Tuesday, 25 September


Reproducible builds folks: Reproducible Builds: Weekly report #178 [Planet Debian]

Here’s what happened in the Reproducible Builds effort between Sunday September 16 and Saturday September 22 2018:

Patches filed

diffoscope development

diffoscope version 102 was uploaded to Debian unstable by Mattia Rizzolo. It included contributions already covered in previous weeks as well as new ones from:

Test framework development

There were a number of updates to our Jenkins-based testing framework that powers tests.reproducible-builds.org this month, including:


This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, Daniel Shahaf, Holger Levsen, Jelle van der Waa, Vagrant Cascadian & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.


09/25/18 [Flipside]

Jennifer of Mystic Rev's new store is live, check it out! https://savagesparrow.com/

Link [Scripting News]

Poll: Why do you tweet?

Link [Scripting News]

A rare occasion Trump comes off as a human being.


1998/2018: Whatever 20/20, Day Twenty-Five: Writing [Whatever]

Writing has gotten simultaneously easier and harder over the last twenty years.

Easier, because, bluntly, I’m better at it now than I was 20 years ago. Better at which parts? All of the parts. There are literally no technical aspects of writing (including the technical aspects of creativity) that I don’t just simply do better. Much of that would obviously be down to experience. Twenty years on from 1998, in which I was still in my twenties and hadn’t written much in the way of fiction, I have a wider range of writing experiences, and I’ve written more in each sort of field. I have gotten feedback from editors and readers and from my own observation, have incorporated all those, to greater or lesser extents, into my writing practice.

This means that here in 2018 I am generally in control of my instrument. Let me give you an example. When I set down to write my first couple of novels, I had very little idea of what I was doing, and basically had to discover the story in the writing. Not only could I not have told you at the outset what twists and turns were coming into the story, but I didn’t know what I wanted out of the characters or the action until I was in the middle of the writing. I was a good writer back then, but I wasn’t entirely in control of my instrument: my creativity, my technique or my intent. My first few novels are good novels, but the process of writing them was creatively very messy indeed.

Contrast that with, say, The Collapsing Empire (or its follow-up, which is out in three weeks(!)). For that one, I knew what I wanted it to do, I knew who I wanted the characters to be, and I knew how to make the writing do exactly what I wanted it to, when I wanted to do it. That book is exactly the book I intended it to be when I set out to write it — which is different than, say, Old Man’s War, in which I didn’t know how it was going to turn out until I wrote it.

Does this “control of the instrument” matter to the reader? No, it shouldn’t — because in both the case of Old Man’s War and The Collapsing Empire, or indeed any other book I write, the process is not visible to the reader, only the output. There’s a whole side to the publishing industry designed to take what the writer does and make it all look as smooth and intentional as possible; it’s called “editing.”

But it makes a difference to me, the writer. When I started writing novels, it was like throwing myself off a high cliff and inventing a glider before I hit the ground. Now I launch with the glider, and get to tell it where to go. And not just with books — again, every type of writing I do, I do better now than then. Experience counts.

But it’s also become harder, because I don’t have the same life as I did in 1998. In 1998, my life was relatively simple. I had to hustle for freelance gigs, which is a thing, but the goals of each freelance gig were relatively small and executable. It’s not that difficult, for example, to write subheads for a brochure about investment vehicles, or a short review of a music CD. It could be done fast and the stakes were low (and if I didn’t do it right, it was also easy to implement an immediate fix). I mostly stayed at home and I mostly had a low profile in the world.

Here in 2018 I write novels, which are long (by definition) take time to write. I have a significant contract and I am well-known in my field, so what I write has at the very least commercial significance, and people are counting on me in a non-trivial way to do what I do in a way that’s competent and commercial and robustly marketable. I also have to be reliable, so that when (for example) I have to turn in a novel under a tight deadline, I can be relied to do that, and to address the follow-up editing quickly.

I travel extensively to promote the work I do, which eats into my writing time. I have multiple projects in the air at any one time, many of which require work that is not directly related to writing, or at least writing that’s public-facing. The audience for my notes about treatments for TV/films projects is limited indeed.

Also, life! It’s busy and complicated as it is, I dare say, for most people, especially these days, when the world is on fire in a way that it hasn’t been before, which is distracting and enervating. But even moving away from the monumental distraction that is our current political shitpile: Kids and spouses and family and extended family and friends and all of that, too. To be clear, most of that is pretty good! But even when it’s pretty good it still takes time. It’s supposed to take time.

Plus, I’m old(er). I don’t want to say my brain is slower than it was when I was in my twenties, but one, just because I don’t want to say it doesn’t mean it may not be true, and two, even if it’s not slower, it’s still true that it handles the writing process differently. I write novels differently now than I did when I started writing them; hell, I write them differently now than I did five years ago.

To put it more directly, in the last twenty years, and especially in the last few years, my writing process has to make way for the world far more than it used to, for all the things that the phrase “the world” can encompass. And you know what? That makes it harder.

And, yes, I know: World’s tiniest violin, oh, poor Scalzi. I get that. But, look: I’m not actually telling you to pity or sympathize with me. I’m merely fulfilling the brief of this series. I’m telling you, on this subject, how things are different for me now than they were two decades ago. I want to be clear I don’t regret most of the circumstances of my world right now (I regret Trump is the president, a lot, but I didn’t vote for him, so at least on that front my conscience is clear), but I think that even good things have some consequences, and they have an impact on your life. And in my case on my writing life.

So writing today is both easier and harder than it was twenty years ago, and the end result of both of those is… mostly imperceptible from the point of view of the reader, I would guess. The books come out more or less regularly, the other work also appears in a predictable fashion, and at the end of the day, experience seems to replace what the world takes away — or at least, offers a way to compensate for it, which is not quite the same thing, but works very similarly.

I think from your point of view, nothing much has changed, in terms of my writing. I’m happy to keep it that way.


Integration of libc++ and OpenMP packages into llvm-toolchain [LLVM Project Blog]

A bit more than a year ago, we gave an update about recent changes in apt.llvm.org. Since then, we noticed an important increase of the usage of the service. Just last month, we saw more than 16.5TB of data being transferred from our CDN.
Thanks to the Google Summer of Code 2018, and after number of requests, we decided to focus our energy to bring new great projects from the LLVM ecosystems into apt.llvm.org.

Starting from version 7, libc++, libc++abi and OpenMP packages are available into the llvm-toolchain packages. This means that, just like clang, lldb or lldb, libc++, libc++abi and OpenMP packages are also built, tested and shipped on https://apt.llvm.org/.

The integration focuses to preserve the current usage of these libraries. The newly merged packages have adopted the llvm-toolchain versioning:

libc++ packages
  • libc++1-7
  • libc++-7-dev
libc++abi packages
  • libc++abi1-7
  • libc++abi-7-dev
OpenMP packages
  • libomp5-7
  • libomp-7-dev
  • libomp-7-doc
This packages are built twice a day for trunk. For version 7, only when new changes happen in the SVN branches.
Integration of libc++* packages

Both libc++ and libc++abi packages are built at same time using the clang built during the process. The existing libc++ and libc++abi packages present in Debian and Ubuntu repositories will not be affected (they will be removed at some point). Newly integrated libcxx* packages are not co-installable with them.

Symlinks have been provided from the original locations to keep the library usage same.

Example:  /usr/lib/x86_64-linux-gnu/libc++.so.1.0 -> /usr/lib/llvm-7/lib/libc++.so.1.0

The usage of the libc++ remains super easy:
$ clang++-7 -std=c++11 -stdlib=libc++ foo.cpp
$ ldd ./a.out|grep libc++
  libc++.so.1 => /usr/lib/x86_64-linux-gnu/libc++.so.1 (0x00007f62a1a90000)
  libc++abi.so.1 => /usr/lib/x86_64-linux-gnu/libc++abi.so.1 (0x00007f62a1a59000)

In order to test new developments in libc++, we are also building the experimental features.
For example, the following command will work out of the box:

$ clang++-7 -std=c++17 -stdlib=libc++ foo.cpp -lc++experimental -lc++fs

Integration of OpenMP packages

While OpenMP packages have been present in the Debian and Ubuntu archives for a while, only a single version of the package was available.

For now, the newly integrated packages creates a symlink from /usr/lib/libomp.so.5 to /usr/lib/llvm-7/lib/libomp.so.5 keeping the current usage same and making them non co-installable.

It can be used with clang through -fopenmp flag:
$ clang -fopenmp foo.c

The dependency packages providing the default libc++* and OpenMP package are also integrated in llvm-defaults. This means that the following command will install all these new packages at the current version:
$ apt-get install libc++-dev libc++abi-dev libomp-dev

LLVM 7 => 8 transition

In parallel of the libc++ and OpenMP work, https://apt.llvm.org/ has been updated to reflect the branching of 7 from the trunk branches.
Therefore, we have currently on the platform:


Please note that, from version 7, the packages and libraries are called 7 (and not 7.0).
For the rational and implementation, see https://reviews.llvm.org/D41869 & https://reviews.llvm.org/D41808.

Stable packages of LLVM toolchain are already officially available in Debian Buster and in Ubuntu Cosmic.

Cosmic support

In order to make sure that the LLVM toolchain does not have too many regressions with this new version, we also support the next Ubuntu version, 18.10, aka Cosmic.

A Note on coinstallability

We tried to make them coinstallable, in the resulting packages we had no control over the libraries used during the runtime. This could lead to many unforeseen issues. Keeping these in mind we settled to keep them conflicting with other versions.

Future work
  • Code coverage build fails for newly integrated packages
  • Move to a 2 phases build to generate clang binary using clang

Sources of the project are available on the gitlab instance of Debian: https://salsa.debian.org/pkg-llvm-team/llvm-toolchain/tree/7

Reshabh Sharma & Sylvestre Ledru


Link [Scripting News]

John Oliver may have written the epitaph of Facebook. Most of what you read on Facebook is bullshit. So maybe connecting with all those people just creates new ways for bullshit to flow and aggregate, leading to some really awful stuff happening, as we have seen. If you're short on time, skip to the end and watch their honest commercial for Facebook. It's really good, funny, and thought provoking.


Big Tech is building a $80B capex wall around its empire [Cory Doctorow – Boing Boing]

Big Tech companies -- like all the apex predators of all the world's concentrated industries -- is swimming in cash; but unlike those other firms, Big Tech is not using the cash merely for financial engineering; it's doing actual engineering, sinking $80B this year into capital expenditures that will form a wall around the industry's incumbents, which new firms will have to scale in order to challenge them.

The new equipment includes robotic manufacturing plants, huge data-centers, undersea data-cables, and other infrastructure that might have been provided by a patchwork of service firms in an earlier era.

The focus on infrastructure spending is a mixed bag: owning tech infrastructure is always a gamble, betting that it won't go obsolete before the owners have finished amortizing its purchase; if there are major breakthroughs in any of these technologies, new companies can avail themselves of them without having to take a painful write-down on last-generation tools.

And of course, infrastructure spending does not contribute to inequality the way stock buybacks do.

But Google parent Alphabet Inc. and the other four dominant U.S. technology companies—Apple, Amazon​.com, Microsoft, and Facebook—are fast becoming industrial giants. They spent a combined $80 billion in the last year on big-ticket physical assets, including manufacturing equipment and specialized tools for assembling iPhones and the powerful computers and undersea internet cables Facebook needs to fire up Instagram videos in a flash. Thanks to this surge in spending—up from $40 billion in 2015—they’ve joined the ranks of automakers, telephone companies, and oil drillers as the country’s biggest spenders on capital goods, items including factories, heavy equipment, and real estate that are considered long-term investments. Their combined outlay is about 10 times what GM spends annually on its plants, vehicle-assembly robots, and other materials.

Tech Giants Spend $80 Billion to Make Sure No One Else Can Compete [Shira Ovide/Bloomberg]

(via /.)


Daniel Pocock: Crossing the Great St Bernard Pass [Planet Debian]

It's a great day for the scenic route to Italy, home of Beethoven's Swiss cousins.

What goes up, must come down...


Security updates for Tuesday [LWN.net]

Security updates have been issued by Arch Linux (strongswan and zsh), Debian (dom4j and polarssl), openSUSE (apache2, gd, gnutls, GraphicsMagick, nodejs8, php7, and shadow), Oracle (mod_perl), Red Hat (mod_perl), Scientific Linux (mod_perl), SUSE (ant, gd, gnutls, java-1_8_0-ibm, libXcursor, mgetty, pam_pkcs11, php7, python-paramiko, shadow, and tiff), and Ubuntu (strongswan).

A CRISPR-based hack could eradicate malaria-carrying mosquitoes [Cory Doctorow – Boing Boing]

A research team from Imperial College London have published promising results of an experiment in which Anopheles gambiae mosquitoes -- responsible for the spread of malaria -- were genetically modified with a stable, gene-drive-based CRISPR modification that caused them to go extinct in the lab.

Importantly, the experiment showed that the modified snip of the mosquitoes' genome was kept stable by the gene drive, neither reverting to a neutralized version that would allow the mosquitoes' population to rebound, nor mutating in a way that might threaten other players in the mosquitoes' ecosystem.

The result raises important ethical questions about whether it would be safe and ethical to deliberately render a species extinct, even one as harmful to humans as Anopheles gambiae.

Crisanti dismisses the notion gene drives could be used to easily create new biological weapons. While he acknowledges the concerns, which have been considered by numerous scientific organizations, Crisanti and others argue the potential benefits far outweigh the risks.

"I regard a mosquito that transmits malaria as a pathogen — and as a pathogen we have the right to eliminate it," Crisanti says. "We have eliminated viruses like smallpox. We are trying to eliminate polio. I don't see a big difference."

The technology could also be used to target other disease-spreading insects, such as the species of mosquitoes that spread diseases including Zika and dengue. Gene drives could also be used to fight agricultural pests.

Mosquitoes Genetically Modified To Crash Species That Spreads Malaria [Rob Stein/NPR]

A CRISPR–Cas9 gene drive targeting doublesex causes complete population suppression in caged Anopheles gambiae mosquitoes [Kyros Kyrou, Andrew M Hammond, Roberto Galizi, Nace Kranjc, Austin Burt, Andrea K Beaghton, Tony Nolan & Andrea Crisanti/Nature Biotechnology]

There's a literal elephant in machine learning's room [Cory Doctorow – Boing Boing]

Machine learning image classifiers use context clues to help understand the contents of a room, for example, if they manage to identify a dining-room table with a high degree of confidence, that can help resolve ambiguity about other objects nearby, identifying them as chairs.

The downside of this powerful approach is that it means machine learning classifiers can be confounded by confusing, out-of-context elements in a scene, as is demonstrated in The Elephant in the Room, a paper from a trio of Toronto-based computer science academics.

The authors show that computer vision systems that are able to confidently identify a large number of items in a living-room scene (a man, a chair, a TV, a sofa, etc) become fatally confused when they add an elephant to the room. The presence of the unexpected item throws the classifiers into dire confusion: not only do they struggle to identify the elephant, they also struggle with everything else in the scene, including items they were able to confidently identify when the elephant was absent.

It's a new wrinkle on the idea of adversarial examples, those minor, often human-imperceptible changes to inputs that can completely confuse machine-learning systems.

Contextual Reasoning: It is not common for current object detectors to explicitly take into account context on a semantic level, meaning that interplay between object categories and their relative spatial layout (or possibly additional) relations) are encoded in the reasoning process of the network. Though many methods claim to incorporate contextual reasoning, this is done more in a feature-wise level, meaning that global image information is encoded somehow in each decision. This is in contrast to older works, in which explicit contextual reasoning was quite popular (see [3] for mention of many such works). Still, it is apparent that some implicit form of contextual reasoning does seem to take place. One such example is a person detected near the keyboard (Figure 6, last column, last row). Some of the created images contain pairs of objects that may never appear together in the same image in the training set, or otherwise give rise to scenes with unlikely configurations. For example, non co-occurring categories, such as elephants and books, or unlikely spatial / functional relations such as a large person (in terms of image area) above a small bus. Such scenes could cause misinterpretation due to contextual reasoning, whether it is learned explicitly or not.

The Elephant in the Room [Amir Rosenfeld, Richard Zemel and John K. Tsotsos/Arxiv]

Machine Learning Confronts the Elephant in the Room [Kevin Hartnett/Quanta]

To fix Canadian copyright, let creators claim their rights back after 25 years [Cory Doctorow – Boing Boing]

Copyright markets are -- and always have been -- broken. People make art because they have to, and there's always a middle-man ready to take advantage of the oversupply of willing creators to grab our rights and pay us peanuts.

That's why expanding the term or scope of copyright does little to help creators, especially less-well-known artists or those at the beginning of their careers. When you give a person with no bargaining power more rights, the bullies who've been grabbing the lion's share all along simply take the new rights, too. Merely expanding copyright is like giving your bullied kid more lunch money in the hopes that the bullies will leave them with enough to buy something to eat.

But there's a better way!

One of the best features of the US copyright system is "reversion": this allows creators to fill in a few forms and take back their copyrights after 35 years, even if they have entered into a "perpetual assignment of copyright" with a publisher, studio, label or other party.

Creators at the start of their careers have no negotiating leverage, and most creative works have no commercial life after the first couple of years. Reversion allows the small minority of creators who have attained fame to take back the copyrights they were strong-armed into surrendering when they were unknowns, and it allows other, less-successful creators to take back their creations and distribute them in small, independent editions that give them new life.

Canada is contemplating a sweeping set of copyright reforms; as in inevitable on these occasions, the process has been dominated by batshit proposals from giant corporations who've bilked some creators to front for them.

But one proposal stands out for its sensible, pro-creator obviousness: singer Bryan Adams' proposal to create a 25-year reversion system for creators. Such a system would allow creators like Adams (whose own career peaked long enough ago to allow him to claim back his most successful works under this rule) to right the old wrongs in the contracts he signed when he was starting out.

As Australian copyright scholar Rebecca Giblin notes, this system was once in place in Australia, but was abolished in 1968. Importantly, reversion systems are one of the few areas of copyright that are not tightly constrained by impossible-to-alter international copyright treaties like the Berne Convention and the WTO's TRIPS.

If you're an American who wants to revert your 35-year-old rights, check out the Authors Alliance tool for streamlining the process.

In the book industry my research into almost 100,000 titles has found that publishers license older e-books to libraries on the same terms and for the same prices as newer ones. That includes “exploding” licences which force books to be deleted from collections even if nobody ever borrows them.

Publishers are interested in maximising their share of library collections budgets, not ensuring that a particular author continues to get paid or a particular title continues to get read.

As a result libraries often forgo buying older (but still culturally valuable) books even though they would have bought them if the publisher cared enough to make them available at a reasonable price.

Restricting access to books is not in the interests of authors or readers.

Everything he does, he does it for us. Why Bryan Adams is on to something important about copyright [Rebecca Giblin/The Conversation]

(Image: Gerardo Gonzalez, CC-BY)

X-Men star's disappearance blamed on China's new "anti-corruption" snatch squad [Cory Doctorow – Boing Boing]

Fan Bingbing is a Chinese megastar who has also appeared in western movies like "X-Men: Days of Future Past"; she has not been seen since June and the smart money has it that she was kidnapped by China's National Supervision Commission (NSC), an "anti-corruption" task force established in 2018, with a reputation for practicing "liuzhi" or "enforced disappearances."

The NSC is the next step in Xi Jinping's longstanding practice of "disappearing" people he disapproves of, including anti-corruption activists and dissidents. Fan Bingbing is accused of tax-fraud.

People held in luizhi detention are kept in secret locations and denied contact with family or legal counsel, and often emerge after giving widely disseminated forced confessions. It's not uncommon for people to die during luizhi custody.

Under the new laws, these sweeping anti-corruption bodies have jurisdiction not only over China's roughly 90 million Communist Party members, but also over a potentially unlimited target group including nearly any government staff, managers at state-owned enterprises, and really anyone if they are deemed relevant to a case of Party concern.

The crimes might include, as with Fan Bingbing, large scale tax evasion or tragically, as with Chen Yong, if you are only wanted in relation to another investigation.

According to Liu Jianchao, head of the Zhejiang supervision commission, those swept up into Liuzhi are typically kept for 42.5 days before being transferred. Although someone can be kept for up to six months, a lot can happen in forty plus days of disappearance.

The world's richest families got MUCH richer, thanks to the stock market [Cory Doctorow – Boing Boing]

As low interest rates and terrible bond yields have driven more everyday people into the stock market in the hopes of protecting their savings from inflation and building their pensions, the market has surged -- with the richest people on Earth surfing the wave.

Bloomberg reports on UBS and Campden's annual survey of the rise of "family offices" created by the new class of super-rich (37% of family offices in the survey were created since 2010), some with as many as five offices dotted around the globe.

These offices (about 5,000 of them thought to exist today) are intended to preserve hereditary, dynastic fortunes that ensure that the new breed of financial aristocrats retains its grip on power indefinitely.

Family offices have proven to be a powerful accelerants for huge fortunes: from their modest beginnings of 0.3% returns in 2015, family offices returned 7% in 2016 and 15.5% in 2017.

The pace of new family offices has accelerated especially within the past decade, driven by the rise of Asian wealth, with UBS estimating that a new billionaire is minted in China every two days. Asia is now home to a quarter of the people on Bloomberg’s ranking of the world’s 500 richest people, second only to North America.

Of the 311 family offices that responded to the latest survey, 37 percent were created after 2010. The average assets held by respondents was $808 million and the average worth of the families was $1.1 billion. Just over 1 in 5 said they have two family office sites, while some have as many as five locations.

Ultra-Rich Families Ride Stocks Surge to Double Annual Gains [Benjamin Stupples/Bloomberg]

(via Naked Capitalism)

(Image: Gerald Ford, CC-BY-SA)


The Big Idea: Ryan North [Whatever]

I am not saying I am a time traveler. For all most of you know, I am not. But if I were, and remember I am not saying I am, then I would be very interested in Ryan North’s new book How To Invent Everything. Very, very interested. Theoretically.


I wanted to write the most dangerous book in the world.  Assuming time travel exists, I think I’ve succeeded.

The big idea in How To Invent Everything is this: is it possible to collapse our modern civilization into a single text which anyone, regardless of experience or education – or the time period in which they’re stranded – could use to rebuild our world from scratch?  I wasn’t at all certain that it was, but if it were, it sounded exactly like the sort of book I wanted to read.  And the more I thought it, the more it excited me, because this would be a book which – once you’ve gone back in time with it – would absolutely make you the most influential, powerful, and decisive person in history.

So, all I had to do was write it.


I’m probably not the person you’d choose to write a book like this.  Up to now, all of my writing has been fiction: comic books about a girl with squirrel powers, short story anthologies about a machine that knows how you’re going to die, and choose-your-own-path versions of Shakespeare.  This was obviously something different, and I had no idea where to start.  So I began with what I knew: fiction.

I made up a future in which time travel existed and was practiced routinely.  It was a world in which time machines are rented like cars: generally painlessly, though sometimes with the risk that your too-good-to-be-true deal of a vehicle breaks down.  It was a way to ease myself (and readers) into the concept, and it helped me set up some ground rules: you, as a reader, are a temporal tourist.  You are trapped in the past in a broken rental-market time machine.  There is a repair guide, but it very quickly reveals a unfortunate truth: that time machines are for sure the most complicated pieces of machinery humans have ever produced, and that there aren’t any user-serviceable parts inside.  Time machines are so complicated, in fact, that it’s actually easier to tell you how to rebuild all of civilization than it is to explain how a 45.3EHz chrotonic flux inverter works.  So that’s what this time machine repair guide does.

With that, I had my in.  The “corporate repair guide” angle gave me an absurd tone to play with, and it let me keep things funny, light, and entertaining, while still sharing actual (useful!) information.  The only challenge now was to fill the rest of the book.  No problem, right??

I began by researching the inventions I knew I wanted to include.  I’d always wanted to have computers in there – because come on, how awesome would it be to go through life knowing you can build a computational engine from scratch in any time period you care to name? – so that’s where I started.  And I discovered something fascinating: once we’d invented electrical logic gates – the things modern computers are based on – we started seeing them everywhere.  You don’t actually need electricity.  You can build logic gates out of ropes and pulleys.  You can build them out of water.  Heck, you can even build them out of living crabs.  And this meant that there was lots of potential there for a knowledgeable time traveller to invent computers centuries – if not millennia – ahead of schedule.

I soon found that it wasn’t just computers that could’ve shown up much sooner in history than they actually did.  I was honestly shocked to discover how many inventions fit into this category.  An example: we had the raw materials for compasses in 200 BCE: that’s when we noticed that some rocks stick together, or in other words, discovered magnets.  But it wasn’t until 1000 CE that we actually invented compasses.  And here’s the kicker: to get a basic compass (which, I remind you, unlocks navigating the entire world), you don’t need the “tiny sliver of metal balanced on a pin wrapped in plastic” fancy compasses we have today.  You just need to tie your magnetic material to a string.  The string lets the rock rotate freely, the rock points towards magnetic north, and hey presto: that’s your compass.

Figuring out how to tie a rock to a string took us over 1000 years. 

You might think that’s embarrassing (and, you know – you’re not wrong) but I actually found it really inspiring.  And the more examples I found of low-hanging fruit throughout history, of inventions that could’ve been invented at any point in time but which for one reason or another we only figured out relatively recently, the more inspired I got.  Sure, it meant there was tons of room for a time traveller to optimize our timeline (great for my book!) but also meant that it was – and is – very likely there’s still things like that in our own time that we ourselves haven’t yet figured out.  What are we missing today, right now?

That last one is actually the one question How To Invent Everything doesn’t answer.  What fundamentally world-changing invention are we not seeing, even though we’ve already got all the parts we need?  What will people 1000 years from now laugh at us for not figuring out already?

What’s the equivalent of tying a rock to a string, for those of us living here at the end of 2018 CE?

I probably won’t be the one to figure it out, but I can’t wait to see who does.


How To Invent Everything: Amazon|Barnes & Noble|Indiebound|Powell’s 

Read an excerpt. Visit the author’s site. Follow him on Twitter.


How do I prevent my program’s temporary documents from appearing in Search? [The Old New Thing]

A customer wanted to know how to disable Cortana and Search completely on their employees's systems. "A user should not be able to search for anything from anywhere."

That seems a rather broad statement. But what is the problem that they think disabling Cortana and Search will solve? In many cases, a customer asks for a way to hide something when in fact they really want to disable it. What is the thing they specifically want to prevent the user from searching for?

The customer explained that their program creates some files which are required for proper functioning, but they don't want the user to be able to search for and find those files. Users should be using the program to manage those files. The customer cannot block access to the files because their program needs them to function. The customer understands that a technically adept user will be able to find the files even when hidden them from search, but that's okay. They just don't want the files to distract casual users.

Consider a program which creates some Excel spreadsheets to assist with its calculations. If those Excel spreadsheets showed up in searches, then users would be tempted to open those Excel spreadsheets and start messing with them, which would confuse the program.

What the program should do is create those internal Excel spreadsheets in the Application Data directory, rather than in the Documents directory.

If that's not possible, it could at least mark the files as hidden. That would also remove it from search results.

These solutions avoid using a global solution to a local problem. It seems awfully presumptuous for a program to take it upon itself to disable searching outright, just because it wants to keep its own private files hidden. It's like cutting power to the entire house to make sure nobody watches television.

Bonus chatter: There are quite a few group policies in Computer Configuration\Administrative Templates\Windows Components\Search for controlling what shows up in the search index. For eaxmple, you can exclude specific directories from search, or exclude a list of file types.


[$] Archiving web sites [LWN.net]

I recently took a deep dive into web site archival for friends who were worried about losing control over the hosting of their work online in the face of poor system administration or hostile removal. This makes web site archival an essential instrument in the toolbox of any system administrator. As it turns out, some sites are much harder to archive than others. This article goes through the process of archiving traditional web sites and shows how it falls short when confronted with the latest fashions in the single-page applications that are bloating the modern web.

Subscribers can read on for a look at web archiving by guest author Antoine Beaupré.


My Home Internet is Down and My Cell Phone Hotspot Connection is Totally Crawling so No Whatever Digest Today [Whatever]

I’ll be posting a Big Idea and a Whatever 20/20 piece in a bit, although I may have to go down to the public library and use their connection to do it. Like a prole.


DNA ancestry tests are bullshit [Cory Doctorow – Boing Boing]

Adam Rutherford's amazing book A Brief History of Everyone Who Ever Lived is on shelves in the USA now; debunking the absurd claims made by genetics testing companies -- claims about your distant relationship to ancient kings or the percentage of your genes that came from Vikings.

Rutherford's quest to debunk the highly profitable "genetic astrology" industry has some staunch allies, including the wonderful Sense About Science people (previously), including Steve Jones, Emeritus Professor of Human Genetics at UCL and Prof Mark Thomas.

Rutherford's book is a really clear -- and often very funny! -- explanation of what genomics is useful for: analyzing whole populations and species and discovering what is and isn't a heritable trait, adding nuance to the stories of heredity and evolution, and debunking old eugenic idiocies like "noble blood" and the idea that human beings can be divided into "races."

If you want to get a sense of just how terrible these old ideas are, check out this week's podcast of Rob Newman's "Total Eclipse of Descartes," a standup routine in which Newman explains how junk eugenic science and old scientific frauds have been used to make education into a toxic mess.

A warning about the accuracy of the tests was made by the Sense About Science campaign group, which said "such histories are either so general as to be personally meaningless or they are just speculation from thin evidence."

The warning was backed by a number of leading genetics experts. Steve Jones, Emeritus Professor of Human Genetics at UCL said: “On a long trudge through history – two parents, four great-grandparents, and so on – very soon everyone runs out of ancestors and has to share them.

"As a result, almost every Briton is a descendant of Viking hordes, Roman legions, African migrants, Indian Brahmins, or anyone else they fancy.”

His colleague Prof Mark Thomas said: "These claims are usually planted by the companies that provide these so-called tests and are not backed up by published scientific research. This is business, and the business is genetic astrology.”

