Tuesday, 07 July


Eleanor Powell [Judith Proctor's Journal]

 I only came across Eleanor Powell recently while I was looking for old Fred Astaire movies.

By Lord, that woman could dance.

Look at this scene here - you have to wait for her to appear, but it's worth it!

comment count unavailable comments


Something Wicked This Way Comes [George Monbiot]

Are Trump and Johnson paving the way for fascism, or for something different, but just as bad?

By George Monbiot, published in the Guardian 3rd July 2020

The anger that should be directed at billionaires is instead directed by them. Facing inequality and exclusion, poor wages and insecure jobs, people are persuaded by the newspapers billionaires own and the parties they fund to unleash their fury on immigrants, Muslims, the EU and other “alien” forces.

From the White House, his Manhattan tower and his Florida resort, Donald Trump tweets furiously against “elites”. Dominic Cummings hones the same message as he moves between his mansion in Islington, with its library and tapestry room and his family estate in Durham. Clearly, they don’t mean political or economic elites. They mean intellectuals: the students, teachers, professors and independent thinkers who oppose their policies. Anti-intellectualism is a resurgent force in politics.

Privileged grievance spills from the pages of the newspapers. Opinion writers for the Telegraph and the Spectator insist they are oppressed by a woke mafia, by the rise of Black Lives Matter and other cultural shifts. From their national newspaper columns and slots on the Today programme, they thunder that they have been silenced. The president of the United States portrays himself as a martyred hero, the victim of oppressive liberalism. This politics of resentment is taken up by the footsoldiers of the nascent far right on both sides of the Atlantic.

Myths of national greatness and decline abound. Make America Great Again and Take Back Control propose a glorious homecoming to an imagined golden age. Conservatives and Republicans invoke a rich mythology of family life and patriarchal values. Large numbers of people in the United Kingdom regret the loss of empire.

Extravagant buffoons, building their power base through the visual media, displace the wooden technocrats who once dominated political life. Debate gives way to symbols, slogans and sensation. Political parties that once tolerated a degree of pluralism succumb to cults of personality.

Politicians and political advisers behave with impunity. During the impeachment hearings, Donald Trump’s lawyer argued, in effect, that the president is the nation, and his interests are inseparable from the national interest. Dominic Cummings gets away with blatant breaches of the lockdown. Robert Jenrick, the housing secretary, with his attempted special deal for a property developer who then gave money to the Conservative Party. With every unpunished outrage against integrity in public life, trust in the system corrodes. The ideal of democracy as a shared civic project gives way to a politics of dominance and submission.

Political structures still stand, but they are hollowed out, as power migrates into unaccountable, undemocratic spheres: Conservative fundraising dinners, US political action committees, offshore trade tribunals, tax havens and secrecy regimes. The bodies supposed to hold power to account, such as the Electoral Commission and the BBC, are attacked, disciplined and cowed. Politicians and newspapers launch lurid attacks against Parliament, the judiciary and the civil service.

Political lying becomes so rife that voters lose the ability to distinguish fact from fiction. Conspiracy theories proliferate, distracting attention from the real ways in which our rights and freedoms are eroded. Politicians create chaos, such as Trump’s government shutdowns and the no-deal Brexit Boris Johnson seems to be engineering, then position themselves as our saviours in troubled times.

Donald Trump shamelessly endorses nativism and white supremacy. Powerful politicians, like the congressman Steve King, talk of defending “western civilisation” against “subjugation” by its “enemies”. Minorities are disenfranchised. Immigrants are herded into detention centres.

Do these circumstances sound familiar? Do they pluck a deep, resonant chord of apprehension? They should. All these phenomena were preconditions for – or facilitators of – the rise of European fascism during the first half of the 20th Century. I find myself asking a question I thought we would never have to ask again. Is the resurgence of fascism a real prospect, on either side of the Atlantic?

Fascism is a slippery, protean thing. As an ideology, it’s almost impossible to pin down: it has always been opportunistic and confused. It is easier to define as a political method. While its stated aims may vary wildly, the means by which it has sought to grab and build power are broadly consistent. But I think it’s fair to say that though the new politics have some strong similarities to fascism, they are not the same thing. They will develop in different ways and go by different names.

Trump’s politics and Johnson’s have some characteristics that were peculiar to fascism, such as their constant excitation and mobilisation of their base through polarisation, their culture wars, their promiscuous lying, their fabrication of enemies and their rhetoric of betrayal. But there are crucial differences. Far from valorising and courting young people, they appeal mostly to older voters. Neither relies on paramilitary terror, though Trump now tweets support for armed activists occupying state buildings and threatening peaceful protesters. It is not hard to see some American militias mutating into paramilitary enforcers if he wins a second term, or, for that matter, if he loses. Fortunately, we can see no such thing developing in the UK. Neither government seems interested in using warfare as a political tool.

Trump and Johnson preach scarcely-regulated individualism: almost the opposite of the fascist doctrine of total subordination to the state. (Though in reality, both have sought to curtail the freedoms of outgroups). Last century’s fascism thrived on economic collapse and mass unemployment. We are nowhere near the conditions of the Great Depression, though both countries now face a major slump in which millions could lose their jobs and homes.

Not all the differences are reassuring. Micro-targeting on social media, peer-to-peer texting and now the possibility of deepfake videos allow today’s politicians to confuse and misdirect people, to bombard us with lies and conspiracy theories, to destroy trust and create alternative realities more quickly and effectively than any tools 20th-century dictators had at their disposal. In the EU referendum campaign, in the 2016 US election and in the campaign that brought Jair Bolsonaro to power in Brazil, we see the roots of a new form of political indoctrination and authoritarianism, without clear precedents.

It is hard to predict how this might evolve. It’s unlikely to lead to thousands of helmeted stormtroopers assembling in public squares, not least because the new technologies render such crude methods unnecessary in gaining social control. As Trump seeks re-election, and Johnson prepares us for a likely no deal, we can expect them to use these tools in ways that Hitler and Mussolini could only have dreamt of. Their manipulations will expose long-standing failures in our political systems, that successive governments have done nothing to address.

Though it has characteristics in common, this isn’t fascism. It is something else, something we have not yet named. But we should fear it and resist it as if it were.



Bowed But Unbroken [QC RSS]

the indefatigable basilisk

Monday, 06 July


The Document Foundation clarifies “Personal Edition” label for LibreOffice 7.0 [OSnews]

Due to draft and development work in the area of branding and product naming, some speculation, in particular related to the “Personal Edition” tag shown in a LibreOffice 7.0 RC (Release Candidate), has started on several communication channels. So let us, as The Document Foundation’s Board of Directors, please provide further clarifications:

1. None of the changes being evaluated will affect the license, the availability, the permitted uses and/or the functionality. LibreOffice will always be free software and nothing is changing for end users, developers and Community members.

Basically, The Document Foundation intends to offer – through partners – professional paid-for support for LibreOffice to enterprise customers, and hence the tentative name to differentiate the LibreOffice we all know from the supported one.

Booting a 486 from floppy with the most up-to-date stable Linux kernel [OSnews]

Since I wanted to see how Linux would detect the drive that meant I needed to find a way to boot Linux. After a bit of googling I discovered the make tinyconfig option which makes a very small (but useless) kernel, small enough to fit on a floppy. I enabled a couple of other options, found a small enough initramfs, and was able to get it to boot on the 486. And as expected Linux has no problem with seeing that the drive is connected and the drive’s full capacity.

Next step is to actually get Linux installed to the hard drive. I’d rather not roll my own distro but maybe I’ll have to. Another possibility is to boot Linux from floppy and then download a kernel and initrd from a current distro and kexec over to it. But that feels to me like reinventing iPXE.

That’s version 5.8 of the Linux kernel running on a 486. I shouldn’t be surprised that this is possible, yet I’m still surprised this is possible.


Page 28 [Flipside]

Page 28 is done.


Alexander Artemenko: path-parse [Planet Lisp]

This is a small utility library by Fernando Borretti. The only function it has is PATH variable parsing. But it does it really well.

Path-parse works on Windows and Unix (OSX):

POFTHEDAY> (path-parse:path)


That is it for today. Tomorrow I'll try to find something more interesting!


Full Employment [Cory Doctorow's craphound.com]

My latest Locus column is “Full Employment,” in which I forswear “Fully Automated Luxury Communism” as totally incompatible with the climate emergency, which will consume 100%+ of all human labor for centuries to come.


This fact is true irrespective of any breakthroughs in AI OR geoengineering. Technological unemployment is vastly oversold and overstated (for example, that whole thing about truck drivers is bullshit).


But even if we do manage to automate away all of jobs, the climate emergency demands unimaginably labor intensive tasks for hundreds of years – jobs like relocating every coastal city inland, or caring for hundreds of millions of refugees.

Add to those: averting the exinctions of thousands of species, managing wave upon wave of zoonotic and insect-borne plagues, dealing with wildfires and tornados, etc.

And geoengineering won’t solve this: we’ve sunk a lot of heat into the oceans. It’s gonna warm them up. That’s gonna change the climate. It’s not gonna be good. Heading this off doesn’t just involve repealing thermodynamics – it also requires a time-machine.

But none of this stuff is insurmountable – it’s just hard. We CAN do this stuff. If you were wringing your hands about unemployed truckers, good news! They’ve all got jobs moving thousands of cities inland!

It’s just (just!) a matter of reorienting our economy around preserving our planet and our species.

And yeah, that’s hard, too – but if “the economy” can’t be oriented to preserving our species, we need a different economy.



Link [Scripting News]

One thing people don’t get is the rate of death in the US is about to increase, radically. There is no living with this, we have to fight it. That our government is okay with such a massive rate of death is a problem, but even worse is the people seem okay with it.


Dragon Con Going Virtual in 2020 [Whatever]

You can click on that tweet for more information, but the gist of it is this: 2020 is a bad year for live events, and Dragon Con is no exception to that. Instead of in-person events this year will be an online experience, with the live event moved forward to 2021.

As the 2020 Literary Guest of Honor for Dragon Con, I fully support this decision on the part of the convention. As much as I would have loved to see everyone in Atlanta this year, it’s just not feasible or practicable.

Dragon Con will be updating with more information about their 2020 online plans soon, and when they do, I will let you know here as well. Until then, be safe, wear your masks, and take care of each other.


Become a Data Science Wizard 🧙 [Humble Bundle Blog]

Learn data science essentials with this bundle of ebooks by Taylor & Francis! This bundle launched Monday, July 6, 2020,

Continue reading

The post Become a Data Science Wizard 🧙 appeared first on Humble Bundle Blog.


Link [Scripting News]

Some of the silos being created today are thin. Not a whole lot of tech keeping the users locked in. However the fact that their content is immovable is what keeps them dependent on the platform.

News Post: And/Or Furious [Penny Arcade]

Tycho: Even to newly hatched larva still trailing the strips of their casing, “Formula 1” is probably an understood term.  It truns out there’s a bunch of Formulas, though, and in aggregate they create the fraught competitive pathway to the apex of the sport.  Then there’s Formula E, which…  I mean, it might be best to watch Hulu’s “And We Go Green.” Formula E is just incredibly wacky by comparison, very Designed and Game-Like.  You could, like… goose drivers’ cars through social media?  There’s essentially a…


[$] Home Assistant improves performance in 0.112 release [LWN.net]

The Home Assistant project has released version 0.112 of the open-source home automation hub we have previously covered, which is the eighth release of the project this year. While previous releases have largely focused on new integrations and enhancements to the front-end interface, in this release the focus has shifted more toward improving the performance of the database. It is important to be aware that there are significant database changes and multiple potential backward compatibility breaks to understand before attempting an upgrade to take advantage of the improvements.

Outlawing words of protest [Richard Stallman's Political Notes]

*Hongkongers face a Kafkaesque reality as censors outlaw the words of protest.*

Some are protesting with blank signs. Some tried the word "Conscience" and were arrested for that. Hong Kongers are deleting their files, wiping out parts of their lives, fearing they will be prosecuted for that.

The one possible good side of this is that the world will see how evil China is. It will be hard for people, in any country, to convince themselves that getting close to China is safe.

China will seek to use overseas Hong Kongers as hostages, hoping that we will tone down our condemnation lest it give China the idea of punishing them. To do that would mean becoming agents of China. We must tell Hong Kongers that they should stay away from our discussions rather than ask us to censor them for China.

People discussing Hong Kong will have to watch out for Chinese agents of disinformation, provocation, or pleading, some of whom may be Hong Kongers who have cracked.

Academics have the duty to refuse to censor their judgment of Chinese tyranny in order to be able to visit Hong Kong or China again.

With all the injustices that the US has done, it is far less evil than China. We have to steer between two facile errors: (1) equating the US with China, and (2) excusing the wrongs of the US because it is not as bad as China.

Facebook is out of control [Richard Stallman's Political Notes]

*Facebook is out of control. If it were a country it would be North Korea.* One man decides whether to allow it to wreak havoc on any particular target.

People say they need to try to use Facebook to persuade people of something-or-other. But even if something-or-other is a good thing, Facebook is a much bigger bad thing. Because if you think you are using Facebook, really Facebook is using you.

So don't be a zucker! And don't encourage anyone else to be a zucker.

For Facebook to cease to mistreat its useds would require big changes. But ceasing to promote hate, lies and violence (above love, truth and peace) requires only changing the propagation system to reduce the R value that polarizing statements tend to get on Facebook. Censorship, as such, is not necessary.

Fight against war crimes [Richard Stallman's Political Notes]

*Srebrenica 25 years on: how the world lost its appetite to fight war crimes.*

Since Dubya, the US has become responsible for atrocities around the world — and has constantly fought the ICC's efforts to prosecute them. Dubya start this, Obama continued it, and the bully has pushed even harder on it.

The real work begins [Richard Stallman's Political Notes]

*Mississippi's racist state flag has finally come down. Now the real work begins.*

Woodrow Wilson [Richard Stallman's Political Notes]

How should we remember Woodrow Wilson, "a great American president and, on the other hand, … a racist son of a bitch."

Perhaps with a statue in which one side depicts a great president and the other side depicts a supporter of the KKK.

Uselessness of orthodox economics [Richard Stallman's Political Notes]

*This pandemic has exposed the uselessness of orthodox economics.*

*Costs outweighing benefits is the oldest excuse for not taking precautions — and is a recipe for disaster when the benefits, or the costs of inaction, are vastly undervalued.*

Fireworks for crowd control [Richard Stallman's Political Notes]

(satire) *In an effort to ease tensions with the public and restore their tarnished public image, the New York Police Department reportedly commemorated Independence Day this week by using fireworks for crowd control.*

Cops, rave and covid-19 [Richard Stallman's Political Notes]

London cops, apparently not thuggish this time, shut down a dangerous rave, but the participants threw bricks at them and broke bones of two.

That the rave was illegal is what authorize the cops to act, but morally it is a minor detail. What does matter morally is that the rave would tend to spread Covid-19. It therefore threatened harm to people in general. For public safety, raves can't be allowed until the Covid-19 problem is licked.

Returning home to find work [Richard Stallman's Political Notes]

Venezuelans who fled to Colombia now can't find any work, so some are returning home.

Terrorism conviction for using encryption [Richard Stallman's Political Notes]

Leaders of Amnesty Turkey were convicted of "terrorism" charges based on the assertion that one of them had a certain encryption app on his phone. Although investigation reported he did not even have it.

They were arrested while holding an event with a visiting foreign encryption expert to teach people how to use encryption.


Today in GPF History for Monday, July 6, 2020 [General Protection Fault: The Comic Strip]

Aboard the train bound for Hollerith's, Harry Barker recovers from a debugger attack while he and his friends undercover a new mystery...


Dirk Eddelbuettel: Rcpp 1.0.5: Several Updates [Planet Debian]

rcpp logo

Right on the heels of the news of 2000 CRAN packages using Rcpp (and also hitting 12.5 of CRAN package, or one in eight), we are happy to announce release 1.0.5 of Rcpp. Since the ten-year anniversary and the 1.0.0 release release in November 2018, we have been sticking to a four-month release cycle. The last release has, however, left us with a particularly bad taste due to some rather peculiar interactions with a very small (but ever so vocal) portion of the user base. So going forward, we will change two things. First off, we reiterate that we have already made rolling releases. Each minor snapshot of the main git branch gets a point releases. Between release 1.0.4 and this 1.0.5 release, there were in fact twelve of those. Each and every one of these was made available via the drat repo, and we will continue to do so going forward. Releases to CRAN, however, are real work. If they then end up with as much nonsense as the last release 1.0.4, we think it is appropriate to slow things down some more so we intend to now switch to a six-months cycle. As mentioned, interim releases are always just one install.packages() call with a properly set repos argument away.

Rcpp has become the most popular way of enhancing R with C or C++ code. As of today, 2002 packages on CRAN depend on Rcpp for making analytical code go faster and further, along with 203 in BioConductor. And per the (partial) logs of CRAN downloads, we are running steady at around one millions downloads per month.

This release features again a number of different pull requests by different contributors covering the full range of API improvements, attributes enhancements, changes to Sugar and helper functions, extended documentation as well as continuous integration deplayment. See the list below for details.

Changes in Rcpp patch release version 1.0.5 (2020-07-01)

  • Changes in Rcpp API:

    • The exception handler code in #1043 was updated to ensure proper include behavior (Kevin in #1047 fixing #1046).

    • A missing Rcpp_list6 definition was added to support R 3.3.* builds (Davis Vaughan in #1049 fixing #1048).

    • Missing Rcpp_list{2,3,4,5} definition were added to the Rcpp namespace (Dirk in #1054 fixing #1053).

    • A further updated corrected the header include and provided a missing else branch (Mattias Ellert in #1055).

    • Two more assignments are protected with Rcpp::Shield (Dirk in #1059).

    • One call to abs is now properly namespaced with std:: (Uwe Korn in #1069).

    • String object memory preservation was corrected/simplified (Kevin in #1082).

  • Changes in Rcpp Attributes:

    • Empty strings are not passed to R CMD SHLIB which was seen with R 4.0.0 on Windows (Kevin in #1062 fixing #1061).

    • The short_file_name() helper function is safer with respect to temporaries (Kevin in #1067 fixing #1066, and #1071 fixing #1070).

  • Changes in Rcpp Sugar:

    • Two sample() objects are now standard vectors and not R_alloc created (Dirk in #1075 fixing #1074).
  • Changes in Rcpp support functions:

    • Rcpp.package.skeleton() adjusts for a (documented) change in R 4.0.0 (Dirk in #1088 fixing #1087).
  • Changes in Rcpp Documentation:

    • The pdf file of the earlier introduction is again typeset with bibliographic information (Dirk).

    • A new vignette describing how to package C++ libraries has been added (Dirk in #1078 fixing #1077).

  • Changes in Rcpp Deployment:

    • Travis CI unit tests now run a matrix over the versions of R also tested at CRAN (rel/dev/oldrel/oldoldrel), and coverage runs in parallel for a net speed-up (Dirk in #1056 and #1057).

    • The exceptions test is now partially skipped on Solaris as it already is on Windows (Dirk in #1065).

    • The default CI runner was upgraded to R 4.0.0 (Dirk).

    • The CI matrix spans R 3.5, 3.6, r-release and r-devel (Dirk).

Thanks to CRANberries, you can also look at a diff to the previous release. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page. Bugs reports are welcome at the GitHub issue tracker as well (where one can also search among open or closed issues); questions are also welcome under rcpp tag at StackOverflow which also allows searching among the (currently) 2455 previous questions.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


Link [Scripting News]

Now more than ever we need Checkbox News. I want to uncheck Trump and see what's left.

