopes that these enforcement actions will continue. It believes that the growing problems pirate IPTV services cause are underestimated, so clamping down on all aspects is essential.

“In just one year we have seen an increase of over a million [pirate IPTV] users,” Rossi notes, adding that copyright holders are severely affected by these illegal services.

If and how many of the reported IPTV subscribers will indeed be prosecuted is unknown. However, the operation does show that subscribers are not untouchable, which will likely be used as a warning message to others.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Gunnar Wolf: Made with Creative Commons at FIL Minería [Planet Debian]

Book presentation!

Again, this message is mostly for people that can be at Mexico City on a relatively short notice.

Do you want to get the latest scoop on our translation of Made with Creative Commons? Are you interested in being at a most interesting session presented by the two officials of Creative Commons Mexico chapter, Irene Soria (@arenita) and Iván Martínez (@protoplasmakid) and myself?

Then… Come to the always great 41 Feria Internacional del Libro del Palacio de Minería! We will have the presentation next Monday (2020.02.24), 12:00, in Auditorio Sotero Prieto (Palacio de Minería).

How to get there? Come on… Don’t you know one of the most iconic and beautiful buildings in our historic center? 😉 Information on getting to Palacio de Minería.

See you all there!


Link [Scripting News]

A new version of LO2, v1.8.8. This is the first one that can publish twitter threads. Also fixes to keystrokes. Here are the change notes.

Link [Scripting News]

A short podcast explaining the new version of LO2.

Pluralist, a daily link-dose: 20 Feb 2020 [Cory Doctorow's]

Today’s links

  1. The 2020 Nebula Award Finalists: a bumper crop of outstanding SF
  2. Uber driver/sharecroppers drive like maniacs to make quota: subprime lending + gig economy = stay off the roads
  3. Barclay’s bankers forced to endure nagging work-computer spyware: the shitty technology adoption curve at work
  4. Bernie Sanders leads in 10 out of 10 polls: but unless he can get a majority of pledged delegates, he’ll be ratfucked by superdelegates
  5. Bloomberg: kids only like Sanders because they’re stupid: “Because our kids no longer learn civics in school they longer study Western history, they no longer read Western literature…”
  6. “Secure erase” with a bolt-cutter: Jamie Zawinski doesn’t mess around when it comes to getting rid of old hard drives.
  7. Adding 2 inches of tape to a road-sign induces sudden 50mph acceleration in Teslas: Adversarial examples are unstoppable.
  8. Colophon: Recent publications, current writing projects, upcoming appearances, current reading

The 2020 Nebula Award Finalists

Ooh, they’ve announced the Nebula Award finalists! It’s a pretty fucking GREAT roster! Congrats to all the nominees! Go you!

Best novel:

  • Marque of Caine, Charles E. Gannon
  • Ten Thousand Doors of January, Alix E. Harrow
  • A Memory Called Empire, Arkady Martine
  • Gods of Jade and Shadow, Silvia Moreno-Garcia
  • Gideon the Ninth, Tamsyn Muir
  • A Song for a New Day, Sarah Pinsker

Best novella:

  • Anxiety Is the Dizziness of Freedom, Chiang
  • The Haunting of Tram Car 015, Djèlí Clark
  • This Is How You Lose the Time War, Amal El-Mohtar & Gladstone
  • Her Silhouette, Drawn in Water, Vylar Kaftan
  • The Deep, Rivers Solomon et al
  • Catfish Lullaby, AC Wise

Best novelette:

  • A Strange Uncertain Light, GV Anderson
  • For He Can Creep, Siobhan Carroll
  • His Footsteps, Through Darkness & Light, Mimi Mondal
  • The Blur in the Corner of Your Eye, Sarah Pinsker
  • Carpe Glitter, Cat Rambo
  • The Archronology of Love, Caroline M Yoachim

Best short story:

  • Give the Family My Love, AT Greenblatt
  • The Dead, In Their Uncontrollable Power, Karen Osborne
  • And Now His Lordship Is Laughing”, Shiv Ramdas
  • 10 Excerpts from an Annotated Bibliography on the Cannibal Women of Ratnabar Island, Nibedita Sen
  • A Catalog of Storms, Fran Wilde
  • How the Trick Is Done”, AC Wise

Full roster and details on the Nebula Awards Weekend (Los Angeles, May 28-31) here:

Uber driver/sharecroppers drive like maniacs to make quota

When Imran Khan got into an Uber, his driver explained that the reason all the other Ubers in their traffic jam were driving so unsafely is that they’re sharecroppers hiring their cars from a millionaire who won’t pay them until they make quota.

The drivers are too economically precarious to lease cars on their own, so this guy acts as a subprime lender, and part of his deal is that the payments Uber sends to the drivers actually get diverted to his bank account, and they don’t see a penny until they hit quota.

They’re people who are working fulltime jobs and then driving Uber before and after those jobs to make ends meet. So they have to (literally) cut corners if they’re going to make this work, but if they get a ticket or lose points due to passenger reviews, they lose the car.

This was in DC, and the subprime loan-shark was based in Virginia, but you can imagine that it happens everywhere (Kahn’s replies from passengers who’ve heard the same tale elsewhere suggests that this is true).

If you get run down by one of these guys, it’s the market at work: their access to capital is limited by their economic situation; their wages are determined by supply and demand, they need to eat, clothe themselves, and have shelter. This is a totally predictable outcome.

Barclay’s bankers forced to endure nagging work-computer spyware

Bankers at Barclays are furious that their computers have been fitted with employer-provided spyware that monitors every keystroke and nags them if they’re not working hard enough. This is a great example of the Shitty Technology Adoption Curve: first we subject powerless people to bad technology and use them to normalize it even as we sand the rough edges off using their lives as sandpaper.

Then we work our way up the privilege gradient, to people with more and more social power. First it’s kids, or homeless people, or refugees, or benefits recipients or criminals. Then it’s blue collar workers, university students and library patrons. Finally it’s low-level white-collar workers, then their managers, then, eventually CEOs (as I’ve often said, CCTVs that watch you while you eat went from supermax prisons to Google Home in a generation).

“The system tells staff to “avoid breaks” as it monitors their productivity in real-time, and records activities such as toilet visits as ‘unaccounted activity’.”

“It added: ‘Tips: mute the phone, disable email/chat pop-ups, avoid breaks for 20+ minutes, 2–3 times a day.'”

Bernie Sanders leads in 10 out of 10 polls

Ten out of ten national polls put Bernie Sanders in a commanding lead over other candidates for the Democratic leadership. However, he is unlikely to attain a majority of delegates at the DNC, meaning the “superdelegates” will get to throw out the party members’ primary votes and impose an establishment candidate on the country.

However, he is unlikely to attain a majority of delegates at the DNC, meaning the “superdelegates” will get to throw out the party members’ primary votes and impose an establishment candidate on the country: “There’s simply not much ambiguity right now that Sanders is the first choice of a plurality of Democrats nationwide.”

Bloomberg: kids only like Sanders because they’re stupid

Michael Bloomberg, 2016, Oxford University: “Young people listened to Sanders…Because our kids no longer learn civics in school they longer study Western history, they no longer read Western literature…” “We are trying to change and dumb down the system and if you don’t know what happened in the past you’re going to have to relive it.”

Or, as Vice put it, “Bloomberg has a surprising theory about why young people love Sanders: They’re morons.”

Bloomberg: “The solution to our problems is to improve education, not to try to penalize people because they are successful. If you don’t have successful people you’re never going to have the wherewithal to support to help those who are not. We’ve tried socialism, it doesn’t work.”

Basically: eugenics. Some people are Atlases and we’d better not piss them off or they might shrug and leave the rest of us in the cold. Bloomberg has $64b in assets and the median US worker has $69k in assets because Bloomberg is worth 927,536 times more than that worker. Inequality is always comorbid with eugenics. If you can’t admit that no one can “earn” a billion dollars, then you have to stipulate that some people are just worth a lot more than the rest of us.

“Secure erase” with a bolt-cutter

When Jamie Zawinski wants to securely erase his data, he doesn’t mess about. His break-my-drive-in-half-with-a-bolt-cutter method is a lot less messy than my tried-and-true hit-it-with-a-hammer method.

