Thursday, 05 December

16:21

Occupation of Gaza [Richard Stallman's Political Notes]

Under international law, Israel's control over Gaza's borders and use of Gaza's territory means that Israel is considered to hold a military occupation of Gaza [PDF].

Coal plants insurance [Richard Stallman's Political Notes]

Many US and European insurance companies now refuse to insure coal plants.

However, there are still some companies that will insure them, so this is not yet starting to protect us.

Oil and gas plants need to be next.

China's total surveillance [Richard Stallman's Political Notes]

China requires everyone who has a mobile phone to submit face scans for face recognition.

Putting this together with the elimination of cash, they add up to total surveillance of almost all activities.

Noble Savage [Richard Stallman's Political Notes]

Western tourists seek the noble savage among modern-day hunter gatherers, who need to hide their digital devices when a tour comes through.

Biden and student debt [Richard Stallman's Political Notes]

*How Biden helped create the student debt problem he now promises to fix.*

He supported the law that made it impossible to eliminate student debt via bankruptcy.

For Vaugh Hatch, try Mekar Bhuana Centre info@BALIMUSICANDDANCE.COM.

16:14

Stable kernels 5.4.2, 5.3.15, and 4.19.88 [LWN.net]

Greg Kroah-Hartman has announced the release of the 5.4.2, 5.3.15, and 4.19.88 stable kernels. They contain a relatively large collection of important fixes throughout the tree; users of those kernel series should upgrade.

15:56

Molly de Blanc: Free software activities (November 2019) [Planet Debian]

November brings two things very demanding of my time: Thanksgiving and the start of fundraising season.

Free software activities (personal)

  • The Open Source Initiative had it’s twice-a-year face to face board meeting! Good times all around.
  • Debian is having a GR. I’ve been following the development of proposals and conversation, which is basically a part time job in and of itself.
  • Participated in Debian Community Team meetings.
  • I started drafting Bits from the Debian Community Team.
  • Wrote some blog posts! I liked them this month.
  • Wearing multiple hats I attended SustainNYC, talking about sustainability in free and open source software.
  • I submitted to some CFPs — SCaLE, FOSSASIA, and OSCON.
  • I am serving on the papers committee for CopyLeftConf, and for this I reviewed proposals.

Free software activities (professional)

  • We launched a fundraiser! (About a patent infringement case)
  • Funding a legal case is an expensive proposition, so I am also meeting with companies and potential large donors interested in helping out with the case.
  • We launched another fundraiser! (About general Foundation activities)
  • I participated in the hiring process to fill two roles at the GNOME Foundation.

In C++/CX, hat pointers are contextually convertible to bool, but you can’t static_cast them to bool [The Old New Thing]

C++/CX is a language extension intended to make consuming the Windows Runtime easier. It is, however, no longer the C++ projection of choice. That honor now belongs to C++/WinRT, which allows you to consume the Windows Runtime using standard-conforming C++, no language extensions required.

For those of you stuck with C++/CX, heres’s a little puzzle: What do these functions do?

bool Mystery1(Object^ o)
{
    if (o)
    {
        return true;
    }
    else
    {
        return false;
    }
}

bool Mystery2(Object^ o)
{
    return static_cast<bool>(o);
}

bool Mystery3(Object^ o)
{
    return bool(o);
}

bool Mystery4(Object^ o)
{
    return (bool)o;
}

You’d think these would all be equivalent, but they’re not.

In the first mystery function, the object o is contextually converted to bool, and that’s done by treating nullptr as falsy and anything else as truthy. In this respect, hat pointers are like star pointers.

The remaining mystery functions attempt to unbox the object o to a bool, and they all behave the same way:

If you have Then you get
(Object^)true true
(Object^)false false
nullptr NullReferenceException thrown
anything else InvalidCastException thrown

If you just want to know what happens don’t care to understand the deep metaphysical significance of those last two rows, I don’t blame you.

But that’s probably not why you’re here. You want to understand the weird crazy world that led to the strange table above.

What’s going on is that a Object^ is really an IInspectable under the hood. And cast operations on IInspectable are performed by doing a Query­Interface. In this case, we are casting to IBox<bool>.

If you have a nullptr, then the attempt to call Query­Interface results in a null pointer dereference, hence the Null­Reference­Exception.

If the object is not a boxed bool, then the Query­Interface fails with E_NO­INTERFACE, which is expressed in C++/CX as an Invalid­Cast­Exception.

For me, the weird part is that there are two different categories of results: The contextual conversion is different from the other conversions.

It means that you get weird puzzles like this:

Object^ p = false;
Object^ q = false;

if (p)                    std::cout << 1;
if ((bool)p)              std::cout << 2;
if (static_cast<bool>(p)) std::cout << 3;
if (p == q)               std::cout << 4;
if (p == false)           std::cout << 5;
if (!p)                   std::cout << 6;

What does this fragment print?

Condition What’s happening Result
if (p) Tests p against nullptr. prints 1
if ((bool)p) Unboxes p to bool. does not print
if (static_cast<bool>(p)) Unboxes p to bool. does not print
if (p == q) Compares two objects for identity. does not print
if (p == false) Boxes false then compares two objects for identity. does not print
if (!p) Tests p against nullptr. does not print

Converting hat pointers to bool is very strange. Be glad you don’t have to deal with it.

Next time, we’ll look at C++/WinRT. It’ll be a lot less strange.

 

15:42

Link [Scripting News]

I appreciate people pointing to me when quoting something from my blog, but I prefer you point to the blog and not my Twitter account. My home on the web is my blog, scripting.com, my Twitter account is a place to record random ideas before they appear on the blog.

Link [Scripting News]

Every so often I get tagged in someone's lament about how no one uses RSS. It's not true. It's one of those things you can't use alone, because it depends on your news sources supporting it. I get most of my news via my rivers, which of course are just aggregations of RSS feeds. I imagine the rivers will survive me. At some point it may not be a fire hose, it may be the way the Colorado River flows into the ocean, but I think I will never see the day that RSS is gone. It does its work quietly, unlike Twitter or Facebook. It doesn't steal your personal info. Or support Russian hackers. It's quiet. That's okay with me. 💥

Link [Scripting News]

BTW before Russians hacked our meme ecosystem, Google was doing it, and before them Sun, Microsoft, Apple and IBM. Google always felt threatened by RSS. They encircled it and then cut it off. They quietly got their shills in the tech press to talk about its demise. To slam me personally. It's an insidious thing. They still do it. Usually through cutouts, journalists and consultants, and sometimes Google employees. Big tech companies hate open formats and protocols, because they evolve independently of them. They feel they must control everything. It's not smart, wise or even realisitic, but after decades of existing in the wake of bigco's I know it's as inevitable as the sunset and sunrise cycle. Eventually the lack of flexibility marginalizes the big company, but they don't die, they just keep polluting, they buy politicians and we have to live with the result.

Fedex impresses [Scripting News]

As you know I've had trouble with UPS, so I figured when Fedex was set to do a big delivery to my house just after a 1.5 foot snow in the area, that they would never get one of their big delivery trucks down the road to my house, and I'd end up driving somewhere to pick up the packages. But yesterday afternoon there was a knock on the door, and there was the Fedex guy with my packages. Smiling. I couldn't believe it.

The truck said Hertz, not Fedex. It was a small AWD vehicle. He said when they came to deliver the stuff a day before they realized their big truck wouldn't make it down the orad, so they rented a smaller truck and drove that to my house with my package. He said we like to go the extra mile. Yes, they surely do! Compared to UPS, which has basically the same policy, trust the driver, but the ethos of this driver compared to whoever made the call at UPS (basically the customer can fuck off) was night and day.

Hat's off to Fedex. You win this contest, hands down.

15:28

Online freedom of expression hits a ten-year low [Cory Doctorow – Boing Boing]

Pam Cowburn from Article 19 writes, "Our new report shows that digital freedom of expression – defined as our ability to speak freely online – is at a ten year low. The report states that this decline is due to a rise in digital authoritarianism with governments taking control of internet infrastructure, increasing online surveillance and controlling content."

The core threats that are contributing to the decline in digital freedom of expression are:

* Internet shutdowns: In 2015, UN experts said that shutting down the internet could never be justified under international human rights law. However, shutdowns are increasingly being used by governments, often during elections and protests.

* Weakened digital security: Governments undermine our ability to communicate securely when they call for encryption to be weakened or attempt to ban tools such as Virtual Private Networks or secure messaging apps, such as Telegram, which has been banned in Iran and Russia.

* Content restrictions: Almost half of the global population live in a country where access to social media or messaging platforms was blocked, either temporarily or permanently.

* Data localisation: Many countries, including Russia, Iran, China, Vietnam, Nigeria, and Pakistan are moving data servers within their borders, allowing them access to data and metadata, which can be used for surveillance.

* Net neutrality: Last year, the US repealed net neutrality rules, which compelled internet service providers to treat all websites and tools equally. This is part of a global trend where providers offer mobile and connection packages that give free or reduced-price access to certain social media or outlets. There is an impact for freedom of expression if users are able to access sites more quickly or without using their data allowances.

* Online surveillance: Digital surveillance threatens our freedom of expression online and offline, whether it’s the mass surveillance of communications or the use of facial recognition technology in public spaces.

* Artificial intelligence: The increased use of AI has implications for free speech, particularly as there is a lack of transparency over how AI is being used, and how it can collect and use data.

Global Expression Report 2018/2019 [Article 19]

(Thanks, Pam!)

(Image: Amin, CC BY-SA, modified)

Treating Workers With Dignity Act [Richard Stallman's Political Notes]

The Treating Workers With Dignity Act would guarantee employees a break to eat a meal, use the restroom, or tend to their medical needs while on the job.

14:42

Security updates for Thursday [LWN.net]

Security updates have been issued by Arch Linux (firefox), Fedora (cyrus-imapd, freeipa, haproxy, ImageMagick, python-pillow, rubygem-rmagick, sqlite, squid, and tnef), openSUSE (haproxy), Oracle (microcode_ctl), and Ubuntu (squid, squid3).

14:21

Jonas Meurer: switch to sway [Planet Debian]

Switching from Gnome to a tiling window manager

After having thought about it since "forever", I finally decided to switch to a tiling window manager. I went with sway since it runs on wayland and since it seems to be the recommended "wayland version of i3", a tiling window manager that many of my tech friends use ;)

After a few days of using sway, I'm pretty sure that I won't switch back anytime soon. It feels super convenient to have all windows tiled on the screen and being able to rearrange and resize them easily with a few keyboard shortcuts.

There's still some things that didn't work instantly, so I'll try to document them here in hope that it's useful to others. Feedback welcome!

This blog post covers the following topics:

Install sway on Debian Buster

I run Debian Buster on my work machine. The sway components aren't available in Buster or buster-backports yet, so I went with installing the packages from Unstable or experimental manually. I'll probably help with backporting them to buster-backports once I settled on using sway.

Lucky enough, sway packages only bring one dependency that's not satisfied in Buster, which is libjson-c4. So for now, to install the sway Debian packages on Buster, you have to do the following:

mkdir ~/devel/sway && cd ~/devel/sway

wget http://ftp.de.debian.org/debian/pool/main/w/wlroots/libwlroots3_0.7.0-2_amd64.deb
wget http://ftp.de.debian.org/debian/pool/main/s/scdoc/scdoc_1.10.0-1_amd64.deb
wget http://ftp.de.debian.org/debian/pool/main/s/swaybg/swaybg_1.0-2_amd64.deb
wget http://ftp.de.debian.org/debian/pool/main/s/swaylock/swaylock_1.4-1_amd64.deb
wget http://ftp.de.debian.org/debian/pool/main/s/swayidle/swayidle_1.5-1_amd64.deb
wget http://ftp.de.debian.org/debian/pool/main/s/sway/sway-backgrounds_1.2-1_all.deb
wget http://ftp.de.debian.org/debian/pool/main/j/json-c/libjson-c4_0.13.1+dfsg-6_amd64.deb
wget http://ftp.de.debian.org/debian/pool/main/s/sway/sway_1.2-1_amd64.deb

apt install ./libwlroots3_0.7.0-2_amd64.deb ./scdoc_1.10.0-1_amd64.deb ./swaybg_1.0-2_amd64.deb ./swaylock_1.4-1_amd64.deb ./swayidle_1.5-1_amd64.deb ./sway-backgrounds_1.2-1_all.deb ./libjson-c4_0.13.1 ./sway_1.2-1_amd64.deb

apt install dunst i3status suckless-tools

Basic sway configuration

Sway brings a good basic configuration at /etc/sway/config. In order to customize it, copy the file over to ~/.config/sway/config. First things I changed were the following:

# Disable windows title bars
default_borter pixel

# Use tilix wrapper as terminal emulator (more on that later)
set $term ~/.config/sway/scripts/tilix-wrapper.sh

# My internal laptop screen
set $laptop_screen eDP-1

# Command to lock screen
set $lock 'swaylock -F -f -e -K -l -c 000000'

# Default wallpaper
output * bg ~/Pictures/favourite_background.jpg fill

# Idle configuration
exec swayidle -w \
         timeout 300 $lock \
         timeout 600 'swaymsg "output * dpms off"' \
         resume 'swaymsg "output * dpms on"' \
         before-sleep $lock

# Internal Thinkpad Keyboard
input "1:1:AT_Translated_Set_2_keyboard" {
    xkb_layout de,us
    # Change keyboard layouts on <Super>+<Space>
    xkb_options grp:win_space_toggle
}

# Cherry Keyboard
input "1130:275:Cherry_GmbH_CHERRY_Wired_Keyboard" {
    xkb_layout de,us
    # Change keyboard layouts on <Super>+<Space>
    xkb_options grp:win_space_toggle
}

# Internal Thinkpad Touchscreen
input "2:7:SynPS/2_Synaptics_TouchPad" natural_scroll "enabled"

# Status Bar
bar {
    position top
    # Use i3status as status bar
    status_command i3status
}

# Custom key bindings

# Lock screen
bindsym $mod+Escape exec $lock

# Audio and brightness key bindings
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle
bindsym XF86AudioMicMute exec pactl set-source-mute @DEFAULT_SOURCE@ toggle
bindsym XF86MonBrightnessDown exec brightnessctl set 5%-
bindsym XF86MonBrightnessUp exec brightnessctl set +5%
bindsym XF86AudioPlay exec playerctl play-pause
bindsym XF86AudioNext exec playerctl next
bindsym XF86AudioPrev exec playerctl previous

# Bindings for Firefox and Thunderbird
bindsym $mod+Shift+b exec "env MOZ_ENABLE_WAYLAND=1 firefox"
bindsym $mod+Shift+m exec "thunderbird"

# Autostart

# Start dunst, a notification daemon
exec dunst

# Start some programs in fixed worspaces
assign [app_id="firefox"] → 1
exec "env MOZ_ENABLE_WAYLAND=1 firefox"
assign [class="thunderbird"] → 2
exec "thunderbird"

Picking an application launcher

The default application launcher to be used is dmenu (from suckless-tools). While it works okayish, I don't particularly like it. In my eyes, it looks rather old-fashioned, and even worse, it doesn't seem to have support for freedesktop.org desktop entries.

I looked around a bit and wofi sounded pretty promising. It's not in Debian yet but was easy to compile. A big downer though is that it depends on a newer libglib2.0 version (2.60) than in Debian Buster. I still compiled it in a Bullseye schroot and got a first impression. I like it's look and feel (after a bit CSS customization) and probably I'll go with packaging it for Debian.

For the moment, I'm stuck with dmenu on my working system, though.

Configure the status bar

I decided to go with the i3status status bar and it serves my purposes pretty well. Here's my config (/.config/i3status/config):

# i3status configuration file.
# see "man i3status" for documentation.

# It is important that this file is edited as UTF-8.
# The following line should contain a sharp s:
# ß
# If the above line is not correctly displayed, fix your editor first!

general {
        #colors = true
        colors = false
        interval = 5
}

order += "load"
order += "wireless _first_"
order += "ethernet _first_"
order += "path_exists VPN"
order += "battery all"
order += "tztime local"

# Customized wireless status
wireless _first_ {
        format_up = "W: (%quality at %essid) %ip"
        format_down = "W: down"
}

# Only show ethernet status when connected
ethernet _first_ {
        # if you use %speed, i3status requires root privileges
        format_up = "E: %ip"
        format_down = ""
}

# Display VPN status
path_exists VPN {
        # path exists when a VPN tunnel launched by nmcli/nm-applet is active
        path = "/proc/sys/net/ipv4/conf/tun0"
}

# Customized battery status
battery all {
        format = "%status %percentage"
        status_chr = "⚡"
        status_bat = "🔋"
        status_full = "☻"
}

# Localized time format
tztime local {
        #format = "%Y-%m-%d %H:%M:%S"
        format = "%a %d. %b %Y %H:%M"
}

load {
        format = "L: %1min"
}

Configure a notification daemon

I'm really used to getting notifications by my chat programs (XMPP, IRC, Signal), and I don't want to dismiss this. So I installed dunst and configured sway to auto-start it (see above). That's it, it worked instantly. Well, that was easy :)

Preserve working directory in new terminal instances

One thing that really annoyed me after switching to sway was, that the working directory wasn't preserved when spawning new terminal instances. I often open five or more terminal instances in parallel when working on a complex project, and I'm very used to just open a new terminal and continue working in the same directory there immediately.

So I was really eager to find a solution here. Turned out that it's not that easy and needs a bit of dirty scripting, but I found a solution (with help from some nice folks in #sway on Freenode).

First some words about the problem: spawning a new terminal in sway doesn't use whatever sophisticated means to spawn new instances of the same terminal process. Instead, it just spawns a fresh process of your favourite terminal emulator. While I really like tilix and used it as a tiling terminal emulator, I no longer want to use it's tiling features when I now have a tiling window manager. I'll stick for tilix for now as I like its look and feel, though.

So if the new terminal emulator process doesn't know about the working directory of your former terminal, what to do about it?

The solution: Luckily, it's possible to identify the PID of your focused window in sway using swaymsg -t get_tree. In case that the focused window is a terminal emulator, it's parent ID should be your shell. And the shells PWD can easily be determined by reading the symlink /proc/$PID/cwd.

So let's put this in a wrapper script under ~/.config/sway/scripts/tilix-wrapper.sh:

#!/bin/sh

# Small script that tries to determine the PWD of the focused terminal
# (in sway tiling window manager) and pass it to the newly spawned one.

TERMINAL_CMD="tilix --new-process"

FOCUSED_PID=""
if [ ! type jq 2>/dev/null ]; then
    echo "ERROR: jq not installed" >&2
else
    FOCUSED_PID="$(swaymsg -t get_tree | jq '.. | select(.type?) |
        select(.type=="con") | select(.focused==true).pid')"
fi

FOCUSED_PWD=""
# Check if $FOCUSED_PID is an integer
if [ "$FOCUSED_PID" -eq "$FOCUSED_PID" 2>/dev/null ]; then
    FOCUSED_PPID="$(ps -o pid= --ppid "$FOCUSED_PID" | awk '{print $1}')"
    if [ "$FOCUSED_PPID" -eq "$FOCUSED_PPID" 2>/dev/null ]; then
        FOCUSED_PWD="$(readlink "/proc/$FOCUSED_PPID/cwd")"
    fi
fi

# Spawn terminal in background
if [ -d "$FOCUSED_PWD" ]; then
    $TERMINAL_CMD --working-directory="$FOCUSED_PWD" $@ &
else
    $TERMINAL_CMD $@ &
fi

Finally, we have to set the script as $term in sways config (see above). Yay, now I've a solution to preserve my working directory when spawning new terminals!

Use gnome-keyring as SSH agent with sway

Another super annoying thing was that my SSH agent no longer worked with sway, mostly because I used gnome-keyring before and it wasn't spawned automatically when starting sway. So let's change that. I found it a bit complicated to get this working as docs on the internet said a lot of different things, but in the end, the following worked.

Since I still use gdm3 as desktop manager, gnome-keyring-daemon is started automatically during login. So the only thing that's missing is to initalize the gnome-keyring-daemon when starting a terminal. To do so, add the following to ~/.profile (in order to only do it on a login shell):

# Connect to and initalize gnome-keyring-daemon when in sway session
if [ "$DESKTOP_SESSION" = "sway" ]; then
    export $(gnome-keyring-daemon --start)
fi

What's missing

  • I want to start profanity (XMPP client) and irssi (IRC client) automatically in workspace 3, but so far I failed to find a working filter for sways assign feature to identify tilix instances with profanity/irssi (in order to automatically assign those terminals to workspace 3).
  • I miss the redshift feature of gnome 3. redshift itself doesn't support wayland yet. There's a fork with wayland support, but I didn't find time to look into it yet.
  • I'll probably switch from i3status to py3status soon as it's list of modules looks really promising.

13:42

Whatever Holiday Gift Guide 2019, Day Four: Fan Favorites! [Whatever]

49142804936_d1cee081de_b

For the first three days of the Whatever Gift Guide 2019, I’ve let authors and creators tell you about their work. Today is different: Today is Fan Favorites day, in which fans, admirers and satisfied customers share with you a few of their favorite things — and you can share some of your favorite things as well. This is a way to discover some cool stuff from folks like you, and to spread the word about some of the things you love.

Fans: Here’s how to post in this thread. Please follow these directions!

1. Fans only: That means that authors and creators may not post about their own work in this thread (they may post about other people’s work, if they are fans). There are already existing threads for traditionally-published authorsnon-traditionally published authors, and for other creators. Those are the places to post about your own work, not here.

2. Individually created and completed works only, please. Which is to say, don’t promote things like a piece of hardware you can find at Home Depot, shoes from Foot Locker, or a TV you got at Wal-Mart. Focus on things created by one person or a small group: Music CDs, books, crafts and such. Things that you’ve discovered and think other people should know about, basically. Do not post about works in progress, even if they’re posted publicly elsewhere. Remember that this is supposed to be a gift guide, and that these are things meant to be given to other people. So focus on things that are completed and able to be sold of shared.

3. One post per fan. In that post, you can list whatever creations you like, from more than one person if you like, but allow me to suggest you focus on newer stuff. Note also that the majority of Whatever’s readership is in the US/Canada, so I suggest focusing on things available in North America.

4. Keep your description of the work brief (there will be a lot of posts, I’m guessing) and entertaining. Imagine the person is in front of you as you tell them about the work and is interested but easily distracted.

5. You may include a link to a sales site if you like by using standard HTML link scripting. Be warned that if you include too many links (typically three or more) your post may get sent to the moderating queue. If this happens, don’t panic: I’ll be going in through the day to release moderated posts. Note that posts will occasionally go into the moderation queue semi-randomly; Don’t panic about that either.

6. Comment posts that are not about fans promoting work they like will be deleted, in order to keep the comment thread useful for people looking to find interesting gifts.

Got it? Excellent. Now: Geek out and tell us about cool stuff you love — and where we can get it too.

13:28

Radar trends to watch: December 2019 [Radar]

Privacy and security trends

  • DNS over HTTPS is rolling out in all major browsers. This is important. Although there are some security concerns, and opposition from ISPs, DNS over HTTPS makes it much more difficult for ISPs (and others) to track and resell your internet usage habits. The ISPs had this coming. (Will they block access to other name servers, like 8.8.8.8 and 1.1.1.1?)
  • A Cage Went in Search of a Bird” is a must-read piece on the future of privacy, riffing off an aphorism by Franz Kafka. Here’s a really short summary of the piece: technologies grant power, and that power will be used unless you think very carefully about how you want power to be used.
  • OpenTitan is an open source chip design from Google to verify that hardware can be trusted, from the firmware up.
  • Although the Chinese government is highly opposed to cryptocurrencies like Bitcoin and Ethereum, they are building their own, and starting to talk more about it. They have some fairly strong guarantees about user-controllable privacy—as long as you don’t want to keep anything private from the Chinese government.

VR trends

  • So far, virtual reality has been about vision. The next step may be virtual touch. You wear a wireless device against your skin that has large numbers of very small embedded actuators.
  • Volumetric capture is a big step forward in 3D photography and VR. Google is working on it. More important (though fairly obvious): the future of computer vision is AI; it’s not the collection of algorithms for specific tasks that you find in traditional CV libraries.

Health

  • Google is buying Fitbit, clearly to compete with Apple (and to keep Wear OS relevant). The purchase itself isn’t as important as the return of interest in digital health.
  • Google’s alliance with Ascension Health (which may just be moving Ascension to the cloud, but appears to be more about making data available for research) is generating a lot of suspicion. That suspicion may be deserved, but one of the biggest problems hampering health research is data access. The project raises many ethical issues; we don’t yet know how they’ll be addressed.

Robotics

  • Google is building a general-purpose learning robot. I doubt this will ever be a consumer product, but it’s an interesting idea. Is it possible to build a robot that does things like sort recyclables? If you’ve ever looked at a trash can at a conference, you know it’s something humans can’t be bothered to do.
  • Along similar, though more frightening, lines: Boston Dynamics’ robotic dog has been used by the Massachusetts State Police in at least two cases. The lease agreement between Boston Dynamics and the police specifies that the robots may not be used to “physically harm or intimidate people,” but it remains to be seen whether the users will stick to those imitations. What does “intimidate” even mean, when a robot is involved?

Other trends

  • Kubernetes isn’t the only game in town, even though it killed off all its early competition. It’s a first-generation product, and likely to be superseded. Fargate on AWS is starting to get traction, and HashiCorp has a suite of products that compete.
  • It’s worth paying attention to the drama around open source licenses, which are more interesting now than at any time in the past decade. One new twist is the Hippocratic License, which allows anyone to use the software for purposes that don’t do harm. It’s an attempt to formalize the desire to prevent software from being used in military applications.
  • It’s easy to think of agriculture as low tech, but that’s wrong: Microsoft is working on AI-enabled agriculture. I would not be surprised to see similar efforts at Google and Amazon, to say nothing of the companies that are already in the agriculture sector, and a host of startups.
  • Microsoft and Warner Brothers are collaborating on bulk data storage on glass slides. They can store a full-length movie on a 3×3-inch slide, which will remain readable for more than 1,000 years. This addresses one of the long-standing archival problems in computing. Paper is good for millennia, but digital storage only lasts for decades, if that.
  • Photoshop in the camera in the phone: it was easy to count Photoshop out, particularly with their controversial subscription licensing, but now they’re putting it all the way into the phone. It’s a smart move.

12:49

Election Machine Insecurity Story [Schneier on Security]

Interesting story of a flawed computer voting machine and a paper ballot available for recount. All ended well, but only because of that paper backup.

Vote totals in a Northampton County judge's race showed one candidate, Abe Kassis, a Democrat, had just 164 votes out of 55,000 ballots across more than 100 precincts. Some machines reported zero votes for him. In a county with the ability to vote for a straight-party ticket, one candidate's zero votes was a near statistical impossibility. Something had gone quite wrong.