Link [Scripting News]

RSS makes à la carte software possible. Substack is like prix fixe software. You must to use their editor to publish a newsletter. No substitutions. But what if you already have an editor you like? No soup for you!


Security updates for Monday [LWN.net]

Security updates have been issued by Debian (chromium, php7.0, and thunderbird), Fedora (ceph, gssdp, gupnp, libfilezilla, libldb, mediawiki, python-pillow, python36, samba, and xpdf), Mageia (curl, docker, firefox, libexif, libupnp, libvncserver, libxml2, mailman, ntp, perl-YAML, python-httplib2, tcpreplay, tomcat, and vlc), openSUSE (chocolate-doom, python3, and Virtualbox), Slackware (libvorbis), and SUSE (mozilla-nspr, mozilla-nss, systemd, tomcat, and zstd).

Pluralistic: 06 Jul 2020 [Pluralistic: Daily links from Cory Doctorow]

Today's links

New podcast (permalink)

The latest instalment of my podcast is live! It's part nine of my serialized reading of my 2006 novel "Someone Comes to Town, Someone Leaves Town," a book Gene Wolfe called "a glorious book unlike any book you've ever read."


Here's the MP3:


Here's the previous instalments:


Here's the podcast feed:


Europe's interop coalition (permalink)

Last week, EFF published its principles for interoperability in the #EU, timed for the debates over the new Digital Services Act, the first major update to internet regulation in a generation.


It's a call for new rules that would allow EU firms – and coops, nonprofits and tinkerers – to plug new products into the dominant, US-based Big Tech platforms so Europeans can enjoy technological self determination: the right to decide what tech you use and how you use it.

These principles include:

I. A general interoperability obligation

II. Delegatability

III. Limits to commercialization of data

IV. Privacy

V: Security

VI. Documentation and nondiscrimination

Now, a coalition of EU civil society orgs, entrepreneurs and SMEs have sent a joint letter to the EU Commission setting out a plan to embody these principles in new regulations.


Here's the letter:


"No longer confronted with the binary choice of either staying on dominant platforms that do not serve their needs or losing access to their social network, users will be able to choose freely the tools that best respect their privacy, security, or accessibility preferences. Interoperability rules will also be crucial to ensure a dynamic market in which new entrants and innovative business models will have a fair shot to convince users of their value. "

Scarfolk beermats (permalink)

The amazing thing about Scarfolk is how trenchant and darkly comic it manages to be, across so many different modes. This week, it's beer-mats that commemorate the UK's inadequate response to the pandemic and the recklessnesss of its top officials.


To say nothing of the idiocy of re-opening bars where we expect people to lower their inhibitions and impair their judgement while simultaneously observing good pandemic countermeasures.

From "International Laughing Stock Lager" to "10 Downing Street Double Standard" ("Downing It!"), the Scarfolk mats are compact satirical masterpieces – so perfect that you could actually imagine someone from the Real Ale world producing them.

Miami cop owns illegal mansion nightclub (permalink)

Neighbors on 89th St in Miami-Dade spent weeks complaining that a $2m mansion on their street has been turned into an unlicensed nightclub where hundreds of revelers are bused in, and, after paying a cover-charge to a bouncer, party all night in close quarters.

Neighbors whose windows overlook the mansion's pool and gardens say they've witnessed porno shoots and orgies, and, despite regular calls to local police, the parties went on and on and on. Even the nightly Lamborghini racing didn't trigger law enforcement.

The mansion is owned by an LLC – and, thanks to sleuthing by WSVN's Brian Entin, we know that LLC is owned by a "Miami-Dade Police officer and a retired Miami-Dade officer"


Entin interviewed the property manager, who claimed the neighbors were just whining, and insisted that the Airbnb listing for the property stipulated "no parties."

"Miami-Dade Police tell 7News they are aware that an officer and former officer own the house."

Video and transcript of my OII talk (permalink)

Last week, I was delighted to give an online lecture and Q&A; for the Oxford Internet Institute entitled "What Big Tech does to discourse, and the forgotten tech tool that can make tech less big;" hosted by human rights lawyer Ravi Naik.


Now, the Institute has put the talk online for anyone who missed the livestream:


And, thanks to Matt Arnold, we have a fulltext transcript:


Here's the talk precis:

It’s uncontroversial to say that our discourse is polarized, angry and unproductive – and to say that Big Tech is to blame. But what is Big Tech’s role in distorting discourse? Is it the use of machine learning and surveillance data to manipulate people at scale? Or is it just plain old monopolism, dressed up in a bunch of AI snakeoil repurposed from the ad-tech industry’s self-serving brags about how good it is at convincing people?

The answer matters, because machine-learning mind-control rays are an existential threat to human agency, while monopolies can be dismantled using competition law — and what’s more, there’s a tried-and-true competition tactics that is uniquely suited to dismantling tech monopolies. Adversarial interoperability turns tech’s market power on its head, allowing new market entrants to use incumbents’ own scale against them.

Shower temperature vs handle position (permalink)

If you've ever scalded yourself after making a minor adjustment to your shower-faucet, you may have been tempted to believe that there was something perverse and evil about the whole system.

You were right.


As Redditor BRENNEJM's "Shower Temperature Compared to Handle Position" graph shows, the relationship between the two is hard to predict and tune.

POLBATHIC (adj.) Gifted with ability to manipulate taps using only the feet.

Douglas Adams and John Lloyd, "The Meaning of Liff."

This day in history (permalink)

#15yrsago Gibson on remix culture https://www.wired.com/2005/07/gibson-3/

#10yrsago Canadian musician-turned-MP challenges minister on new copyright law https://www.michaelgeist.ca/2010/07/angus-letter-to-moore/

#10yrsago Parenting makes you miserable, but you think it makes you happy https://web.archive.org/web/20100709044712/https://nymag.com/print/?/news/features/67024/

#10yrsago W00t! sends Associated Press a bill for quoting its blog https://consumerist.com/2010/07/woot-to-ap-you-owe-us-1750-for-copying-our-content.html

#10yrsago GOP senate candidate uses copyright in attempt to censor reprinting her previous campaign positions https://talkingpointsmemo.com/dc/angle-sends-cease-and-desist-to-reid-for-reposting-her-own-website

#5yrsago Sandman Slim: Killing Pretty https://boingboing.net/2015/07/06/sandman-slim-killing-pretty.html

#5yrsago Borges's widow threatens remixer with prison https://www.theguardian.com/books/booksblog/2015/jun/25/re-mixing-borges-experiment-not-a-crime-pablo-katchadjian

#1yrago UK ISP Association, spies, censorship organsation jointly condemn Mozilla for supporting secure DNS because it breaks UK internet censorship rules https://techcrunch.com/2019/07/05/isp-group-mozilla-internet-villain-dns-privacy/

#1yrago Autonomous vehicles fooled by drones that project too-quick-for-humans road-signs https://arxiv.org/pdf/1906.09765.pdf

#1yrago National Parks Service publishes hi-rez scans of Heinrich Berann's iconic, panoramic paintings of America's parks https://www.nps.gov/carto/app/#!/maps/categories/12

#1yrago Crisis for Bolsonaro's justice minister Sergio Moro after leaks reveal that he targeted Lula for political prosecution https://theintercept.com/2019/07/05/scandal-for-bolsonaros-justice-minister-sergio-moro-grows-as-the-intercept-partners-with-brazils-largest-magazine-for-new-expose/

#1yrago The reporter on the NYT's Bernie Sanders beat consistently fails to identify her sources as corporate lobbyists https://fair.org/home/sidney-embers-secret-sources/

#1yrago After Istanbul voters rejected Turkish strongman Erdogan, he made them vote again — and lost by the biggest landslide in 35 years https://www.bbc.com/news/world-europe-48739256

#1yrago Billionaire Jeffrey Epstein has been arrested for trafficking dozens of young girls for sex https://www.thedailybeast.com/jeffrey-epstein-arrested-for-sex-trafficking-of-minors-source

#1yrago Britain's US ambassador: Trump is "insecure, incompetent, inept" https://www.cnn.com/2019/07/06/politics/uk-ambassador-cables-donald-trump/index.html

Colophon (permalink)

Today's top sources: Fipi Lele, Naked Capitalism (https://www.nakedcapitalism.com/).

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Friday's progress: 535 words (34486 total).

Currently reading: Anger Is a Gift by Mark Oshiro

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 08) https://craphound.com/podcast/2020/06/29/someone-comes-to-town-someone-leaves-town-part-08/

Upcoming appearances:

"Working as Intended: Surveillance Capitalism is not a Rogue Capitalism," Jul 21, https://stanford.zoom.us/webinar/register/WN_9AwAiQSmTj2ZjaIsIoTr5A

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.

"Attack Surface": The third Little Brother book, Oct 20, 2020. https://us.macmillan.com/books/9781250757531

"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.


Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and advertising):


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla


Link [Scripting News]

Overnight came news of a Spanish research project to find out if the virus has the potential of herd immunity. Apparently not. So we are stuck in this mode until when? Could a vaccine work if there's no possible herd immunity? Anyway, this is like one of those classic fables or myths about the people who were so divided, so hated each other, that they couldn't get together to fight a disease that they can't overcome until they can work together. It's like that famous O Henry story, which I won't spoil in case you haven't read it.

Link [Scripting News]

This should be the default.

Link [Scripting News]

I've been thinking of getting a new Twitter account. I'm pretty sure the one I've had since 2006 has a flag on it that says "Don't suggest it." Explained here. I think this stems back to the controversy about the Suggested Users List. They eventually did phase it out. And something was done to my account. My follower count, at one time one of the top ten accounts on Twitter, hasn't grown in many years. So maybe it's time to start over, and see if I can have more followers without whatever was done. Anyway, some of the names I've considered are taken: boomer, elgrande (a few friends call me that), uncledavey (one of my favorite titles), scripting, scriptingnews (not sure what this account is), savemylife. Or I could use one of the many names I already have. Then there's the question of how to transition? I think about it sometimes, but I never actually do it. 💥

Link [Scripting News]

Why you should wear a mask, illustrated.


Cancelling a Windows Runtime asynchronous operation, part 4: C++/CX with PPL, coroutine style with raw IAsyncAction and IAsyncOperation [The Old New Thing]

Last time, we looked at how task cancellation is projected in C++/CX with PPL and co_await with tasks. But PPL also supports awaiting directly on IAsyncAction^ and IAsyncOperation^ objects. Let’s try it.

auto picker = ref new FileOpenPicker();

auto pickerOp = picker->PickSingleFileAsync();
cancellation_token_source cts;
call<bool> do_cancel([pickerOp](bool) { pickerOp.Cancel(); });
timer<bool> delayed_cancel(3000U, false, &do_cancel);

StorageFile^ file;
try {
    file = co_await pickerOp;
} catch (OperationCanceledException^) {
    file = nullptr;

if (file != nullptr) {

Observe that awaiting directly on an IAsyncAction^ and IAsyncOperation^ object throws a different exception from awaiting on a task.

You can see this in the await_resume for the IAsyncInfo^ awaiter ind in pplawait.h:

template <typename _TaskTy, typename _HandlerTy>
struct _IAsync_awaiter {

    auto await_resume() {
        return _Task->GetResults();

void _VerifyStateForResultsCall(
    Windows::Foundation::AsyncStatus _Status)
    if (_Status == AsyncStatus::Canceled) {
        throw ::Platform::Exception::CreateException(E_ABORT);

The PPL framework checks whether the status of the async operation is Canceled, and if so, it throws E_ABORT, which is represented in C++/CX as Operation­Canceled­Exception.

So far, all of the cancellation exceptions have generated by the framework. That’ll change soon. Next time, we’ll look at C++/WinRT.

The post Cancelling a Windows Runtime asynchronous operation, part 4: C++/CX with PPL, coroutine style with raw IAsyncAction and IAsyncOperation appeared first on The Old New Thing.


1206: Speaking Terms [Order of the Stick]



Bread Ahead – DORK TOWER 30.06.20 [Dork Tower]

Dork Tower is 100% reader supportedJoin the Army of Dorkness today, and help bring more Dork Tower to the world! By becoming a Dork Tower Patreon backer, you get our everlasting gratitude (and also swag, commentary, bonus strips, and even more swag), but, critically, you’ll help us reach our next goal – three comics a week! HINT: we are VERY close!


Nicolas Hafner: Engine Rewrites - July Kandria Update [Planet Lisp]

Last month I outlined a very rough timeline for the future development of Kandria. In the past month I managed to implement the first two of the tasks listed there, namely some very deep fixes to the game engine, and the improvement of the pathfinding AI. I'll try to boil these changes down to make them easier to understand.

If you're subscribed to the mailing list, you should already be familiar with the AI pathfinding problem. If not, I'll give you a freebie this time: you can read the article here. I publish similar articles on developments, backstory, and other things every week on the mailing list, so if you're interested, it's a great way to keep up to date!

What I didn't really touch on in the article is the problem of executing a plan once you've computed it from the navigation mesh. This turned out to be a bit more tricky than I had given it credit for, and took up most of my time. It's working really well now, though, so I think I can move on to actual enemy AI.

As for the game engine changes, those are more numerous and much more involved still. The engine itself is open source, and available to anyone. I'll try my best to outline the changes without having to explain everything about Trial, and without having to go too deep into it.

The first change relates to how assets and resources are managed in Trial. A resource here means an abstract representation of something that needs to be manually managed in memory, like textures and vertex data. Previously it used to be the case that assets were special variants of resources that could be loaded from a file. In that system, an image asset would be a texture resource that could load its contents from a file. This system works fine for many cases, but it breaks down as soon as a file should expand to more than one resource, such as for a 3D model that contains both mesh data and textures.

The new system provides a clear split between assets and resources. Assets are now resource generators that, when loaded, read whatever input data you feed it, and turns it into appropriate resource instances. This solves the previous problem, but introduces a new one: when you need to refer to a resource in order to, for example, set the texture of an object, you now cannot do so anymore before the associated asset is loaded, and this loading should only occur at specific, controlled points in time.

This is where a rare feature of Lisp makes itself very useful: change-class. Assets can offer access to the resources it would generate before actually generating them by providing a placeholder-resource instance instead. Once the asset is actually loaded, this instance is then changed into one of the appropriate resource type. This allows us to reference resources before loading them, without having to perform any patching after loading, or expensive repeated runtime lookup.

The second change relates to the actual loading operation. Previously there was a system that would try to automatically traverse objects to find all referenced assets and resources. This system was convenient, but also slow and... well, to be honest, it just made me uncomfortable. The new system only automatically traverses the scene-graph, for everything else you need to write explicit methods that the resources you need for loading.

The system also takes care of a problem that was introduced by the new asset system. Since resources can now be placeholders, they won't know their dependencies before their generating asset is loaded. This is a problem when determining the order in which to load assets and resources, since parts of the dependency information is now deferred. The solution adopted so far is that the load order is recomputed when a resource is encountered that used to be a placeholder. This works fine, but might induce a lot of load order recomputations if the initial order is unfavourable. At the moment though I'm not losing any sleep over this potentially slow corner case.

Finally, the new loader also handles failures better. If an error occurs during the load operation, the state can be rolled back smoothly so that the game can continue running. This isn't too useful on a user's machine, but it is very useful during development, so that the game doesn't just crash and you lose whatever you were doing before.

The third and final big change relates to the way objects are rendered in the engine. Trial allows creating rather involved pipelines with different passes of shaders. In order to allow a lot of flexibility, these passes need to have control over how objects are rendered, but also which objects are rendered. Previously this was accomplished by a paint function that would traverse the scene graph and perform render operations. Transformations such as translations and rotations were accomplished by defining methods on that function that would dynamically bind the transform matrices and change them. However, this system made it very complicated and error-prone when a pass needed to be selective about which objects it should render. It also forced repeated lookup of the shader program appropriate for a given combination of pass and object, which could be quite slow.

The new system separates the scene and the shader passes entirely. In order to run a shader pass that should render objects in a scene, the scene must first be 'compiled' to the shader pass. This compilation would traverse the scene graph and flatten it into a sequence of render actions. These actions would include management of the transform matrix stack, application of necessary transforms, and ultimately the rendering of objects. Selecting which objects to render could be done at this stage as well, simply omitting the actions of irrelevant objects.

This system makes controlling the render behaviour much easier for the user, but is a lot more complex on the engine side, especially when paired with dynamic updates where objects can enter and leave the scene at will. The way it's currently implemented is very much sub-optimal in that sense, mostly because I have not yet figured out a good protocol on how to communicate where exactly the actions of a new entity should be placed in the action sequence. Containers may not always append a new entity at the end, so there has to be a way for the pass to know where to insert. The option of just recomputing all actions of the container may be prohibitively expensive.

There were other, more minor changes all over as well of course, but I think this entry is already long enough as it is. After getting all of these changes to the engine in, I had to go back and fix a ton of things in Kandria to work again. While at it, I also ripped out a bunch of systems that sucked in Kandria itself and replaced them with cleaner, more simplified variants.

All in all this took up pretty much the entire month. I'm done now, though, and pretty happy with the changes, so I should be able to focus on working on Kandria itself again. I've also already begun work on the next big rewrite that's listed: fixing up the sound engine. I'll put that on the back-burner until the next demo release, though.

Anyway, that's it for this month. Hopefully next month will have a lot more Kandria-specific updates!


Sandman Audio Adaptation [Neil Gaiman's Journal]

In 9 days, on the 15th of July, Audible will release the first of the SANDMAN audio adaptations. These are, well, full cast audiobooks of the first three SANDMAN graphic novels: Dirk Maggs gave me the role of the narrator, and I gave him the original scripts, so often what I'm saying as narrator is what I asked the artists to draw, over thirty years ago.

These are very straightforward adaptations. For the upcoming Netflix TV series, we're starting from now, and doing it as if it was being written, for the first time, in 2020. The audio adaptations are much closer to the original graphic novels, each episode being a comic in the original. Eleven hours of drama. The cast is amazing. The production and the music are glorious. I'm not sure about the narrator, but everything else is sparkling and exciting. I hope you all enjoy it...

For people who need it in a more tangible form, it will also be for sale as CDs.

Click on this, and you will hear James McAvoy as Morpheus...


ThiefQuest Ransomware for the Mac [Schneier on Security]

There's a new ransomware for the Mac called ThiefQuest or EvilQuest. It's hard to get infected:

For your Mac to become infected, you would need to torrent a compromised installer and then dismiss a series of warnings from Apple in order to run it. It's a good reminder to get your software from trustworthy sources, like developers whose code is "signed" by Apple to prove its legitimacy, or from Apple's App Store itself. But if you're someone who already torrents programs and is used to ignoring Apple's flags, ThiefQuest illustrates the risks of that approach.

But it's nasty:

In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or "second stage," attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.


Google-backed groups criticize Apple’s new warnings on user tracking [OSnews]

Sixteen marketing associations, some of which are backed by Facebook Inc and Alphabet Inc’s Google, faulted Apple for not adhering to an ad-industry system for seeking user consent under European privacy rules. Apps will now need to ask for permission twice, increasing the risk users will refuse, the associations argued.

Cry me a river.

There’s an interesting note later in the linked article:

Apple engineers also said last week the company will bolster a free Apple-made tool that uses anonymous, aggregated data to measure whether advertising campaigns are working and that will not trigger the pop-up.

But of course it doesn’t. It’s made by Apple, after all, and we all trust Apple, right? It’s not like Apple rushed to sell out everything privacy-related to a regime committing genocide, so we clearly have nothing to worry about when Apple forces itself into the advertising business by leveraging its iOS platform.