Adding 2 inches of tape to a road-sign induces sudden 50mph acceleration in Teslas

McAfee security researchers stuck a 2″ strip of black tape on 35mph speed limit sign so that it kinda-sorta looked like an 85mph sign, then ran autopiloting Teslas past it: they automagically accelerated by 50mph after detecting it.

McAfee reported it to Tesla and Mobileeye, who do some of the autopilot stuff, and neither vendor plans to address it.

The ML term for this is “adversarial example” – that’s when you make small changes, including human-imperceptible ones, that cause otherwise reliable ML classifiers to misfire terribly.

I once had a dinner conversation with the CSO of one of the largest ML companies in the world. They confided that they believed you could never eliminate adversarial examples from classifiers, meaning they would always be vulnerable to this kind of attack. If that’s right, the implications are staggering. It basically means you shouldn’t use ML in any situation where someone is incentivized to trick it.

So maybe you can use it on a conveyor belt in a recycling plant to sort plastics from paper and direct a robot-arm. But almost every application for ML eventually becomes adversarial.

ML is supposedly pretty good at distinguishing precancerous moles from benign ones, which sounds non-adversarial. But consider the doctor who wants to gin up billings for unnecessary surgeries, or the insurer that wants pretences to deny necessary ones.

It doesn’t take a lot of imagination to see how the trajectory of most (if not all) ML classifiers is to be in adversarial situations. If we can’t provably demonstrate that a classifier is immune to adversarial examples (including ones as trivial as “2 inches of tape on a sign”), there’s not a whole lot of applications for them in the long-term.


Today’s top sources: Slashdot ( and Naked Capitalism (

Hugo nominators! My story “Unauthorized Bread” is eligible in the Novella category and you can read it free on Ars Technica:

Upcoming appearances:

Currently writing: I just finished a short story, “The Canadian Miracle,” for MIT Tech Review. It’s a story set in the world of my next novel, “The Lost Cause,” a post-GND novel about truth and reconciliation.

Currently reading: I finished Andrea Bernstein’s “American Oligarchs” yesterday; it’s a magnificent history of the Kushner and Trump families, showing how they cheated, stole and lied their way into power. I’m getting really into Anna Weiner’s memoir about tech, “Uncanny Valley.” I just loaded Matt Stoller’s “Goliath” onto my underwater MP3 player and I’m listening to it as I swim laps.

Latest podcast: Persuasion, Adaptation, and the Arms Race for Your Attention:

Upcoming books: “Poesy the Monster Slayer” (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here:

(we’re having a launch for it in Burbank on July 11 at Dark Delicacies and you can get me AND Poesy to sign it and Dark Del will ship it to the monster kids in your life in time for the release date).

“Attack Surface”: The third Little Brother book, Oct 20, 2020.

“Little Brother/Homeland”: A reissue omnibus edition with a very special, s00per s33kr1t intro.


Crone [Nina Paley]

Another drawing for me.

But you can commission your own Hundred Dollar Drawing.


Link [Scripting News]

After all the dust settles, the question Bloomberg asked about starting businesses, that's micro-targeted at me. Yes, I have started businesses. And I've built networks of software with millions of nodes.



Link [Scripting News]

We need to view the government as a system, and unsentimentally fix the broken stuff, while preserving and enhancing the best core ideas that define America.


RevK 2.0 [RevK®'s rants]

So, I think I have svn reverted to 1.0, or maybe 0.9 now, as I have a cold, but my mates were talking of RevK 2.0 over the last month.

Largely because I let them talk me in to :-

  • Going out in the sunshine - in tropical climates
  • Sitting on a sunny breach
  • Going to a Jazz bar
  • A tour of a warship
  • A tour of an aircraft carrier
  • Swimming in the sea
  • Swimming with dolphins
  • Snorkelling (well, I tried, but kept hyperventilating)
  • Parasailing (felt sick, life jacket was too tight)
  • Boat trip to see crocodiles (they were mostly tiny)
  • Going on a submarine (albeit docked)
  • Several open top bus tours (which I do not normally go near)
  • A walking tour in a hot city (Cartagena, Columbia)
  • Taking a picture of an Aruba access point, in Aruba
  • Oh, and wearing a Panama hat, in Panama
So over all, a fun trip! I did not do the jet skiing, just took pictures.

Here is a small selection of the pictures...


Four short links: 20 February 2020 [Radar]

  1. Hacker Laws — a lot of classics, like Cunningham’s Law: The best way to get the right answer on the internet is not to ask a question—it’s to post the wrong answer. And Kernighan’s Law: Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.
  2. A Practical Guide to Watchdogs for Embedded Systems — a lot of good advice and sample code.
  3. Not Everyone Thinks Moore’s Law is Overlegendary microprocessor engineer says, “I’m expecting more transistors every 2-3 years by a number large enough that how you think of computer architecture has to change. And his reasoning is sound as a generalization.
  4. ADS-B Data SharingThere are many websites tracking aircraft, and all of them rely on data shared by ADS-B fans. However, the access to aggregated ADS-B worldwide data is limited. The main goal of ADSBHub is to become a ADS-B data sharing center and valuable data source for all enthusiasts and professionals interested in development of ADS-B-related software. Collaborative project that has the best data for what’s in the air.


[$] Memory-management optimization with DAMON []

To a great extent, memory management is based on making predictions: which pages of memory will a given process need in the near future? Unfortunately, it turns out that predictions are hard, especially when they are about future events. In the absence of useful information sent back from the future, memory-management subsystems are forced to rely on observations of recent behavior and an assumption that said behavior is likely to continue. The kernel's memory-management decisions are opaque to user space, though, and often result in less-than-optimal performance. A pair of patch sets from SeongJae Park tries to make memory-usage patterns visible to user space, and to let user space change memory-management decisions in response.


The Big Idea: Michael R. Johnston [Whatever]

History doesn’t necessarily repeat itself, but it can inspire writing of the future — as Michael R. Johnston discovered as he started writing the series of which his latest novel, The Blood-Dimmed Tide, is part.


Some years ago, apparently unconvinced that being a full-time high school teacher, husband, and father (with a toddler!) was enough of a drain on my energy, I decided to go to grad school. This lasted only two semesters before I decided it had been a bad idea and walked away, but the decision to go, and one specific class, changed the course of my life.

The class, Modern Irish Literature, met at the ungodly hours of 6 to 9pm on Monday nights. We covered the literature of Ireland from the Easter Rising of 1916, through the War of Independence, the Irish Civil War and—much later—the Troubles, then up to the present day.

But while the class was fascinating, it wasn’t exciting. The first half of each class meeting was discussion of the reading, complete with student-generated “deep questions.” Sometimes the questions were provocative and thought-inducing, other times they were obtuse and unanswerable, but we’d spend a good hour and a half on them, batting ideas back and forth. And then the professor would read from his essays on the subject.

Listening to someone reading an essay is almost never exciting, and I would often find my mind wandering. One such night, I began to wonder if I could translate the Irish struggle for independence into a Science Fiction context. This was just me doodling, really, because I’d given up on the idea of writing professionally after three terrible novels (only later did I learn how many of my idols started by writing unpublishable novels). The more I thought about this idea, however, the more it began to feel like a story I had to write.

And then, after months of wrestling with it, throwing almost everything out and starting over several times, I had a novel. It got me accepted to Viable Paradise, where the remaining kinks were worked out of the story, and more importantly, my passion for being a professional writer—for writing stories other people would want to read and would pay for—was rekindled.

From late 2013 to early 2015, I rewrote the book, throwing out a lot of what I’d had, including the parts inspired by history. That became The Widening Gyre, my debut novel. In that story, starship captain Tajen Hunt and his crew discovered that their benevolent alien overlords are anything but benevolent. They kicked the Zhen off Earth and began to recolonize it with humans, no longer content with being second-class citizens of the Zhen Empire.

When I began The Blood-Dimmed Tide, I was able to return to the original idea of freedom fighters fighting a messy and complicated war. Many of the events in the novel are inspired by real events in Ireland, and the fates of some characters were informed by the fates of the real people who inspired them.

When The Blood-Dimmed Tide begins, Tajen thinks he’s got it all figured out. He found the lost Earth, he discovered the treachery of the Zhen, and he’s helped found a human colony to repopulate Earth. He even got the guy. He finally has a firm place to stand again.