DNA ancestry tests branded 'meaningless' [Nick Collins/Telegraph]

Incredibly sensible notes on software engineering, applicable to the wider world [Cory Doctorow – Boing Boing]

François Chollet's "Notes to Myself on Software Engineering" is posed as reminders from Chollet to himself, but they're a really wonderful list of extremely sensible advice on how collaborative projects work, how to be a good collaborator, how to build things for other people to use, and how to collaborate with future engineers and builders who will some day want to hook things up to the thing you're making.

For example: "Code is also a means of communication across a team, a way to describe to others the solution to a problem. Readable code is not a nice-to-have, it is a fundamental part of what writing code is about;" and "Users are focused on their own specific use case, and you must counter this with a holistic and principled vision of the whole project. Often, the right answer is to extend an existing feature."

I'm especially taken with his thoughts on APIs, like "Simple things should be simple, complex things should be possible. Don’t increase the cognitive load of common use cases for the sake of niche use cases, even minimally."

Then there's the section on having a good and worthy career in technology: "When making any choice with long-term repercussions, place your values above short-term self-interest and passing emotions — such as greed or fear. Know what your values are, and let them guide you." That is very good advice.

Notes to Myself on Software Engineering [François Chollet/Medium]

(via Four Short Links)


Hank Green's "An Absolutely Remarkable Thing": aliens vs social media fame vs polarization [Cory Doctorow – Boing Boing]

April May is a debt-haunted art-school grad with a terrible job working on a worse app for a Manhattan startup that pays her enough to cover half the rent on the one-bedroom she shares with her girlfriend, but demands so much of her time that they hardly see each other.

Late one night, as she is leaving her terrible job, she sees a wonderful work of art: a giant statue of a transformer-style samurai robot that someone has installed on 23rd Street. She calls her best friend Andy, dragging him out of bed at 2AM to come down to the corner and film a funny vlog spot they can upload to his moribund YouTube channel.

Then April goes home and crashes and when she wakes up, the world has changed forever. The robot -- April had dubbed him "Carl" in her snarky video -- has twin brothers in major cities all over the world. They are towering, motionless, identical, and mysterious.

April has gone viral. She is suddenly in demand on TV shows, pulling in $10,000 per appearance (Andy's dad is a high-powered LA entertainment lawyer), landing a top-tier agent, flying all over the country -- and solving odd, niggling mysteries about Carl.

The novel follows April's transformation into a world-famous star, someone who self-consciously seeks, cultivates and performs fame and power, who is also self-conscious enough to know that she's doing it and is articulate about why she's doing it. It's as true a look into the odd and mysterious world of fame and attention as I've ever read, and it has the feeling of material that has come straight from the most honest and uncomfortable depths of Hank Green's own introspection.

The Carls have mysteries after mysteries: they appear to be aliens, they can haunt our dreams with strange logic puzzles (the B-story in this novel is a sweet cross between Ender's Game and Ready Player One), and they are a flashpoint for public opinion, splitting the world into two camps: people who believe that the Carls are an occasion for humanity to unite and become part of something larger, and paranoid, angry human chauvinists whose half-baked Darwinism and prepper-style macho terror is a perfect parable for the current life-stage of the internet tough-guy, the latest manifestation of the gamergate brain-parasite.

Green's understanding of the power and limits of social media is incomparable; what Douglas Coupland did for the elation and misery of the tech-bubble with Microserfs, Green does for YouTubers and other social media stars. It makes for a novel that's always charming, always fast-paced, but which is sneakily and uncomfortably ambivalent about the things it celebrates. It gallops to a startling and great ending (I read it all in one sitting) and lingers afterwards.

An Absolutely Remarkable Thing [Hank Green/Dutton]

(Image: Jay Isaac, CC-BY-SA)


Evidence for the Security of PKCS #1 Digital Signatures [Schneier on Security]

This is interesting research: "On the Security of the PKCS#1 v1.5 Signature Scheme":

Abstract: The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that verification of signatures is significantly faster than for DSA or ECDSA. Despite the huge practical importance of RSA PKCS#1 v1.5 signatures, providing formal evidence for their security based on plausible cryptographic hardness assumptions has turned out to be very difficult. Therefore the most recent version of PKCS#1 (RFC 8017) even recommends a replacement the more complex and less efficient scheme RSA-PSS, as it is provably secure and therefore considered more robust. The main obstacle is that RSA PKCS#1 v1.5 signatures use a deterministic padding scheme, which makes standard proof techniques not applicable.

We introduce a new technique that enables the first security proof for RSA-PKCS#1 v1.5 signatures. We prove full existential unforgeability against adaptive chosen-message attacks (EUF-CMA) under the standard RSA assumption. Furthermore, we give a tight proof under the Phi-Hiding assumption. These proofs are in the random oracle model and the parameters deviate slightly from the standard use, because we require a larger output length of the hash function. However, we also show how RSA-PKCS#1 v1.5 signatures can be instantiated in practice such that our security proofs apply.

In order to draw a more complete picture of the precise security of RSA PKCS#1 v1.5 signatures, we also give security proofs in the standard model, but with respect to weaker attacker models (key-only attacks) and based on known complexity assumptions. The main conclusion of our work is that from a provable security perspective RSA PKCS#1 v1.5 can be safely used, if the output length of the hash function is chosen appropriately.

I don't think the protocol is "provably secure," meaning that it cannot have any vulnerabilities. What this paper demonstrates is that there are no vulnerabilities under the model of the proof. And, more importantly, that PKCS #1 v1.5 is as secure as any of its successors like RSA-PSS and RSA Full-Domain.


Four short links: 25 September 2018 [All - O'Reilly Media]

Software Engineering, ML Hardware Trends, Time Series, and Eng Team Playbooks

  1. Notes to Myself on Software Engineering -- Code isn’t just meant to be executed. Code is also a means of communication across a team, a way to describe to others the solution to a problem. Readable code is not a nice-to-have; it is a fundamental part of what writing code is about. A solid list of advice/lessons learned.
  2. Machine Learning Shifts More Work To FPGAs, SoCs -- compute power used for AI/ML is doubling every 3.5 months. FPGAs and ASICs are already predicted to be 25% of the market for machine learning accelerators in 2018. Why? FPGAs and ASICs use far less power than GPUs, CPUs, or even the 75 watts per hour Google’s TPU burns under heavy load. [...] They can also deliver a performance boost in specific functions chosen by customers that can be changed along with a change in programming.
  3. Time Series Forecasting -- one of those "three surprising things" articles. The three surprising things: You need to retrain your model every time you want to generate a new prediction; sometimes you have to do away with train/test splits; and the uncertainty of the forecast is just as important as, or even more so, than the forecast itself.
  4. Health Monitor -- Atlassian's measures of whether your team is doing well. Their whole set of playbooks is great reading for engineering managers.

Continue reading Four short links: 25 September 2018.


CodeSOD: The UI Annoyance [The Daily WTF]

Daniel has a bit of a story. The story starts many months ago, on the very first day of the month. Angular 1.x has something called a filter as a key concept. This is a delightfully misleading name,...


We learn as we go [Seth's Blog]

If we stop going, we stop learning…


If we're not willing to keep learning, we should probably stop going.


Vote for Net Neutrality: today's the day to tell would-be Congresscritters where you stand [Cory Doctorow – Boing Boing]

With 41 days until the midterm elections, today is the day to put your lawmaker on notice: vote for the Congressional Review Act, overturn the Trump FCC ban on Net Neutrality, and restore Net Neutrality to America. The Vote for Net Neutrality chatbot is here to help: tell it where you live, it'll tell you who's running in your district and put you in touch with them. If you -- like 87% of Americans -- want Net Neutrality, this is your chance.


Sky TV Wants The Pirate Bay Blocked in New Zealand [TorrentFreak]

Earlier this year Hollywood’s Motion Picture Distributors’ Association stated that site-blocking was the only option left to beat online piracy.

While it’s impossible to completely eradicate the phenomenon, rightsholders generally see ISP blockades as one of the most effective tools at their disposal.

This is also true for Sky TV New Zealand. Last year the company took its first steps in this direction, and it is now pushing on. Newsroom reports that Sky hopes to file a lawsuit targeting The Pirate Bay and an unnamed sports streaming site before the end of the year.

The company just released the results of an extensive piracy survey which shows that 29% of all New Zealanders have pirated sport and entertainment during the last month. The majority of pirates prefer streaming, but downloading and pirate boxes are popular too.

“We’ve known that piracy is a problem for a while, but the scale is even bigger than we thought,” SKY spokesperson Sophie Moloney says.

“If piracy remains unchecked, it risks really hurting the sports and entertainment industry in New Zealand, and our ability to create great content,” she adds.

The lacking availability of legal viewing options is the main reason why people pirate, the research reveals. Legal content is either not available or it’s significantly delayed. Interestingly, non-pirates believe that people mainly turn to unauthorized offerings to avoid paying.

Sky TV, however, believes that there are plenty of legal option and will push its blocking plans through.

“Other countries are taking steps to stop piracy and encourage people not to steal content, and we want to do the same here in New Zealand, including by way of blocking pirate websites,” Sky TV’s Moloney says.

Surprisingly, there is even support for this effort among self-proclaimed pirates.

Just over half of all pirates agreed that they “would be happy for my ISP to block access to a piracy website if it was required by a court to do so.” This is also preferred over other options, such as tighter regulation or lawsuits against individual pirates.

“Site-blocking is used in 42 countries around the world, including Australia and the UK. It’s good to see that many New Zealanders would prefer that these dodgy sites are blocked from view using this approach,” Moloney notes.

Whether Internet providers feel the same way has yet to be seen. When Sky TV first announced its blocking intentions last year, local ISPs responded critically.

“SKY’s call that sites be blacklisted on their say so is dinosaur behavior, something you would expect in North Korea, not in New Zealand. It isn’t our job to police the Internet and it sure as hell isn’t SKY’s either, all sites should be equal and open,” said Taryn Hamilton of local IPS Vocus at the time.

ISPs instead pointed out that rightsholders should focus on improving the legal options. And with Sky TV’s research revealing ‘limited legal options’ as the main motivation to pirate, they are likely to stick with this.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Syren’s Sweetheart Latex Dress [Oh Joy Sex Toy]

NOW is a GOOD time to sign up to Erika’s Patreon: We made a NSFW video of her putting on said, Latex Dress!

This thing is amazing, we’re SO thankful to Stockroom and Syren Latex for giving us the opportunity to try out such a fancy dress. We absolutely loved it, and are now trying to think up new and different places to try it on and show it off.

We both loved this particular cut: its beginner friendly and super cute. But Stockroom and Syren have a HUGE list of different cuts and options available, check it all out if your keen, and make sure to buy some Pjur silicone lube or conditioner at the same time!

Buy it from Stockroom!

Stockroom ALSO has a 15% discount for you, just add ‘OHJOY’ at checkout!

Wanna see how Erika looks in the dress? Check it out on Erikas Instagram!


Russ Allbery: Smallish haul [Planet Debian]

It's been a little while since I've made one of these posts, and of course I'm still picking up this and that. Books won't buy themselves!

Elizabeth Bear & Katherine Addison — The Cobbler's Boy (sff)
P. Djèlí Clark — The Black God's Drums (sff)
Sabine Hossenfelder — Lost in Math (nonfiction)
N.K. Jemisin — The Dreamblood Duology (sff)
Mary Robinette Kowal — The Calculating Stars (sff)
Yoon Ha Lee — Extracurricular Activities (sff)
Seanan McGuire — Night and Silence (sff)
Bruce Schneier — Click Here to Kill Everyone (nonfiction)

I have several more pre-orders that will be coming out in the next couple of months. Still doing lots of reading, but behind on writing up reviews, since work has been busy and therefore weekends have been low-energy. That should hopefully change shortly.


Prey it Forward [Diesel Sweeties webcomic by rstevens]

sleep is dumb

Tonight's comic is going back to school.

Falls Equivalencies [Diesel Sweeties webcomic by rstevens]

sleep is dumb

Tonight's comic's favorite season is, you guessed it, fall.


Resignation [QC RSS]

No offense intended but I am not interested in nor do I have the time for debating today's comic. Thanks for understanding!



DCPs [Nina Paley's Blog]

10+ years ago, when I was preparing Sita Sings the Blues for film festivals, I had to make heavy, unwieldy, and expensive 35mm film prints. Thankfully I don’t have to do that any more. Instead, today’s cinemas use DCP (for Digital Cinema Package) hard drives. These take advantage of advances in digital technology, as fucked up by a film industry that can’t cope with advances in digital technology. Thanks to the insane and byzantine encoding protocols designed by Hollywood to thwart what computers are inherently best at – copying – making DCPs has long been shrouded in mystery and prohibitive costs.

Since I’m cheap and have practically no income these days, I didn’t want to use a DCP-making service (called a “lab,” as if). Instead, after begging around for favors, and doing much research online, I made them myself.

I used DCP-o-matic. It’s Free Software, created and maintained by Carl Hetherington, to whom I and many other small filmmakers owe a debt of gratitude. I can’t recommend it enough. Apparently many screening venues now use it themselves. I used it to make 2K and 4K DCP files, and English and French “version files” for subtitles. I also burned in English subtitles over “Paroles, Paroles.”


Once I made the DCPs, I had to get them onto portable hard drives, which is no small task. You can’t just drag-and-drop copy them like normal files. Fortunately I found DCP Transfer. It’s not Free, but it is affordable – $25 a month (ugh, subscriptions) plus a $25 initial charge. Today my subscription auto-renewed, just in time for me to be gone for a month, so I contacted the company to cancel and they refunded it. That’s good service! The software works great, too. I had no problem formatting and copying DCPs onto most external hard drives. The exception was flash drives, aka thumb drives; these overheated and usually failed. It’s a pity, since flash drives are so small and convenient. But I found some relatively inexpensive 320GB USB3 portable hard drives, and made enough DCPs to satisfy film festivals.

Whatever my complaints about DCP, it sure beats making (and distributing!) film.


flattr this!


Software disenchantment [OSNews]

I've been programming for 15 years now. Recently our industry's lack of care for efficiency, simplicity, and excellence started really getting to me, to the point of me getting depressed by my own career and the IT in general. Modern cars work, let's say for the sake of argument, at 98% of what's physically possible with the current engine design. Modern buildings use just enough material to fulfill their function and stay safe under the given conditions. All planes converged to the optimal size/form/load and basically look the same. Only in software, it's fine if a program runs at 1% or even 0.01% of the possible performance. Everybody just seems to be ok with it. People are often even proud about how much inefficient it is, as in "why should we worry, computers are fast enough".

A bit ranty here and there, but this entire "old man yells at cloud" article is very much music to my ears. Software is bad. We expect software to be bad. We accept that software is bad. We make excuses why software is bad. We tell people it's okay that software is bad. We say it is inevitable that software is bad.

If any other industry were as lax about quality and performance as the software industry, we'd be up in arms.

Sculpt OS with Visual Composition [OSNews]

Sculpt is an open-source general-purpose OS based on the Genode framework. It combines a microkernel architecture, capability-based security, sandboxed device drivers, and hardware-virtualized guests in a novel operating system for commodity x86-64 hardware.

The third version of Sculpt OS is now available under codename Sculpt VC. It is based on Genode OS framework release 18.08. "Sculpt with Visual Composition" takes a step forward to turn Sculpt into a useable system for a wider audience. It features a graphical user interface for performing fundamental tasks like connecting to a wireless network, or installing and running software from packages. However, the full power of the system is still accessible only via a textual interface. A detailed description of the usage and structure of Sculpt VC can be found in its documentation.

Sculpt VC is available in form of an USB stick image thats boots on bare metal x86 hardware. The image has a size of 24 MiB only. Alternatively, a virtual appliance for VirtualBox is provided.

Monday, 24 September


Marzipan: porting iOS apps to the Mac [OSNews]

With macOS Mojave, Apple is adding support to run UIKit apps on macOS without the requirement of rewriting the UI in AppKit. While this isn't yet something that's officially supported for third-party developers, let's explore what to expect in 2019 and how to try it out today.

Coincidentally, macOS Mojave has been released today as well, so head on over to the Mac App Store and update your Macs.


Jewelry in the shape of gerrymandered US congressional districts [Cory Doctorow – Boing Boing]

Gerrymander Jewelry: charms in the shape of America's most gerrymandered district; you don't have to live in Michigan's 14th, Texas's 35th or Ohio's first to rock one of these. (via Super Punch)


09/24/18 [Flipside]

Sorry, no page today. The next two pages will be a 2-page spread, so I will be putting both up on Wednesday.


Link [Scripting News]

I've got the serving-from-GitHub part working now. Lots of loose ends. And this link may only work for a few days. But it's progress. Also here are my worknotes for today.

Microsoft Search will search across Office, Windows, more [OSNews]

Microsoft is unveiling an ambitious effort to overhaul its search experience in Office, Windows, Bing and more today. Dubbed Microsoft Search, the new search experience will first start appearing on Bing and Office.com today. Bing isn't going away, but Microsoft Search is the new name for a combination of Bing and the search results you might expect to find in Windows applications. It's designed to combine traditional search results with commands, app features, and personalized results. Search is being moved to a central area in Office apps, allowing Excel users to find commands and features in results alongside documents and other search results.

I've never been a fan of combining web and local search results on my operating system's search tool - the two are clearly separated in my mind and I regard them as two entirely different and distinct entities. I'm sure I'm revealing my age here, and that younger generations don't perceive this distinction at all, but I'm just hoping I can turn this off.

The $12 "Gongkai" Phone [OSNews]

Recently, I paid $12 at Mingtong Digital Mall for a complete phone, featuring quad-band GSM, Bluetooth, MP3 playback, and an OLED display plus keypad for the UI. Simple, but functional; nothing compared to a smartphone, but useful if you're going out and worried about getting your primary phone wet or stolen. [...] How is this possible? I don't have the answers, but it's something I'm trying to learn. A teardown yields a few hints.

These are amazing products for a specific niche, and the young teenager in me who got his first cellphone at 13 marvels at the price of this thing.


Petter Reinholdtsen: VLC in Debian now can do bittorrent streaming [Planet Debian]

Back in February, I got curious to see if VLC now supported Bittorrent streaming. It did not, despite the fact that the idea and code to handle such streaming had been floating around for years. I did however find a standalone plugin for VLC to do it, and half a year later I decided to wrap up the plugin and get it into Debian. I uploaded it to NEW a few days ago, and am very happy to report that it entered Debian a few hours ago, and should be available in Debian/Unstable tomorrow, and Debian/Testing in a few days.

With the vlc-plugin-bittorrent package installed you should be able to stream videos using a simple call to

vlc https://archive.org/download/TheGoat/TheGoat_archive.torrent
It can handle magnet links too. Now if only native vlc had bittorrent support. Then a lot more would be helping each other to share public domain and creative commons movies. The plugin need some stability work with seeking and picking the right file in a torrent with many files, but is already usable. Please note that the plugin is not removing downloaded files when vlc is stopped, so it can fill up your disk if you are not careful. Have fun. :)

I would love to get help maintaining this package. Get in touch if you are interested.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

The $12 "Gongkai” Phone [OSNews]

Recently, I paid $12 at Mingtong Digital Mall for a complete phone, featuring quad-band GSM, Bluetooth, MP3 playback, and an OLED display plus keypad for the UI. Simple, but functional; nothing compared to a smartphone, but useful if you're going out and worried about getting your primary phone wet or stolen. [...] How is this possible? I don't have the answers, but it's something I'm trying to learn. A teardown yields a few hints.

These are amazing products for a specific niche, and the young teenager in me who got his first cellphone at 13 marvels at the price of this thing.

What's the difference between an integer and a pointer? [OSNews]

In an assembly language we typically don't have to worry very much about the distinction between pointers and integers. Some instructions happen to generate addresses whereas others behave arithmetically, but underneath there's a single data type: bitvectors. At the opposite end of the PL spectrum, a high-level language won't offer opportunities for pointer/integer confusion because the abstractions are completely firewalled off from each other. Also, of course, a high-level language may choose not to expose anything that resembles a pointer.


Tell Congress to Save the Open Internet [EFF Action Center]

On December 14, 2017, the FCC voted to end net neutrality protections. Net neutrality protections ensured that Internet service providers (ISPs) treated all data that traveled over their networks equally. Now, the way is paved for ISPs to starting blocking or throttling access online and for them to charge extra for data to be transmitted faster. But Congress can stop it. A majority vote in both houses can overturn the FCC’s order and restore net neutrality.

On May 16, the Senate voted with a majority voting in favor of repealing the FCC’s order. That means that the future of net neutrality is all in the hands of the House of Representatives.

Tell your representatives how important net neutrality is and, if they haven’t already, to voice their support for bringing back real net neutrality.


The Humble Book Bundle: Learn You Some Code by No Starch... [Humble Bundle Blog]

The Humble Book Bundle: Learn You Some Code by No Starch Press! 

Learn you a thing or three with this bundle from No Starch Press. Get ebooks like Learn You A Haskell for Great Good!, Python Crash Course, Automate the Boring Stuff with Python, Learn You Some Erlang for Great Good! and more.

Assets for Press and Partners

News Post: Stuck Pigment [Penny Arcade]

Tycho: Mike and I receive Tattoos very differently.  This fact is discussed in today’s strip, but there is another way you can become acquainted with it, and that is to watch the video embedded tastefully below these words.  The tattoo artist terminology for someone who takes a tattoo in this way is “A Box Of Cats.” Watch G & T: Tattoos from PennyArcade on www.twitch.tv I have a different reaction.  Which is to say, not much of one.  I’m nowhere near as entertaining as Gabe is.  I “go remote” when subjected to various kinds of stress…


Beware of Hurricane Florence Relief Scams [Krebs on Security]

If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent.

For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc.). Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information about who is running the site or what will be done with donated funds.

The landing page for hurricaneflorencerelieffund-dot-com also is the landing page for at least 4 other Hurricane Florence donation sites that use the same anonymous PayPal address.

Among the earliest of these is hurricaneflorencerelieffund-dot-com, registered anonymously via GoDaddy on Sept. 13, 2018. Donations sent through the site’s PayPal page go to an email address tied to the PayPal account on the site (info@hurricaneflorencerelieffund-dot-com); emails to that address did not elicit a response.

Sometime in the past few days, several other Florence-related domains that were previous parked at GoDaddy now redirect to this domain, including hurricanflorence-dot-org (note the missing “e”); florencedisaster-dot-org; florencefunds-dot-com; and hurricaneflorencedonation-dot-com. All of these domains include the phone number 833-FLO-FUND, which rings to an automated system that ultimately asks the caller to leave a message. There is no information provided about the organization or individual running the sites.

The domain hurricaneflorencedisasterfund-dot-com has a slightly different look and feel, invokes the name of the Red Cross and also includes the 833-FLO-FUND number. Likewise, it accepts PayPal donations tied to the same email address mentioned above. It claims “80% of all donations go directly to FIRST RESPONDERS in North & South Carolina!” although it provides no clear way to verify that claim.

Hurricaneflorencedisasterfund-dot-com is one of several domains anonymously accepting PayPal donations, purportedly on behalf of Hurricane Florence victims.

The domain hurricaneflorencerelief-dot-fund, registered on Sept. 11, also accepts PayPal donations with minimal information about who might benefit from monies given. The site links to Facebook, Twitter and other social network accounts set up with the same name, although none of them appear to have any meaningful content. The email address tied to that PayPal account — hurricaneflorencerelief@gmail.com — did not respond to requests for comment.

The domain theflorencefund-dot-com until recently also accepted PayPal donations and had an associated Twitter account (now deleted), but that domain recently changed its homepage to include the message, “Due to the change in Florence’s path, we’re suspending our efforts.”

Here is a Google spreadsheet that tracks some of the domains I’ve been monitoring, including notations about whether the domains are active and if they point to sites that ask for donations. I’ll update this sheet as the days go by; if anyone has any updates to add, please drop a comment below. All of the domains mentioned above have been reported to the Justice Department’s National Center for Disaster Fraud, which accepts tips at disaster@leo.gov.

Let me be clear: Just because a site is listed here doesn’t mean it’s a scam (or that it will be). Some of these sites may have been set up by well-intentioned people; others appear to have been established by legitimate aid groups who are pooling their resources to assist local victims.

For example, several of these domains redirect to Freedomhouse.cc, a legitimate nonprofit religious group based in North Carolina that accepts donations through several domains that use an inline donation service from churchcommunitybuilder.com — a maker of “church management software.”

Another domain in this spreadsheet — florencereliefeffort.org — accepts donations on its site via a third party fundraising network Qgiv.com. The site belongs to a legitimate 501(c)(3) Muslim faith-based nonprofit in Raleigh, N.C, that is collecting money for Hurricane Florence victims.

If you’re familiar with these charities, great. Otherwise, it’s a good idea to research the charitable group before giving them money to help victims.

As The New York Times noted on Sept. 15, one way to do that is through Charity Navigator, which grades established charities on transparency and financial health, and has compiled a list of those active in the recovery from Florence. Other sites like GuideStar, the Better Business Bureau’s Wise Giving Alliance and Charity Watch perform similar reviews. You can find more details about how those sites work here.

Finally, remember that phishers and malware purveyors love to seize on the latest disasters to further their schemes. Never click on links or attachments in emails or social media messages that you weren’t expecting.


The Whatever Digest, 9/24/18 [Whatever]

I’m at the airport super early, so let’s check in on the state of the world, shall we?

Oh. Oh. Well, that’s no good, is it.


At the moment I have nothing useful to add about what’s going on with either Kavanaugh or Rosenstein situations, because in both cases no one else seems to know what’s going on, either, other than it’s a real mess. Anything I’d say here will be superseded elsewhere in the next half hour, so — check on tomorrow? I guess?

These are exciting times, and not in a good way.


In other news, Tor.com is running the Prologue to The Consuming Fire today, so if you’d like a sneak preview of the upcoming novel (out in just three weeks!), here you go. I like it, but then I would.


And how was your weekend in New York, Scalzi? It was nice, thank you for asking. I did a bit of business, saw some dear friends, hung out with some cool people, and connected in real life with someone who had previously been a Twitter pal and was delighted to discover that they are awesome in real life as well, and I think they felt similarly. Also I went to MoMA and saw a bunch of cool art. On the downside I turned my ankle a bit so walking around Manhattan was not an unalloyed joy, but then again, I didn’t turn it enough that I couldn’t walk, so I walked a bunch anyway. I got my steps in, is what I’m saying. And Saturday, which was the first official day of autumn, was exactly what you would hope an early fall day would be in New York City. In all, A++, would visit NYC in mid-September again. I hope you had a similarly fabulous weekend.

And now, back to loitering at the airport. Funny how many fabulous trips end up that way.


Google, Yandex Discuss Creation of Anti-Piracy Database [TorrentFreak]

Every day, countless thousands of pieces of infringing content are uploaded to the Internet including most movies, TV shows, games, and commercial software.

Rightsholders everywhere are struggling to the contain the influx, often having to resort to filing millions of takedown notices with Internet companies, the bulk of which target the world’s major search engines.

While this doesn’t take down the actual content itself, there is a theory that citizens often turn to search engines to find their fix. These sites, in turn, direct users to sites hosting infringing content. To combat this facilitation, copyright holders want search companies to remove these results from their indexes.

Takedowns like this are common in the West, with Google removing billions of links upon request. In Russia, however, search engine Yandex found itself in hot water recently after refusing to remove links on the basis that the law does not require it to do so. This prompted the authorities to suggest that a compromise agreement needs to be made, backed up by possible changes in the law.

It now appears that this event, which could’ve led to Yandex being blocked by ISPs, has prompted both Internet companies and copyright holders to consider a voluntary agreement. Discussions currently underway suggest a unique and potentially ground-breaking plan.

The initial meeting between telecoms watchdog Roskomnadzor, Internet companies Yandex, Google, and Mail.ru, plus representatives of the Association of Producers of Cinema and Television (APKiT), the National Media Group, and Gazprom Media Holdings, took place September 19.

According to news outlet RBC, the topic of discussion was the creation of a special database holding the details of known infringing copies of content including movies, games, software and other pirated content.

The proposals envision that once details of content are placed in the database, search engines and video hosting sites that sign up to a memorandum of understanding with rightsholders will automatically query the database every five minutes for updates.

Once the details are fed back, search companies will remove links to pirate resources from their search results within six hours, without any need for a court process. This will run alongside the current database currently maintained by Roscomnadzor and utilized by ISPs, which contains links to sites that are blocked due to having multiple complaints filed against them at the Moscow City Court.

If adopted, this new extrajudicial process will go some way to clearing up the problems caused by the current legal gray area, which led to Yandex removing links to content from its video portal to avoid a potential ISP blockade, even though the company believes that the law does not require it to do so.

It’s suggested that the infringing resource database, should it go ahead, could be maintained by the Internet Video Association (IVA), which represents intellectual property rights holders. Alternatively, RBC notes, an alternative coalition of entertainment companies including legal streaming platforms could be put in charge of the project.

Talks appear to be fairly advanced, with agreements on the framework for the database potentially being reached by the middle of this week. If that’s the case, a lawsuit recently filed by Gazprom Media against Yandex could be settled amicably. It’s understood that Yandex wants all major Internet players to become involved, including social networks.

With the carrot comes the possibility of the stick, of course. Gazprom Media indicates that if a voluntary agreement cannot be reached, it will seek amendments to copyright law that will achieve the same end results.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Facebook reminds America's cops that they're not allowed to use fake accounts [Cory Doctorow – Boing Boing]

Facebook's terms of service require users to use their real names; though thiis has lots of potential downsides (including allowing dictators to identify and round up opposition figures), you'd hope that it would at least be evenly applied -- for example, to law enforcement agencies like the Memphis Police Department, who use "Bob Smith" accounts to befriend and entrap activists online.

US law enforcement makes quite a habit out of this kind of thing, and many forces have admitted in court to using fake Facebook identities to target suspects. Cops even get legal advice telling them this is OK, even though it violates Facebook's terms of service.

The ACLU uncovered evidence of the fake Memphis PD accounts in the course of a civil rights lawsuit. EFF got the Memphis cops' Facebook accounts terminated after the news broke, and Facebook's lawyers sent a C&D to the Memphis cops telling them to end the practice.

