Tuesday, 19 June


Huck You [Scenes From A Multiverse]

Pro tip: don’t kidnap thousands of children and hold them hostage in exchange for political demands. It’s a bad look.

The Pirate Bay’s Frozen in Time, No New Uploads [TorrentFreak]

thepirateThe Pirate Bay has more than its fair share of technical inconveniences. Every other week the site goes down for a few hours, or days, just to reappear as if nothing ever happened.

In recent days many users have noticed some hiccups as well, as TPB’s upload functionality is currently broken. According to the recent uploads page, no new torrents have been added since last weekend.

The last torrent was uploaded on Sunday and the recent torrents page suggests that the problems started just before 7:00 a.m. Central European Time.

After that, things went quiet and the official Pirate Bay status page confirms that no new uploads are coming through. What’s causing the trouble is unknown at the moment.

Recent torrents

Several trusted VIP uploaders have mentioned the problem in the TPB forums. They reportedly see an “Error – File empty” notice on their end, no matter what they try.

These upload issues are not completely new, but it’s been a while since problems have lasted this long.

TPB moderator “workerbee” points people to the status page and confirms that the situation is the same for all.

“Everyone is experiencing the same problem. The situation will be sorted out in due course,” the mod notes.

Seasoned uploaders have weathered quite a few stormy periods on the site, so they might not be bothered too much. However, some are losing patience and are growing more pessimistic by the day.

“Been down since Sat.. for uploads,” VIP uploader psspss2 writes. “TPB sinking ship too many holes.”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

1125: Throwing Shade [Order of the Stick]


Microspeak: knobs [The Old New Thing]

Recall that Microspeak is not merely for jargon exclusive to Microsoft, but also for jargon that you need to know because nobody will explain it to you.

Here are some citations.

This class has a lot of knobs and controls to support many scenarios, but are they all necessary?

The controls have a number of events and knobs to allow you to customize the animations.

The performance power slider controls knobs such as CPU performance, and GPU scheduling.

In informal discussion, knobs are things that allow you to configure something.

The term is a throwback to old-timey control panels with lots of dials and things to play with.

Many teams are building custom solutions because our website fails to provide the knobs and levers necessary to present the data in manner they require.

Sometimes you'll see knobs paired with levers for extra old-timey goodness.


Link [Scripting News]

My Italy trip is winding down. Tomorrow I fly back to JFK from Milan. Had a wonderful time, starting at #SoTN18 in Trieste and visiting all kinds of interesting people here in Torino, especially Anna Masera, Raffaele Angius and Alessandro Cappai.

Link [Scripting News]

This is the song we've been singing this week in Torino. It's the song at the end of Killing Them Softly, a movie we believe is profound.

Link [Scripting News]

The Democrats should have a press spokesperson like Sarah Huckabee Sanders to correct the Trump lies. Daily press briefings. Not always in response to Trump. But never let a Trump lie about Democrats go unresponded-to.

Link [Scripting News]

Another idea I learned from Italians at dinner last night about how the press dealt with Berlusconi. Don't carry any news about him until he answers basic questions. With Trump that would start with his tax returns.

The Big Idea: C.L. Polk [Whatever]

Bit and pieces, ideas and musings — sometimes you just have to wait for the one thing that makes it all a story. C.L. Polk was waiting for the one thing to thread all the parts together to make Witchmark into the novel, and found it in a monochromatic piece of history.


Witchmark didn’t just come to me in a bolt of inspiration. The muses didn’t smack me on the head and say “here is a story, go thou and write it.” My discovery of the story was more like emptying a child’s pockets after a walk outside: Shells and stones and feathers from songbirds, a bit of bone scrimshawed with dust, a frayed length of bright green ribbon. Every little piece contained a bit of mystery, something important enough to tuck away, but they were were a jumble of concepts and images that didn’t add up to a story.

But I kept them, taking out each element and matching them on a blank sheet of paper, trying to make them become story-shaped. Streets filled with bicycles, lit by golden lamps that hurt magicians to be near. Apple trees heavy with fruit, free for the taking by anyone who wanted them. The shards of a teacup smashed on the pavement, trying to break an ill-omen revealed in the leaves. I had shiny bits that didn’t come together until I found a black and white image of soldiers on parade from WWI.

That’s when the muses struck. I saw how a missing body from the morgue, a handsome gentleman in a silk top hat, and a darkness lurking in the brains of men who had been through a nightmare came together. It became a story about uncovering the awful truth lying underneath a glittering, comfortable society, and about the one person who could uncover it.

Miles Singer is a physician with healing powers hiding who he is for the sake of survival. If he’s caught, he’ll be incarcerated in an asylum with other people, believed to be at risk of becoming violent if they don’t suppress their magical talent. Or worse: his family drags him back and binds him to his powerful sister. He would be obligated to obey her decisions about his life, his magical power nothing more than a battery she can tap to do the only magic that counts among their peers: Storm-singing, the ability to control the weather.