But then everything he’s worked for is undone. The clean, easy space battles of Tajen’s past are replaced by a difficult fight for survival against an enemy that doesn’t care who they have to step on to get what they want. And, just as some Irish worked for the British, the Zhen have human agents among the people of Earth, working against the cause of human independence. Tajen is lost, his footing unsure, and he has to find his way back to stability.

Finally, just as in real life, there’s more going on than our heroes know, and events outside of their control are hurtling toward them.


The Blood-Dimmed Tide: Amazon|Barnes & Noble|Indiebound|Powell’s

Visit the author’s site. Follow him on Twitter.

Meanwhile, California [Whatever]

Oh, look, it’s the Pacific. They do keep that here, don’t they. Part of it, anyway.

Yesterday I took a meeting in Beverly Hills, probably walked past Brent Spiner (who was staring intently into his phone) on the street, saw a bit of an upcoming movie in an editing bay (it looked great) and then walked to ocean in Santa Monica. Today I have four, count them, four, meetings. LA is for business, folks. But it was nice to get to the ocean for a minute or two to take it in. I’d be happy to do more of that.


Notes on last night's debate [Scripting News]

Watched the whole debate last night in despair, watching our last hopes evaporate.

  • These debates are crazy.
  • They do nothing to help us find good leaders. Probably the opposite. People who think and listen before speaking are penalized. Yet this is what we need from a leader.
  • Has Bernie Sanders ever listened? To anyone? Ever?
  • Biden is even more pitiful. Please if someone loves him tell him to quit. He lost.
  • Amy doesn’t know when to shut up.
  • I have no words for the disaster that is Warren.

I were on the debate stage last night, I would have done what Bloomberg did. All these people yelling about crazy nonsense, a lot of it at me, should I join in the yelling? Fuck no.

People say Bloomberg didn't respond to the accusations. I listened to what he said, this is what I heard.

  • Yes, I made a lot of money, and I'm giving it all away.
  • I made jokes about women and paid for my sins.
  • A communist can't win in America.
  • I'm a manager. I'm going to manage this.
  • I'm sorry for my fuckups.

What his critics really mean is that he declined to partake in the food fight.

I was shocked when I realized that lots of people were going to vote for Trump. But that's nothing compared to the gobsmacking realization that enough people want Sanders that he might actually be the nominee.

  • I guess the way to win people's hearts is to yell at them and over them, wave your hands in their face, and never listen to anyone.
  • Sanders has a slogan for everything, except it's always the same slogan.
  • I think Sanders would be great on Crossfire. As president. Oh god help us.
  • Sanders is so awful he must be a Putin plant. When the oppo research comes out, obviously after he's nominated, I feel certain we're going to see pictures of him at dinner with Putin in Moscow with Jill Stein and Michael Flynn.

I think everyone could stand to re-watch Jon Stewart on Crossfire.

Felt sad when I realized Buttigieg is by far the youngest person on the stage, but Sanders is getting the support from young people.

Bob Bierman: "Man. Dems are going to have to do better than spend the evening taking easy razzle-dazzle shots at a billionaire who lacks theatricality and defensiveness but is giving all his money away to progressive causes. Where were the redirects to core issues?"

Brendan Greeley: "Bloomberg is an organization where journalists fly business class. I want to say that didn't matter but I also don't want to lie to you people."


C++/WinRT implementation extension points: abi_guard, abi_enter, abi_exit, and final_release [The Old New Thing]

C++/WinRT provides a few extension points for implementations to customize default behavior.

When the last reference to an object is released, the object is destroyed. However, you may need to do some special cleanup while the object is still alive. The classic example of this is COM objects suffering double-destruction due to a temporary refcount, and the standard solution is to artificially bump the reference count during destruction.

C++/WinRT classes can optionally implement a final_release method which is called with the last remaining reference to the object, in the form of a unique_ptr. The object is still live, so you can do normal things with it, like pass it to another method that may temporarily bump its reference count. You can even co_await in your final_release if you need to do some asynchronous work before letting the object finally disappear.

Normally, the object will destruct when the unique_ptr destructs, but you can hasten its death by calling unique_ptr.reset(), or you can postpone the inevitable by saving the unique_ptr somewhere. You can read Kenny Kerr’s discussion of final_release for more details.

The less commonly-used extension point is the abi_guard and its close friends abi_enter and abi_exit.

If your implementation defines a method abi_enter(), then it will be called at the entry to every interface method (not counting the methods of IInspectable). Similarly, if you define a method abi_exit(), it will be called at the exit from every interface method, but will not be called if abi_enter() throws an exception.

You might use abi_enter() to do something like throw an invalid_state_error exception if a client tries to use an object after it has been put into quasi-destructed state, say, after a Shut­Down() or Delete() method. The C++/WinRT iterator classes use this feature to throw a invalid_state_error exception in the abi_enter() method if the underlying collection has changed.

If the simple abi_enter() and abi_exit() methods aren’t fancy enough for you, you can define a nested class named abi_guard, in which case an instance of the abi_guard will be created on entry to each non-IInspectable interface method with a reference to the object as its constructor parameter. The abi_guard is destructed on exit from the interface method. You can put whatever extra state you like into the abi_guard class.

Basically, the deal is that the default abi_guard calls abi_enter() at construction and calls abi_exit() at destruction.

Note that these guards are used only if you invoke the methods via the interface. If you invoke the methods directly on the implementation object, then those calls go straight to the implementation without any guards.

struct Thing : ThingT<Thing, IClosable>
  void abi_enter();
  void abi_exit();

  void Close();

void example1()
  auto thing = make<Thing>();
  thing.Close(); // calls abi_enter and abi_exit

void example2()
  auto thing = make_self<Thing>();
  thing->Close(); // does not call abi_enter or abi_exit

Note also that the guards are used only for the duration of the method call. If the method is a coroutine, the guard applies only until until the IAsyncXxx is returned, not until the coroutine completes.

IAsyncAction CloseAsync()
  // guard is active here

  // guard becomes inactive once DoSomethingElseAsync
  // returns an IAsyncAction.
  auto action = DoSomethingElseAsync();

  // guard is not active here
  co_await action;


The post C++/WinRT implementation extension points: <CODE>abi_guard</CODE>, <CODE>abi_enter</CODE>, <CODE>abi_exit</CODE>, and <CODE>final_release</CODE> appeared first on The Old New Thing.


Security updates for Thursday []

Security updates have been issued by Debian (netty and netty-3.9), Fedora (ceph, dovecot, poppler, and webkit2gtk3), openSUSE (inn and rmt-server), Oracle (openjpeg2), Red Hat (rabbitmq-server), Scientific Linux (openjpeg2), SUSE (dnsmasq, rsyslog, and slurm), and Ubuntu (php7.0).


CodeSOD: It's For DIVision [The Daily WTF]

We’ve discussed the evil of the for-case pattern in the past, but Russell F offers up a finding which is an entirely new riff on this terrible, terrible idea. We’re going to do this is chunks,...


Court Gives ‘Dynamic’ Pirate Site-Blocking the Green Light in Spain [TorrentFreak]

The unlicensed streaming of live sporting events has presented problems for rightsholders for years but more recently, with the rise of ‘pirate’ IPTV services, it has become a worldwide issue.

The phenomenon is being tackled from multiple directions, from targeting third-party Kodi add-on and app developers to attacking systems such as Xtream-Codes. The overall aim, however, is to prevent end-users from accessing streams, primarily via web-blocking mechanisms.

Following a lawsuit filed last November and a ruling handed down by the Madrid Commerical Court, Spanish broadcaster Telefónica Audiovisual Digital hopes it can benefit from this approach. A copy of the decision, handed down on February 11, 2019, and obtained by Cinco Días, reveals a broad injunction that targets many of the country’s Internet service providers.

The injunction targets prominent operators such as Vodafone, Orange, MásMóvil, Euskaltel, Lycamobile, and also Telefónica Audiovisual Digital’s own ISP, Telefónica. As a starting point, it identifies 44 pirate sites and services (reportedly managed by 30 ‘known piracy groups’), requiring that their URLs, domain names, and IP addresses are blocked within 72 hours.