Boing Boing post.

12:42

Four short links: 5 December 2019 [Radar]

  1. Rediscovered Incomplete Infocom Text Adventure: Hypochondriac — download link in the video description. Discovered by Adam Summerfield by rummaging through the directories of the Infocom Hard Drive. It’s not finished and it crashes, but wow—that’s like finding a new Shakespeare play. (via Renga in Blue)
  2. What TikTok Reports About You, and How (Matthias Ebert) — great Twitter thread where he shows how TikTok tracks you and where the data goes. I learned heaps, including Canvas Fingerprinting. They draw an image in the background using vector graphic commands. Afterward, they save the image to a rasterized PNG. This data is quite unique among different devices, depending on settings and hardware.
  3. COBOL Day — a conference for COBOL developers, in Italy. It’s a skill with immense employability.
  4. Practice Difficult Conversations (Lara Hogan) — details how to practice hard conversations, and how to have them. Includes sample situations to roleplay.

12:00

Meet the Guy Behind the Libgen Torrent Seeding Movement [TorrentFreak]

Whenever Library Genesis (Libgen) or Sci-Hub hit the headlines, what tends to follow is a fracturing of opinion on where these sites sit in the piracy landscape.

Both are best known for their massive archives of scientific articles and research papers. They are also notable for their absolute commitment to the spread of knowledge for the betterment of society as a whole. This means that even some otherwise staunch opponents of piracy pause for thought.

While huge publishing companies want them gone, support for these platforms among the knowledge-thirsty can be robust. Just over a week ago, the passion for keeping Libgen alive became evident in a Reddit thread (posted by a user known as ‘shrine’) titled ‘Charitable seeding for nonprofit scientific torrents’

“Libgen is a 33 terabyte scientific library with 2.4 million free books covering science, engineering, and medicine,” ‘shrine’ began.

“It’s the largest free library in the world, servicing tens of thousands of scientists and medical professionals around the world who live in developing countries that can’t afford to buy books and scientific journals. There’s almost nothing else like this on Earth – they’re using torrents to fulfill World Health Organization and U.N. charters.”

However, the torrents used by Libgen were not in good shape so ‘shrine’ began a movement to boost the quality of their swarms. The project was quickly spotted and then supported by two companies (Seedbox.io and UltraSeedbox.com) that offer ‘seedboxes’, effectively server-based torrent clients with plenty of storage space and bandwidth available – perfect for giving swarms a boost.

The project gained plenty of traction and as a follow-up thread details, considerable success. Today we catch up with ‘shrine’ for some history, background information, and an interesting status report.

“Ironically this all started when I saw the TorrentFreak article about [Libgen] mirrors getting taken down. I immediately decided I wanted to find a way to preserve and protect the collection,” ‘shrine’ says.

“I started out, but realized that the Plex server in my living room wouldn’t be enough to back up the largest free library in the world. That’s when I wrote my plea to /r/datahoarder hoping for a few guys to help out. Once the project exploded my role since then has been coordinating the hundreds of seed donations out of my Google Doc and answering as many questions as I can.”

Shrine is completely unconnected to the Libgen site but says he’s been a user for years. Before his project began he didn’t have a clear idea of how the site operated or what it took to keep it online but he’s now focused on two primary goals – back up Libgen and distribute the data so that people can find new ways to utilize it.

“The collection we’re seeding now is 32TB (18%) of [Libgen’s] total collection, so it’s just the first step in preserving the project,” he says, pointing to Libgen’s stats page.

We asked ‘shrine’ if any stats on swarm strengths were taken when the project began, so a comparison can be made today. He told us that an index for the collection didn’t even exist a week ago, so planning and coordination was difficult. However, some stats are available.

“The first thing I did was find a way to scrape the torrents to motivate seeders and track progress. I started collecting data on November 30th using a very cool open source indexer on GitLab,” he reveals.

Project data (Nov 30 to Dec 4)

While the previously-mentioned seedbox suppliers provided a huge boost to the project, there are plenty of anonymous donors and supporters behind the scenes too, even people who had no previous experience of using BitTorrent.

“I am overjoyed with the outpour of support. I have PMs from people who’ve never torrented before, have 1GB to spare, and want to know the best torrent client,” ‘shrine’ notes.

“Scientists in the Reddit threads are sharing stories of how LibGen made their research possible. Unnamed cloud providers have pledged 100TB allocation on their servers. The response has been overwhelmingly positive from everyone.”

Although ‘shrine’ regularly uses the term “we” in respect of seeding, he points out that he’s the project evangelist and there’s “nothing but Linux ISOs” on his own server. Nevertheless, the project has now turned into a movement, one that could have a profound effect on the overall free availability of scientific research.

“I only know there is no way to take the books back once they’ve been seeded. It’s a permanent library card for the world,” ‘shrine’ concludes.

Update: Seedbox.io reports they have some significant additional support for the project.

“Alongside our wonderful provider at NFOrce.nl we are going to sponsor up an entire server which will be big enough to hold the entire libgen project in full. Lets get this thing well seeded for the future so others can benefit from it!”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

11:56

CodeSOD: Failure To Process [The Daily WTF]

Karl supplies us with an unusual bit of code. In the vein of a "true confession", it's code Karl wrote. In the vein of a good WTF, it had to be written like this because of bad choices...

11:07

Early Morning Sky, 12/5/19 + Further Pixel 4 Thoughts [Whatever]

I woke up early this morning — thank you, cats — and figured as long as I was up I’d go use the Pixel 4’s astrophotography mode, which is somewhat more advanced than the same mode on the Pixel 3, which was already impressive enough. I was not disappointed. This is a little after 4am, looking mostly west; you can see the constellations of Orion and Taurus, along with the Pleiades, and, of course, a bunch of other stars.

The photo that came out of the camera actually had more stars, I will note; I went into Photoshop and cranked it back just a little to make it closer to what my eyes see. Nevertheless, more than enough stars for anyone. I am genuinely impressed with this particular photo mode on the Pixel 4, and suspect I will be posting rather a lot of astrophotography photos in the future, because the phone makes it so much easier to do than it is on my DSLR.

Likewise, having now lived with the Pixel 4 for a week, I can say I’m more impressed with it than I was when I did my initial write-up. For example, the battery, while still not fabulous, is holding up rather better than my initial assessment. Part of that is due to me changing how I use the phone: because the Pixel 4 can detect when I’m reaching for it or looking at it, I don’t have the ambient display on all the time, because why have the phone screen showing the time when I’m not looking at it? But I think part of it is indeed better management of power on the part of the phone. I’m still taking an external battery with me if I’ll be away from the house for a while, but my experience so far is that’s more for my own peace of mind than an actual need.

I also find the face unlock mostly a good thing. I thought I would miss the fingerprint scanner more than I have, but inasmuch as the phone opens up quickly when I grab it and look at, it’s not been an issue at all. The face unlock is still insecure (it still opens with one’s eyes closed), but again as a practical matter I don’t sleep with anyone I don’t trust with my phone, so on a day-to-day basis this isn’t a problem.

Otherwise the phone works pretty much as I want it to; it’s snappy enough for anything I throw at it and since I’m well-integrated into Google services, it’s useful to me. The new thing I do a lot off the Pixel 4: Streaming, since the Disney+ app on my LG TV sucks donkey balls, while the one on Android can show me The Mandalorian without having to buffer every ten seconds. So there it is.

Camera-wise and aside from the astrophotography mode, the Pixel 4 camera, like all the cameras in the Pixel line, continues to be very impressive and one I would very much recommend. Once again I acknowledge the complaint about not having an ultrawide lens, but, also again, I don’t exactly miss it myself. I get wide enough photos as it is.

So in all the Pixel 4 is a phone I would generally highly recommend, especially for people who take a lot of photos. If you get one, you may find yourself wandering outdoors at 4am to take photos of the night sky. This is not a bad thing.

10:21

The thing about hot button issues [Seth's Blog]

It’s not that they are buttons.

It’s that they’re hot.

They’re hot because they get pressed all the time. They’re hot because they’re seductive. It’s an easy button to push, so people push it all the time.

And that can get you burned.

It can short circuit the point you were trying to make.

It turns out that there are plenty of other buttons, often ignored, that people are eager to activate. Plenty of topics and fears and dreams and beliefs that are just waiting to be seen and engaged with.

We don’t need the risky shortcut of the hot button. It’s not going to work anyway.

09:21

Feeds | FAIR Software at the 2019 eScience Symposium [Planet GridPP]

FAIR Software at the 2019 eScience Symposium g.law 5 December 2019 - 9:30am

FAIR data has been on everybody’s lips for a while. Many think that FAIR software will become “the next big thing” in eScience. Reasons enough to devote a session at the National eScience Symposium to the discussion of FAIR and its meaning for research software.

07:35

The Humble Book Bundle: Brainwave 2 by Open Road Media [Humble Bundle Blog]

We’ve teamed up with Open Road Media to bundle intriguing, engaging, and enriching nonfiction guaranteed to make you smart(er)! Get

Continue reading

The post The Humble Book Bundle: Brainwave 2 by Open Road Media appeared first on Humble Bundle Blog.

06:42

OK Gamer – DORK TOWER 28.11.19 [Dork Tower]

Dork Tower is 100% reader supported.  Join the Army of Dorkness today, and help bring more Dork Tower to the world! By becoming a Dork Tower Patreon backer, you get John’s everlasting gratitude (and also swag, commentary, bonus strips, and more swag), but, critically, you’ll help us reach our next goal – three comics a week!

05:49

1354 [Looking For Group]

The post 1354 appeared first on Looking For Group.

05:00

Perils of Wisdom [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Tonight's comic is about asking for advice.

04:14

[$] LWN.net Weekly Edition for December 5, 2019 [LWN.net]

The LWN.net Weekly Edition for December 5, 2019 is available.

03:14

Daydream Nation [QC RSS]

Pintsize kinda startin to look like a Wooper

Wednesday, 04 December

23:42

FCC Chairman Pai's former employer, Verizon, lied about coverage, and then Pai tried to bury the news [Cory Doctorow – Boing Boing]

America's telcoms sector is hugely concentrated and corrupt, and systematically underinvests in maintenance and infrastructure even as it gouges customers, which it can get away with thanks to its monopoly power, leaving Americans with some of the world's worst, most expensive communications services.

Everyone who's communicated electronically in any way in the USA knows this, except, apparently, FCC Chairman Ajit Pai, a former Verizon lawyer who has spent the years since Donald Trump appointed him to the chair dismantling what few consumer protections existed in the sector.

But reality has a well-known left wing bias, so when the FCC investigated the claims made by Verizon, T-Mbile and US Cellular about their 4G coverage, it discovered that they had lied to their regulator (again).

Rather than punishing his former employer, Pai took the principled decision to let them off the hook, opting instead to send all carriers a sternly worded memo reminding them that he could punish them for lying, if he wanted to.

And to ensure that this corporate ripoff of America got all the attention it deserved, Pai chose to announce the investigation's finding in the third paragraph of a press release about 5G (which is bullshit), in which he failed to mention any of the offending carriers by name.

FCC officials didn't voluntarily bring up the topic of whether Verizon, T-Mobile, and US Cellular will be punished for exaggerating coverage. But FCC officials confirmed that Pai does not intend to take enforcement action in response to a question from a reporter during the press call, and in response to a question from Ars via email.

But Pai does agree with all of the recommendations FCC staff made in their report, including the recommendation to issue an enforcement advisory to the industry, a senior FCC official said. While the FCC said it found no evidence of a violation of Mobility Fund rules, the commission has yet to determine whether carriers violated rules in the separate Form 477 data-collection program.

FCC tries to bury finding that Verizon and T-Mobile exaggerated 4G coverage [Jon Brodkin/Ars Technica]

Sunset 12/4/19 [Whatever]

The first sunset we’ve had this month — every other day has been overcast. This one was cloudy, too, but the sun got through anyway. As you can see.

22:49

The rise and fall of the PlayStation supercomputers [OSnews]

Dozens of PlayStation 3s sit in a refrigerated shipping container on the University of Massachusetts Dartmouth’s campus, sucking up energy and investigating astrophysics. It’s a popular stop for tours trying to sell the school to prospective first-year students and their parents, and it’s one of the few living legacies of a weird science chapter in PlayStation’s history. Those squat boxes, hulking on entertainment systems or dust-covered in the back of a closet, were once coveted by researchers who used the consoles to build supercomputers. With the racks of machines, the scientists were suddenly capable of contemplating the physics of black holes, processing drone footage, or winning cryptography contests. It only lasted a few years before tech moved on, becoming smaller and more efficient. But for that short moment, some of the most powerful computers in the world could be hacked together with code, wire, and gaming consoles. The PlayStation 3 and its Linux compatibility were going to change everything. Back in those days, it was pretty much guaranteed that on every thread about some small, alternative operating system, someone would demand PS3 support, since the PS3 was going to be the saviour of every small operating system project. Good memories.

Apple’s Activation Lock will make it very difficult to refurbish Macs [OSnews]

Every month, thousands of perfectly good iPhones are shredded instead of being put into the hands of people who could really use them. Why? Two words: Activation Lock. And Macs are its next victim. “We receive four to six thousand locked iPhones per month,” laments Peter Schindler, founder and owner of The Wireless Alliance, a Colorado-based electronics recycler and refurbisher. Those iPhones, which could easily be refurbished and put back into circulation, “have to get parted out or scrapped,” all because of this anti-theft feature. With the release of macOS Catalina earlier this fall, any Mac that’s equipped with Apple’s new T2 security chip now comes with Activation Lock—meaning we’re about to see a lot of otherwise usable Macs heading to shredders, too. While I understand the need for security features such as these – who doesn’t – it should definitely be possible to save these devices from the shredder. It’s such a waste of perfectly good hardware that could make a lot of less-privileged people around the world a whole lot happier.

22:14

[$] A static-analysis framework for GCC [LWN.net]

One of the features of the Clang/LLVM compiler that has been rather lacking for GCC may finally be getting filled in. In a mid-November post to the gcc-patches mailing list, David Malcolm described a new static-analysis framework for GCC that he wrote. It could be the starting point for a whole range of code analysis for the compiler.

RIP, science fiction pioneer Dorothy "DC" Fontana [Cory Doctorow – Boing Boing]

DC Fontana was a pioneering writer and editor for Star Trek who worked on shows like Babylon Five, the Six Million Dollar Man, He Man, and Buck Rogers, one of the most prominent women in the field. She died yesterday, aged 80, after a short illness. Science fiction mailing lists and websites have been flooded with remembrances for Fontana, but I'm especially fond of Diane Duane's. (Thanks, Kathy Padilla!) (Image: Larry Nemecek, CC BY-SA)

20:56

Link [Scripting News]

My four-minute podcast about why removing the president is obviously the thing to do.

20:42

The south's latest culinary trend: inadequate, rotting prison food, supplemented by cattle feed [Cory Doctorow – Boing Boing]

One of my favorite podcasts is Gravy, from the Southern Foodways Alliance, where highlight hidden and fascinating changes and progress in southern food -- from disappearing "community canneries" to Mahalia Jackson's once-booming chain of fried chicken restaurants to the strange story of the Tennessee hippie commune that pioneered vegan food in the USA to the Klan's Texas BBQ rallies of the 1920s.

This week, Gravy devoted its episode (MP3) to food in southern prisons, noting that America leads the world in imprisonment and the south leads America in imprisonment -- and austerity-happy, punitive Red State governments have made southern prisons into food nightmares, with some prisons full of starving people on two meals a day, other gripped by obesity epidemics thanks to low-grade, high-carb food. Prisoners fed on rotting food are subject to waves of food poisoning, or on cattle feed in packaging that reads "NOT FIT FOR HUMAN CONSUMPTION."

All this means that prisoners leave their incarceration sick, malnourished, and hobbled in their attempts to re-enter life after they have served their time.

In the U.S. nearly 1.5 million people live in state and federal prisons. About a third of them are imprisoned in the South. As the population of incarcerated people has soared, budgets haven’t followed, leaving food managers to provide more meals with less money. Two formerly incarcerated people, Lupa Brandt and Zahara Green, tell us the results are often physically and mentally unsatisfying. Inmates end up feeling sick and devalued. Lupa and Zahara argue that’s a public health problem everyone should care about because 95% of inmates return to their communities.

Are prison diets punitive? A report from behind bars [Gravy/Southern Foodways Alliance]

20:28

EU Study Shows Online Piracy is Complex and Not Easy to Grasp [TorrentFreak]

Research released by the EUIPO last week revealed that pirate IPTV services generate nearly €1 billion in revenue per year. That’s in Europe alone.

The figure confirmed that piracy remains a massive problem, but a second study also delivered some more positive news. From 2017 to 2018, access to pirated content across Europe dropped by more than 15 percent.

This headline figure was undoubtedly welcomed by copyright holders, but the broader report deserves more in-depth analysis.

For starters, the study only covers part of the piracy landscape. It is based on data provided by the piracy tracking company MUSO which solely looks at website visits. This means that apps, streaming devices, and IPTV services are not included.

This may shed a different light on the piracy drop, as these untracked piracy channels have grown explosively in recent years. According to some, these streaming tools are the largest piracy threat at the moment. As such, it’s entirely possible that overall piracy levels didn’t drop, or could even have grown.

When we asked EUIPO about this caveat, it informed us that MUSO’s data, together with that from the European Audiovisual Observatory and Eurostat, was chosen to get the most complete picture possible.

“The MUSO database was chosen as a source of data to enable us to get as full a picture as possible of online copyright infringement in the EU to which the methodology could be applied,” EUIPO informed us.  

That makes sense, as the newer piracy tools are simply harder to track, so there may simply be no data available.

While EUIPO’s ‘picture’ only covers part of the piracy landscape, it is very detailed and suitable for comparisons over time, based on a wide variety of variables. This provided some interesting insights, especially when it comes to regional differences.

For example, total piracy, specified by the number of site visits per user per month, is by far the highest in Latvia and Lithuania. The relative piracy volume there is more than six times as high as in Finland, as can be seen below.

Total piracy by country and content type, 2018

The logical conclusion would be that piracy is far more prevalent in countries on the left. However, caution is warranted, as this only covers site-based piracy.

Last week, the other EUIPO study showed that IPTV piracy is below average in Latvia, while it’s high in this report. On the other hand, site-based piracy is below-average in Spain, where IPTV piracy is thriving. And we haven’t even considered streaming boxes and apps.

One major difference between site-based piracy and IPTV piracy is that the latter usually requires a subscription. In other words, people have to pay to pirate. That may, at least in part, be due to regional differences, as countries differ in their average income per person.

The money element was also considered in the EUIPO study. Following statistical analyses, the researchers found that a lower income per capita is linked to more piracy. Again, this is solely based on website visits.

“Among the socio-economic factors, the level of income per capita and the extent of inequality seem to have the greatest impact on consumption of pirated content: high per capita income and a low degree of income inequality are associated with lower levels of illicit consumption,” the report concludes.

The link between income and piracy is not counterintuitive. That’s also true for the link that was found between social acceptance of piracy and piracy volume. What is surprising, however, is that awareness of legal services and piracy is absent for some content.

EUIPO found that more awareness of legal TV services was linked to more TV piracy. For music, a similar trend was found, albeit not statistically significant. More awareness of legal movie services, on the other hand, was linked to less piracy, as expected.

“It appears that the relationship between legal offer and piracy is a complex one and merits further investigation,” EUIPO concludes.

Overall the EUIPO study provides some interesting views on the piracy landscape in the EU. While it only covers site-based traffic, it’s clear that piracy habits differ greatly from country to country, and that they’re not always easy to grasp.

A copy of the report titled: “Online copyright infringement in the European Union” is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

19:56

Browser plugins from Avast and AVG yanked for stealing user data [Cory Doctorow – Boing Boing]

The Firefox extensions store removed four plugins from Avast/AVG, including two that are supposed to keep users safe from malicious activity because they appeared to be stealing browser histories and other user data.

The four plugins are Avast Online Security and AVG Online Security (both billed as protection from malicious sites); and Avast Safeprice and AVG Safeprice (comparison shopping). They were analyzed by Adblock Plus creator Wladimir Palant late last month, who found them to be collecting "detailed user browsing history."

Palant reported the plugins to Mozilla developers, who removed them within 24 hours (they are still available in the Chrome plugin store, which, Palast says, is less responsive to reports like his). Avast says it working "to resolve the issue" and claims that the data-collection is needed to make its plugins work.

"The Avast Online Security extension is a security tool that protects users online, including from infected websites and phishing attacks," an Avast spokesperson told ZDNet. "It is necessary for this service to collect the URL history to deliver its expected functionality. Avast does this without collecting or storing a user's identification.

Mozilla removes Avast and AVG extensions from add-on portal over snooping claims [Catalin Cimpanu/Zdnet]

(via /.)

Second wave Algorithmic Accountability: from "What should algorithms do?" to "Should we use an algorithm?" [Cory Doctorow – Boing Boing]

For ten years, activists and theorists have been developing a critique of "algorithms" (which have undergone numerous renamings over the same time, e.g. "filter bubbles"), with the early critiques focusing on the way that these can misfire with dreadful (or sometimes humorous) consequences, from discrimination in which employment and financial ads get served to the "dark patterns" that "maximized engagement" with services that occupied your attention but didn't bring you pleasure.

Today, a new wave of critiques is emerging, one that doesn't merely ask "What are the problems with how this algorithm does its job?" but also asks, "Should an algorithm do this job?"

The canonical example of this is bias in facial recognition: it's well-understood that facial recognition tools perform worse when asked to identify women and people with darker skin, a circumstance that is very plausibly attributed to the male, white developers of these tools who trained them on people who looked like themselves.

The first-order critique of this is "Garbage In, Garbage Out": the lack of representation and the bias in tech hiring ripples out beyond the workplace and into the products, reproducing discrimination everywhere the products land.

But the second-order critique is more nuanced: "Given that a major application for facial recognition is totalitarian surveillance and control, maybe we should be thinking about limiting facial recognition altogether, rather than ensuring that it is equally good at destroying the lives of women and brown people."

This is a point that was really well articulated by Cindy Cohn at last year's launch party for the EFF/McSweeney's book on privacy. Cindy went on to point out that the Chinese state had overcome its problems with algorithmic bias in facial recognition for people of African descent by convincing an African nation to share its drivers' license database with Chinese researchers, who used this as training data -- which means that black people in China can be identified and rounded up just as well as Chinese people can. This is hardly a victory for human rights!

The second wave of algorithmic accountability is well-summarized in The Seductive Diversion of ‘Solving’ Bias in Artificial Intelligence, an essay by Julia Powles (previously) and Helen Nissenbaum, who wrote, "Which systems really deserve to be built? Which problems most need to be tackled? Who is best placed to build them? And who decides?"

Frank Pasquale (previously) predicts that this second-wave critique will be especially pointed when it comes to finance ("fintech"): "we should also ask larger questions about when 'financial inclusion' can be predatory, creepy (as in 24/7 surveillance), or subordinating (as in at least one Indian fintech app, which reduces the scores of those who are engaged in political activity). What happens when fintech enables a form of 'perpetual debt?'"

At present, the first and second waves of algorithmic accountability are largely complementary. First wavers have identified and corrected clear problems in AI, and have raised public awareness of its biases and limits. Second wavers have helped slow down AI and robotics deployment enough so that first wavers have more time and space to deploy constructive reforms. There may well be clashes in the future among those who want to mend, and those at least open to ending or limiting, the computational evaluation of persons. For example: those committed to reducing the error rates of facial recognition systems for minorities may want to add more minorities’ faces to such databases, while those who find facial recognition oppressive will resist that “reform” as yet another form of predatory inclusion. But for now, both waves of algorithmic accountability appear to me to share a common aim: making sociotechnical systems more responsive to marginalized communities.

The Second Wave of Algorithmic Accountability [Frank Pasquale/Law and Political Economy]

(via Naked Capitalism)

19:28

Link [Scripting News]

I was driving while listening to the Judiciary Committee testimony. During a break the NPR commentators spoke. Endless Republican spin, even though most of what we had heard at that point was very favorable to impeachment. Eloquent and passionate. A real education. At that point Turley had barely spoken, but all they did was make his points over and over. No question at this point NPR is Republican. Disgusting to me because I am most definitely not Republican. I need another source of news. WNYC which is generally good should consider breaking off from NPR if that's possible.

News Post: Acolytes [Penny Arcade]

Tycho: Gabe’s kids got him back into Titanfall 2.  I think they might already have moved on from it, but he and Kara are still in there.  They added a whole Wave Based Horde Mode thing, there’s a new Titan, it’s wild.  But there’s a stalwart community that remained in there, and they’ve slavered for exactly the kind of prey that Gabriel represents.  Somehow engaging in perpetual battle with this brutal new pantheon hasn’t scared him off yet. I have the ultimate and robust document here, a full accounting of the merchandise offering we have put…

19:21

The Case of the Felonious Bread [Whatever]

A few months ago, Seamus Blackley (who you might know as an engaging Twitter presence, oh and also the father of the XBox gaming console) started making bread using 4,500-year-old yeast scraped from ancient Egyptian pottery, and prepared as closely as possible to how it was made back in the old days (here’s a write-up about it in Eater, that’s worth reading for its own sake). At one point he offered to make a loaf for me — for the purposes of science, specifically, making a grilled cheese sandwich from the bread — and I of course accepted. He sent me a loaf via Fed Ex this weekend, and yesterday I got a notice through email that the package had been delivered. I went down from my office to retrieve it —

— and it wasn’t there.

Which confused me. I don’t live somewhere that thieves can easily nab things from my porch, and usually my package notifications are accurate. Fed Ex packages don’t just not show up at my house. So I went online and discovered that not only did Fed Ex claim the package was delivered, it was, in fact, signed for. This was especially odd, since a) I was the only one home, and b) the Fed Ex person did not, as they usually did when something needed to be signed for, ring my doorbell to get my attention.

Then I looked to see who it was who signed for my package:

“POLICE.”

Oh, well, see. That was interesting.

I used Fed Ex’s online help to try to delve further into the issue. The Fed Ex automated response told me that the package had been left “at a guard shack or station,” which confused me further, as there was no guard shack or station I could think of. Bradford, my home town, doesn’t even have its own police force; we are serviced by the county sheriff’s office. I thought maybe this was the Fed Ex delivery person’s way of saying they left it in my mailbox (which is a distance from my house on a rural road), but when Krissy got the mail on her way home from work, there was no Fed Ex package. Could the package actually have been intercepted by the police?

Reader, it could and had! When I spoke to a live person at Fed Ex, I was informed that the person who signed for the package had left a number to call. I called it; it was for a detective with the Dayton Police, Dayton being the city the Fed Ex facility is in. I called the number a couple of times and left voice mail, to find out what had happened to my bread.