Four short links: 6 July 2020 [Radar]

  1. Debubble — I like that people are trying software like this, to bring out our better angels.
  2. Parallel Programming in Multicore OCaml — A glimpse at how OCaml is handling parallelism. There’s a lot to learn from the paradigms of “weird languages”.
  3. Language Independent Validation Rules — Multi-language supported validation rules. The two languages that matter the most? Javascript and whatever you’re using on the backend.
  4. TaBERTTaBERT is the first model that has been pretrained to learn representations for both natural language sentences and tabular data. These sorts of representations are useful for natural language understanding tasks that involve joint reasoning over natural language sentences and tables. A representative example is semantic parsing over databases, where a natural language question (e.g., “Which country has the highest GDP?”) is mapped to a program executable over database (DB) tables. Applying ML to database systems is interesting.

Four short links: 3 July 2020 [Radar]

  1. Open Differential Privacy — Open source software from Microsoft and Harvard. (via Microsoft’s announcement).
  2. Engineering Resumesto help those of you looking for a new job in these uncertain times, here are some examples of what accomplishments look like for software engineers. These are oriented towards individual contributors (perhaps I’ll do an engineering managers version next).
  3. Evil C — A 29-byte source file that takes 27m to produce a 16GB executable.
  4. Platform Adjacency Theory — (Alex Russell) the web thrives or declines to the extent it can accomplish the lion’s share of the things we expect most computers to do. […] Growing a platform’s success requires unlocking use-cases not already serviced. That mean finding needs that combine things your platform is already good at with a small number of missing capabilities. An interesting essay arguing that Apple and Mozilla are underinvesting in web feature development and thus threatening the web metaplatform.

CodeSOD: Classic WTF: Dimensioning the Dimension [The Daily WTF]

It was a holiday weekend in the US, so we're taking a little break. Yes, I know that most people took Friday off, but as this article demonstrates, dates remain hard. Original -- Remy It's...


Jonathan Dowland: Review: Roku Express [Planet Debian]

I don't generally write consumer reviews, here or elsewhere; but I have been so impressed by this one I wanted to mention it.

For Holly's birthday this year, taking place under Lockdown, we decided to buy a year's subscription to "Disney+". Our current TV receiver (A Humax Freesat box) doesn't support it so I needed to find some other way to get it onto the TV.

After a short bit of research, I bought the "Roku Express" streaming media player. This is the most basic streamer that Roku make, bottom of their range. For a little bit more money you can get a model which supports 4K (although my TV obviously doesn't: it, and the basic Roku, top out at 1080p) and a bit more gets you a "stick" form-factor and a Bluetooth remote (rather than line-of-sight IR).

I paid £20 for the most basic model and it Just Works. The receiver is very small but sits comfortably next to my satellite receiver-box. I don't have any issues with line-of-sight for the IR remote (and I rely on a regular IR remote for the TV itself of course). It supports Disney+, but also all the other big name services, some of which we already use (Netflix, YouTube BBC iPlayer) and some of which we didn't, since it was too awkward to access them (Google Play, Amazon Prime Video). It has now largely displaced the FreeSat box for accessing streaming content because it works so well and everything is in one place.

There's a phone App that remote-controls the box and works even better than the physical remote: it can offer a full phone-keyboard at times when you need to input text, and can mute the TV audio and put it out through headphones attached to the phone if you want.

My aging Plasma TV suffers from burn-in from static pictures. If left paused for a duration the Roku goes to a screensaver that keeps the whole frame moving. The FreeSat doesn't do this. My Blu Ray player does, but (I think) it retains some static elements.


The difference between patina and cruft [Seth's Blog]

Cruft is obsolete. Cruft is broken, discarded, non-functioning refuse that should be hauled away.

Patina is the wabi-sabi of positive use. A bookshelf of well-worn encyclopedias (now replaced by Wikipedia) has a patina to it. Simply seeing it reminds us of the possibility of discovery.

Patina makes it easier to go forward. Cruft gets in our way.


Enrico Zini: COVID-19 and Capitalism [Planet Debian]

If the Reopen America protests seem a little off to you, that's because they are. In this video we're going to talk about astroturfing and how insidious it i...
Techdirt has just written about the extraordinary legal action taken against a company producing Covid-19 tests. Sadly, it's not the only example of some individuals putting profits before people. Here's a story from Italy, which is...
Berlin is trying to stop Washington from persuading a German company seeking a coronavirus vaccine to move its research to the United States.
Amazon cracked down on coronavirus price gouging. Now, while the rest of the world searches, some sellers are holding stockpiles of sanitizer and masks.
And 3D-printed valve for breathing machine sparks legal threat
Ischgl, an Austrian ski resort, has achieved tragic international fame: hundreds of tourists are believed to have contracted the coronavirus there and taken it home with them. The Tyrolean state government is now facing serious criticism. EURACTIV Germany reports.
We are seeing how the monopolistic repair and lobbying practices of medical device companies are making our response to the coronavirus pandemic harder.
Las Vegas, Nevada has come under criticism after reportedly setting up a temporary homeless shelter in a parking lot complete with social distancing barriers.


Reproducible Builds: Reproducible Builds in June 2020 [Planet Debian]

Welcome to the June 2020 report from the Reproducible Builds project. In these reports we outline the most important things that we and the rest of the community have been up to over the past month.

What are reproducible builds?

One of the original promises of open source software is that distributed peer review and transparency of process results in enhanced end-user security.

But whilst anyone may inspect the source code of free and open source software for malicious flaws, almost all software today is distributed as pre-compiled binaries. This allows nefarious third-parties to compromise systems by injecting malicious code into seemingly secure software during the various compilation and distribution processes.


The GitHub Security Lab published a long article on the discovery of a piece of malware designed to backdoor open source projects that used the build process and its resulting artifacts to spread itself. In the course of their analysis and investigation, the GitHub team uncovered 26 open source projects that were backdoored by this malware and were actively serving malicious code. (Full article)

Carl Dong from Chaincode Labs uploaded a presentation on Bitcoin Build System Security and reproducible builds to YouTube:

The app intended to trace infection chains of Covid-19 in Switzerland published information on how to perform a reproducible build.

The Reproducible Builds project has received funding in the past from the Open Technology Fund (OTF) to reach specific technical goals, as well as to enable the project to meet in-person at our summits. The OTF has actually also assisted countless other organisations that promote transparent, civil society as well as those that provide tools to circumvent censorship and repressive surveillance. However, the OTF has now been threatened with closure. (More info)

It was noticed that Reproducible Builds was mentioned in the book End-user Computer Security by Mark Fernandes (published by WikiBooks) in the section titled Detection of malware in software.

Lastly, reproducible builds and other ideas around software supply chain were mentioned in a recent episode of the Ubuntu Podcast in a wider discussion about the Snap and application stores (at approx 16:00).

Distribution work

In the ArchLinux distribution, a goal to remove .doctrees from installed files was created via Arch’s ‘TODO list’ mechanism. These .doctree files are caches generated by the Sphinx documentation generator when developing documentation so that Sphinx does not have to reparse all input files across runs. They should not be packaged, especially as they lead to the package being unreproducible as their pickled format contains unreproducible data. Jelle van der Waa and Eli Schwartz submitted various upstream patches to fix projects that install these by default.

Dimitry Andric was able to determine why the reproducibility status of FreeBSD’s base.txz depended on the number of CPU cores, attributing it to an optimisation made to the Clang C compiler []. After further detailed discussion on the FreeBSD bug it was possible to get the binaries reproducible again [].

For the GNU Guix operating system, Vagrant Cascadian started a thread about collecting reproducibility metrics and Jan “janneke” Nieuwenhuizen posted that they had further reduced their “bootstrap seed” to 25% which is intended to reduce the amount of code to be audited to avoid potential compiler backdoors.

In openSUSE, Bernhard M. Wiedemann published his monthly Reproducible Builds status update as well as made the following changes within the distribution itself:


Holger Levsen filed three bugs (#961857, #961858 & #961859) against the reproducible-check tool that reports on the reproducible status of installed packages on a running Debian system. They were subsequently all fixed by Chris Lamb [][][].

Timo Röhling filed a wishlist bug against the debhelper build tool impacting the reproducibility status of 100s of packages that use the CMake build system which led to a number of tests and next steps. []

Chris Lamb contributed to a conversation regarding the nondeterministic execution of order of Debian maintainer scripts that results in the arbitrary allocation of UNIX group IDs, referencing the Tails operating system’s approach this []. Vagrant Cascadian also added to a discussion regarding verification formats for reproducible builds.

47 reviews of Debian packages were added, 37 were updated and 69 were removed this month adding to our knowledge about identified issues. Chris Lamb identified and classified a new uids_gids_in_tarballs_generated_by_cmake_kde_package_app_templates issue [] and updated the paths_vary_due_to_usrmerge as deterministic issue, and Vagrant Cascadian updated the cmake_rpath_contains_build_path and gcc_captures_build_path issues. [][][].

Lastly, Debian Developer Bill Allombert started a mailing list thread regarding setting the -fdebug-prefix-map command-line argument via an environment variable and Holger Levsen also filed three bugs against the debrebuild Debian package rebuilder tool (#961861, #961862 & #961864).


On our website this month, Arnout Engelen added a link to our Mastodon account [] and moved the SOURCE_DATE_EPOCH git log example to another section []. Chris Lamb also limited the number of news posts to avoid showing items from (for example) 2017 [].

strip-nondeterminism is our tool to remove specific non-deterministic results from a completed build. It is used automatically in most Debian package builds. This month, Mattia Rizzolo bumped the debhelper compatibility level to 13 [] and adjusted a related dependency to avoid potential circular dependency [].

Upstream work

The Reproducible Builds project attempts to fix unreproducible packages and we try to to send all of our patches upstream. This month, we wrote a large number of such patches including:

Bernhard M. Wiedemann also filed reports for frr (build fails on single-processor machines), ghc-yesod-static/git-annex (a filesystem ordering issue) and ooRexx (ASLR-related issue).


diffoscope is our in-depth ‘diff-on-steroids’ utility which helps us diagnose reproducibility issues in packages. It does not define reproducibility, but rather provides a helpful and human-readable guidance for packages that are not reproducible, rather than relying essentially-useless binary diffs.

This month, Chris Lamb uploaded versions 147, 148 and 149 to Debian and made the following changes:

  • New features:

    • Add output from strings(1) to ELF binaries. (#148)
    • Dump PE32+ executables (such as EFI applications) using objdump(1). (#181)
    • Add support for Zsh shell completion. (#158)
  • Bug fixes:

    • Prevent a traceback when comparing PDF documents that did not contain metadata (ie. a PDF /Info stanza). (#150)
    • Fix compatibility with jsondiff version 1.2.0. (#159)
    • Fix an issue in GnuPG keybox file handling that left filenames in the diff. []
    • Correct detection of JSON files due to missing call to File.recognizes that checks candidates against file(1). []
  • Output improvements:

    • Use the CSS word-break property over manually adding U+200B zero-width spaces as these were making copy-pasting cumbersome. (!53)
    • Downgrade the tlsh warning message to an ‘info’ level warning. (#29)
  • Logging improvements:

  • Testsuite improvements:

    • Update tests for file(1) version 5.39. (#179)
    • Drop accidentally-duplicated copy of the --diff-mask tests. []
    • Don’t mask an existing test. []
  • Codebase improvements:

    • Replace obscure references to WF with “Wagner-Fischer” for clarity. []
    • Use a semantic AbstractMissingType type instead of remembering to check for both types of ‘missing’ files. []
    • Add a comment regarding potential security issue in the .changes, .dsc and .buildinfo comparators. []
    • Drop a large number of unused imports. [][][][][]
    • Make many code sections more Pythonic. [][][][]
    • Prevent some variable aliasing issues. [][][]
    • Use some tactical f-strings to tidy up code [][] and remove explicit u"unicode" strings [].
    • Refactor a large number of routines for clarity. [][][][]

trydiffoscope is the web-based version of diffoscope. This month, Chris Lamb also corrected the location for the celerybeat scheduler to ensure that the clean/tidy tasks are actually called which had caused an accidental resource exhaustion. (#12)

In addition Jean-Romain Garnier made the following changes:

  • Fix the --new-file option when comparing directories by merging DirectoryContainer.compare and Container.compare. (#180)
  • Allow user to mask/filter diff output via --diff-mask=REGEX. (!51)
  • Make child pages open in new window in the --html-dir presenter format. []
  • Improve the diffs in the --html-dir format. [][]

Lastly, Daniel Fullmer fixed the Coreboot filesystem comparator [] and Mattia Rizzolo prevented warnings from the tlsh fuzzy-matching library during tests [] and tweaked the build system to remove an unwanted .build directory []. For the GNU Guix distribution Vagrant Cascadian updated the version of diffoscope to version 147 [] and later 148 [].

Testing framework

We operate a large and many-featured Jenkins-based testing framework that powers tests.reproducible-builds.org. Amongst many other tasks, this tracks the status of our reproducibility efforts across many distributions as well as identifies any regressions that have been introduced. This month, Holger Levsen made the following changes:

  • Debian-related changes:

    • Prevent bogus failure emails from rsync2buildinfos.debian.net every night. []
    • Merge a fix from David Bremner’s database of .buildinfo files to include a fix regarding comparing source vs. binary package versions. []
    • Only run the Debian package rebuilder job twice per day. []
    • Increase bullseye scheduling. []
  • System health status page:

    • Add a note displaying whether a node needs to be rebooted for a kernel upgrade. []
    • Fix sorting order of failed jobs. []
    • Expand footer to link to the related Jenkins job. []
    • Add archlinux_html_pages, openwrt_rebuilder_today and openwrt_rebuilder_future to ‘known broken’ jobs. []
    • Add HTML <meta> header to refresh the page every 5 minutes. []
    • Count the number of ignored jobs [], ignore permanently ‘known broken’ jobs [] and jobs on ‘known offline’ nodes [].
    • Only consider the ‘known offline’ status from Git. []
    • Various output improvements. [][]
  • Tools:

    • Switch URLs for the Grml Live Linux and PureOS package sets. [][]
    • Don’t try to build a disorderfs Debian source package. [][][]
    • Stop building diffoscope as we are moving this to Salsa. [][]
    • Merge several “is diffoscope up-to-date on every platform?” test jobs into one [] and fail less noisily if the version in Debian cannot be determined [].

In addition: Marcus Hoffmann was added as a maintainer of the F-Droid reproducible checking components [], Jelle van der Waa updated the “is diffoscope up-to-date in every platform” check for Arch Linux and diffoscope [], Mattia Rizzolo backed up a copy of a “remove script” run on the Codethink-hosted ‘jump server‘ [] and Vagrant Cascadian temporarily disabled the fixfilepath on bullseye, to get better data about the ftbfs_due_to_f-file-prefix-map categorised issue.

Lastly, the usual build node maintenance was performed by Holger Levsen [][], Mattia Rizzolo [] and Vagrant Cascadian [][][][][].

If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:

This month’s report was written by Bernhard M. Wiedemann, Chris Lamb, Eli Schwartz, Holger Levsen, Jelle van der Waa and Vagrant Cascadian. It was subsequently reviewed by a bunch of Reproducible Builds folks on IRC and the mailing list.



Comic: And/Or Furious [Penny Arcade]

New Comic: And/Or Furious


1415 [Looking For Group]

The post 1415 appeared first on Looking For Group.

Girl Genius for Monday, July 06, 2020 [Girl Genius]

The Girl Genius comic for Monday, July 06, 2020 has been posted.


Kernel prepatch 5.8-rc4 [LWN.net]

The 5.8-rc4 kernel prepatch is out for testing. "The end result is that it's been fairly calm, and there's certainly been discussion of upcoming fixes, but I still have the feeling that 5.8 is looking fairly normal and things are developing smoothly despite the size of this release."


Britons were prosecuted for "aiding terrorism" [Richard Stallman's Political Notes]

Britons were prosecuted for "aiding terrorism" for helping their relative go to Syria to fight for Rojava. The judge just ended the trial by declaring them innocent.

Shame on Britain for trying to criminalize this.

Troops sent to Washington armed with bayonets [Richard Stallman's Political Notes]

The conman really did send troops to Washington armed with bayonets, as well as (of course) rifles to mount them on, with protesting Americans as the enemy.

Tim Bray recommends hot to split up Google [Richard Stallman's Political Notes]

Tim Bray recommends how to split up Google, taking account solely business questions and competition.

He doesn't address the issues of making users run nonfree software, and making them get accounts and identify themselves, which are the main reason I don't use Google services. But even in regard to competition, we need to go further. Gmail is too big; it should be split into several companies that compete.

Recognition to groups as a family [Richard Stallman's Political Notes]

Somerville, Mass, has given limited legal recognition to groups of any number of people that declare themselves to constitute a family.

Bill to accelerate installation of internet fiber everywhere [Richard Stallman's Political Notes]

Congress is considering a bill to accelerate installation of internet fiber everywhere.

This practical boost would be very useful, but watch out for three points the article doesn't mention:

  • If the "innovations in applications and services" are as malicious as the existing applications and services, then far from being beneficial, they will saddle us with a struggle to avoid using them.
  • The networks that invite us to connect might, perhaps through sheer inattention, be designed so they require us to run nonfree software to get connected.
  • Those networks may make ever user identify perself, as a so-called security measure.
These concerns are not mere speculation. The reason I do not have fiber internet is that I could not find a way to get that connected without connecting to a web site and running its nonfree software.

Venezuelans who fled to Colombia [Richard Stallman's Political Notes]

Venezuelans who fled to Colombia now can't find any work, so some are returning home.

Muslim countries don't criticize China [Richard Stallman's Political Notes]

Muslim countries don't trouble to criticize China's imprisonment and brainwashing of a million Uighurs. They get too much financial support from China.

Eating in UK restaurants [Richard Stallman's Political Notes]

The UK will require people eating in restaurants to identify themselves.

New Zealand's previous system, recording info about customers on paper, respected anonymity. It made the information available to collect when contact tracing needed it, but avoided creating a tracking database that the state could use for unjust purposes.

I am alarmed to read that New Zealand now requires customers to scan a QR code — with a Stalin's Dream device, evidently. That is not safe. And what about the people who don't have a portable phone?

Progressives are trying to reclaim the term "populist" [Richard Stallman's Political Notes]

Progressives are trying to reclaim the term "populist", which around 1900 referred to a campaign to strengthen democracy and reduce economic inequality.

Kamala Harris's Wikipedia page [Richard Stallman's Political Notes]

One supporter is persistently deleting everything from Kamala Harris's Wikipedia page showing her hash approach towards small-time street crime as well as her lax approach towards the theft of billions.

UK judge fined Greenpeace for occupying North Sea oil platform [Richard Stallman's Political Notes]

A judge in the UK fined Greenpeace heavily for occupying a North Sea oil platform last year.

The judge's reasons are all valid, in a narrow sense, disregarding the fact that oil extraction is leading to the death of billions of people.

Once a government goes to those lengths to snuff out climate defense protests, I fear it will succeed, removing the last obstacle to mass murder.

UK wants to send a girl back to Sudan [Richard Stallman's Political Notes]

The UK wants to send a girl back to Sudan where she would suffer female genital mutilation.

To evade legal obligations, the government will pretend to send her to Bahrain, never mind that Bahrain would not let her stay there and would send her to Sudan.


Link [Scripting News]

Of all the things to be angry about, and there are a lot, the one that gets me the most is that Trump has had Fauci muzzled for three months.


Back Into Quarantine [Whatever]

Covid infection numbers are up in Ohio, as they are in a whole lot of places, and in the US in general; I’m particularly looking at the infection numbers for Georgia, where I am meant to be at the beginning of September, and they are higher there now than they have ever been before, and by a considerable margin. The deaths that are being reported relating to Covid are not spiking, but those have tended to trail the infection rate (i.e., we’ll likely see more of those soon), and in any event we have discovered that surviving a Covid infection very often doesn’t mean you just bounce back as if from a cold or flu — it often damages lungs and hearts and other organs and takes months (or longer — we’re in the process of finding out) to fully recover.