All ISPs will be required to notify Telefónica Audiovisual Digital when they have blocked these resources, stating the day, hour and minute in each case. In addition, the inunction has a trick up its sleeve, in that it allows the broadcaster to notify new sites, URLs, domains and IP addresses to the ISPs every week for blocking, without having to refer to the court for permission.

The ISPs will be advised of the new online locations at exactly the same and they will be expected to act expeditiously in order to prevent their customers from accessing their pirated streams.

“The blocking of the new web resources (URLs, domains or IP addresses) must be done under access in HTTP and HTTP protocols, and within a maximum period of three hours from the notification of the new listing,” the decision reads, as cited by Cinco Días.

This part of the injunction is an obvious move designed to mitigate the threat posed by pirate services that implement their own technical measures to prevent being blocked. The theory is that if live data can be relayed to ISPs regarding the services’ current locations, they can be tackled more efficiently, a mechanism often referred to as ‘dynamic’ blocking.

Dynamic blocking orders can take several forms, with the most basic targeting relatively static services such as torrent and web-based streaming portals.

One such injunction was handed down in Sweden recently against The Pirate Bay and several other sites, targeting the platforms themselves plus any new URLs or IP addresses that may subsequently appear. A similar one was obtained by Foxtel in Australia last August.

However, given the fluid nature of live stream providers, it seems likely that the injunction just handed down in Spain will be more comparable to those previously obtained by the Premier League covering the UK market and La Liga, active in Denmark.

The new injunction obtained by Telefónica Audiovisual Digital is reportedly valid until May 25, 2022, and covers three football seasons. The company was awarded football broadcasting rights in June 2018 and that license is set to expire in 2022.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Just getting through the day [Seth's Blog]

To what end?

Is tomorrow another day to get through?

After you get through all the days, then what happens?

What if we saw opportunities instead of tasks? Chances instead of risks?


Feeds | Fellows Inaugural Meeting 2020 [Planet GridPP]

Fellows Inaugural Meeting 2020 20 February 2020 - 9:55am


1376 [Looking For Group]

The post 1376 appeared first on Looking For Group.


Joe Marshall: Stupid pattern matching tricks [Planet Lisp]

There are a few pattern matching constructs in Common Lisp. For instance, destructuring-bind matches list structure against a tree of variable names and binds the variables accordingly. Macros can destructure their argument list. Even functions have simple keyword matching. These constructs don't give access to their pattern matchers as first-class objects, but perhaps you want that. You can construct a simple pattern matcher by wrapping one of these constructs in the appropriate macro.

We'll want the result of our pattern match to be an alist mapping symbols to the objects they matched with. First, we'll need a function that takes a pattern and returns a list of the variables in the pattern. flatten will work nicely for destructuring-bind:

(defun flatten (pattern)
  (cond ((null pattern) '())
 ((symbolp pattern) (list pattern))
 ((consp pattern) (append (flatten (car pattern))
     (flatten (cdr pattern))))
 (t (error "Not a pattern"))))

CL-USER> (flatten '((a b . c) d e . f))
(A B C D E F)
Then we want to generate code that will make an alist:
CL-USER> `(list ,@(map 'list (lambda (var)
           `(cons ',var ,var))
               (flatten '((a b . c) d e . f))))
Finally, we wrap a call to destructuring-bind with a macro:
CL-USER> (defmacro destructuring-pattern-matcher (pattern)
           `(lambda (form)
              (destructuring-bind ,pattern form
                (list ,@(map 'list (lambda (var)
                              `(cons ',var ,var))
                     (flatten pattern))))))

CL-USER> (destructuring-pattern-matcher ((a b . c) d e . f))
#<FUNCTION (LAMBDA (FORM)) {10027B143B}>
destructuring-pattern-matcher returns a pattern matcher as a first-class procedure we can call on a pattern to get an alist of bindings:
CL-USER> (defvar *matcher* (destructuring-pattern-matcher ((a b . c) d e . f)))

CL-USER> (funcall *matcher* '((1 2 3 4) 5 6 7 8))
((A . 1) (B . 2) (C 3 4) (D . 5) (E . 6) (F 7 8))

We can use this trick to get at the destructuring pattern match done by defmacro. First, we need a function that takes a macro lambda list and returns a list of the variables it binds. I won't reproduce the function here, it is too large, but here's a sample call:
CL-USER> (macro-lambda-list-variables 
            '((foo bar &optional (baz 'default baz-supplied-p) . more) quux
              &rest rest
              &key ((:key key-variable) 'key-default key-supplied-p) key2
              &aux (auxvar 'auxvalue)))
If we were matching the list '(1 e) against the pattern (a b &optional c), we'd want to generate code something like this:
             (LIST 'LIST
                   (LIST 'CONS ''C (LIST 'QUOTE C)))))
  (MACRO 1 E))
We'll do this in stages:
(defun make-macro-pattern-matcher-body (pattern)
    ,@(map 'list (lambda (var)
     `(list 'cons '',var `',,var))
    (macro-lambda-list-variables pattern))))

(defun make-macro-pattern-matcher (pattern)
  (let ((body (make-macro-pattern-matcher-body pattern)))
    (lambda (form)
      `(macrolet ((macro ,pattern
  (macro ,@form)))))

(defmacro macro-pattern-matcher (pattern)
  (let ((matcher  (make-macro-pattern-matcher pattern)))
    `(lambda (form)
       (eval (funcall ',matcher form)))))
Now we can make a pattern matcher that works like the macro destructuring facility:
CL-USER> (setq *matcher* 
       ((foo bar &optional (baz 'default baz-supplied-p) . more) quux
               &rest rest
               &key ((:key key-variable) 'key-default key-supplied-p) key2
               &aux (auxvar 'auxvalue))))

CL-USER> (funcall *matcher* '((1 2 3 4) 5 :key 6 :key2 7))
((FOO . 1)
 (BAR . 2)
 (BAZ . 3)
 (MORE 4)
 (QUUX . 5)
 (REST :KEY 6 :KEY2 7)
 (KEY2 . 7)
You can do a similar trick with regular lambda lists, but while they have keywords, they don't destructure.

You have to be careful when writing the expansion for the binding alist. Too much quoting and you end up with the names rather than their values in the output:
((foo . foo)
 (bar . bar)
not enough, you end up with the values of the values in the output:
CL-USER> (defvar e 22)

CL-USER> (funcall *matcher* '((1 2 e) 5))
((FOO . 1)
 (BAR . 2)
 (BAZ . 22) ; Wrong! Should be 'Eetc…)


Rank Amateurs [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Tonight's comic stars Torpor's fifth or sixth best friend.


Matthew Garrett: What usage restrictions can we place in a free software license? [Planet Debian]

Growing awareness of the wider social and political impact of software development has led to efforts to write licenses that prevent software being used to engage in acts that are seen as socially harmful, with the Hippocratic License being perhaps the most discussed example (although the JSON license's requirement that the software be used for good, not evil, is arguably an earlier version of the theme). The problem with these licenses is that they're pretty much universally considered to fall outside the definition of free software or open source licenses due to their restrictions on use, and there's a whole bunch of people who have very strong feelings that this is a very important thing. There's also the more fundamental underlying point that it's hard to write a license like this where everyone agrees on whether a specific thing is bad or not (eg, while many people working on a project may feel that it's reasonable to prohibit the software being used to support drone strikes, others may feel that the project shouldn't have a position on the use of the software to support drone strikes and some may even feel that some people should be the victims of drone strikes). This is, it turns out, all quite complicated.

But there is something that many (but not all) people in the free software community agree on - certain restrictions are legitimate if they ultimately provide more freedom. Traditionally this was limited to restrictions on distribution (eg, the GPL requires that your recipient be able to obtain corresponding source code, and for GPLv3 must also be able to obtain the necessary signing keys to be able to replace it in covered devices), but more recently there's been some restrictions that don't require distribution. The best known is probably the clause in the Affero GPL (or AGPL) that requires that users interacting with covered code over a network be able to download the source code, but the Cryptographic Autonomy License (recently approved as an Open Source license) goes further and requires that users be able to obtain their data in order to self-host an equivalent instance.