EFF's been chasing Facebook on this for four years, since the DEA was revealed to be using fake Facebook accounts in its investigations. After the Memphis incident, Facebook updated its law enforcement policies to make it clear that this conduct is not permissible.

But as EFF's Dave Maass points out, Facebook users get lifetime bans for creating fake accounts. Shouldn't police departments that break the rules get equal justice?

The presenter told the audience: “Police and Federal law enforcement may create a fake Facebook profile as part of an investigation and even though it violates the terms and policies of Facebook the evidence may still be used in court.”

The question remains: what action should Facebook take when law enforcement intentionally violates the rules? With regular users, that could result in a lifetime ban. But, banning Memphis Police Department from maintaining its official, verified page could deprive residents of important public safety information disseminated across the platform.

It’s not an easy call, but it’s one Facebook must address and soon. Or better yet, maybe it should abandon its untenable policy requiring authentic names from everyday people who don’t wear a badge.

Facebook Warns Memphis Police: No More Fake “Bob Smith” Accounts [Dave Maass/EFF Deeplinks]

Today in GPF History for Monday, September 24, 2018 [General Protection Fault: The Comic Strip]

The Brotherhood is unable to accept the existence of the "mythical" "she-geek"...


Comic: Stuck Pigment [Penny Arcade]

New Comic: Stuck Pigment

Link [Scripting News]

I get it. News doesn't care who the news favors. You got a scoop, you run with it, let the chips fall where they may. But.. that applies to current events. Things that happen today or yesterday, or a few days ago. Remember the word news comes from new which means something that just happened. Another requirement of news is that it be unusual. As they say, a plane landing on time might be new, but it isn't news. A plane crash, that would be news, if it happened recently. So if you report something that happened 1.5 years ago, and is as unremarkable as a plane landing on time, and it results in news being made, and your sources being gleefully ecstatic, that's not news, that's cronyism, and you're indicted for no longer being about news. I've had this concern about the NY Times for quite a few years, since they were instrumental in providing the false justification for the war in Iraq. Then there were Hillary's emails. Thanks for that. And the anonymous op-ed. And then the bullshit report about Rod Rosenstein saying 1.5 years ago something we want him to say, like how do we dig out of this hole we're in? I don't know what to do about the NYT. I'd like to hear what they say about this. So far no reporter has asked them why they chose to run the story on Friday that's resulting in Rod Rosenstein's resignation today. And now what happens? Do you have any regrets NYT?



Security updates for Monday [LWN.net]

Security updates have been issued by Arch Linux (bitcoin-daemon and bitcoin-qt), Debian (firefox-esr, hylafax, libarchive-zip-perl, mediawiki, okular, openafs, strongswan, and texlive-bin), Fedora (gitolite3, kernel-headers, and lcms2), Mageia (dropbear, kernel, lcms2, libcgroup, libextratcor, mailman, mpg123, okular, php, soundtouch, unixODBC, webkit2, and xml-security-c), openSUSE (aubio, bouncycastle, chromium, ffmpeg-4, firefox, gdm, GraphicsMagick, hylafax+, ImageMagick, jhead, liblouis, nemo-extensions, nextcloud, nodejs6, obs-service-refresh_patches, okular, openslp, pango, phpMyAdmin, python-Django, python-Django1, and seamonkey), Oracle (spice and spice-gtk), Slackware (firefox and kernel), and SUSE (ant, apache2, gnutls, libzypp, zypper, nodejs6, nodejs8, and xorg-x11-libs).


1998/2018: Whatever 20/20, Day Twenty-Four: Reading [Whatever]

Over the last 20 years, and on a day-to-day basis, I don’t think what I read has changed much. I read a lot of non-fiction, a fair amount of science fiction and fantasy as well as the mystery genre, and I read a whole lot online, specifically news and tech sites, plus the occasional magazines that cover the same ground. In 1998 as in 2018, this is fairly constant.

What has changed, and makes for an interesting reading dynamic, is the fact that now I know so many of the people I read. Particularly in science fiction and fantasy, which is the genre I write novels in.

Didn’t you know any authors in 1998, Scalzi? Well, no, not really. I knew journalists, who are of course writers as well as editors, because I worked with them, first at the Fresno Bee and then at the various papers and magazines I freelanced for. Occasionally some of them would write books as well. But I didn’t know many authors, or more accurately, people whose writing output was primarily books. I knew only one novelist, my friend Pam Wallace, who was also a screenwriter (she co-wrote Witness, for which she won an Oscar). Certainly I did not know the authors of the fiction I was reading at the time.

This isn’t a bad state of affairs, to be sure. Most people in fact don’t know the authors or novelists they love to read. Authors exist when their books come out, and otherwise disappear into the background. Even “celebrity” authors are generally not known outside of their specific fan base, and often not all that well even then. I love Carl Hiaasen books; I wouldn’t know if he was standing directly next to me unless he introduced himself (and I hope he would). At any one time there maybe ten authors in the world immediately identifiable on sight by the general public. All the rest of us slip under the radar. So in this respect in 1998 I was no different than any other person.

But when you write novels, and particularly in science fiction and fantasy, which has such a well-developed community infrastructure, you start to meet other writers and you start to keep in touch with them. I went to my first science fiction convention not really knowing any writers; I left knowing a couple dozen. Over the next decade, I got to know them and they got to know me, and I met all sorts: Writers who were coming up, writers who I had long admired, writers who were hot in the moment, writers who in a year or two would be the biggest thing happening. They were (mostly) normal people! They were (mostly) lovely to know and hang out with! And then I became president of the Science Fiction and Fantasy Writers of America, and for three years it was sort of my business to know what roughly 1,800 SF/F were doing with themselves.

And as a result, when I would pick up a book, I wasn’t just reading a bit of entertainment, I was reading something out of the brain of someone I know, and probably liked, and possibly was actual friends with. Which is an interesting thing. With the people I knew whose work I already liked, there was the warm glow of this is my pal, and they write real well. With the people I knew whose work I hadn’t read yet, there was, ohhhh, please let this be good (it usually was). But in every case there was the connection between the work and the person I knew, which is a nice feeling.

It also means that, as a novelist myself now, I have some empathy and sympathy for everything about having a book out in the world — the process of getting it there, the process of having it out there, and the process of having to move on to the next thing. For someone who is only a reader, a book can be a just a book, as it should be. I think for most writers, when they see a book, they at least intuit everything that is around the book and everything it took for it to come into being.

I don’t think this makes me a less critical reader — I’m pretty sure I like the same ratio of books as I did 20 years ago, and there are plenty of books from writers I like and admire as people for whom I am not the ideal audience, and that’s fine. It does put what I’m reading in a different context. And while I may or may not like a novel or book, these days I’m less apt to dismiss the writer of it to whatever degree I might have before. I know from experience what it takes to put out a book. Anyone who goes through all those hoops deserves to be acknowledged as a member of the tribe, as it were.

This is a perspective on one’s reading that not everyone has, can have or even should have. It’s fine for readers to just be readers. But I do think being an author and knowing other authors and novelists has made me a better reader, or at least a more empathetic one. And I will say that that there is one thing about reading now that I absolutely love: When I go to a bookstore and see all the work on the shelves, it’s kind of like visiting friends. What a wonderful feeling that is.


Why does the compiler turn my conditional loop into an infinite one? [The Old New Thing]

A customer asked why the compiler turned their conditional loop into an infinite one.

#include <windows.h>

int x = 0, y = 1;
int* ptr;

DWORD CALLBACK ThreadProc(void*)
  ptr = &y;
  return 0;

int main(int, char**)
 ptr = &x; // starts out pointing to x

 DWORD id;
 HANDLE hThread = CreateThread(nullptr, 0, ThreadProc, 0, &id);

 // Wait for the thread to change the ptr
 // so that it points to a nonzero value
 while (*ptr == 0) { }

 return 0;

Translating into standard C++, for those who don't want to get bogged down in Windows-specific goop:

#include <chrono>
#include <thread>

int x = 0, y = 1;
int* ptr = &x;

void ThreadProc()
  ptr = &y;

int main(int, char**)
 ptr = &x; // starts out pointing to x

 std::thread thread(ThreadProc);

 // Wait for the thread to change the ptr
 // so that it points to a nonzero value
 while (*ptr == 0) { }

 return 0;

The customer explained,

The conditional loop becomes an infinite loop. The assembly code loads ptr into a register once (at the start of the loop), and then it compares the value pointed-to by that register against zero. It never reloads the ptr variable, so it never notices that the thread changed the value of ptr to point to a different value.

We understand that if ptr is declared as volatile int*, then that will force the compiler to reload the ptr variable, which will then load to correct behavior.

We'd like to understand why the compiler cannot be smart enough to turn off the optimization automatically. Clearly, this global variable will be accessed by more than one thread. So why can't the compiler do the right thing?

Okay, first the nitpick: The declaration volatile int* ptr does not make the ptr variable volatile. It defines ptr as a non-volatile pointer to a volatile integer. You wanted int* volatile ptr.

Back to the main question.

First: What's going on here?

Observe that in the loop, there are no accesses to std::atomic variables, nor are there any std::memory_order operations. This means that any changes to ptr or *ptr are a data race and consequently trigger undefined behavior.

(An intuitive way of thinking of this rule is "The compiler optimizes as if the program were single-threaded. The only points at which the compiler considers the possibility of multi-threading is when you access a std::atomic or apply a std::memory_order.")

That explains why the program doesn't behave as "expected". But what about the claim that the compiler should recognize this and disable the optimization?

Well, it struck me as odd to request that the compiler recognize that perhaps it's optimizing too much and intentionally "deoptimize" itself. And especially for the compiler to be able to look into the mind of the programmer and conclude, "Oh, this loop must be waiting for that global variable to change."

But suppose there's some rule in the compiler that says "If optimization results in an infinite loop, then go back and recompile the function with optimizations disabled." (Or maybe "keep turning off optimizations until you get something that isn't an infinite loop.") Aside from the surprise this rule might create, would that rule help?

Notice that in this case, we do not have an infinite loop. The loop will be broken if any thread does x = 1 or *ptr = 1. It's not clear how much analysis the customer expects the compiler to do to scour the entire program to see if that is possible. Would it have to check every integer variable modification and try to see if that could possibly be a variable that ptr could point to?

Since it's not practical for the compiler to do a complete flow analysis to determine whether x = 1 or *ptr = 1 would ever occur, it would have to play it safe and assume it might.

Which means more generally that any access to global variables or references or pointers to data that could be shared between threads could not be cached because of the possibility that another thread modified the value between the two accesses.

int limit;

void do_something()
    if (value > limit)
        value = limit; // would have to re-fetch "limit"
    for (i = 0; i < 10; i++)
      array[i] = limit; // would have to re-fetch "limit"

You've basically declared open season on data races. "Go ahead and modify anything in any order from multiple threads. It's all good! Data races for you. Data races for you. Data races for everyone!"

But that's not the direction the C++ standard took. The C++ standard says that if you are going to modify a variable that is also being accessed by another thread, then you must use an atomic operation or enforce a memory order (which usually comes with a synchronization object).

So please do that.


John Oliver on Facebook's role in fomenting genocide, pogroms and authoritarianism.: "a toilet" [Cory Doctorow – Boing Boing]

Facebook usage is falling in the US and Canada, especially among young people, but it's still dominating the internet overseas, especially in countries where Zero Rating is legal.

In those countries, Facebook -- more than any other technology, platform or service -- is leading the rise in authoritarianism and genocide. It's become the go-to tool for manipulating public opinion to support violence, racial cleansing and other horrors.

In his latest piece, John Oliver describes how Facebook's business model, moderation tactics, and history have led to this moment -- and how Facebook has become an irredeemable cesspool, an insult to toilets, because toilets "make shit go away, whereas Facebook retains shit, disseminates shit to your acquaintances, and reminds you of shit from seven years ago while allowing corporations to put their shit in front of you. What I’m saying is there’s a purity and integrity to toilets that Facebook seriously lacks."

An August investigation by Motherboard gets a shout-out in the piece, as Oliver references one of Facebook’s many internal content moderation rules—in this case, one that specifies the very specific instances in which photoshopped anuses are allowed on the site. Facebook has similar rules for hate speech (drawing the line on what’s allowed and what isn’t in often difficult ways to understand), which cut across cultures, countries, political regimes, and geographic borders.

“I am not saying the challenges Facebook is facing are not significant. But for a company that moves fast and breaks things, they have sure moved slowly in trying to fucking fix them,” Oliver said. “Until they do it is painfully obvious that everyone should be treating everything on their site with extreme skepticism and see Facebook for what it is: A fetid swamp of mistruths and outright lies, interspersed with an occasional reminder of a dead pet. That’s it. That’s what it is.”

John Oliver Calls Facebook 'a Fetid Swamp of Mistruths and Outright Lies' [Jason Koebler/Motherboard]


Sergio Alberti: Reverse Engineering BLE Devices [Planet Debian]

This year I had the opportunity to participate in the Google Summer of Code 2018 within the Debian organization. The project topic was the reverse engineering of Bluetooth Low Energy devices (at the level of “what data are sent and received during the communication”).

I wrote a rather general guide (not related to a single test device) on how to do this type of activity. In addition, I’ve created some scripts (and a deb package) to use the EQ3 Eqiva radiator valves without their Android/iOS application.

Here is a brief summary and some references to what has been produced.

Reverse Engineering Guide

The guide is available at this address.

Basically, it explains:

  • BLE operation principles and differences compared to the classic Bluetooth
  • how to do Logging on Android with the aim of observing the data exchanged
  • how to analyze an Android application to better interpret the data identified
  • Bluez stack tools, used to communicate via Bluetooth on GNU/Linux systems
  • examples of scripts working on real devices

This guide would like to be an evolving project, in which to gather information on reverse engineering techniques and to make available works already done in this area. Take a look at the Contributions page!

EQ3 Eqiva Scripts

eq3 eqiva EQ3 Eqiva (source)

I created a deb package that provides a tool to send commands and receive notifications from the EQ3 Eqiva radiator valves. Once installed, run the eq3eqiva command to get an overview of the available features.

Other utilities:

Laica PS7002 Scripts

laica ps7002 Laica PS7002 (source)

I also did a partial reverse engineering of the protocol used by the smart BLE scale Laica PS7002. Although I only managed to read the weight (despite the various functions), the work has been included in this guide because it shows aspects that have not been dealt within other sections.



Record numbers of people have downloaded and used the Democrats' mobile app for doorknocking canvassers [Cory Doctorow – Boing Boing]

MiniVAN (Android, Iphone) is a mobile app designed for volunteers who canvas door-to-door during election seasons; though the app has been around since 2010, it's seeing a surge in popularity, with 218,189 logged-in users in the 2018 midterm season, compared with the 153,513 users in the 2016 presidential race.

On every metric, MiniVAN usage is crazy-high, and the surge can't be explained away with the continuing shift from pen-and-paper record-keeping to mobile tools.

Even more exciting: the increase is for a midterm election, and is being compared to the 2016 presidential election, which typically sees a much higher level of activity (fundraising, canvassing, voter turnout).

Canvassing numbers don't necessarily predict election turnouts, but they do measure grassroots interest. It's one thing for billionaires to throw fortunes in dark money at a mid-term, but it's another altogether for ordinary Americans to get off their couches and go door-to-door to support progressive candidates.

"It's very unusual for a non-presidential campaign to have much volunteer power at all," says Eitan Hersh, an associate professor of political science at Tufts University and author of the book Hacking the Electorate, who has studied log-in rates for NGP VAN's tools. There are exceptions for candidates like senator Elizabeth Warren or, this year, for O'Rourke, but Hersh says, "For a typical congressional election, the only person logging into the VAN is the candidate or their spouse."

Coulombe says that the spike in MiniVAN usage this year is spread across the country. The weekend MiniVAN set its new record, the top five states for users were New York, Texas, Illinois, Michigan, and Florida. "It's not like this is all coming from one specific campaign," Coulombe says.

Democrats Are Busting Their 2016 Mobile Canvassing Records [Issie Lapowsky/Wired]


New Variants of Cold-Boot Attack [Schneier on Security]

If someone has physical access to your locked -- but still running -- computer, they can probably break the hard drive's encryption. This is a "cold boot" attack, and one we thought solved. We have not:

To carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot mitigation. The protection works by creating a simple check between an operating system and a computer's firmware, the fundamental code that coordinates hardware and software for things like initiating booting. The operating system sets a sort of flag or marker indicating that it has secret data stored in its memory, and when the computer boots up, its firmware checks for the flag. If the computer shuts down normally, the operating system wipes the data and the flag with it. But if the firmware detects the flag during the boot process, it takes over the responsibility of wiping the memory before anything else can happen.

Looking at this arrangement, the researchers realized a problem. If they physically opened a computer and directly connected to the chip that runs the firmware and the flag, they could interact with it and clear the flag. This would make the computer think it shut down correctly and that the operating system wiped the memory, because the flag was gone, when actually potentially sensitive data was still there.

So the researchers designed a relatively simple microcontroller and program that can connect to the chip the firmware is on and manipulate the flag. From there, an attacker could move ahead with a standard cold boot attack. Though any number of things could be stored in memory when a computer is idle, Segerdahl notes that an attacker can be sure the device's decryption keys will be among them if she is staring down a computer's login screen, which is waiting to check any inputs against the correct ones.


Handling real-time data operations in the enterprise [All - O'Reilly Media]

Getting DataOps right is crucial to your late-stage big data projects.

At Strata 2017, I premiered a new diagram to help teams understand why teams fail and when:

project blame diagram

Early on in projects, management and developers are responsible for the success of a project. As the project matures, the operations team is jointly responsible for the success.

I've taught in situations where the operations team members complain that no one wants to do the operational side of things. They're right. Data science is the sexy thing companies want. The data engineering and operations teams don't get much love. The organizations don’t realize that data science stands on the shoulders of DataOps and data engineering giants.

What we need to do is give these roles a sexy title. Let's call these operational teams that focus on big data: DataOps teams.

What does the Ops say?

Companies need to understand there is a different level of operational requirements when you're exposing a data pipeline. A data pipeline needs love and attention. For big data, this isn't just making sure cluster processes are running. A DataOps team needs to do that and keep an eye on the data.

With big data, we're often dealing with unstructured data or data coming from unreliable sources. This means someone needs to be in charge of validating the data in some fashion. This is where organizations get into the garbage-in-garbage-out downward cycle that leads to failures. If this dirty data proliferates and propagates to other systems, we open Pandora’s box of unintended consequences. The DataOps team needs to watch out for data issues and fix them before they get copied around.

These data quality issues bring a new level of potential problems for real-time systems. Worst case, the data engineering team didn’t handle a particular issue correctly and you have a cascading failure on your hands. The DataOps team will be at the forefront of figuring out if a problem is data or code related.

Shouldn't the data engineering team be responsible for this? Data engineers are software developers at heart. I've taught many and interacted with even more. I wouldn't let 99% of data engineers I’ve met near a production system. There are several reasons why—such as a lack of operational knowledge, a lack of operational mindset, and being a bull in your production china shop. Sometimes, there are compliance issues where there has to be a separation of concerns between the development and production data. The data engineering team isn’t the right team to handle that.

That leaves us with the absolute need for a team that understands big data operations and data quality. They know how to operate the big data frameworks. They’re able to figure out the difference between a code issue and a data quality issue.

Real-time: The turbo button of big data

Now let's press the turbo button and expand this to include batch and real-time systems.

Outages and data quality issues are painful for batch systems. With batch systems, you generally aren't losing data. You're falling behind in processing or acquiring data. You'll eventually catch up and get back to your steady state of data coming in and being processed on time.

Then there's real time. An outage for real-time systems brings a new level of pain. You're dealing with the specter of permanently losing data. In fact, this pain during down time is how I figure out if a company really, really needs real-time systems. If I tell them they’ll need a whole new level of service level agreement (SLA) for real time and they disagree, that probably means they don’t need real time. Having operational downtime for your real-time cluster should be so absolutely painful that you will have done everything in your power to prevent an outage. An outage of your real-time systems for six hours should be a five-alarm fire.

All of this SLA onus falls squarely on the DataOps team. They won’t just be responsible for fixing things when they go wrong; they’ll be an active part of the design of the system. DataOps and data engineering will be choosing technologies that design with the expectation of failure. The DataOps team will be making sure that data moves, preferably automatically, to disaster recovery or active active clusters. This is how you avoid six-hour downtimes.

Busting out real-time technologies and SLA levels comes at the expense of conceptual and operational complexity. When I mentor a team on their real-time big data journey, I make sure management understands that the architects and developers aren’t the only ones who need new skills. The operations teams will need new skills and to learn the operations of new technologies.

There isn’t an “I” in DataOps, either

In my experience, the leap in complexity from small data to real-time big data is 15x. Once again, this underscores the need for DataOps. It will be difficult for a single person to keep up with all of the changes in both small data and big data technologies. The DataOps team will need to specialize in big data technologies and keep up with the latest issues associated with them.

As I mentored more teams on their transition to real-time systems, I saw common problems across organizations. It was because the transition to real-time data pipelines brought cross-functional changes.

With a REST API, for example, the operations team can keep their finger on the button. They have fine-grained control over who accesses the REST endpoint, how, and why. This becomes more difficult with a real-time data pipeline. The DataOps team will need to be monitoring the real-time data pipeline usage. First and foremost, they’ll need to make sure all data is encrypted and that access requires a login.

A final important facet of DataOps is dealing with data format changes. With real-time systems, there will be changes to the data format. This will be a time when the data engineering and DataOps teams need to work together. The data engineering team will deal with the development and schema sides of the problem. The DataOps team will need to deal with production issues arising from these changes and triage processing that fails due to a format change.

If you still aren’t convinced, let me give it one last shot

Getting DataOps right is crucial to your late-stage big data projects. This is the team that keeps your frameworks running and your data quality high. DataOps adds to the virtuous upward cycle of good data. As you begin a real-time or batch journey, make sure your operations team is ready for the challenges that lay ahead.

This post is part of a collaboration between O'Reilly and Mesosphere. See our statement of editorial independence.

Continue reading Handling real-time data operations in the enterprise.

Four short links: 24 September 2018 [All - O'Reilly Media]

Continuous Delivery, Turing Complete Powerpoint, ARPA-E, and Observability

  1. Drone -- a continuous delivery platform built on Docker, written in Go. A continuous delivery system built on container technology. Drone uses a simple YAML configuration file, a superset of docker-compose, to define and execute pipelines inside Docker containers.
  2. On the Turing Completeness of Powerpoint (YouTube) -- Video highlighting my research on PowerPoint Turing Machines for CMU's SIGBOVIK 2017. (via Andy Baio)
  3. ARPA-E: Successful, and Struggling -- In Cory Doctorow's words, ARPA-E is a skunkworks project that gives out grants for advanced sustainable energy research that's beyond the initial phases but still too nascent to be commercialized. They've focused on long-term energy storage (a key piece of the picture with renewables) and the portfolio of inventions that have emerged from their funding is mind-bogglingly cool. Reminds me of Doing Innovation in the Capitalist Economy, by Bill Janeway, who argues that the state funds early research until VCs have commercialization opportunities (this explains why VCs are heavy in biotech and internet...they've been foci of state-funded research for decades). Such a good book, by the way.
  4. Structured Logs vs. Events (Twitter) -- Charity Majors drops some great clue bombs about observability. The most effective way to structure your instrumentation, so you get the maximum bang for your buck, is to emit a single arbitrarily wide event per request per service hop. We're talking wide. We usually see 200-500 dimensions in a mature app. But just one write. [...] All of it. In one fat structured blob. Not sprinkled around your code in functions like satanic fairy dust. You will crush your logging system that way, and you'd need to do exhaustive post-processing to recreate the shared context by joining on request-id (if you're lucky).

Continue reading Four short links: 24 September 2018.


Canada's legal weed stock-bubble is a re-run of the dotcom bubble [Cory Doctorow – Boing Boing]

Canada and Uruguay are the only two countries to have legalised the recreational use of marijuana (the Netherlands has laws on the books against it, but they're not enforced); the Canadian Securities Exchange has been transformed into "the cannabis stock exchange," a latter-day NASDAQ filled with hyperinflated stocks in legal weed companies.

For example, Constellation Brands Inc (Corona and Modelo beer, etc) has invested more than $4 billion in Canopy Growth Co.

As the WSJ writes, "the optimism has grown beyond any reasonable fundamentals" -- marijuana grower Tilray is valued at $4 billion on $11 million in revenue.

All told, listed Canadian weed companies have a market cap of $40B, a 1,000% increase in a single year.

Investors are betting that legal weed will hit the USA, and that this will open a Canadian export market (or that Canadian firms will be able to move quickly to establish US subsidiaries). These are both extremely long-shot bets!

“This is like a gold rush,” former Mexican President Vicente Fox said during a recent visit to Toronto to promote Khiron Life Sciences Corp. KHRN 11.92% , a Canadian medical-marijuana company where he serves as a director. Khiron, which reported a net loss of 6.7 million Canadian dollars (US$5.2 million) and no sales for its second quarter, raised C$13 million through a stock sale earlier this month.

Jesse Pytlak, a Toronto analyst with Cormark Securities, estimates cannabis stocks are currently valued at more than 10 times the C$5 billion to C$9 billion market expected to emerge in Canada by consulting firm Deloitte after legal recreational sales begin. He warned investors are prematurely deciding which companies will dominate a new market before a single ounce of recreational pot is legally sold in Canada.

One lawyer who has advised banks and marijuana companies in recent deals said a shakeout is inevitable. “I believe there’s a great opportunity for our insolvency lawyers in this industry,” said Patricia Olasker, a partner at Toronto-based Davies Ward Phillips & Vineberg LLP. “There are going to be lots and lots of failures.”

Wall Street’s Marijuana Madness: ‘It’s Like the Internet in 1997’ [Jacquie McNish and Vipal Monga/WSJ]

(via Naked Capitalism)

(Image: Oren neu dag, CC-BY-SA)


Homebrew game-controller [Cory Doctorow – Boing Boing]

Redditor Ch8s3 created this custom game controller by creating a new case, seating the mainboard in it and soldering new LEDs on, then swapping out the buttons for dremeled-out shell-cases from a Luger 9MM, a Remington 20, and a 12 gauge Hornady 50 caliber. It's beautiful work.


CodeSOD: Shell Out [The Daily WTF]

Developers sometimes fail to appreciate how difficult a job Operations really is. In companies that don't hold with newfangled DevOps, the division of labor often comes with a division of...


Vishal Gupta: Slideshows with Markdown! [Planet Debian]

reveal.js (Github repo) is an open-source project that lets you generate beautiful slideshows with HTML, CSS and Javascript. Slide content is written inside <section></section> blocks. Sections with the attribute data-markdown to load markdown content. There are two ways to go about this


  • Fork https://github.com/py-ranoid/reveal.js with
      git clone git@github.com:py-ranoid/reveal.js.git
  • Create a copy of /md_example to /myslides
  • Comment or delete lines 24 to 53 in index.html
  • Edit markdown content in example.md.
    • 2 lines : Vertical slide seperation
    • 3 lines : Horizontal slide seperation
  • Edit slide themes by changing the name of the CSS file on Line 10. You can try them here.
    • Options are
      • Light Themes : sky.css, beige.css, white.css, simple.css, solarized.css, serif.css
      • Dark Themes : blood.css, league.css, black.css, moon.css,night.css
  • Add, Commit and Push your changes to Github
  • Enable Github Pages for your reveal.js fork with Settings > Github Pages
  • Your slides should be hosted at username.github.io/reveal.js/myslides

Seperating content into slides

  • reveal.js offers vertical (⬆️ and ⬇️) and horizontal (⬅️ and ➡️) slide propogation
  • Hence content can have vertical seperators and horizontal seperators
  • Vertical slides can be used to display optional/additional content about a slide
  • Set by the attributes : data-separator and data-separator-vertical respectively. For example :

    data-separator="^\n\n\n" data-separator-vertical="^\n\n"

  • Hence markdown content seperated by 2 blank lines would be in different vertical slides and markdown content seperated by 3 blank lines would be in different horizontal slides.

Writing slide content

There are two ways to add slide content with markdown

In a seperate markdown file

  • Isolates content from styling
  • Requires a .md file and a .html file
  • Inside <div class="slides">...</div>, add this section :
      <section data-markdown="example.md" data-separator="^\n\n\n" data-separator-vertical="^\n\n"></section>

Within index.html

  • Markdown content embedded within html tags
  • Requires a single .html file
  • Inside <div class="slides">...</div>, add this section :
          <section data-separator="^\n\n\n" data-separator-vertical="^\n\n">
          <script type="text/template">
              # Markdown content
              # Slide 2
              ## Slide 2.2
  • Add Slide content within the <script></script> tag.

Slide themes

  • Edit slide themes by changing the name of the CSS file on Line 10. You can try them here.
  • Options are
    • Light Themes : sky.css, beige.css, white.css, simple.css, solarized.css, serif.css
    • Dark Themes : blood.css, league.css, black.css, moon.css,night.css

Slide transitions

  • Default transition is slide
  • You can choose from none, fade, slide, convex, concave and zoom
  • To apply transitions to sections, use the data-transition attribute
<section data-transition="slide">
    The train goes on …                 </section>
<section data-transition="slide">
    and on …                            </section>
<section data-transition="slide-in fade-out">
    and stops.                          </section>
<section data-transition="fade-in slide-out">
    (Passengers entering and leaving)   </section>
<section data-transition="slide">
    And it starts again                 </section>
  • To apply transitions to slides, within markdown, use this
<!-- .slide: data-transition="slide" -->
## Slide attributes
Slide content. 

## Slide 2


  • Fragments can be use to sequentially introduce mutiple elements in a slide sequentially
  • Within markdown, this can be done with :
## Element attributes
- Item 1 <!-- .element: class="fragment" data-fragment-index="2" -->
- Item 2 <!-- .element: class="fragment" data-fragment-index="1" -->

Vishal Gupta: Creating your own site and blog with Jekyll and Markdown [Planet Debian]

Do you

  • need your own site ?
  • need your own site with a blog ?
  • need your own site with a blog but can’t code front-end ?