Nearly every other Western country in the world has seen their infection rates drop down from the March/April time frame, but we haven’t, and now our leaders want to suggest that this is just the way it is and we’ll have to “live with it.” In fact, it’s not the way it is, or at least, wasn’t what it had to be. The reason we’re in this mess is that the GOP followed Trump’s lead in deciding this was a political issue instead of a health and science issue, and radicalized its base against dead simple measures like wearing masks and other such practices, and against waiting until infection rates dropped sufficiently to try to open up businesses again, because apparently they thought capitalism was magic and would work without reasonably fit humans.

The GOP is getting it now, purely out of necessity — Texas now has a mask requirement, as an example — but it’s probably too late in terms of not torpedoing the economy for the rest of the year, and possibly too late for an entire demographic of people who are now convinced that wearing a mask is an admission of weakness and/or fealty to George Soros. It also means that all that time we spent in quarantine in March, April and May was effectively for nothing, and that if we want to actually get hold of this thing we’ll have to go back in quarantine again, at least through September and possibly for all of the rest of 2020.

Which, honestly, really pisses me off. We could have managed this thing — like nearly every other country has — if we had political leadership that wasn’t inept and happy to use the greatest public health crisis in decades as political leverage for… well, who knows? Most of the areas being hit hardest now — places like Florida, Arizona, and Texas — are deep red states; there is no political advantage to be had by having them hit by infection and death and economic uncertainty four months before a national election. The fact that Joe Biden is currently in a statistical tie with Trump in Texas voter polls should terrify the GOP. I don’t expect Biden to get Texas’ electoral votes in November, but honestly it shouldn’t even be this close now. And the thing is, things are almost certainly going to get worse in Texas before they get better.

In April and May I had held out some hope that the second half of 2020 might be salvageable, and that it would be safe, or at least safer, to do the things we normally might have done with the year. Now that we’re in the second half of the year, it’s pretty clear that 2020 is going to be unsafe all the way through. It didn’t have to be this way. If we are going to have to live with it (and hopefully not precisely in the “fuck it, I guess some of you are just gonna have to die” way that the GOP wants us to), we should admit to precisely whose fault it is. The GOP needs to be punished in November for a number of reasons, and this is certainly qualifies as a major reason. I will leave my house to vote, if I need to.

In the meantime: wear your masks, practice social distancing, and stay home if you can. As my friend Ashley Clements put it:

She’s right. Alas.

Hands-on: 85+ new macOS Big Sur changes and features [OSnews]

After going in depth with iOS 14 earlier this week, today we focus on macOS Big Sur. The biggest takeaway from my hands-on time with the follow up to macOS Catalina is that Apple’s latest OS is clearly being designed with the future in mind.

Although it’s unmistakably Mac, Big Sur is a departure from previous versions of macOS in terms of aesthetics. Everything, from the dock, to the menu bar, to window chrome, icons, and even sounds have been updated.

A good overview of the many, many changes in Big Sur.

Interesting sidenote: with both Windows and macOS now heavily catering towards touch use, this leaves Linux – and most of the smaller platforms, like the Amiga or Haiku – as one of the last remaining places with graphical user interfaces designed 100% towards mouse input.

Big buttons, lots spacing, lots of wasted space – it’s coming to your Mac.

Chrome for Android is finally going 64-bit [OSnews]

The first Android version to support 64-bit architecture was Android 5.0 Lollipop, introduced back in November 2014. Since then, more and more 64-bit processors shipped, and today, virtually all Android devices are capable of running 64-bit software (excluding one or two or more oddballs). However, Google Chrome has never made the jump and is only available in a 32-bit flavor, potentially leading to some unnecessary security and performance degradations. That’s finally changing: Starting with Chrome 85, phones running Android 10 and higher will automatically receive a 64-bit version.

It seems odd to me that it took them this long to move one of the most important applications in Android to 64 bit.


Someone Comes to Town, Someone Leaves Town (part 09) [Cory Doctorow's craphound.com]

Here’s part nine of my new reading of my novel Someone Comes to Town, Someone Leaves Town (you can follow all the installments, as well as the reading I did in 2008/9, here).

This is easily the weirdest novel I ever wrote. Gene Wolfe (RIP) gave me an amazing quote for it: “Someone Comes to Town, Someone Leaves Town is a glorious book, but there are hundreds of those. It is more. It is a glorious book unlike any book you’ve ever read.”

Here’s how my publisher described it when it came out:

Alan is a middle-aged entrepeneur who moves to a bohemian neighborhood of Toronto. Living next door is a young woman who reveals to him that she has wings—which grow back after each attempt to cut them off.

Alan understands. He himself has a secret or two. His father is a mountain, his mother is a washing machine, and among his brothers are sets of Russian nesting dolls.

Now two of the three dolls are on his doorstep, starving, because their innermost member has vanished. It appears that Davey, another brother who Alan and his siblings killed years ago, may have returned, bent on revenge.

Under the circumstances it seems only reasonable for Alan to join a scheme to blanket Toronto with free wireless Internet, spearheaded by a brilliant technopunk who builds miracles from scavenged parts. But Alan’s past won’t leave him alone—and Davey isn’t the only one gunning for him and his friends.

Whipsawing between the preposterous, the amazing, and the deeply felt, Cory Doctorow’s Someone Comes to Town, Someone Leaves Town is unlike any novel you have ever read.


Sunday, 05 July


Alexander Artemenko: cl-skip-list [Planet Lisp]

I found this library a few weeks ago. It implements a Skip List data structure. Which is a lock-free and has O(log n) for lookup, insert and delete operations.

I wondered if this library will have a better performance in situation when you have to access a dictionary from multiple threads?

Here is a simple benchmark. We ll create 10 threads and do 10 millions lookup of a value in the dictionary filled by 6600 symbols from the keywords package.

I'm testing on SBCL 2.0.2 with (declaim (optimize (debug 1) (speed 3))) options running on the Macbook with 12 cores.

Let's run this benchmark using a standard Common Lisp hash table and a lock:

POFTHEDAY> (let ((hash (make-hash-table))
                 (lock (bt:make-lock))
                 (num-operations 10000000)
                 (num-threads 10))
             (do-external-symbols (s :keyword)
               (setf (gethash s hash)
                     (symbol-name s)))
             (setf (gethash :foo hash)
             ;; Now it is time to define a worker function
             (flet ((worker ()
                      (loop with result = nil
                            repeat num-operations
                            do (bt:with-lock-held (lock)
                                 (setf result
                                       (gethash :foo hash)))
                            finally (return result))))
               ;; We'll create N workers and measure a total time required to finish them all
               (let* ((started-at (get-internal-real-time))
                      (workers (loop repeat num-threads
                                     collect (bt:make-thread #'worker))))
                 (loop for worker in workers
                       do (bt:join-thread worker))
                 ;; Calculate the total time
                 (/ (- (get-internal-real-time) started-at)
2399/100 (23.99)

And now a lock free version using cl-skip-list:

POFTHEDAY> (let ((hash (cl-skip-list:make-skip-list :key-equal #'eql))
                 (num-operations 10000000)
                 (num-threads 10))
             (do-external-symbols (s :keyword)
               (cl-skip-list:skip-list-add hash
                                           (symbol-name s)))
             (unless (cl-skip-list:skip-list-lookup hash :foo)
               (cl-skip-list:skip-list-add hash
             ;; Now it is time to define a worker function
             (flet ((worker ()
                      (loop with result = nil
                            repeat num-operations
                            do (setf result
                                     (cl-skip-list:skip-list-lookup hash :foo))
                            finally (return result))))
               ;; We'll create N workers and measure a total time required to finish them all
               (let* ((started-at (get-internal-real-time))
                      (workers (loop repeat num-threads
                                     collect (bt:make-thread #'worker))))
                 (loop for worker in workers
                       do (bt:join-thread worker))
                 ;; Calculate the total time
                 (/ (- (get-internal-real-time) started-at)
45799/1000 (45.799)

As you see, the version with a lock is twice faster: 46 seconds against 24.

Are there any reasons to use a lock-free data structure if it does not get you any speed gains?


Today in GPF History for Sunday, July 5, 2020 [General Protection Fault: The Comic Strip]

As all the guests arrive for Fooker's welcome home party, Sharon drops an unexpected bombshell...


“Objective Justice” for Alex [Nina Paley]

Hundred Dollar Drawing.  This one, “Objective Justice,” was a stumper!


Pluralistic: 05 Jul 2020 [Pluralistic: Daily links from Cory Doctorow]

Today's links

Bojo's "New Deal" is neither (permalink)

Whenever I think of grifters, I get that classic image of an overconfident, self-destructive idiot racing across a river on the backs of alligators, certain that they won't stumble and lose a leg. See, for example, DJ Trump.

Or Boris Johnson.

You know that grifter tactic of putting a scandal behind you by creating a bigger scandal? That's pure gator-dancing.

Grifters love debt – spending other peoples' money is Grifter 101. But it's not just money-debt – it's also policy debt.

If you have a real problem and a fake solution, the real problem will continue to fester until it becomes so acute that you have a rupture, a default, a leg chewed off. The grifter way of dealing with this is blowing town before the rupture.

The snake-oil salesman who prescribes alternating doses of speed and opioids to "cure your cancer" stays long enough to witness your stoned, energized delight and collect his fee, then gtfos before you enter metastasis and croak.

The 4-5 year terms of Anglo-American elections are not a bad timeframe for this kind of grift. Reaganomics can produce a stock-market sugar rush and hectic roses on the economy's cheeks in that period, and then Ronny can toddle off to count his polyps before the bill is due.

Some gators, though, have faster-than-average reflexes and can turn and take a leg before you can move on. Coronavirus, with its 3-week crisis cycles, is among the most intensely anti-grift adversaries that chancers like Trump and Bojo could encounter.

"Everything's fine! Get drunk in an enclosed space while desperate, precarious, racialized people sharpen your fingernails and groom your fur! It will be fine!"

[3 weeks pass]

"Uh, we've always been pro-mask. Why the fuck are you in that bar? Personal responsibility!"

The chancers have fed our lungs and our economy to the gators, by refusing to lock down and refusing to fund a stay-at-home order. Now, they're trying to figure out how to distract us from the sight of all those gators masticating our severed legs.

Bojo's idea? A "New Deal."

That was FDR's plan to revitalize the economy after the Great Depression through extensive public spending that offered meaningful employment in the caring and infrastructure sectors, with generous arts and scholarship spending.

Which would be pretty amazing! But Bojo's Made-in-Britain New Deal is just another grift.

FDR's New Deal accounted for forty percent US GDP.

Boris's proposed spend is 0.2%.

Zero. Point. Two. Percent.


Grifters like to surround themselves with other grifters. Reagan had Nancy's astrologer. Boris has Dominic "Typhoid Dom" Cummings, who has his own back to the future plan: a Made-in-Britain ARPA (the US agency that created the internet, GPS, etc).

This is how ARPA worked:


A kind of autonomous, excellence-focused institution where advancement was based on skill, not aristocratic birth.

It's impossible to imagine such an institution emerging from a Tory regime. The posh boys would fill the agency with inbred double-hairs in need of cushy resume-padding and an expense account. It wouldn't produce a new internet – it would produce a massive bar-tab and a long tail of sexual harassment claims.

The real racial wealth gap (permalink)

America has a serious racial wealth-gap problem. The mean net worth of white US households is $900,600; the mean net worth of Black US households is $140,000.

But as Matt Bruenig writes, averages are deceiving.


That's because America also has a serious inequality problem. Almost all the wealth in America is controlled by the richest 10% of households (those households are overwhelmingly white, ofc, but also the richest 10% of Black households account for nearly all Black wealth).

"What this means is that the overall racial wealth disparity is being driven almost entirely by the disparity between the wealthiest 10 percent of white people and the wealthiest 10 percent of black people."

In other words, if you made the average Black US household as rich as the average white US household, but left the gap between the richest Black and white people intact, it would hardly make a dent in the gap between white and Black wealth.

"97 percent of the overall racial wealth gap is driven by households above the median of each racial group."

We could eliminate almost all of the wealth gap by making the richest Black people as rich as the richest white people – which would no nothing for nearly everyone.

Or we could fix it by leveling the bottom 90% of Black households up to the same net worth of the bottom 90% of white households, which would still leave both groups in desperate precarity.

Bruenig: "The way through this bind is, of course, to acknowledge that racial capitalism has concentrated almost all of the national wealth in the hands of a small number of white families. The proper course of action is to redistribute that wealth to the multiracial lower and working classes, tackling both racial and class inequality simultaneously."

This day in history (permalink)

#10yrsago Underwater Basket Weaving: the real story http://hoaxes.org/weblog/permalink/underwater_basket_weaving/

#10yrsago Prizewinning pirate shed https://www.shedblog.co.uk/2010/07/05/and-the-winner-of-shed-of-the-year-2010-sponsored-by-cuprinol-sprayable-is/

#10yrsago Four Lions: This is Spinal Tap for suicide bombers https://boingboing.net/2010/07/05/four-lions-this-is-s.html

#10yrsago Secret copyright treaty participants demand less security, more border-searches of iPods https://www.michaelgeist.ca/2010/07/inta-icc-on-acta-de-minimis/

#10yrsago Internet access guide 2025: Dystopian humor http://blogoscoped.com/archive/2010-06-24-n15.html

#10yrsago TSA blocks "controversial opinion" from its internal network https://www.cbsnews.com/news/tsa-to-block-controversial-opinion-on-the-web/

#5yrsago All 40 of the FBI & DHS's post-9/11 terror attack warnings fizzled https://fair.org/home/zero-for-40-at-predicting-attacks-why-do-media-still-take-fbi-terror-warnings-seriously/

#5yrsago Greece says NO https://crookedtimber.org/2015/07/06/greece-decision-theory-and-the-sure-thing-principle/

#5yrsago Greek finance minister resigns https://www.aljazeera.com/news/2015/07/greek-finance-minister-varoufakis-announces-resignation-150706042047642.html

#1yrago Tim Wu rebuts Zuck's reasons for exempting Facebook from antitrust enforcement https://www.wired.com/story/tim-wu-explains-why-facebook-broken-up/

Colophon (permalink)

Today's top sources: Memex 1.1 (https://memex.naughtons.org/).

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Friday's progress: 535 words (34486 total).

Currently reading: Anger Is a Gift by Mark Oshiro

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 08) https://craphound.com/podcast/2020/06/29/someone-comes-to-town-someone-leaves-town-part-08/

Upcoming appearances:

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.

"Attack Surface": The third Little Brother book, Oct 20, 2020. https://us.macmillan.com/books/9781250757531

"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.


Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and advertising):


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla


Link [Scripting News]

Perfect. Take down all Confederate statues and ship them to Trump for his Garden of Heroes of White Supremacy and the Not See Party.


Thorsten Alteholz: My Debian Activities in June 2020 [Planet Debian]

FTP master

This month I accepted 377 packages and rejected 30. The overall number of packages that got accepted was 411.

Debian LTS

This was my seventy-second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS uploads of:

  • [DLA 2255-1] libtasn1-6 security update for one CVE
  • [DLA 2256-1] libtirpc security update for one CVE
  • [DLA 2257-1] pngquant security update for one CVE
  • [DLA 2258-1] zziplib security update for eight CVEs
  • [DLA 2259-1] picocom security update for one CVE
  • [DLA 2260-1] mcabber security update for one CVE
  • [DLA 2261-1] php5 security update for one CVE

I started to work on curl as well but did not upload a fixed version, so this has to go to ELTS now.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the twenty fourth ELTS month.

Unfortunately in the last month of Wheezy ELTS even I did not find any package to fix a CVE, so during my small allocated time I didn’t uploaded anything.

But at least I did some days of frontdesk duties und updated my working environment for the new ELTS Jessie.

Other stuff

I uploaded a new upstream version of …

Link [Scripting News]

Poll: If you could have a reincarnated Martin Luther King, Jr leading the Democratic Party today or Barack Obama, who would you chose?

Link [Scripting News]

Rebuild with Biden.


Link [Scripting News]

A few days ago I said I figured out that the not-pleasant burnt smell in the air came from fireworks. That was incorrect. A neighbor is having work done on trees. I live in a forest, where trees are a big deal. They're always falling over, and then you need to cut them up and haul the wood away or chop it into firewood. When you cut trees with a chain saw the wood burns, and it doesn't stop burning when the cutting is done. And that adds a stink to the air, like a fire that was put out with water. That's what I was smelling. I know this because I had some trees cut last year, and the stinky smell stuck around for a week. It's the sad smell of a dying creature. On the other hand, when you wake up on a summer morning with dew on everything, and a nice warm feel to the air, with a bit of residual chill, the forest smells like life. It's a wonderful smell.

Link [Scripting News]

Snopes and CNN say Trump did not say Desert Storm took place in Vietnam. I ran a link on my linkblog yesterday that said otherwise.

Link [Scripting News]

After Trump is gone we have to get rid of the cancel cult. It’s an ugly side effect of the power of online communication. When Trump uses it in his campaign it’s one of the very few things he’s right about.


Michał Herda: CHECK-TYPE* - CHECK-TYPE, except the type is evaluated [Planet Lisp]

Someone seemed to need a CHECK-TYPE variant whose type is evaluated at runtime instead of being fixed at compile-time.

I quickly gutted out some code from PCS and produced the following code.

            ;;;; Based on Portable Condition System (License: CC0)

(defun store-value-read-evaluated-form ()
  (format *query-io* "~&;; Type a form to be evaluated:~%")
  (list (eval (read *query-io*))))

(defmacro with-store-value-restart ((temp-var place tag) &body forms)
  (let ((report-var (gensym "STORE-VALUE-REPORT"))
        (new-value-var (gensym "NEW-VALUE"))
        (form-or-forms (if (= 1 (length forms)) (first forms) `(progn ,@forms))))
    `(flet ((,report-var (stream)
              (format stream "Supply a new value of ~S." ',place)))
       (restart-case ,form-or-forms
         (store-value (,new-value-var)
           :report ,report-var
           :interactive store-value-read-evaluated-form
           (setf ,temp-var ,new-value-var
                 ,place ,new-value-var)
           (go ,tag))))))

(defun check-type-error (place value type type-string)
   :datum value
   :expected-type type
   :format-control (if type-string
                       "The value of ~S is ~S, which is not ~A."
                       "The value of ~S is ~S, which is not of type ~S.")
   :format-arguments (list place value (or type-string type))))

(defmacro check-type* (place type &optional type-string)
  "Like CHECK-TYPE, except TYPE is evaluated on each assertion."
  (let ((variable (gensym "CHECK-TYPE-VARIABLE"))
        (tag (gensym "CHECK-TYPE-TAG"))
        (type-gensym (gensym "CHECK-TYPE-TYPE")))
    `(let ((,variable ,place))
       (tagbody ,tag
          (let ((,type-gensym ,type))
            (unless (typep ,variable ,type-gensym)
              (with-store-value-restart (,variable ,place ,tag)
                (check-type-error ',place ,variable ,type-gensym


CL-USER> (let ((x 2)) (check-type* x 'integer))

CL-USER> (handler-case (let ((x 2)) (check-type* x 'string))
           (error (e) (princ-to-string e)))
"The value of X is 2, which is not of type STRING."



“It might not be for you” [Seth's Blog]

If you walk into a noisy bar and ask why they don’t have Chopin on the jukebox, they’re unlikely to accommodate you.