Miles uses his gifts in secret, keeps his head down at a veteran’s hospital full of patients who share his trauma. He uses his power sparingly, trying to solve a medical mystery that only he can see, trying to find a mundane diagnosis for the troubling condition his magic reveals. but when a murdered emergency patient–who asked to see him specifically–dies in his arms, Miles struggles to keep his secrets while pursuing the mystery of his patient’s death.

But then his sister walks back into his life, and Miles has to break out of the small persona he created for himself. When he learns the secrets that his patient’s murder was supposed to preserve, he has to embrace everything he is and decide the fate of an entire country…and even doing the right thing has far-reaching consequences.

Witchmark is a fantasy novel with a mystery and a romance tucked inside it, but it finds room to talk about the aftermath of war, the machine of lies that help people look away from oppression, and how sometimes your family never sees past the picture they made of you to see who you are – and how difficult it is to make them see who you truly are.


Witchmark: Amazon|Barnes & Noble|Indiebound|Powell’s

Read an excerpt. Visit the author’s site. Follow her on Twitter.


Free Societies are at a Disadvantage in National Cybersecurity [Schneier on Security]

Jack Goldsmith and Stuart Russell just published an interesting paper, making the case that free and democratic nations are at a structural disadvantage in nation-on-nation cyberattack and defense. From a blog post:

It seeks to explain why the United States is struggling to deal with the "soft" cyber operations that have been so prevalent in recent years: cyberespionage and cybertheft, often followed by strategic publication; information operations and propaganda; and relatively low-level cyber disruptions such as denial-of-service and ransomware attacks. The main explanation is that constituent elements of U.S. society -- a commitment to free speech, privacy and the rule of law; innovative technology firms; relatively unregulated markets; and deep digital sophistication -- create asymmetric vulnerabilities that foreign adversaries, especially authoritarian ones, can exploit. These asymmetrical vulnerabilities might explain why the United States so often appears to be on the losing end of recent cyber operations and why U.S. attempts to develop and implement policies to enhance defense, resiliency, response or deterrence in the cyber realm have been ineffective.

I have long thought this to be true. There are defensive cybersecurity measures that a totalitarian country can take that a free, open, democratic country cannot. And there are attacks against a free, open, democratic country that just don't matter to a totalitarian country. That makes us more vulnerable. (I don't mean to imply -- and neither do Russell and Goldsmith -- that this disadvantage implies that free societies are overall worse, but it is an asymmetry that we should be aware of.)

I do worry that these disadvantages will someday become intolerable. Dan Geer often said that "the price of freedom is the probability of crime." We are willing to pay this price because it isn't that high. As technology makes individual and small-group actors more powerful, this price will get higher. Will there be a point in the future where free and open societies will no longer be able to survive? I honestly don't know.


Netra Q&A: Scaling resource-intensive APIs [All - O'Reilly Media]

Oracle's Kyle York and Netra's Richard Lee discuss Netra’s high-performance computing environment.

Continue reading Netra Q&A: Scaling resource-intensive APIs.

The secret RPG history of an enabler of America's border child kidnapping policy [Boing Boing]

When Bryant Durrell was in college, he played D&D with an amazing Dungeon Master, Eric, who was obsessed with the moral dimension of the game, constructing thoughtful, elaborate campaigns to get the players to reflect on the nature of good and evil -- the players jokingly called the setting Eric created "Catholic World." (more…)

As thousands of children are torn from their parents, Trump's popularity rating hits an all-time high [Boing Boing]

In case you thought that kidnapping babies would awaken the moral consciences of Trump supporters, be told: Trump's approval rating hit its all-time peak on Monday, with 45% of Americans saying he is doing a good job. The administration is said to be planning even harsher measures before the midterms, including indefinite incarceration of kidnapped children. (via Naked Capitalism)

Secret recording of weeping children begging for their parents while a Border Patrol official mocks them [Boing Boing]


"Well, we have an orchestra here. What’s missing is a conductor." That's the voice of a Border Patrol official, mocking a sobbing group of 10 terrified Central American children who've been separated from their parents at a US border-crossing. (more…)


CodeSOD: A Unique Specification [The Daily WTF]

One of the skills I think programmers should develop is not directly programming related: you should be comfortable reading RFCs. If, for example, you want to know what actually constitutes an email...