We can construct examples of where these prevent certain fields of endeavour, but the tradeoff has been deemed worth it - the benefits to user freedom that these licenses provide is greater than the corresponding cost to what you can do. How far can that tradeoff be pushed? So, here's a thought experiment. What if we write a license that's something like the following:

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. All permissions granted by this license must be passed on to all recipients of modified or unmodified versions of this work
2. This work may not be used in any way that impairs any individual's ability to exercise the permissions granted by this license, whether or not they have received a copy of the covered work

This feels like the logical extreme of the argument. Any way you could use the covered work that would restrict someone else's ability to do the same is prohibited. This means that, for example, you couldn't use the software to implement a DRM mechanism that the user couldn't replace (along the lines of GPLv3's anti-Tivoisation clause), but it would also mean that you couldn't use the software to kill someone with a drone (doing so would impair their ability to make use of the software). The net effect is along the lines of the Hippocratic license, but it's framed in a way that is focused on user freedom.

To be clear, I don't think this is a good license - it has a bunch of unfortunate consequences like it being impossible to use covered code in self-defence if doing so would impair your attacker's ability to use the software. I'm not advocating this as a solution to anything. But I am interested in seeing whether the perception of the argument changes when we refocus it on user freedom as opposed to an independent ethical goal.



Rich Felker on Twitter had an interesting thought - if clause 2 above is replaced with:

2. Your rights under this license terminate if you impair any individual's ability to exercise the permissions granted by this license, even if the covered work is not used to do so

how does that change things? My gut feeling is that covering actions that are unrelated to the use of the software might be a reach too far, but it gets away from the idea that it's your use of the software that triggers the clause.

comment count unavailable comments


[$] Weekly Edition for February 20, 2020 []

The Weekly Edition for February 20, 2020 is available.



Urgent: Ban facial recognition in schools [Richard Stallman's Political Notes]

US citizens: call on Congress to ban face recognition in schools.

If you sign, please spread the word!

Urgent: Racial justice groups funded by Bloomberg [Richard Stallman's Political Notes]

US citizens: call on Bloomberg to fund racial justice groups instead of a presidential campaign.

If you sign, please spread the word!

Leading students away from hate [Richard Stallman's Political Notes]

An interview with Alan Singer about what schools can do to lead students away from hate.

Notably, schools can't do the whole job of eradicating racism and bigotry. That requires changing the conditions of inequality that people grow up in.

US hospital workers can't afford healthcare [Richard Stallman's Political Notes]

*"We can’t afford healthcare": US hospital workers fight for higher wages.*

Henry Ford famously paid the workers of his car factory enough that they could buy his cars.

China censoring sick people [Richard Stallman's Political Notes]

China's medical system, overwhelmed by people sick with Covid-19 coronavirus, is unable to treat them all, so China is censoring people who talk about needing help.

To be ready to treat so many sick people is not easy. Are other countries stockpiling what they will need? In the US, Republicans tend to neglect such preparations because they don't care about non-rich people. The bully cares even less than usual.

Wednesday, 19 February



Link [Scripting News]

Video demo of the Tweeted Threads feature, probably coming out tomorrow, 2/20/2020, a magical day.


Link [Scripting News]

Here's a screen shot of the outline the thread came from.

News Post: Gabekeeping [Penny Arcade]

Tycho: Gabe and I don't agree on much other than the fact that we should attempt to disagree without rancor. It's not always possible but we manage it a statistically significant amount of the time. I am of the opinion, as enunciated in the strip, that making things is fundamentally valuable. It's valuable to me and it's valuable to other people. This value is broadly defined; one way it's valuable is that in my experience creative work is very rarely wasted. It always comes back. Sometimes we'll have an idea fifteen years earlier than we could do justice to it and we…


Stable kernel updates []

Stable kernels 5.5.5, 5.4.21, and 4.19.105 have been released, with the usual set of important fixes.


Pluralist: 19 Feb 2020 [Cory Doctorow's]


  1. The Woman Who Loved Giraffes: a documentary about Anne Innis Dagg, the magnificent feminist biologist and critic of pseudoscience like evolutionary psychology.
  2. Machine learning doesn’t fix racism: experiments in using machine-learning “risk assessment” for bail hearings collapse in ignominy.
  3. Rethinking “de-growth” and material culture: great commentary from Kate “McMansion Hell” Wagner.
  4. Bernie Sanders is a clear favorite among “regular Democrats.” 71% approval and 19% disapproval!
  5. Trump’s border wall defeated by 99 pesos’ worth of rebar.
  6. Capitalism without capitalists: companies are not their shareholders’ property. Companies own themselves.
  7. Rental car immobilizes itself when driven out of cellular range: Unauthorized Bread, but for cars!
  8. Nearly half of medical devices haven’t been patched against the Bluekeep vuln
  9. Glowing Randotti skull-prints: Coop revives the golden age of Haunted Mansion merch.
  10. Ios is now a vehicle to deliver unblockable adware
  11. Colophon

The Woman Who Loved Giraffes

Anne Dagg was my undergrad advisor at U Waterloo. She’s a pioneering biologist and feminist scientist whose scorching critiques of sexist pseudoscience (especially evolutionary psychology) led to her being denied tenure for 40 years.

Now there’s a doc about her life. It’s called “The Woman Who Loved Giraffes” because of Anne’s spectacular work about giraffes: she was the first woman scientist to study them, and, unlike the dudes who preceded her, she described how awesomely gay giraffes are.

The Woman Who Loved Giraffes is playing in limited release right now, and it’s coming to LA this week. Here are the LA showtimes:

I’m going to try to shuffle things to see it on Feb 27 in Pasadena

Anne is a treasure. (BTW, her maiden name was Innis, and father, was Harold Innis, Canadian media-theory royalty)

Dagg’s work on the unfalsifiable nonsense of evo-psych makes her a kind of polar opposite of Jordan Peterson. Her book LOVE OF SHOPPING IS NOT A GENE is one of the most eye-opening science books I’ve ever read. I can’t recommend it enough.

And this, at long last, appears to be her moment! This year, she was awarded the Order of Canada:

Machine learning doesn’t fix racism

GIGO is an iron law of computing, Part MMLVI. Feed a ML model racist criminal justice outcomes and it will give you racist suggestions, shellacked with a layer of empiricism.

New Jersey tried to replace cash bail with algorithms, and bail outcomes became more racially biased, with the added complication that “the computer said it was fair.”

“Patterson of PJI says the group changed its view of algorithms in pretrial justice because since 2018 it placed more emphasis on racial justice, and begun listening more to grassroots orgs. ‘We heard people in these communities saying these are tools of harm.’

Rethinking “de-growth” and material culture

Outstanding work from Kate Wagner, evoking some of Bruce Sterling’s “Viridian Green” manifesto for embracing material culture, rather than telling people they don’t like stuff.

Wagner cites the recent Oslo Architecture Triennale and its theme of “de-growth.” As it happens, I wrote a short story for that project that is skeptical of “de-growth” and instead is geared at making material choices that reflect a good’s duty-cycle:

It’s not a sin to value the convenience of a single-use shopping bag. The problem is that the bag embodies a ridiculous amount of energy, labor and materials, and is made out of very long-lived materials that do not gracefully re-enter the material stream.

A thing you use for 10 minutes should not last for 10,000 years. And the converse is true, too: things you want to use for years should not break in minutes. And all of it should be designed for graceful re-entry into the material stream.

I love Wagner’s “upcycling” take on material efficiency; the bricolage/collage version of material goods, made from other good that hearken to their use history and their usefulness is just my favorite thing (Tangentially, I really miss Junky Styling and their amazing clothes).

As Leigh Phillips wrote convincingly, the “carrying capacity” of the planet is a function of material efficiency, not the Club of Rome’s simplistic “Cars have Xkg of steel, the world has Ykg of steel, thus the largest number of possible cars is Y/X.”

Bernie Sanders is a clear favorite among “regular Democrats.”

Sanders has the highest national approval rating among Dems (71%) & the lowest disapproval rating (19%). His approval is 6% higher than Warren, 16% higher than Biden, 18% higher than Buttigieg…




Yet the Democratic Pearl Clutching Caucus is convinced that he is “divisive” and will spark “civil war.”

Translation: Every 4 years, we demand that racialized and poor people eat a shit sandwich, from which we handsomely profit.

Sanders is not a shit sandwich, and we’re not gonna get our cut. THIS IS CLASS WAR!