The same is true if you go to a BBQ joint and insist on sushi.

Most of the brands we truly care about stand for something. And the thing they stand for is unlikely to be, “whatever you want, we have it.” It’s also unlikely to be, “you can choose anyone and we’re anyone.”

A meaningful specific can’t possibly please everyone. That’s the deal.


Christopher Nolan always did seem like a stand-up guy | David Mitchell [David Mitchell | The Guardian]

Anne Hathaway’s revelation that the director bans chairs on set to keep actors on their feet made me need a sit-down

Where do you stand on sitting down? Do you think it’s weak or lovely? Or both, like a kitten? And why do we ask “where do you stand on…” something rather than where do you sit on it? Can you not properly hold an opinion while seated? They seem to manage on Question Time.

Standing appears to have the moral high ground linguistically and, as that idiom demonstrates, so does height in general. Why shouldn’t low ground be more moral? A righteous ditch, a chasm of goodness. I think the image is probably military: high ground helps with both attacking and defending, which makes it desirable. But then morality and desirability certainly don’t always go together. And what about trench warfare – why weren’t they building little hills like the Normans did for their wooden castles? Was William the Conqueror morally better than Field Marshal Haig?

Some forms of work can be seated: appearing on panel shows, flying a plane, delivering a Christmas message to the Commonwealth

Continue reading...


July 2020 Wallpaper: See the Weird [Skin Horse]

Shaenon: For this month’s wallpaper I felt like doing something with Jonah and/or Nera, which developed into this National Parks-style poster. As usual, if you make a donation in any amount to the Skin Horse Tip Jar, or contribute any amount to our Patreon, we’ll give you a link to this wallpaper, designed for two computer desktop sizes and cell phones. Patreon contributors will continue to receive new wallpaper for the length of their contribution.As a bonus, you’ll get this July wallpaper from the archives:

Channing: Oh, wow. Nera is really rocking this look.


Russell Coker: Debian S390X Emulation [Planet Debian]

I decided to setup some virtual machines for different architectures. One that I decided to try was S390X – the latest 64bit version of the IBM mainframe. Here’s how to do it, I tested on a host running Debian/Unstable but Buster should work in the same way.

First you need to create a filesystem in an an image file with commands like the following:

truncate -s 4g /vmstore/s390x
mkfs.ext4 /vmstore/s390x
mount -o loop /vmstore/s390x /mnt/tmp

Then visit the Debian Netinst page [1] to download the S390X net install ISO. Then loopback mount it somewhere convenient like /mnt/tmp2.

The package qemu-system-misc has the program for emulating a S390X system (among many others), the qemu-user-static package has the program for emulating S390X for a single program (IE a statically linked program or a chroot environment), you need this to run debootstrap. The following commands should be most of what you need.

# Install the basic packages you need
apt install qemu-system-misc qemu-user-static debootstrap

# List the support for different binary formats
update-binfmts --display

# qemu s390x needs exec stack to solve "Could not allocate dynamic translator buffer"
# so you probably need this on SE Linux systems
setsebool allow_execstack 1

# commands to do the main install
debootstrap --foreign --arch=s390x --no-check-gpg buster /mnt/tmp file:///mnt/tmp2
chroot /mnt/tmp /debootstrap/debootstrap --second-stage

# set the apt sources
cat << END > /mnt/tmp/etc/apt/sources.list
deb http://YOURLOCALMIRROR/pub/debian/ buster main
deb http://security.debian.org/ buster/updates main
# for minimal install do not want recommended packages
echo "APT::Install-Recommends False;" > /mnt/tmp/etc/apt/apt.conf

# update to latest packages
chroot /mnt/tmp apt update
chroot /mnt/tmp apt dist-upgrade

# install kernel, ssh, and build-essential
chroot /mnt/tmp apt install bash-completion locales linux-image-s390x man-db openssh-server build-essential
chroot /mnt/tmp dpkg-reconfigure locales
echo s390x > /mnt/tmp/etc/hostname
chroot /mnt/tmp passwd

# copy kernel and initrd
mkdir -p /boot/s390x
cp /mnt/tmp/boot/vmlinuz* /mnt/tmp/boot/initrd* /boot/s390x

# setup /etc/fstab
cat << END > /mnt/tmp/etc/fstab
/dev/vda / ext4 noatime 0 0
#/dev/vdb none swap defaults 0 0

# clean up
umount /mnt/tmp
umount /mnt/tmp2

# setcap binary for starting bridged networking
setcap cap_net_admin+ep /usr/lib/qemu/qemu-bridge-helper

# afterwards set the access on /etc/qemu/bridge.conf so it can only
# be read by the user/group permitted to start qemu/kvm
echo "allow all" > /etc/qemu/bridge.conf

Some of the above can be considered more as pseudo-code in shell script rather than an exact way of doing things. While you can copy and past all the above into a command line and have a reasonable chance of having it work I think it would be better to look at each command and decide whether it’s right for you and whether you need to alter it slightly for your system.

To run qemu as non-root you need to have a helper program with extra capabilities to setup bridged networking. I’ve included that in the explanation because I think it’s important to have all security options enabled.

The “-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-ccw,rng=rng0” part is to give entropy to the VM from the host, otherwise it will take ages to start sshd. Note that this is slightly but significantly different from the command used for other architectures (the “ccw” is the difference).

I’m not sure if “noresume” on the kernel command line is required, but it doesn’t do any harm. The “net.ifnames=0” stops systemd from renaming Ethernet devices. For the virtual networking the “ccw” again is a difference from other architectures.

Here is a basic command to run a QEMU virtual S390X system. If all goes well it should give you a login: prompt on a curses based text display, you can then login as root and should be able to run “dhclient eth0” and other similar commands to setup networking and allow ssh logins.

qemu-system-s390x -drive format=raw,file=/vmstore/s390x,if=virtio -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-ccw,rng=rng0 -nographic -m 1500 -smp 2 -kernel /boot/s390x/vmlinuz-4.19.0-9-s390x -initrd /boot/s390x/initrd.img-4.19.0-9-s390x -curses -append "net.ifnames=0 noresume root=/dev/vda ro" -device virtio-net-ccw,netdev=net0,mac=02:02:00:00:01:02 -netdev tap,id=net0,helper=/usr/lib/qemu/qemu-bridge-helper

Here is a slightly more complete QEMU command. It has 2 block devices, for root and swap. It has SE Linux enabled for the VM (SE Linux works nicely on S390X). I added the “lockdown=confidentiality” kernel security option even though it’s not supported in 4.19 kernels, it doesn’t do any harm and when I upgrade systems to newer kernels I won’t have to remember to add it.

qemu-system-s390x -drive format=raw,file=/vmstore/s390x,if=virtio -drive format=raw,file=/vmswap/s390x,if=virtio -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-ccw,rng=rng0 -nographic -m 1500 -smp 2 -kernel /boot/s390x/vmlinuz-4.19.0-9-s390x -initrd /boot/s390x/initrd.img-4.19.0-9-s390x -curses -append "net.ifnames=0 noresume security=selinux root=/dev/vda ro lockdown=confidentiality" -device virtio-net-ccw,netdev=net0,mac=02:02:00:00:01:02 -netdev tap,id=net0,helper=/usr/lib/qemu/qemu-bridge-helper

Try It Out

I’ve got a S390X system online for a while, “ssh root@s390x.coker.com.au” with password “SELINUX” to try it out.


I’ve tried running a PPC64 virtual machine, I did the same things to set it up and then tried launching it with the following result:

qemu-system-ppc64 -drive format=raw,file=/vmstore/ppc64,if=virtio -nographic -m 1024 -kernel /boot/ppc64/vmlinux-4.19.0-9-powerpc64le -initrd /boot/ppc64/initrd.img-4.19.0-9-powerpc64le -curses -append "root=/dev/vda ro"

Above is the minimal qemu command that I’m using. Below is the result, it stops after the “4.” from “4.19.0-9”. Note that I had originally tried with a more complete and usable set of options, but I trimmed it to the minimal needed to demonstrate the problem.

  Copyright (c) 2004, 2017 IBM Corporation All rights reserved.
  This program and the accompanying materials are made available
  under the terms of the BSD License available at

Booting from memory...
Linux ppc64le
#1 SMP Debian 4.

The kernel is from the package linux-image-4.19.0-9-powerpc64le which is a dependency of the package linux-image-ppc64el in Debian/Buster. The program qemu-system-ppc64 is from version 5.0-5 of the qemu-system-ppc package.

Any suggestions on what I should try next would be appreciated.


Alexander Artemenko: make-hash [Planet Lisp]

This is the most comprehensive library for making hash tables I've already seen! And it has wonderful documentation with lots of examples!

make-hash allows to create hash tables in multiple ways, from different kinds of data structures and even using functions for data transformation. For example, you can create a hash by reading rows from the database.

I'll show you only a few examples I especially liked.

First one is creation hash from a sequence while counting each item. Using this, we can easily count how many times each character is used in a text:

POFTHEDAY> (make-hash:make-hash
            :init-format :keybag
            :initial-contents "Alice loves Bob")
#<HASH-TABLE :TEST EQL :COUNT 11 {1008943083}>

POFTHEDAY> (rutils:print-hash-table *)
  #\A 1
  #\l 2
  #\i 1
  #\c 1
  #\e 2
  #\  2
  #\o 2
  #\v 1
  #\s 1
  #\B 1
  #\b 1

In the next example, we'll make a smaller hash table from another one while selecting data by keys:

POFTHEDAY> (let ((full-data
                    '(:foo 1
                      :bar 2
                      :bazz 3
                      :blah 4
                      :minor 5))))
              :init-format :keys
              :init-data full-data
              :initial-contents '(:bar :minor)))
#<HASH-TABLE :TEST EQL :COUNT 2 {10060F6123}>

POFTHEDAY> (rutils:print-hash-table *)
   :BAR 2
   :MINOR 5

And here is how we can build a hash from a data returned by a function. We only need a closure which will return rows of data as values and will return nil at the end.

POFTHEDAY> (defun make-rows-iterator ()
             ;; This list will allow us to simulate
             ;; the data storage:
             (let ((rows '((bob 42)
                           (alice 25)
                           (mike 30)
                           (julia 27))))
               (lambda ()
                 (let ((row (car rows)))
                   (setf rows
                         (cdr rows))
                   (values (first row) ;; This is a key
                           (second row))))))

POFTHEDAY> (make-hash:make-hash
            :init-format :function
            :initial-contents (make-rows-iterator))

POFTHEDAY> (rutils:print-hash-table *)
  BOB 42
  ALICE 25
  MIKE 30
  JULIA 27

make-hash also provides a configurable reader macro:

(install-hash-reader ())  ; default settings and options
#{:a 1 :b 2 :c 3 :d 4}   

(install-hash-reader '(:init-format :pairs)
  :use-dispatch t
  :open-char #\[ :close-char #\])
#['(:a . 1) '(:b . 2) '(:c . 3) '(:d . 4)] 

(install-hash-reader '(:init-format :lists)
  :use-dispatch nil
  :open-char #\{ :close-char #\})
{'(:a 1) '(:b 2) '(:c 3) '(:d 4)}

You will find more examples and instructions on how to define your own initialization formats in the library's documentation:


Let's thank the #poftheday challenge for the chance to discover such cool Common Lisp library!


Dirk Eddelbuettel: Rcpp now used by 2000 CRAN packages–and one in eight! [Planet Debian]

2000 Rcpp packages

As of yesterday, Rcpp stands at exactly 2000 reverse-dependencies on CRAN. The graph on the left depicts the growth of Rcpp usage (as measured by Depends, Imports and LinkingTo, but excluding Suggests) over time.

Rcpp was first released in November 2008. It probably cleared 50 packages around three years later in December 2011, 100 packages in January 2013, 200 packages in April 2014, and 300 packages in November 2014. It passed 400 packages in June 2015 (when I tweeted about it), 500 packages in late October 2015, 600 packages in March 2016, 700 packages last July 2016, 800 packages last October 2016, 900 packages early January 2017, 1000 packages in April 2017, 1250 packages in November 2017, 1500 packages in November 2018 and then 1750 packages last August. The chart extends to the very beginning via manually compiled data from CRANberries and checked with crandb. The next part uses manually saved entries. The core (and by far largest) part of the data set was generated semi-automatically via a short script appending updates to a small file-based backend. A list of packages using Rcpp is available too.

Also displayed in the graph is the relative proportion of CRAN packages using Rcpp. The four per-cent hurdle was cleared just before useR! 2014 where I showed a similar graph (as two distinct graphs) in my invited talk. We passed five percent in December of 2014, six percent July of 2015, seven percent just before Christmas 2015, eight percent in the summer of 2016, nine percent mid-December 2016, cracked ten percent in the summer of 2017 and eleven percent in 2018. We now passed 12.5 percent—so one in every eight CRAN packages dependens on Rcpp. Stunning. There is more detail in the chart: how CRAN seems to be pushing back more and removing more aggressively (which my CRANberries tracks but not in as much detail as it could), how the growth of Rcpp seems to be slowing somewhat outright and even more so as a proportion of CRAN – as one would expect a growth curve to.

To mark the occassion, I sent out two tweets yesterday: first a shorter one with “just the numbers”, followed by a second one also containing the few calculation steps. The screenshot from the second one is below.

2000 Rcpp packages

2000 user packages is pretty mind-boggling. We can use the progression of CRAN itself compiled by Henrik in a series of posts and emails to the main development mailing list. Not that long ago CRAN itself did have only 1000 packages, then 5000, 10000, and here we are at just over 16000 with Rcpp at 12.5% and still growing (though maybe more slowly). Amazeballs.

The Rcpp team continues to aim for keeping Rcpp as performant and reliable as it has been. A really big shoutout and Thank You! to all users and contributors of Rcpp for help, suggestions, bug reports, documentation or, of course, code.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Saturday, 04 July


Petter Reinholdtsen: Working on updated Norwegian Bokmål edition of Debian Administrator's Handbook [Planet Debian]

Three years ago, the first Norwegian Bokmål edition of "The Debian Administrator's Handbook" was published. This was based on Debian Jessie. Now a new and updated version based on Buster is getting ready. Work on the updated Norwegian Bokmål edition has been going on for a few months now, and yesterday, we reached the first mile stone, with 100% of the texts being translated. A lot of proof reading remains, of course, but a major step towards a new edition has been taken.

The book is translated by volunteers, and we would love to get some help with the proof reading. The translation uses the hosted Weblate service, and we welcome everyone to have a look and submit improvements and suggestions. There is also a proof readers PDF available on request, get in touch if you want to help out that way.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

E-Verify’s “SSN Lock” is Nothing of the Sort [Krebs on Security]

One of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online.

A reader who was recently the victim of unemployment insurance fraud said he was told he should create an account at the Department of Homeland Security‘s myE-Verify website, and place a lock on his Social Security number (SSN) to minimize the chances that ID thieves might abuse his identity for employment fraud in the future.

DHS’s myE-Verify homepage.

According to the website, roughly 600,000 employers at over 1.9 million hiring sites use E-Verify to confirm the employment eligibility of new employees. E-Verify’s consumer-facing portal myE-Verify lets users track and manage employment inquiries made through the E-Verify system. It also features a “Self Lock” designed to prevent the misuse of one’s SSN in E-Verify.

Enabling this lock is supposed to mean that for the next year thereafter, if an unauthorized individual attempts to fraudulently use a SSN for employment authorization, he or she cannot use the SSN in E-Verify, even if the SSN is that of an employment authorized individual. But in practice, this service may actually do little to deter ID thieves from impersonating you to a potential employer.

At the request of the reader who reached out (and in the interest of following my own advice to plant one’s flag), KrebsOnSecurity decided to sign up for a myE-Verify account. After verifying my email address, I was asked to pick a strong password and select a form of multi-factor authentication (MFA). The most secure MFA option offered (a one-time code generated by an app like Google Authenticator or Authy) was already pre-selected, so I chose that.

The site requested my name, address, SSN, date of birth and phone number. I was then asked to select five questions and answers that might be asked if I were to try to reset my password, such as “In what city/town did you meet your spouse,” and “What is the name of the company of your first paid job.” I chose long, gibberish answers that had nothing to do with the questions (yes, these password questions are next to useless for security and frequently are the cause of account takeovers, but we’ll get to that in a minute).

Password reset questions selected, the site proceeded to ask four, multiple-guess “knowledge-based authentication” questions to verify my identity. The U.S. Federal Trade Commission‘s primer page on preventing job-related ID theft says people who have placed a security freeze on their credit files with the major credit bureaus will need to lift or thaw the freeze before being able to answer these questions successfully at myE-Verify. However, I did not find that to be the case, even though my credit file has been frozen with the major bureaus for years.

After successfully answering the KBA questions (the answer to each was “none of the above,” by the way), the site declared I’d successfully created my account! I could then see that I had the option to place a “Self Lock” on my SSN within the E-Verify system.

Doing so required me to pick three more challenge questions and answers. The site didn’t explain why it was asking me to do this, but I assumed it would prompt me for the answers in the event that I later chose to unlock my SSN within E-Verify.

After selecting and answering those questions and clicking the “Lock my SSN” button, the site generated an error message saying something went wrong and it couldn’t proceed.

Alas, logging out and logging back in again showed that the site did in fact proceed and that my SSN was locked. Joy.

But I still had to know one thing: Could someone else come along pretending to be me and create another account using my SSN, date of birth and address but under a different email address? Using a different browser and Internet address, I proceeded to find out.

Imagine my surprise when I was able to create a separate account as me with just a different email address (once again, the correct answers to all of the KBA questions was “none of the above”). Upon logging in, I noticed my SSN was indeed locked within E-Verify. So I chose to unlock it.

Did the system ask any of the challenge questions it had me create previously? Nope. It just reported that my SSN was now unlocked. Logging out and logging back in to the original account I created (again under a different IP and browser) confirmed that my SSN was unlocked.


Obviously, if the E-Verify system allows multiple accounts to be created using the same name, address, phone number, SSN and date of birth, this is less than ideal and somewhat defeats the purpose of creating one for the purposes of protecting one’s identity from misuse.

Lest you think your SSN and DOB is somehow private information, you should know this static data about U.S. residents has been exposed many times over in countless data breaches, and in any case these digits are available for sale on most Americans via Dark Web sites for roughly the bitcoin equivalent of a fancy caffeinated drink at Starbucks.

Being unable to proceed through knowledge-based authentication questions without first unfreezing one’s credit file with one or all of the big three credit bureaus (Equifax, Experian and TransUnion) can actually be a plus for those of us who are paranoid about identity theft. I couldn’t find any mention on the E-Verify site of which company or service it uses to ask these questions, but the fact that the site doesn’t seem to care whether one has a freeze in place is troubling.

And when the correct answer to all of the KBA questions that do get asked is invariably “none of the above,” that somewhat lessens the value of asking them in the first place. Maybe that was just the luck of the draw in my case, but also troubling nonetheless. Either way, these KBA questions are notoriously weak security because the answers to them often are pulled from records that are public anyway, and can sometimes be deduced by studying the information available on a target’s social media profiles.

Speaking of silly questions, relying on “secret questions” or “challenge questions” as an alternative method of resetting one’s password is severely outdated and insecure. A 2015 study by Google titled “Secrets, Lies and Account Recovery” (PDF) found that secret questions generally offer a security level that is far lower than just user-chosen passwords. Also, the idea that an account protected by multi-factor authentication could be undermined by successfully guessing the answer(s) to one or more secret questions (answered truthfully and perhaps located by thieves through mining one’s social media accounts) is bothersome.