And then, about an hour ago, Fed Ex showed up and delivered a package. It was the bread. And with the bread, a note from the Narcotic Bureau of the Dayton Police Department, which began:

On 12-3-19, during a routine check of freight at Fed Ex, a certified narcotics detection dog alerted to the scent of a narcotic on your package. The package was then opened by this office in order to determine its content.

Wow.

In addition to this letter from the police was a copy of the search warrant which was executed in order to open the package, and a copy of the police report about opening the package, in which the detective in question found… bread. And nothing else, because, really. It’s bread.  Seamus Blackley suspects that the coriander in the bread (which is historically accurate, incidentally) might have tripped up the dogs; I suspect it was the 4,500-year-old strain of yeast, or possibly the dogs working that line just going, holy shit I smell delicious bread and trying to get a slice. And who can blame those hard-working canines? Bread is yummy.

I will note I don’t think the police examining this package is an outrageous violation of my civil rights, especially since I now have it in my possession, without slices hacked off for “testing.” I do find it interesting that there clearly a certain number of people dim enough to send illicit narcotics through Fed Ex that drug sniffing dogs are needed. I also wonder how many false positives the dogs rack up, and how many baked (heh) goods are delayed a day or two thereby. I appreciate that there was an actual search warrant, signed off on by an actual judge and everything, along with a note saying “O hai we thought you might has the druqz but you dint, kthxbye.” It’s a nice bit of transparency about the process. That said, it’s… bread. Coriander or yeast or whatever else was the problem, it seems like it should make it through without delay.

In any event, it was quickly ascertained that the bread was not in fact heroin or cocaine or marijuana or whatever, at which point it was repackaged and sent along to me, a day late, sniffed by dogs and examined by humans, but otherwise unmolested. My plan is to saw off a slab of this felonious bread and make a nice ol’ felonious grilled cheese sandwich out of it. A happy ending to an exciting journey.

Update, 3:12pm: Got off the phone after a very pleasant conversation with the detective on this case, during which he detailed the process of examining my bread. I was pleased to learn that while it was taken out of the box, it wasn’t otherwise taken out of its packaging; it was x-rayed and then repacked. So if you ever have plans to bake a loaf around your contraband, well, maybe don’t do that (or, you know, send contraband through Fed Ex anyway, I mean, honestly, folks).

Also Update:

19:14

[$] Creating Kubernetes distributions [LWN.net]

Making a comparison between Linux and Kubernetes is often one of apples to oranges. There are, however, some similarities and there is an effort within the Kubernetes community to make Kubernetes more like a Linux distribution. The idea was outlined in a session about Kubernetes release engineering at KubeCon + CloudNativeCon North America 2019. "You might have heard that Kubernetes is the Linux of the cloud and that's like super easy to say, but what does it mean? Cloud is pretty fuzzy on its own," Tim Pepper, the Kubernetes release special interest group (SIG Release) co-chair said. He proceeded to provide some clarity on how the two projects are similar.

How Ken Liu went from engineer to lawyer to SF writer to the foremost translator of Chinese sf into English [Cory Doctorow – Boing Boing]

Ken Liu went from university to a software engineering job at Microsoft, then to some startups, then to Harvard Law, where he got a JD and went into practice as a litigation consultant on tech cases -- all the while, writing and selling sf stories.

Liu didn't think he would make a living from his fiction, but then he got a cold-call from a Chinese sf publisher asking him if he'd translate Cixin Liu's blockbuster novel The Three Body Problem; Liu's translation and the powerful source material turned the book into a monster English-language bestseller, a Hugo winner, and a calling card for more translation work in the years to come.

Since then, Ken Liu has become a Chinese-to-English powerhouse in the large, vibrant, fraught field of Chinese sf. Ken Liu was born in northwest China and left at the age of 11, moving to Palo Alto, and is fluent in Mandarin and was always a voracious reader.

Ken Liu's success is owed in part to his fluency -- both linguistic and literary -- but also to his own prodigious writing talents, which allow him to be interpreter as much as translator. Ken Liu's translations are often impressionistic, rather than literal, and he sometimes offers editorial advice on the books he translated. His edition of Three Body Problem drastically re-orders the scenes compared to the Chinese edition, which was heavily edited. Ken Liu suggested the re-ordering and was enthusiastically received by Cixin Liu, who revealed that Ken Liu's suggestion would restore the book to its original, pre-edited plot -- today, Cixin Liu recommends that his Chinese readers seek out Ken Liu's English translation over the Chinese edition.

Ken Liu has translated and introduced many more Chinese writers since Three Body Problem, and is almost single-handedly responsible for a surge in popularity of Chinese sf in the English-speaking world. Along the way, Liu has helped Chinese authors restore politically sensitive plot elements that were changed or omitted for Chinese publication, and has also translated Chinese stories that never appeared in China due to their political content.

This is a fascinating recapitulation of SF's history: the field has always been a haven for heterodox political views (as well as virulent, reactionary ones) and writers like Rod Serling used the field to smuggle politically unacceptable ideas into the popular discourse.

But things appear to be changing: Liu was recently denied a visa to visit the country and scout new books, a first for him. Chinese writers whose work he's translated have reported that they're not receiving the contributor copies sent by their US publishers.

The New York Times's Alexandra Alter does a very good job of conveying Liu's circumspect but unmistakable concern that the Chinese writers he works with could face retaliation for the political content of their work.

“The political climate inside China has shifted drastically from when I first started doing this,” Liu says. “It’s gotten much harder for me to talk about the work of Chinese authors without putting them in an awkward position or causing them trouble.” Liu usually travels to China at least once a year to network and meet new writers, and has attended the Chinese Nebula and Galaxy Awards, the country’s most well known science-fiction prizes. But this year he was denied a long-term visa, without explanation, prompting him to cancel his planned trip.

In another alarming setback, when his American publisher tried to send copies of his recent translations to writers in China, the shipments failed to arrive. It was unclear whether the books were seized or simply disappeared into a bureaucratic black hole. Liu finally managed to get copies distributed through visiting Chinese friends, each of whom carried a few copies back in their suitcases. In April, when I met Liu at the Museum of Chinese in America, he seemed irritated by the cumbersome workaround, which he called “preposterous.”

But later, when I asked if he felt he was being blacklisted by the Chinese government because of his translation work, Liu deflected and declined to speculate. “I don’t want to magnify the problem,” Liu told me, as we sat in a cafe a few blocks from the museum. “If the authors want to say something daring, then I will honor that, but I’m not going to impose my own politics on them. There’s a lot of room to say what you want to say if you leave things ambiguous.”

How Chinese Sci-Fi Conquered America [Alexandra Alter/New York Times]

18:56

17:35

Today in GPF History for Wednesday, December 4, 2019 [General Protection Fault: The Comic Strip]

Trish will do anything to help out her greatest hero, Fred...

16:56

Security updates for Wednesday [LWN.net]

Security updates have been issued by CentOS (389-ds-base, ghostscript, kernel, and tcpdump), Debian (libonig), Fedora (clamav, firefox, and oniguruma), openSUSE (calamares, cloud-init, haproxy, libarchive, libidn2, libxml2, and ucode-intel), Scientific Linux (SDL and tcpdump), Slackware (mozilla), and Ubuntu (haproxy, intel-microcode, and postgresql-common).

16:35

Variant STD [Looking For Group]

Orphans & Ashes may be the flagship of Blind Ferret’s games selection, but you shouldn’t sleep on Storytime With Dick. Storytime With Dick is a dice rolling storytelling game. You and up to seven friends take turns rolling dice and […]

The post Variant STD appeared first on Looking For Group.

16:14

The bizarre story of China's most prolific bank-robbers, who stole literal tons of cash and spent it on losing lotto tickets [Cory Doctorow – Boing Boing]

Writing in Marker, David Gauvey Herbert gives us an extended-play version of China's legendary bank-robber, Ren Xiaofeng, a bank official in a small industrial city who tried to make ends meet by stealing cash to buy lottery tickets, planning to return the money out of his winnings -- but instead lost, and kept on losing, until he'd stolen literal tons of cash.

Ren's story is a snapshot of China in the early 2000s, when banking jobs were corrupt sinecures handed out via patronage and nepotism, allowing Ren to first suborn and then bypass the vault guards; it's also a portrait of China during the peak of its boom, when millions in cash were sloshing around, passing from business-people (many of them out-and-out crooks) to government officials to safe-deposit boxes in the vaults of banks like Ren's, the largest branch of the Agricultural Bank of China in the city of Hendan.

Ren cycled through various confederates during his years of theft, and it was only due to the lax security and corruption in his bank that he continued to get away with it. But things came to a head when he got wind of a looming cash audit that would reveal his thefts, and he planned a final score with his accomplice and fellow vault guard, Ma Xiangjing.

The two stole millions in a breathtaking daylight raid, brazenly carrying it out past the guards, and handed it over to crooked lottery ticket sellers who labored through the day, printing out hundreds of thousands of tickets -- which still didn't net the pair a jackpot.

They split up and went underground, leaving behind a giant plastic bag of losing lotto tickets in the vault. They were ultimately caught and executed -- but they became weird folk heroes on the way.

Handan is an industrial city of three million people in northern China, about a two hour bullet train ride from Beijing. Pollution from coal-burning factories regularly fills the sky and blots out the sun. On April 16, 2007, the fuzzy, grey star had just set, and the bustling streets cast further into darkness, when police detectives arrived at the Agricultural Bank of China. Nervous employees led them to the vault. They didn’t have the keys to open it, so officers broke through the heavy steel door.

When detectives entered the vault, they were stumped by what they found — or rather, what they did not find. There were no tasered guards with their hands bound: Round-the-clock watchmen had worked their shifts without incident. The vault itself showed no sign of forced entry: The 60-centimeter-thick, steel-plated walls were intact. Security cameras and trip alarms operated normally.

Bank officials struggled to explain why they had waited hours to call the police. A lot of money was unaccounted for.

And the suspects had left behind only one piece of physical evidence: a bag full of lottery tickets.

Jackpot: How two lottery-crazed bank clerks cooked up China’s biggest bank robbery of all time [David Gauvey Herbert/Marker]

(Thanks, David Gauvey Herbert!)

(Image: Ruohan Wang, cropped, for Marker)

15:49

Not actually crossing the airtight hatchway: Harmless out-of-bounds read that is never disclosed [The Old New Thing]

A security vulnerability report arrived that went something like this:

By passing a specifically malformed payload, an attacker can trigger an out-of-bounds read. By this means, a remote attacker can cause the disclosure of sensitive information. An attacker can combine this with other vulnerabilities to achieve remote code execution.

The finder also included some reverse-compiled output¹ highlighting the point at which the out-of-bounds read occurred.

Anyway, it appears that the out-of-bounds read was discovered by using a memory debugging tool that does strict validations of every memory access. But consumers in the wild don’t run programs in such an environment.

When run on an actual consumer machine, the program uses the standard operating system heap manager, and the standard operating system heap manager does things like pad allocations to maintain alignment. Those extra bytes are technically off-limits, but they will always be there.

In this case, what happens is that the code allocates a block of memory, then reads past the end of it by a tiny amount, well within the heap padding, so it’s reading uninitialized heap memory. No denial of service is possible here because the heap padding saves you.

The next thing the code does is validate that the buffer is valid. This validation fails because the memory block is too small, and the operation fails. The value read from the uninitialized heap memory is not returned, so it is never disclosed to anybody.

Here’s a sketch. Assume that the checked_* functions reject the request if the operation fails.

struct ITEMSLIST
{
  uint32_t itemCount;
  ITEM items[ANYSIZE_ARRAY];
};

auto list = (ITEMSLIST*)checked_malloc(byteCount);
checked_read(list, byteCount);

auto requiredSize =
    checked_add(offsetof(ITEMSLIST, items) +
                checked_mult(sizeof(ITEM), header->itemCount));
checked_require(byteCount >= requiredSize);

... do stuff with the items ...

If the byteCount is less than sizeof(uint32_t), then the code under-allocates the list and tries to read the itemCount from it. Oh no, we are at risk of disclosing heap memory!

But then the code checks that the header size is large enough to hold the specified number of items, and seeing as the header size is not even large enough to hold the header, it certainly isn’t large enough to hold any items. So the request is rejected.

Note that the invalid itemCount never leaves the function. The value of itemCount is heap garbage, but whatever value it has will always fail the byteCount >= requiredSize test (assuming it manages to pass the checked_mult test), so the call will always be rejected. And the rogue value of itemCount is not exposed, so whatever garbage value happened to be there never escapes. What happens in parameter validation stays in parameter validation.

The finder jumped the gun: They found an out-of-bounds read but didn’t study it to see whether it was exploitable. They immediately concluded that there was information disclosure, and then tacked on a remote code execution for good measure.

What they found is a defect, but it has no security implications. It’s just a bug.

When informed that the issue as not exploitable and therefore has no security implications, they went ahead and issued a security bulletin anyway.

Six months later, the same organization found the same issue in a different component. We again told them that it was not exploitable and therefore has no security implications. The second time, they withdrew their plans to issue a bulletin.

So I’m not sure what changed over there, but at least they stopped issuing bogus bulletins for this category of issue.

Bonus chatter: This category of false alarm is quite common. People use various analysis tools to identify issues and immediately file a report without evaluating whether the issue actually is a vulnerability. They subscribe to the shotgun approach: File tons of potential issues, and let Microsoft figure out which ones are valid. Why do the extra work if you can externalize it!

¹ The reverse-compiled output has meaningless variable names like v1, v2 and v3, and object member accesses are expressed in the form (int*)((BYTE*)v40 + 0x20).

A note to people who send reverse-compiled output: Please include the original assembly language, and annotate that. Otherwise, we have to take your reverse-compiled output and try to re-compile it to assembly language in a way that matches the actual binary, and then re-reverse-compile it back to the original source code. These steps can be quite complicated because of compiler optimizations. (Also because people often fail to provide enough build number information to let us identify exactly which binary you are reverse-compiling, forcing us to keep trying all the different patched versions of the binary until we find a match or become exhausted.)

If you’re using IDA Pro’s Hex-Rays decompiler, you can right-click and say “Copy comments to disassembly.” That will take your comments in the reverse-compiled code and apply them to the corresponding lines of assembly.

Not actually crossing the airtight hatchway: Harmless out-of-bounds read that is never disclosed [The Old New Thing]

A security vulnerability report arrived that went something like this:

By passing a specifically malformed payload, an attacker can trigger an out-of-bounds read. By this means, a remote attacker can cause the disclosure of sensitive information. An attacker can combine this with other vulnerabilities to achieve remote code execution.

The finder also included some reverse-compiled output¹ highlighting the point at which the out-of-bounds read occurred.

Anyway, it appears that the out-of-bounds read was discovered by using a memory debugging tool that does strict validations of every memory access. But consumers in the wild don’t run programs in such an environment.

When run on an actual consumer machine, the program uses the standard operating system heap manager, and the standard operating system heap manager does things like pad allocations to maintain alignment. Those extra bytes are technically off-limits, but they will always be there.

In this case, what happens is that the code allocates a block of memory, then reads past the end of it by a tiny amount, well within the heap padding, so it’s reading uninitialized heap memory. No denial of service is possible here because the heap padding saves you.

The next thing the code does is validate that the buffer is valid. This validation fails because the memory block is too small, and the operation fails. The value read from the uninitialized heap memory is not returned, so it is never disclosed to anybody.

Here’s a sketch. Assume that the checked_* functions reject the request if the operation fails.

struct ITEMSLIST
{
  uint32_t itemCount;
  ITEM items[ANYSIZE_ARRAY];
};

auto list = (ITEMSLIST*)checked_malloc(byteCount);
checked_read(list, byteCount);

auto requiredSize =
    checked_add(offsetof(ITEMSLIST, items) +
                checked_mult(sizeof(ITEM), header->itemCount));
checked_require(byteCount >= requiredSize);

... do stuff with the items ...

If the byteCount is less than sizeof(uint32_t), then the code under-allocates the list and tries to read the itemCount from it. Oh no, we are at risk of disclosing heap memory!

But then the code checks that the header size is large enough to hold the specified number of items, and seeing as the header size is not even large enough to hold the header, it certainly isn’t large enough to hold any items. So the request is rejected.

Note that the invalid itemCount never leaves the function. The value of itemCount is heap garbage, but whatever value it has will always fail the byteCount >= requiredSize test (assuming it manages to pass the checked_mult test), so the call will always be rejected. And the rogue value of itemCount is not exposed, so whatever garbage value happened to be there never escapes. What happens in parameter validation stays in parameter validation.

The finder jumped the gun: They found an out-of-bounds read but didn’t study it to see whether it was exploitable. They immediately concluded that there was information disclosure, and then tacked on a remote code execution for good measure.

What they found is a defect, but it has no security implications. It’s just a bug.

When informed that the issue as not exploitable and therefore has no security implications, they went ahead and issued a security bulletin anyway.

Six months later, the same organization found the same issue in a different component. We again told them that it was not exploitable and therefore has no security implications. The second time, they withdrew their plans to issue a bulletin.

So I’m not sure what changed over there, but at least they stopped issuing bogus bulletins for this category of issue.

Bonus chatter: This category of false alarm is quite common. People use various analysis tools to identify issues and immediately file a report without evaluating whether the issue actually is a vulnerability. They subscribe to the shotgun approach: File tons of potential issues, and let Microsoft figure out which ones are valid. Why do the extra work if you can externalize it!

¹ The reverse-compiled output has meaningless variable names like v1, v2 and v3, and object member accesses are expressed in the form (int*)((BYTE*)v40 + 0x20).

A note to people who send reverse-compiled output: Please include the original assembly language, and annotate that. Otherwise, we have to take your reverse-compiled output and try to re-compile it to assembly language in a way that matches the actual binary, and then re-reverse-compile it back to the original source code. These steps can be quite complicated because of compiler optimizations. (Also because people often fail to provide enough build number information to let us identify exactly which binary you are reverse-compiling, forcing us to keep trying all the different patched versions of the binary until we find a match or become exhausted.)

If you’re using IDA Pro’s Hex-Rays decompiler, you can right-click and say “Copy comments to disassembly.” That will take your comments in the reverse-compiled code and apply them to the corresponding lines of assembly.

15:42

Link [Scripting News]

This moment is the last gasp of the American Revolution.

15:28

Opendemocracy: the Libdems tried to censor our article about their sale of voter data, then used a forged email to intimidate us [Cory Doctorow – Boing Boing]

There's not really any dispute that the UK Liberal Democrats party sold voter data for £100,000 to the Remain campaign in 2016, though the Information Commissioner's Office tried to suppress that revelation until after the coming election; the Libdems say they did nothing wrong, but when Opendemocracy's Jim Cusick approached the party for a statement ahead of an article, he got no reply.

What happened next is...weird.

After Cusick's article went live, an aggrieved Libdem "senior official" wrote to Opendemocracy, demanding to know why their statement hadn't been included in the article. Cusick said it was because he'd never received a statement, but if they'd furnish one, he'd include it. But instead of a statement, Cusick got a legal threat from an expensive firm of solicitors, Goodman Derrick, demanding that the article be censored, either by removing "all derogatory and disparaging statements" (having read the article, I couldn't find any statements that qualified), or removal of the article altogether.

Given that the Libdems style themselves "the party of liberty," that is indeed weird.

But what happened next is weirder.

Opendemocracy asked the lawyers to provide a statement from the Libdems to include in their article, pointing out that they'd made three such requests without a response. In the absence of any statement from the Libdems (apart from the legal threat conveyed by their lawyers), Opendemocracy made a "surmise" about what the Libdems didn't like about their coverage and amended the article.

Then they heard from the lawyers again, stating that the Libdems had provided an "on the record" response to Cusick's article, on Nov 12, and they attached that email as proof.

Here's where the really weird stuff comes in.

Cusick didn't ask the Libdems for comment until Nov 13, which meant that the email the lawyers had attached as evidence had apparently been sent a full day before Opendemocracy wrote to the party seeking comment.

Opendemocracy wrote back to the lawyers, asking how this was possible.

When the lawyers did not reply, Opendemocracy wrote again, saying that they were about to publish a story about this and seeking comment. This time, someone from the Libdem press office called Opendemocracy and said a "mistake had been made" and said there was an investigation ongoing. So Opendemocracy generously gave the Libdems even more time to reply before publishing.

The party finally wrote back with a statement saying that "we have been made aware that the information openDemocracy subsequently received from the Liberal Democrats was incorrect. We have suspended a member of staff involved and are following due process."

But in addition to this, the Libdems' lawyers wrote back to Opendemocracy, repeating the threats over their coverage of the Libdems' data sale, and insisting that neither the lawyers nor the party had known about the fake email (Opendemocracy called it a "crude forgery"), despite the fact that Opendemocracy had painstakingly detailed their multiple attempts to solicit a comment from the party without a reply.

This is an embarrassment: as Opendemocracy points out, it doesn't rise to the level of open fraud committed by the Conservative Party and Boris Johnson, but the Tories don't style themselves "the party of liberty." Speaking as a former Libdem party member and campaigner (I'm a member of the Labour Party now), I don't believe the party should have flogged off voter data, but even moreso, I don't think that any party can be said to stand for "liberty" when its response to negative press coverage is to threaten to rain down expensive, punitive legal action from fancy lawyers.

First, why was the Lib Dem press office so desperate to discredit our story? In Jim Cusick’s initial communications with them, he told them we had seen internal documents about the Lib Dems’ lucrative 2016 data sale. If, as they strongly maintain, the party had acted in accordance with the law at all times and had done nothing wrong, why did someone think it was important enough to repeatedly make false claims, including a faked document, via expensive lawyers?

What did our story reveal that prompted this level of duplicity?

Second, the replies from Goodman Derrick were issued on behalf of the party and of its leader, Jo Swinson. This assumes that senior figures were involved. Who sanctioned and signed off this aggressive legal pursuit, including the letter with the forged email? And how might Lib Dem supporters and donors feel about this appalling use of party funds?

Perhaps most importantly, though, what does this whole episode say about the so-called ‘Liberal’ Democrats’ regard for fact-checking, accuracy and press freedom? We at openDemocracy are a small team. The distraction has cost us valuable staff time and legal bills, which could otherwise have been spent on doing actual journalism during the final weeks before the most important election in a generation.

What are Jo Swinson’s Liberal Democrats so desperate to hide? [Mary Fitzgerald/Opendemocracy]

14:56

Link [Scripting News]

Something bothered me about Brave, and the direction Firefox is going in, and of course Google and Chrome. Finally figured it out. I don't like tech companies imposing rules on writers. I may hate what pubs do with their tracking code and paywalls, but I hate what the tech industry is doing to oppose that, more. Maybe if Brave came out of the University of Illinois I would like it better, but it came from Silicon Valley, from the former CEO of Mozilla. A club of high priests of tech and their bankers who see us as the little people, when we're not ignored, to be treated with disdain and disrespect. They know what's best for us. It's like that old Who song, meet the new boss same as the old boss. The web was about freedom, and that required a weak tech industry. I hope, if they control it as it appears they do, something wonderful and free rises to replace them.

Link [Scripting News]

Maybe if we pool our money and run ads of people laughing at Trump he'll get the clue and leave our country too.

14:42

Two malicious Python libraries caught stealing SSH and GPG keys (ZDNet) [LWN.net]

ZDNet reports that two more malicious modules have been removed from the Python Package Index. "The two libraries were created by the same developer and mimicked other more popular libraries -- using a technique called typosquatting to register similarly-looking names. The first is 'python3-dateutil,' which imitated the popular 'dateutil' library. The second is 'jeIlyfish' (the first L is an I), which mimicked the 'jellyfish' library." The latter of the two had been in PyPI for nearly a year.

14:14

Four short links: 4 December 2019 [Radar]

  1. The Complexity Exploreronline courses, tutorials, and resources essential to the study of complex systems. Complexity Explorer is an education project of the Santa Fe Institute.
  2. 52 Things I Learned in 2019Each year, humanity produces 1,000 times more transistors than grains of rice and wheat combined.
  3. How to Fight Lies, Tricks, and Chaos Online (The Verge) — When to look deeper: You have a strong emotional reaction; A story seems totally ridiculous—or perfectly confirms your beliefs; You’re going to spend money because of it; You immediately want to amplify the story. A lot of sound advice on spotting dodgy content and then what to do to dig into it. The trick is to find someone who wants to read it…
  4. Phosphor Colors — detailed answer on what colors the old amber and green-screen terminals were.
  5. AWS CodeGurua machine learning service for automated code reviews and application performance recommendations. Pricey: $0.75 per 100 lines of code scanned per month. Machine learning that helps programmers is here.

The Time Invariance of Snow [Original Fiction – Tor.com]

The Devil made a mirror. A physicist broke it and shards fell through reality and changed everything forever.

 

1. The Devil and the Physicist

Once,  the Devil made a mirror,  for the Devil was vain. This mirror showed certain people to be twice as large and twice as powerful and six times as good and kind as they truly were; and others it showed at a tenth their stature, with all their shining qualities smutched and sooted, so that if one glimpsed them in the Devil’s mirror, one would think them worthless and contemptible indeed.

The Devil looked into his mirror and admired himself, and all his demons preened and swaggered and admired him too. And joy resounded throughout the vaults of Hell.

Eventually there came a physicist who, with radioactive cobalt and cerium magnesium nitrate crystals, sought to test the invariance of symmetry; namely, whether in a mirror universe the laws of physics would be reflected. As she touched and tested the mystery of the world and proved that symmetry did not hold, and that parity was not in fact conserved, she broke, all unknowing, the Devil’s mirror.

Like the fundamental equations of quantum mechanics, like God Himself, the Devil is a time-invariant equation.  The shattering of the mirror shivered outward through fields of light cones, near and far, until the shattering itself became eternal, immutable fact. The fragments of the mirror drifted down through pasts, presents, and futures, clinging and cutting, like stardust and razors.

Whoever blinked a sliver of the mirror into his eye  saw the world distorted ever after. Some observed that they were far worthier and more deserving than others, and pleased with this understanding, went forth and took whatever they wished, whether wives or slaves, land or empires.

Some looked at themselves and saw worthlessness. At that sight, whatever pyrotechnic wonders they dreamed died in secret within them.

Others, of particular sensitivity, felt the presence of the glass, which a slow and uncertain part of their souls insisted had not been there before. A few of these tried  gouging it out with knives, though it was not a physical construct and could not be thus dislodged. A very few made fine and fragile spectacles for the soul, to correct its sight, and walked long in clarity and loneliness thereafter.

This is how the devil’s mirror worked:

A woman warned a city of its destruction, of soldiers creeping in by craft, and her friends and family laughed her mad.

The city burned.

The woman was raped, and raped again, and murdered.

A woman stood before men who would become consuls and said, believe me, I was forced by this man. To be believed, she struck her own heart with a dagger.