History's most productive geniuses goofed off like crazy [Boing Boing]

In Rest: Why You Get More Done When You Work Less (published in 2016, just out in paperback), Alex Soojung-Kim Pang painstakingly investigates the working lives of the likes of Charles Darwin and finds that history's most productive high-performers were working about four hours a day and slacking off the rest of the time: napping, strolling, having leisurely lunches. (more…)

With the App Store monopoly case, the Supreme Court could reverse decades of frustrated antitrust enforcement [Boing Boing]

On Monday, the Supreme Court will review the 9th Circuit's decision in Apple Inc. v. Pepper, in which the plaintiffs argue that Apple has established a monopoly over apps for Ios (this part is actually incontrovertible, as Apple has used both technology and law to prevent rival app stores from operating), and that Iphone and Ipad owners have a right to ask the government to break up this monopoly (that's the controversial part). (more…)


Four short links: 19 June 2018 [All - O'Reilly Media]

Product Feedback, Medical AI, DensePose, and Automating Debugging

  1. Developing a Continuous Feedback Loop -- short preso on how to get and manage a lot of feedback from customers.
  2. Google's Medical AI -- some details of studies and ambitions in the space. This quote is provocative: "They’ve finally found a new application for AI that has commercial promise."
  3. DensePose -- Facebook open sourced our real-time approach for mapping all human pixels of 2D RGB images to a 3D surface-based model of the body. See discussion.
  4. Debugging with Intelligence via Probabilistic Inference (Paper a Day) -- Xu et al., have built an automated debugger that can take a single failing test execution, and with minimal interaction from a human, pinpoint the root cause of the failure. What I find really exciting about it is that instead of brute force, there’s a certain encoded intelligence in the way the analysis is undertaken that feels very natural. The first IDE / editor to integrate a tool like this wins!

Continue reading Four short links: 19 June 2018.

Screwdriver optional: fingerprint lock broadcasts its unlock code over Bluetooth (and the steel is garbage) [Boing Boing]


Fingerprint locks are catastrophically awful, part LXVII: the software security on the crowdfunded Tapplock "is basically nonexistent" -- the lock broadcasts its own unlock code over Bluetooth, and if you send it back to the lock, it pops open. (more…)

The Rent's Too Damned High: 15,000 words on the ways real-estate speculation and inequality have killed NYC [Boing Boing]

Harper's has published The Death of a Once Great City, Kevin Baker's beautifully written, 15,000 word, non-comprehensive list of all the ways that raising the rents in New York City (something that was enabled by the related phenomena of the increasing wealth of the global rich and the influence of property developers on New York City's planning) has squeezed all the juice out of the city, evicting its people and its businesses in favor of "land banked" condos and co-op units that serve as "an investment, a pied-à-terre, a bolt-hole, a strongbox" -- and whose only viable retail is chain pharmacies and ATMs. (more…)

The two simple secrets to good ideas [Seth's Blog]

Secret #1 is the biggest one: More bad ideas. The more bad ideas the better. If you work really hard on coming up with bad ideas, sooner or later, some good ideas are going to slip through. This is much easier than the opposite approach.

Secret #2 is more important: Generosity. It's much easier and more effective to come up with good ideas for someone else. Much easier to bring a posture of insight and care on behalf of someone else. It lets you off the hook, too.


Raphaël Hertzog: Freexian’s report about Debian Long Term Support, May 2018 [Planet Debian]

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In May, about 202 work hours have been dispatched among 12 paid contributors. Their reports are available:

Evolution of the situation

The number of sponsored hours increased to 190 hours per month thanks to a few new sponsors who joined to benefit from Wheezy’s Extended LTS support.

We are currently in a transition phase. Wheezy is no longer supported by the LTS team and the LTS team will soon take over security support of Debian 8 Jessie from Debian’s regular security team.

Thanks to our sponsors

New sponsors are in bold.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Erich Schubert: Predatory publishers: SciencePG [Planet Debian]

I got spammed again by SciencePG (“Science Publishing Group”).

One of many (usually Chinese or Indian) fake publishers, that will publish anything as long as you pay their fees. But, unfortunately, once you published a few papers, you inevitably land on their spam list: they scrape the websites of good journals for email adresses, and you do want your contact email address on your papers.

However, this one is particularly hilarious: They have a spelling error right at the top of their home page!

SciencePG spelling


Speaking of fake publishers. Here is another fun example:

Kim Kardashian, Satoshi Nakamoto, Tomas Pluskal
Wanion: Refinement of RPCs.
Drug Des Int Prop Int J 1(3)- 2018. DDIPIJ.MS.ID.000112.

Yes, that is a paper in the “Drug Designing & Intellectual Properties” International (Fake) Journal. And the content is a typical SciGen generated paper that throws around random computer buzzword and makes absolutely no sense. Not even the abstract. The references are also just made up. And so are the first two authors, VIP Kim Kardashian and missing Bitcoin inventor Satoshi Nakamoto…

In the PDF version, the first headline is “Introductiom”, with “m”…

So Lupine Publishers is another predatory publisher, that does not peer review, nor check if the article is on topic for the journal.