Finally, the advice given to the reader whose inquiry originally prompted me to sign up at myE-Verify doesn’t seem to have anything to do with preventing ID thieves from fraudulently claiming unemployment insurance benefits in one’s name at the state level. KrebsOnSecurity followed up with four different readers who left comments on this site about being victims of unemployment fraud recently, and none of them saw any inquiries about this in their myE-Verify accounts after creating them. Not that they should have seen signs of this activity in the E-Verify system; I just wanted to emphasize that one seems to have little to do with the other.


Link [Scripting News]

Suggestion: Choose to not be offended, at least once a day.

Link [Scripting News]

Here's a list of the 37 Node.js packages I've made available through NPM. I was just planning a project and was sure I must have created a package for reading to and from a GitHub repo. There it is. Two entry-points, getFile and uploadFile. Voila. Not much in the way of docs. But there is an example app.


On July Fourth, What to Get a Nation That Has Everything [Whatever]

It’s simple: Your vote!

(Provided you are a US citizen of legal age.)

Have you registered to vote? If not, do so here, it’s simple and easy.

If you are registered to vote, then check your registration to make sure it’s current. This is also (usually) simple and easy.

This year voting may be more difficult than usual because of the coronavirus and/or governments trying to restrict ways for certain people to vote. So be sure to know the procedures for absentee, mail-in and early voting in your state. The earlier you know this stuff, the better you prepare to get your vote in on time.

Finally, check with friends and relatives and other people you might know to encourage them to vote, to check their registration status, and to prepare for absentee/mail-in voting if necessary. The 2020 elections are an “all hands on deck” sort of historical moment, folks. We need every US citizen who can vote, to vote.

Happy July 4th!


Link [Scripting News]

Arnold Schwarzenegger on his love for America. I totally concur. The US welcomed my family in the 1940s. My parents were children, their parents were running for their lives. All of our love of country is being tested, but as it is, it is revealed. It takes on new meaning. We'll come back from this. There are a lot of reasons for the trouble we're in, some habitual, some technical. I've heard Americans say they wish they had left when they could, but there's a reason we didn't leave. This is our country. We can't abandon it in its time of need. We're the ones who stayed. We will make it work.

Link [Scripting News]

The infinite scrolling feature on the Scripting News home page wasn't a good idea, because it made it difficult to reach the bottom of the page which has useful stuff on it. I just turned it off. I did a video demo of the feature so we can remember how it worked, and if needed I can turn it back on. And the More button remains, so you can use that to scroll back, one day at a time.


Today in GPF History for Saturday, July 4, 2020 [General Protection Fault: The Comic Strip]

Fooker, Sharon, and Justin learn the origins on the "Mister Inertia" mech and how the Greys infiltrated C.R.U.D.E...


Pluralistic: 04 Jul 2020 [Pluralistic: Daily links from Cory Doctorow]

Today's links

What to the Slave Is the 4th of July (permalink)

I'm not American. For the first half of my life, my touchstone for Jul 4 was the Schoolhouse Rock "Fireworks" segment that leaked over the border from Buffalo through Fox 29's UHF signal.


When it came to how Americans had observed Jul 4 through history, my impressions came from whitewashed pop culture like Disney's Carousel of Progress:


All that changed when I discovered Frederick Douglass's 1852 "What to the Slave Is the 4th of July?" – such a stirring piece of rhetoric that it practically leaps off the page.


Today's Public Domain Review embeds the Internet Archive's gorgeous scan of the original 1852 pamphlet that was sold through Frederick Douglass' Paper (AKA The North Star) and to the attendees in Rochester's Corinthian Hall on that fateful night.


Beyond that, the Review provides some much-needed context for the 19th Century Black experience of Jul 4, and the rival holiday, Jul 5, which commemorated the full abolishment of slavery in New York in 1827.

The speech's original title highlights the two holidays' divergence: "What, to the American slave, is your Fourth of July?" Jul 4 celebrations – and other public observances – were often accompanied by drunken white mobs attacking Black people and Black-owned businesses.

Black Americans celebrated Jul 5 with parades in New York, Boston, Philadelphia and elsewhere.

Douglass refused to give his speech on the 4th and instead gave it on the 5th, to a full house of 600 mostly white abolitionists, who bought 700+ copies of the pamphlet afterward.

Douglass labored over the speech for weeks and afterward wrote to an abolitionist to say that he thought it had gone over well. You can read the plain text of the speech here:


This day in history (permalink)

#10yrsago Econopocalypse: the Marxist animated whiteboard explanation http://blogs.reuters.com/felix-salmon/2010/07/02/communism-and-the-financial-crisis-cartoon-edition/

#10yrsago Copyright scholars talk Copyright Termination http://ipcolloquium.com/mobile/

#5yrsago Fantasy Sports: dungeon crawl ends in epic, eldritch basketball game https://boingboing.net/2015/07/04/fantasy-sports-dungeon-crawl.html

#5yrsago Hey, kids, let's play militarized police force! https://boingboing.net/2015/07/04/hey-kids-lets-play-militar.html

#5yrsago When Firms Become Persons and Persons Become Firms: outstanding lecture http://www.lse.ac.uk/lse-player?id=3154

#1yrago Appeals court orders unsealing of the Jeffrey Epstein files https://www.courthousenews.com/court-orders-sunlight-on-huge-tranche-of-jeffrey-epstein-files/

Colophon (permalink)

Today's top sources:

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Friday's progress: 535 words (34486 total).

Currently reading: Anger Is a Gift by Mark Oshiro

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 08) https://craphound.com/podcast/2020/06/29/someone-comes-to-town-someone-leaves-town-part-08/

Upcoming appearances:

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.

"Attack Surface": The third Little Brother book, Oct 20, 2020. https://us.macmillan.com/books/9781250757531

"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.


Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and advertising):


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla


Link [Scripting News]

Today's song: He's Gone by the Grateful Dead. No special reason. No one specific died. I just have this song rolling around in my head this morning. You know better but I know him.


Are we part of us? [Seth's Blog]

Liberty is a state of mind. It can be seen as a chance for freedom, or a promise made but not kept. We can choose to be part of something or choose to be apart.

Liberty is the offer and promise and requirement of responsibility. A willingness to connect and to offer dignity in response to those around us.

Independence is actually about cooperation and interconnectedness.

Yet we’ve set up systems that limit what we see, how we connect and insulate us from the hard work that’s right in front of us.

One of the most important words I know doesn’t have a simple English equivalent, which says a lot. Sawubona, a Zulu term, means, “I see you.” Not just your face, of course, but your hopes, your dreams, where you came from and where you’re going. It’s not something we’re good at, and I need to do it better.

Figuring out the best way to see and understand and care about the people we call ‘us’ can be difficult indeed. And essential.


Remembering Earl Cameron (1917-2020) [Neil Gaiman's Journal]

I'm taking a Social Media Holiday right now. It seems to be helping. But I couldn't let this pass...

In 1996 we filmed the original Neverwhere television series (which I wrote for Lenny Henry's company Crucial Films who made it for the BBC). One of the most inspiring moments for me was when Earl Cameron came in and auditioned to play the Abbot of the Black Friars. He was a legend back then, 25 years ago. Watching him audition at an age when most people were already long into retirement was an honour and a treat. He got the part, not because he was a legend, not because he was an icon, but because he was so good, and his interpretation of the character became, for me, definitive. It was the one I put into the novel.

Earl had been a trailblazer as a performer on film and on television in the 1950s and 1960s. He had come to the UK from Jamaica during the Second World War, as a sailor, and had stayed, and become an actor. He was one of the first UK actors to "break the colour bar", one of the first black actors in Doctor Who, a mainstay of cinema and television, always acting with grace and moral authority. Now we were fortunate enough to have him and his compassion and his gentle humour, acting away in monkish robes in muddy cellars, chilly vaults, and deserted churches, all over London.

In 2017, BBC Radio 4 (in the shape of Dirk Maggs and Heather Larmour) did a glorious audio adaptation of Anansi Boys, and it did my heart so much good to see Earl Cameron over 20 years on, and to catch up and to reminisce about the Neverwhere cold and the mud. He played a dragon in Anansi Boys. He was 100 years old then. (That's us, in the studio hallway, in the photo above. It was taken by Dirk.)

He died, yesterday, aged 102, nearly 103. The world is a lesser place without him in it. 


Three Men in a Boat [Judith Proctor's Journal]

 Three Men in a Boat is still one of the funniest novels ever written.  Written in 1889, it is a gentle account of three men (and a fox terrier) taking a boat trip along the Thames.  This a book that actually does make me laugh out loud.

As it's long out of copyright, you can read it legally here - https://www.gutenberg.org/ebooks/28837

Here's Hugh Laurie reading the opening section  - he is the perfect voice for it.

comment count unavailable comments


Greed is a danger to public health [Richard Stallman's Political Notes]

*'Greed Is a Danger to Public Health': Progressive Caucus Urges Ban on Big Pharma Coronavirus Price-Gouging.*

If Gilead Sciences' executives are shamelessly greedy, they could drive the price up by reducing production and making rich customers bid for the doses. This would be no less bad than setting a high fixed price.

The effective way to prevent gouging on remdesivir, and make sure it is available when needed, is to allow other companies to compete to produce it. That is what we ought to do.

Cancellation might feel good, but it's not activism [Richard Stallman's Political Notes]

*Cancellation might feel good, but it's not activism.*

*While denouncing someone can get you high, it ignores human complexity, and is no substitute for the hard work of persuasion.*

Nathan Law trying to persuade other countries impose sanctions [Richard Stallman's Political Notes]

Hong Kong democracy campaigner Nathan Law has left to try to persuade other countries to impose sanctions.

Since China has made that activity a crime, he may never be able to return home.

Hugo's Tacos in Los Angeles [Richard Stallman's Political Notes]

Hugo's Tacos in Los Angeles closed its stores because of repeated harassment by customers who demanded service but refused to wear a mask.

The bully has already trained his supporters to throw off all scruples against lying; they eagerly invent and spread disinformation to attack his enemies.

Following his lead, they have now translated that contempt from the internet to the physical domain. The attitude of mask-rejectors is, "If I cause you to get sick, or even to die, fuck you. If you're not on my side, your life means nothing to me."

Now there has been another plot twist: the bully changed his stance on masks 180 degrees this week.

The governor of Texas, a fervent anti-masker, turned too, making masks mandatory in public places, with two exceptions: religious activities and voting.

That latter exception would be consistent with the theory that Republicans are intentionally spreading coronavirus so that Democrats won't dare vote.

I think that the bully's supporters will be reluctant to change their attitude towards masks 180 degrees overnight. I suspect they will keep on defying the use of masks.

Amazon deals with thug departments for access to Ring [Richard Stallman's Political Notes]

Amazon has deals with 1400 thug departments in the US to facilitate their access to Ring street surveillance cameras.

Amazon does not do face recognition on the video from these cameras, but individuals and thug departments that get copies of the videos could do this using some other system. I think that it should be illegal to install cameras that transmit video over the internet and watch public areas, without a special warrant for a specified place and a specified period of time.

German climate defense activists have occupied a coal mine [Richard Stallman's Political Notes]

German climate defense activists have occupied a coal mine which is used to feed electric generation. They demand ending coal combustion now, rather than tarrying lackadaisically until 2038.

Germany's industrial strength is great. It can replace the coal capacity with renewables and batteries in two years if it makes this a national priority equivalent to repelling an invasion of CO2.

Radiation threshold for evacuation [Richard Stallman's Political Notes]

It appears Connecticut proposed to raise the radiation threshold for evacuation after a nuclear power plant accident, because evacuation would be more dangerous during Covid-19 than it was before.

I won't criticize this attempt to find the safest path between two dangers. The basic idea seems valid to me. However, this should remind us that we should replace nuclear power plants with renewable energy plus storage batteries.

While renewable electric generation was expensive, the US government bought large quantities of solar cells to stimulate research to make them cheaper. That was a success. We need investment now to make large energy storage facilities cheaper.

Oregon ballot initiative to decriminalize possession [Richard Stallman's Political Notes]

Oregon will vote on a ballot initiative to decriminalize possession of all forbidden drugs.

Many other legalization initiatives are being pursued in other states.

A bill to end qualified immunity for officials that violate people's constitutional rights [Richard Stallman's Political Notes]

Senators have proposed a bill to end qualified immunity for officials that violate people's constitutional rights.

It should be noted that qualified immunity applies to civil suits by victims, but not in criminal prosecution.

California requires thug departments to show their training materials [Richard Stallman's Political Notes]

California requires thug departments to show their training materials, but some try to use copyright as an excuse to keep them secret.

Ireland voted for radical change [Richard Stallman's Political Notes]

*Ireland voted for radical change, but it may end up with greenwashed austerity.*

Urgent: Online voter registration nationwide [Richard Stallman's Political Notes]

US citizens: call on state legislators & election officials to implement online voter registration nationwide.

They should take care not to exclude freedom-lovers: make it work for people who won't run Javascript.

Urgent: nonfree Javascript on site for Juneteenth events [Richard Stallman's Political Notes]

I was thinking of joining a Juneteenth rally, but when I found a site that was said to list the events, I found that the site depended totally on running nonfree Javascript software. Without that, the site would not show me anything whatsoever.

There will be another Juneteenth next year. If you can contact the people who run the site, please ask them to provide a way to download the whole list of scheduled events, so that people who won't run Javascript can see the list and show up at one.


New covid rules (England, July 4th) [RevK®'s ramblings]

There are new rules - at almost no notice without any parliamentary oversight, as is now usual!

They have gone for a complete rewrite this time.
The Health Protection (Coronavirus, Restrictions) (No. 2) (England) Regulations 2020

Basically, gatherings up to 30 people now and more places allowed to be open subject to risk assessments and measures. All a bit wooly if you ask me.

But also special rules for Leicester
The Health Protection (Coronavirus, Restrictions) (Leicester) Regulations 2020

The way they have defined the area is rather odd, if you ask me. It seems they have picked something, perhaps a distance, or drawn a line, or some such, and then used a tool to make a list of postcodes and addresses. It would seem to me to have been simpler to just cover whole postcode areas rather than have 24 pages listing postcodes and addresses.

The addresses include gems like this on page 34!


I found it on street view.

So no gatherings of two or more people in that phone box!
That, to me, suggests this was really not thought about in any detail.


Russ Allbery: Review: The Light Brigade [Planet Debian]

Review: The Light Brigade, by Kameron Hurley

Publisher: Saga
Copyright: 2019
ISBN: 1-4814-4798-X
Format: Kindle
Pages: 355

In the wake of the Blink, which left a giant crater where São Paulo was, Dietz signed up for the military. To be a hero. To satisfy an oath of vengeance. To kill aliens.

Corporations have consumed the governments that used to run Earth and have divided the world between them. Dietz's family, before the Blink, were ghouls in Tene-Silva territory, non-citizens who scavenged a precarious life on the margins. Citizenship is a reward for loyalty and a mechanism of control. The only people who don't fit into the corporate framework are the Martians, former colonists who went dark for ten years and re-emerged as a splinter group offering to use their superior technology to repair environmental damage to the northern hemisphere caused by corporate wars. When the Blink happens, apparently done with technology far beyond what the corporations have, corporate war with the Martians is the unsurprising result.

Long-time SF readers will immediately recognize The Light Brigade as a response to Starship Troopers with far more cynical world-building. For the first few chapters, the parallelism is very strong, down to the destruction of a large South American city (São Paulo instead of Buenos Aires), a naive military volunteer, and horrific basic training. But, rather than dropships, the soldiers in Dietz's world are sent into battle via, essentially, Star Trek transporters. These still very experimental transporters send Dietz to a different mission than the one in the briefing.

Advance warning that I'm going to talk about what's happening with Dietz's drops below. It's a spoiler, but you would find out not far into the book and I don't think it ruins anything important. (On the contrary, it may give you an incentive to stick through the slow and unappealing first few chapters.)

I had so many suspension of disbelief problems with this book. So many.

This starts with the technology. The core piece of world-building is Star Trek transporters, so fine, we're not talking about hard physics. Every SF story gets one or two free bits of impossible technology, and Hurley does a good job showing the transporters through a jaundiced military eye. But, late in the book, this technology devolves into one of my least-favorite bits of SF hand-waving that, for me, destroyed that gritty edge.

Technology problems go beyond the transporters. One of the bits of horror in basic training is, essentially, torture simulators, whose goal is apparently to teach soldiers to dissociate (not that the book calls it that). One problem is that I never understood why a military would want to teach dissociation to so many people, but a deeper problem is that the mechanics of this simulation made no sense. Dietz's training in this simulator is a significant ongoing plot point, and it kept feeling like it was cribbed from The Matrix rather than something translatable into how computers work.

Technology was the more minor suspension of disbelief problem, though. The larger problem was the political and social world-building.

Hurley constructs a grim, totalitarian future, which is a fine world-building choice although I think it robs some nuance from the story she is telling about how militaries lie to soldiers. But the totalitarian model she uses is one of near-total information control. People believe what the corporations tell them to believe, or at least are indifferent to it. Huge world events (with major plot significance) are distorted or outright lies, and those lies are apparently believed by everyone. The skepticism that exists is limited to grumbling about leadership competence and cynicism about motives, not disagreement with the provided history. This is critical to the story; it's a driver behind Dietz's character growth and is required to set up the story's conclusion.

This is a model of totalitarianism that's familiar from Orwell's Nineteen Eighty-Four. The problem: The Internet broke this model. You now need North Korean levels of isolation to pull off total message control, which is incompatible with the social structure or technology level that Hurley shows.

You may be objecting that the modern world is full of people who believe outrageous propaganda against all evidence. But the world-building problem is not that some people believe the corporate propaganda. It's that everyone does. Modern totalitarians have stopped trying to achieve uniformity (because it stopped working) and instead make the disagreement part of the appeal. You no longer get half a country to believe a lie by ensuring they never hear the truth. Instead, you equate belief in the lie with loyalty to a social or political group, and belief in the truth with affiliation with some enemy. This goes hand in hand with "flooding the zone" with disinformation and fakes and wild stories until people's belief in the accessibility of objective truth is worn down and all facts become ideological statements. This does work, all too well, but it relies on more information, not less. (See Zeynep Tufekci's excellent Twitter and Tear Gas if you're unfamiliar with this analysis.) In that world, Dietz would have heard the official history, the true history, and all sorts of wild alternative histories, making correct belief a matter of political loyalty. There is no sign of that.

Hurley does gesture towards some technology to try to explain this surprising corporate effectiveness. All the soldiers have implants, and military censors can supposedly listen in at any time. But, in the story, this censorship is primarily aimed at grumbling and local disloyalty. There is no sign that it's being used to keep knowledge of significant facts from spreading, nor is there any sign of the same control among the general population. It's stated in the story that the censors can't even keep up with soldiers; one would have to get unlucky to be caught. And yet the corporation maintains preternatural information control.

The place this bugged me the most is around knowledge of the current date. For reasons that will be obvious in a moment, Dietz has reasons to badly want to know what month and year it is and is unable to find this information anywhere. This appears to be intentional; Tene-Silva has a good (albeit not that urgent) reason to keep soldiers from knowing the date. But I don't think Hurley realizes just how hard that is.

Take a look around the computer you're using to read this and think about how many places the date shows up. Apart from the ubiquitous clock and calendar app, there are dates on every file, dates on every news story, dates on search results, dates in instant messages, dates on email messages and voice mail... they're everywhere. And it's not just the computer. The soldiers can easily smuggle prohibited outside goods into the base; knowledge of the date would be much easier. And even if Dietz doesn't want to ask anyone, there are opportunities to go off base during missions. Somehow every newspaper and every news bulletin has its dates suppressed? It's not credible, and it threw me straight out of the story.