“According to an In These Times study of MSNBC’s prime-time coverage, in August and September of last year, Sanders received less coverage than Biden and Warren, and the coverage he did receive was more negative.”

To avert this notional “civil war,” the Dems’ finance wing wants a brokered convention in which they sabotage the party’s popular wing and install a bespoke Bloomberg Shit Sandwich, possibly with a slathering of Mayo Pete for lube to help us swallow it.

Trump’s border wall defeated by 99 pesos’ worth of rebar.

“Show me a 20′ high wall and I’ll show you a 21′ high ladder.”

In this case, the ladders are SO CHEAP AND EASY to make. Rebar ladders are exactly the same rusty metal color as the fenceposts, so they blend in. They’re skinny enough to pass between the posts, so you can reposition the ladder after you reach the top and use it to descend.

The Border Patrol’s conviction that the whole thing is a creature of Big Rebar and its Elite Ladder Barons is touching:

“Somebody is making money off those ladders” -CBP Agent Joe Romero

6m of rebar costs 99 pesos at the Ciudad Juarez True Value Hardware. That’s $5.30.

“Old-fashioned illegal crossings are on the rise in El Paso, according to Border Patrol.”

The classics never go out of style, especially when they’re priced to move at a mere 99 pesos.

Capitalism without capitalists

One of the most exciting, eye-opening articles I’ve read in AGES. Showing how shareholder capitalism is a lie BY ITS PROPONENTS’ OWN TERMS…Genius.

Marx thought individual property would end up being socialized, and he was right…but also wrong. The state hasn’t socialized property, corporations have. Corporatism is “capitalism without the capitalist.”

The corollary of “limited liability” is “entity shielding.” Shareholders aren’t on the hook for the company’s debts, but the company can’t be dunned for the shareholders’ debts, either.

Shareholders “cannot use the [company’s] assets, exclude others from them, lend them out, borrow on them, sell them, and they have no legal claim to the proceeds from the sale of assets or to company profits.” They are not, in short, owners.

Who owns the company? The company owns itself. “The corporate entity is the residual claimant, and this residual profit is then allocated at the discretion of management.”

Shareholder capitalism is a word-game: “All the specialized law-and-economics vocabulary for corporate firms is but an artifact of the false premise that the stockholders are its owners.”

Corporations can only exist at the largesse of the state, which charters them. Limited liability and entity shielding cannot be accomplished by contract alone. Corporations are the original public-private partnership.

Boards don’t derive their power from stockholders, they get it from the state. The board is formed BEFORE the company has stockholders.

“Our world teems with abstract legal entities, chartered by public authority as owners & principals, managed by fiduciaries.”

“Corporations are not creatures of the market, but public-privatehybrids licensed to colonize the market. This greatly heightens the ‘political’ in ‘political economy.'”

This is such a crisp articulation of what some sf writers have assayed as a way of thinking about the AI panics of our billionaire class, such as Charlie Stross and his “Slow AI”:

Or Ted Chiang:

Or my own modest contribution:

Rental car immobilizes itself when driven out of cellular range

Yes, it’s Unauthorized Bread, but for cars! But actually, Unauthorized Bread is this bullshit, but for carbs. I’ve been tracking it for >10yrs.

The tech started in leased cars, but quickly migrated to short-hire vehicles.

Being able to immobilize a car whose driver missed a payment sounds nice, maybe, but recall that no language on Earth contains the phrase “As secure as the IT at a used car dealership.”

Which is how, periodically, hackers pwn a car dealer’s network and IMMOBILIZE EVERY CAR THEY’VE EVER SOLD.

Designing a computer (including a car) to treat its user as an adversary works well, but boy howdy does it ever fail badly.

Immobilizers are fuelling a quiet, ugly subprime lending bubble with contours that are markedly similar to the runup to the 2008 crisis, with the difference that used cars are worthless, while at least many of the repoed houses were actually useful.

The plight of Kari Paul (author of the OP) is illustrative of the Shitty Technology Adoption Curve. We try out the worst technology ideas on people who don’t get to complain (poor, racialized, imprisoned) & then work our way up the privilege gradient to everyone else.

20 years ago, if a CCTV observed you eating dinner at home, you were in a supermax prison. Now it means you’ve bought a Ring, Nest, Alexa or Apple Home (or whatever that Facebook abortion is called – I CBA to look it up).

“At first, GIG Car Share’s plan was to send a tow to tow the Prius a few miles closer to civilization, but [then] GIG’s customer service unhelpfully suggested Paul and her companion spend the night sleeping in the car and trying to start the car again the next morning.”

It’s Biblically terrible tech: “Whatever IoT nightmare you inflicted upon one of the least of these brothers and sisters of mine, you eventually inflicted upon me.”

Want to read the toaster version of this? Ars Technica has you covered:

(Hugo nominators take note! This is eligible for this year’s award in the Novella category!)

Nearly half of medical devices haven’t been patched against the Bluekeep vuln

These are “foreverday” bugs: present in systems unlikely to ever be patched. The systems are either not physically accessible or can’t risk being borked by a bad patch. Medtech is both: some implants require surgery to field-update and machines used for surgeries (etc) ABSOLUTELY cannot be put into an unstable condition.

As a result, hospitals are being pwned by digital superbugs on the reg now, and though it’s mostly encryption-based ransomware, there’s no reason grifters couldn’t pivot to ransoming hospitals by threatening to brick mission-critical devices.

Glowing Randotti skull-prints

Randotti skulls were the absolute apex of the golden era of Haunted Mansion merchandise. Coop’s long-range experiments with 2D adaptations of these 3D works are such a delight to me!

I owned so many of these as a kid (one of them is still in a storeroom at Toronto’s BakkaPhoenix, I believe).

I think this might be my favorite treatment of the subject to date. The glow-in-the-dark is SUCH a sweet touch!

What I REALLY want, though, is a modern Coop treatment of these changing-portrait/glow-in-the-dark cards, which I owned for <24h as a child, only to lose them when our rental car broke down and my souvenirs were not transferred to the replacement car.

I’ve been searching for them for >30 years now and have never seen them for sale.

Ios is now a vehicle to deliver unblockable adware

The whole basis of Ios is not “walled garden” but “benevolent dictatorship.” In exchange for irrevocably locking yourself to a platform defined by DRM and aggressive litigation to prevent interoperability, Apple implicitly promises that it won’t abuse that privilege.

This is a system that works well, but fails badly.

It requires that you rely on the outcomes of goings-on between executives and shareholders at one of the world’s most secretive corporations, a company that has threatened to sue journalists who refuse to narc on their sources.

But lock-in creates a distinctive microeconomic culture within a board-room or a company. Absent any lock-in, when one exec proposes something profitable (but bad for users), others can warn that this course of action is bad for the firm’s long-term health.

Once customers are locked into the system, though, the managers who have abusive ideas win the argument, provided that it’s a tiny, incremental wickedness that only makes things a LITTLE worse and holds out the promise of a LOT of money.

Compromise is the death of a thousand cuts. The next abusive idea will be measured not against how bad it seems compared to the original state of grace, but relative to its distance from the current, lightly stained condition.

Our cognitive apparatus is like our sensory apparatus: attuned to differences, not absolutes. One compromise at a time, the ethos is eroded until nothing remains but the sense that you’re on the side of the good guys — and whatever you’re doing is therefore good. “We’re the good guys, so what we do is good” (tautologies are a hell of a drug).

To use an Ios device is to be blitzed by an unblockable carpet-bombing of ads for Apple’s upsell services. Every screen in Itunes Store tries to trick you into signing up for Apple Music.

“Browse and For Now are entirely Apple Music ads. Radio has some free content but that largely exists to pull people into Apple Music, and Search will happily pull you in to Apple Music if you tap the button.”

Same goes for TV, which trips, tangles and shoves you into TV+ upsell ads, which violate Apple’s own rules against deceptive and intrusive advertising.

News App? Same same. “If you open a story on the Wall Street Journal, the screen it takes you often has a large banner ad at the top of the screen for the Apple News+ service. This seems to be intermittent, but it cannot be dismissed, hidden, or disabled.”

“Every time you try to add a credit/debit card to Apple Pay, you are asked if you want to sign up for Apple Card instead.”