Via Retraction Watch

Conclusion: just because it was published somewhere does not mean this is real, or correct, or peer reviewed…

Today is FreeBSD Day [OSNews]

We're pleased to announce that June 19 has been declared FreeBSD Day. Join us in honoring The FreeBSD Project's pioneering legacy and continuing impact on technology.

Why today? Well, 25 years ago to the day, the name FreeBSD was chosen as the name for the project. FreeBSD formed the base of all kinds of operating systems we use every day today - like macOS and iOS and the operating systems on the Nintendo Switch and Playstation 3, 4, and Vita - and FreeBSD code can be found in the unlikeliest of places, such as Haiku, which uses FreeBSD network drivers, and even Windows, which, although information is sparse, seemed to at one point use FreeBSD code for command-line networking utilities like ftp, nslookup, rcp, and rsh.

The DEC 340 Monitor [OSNews]

My big project this year is to get a DEC 340 monitor working. Here is a picture of one of them. The DEC 340 was a very early and rare computer monitor dating from the mid '60s used of course, on DEC computers, their PDP series. Two cabinets of rack mounted electronics. The 340 is historic and was used in some early work that pioneered modern computer graphic techniques. It is quite a bit different from Cathode Ray Tube (CRT) monitors used by personal computers we were all familiar with a few years ago. In comparison it is alien technology. All circuits are implemented using discrete components and there are no integrated circuits anywhere in the design. The discrete components themselves are unusual dating from the early days of transistor use.

It always amazes me how fast technology has developed over the past few decades.


Reproducible builds folks: Reproducible Builds: Weekly report #164 [Planet Debian]

Here’s what happened in the Reproducible Builds effort between Sunday June 10 and Saturday June 16 2018:

diffoscope development

diffoscope is our in-depth “diff-on-steroids” utility which helps us diagnose reproducibility issues in packages. This week, version 96 was uploaded to Debian unstable by Chris Lamb. It includes contributions already covered by posts in previous weeks as well as new ones from:

tests.reproducible-builds.org development

There were a number of changes to our Jenkins-based testing framework that powers tests.reproducible-builds.org, including:

Packages reviewed and fixed, and bugs filed


This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.


BitTorrent Is Reportedly Selling for $140 Million [TorrentFreak]

Last month, TF broke the news that Justin Sun, the entrepreneur behind the popular cryptocurrency TRON, was in the process of acquiring BitTorrent Inc.

The San-Francisco based file-sharing company confirmed the interest from Sun and last week sources added that details of the sale had been finalized.

One of the questions that remained unanswered is how much the company is worth. This gap has now been filled by TechCrunch, which reports that TRON’s founder agreed to pay $140 million to acquire the company.

According to the report, there are still some outstanding issues regarding the terms of the deal. More than one person claims to have introduced Sun to BitTorrent, which guarantees an extra payout. This has yet to be resolved.

It is unclear what Sun’s plans are for BitTorrent but the existing products, including uTorrent, are not expected to go away. According to a shareholder quoted by TechCrunch, one of the plans is to use the acquisition to “legitimize” TRON’s business, which currently has a controversial reputation.

This is an interesting goal, as BitTorrent itself has also dealt with some controversy of its own. The company was previously asked to do more to combat piracy and a few weeks ago, New Mexico Attorney General Hector Balderas launched an investigation into the links between uTorrent usage and images of child exploitation.

While the final details are worked out, BitTorrent – or Rainberry as it’s called now – has begun hiring new personnel. The company is currently looking for a recruiter to hire new talent as well as several developers, including a senior iOS Engineer.

BitTorrent is currently working on a new iOS app which will allow users to play videos on their mobile devices. When completed, it will be released on Apple’s App Store.

The $140 million acquisition follows a turbulent time for BitTorrent during which the company was nearly destroyed due to questionable management practices. At the same time, none of the new products, services, and business models it developed managed to surpass the early success it had with uTorrent.

Whether the deal with TRON’s founder is a turning point has yet to be seen. TorrentFreak reached out to the company to find out more about its future plans but, at the time of writing, we have yet to hear back.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Love Radiates by Jem Milton [Oh Joy Sex Toy]

Today’s another Poly comic! TWO IN A ROW, you lucky devils you! =D

I’m so excited to finally share with you Jem’s work. I was so excited when they sent the comic over, and I hope you all like it too. If your keen they let me know that they are printing this specific comic in a collected zine that is now for sale, along side a bunch more of their autobio on Polyamoury. Pick it up if you get a chance – I did!


The Humble Book Bundle: Programmable Boards by Make:! Make: is... [Humble Bundle Blog]

The Humble Book Bundle: Programmable Boards by Make:! 