Welcome to Jekyll. It lets you “transform your plain text into static websites and blogs”.

How to create your own (version of this) site

Setting up Github Pages

  • Create a Github account if you don’t have one.
  • Create a repository called <username>.github.io.
    Note : By default, the contents of the github page for your repository will be sourced from its README.
  • This lets you use Github Pages to host static webpages (fixed content)
  • Clone the repository on your local machine with

    git clone https://github.com/username/username.github.io.git

Getting this theme

  • Find a Jekyll theme that works for you. Each theme has a link to its source code and emo below it.
  • If you’d like to use the theme I’m using, check out the demo her. Though isn’t my site one :laughing: ?
  • Show sergiokopplin some ❤️ by adding a ⭐️ to his repository
  • Clone the repository on your local machine with

    git clone https://github.com/sergiokopplin/indigo.git

Hosting your Jekyll site

  • Optional : If you’d like to experiment with your site before you push it, make a branch with git checkout -b beta. However you can only host your github page from the master branch so all your changes from beta will have to be merged into master.
  • Copy the theme files to your GH pages folder (after cloning)

      cd username.github.io
      cp ../indigo/* -r .
  • Add, commit and push your changes to github.

      git add .
      git commit -m "Added theme files"
      git push origin master  
  • Note : Github Pages take some time to render so don’t expect your pushed changes to reflect immediately on your site. 😛

Running the site on your local machine

sudo apt-get install ruby ruby-dev build-essential
# sudo apt-get install ruby`ruby -e 'puts RUBY_VERSION[/\d+\.\d+/]'`-dev\n
# Run ⬆️ if you ⬇️ doesn't word
sudo gem install eventmachine -v '1.2.7'
gem install jekyll bundler
bundle install
bundle exec jekyll serve --config _config.yml,_config-dev.yml
  • If it all works fine 👌 , your site should now be running on port 4000.

Tweaking your site

  • Most of the elements on your homepage can be edited with _config.yml. Comments in the file should guide you through the rest of the process.
  • However, changes made to _config.yml are not updated dynamically and the the server should be restarted.
  • The About section can be edited at /about.md
  • On the other hand, modifying other files and assets, dynamiccally updates your site. For example, this blog gets rendered on my local site as I write it
    Regenerating: 1 file(s) changed at 2018-09-23 10:08:23
                    ...done in 1.246159402 seconds.
  • Again, once you’re done making changes, make sure you add, commit and push your changes to GitHub.

Creating a blog

  • Blogs are automatically generated from markdown files in /_posts, which contains all blog posts.
  • Blog filename format : yyyy-mm-dd-title.markdown
    • yyyy-mm-dd : Date of the blog
    • title : Title of the blog with no space. Can have multiple hyphens instead. For example : yyyy-mm-dd-new-blog.markdown
    • Note : The title also becomes the URL of the blog. So link the above file would be /new-blog
  • Blog content format : yyyy-mm-dd-title.markdown
    • Every blog has a header (which is more a config) and content of your blog.
    • For example 2018-09-23-template.markdown is the source for this blog and contains :

        title: "Blog Title"
        layout: post
        date: 2018-09-23 08:36
        - jekyll
        - template
        image: https://koppl.in/indigo/assets/images/jekyll-logo-light-solid.png
        headerImage: true
        projects: true
        hidden: true 
        description: "Blog description"
        category: template
        author: johndoe
        externalLink: false
        Markdown Content
        More **markdown** content
      • hidden : If true, post won’t get indexed under at /blog
      • tags : List of tags for your blog. You can search for other blogs with the tag at /tags/#tagname
      • category : used to suggest other blogs (in /posts) with the same category
      • projects : If true, post will get indexed under at /projects

Credits : Icon made by Freepik from www.flaticon.com


Demonoid Goes Down While Owner Remains ‘Missing’ [TorrentFreak]

As one of the oldest torrent communities around, Demonoid has run into quite a few rough patches over the years.

Whether it’s media industry pressure, lawsuits, blocking orders, hosting problems or police investigations, Demonoid has seen it all.

The site has established a reputation as the “comeback kid,” due to its tendency to go offline for weeks or even months, and then reappear in full glory as if nothing ever happened.

Over the past weeks, the site has hit some rough patches again. In August the site’s torrents mysteriously disappeared and while these eventually came back, more technical issues were around the corner.

While technical troubles are nothing out of the ordinary, there was a reason for concern as the site’s owner, Deimos, was missing in action as well.

Late last week things took a turn for the worse. Over the past few days, Demonoid has been completely unreachable, and its owner is still nowhere to be seen.

Demonoid staffer Phaze1G informs TorrentFreak that it’s unclear what’s going on. The domain names work just fine, but in addition to Demonoid, the tracker’s sister site Hypercache.pw has also gone offline, which is unusual.

“There’s nothing new, unfortunately,” Phaze1G told us yesterday, noting that all staff members are waiting in a small chat box, looking out for something positive to cling onto.

At the moment both the site’s users and staff are completely in the dark. There has been come continued activity in the official Reddit forums, but other than that things have remained quiet.

The site’s staff do want to highlight, however, that there are no proxies or other alternatives available. There are some copycats around, but these are all fake.

“Users should be REALLY aware that there is no: .onion address, mirrors, alternative Demonoids and such. Especially to avoid demonoid.to,” Phaze1G says.

The staffer believes that Deimos’ absence may be due to personal circumstances. However, the owner also made it clear that he would do his best to avoid legal issues if something concrete ever happened.

That said, Deimos is not the kind of person to leave the site adrift without reason. He resurrected it back in 2014, hoping to rebuild the great community it was during the early days. In a way, it’s his baby.

“In his vision, Demonoid is a place which helps the world to be just a tiny bit of a better place,” Phaze1G says.

“For example, when a user had cancer and needed money for a surgery, the Demonoid and its members helped to pay the bills, and there were cases where users had car accidents and got all kinds of support.”

Over the past several years, Demonoid was gradually expanding its userbase again. The current downtime is a major setback, but perhaps that’s part of the Demonoid’s spirit too. It’s the comeback kid after all.

“Demonoid will most likely return, but for now, we have to wait,” Phaze1G concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Today is the best day [Seth's Blog]

And now is the best time.

If you're doing something generous, if you're building something worthwhile, if you're making an important ruckus…

Do it today.

You don't need more time, you simply need to decide.


Seal of Approval [George Monbiot]

How an animal welfare charity ended up endorsing seal killing – and what this says about our age

By George Monbiot, published in the Guardian 19th Septmber 2018


As the drive for growth and profit intrudes into all relationships, it captures even the bodies that exist to hold capital to account. Agencies of the state, newspapers and broadcasters, campaign groups and charities that claim to restrain corporate power fall under its spell. As their mission becomes confused and their purpose dissipates, substance is replaced with spectacle.

Fifty years ago, in his book The Society of the Spectacle, the French philosopher Guy Debord argued that “the spectacle” (the domination of social relationships by images) is used to justify the “dictatorship of modern economic production”. It both disguises and supplants the realities of capitalism, changing our perceptions until we become “consumers of illusion”. Here is an example of how it happens.

On Tuesday last week, the Royal Society for the Prevention of Cruelty to Animals (RSPCA) issued a press release about the “incredible story” of Marina, a seal it rescued, that had become trapped under a rock on a beach in South Wales. “Moving a three-tonne boulder presents numerous challenges, but we were able to work with partners to free this seal, before giving her the six months of rehabilitation she so urgently needed.” Marina’s rescue is “testimony to the RSPCA’s tireless commitment to wild animals, and their welfare.”

On the same day, the RSPCA’s head of campaigns, pushed into a corner during an online argument, wrote this: “Seal shooting is not culling it’s about humane pest control.” He was defending the slaughter of seals by Scottish salmon farms.

The contradiction is at first sight incomprehensible. But alongside its spectacular rescues of animals like Marina, the organisation has another role, which is to assess livestock farms, and award those that meet its standards its RSPCA Assured label. This seal of approval ensures that “you can feel good about your choice when shopping and eating out”. Of the 280 million animals whose production and slaughter it approves every year, salmon account for 200 million. The RSPCA accredits 63% of Scottish salmon farms.

It won’t publish a list of the farms it has approved, citing a “contractual clause in the membership agreement”. But of the 24 people who sit on the advisory group for its assurance scheme (according to the most recent published list), 20 work for salmon farming companies. These companies include the four named in an investigation into seal shooting in 2013, by the Global Alliance Against Industrial Aquaculture, as “the worst offenders”.

There is no closed season for shooting seals. When lactating mothers are shot, their orphaned pups starve to death on remote beaches. The RSPCA does not deny that farms it certifies shoot seals. It tells me it is urgently trying to bring the practice to an end. I might have found this more convincing if it hadn’t said the same thing in 2008. It also maintains that shooting seals is “a last resort”. But the majority of Scottish salmon farms fail to double-net their cages to exclude seals. This is more expensive than bullets, but you might have hoped it would be the minimum requirement for an RSPCA Assured farm.

The RSPCA tells me that “double netting is not suitable for all sites”, but is unable to tell me what proportion of the farms it certifies could use double netting. Where this method cannot be used, you might have hoped the society would say “that seals it: we will not certify salmon farming here.”

It insists that farms that want its accreditation that are at high risk of predation by seals must have “acoustic deterrent devices in place where appropriate”. These make a loud noise intended to scare seals away. Unfortunately, they also cause pain and distress to dolphins, porpoises and whales, disrupting their behaviour and driving them out of their feeding grounds. These are by no means the only problems caused by salmon farms.

Recent footage filmed inside a Scottish salmon cage shows fish being eaten alive. Much of their skin, flesh and fins has been consumed by sea lice, which have reached epidemic proportions on many farms. Sea lice are not only ripping through the caged population, where the mortality of salmon has risen from 7 to 14% in four years, but spill out to hammer the wild salmon and sea trout trying to migrate through the lochs, pushing their populations closer to extinction. Yet the RSPCA standards for sea louse numbers in the farms it certifies are no higher than the legal minimum, which fisheries scientists say is far too low.

In the hope of controlling this infestation, salmon farms dose their fish with organophosphate pesticides. These are likely to devastate crustacean populations in the sea lochs, and many other species that depend on them. Some of the companies providing the fish meal on which farmed salmon are fed trawl and grind up entire marine ecosystems, arguably causing greater environmental damage than any other fishing operation.

The harder you look at this industry, the more obvious it becomes that it is inherently incompatible with either animal welfare or environmental protection. Yet the Scottish government, which sees salmon farming as a crucial growth industry, wants it to double by 2030. It seems to me that the RSPCA’s assurance provides the necessary figleaf.

The RSPCA insists that it is not motivated by the fees it receives for certifying salmon farms. These, it says, “are ploughed back into the scheme’s running costs.” I’m sure this is true. The problem, I feel, runs much deeper: to my eyes, its mission seems to have slipped from preventing cruelty to modifying industrial animal farming. If its objective is to prevent cruelty, surely it should instead endorse the rapid shift towards veganism?

Marina is the spectacle: the actor in the spotlight, who helps to seal the RSPCA’s public image. The unapproved seals of Scotland and their orphaned pups, in the darkness behind the stage, are reduced to the status of pests. Debord defined the spectacle as “a negation of life that has invented a visual form for itself.” He was right.




Kettle logic [Seth's Blog]

Originally the work of lawyers, it’s a concept that’s spreading, aided by the immediacy and unfiltered nature of social media.

In short: When you use contradictory excuses/statements to make an argument. Freud used this example:

A man who was accused by his neighbour of having returned a kettle in a damaged condition. He offered three arguments in rebuttal.

“I returned the kettle undamaged”
“It was already damaged when I borrowed it”
“I never borrowed it in the first place”

This is a dumb way to win a logical argument, because without a doubt, you’re lying in at least some of these statements.

Kettle logic is actually a glimpse into how the emotional side of our brain works. And of course, the emotional side is 95% of our brain. It’s squirming and the words simply get spun out.

When a customer or colleague begins to use kettle logic, the useful response is to seek out the emotions behind it. Because dismantling the logic part of kettle logic does nothing to get you closer to what the person really needs to talk about.


Kai-Chung Yan: My Open-Source Activities from April to August 2018 [Planet Debian]

Welcome readers, this is a infrequently updated post series that logs my activities within open-source communities. I want my work to be as transparent as possible in order to promote open governance, a policy feared even by some “mighty” nations.

I do not work on open-source full-time, although I sincerely would love to. Therefore the posts may cover a ridiculously long period (even a whole year).

A Revamped Blog Site

This website is now using a new theme called Minima from the Jekyll developers. It’s a elegant and simplistic one featured in various blogs involved in the Rust community. I am myself a huge fan of Rust, so I immediately had a crush on the theme. Although this idea already came out probably a year ago, the transition took so long because I didn’t have the time to focus on learning front-end technologies.

At first I thought I must implement the theme on my own as I would be using Hexo but it was for Jekyll, but turns out it was quite easy to forcibly apply it under a different static site generator. Now I’m pretty satisfied the outcome, though I am just clueless on how to make a good homepage, hence the one it has now.


Debian is a general-purpose Linux distribution that is widely used on the planet. I am currently a Debian Maintainer who works on packages related to Android SDK and the Java ecosystem.

Voidbuilder: A New Builder for Debian

I have been writing a simple Node.js application called “Voidbuilder” which serves as an alternative to tools like pbuilder or sbuild. The main difference is that is replaces the chroot part of those tools with Docker. It also comes with goodies like zero-configuration and the ability to start a container with all build-dependencies installed so you don’t need to contaminate your machine with tons of development packages just for working on a package.

Writing such admin/devel tools in JavaScript is an odd choice which few people would agree, I assume. My rationale includes that it’s much more powerful than shell scripts and has a richer ecosystem than Python. While I am satisfied with the coding experience, I am still annoyed that JavaScript lacks so many features that modern OOP languages have (e.g. enumerations, interfaces). Luckily, it only took me a few weeks to get the prototype running.

The code is hosted on Salsa and it will get a release on NPM soon after I implement the second feature I mentioned above.

Kai-Chung Yan: My Open-Source Activities in September 2016 [Planet Debian]

Finally I decided to mark down my activities in open source communities every several months.

I’ve been maintaining a blog of my own but actually I just put it at the corner and let it get dusty, which was not my intention in the first place. I always felt that there’s not much to write down, well, which was also not right. Writing articles about my work may not interest most random people, but at least it can be considered being responsible of my actions in open source communities.

The following is the brief notes of my open source activities in September 2016:

Applied for Debian Maintainer

I’ve spent about a year in contributing to Debian, all began in Google Summer of Code 2015 when I was working on packaging Android SDK in Debian. After that I kept working on the project, but most of the time I need to file a Request for Sponsor (RFS) for asking a Debian Developer for reviewing on my packages. Hans-Christoph Steiner, Markus Koschany and Emmanuel Bourg did most of the review for me. Now that I am familiar with packaging, I should be qualified to apply for a DM identity. Being a DM, I can gain upload permissions to my own packages, which will ease the maintenance. According the application, I have been approved (🎉🎊) but not officially a DM. Thanks to Debian Developer nthykier who told me on IRC that my key is waiting for being synced to the official keyring, which will probably happen in October.

Thanks for the advocations from Hans-Christoph Steiner, Markus Koschany and Emmanuel Bourg!

Started Updating Android Packages to Nougat

With the exciting release of Android 7 Nougat comes the beginning of the CyanogenMod developers’ busy period, as well as Debian’s android-tools team’s. One of our teammates Chirayu Desai notified us someday that the source code of Android N is released, after which I summarized some of my ideas and plan on the mailing list. There will be several changes for the Nougat update:

  • ARM & MIPS builds are brought back. Actually they were there before I rid them out. 😓 We decided to maintain x86 binaries only because Google only supports and releases Android SDK in x86. Now I know how to setup an environment of other architectures as well as how to build packages for these architectures, it would be great to support them again. Plus the Debian Lava team seemed to care about ADB on ARM64 by complaining on the removal bug. Good news is that Chirayu Desai is also willing to help me in these architectures since he does not use any x86 machines. 😂
  • AndroidConfig.h are 🔥. These header files contains macros dealing with architecture details and must be included in all C/C++ binaries in AOSP. Since Nougat, the AOSP team removed the header files and we are able remove the use of build profiles in android-platform-build.
  • aidl is now a separated package. It was previously a package in android-platform-frameworks-base. I really don’t like the AOSP team moving stuff around. They have a gigantic project tree to play with but we don’t!

In this month I have prepared updates for the following packages:

For the moment they are being uploaded to the experimental distribution. After all of the existing packages are updated to 7.0.0+r1, we will upload all of them to Unstable.

Hacking gradle-debian-helper So That It Auto-generates Maven POMs

Every Debian packages providing Java libraries should install Maven POMs into /usr/share/maven-repo which serve as the metadata. Without these metadata, these libraries would be uneasy to be used by other Java packages. Gradle projects do not have Maven POMs, so the package maintainers need to write custom rules to generate them.

Most of the Android packages are built with Gradle and gradle-debian-helper, and I need to provide the same scripts for them in order to generate the Maven POMs. Weeks ago I noticed that almost all Android packages containing Java libraries are unreproducible because the order of the dependencies in the Maven POMs are unsorted and random, and I had to modify every one of those packages to sort the dependencies. If the Maven POM generation was done by gradle-debian-helper, my life could have been better.

The feature is being developed at GitHub. The obstacle I met so far is that it is tricky when you are writing Gradle plugins in Java and you need to access the third-party classes used by Gradle classes. The compiler complained that I must not convert org.apache.maven.model.Dependency to org.apache.maven.model.Dependency, which sounded nonsense. My first guess was that the build script (pom.xml) of gradle-debian-helper links to the JARs in /usr/share/java instead of POMs in /usr/share/maven-repo. I modified the build script so that it links to POMs in /usr/share/maven-repo but it just failed to load pmaven-debian.pom. I’ve reported this bug.

Other Activities

  • Fix Gradle’s failure to launch. Previously, Gradle still harcoded the JAR versions in its classpath, and a new upstream release of JSch broke Gradle entirely. I modified the build scripts of Gradle so that it used a versionless classpath without manually removing the dependency declarations. The tricky part is that Gradle builds using itself, so even now we’ve fixed the Gradle in Debian, the new release of Gradle in Ubuntu still FTBFS. I asked on the IRC and was told that I need to contact the Ubuntu archive managers and ask them to rebootstrap the package, which I did afterwards and Colin Watson helped. Thank you!
  • Polished the packaging of Gradle. This includes dropping the generation of classpaths in the JAR manifest (otherwise JVM loads 2 sets of the same JARs) and making the generated Maven POMs reproducible.
  • Prepared updates for several packages including android-platform-frameworks-native/6.0.1+r55-1.
  • Reported a wishlist bug that src:p7zip should provide developemnt packages for lib7z.so.
  • Reported bugs about src:closure-compiler and src:zabbix who should switch to libandroid-json-java from dusty libandroid-json-org-java. Turns out that the JSON library in AOSP is used by external projects, although I wonder why somebody would reply on a library without any API stability or version information. Anyway, it is used by packages in Debian, which was why I built this library in src:android-platform-libcore in the first place.
  • Reported a bug about qemubuilder failing on creating images for arm64
  • Manually closed the bug about an auto-transition of android-platform-build which is long ended.

Plans for the Next Months

  • Update Gradle to 3.1.
  • Finish the update of all Android packages to Nougat.
  • Fix and upload android-framework-23, the last missing piece of a usable SDK.

Hope I can also manage to pass my exams after all these. 🙄

Kai-Chung Yan: My Open-Source Activities from April 2017 to March 2018 [Planet Debian]

Because of all the nonsense coming from my current school, I hadn’t been able to spend too much time on open source projects. As a result, this post sums up an entire year of activities after the previous one… Surprised me a bit too. 😰

Personal Projects

Created a repository in GitLab to store some useful scripts and config files that makes up my development environment. It mostly focuses on Debian development, but will add more stuff in other area when the time has come.

The repository contains files that sets up cowbuilder for all officially supported architectures in Debian, and some scripts to update the images, to build a package in all those architectures, and to build a long list of packages, all in parallel using a process pool. Very useful when you are testing reverse-build-dependencies.

Introducing maven-repo-helper-extras

I spent several weeks writing some additional tools for the existing maven-repo-helper. The package now contains 2 tools:

  • mh_shlibdeps: Like dh_shlibdeps but for Maven artifacts, successor to mh_resolve_dependencies
  • mh_genlauncher: Generate simple launcher scripts for Java programs distributed as Maven artifacts.

The package name is likely to be changed, and mh_genlauncher is likely to be replaced by something neater. Still waiting for other core devs in pkg-java team to review it.

Other Activities

Google Summer of Code 2018

I am now a mentor under Debian organization in GSoC 2018, guiding students to contribute to our Android SDK packages.

Kai-Chung Yan: My Open-Source Activities from October to November 2016 [Planet Debian]

I did not finish too many significant jobs in the last 2 months, so I am combining them into one post. So far I still only work in Debian, but my (would-be) personal open source project Viska has started its conceptional stage, although there is not much effort spent in it yet.


Plans for the Next Months

Debian Stretch is coming soon as the transition freeze has passed and the soft freeze is coming in January. Therefore, I don’t think there is enough time for the Nougat SDK getting into Stretch, since there’s one package being waiting in the NEW queue for over a month! Without it being accepted we can’t step forward, so let’s hope the SDK is better shaped in Debian Buster. Sorry about that, we can’t do anything to accelerate the NEW queue. 😓

Anyway, forget about the techs, let’s listen to some music! This December, I will be playing cello in a small concert held in Taichung featuring Star Wars and some songs arranged by Mr. Alan MacDonald. If you live in Taichung, a nice city in Taiwan, please come!

Norbert Preining: Sharp did it again [Planet Debian]

I have written about a certain Sarah Sharp (now Sage Sharp) and their attacks on Linus. As everyone knows by now, the Linux Kernel Team has decided to adopt a Code of Conduct – and without failure and according to the expectations of many – within the shortest time the CoC was used not in the intended way to create a positive atmosphere, but to attack fellow developers, in this case Ted Tso.

S. Sharp has decided to call him out as a “rape apologist”, based on two postings of him to the LCA2011-Chat mailing list. The lovely Geek Feminism Wiki has archived these two page, here is the first and here the second post.

Please note, I am not diminishing what rape is, and or any particular person’s experience. However, I *am* challenging the use of statistics that may be hyperbolic and misleading …
– Ted Tso

Reading through his postings I don’t see any “apology for rape” as purported by SSharp, but a clear statistical and legal analysis that is not in the preferred style of the feminist wave. I find it very disappointing that this kind of witch hunt has started, and I completely blame it onto the introduction of the CoC.

I have contacted the Linux Foundation to cut any ties with SShape, because the posting alone is against the very idea of the CoC: it is ad personam, it is derogatory, and it is public harassment. I even consider it on the border line of legality to call someone out in this way.

This is what one gets from a combination of radical feminists paired with a CoC of this style.

(Footnote: SSharp has blocked me from their twitter feed, but their posts are public, so if you are blocked, too, a simple log out does the trick!)

(I updated the post to use the preferred form “they/their” which I just learned that it can be actually used even in today’s English without infering pluralis maiestetis – thanks to Neil McGovern and others pointing me at explanations instead of simply criticizing!)

Norbert Preining: Han Kang: The Vegetarian [Planet Debian]

The Vegetarian by Han Kang (한강) is a rough, dark, and intriguing story about two families onto which a series of strange events inflicts irreparable damage. Set in modern day Korea it draws a grueling image how the decision to become vegetarian kicked all members of the family into an unstoppable race into a precipe of horror.

That evening there was a feast at our house. All the middle-aged men from the market alleyways came, everyone my father considered worth knowing. The saying goes that for a wound caused by a dog bite to heal you have to eat that same dog, and I did scoop up a mouthful for myself. No, in fact I ate an entire bowlful with rice. The smell of burnt flesh, which the perilla seeds couldn’t wholly mask, pricked my nose. I remember the two eyes that had watched me, while the dog was made to run on, while he vomited blood mixed with froth, and how later they had seemed to appear, flickering, on the surface of the soup. But I don’t care. I really didn’t care.
– The Vegetarian

The novel consists of three connected short-stories about the two sisters Yeong-hye and In-hye. Both are seemingly married happily, Yeong-hye with a business man, her sister In-hye with a video artist. In the first – name giving – story “The Vegetarian” Yeong-hye, after a recurring night mare started to plague her, started to become vegetarian. Despite her husbands trial to keep a normal life, things start to go more and more wrong until a family intervention at her sister’s place is called, with their sister parents present. Her father, who served in Vietnam, requests Yeong-hye to eat meat, and after her refusal and with the help of her husband and younger brother he forces some meat into Yeong-hye. This triggers a rabiat response with her breaking free, grabbing a knife and cutting her wrist. She is brought to an hospital and is later hospitalized as mentally unstable. The first story closes with her escaping from the hospital. She is finally found sitting bare breasted in the park asking “Have I done something wrong?”, and a dead bird covered with bite marks is retrieved from her palm.

This was the body of a beautiful young woman, conventionally an object of desire, and yet it was a body from which all desire had been eliminated. But this was nothing so crass as carnal desire, not for her—rather, or so it seemed, what she had renounced was the very life that her body represented.
– Mongolian Mark

The second story, “Mongolian Mark”, switches focus onto the husband of In-Hye. He, too, is haunted by dreams, but one of two love-making people with their bodies painted with flowers. When he learns from In-Hye that her sister Hyeog-hye still has her Mongolian mark despite the usual disappearance of these birth marks, he grows more and more obsessed with enacting his dream with Yeong-hye as the female part. The reader learns that Yeong-hye has been divorced, and on a visit to bring her fruits the husband-in-law finds her naked but unashamed of it in her apartment. After initial hesitation he asks her to model onto which she agrees. After a first session of painting with her alone, the husband-in-law arranges for a second part where a friend plays the male part. After an initial harmonic start the artist asks to engage in intercourse, which became too much for the friend and he leaves. Yeong-hye says that during all this she felt the fear and pressure of the consistent nightmare disappearing. The husband-in-law asks a friend to paint his body with flowers according to his designs, visits Yeong-hye and the two continue where the initial video was left. After a deep and exhausted sleep they wake up to In-hye having entered the apartment and played back the recorded video. She calls emergency services on grounds of mental illness of both, and after a short trial to throw himself of the balcony, both are taken into custody.

Life is such a strange thing, she thinks, once she has stopped laughing. Even after certain things have happened to them, no matter how awful the experience, people still go on eating and drinking, going to the toilet and washing themselves—living, in other words. And sometimes they even laugh out loud. And they probably have these same thoughts, too, and when they do it must make them cheerlessly recall all the sadness they’d briefly managed to forget.
– Flaming Trees

The third and last story, “Flaming Trees”, finally focuses onto In-hye. She split with her husband and remain with their son the only ones of the family to support Yeong-hye, who has been transferred into a hospital for mentally ill. In-hye regularly reflects on her difficulties with the family and grows considerable depressed. Yeong-hye’s condition grows again more severe: She imagines becoming a tree, rejects all food, escapes from the hospital to be found in the forest in the rain. On her way to the hospital, In-hye recalls their childhood and the harsh treatment the older Yeong-hye received from the father, inflicting severe mental damage onto both of them. One of the core memories is the event of both of them getting lost, and when they find their way Yeong-hye suggested to run away from home. Returning home, In-hye feels happiness but sees the subdued and depressed Yeong-hye. With this memory, In-hye is present during a trial to force feed and sedate Yeong-hye. In-hye, observing the pain afflicted to her sister, bites the nurse restricting her. Finally In-hye brings her sister to a different hospital for her final stages. “The trees by the side of the road are blazing, green fire undulating like the rippling flanks of a massive animal, wild and savage.”

Despite that throughout the book one feels that all the horrors started with Yeong-hye’s decision to become vegetarian, the memory recalled by In-hye in the last part closes a circle. One cannot blame one only, innocence does not exist. The author stated herself:

I wanted to deal with my long-lasting questions about the possibility/impossibility of innocence in this world, which is mingled with such violence and beauty.

Scarlett Gately Moore: KDE Akademy 2018 [Planet Debian]

KDE Akademy 2018

Yeah I am not in the picture, but I was there! You can find me over on the left there, where several of us were cut off 🙁 Akademy was held in the lovely city of Vienna, Austria this year. Hats off to the akademy team for a great job!

This year at akademy I spent much of my time catching up with the Blue Systems team and meeting with the KDE Sysadmin team. I am happy to report Ben Cooksley is real! Due to my flights, I missed the first and last day. It was still a productive akademy. I attended some good sysadmin and KDE Neon BoFs . I also did a bit of volunteering 🙂

Even though I am mostly packaging for Debian directly these days, KDE Neon is still near and dear to my heart. I hope to be able to merge debian packaging into Neon soon so that we can have better collaboration within the team.

I met with Ben in regards to getting back into sysadmin/CI work. I am working on Appimage tooling for KDE Binary factory to begin. I hope to utilize the craft tooling to make everyone’s lives easier. This of course is on my free time, but do keep an eye out!


Despite my shortened akademy, I still am happy with the results. It was great to see everyone! See you again next year!

Norbert Preining: Gaming: Rise of the Tomb Raider [Planet Debian]

Over the last weekend I have finally finished The Rise of the Tomb Raider. As I wrote exactly 4 month ago when I started the game, I am a complete newby to these kind of games, and was blown away by the visual quality and great gameplay.

I was really surprised how huge an area I had to explore over the four month. Many of them with really excellent nature scenery, some of them with a depressingly dark and solemn atmosphere.

Another thing I learned that the Challenge Tombs – some kind of puzzle challenges – haven’t been that important in previous games. I enjoyed these puzzles much more then the fighting sequences (also because I am really bad at combat and have to die soo many times before I succeed!).

Lots of sliding down on ropes, jumping, running, diving, often into the unknown.

In the last part of the game when Lara enters into the city underneath the glacier one is reminded of the scene when Frodo tries to enter into Mordor, seeing all the dark riders and troops.

The final approach starts, there is still a long way (and many strange creatures to fight), but at least the final destination is in sight!