Walled gardens are a moral hazard. The formulation that “If you’re not paying for the product, you’re the product” is simply wrong. The right formulation is, “If a company believes it can turn you into a product, it will try to turn you into a product.”

Which is to say that the issue is monopolies and their anticompetitive legal weapons, not “who pays for what, when.” John Deere sells you a $500k tractor and then turns you into the product by forcing you to get official repairs.

Apple’s been productizing its users for a generation, and has reached terminal velocity. The company led the coalition that killed TWENTY #RightToRepair bills in 2018. Then in the first week of 2019, Tim Cook told shareholders that his biggest profitability risk was users keeping – rather than junking – old Apple hardware. Controlling repairs means you control what can’t be repaired – what has to be “traded in” for a new device.

Apple is not your friend. Google is not your friend. Facebook is not your friend. Amazon is not your friend. Microsoft is not your friend.

Monopolists are not disciplined by the fear of losing customers, so every good impulse around the whiteboard is erased by sociopaths who get promoted by securing monopoly rents for their employer.


Hugo nominators! My story “Unauthorized Bread” is eligible in the Novella category and you can read it free on Ars Technica:

Upcoming appearances:

  • The Future of the Internet: Protocols vs. Platforms (San Francisco, Feb 20):
  • Canada Reads Kelowna: March 6, details TBD

Currently writing: I just finished a short story, “The Canadian Miracle,” for MIT Tech Review. It’s a story set in the world of my next novel, “The Lost Cause,” a post-GND novel about truth and reconciliation.

Currently reading: I’m getting really into Anna Weiner’s memoir about tech, “Uncanny Valley.” I just loaded Matt Stoller’s “Goliath” onto my underwater MP3 player and I’m listening to it as I swim laps.

Latest podcast: Persuasion, Adaptation, and the Arms Race for Your Attention:

Upcoming books: “Poesy the Monster Slayer” (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here:

(we’re having a launch for it in Burbank on July 11 at Dark Delicacies and you can get me AND Poesy to sign it and Dark Del will ship it to the monster kids in your life in time for the release date).

“Attack Surface”: The third Little Brother book, Oct 20, 2020.

“Little Brother/Homeland”: A reissue omnibus edition with a very special, s00per s33kr1t intro.


[$] Debian discusses how to handle 2038 []

At this point, most of the kernel work to avoid the year-2038 apocalypse has been completed. Said apocalypse could occur when time counted in seconds since 1970 overflows a 32-bit signed value (i.e. time_t). Work in the GNU C Library (glibc) and other C libraries is well underway as well. But the "fun" is just beginning for distributions, especially those that support 32-bit architectures, as a recent Debian discussion reveals. One of the questions is: how much effort should be made to support 32-bit architectures as they fade from use and 2038 draws nearer?

The Linux Foundation and Harvard’s Lab for Innovation Science release census for open-source software security []

The Linux Foundation's Core Infrastructure Initiative and Harvard University's Lab for Innovation Science have teamed up on a census of the most critical open-source components in today's production applications. The report [PDF], titled "Vulnerabilities in the core", identified more than 200 projects and details 20 of them. More information can be found in the press release and, of course, the report. "This Census II analysis and report represent important steps towards understanding and addressing structural and security complexities in the modern day supply chain where open source is pervasive, but not always understood. Census II identifies the most commonly used free and open source software (FOSS) components in production applications and begins to examine them for potential vulnerabilities, which can inform actions to sustain the long-term security and health of FOSS. Census I (2015) identified which software packages in the Debian Linux distribution were the most critical to the kernel’s operation and security."


Before You See the Movie, Read the Comics – Bloodshot Has Arrived at Humble [Humble Bundle Blog]

He has superhuman strength, speed, endurance, and healing. He was made to be the perfect weapon. But now Bloodshot fights

Continue reading

The post Before You See the Movie, Read the Comics – Bloodshot Has Arrived at Humble appeared first on Humble Bundle Blog.