Make: is back with a bundle all about programmable boards. Get ebooks like Getting Started with the Photon, Make: Sensors, Make: Lego and Arduino Projects, Jumpstarting JavaScript, Jumpstarting the Raspberry Pi Zero W, and more.

Plus, buy the $8 tier or higher, and more titles will be added to your bundle next week!

Assets for Press and Partners

[1031] Indecent Proposal [Twokinds]

Comic for June 19, 2018



Gunnar Wolf: Demoting multi-factor authentication [Planet Debian]

I started teaching at Facultad de Ingeniería, UNAM in January 2013. Back then, I was somewhat surprised (for good!) that the university required me to create a digital certificate for registering student grades at the end of the semester. The setup had some not-so-minor flaws (i.e. the private key was not generated at my computer but centrally, so there could be copies of it outside my control — Not only could, but I noted for a fact a copy was kept at the relevant office at my faculty, arguably to be able to timely help poor teachers if they lost their credentials or patience), but was decent...
Authentication was done via a Java applet, as there needs to be a verifiably(?)-secure way to ensure the certificate was properly checked at the client without transfering it over the network. Good thing!
But... Java applets grow out of favor. I don't think I have ever been able to register my grading from a Linux desktop (of course, I don't have a typical Linux desktop, so luck might smile to other people). But last semester and this semester I suffered even to get the grades registered from Windows — Seems that every browser has deprecated the extensions for the Java runtime, and applets are no longer a thing. I mean, I could get the Oracle site to congratulate me for having Java 8 installed, but it just would not run the university's applet!
So, after losing the better part of an already-busy evening... I got a mail. It says (partial translation mine):

Subject: Problems to electronically sign at UNAM

We are from the Advance Electronic Signature at UNAM. We are sending you this mail as we have detected you have problems to sign the grades, probably due to the usage of Java.

Currently, we have a new Electronic Signature system that does not use Java, we can migrate you to this system.

The certificate will thus be stored in the cloud, we will deposit it at signing time, you just have to enter the password you will have assigned.

Of course, I answered asking which kind of "cloud" was it, as we all know that the cloud does not exist, it's just other people's computers... And they decided to skip this question.

You can go see what is required for this implementation at https://www.fea.unam.mx/Prueba de la firma (Test your signature): It asks me for my CURP (publicly known number that identifies every Mexican resident). Then, it asks me for a password. And that's it. Yay :-Þ

Anyway I accepted, as losing so much time to grade is just too much. And... Yes, many people will be happy. Partly, I'm releieved by this (I have managed to hate Java for over 20 years). I am just saddened by the fact we have lost an almost-decent-enough electronic signature implementation and fallen back to just a user-password scheme. There are many ways to do crypto verification on the client side nowadays; I know JavaScript is sandboxed and cannot escape to touch my filesystem, but... It is amazing we are losing this simple and proven use case.

And it's amazing they are pulling it off as if it were a good thing.


Page 3 [Flipside]

Page 3 is done.

[$] TCP small queues and WiFi aggregation — a war story [LWN.net]

This article describes our findings that connected TCP small queues (TSQ) with the behavior of advanced WiFi protocols and, in the process, solved a throughput regression. The resulting patch is already in the mainline tree, so before continuing, please make sure your kernel is updated. Beyond the fix, it is delightful to travel through history to see how we discovered the problem, how it was tackled, and how it was patched.

Subscribers can read on for the full story by guest authors Carlo Grazia and Natale Patriciello.

A broad overview of how modern Linux systems boot [OSNews]

For reasons beyond the scope of this entry, today I feel like writing down a broad and simplified overview of how modern Linux systems boot. Due to being a sysadmin who has stubbed his toe here repeatedly, I'm going to especially focus on points of failure.

I always find it fascinating to read about how computers boot - it's often a very intricate process, built atop decades of backwards compatibility.

x86 assembly doesn't have to be scary [OSNews]

Assembly programming can be intimidating for people who have never looked into it any deeper than a glance, but giving that it underpins how the computers we use work it can be helpful having context in regards to what is actually being run by the CPU.

You can run the code samples live on the webpage itself thanks to Emscription and v86. Neat.


Benjamin Mako Hill: Honey Buckets [Planet Debian]

When I was growing up in Washington state, a company called Honey Bucket held a dominant position in the local portable toilet market. Their toilets are still a common sight in the American West.

Honey Bucket brand portable toilet. Photo by donielle. (CC BY-SA)

They were so widespread when I was a child that I didn’t know that “Honey Bucket” was the name of a company at all until I moved to Massachusetts for college. I thought “honey bucket” was just the generic term for toilets that could be moved from place-to-place!

So for the first five years that I lived in Massachusetts, I continued to call all portable toilets “honey buckets.” Until somebody asked me why I called them “honey buckets”—five years after moving!—all my friends in Massachusetts thought that “honey bucket” was just a personal, idiosyncratic, and somewhat gross, euphemism.