I finished the game with 100%, because I went back to all the areas and used Stella’s Tomb Raider Site walkthrough to help me find all the items. I think it is practically impossible within life time to find all the items alone without help. This is especially funny because in one of the trailers one of the developers mentions that they count with 15h of gameplay, and 30h if you want to finish at 100%. It took me 58h (!) to finish with 100% … and that with a walkthrough!!!

Anyway, tomorrow the Shadow of the Tomb Raider will be released, and I could also start the first game of the series, Tomb Raider, but I got a bit worn out by all the combat activity and decided to concentrate on a hard-core puzzle game, The Witness, which features loads and loads of puzzles, taught from simple to complex, and combined, to create a very interesting game. Now I only need the time …

Norbert Preining: TeX Live contrib updates [Planet Debian]

It is now more than a year that I took over tlcontrib from Taco and provide it at the TeX Live contrib repository. It does now serve old TeX Live 2017 as well as the current TeX Live 2018, and since last year the number of packages has increased from 52 to 70.

Recent changes include pTeX support packages for non-free fonts and more packages from the AcroTeX bundle. In particular since the last post the following packages have been added: aeb-mobile, aeb-tilebg, aebenvelope, cjk-gs-integrate-macos, comicsans, datepicker-pro, digicap-pro, dps, eq-save, fetchbibpes, japanese-otf-nonfree, japanese-otf-uptex-nonfree, mkstmpdad, opacity-pro, ptex-fontmaps-macos, qrcstamps.

Here I want to thank Jürgen Gilg for reminding me consistently of updates I have missed, big thanks!

To recall what TLcontrib is for: It collects packages that not distributed inside TeX Live proper for one or another of the following reasons:

  • because it is not free software according to the FSF guidelines;
  • because it is an executable update;
  • because it is not available on CTAN;
  • because it is an intermediate release for testing.

In short, anything related to TeX that can not be on TeX Live but can still legally be distributed over the Internet can have a place on TLContrib. The full list of packages can be seen here.

Please see the main page for Quickstart, History, and details about how to contribute packages.

Last but not least, while this is a service to make access to non-free packages more easy for users of the TeX Live Manager, our aim is to have as many as possible packages made completely free and included into TeX Live proper!


Norbert Preining: TensorFlow on Debian/sid (including Keras via R) [Planet Debian]

I have been struggling with getting TensorFlow running on Debian/sid for quite some time. The main problem is that the CUDA libraries installed by Debian are CUDA 9.1 based, and the precompiled pip installable TensorFlow packages require CUDA 9.0 which resulted in an unusable installation. But finally I got around and found all the pieces.

Step 1: Install CUDA 9.0

The best way I found was going to the CUDA download page, select Linux, then x86_64, then Ubuntu, then 17.04, and finally deb (network>. In the text appearing click on the download button to obtain currently cuda-repo-ubuntu1704_9.0.176-1_amd64.deb.

After installing this package as root with

dpkg -i cuda-repo-ubuntu1704_9.0.176-1_amd64.deb

the nvidia repository signing key needs to be added

apt-key adv --fetch-keys https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1704/x86_64/7fa2af80.pub

and finally install the CUDA 9.0 libraries (not all of cuda-9-0 because this would create problems with the normally installed nvidia libraries):

apt-get update
apt-get install cuda-libraries-9-0

This will install lots of libs into /usr/local/cuda-9.0 and add the respective directory to the ld.so path by creating a file /etc/ld.so.conf.d/cuda-9-0.conf.

Step 2: Install CUDA 9.0 CuDNN

One difficult to satisfy dependency are the CuDNN libraries. In our case we need the version 7 library for CUDA 9.0. To download these files one needs to have a NVIDIA developer account, which is quick and painless. After that go to the CuDNN page where one needs to select Download for CUDA 9.0 and then cuDNN v7.2.1 Runtime Library for Ubuntu 16.04 (Deb).

This will download a file libcudnn7_7.2.1.38-1+cuda9.0_amd64.deb which needs to be installed with dpkg -i libcudnn7_7.2.1.38-1+cuda9.0_amd64.deb.

Step 3: Install Tensorflow for GPU

This is the easiest one and can be done as explained on the TensorFlow installation page using

pip3 install --upgrade tensorflow-gpu

This will install several other dependencies, too.

Step 4: Check that everything works

Last but not least, make sure that TensorFlow can be loaded and find your GPU. This can be done with the following one-liner, and in my case gives the following output:

$ python3 -c "import tensorflow as tf; sess = tf.Session() ; print(tf.__version__)"
2018-09-11 16:30:27.075339: I tensorflow/core/platform/cpu_feature_guard.cc:141] Your CPU supports instructions that this TensorFlow binary was not compiled to use: AVX2 FMA
2018-09-11 16:30:27.143265: I tensorflow/stream_executor/cuda/cuda_gpu_executor.cc:897] successful NUMA node read from SysFS had negative value (-1), but there must be at least one NUMA node, so returning NUMA node zero
2018-09-11 16:30:27.143671: I tensorflow/core/common_runtime/gpu/gpu_device.cc:1405] Found device 0 with properties: 
name: GeForce GTX 1050 Ti major: 6 minor: 1 memoryClockRate(GHz): 1.4175
pciBusID: 0000:01:00.0
totalMemory: 3.94GiB freeMemory: 3.85GiB
2018-09-11 16:30:27.143702: I tensorflow/core/common_runtime/gpu/gpu_device.cc:1484] Adding visible gpu devices: 0
2018-09-11 16:30:27.316389: I tensorflow/core/common_runtime/gpu/gpu_device.cc:965] Device interconnect StreamExecutor with strength 1 edge matrix:
2018-09-11 16:30:27.316432: I tensorflow/core/common_runtime/gpu/gpu_device.cc:971]      0 
2018-09-11 16:30:27.316439: I tensorflow/core/common_runtime/gpu/gpu_device.cc:984] 0:   N 
2018-09-11 16:30:27.316595: I tensorflow/core/common_runtime/gpu/gpu_device.cc:1097] Created TensorFlow device (/job:localhost/replica:0/task:0/device:GPU:0 with 3578 MB memory) -> physical GPU (device: 0, name: GeForce GTX 1050 Ti, pci bus id: 0000:01:00.0, compute capability: 6.1)

Addendum: Keras and R

With the above settled, the installation of Keras can be done via

apt-get install python3-keras

and this should pick up the TensorFlow backend automatically.

For R there is a Keras library that can be installed without


on the R command line (as root).

After that running a simple MNIST code example should use your GPU from R (taken from Deep Learning with R from Manning Publications):

mnist <- dataset_mnist()
train_images <- mnist$train$x
train_labels <- mnist$train$y
test_images <- mnist$test$x
test_labels <- mnist$test$y
network <- keras_model_sequential() %>%
  layer_dense(units = 512, activation = "relu", input_shape = c(28 * 28)) %>%
  layer_dense(units = 10, activation = "softmax")
network %>% compile(
  optimizer = "rmsprop",
  loss = "categorical_crossentropy",
  metrics = c("accuracy")
train_images <- array_reshape(train_images, c(60000, 28 * 28))
train_images <- train_images / 255
test_images <- array_reshape(test_images, c(10000, 28 * 28))
test_images <- test_images / 255
train_labels <- to_categorical(train_labels)
test_labels <- to_categorical(test_labels)
network %>% fit(train_images, train_labels, epochs = 5, batch_size = 128)
metrics <- network %>% evaluate(test_images, test_labels)


Top 10 Most Pirated Movies of The Week on BitTorrent – 09/24/18 [TorrentFreak]

This week we have two newcomers in our chart.

The First Purge is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the articles of the recent weekly movie download charts.

This week’s most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (…) The First Purge 5.2 / trailer
2 (2) Solo: A Star Wars Story 7.1 / trailer
3 (3) Sicario: Day of the Soldado 7.3 / trailer
4 (1) Skyscraper 6.1 / trailer
5 (4) Jurassic World: Fallen Kingdom 6.5 / trailer
6 (5) Ocean’s Eight 6.3 / trailer
7 (…) The Meg (Subbed HDRip) 6.0 / trailer
8 (6) Mission: Impossible – Fallout (Subbed HDRip) 8.1 / trailer
9 (7) Deadpool 2 8.0 / trailer
10 (8) Avengers: Infinity War 8.7 / trailer

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


1229 [LFG Comics]

The post 1229 appeared first on Looking For Group.

1228 [LFG Comics]

The post 1228 appeared first on Looking For Group.

Thursday THURSDAY THURSDAY!!!!!! [LFG Comics]

So yeah, Thursday. After your feedback, both here on the site, through e-mail and the horrible cesspool that is Twitter, I’ve decided to go ahead and launch the LFG Vol 10 Kickstarter on Thursday, and run it for 21 days. […]

The post Thursday THURSDAY THURSDAY!!!!!! appeared first on Looking For Group.

1226 [LFG Comics]

The post 1226 appeared first on Looking For Group.

A Question For The Court [LFG Comics]

To the court? For the court? Whatevers. I gots a question for yous guys. As you’ve no doubt noticed by my radio silence of late, we are in the thick of things at LFG HQ. We’ve got a dozen projects […]

The post A Question For The Court appeared first on Looking For Group.


The Little Typer [Lambda the Ultimate - Programming Languages Weblog]

A new introductory book about dependent types, involving some familiar names:

The Little Typer

by Daniel P. Friedman and David Thrane Christiansen.

Foreword by Robert Harper.

Afterword by Conor McBride.

An introduction to dependent types, demonstrating the most beautiful aspects, one step at a time.

A program's type describes its behavior. Dependent types are a first-class part of a language, and are much more powerful than other kinds of types; using just one language for types and programs allows program descriptions to be as powerful as the programs they describe. The Little Typer explains dependent types, beginning with a very small language that looks very much like Scheme and extending it to cover both programming with dependent types and using dependent types for mathematical reasoning. Readers should be familiar with the basics of a Lisp-like programming language, as presented in the first four chapters of The Little Schemer.

The first five chapters of The Little Typer provide the needed tools to understand dependent types; the remaining chapters use these tools to build a bridge between mathematics and programming. Readers will learn that tools they know from programming—pairs, lists, functions, and recursion—can also capture patterns of reasoning. The Little Typer does not attempt to teach either practical programming skills or a fully rigorous approach to types. Instead, it demonstrates the most beautiful aspects as simply as possible, one step at a time.


Girl Genius for Monday, September 24, 2018 [Girl Genius]

The Girl Genius comic for Monday, September 24, 2018 has been posted.


[Filler] Korea Filler 2018 [Twokinds]

Comic for September 23, 2018


Link [Scripting News]

I want a user-owned browser. One that's free of the tech industry. Chrome was good when Firefox got slow and unfocused. And Firefox was good when MSIE was malware-infested and stagnant. But none of them were or are user-driven. We can't have a healthy web w/o a good browser.

Link [Scripting News]

I assumed the backlog on the Tesla Model 3 was longer than 4 weeks.


Kernel prepatch 4.19-rc5 [LWN.net]

The 4.19-rc5 kernel prepatch has been released by Greg Kroah-Hartman. "As almost everyone knows, it's been an 'interesting' week from a social point-of-view. But from the technical side, -rc5 looks totally normal."


Link [Scripting News]

The NYT report on Rosenstein is as disturbing as Comey’s October surprise in 2016 re Hillary’s emails.

Sunday, 23 September


09/21/18 PHD comic: 'Career Goal' [PHD Comics]

Piled Higher & Deeper by Jorge Cham
Click on the title below to read the comic
title: "Career Goal" - originally published 9/21/2018

For the latest news in PHD Comics, CLICK HERE!


Why Kodi Addons & Pirate Apps Are Disappearing…Quietly [TorrentFreak]

It’s impossible to say how many lawyers have been deployed to shut down piracy-related projects over the years. Dozens would be a conservative estimate but just one beating down the door can be an intimidating experience.

In the early 2000s and for at least the next decade and beyond, many efforts to shut down pirate sites and services were accompanied by triumphant press releases. Arrests, court appearances, and usually negative verdicts against pirates became a rallying point for the content industries, with the head-on-a-pike deterrent proving a valuable tool in the propaganda wars.

Last year, however, a new tactic appeared to gain momentum. In addition to strategic publicized cases against larger-scale infringers, a steady undercurrent of threats became evident in the Kodi addon and pirate application community. Rather than breaking down doors, content owners approached developers quietly, warning that shutting down is the only real way to avoid punishing legal action.

Most of the approaches were made by the Alliance for Creativity and Entertainment (ACE), the global anti-piracy coalition made up of 30 of the world’s most powerful entertainment companies. This fact has been made public by a number of developers, with some publishing correspondence on the web.

Many others, however, simply announced their retirement and disappeared, often around the same time that other developers took the same course of action. When approached for comment most refused to offer details but it’s clear that decisions weren’t being made freely. It won’t come as a surprise to learn that many, in exchange for not having their lives ruined, agreed to take a vow of silence.

After collating information from a number of sources, we can now reveal some of the tactics being used against developers involved in ‘pirate’ projects.

While the details vary from case to case, most approaches begin with a detailed overview of the project the developer is involved in and various laws that ACE believe are being broken. This is followed up with details of a multi-point settlement deal which can potentially see the developer exit with a minimum of costs.

As previously reported, some of the terms are fairly unpalatable, including an agreement to report on associates and colleagues involved in the project and associated projects. We have no idea whether anyone targeted has done so but we know the settlement agreement contains such clauses. However, aside from ending all infringing activities, the number one insistence is that recipients keep their mouths firmly shut.

In order to protect those who have disclosed information to TF, we aren’t publishing direct quotes from the settlement agreements. However, we can disclose that those entering settlements are forbidden from speaking to anyone (apart from their legal advisors) about the contents of the agreement, but it goes further than that.

Those targeted are expressly forbidden from telling anyone that they have even been contacted or that discussions are taking place, something that really isolates people seeking to receive external help and advice.

Furthermore, if the recipient’s case is discussed with ACE at all, no information – whether spoken or in written form – can be revealed to any third-party (outside legal counsel). As far as we can see from the documents available, this means they aren’t even allowed to discuss the terms with a close friend or family member.

However, in return for their full cooperation, it appears that ACE will keep their identities a secret. If announcements to the press are made (which thus far hasn’t been the coalition’s modus operandi), ACE has told those who sign agreements that they won’t be named or identified in other ways.

With this background, it’s not difficult to see why developers are choosing to shut down their projects and disappear quietly. While some will find the terms of ACE’s settlement agreement difficult, it’s undoubtedly better than the alternative. With billions of dollars up their collective sleeves, ACE members have unlimited access to legal weaponry and could drain the average person’s finances in a matter of months in legal fees alone.

Quite why ACE has chosen to act against developers so quietly isn’t clear but given that most of their targets thus far have been bedroom-based Joe Publics, it’s possible that the “30 Goliaths versus David” imagery is something some its members would prefer not to be associated with.

Finally, users worried by a potential hand over of information to authorities as highlighted by the Terrarium TV case this week (note: we have no confirmation that ACE was involved) shouldn’t be surprised when developers act to save their own skin. Privacy and security is the user’s own responsibility and in the Wild West of piracy, anything can happen.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Link [Scripting News]

I don't see the point of polling for ordinary people. I get why political consultants and candidates would care. Even donors. But why should a voter care? I can't imagine ever making a decision on who to vote for based on poll results.

Lifestyle real estate [Scripting News]

Suppose you could live in any time zone, as long as there was a major airport nearby, and you had certain requirements about weather, nearby universities, quality of bike riding, places to eat, real estate prices, or climate, even legal cannabis, politics (I can't live in a mostly-Republican place, I've tried).

The consultant would have a good idea about the markets in each geography, and was pretty good at listening. The things that make a good real estate agent, but without being tied to specific geography.

With the advent of a global network, where you park yourself in physical space is more a matter of preference, it might not limit you in terms of employment.

I imagine totally virtual companies might even provide this kind of service to their most valued people. "I feel like living in the mountains for few years, starting in August, make it so."


Today in GPF History for Sunday, September 23, 2018 [General Protection Fault: The Comic Strip]

Nick and Trudy flee the Lakatos resort under heavy fire...


1998/2018: Whatever 20/20, Day Twenty-Three: Technology [Whatever]

Much of my creative life, and certainly almost all of my professional life for the past 20 years, has been greatly influenced and impacted by technology.

It starts earlier than that, of course. In 1984, the first Macintosh computer came out, and it came with a simple word processing program. Coincidentally, 1984 was the first year I started writing short stories or fiction of any sort, camped out in Erza Chowaiki’s room in our high school dorms, since he had the Macintosh and I did not.

As I started my creative life on the computer, my creative process was also shaped by the computer. For example, I don’t write drafts of my books, a thing which one would need to do when one was working on a typewriter, and editing on the fly, as one can on a computer, was not possible. When I type the words “the end” on a manuscript, it’s ready to send off to the editor — not because I write perfect prose (trust me), but because all the edits and changes I wanted to make were done as I was writing the book, in a rolling draft. One’s tools shape one’s process.

By 1998, effectively all my writing of any sort was done on computer, much in the same way it gets done now — the “word processor on a computer” metaphor is a durable and useful one. And as an artifact of my own age and and habits, I tend to write better on a desktop computer than on a laptop; something about being at a desk, with the work tool firmly rooted in place, gets me in a mind for work. It’s not impossible for me to work on a laptop; I’m writing on one now, and most of my recent novels have had substantial chunks written up on a laptop, when I was traveling or just wanted to sit somewhere else in my house for a change of pace. But most of it is at the desk, on the desktop.

Also in 1998, digital rather than print was my primary mode of transmitting my words. While the tools have changed, this is still (largely) true today. In 1998, when I started Whatever, I taught myself enough html to make the blog and update it daily. Today WordPress does all the backend for me, better and more robustly than I ever could (thank you, WordPress. In fact I found rolling my own html exasperating), but still more or less how I started doing it back in the day. I famously posted my first two novels here online, in a very early example of digital self-publishing, which ended up getting me a traditional publishing deal — but “traditional publishing” these days also includes electronic books and audiobooks, the first format of which could hardly be said to exist in 1998, and the second of which was wholly overhauled and expanded by digital transmission. Ebook and audio without a doubt have made a huge difference in my success as a writer.

Aside from work directly, tech makes an impact on how I live my life. Directly, these days it’s been amazing to me how so much of our digital and technological life is now primarily carried in a single object: Our “smartphone.” Like most people, I think, at various times in my life I have had a phone, a camera, an ebook reader, a device for listening to music, a separate device for video (with music included), a device for recording audio, and another entire device for accessing the Internet (known as “a computer”). Oh, and paper maps. Now: you have a phone.

I do love this, I have to say. Even 1998 me, with all his tech toys, would have been utterly amazed at my current phone, the Pixel 2, and everything it can do that no one in 2018 thinks is in any way particularly noteworthy. Obviously a smartphone has a camera and apps to access music and video and books and the internet and also tracks your health status and where you are on the planet and how you can get to where you are going next and has the ability to text people across several different media and even sometimes, if you’re old and still into that sort of thing, you can use the phone to talk to people.

(And honestly the amount that the smartphone has actually killed talking on the phone is the most amazing thing to me, and even more amazing is how it’s killed it for me. My smartphone rings and for the first few seconds I just stare at it, thinking, what the hell is it doing now? Then I remember: It’s being a phone.)

I do still have some dedicated “single use” tech: I still have a dSLR camera rather than just relying on my phone for pictures, as an example. And of course I still have a desktop computer and a laptop computer. Phones these days are useful for reading and consuming things, and many things these days can be created on them, but for me they’re kind of cramped for typing and writing anything longer than a tweet. But even I don’t pretend that the Internet is not now primarily living on people’s phones. It is, and it’s a thing creative people with digital lives have to work with. It’s not bad. It just is.

I wouldn’t go back, regardless. I like my smart phone, just like I like the computer. I think about generations of writers writing drafts on typewriters (or by hand(!(!!))) and then having to redraft and literally cut and paste changes onto paper and I get tired and moody. I can’t imagine having a been a writer without a computer. I’m pretty sure I would have been, anyway, but not in the way I am now, and very probably not with the success that I have had. The next generation of writers will include someone who composes novels entirely on their phone and thinks it mad that anyone else has ever done it differently. Good for them. I’m glad it works for what they do. I hope the work is good. I’ll still need things to read.


Charles Plessy: I moved to Okinawa! [Planet Debian]

I moved with my family to Okinawa in August, in the Akano neighborhood in the Uruma city. We arrived on time to see a bunch of eisaa, traditional dances using lots for drums, that often take place at the end of August. Each neighborhood has its own band and we hope we can join next year.

We live in a concrete building with a shared optic fiber connection. It has a good ping to the mainland, but the speed for big downloads is catastrophic in the evenings, when all families are using the fiber at the same time. Impossible to manage a simple sbuild-update -dragu unstable, and I could not contribute anything to Debian since them. It is frustrating; however there might be solutions through our GitLab forge.

On the work side, I joined the Okinawa Institute of Science and Technology Graduate University (OIST). It is a formidable place, open to the public even on week-end (note the opening hours of the café). If you come visit, please let me know!

Since 2007, debt-haunted grads have been doing public service to earn loan forgiveness, which they won't get [Cory Doctorow – Boing Boing]

The roster of people carrying student debt is really just "a list of people liable to additional taxation after graduation"; in 2007, GW Bush signed into law the Public Service Loan Forgiveness (PSLF) program that would allow debt-haunted grads to earn loan forgiveness by foregoing the private sector and working for lower wages in public service for a decade.

In theory, thousands of people should be having their debts wiped away this year. In reality, less than one percent of the people enrolled in the program will see that happen. The rest are screwed.

The PSLF program is a bureaucratic nightmare of paperwork mountains that must be perfectly ordered, at all times -- despite the administering agency routinely losing and messing up its own records.

In addition, the eligibility requirements are incredibly confusing, resulting in many of the enrollees being signed up, even though they shouldn't be -- a fact they don't discover until their decade of service is up.

All that adds up to the fact that in about a decade, millions of people are likely to find themselves in the same position as Debbie Baker. She's a teacher in Oklahoma who had always been under the impression she was going to have her debt erased, only to find out to her horror that she had the "wrong type" of loan when she went to apply.

"I almost threw up," she told CNBC. "I've been teaching 18 years and I still don't make $40,000— and now I have to start all over."

You're Probably Not Getting that Loan Forgiveness You're Counting On [Allie Conti/Vice]

(Image: Donkey Hotey, CC-BY)

#MeToo meets the #FightFor15 as McDonald's workers walk out over sexual harassment [Cory Doctorow – Boing Boing]

McDonald's workers in ten US cities staged a mass walkout last week, demanding that the company take action on the rampant sexual abuse and harassment in its franchisees' stores; as the workers pointed out, the company surveils and controls their every move on-shift down to the minutest detail, but can't seem to find any way to chase down reports that women are being groped and then fired if they refuse to perform sexual acts on their supervisors.

What's more, the National Labor Relations Board has already held that McDonald's has a duty to look after the workers in its franchisees' stores (and some of the harassment has taken place in stores owned by McDonald's corporate itself).

The walkout was coordinated with Fight For 15, a workers' rights campaign that was started to focus on purely economic issues (a $15 minimum wage) but whose remit is broadening to include all questions of workplace justice, including harassment of low-waged workers.

As an excellent segment on this week's On the Media discusses, the McDonald's walkout is a new phase in the #MeToo story, whose highest-profile beats have focused on the workplace harassment of famous and powerful women, not sub-minimum-wage women working at fast-food restaurants.

The wider focus on workplace justice has hit a nerve: the organizers who coordinated the walkout have found common cause with each other and the workers they inspired and have vowed to stay together. In the meantime, the labor action has highlighted the need for a union of McDonald's workers, which could organize the workers at the world's second-largest employer.

Meanwhile, the ten women who filed the EEOC complaint last May are spearheading the direct action campaign against McDonald’s. These women first met each other when they traveled to Chicago for the annual McDonald’s shareholder meeting in Spring 2018 to tell their stories. The experience of testifying together was powerful, and they decided to keep in touch. Their newfound bond, the knowledge that they were not alone, that this was not an individual problem but a systemic and collective grievance, moved them to form committees of women workers in each of their ten cities. It was those committees that organized, voted for, and conducted Tuesday’s strike.

The committees traveled to different stores conducting sexual harassment trainings. It was not difficult to mobilize their colleagues. Complaints to management have been ignored or even mocked, the women workers say. Women often lose their jobs — or are forced to quit — if they press their claims. Since a high percentage of those responsible for the harassment have been store or shift managers who have control over scheduling, wages, hiring, and firing, women workers know that retaliation is likely for those who dare to file complaints.

That’s why they need a union, workers insist. A union brings more than solidarity. If recognized, as McDonald’s has done in Denmark, South Korea, and New Zealand, a McDonald’s workers union would bring legal contracts guaranteeing their rights.

#MeToo and McDonald’s [Annelise Orleck/Jacobin]


Exploring the ruins of a Toys R Us, discovering a trove of sensitive employee data [Cory Doctorow – Boing Boing]

When the private equity raiders who took over Toys R Us, saddled it up with debt, extracted $200,000,000 and then crashed it, they took the employee severance fund with them, but that wasn't the final indignity the titans of finance inflicted on the workforce before turning them out on the unemployment line.

Hackaday's Tom Nardi went on an urban exploration adventure through an abandoned Toys R Us, checking out the fixtures and fittings that remained after its inventory had been sold off and the auctioneer had come and gone.

Nardi discovered that -- to their credit -- the company's liquidators had taken care to wipe out historical customer data from Toys R Us (unlike, say, Canada's NCIX), but that the same care was not taken with the employees' own data.

In a room he dubbed "the records room," Nardi and his friends discovered a trove of extremely sensitive employee data: tax forms, photocopied drivers' licenses and Social Security cards, medical records and more.

The amount of personal information left behind for anyone to find was really staggering, especially since these were the company’s own employees. We saw the great lengths the company went to protect customer information, so to see how little regard they had for their own people was honestly infuriating.

At the time of this writing, there’s still a question of what to do with all of this documentation. My suggestion was to just start a bonfire behind the store and burn it there before even more people run their eyes over it, but reader suggestions are welcome.

Exploring an Abandoned Toys “R” Us [Tom Nardi/Hackaday]

(via /.)


‘Piracy is Booming in Russia, With Help From Online Casinos’ [TorrentFreak]

Piracy is very much a worldwide phenomenon, but there are some noteworthy differences between various regions.

Earlier this year we reported that there’s a notable decrease in camcording piracy globally. However, in Russia, this trend is going in the opposite direction.

This finding was corroborated this week by the international cybersecurity outfit Group-IB. The company’s Anti-Piracy department reported that there has been a clear increase in locally camcorded movies.

In 2016 there were ‘only’ 33 Russian cinema leaks. This increased more than 500% to 211 a year later and, during the first eight months of 2018, the counter has already reached 280 leaked recordings.

“Almost every film released in 2018 has been pirated and leaked to the web. In 2017, the country’s cinemas showed 477 movies, and 211 of them were pirated, which is 6 times more than a year earlier,” Group-IB notes.

TorrentFreak reached out to Andrey Busargin, Director of Brand Protection at Group-IB, who informed us that there is an organized group of “camcording” pirates which has been very active.

“This group is financed by online-casinos, which support online-pirates as well. Online-casinos integrate their ads in the pirated copies and TV-shows in the form of logos, captioning or even as audio tracks,” Busargin says.

These pirated copies than spread across the web. As an example, Group-IB provided screenshots of ads for “Azino 777” before and during pirated movies, as well as a branded watermark, seen below.

“This scheme allows online casinos to generate leads, wherever a user watches a pirated copy and whatever ads are displayed on a website with pirated copies,” Busargin adds.

Destination Wedding, with Azino 77 watermark

According to Group-IB, pirate sites are also profiting handsomely from the availability of infringing content.

“On average pirates earn $3 per 1000 views. Therefore, an average monthly income of pirated websites owners can reach $10,000. It would cost roughly $240 to create a pirated website, which allows owners to quickly recoup their ‘business’.”

That sounds profitable indeed. However, an operator of a large torrent site told us, on the condition of anonymity, that it’s a rather optimistic estimate. While popups in countries such as Japan can indeed earn up to $3 per 1000 impressions, in Russia this figure is closer to $0.3-0.5, he said.

Also, these popups are often restricted to one impression per unique visitor per day, not all website views. And then there are the ad-blockers, which take out roughly 40% of all traffic.

This means that one million Russian pageviews, from 100,000 unique users, would bring in ‘only’ $20 per popup ad. This is, effectively, $0.02 per 1000 pageviews.

Sites can run multiple ads at once, of course, but Group-IB’s figure appears to be optimistic. Even BitTorrent Inc, which is a legitimate company, doesn’t charge more than a few cents per 1000 views for its banners.

The cybersecurity company further estimates that there were a massive 10 billion search queries for “free” movies and TV-shows in Russia in a year. The company directly translates this to 110 pirate movies views for all 90 million Internet users, but that may be a bit much as well.

When we asked the company about this estimate, they told us that 110 movies per year shouldn’t be taken too literally and that it’s meant as a “snapshot” of the number of films people “intended” to watch.

All in all Group-IB’s data is quite intriguing, especially the rapid increase in cammed movies and the allegation that casinos facilitate this activity.

On that note, it’s worth mentioning that the aforementioned “Azino 777” casino was mentioned earlier this year as one of the top online advertisers in Russia. Despite a site blocking ban by Roskomnadzor, it beats the likes of Yandex, Coca-Cola, and Tele2.

Group-IB infographic

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Like burning a hammer for heat [Seth's Blog]

Yes, it's true that your hammer has a wooden handle.

But throwing it in the fireplace to get a few BTUs out of it is a huge waste.

The same thing is true of your reputation, of the relationships you have, of your hard-won trust.

Don't burn it just because you're a little chilled.


As Vince says, if you can’t beat ’em, spresm | David Mitchell [David Mitchell | The Guardian]

The Lib Dem leader’s fluffed zinger in his conference speech only demonstrates how irrelevant the party has become

Last Tuesday, on one of the thousands of occasions I glanced needlessly at my phone, it made me notice a news story. Vince Cable, it appeared, had described the hardcore Leavers’ delight in Brexit as an “erotic spasm”.