FeedRSSLast fetchedNext fetched after
XML 10:21, Monday, 24 February 11:02, Monday, 24 February
a bag of four grapes XML 10:35, Monday, 24 February 11:17, Monday, 24 February
A Smart Bear: Startups and Marketing for Geeks XML 10:21, Monday, 24 February 11:02, Monday, 24 February
Anarcho's blog XML 10:07, Monday, 24 February 10:51, Monday, 24 February
Ansible XML 10:35, Monday, 24 February 11:15, Monday, 24 February
Bad Science XML 09:56, Monday, 24 February 10:45, Monday, 24 February
Black Doggerel XML 10:21, Monday, 24 February 11:02, Monday, 24 February
Blog – Official site of Stephen Fry XML 09:56, Monday, 24 February 10:45, Monday, 24 February
Broodhollow XML 10:21, Monday, 24 February 11:02, Monday, 24 February
Charlie Brooker | The Guardian XML 10:35, Monday, 24 February 11:17, Monday, 24 February
Charlie's Diary XML 10:28, Monday, 24 February 11:16, Monday, 24 February
Chasing the Sunset - Comics Only XML 09:56, Monday, 24 February 10:45, Monday, 24 February
Clay Shirky XML 10:07, Monday, 24 February 10:51, Monday, 24 February
Coding Horror XML 10:28, Monday, 24 February 11:15, Monday, 24 February
Cory Doctorow – Boing Boing XML 10:21, Monday, 24 February 11:02, Monday, 24 February
Cory Doctorow's XML 10:35, Monday, 24 February 11:17, Monday, 24 February
Ctrl+Alt+Del Comic XML 10:28, Monday, 24 February 11:16, Monday, 24 February
Cyberunions XML 09:56, Monday, 24 February 10:45, Monday, 24 February
David Mitchell | The Guardian XML 10:07, Monday, 24 February 10:50, Monday, 24 February
Debian GNU/Linux System Administration Resources XML 10:21, Monday, 24 February 11:02, Monday, 24 February
Deeplinks XML 10:07, Monday, 24 February 10:51, Monday, 24 February
Diesel Sweeties webcomic by rstevens XML 10:07, Monday, 24 February 10:50, Monday, 24 February
Dilbert XML 09:56, Monday, 24 February 10:45, Monday, 24 February
Dork Tower XML 10:35, Monday, 24 February 11:17, Monday, 24 February
Edmund Finney's Quest to Find the Meaning of Life XML 10:07, Monday, 24 February 10:50, Monday, 24 February
Eerie Cuties XML 10:28, Monday, 24 February 11:15, Monday, 24 February
EFF Action Center XML 10:07, Monday, 24 February 10:50, Monday, 24 February
Enspiral Tales - Medium XML 10:07, Monday, 24 February 10:52, Monday, 24 February
Erin Dies Alone XML 10:28, Monday, 24 February 11:15, Monday, 24 February
Events XML 10:28, Monday, 24 February 11:16, Monday, 24 February
Falkvinge on Liberty XML 10:28, Monday, 24 February 11:16, Monday, 24 February
Flipside XML 10:35, Monday, 24 February 11:17, Monday, 24 February
Free software jobs XML 10:35, Monday, 24 February 11:15, Monday, 24 February
Full Frontal Nerdity by Aaron Williams XML 10:28, Monday, 24 February 11:16, Monday, 24 February
General Protection Fault: The Comic Strip XML 10:28, Monday, 24 February 11:16, Monday, 24 February
George Monbiot XML 10:07, Monday, 24 February 10:50, Monday, 24 February
Girl Genius XML 10:07, Monday, 24 February 10:50, Monday, 24 February
God Hates Astronauts XML 10:28, Monday, 24 February 11:16, Monday, 24 February
Graeme Smith XML 10:07, Monday, 24 February 10:51, Monday, 24 February
Groklaw XML 10:28, Monday, 24 February 11:16, Monday, 24 February
Hackney Anarchist Group XML 09:56, Monday, 24 February 10:45, Monday, 24 February XML 10:35, Monday, 24 February 11:15, Monday, 24 February XML 10:07, Monday, 24 February 10:52, Monday, 24 February XML 09:56, Monday, 24 February 10:42, Monday, 24 February XML 09:56, Monday, 24 February 10:42, Monday, 24 February XML 10:07, Monday, 24 February 10:50, Monday, 24 February XML 10:07, Monday, 24 February 10:50, Monday, 24 February XML 10:28, Monday, 24 February 11:15, Monday, 24 February;_render=rss XML 09:56, Monday, 24 February 10:42, Monday, 24 February XML 10:28, Monday, 24 February 11:15, Monday, 24 February XML 10:07, Monday, 24 February 10:52, Monday, 24 February XML 09:56, Monday, 24 February 10:42, Monday, 24 February XML 09:56, Monday, 24 February 10:45, Monday, 24 February XML 10:07, Monday, 24 February 10:51, Monday, 24 February XML 10:35, Monday, 24 February 11:17, Monday, 24 February XML 10:07, Monday, 24 February 10:51, Monday, 24 February XML 09:56, Monday, 24 February 10:45, Monday, 24 February XML 10:07, Monday, 24 February 10:51, Monday, 24 February XML 10:28, Monday, 24 February 11:16, Monday, 24 February XML 10:21, Monday, 24 February 11:02, Monday, 24 February XML 10:35, Monday, 24 February 11:15, Monday, 24 February XML 10:21, Monday, 24 February 11:02, Monday, 24 February XML 09:56, Monday, 24 February 10:45, Monday, 24 February XML 10:28, Monday, 24 February 11:15, Monday, 24 February XML 09:56, Monday, 24 February 10:42, Monday, 24 February XML 10:35, Monday, 24 February 11:15, Monday, 24 February XML 10:07, Monday, 24 February 10:50, Monday, 24 February XML 10:35, Monday, 24 February 11:15, Monday, 24 February XML 10:07, Monday, 24 February 10:52, Monday, 24 February XML 10:21, Monday, 24 February 11:02, Monday, 24 February XML 10:28, Monday, 24 February 11:15, Monday, 24 February^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 10:07, Monday, 24 February 10:50, Monday, 24 February
Humble Bundle Blog XML 10:28, Monday, 24 February 11:15, Monday, 24 February
I, Cringely XML 10:28, Monday, 24 February 11:16, Monday, 24 February
Irregular Webcomic! XML 10:21, Monday, 24 February 11:02, Monday, 24 February
Joel on Software XML 09:56, Monday, 24 February 10:42, Monday, 24 February
Judith Proctor's Journal XML 10:35, Monday, 24 February 11:15, Monday, 24 February
Krebs on Security XML 10:21, Monday, 24 February 11:02, Monday, 24 February
Kubet24h XML 10:28, Monday, 24 February 11:16, Monday, 24 February
Lambda the Ultimate - Programming Languages Weblog XML 10:35, Monday, 24 February 11:15, Monday, 24 February
LLVM Project Blog XML 10:07, Monday, 24 February 10:52, Monday, 24 February
Looking For Group XML 10:07, Monday, 24 February 10:51, Monday, 24 February
Loomio Blog XML 09:56, Monday, 24 February 10:42, Monday, 24 February XML 10:21, Monday, 24 February 11:02, Monday, 24 February
Menage a 3 XML 10:07, Monday, 24 February 10:51, Monday, 24 February
Mimi and Eunice XML 10:07, Monday, 24 February 10:52, Monday, 24 February
Neil Gaiman's Journal XML 10:35, Monday, 24 February 11:15, Monday, 24 February
Nina Paley XML 10:28, Monday, 24 February 11:15, Monday, 24 February
O Abnormal – Scifi/Fantasy Artist XML 10:07, Monday, 24 February 10:52, Monday, 24 February
Oglaf! -- Comics. Often dirty. XML 10:28, Monday, 24 February 11:16, Monday, 24 February
Oh Joy Sex Toy XML 10:07, Monday, 24 February 10:51, Monday, 24 February
Order of the Stick XML 10:07, Monday, 24 February 10:51, Monday, 24 February
Original Fiction – XML 10:35, Monday, 24 February 11:17, Monday, 24 February
OSnews XML 10:07, Monday, 24 February 10:52, Monday, 24 February
Paul Graham: Unofficial RSS Feed XML 10:07, Monday, 24 February 10:52, Monday, 24 February
Penny Arcade XML 10:35, Monday, 24 February 11:17, Monday, 24 February
Penny Red XML 10:07, Monday, 24 February 10:52, Monday, 24 February
PHD Comics XML 09:56, Monday, 24 February 10:45, Monday, 24 February
Phil's blog XML 10:28, Monday, 24 February 11:16, Monday, 24 February
Planet Debian XML 10:07, Monday, 24 February 10:52, Monday, 24 February
Planet GridPP XML 10:28, Monday, 24 February 11:15, Monday, 24 February
Planet Lisp XML 09:56, Monday, 24 February 10:45, Monday, 24 February
Property is Theft! XML 10:35, Monday, 24 February 11:15, Monday, 24 February
PS238 by Aaron Williams XML 10:28, Monday, 24 February 11:16, Monday, 24 February
QC RSS XML 10:28, Monday, 24 February 11:15, Monday, 24 February
Radar XML 10:35, Monday, 24 February 11:17, Monday, 24 February
RevK®'s rants XML 09:56, Monday, 24 February 10:42, Monday, 24 February
Richard Stallman's Political Notes XML 09:56, Monday, 24 February 10:45, Monday, 24 February
Scenes From A Multiverse XML 10:28, Monday, 24 February 11:15, Monday, 24 February
Schneier on Security XML 10:35, Monday, 24 February 11:15, Monday, 24 February
SCHNEWS.ORG.UK XML 10:07, Monday, 24 February 10:51, Monday, 24 February
Scripting News XML 10:35, Monday, 24 February 11:17, Monday, 24 February
Seth's Blog XML 09:56, Monday, 24 February 10:42, Monday, 24 February
Skin Horse XML 10:35, Monday, 24 February 11:17, Monday, 24 February
Starslip by Kris Straub XML 10:35, Monday, 24 February 11:17, Monday, 24 February
Tales From the Riverbank XML 09:56, Monday, 24 February 10:45, Monday, 24 February
The Adventures of Dr. McNinja XML 10:07, Monday, 24 February 10:52, Monday, 24 February
The Bumpycat sat on the mat XML 10:35, Monday, 24 February 11:15, Monday, 24 February
The Command Line XML 09:56, Monday, 24 February 10:42, Monday, 24 February
The Daily WTF XML 09:56, Monday, 24 February 10:42, Monday, 24 February
The Monochrome Mob XML 10:21, Monday, 24 February 11:02, Monday, 24 February
The Non-Adventures of Wonderella XML 10:07, Monday, 24 February 10:50, Monday, 24 February
The Old New Thing XML 10:07, Monday, 24 February 10:51, Monday, 24 February
The Open Source Grid Engine Blog XML 10:28, Monday, 24 February 11:15, Monday, 24 February
The Phoenix Requiem XML 10:35, Monday, 24 February 11:15, Monday, 24 February
The Rogues Gallery XML 10:28, Monday, 24 February 11:16, Monday, 24 February
The Stranger, Seattle's Only Newspaper: Savage Love XML 10:07, Monday, 24 February 10:52, Monday, 24 February
TorrentFreak XML 10:07, Monday, 24 February 10:50, Monday, 24 February
towerhamletsalarm XML 09:56, Monday, 24 February 10:42, Monday, 24 February
Twokinds XML 10:35, Monday, 24 February 11:17, Monday, 24 February
UK Indymedia Features XML 10:35, Monday, 24 February 11:17, Monday, 24 February
Uploads from ne11y XML 09:56, Monday, 24 February 10:42, Monday, 24 February
Uploads from piasladic XML 10:07, Monday, 24 February 10:50, Monday, 24 February
Use Sword on Monster XML 10:28, Monday, 24 February 11:15, Monday, 24 February
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 09:56, Monday, 24 February 10:42, Monday, 24 February
What If? XML 10:21, Monday, 24 February 11:02, Monday, 24 February
Whatever XML 09:56, Monday, 24 February 10:45, Monday, 24 February
Whitechapel Anarchist Group XML 09:56, Monday, 24 February 10:45, Monday, 24 February
WIL WHEATON dot NET XML 10:07, Monday, 24 February 10:51, Monday, 24 February
wish XML 10:07, Monday, 24 February 10:52, Monday, 24 February XML 10:07, Monday, 24 February 10:50, Monday, 24 February