A woman stood before senators and said, believe me, I was—

A woman stood before senators and said, believe—

A black woman said, listen, and no one heard.

A dusky child cried, and no one comforted him.

An indifferent cartographer divided other people’s countries into everlasting wars.

The physicist died. Her male colleagues received a Nobel Prize.

The Devil looked upon his work and laughed.

 

2. K. and G.

It was summer, and the roses swam with scent. K. had tamed G. with intermittent kindness, as boys tame foxes to their hand, though she had been watchful and wary, knowing the violence of men. Now G. rested her head against K.’s shoulder, and they breathed the soft, sweet air together with the laziness that only summer knows. The two of them were not young; neither were they old.

If I were going to murder you, K. said musingly, I would tie you up while you slept, nail you into a splintery box, and shove the box out of a car going seventy into the path of a truck. The splinters would be driven into your body on impact.

G. was silent for a long time.

At last she said: When you described murdering me—

Yes?

I felt afraid.

K. said: I was joking.

G. said: Still, I was afraid.

K. said: I had good intentions. What on earth do you want?

G. said: Just for you to say you’re sorry.

I can’t believe you’re blowing this up into such a huge deal.

You know about—

Well, I’m sorry that women are sometimes harmed by men. But this is insane.

That’s the glass talking.

What?

The sliver of glass in your eyes and in mine.

K. pushed back his chair so hard it tipped over.

We both contributed to this situation. You have to be more patient and kinder to me.

G. said: I can’t.

Fine, K. said, stamping his foot. A breath of winter blew across them both. The rosebush’s leaves crisped and silvered with frost, and its full-blown flowers blackened and bowed.

I’m leaving, K. said. There was ice in his voice.

G. said: I know what will happen. I will follow you down a stream and into a witch’s house, into a palace, and then into a dark robber’s wood, and in the end I will walk barefoot through the bitter snow into a frozen hall, to find you moving ice upon the pool that they call the Mirror of Reason.

I will come thinking to rescue you. That my tears will wash the glass from your eye and melt the ice in your heart. That the Snow Queen’s spell will break, and you will be free.

But when I arrive I will find no Snow Queen, no enchantment, no wicked, beautiful woman who stole you away.

Only you.

You, who choose cold falseness over true life.

I know, because I am no longer a child and have walked down this road.

I will not go.

She said these words to the summer air, but no one was around to hear.

 

3. The Ravens

The prince and princess, king and queen now, were not at home. The tame ravens in the palace had long since died.

None of the ravens in the old wood knew her. They rattled and croaked as G. went by.

Imposter!

Pretender!

Usurper!

Slut!

Unwanted!

Abandoned!

Discarded!

Die!

Oh, be quiet, G. said, and continued on her way.

 

4. The Robber Queen

You’re back, the robber queen said, testing the point of her letter opener against her desk. Didn’t think I’d see you again.

Didn’t you get my postcards? G. said, sitting.

The office was darker than she remembered, for all that they were on the hundredth floor. Outside, other buildings pressed close, like trees.

You know I screen my mail.

I know couriers and postal workers wouldn’t dare to stop here.

The robber queen said: I’m good at my job.

So I’ve heard. I’m proud to have known you when.

Spill, the robber queen said, or I’ll tickle your neck with my dagger for old times’ sake. Is this one handsome, at least? Because the last one—ugh. Does he cook? Does he clean? Please tell me this one, this time, is worthy of you. Tea or whiskey?

Theodora, G. said, you’re so laughing and fierce. How do you do it?

Love ’em, leave ’em. Sometimes I even leave them alive. But once you taste a man’s still-beating heart—

Forget him, G. said.

So there is a him.

A mistake. But I’m not here about that. I’m here to ask for a job.

This isn’t the United Nations, G. We do dirty, filthy, bloody work. That I’ll be hanged for, if I’m ever caught.

You have power, G. said. I don’t know what that’s like. To hold a knife, with another person’s life on its edge. Teach me.

Mine is a raw and common power, the robber queen said. What you have is greater.

I have nothing.

Stop, or I’ll cut off your little finger so you’ll never forget. I don’t know how or when you got it. Maybe the crows taught you, or the Lap women. Your eyes see to the soul. Your words cut to the bone. Men and women are stripped naked before you. Now, if you’d only use that power, you could hurt those you hate with an unhealing harm. I’d give my three best horses for that.

G. said: No.

Say, such and such is the shape of your soul, though you wear mask upon mask to hide it.

Theodora, G. said, a wolf is the shape of your soul, and there’s blood on its muzzle and mud on its pelt.

It is! And I’ll never hide it.

Are you sure you won’t let me rob one company? Just for the experience?

This is an investment firm, not a charity. Speaking of which, I’ll be billing you for my time. Must keep the numbers regular.

Someday when I have money, I’ll pay you, G. said.

That you will.

 

5. The Lap Women

Old they were, in appearance far older than time: their eyes seams of stars, their fingers the knurls of ancient oaks. They rocked in their maple rocking chairs, knitting blankets with a pattern of silver fish from a silvery wool. The fish gathered in soft clouds around their feet.

G. said: I’m sorry I haven’t visited or called.

They smiled at her and continued to rock. One by one, fish slipped from their needles’ tips.

G. said: I’m sure you have family. Daughters or sons who bring fruit and chocolate. Somebody. You must have somebody.

They continued to rock.

Can I help you? a nursing assistant said.

These are old friends of mine, G. said, blushing as she said it, for years of silence and absence had passed. I came to ask their advice.

Good luck. They haven’t spoken since they checked in. And that was fifteen years ago.

G. said: That long?

Time can jump you like that. Leave you bruised in an alley with no memory at all.

Is there anything they like to do besides knit?

Cards, the assistant said. They’ll skin you in most kinds of poker, and they’re fiends for bridge.

Then I’ll stay and play cards with them, if they wish.

You’ll regret it, the nursing assistant said. But she went and fetched a worn deck anyway.

At the sight of the cards, the three old women jabbed their needles deep into their skeins and rose from their rocking chairs, holding out their hands.

G. proceeded to lose every bill from her wallet, her sweater, the cross on a chain that she wore, and the black glass buttons on the front of her coat.

The eldest Lap woman took her sewing shears and snipped off the buttons, one-two-three-four. Then she picked up the hillocks of silver knitting, finished each fragment, and whipstitched the three clouds of fishes, each cloud a different gray, into a single long shawl. This shawl she draped around G.’s shoulders.

Thank you, G. said. I think.

All three Lap women smiled gentle, faraway smiles.

The nursing assistant scratched her ear.

Are you going somewhere cold? she said.

G. said: Very.

 

6. The Snow Queen

It was hours and hours until dawn, and the world was a waste and a howling dark.

At some point in the distant past, the sweep of ice beneath G’s feet had been chopped into a stair that wound up and around the glassy mountain. As she climbed, thick snowflakes  clung to her lashes. She had the shawl of silver fish wrapped around her for warmth and sensible boots on her feet. She needed no guide, for she knew the way.

Before she left, G. had knelt and prayed as trustingly as she had when she was a child, and now she held that prayer like a weak and guttering taper.

Here was the Snow Queen’s palace: smaller than she remembered, as if her child self’s memories had exaggerated its dimensions, or else whole wings and wards had melted away. Frost blossoms still bloomed from windows and eaves. Crystalline gargoyles crouched in its crenellations.

Collecting her courage, G. pushed the palace gates open. Her hands turned white, then red, with cold.

No one waited inside. No Queen. No K. There was only the vacant throne and the familiar, frozen pool with its shards arranged into the word Eternity.

It was quiet.

Her breath left her lips in glittering clouds.

G. crossed the hall, her steps echoing. The throne might well have been carved from the world’s largest diamond. Like a lily or lotus, it peaked to a point. Rainbows glowed in its fractured depths.

On the throne’s seat was a small crown of silvered glass.

G. picked up the crown and turned it in her hands. In that whole country, it was the only thing that was not cold.

The long glass thorns flashed fragments of her face: a sneer, a glare, a look of contempt.

Of course, G. said.

The jagged edges of her life shone brilliantly before her. In a moment she saw how they could be fitted together to spell out the forgotten word she had pursued all her life, sometimes glimpsing, sometimes approaching, never grasping entire—

One way or another, the Devil’s mirror produces a Snow Queen.

G. raised the crown above her head, admiring how its sharpness shivered the light, how it showed her beautiful and unforgiving.

And then she drove it against the point of the diamond throne.

Across seven dimensions the glass crown cracked and crumbled. Glass thorns drove into G.’s wrists and fingers,  flying up to cut her face.

Where the blood beaded and bubbled up, it froze, so that G. wore rubies on her skin, rubies and diamonds brighter than snow.

And the palace too cracked as the Queen’s crown cracked, from top to bottom, like a walnut shell.

All around was darkness.

Down into that darkness G. fell, and time fell also, in fine grains like sand.

 

7. A Brief Digression on Hans Christen Anderson and the Present State of Physics

Considered as a whole, in all its possible states, the universe is time-invariant. When this insight is worked out and understood at a mathematical level,  one both achieves and loses one’s liberty. We are freed from one enchantment, only to be ensorcelled by another.  And while the first is a snowy, crowded pond upon whose hard face the whole world may skate and shout, the second is a still and lonely (some say holy) place, where only the brave go, and from whence only the mad return.

Those who reach the latter place understand that it was always the case that they would come here. Perhaps they weep. Perhaps they praise God.

Who knows? And who can say?

 

8. G. and the Devil

At the end of her fall, G. met the Devil face to face.

He was pretty, in a moneyed way, sharp as polished leather, with a pocket square and black, ambitious eyes.

The Devil said: That’s my mirror you’re wearing in your flesh, in your hair. That’s the mirror that I made. Me.

Why? G. asked, and in that question was all the grief of the world.

The Devil said: Because when one is alone in pain, one seeks to spread suffering, and so be less alone. It’s quite logical.

But why?

When a dark heart gazes upon glory, a glory that the heart can never attain, then the whole being turns to thoughts of destruction.

WHY?

As the Devil continued to speak, his words plausible, his face reasonable, his voice reassuring, scorpions and serpents slid out of his pockets, clinging to each other in thin, squirming chains. And the chains crept and curled and reached for her.

In her hand, however, was the hard hilt of a sword, whose one edge was ruby and the other diamond. On her breast she wore overlapping silver scales. And in her other hand was a buckler burnished to the brightness of a mirror.

If the Devil noticed, he gave no sign.

Tell me the truth, G. said.

He said, Because you are ugly and it was a Tuesday.

G. swung the sword to her left and severed a whip of scorpions, then to her right, bisecting a braid of vipers. Slices of snakeflesh and crunched carapace tumbled around her. Of a sudden the Devil looked not so charming.

You think you can fight me? he said, ten times larger now, and growing, until his smallest curved toenail was the height of her head. His voice was the thunder of ten million men.

G. said: I have seen eternity. I know you have already lost.

And she struck, her sword flashing bloodlight and lightning.

The Devil roared.

 

9. G. and K.

His hair was white, and he walked with a cane, limping like a crane as it hunts in the reeds.

Her own hair was silver, and her face and hands were scarred.

I’m sorry, he said.

I know you are.

I came all this way to tell you.

I knew you were coming, G said.

You saw me plainly. I couldn’t bear it. I wanted to hurt you, and I did.

G. said: It’s all over now.

It is.

K. squinted at her, as if looking into radiance.

I see you’ve made your glass into a sword.

And you’ve made yours into a door.

A tempering all your life, then. A tempering and a war. As I have lived openings and closings. As I have yielded and withstood.

So you and I have been made of use.

We have, K. said. We have indeed.

“The Time Invariance of Snow” copyright © 2019 by E. Lily Yu
Art copyright © 2019 by Audrey Benjaminsen

14:07

Whatever Holiday Gift Guide 2019, Day Three: Arts, Crafts, Music and More [Whatever]

The Whatever Holiday Gift Guide 2019 continues, and today we move away from books and focus on other gifts and crafts — which you can take to mean just about any other sort of thing a creative person might make: Music, art, knitting, jewelry, artisan foodstuffs and so on. These can be great, unique gifts for special folks in your life, and things you can’t just get down at the mall. I hope you see some cool stuff here.

Please note that the comment thread today is only for creators to post about their gifts for sale; please do not leave other comments, as they will be snipped out to keep the thread from getting cluttered. Thanks!

Creators: Here’s how to post in this thread. Please follow these directions!

1. Creators (of things other than books) only. This is an intentionally expansive category, so if you’ve made something and have it available for the public to try or buy, you can probably post about in this thread. The exception to this is books (including comics and graphic novels), which have two previously existing threads, one for traditionally-published works and one for non-traditionally published works (Note: if you are an author and also create other stuff, you may promote that other stuff today). Don’t post if you are not the creator of the thing you want to promote, please.

2. Personally-created and completed works only. This thread is specifically for artists and creators who are making their own unique works. Mass-producible things like CDs, buttons or T-shirts are acceptable if you’ve personally created what’s on it. But please don’t use this thread for things that were created by others, which you happen to sell. Likewise, do not post about works in progress, even if you’re posting them publicly elsewhere. Remember that this is supposed to be a gift guide, and that these are things meant to be given to other people. Also, don’t just promote yourself unless you have something to sell or provide, that others may give as a gift.

3. One post per creator. In that post, you can list whatever creations of yours you like, but allow me to suggest you focus on your most recent creation. Note also that the majority of Whatever’s readership is in the US/Canada, so I suggest focusing on things available in North America.

4. Keep your description of your work brief (there will be a lot of posts, I’m guessing) and entertaining. Imagine the person is in front of you as you tell them about your work and is interested but easily distracted.

5. You may include a link to a sales site if you like by using standard HTML link scripting. Be warned that if you include too many links (typically three or more) your post may get sent to the moderating queue. If this happens, don’t panic: I’ll be going in through the day to release moderated posts. Note that posts will occasionally go into the moderation queue semi-randomly; Don’t panic about that either.

6. As noted above, comment posts that are not from creators promoting their work as specified above will be deleted, in order to keep the comment thread useful for people looking to find interesting work.

Now: Tell us about your stuff!

13:14

Facebook and Google interest [Richard Stallman's Political Notes]

*Of course Facebook and Google want to ‘solve’ social problems. They’re hungry for our data.*

Swindle [Richard Stallman's Political Notes]

*Californians are turning to vending machines for safer water. Are they being swindled?*

Whether or not any given brand of bottled water is a swindle in the narrow sense, to give up on tap water and resort normally to bottled water is being swindled in a broader sense.

Globalize democracy [Richard Stallman's Political Notes]

To the extent that elites collaborate globally to maintain their power over their countries, we must reject the idea of "national interest" vis-a-vis other countries and globalize our campaigns for promoting democracy and ending poverty.

Parliament facing the consequences [Richard Stallman's Political Notes]

An Australian whose family home was destroyed by a wildfire fueled by Australian coal mines brought the remains to Parliament, demanding climate defense action.

IMF on main threat to humanity [Richard Stallman's Political Notes]

The new head of the IMF says that global heating is the main threat to the world's human economy, more dangerous than an economic crash.

Global heating disaster will eventually cause an economic crash, but by that time there will be no way to stop the slide down the cliff.

Classified profit on tax money [Richard Stallman's Political Notes]

*[US military] contractors gleefully report record earnings in divisions that bid on 'classified' projects, the fastest-growing part of the Pentagon's budget.*

Aside from the harm of a pit for public money spent in unaccountable ways, there is also the danger that these systems will be used to repress people, either in the US or elsewhere. This includes mass surveillance, which (as China shows, especially in Xinjiang) is the preparatory step for repression.

Imprisoned terrorists [Richard Stallman's Political Notes]

What to do with imprisoned Islamist terrorists poses a conundrum, world-wide.

In Western countries the danger of Islamist terrorism is pretty small, overall. The danger of being murdered by an Islamist terrorist is tiny compared with the danger of being murdered for some other reason, and unless you are black that too is small.

Thus, if we resist the pressure to freak out about this tiny danger, we will find that releasing Islamist convicts at the end of their sentences is an acceptably small risk in an otherwise-risky world.

Corbyn is resisting that pressure.

Urgent: put patients first [Richard Stallman's Political Notes]

US citizens: call on Congress to pass the Put Patients First Act, which would insist that religion is no excuse for discrimination in providing medical care.

Joy in Iraq [Richard Stallman's Political Notes]

Iraqi Crowds Erupt in Joyous Celebrations as PM, Elected Under Bush Constitution, Offers to Resign.

Setting up a system that is less corrupt will be a bigger challenge. I hope they succeed.

Regarding Ayatollah Sistani, I have read that the long-established Shi'a tradition is to have separation between the religion and state, so that religious leaders can criticize oppression by the state. Iran's "Islamic Republic" was an aberration against this tradition.

Consult Hong Kong people [Richard Stallman's Political Notes]

Michelle Bachelet: for Hong Kong's government to end the protests and crisis, other than by wrecking the city, it needs to consult the people truly.

National emergencies deadlines [Richard Stallman's Political Notes]

The Article One Act would limit national emergencies to 30 days unless Congress approves continuing them.

12:56

Losing with style [Seth's Blog]

The math is compelling. You’re going to lose most of the competitions you enter. How could it be any other way? With a hundred or a thousand or a billion people competing, only one wins.

Which means that you’re going to be seen and measured by how you lose, not how you win.

The way to win is usually to fit in all the way, to give the judges precisely what they want, to train just like everyone else, but harder.

But the way to lose with style is to create possibility. To be creative. To do generous work that’s worth talking about.

If you’re going to lose (and you probably will), why not lose with style?

12:07

Process Oriented [The Daily WTF]

Andre was finishing writing documentation before he clocked-out for a much needed, 2-week vacation. He had stocked up his fridge with beer, energy drinks, and cola. He planned on working on raids...

Becoming a Tech Policy Activist [Schneier on Security]

Carolyn McCarthy gave an excellent TEDx talk about becoming a tech policy activist. It's a powerful call for public-interest technologists.

11:28

Bully's planned cuts for food stamps [Richard Stallman's Political Notes]

The bully's planned cuts for food stamps would have cut off almost 4 million Americans from food stamps. Millions more would have lost part of their benefits, and a million students would have had trouble finding lunch.

Green New Deal and FDR's New Deal [Richard Stallman's Political Notes]

Comparing the proposed Green New Deal with FDR's New Deal of the 1930s.

Gratis public college education [Richard Stallman's Political Notes]

Buttigieg wants people to oppose gratis public college education based on a foolish horror of giving even a small handout to rich people the same as everyone else.

Aside from the valid argument that programs which help everyone are harder for plutocratists to eliminate, the point at hand will make little difference in practice. Rich people won't make use of gratis public college education, because they will send their children to private colleges.

Why I support Bernie Sanders [Richard Stallman's Political Notes]

At his core, [Sanders] is the same democratic socialist who ran for mayor of Burlington, Vt., in the 1980s and for the Democratic nomination in 2016. He is who he is, and you know who he is, …

That is why I support him. He won't change his policies without a reason that convinces him. If it convinces him, I trust it would convince me, too.

Iran and protesters [Richard Stallman's Political Notes]

Iranians protested the rise in gasoline price by blocking streets. The state responded with tear gas, bullets, and blocking the internet. Estimates are that around 70 people were killed.

We must end subsidies for fossil fuels — global heating disaster threatens to kill billions of people a few decades from now. We would be fools to delay that for any reason whatsoever. Thus, governments need to develop a way to do that without short-term suffering for the poor.

08:49

This Is The Way [Ctrl+Alt+Del Comic]

It has been… honestly, I don’t even know how long since I’ve witnessed Star Wars fans practically unanimous in their enjoyment of the franchise. But the most argument I’ve seen over The Mandalorian so far has been whether it’s a good show or a great show (I’m in the latter camp). It’s been a nice change of pace, to simply discuss how much we like the characters/lore etc, instead of arguing over alien titty milk.

This is the way.

The post This Is The Way appeared first on Ctrl+Alt+Del Comic.

08:14

Comic: Acolytes [Penny Arcade]

New Comic: Acolytes

08:00

Greece Jails First Pirate Site Operator For Five Years [TorrentFreak]

For almost a decade, an anti-piracy group in Greece has been trying to bring the elusive operator of pirate sites to justice.

EPOE protects the rights of entertainment industry companies including those in the film and television sectors. It filed criminal prosecutions against the alleged operator of the site Greekstars four times since 2009 but the processes were never straightforward.

According to EPOE, each time a complaint was filed, the operator closed down his site and then reappeared under new domain names, which were variations on the original Greekstar branding. The final criminal action was filed way back in 2012 but has taken years to come to a conclusion. Now, however, it is all over.

After a legal process of years, in November an Athens court rejected the defendant’s protests of innocence, including that he was simply a user of the sites in question and had been wrongly accused.

The court found the man guilty of criminal copyright infringement and sentenced him to five years in prison for running sites including Greekstars.net and Greekstars.co. He had previously been found guilty of running a pirate site located at Greekstars.biz. All of the sites linked to pirated content hosted on other platforms.

This is the first time that an individual has been sent to prison for running a pirate site in Greece, a landmark event according to EPOE spokesperson Theodoros Petsinis.

“This convicted criminal had been sued four times by us. Each time a lawsuit was filed and the investigation was initiated, he would change his domain name, that is, the name of the website, and continue illegal distribution,” Petsinis told local media. “Identical content with another website name. He has been elusive for four years sharing movies, music, books and video games.”

According to Petsinis, the presiding judges decided not to levy a fine as part of the man’s punishment due to “mitigating factors”, including that fining someone already in prison would be “meaningless”.

While this first prison sentence is a key moment for Greece’s entertainment companies, the problem of piracy in the country is far from solved. EPOE believes there are between 40 and 50 sites active in the country, with around five attracting the most traffic.

The anti-piracy group previously entered a request for 38 domains to be blocked by ISPs but Petsinis complains that most of the sites simply changed their domains, effectively out-maneuvering the action. And, despite the efforts, Greece remains under the scrutiny of the United States for not doing enough to counter copyright infringement.

In its latest Special 301 Report (pdf), the USTR opted to keep Greece on the ‘Watch List’. It accused the government itself of using unlicensed software while conducting ineffective IP investigations and prosecutions. The USTR also criticized the country for having “persistent problems with criminal enforcement delays”, which could certainly apply to the Greekstars case.

However, with this five-year prison sentence, Greece does seem to have addressed the complaints from the US that the scale of sentences for persistent large-scale copyright infringers is “insufficient”.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Vincent Bernat: Self-hosted videos with HLS: subtitles [Planet Debian]

In a previous article, I have described a solution to self-host videos while offering a delivery adapted to each user’s bandwith, thanks to HLS and hls.js. Subtitles1 were not part of the game. While they can be declared inside the HLS manifest or embedded into the video, it is easier to include them directly in the <video> element, using the WebVTT format:

<video poster="poster.jpg"
       controls preload="none">
  <source src="index.m3u8"
          type="application/vnd.apple.mpegurl">
  <source src="progressive.mp4"
          type='video/mp4; codecs="avc1.4d401f, mp4a.40.2"'>
  <track src="de.vtt"
         kind="subtitles" srclang="de" label="Deutsch">
  <track src="en.vtt"
         kind="subtitles" srclang="en" label="English">
</video>

Watch the following demonstration, featuring Agent 327: Operation Barbershop, a video created by Blender Animation Studio and currently released under the Creative Commons Attribution No Derivatives 2.0 license:

You may want to jump to 0:12 for the first subtitle. Most browsers should display a widget to toggle subtitles. This works just fine with Chromium but Firefox will not show the menu until the video starts playing, unless you enable preloading. Another annoyance: there is no simple way to specify safe margins for subtitles and they get stuck at the bottom. These two issues seem minor enough to not warrant pulling hundred of kilobytes of JavaScript for a custom player.

Update (2019.12)

This does not seem to work with Firefox 68 on Android. The browser makes no attempt to download the selected subtitle.


  1. Some people may be picky over the difference between closed captions and subtitles. Closed captions are usually targeted at people with hearing impairment and they include non-speech information like sound effects. Subtitles assume the viewer can hear but may not understand the language. ↩︎

07:14

Dima Kogan: tee is broken? [Planet Debian]

Just found a highly surprising behavior in a core tool I've used for decades, so clearly I'm making a note here. None of these are surprising:

$ seq 1000 | wc -l

1000


$ seq 1000 | tee /dev/null | wc -l

1000


$ seq 1000 | tee >( true ) | wc -l

1000


$ seq 1000 > >( true ) | wc -l

1000

I.e. I can write 1000 lines into tee, do stuff in one of the children, and the other child get my 1000 lines still. The last one uses multios in zsh for the tee. But check out what happens when I bump up the data size:

$ seq 100000 | wc -l

100000


$ seq 100000 | tee /dev/null | wc -l

100000


$ seq 100000 | tee >( true ) | wc -l

14139


$ seq 100000 > >( true ) | wc -l

1039

Whoa. What the hell? When I stumbled on this I had another, unrelated problem breaking things in this area, which made for a long debugging session. Here're some runs that give a hint of what's going on:

$ seq 100000 | tee >( true ) | wc -c

73728


$ seq 100000 > >( true ) | wc -c

4092


$ seq 100000 | tee >( cat > /dev/null ) | wc -l

100000

Figure it out?

Answer time! After a tee, a single writer parent feeds two reader children. If a child exits before reading all the data, then when the parent tries to feed that dead child, the parent will get a SIGPIPE. And apparently the default behavior of tee in GNU coreutils (and in the zsh multios redirection) is to give up and to stop feeding all the children at that point. So the second child (wc -l in the examples) ends up with incomplete input. No errors are thrown anywhere, and there's no indication at all that any data was truncated. Lots of the data is just silently missing.

The GNU coreutils implementation of tee has an innocuous-looking option:

-p     diagnose errors writing to non pipes

I read the manpage several times, and it's still not obvious to me that -p does anything more than change something about diagnostic printing. But it does: tee -p feeds all the children as much as it can until they're all dead (i.e. what everybody was assuming it was doing the whole time):

$ seq 100000 | tee -p >( true ) | wc -l

100000

There's also pee, specific tee-to-process utility in the Debian moreutils package. This utility can be used here, and it does the reasonable thing by default:

$ seq 100000 | pee true 'wc -l'

100000

So yeah. I'm not the first person to discover this, but I'm certain this was quite surprising to each of us.

05:42

Girl Genius for Wednesday, December 04, 2019 [Girl Genius]

The Girl Genius comic for Wednesday, December 04, 2019 has been posted.

04:56

Time is the Ultimate Friend [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

The true secret of happiness is low expectations.

04:14

The iPhone 11 Pro’s Location Data Puzzler [Krebs on Security]

One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.

The privacy policy available from the iPhone’s Location Services screen says, “If Location Services is on, your iPhone will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers (where supported by a device) in an anonymous and encrypted form to Apple, to be used for augmenting this crowd-sourced database of Wi-Fi hotspot and cell tower locations.”