I liked that. It’s a nicely rude way of describing their irrational excitement at continental division and national isolation, and their inappropriately visceral feelings about the technical details of international trade deals. The whole country is going through a disaster, it is saying, just so a few extremists get to judder with sexual delight.

Cable just ploughs on as if 'exotic spresm' means something, or as if the right noise could be dubbed on to the speech

Related: Liberalism needs to be rebuilt – just not by the Lib Dems | Rafael Behr

Continue reading...


Kickstarter Tips [Skin Horse]

Shaenon: More sketches for the Narbonic Kickstarter.  A surprising number of people asked for Tip, who, for the record, does not appear in Narbonic.

Channing: He is, however, amazingly sexy. I’m going to go out on a limb and say this counts for a lot.

Shaenon: Eh, he’s no Nick Zerhakker.

Saturday, 22 September


Link [Scripting News]

JavaScript code that converts between YAML and JSON using js-yaml.


Judge Sees No Evidence that Pirates Were Drawn by ISP’s Lack of ‘Policing’ [TorrentFreak]

Last year several major record labels, represented by the RIAA, filed a lawsuit against ISP Grande Communications accusing it of turning a blind eye to pirating subscribers.

According to the labels, the Internet provider knew that some of its subscribers were frequently distributing copyrighted material, but failed to take any meaningful action in response.

Grande refuted the accusations and filed a motion to dismiss the case. The ISP partially succeeded as the claims against its management company Patriot were dropped.

The same was true for the vicarious infringement allegations. The court saw no evidence that potential customers would specifically sign up with Grande because it did not police infringing conduct by its subscribers.

The labels disagreed, however, and were not ready to let any claims go. In May they submitted a motion for leave to file an amended complaint including new evidence obtained during discovery. Among other things, they argued that Grande willingly kept pirating subscribers aboard, to generate more revenue.

This week, US Magistrate Judge Andrew Austin issued his “report and recommendation” on the matter, which delivers a significant setback for the RIAA labels.

Judge Austin sees no new evidence which shows that ‘pirate’ subscribers were specifically drawn to Grande. The new evidence may indicate that Grande failed to terminate pirating subscribers for years, but that’s not enough.

“First, the original Complaint alleged essentially the same or similar facts,” the recommendation reads.

“Second, the new allegations still fail to say anything about the motivations of Grande’s subscribers when they sign up with Grande. That is, Plaintiffs still fail to plead facts showing Grande gained or lost customers because of its failure to terminate infringers.”

The alleged pirates used BitTorrent to share infringing works, which is something they could have done through any ISP, the Magistrate Judge adds.

The RIAA labels also argued that Grande’s management company Patriot Media Consulting, which is also listed as a defendant, should be held liable too.

However, the court previously ruled that, while Patriot employees were involved in policy making, they didn’t take any decisions or actions that led to the alleged infringements.

According to the order, the labels’ new evidence doesn’t change this.

“Though there is more detail in the proposed amendment, these allegations are “more of the same” when compared to the original complaint,” Magistrate Judge Austin writes.

In conclusion, Judge Austin recommends denying the RIAA labels’ motion to file an amended complaint. If this recommendation is adopted by the District Court Judge, the case against Grande will continue based on the contributory infringement claim alone.

Judge Austin’s full report and recommendations filing is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


ETTV Feeds EZTV ‘Fake’ Torrents… ‘Stop Taking Our Releases!’ [TorrentFreak]

Online pirates are generally not known to be the most law-abiding citizens. However, they certainly have their own set of standards.

Scene groups, for example, have to follow a strict set of rules which define how they are supposed to share their booty.

Further down the piracy pyramid, we find P2P distribution groups. These operate out in public, making sure that scene releases find their way to the masses on a regular schedule.

ETTV is one of these groups. Specializing in the latest TV content, it uploads dozens of scene releases to public sites, including their own. The group prides itself on its selection and speed, something appreciated by millions of pirates.

While ETTV is running steady, the site’s operators have one major nuisance. EZTV, one of their main ‘competitors’, is releasing ‘their’ content without permission.

While the original EZTV shut down following a hostile takeover, the people who took over are still serving torrents to millions of people every month. And according to ETTV, many of these torrents are sourced from ETTV.

To show their discontent, ETTV recently added a fake torrent to their feed. Specifically, they uploaded a rather explicit adult film, disguising it as the latest “Taskmaster” episode.

As can be seen below, the title comes with an additional message: “EZTV and TGX stop ridding our releases,” which made its way onto the EZTV site.


The fake release has since been removed from EZTV’s website but ETTV didn’t stop there. Another fake release appeared on Thursday, disguised as a Mr. Mercedes episode.

However, as several commenters noted, this was something entirely different.

Not Mr. Mercedes

Looking at the various release feeds, it indeed appears that EZTV, in particular, is a near copy of that of ETTV. The main difference is that the torrents appear a few minutes later.

TorrentFreak reached out to ETTV, who told us that they decided to take a stand because they are tired of EZTV’s antics.

“They are always using our content and we are getting tired of it. If you want to be a distribution group you should be getting your source files privately,” ETTV says.

While ETTV is a bot that operates mostly automated, this process is certainly not free. The group pays various sites which offer scene content, so they can access these files.

Of course, ETTV itself also uses the ‘work’ of others, including scene groups (and movie studios), but it stresses that it’s not okay for one public distribution group to blatantly copy from another.

“We owe them nothing and don’t want anything from them either,” ETTV says.

“They can play the ‘sharing is caring card’ all they want, but only amateurs and freeloading scum think its ok to run their sites by [taking content from] other public sites.”

EZTV releasing torrents shortly after ETTV

The other group that was called out in the fake release is TGX. However, as far as we’ve seen these fake releases were not republished with their tag. TGX did use torrents from ETTV’s feed earlier.

Whether EZTV will be bothered by the accusations is doubtful. The group doesn’t have the best reputation after the hostile takeover of the original EZTV, and copying YIFY and ExtraTorrent, but most of their visitors don’t seem to care.

This isn’t the first time a ‘fake’ torrent has made its way onto EZTV’s website. A few weeks ago we already reported on a similar incident, which ETTV had nothing to do with.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Anonymous stock-market manipulators behind $20B+ of "mispricing" can be tracked by their writing styles [Cory Doctorow – Boing Boing]

In a new Columbia Law and Economics Working Paper, Columbia Law prof Joshua Mitts uses "stylometry" (previously) to track how market manipulators who publish false information about companies in order to profit from options are able to flush their old identities when they become notorious for misinformation and reboot them under new handles.

Stylometry is a field of text analysis that seeks to identify authors by stylistic quirks, including word-choices, punctuation habits, and subtler cues like sentence-length and structure.

Mitts studied 2,000 "attacks" published on the finance site Seeking Alpha, showing that the scammers involved were shedding old identities when their financial analysis proved to be incorrect -- and also showing that someone (maybe the scammers, maybe the Seeking Alpha editors, maybe someone else) -- was making a killing by buying options before the publication of erroneous data.

Mitts uses stylometry to identify when multiple consecutive pseudonyms seem to belong to the same anonymous author, but he doesn't actually attempt to unmask the author, though the same stylometry techniques could produce evidence, if not proof, of the scammers' identities.

Pseudonymous attacks on public companies are followed by stock price declines and sharp reversals. I find these patterns are likely driven by manipulative stock options trading by pseudonymous authors. Among 1,720 pseudonymous attacks on mid- and large-cap firms from 2010-2017, I identify over $20.1 billion of mispricing. Reputation theory suggests these reversals persist because pseudonymity allows manipulators to switch identities without accountability. Using stylometric analysis, I show that pseudonymous authors exploit the perception that they are trustworthy, only to switch identities after losing credibility with the market.

Short and Distort [Joshua Mitts/Columbia Law and Economics Working Paper No. 592]

(via Marginal Revolution)


Laura Arjona Reina: Handling an old Digital Photo Frame (AX203) with Debian (and gphoto2) [Planet Debian]

Some days ago I found an key chain at home that was a small digital photo frame, and it seems that was not used since 2009 (old times when I was not using Debian at home yet). The photo frame was still working (I connected it with an USB cable and after some seconds, it turned on), and showed 37 photos from 2009 indeed.

When I connected it with USB cable to the computer, it was asking “Connect USB? Yes/No” I pressed the button saying “yes” and nothing happened in the computer (I was expecting an USB drive to be shown in Dolphin, but no).

I looked at “dmesg” output and it was shown as a CDROM:

[ 1620.497536] usb 3-2: new full-speed USB device number 4 using xhci_hcd
[ 1620.639507] usb 3-2: New USB device found, idVendor=1908, idProduct=1320
[ 1620.639513] usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 1620.639515] usb 3-2: Product: Photo Frame
[ 1620.639518] usb 3-2: Manufacturer: BUILDWIN
[ 1620.640549] usb-storage 3-2:1.0: USB Mass Storage device detected
[ 1620.640770] usb-storage 3-2:1.0: Quirks match for vid 1908 pid 1320: 20000
[ 1620.640807] scsi host7: usb-storage 3-2:1.0
[ 1621.713594] scsi 7:0:0:0: CD-ROM buildwin Photo Frame 1.01 PQ: 0 ANSI: 2
[ 1621.715400] sr 7:0:0:0: [sr1] scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray
[ 1621.715745] sr 7:0:0:0: Attached scsi CD-ROM sr1
[ 1621.715932] sr 7:0:0:0: Attached scsi generic sg1 type 5

But not automounted.
I mounted it and then looked at the files, but I couldn’t find photos there, only these files:

Autorun.inf FEnCodeUnicode.dll LanguageUnicode.ini
DPFMate.exe flashlib.dat StartInfoUnicode.ini

The Autorun.inf file was pointing to the DPFMate.exe file.

I connected the device to a Windows computer and then I could run the DPFMate.exe program, and it was a program to manage the photos in the device.

I was wondering if I could manage the device from Debian and then searched for «dpf “digital photo frame” linux dpfmate» and found this page:


Yes, that one was my key chain!

I looked for gphoto in Debian, going to https://packages.debian.org/gphoto and then learned that the program I need to install was gphoto2.
I installed it and then went to its Quick Start Guide to learn how to access the device, get the photos etc. In particular, I used these commands:

gphoto2 --auto-detect

Model Port 
AX203 USB picture frame firmware ver 3.4.x usbscsi:/dev/sg1

gphoto2 --get-all-files

(it copied all the pictures that were in the photo frame, to the current folder in my computer)

gphoto2 --upload-file=name_of_file

(to put some file in the photo frame)

gphoto2 --delete-file=1-38

(to delete the file 1 to 38 in the photo frame).


OLIVE: a system for emulating old OSes on old processors that saves old data from extinction [Cory Doctorow – Boing Boing]

Olive ("Open Library of Images for Virtualized Execution") is an experimental service from Carnegie Mellon University that stores images of old processors, as well as the old operating systems that ran on top of them, along with software packages for those old OSes; this allows users to access old data from obsolete systems inside simulations of the computers that originally ran that data, using the original operating systems and applications.

This is a very powerful model for maintaining access to old data formats; while modern apps are often capable of parsing old data formats, they have well-understood shortcomings. For example, buggy versions of old apps may have been able to understand the corrupt files they created, but newer programs may only parse the old data if it was written to "spec." Attempts to overcome this with "bug-compatibility" and "quirks modes" are imperfect substitutes for actually running the old code, bugs and all.

it's also a powerful rebuttal to the lazy idea that digitized data is inherently less stable than, say, print records. We often hear about how obsolete file-formats, media and computers are causing "digital decay" of our old data, but the story is much more complicated than that.

Old storage media is definitely unstable. Magnetic and optical media literally rots, delaminating and decaying. I/O devices like tape drives and disk drives go out of production, break down, get scrapped, and can be next to impossible to find, creating races against the clock to find a device to read out old media before it decays beyond use.

But once that data is on a modern hard-drive, the whole story changes. Mass storage gets vastly cheaper with every year (the rate at which mass storage is improving puts the rate of progress in computer performance and network bandwidth in the shade). Data stored on your PC or in a data-center is relatively easy to preserve: the next system you buy will have much more storage than the system it replaces -- we've really reached the end of the era of "offline storage" of data that can't be accessible at all times (the exception being some very large-scale scientific experiments that generate petabytes or even exabytes on every run).

Live storage is very robust. Not only do modern drives self-monitor, automatically moving data from unreliable sectors to reliable ones, but redundant, self-healing arrays have gotten faster and more reliable -- and with storage being so cheap, backups have gotten more robust and commonplace than ever.

It's true that printed records don't usually require special equipment to read back, and high-quality paper is stable for hundreds or even thousands of years. But paper burns, it can't be (readily) encrypted, it's hard to back up (especially hard is maintaining concurrent, offsite paper backups that are geographically isolated from wars, natural disasters, etc). Live data can be cheaply instantaneously mirrored on servers all over the world, in an encrypted state that allows you to maintain the privacy and integrity of the data, even when the entity hosting a backup copy can't be trusted. Cheap paper and cheap ink rots just as fast (or faster) as cheap optical and magnetic media -- but paper doesn't automatically sense when it is starting to fade or crumble and rewrite its contents onto pages that are in better shape.

The thing paper has that data has historically lacked is an execution environment. With visible light and a flat surface, you can read documents from the age of the Enlightenment. But until recently, reading files generated for the Apollo missions or even the Apple ][+ was a tricky business.

That's why emulation is so important: emulation does for file formats what mass online storage did for storage media, hitching it to the screaming price/performance curve of computing, doing away with the delicate and imperfect business of figuring out how to parse formats designed by dead people for computers that don't exist any more.

As exciting as Olive is, it's not perfect. The operating systems and applications needed to parse old data are tangled in copyright thickets. Though the code involved has no commercial value (most code exhausts its commercial life in years, or at most, decades) software attracts the same copyright that literary works enjoy: 90 years for works "created" by corporations, life plus 70 years for works created by "natural humans." These terms mean that Olive risks enormous copyright damages if it is widely offered, so it is only available to small group of insiders.

There's no easy way to break through this thicket. There is no reasonable economic rationale for software copyright terms in the 100-year range. As a Microsoft VP for Software once candidly admitted, Microsoft would pay its programmers to make exactly the same amount of code if software's copyright term was 10 years as if it was 100 years.

In the meantime, there are plenty of living, breathing copyright proprietors (and scientists, academics, and everyday users) whose data (and games, and art) is stuck inside proprietary file formats that can only be accessed if the copyright thicket can be cleared -- if they can convince the absentee inheritors of the assets of long-defunct corporations (or the managers of thriving businesses who have more urgent issues than the licensing of 30-year-old OSes) to help them.

What else can Olive do? Maybe you’re wondering what tools businesses were using shortly after Intel introduced the Pentium processor. Olive can help with that, too. Just fire up Microsoft Office 4.3 from 1994 (which thankfully predates the annoying automated office assistant “Clippy”).

Perhaps you just want to spend a nostalgic evening playing Doom for DOS—or trying to understand what made such first-person shooter games so popular in the early 1990s. Or maybe you need to redo your 1997 taxes and can’t find the disk for that year’s version of TurboTax in your attic. Have no fear: Olive has you covered.

On the more serious side, Olive includes Chaste 3.1. The name of this software is short for Cancer, Heart and Soft Tissue Environment. It’s a simulation package developed at the University of Oxford for computationally demanding problems in biology and physiology. Version 3.1 of Chaste was tied to a research paper published in March 2013. Within two years of publication, though, the source code for Chaste 3.1 no longer compiled on new Linux releases. That’s emblematic of the challenge to scientific reproducibility Olive was designed to address.

Carnegie Mellon is Saving Old Software from Oblivion [Mahadev Satyanarayanan/IEEE Spectrum]

(via /.)


Link [Scripting News]

I've got YAML working with my GitHub as CMS experiment. Here's an example of a post so you can see what it looks like. This is exactly equivalent to using JSON, my server converts back and forth between YAML and JSON, so my app only ever sees the JSON. Every time I have to teach my software a new text-to-binary format, I shake my fist at a cloud and curse humanity. Some kid is going to come along in five years and not like YAML and there will be ZML or JDAUGHTER or whatever. Will they all do the same thing? Yes of course they will.


Link [Scripting News]

It would be great if we could make voting a party, a celebration, something to look forward to, not something you have to make time for. That would probably do more to improve the lives of all Americans than any other single thing. It's like the SuperBowl, the NBA Finals, Coachella or the Oscars, only better -- because we are the stars.


Today in GPF History for Saturday, September 22, 2018 [General Protection Fault: The Comic Strip]

In Sharon's dreams of "Harry Barker", the kids suspect Sysape, but there's a hitch...


Link [Scripting News]

I'm rolling through Maniac on Netflix and loving it. Jonah Hill, Emma Stone, Justin Theroux, Sally Field. Hill and Stone are incredible together. It's a bit of everything, The Matrix, Inception, Big Lebowski, Cloud Atlas, so many other things. I'm just starting episode 7 and rationing it. I don't want it to be over. It's the best thing in a long time. Update: Other movies it borrows from -- Eternal Sunshine of the Spotless Mind, Borat and The Graduate. Also Good Will Hunting. Best line: Gas up the Miata!


1998/2018: Whatever 20/20, Day Twenty-Two: Taste [Whatever]

Here’s an interesting question to consider: Do I have the same taste — the same cultural likes and dislikes in terms of things like style and entertainment — here in 2018 that I had in 1998? After all, it’s been twenty years. That’s a long time in terms of culture, style and entertainment.

But then again, it’s also true that if you show me a person when they’re a teenager, I’m going to probably be able to tell you what they will like in their 40s. It’s a truism that they styles and tastes we develop early matter for what we like later on in life. It’s one reason why currently, for example, 80s bands who haven’t been “hot” for decades are selling out theaters and raking in money with “VIP” packages — because everyone who loved them when they were 15 and broke now has money and wants to meet their favorite band, even if for a momentary “grip and grin.” Am I any different?

I don’t particularly think so. The bands that were important to me growing up are bands I still like to listen to, to follow up that example — I use Sirius XM’s “First Wave” and “The Bridge” stations (80s alternative and 70s mellow rock) as my aural wallpaper, and more generally the musical forms I liked then are the ones I like now. And more than that; in a larger sense, the forms of entertainment and culture I liked when I was fifteen, I liked when I was thirty,  and I like now. Not only, to be sure, but, yes, still.

But the larger question might be: What sort of things do I like, culturally? I addressed this over the summer, actually, when Athena and I did a couple of podcasts about movies we saw. And what I said then (and she agreed with) is that I’m easy to entertain but hard to impress. Which means that I get to enjoy lots of common culture. I like pop songs, and superhero films, and mindless first person shooter games, and animated shows with farts and puns, and so on. Nor do I feel guilty about liking those things. Not everything one consumes culturally has to be life changing or immortal. Sometimes it’s nice to get out of one’s head, and sing along to a chorus or watch a hot young actor in spandex blow something up in glorious CGI. It’s allowed.

With that said, I’m also not going to argue these things are amazing, either. I love a good pop song; I’m not going to (necessarily) argue that this pop song deserves the same cultural status of Bob Dylan or Joni Mitchell. Superhero films are fun but they’re not necessarily Citizen Kane or Do the Right Thing. They can be! I can think of pop songs I do think deserve to be considered as near-Platonic ideals of the form; I think when Black Panther is inevitably nominated for Best Picture (and not that ridiculous “Best Popular Picture” thing, now withdrawn), you can make a strong and serious argument for its inclusion, for all the things it does right cinematically, for its distillation and critique of superhero film tropes, and for its impact on the common culture this year. Bring it.

But the point is that not everything has to be great, or brilliant, or lasting, in order to be good and entertaining and important to you, in the moment, or as something that brings you joy. If you really like something, you shouldn’t have to then embark on a 14-point apologia, complete with PowerPoint presentation, about why, no, really, it is important. Maybe it’s not! And that’s okay. Enjoy it for what it is.

All of which is to say, coming back around to me, that I acknowledge and am okay with the fact that with a lot of things I have pretty common tastes. I have my pockets of cultural eccentricities and idiosyncrasies — if you like I can do a deep dive into my love of Glenn Branca compositions, or Sally Potter films, or [insert cred-inducing name drop here] — and I’m okay liking them, too. But at the end of the day, while I can acknowledge that, say, Orlando, is a better film on many different levels than Ant-Man and the Wasp, I’m not going apologize for liking the latter or use the former as a shield for credibility.

Indeed, accepting that you can like what you like, whatever you like, opens you up to being able to like more things. When I was younger I didn’t like country music because it wasn’t cool to like country, and I had to get over that sort of cultural anxiety to discover how much I love the music of Emmylou Harris, and Julie and Buddy Miller, and Steve Earle (among others). I can’t say I know enough about rap and hip-hop to be considered anything more than a casual listener, but I know I love stuff from Jean Grae and Quelle Chris, and Open Mike Eagle, and Dessa. It means I don’t worry about being a 49-year-old dude who really digs Charlie XCX songs. I’m not liking any of that to seem cool or relevant or interesting. I like ’em because they work for me on some level.

So, no, I don’t think my taste has changed much in the last twenty years. The individual things I like have — or at least, I try to continue to bring new things into the collection of things I like — but the ethos underlying those choices has been consistent. It’s worked for me.

(And as for style: Well, I used to wear a lot of t-shirts and now I wear aloha shirts, which are functionally the same thing, just for middle-aged dudes. So, yeah.)


Do my Homework [Charlie's Diary]

So, anent nothing in particular, I was contemplating another of James Nicoll's essays on Tor.com the other day—this one concerning utopias in SF—and found myself trying to stare into my own cognitive blind spot.

Like all fiction genres, SF is prone to fashion trends. For example, since the late 1970s, psi powers as a trope have gone into steep decline (I'd attribute this to the death and subsequent waning influence of editor John W. Campbell, who in addition to being a bigoted right-winger was into any number of bizarre fringe beliefs). "Population time bomb"/overpopulation stories have also gone into decline, perhaps due to the gradual realization that thanks to the green revolution and demographic transition we aren't doomed as a direct consequence of overpopulation—climate change and collapsing agriculture are another matter, but we're already far past the point at which a collapse into cannibalism and barbarism was so gloatingly depicted in much 1960s and 1970s SF. And so are stories about our totalitarian Stalinist/Soviet overlords and their final triumph over the decadent free western world. These are all, if you like, examples of formerly-popular tropes which succumbed to, respectively, critiques of their scientific plausibility (psi powers), the intersection of unforeseen scientific breakthroughs with the reversal of an existing trend to mitigate a damaging outcome (food production revolution/population growth tapering off), and the inexorable historical dialectic (snark intentional).

Oddly enough, tales of what the world will be like in the tantalizingly close future year 2000 AD are also thin on the ground these days. As are tales of the first man on the moon (it's always a man in those stories, although nobody in the 1950s thought to call the hero of a two-fisted space engineering story "Armstrong"), the big East/West Third World War (but hold the front page!), and a bunch of other obsolescent futures that were contingent on milestones we've already driven past.

Some other technological marvels predicted in earlier SF have dropped out of fiction except as background scenery, for they're now the stuff of corporate press releases and funding rounds. Reusable space launchers? Check. (Elon Musk really, really wants to be the Man who Sold the Moon.) Space elevators/tether systems? Nobody would bother writing a novel like "The Fountains of Paradise" these days, they're too plonkingly obvious. It'd be like writing a novel about ITER, as opposed to a novel where ITER is the setting. Pocket supercomputer/videophone gadgets in every teenager's pocket? No, that's just too whacky: nobody would believe it! And so on. (Add sarcasm tags to taste.)

We are living through the golden age of grimdark dystopian futures, especially in Young Adult literature (and lest we forget, there's much truth to the old saying that "the golden age of SF is 12", even for those of us who write and read more adult themes). There's also a burgeoning wave of CliFi, fiction set in the aftermath of global climate change. We're now seeing Afrofuturism and other cultures taken into the mainstream of commercial SF, rather than being marginalized and systematically excluded: diversity is on the rise (and the grumpy white men don't like it).

Which leads me to my question: what are the blind spots in current SF? The topics that nobody is writing about but that folks should be writing about? (Keep reading below the cut before you think about replying!)

I can immediately think of four blind spots, right now (and this is without engaging my brain and trying to work out what topics I have, as a pale-skinned male of privilege, been trained to studiously ignore):

  1. In the 1950-1999 period, tales of the 21st century were everywhere. Where are the equivalent stories of the 22nd century, that should be being told today? (There are a few, but they are if anything prominent because of their scarcity.)

  2. The social systems based on late-stage currently-existing capitalism are hideously broken, but almost all the SF I see takes some variation on the current system as a given: in the future, apparently people will have these things called "jobs" whereby an "employer" (typically a Very Slow AI controlled by a privileged caste of "executives") acquires an exclusive right to their labour in return for vouchers which may be exchanged for food, clothing, and shinies (these vouchers are apparently called "money"). Seriously folks, can't we imagine something better?

  3. What does a world look like in which the (very approximately) 2,500-10,000 year old reign of the patriarchy has been broken for good? The commodification of women and children that followed the development of settled agricultural societies with ruling/warrior castes to police and enforce laws casts a very long shadow, even in societies that notionally endorse gender equality in law. (Consider, for example, that a restricted diet stunts growth, and that average adult stature tracks food availability by a generation or three, and ask why men are, on average, taller than women; or why rape culture exists and where it came from: or where the impetus for #MeToo is coming from ...) Even if the arc of history indeed does bend towards justice, we're still a long way from finding it (whether it be for racism, sexism, or any other entrenched, long-standing historic injustice). Which in turn leads me to ...

  4. Blind justice: "the law in its majesty forbids the millionaire and the pauper alike from sleeping under bridges". Stable societies need norms of behaviour and some way of ensuring that most people comply with them, but our current approach to legal codes is broken. One size does not fit all (if the pauper and the millionaire both face a $50 fine for the same offense, then the law is a hideously onerous burden on one of them and trivially ignored by the other—yes, I know there are jurisdictions where fines are proportional to income, but they're the exception rather than the rule and they rely on the concept of a fine as punishment). Nor is it clear that punishment by incarceration or state violence achieves anything productive, or that our judicial systems produce anything that can reasonably be termed justice (in strict Rawlsian terms). What does a future social contract look like? Hell, what does a future legal system look like? Malka Older ("Infomocracy") and Ada Palmer ("Too Like the Lightning") have been ploughing that field, with a side-order of trying to conceptualize what a new age of enlightenment might look like, but again: being able to name them just highlights how few authors are exploring these vital issues in SF. Indeed, law enforcement is a huge blind spot for many Americans, as witness this think-piece in The Atlantic (How Mars Will be Policed) which seems to assume that the current American quasi-military police caste is a universal constant.

So: four themes (the world as it might be an entire human lifetime hence: what could replace the ideology of industrial-era capitalism: how would a world without entrenched hierarchies of race, privilege, and gender look: and what the future of law, justice, and society might be) are going under-represented in SF.

And here is my subsequent question: what big themes am I (and everyone else) ignoring?

Do my homework, please. Comment thread provided below for your mutual entertainment.


Mistakes, failures and problems [Seth's Blog]

A mistake is something you learn from… you did it wrong, you’ll do it better next time.

A marketing failure is a mismatch between what you built and the market.

And a problem is an invention waiting to be built, an invitation to find a solution.


Reddit Gets Tough With Multiple Bans of Piracy Sub-Reddits [TorrentFreak]

While the DMCA contains a ‘repeat infringer’ clause, copyright cases filed in the United States are now helping to more accurately define what the term means.

Multiple cases involving ISPs Cox, Grande Communications, and their subscribers, appear to be having a knock-on effect on platforms that rely on user-submitted content. No longer as vague as it was, the repeat infringer clause now means that platforms are quicker to take action against persistent pirates.

With its tens of millions of users, Reddit is one such site. All content is submitted by users and while copyright infringements are dealt with following complaints from rightsholders, the site now appears to deal more swiftly with those who continually flout the rules.

As previously reported, Reddit has issued stern warnings to several communities after they were subjected to multiple complaints from rightsholders. It now appears the ban-hammer is being swung with increasing force.

Several sub-Reddits connected to copyright infringing content have recently been banned from Reddit. One of those is FullMoviesOnAnything, a previously 23,000-strong community that posted links to full movies hosted on external sites.

How FullMoviesOnAnything used to look

Following complaints, users are no longer greeted with a large index of links to infringing content. Instead, the sub-Reddit displays the familiar ‘banned’ screen indicating that the community has been shuttered for good.

Permanently banned from Reddit

Another sub-Reddit with a similar name and purpose has also been banned. FullMoviesOnAnything_ (note the underscore) was also nuked, apparently for spam. Like its namesake, however, the community also posted links to copyright-infringing content.

How FullMoviesOnAnything_ used to look

These aren’t the only ‘infringing’ sub-Reddits to be closed in recent times.

TvShowsOnAnything, a nod to its namesake in the movie sector, has also been permanently removed from the site. The same thing happened to /r/fullmoviesonline earlier this year.

While Reddit doesn’t always display precise reasons for a sub-Reddit being banned on each individual landing page, one doesn’t have to be Sherlock Holmes to deduce that copyright infringement was an issue in the above cases. In other instances, however, the site is more clear.

The ‘banned’ notices on sub-Reddits including /r/fullmovies and /r/crackedsoftware are crystal clear, with a specific note that the sub-Reddit violated the site’s repeat infringer policy and were shut down.

Repeat infringer policy in effect

As highlighted last month, sub-Reddits dealing with piracy-related topics need to be increasingly careful not to break Reddit’s rules. Tight moderation is the key, along with common sense from users.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Link [Scripting News]

At some point journalism has to look at the motives of journalists, because it’s material. What process led the NYT to run its piece today? It looks like access journalism. Was it? Did they consider the consequences? It looks fake, btw. Was it? It feels like they sold us out, as they have been doing starting with Hillary's emails (actually before that, in the buildup to the Iraq War).