What it was like to write a full blown Flutter application [OSNews]

So I just finished my first Flutter app and I feel I can safely invest much more of my time long term to the framework. Writing a Flutter app has been a litmus test and Flutter passed the test. It's amazing to now be able to competently write apps for iOS and Android. I also love writing and scaling backends and my wife Irina is a UX so it's a powerful combination.

Monday, 18 June



Public Domain Hulk explains the EU's catastrophic copyright filtering proposal [Boing Boing]



News Post: Conduct Unbecoming [Penny Arcade]

Tycho: Obviously, I was forced to engage in chops-busting.  If I see a chop, I go in.  That being said, I mean…  I don’t give a fuck what he’s got in there as long as he’s got his hand on a mouse. In truth, as much as I may not like it, that 1050 he has in there is more than enough for whatever we’ve been playing.  He’s not going to do any Cyberpunk on there, not in any upright and moral way, but he’d be playing that on a console anyhow - that’s not what this PC is for.  His PC is designed to manifest Steam darlings and skim indie…


Portrait of the Artist as Someone Who is So Very Done With His Book, 6/18/18 [Whatever]

I posted a picture of myself at the beginning of my deadline rush and said I would post another when it’s done and (likely) I was a real mess. Here’s the promised “after” picture. It’s not as bad as it could be because a) I did actually manage a three-hour nap, b) I threw over my original plan not to shave until I was done because yesterday was my and Krissy’s anniversary and I wanted to not look like a shambling yeti when we went out in public for dinner. Also coincidentally I’m wearing the same shirt as in the previous picture. I did wear other shirts in the interim, I swear.

Also, fun fact: You know how I just turned in a book? Well, actually, in the last couple of weeks, I’ve turned in two. That’s right, while you weren’t looking, I did a whole other entire book! This is why I’m tired, people. I’m doing a lot of work, here. Anyway, that other book is still a little bit under wraps, but we’ll be announcing in the next few months. And in the meantime, you know The Consuming Fire is on its way in October.

Also, I’m likely to be brain-dead most of today and tomorrow at least, so if you see me sitting quietly on my front porch, drooling into my shoulder, that’s why.


The EU's Link Tax will be voted on in TWO DAYS: if passed, you won't be able to link to the news except on Big Tech's licensed platforms [Boing Boing]

Article 11 is the EU's bizarre proposal for transferring money from Google and Facebook to newspapers: it creates a special copyright over links to news stories and bans services from linking to the news unless they pay for a license to link. (more…)

Today in GPF History for Monday, June 18, 2018 [General Protection Fault: The Comic Strip]

On the lam, Fooker, Dwayne, and Trent run into an old ursine acquaintance...


Security updates for Monday [LWN.net]

Security updates have been issued by CentOS (kernel), Debian (libgcrypt20, redis, and strongswan), Fedora (epiphany, freedink-dfarc, gnupg, LibRaw, nodejs-JSV, nodejs-uri-js, singularity, strongswan, and webkit2gtk3), Mageia (flash-player-plugin, freedink-dfarc, and imagemagick), openSUSE (enigmail, gpg2, java-1_7_0-openjdk, java-1_8_0-openjdk, poppler, postgresql96, python-python-gnupg, and samba), Oracle (kernel), SUSE (gpg2 and xen), and Ubuntu (gnupg and webkit2gtk).

News Post: My new PC [Penny Arcade]

Gabe: Today’s comic is sort of the reverse of this comic strip we did back in 2014. Jerry doesn’t care about televisions and listening to him talk about shopping for one was enough to give me a migraine. When I decided to pick up a gaming PC I knew I could ask him for advice but I didn’t think I needed whatever supercomputer he was gonna try and talk me into. I just wanted to play some PC games and not spend a bunch of money. So I bought my setup in secret and I’ve been having a blast. First of all I should let you know this isn’t an advertisement or anything. Sometimes people send me…


How ARKit 2 works, and why Apple is so focused on AR [OSNews]

Augmented reality (AR) has played prominently in nearly all of Apple's events since iOS 11 was introduced, Tim Cook has said he believes it will be as revolutionary as the smartphone itself, and AR was Apple's biggest focus in sessions with developers at WWDC this year. But why? Most users don't think the killer app for AR has arrived yet - unless you count Pokémon Go. The use cases so far are cool, but they're not necessary and they're arguably a lot less cool on an iPhone or iPad screen than they would be if you had glasses or contacts that did the same things. From this year's WWDC keynote to Apple's various developer sessions hosted at the San Jose Convention Center and posted online for everyone to view, though, it's clear that Apple is investing heavily in augmented reality for the future. We're going to comb through what Apple has said about AR and ARKit this week, go over exactly what the toolkit does and how it works, and speculate about the company's strategy - why Apple seems to care so much about AR, and why it thinks it's going to get there first in a coming gold rush.