The policy explains users can disable all location services entirely with one swipe (by navigating to Settings > Privacy > Location Services, then switching “Location Services” to “off”). When one does this, the location services indicator — a small diagonal upward arrow to the left of the battery icon — no longer appears unless Location Services is re-enabled.

The policy continues: “You can also disable location-based system services by tapping on System Services and turning off each location-based system service.” But apparently there are some system services on this model (and possibly other iPhone 11 models) which request location data and cannot be disabled by users without completely turning off location services, as the arrow icon still appears periodically even after individually disabling all system services that use location.

On Nov. 13, KrebsOnSecurity contacted Apple to report this as a possible privacy bug in the new iPhone Pro and/or in iOS 13.x, sharing a video showing how the device still seeks the user’s location when each app and system service is set to “never” request location information (but with the main Location Data service still turned on).

The video above was recorded on a brand new iPhone 11 Pro. The behavior appears to persist in the latest iPhone operating system (iOS 13.2.3) on iPhone 11 Pro devices. A review of Apple’s support forum indicates other users are experiencing the same issue. I was not able replicate this behavior on an older model iPhone 8 with the latest iOS.

This week Apple responded that the company does not see any concerns here and that the iPhone was performing as designed.

“We do not see any actual security implications,” an Apple engineer wrote in a response to KrebsOnSecurity. “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings” [emphasis added].

Apple has not yet responded to follow-up questions, but it seems they are saying their phones have some system services that query your location regardless of whether one has disabled this setting individually for all apps and iOS system services.

Granted, the latest versions of iOS give users far more granular control over the sharing of this data than in the past, especially with respect to third-party apps. And perhaps this oddity is somehow related to adding support for super-fast new WiFi 6 routers, which may have involved the introduction of new hardware.

But it would be nice to know what has changed in the iPhone 11 and why, particularly given Apple’s recent commercials on how they respect user privacy choices — including location information. This post will be updated in the event Apple provides a more detailed response.

02:42

Stradivariables [QC RSS]

violins break too easy

02:07

Link [Scripting News]

You may not like Bloomberg, but his new ad is the perfect Democratic candidate ad for winning in a landslide.

01:00

He Just Can't Quit the Guy Who Won't Quit Showing Up On His Porch [The Stranger, Seattle's Only Newspaper: Savage Love]

Savage Love Letter of the Day by Dan Savage

SAVAGE-Letter-of-the-Day-STAMP-2019.jpg

Longtime reader, first-time writer, etc., blah blah blah. I’ve always valued the advice and your columns have led me to some very major life decisions that were totally right and correct with no regrets on my part whatsoever. And now I’ve got a little problem that I feel you and definitely some of your readers will be able to help me with.

How do you keep an ex out of your life? An ex you're still in love with? An ex whose (non-sexual) presence in your life is joyous and wonderful until the moment he goes off to be with his boyfriend? Who he met when you were together but trapped in a sexless marriage?

That’s a lot of questions, I realize, but I need a lot of help. So this is about me, obviously. I met this guy and we started seeing each other but then we broke up... because I was married. Yeah, I guess I was a cheating piece of shit at the time. But soon after we broke up I scraped together the courage to tell my husband I needed out of our six-year-long sexless marriage. We decided to stay friends—me and the guy I was dating before I divorced—and I was and I am still desperately and hopelessly in love with him. I’ve had to block him on all social media as any thought of him with this other guy destroys me. But we message a lot and still see each other a few times a week. I’d even go as far as to say we’re best friends. Ugh. It’s all so complicated. I’ve tried ghosting on him to get him out of my life because I can’t take the pain anymore but then he just turns up at my house. I've told him that if can’t have everything I’d rather have nothing but he just won’t let me go. It’s torture. He tells me he needs me. And he does need me. And we are wonderful together. It’s just that he loves someone else. And I’m ok with that! But I can’t deal with that! How do I deal with that? Seems like an all-or-nothing thing to me but he won’t let me have nothing. He just keeps clawing his way back into my life.

What can I do?

Sad And Desperate Daddy's Erased Relationship

This isn't a complicated situation, SADDER. What you need to do is obvious—it's not easy, just obvious.

Basically, you've gotta stop acting like you're helpless and start using what leverage you have here, i.e. your time and attention. Which means telling this boy, if I may quote a personal hero of mine, that with you it's all or nothin'. You wanna be his boyfriend, not his friend, and the emotional bandwidth he's currently sucking up—all those phone calls, messages, and unannounced visits—is making it impossible for you to move on. You're wasting on him that would be better spent fucking randos off hookup apps because—who knows?—you could fall in love with one those randos, right? So tell your ex, again, and for the last time, that there's only one role you want to play in his life, SADDER, and that's the role of boyfriend, not best friend.

And if you can't be his boyfriend, you don't have any contact with him. None.

Okay, okay: what you need to do so obvious that you've tried it already and it didn't work. You asked him to exit your life and he refused to go. Which brings us to the hard part, SADDER: it's not enough to say you want him out of your life, you have to say it, mean it, and enforce it. Which means he can't show up at your house after you've asked him to fuck off and blocked on him social media. I mean, he can show up at your house, but he shouldn't. And if he does, don't let him in—literally or figuratively.

And who knows? You weren't single when you met. You are now. He's not single at the moment. He could be... and if he wants you in his life, he'll have to be. Bearing that in mind—constantly reminding yourself that telling him to fuck off unless and until he's single and available could result in your ex becoming single and available—may help stiffen your resolve. Because every time you refuse to get on the phone with him while while he's still with this other guy, every time you refuse to open the door to him while he's still with this other guy, every time you refuse to answer his texts while he's still with this other guy... brings you closer to the day when he calls, drops by, or texts to let you know he's single and available and wants back in your life on your terms.

Or it brings your closer to the day when you're so crushed out on some new guy in your life—you know, one of those randos you suddenly had time for—that you don't even want your ex back anymore.


••••••••••••••••••••••••••••

Listen to my podcast, the Savage Lovecast, at www.savagelovecast.com.

Impeach the motherfucker already! Get your ITMFA buttons, t-shirts, hats and lapel pins and coffee mugs at www.ITMFA.org!

Tickets to HUMP 2019 are on sale now! Get them here!

[ Comment on this story ]

[ Subscribe to the comments on this story ]

Savage Love [The Stranger, Seattle's Only Newspaper: Savage Love]

Should he offer a hot stranger sexual favors to get him to stop smoking? by Dan Savage

My ex-girlfriend, who I dated for nine months, called me two months after we broke up and accused me of giving her HPV. She was going on, telling me how I needed to tell any future person I had sex with that I have HPV. I'm a 38-year-old man, and I've never had any signs or symptoms of any sexually transmitted infections. I know HPV is very common, often clears up on its own, and cannot be tested for in men. What are your thoughts? Do I need to tell sexual partners that I have HPV?

Help Person Vacillating

Most people are infected with HPV—the human papillomavirus—at some point in their lifetime, most never develop symptoms, and in most cases the infection goes away on its own. There's an effective and safe vaccine that protects people from HPV strains that can cause cervical, anal, dick, or throat cancer—and everyone, regardless of age, should get vaccinated. And since people can develop symptoms years after their initial exposure, there's no way for your ex-girlfriend to know that you infected her. Or that she didn't infect you. Every sexually active adult should assume they've been exposed to HPV, that they have it or have had it, and conduct themselves accordingly.


I'm a gay man, and there's a guy I see on the bus who I find attractive in the extreme. I can't keep myself from looking at him. Now here comes the but: He smokes. I've been toying with an idea to convince him to quit. I want to slip a note into his pocket or backpack with the following proposal: "Let's make a deal. You give up cigarettes, and in return I'll give you a blowjob once a week for a year. I'm concerned about your health. Please consider." Other people who ride the bus also smoke, but I'm not inclined to make them the same offer. But it makes me sad knowing this guy smokes, and I want to get him to stop. If this idea is crazy, please say so—it will help me move on.

Before Undertaking Sincere Tobacco Eradication Deal

While your motives are no doubt pure—there's nothing in this plan for you, BUSTED, just the quiet satisfaction of putting a beautiful stranger on the path to better health—you don't know if this guy is attracted to you. But he's likely to react badly to your proposal even if he is. Because while you and I both know you're being entirely selfless—you're the Florence Nightingale of anonymous/no-recip blowjobs—this extremely attractive stranger is going to assume you're a delusional creep with boundary issues, because slipping a note like that into someone's backpack or pocket (which would require you to technically and legally assault him) is precisely the kind of thing delusional creeps with boundary issues do. And because delusional creeps with boundary issues do this sort of thing, BUSTED, good and decent guys like you can't do it without being misunderstood. So absent some sign of interest from this attractive stranger—like him staring back at you—you're going to do what any normal, non-delusional, non-creepy gay guy would do after seeing an attractive stranger on the bus: leave him alone while surreptitiously checking to see if he's on any of the gay hookup apps.


My wife is über-vanilla. She is willing to spank me and peg me, but she won't "take charge" of the situation. She's doing it to please me and expects me to signal approval throughout the process. As soon as a spanking gets to the point that I'm flinching and wanting it to stop, she stops. We've never gotten more than a few strokes into the pegging for the same reason. I don't really crave pain per se, but I want and need her to be in charge.

Seeking Pointers About Needed Kinks

One of the top reasons people choose safe words, SPANK, is so that they can scream, "Oh, God! Stop, please! I beg you! It's too much!" and the person who's spanking or pegging them knows that since they didn't hear "collusion" or "giuliani" or "zelensky," the spanking or pegging can continue. Not using the safe word is how a sub signals their approval throughout the spanking/pegging/whatevering process—or, at the very least, how a sub signals their willingness to endure the spanking/pegging/whatevering to please the top.


My long-term partner and I are in a soft Dom/sub relationship. Neither of us has been sexually or physically abused. I suffer mainly from depression and a little anxiety. Lately when the sex is great, I end up having a panic attack. If I have an intense orgasm and then he goes to town with penetration, there will be a point where I physically shove him off and then my body shakes and my breathing starts getting really fast and I start crying, and basically I'm having a panic attack. I feel terrible for my partner, because it's not really his fault. But somehow the physical overstimulation gives my body the "okay" to have a panic attack. It's happened a few times, and my partner is now hesitant to have sex. I want to be able to stop these panic attacks mainly for him. However, when I do have the panic attacks, I want to just cry and let everything out. But of course my amazing partner just wants to comfort me and get it to stop. Please help.

Problems Around Nookie-Induced Crisis

Panic attacks during sex are something you might want to explore with a therapist or counselor, PANIC. If you're already seeing someone about your depression and anxiety, please bring these attacks up with your provider. If you aren't seeing someone, please start seeing someone. As for your partner's hesitation to have intercourse, well, that's understandable. But there's an easy enough work-around: If an intense orgasm followed by go-to-town-style penetration triggers your panic attacks, then either don't do penetrative sex after you've had an intense orgasm or wait until after your partner goes to town to have your orgasm.


I've been in situations where I'm with my better half, rocking her world, giving her an orgasm, coming inside her, and she loves it. The next week, same scenario, she's moaning and groaning, I explode, and she says to me, "Did you come?" And I'm there thinking, "I thought I was pleasuring her like last time, and she suddenly can't tell when I exploded inside her?!"

What The Actual Fuck

Sometimes the person getting fucked (PGF) is paying close attention to the person doing the fucking (PDTF). The PGF is really taking the PDTF in, the PGF can see how close the PDTF is getting, the PGF knows just when the PDTF has arrived. But sometimes the PGF's eyes roll back in their head and they float the fuck away, WTAF, because the fucking feels that damn good. The PGF moans, the PGF groans, but the PGF is so lost in the physical and emotional sensations—they're getting so deeply into the dicking—that it's not until after the PDTF stops fucking them that the PGF even realizes the PDTF is done fucking them. So it's not a bad sign that your better half sometimes has to ask if you came, WTAF, it's a good sign.


On the Lovecast, meet the woman who's read ALL of Dan's columns since 1991. Listen at savagelovecast.com.

mail@savagelove.net

@fakedansavage on Twitter

ITMFA.org

[ Comment on this story ]

[ Subscribe to the comments on this story ]

00:35

Page 14 [Flipside]

Page 14 is done.

00:14

Tuesday, 03 December

23:42

McKinsey designed ICE's gulags, recommending minimal food, medical care and supervision [Cory Doctorow – Boing Boing]

Obama brought McKinsey and Co, the giant management consulting firm, into ICE to effect an "organizational transformation," so they were already in place when Trump took office, and as Trump pivoted to concentration camps, McKinsey had some suggestions to save money: cut back on food, medicine and supervision.

Propublica sued the US government and obtained 1,500 pages' worth of McKinsey/ICE memos thanks to the Freedom of Information Act. They document how McKinsey's sole focus was lowering costs and accellerating deportations, even if it meant inhumane conditions and gross miscarriages of justice, including some that certainly sent some asylum seekers to their deaths.

One official Propublica spoke to said that ICE's senior management found the suggestions inhumane, and argued against them, only to be shouted down by the McKinsey people. McKinsey drafted its own federal consulting contract -- ghostwriting it for ICE -- and cut themselves in for an additional $2.2m (they made more than $20m off the contract).

In 2018, Kevin Sneader -- McKinsey's global managing partner -- sent out a memo to all staff in which he lied about the work the firm had done with ICE, falsely claiming that the firm was not involved in developing immigration policies and that it would not "under any circumstances, engage in work, anywhere in the world, that advances or assists policies that are at odds with our values."

The ICE gulags today still run on principles established by McKinsey, and the undertrained sadists who staff them were hired in McKinsey-designed "super one-stop hiring" centers.

Within months, McKinsey was making significant strides toward advancing the Trump administration’s policy goals. The firm’s work showed “quantifiable benefits,” ICE officials stated in an October 2017 contracting document, “including increased total removals and reductions in time to remove a detainee.”

As some McKinsey consultants worked on the staffing challenge, others took aim at the logistical hurdles posed by an expected influx of detainees flowing from the Trump administration’s directive to enforce immigration laws more strictly.

The consulting team became so driven to save money, people involved in the project said, that consultants sometimes ignored — and even complained to agency managers about — ICE staffers who objected that McKinsey’s cost-cutting proposals risked jeopardizing the health and safety of migrants.

How McKinsey Helped the Trump Administration Detain and Deport Immigrants [Ian MacDougall/Propublica]

23:28

22:42

Norbert Preining: Debian breaking Unison (again) [Planet Debian]

Congratulations – Debian/sid now contains a unison binary that is incompatible with Debian/buster, the stable release. That means, everyone who relies on unison for file synchronization across servers (running buster) and development machines (running sid) is now busted. Trying to use the new binary from sid on buster also doesn’t work, due to GLIBC incompatibility.

For now the only solution I see is using the versions from Debian/buster and hold them, never to be upgraded for the next 2 years. At least that worked for me.

And BTW, the warning message that should be in NEWS(.Debian) didn’t make it into the binary builds …

22:14

Frustrated game devs automated the production of 1,500 terrible slot machine apps and actually made money [Cory Doctorow – Boing Boing]

Last March, game devs Alex Schwartz and Ziba Scott gave a presentation at the Game Developers Conference called "1,500 Slot Machines Walk into a Bar: Adventures in Quantity Over Quality in which they described how their own dissatisfaction with falling revenues from mobile app stores led them to muse about bulk-creating crappy apps and seeing if they could get paid.

They hit on the idea of churning out thousands of near-identical slot-machine apps, using a basic template they bought for $15; they then proceeded to automate the mass-production of more than 1,500 different slot machine games with every conceivable theme, from "tasteful sideboob" (removed from Google's app store) to "dolphins" and "canteloupe." Mining Google Trends for new themes, they began to target trends.

The whole thing made an improbable amount of money and generated investment offers. Eventually they got ditched by their ad provider and decided to walk away, but leave the automated system running. They document how it took years to fail.

The guys are very funny and clearly bemused and shocked by how well their crackpot idea worked. I love that they used nothing but terrible stock art for their slides.

Quality is overrated. Disheartened by all of the noise in the mobile ecosystem, speakers Alex Schwartz and Ziba Scott set out to determine the lowest bar for success on App Stores. They flooded the market with over 1,500 auto-generated slot machine games, got 1.6 million installs, made money (!!), received some very strange emails, made it big in Iran, and garnered a stupefying number of good reviews on Google Play. They even enlisted the talents of an honest-to-God MIT statistician.Take a fantastic tour of the weird, dark underbelly of the mobile app market. Marvel as the speakers share their experience with pushing the limits of automation as well as the rate limits of every public API under the sun. Silently judge the questionable ethics of their enterprise. By the end, you may be reconsidering your life choices as Alex and Ziba debate the merits of quantity over quality.

1,500 Slot Machines Walk into a Bar: Adventures in Quantity Over Quality [Alex Schwartz and Ziba Scott/GDC]

Make: a non-patent-infringing enclosure for your 3D printer [Cory Doctorow – Boing Boing]

3D printing is a dumpster fire of stupid, obvious patents, but thankfully many of these are expiring; this year, the stupid patent on putting sides on a 3D printer (extrusion printers are very sensitive to errant breezes and just a puff of wind can ruin a print that took hours, just minutes before it completes).

Now that the stupid patent has expired, the 3D printing world is tinkering with many possible designs for cases for 3D printers. Among them is Jay Doscher, a 3D printing enthusiast who's trying to figure out how to do 3DP at scale.

Doscher writes, "I was really inspired last year with Doctorow's book, Walkaway and it has had me thinking differently about making ever since. Part of that progression is this project- learning how to do small scale fabrication. I used waterjet parts, but many parts are 3D printed, and all of the designs are licensed under Creative Commons. I hope you like it!"

Learning to Scale - Rapid Manufacturing with Enclosures [Jay Doscher/Back7]

(Thanks, Jay!)

21:56

21:35

Link [Scripting News]

Chrome keeps coming up with new things to complain about my sites. I ignore them. I wonder how many web devs pay attention to Google's complaints?

Link [Scripting News]

I had a little health scare a few weeks ago. As you may know, I broke a rib in a bike accident in September. Mostly healed now. I had to go in for an X-ray and my doctor said there was a shadow that she didn't like. I should go for a CT-scan she said, let's find out what's going on. If it's lung cancer, that's good news, she said, we found it early and it's probably treatable. If we wait for symptoms then it's often not treatable. I smoked for 31 years, she reminded me, in case I was feeling sorry for myself. Heh. So I scheduled the test, had a couple of weeks to think about it. I was obsessed. Maybe she knows and isn't saying until she's absolutely sure. I was convinced that was it, and my life was about to change to the life of a cancer patient. I know a little about it because like pretty much everyone I know people who have cancer. My father died from it. Anyway, no cancer. Knock wood. But I had the benefit of thinking I had it. So I got that experience, without the awful chemo and radiation and possible dying. I feel very lucky. I decided to tell this story now to give you an idea why I don't care that Chrome hates my websites. I do what my doctor says, mostly -- I don't give a shit what Google wants me to do. As Logan Roy says, have a nice day. ;-)

Link [Scripting News]

Poll: How many phones do you carry?

20:42

The Supreme Court just heard the State of Georgia's argument for copyrighting the law and charging for access to it [Cory Doctorow – Boing Boing]

For years, rogue archivist Carl Malamud (previously) has been scanning and posting proprietary elements of the law, such as standard annotations or building and safety codes developed by outside parties and then incorporated into legislation, on the theory that if you are expected to follow the law, you must be able to read, write and share that law.

Along the way, Malamud has attracted numerous lawsuits from standards development organizations, publishers, national governments and state governments. Notably, the State of Georgia sued Malamud over his free publication of "The Official Code of Georgia Annotated," which is, as the name implies, the state's official version of its own laws. Malamud won on appeal and when the case headed to the Supreme Court, legal scholars, lawyers and law students lined up to sign an amicus brief on his behalf.

Yesterday, the Supreme Court heard oral arguments in Malamud's case. Gorsuch was skeptical of Georgia's claim that paywalling the law was necessary or proportionate, and the justices overall were not overly generous to Georgia's arguments that Lexisnexis's unpaywalled, unannotated version of the law (which is not the official version and also warns readers that it might be out of date) can substitute for the state's official laws.

The annotations in the annotated code summarize relevant judgments that are necessary to interpret the laws. Georgia does not publish an official, un-annotated version of its laws.

However, it's not a slam dunk. Breyer, Sottomayor and Kavanaugh were all tough on Malamud's lawyer.

The court is expected to rule by late June.

Justice Brett Kavanaugh also challenged Citron repeatedly on a variety of points. One set of comments emphasized the same distinction as Breyer’s, between the law and the annotations describing it. Kavanaugh pressed Citron to agree that it “would be a mistake” to treat the annotations as having any significance in the articulation of law. As Kavanaugh put it, “if you cited the annotations as binding law, that would be wrong.”

Another question from Kavanaugh pointed to an amicus brief by a group of states, which made what Kavanaugh described as “a very strong argument” that depriving the states of copyright protection for works like this likely would mean “that there’ll be fewer of these annotations.” Finally, Kavanaugh asked Citron whether he thought the justices should “interpret” the old Supreme Court cases (which predate the Copyright Act by more than a century) “in the direction of the Copyright Act, which clearly says states can get copyright protection for annotations?”

Argument analysis: Justices debate copyrightability of state legislative annotations [Ronald Mann/Scotusblog]

Justices debate allowing state law to be “hidden behind a pay wall” [Timothy B Lee/Ars Technica]

(Thanks, Darren Bedwell!)

Using the Challenger Disaster to illustrate the 8 symptoms of groupthink [Cory Doctorow – Boing Boing]

When Yale research psyhcologist Irving Janis coined the term "groupthink" in 1972, he identified eight symptoms of the pathology: the "illusion of invulnerability"; a "belief in the inherent morality of the group"; "collective rationalization"; "out-group stereotypes"; "self-censorship"; the "illusion of unanimity"; "direct pressure on dissenters" and "self-appointed mindguards."

The Space Shuttle Challenger disaster is one of the most studied disasters in history; University of Washington psych prof Jacob Leonesio uses it as a way to illustrate groupthink for his intro to psych course in a neat little explanation that shows how groupthink led the Challenger team to launch a spacecraft that many of them knew was not safe to launch.

6. Illusion of Unanimity. NASA managers perpetuated the fiction that everyone was fully in accord on the launch recommendation. They admitted to the presidential commission that they didn’t report Thiokol’s on-again/off-again hesitancy with their superiors. As often happens in such cases, the flight readiness review team interpreted silence as agreement.

7. Direct Pressure on Dissenters. Thiokol engineers felt pressure from two directions to reverse their ‘‘no-go" recommendation. NASA managers had already postponed the launch three times and were fearful the American public would regard the agency as inept. Undoubtedly that strain triggered Hardy’s retort that he was ‘‘appalled" at Thiokol’s recommendation. Similarly, the company’s management was fearful of losing future NASA contracts. When they went off-line for their caucus, Thiokol’s senior vice president urged Roger Lund, vice president of engineering, to ‘‘take off his engineering hat and put on his management hat."

8. Self-Appointed Mindguards. ‘‘Mindguards" protect a leader from assault by troublesome ideas. NASA managers insulated Jesse Moore from the debate over the integrity of the rocket booster seals. Even though Roger Boisjoly was Thiokol’s expert on O-rings, he later bemoaned that he ‘‘was not even asked to participate in giving input to the final decision charts."

Symptoms of Groupthink [Jacob Leonesio/University of Washington]

(via Four Short Links)

20:21

RSA-240 Factored [Schneier on Security]

This just in:

We are pleased to announce the factorization of RSA-240, from RSA's challenge list, and the computation of a discrete logarithm of the same size (795 bits):

RSA-240 = 12462036678171878406583504460810659043482037465167880575481878888328 966680118821085503603957027250874750986476843845862105486553797025393057189121 768431828636284694840530161441643046806687569941524699318570418303051254959437 1372159029236099 = 509435952285839914555051023580843714132648382024111473186660296521821206469746 700620316443478873837606252372049619334517 * 244624208838318150567813139024002896653802092578931401452041221336558477095178 155258218897735030590669041302045908071447

[...]

The previous records were RSA-768 (768 bits) in December 2009 [2], and a 768-bit prime discrete logarithm in June 2016 [3].

It is the first time that two records for integer factorization and discrete logarithm are broken together, moreover with the same hardware and software.

Both computations were performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software [4].

The sum of the computation time for both records is roughly 4000 core-years, using Intel Xeon Gold 6130 CPUs as a reference (2.1GHz). A rough breakdown of the time spent in the main computation steps is as follows.

RSA-240 sieving: 800 physical core-years
RSA-240 matrix: 100 physical core-years
DLP-240 sieving: 2400 physical core-years
DLP-240 matrix: 700 physical core-years

The computation times above are well below the time that was spent with the previous 768-bit records. To measure how much of this can be attributed to Moore's law, we ran our software on machines that are identical to those cited in the 768-bit DLP computation [3], and reach the conclusion that sieving for our new record size on these old machines would have taken 25% less time than the reported sieving time of the 768-bit DLP computation.

EDITED TO ADD (12/4): News article. Dan Goodin points out that the speed improvements were more due to improvements in the algorithms than from Moore's Law.

19:56

UK Apostrophe Protection Society surrender's, saying "ignorance and lazines's have won" [Cory Doctorow – Boing Boing]

Retired journalist John Richard's founded the Apostrophe Protection Society in 2001, its mission to convince people that apostrophe's denote missing letter's and possession, but never plurals.

Now Richard's is 96 and he's shutting down the society, saying that "fewer organisation's and individual's are now caring about the correct use of the apostrophe in the English Language...the ignorance and lazines's present in modern times have won."

For clarity: all the extraneous apostrophes in this post are my own, not Richards's'.

"Instead, within a month of my plaint appearing in a national newspaper, I received over 500 letters of support, not only from all corners of the United Kingdom, but also from America, Australia, France, Sweden, Hong Kong and Canada."

Apostrophe society shuts down because 'ignorance and laziness have won' [Tim Baker/Evening Standard]

(via Naked Capitalism)

(Image: William Murphy, CC BY-SA, cropped)

MMT: when does government deficit spending improve debt-to-GDP ratios? [Cory Doctorow – Boing Boing]

Modern Monetary Theory (MMT) (previously) is an alternative to neoclassical economics that holds that sovereign states that issue their own currency can't default on debts denominated in that currency (if you are the sole source of Canadian dollars and all your debts are in Canadian dollars, you can always pay those debts), and that deficit spending is normal (every dollar in circulation was "deficit spent," since the money to pay taxes enters the economy when the government spends it into existence), and that inflation isn't a mere function of government spending -- but rather, inflation occurs when governments and the private sector are bidding against each other for the same goods and services.