Friday, 21 September


Broadcaster Wins Streaming Piracy Blocking Case in Australia [TorrentFreak]

Last year, Hong Kong-based broadcaster Television Broadcasts Limited (TVB) applied for a blocking injunction in Australia against several unauthorized IPTV services.

Under the Copyright Act, the broadcaster asked the Federal Court to order ISPs including Telstra, Optus, Vocus, and TPG plus their subsidiaries to block access to seven Android-based services named as A1, BlueTV, EVPAD, FunTV, MoonBox, Unblock, and hTV5.

TVB’s application was unusual in that it not only required ISPs to block URLs, domains and IP addresses related to the technical operation of the services, but also hosting platforms akin to Google Play and Apple’s App Store that host the app.

Back in May, due to the relative complexity of the application, Justice Nicholas reserved his decision, telling TVB that his ruling could take a couple of months after receiving his “close attention.”

In a ruling handed down by the Federal Court yesterday, TVB discovered it had been worth the wait.

Justice Nicholas notes in his judgment that the primary purpose of the illicit streaming set-top boxes is to facilitate the infringement of copyright by making such material available in Australia without permission from copyright owners. He also notes, however, that many people using these devices did not know they are infringing copyright.

“Be that as it may, I regard as flagrant the copyright infringements of the persons who have made the TVB broadcasts available online, including those persons responsible for the establishment and maintenance of the target online locations that make it possible for users of the streaming devices to view the TVB broadcasts either in close to real time or at some later time using the VOD service,” the Judge writes.

In an earlier hearing, TVB was confronted with the fact that some of the content it broadcasts has uncertain copyright status in Australia. While Hong Kong is a member of the World Trade Organization, it is not a party to the 1961 Rome Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organisations.

The Judge says that considering the low volume of that content, blocking would not be an issue.

“I accept that access to some of content that was originally broadcast (ie. which was not pre-recorded) in which copyright does not subsist may also be blocked, but my strong impression from the evidence is that this is likely to constitute a relatively small proportion of the total content the subject of TVB’s television broadcasts in Hong Kong,” he notes.

“This is not a case, in my view, where blocking orders, if made, will significantly curtail non-infringing use of the streaming devices.”

The Judge adds that other than blocking, TVB has no other practical remedies available to curtail infringement of its rights. This is due to the likelihood that the operators of the service are “almost certainly” based overseas and “impossible” to track down.

“Obtaining any form of effective injunctive relief against them in Australia is not a realistic option,” Justice Nicholas adds.

ISPs including Telstra, Optus, Vocus and TPG now have 15 days to block the “online locations” supplying content and services to the infringing set-top boxes in Australia. Meanwhile, TVB continues its battle against pirates.

“Actions are being taken by TVB in Singapore and other overseas markets to block piracy websites. We will keep in contact with the Hong Kong government to push similar site-blocking in Hong Kong,” a TVB spokesman said.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction [Schneier on Security]

On James Island.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.


Who’s On First: 2018 Edition [Scenes From A Multiverse]

I don’t know, you guys. I don’t know.

Crab City 2049.2 [Scenes From A Multiverse]

Welcome back to the future of Crab City! Crab City is the city made for crabs, by crabs, from crabs. Crab City! The current storyline starts here.

We’ve got some new t-shirts and prints for you! Every day is Day of the Dead for Cornelius Snarlington. The world’s darkest deer is determined to be worshipped. Your body becomes his shrine in 3 flavors: orange, chocolate or lime.

Crab City 2049.1 [Scenes From A Multiverse]

Have you good people seen Blade Runner 2049? Me neither.

Welcome back to the future of Crab City! Crab City is the city made for crabs, by crabs, from crabs. Crab City! The current storyline starts here.

Crab City 2049 [Scenes From A Multiverse]

Have you good people seen Blade Runner 2049? Me neither.

Welcome back to the future of Crab City! Crab City is the city made for crabs, by crabs, from crabs. Crab City!



New Books and ARCs, 9/21/18 [Whatever]

As promised, here is the second half of a big haul of new books and ARCs at the Scalzi Compound this week. Some excellent choices here — do you see anything in particular you like? Tell us in the comments!


1998/2018: Whatever 20/20, Day Twenty-One: New York [Whatever]

I’m actually writing this in New York; I’m currently loitering at a hotel near Penn Station, in room that looks like the nicest dorm suite at NYU and can hear the street noise rising up to my windows. It’s surprisingly nice white noise, although history reminds me that sometimes it’s just noise, and loud. It’s New York. Whaddya gonna do.

I picked New York as a subject for this series not just because I happen to be in it today but also because in many ways it’s an emblematic town for me, one that especially in the last twenty years is tied intimately to my professional life. When I was a freelancer a lot of my gigs came from a marketing company rather pointedly located on Madison Avenue; now as a novelist Tor books is currently located at the iconic Flatiron building, although not for much longer, alas. I come here regularly on tour and to do events like Book Expo America and New York Comic Con. I have a ton of friends here, as well as compatriots in publishing. More than any other major city in the US — even LA, in whose suburbs I grew up, or Chicago, where I went to college — this town has a direct influence on my day to day life.

Also, weirdly, it’s still a town that doesn’t feel completely real to me. Unlike LA or Chicago, I’ve never lived in New York; I’ve spent at most three or four days in it at a time. That’s enough time in aggregate to start to get a feel for a place but not enough time for it to become a place that feels grounded. I’ve never had a daily life here — I’ve never had to pay bills or do grocery shopping or deal with plumbing here. For those reasons (and others like it) New York still feels like a special, different, place to me. Magical? I don’t know about magical. Too much vague urine smell for magical. But as they say, there’s no place like it.

It’s also the city people think of when they think of writers; for good reason, since most of big-league publishing is here and I suspect roughly half of Brooklyn lists “writer” as their profession on their tax forms, and another quarter are probably editors, agents and other citizens of the publishing world. When I visit I feel like I’m visiting the home office, as it were. A place where if you say you’re a writer you get a look that says “well, obviously you are, we all are” instead of “how do you manage to eat?” or just a polite blank stare that suggests the person never considered it a profession at all.

I’m not sure that means I would ever want to actually move here, however. I kind of like having NYC be a special “sometimes” place for me, a place to visit and be familiar with, but never bored of or irritated at. A place where it’s still exciting to come out of Penn Station, look down 34th street and see the Empire State Building and go, oh, hey, it’s actually a thing that exists in the world. I’ll let my friends who live in NYC be blase about it. I’m happy to go the other direction. And I’m happy to still be happy to be in town.

(That said: New York style pizza? Eh. It’s okay, I guess. There, the requisite fighting words have been said. We can move on to other things now.)


[$] Time namespaces [LWN.net]

The kernel's namespace abstraction allows different groups of processes to have different views of the system. This feature is most often used with containers; it allows each container to have its own view of the set of running processes, the network environment, the filesystem hierarchy, and more. One aspect of the system that remains universal, though, is the concept of the system time. The recently posted time namespace patch set (from Dmitry Safonov with a lot of work by Andrei Vagin) seeks to change that.

Mir 1.0 released [LWN.net]

The Ubuntu blog has announced the release of version 1.0.0 of the Mir display server. "Whether for building a device or for writing a shell for the desktop, Mir can give you a graphics stack that is fast, light, and secure. The Mir graphical stack works across different graphics platforms and driver models and is easy to integrate into your kiosk, digital signage, or purpose built graphical solution. It was first conceived over 6 years ago as part of an initiative by Canonical to unify the graphical environment across all devices, including desktop, TV, and mobile devices and continues to be developed with new features and modern standards."

Search the databases of Trump political appointees' resumes and discover their undisclosed conflicts of interest [Cory Doctorow – Boing Boing]

Property of the People and Propublica used the Trumptown database of Trump's political appointees and the Freedom of Information Act to pull the appointees' resumes (chock full o' data that doesn't appear on their financial disclosure forms) and put them in a searchable database.

Report: someone is already selling user data from defunct Canadian retailer's auctioned-off servers [Cory Doctorow – Boing Boing]

When Vancouver tech retailer NCIX went bankrupt, it stopped paying its bills, including the bills for the storage where its servers were being kept; that led to the servers being auctioned off without being wiped first, containing sensitive data -- addresses, phone numbers, credit card numbers, passwords, etc -- for thousands of customers. Also on the servers: tax and payroll information for the company's employees.

In August, security researcher Travis Doering of Privacy Fly found NCIX servers being sold off on Craigslist; the seller, described as "an Asian man from Richmond" who called himself "Jeff," said he bought many NCIX servers and computers, as well as hundreds of hard-drives with sensitive company data on them. Doering verified that Jeff's servers held hundreds of thousands of credit-card numbers and millions of customer orders, as well as a backup image of the personal computer of NCIX founder Steve Wu.

Jeff told Doering that he had already sold copies of some of NCIX's internal data to another customer, and offered to let Doering buy the right to copy the hard-drives on NCIX's systems, rather than the systems themselves.

NCIX appears not to have encrypted any of its systems.

The examination portion of the meeting began to wind-down as time flew by and Jeff jumped into brokering a deal over a cup of tea. The first offer was thirty-five thousand dollars which would allow me to purchase all the desktop’s and server hardware, excluding one group of hard drives that I had analyzed which he would allow me to copy. This struck me as strange and I inquired as to why I couldn’t purchase those drives. He explained that those drives and the data on them had already sold for around fifteen thousand dollars to a foreign buyer who was arriving in Vancouver to acquire them in December. “December” I quipped in questioning tone which, prompted Jeff to explain that even though the buyer was picking up the physical drives in December. Jeff had already copied the data from those drives to a network storage device and allowed the buyers remote access. The data on those drives contained thirteen terabytes of SQL databases and various VHD and Xen server backup files. I cringed at the thought of that data being sold once, as it was dangerous enough when during further conversation Jeff mentioned at least five other buyers. Jeff described one as a completing retailer while the other three Jeff claimed to “Not Want to Know” their intentions or business. Armed with the knowledge that Jeff was willing to sell the data without all the hardware attached to the deal, I mentioned that I had little use for hardware which prompted him to make a considerably shadier proposal. Jeff stated that I could pay fifteen thousand dollars to copy all the data from the hard drives including the ones that he had previously sold. This scenario would playout with my employer paying fifteen thousand dollars to “Rent the Room” and he would provide me with a couple of desks and some servers to image all the data onto my own drives. Jeff and I tentatively agreed on the second deal and I quickly exited the warehouse.

On my way out, I couldn’t help but think about how Jeff boasted that he was able to “crack their ISCSI server with very simple tools in five minutes” and called their security “really, really, bad” and I would whole heartedly agree with him there. This entire scenario could have been avoided by simply implementing full disk encryption within their organization or destroying the drives as their bankruptcy loomed. NCIX founder Steve Wu worked in IT for many years and fully understood the risk involved in his choice not to encrypt any data and then the repercussions of him abandoning the assets in a warehouse. Mr. Wu’s reckless behavior has harmed every individual and business NCIX dealt with, by allowing millions of confidential records to be sold without any oversight to anonymous buyers. The data can easily be used to cash out credit cards, craft convincing phishing messages containing details on purchases and commit identity theft.

Canadian retailer's servers storing 15 years of user data sold on Craigslist [Catalin Cimpanu/Zdnet]

NCIX DATA BREACH [Travis Doering/Privacy Fly]


New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography [Schneier on Security]

Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren't interested in how to find prime numbers, or even in the distribution of prime numbers. Public-key cryptography algorithms like RSA get their security from the difficulty of factoring large composite numbers that are the product of two prime numbers. That's completely different.


Wet weather [Tales From the Riverbank]

 We were going to be out sword dancing tomorrow, but the weather forecast is dire.

I've contacted the organisers saying that we'll not be there (we were performing for free).  I suspect they'll end up having the cancel the entire event as it's all outdoors.

I feel sorry for the organisers - a lot of work goes into organising these things.

This entry was originally posted on Dreamwidth where it has comment count unavailable comments.

Molly and the rain [Tales From the Riverbank]

 Got back from morris last night around 11pm to discover that the high winds had started removing the tarpaulin we'd tied over Molly.  (She's on the trailer on our drive at present)

So I retied the ropes and added more, getting my skirt thoroughly wet in the process.

That held until morning. Fortunately it was dry and sunny today, so we took off the tarpaulin, bailed her out and gave her a good airing.  

I've discovered that rain gets into the bow compartment, owing the the trailer being on a slope, so I dried that out with a sponge.

Some bits are still a little bit damp (that handles of the oars, as they aren't varnished, and part of the bow compartment), but most is fine.

Wrapped her up again as tomorrow is likely to be just as bad.

For long term storage, she'll be upsidedown, but we need to get a proper cover for her first.

This entry was originally posted on Dreamwidth where it has comment count unavailable comments.


Google memo Reveals plans to track search users in China [OSNews]

Google bosses have forced employees to delete a confidential memo circulating inside the company that revealed explosive details about a plan to launch a censored search engine in China, The Intercept has learned. The memo, authored by a Google engineer who was asked to work on the project, disclosed that the search system, code-named Dragonfly, would require users to log in to perform searches, track their location - and share the resulting history with a Chinese partner who would have "unilateral access" to the data.

These are the requirements set forth by the Chinese government that you must fulfil in order to do business of this kind in China. It's the same reason why Apple handed over all of its iCloud data to a company owned and run by the Chinese government - if you want to make money in China, you have to play by their rules. It just goes to show that while these companies make romp and stomp about caring about the privacy of western users, said care goes right out the window if it means they can make more money. Your privacy does not matter - only money matters.

And yes, they will do the same thing here in the west the moment it's financially advantagous for them to do so.

Apple File System reference [OSNews]

Some more light reading, right in time for the weekend - the 147 pages long reference to APFS.

Apple File System is the default file format used on Apple platforms. Apple File System is the successor to HFS Plus, so some aspects of its design intentionally follow HFS Plus to enable data migration from HFS Plus to Apple File System. Other aspects of its design address limitations with HFS Plus and enable features such as cloning files, snapshots, encryption, and sharing free space between volumes. Most apps interact with the file system using high-level interfaces provided by Foundation, which means most developers don't need to read this document. This document is for developers of software that interacts with the file system directly, without using any frameworks or the operating system - for example, a disk recovery utility or an implementation of Apple File System on another platform. The on-disk data structures described in this document make up the file system; software that interacts with them defines corresponding in-memory data structures.

This document could prove quite useful to developers who might wish to add APFS compatibility to for instance Linux.

Research shows that patent examiners are more likely to grant patents to companies they later work for [Cory Doctorow – Boing Boing]

In their National Bureau of Economic Research working paper From Revolving Doors to Regulatory Capture? Evidence from Patent Examiners (Sci-Hub Mirror), Business School profs Haris Tabakovic (Harvard) and Thomas Wollmann (Chicago) show that patent examiners are more likely to grant patents for companies that they subequently go to work for; they also go easier on patents applied for by companies associated with their alma maters (where they have more connections and will find it easier to get a job after their turn in government service).

We begin by showing that revolving door examiners grant 12.6-17.6% (8.5-11.9 percentage points) more patents to firms that later hire them. This result is robust to varying the level of controls, e.g. the inclusion or exclusion of examiner and firm fixed effects, or limiting the sample to only firms that hire at least one examiner, which cuts the sample by roughly two-thirds. While the “headline” number alone is not proof of capture, the robustness does suggest that unobservable differences—at least along the aforementioned dimensions—are very small.

We next ask whether revolving door examiners extend this leniency to prospective employers as well. Here we rely on two premises: first, that examiners face uncertainty about which firms will have future job openings and, second, that conditional on the type of work, an employer’s location is the most important attribute on which workers base their choices [Barber and Roehling, 1993, Turban, Eyring, and Campion, 1993, Powell and Goulet, 1996]. Thus, we test whether they grant more patents to other firms in close proximity to the firm that hired them (after excluding any observations where the filing firm later hired the examiner). We find that examiners extend much of the leniency afforded to their future employers to other firms that are nearby, and that these results are robust to varying the granularity of the controls and restricting the sample to only firms or cities that hire at least one examiner. To be indicative of regulatory capture, this approach requires only that examiners’ match-specific preference shocks are independent across locations, rather than across firms. Hence it provides somewhat stronger evidence.

From Revolving Doors to Regulatory Capture? Evidence from Patent Examiners [Haris Tabakovic and Thomas Wollmann/NBER] (Sci-Hub Mirror)

Revolving doors and regulatory capture [Haris Tabakovic and Thomas Wollmann/CEPR]

(via Marginal Revolution)

Backyard Blockbusters: a documentary about the amazing genre of fanfilms [Cory Doctorow – Boing Boing]

John Hudgens writes, "My documentary feature BACKYARD BLOCKBUSTERS (which Boing Boing had run two prior articles on) is finally available, streaming on Amazon's Prime Now service. Free if you have Amazon Prime, and available for purchase/rent as well."

What's it about? Did you ever see that movie where Batman fought a Predator? Or where kids remade Raiders of the Lost Ark? What about the fourth season of classic Star Trek? If none of these are familiar to you, that's because they're not studio projects, but fan films.

For years, people have been making home movies, many times using pop culture properties that they may not own, but love.

In recent years, these types of projects have come to be known as "fanfilms".

Backyard Blockbusters looks at the history and influence of the fanfilm genre, as well as the copyright and fair use problems these films create, featuring highlights from and interviews with the creators of many popular films."

ARPA-E, a sustainable energy moonshot agency of the US government, is absolutely kicking ass [Cory Doctorow – Boing Boing]

The Department of Energy's Advanced Research Projects Agency-Energy [ARPA-E] was set up by bipartisan action in 2007, funded by Obama in 2009; expanded by Congress in 2009; and survived attempts by Trump to kill it in both 2017 and 2018.

ARPA-E is a skunkworks project that gives out grants for advanced sustainable energy research that's beyond the initial phases but still too nascent to be commercialized. They've focused on long-term energy storage (a key piece of the picture with renewables) and the portfolio of inventions that have emerged from their funding is mind-bogglingly cool.

Vox's David Robert runs these down, from the wide variety of thermal storage technologies to the flow batteries, to more exotic ideas like fuel cells and pumped water systems.

Of course, Trump hates the agency, both because it is seen as a creature of the Obama regime and thus must be destroyed, and because it will hasten the demise of fossil fuels.

It’s all in what you heat and how much of the energy you get back out. At Michigan State University, they will heat “a bed of magnesium manganese oxide (Mg-Mn-O) particles.” Brayton Energy, in Hampton, New Hampshire, will heat molten salt. Echogen Power Systems, in Akron, Ohio, will heat “a ‘reservoir’ of low cost materials such as sand or concrete.” The National Renewable Energy Laboratory, in Golden, Colorado, will heat “inexpensive solid particles to temperatures greater than 1100°C” and then get the energy out using “a high performance heat exchanger and closed loop Brayton cycle turbine,” which certainly sounds cool.

Antora Energy, in Fremont, California, will heat “inexpensive carbon blocks” (to 2000° C!). Antora is somewhat unique in that it will get the energy back out not through a turbine, but with “thermophotovoltaic” solar panels “specifically designed to efficiently use the heat radiated by the blocks.”

Thermal storage doesn’t get a lot of press in the energy world — heat is somehow less sexy than electricity — but it has enormous potential to speed decarbonization. It would be awesome to see one of these techs catch on.

A tiny, beleaguered government agency seeks an energy holy grail: long-term energy storage [David Robert/Vox]

(via Naked Capitalism)

Puerto Rico didn't suffer a "natural disaster": it was looted and starved long before the hurricanes [Cory Doctorow – Boing Boing]

Hurricanes Irma and Maria left Puerto Rico in tatters, but it would be a mistake to blame the weather for Puerto Rico's suffering; Puerto Rico was put in harm's way by corrupt governments doing the work of a corrupt finance sector, then abandoned by FEMA, and is now being left to rot without any real effort to rebuild its public services so that they can be privatized and used to extract rent from the island's residents.

As Naomi Klein writes in The Intercept, this wasn't an "Act of God." Men -- greedy men -- laid off the skilled electrical workers who were needed after the storms; greedy men gave relief contracts to politically connected grifters who pocketed the money and did little or nothing for it; greedy men switched Puerto Rico from growing substistence crops to cash crops, leaving them starving when the island's only port closed; greedy men decided to make the island dependent on fossil fuels rather than solar, wind and waves.

That is why dozens of Puerto Rican organizations, under the banner of JunteGente, are standing together to demand a different future. Not just a little bit better but radically better. Their message is a clear one: that this storm must be a wakeup call, a historic catalyst for a just recovery and just transition to the next economy. Right now.

That begins with auditing and ultimately erasing an illegal debt, and firing La Junta because its very existence is an affront to the most basic principles of self-government. Only then will there be the political space to redesign the food, energy, housing, and transportation systems that failed so many — and replace them with institutions that truly serve the Puerto Rican people.

This movement for a just recovery draws on local brilliance and protected knowledge to make the most of the richness of the soil, as well as the power of the sun and wind.

Today I am reminded of the words of Dalma Cartagena, one of the great leaders of Puerto Rico’s agro-ecology movement: “Maria hit us hard. But it made our convictions stronger. Made us know the correct path.”

There’s Nothing Natural About Puerto Rico’s Disaster [Naomi Klein/The Intercept]

Apple's fine-print reveals a secret program to spy on Iphone users and generate "trust scores" [Cory Doctorow – Boing Boing]

Buried in the new Apple Iphone and Apple TV privacy policy is an unannounced program that uses "information about how you use your device, including the approximate number of phone calls or emails you send and receive...to compute a device trust score when you attempt a purchase."

The measure is billed as an anti-fraud system and Apple claims that its surveillance is "designed so Apple cannot learn the real values on your device."

Though Apple doesn't provide any details on how this works, the company has previously deployed a privacy measure called "differential privacy" that allows for some aggregate data-gathering and analysis that theoretically protects the subjects' privacy -- however, Apple's differential privacy implementation was fatally flawed, a fact that was slow to come to light in part because of the company's notorious secrecy and its hostility to independent repair and unauthorized analysis of its security measures.

Apple's locked-down systems are often a useful line of defense against fraud, theft and surveillance -- but as the company's record in China shows, this control is a dual-edged sword. By locking its Iphones to its App Store, and then capitulating to the Chinese government by banning secure VPNs from the Chinese App Store, Apple has made Chinese mass surveillance and retaliation against political dissidents much easier, and made evading surveillance and retaliation much harder.

Apple's privacy policy also adds that the Trust Scores "are stored for a fixed time on our servers." However, this fixed time is not defined, nor are there any promises that Apple won't change the duration in future -- indeed, as the Chinese experience has shown, states have enormous influence over how technology is designed and deployed.

The provision, first spotted by Venture Beat, appears in an update to the iTunes Store and Privacy page and comes ahead of the release of the iPhone Xs and iPhone Xs Plus on Friday, 21 September.

"To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase," the page reads.

"The submissions are designed so Apple cannot learn the real values on your device. The scores are stored for a fixed time on our servers."

Apple is quietly giving people 'trust scores' based on their iPhone data [Anthony Cuthbertson/The Independent]

(Image: Cryteria, CC-BY)


Wet weather [Judith Proctor's Journal]

 We were going to be out sword dancing tomorrow, but the weather forecast is dire.

I've contacted the organisers saying that we'll not be there (we were performing for free).  I suspect they'll end up having the cancel the entire event as it's all outdoors.

I feel sorry for the organisers - a lot of work goes into organising these things.

comment count unavailable comments

Molly and the rain [Judith Proctor's Journal]

 Got back from morris last night around 11pm to discover that the high winds had started removing the tarpaulin we'd tied over Molly.  (She's on the trailer on our drive at present)

So I retied the ropes and added more, getting my skirt thoroughly wet in the process.

That held until morning. Fortunately it was dry and sunny today, so we took off the tarpaulin, bailed her out and gave her a good airing.  

I've discovered that rain gets into the bow compartment, owing the the trailer being on a slope, so I dried that out with a sponge.

Some bits are still a little bit damp (that handles of the oars, as they aren't varnished, and part of the bow compartment), but most is fine.

Wrapped her up again as tomorrow is likely to be just as bad.

For long term storage, she'll be upsidedown, but we need to get a proper cover for her first.

comment count unavailable comments


Trailer for Capernaum, a "neorealist movie" about street kids, slum life, modern slavery and migration [Cory Doctorow – Boing Boing]

Lebanese director Nadine Labaki's Capernaum won this year's Cannes Jury Prize; it premiered in Lebanon this week and will be in North American cinemas starting December 14; It's a "neorealist movie" with an all-amateur cast that sheds some light on the life of outcasts: street children, inhabitants of slums, while tackling modern slavery and illegal immigration.

BanX writes, "The main protagonist Zain is a 12 year old Syrian refugee with no prior acting experience; he was illiterate when he started playing in this movie, spending his time wandering the streets in Beirut. Back in 2011, Labaki won People's Choice Award in Toronto International Film Festival about her film 'Where do we go now?' on women trying to ease religious tensions in a remote village."


News Post: Miniscule [Penny Arcade]

Tycho: So much stuff going on today.  Yeesh!  Okay.  Let’s go. I don’t consider the PlayStation retro yet, largely because features a ton of 3D stuff, but I’m open to the idea that the event horizon has claimed this portion of the medium’s history.  I suspect if I asked my son he would say that the PS1 is Retro because it is Old, but he’s fucking twelve.  Everything is old compared to him.   We imported Jumping Flash back in the day, so we were overjoyed to see it on the Classic - obviously FF7 is a draw, that’s gonna sell a machine…


JUST REVEALED: Dungeons 3 and Hidden Folks! We just unlocked TWO... [Humble Bundle Blog]

JUST REVEALED: Dungeons 3 and Hidden Folks

We just unlocked TWO more Humble Monthly games! Now when you subscribe for $12/month, you’ll immediately get not only Overwatch, but also Dungeons 3 and Hidden Folks. Start playing now while you wait for the rest of your mystery games on the first Friday of October!

Assets for Press and Partners


Ticketmaster stung by undercover journalists, who reveal that the company deliberately enables scalpers and rips off artists [Cory Doctorow – Boing Boing]

Even in this era, dominated by vertically and horizontally dominant monopolists, few companies are as chronically dirty and corrupt as Ticketmaster (previously), whose parent company, Livenation, is the world's largest concert promoter. Controlling promotion and ticketing is a one-two punch for a monopolist: Livenation's rival promoters still inevitably end up selling tickets through Ticketmaster, enriching their biggest competitor.

Ticketmaster and Livenation have managed to claim an ever-larger slice of the revenue generated by creative artists and the companies that invest in their work, Meanwhile, Ticketmaster's shows are notorious for selling out in seconds to bot-running scalpers who then mark up the tickets and sell them for many multiples of their face-value.

Ticketmaster has always maintained that these scalpers were unfortunate and undesirable parasites that preyed on Ticketmaster, the performers and the audience alike. Ticketmaster says that it uses anti-bot tools to kick scalpers off the system and prevent them from buying tickets, but laments that it sometimes loses the arms-race with the scalpers and their bots.

But a CBC/Toronto Star undercover investigation has revealed that Ticketmaster runs a secret, parallel system called "Tradedesk" that encourages the most prolific scalpers to create multiple accounts to circumvent the company's limits on ticket sales, and then allows them to re-list those tickets for sale in its "brokerage" market, which nominally exists to allow fans who find themselves with a spare ticket or two to sell it other fans. According to Ticketmaster reps who were unaware they were being secretly recorded, the most successful scalpers use this system to make as much as $5 million/year.

Of course, this means fans are getting gouged. With Ticketmaster colluding with scalpers, there's no way for a genuine fan to simply buy a ticket at face-value: not only are the scalpers always going to be better at buying tickets than fans can be (because fans buy a few tickets, every now and again, and scalpers work the system day in and day out), but they have an insider advantage, thanks to their partnership with Ticketmaster, who are supposed to be operating a fair marketplace.

But there's another way in which Ticketmaster is ripping off the world here: Ticketmaster is meant to act as a broker on behalf of performer -- the people whose creative labor is the reason for the sales in the first place.

The performers sell Ticketmaster the tickets to the show, and Ticketmaster takes a commission on the initial sale of the tickets and passes the rest on to the performers, but then, when Ticketmaster sells the ticket again (on behalf of a scalper, for a much higher price), it earns a second commission -- and the artist get nothing.

Ticketmaster issued a non-denial-denial to the Star and CBC, and implied that this was a case of rogue employees doing naughty things. But the misdeeds that the journalists caught on video came from a wide variety of Ticketmaster staffers, acting on behalf of the company at a major trade-show, with no hedging or any sense that they were offering access to something untoward. What's more, the CBC/Star report is backed up by a leaked copy of Ticketmaster's handbook for professional "resellers."

In a separate investigation, the CBC/Star team showed how Ticketmaster manipulates ticket prices in realtime using deceptive tactics (withholding blocks of tickets until mid-sale, then releasing them at above-face-value prices) to bilk fans out of more money. Hilariously, Ticketmaster blamed this on the "promoter" of the concert, which was Livenation -- the company that owns Ticketmaster.

CBC News obtained a copy of Ticketmaster's official reseller handbook, which outlines these fees. It also details Ticketmaster's reward system for scalpers. As scalpers hit milestones such as $500,000 or $1 million in annual sales, Ticketmaster will knock a percentage point off its fees.

The Ticketmaster employee who gave the video conference demonstration in March said 100 scalpers in North America, including a handful in Canada, are using TradeDesk to move between a few thousand and several million tickets per year.

"I think our biggest broker right now has probably grabbed around five million," he said.

Cross, who has spent the past two years researching online ticket sales, suspects some fans will read about this and conclude Ticketmaster is colluding with scalpers.

"On one hand, they say, 'We don't like bots,' but on the other hand, 'We have all these clients who may use bots.'"

'A public relations nightmare': Ticketmaster recruits pros for secret scalper program [Dave Seglins, Rachel Houlihan, Laura Clementson/CBC News]

(via Super Punch)

Credit Freezes are Free: Let the Ice Age Begin [Krebs on Security]

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.

Enacted in May 2018, the Economic Growth, Regulatory Relief and Consumer Protection Act rolls back some of the restrictions placed on banks in the wake of the Great Recession of the last decade. But it also includes a silver lining. Previously, states allowed the bureaus to charge a confusing range of fees for placing, temporarily thawing or lifting a credit freeze. Today, those fees no longer exist.