These world-building problems are unfortunate, since at the heart of The Light Brigade is a (spoiler alert) well-constructed time travel story that I would have otherwise enjoyed. Dietz is being tossed around in time with each jump. And, unlike some of these stories, Hurley does not take the escape hatch of alternate worlds or possible futures. There is a single coherent timeline that Dietz and the reader experience in one order and the rest of the world experiences in a different order.

The construction of this timeline is incredibly well-done. Time can only disconnect at jump and return points, and Hurley maintains tight control over the number of unresolved connections. At every point in the story, I could list all of the unresolved discontinuities and enjoy their complexity and implications without feeling overwhelmed by them. Dietz gains some foreknowledge, but in a way that's wildly erratic and hard to piece together fast enough for a single soldier to do anything about the plot. The world spins out of control with foreshadowing of grimmer and grimmer events, and then Hurley pulls it back together in a thoroughly satisfying interweaving of long-anticipated scenes and major surprises.

I'm not usually a fan of time travel stories, but this is one of the best I've read. It also has a satisfying emotional conclusion (albeit marred for me by some unbelievable mystical technobabble), which is impressive given how awful and nasty Hurley makes this world. Dietz is a great first-person narrator, believably naive and cynical by turns, and piecing together the story structure alongside the protagonist built my emotional attachment to Dietz's character arc. Hurley writes the emotional dynamics of soldiers thoughtfully and well: shit-talking, fights, sudden moments of connection, shared cynicism over degenerating conditions, and the underlying growth of squad loyalty that takes over other motivations and becomes the reason to keep on fighting.

Hurley also pulled off a neat homage to (and improvement on) Starship Troopers that caught me entirely by surprise and that I've hopefully not spoiled.

This is a solid science fiction novel if you can handle the world-building. I couldn't, but I understand why it was nominated for the Hugo and Clarke awards. Recommended if you're less picky about technological and social believability than I am, although content warning for a lot of bloody violence and death (including against children) and a horrifically depressing world.

Rating: 6 out of 10

Friday, 03 July


Friday Squid Blogging: Strawberry Squid [Schneier on Security]


As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.


Alexander Artemenko: bourbaki [Planet Lisp]

This is the system for verifying formal mathematical proofs. As I didn't use math since the high school and lack time to dive into the lengthy documentation :(

Here is the code snippet from the example:

;; Declare the wff type
(symkind "WFF")

;; The implication symbol
(prim wff "->" (wff ![x y]))

;; the axioms
(ax "ax1" (wff ![A B])
  (ass [-> A -> B A]))
(ax "ax2" (wff ![A B C])
  (ass [-> -> A -> B C -> -> A B -> A C]))

;; the rule of inference (modus ponens)
(ax "ax-mp" (wff ![A B])
  (hypo [A] [-> A B])
  (ass [B]))

;; theorem: identity law for '->'
;; compare with id1 in set.mm
(th "id" (wff "A")
  (ass [-> A A])
    [ax1 A [-> A A]]
    [ax2 A [-> A A] A]
    [ax-mp [-> A -> -> A A A]
           [-> -> A -> A A -> A A]]
    [ax1 A A]
    [ax-mp [-> A -> A A] [-> A A]]))

If you eval it in the REPL, then you can verify it and output some information:

BOURBAKI-USER> (print-theorem !id)
Theorem id:
Variables: A
Distinct variable conditions: 
Assertion: [-> A A]
ax1 [A][-> A A]
ax2 [A][-> A A][A]
ax-mp [-> A -> -> A A A][-> -> A -> A A -> A A]
ax1 [A][A]
ax-mp [-> A -> A A][-> A A]

BOURBAKI-USER> (show-proof !id)
Proof for id:
ax1 => [-> A -> -> A A A]
ax2 => [-> -> A -> -> A A A -> -> A -> A A -> A A]
ax-mp => [-> -> A -> A A -> A A]
ax1 => [-> A -> A A]
ax-mp => [-> A A]

BOURBAKI-USER> (verify !id)
Theorem: "ax1"
Theorem: "ax2"
Theorem: "ax-mp"
Theorem: "id"

Bourbaki has a very good documentation. If you are interested in math libraries and don't know how to spend this weekend - enjoy it:



Page 27 [Flipside]

Page 27 is done.

Link [Scripting News]

I've been smelling burned ash everywhere, esp at night. Everywhere I go. I'm thinking this must be a symptom of the virus, so I'm afraid to ask if anyone else smells it. Then on my bike ride I saw a bunch of spent fireworks on the road. Yeah that's the smell. July 4. That should be over soon enough.

Link [Scripting News]

A kitten and a puppy are best friends in this Twitter video.


News Post: Tik Tok Toe [Penny Arcade]

Tycho: I fell off of TikTok even before the reports everyone has been talking about, the one which claimed to reveal a host of sins baked into the software at a philosophical level.  I’ve also read other smart people talking about how it’s not as bad as it sounds.  I’d say that’s more or less typical of engineers, who are always trying to climb atop one another for a primacy so granular it’s not even visible to those outside the cloister.  The engineer I trust most works here, and he doesn’t trust shit, and suggests that you have to start with that…


Book: Perl 7: A Risk-Benefit Analysis [LWN.net]

Dan Book has done a detailed analysis of the Perl 7 transition. "Large amount of CPAN modules will not work in Perl 7; plans for working around this would either involve every affected CPAN author, which is a virtual impossibility for the stated 1 year time frame; or the toolchain group, a loose group of people who each maintain various modules and systems that are necessary for CPAN to function, who either have not been consulted as of yet or have not revealed their plans related to the tools they maintain. Going into this potential problem sufficiently would be longer than this blog post, but suffice to say that a Perl where highly used CPAN modules don't seamlessly work is not Perl."


Smudge Wishes You a Very Fine Independence Day Weekend [Whatever]

“Please enjoy your long July weekend. Take it easy on the fireworks. Have a cookout with those in your social bubble, appropriately distanced, of course.”

(And here’s a note from the human — I’m out for the rest of the day! See y’all later.)


It isn't a contest [Scripting News]

When I was in sixth grade there was a school-wide spelling bee. I had finished in the top group in my class, so I got to go to the bee for the whole grade. By luck I went first and only got 5 of 10 right. People actually laughed. I went out to the yard to play and wait.

One by one the others came out and each had lower scores than me. In the end I had the highest score of all.

Moral of the story for countries who pity the US. This isn't over yet. And it's bad luck to declare victory before it's over. And this isn't really a contest. We like to say we're all in it together, and you know what, we are.


July 2020 Humble Choice Games [Humble Bundle Blog]

July 2020’s Humble Choice selections are here! This month’s lineup includes twelve fun games to choose from! Age of Wonders:

Continue reading

The post July 2020 Humble Choice Games appeared first on Humble Bundle Blog.

Militarists from both side working together [Richard Stallman's Political Notes]

In the House of Representatives, militarist Democrats and militarist Republicans are working together to keep the war in Afghanistan going.

16 Democrats in the senate helped defeat an amendment to repeal the authorization for use of military force. The amendment would also have withdrawn US troops from Afghanistan, but I think repealing the authorization is even bigger.

Compared with past attempts, having 40 senators vote for this is a lot of progress. In a few more years maybe we can win.

US citizens, if your senator is one of those listed, complain!

E-waste fortune poisoning people and animals [Richard Stallman's Political Notes]

E-waste contains a fortune in tiny amounts of gold and platinum. Because we do not recover it, it poisons people and animals.

No Arizona rainy season [Richard Stallman's Political Notes]

Arizona's rainy season fails to be rainy, and three large fires are sending smoke around that could augment the damage done by the many cases of Covid-19 in the state.

Nothing could have avoided the failure of rain, except perhaps curbing global heating since 10 years ago, but the US could have curbed Covid-19 if it tried.

Laws to facilitate cutting down forests [Richard Stallman's Political Notes]

The right-wing laws to facilitate cutting down forests in New South Wales (Australia) have been effective.

Opposing annexation plans [Richard Stallman's Political Notes]

*Plurality of Americans Oppose Israel's Annexation Plans.*

Organizing in a US Jewish community to oppose annexation.

*1080 European Lawmakers Sign Petition to Reject Israeli Annexation of West Bank.*

Banking Corporation in support of repression [Richard Stallman's Political Notes]

The Hong Kong and Singapore Banking Corporation is centered in Hong Kong and has publicly supported China's repression law.

How about moving your money out?

Suing against affordable insulin [Richard Stallman's Political Notes]

The main trade organization of US drug companies is suing to overturn a Minnesota law to provide affordable insulin, to save the diabetics whose lives are endangered by the high price of insulin in the US.

Most major drug companies are members of PHRMA. Each one should either explain what it is doing to end gouging on insulin and other drugs, or quit PHRMA.


Today in GPF History for Friday, July 3, 2020 [General Protection Fault: The Comic Strip]

Deep in an underwater lair, Fooker and Agent #6 (Maddie O'Hara) are brought before Doctor Nefarious...


Friday Larchive – Get Out [Looking For Group]

Fridays, we open the Larchives, Lar’s extensive archive of art work oddities, and share a few pieces. Sometimes there will be a theme, or a reason behind the choices. Other times there will be none. Sometimes the theme of a […]

The post Friday Larchive – Get Out appeared first on Looking For Group.

EncroChat Hacked by Police [Schneier on Security]

French police hacked EncroChat secure phones, which are widely used by criminals:

Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm's own servers, and even physically removed the GPS, camera, and microphone functionality from the phone. Encrochat's phones also had a feature that would quickly wipe the device if the user entered a PIN, and ran two operating systems side-by-side. If a user wanted the device to appear innocuous, they booted into normal Android. If they wanted to return to their sensitive chats, they switched over to the Encrochat system. The company sold the phones on a subscription based model, costing thousands of dollars a year per device.

This allowed them and others to investigate and arrest many:

Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren't really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe.

Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday.

EncroChat learned about the hack, but didn't know who was behind it.

Going into full-on emergency mode, Encrochat sent a message to its users informing them of the ongoing attack. The company also informed its SIM provider, Dutch telecommunications firm KPN, which then blocked connections to the malicious servers, the associate claimed. Encrochat cut its own SIM service; it had an update scheduled to push to the phones, but it couldn't guarantee whether that update itself wouldn't be carrying malware too. That, and maybe KPN was working with the authorities, Encrochat's statement suggested (KPN declined to comment). Shortly after Encrochat restored SIM service, KPN removed the firewall, allowing the hackers' servers to communicate with the phones once again. Encrochat was trapped.

Encrochat decided to shut itself down entirely.

Lots of details about the hack in the article. Well worth reading in full.

The UK National Crime Agency called it Operation Venetic: "46 arrests, and £54m criminal cash, 77 firearms and over two tonnes of drugs seized so far."

Many more news articles. EncroChat website. Slashdot thread. Hacker News threads.


Link [Scripting News]

A tweetcast about how things in the US are kind of normal.

Link [Scripting News]

Why more white people understand Black Lives Matter now. We're realizing that our lives don't matter, and now all of a sudden Black Lives Matter makes a different kind of sense. It's a bit too subtle for some people. But the virus and our society's response to it is making the lights come on, gradually at first, eventually for everyone.


Pluralistic: 03 Jul 2020 [Pluralistic: Daily links from Cory Doctorow]

Today's links

Working as intended (permalink)

On Jul 21, I'm giving a free live talk with Q&A; for LogicLounge, an 32nd CAV 2020 event sponsored by the Vienna Center for Logic and Algorithms.

It's called "Working as Intended: Surveillance Capitalism is not a Rogue Capitalism," which is (not coincidentally) the title of a forthcoming pamphlet I've written on the role that monopoly plays in our toxic and conspiratorial discourse.


The "surveillance capitalism" thesis holds that companies spy because data lets them conduct devastatingly effective influence operations while racing past regulators who might otherwise rein in their operations.

I believe this gives undue credence to Big Tech's sales literature — the source of the claims about the power of behavioral advertising to influence behavior. Worse, it underplays the role that monopoly and state surveillance play in both the decay of public discourse and governmental complacency when it comes to corporate surveillance.

What if Big Tech's ability to command billions for ads have more to do with cornering markets and eking out marginal gains through targeting, with stale data being largely useless for commercial purposes — but still full of kompromat for greedy state surveillance agencies?

Buying (not licensing) my ebooks (permalink)

Many people have written lately asking for the best way to get electronic editions of my books and audiobooks, so now's a good time to remind you that I run my own ebook store, where I sell my publishers' electronic editions of my books:


So I'm getting the 30% that Amazon would take if you bought the books from them, then I send the 70% to my publishers, and then they send me 25% of that back as my royalty – basically doubling my income.

But it's also a better deal for you: while all my books, in all bookstores, are sold without DRM (including these ones), these ebooks are also sold with no terms and conditions. Kindle books require that you "agree" to a sprawling garbage novella of impenetrable legalese.

Clicking "Buy" is also clicking "Agree" and what you agree to is a near-total waiver of your privacy and consumer rights. Amazon even reserves the right to reach into your device and delete your books if they change their minds about selling them to you.

They've done that before…with George Orwell's Nineteen Eighty-Four. No, I'm not making that up.


I have asked dozens of Amazon press spokespeople whether they would do this again, and…crickets.

I once got invited to give a paid speech at Amazon and I said, "Sure, I'll even waive my fee. Just answer my questions about whether you will delete the Kindle books people buy in the future." I never got an answer, and I never gave the speech.

My store's also got my audiobooks. You can't even buy those on Amazon, or its audiobook monopolist Audible – that's because Audible refuses to carry my audiobooks because they're DRM-free.

Every book on Audible has DRM that locks it forever – even after the copyright has expired – to Amazon's platform. They and they alone can decide which devices can play those books.

This is the company that one day decided (for example) that it wouldn't stream its video to rivals' TV dongles, like Google's Chromecast. They changed their mind…eventually. Do you think it's the last time they'll change it?

Audible controls 90%+ of the audiobook market, and audiobooks presently account for about the same number of sales as hardcovers. That's an entire universe of literature that is under total control of a monopolist.

There are rivals to Audible that have virtually identical inventories and exactly the same prices: libro.fm, downpour.com, and – for my audiobooks, at least – craphound.com/shop.

My audiobooks – like my ebooks – come with no terms and conditions. The deal you make with me is the same deal you make with bookstores when you buy physical books: "Every right Congress ever gave you is intact. Don't violate copyright. We're cool. Thank you and come again."

As far as I know, this is the only way to buy ebooks published by commercial publishers without signing away your rights. It's not a "license," it's a sale. You bought it, you own it. It's a book. Books are older than copyright, than publishing, than paper, than commerce.

I totally reject the idea that the ancient compacts that bind us when we trade in literature can be unilaterally rewritten by a monopolist simply by making you click "I agree."

Scihub boosts cites (permalink)

Alchemy looks a lot like science: an alchemist observes a phenomenon, hypothesises a causal relationship, and designs and performs an experiment to test the hypothesis.

The difference is in what happens next.

The scientist publishes their findings so that others can critique it. The alchemist does not. Scientists aren't smarter than alchemists, so scientists are every bit as capable of making themselves believe that drinking mercury is good for their health.

But scientists have to expose their work to peer-review, which means that their self-deception can be exposed and corrected. Alchemists just die of mercury poisoning.

Today, most peer-review happens through publication by a handful of giant, monopolistic journal publishers.

Scholarly and scientific research, most of it publicly funded, is given for free to these multibillion-dollar empires, who then charge the institutions where the authors work millions to access the journals in which that work appears.

The editorial boards and reviewers of these journals are volunteer positions, filled by scholars from those same institutions that pay millions to access the journals they're producing.

The journals themselves are pure rentiers, useless intermediaries that barely even edit the papers they publish:


And yet, scholars send them work, because their career advancement depends on publication, preferably in widely cited journals.

For more than a decade, scholars have been fighting back, switching to "open access" journals that fund their (minimal) costs by charging to submit a paper for review and then publish for free. Major science funders now demand that grantees promise open access publication.

But the paywalled journals are still hanging in there. They have huge warchests of money looted from universities, and they have massive, locked up back-catalogs of scholarly work whose copyright they extorted from uncompensated researchers.

Enter Scihub, an unauthorized repository of millions of scientific and scholarly papers liberated from paywalls and made available for free to all comers.

The scholarly publishing industry hates Scihub so much that they've actually gone to courts around the world to demand that Scihub and its mirrors be blocked by national firewalls, censoring science in a bid to restore the mercury-swilling days of alchemy.

But what about the scholars – the actual researchers whose uncompensated words publishers sue to suppress when they go after Scihub?

For them, Scihub is a godsend.

Not only does Scihub make it possible for scholars to see all the literature they need to review to continue their work, irrespective of institutional affiliation (this is especially important in the Global South, where many universities can't afford subscriptions).

But – as a quartet of scholars from Brazil, Colombia, Czech, and Australia show in a new paper…well, the title says it all, really: "THE SCI-HUB EFFECT: SCI-HUB DOWNLOADS LEAD TO MORE ARTICLE CITATIONS."


That is, when your work is freely available, more people read it and cite it. And for scholars, more citations means more career opportunities: jobs, grants, conference invites…Everything that matters to the progress of scholarship.

I mean, yes, it's obvious, but it has some pretty fascinating implications – like, "If you're a scientist who wants to progress, you should let Nature publish your work and get the prestige, then defeat Nature's paywall so that Scihub can distribute it and get the impact."

Topple monuments…with science (permalink)

With monument-toppling season upon us, it's time for the popular scientific and engineering press to dust off their beloved "What's the scientifically best way to tear down a statue" pieces and republish them for our quick reference.

"How to Topple a Statue Using Science," by James Stout for Popular Mechanics covers all the classics:


Leverage: Get 70 buddies (for a notional 7000lb horse statue), 4×4 recovery straps (tied for leverage, look for heads, etc), split in two teams and rock back and forth.

Heat: You can reduce the team-sizes by weakening the materials – 40mins with a butane torch or 15-20 with propane torch.

Chem heat: Thermite around the ankles is more efficient than torches but is potentially harder to source

"Editor's Note: As national and worldwide attention to the removal of statues has grown, we have continued our reporting on the related science and safety issues, and have amended this article to reflect our findings."