A more nuanced take on MMT spending is that some government spending improves the ratio of debt to GDP -- because the spending increases overall economic growth -- and some of it worsens that ratio. Governments can also change that ratio through taxation -- raising and lowering taxes changes the purchasing power of the private sector (at the top brackets, taxation can reduce the power of the super-rich to buy lobbyists and make campaign contributions that would allow them to distort national policy to serve their narrow interests).

Writing for the Carnegie Endowment for International Peace, Michael Pettis describes the outcome of his informal Peking University debt seminar on MMT, which evaluated the effects of policies that give to the rich, policies that give to the poor, and policies that increase infrastructure investment. Pettis and his students classify the outcomes of different starting conditions as "MMT Hell" (runaway inflation) or "MMT Heaven" ("conditions under which there are no intrinsic constraints on government spending").

Pettis describes giving money to the rich as being largely noninflationary, since the rich already have everything and they tend to squirrel their money away in investments, and these lead to growth that keeps the national debt-to-GDP ratio constant.

But giving money to the rich only works if there are productive investments for the rich to make. In the absence of these, you get asset bubbles, stock speculation, stock buybacks, and a wealth-transfer from poor people to rich people as speculation starts to impact housing, education, health, etc. This also weakens demand, because eventually no one but rich people has any money to buy stuff with (this all sounds eerily familiar, ten years after the bailout and a year after Trump's #taxscam).

Next, Pettis contemplates transfers to poor people. If there's a lot of economic slack -- weak demand, unemployment -- then giving money to poor people will spur growth and hold the debt/GDP ratio in check. It's MMT heaven.

But if there are systems that prevent the supply side from meeting the demand side -- if starting new businesses is too expensive due to monopolies, tight capital controls, regulation, etc -- then the new money injected into the economy starts to chase the same goods, driving up prices, creating inflation and sending you straight to MMT hell.

Then there's infrastructure investment. If infrastructure is weak, undermaintained, or missing, then investment in infrastructure will boost the economy, driving growth and holding debt/GDP constant (MMT heaven -- this is basically the story of Chinese growth).

But if the infrastructure investment takes the form of expensive boondoggles -- bridges to nowhere, empty Chinese cities built to keep property prices from crashing -- then the money injected into the economy will be chasing the same goods as the private sector, but there will be no productivity gains by the private sector from the useless infrastructure investment, so you're mired in debt, inflation and MMT Hell.

It is not clear to me that pure money creation under the positive circumstances listed above comes with comparable problems, so perhaps this means that governments should fund wealth-enhancing income transfers or productive investment mainly by creating money, not by borrowing. This suggests that hard-core MMT proponents are right when they say that governments don’t borrow or raise taxes to fund spending. Instead, they simply spend. The purpose of borrowing or raising taxes in those circumstances is to counter the impact that MMT can have in some cases, but not in all.

There are, on the other hand, cases in which governments can simply create money or borrow with no ill effects, that is to say, with no inflationary impact and no increase in the debt burden. As always in economics, the outcome depends on the underlying conditions.

So how do these insights apply to the world today? If they so choose, the U.S. and European governments should be able to create money or debt with no ill effects if the proceeds were used to fund needed infrastructure or to reverse income inequality by increasing the incomes of the poor and middle classes. Either way, productive investment would rise faster than debt or the money supply, as would the total value of goods and service produced.

MMT Heaven and MMT Hell for Chinese Investment and U.S. Fiscal Spending [Michael Pettis/Carnegie Endowment for International Peace]

(via Naked Capitalism)

A sweeping new tech bill from Silicon Valley Democrats promises privacy, interoperability, and protection from algorithmic discrimination and manipulation [Cory Doctorow – Boing Boing]

Reps Anna Eshoo [D-CA] and Zoe Lofgren [D-CA] have introduced HR 4978, the "Online Privacy Act," which is a comprehensive set of federal rules for privacy, interoperability, and protection from algorithmic discrimination and manipulation.

It's a big bill (132 pages!) and even the summary is an intense read, so I've only skimmed it. Based on that, I'm cautiously optimistic about it: the interoperability section (p26-30) tried to thread a bunch of difficult needles, including defining which companies are big enough to warrant interoperability mandates, both ongoing and one-time access to user data, and how privacy protections co-exist with interoperability obligations.

However, my cursory read leaves me concerned that much of the obligations on companies and rights for users have exceptions that are loosely defined -- companies have to do things that are "reasonable," or "proportionate" or "necessary," and it's not hard to see how that could be distorted into some vast loopholes.

That said, Lofgren is a seasoned legislator with a good track record -- she co-sponsored "Aaron's Law", which would have reformed the parts of the Computer Fraud and Abuse Act that were used to unjustly target Aaron Swartz and threaten him with a lengthy prison sentence, which led to his suicide in 2013.

The one-pager gives a good overview of all the things this bill is trying to do. It's an impressive attempt at sweeping reform, sort of a Sarbanes-Oxley for Big Tech, but like Sarbanes-Oxley, any bill this complicated has lots of room for mischief, amendment, and unintended consequences. There are a ton of legislative analysts poring over this right now and I'm really looking forward to reading what they have to say about it.

* Digital Privacy Agency (DPA). The bill creates a new federal agency to enforceusers’ privacy rights and ensure companies follow the law. While unique for the U.S., this wouldbenot the only privacy agency in existence. Every E.U. countryhas a privacy agency,and a California ballot initiative is proposing a new state agency. The DPA would be an independent agency with funding for up to 1,600 employees.

* User Rights.The bill gives users the right to:
 * access, correct, delete, and transfer data about them;
 * request a human review of impactful automated decisions;
 * opt-inconsent for using data for machine learning/A.I.algorithms;
 * be informed if a covered entity has collected your information; and
 * choose for how long their data can be kept.

* Company Obligations. Companies must:
 * articulate the need for and minimize the user data they collect, process, disclose, and maintain;
 * minimize employee and contractor access to user data;
 * not disclose or sell personal information without explicit consent;
 * not use third-party data to reidentify individuals;
 * not use private communications, (e.g., emails and web traffic) for ads or other invasive purposes;
 * not process data in a way that violates civil rights, e.g., employment discrimination;
 * only process genetic information in limited circumstances;
 * use objectively understandable privacy policies and consent processes, and may not use ‘dark patterns’ to obtain consent;
 * employ reasonable cybersecurity policies to protect user data; and
 * notify the agency and users of breaches and data sharing abuses, e.g., Cambridge Analytica.

* Enforcement
 * The DPA can issue regulations to implement this bill and issue fines forviolations.
 * The max money damage is the same as the FTC Act’s max ($42,530 per incident).
 * State attorneys general may also bring civil actions for violations of this bill.
 * Individuals may sue for declaratory or injunctive relief; individuals (not acting collectively) may sue for damages.
 * Harmed individuals and States may appoint nonprofits to bring collective,private civilactions for damages on behalf of users.

* Protections for Journalists.
 * Expressly allows journalists to use or disclose personal information for investigative journalism no differently than they do today. This applies so long as there are safeguards against using the information for non-journalistic purposes.

* Additional Provisions. The bill criminalizes doxxing; limits companies from using data to build behavioral profiles without consent; exempts small businesses from the most onerous requirements; prohibits the sale of government records with personal data without consent,and creates an Open Source Machine Learning Training Data Grant Program.

Eshoo & Lofgren Introduce the Online Privacy Act [Anna Eshoo/US Congress]

19:21

The name of podcasting, part N [Scripting News]

I've created commercial products, and no one ever said they named my product ThinkTank, Ready, MORE, Frontier, Manila, Radio UserLand, even if they thought of the name before I did. Because people respect commercial development.

The process for podcasting was no different, except we did it in the open and no one claimed ownership of the resulting product. This is the way new web standards were developed in the late 90s and early 00s.

Hammersley could have helped, but didn't. He made a lucky guess, and for that he deserves credit, but not for naming the product. It's possible that Dannie Gregoire, the person who does deserve the credit, got the idea from Hammersley, but I've never heard him say that. And he put in time and effort to help make podcasting real. So many people who poured their hearts into this work got little or no credit.

It has become established that Hammersley named our product, even though this is not true. That's the only reason I object. I think the truth matters.

Hopefully this makes it into the Wikipedia piece on the history of podcasting, if not, know that our system of fact checking and truth vetting is about as bad as can be. When people naively say that Facebook should be able to vet everything for truth, here's something that's easily shown to be false, has been contested for years, however the record never gets altered, and reputable reporters still cite the lie as fact. Probably will continue to for a long time, maybe always.

19:14

Firefox 71 [LWN.net]

Firefox 71 is available. New features include improvements to the Lockwise integrated password manager and native MP3 decoding. The release notes have more details.

18:49

Ben Hutchings: Debian LTS work, November 2019 [Planet Debian]

I was assigned 24.5 hours of work by Freexian's Debian LTS initiative and carried over 0.5 hours from October. I worked 21.25 hours this month, so will carry over 3.75 hours to December.

I released Linux 3.16.76, rebased the Debian package onto that, and sent out a request for testing.

I backported the mitigation for TSX Asynchronous Abort (CVE-2019-11135) and reporting of iTLB multihit (CVE-2018-12207) to 3.16 (this work started in October). I applied these and a GPU security fix, uploaded the Debian package and issued DLA-1989-1.

I backported the latest security update for Linux 4.9 from stretch to jessie and issued DLA-1990-1 for that.

I prepared and, after, review, released Linux 3.16.77 and 3.16.78. I rebased the Debian package onto 3.16.78 and sent out a request for testing.

18:28

Harry Shearer interviews Uber's smartest critic: Hubert "Bezzle" Horan [Cory Doctorow – Boing Boing]

Hubert Horan (previously) is a transport industry analyst who has written more than 20 essays for Naked Capitalism as well as two peer-reviewed scholarly articles explaining why Uber is a "bezzle" -- that is, a scam that can't possibly ever make money, no matter how much it preys on drivers, ignores passenger safety, and destroys safe, regulated taxi businesses. Harry "Mr Burns" Shearer interviewed Horan (MP3) on the latest episode of his radio show, Le Show. It's a fantastic interview that quickly gets to the meat of Horan's critique of Uber, and then digs into both the ridiculous defenses that Uber and its defenders mount of its possible sustainability, and the social circumstances that allowed Uber to bezzle $21b from its investors in just a few years, while still attracting more investors. (Image: Tarcil, CC BY-SA, modified) (via Naked Capitalism)

17:42

Reading the "victory letter" a white nationalist sent to his followers after getting $2.5m from UNC, it's obvious why he tried to censor it [Cory Doctorow – Boing Boing]

Last week, just before everything shut down for Thanksgiving, the Republican-appointed Board of Governors of the University of North Carolina handed $2.5m to the white nationalist Sons of Confederate Veterans, claiming it would settle a lawsuit over the removal of a Confederate "Silent Sam" statue from campus -- but as local litigator T Greg Doucette sleuthed out, the lawsuit was filed after the governors voted the settlement, and the Sons of Confederate Veterans appeared to have no standing to sue, as it wasn't their statue, and even if it was, the university would not face legal liability for its students removing it.

After the holiday weekend, Doucette went to the courthouse and scanned all the documents about the giveaway, including a "victory letter" sent by SOCV "commander" Kevin Stone to his followers, which Stone then had Dropbox remove from the internet by falsely claiming copyright infringement.

Now, Doucette has published the letter to Twitter, and it's easy to see why Stone didn't want it in the public eye. In addition to being peevish, longwinded, petty and sectarian, the letter makes it clear that the Sons of Confederate Veterans and UNC's Board of Governors knew that they wouldn't have standing to sue the university over the Silent Sam statue. It also makes it clear that attempts to push legislation to allow SOCV to sue the university were dead on arrival, that the objective of the litigation was to hurt UNC to punish it for failing to defend white nationalism, and that UNC President Bill Roper and UNC General Counsel Tom Shanahan engineered the payout, greasing it through the Board of Governors.

The letter also reveals that UNC insisted on secrecy about all of this, including and especially the matter of standing, in a bid to prevent its own stakeholders from learning that the $2.5m did not have to be transferred to white nationalists.

(I am a visiting professor of practice at UNC's School of Information and Library Science)

17:07

Today in GPF History for Tuesday, December 3, 2019 [General Protection Fault: The Comic Strip]

Ki isn't so sure that Nick's parents are ready to meet Fred and Persephone...

16:56

"Harbinger households": neighborhoods that consistently buy products that get discontinued, buy real-estate that underperforms, and donate to losing political candidates [Cory Doctorow – Boing Boing]

In The Surprising Breadth of Harbingers of Failure (Sci-Hub mirror), a trio of economists and business-school profs build on a 2015 Journal of Marketing Research paper that claimed that some households' purchasing preferences are a reliable indicator of which products will fail -- that is, if households in a certain ZIP code like a product, it will probably not succeed. The original paper calls these "harbinger households."

In the new paper, the researchers consider very large data-sets on consumer goods and fashion purchasing, house-buying, and political donations, to examine whether being a "harbinger household" correlates to other predictors of failure, and find that these households are also likely to buy real-estate that makes lower profits (or generates larger losses) than nearby properties; they are likely to buy fashion and consumer goods that get discontinued due to lackluster sales; and they are more likely to donate to losing politicians' campaigns than winners.

The researchers also claim that harbinger households voluntarily cluster: that when a harbinger household moves, it is likely that it will move to another habringer ZIP code (and nonhabringers move to nonhabringer households). Moreover, harbingers don't appear to learn their preferences from one another -- a nonhabringer household that locates in a harbinger ZIP code doesn't alter its purchasing and political contributions to "loser" products and candidates.

Harbinger households tend to be white, suburban and headed by older, less-educated single parents. They tend to make above-average use of coupons, and the coupons they use have above-average values.

The researchers don't claim a causal relationship between these different factors -- donating to losing political candidates doesn't make you prefer Crystal Pepsi, for example -- but rather speculate that there is an "unobserved intervening variable" that explains both factors.

Using data from multiple sources, we have shown that the phenomenon of harbingers is surprisingly widespread. We begin by showing that harbinger zip codes exist. Households in these zip codes are more likely than households in other zip codes to purchase new products that fail. Their adoption of a new product is a signal that the new product will fail. We interpret this finding as evidence that households in these zip codes have tendencies that are not representative of households in other zip codes. We then show that the evidence of unusual tendencies extends across retail product categories and across retailers.

What makes these results particularly surprising is that while we measure the average outcome for a zip code, relatively few households in each zip code participate in each decision. Not every household purchases from the retailers that we study, and relatively few households contribute to congressional election candidates. Moreover, the households that participate will often be different households for each decision. Itis unlikely that the households that purchase from one retailer are all the same households that purchase from the other retailer. They are also unlikely to all make donations to congressional election campaigns. Despite this, we observe similarities in zip code–level decisions across these different purchasing contexts.

We explore two explanations for why households with unusual tendencies cluster together. This analysis uses a sample of households that changed zip codes and reveals that house-holds that moved from a harbinger zip code tended to move to another harbinger zip code. Similarly, households that started in a nonharbinger zip code generally moved to another non-harbinger zip code. This suggests that harbinger zip codes arise at least in part from customers choosing to cluster with other households that have similar tendencies. We did not find any support for the alternative explanation that customers learn their tendencies when they move into a harbinger zip code. It appears instead that harbinger tendencies are relatively sticky and that harbinger households bring their tendencies when they change zip codes, rather than learning them when they get there.

The Surprising Breadth of Harbingers of Failure [Duncan I. Simester, Catherine E. Tucker and Clair Yang/Journal of Marketing Research] (Sci-Hub mirror)

(Image: Mike Mozart, CC BY)

16:21

Link [Scripting News]

Interesting point. Brian Kelly thinks Scripting News should not remember the tab you were at from visit to visit.

Link [Scripting News]

I encourage readers to see this blog as a piece of software. If you get an idea on how to improve it, I'm interested in knowing about it. I wrote all the code for it, so I can relatively easily add or tweak features.

16:14

Security updates for Tuesday [LWN.net]

Security updates have been issued by Arch Linux (intel-ucode and libtiff), Debian (exiv2), Oracle (SDL), Red Hat (kernel, patch, and python-jinja2), and Ubuntu (graphicsmagick, linux, linux-aws, linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-lts-xenial, linux-aws, and sqlite3).

Giving Tuesday 2019 [Humble Bundle Blog]

Every year, your contributions to Humble Bundle make a difference. Whether you subscribe to our monthly gaming subscription or buy

Continue reading

The post Giving Tuesday 2019 appeared first on Humble Bundle Blog.

15:42

Russia Blocks Shutterstock Domain, Restricting Access to Legitimate Copyrighted Content [TorrentFreak]

Many countries around the world have systems in place to block access to copyright-infringing content and even entire sites.

Russia’s system is particularly streamlined and has resulted in large volumes of pirate sites being rendered inaccessible to the country’s citizens.

However, Russia’s blocking system isn’t only used to protect rightsholders. It’s regularly used to prevent access to terrorism-related material and other content considered dangerous to the public or even insulting to the state.

On November 28, 2019, US-based stock footage site Shutterstock appeared on Russia’s registry of banned domains. Authority for the blocking was granted by the Prosecutor General’s Office on November 13, 2019, and as shown in the image below, covers one domain and two IP addresses.

Source: RUBlacklist.net

At first view, one might consider this to be a copyright infringement issue. However, those who visit the URL detailed at the top of the notice will find what appears to be an image of a Russian flag placed in the middle of a pile of excrement. Russian authorities do not take kindly to their national symbols depicted in such a fashion and have laws in place to prevent it.

As a result, Russian ISPs are now blocking two Shutterstock-related IP addresses (one in Germany, one in the Netherlands) which are both operated by cloud company Akamai. Whether other sites using the same IP addresses are also being affected is currently unclear.

For good measure, Russia is also targeting the image.shutterstock.com domain. As highlighted by Russian digital rights group Roskomsvoboda, which first reported the news, this is particularly problematic since rather than tackling just a single URL, a whole HTTPS subdomain is in the register.

While overblocking is never welcome, the great irony here is that while the Russian blacklist is often used to protect the rights of content creators, it is now effectively restricting their ability to do legitimate business in Russia via Shutterstock. Whether the company will remove the image to resolve the matter remains to be seen.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

The automotive emergency kit is not a toy [The Old New Thing]

Back in 1992, Microsoft was small enough (11,542 employees) that the entire company could get together for a meeting in one place. Mind you, that one place was a large multipurpose arena, but at least we all fit in there.¹

It was customary at the time that at the end of the meeting the attendees receive a gift, customized with the Microsoft logo, of course. In 1989, the gift was a pair of very nice binoculars, suitable for your next hike or birdwatching expedition. What a lot of them ended up being used for was spying on other employees by looking into their window office from your own window office. (Note: Requires window office, not included with binoculars.)

In 1992, the company meeting gift was a small automotive emergency kit. Inside a red bag were a few items:

  • Jumper cables. From personal experience as well as conversations with others, these were far and away the most-used items from the kit.
  • A flashlight.
  • A can of aerosol tire inflator.
  • A plastic sign that said SEND HELP, for placement in your rear window. This was long before everyone had a mobile telephone.

While the jumper cable was the most useful part of the kit, the most fun part was the SEND HELP sign, since you could hang it semi-ironically on your door or in your window.

Shortly after the meeting, a message was sent to all employees asking them not to put the SEND HELP sign in outward-facing windows, because someone might think it was a genuine call for help and call the police.

¹ Although the stated capacity of the Kingdome was around 50,000 people, that number assumes everyone is there to watch a sporting event. For a meeting, lots of the seats become unusable because they are to the side of or behind the stage. In fact, for the 1992 meeting, we didn’t even sit in the stadium seats. We sat in folding chairs set up on the field.

 

Attention vs. the chasm [Seth's Blog]

I’ve heard from people who have theorized that Tesla’s window-breaking launch of the super-brutal pickup truck was either an intentional fail (look at all the publicity they got!) or a success (look at all the pre-orders they got!). The thinking goes that all attention is good attention, and that in our ever-faster, attention-starved marketplace, all that matters is clicks.

One way they’re thinking about it: Attention is the new innovation. I don’t agree.

A decade ago, innovation was the way to earn action from the early adopters. Innovation got you into Wired, innovation gave your fans something to talk about, innovation satisfied people in search of the new.

But marketers in search of widespread impact learned an important lesson: Innovation is fun, but innovation isn’t the answer to the challenge of reaching a larger audience.

Moore’s Crossing the Chasm helped marketers see that while innovation was the tool to reach the small group of early adopters and opinion leaders, it was insufficient to reach the masses. Because the masses don’t want something that’s new, they want something that works, something that others are using, something that actually solves their productivity and community problems.

Therefore, to move to a bigger market, tech companies need the network effect and they need patience. Tim Cook created the profitable engine that is Apple by abandoning nerds like me and focusing on making a low-innovation luxury product instead.

Amazon innovates in some areas, but their online shopping (and AWS) are insanely boring, stable and focused on reaching more people.

[Note! There’s no requirement to seek a mass audience. It’s a choice. That’s why most of us are better off serving the smallest viable audience, not jumping through the cycles necessary to cross the chasm.]

The lesson is simple:

Early adopters are thrilled by the new. They seek innovation.

Everyone else is wary of failure. They seek trust.

Back to Tesla. They’ve spent billions trying to move from a weird nerd vehicle for geeks to a mainstream car audience. And it’s working. The Model 3 is reaching people who didn’t even consider the original Roadster. This type of customer (which means most people, perhaps 80% of any market) is asking questions about reliability and wondering what they’ll tell their friends and spouse if they buy one. (If this sounds familiar, the very same thing happened with the Mac from 1984 until 1998… almost fifteen years of slowly moving to ‘normal’.)

Can I trust this brand? Can I trust this product to keep its promises? Can I trust my social circle to applaud my choice?

If Tesla was trying to continue along this proven route, the right move would be to make a pickup truck (which is, surprisingly to some, the bestselling single car model in the US) that would have done to the Ford F150 what the Model 3 does to a mid-market Mercedes. Innovative, but not too. Better, in all the ways that the mass market cares about. New, of course it’s new, but new and trustworthy.

The first customers would have been innovators (that’s always who the first customers are) but they would have had a story they could easily tell to their friends and family. The story of, “I’m smart and bold and connected and this is obviously a better choice.”

But instead, in this new age in which attention is a substitute for useful innovation, they burned that trust by seeking attention instead.

The thing is, innovation has long-term benefits for all of us. The craven search for attention at all costs does not.

Musicians have figured this out–every new song has to push the envelope, has to somehow make things better and be new enough to matter–but at the same time, they can’t burn the trust of audience they’ve earned to date. The Who can smash guitars and Dylan can mumble, but Kenny G can’t do either.

When everyone is a marketer and when everyone has a platform and when everyone can burn trust to seek attention, this is a useful lesson for each of us. Because in the short run, while attention can feel like a proxy for innovation, when it comes to actual commitments, most customers choose trust instead of commotion.

15:35

Link [Scripting News]

An open podcast to Jack Dorsey, CEO of Twitter. It's way too long and rambles too much, but the idea is imho worth 16 minutes.

Link [Scripting News]

Vulture has a list of lists of best TV shows of 2019. I find some of their choices hard to fathom. Deadwood Movie was awful, imho -- and it wasn't a TV show, yet it's on a list. Anyway I'd love to have a list of all the shows so I could pick my own top 10. Amazon, Netflix, HBO, Showtime, Hulu and a few others. I'm sure I only watched about a dozen shows total, no more, so while the list of possible shows is huge, the actual top ten lists wouldn't be that hard to come up with.

Link [Scripting News]

We had a good size winter storm at my country house in the last couple of days. It's the kind of storm that's mostly wet in NYC, where I lived previously, but up here it was first heavy snow, then it got lighter. So the first time I shoveled the walkway to the car it was heavy lifting and the second time, light and easy. Perhaps 1.5 feet of snow. I drove down the road before it was plowed, having an AWD is great, and noted that someone had been cross country skiing on my road, I was envious. I took note of where the tracks came from, and went. The air is cold and clear, it feels like one of those mornings in Utah, it's the best first moment of a day anywhere. Later we'll be on top of the mountain looking down at the village, and thinking man this is as good as it gets. I have to figure out how to either ski or ride my bike in this weather. Probably both. I live about 1/2 hour from a ski area. It isn't Utah, or the Alps, but it is mine. 🎿

15:28

Wielaard: A public discussion about GNU [LWN.net]

Mark Wielaard has posted a summary of the discussion thus far on the governance of the GNU project. "The mentoring and apprenticeship discussion focused on the GNU maintainers as being the core of the GNU project. But as was pointed out there are also webmasters, translators, infrastructure maintainers (partially paid FSF staff and volunteers), education and conference organizers, etc. All these people are GNU stakeholders. And how we organize governance of the GNU project should also involve them."

14:56

GFL – Page 0004 [Looking For Group]

Grouping For Looks is a page-by-page retelling of the Looking For Group saga through the lens of a mirror universe where Cale is a goateed tyrant and Richard is a holy soul trying to set him on a good path. […]

The post GFL – Page 0004 appeared first on Looking For Group.

14:00

Use your people as competitive advantage [Radar]

In a fast-paced digital world, it is tempting to suppose that deploying the latest technology is the lynchpin to competitive advantage. Extremely powerful digital technologies are now accessible to most companies—meaning you must find new ways to distinguish yourself in a crowded field.

One very effective method for unearthing strategies that differentiate your organization from everyone else is to leverage your people as a competitive advantage. “Using people,” in this context, means placing an emphasis on any full-time employee, contractor, partner, supplier, gig worker, etc., who is part of your extended ecosystem of strategy and delivery. These are the groups and individuals who provide the fuel to make your technology engine work. You will find them interspersed inside and outside your organization, and it is your task to harness their collective power to build a coalition of support for your business. If you do this well, you can use ecosystem engagement as a way to build stickiness between your organization and employees. As we progress through this latest digital era, we are starting to see more strength in numbers—particularly from unexpected partnerships that provide different perspectives and allow ideas and innovation to originate from a variety of sources. By embracing cognitive diversity, these partnerships thrive because they’ve learned how to tap into a variety of players in order to design and deliver a compelling solution. Each time you tap into it, your people ecosystem presents a blank canvas of potential innovation, and capitalizing on their insight and adaptability creates new opportunities for unique advantage.

Organizations that struggle to keep or fully engage their people ecosystem may find themselves facing the quandary of having people who once worked with them or for them easily becoming foes. History shows us that not recognizing the latent talent in your untapped, disengaged employees creates a hazard for your organization: a cohort of employees who understand your strategic priorities and what you value and use that knowledge to compete, providing new services aimed at dissatisfied customers looking for new options. Armed with the quick and easy tools that make spinning up a startup or a competitive initiative effortless, former employees can quickly wreak havoc on your best-laid plans—something that it used to take a much larger organization to accomplish. What can you do? Go on the offense, pursuing a strong people-based competitive advantage to build a vibrant ecosystem of employees and partners who feel valued and aligned with your organizational goals.