A security freeze essentially blocks any potential creditors from being able to view or “pull” your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you (i.e., view your credit file).

And because each credit inquiry caused by a creditor has the potential to lower your credit score, the freeze also helps protect your score, which is what most lenders use to decide whether to grant you credit when you truly do want it and apply for it.

To file a freeze, consumers must contact each of the three major credit bureaus online, by phone or by mail. Here’s the updated contact information for the big three:

Online: Equifax Freeze Page
By phone: 800-685-1111
By Mail: Equifax Security Freeze
P.O. Box 105788
Atlanta, Georgia 30348-5788

Online: Experian
By phone: 888-397-3742
By Mail: Experian Security Freeze
P.O. Box 9554, Allen, TX 75013

Online: TransUnion
By Phone: 888-909-8872
By Mail: TransUnion LLC
P.O. Box 2000 Chester, PA 19016

Spouses may request freezes for each other by phone as long as they pass authentication.

The new law also makes it free to place, thaw and lift freezes for dependents under the age of 16, or for incapacitated adult family members. However, this process is not currently available online or by phone, as it requires parents/guardians to submit written documentation (“sufficient proof of authority”), such as a copy of a birth certificate and copy of a Social Security card issued by the Social Security Administration, or — in the case of an incapacitated family member — proof of power of attorney.

In addition, the law requires the big three bureaus to offer free electronic credit monitoring services to all active duty military personnel. It also changes the rules for “fraud alerts,” which currently are free but only last for 90 days. With a fraud alert on your credit file, lenders or service providers should not grant credit in your name without first contacting you to obtain your approval — by phone or whatever other method you specify when you apply for the fraud alert.

Another important change: Fraud alerts now last for one year (previously they lasted just 90 days) but consumers can renew them each year. Bear in mind, however, that while lenders and service providers are supposed to seek and obtain your approval before granting credit in your name if you have a fraud alert on your file, they’re not legally required to do this.


Having a freeze in place does nothing to prevent you from using existing lines of credit you may already have, such as credit, mortgage and bank accounts. By the same token, freezes do nothing to prevent crooks from abusing unauthorized access to these existing accounts.

According to experts, the bureaus make about $1 every time they sell access your credit file. However, a freeze on your file does nothing to prevent the bureaus from collecting information about you as a consumer — including your spending habits and preferences — and packaging, splicing and reselling that information to marketers.

When you place a freeze, each credit bureau will assign you a personal identification number (PIN) that needs to be supplied if and when you ever wish to open a new line of credit. When that time comes, consumers can temporarily thaw a freeze for a specified duration either online or by phone (see above resources). Needless to say, it’s a good idea to keep these PINs somewhere safe and reliable in the event you wish to unfreeze.

One important caveat: It’s best not to wait until the last minute before starting the freeze thawing process, which can be instantaneous or can take a few days. The easiest way to unfreeze your file for the purposes of gaining new credit is to spend a few minutes on the phone with the company from which you hope to gain the line of credit (or research the matter online) to see which credit bureau they rely upon for credit checks. It will most likely be one of the major bureaus. Once you know which bureau the creditor uses, contact that bureau either via phone or online and supply the PIN they gave you when you froze your credit file with them. The thawing process should not take more than 24 hours, but hiccups in the thawing process sometimes make things take longer.


All three big bureaus tout their “credit lock” services as an easier and faster alternative to freezes — mainly because these alternatives aren’t as disruptive to their bottom lines. According to a recent post by CreditKarma.com, consumers can use these services to quickly lock or unlock access to credit inquiries, although some bureaus can take up to 48 hours. In contrast, they can take up to five business days to act on a freeze request, although in my experience the automated freeze process via the bureaus’ freeze sites has been more or less instantaneous (assuming the request actually goes through).

TransUnion and Equifax both offer free credit lock services, while Experian’s is free for 30 days and $19.99 for each additional month. However, TransUnion says those who take advantage of their free lock service agree to receive targeted marketing offers. What’s more, TransUnion also pushes consumers who sign up for its free lock service to subscribe to its “premium” lock services for a monthly fee with a perpetual auto-renewal.

Unsurprisingly, the bureaus’ use of the term credit lock has confused many consumers; this was almost certainly by design. But here’s one basic fact consumers should keep in mind about these lock services: Unlike freezes, locks are not governed by any law, meaning that the credit bureaus can change the terms of these arrangements when and if it suits them to do so.

If you have already signed up for credit monitoring services, placing a freeze on your file should not impact those services. However, it is generally not possible to sign up for new credit monitoring services once a freeze is in place. So if you wish to avail yourself of credit monitoring, it’s best to sign up before placing a freeze.

Many consumers erroneously believe that credit monitoring services will protect them from identity thieves. In truth, despite incessant marketing by the bureaus and others to the contrary, these services do not prevent thieves from using your identity to open new lines of credit, or from damaging your good name for years to come in the process. The most you can hope for is that credit monitoring services will alert you soon after an ID thief does steal your identity.

Credit monitoring services are principally useful in helping consumers recover from identity theft. Doing so often requires dozens of hours writing and mailing letters, and spending time on the phone contacting creditors and credit bureaus to straighten out the mess. In cases where identity theft leads to prosecution for crimes committed in your name by an ID thief, you may incur legal costs as well. Most of these services offer to reimburse you up to a certain amount for out-of-pocket expenses related to those efforts. But a better solution is to prevent thieves from stealing your identity in the first place by placing a freeze.


Freezing your credit file at the big three bureaus is a great start, but ID thieves can and do abuse other parts of the credit system to wreak havoc on consumers. Beyond the big three bureaus, Innovis is a distant fourth bureau that some entities use to check consumer creditworthiness. Fortunately, filing a freeze with Innovis also is free and relatively painless.

In addition, many wireless phone companies currently check consumer credit using a little-known credit reporting bureau operated by Equifax called the National Consumer Telecommunications and Utilities Exchange (NCTUE). Freezing your credit with Equifax won’t necessarily block inquiries to the NCTUE, but fortunately the NCTUE also offers a freeze process, as detailed in this story.

It’s a good idea to periodically order a free copy of your credit report. There are several forms of identity theft that probably will not be blocked by a freeze. But neither will they be blocked by a fraud alert or a credit lock. That’s why it’s so important to regularly review your credit file with the major bureaus for any signs of unauthorized activity.

By law, each of the three major credit reporting bureaus must provide a free copy of your credit report each year — but only if you request it via the government-mandated site annualcreditreport.com. The best way to take advantage of this right is to make a notation in your calendar to request a copy of your report every 120 days, to review the report and to report any inaccuracies or questionable entries when and if you spot them. Avoid other sites that offer “free” credit reports and then try to trick you into signing up for something else.

According to the Federal Trade Commission, having a freeze in place should not affect a consumer’s ability to obtain copies of their credit report from annualcreditreport.com.

It’s also a good idea to notify a company called ChexSystems to keep an eye out for fraud committed in your name. Thousands of banks rely on ChexSystems to verify customers that are requesting new checking and savings accounts, and ChexSystems lets consumers place a security alert on their credit data to make it more difficult for ID thieves to fraudulently obtain checking and savings accounts. For more information on doing that with ChexSystems, see this link.

Finally, ID thieves like to intercept offers of new credit and insurance sent via postal mail, so it’s a good idea to opt out of pre-approved credit offers. If you decide that you don’t want to receive prescreened offers of credit and insurance, you have two choices: You can opt out of receiving them for five years or opt out of receiving them permanently.

To opt out for five years: Call toll-free 1-888-5-OPT-OUT (1-888-567-8688) or visit optoutprescreen.com. The phone number and website are operated by the major consumer reporting companies. To complete your request for a permanent opt-out, you must return the signed Permanent Opt-Out Election form provided after you initiate your online request.


Smarter cities through Geotab with BigQuery ML and geospatial analytics [All - O'Reilly Media]

Chad Jennings explains how Geotab's smart city application helps city planners understand traffic and predict locations of unsafe driving.

Continue reading Smarter cities through Geotab with BigQuery ML and geospatial analytics.


Page 35 [Flipside]

Page 35 is done.


‘Dragon Box’ Changes Business Model Following Hollywood Lawsuit [TorrentFreak]

Earlier this year, several major Hollywood studios, Amazon, and Netflix filed a lawsuit against Dragon Media Inc, branding it a supplier of pirate streaming devices.

Under the flag of the newly formed anti-piracy group ACE, the companies accused Dragon of using the Kodi media player in combination with pirate addons. As such, the company facilitates mass copyright infringement, it was argued.

While the lawsuit remains ongoing, the legal pressure prompted Dragon Box to take a good look at its business. With ACE filing lawsuits against several ‘streaming boxes,’ the problem was not going away anytime soon.

“It’s been a tough 9 months for the company and the industry,” the company writes in a Facebook message picked up by Cord Cutters News.

However, Dragon Box is not throwing in the towel. The company will change its business model and promises to continue serving the latest entertainment, albeit at a cost.

“Instead of closing our doors and shutting down all boxes and riding off into the sunset we decided that it was in the best interest of you the customers and the company to change our business model..,” Dragon Box writes.

The company adds that it will continue to try and bring customers “the best legal content we can and add in as many services we can to make Dragon Box the box that beats any competitors out there.”

While the announcement isn’t very concrete, a company representative informs TorrentFreak that they plan to officially announce their “Blend TV” subscription service next week.

This service, which has a similar website design as the box seller, is operated by uMedialink LLC and works on various platforms and devices. However, it does come with a subscription, starting at $39.95 per month for access to 65+ US Channels, including live sports streaming.

Blend TV’s channels

While Blend TV is not exactly a household name, its FAQ section notes that it is perfectly legal.

“Absolutely! BlendTV has the required rights and permission’s for the distribution of all our channels and movies on demand,” Blend TV’s website reads.

Dragon Box has also put up their boxes up for sale again. However, these are completely different to the ones that were offered last year. They are configured for easy access to Blend TV, and no longer come with Kodi and infringing add-ons pre-installed.

TorrentFreak spoke to someone familiar with the situation, who explained that this move was inevitable. The company believes that this change is in their own best interests and the interests of their customers.

Dragon Box still believes that online streaming is the future. And they hope that, by partnering with Blend TV, they can continue doing business without legal trouble.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Link [Scripting News]

This song, Africans by Peter Tosh, is always in my mind.

Link [Scripting News]

Wishlist item: I wish it were possible to write a driver for GitHub that would teach it how to display formats it doesn't know about, like OPML and RSS. I write my development notes in OPML, and would like to have them be directly readable in GitHub. OPML has been stable for 18 years and RSS for 16. I think it would be safe to support them now. And this raises a question, can there be a process for vetting the code and adding it to the native capabilities of GitHub? I think most of the expertise in these formats exists outside their company. Are we ready for this kind of collaboration?


1141: Advanced Color Theory [Order of the Stick]


Why is regsvr32 exiting with code 3? [The Old New Thing]

A customer had a script to set up a virtual machine, but this call was failing:

regsvr32 /s /n /i:u Awesome.dll

The DLL failed to register, and regsvr32 exited with code 3.

Last time, we saw exit code 3 means that the Load­Library call failed. The customer reported that the error was not consistent, and they've been working around it by waiting a little while and retrying the operation. But sometimes, even after a few retries, the operation still fails.

The were running regsvr32 in silent mode, so no error messages were displayed to the user.

According to the table from last time, step 3 is the Load­Library step. Since the problem was random and sometimes cleared up after a few retries, this ruled out systematic errors like copying the file to the wrong directory, or copying the wrong version of the file. Those types of errors would result in the operation failing consistently, rather than randomly.

I suspected that the Load­Library failed because the file was still in use, either because it was still being copied to the VM, or because it was being scanned or blocked by anti-malware software running in the VM.

One option for digging further is to run regsvr32 one last time in non-silent mode, so that the error details are on the screen. They could write an automation client that scrapes the message before dismissing the dialog box. If they go the automation client route, they may as well always run regsvr32 in non-silent mode.

If the team doesn't have experience with writing automation, they could just set a watchdog on regsvr32. Pick a generous amount of time to cover typical running time of regsvr32 in the success cases. If regsvr32 has not returned by then, then take a screen shot and then terminate the regsvr32 proces.

Or they could write their own program that tries to Load­Library their DLL and captures the Get­Last­Error. Run the custom program once the first regsvr32 fails. They could even turn on loader snaps to get extremely detailed information about the Load­Library operation; that information will pinpoint exactly where it went wrong.

Another option is to run regsvr32 under the debugger with loader snaps enabled and tell the debugger to log all output to a file.

cdb -Ggx -logo log.txt regsvr32 /s /n i:u Awesome.dll

If the DLL registers successfully, then delete the log file. If it fails, then save the log file somewhere for analysis.

Yet another possibility is that the exit code of 3 is a red herring. Perhaps something went wrong in a way that led to the C runtime calling the abort() function, which exits the program with code 3.


The virtues of privacy by design [All - O'Reilly Media]

How we can put privacy at the heart of our design processes.

Continue reading The virtues of privacy by design.


Security updates for Friday [LWN.net]

Security updates have been issued by Debian (hylafax, sympa, and texlive-bin), Fedora (curl and gitolite3), Mageia (bouncycastle, ghostscript, and libx11), openSUSE (webkit2gtk3), Oracle (spice and spice-gtk and spice-gtk and spice-server), Red Hat (rubygem-smart_proxy_dynflow, spice and spice-gtk, and spice-gtk and spice-server), Scientific Linux (spice and spice-gtk and spice-gtk and spice-server), and SUSE (ImageMagick, kernel, liblouis, openslp, and python-paramiko).


Cat Toy Story – DORK TOWER 13.09.18 [Dork Tower]

HEY THERE! Dork Tower has a Patreon campaign, with amazing backers who help these webstrips happen. We’re nearing three new comics every week!  Check it out,  and join the fun! FUN!


The Whatever Digest, 9/21/18 [Whatever]

I’m at the airport with two and a half hours before my flight boards. Enough time for a digest!


So apparently the big attempt to defect from Kavanaugh’s allegedly sexually assaulting past was for a key Republican operative to launch a conspiracy theory Twitter thread saying it was actually someone else who attacked Ford, and she got confused because all jock-y white male teens look alike? Two things here:

1. Kathleen Parker’s “maybe there was a doppelganger” column in the Washington Post yesterday now looks even more embarrassing, because clearly she was drafting off this particular juggernaut of idiocy, and perhaps the Pulitzer committee might want to think about rescinding her award;

2. This truly is the stupidest timeline possible. I mean, I wasn’t really doubting that, given the preponderance of evidence, but it’s depressing to be reminded with such frequency.

What’s particularly horrifying is that Ed Whelan, the mastermind behind this particular wodge of bullshit, actually named someone else as the potential sexual assaulter, a dude named [deleted because on second thought it doesn’t do any good to spread his name around], who currently teaches at a middle school and who is the very definition of a private citizen. This is essentially an open-and-shut defamation case, and I expect [defamed person] is neck-deep in lawyers wanting to represent him, because this is some easy money right here. Ford has flatly said that it wasn’t [defamed person] who attacked her, so this one conspiracy theory which has fallen with a splat.

Over at Talking Points Memo, Josh Marshall makes the point that it’s unlikely that Whelan moved forward without at least some sort of coordination with the Kavanaugh camp, which if it’s true is yet one more reason Kavanaugh shouldn’t be allowed anywhere near the Supreme Court. Someone who would countenance throwing an innocent person under a bus in a (mixed metaphor here) Hail Mary pass attempt to clear his own name is not a moral person, or a good person. In fact, if it’s true, he’s complete shit.


Also, at this point, after last’s night hugely embarrassing Twitter fracas, one has to wonder how there is still any support for Kavanaugh among Senate Republicans, other than sheer myopic cussedness. He’s an astounding liability, someone credibly accused of sexual assault nominated to the bench primarily to overturn Roe v. Wade, and if you don’t think women aren’t already pissed off, just you wait. They would be better off at this point simply telling Kavanaugh to pack it in and then picking someone who could actually stand up to vetting (if they can, who knows with this clown car of an administration). Nearly anyone else would be better at this point. Any one of my cats would be better.

But of course they won’t, because we have stupid people in charge, and a president who can’t ever back down from anything because he’s weak and a bully. So here we are.


Why am I at the airport? I’m off to NYC to do a little business and to see some friends, basically. Also it’s a nice time of year to be in New York. Before anyone asks, I’m not doing any public events, sorry. Just work stuff and a little personal time. Also maybe to go in for a slice, say “You call this pizza?!?!?” and pull out a Chicago deep dish from my backpack and eat it in the shop, never breaking eye contact with the horrified pizza shop employees. Okay, maybe not that last one. I don’t actually have a death wish.


Congratulations to the Cleveland Browns, who last night not only didn’t lose, but actually managed to win a game, their first since Christmas Eve in 2016. The fact that much of Ohio went a little nuts about that one win says a lot about the state of Browns football, and maybe a little about Ohio. Meanwhile the Bengals, 2-0, wonder what the big deal is. Stay cool, Bengals. Stay cool.


That’s it for the Digest this week. It’ll be back on Monday. To get you through until then, here’s Smudge on my luggage this morning. Have a great weekend, the last of summer and the first of fall.


AES Resulted in a $250-Billion Economic Benefit [Schneier on Security]

NIST has released a new study concluding that the AES encryption standard has resulted in a $250-billion worldwide economic benefit over the past 20 years. I have no idea how to even begin to assess the quality of the study and its conclusions -- it's all in the 150-page report, though -- but I do like the pretty block diagram of AES on the report's cover.


3 Docker Compose features for improving team development workflow [All - O'Reilly Media]

Using advanced Docker Compose features to solve problems in larger projects and teams.

A developer today is bombarded with a plethora of tools that cover every possible problem you might have—but, selecting which tools to use is The New Problem. Even in container-land, we're swimming in an ocean of tool choices, most of which didn't exist a few years ago.

I'm here to help. I make a living out of helping companies adopt a faster and more efficient workflow for developing, testing, packaging, and shipping code to servers. Today that means containers, but it's often not just the tool that's important; it's the way you use it and the way you scale it in a team.

For now, let's focus on Docker Compose. It has become the de facto standard for managing container-based developer environments across any major OS. For years, I've consistently heard about teams tossing out a list of tools and scripts this single tool replaces. That's the reason people adopt Compose. It works everywhere, saves time, and is easy to understand.

But getting it to work across dev, test, and prod for a team can be tricky. Here are three main areas to focus on to ensure your Compose workflow works for everyone.

Environment variables

Eventually, you'll need a compose file to be flexible and you'll learn that you can use environment variables inside the Compose file. Note, this is not related to the YAML object "environment," which you want to send to the container on startup. With the notation of ${VARNAME}, you can have Compose resolve these values dynamically during the processing of that YAML file. The most common examples of when to use this are for setting the container image tag or published port. As an example, if your docker-compose.yml file looks like this:

version: '2'
    image: ghost:${GHOST_VERSION}

...then you can control the image version used from the CLI like so:

GHOST_VERSION=2 docker-compose up

You can also set those variables in other ways: by storing them in a .env file, by setting them at the CLI with export, or even setting a default in the YAML itself with ${GHOST_VERSION:-2}. You can read more about variable substitution and various ways to set them in the Docker docs.


A relatively new and lesser-known feature is Extension Fields, which lets you define a block of text in Compose files that is reused throughout the file itself. This is mostly used when you need to set the same environment objects for a bunch of microservices, and you want to keep the file DRY (Don't Repeat Yourself). I recently used it to set all the same logging options for each service in a Compose file like so:

version: '3.4'

    max-size: '1m'
    max-file: '5'

    image: ghost
    logging: *my-logging
    image: nginx
    logging: *my-logging

You'll notice a new section starting with an x-, which is the template, that you can then name with the & and call from anywhere in your Compose file with * and the name. Once you start to use microservices and have hundreds or more lines in your Compose file, this will likely save you considerable time and ensure consistency of options throughout. See more details in the Docker docs.

Control your Compose Command Scope

The docker-compose CLI controls one or more containers, volumes, networks, etc., within its scope. It uses two things to create that scope: the Compose YAML config file (it defaults to docker-compose.yml) and the project name (it defaults to the directory name holding the YAML config file). Normally you would start a project with a single docker-compose.yml file and execute commands like docker-compose up in the directory with that file, but there's a lot of flexibility here as complexity grows.

As things get more complex, you may have multiple YAML config files for different setups and want to control which one the CLI uses, like docker-compose -f custom-compose.yml up. This command ignores the default YAML file and only uses the one you specify with the -f option.

You can combine many Compose files in a layered override approach. Each one listed in the CLI will override the settings of the previous (processed left to right)—e.g., docker-compose -f docker-compose.yml -f docker-override.yml.

If you manually change the project name, you can use the same Compose file in multiple scopes so they don't "clash." Clashing happens when Compose tries to control a container that already has another one running with the same name. You likely have noticed that containers, networks, and other objects that Compose creates have a naming standard. The standard comprises three parts: projectname_servicename_index. We can change the projectname, which again, defaults to the directory name with a -p at the command line. So if we had a docker-compose.yml file like this:

version: '2'

    image: ghost:${GHOST_VERSION}
      - ${GHOST_PORT}:2368

Then we had it in a directory named "app1" and we started the ghost app with inline environment variables like this:

app1> GHOST_VERSION=2 GHOST_PORT=8080 docker-compose up

We'd see a container running named this:


Now, if we want to run an older version of ghost side-by-side at the same time, we could do that with this same Compose file, as long as we change two things. First, we need to change the project name to ensure the container name will be different and not conflict with our first one. Second, we need to change the published port so they don't clash with any other running containers.

app1> GHOST_VERSION=1 GHOST_PORT=9090 docker-compose -p app2 up

If I check running containers with a docker container ls, I see:

app1_ghost_1 running ghost:2 on port 8080
app2_ghost_1 running ghost:1 on port 9090

Now you could pull up two browser windows and browse both 8080 and 9090 with two separate ghost versions (and databases) running side by side.

Most of what I've learned on advanced Compose workflows has come from trying things I've learned in the Docker docs, as well as the teams I work with to make development, testing, and deployments easier. I share these learnings everywhere I can, and I encourage you to do the same. What other features or team standards have you found useful with Docker Compose? Please share with me and the community on Twitter @BretFisher.

Continue reading 3 Docker Compose features for improving team development workflow.

Four short links: 21 September 2018 [All - O'Reilly Media]

Linux Foundation, Data Unit Tests, Software Pooping the World, and Predictions

  1. Something is Rotten in the Linux Foundation (Val Aurora) -- Linux Foundation sponsors should demand that the Linux Foundation release all former employees from their non-disparagement agreements, then interview them one-on-one, without anyone currently working at the foundation present. At a minimum, the sponsors should insist on seeing a complete list of ex-employee NDAs and all funds paid to them during and after their tenure. If current Linux Foundation management balks at doing even that, well, won’t that be interesting?
  2. Deequ -- unit tests for data.
  3. If Software is Eating the World, What Will Come Out the Other End? (John Battelle) -- So far, it’s mostly shit. More rhetoric than depth, but 10/10 for rhetoric. You start a frame, you'd better be prepared to end it.
  4. 25 Years of Wired's Predictions (Wired) -- always ask yourself "what reward does this predictor get for making a good prediction?" In the case of people who write in magazines: a cent a word or so. In the case of Michael Crichton, who proclaimed in the fourth issue that “it is likely that what we now understand as the mass media will be gone within 10 years—vanished, without a trace.” he didn't even need the paycheck. (For good reading on predictions, try Superforecasting by Phil Tetlock.

Continue reading Four short links: 21 September 2018.


Derive value from analytics and AI at scale [All - O'Reilly Media]

Ziya Ma discusses how recent innovations from Intel in high-capacity persistent memory and open source software are accelerating production-scale deployments.

Continue reading Derive value from analytics and AI at scale .

Mike Gabriel: You may follow me on Mastodon [Planet Debian]

I never fancied having accounts with the big players that much, so I never touched e.g. Twitter.

But Mastodon is the kind of service that works for me. You can find me on https://fosstodon.org.

My nick over there is sunweaver. I'll be posting intersting stuff of my work there, probably more regularly than on the blog.


Error'd: This Movie is Rated S for Safe for SQL [The Daily WTF]

"Clearly the Light Cinema decided to ban unsafe sql characters from the cinema," wrote Simon, "Let's hope no one makes a film called 'Drop Table'."   Michael M. wrote,...

The struggle is real [Seth's Blog]

Once a computer (or a player piano) begins to do a task, part of the appeal goes away.

Yes, the goods or services might be identical, but the story we tell ourselves about what they took to create disappears.

Effort is insufficient, but extraordinary effort (and our perception of that effort) can add value.


FeedRSSLast fetchedNext fetched after
XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
a bag of four grapes XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
A Smart Bear: Startups and Marketing for Geeks XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
All - O'Reilly Media XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
Anarcho's blog XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
Ansible XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
Bad Science XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
Black Doggerel XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
Blog – Official site of Stephen Fry XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
Broodhollow XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
Charlie Brooker | The Guardian XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
Charlie's Diary XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
Chasing the Sunset - Comics Only XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
Clay Shirky XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
Coding Horror XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
Cory Doctorow – Boing Boing XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
Cory Doctorow's craphound.com XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
Ctrl+Alt+Del Comic XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
Cyberunions XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
David Mitchell | The Guardian XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
Debian GNU/Linux System Administration Resources XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
Deeplinks XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
Diesel Sweeties webcomic by rstevens XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
Dork Tower XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
Edmund Finney's Quest to Find the Meaning of Life XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
Eerie Cuties XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
EFF Action Center XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
Enspiral Tales - Medium XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
Erin Dies Alone XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
Events XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
Falkvinge on Liberty XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
Flipside XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
Free software jobs XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
Full Frontal Nerdity by Aaron Williams XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
General Protection Fault: The Comic Strip XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
George Monbiot XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
Girl Genius XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
God Hates Astronauts XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
Graeme Smith XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
Groklaw XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
Hackney Anarchist Group XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
http://cashing-knowledge.jp/?feed=rss2 XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
http://dungeond.com/comic.rss XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
http://eng.anarchoblogs.org/feed/atom/ XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
http://feed43.com/3874015735218037.xml XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
http://feeds2.feedburner.com/GeekEtiquette?format=xml XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
http://fulltextrssfeed.com/feeds2.feedburner.com/uclick/doonesbury?format=xml XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
http://london.indymedia.org/articles.rss XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
http://the-programmers-stone.com/feed/ XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
http://thecommune.co.uk/feed/ XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
http://ubuntuweblogs.org/atom.xml XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
http://www.amongruins.org/?feed=atom XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
http://www.baen.com/baenebooks XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
http://www.dcscience.net/feed/medium.co XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
http://www.freedompress.org.uk/news/feed/ XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
http://www.goblinscomic.com/category/comics/feed/ XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
http://www.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
http://www.hackneysolidarity.info/rss.xml XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
http://www.steampunkmagazine.com/inside/feed/ XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
http://www.tinycat.co.uk/feed/ XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
https://hackbloc.org/rss.xml XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
https://kajafoglio.livejournal.com/data/atom/ XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
https://kimmo.suominen.com/stuff/dilbert-daily.xml XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
https://philfoglio.livejournal.com/data/atom/ XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
https://studiofoglio.livejournal.com/data/atom/ XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
https://twitter.com/statuses/user_timeline/22724360.rss XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
https://web.randi.org/?format=feed&type=rss XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
Humble Bundle Blog XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
I, Cringely XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
Irregular Webcomic! XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
Joel on Software XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
Judith Proctor's Journal XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
Krebs on Security XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
Lambda the Ultimate - Programming Languages Weblog XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
LFG Comics XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
LLVM Project Blog XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
Loomio Blog XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
LWN.net XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
Menage a 3 XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
Mimi and Eunice XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
Neil Gaiman's Journal XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
Nina Paley's Blog XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
O Abnormal – Scifi/Fantasy Artist XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
Oglaf! -- Comics. Often dirty. XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
Oh Joy Sex Toy XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
Order of the Stick XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
Original Fiction – Tor.com XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
OSNews XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
Paul Graham: Unofficial RSS Feed XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
Penny Arcade XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
Penny Red XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
PHD Comics XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
Phil's blog XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
Planet Debian XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
Planet GridPP XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
Planet Lisp XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
Property is Theft! XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
QC RSS XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
Scenes From A Multiverse XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
Schneier on Security XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
SCHNEWS.ORG.UK XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
Scripting News XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
Seth's Blog XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
Skin Horse XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
Starslip by Kris Straub XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
Tales From the Riverbank XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
The Adventures of Dr. McNinja XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
The Bumpycat sat on the mat XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
The Command Line XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
The Daily WTF XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
The Monochrome Mob XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
The Non-Adventures of Wonderella XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
The Old New Thing XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
The Open Source Grid Engine Blog XML 18:49, Tuesday, 25 September 19:36, Tuesday, 25 September
The Phoenix Requiem XML 18:49, Tuesday, 25 September 19:29, Tuesday, 25 September
The Rogues Gallery XML 18:49, Tuesday, 25 September 19:37, Tuesday, 25 September
The Stranger, Seattle's Only Newspaper: Savage Love XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
TorrentFreak XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
towerhamletsalarm XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
Twokinds XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
UK Indymedia Features XML 18:21, Tuesday, 25 September 19:03, Tuesday, 25 September
Uploads from ne11y XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
Uploads from piasladic XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 18:35, Tuesday, 25 September 19:21, Tuesday, 25 September
What If? XML 18:14, Tuesday, 25 September 18:55, Tuesday, 25 September
Whatever XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
Whitechapel Anarchist Group XML 18:28, Tuesday, 25 September 19:17, Tuesday, 25 September
WIL WHEATON dot NET XML 18:35, Tuesday, 25 September 19:19, Tuesday, 25 September
wish XML 18:35, Tuesday, 25 September 19:20, Tuesday, 25 September
xkcd.com XML 18:28, Tuesday, 25 September 19:11, Tuesday, 25 September