Privacy Analyzer (permalink)

The Privacy Analyzer from Privacy.net is a good, comprehensive way to check what kind of data your browser is leaking to the ad-tech industry:


It steps through five separate tests:

I. Basic info (IP address, OS, etc)

II. Autofill leaks (does your browser allow malicious scripts to capture sensitive info with "autofill" capture?)

III. Which services are you logged into? (third parties can use this to figure out what services you use)

IV. Browser capabilities (including whether you have dangerous plugins that allow for malicious code execution)

V. Browser fingerprint: how unique is your browser configuration (tells you how easy it is to track you across the web even without cookies)

Frederick Douglass's descendants read his July 4 speech (permalink)

With July 4th upon us*, it's a good time to (re)acquaint yourself with Frederick Douglass's "What to the Slave is the Fourth of July," which you can read here:


*Remember, though: All countries matter

NPR gathered five of Douglass's young descendants and had them read excerpts from the speech, reacting to each. It's a powerful, moving video, and a reminder that this isn't just history, it's the present moment:


This day in history (permalink)

#10yrsago Hardware, software and services I use https://locusmag.com/2010/07/cory-doctorow-what-i-do/

#5yrsago XKEYSCORE: under the hood of the NSA's search engine for your Internet activity https://theintercept.com/2015/07/02/look-under-hood-xkeyscore/

#5yrsago July 4: Rumblefish claims to own US Navy rendition of "America the Beautiful" https://blog.adafruit.com/2015/07/03/rumblefish-claims-it-owns-america-the-beautiful-by-united-states-navy-band-rumblefish_inc/

#5yrsago Why we're still talking about Terminator and the Matrix https://locusmag.com/2015/07/cory-doctorow-skynet-ascendant/

#5yrsago EFF's new certificate authority publishes an all-zero, pre-release transparency report https://www.techdirt.com/articles/20150702/17014131531/lets-encrypt-releases-transparency-report-all-zeroes-across-board.shtml

#5yrsago Haunted Mansion Graveyard Scene made from My Little Ponies https://www.deviantart.com/silverband7/art/MLP-The-Haunted-Mansion-Graveyard-Scene-539442306

#1yrago Youtube's ban on "hacking techniques" threatens to shut down all of infosec Youtube https://boingboing.net/2019/07/03/nobus-r-us.html

#1yrago The rent's less damned high: rents falling in most of America's most expensive cities https://wolfstreet.com/2019/07/01/here-come-the-rent-declines-but-some-cities-are-still-hot/

#1yrago User Inyerface: collecting every "dark pattern" of web design in one place https://userinyerface.com/

#1yrago Celebrate Independence Day with Cordell Jackson, the "Rock n Roll Granny" a psychobilly pioneer who played until she was 81 https://makingmusicherstory.blogspot.com/2010/07/cordell-jackson-americas-female-music_29.html

#1yrago Insiders claim that Google's internet-fixing Jigsaw is a toxic vanity project for its founder, where women keep a secret post-crying touchup kit in the bathroom https://www.vice.com/en_us/article/vb98pb/google-jigsaw-became-toxic-mess

#1yrago After Propublica expose, the "nonprofit," "Christian" Memphis University Hospital suspends practice of suing the shit out of poor people https://www.propublica.org/article/nonprofit-christian-hospital-suspends-debt-collection-lawsuits-amid-furor-over-suing-its-own-employees

#1yrago The widening health gap between America's rich and poor is the result of worse health for the poor, not better health for the rich https://jamanetwork.com/journals/jamanetworkopen/fullarticle/2736934

#1yrago Frontier: if you don't buy your router, we'll charge you a rental fee; if you DO buy your router, we'll charge you a "support" fee https://arstechnica.com/information-technology/2019/07/frontier-customer-bought-his-own-router-but-has-to-pay-10-rental-fee-anyway/

Colophon (permalink)

Today's top sources: Slashdot (https://slashdot.org/), Kottke (https://kottke.org/), Dennis, Skepchick (https://skepchick.org/).

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 510 words (33951 total).

Currently reading: Anger Is a Gift by Mark Oshiro

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 08) https://craphound.com/podcast/2020/06/29/someone-comes-to-town-someone-leaves-town-part-08/

Upcoming appearances:

Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.

"Attack Surface": The third Little Brother book, Oct 20, 2020. https://us.macmillan.com/books/9781250757531

"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.


Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and advertising):


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla


Wasting second place [Seth's Blog]

100 people apply for a job. 99 are sent home. What if the winner hadn’t applied? You might have been thrilled with the person who almost got the job.

17,000 people apply to a famous college. Only 10% get in. But at least a third were good enough to get in but didn’t get lucky. What happens to their narrative?

Selective organizations need to get better about communicating to the people who ‘almost’ make it. And it’s an incredible waste to discard all the knowledge that was gained in the sorting process… how to share it to help someone else?


PS coming soon: A new session of The Story Skills Workshop. You can join the list today to find out more and get updates.


Security updates for Friday [LWN.net]

Security updates have been issued by Debian (docker.io and imagemagick), Fedora (alpine, firefox, hostapd, and mutt), openSUSE (opera), Red Hat (rh-nginx116-nginx), SUSE (ntp, python3, and systemd), and Ubuntu (firefox, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-gcp, linux-kvm, linux-oracle, linux-riscv, linux, linux-azure, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-gke-5.0, linux-oem-osp1, net-snmp, and samba).

[$] Netflix releases open-source crisis-management tool [LWN.net]

Earlier this year, Netflix developed and released a new Apache-licensed project named Dispatch. It is designed to coordinate the response to and the resolution of security-related incidents, but the project aims for more than just that. Rather, it hopes to be valuable for any type of one-off incident that needs coordination across an organization, such as a service outage.



Michael Prokop: Grml 2020.06 – Codename Ausgehfuahangl [Planet Debian]

We did it again™, at the end of June we released Grml 2020.06, codename Ausgehfuahangl. This Grml release (a Linux live system for system administrators) is based on Debian/testing (AKA bullseye) and provides current software packages as of June, incorporates up to date hardware support and fixes known issues from previous Grml releases.

I am especially fond of our cloud-init and qemu-guest-agent integration, which makes usage and automation in virtual environments like Proxmox VE much more comfortable.

Once as the Qemu Guest Agent setting is enabled in the VM options (also see Proxmox wiki), you’ll see IP address information in the VM summary:

Screenshot of qemu guest agent integration

Using a cloud-init drive allows using an SSH key for login as user "grml", and you can control network settings as well:

Screenshot of cloud-init integration

It was fun to focus and work on this new Grml release together with Darsha, and we hope you enjoy the new Grml release as much as we do!

Norbert Preining: KDE/Plasma Status Update 2020-07-04 [Planet Debian]

Great timing for 4th of July, here is another status update of KDE/Plasma for Debian. Short summary: everything is now available for Debian sid and testing, for both i386 and am64 architectures!

With Qt 5.14 arriving in Debian/testing, and some tweaks here and there, we finally have all the packages (2 additional deps, 82 frameworks, 47 Plasma, 216 Apps, 3 other apps) built on both Debian unstable and Debian testing, for both amd64 and i386 architectures. Again, big thanks to OBS!

For Unstable:

deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/other-deps/Debian_Unstable/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/frameworks/Debian_Unstable/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/plasma519/Debian_Unstable/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/apps/Debian_Unstable/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/other/Debian_Unstable/ ./

For Testing:

deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/other-deps/Debian_Testing/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/frameworks/Debian_Testing/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/plasma519/Debian_Testing/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/apps/Debian_Testing/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/other/Debian_Testing/ ./

As usual, don’t forget that you need to import my OBS gpg key: obs-npreining.asc, best to download it and put the file into /etc/apt/trusted.gpg.d/obs-npreining.asc.



Cancelling a Windows Runtime asynchronous operation, part 3: C++/CX with PPL, coroutine style [The Old New Thing]

Last time, we looked at how task cancellation is projected in C++/CX with PPL and explicit continuations. But how about C++/CX with PPL and coroutines?

auto picker = ref new FileOpenPicker();

cancellation_token_source cts;
call<bool> do_cancel([cts](bool) { cts.cancel(); });
timer<bool> delayed_cancel(3000U, false, &do_cancel);

StorageFile^ file;
try {
    file = co_await create_task(picker->PickSingleFileAsync(), cts.get_token());
} catch (task_canceled const&) {
    file = nullptr;

if (file != nullptr) {

Notice that coroutines save us a lot of the hassle of setting up the call and timer because the objects live in the coroutine frame, which continues to exist until the coroutine completes.

Again, the task throws a task_canceled upon cancellation. This time, it’s because of the await_resume for the task awaiter, which you can find in pplawait.h:

template <typename _Ty>
struct _Ppltask_awaiter {

    decltype(auto) await_resume() {
        return _Task.get();

But wait, the PPL library also supports awaiting on raw IAsyncAction^ and IAsyncOperation^ objects. Next time, we’ll look at what happens in that case.

The post Cancelling a Windows Runtime asynchronous operation, part 3: C++/CX with PPL, coroutine style appeared first on The Old New Thing.


Link [Scripting News]

I like listening to audio books, but I have two peeves. 1. When a book provides numbers for comparison, repeat the numbers at least once. 2. Put the introductory material at the end. Authors go on and on, assuming you won't read it. Oops.

Link [Scripting News]

Another peeve. I was watching a Dave Chappelle show on Netflix. He is really funny. Great comic. But he uses the N-word a lot. And get this -- he uses it to talk about white people. Like this: You my <N-word>. I've been told, not by Chappelle, that it's a term of endearment. To me, that's ridiculous -- it's a threat. Because if I use that term of endearment, a 10-ton weight comes down on my head. I don't like it. We're also told this is a word African-Americans use among themselves, and we wouldn't understand what it means. But many of the people in Chappelle's audience are white. We're his N-words. I'm watching it, and reminded every time I hear the world, and he says it a lot, that this is something I'm not allowed to like. The more I listen to him use the N-word, my inner voice, constantly yapping about nothing, repeats what he says, and I'm concerned that will eventually come out of my mouth, without thought because that actually happens in real life. It's a painful word, not just for African-Americans. I saw Jelani Cobb write on Twitter the other day about the possible capitalization of the word black when used to talk about people of African descent. "Does anyone feel strongly about upper-casing the B in black? I’m generally opposed to this because it turns race, a nonexistent category, into a proper noun." Maybe we should use words everyone can say, and try to stick to words that have meaning, and preferrably one obvious meaning, so we all can understand wtf you're talking about. 😄


Dirk Eddelbuettel: #28: Welcome RSPM and test-drive with Bionic and Focal [Planet Debian]

Welcome to the 28th post in the relatively random R recommendations series, or R4 for short. Our last post was a “double entry” in this R4 series and the newer T4 video series and covered a topic touched upon in this R4 series multiple times: easy binary install, especially on Ubuntu.

That post already previewed the newest kid on the block: RStudio’s RSPM, now formally announced. In the post we were only able to show Ubuntu 18.04 aka bionic. With the formal release of RSPM support has been added for Ubuntu 20.04 aka focal—and we are happy to announce that of course we added a corresponding Rocker r-rspm container. So you can now take full advantage of RSPM either via docker pull rocker/r-rspm:18.04 or via docker pull rocker/r-rspm:20.04 covering the two most recent LTS releases.

RSPM is a nice accomplishment. Covering multiple Linux distributions is an excellent achievement. Allowing users to reason in terms of the CRAN packages (i.e. installing xml2, not r-cran-xml2) eases use. Doing it from via the standard R command install.packages() (or wrapper around it like our install.r from littler package) is very good too and an excellent technical achievement.

There is, as best as I can tell, only one shortcoming, along with one small bit of false advertising. The shortcoming is technical. By bringing the package installation into the user application domain, it is separated from the system and lacks integration with system libraries. What do I mean here? If you were to add R to a plain Ubuntu container, say 18.04 or 20.04, then added the few lines to support RSPM and install xml2 it would install. And fail. Why? Because the system library libxml2 does not get installed with the RSPM package—whereas the .deb from the distribution or PPAs does. So to help with some popular packages I added libxml2, libunits and a few more for geospatial work to the rocker/r-rspm containers. Being already present ensures packages xml2 and units can run immediately. Please file issue tickets at the Rocker repo if you come across other missing libraries we could preload. (A related minor nag is incomplete coverage. At least one of my CRAN packages does not (yet?) come as a RSPM binary. Then again, CRAN has 16k packages, and the RSPM coverage is much wider than the PPA one. But completeness would be neat. The final nag is lack of Debian support which seems, well, odd.)

So what about the small bit of false advertising? Well it is claimed that RSPM makes installation “so much faster on Linux”. True, faster than the slowest possible installation from source. Also easier. But we had numerous posts on this blog showing other speed gains: Using ccache. And, of course, using binaries. And as the initial video mentioned above showed, installing from the PPAs is also faster than via RSPM. That is easy to replicate. Just set up the rocker/r-ubuntu:20.04 (or 18.04) container alongside the rocker/r-rspm:20.04 (or also 18.04) container. And then time install.r rstan (or install.r tinyverse) in the RSPM one against apt -y update; apt install -y r-cran-rstan (or ... r-cran-tinyverse). In every case I tried, the installation using binaries from the PPA was still faster by a few seconds. Not that it matters greatly: both are very, very quick compared to source installation (as e.g. shown here in 2017 (!!)) but the standard Ubuntu .deb installation is simply faster than using RSPM. (Likely due to better CDN usage so this may change over time. Neither method appears to do downloads in parallel so there is scope for both for doing better.)

So in sum: Welcome to RSPM, and nice new tool—and feel free to “drive” it using rocker/r-rspm:18.04 or rocker/r-rspm:20.04.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


Link [Scripting News]

Dear Lincoln Project people -- how about forking off a new PAC to convince more Americans to wear a mask. Use your marketing smarts to crack this nut. And save my life.

Link [Scripting News]

I like how they have a Get Involved button on their website. But when you click they don't say what being involved means, beyond giving them money and your email address and zip code, presumably so they can spam you. I'd love for a campaign to define involvement as solving a problem we have in America, right now.

A language worth learning [Scripting News]

JavaScript is a lovely language once you’ve spent a few years getting comfortable with its quirks. Not what I’d recommend as a starter language. Yet it is the language most people choose to learn as their first language.

Here are the qualities I look for in the ideal starter language.

  1. One way to do things not 20.
  2. Boring, so the newbie can focus on their own app, not the language weirdnesses.
  3. Frozen. They should be able to run their student projects 40 years from now. Not a place where language designers try out new ideas.
  4. No callbacks, synchronization handled in runtime.
  5. Algol-like, so you can get support form millions of experienced developers.

May think of more qualifications later...


Reproducible Builds (diffoscope): diffoscope 150 released [Planet Debian]

The diffoscope maintainers are pleased to announce the release of diffoscope version 150. This version includes the following changes:

[ Chris Lamb ]
* Don't crash when listing entries in archives if they don't have a listed
  size (such as hardlinks in .ISO files).
  (Closes: reproducible-builds/diffoscope#188)
* Dump PE32+ executables (including EFI applications) using objdump.
  (Closes: reproducible-builds/diffoscope#181)
* Tidy detection of JSON files due to missing call to File.recognizes that
  checks against the output of file(1) which was also causing us to attempt
  to parse almost every file using json.loads. (Whoops.)
* Drop accidentally-duplicated copy of the new --diff-mask tests.
* Logging improvements:
  - Split out formatting of class names into a common method.
  - Clarify that we are generating presenter formats in the opening logs.

[ Jean-Romain Garnier ]
* Remove objdjump(1) offsets before instructions to reduce diff noise.
  (Closes: reproducible-builds/diffoscope!57)

You find out more by visiting the project homepage.


FeedRSSLast fetchedNext fetched after
XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
a bag of four grapes XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
A Smart Bear: Startups and Marketing for Geeks XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
Anarcho's blog XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
Ansible XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
Bad Science XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
Black Doggerel XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
Blog – Official site of Stephen Fry XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
Broodhollow XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
Charlie Brooker | The Guardian XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
Charlie's Diary XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
Chasing the Sunset - Comics Only XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
Clay Shirky XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
Coding Horror XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
Cory Doctorow – Boing Boing XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
Cory Doctorow's craphound.com XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
Ctrl+Alt+Del Comic XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
Cyberunions XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
David Mitchell | The Guardian XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
Debian GNU/Linux System Administration Resources XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
Deeplinks XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
Diesel Sweeties webcomic by rstevens XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
Dilbert XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
Dork Tower XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
Edmund Finney's Quest to Find the Meaning of Life XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
Eerie Cuties XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
EFF Action Center XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
Enspiral Tales - Medium XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
Erin Dies Alone XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
Events XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
Falkvinge on Liberty XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
Flipside XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
Free software jobs XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
Full Frontal Nerdity by Aaron Williams XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
General Protection Fault: The Comic Strip XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
George Monbiot XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
Girl Genius XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
God Hates Astronauts XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
Graeme Smith XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
Groklaw XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
Hackney Anarchist Group XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
http://calendar.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
http://eng.anarchoblogs.org/feed/atom/ XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
http://feed43.com/3874015735218037.xml XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
http://feeds2.feedburner.com/GeekEtiquette?format=xml XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
http://fulltextrssfeed.com/feeds2.feedburner.com/uclick/doonesbury?format=xml XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
http://london.indymedia.org/articles.rss XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
http://the-programmers-stone.com/feed/ XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
http://thecommune.co.uk/feed/ XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
http://www.baen.com/baenebooks XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
http://www.dcscience.net/feed/medium.co XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
http://www.freedompress.org.uk/news/feed/ XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
http://www.steampunkmagazine.com/inside/feed/ XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
http://www.tinycat.co.uk/feed/ XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
http://www.ubuntuweblogs.org/atom.xml XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
https://hackbloc.org/rss.xml XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
https://kajafoglio.livejournal.com/data/atom/ XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
https://philfoglio.livejournal.com/data/atom/ XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
https://studiofoglio.livejournal.com/data/atom/ XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
https://twitter.com/statuses/user_timeline/22724360.rss XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
https://web.randi.org/?format=feed&type=rss XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
https://www.goblinscomic.com/category/comics/feed/ XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
https://www.hackneysolidarity.info/rss.xml XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
https://www.patreon.com/graveyardgreg/posts/comic.rss XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
Humble Bundle Blog XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
I, Cringely XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
Irregular Webcomic! XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
Joel on Software XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
Judith Proctor's Journal XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
Krebs on Security XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
Lambda the Ultimate - Programming Languages Weblog XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
LLVM Project Blog XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
Looking For Group XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
Loomio Blog XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
LWN.net XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
Menage a 3 XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
Mimi and Eunice XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
Neil Gaiman's Journal XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
Nina Paley XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
O Abnormal – Scifi/Fantasy Artist XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
Oglaf! -- Comics. Often dirty. XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
Oh Joy Sex Toy XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
Order of the Stick XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
Original Fiction – Tor.com XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
OSnews XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
Paul Graham: Unofficial RSS Feed XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
Penny Arcade XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
Penny Red XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
PHD Comics XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
Phil's blog XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
Planet Debian XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
Planet GridPP XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
Planet Lisp XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
Pluralistic: Daily links from Cory Doctorow XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
Property is Theft! XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
PS238 by Aaron Williams XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
QC RSS XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
Radar XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
RevK®'s ramblings XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
Richard Stallman's Political Notes XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
Scenes From A Multiverse XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
Schneier on Security XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
SCHNEWS.ORG.UK XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
Scripting News XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
Seth's Blog XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
Skin Horse XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
Starslip by Kris Straub XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
Tales From the Riverbank XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
The Adventures of Dr. McNinja XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
The Bumpycat sat on the mat XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
The Command Line XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
The Daily WTF XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
The Monochrome Mob XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
The Non-Adventures of Wonderella XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
The Old New Thing XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
The Open Source Grid Engine Blog XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
The Phoenix Requiem XML 09:28, Tuesday, 07 July 10:08, Tuesday, 07 July
The Rogues Gallery XML 09:14, Tuesday, 07 July 10:02, Tuesday, 07 July
The Stranger, Seattle's Only Newspaper: Savage Love XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
TorrentFreak XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
towerhamletsalarm XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
Twokinds XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
UK Indymedia Features XML 09:28, Tuesday, 07 July 10:10, Tuesday, 07 July
Uploads from ne11y XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
Uploads from piasladic XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July
Use Sword on Monster XML 09:14, Tuesday, 07 July 10:01, Tuesday, 07 July
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 08:56, Tuesday, 07 July 09:42, Tuesday, 07 July
What If? XML 09:28, Tuesday, 07 July 10:09, Tuesday, 07 July
Whatever XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
Whitechapel Anarchist Group XML 09:21, Tuesday, 07 July 10:10, Tuesday, 07 July
WIL WHEATON dot NET XML 08:49, Tuesday, 07 July 09:33, Tuesday, 07 July
wish XML 08:49, Tuesday, 07 July 09:34, Tuesday, 07 July
xkcd.com XML 08:49, Tuesday, 07 July 09:32, Tuesday, 07 July