A significant challenge you might face when you are looking to strengthen your people ecosystem is the temptation to continue operating within your traditional mode of working, and within your traditional types of relationships. Your old ways of working required one level of engagement, but to exploit the power of the digital economy, you have to bring new players into the ecosystem and be far more intentional about the way you interact with them to use their capabilities. As you do this, you will quickly find that what it takes to make one group or person happy is not what it takes to make another group or person happy, and you will constantly negotiate outcomes to ensure everyone feels like they are in a win-win scenario. The digital economy moves at a frenetic pace and causes massive changes in personal and societal expectations. Solutions that worked just a few years ago will no longer keep customers and partners happy. That’s why it’s vital that you maintain an environment where people feel they are in a win-win relationship and they see your success as something that’s good for them. Leaders who assume they have good relationships with freelancers, contractors, or suppliers can quickly find themselves struggling with the same concerns vocalized by disengaged employees, and this type of disconnect can dramatically impact your level of output. You lose a great deal of innovation capacity when you can no longer count on people to give the extra effort that comes because they are autonomously motivated to succeed. To keep everyone happy and excited at the same time, you will need an agile engagement approach. That means the painstaking work you do today to build a high degree of engagement with your people may have to be revisited often to keep them invested in your organization.

If you want to develop a strong, competitive advantage built on the expertise of people in your ecosystem, you should focus on five key strategies:

  1. Discover what your customers deeply value. Develop a cross-functional, inside-out team that focuses intensely on this issue. Nothing works better to discover what your customers value than to have a diverse group of people who can relate to and reflect the customer base. For instance, rather than using all of your talent to concentrate on delivering better features to existing customers, use some of your talent to uncover and solve new problems. This will help you move from a product-centric approach to a customer-centric approach.
  2. Have a value proposition that people can engage with. Creating a company identity, placing your company in the marketplace, making clear what you hope to accomplish, the future you want to achieve, and communicating all of that to those you work with provides the raw materials for engagement, for helping those employees, partners, contractors, and even gig workers find a place for themselves in your company’s future.
  3. Recognize that great people are everywhere in your organization, tucked away where you can’t see them. Look for talent spread out through every level in your company and start to use that talent in new ways. Some of your best opportunities for ideation will come from crowdsourcing innovation up, down and across your team. For instance, when leading a technical team, use traditional technical skills like understanding objects, understanding layers, or understanding components in a LEGO-like architecture, and use those functional skills as analogs to the soft skills that help team members understand leadership and how the different parts of the organization relate to each other. Help team members recognize that there are layers to the way that the business works, layers to the way that people work, or layers to relationships. Help people with high potential understand how all parts of the business work together and demonstrate how to conceptualize new ways to use old processes. Transform team knowledge from solely a functional or technical capability to a business capability, and work with your staff to be very deliberate about the roles and opportunities they take or the places where they invest their time.
  4. Build teams with cognitive diversity. Deliberately look for people and partners who come to the table from different paths in life. Have multi-generational, multi-ethnic, geographically dispersed teams that understand how to work well together by leaving bias at the door. Have multi-disciplinary teams pour through your data with the express assignment of finding new problems to solve. Recognize that just because you invited everyone to the table, that does not mean they all have the courage to speak up. Provide prompts and cues to ensure team members participate, describing their findings, testing their ideas, and sharing insights into their thought processes. This will spur collaboration, spark innovative ideas within others, and remove the stigma associated with failure. To help move this forward, design your meetings to enable every voice in the group. Talk openly about great attempts that failed, share team successes, and give room for even the most silent participants to open up and share their thoughts. People can often believe the smartest person in the room is also the most confident person in the room, and that’s not always the case. You can frequently have very astute team members with a wealth of knowledge built from their path in life and professional experiences, but they might lack the confidence or interest in speaking up in front of a group. Create a standard knowledge sharing process so team members can exchange discoveries and discuss ideas in open and honest ways.
  5. Allow employees to move around in order to develop different capabilities. You’ll want to discover early in your team members’ careers what they might want to do later in life. This is true for your partners and suppliers just as it is for your employees. Spend some time discovering their capabilities. Some people might transition into great business leaders, others might become great technical leaders, and others might become strong master contributors who really know your customers and your business well. Regardless of the track they choose, you want use their capabilities strategically so they stay engaged and excited about solving your most pressing business problems. Whether it’s working as a coder, designing a strategy, or understanding the bowels of the enterprise and how to get things to move when they are stuck, allow team members to grow and be useful in ways that create opportunities in a variety of places. Give them a chance to travel, take on choice assignments, work remotely, change jobs and roles, dabble in fringe interests, or work together on pet projects. This means you will have to hand off commodity work to more junior staff so your senior leaders can grow organically in ways that work for them and the organization. If you overlook this, your people can feel stagnant and will look to create opportunities for movement on their own, which means they will likely look for employment elsewhere.

As you focus on these areas, you will naturally see new and different capabilities emerge. Recognize these capabilities in your people not just for what they can do for you now, but for what they can do for you in the future, and then strategically position them so they can help you transform the business. Placing people in flexible roles helps them come up with autonomous innovation because the deeper they get into technology, the content, or their knowledge of the business, the more they uncover opportunities for you to get better, to modernize, to offer new solutions, or to have the next big thing that might transform the industry. Instead of looking at your people solely as tools to fulfill your current work, look at them as opportunities to uncover new jobs, expand your offerings, design new partnerships, discover a new mission, and recognize new customers. By doing that, you will have a talent advantage that cannot be duplicated.

Four short links: 3 December 2019 [Radar]

  1. Oxide.computer — a new hardware company, looking to make on-prem easy. (There are still a lot of applications for on-prem) Read Jessie Frazelle and Bryan Cantrell‘s blog posts for more background. The pendulum always swings between local and remote. Web was a huge breakthrough because it was remote info services, but eventually mobile had its day. Web 1.0 was built on pricey on-prem iron, which (with Moore’s Law) brought economies of scale that meant Google, Amazon, Twitter, etc., could build vast data centers for their own use—some of which then became clouds for others to use, the value being fast scaling from zero to zillions. Now there are signs of life in the on-prem again, where value is privacy, control, and so on. It’s always interesting times in this industry.
  2. Symptoms of GroupthinkIllusion of Invulnerability; Belief in Inherent Morality of the Group; Collective Rationalization; Out-group Stereotypes; Self-Censorship; Illusion of Unanimity; Direct Pressure on Dissenters; Self-Appointed Mindguards.
  3. Count BayesieVideo and lecture notes from a tutorial on probability and statistics given at PyData NYC 2019. This tutorial provides a crash course in probability in statistics that will cover the essentials, including probability theory, parameter estimation, hypothesis testing, and using the generalized linear model—all in just 90 minutes! A truly great name.
  4. A Distributed Meeting Primer (Rands in Repose) — sound tactical advice for good meetings with remote team members. As the host, schedule meetings at X:05 or X:35 and get there at X:00 to make sure all technology is set up for a distributed meeting. Not only does this make sure the meeting starts on time, but it sends an important signal. How often have you had a meeting where seven minutes in someone asks, “Where’s Andy?” Well, Andy is distributed, and no one turned on the video camera. More importantly, Andy has been sitting in his home office for the last seven minutes wondering, “Did they forget me?”

13:21

Dropping arrest warrants [Richard Stallman's Political Notes]

The DA of Norfolk County, Massachusetts, is looking for old arrest warrants to discard because they are somehow obsolete or pointless.

I think he should go further. For crimes that are not violent or terribly serious, the warrants should be discarded after some years.

Methane threat [Richard Stallman's Political Notes]

Scientists do not have enough knowledge to estimate how fast methane is leaking out of the ground and sea bottom into the air, and can't begin to predict how much this will contribute to global heating in the future.

If it happens fast, it could push the ecosphere's temperature up by 7 degrees C. This would be likely to kill most of humanity, perhaps even all.

Demands to Amazon [Richard Stallman's Political Notes]

Protests in several countries demand that Amazon treat warehouse employees better.

I support this, but it does not go far enough. We must require Amazon to allow anonymous purchases, and we must help other companies compete with Amazon so that it ceases to control a large fraction of online sales.

Student protest in Liverpool [Richard Stallman's Political Notes]

Students at Liverpool University were told it was illegal for them to support striking teachers, so they blocked a building instead.

Urgent: stop funding anti-abortion legislators [Richard Stallman's Political Notes]

US citizens: call on Amazon, Walmart, and Target to stop funneling money to anti-abortion legislators.

If you call, please spread the word!

Global heating spreading diseases [Richard Stallman's Political Notes]

Global heating is spreading dengue fever to cities and countries where it did not exist before.

Corbyn on terrorism [Richard Stallman's Political Notes]

*UK's military interventions have fueled terrorism, says Corbyn.*

Corbyn has courage that other politicians lack.

Landlord spying [Richard Stallman's Political Notes]

Tenants in Atlantic Plaza Towers campaigned against installing face recognition cameras and got the landlord to back down.

It should be illegal to install face recognition cameras in a residential building, except for cameras installed inside an apartment by the residents of that apartment.

Anti-abortion Ohio [Richard Stallman's Political Notes]

Ohio has already prohibited abortion (though this law has not been approved by courts). Now its Republican-gerrymandered legislature is planning to define a fertilized egg as a human being. This means women would be imprisoned for failing to carry it to term.

The law would also forbid doctors from treating an ectopic pregnancy (by requiring them to do the impossible afterward). Without treatment, ectopic pregnancy carries a substantial chance of death.

Students and plutocrats [Richard Stallman's Political Notes]

There was a large student climate strike, but the kept politicians continue doing their job for the planet-roasting plutocrats.

Whatever Holiday Gift Guide 2019, Day Two: Non-Traditionally Published Books [Whatever]

Today is Day Two of the Whatever Holiday Gift Guide 2019, and today the focus is on Non-Traditionally Published Books: Self-published works, electronically-exclusive books, books from micro presses, books released outside the usual environs of the publishing world, and so on. Hey, I put my first novel up on this very Web site years ago and told people to send me a dollar if they liked it. Look where it got me. I hope you find some good stuff today.

Please note that the comment thread today is only for non-traditional authors and editors to post about their books; please do not leave other comments, as they will be snipped out to keep the thread from getting cluttered. Thanks!

Authors/editors: Here’s how to post in this thread. Please follow these directions!

1. Authors and editors of non-traditionally published books only. This includes comics and graphic novels, as well as non-fiction books and audiobooks. If your book has been traditionally published — available in bookstores on a returnable basis — post about your book in the thread that went up yesterday (if you are in doubt, assume you are non-traditionally published and post here). If you are a creator in another form or medium, your thread is coming tomorrow. Don’t post if you are not the author or editor, please.

2. Completed works only. Do not post about works in progress, even if you’re posting them publicly. Remember that this is supposed to be a gift guide, and that these are things meant to be given to other people. Likewise, don’t just promote yourself unless you have something to sell or provide, that others may give as a gift.

3. One post per author. In that post, you can list whatever books of yours you like, but allow me to suggest you focus on your most recent book. Note also that the majority of Whatever’s readership is in the US/Canada, so I suggest focusing on books available in North America.

4. Keep your description of your book brief (there will be a lot of posts, I’m guessing) and entertaining. Imagine the person is in front of you as you tell them about your book and is interested but easily distracted.

5. You may include a link to a bookseller if you like by using standard HTML link scripting. Be warned that if you include too many links (typically three or more) your post may get sent to the moderating queue. If this happens, don’t panic: I’ll be going in through the day to release moderated posts. Note that posts will occasionally go into the moderation queue semi-randomly; Don’t panic about that either.

6. As noted above, comment posts that are not from authors/editors promoting their books as specified above will be deleted, in order to keep the comment thread useful for people looking to find interesting books.

Now: Tell us about your book!

12:49

The Story of Tiversa [Schneier on Security]

The New Yorker has published the long and interesting story of the cybersecurity firm Tiversa.

Watching "60 Minutes," Boback saw a remarkable new business angle. Here was a multibillion-dollar industry with a near-existential problem and no clear solution. He did not know it then, but, as he turned the opportunity over in his mind, he was setting in motion a sequence of events that would earn him millions of dollars, friendships with business élites, prime-time media attention, and respect in Congress. It would also place him at the center of one of the strangest stories in the brief history of cybersecurity; he would be mired in lawsuits, countersuits, and counter-countersuits, which would gather into a vortex of litigation so ominous that one friend compared it to the Bermuda Triangle. He would be accused of fraud, of extortion, and of manipulating the federal government into harming companies that did not do business with him. Congress would investigate him. So would the F.B.I.

12:28

11/29/18 PHD comic: 'Academic Conclusions' [PHD Comics]

Piled Higher & Deeper by Jorge Cham
www.phdcomics.com
Click on the title below to read the comic
title: "Academic Conclusions" - originally published 11/29/2018

For the latest news in PHD Comics, CLICK HERE!

12:21

CodeSOD: An Utter Mockery [The Daily WTF]

Today's submitter gave us their name as simply ImminentBurnout. IB works at a company that uses Python and has strong opinions about unit testing. They don't have much understanding to go...

11:00

Europol Seizes Over 30,000 Copyright Infringing Domains, But Which Ones? [TorrentFreak]

In 2010, the US Department of Justice (DOJ) and the Department of Homeland Security began their first rounds of domain name seizures.

Under the flag of “Operation In Our Sites” the authorities shut down a dozen file-sharing and streaming sites, as well as many sites that sold counterfeit goods.

The action had a massive impact at the time. It resulted in several high profile arrests, including those of several NinjaVideo operators. However, they were not without controversy either.

Several sites that were accused of piracy fought back. As a result, U.S. authorities had to return the domain name of sports streaming site Rojadirecta after a few months. And years later, the DoJ also dropped its case against torrent search engine Torrent-Finder.

Despite this rocky start, Operation In Our Sites continued. In fact, the number of seizures only increased and by 2012 the campaign expanded internationally as well, with Europe joining in.

Over the past years, the number of targeted domains continued to grow. Last year, the US National Intellectual Property Rights Coordination Center said it took down over a million domains in just a year. An unprecedented number, but one that didn’t draw any major headlines.

Yesterday Europol announced its latest efforts. With help from international law enforcement agencies, it seized 30,506 domain names. According to the organization, these domains distributed counterfeit and pirated items.

Among other things, the sites reportedly offered pirated movies, illegal television streaming, music, software, counterfeit pharmaceuticals and other illicit goods. In addition, officials also arrested three individuals while freezing more than €150,000 from various bank accounts and online payment providers.

While these numbers are impressive, today’s Operation In Our Sites doesn’t have the media impact it had in the early days. Of course, there are news outfits rehashing Europol’s press release, noting that thousands of pirate sites have been taken offline, but that’s about it.

What stands out most is that, in recent years, we haven’t been able to spot any pirate sites that were affected by such seizures. This, despite the fact that well over a million domains were seized.

There’s no separate breakdown for the number of pirate and counterfeit domains. We assume that the majority of the affected domain names were linked to counterfeiting instead of piracy, but still, both categories are mentioned.

The lack of visible impact stands in major contrast to the first year when only a few dozen domains were targeted. At the time, that lead to months of news coverage, lawsuits, and even questions from high profile politicians, including US Senator Ron Wyden.

TorrentFreak reached out to Europol to find out what the most recent piracy targets were, but at the time of writing, we have yet to hear back. It’s clear, however, that Operation In Our Sites hasn’t targeted any major pirate sites in recent years.

The big question is why. How does Europol pick its targets? And if it’s so easy to seize tens of thousands of domains, why do these major enforcement agencies only focus on smaller sites?

Update: The US IPR center again announced that over a million sites were seized this year. They do mention a few examples: Lostmoviesfound.com, Lostmoviefinder.com, SRScovers.com, Panamapharma.com and Istreamitall.com.

What’s not mentioned is that the Istreamitall.com domain was seized as part of an ongoing criminal case. The other pirate sites didn’t have any significant traffic.

The other ‘pirate’ sites, Lostmoviesfound.com and Lostmoviefinder.com, were also seized as part of a criminal lawsuit. These sites sold physical DVDs, some of which were allegedly copied without permission.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

08:42

Going The Distance By SeanKlad & Astrollie [Oh Joy Sex Toy]

Going The Distance By SeanKlad & Astrollie

A light update today, as Erika and I worked on the edits for our Random House book! It’s soooo close being wrapped up =D Today’s comic might be the last guest comic until Christmas when we take our much needed long vacation! I ran into Sean’s horny work on twitter through a retweet and instantly […]

06:21

Screen Safer – DORK TOWER 03.12.19 [Dork Tower]

Dork Tower is 100% reader supported.  Join the Army of Dorkness today, and help bring more Dork Tower to the world! By becoming a Dork Tower Patreon backer, you get John’s everlasting gratitude (and also swag, commentary, bonus strips, and more swag), but, critically, you’ll help us reach our next goal – three comics a week!

04:14

White nationalists who got a $2.5m payout from UNC abuse the DMCA to censor lawyer's trove of documents about it [Cory Doctorow – Boing Boing]

T. Greg Doucette is the North Carolina litigator who sleuthed out the incredible, bizarre details of the decision of the University of North Carolina's Republican-appointed governors to hand a group of white nationalists $2.5m to build a Confederacy museum.

Doucette visited the Orange County Courthouse and scanned 123 pages' worth of documents related to the "lawsuit" that resulted in the UNC payout, including a "victory statement" by Kevin Stone, who styles himself "commander" of the white nationalist group Sons of Confederate Veterans, who received the $2.5m windfall from the university.

But that victory statement is not available now, because Stone and the Sons of Confederate Veterans sent a DMCA notice to Dropbox, demanding that the document be removed on the grounds that it was a copyright violation, despite the document being part of a public court record.

Doucette sounds like he's ready to fight.

(I am a visiting professor of practice at UNC's School of Information and Library Science)

02:28

Link [Scripting News]

Suborning perjury is not just an issue for lawyers, Reporters have an obligation, if they know a subject is going to lie, to not put them on the air.

01:42

Enrico Zini: ssh setup [Planet Debian]

This is part of a series of post on the design and technical steps of creating Himblick, a digital signage box based on the Raspberry Pi 4.

Time to setup ssh. We want to have admin access to the pi user, and we'd like to have a broader access to a different, locked down user, to use to manage media on the boxes via sftp.

The first step is to mount the exFAT media partition into /srv/media:

---
 - name: "Install exfat drivers"
   apt:
      name: exfat-fuse,exfat-utils
      state: present
      update_cache: no

 - name: "Create /srv directory"
   file:
      path: "/srv"
      state: directory
      owner: root
      group: root
      mode: 0755

 - name: "Create /media mount point"
   file:
      path: "/srv/media"
      state: directory
      owner: pi
      group: pi
      mode: 0755

 - name: "Configure mounting media directory"
   copy:
      src: srv-media.mount
      dest: /etc/systemd/system/srv-media.mount
      owner: root
      group: root
      mode: 0644

Mounting exFAT before Linux kernel 5.4 requires FUSE. Using a mount unit allows us to bring up the mount after FUSE is up, and get it mounted at boot reliably.

We add a round of filesystem checking, too: if people plug the SD into a computer to load media into it, we can't be sure that they unmount it cleanly.

This is srv-media.mount; note that .mount unit names need to match the path of the mount point:

[Unit]
Description=Media Directory (/srv/media)
Before=local-fs.target
After=sys-fs-fuse-connections.mount

[Mount]
What=/dev/disk/by-label/media
Where=/srv/media
Type=exfat
Options=uid=0,gid=1001,fmask=117,dmask=007,rw,noatime,nosuid,nodev
ExecStartPre=-/sbin/fsck.exfat -a /dev/disk/by-label/media

[Install]
WantedBy=local-fs.target

gid 1001 is the media group id, shared by the pi user that runs the media player, and by the media user that does sftp. We make everything the media mount group-writable by the media user so both users can access it.

Next, we prepare a chroot jail for the media user. The root of the jail needs to be writable only by root, so we bind mount the media directory inside it:

 - name: "Create the chroot jail for media: /srv"
   file:
      path: "/srv"
      state: directory
      owner: root
      group: root
      mode: 0755

 - name: "Create the chroot jail for media: /srv/jail"
   file:
      path: "/srv/jail"
      state: directory
      owner: root
      group: root
      mode: 0755

 - name: "Create the chroot jail for media: /srv/jail/media"
   file:
      path: "/srv/jail/media"
      state: directory
      owner: root
      group: media
      mode: 0755

 - name: "Bind mount /srv/media under /srv/jail/media"
   copy:
      src: srv-jail-media.mount
      dest: /etc/systemd/system/srv-jail-media.mount
      owner: root
      group: root
      mode: 0644

This is the srv-jail-media.mount mount unit, neatly ordered to start after /srv/media is mounted:

[Unit]
Description=Media Directory in sftp jail (/srv/jail/media)
Before=local-fs.target
After=srv-media.target

[Mount]
What=/srv/media
Where=/srv/jail/media
Type=none
Options=bind

[Install]
WantedBy=local-fs.target

Finally, the ssh configuration:

---
 - name: "Disable ssh password authentication"
   lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '\bPasswordAuthentication\b'
      line: 'PasswordAuthentication no'

 - name: "Install ssh admin access key"
   authorized_key:
      user: pi
      state: present
      key: "{{SSH_AUTHORIZED_KEY}}"
   when: SSH_AUTHORIZED_KEY is defined

 - name: "Install ssh media access key"
   authorized_key:
      user: media
      state: present
      key: "{{SSH_MEDIA_PUBLIC_KEY}}"
   when: SSH_MEDIA_PUBLIC_KEY is defined

 - name: "Install media access key for the pi user"
   copy:
      dest: "/home/pi/.ssh/id_media"
      content: "{{SSH_MEDIA_PRIVATE_KEY}}"
      owner: pi
      group: pi
      mode: 0600
   when: SSH_MEDIA_PRIVATE_KEY is defined

 - name: "Configure internal sftp, so ssh does not need binaries inside the jail"
   lineinfile:
      path: /etc/ssh/sshd_config
      regexp: ".*Subsystem\\s+sftp"
      line: "Subsystem sftp internal-sftp"

 - name: "Configure sftp chroot jail for user media"
   blockinfile:
      path: /etc/ssh/sshd_config
      block: |
         Match User media
              ChrootDirectory /srv/jail
              AllowTcpForwarding no
              X11Forwarding no
              ForceCommand internal-sftp

Don't forget to enable the media units:

       # Enable the /srv/media mount point, which ansible, as we run it
       # now, is unable to do
       chroot.systemctl_enable("srv-media.mount")
       chroot.systemctl_enable("srv-jail-media.mount")

Link [Scripting News]

I live in a Hallmark greeting card.

00:56

The plain text project [OSnews]

Do you need big, feature-packed, and sometimes complex tool for your work, to stay organized, or keep track of your tasks? Maybe not. Maybe all you need is plain text. Yes, simple, old fashioned, unadorned, boring text. It sounds scary or alien, but it’s not. I use plain text for my notes and keeping track of my work orders. Entering deadlines and related information in calendar applications is a fiddly, time-consuming nightmare, and I find it much easier to just jot down the date, time, and related information in plain text, ordered by date and time.

00:28

Podcast: Party Discipline, a Walkaway story (Part 1) [Cory Doctorow – Boing Boing]

In my latest podcast (MP3), I've started a serial reading of my novella Party Discipline, which I wrote while on a 35-city, 45-day tour for my novel Walkaway in 2017; Party Discipline is a story set in the world of Walkaway, about two high-school seniors who conspire to throw a "Communist Party" at a sheet metal factory whose owners are shutting down and stealing their workers' final paychecks. These parties are both literally parties -- music, dancing, intoxicants -- and "Communist" in that the partygoers take over the means of production and start them up, giving away the products they create to the attendees. Walkaway opens with a Communist Party and I wanted to dig into what might go into pulling one of those off.

I don’t remember how we decided exactly to throw a Communist party. It had been a running joke all through senior year, whenever the obvious divisions between the semi-zottas and the rest of us came too close to the surface at Burbank High: “Have fun at Stanford, come drink with us at the Communist parties when you’re back on break.”

The semi-zottas were mostly white, with some Asians—not the brown kind—for spice. The non-zottas were brown and black, and we were on our way out. Out of Burbank High, out of Burbank, too. Our parents had lucked into lottery tickets, buying houses in Burbank back when they were only ridiculously expensive. Now they were crazy. We’d be the last generation of brown kids to go to Burbank High because the instant we graduated, our parents were going to sell and use the money to go somewhere cheaper, and the leftovers would let us all take a couple of mid-range MOOCs from a Big Ten university to round out our community college distance-ed degrees.

MP3

00:07

Party Discipline, a Walkaway story (Part 1) [Cory Doctorow's craphound.com]

In my latest podcast (MP3), I’ve started a serial reading of my novella Party Discipline, which I wrote while on a 35-city, 45-day tour for my novel Walkaway in 2017; Party Discipline is a story set in the world of Walkaway, about two high-school seniors who conspire to throw a “Communist Party” at a sheet metal factory whose owners are shutting down and stealing their workers’ final paychecks. These parties are both literally parties — music, dancing, intoxicants — and “Communist” in that the partygoers take over the means of production and start them up, giving away the products they create to the attendees. Walkaway opens with a Communist Party and I wanted to dig into what might go into pulling one of those off.

I don’t remember how we decided exactly to throw a Communist party. It had been a running joke all through senior year, whenever the obvious divisions between the semi-zottas and the rest of us came too close to the surface at Burbank High: “Have fun at Stanford, come drink with us at the Communist parties when you’re back on break.”

The semi-zottas were mostly white, with some Asians—not the brown kind—for spice. The non-zottas were brown and black, and we were on our way out. Out of Burbank High, out of Burbank, too. Our parents had lucked into lottery tickets, buying houses in Burbank back when they were only ridiculously expensive. Now they were crazy. We’d be the last generation of brown kids to go to Burbank High because the instant we graduated, our parents were going to sell and use the money to go somewhere cheaper, and the leftovers would let us all take a couple of mid-range MOOCs from a Big Ten university to round out our community college distance-ed degrees.

MP3

Monday, 02 December

23:21

The Qt Marketplace has landed [OSnews]

Qt Marketplace is an innovation platform for our community. It brings together Qt developers and designers looking for new ways to enhance their Qt design and development workflow, and developers and companies who have already implemented extensions to Qt and want to make them available for everyone in the whole Qt ecosystem. Either for free or for a price. In the initial release our theme is discoverability. To put this simple: We want the marketplace to become the #1 place for our community to find and share content for Qt. An app store for Qt developers, basically.