While AR clearly has a role to play in professional settings (e.g construction work, medical settings, and so on), I still haven't seen a general purpose application that justifies the heavy investment in AR by Apple. All demos usually come down to "oh, that's neat, I guess" and "that is incredibly uncomfortable". Where's the killer app?

C gfx library for the Linux framebuffer with parallelism support [OSNews]

FBGraphics was made to produce fullscreen pixels effects easily with non-accelerated framebuffer by leveraging multi-core processors, it is a bit like a software GPU (much less complex and featured!), the initial target platform is a Raspberry PI 3B and extend to the NanoPI (and many others embedded devices), the library should just work with many others devices with a Linux framebuffer altough there is at the moment some restrictions on the supported framebuffer format (24 bits). FBGraphics is lightweight and does not intend to be a fully featured graphics library, it provide a limited set of graphics primitive and a small set of useful functions to start doing framebuffer graphics right away with or without multi-core support.

Neat project.

Woodworking, the opposite of software development [The Old New Thing]

While waiting for the BoltBus, I met a former software developer, who said that he's now a carpenter. Specifically, he makes furniture out of wood, so a more precise term for his type of work would be something like woodworking.

He says he quit software because customers would keep making change requests on short notice, even for features he was pretty sure they'd never actually use.

I asked him if his new job has the same problem.

He said, no, it's the opposite.

Nobody asks for new features for their bench or table or whatever. They show him a picture of a 100-year-old table and say "Make me that."

Sometimes, a former customer will call and say, "Hey, remember me? You made a table for me three years ago." Do they want to modify the table? Nope. "Can you make one exactly like it for my sister?"

Google to Fix Location Data Leak in Google Home, Chromecast [Krebs on Security]

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network.

Craig Young, a researcher with security firm Tripwire, said he discovered an authentication weakness that leaks incredibly accurate location information about users of both the smart speaker and home assistant Google Home, and Chromecast, a small electronic device that makes it simple to stream TV shows, movies and games to a digital television or monitor.

Young said the attack works by asking the Google device for a list of nearby wireless networks and then sending that list to Google’s geolocation lookup services.

“An attacker can be completely remote as long as they can get the victim to open a link while connected to the same Wi-Fi or wired network as a Google Chromecast or Home device,” Young told KrebsOnSecurity. “The only real limitation is that the link needs to remain open for about a minute before the attacker has a location. The attack content could be contained within malicious advertisements or even a tweet.”

It is common for Web sites to keep a record of the numeric Internet Protocol (IP) address of all visitors, and those addresses can be used in combination with online geolocation tools to glean information about each visitor’s hometown or region. But this type of location information is often quite imprecise. In many cases, IP geolocation offers only a general idea of where the IP address may be based geographically.

This is typically not the case with Google’s geolocation data, which includes comprehensive maps of wireless network names around the world, linking each individual Wi-Fi network to a corresponding physical location. Armed with this data, Google can very often determine a user’s location to within a few feet (particularly in densely populated areas), by triangulating the user between several nearby mapped Wi-Fi access points. [Side note: Anyone who’d like to see this in action need only to turn off location data and remove the SIM card from a smart phone and see how well navigation apps like Google’s Waze can still figure out where you are].

“The difference between this and a basic IP geolocation is the level of precision,” Young said. “For example, if I geolocate my IP address right now, I get a location that is roughly 2 miles from my current location at work. For my home Internet connection, the IP geolocation is only accurate to about 3 miles. With my attack demo however, I’ve been consistently getting locations within about 10 meters of the device.”

Young said a demo he created (a video of which is below) is accurate enough that he can tell roughly how far apart his device in the kitchen is from another device in the basement.

“I’ve only tested this in three environments so far, but in each case the location corresponds to the right street address,” Young said. “The Wi-Fi based geolocation works by triangulating a position based on signal strengths to Wi-Fi access points with known locations based on reporting from people’s phones.”

Beyond leaking a Chromecast or Google Home user’s precise geographic location, this bug could help scammers make phishing and extortion attacks appear more realistic. Common scams like fake FBI or IRS warnings or threats to release compromising photos or expose some secret to friends and family could abuse Google’s location data to lend credibility to the fake warnings, Young notes.

“The implications of this are quite broad including the possibility for more effective blackmail or extortion campaigns,” he said. “Threats to release compromising photos or expose some secret to friends and family could use this to lend credibility to the warnings and increase their odds of success.”

When Young first reached out to Google in May about his findings, the company replied by closing his bug report with a “Status: Won’t Fix (Intended Behavior)” message. But after being contacted by KrebsOnSecurity, Google changed its tune, saying it planned to ship an update to address the privacy leak in both devices. Currently, that update is slated to be released in mid-July 2018.