64 bits ought to be enough for anybody! [OSnews]

How quickly can we use brute force to guess a 64-bit number? The short answer is, it all depends on what resources are available. So we’re going to examine this problem starting with the most naive approach and then expand to other techniques involving parallelization. We’ll discuss parallelization at the CPU level with SIMD instructions, then via multiple cores, GPUs, and cloud computing. Along the way we’ll touch on a variety of topics about microprocessors and some interesting discoveries, e.g., adding more cores isn’t always an improvement, and not all cloud vCPUs are equivalent.

22:56

[$] 5.5 Merge window, part 1 [LWN.net]

The 5.5 merge window got underway immediately after the release of the 5.4 kernel on November 24. The first week has been quite busy despite the US Thanksgiving holiday landing in the middle of it. Read on for a summary of what the first 6,300 changesets brought for the next major kernel release.

22:35

Jelmer Vernooij: The Debian Janitor [Planet Debian]

There are a lot of small changes that can be made to the Debian archive to increase the overall quality. Many of these changes are small and have just minor benefits if they are applied to just a single package. Lintian encourages maintainers to fix these problems by pointing out the common ones.

Most of these issues are often trivially fixable; they are in general an inefficient use of human time, and it takes a lot of effort to keep up with. This is something that can clearly be automated.

Several tools (e.g. onovy's mass tool, and the lintian-brush tool that I've been working on) go a step further and (for a subset of the issues reported by lintian) fix the problems for you, where they can. Lintian-brush can currently fix most instances of close to 100 lintian tags.

Thanks to the Vcs-* fields set by many packages and the APIs provided by hosting platforms like Salsa, it is now possible to proactively attempt to fix these issues.

The Debian Janitor is a tool that will run lintian-brush across the entire archive, and propose fixes to lintian issues via pull request.

Objectives

The aim of Debian Janitor is to take some drudge work away from Debian maintainers where possible, so they can spend their time on more important packaging work. Its purpose is to make automated changes quick and easy to apply, with minimal overhead for package maintainers. It is essentially a bit of infrastructure to run lintian-brush across all of the archive.

The actions of the bot are restricted to a limited set of problems for which obviously correct actions can be taken. It is not meant to automate all packaging, or even to cover automating all instances of the issues it knows about.

The bot is designed to be conservative and delight with consistently correct fixes instead of proposing possibly incorrect fixes and hoping for the best. Considerable effort has been made to avoid the janitor creating pull requests with incorrect changes, as these take valuable time away from maintainers, the package doesn't actually improve (since the merge request is rejected) and it makes it likelier that future pull requests from the Debian Janitor bot are ignored or rejected.

In short: The janitor is meant to propose correct changes if it can, and back off otherwise.

Design

The Janitor finds package sources in version control systems from the Vcs*- control field in Debian source packages. If the packaging branch is hosted on a hosting platform that the Janitor has a presence on, it will attempt to run lintian-brush on the packaging branch and (if there are any changes made) build the package and propose a merge. It is based on silver-platter and currently has support for:

The Janitor is driven from the lintian and vcswatch tables in UDD. It queries for packages that are affected by any of the lintian tags that lintian-brush has a fixer script for. This way it can limit the number of repositories it has to process.

Ensuring quality

There are a couple of things I am doing to make sure that the Debian Janitor delights rather than annoys.

High quality changes

Lintian-brush has end-to-end tests for its fixers.

In order to make sure that merge requests are useful and high-value, the bot will only propose changes from lintian-brush that:

  • successfully build in a chroot and pass autopkgtest and piuparts;
  • are not completely trivial - e.g. only stripping whitespace

Changes for a package will also be reviewed by a human before they make it into a pull request.

One open pull request per package

If the bot created a pull request previously, it will attempt to update the current request by adding new commits (and updating the pull request description). It will remove and fix the branch when the pull request conflicts because of new upstream changes.

In other words, it will only create a single pull request per package and will attempt to keep that pull request up to date.

Gradual rollout

I'm slowly adding interested maintainers to receiving pull requests, before opening it up to the entire archive. This should help catch any widespread issues early.

Providing control

The bot will be upfront about its pull requests and try to avoid overwhelming maintainers with pull requests by:

  • Clearly identifying any merge requests it creates as being made by a bot. This should allow maintainers to prioritize contributions from humans.
  • Limiting the number of open proposals per maintainer. It starts by opening a single merge request and won't open additional merge requests until the first proposal has a response
  • Providing a way to opt out of future merge requests; just a reply on the merge request is sufficient.

Any comments on merge requests will also still be reviewed by a human.

Current state

Debian janitor is running, generating changes and already creating merge requests (albeit under close review). Some examples of merge requests it has created:

Using the janitor

The janitor can process any package that’s maintained in Git and has its Vcs-Git header set correctly (you can use vcswatch to check this).

If you're interested in receiving pull requests early, leave a comment below. Eventually, the janitor should get to all packages, though it may take a while with the current number of source packages in the archive.

By default, salsa does not send notifications when a new merge request for one of the repositories you're a maintainer for is created. Make sure you have notifications enabled in your Salsa profile, by ticking "New Merge Requests" for the packages you care about.

You can also see the number of open merge requests for a package repository on QA - it's the ! followed by a number in the pull request column.

It is also possible to download the diff for a particular package (if it's been generated) ahead of the janitor publishing it:

$ curl https://janitor.debian.net/api/lintian-fixes/pkg/PACKAGE/diff

E.g. for i3-wm, look at https://janitor.debian.net/api/lintian-fixes/pkg/i3-wm/diff.

Future Plans

The current set of supported hosting platforms covers the bulk of packages in Debian that is maintained in a VCS. The only other 100+ package platform that's unsupported is dgit. If you have suggestions on how best to submit git changes to dgit repositories (BTS bugs with patches? or would that be too much overhead?), let me know.

The next platform that is currently missing is bitbucket, but there are only about 15 packages in unstable hosted there.

At the moment, lintian-brush can fix close to 100 lintian tags. It would be great to add fixers for more common issues.

The janitor should probably be more tightly integrated with other pieces of Debian infrastructure, e.g. Jenkins for running jobs or linked to from the tracker or lintian.debian.org.

More information

See the FAQ on the homepage.

If you have any concerns about these roll-out plans, have other ideas or questions, please let me know in the comments.

21:49

Cox Can Use ‘Copyright Alert System’ Evidence in Piracy Case, Court Rules [TorrentFreak]

The so-called ‘Six-Strikes’ Copyright Alert System was once praised as an excellent tool to address online piracy.

Under the agreement, which included the major rightsholder groups MPA and RIAA, several large Internet providers in the US sent copyright infringement warnings to pirating customers.

After repeated alerts, these subscribers would face a variety of ‘mitigation’ measures but their accounts would not be terminated. Although rightsholders and ISPs appeared happy with the deal, it was shut down nearly three years ago.

Instead of cooperating with ISPs, several RIAA members then took another approach by filing lawsuits against Internet providers for not doing enough to curb piracy. This also happened to Cox, which was sued for failing to disconnect repeat infringers.

The lawsuit between several music companies and Cox is scheduled to go to trial later this month. Interestingly, the ISP is now planning to use the aforementioned Copyright Alert System (CAS) as evidence in its favor.

Cox was asked to participate in the voluntary anti-piracy scheme years ago but chose not to do so. According to the company, its own “strike” policy was already functioning well and perhaps even better than the industry-approved alternative.

This line of reasoning is also relevant for the ongoing legal dispute, Cox believes. The RIAA members disagreed and previously asked the court to exclude it from the trial. However, according to a recent ruling from Judge Liam O’Grady, the ISP is permitted to use it in its favor.

“Defendants are permitted to put on evidence about the Copyright Alert System as well as its own graduated response system, the Cox Abuse Ticket System,” O’Grady writes.

In addition, Cox is also allowed to present evidence about the policies at other ISPs, as identified in related reports, as long as it is relevant to the case.

This is a clear setback for the music labels which argued that the policies and actions of other ISPs and the CAS are irrelevant. It doesn’t matter whether Cox’s own anti-piracy system was reasonable or effective in comparison with other providers, they said.

The court disagreed, however, but it also brought some bad news for Cox.

The ISP planned to cite internal research to suggest that 96% of subscribers stopped receiving notices after the 5th warning. This was concluded in 2010 and resulted in the ISP’s belief that its “graduated response” system was effective.

According to the music companies these conclusions, of which the underlying data is no longer available, were based on a “mess of misleading calculations.” As such, they wanted it excluded from the trial.

Judge O’Grady agreed with the music companies. After reviewing the arguments from both sides, he concludes that there is no adequate foundation for the information presented in the “96% Stop By 5 Notices” evidence.

“Defendants have had ample time to produce such a foundation, and failed to do so. Discrepancies in numbers and figures as detailed in Plaintiffs’ briefs raise an alarming number of questions that demand the underlying data be produced, not just the emails Defendants offer in support,” O’Grady writes.

With these and various other motions dealt with, the trial will soon get underway. While some boundaries have been set, there is still plenty left to argue over.

A copy of U.S. District Court Judge Liam O’Grady’s order is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

20:35

Wimpie Nortje: HTTP Routing libraries for Hunchentoot [Planet Lisp]

Hunchentoot is a web server and not a heavy weight web development framework. It provides methods to implement URL paths for static files, directory paths and with regex's, very much like the mainstream web servers. It does not provide an easy way to define routes for a REST API. When you use Hunchentoot without a web development framework you will probably want something to make route definition easier.

There are a few options for building REST APIs available in frameworks, Hunchentoot derivatives or other web servers but I wanted to implement REST routes with the original Hunchentoot web server. I found three libraries that can do this: simple-routes, Froute and easy-routes.

Simple-routes is the simplest and easiest to use. Routes are defined in a list similar to Hunchentoot's *dispatch-table*. It supports variables in the URL segments but there is no support for middleware1 type functionality.

Froute is the most powerful of the three. It is based on CLOS and is designed so it can be used with any web server although only a Hunchentoot connector is currently implemented. Routes are defined as CLOS classes and even though middleware is not a specific feature the documentation gives an example on how to use class inheritance to implement such functionality. The power of being CLOS based also makes this library the most complex to use.

Easy-routes has the concept of decorators which are functions that execute before the route body so it can be used to implement middleware functionality. Unlike Clack's middleware which are defined at a central place for all routes, decorators need to be applied to each route handler individually. It's not quite there, but close enough.

The lack of middleware options disqualified simple-routes for me and Froute looked like it provides everything I need, and more, but with much greater complexity than easy-routes. I decided to use easy-routes with the option to switch to Froute when I needed the extra capability.

Hunchentoot takes an "acceptor" argument at startup. Easy-routes provides two options: easy-routes-acceptor and routes-acceptor. Easy-routes-acceptor first executes all the route handlers and if no suitable handler is found it executes the normal Hunchentoot request handlers. The routes-acceptor executes only the route handlers and returns an 404 NOT FOUND error if no suitable handler is found.

I use routes-acceptor because it ensures that only requests with explicitly defined handlers are handled. With the easy-routes-acceptor it is too easy to create a security hole with some default Hunchentoot request handler that catches non-existent routes. It can be burdensome to use this approach for handling static files but I run Hunchentoot behind Nginx which also handles the static files.

The table summarises the main features I investigated:

  simple-routes easy-routes Froute
Web server Hunchentoot Hunchentoot Hunchentoot (can be expanded to others)
REST routes Yes Yes Yes
Argument extraction from URL Yes Yes Yes
Dispatch based on HTTP method Yes Yes Yes
Middleware No Decorators CLOS inheritance
Fallback for undefined routes Hunchentoot easy-handler framework None or Hunchentoot easy-handler framework None
Learning curve Negligible Minimal Medium. Requires some CLOS knowledge.
  1. Middleware are functions that run before or after the main request handler. They are called as part of the request handling process and not by the handler. This makes them ideal to handle general functions like setting up a database connection, performing authorisation or any task which is not part of a particular request handler.

19:56

Behind the One-Way Mirror: EFF's "deep dive into corporate surveillance" [Cory Doctorow – Boing Boing]

EFF's Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance is a long, comprehensive look at corporate tracking, particularly invisible, third-party tracking, as with ad-networks, license-plate readers and facial recognition.

The paper covers different types of identifiers (cookies, fingerprinting, ad IDs on mobile devices), and how ad-tech companies link these; then it shows how these identifiers are used in real-time tracking (in websites, apps, the physical world), and how it's used to build and reinforce corporate power.

The article then explores how data brokers and ad-targeting work together, who they sell to, and how their services work.

Finally, the article delves into different forms of self-defense, from ad- and tracker-blockers to legislative efforts you can support.

First, dominant companies like Google and Facebook can pressure publishers into installing their tracking code. Publishers rely on the world’s biggest social network and the world’s biggest search engine to drive traffic to their own sites. As a result, most publishers need to advertise on those platforms. And in order to track how effective their ads are, they have no choice but to install Google and Facebook’s conversion measurement code on their sites and apps. Google, Facebook, and Amazon also act as third-party ad networks, together controlling over two-thirds of the market. That means publishers who want to monetize their content have a hard time avoiding the big platforms’ ad tracking code.

Second, vertically integrated tech companies can gain control of both sides of the tracking market. Google administers the largest behavioral advertising system in the world, which it powers by collecting data from its Android phones and Chrome browser—the most popular mobile operating system and most popular web browser in the world. Compared to its peer operating systems and browsers, Google’s user software makes it easier for its trackers to collect data.

When the designers of the Web first described browsers, they called them “user agents:” pieces of software that would act on their users’ behalf on the Internet. But when a browser maker is also a company whose main source of revenue is behavioral advertising, the company’s interest in user privacy and control is pitted against the company’s interest in tracking. The company’s bottom line usually comes out on top.

Third, data can be used to profile not just people, but also competitor companies. The biggest data collectors don’t just know how we act, they also know more about the market—and their competitors—than anyone else. Google’s tracking tools monitor over 80% of traffic on the Web, which means it often knows as much about it’s competitors’ traffic as its competitors do (or more). Facebook (via third-party ads, analytics, conversion pixels, social widgets, and formerly its VPN app Onavo) also monitors the use and growth of websites, apps, and publishers large and small. Amazon already hosts a massive portion of the Internet in its Amazon Web Services computing cloud, and it is starting to build its own formidable third-party ad network. These giants use this information to identify nascent competitors, and then buy them out or clone their products before they become significant threats. According to confidential internal documents, Facebook used data about users’ app habits from Onavo, its VPN, to inform its acquisition of WhatsApp.

Fourth, as tech giants concentrate tracking power into their own hands, they can use access to data as an anticompetitive cudgel. Facebook was well aware that access to its APIs (and the detailed private data that entailed) were invaluable to other social companies. It has a documented history of granting or withholding access to user data in order to undermine its competition.

Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance [Bennett Cyphers and Gennie Gebhart/EFF]

19:35

News Post: Skillusory [Penny Arcade]

Tycho: Being a parent is always fraught.  There’s always been a profundity of horseshit associated with the practice, but you can’t forget in the prosecution of these duties that being terraformed by hormones is a lot to handle too.  So while they’re being remade at the molecular level and you’re trying to explain to your son on the spectrum that, uh, yeah, basically all people lie fucking 24/7, you have to seek out, identify, and protect the moments where you can see each other clearly.  And also you have to lie 24/7. When I identified that the new followers…

19:14

The Humble Book Bundle: Data Science by No Starch Press [Humble Bundle Blog]

Problem-solve with data science in our newest tech book bundle from No Starch Press! Get ebooks like Statistics Done Wrong:

Continue reading

The post The Humble Book Bundle: Data Science by No Starch Press appeared first on Humble Bundle Blog.

92-year-old's memoir tells the forgotten story of a German official who sabotaged Nazi deportations and saved more Jews than Schindler [Cory Doctorow – Boing Boing]

Hans Calmeyer was a left-wing German lawyer -- his law license was temporarily suspended when he was accused of being a Communist -- who was inducted into the German army under the Nazis, who put him in charge of an office that determined which Dutch people would be deported to Auschwitz during the Nazi occupation.

Calmeyer used his position to sabotage Nazi deportations, accepting obviously forged documents that proved that Dutch Jews had non-Jewish grandparents, and slow-walking document processing to keep Jews from being deported. He is estimated to have saved 4,000 Jews from the camps (he was imprisoned as a war-criminal after the war, but released when his actions came to light; he later worked on reparations claims by victims of the Nazis).

One of the people whom Calmeyer saved is Laureen Nussbaum, who married her boyfriend -- another Jew who went into hiding during the occupation -- and moved to the USA after the war, where she became a German language professor at Portland State University.

Nussbaum is now 92 and retired, and has just published Shedding Our Stars, a memoir that weaves her life-story in with Calmeyer's and that of other survivors (Ursula K LeGuin helped advise her on how to frame the story).

Calmeyer's story has been lightly recounted in German and Dutch literature, but Nussbaum's piece marks the first English book on the subject. Nussbaum says it took her so long to write in part because so many of her friends discouraged her from talking about her experiences during the Holocaust.

Nussbaum was also a prime mover behind the publication of Anne Frank's lost novel, "Dear Kitty," which was published in Germany, Austria and Switzerland this year after 25 years of Nussbaum's advocacy (thanks to baroque copyright struggles between different institutions claiming to represent Anne Frank's legacy, the book won't be translated into English or distributed in the USA until 2047).

Today, Nussbaum says she fears the rise of antisemitism in the USA, saying that the situation under Trump and his white nationalist supporters has "parallels that are very, very scary."

Thousands petitioned his office for reclassification. Calmeyer, in the name of thorough research, dragged the decision-making process out as long as possible, delaying deportation to concentration camps. In a majority of cases on what became known as the Calmeyer list, people never went to the camps because his office ultimately decided they were not Jewish, despite documentation sometimes patently false.

The bureaucrat confided at the time to a friend he was trying to prevent more people from being sent to the camps and wrote in a statement after the war that he willfully sabotaged laws he took to be immoral.

And so he accepted a concocted story by Nussbaum’s family about her mother having a Christian father. The man identified was really her mom’s foster father for a time, the real father being Jewish. Because Nussbaum’s maternal grandmother was Catholic — a singer who toured all over Europe and didn’t marry her Jewish lover until 20 years after their child was born — the author’s mother was, officially, no longer considered Jewish. Nussbaum and her siblings were regarded as having mixed blood and her father part of a “privileged mixed marriage.”

Seattleite, 92, finally tells story of German who saved more Jews during the Holocaust than Schindler [Nina Shapiro/Washington Post]

(via Naked Capitalism)

A former pharma rep explains how the industry pushes doctors to overprescribe [Cory Doctorow – Boing Boing]

The pharma industry spends $2 on marketing for every $1 it spends on R&D: Shahram Ahari was a rep for Eli Lilly, so he knows how the money was spent: in a tell-all op-ed in the Washington Post, Ahari describes how he lavished spending over doctors, everything from dinners at "so many fancy Manhattan restaurants that the maitre d’s greeted me by name" to free ballgames and Broadway musical tickets to offering hundreds of thousands of dollars in speaking fees to top prescribers.

What's more, Ahari was able to access expensively assembled prescribing data -- purchased from pharmacies across the country -- to both identify doctors with a lot of chronic pain patients (or those who were "freer with their prescription pads") and to give him ammo for "guilt tripping" doctors who had taken freebies from him but hadn't rewarded him by writing a ton of prescriptions for his employers' drugs.

In the years since Ahari left the industry (he's an MD now), it has adopted modest restrictions on how its reps deal with doctors, but as Ahari points out, any amount of freebies (or even plain sales calls) leads to increased prescribing. In part, that's down to the powerful arsenal of manipulation techniques that the salesforce is schooled in, including flat-out lying about the research on their products' efficacy and safety (this was endemic among opioid marketers like the Sackler family's Purdue Pharma, makers of Oxycontin).

An unspoken bedrock principle guided my actions when I was in the pharmaceutical industry: It was not enough to grow our market share — we had to grow the market, too. This dynamic played out during the early 2000s, when the American Pain Society and the Joint Commission started calling pain the “fifth vital sign.” Such organizations, whose boards included doctors who received consulting fees and honoraria from opioid-makers, circulated teaching materials designed by drug companies. Medical students and doctors didn’t just learn how to assess and pay attention to patients’ pain — they also internalized the idea that prescribing opioids was a professional, even an ethical, obligation. Exaggerating the clinical significance of pain drastically expanded the market for opioids, bringing them to populations with a high risk for addiction, like adolescents. From 2005 to 2015, nearly 15 percent of teens and young adults who went to the emergency room received an opioid prescription, according to a study in the journal Pediatrics. The prescribing rate was 38 percent for ankle fractures; for dental issues, the rate was 60 percent.

Physicians and sales reps are locked in a double delusion. When I was a drug rep, I really believed my pitch for our products — and I believed that by exerting influence over doctors, I helped patients access medicine they needed. As a doctor, I now have colleagues — colleagues with sharp, clinically trained minds and only the best of intentions — who think they write prescriptions on a wholly rational basis.

They don’t know what I know: that people are paid six figures and armed with fat expense accounts to make them feel confident that they’re acting without bias. In the case of opioids, this delusion has exacted a terrible human cost.

Perspective | I was a drug rep. I know how pharma companies pushed opioids. [Shahram Ahari/Washington Post]

(via Naked Capitalism)

18:49

Link [Scripting News]

Tooting my own horn a bit: John Naughton calls me a genius in this Guardian piece. I'll take it, to balance all the other things people have called me. 💥

Link [Scripting News]

When did it become even thinkable that a president would publicly fake an orgasm to humiliate a woman who works at the FBI, for him. This is the moment for our Republican friends, if we have any left, to wake the fuck up and realize what you're endorsing.

Feeds

FeedRSSLast fetchedNext fetched after
XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
a bag of four grapes XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
A Smart Bear: Startups and Marketing for Geeks XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
Anarcho's blog XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
Ansible XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
Bad Science XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
Black Doggerel XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
Blog – Official site of Stephen Fry XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
Broodhollow XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
Charlie Brooker | The Guardian XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
Charlie's Diary XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
Chasing the Sunset - Comics Only XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
Clay Shirky XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
Coding Horror XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
Cory Doctorow – Boing Boing XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
Cory Doctorow's craphound.com XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
Ctrl+Alt+Del Comic XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
Cyberunions XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
David Mitchell | The Guardian XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
Debian GNU/Linux System Administration Resources XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
Deeplinks XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
Diesel Sweeties webcomic by rstevens XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
Dilbert XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
Dork Tower XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
Edmund Finney's Quest to Find the Meaning of Life XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
Eerie Cuties XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
EFF Action Center XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
Enspiral Tales - Medium XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
Erin Dies Alone XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
Events XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
Falkvinge on Liberty XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
Flipside XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
Free software jobs XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
Full Frontal Nerdity by Aaron Williams XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
General Protection Fault: The Comic Strip XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
George Monbiot XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
Girl Genius XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
God Hates Astronauts XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
Graeme Smith XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
Groklaw XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
Hackney Anarchist Group XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
http://eng.anarchoblogs.org/feed/atom/ XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
http://feed43.com/3874015735218037.xml XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
http://feeds2.feedburner.com/GeekEtiquette?format=xml XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
http://fulltextrssfeed.com/feeds2.feedburner.com/uclick/doonesbury?format=xml XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
http://london.indymedia.org/articles.rss XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
http://the-programmers-stone.com/feed/ XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
http://thecommune.co.uk/feed/ XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
http://ubuntuweblogs.org/atom.xml XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
http://www.baen.com/baenebooks XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
http://www.dcscience.net/feed/medium.co XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
http://www.freedompress.org.uk/news/feed/ XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
http://www.goblinscomic.com/category/comics/feed/ XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
http://www.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
http://www.steampunkmagazine.com/inside/feed/ XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
http://www.tinycat.co.uk/feed/ XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
https://hackbloc.org/rss.xml XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
https://kajafoglio.livejournal.com/data/atom/ XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
https://philfoglio.livejournal.com/data/atom/ XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
https://studiofoglio.livejournal.com/data/atom/ XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
https://twitter.com/statuses/user_timeline/22724360.rss XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
https://web.randi.org/?format=feed&type=rss XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
https://www.hackneysolidarity.info/rss.xml XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
https://www.patreon.com/graveyardgreg/posts/comic.rss XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
Humble Bundle Blog XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
I, Cringely XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
Irregular Webcomic! XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
Joel on Software XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
Judith Proctor's Journal XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
Krebs on Security XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
Kubet24h XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
Lambda the Ultimate - Programming Languages Weblog XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
LLVM Project Blog XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
Looking For Group XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
Loomio Blog XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
LWN.net XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
Menage a 3 XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
Mimi and Eunice XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
Neil Gaiman's Journal XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
Nina Paley XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
O Abnormal – Scifi/Fantasy Artist XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
Oglaf! -- Comics. Often dirty. XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
Oh Joy Sex Toy XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
Order of the Stick XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
Original Fiction – Tor.com XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
OSnews XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
Paul Graham: Unofficial RSS Feed XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
Penny Arcade XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
Penny Red XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
PHD Comics XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
Phil's blog XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
Planet Debian XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
Planet GridPP XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
Planet Lisp XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
Property is Theft! XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
PS238 by Aaron Williams XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
QC RSS XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
Radar XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
RevK®'s rants XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
Richard Stallman's Political Notes XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
Scenes From A Multiverse XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
Schneier on Security XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
SCHNEWS.ORG.UK XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
Scripting News XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
Seth's Blog XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
Skin Horse XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
Starslip by Kris Straub XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
Tales From the Riverbank XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
The Adventures of Dr. McNinja XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
The Bumpycat sat on the mat XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
The Command Line XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
The Daily WTF XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
The Monochrome Mob XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
The Non-Adventures of Wonderella XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
The Old New Thing XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
The Open Source Grid Engine Blog XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
The Phoenix Requiem XML 16:35, Thursday, 05 December 17:15, Thursday, 05 December
The Rogues Gallery XML 16:21, Thursday, 05 December 17:09, Thursday, 05 December
The Stranger, Seattle's Only Newspaper: Savage Love XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
TorrentFreak XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
towerhamletsalarm XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
Twokinds XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
UK Indymedia Features XML 16:28, Thursday, 05 December 17:10, Thursday, 05 December
Uploads from ne11y XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
Uploads from piasladic XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December
Use Sword on Monster XML 16:21, Thursday, 05 December 17:08, Thursday, 05 December
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 16:49, Thursday, 05 December 17:35, Thursday, 05 December
What If? XML 16:14, Thursday, 05 December 16:55, Thursday, 05 December
Whatever XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
Whitechapel Anarchist Group XML 16:21, Thursday, 05 December 17:10, Thursday, 05 December
WIL WHEATON dot NET XML 16:42, Thursday, 05 December 17:26, Thursday, 05 December
wish XML 16:42, Thursday, 05 December 17:27, Thursday, 05 December
xkcd.com XML 16:42, Thursday, 05 December 17:25, Thursday, 05 December