According to Tripwire, the location data leak stems from poor authentication by Google Home and Chromecast devices, which rarely require authentication for connections received on a local network.

“We must assume that any data accessible on the local network without credentials is also accessible to hostile adversaries,” Young wrote in a blog post about his findings. “This means that all requests must be authenticated and all unauthenticated responses should be as generic as possible. Until we reach that point, consumers should separate their devices as best as is possible and be mindful of what web sites or apps are loaded while on the same network as their connected gadgets.”

Earlier this year, KrebsOnSecurity posted some basic rules for securing your various “Internet of Things” (IoT) devices. That primer lacked one piece of advice that is a bit more technical but which can help mitigate security or privacy issues that come with using IoT systems: Creating your own “Intranet of Things,” by segregating IoT devices from the rest of your local network so that they reside on a completely different network from the devices you use to browse the Internet and store files.

“A much easier solution is to add another router on the network specifically for connected devices,” Young wrote. “By connecting the WAN port of the new router to an open LAN port on the existing router, attacker code running on the main network will not have a path to abuse those connected devices. Although this does not by default prevent attacks from the IoT devices to the main network, it is likely that most naïve attacks would fail to even recognize that there is another network to attack.”

For more on setting up a multi-router solution to mitigating threats from IoT devices, check out this in-depth post on the subject from security researcher and blogger Steve Gibson.


YouTube’s Blocks MIT Courses, Blender Videos, and More (Updated) [TorrentFreak]

To protect copyright holders, YouTube uses an advanced piracy recognition system that flags and disables videos which are used without permission.

This system, known as Content ID, works well most of the time, but it is far from perfect.

It’s not well equipped to determine whether content deployment is protected under ‘fair use’, and in some cases it even views white noise or birds chirping as piracy.

Over the past several days, an even more worrying trend has appeared. Several popular YouTube accounts including those belonging to ‘MIT OpenCourseWare‘ and the ‘Blender Foundation,’ have suddenly had all their videos blocked.

People who try to watch one of the freely available MIT courses on YouTube get the following message, which typically appears if an uploader doesn’t have the rights to show content locally.

“This video contains content from MIT. It is not available in your country.”

The message appears in all locations that we were able to check, suggesting that it may very well apply worldwide. In any case, on social media there’s no shortage of people mentioning that they can no longer access the courses.

Blocked courseware…

The issue hasn’t gone unnoticed by MIT’s OpenCourseWare team which is investigating the matter, without pointing fingers.

“You may have noticed that we are having some trouble with our videos! Please stand by. The elves are working around the clock to fix the issue,” they write, referring people to non-video content in the meantime.

Interestingly, the MIT case doesn’t appear to be an isolated incident. Another organization that was hit by the same mysterious blocking efforts is the Blender Foundation.

The nonprofit organization, which is leading the development of the open source 3D content-creation application Blender, has also had its videos blocked.

Ton Roosendaal, Chairman of the Blender Foundation, noticed the issue on Saturday and contacted YouTube. “This is most probably an error from their side,” Roosendaal said.

At the time of writing, the issue still hasn’t been resolved.

What the heck…

Both organizations have verified YouTube accounts and many subscribers, which makes them high profile targets. However, two days have passed and it’s still unclear what’s going on.

The blocking message is part of YouTube’s piracy filter system, but why it was triggered is unknown. As the original publishers, both certainly have the right to publish the videos in question.

Looking even further, we were able to spot dozens of accounts which show similar “blocking” messages. They include verified ones, such as India’s Press Information Bureau, soccer club Sparta Praha, and England Rugby.

TorrentFreak reached out to YouTube to ask why the videos of these accounts have been blocked but at the time of publication, we had yet to hear back. Something appears to be awfully wrong though.

The timing of the incident is interesting, to say the least. This week there’s an important vote scheduled in the European Parliament, which will determine the course of EU copyright law.

One of the most contested changes is the so-called “upload filter,” which is detailed in Article 13 of the copyright reform proposal. According to opponents, such YouTube-like piracy filters are a threat to free speech.

These apparent “mistakes” show that there is a point to that.

Ironically, even French politicians, who were expected to vote in favor of the upload filters, may now reconsider their stance after YouTube temporarily disabled their account following three copyright strikes.

Update: YouTube notes that the issue is related to its updated partner agreements. The company is working on a solution. We updated the title to reflect this and avoid confusion.

“Videos on a limited number of sites have been blocked as we updated our partner agreements. We are working with MITOpenCourseWare and Blender Foundation to get their videos back online,” a YouTube spokesperson tells TorrentFreak.

Update 2: Blender’s Ton Roosendaal notes that YouTube wants the organization to sign a monetization agreement.

“Google sent a contract to Blender Foundation in which we have to accept monetizing our Youtube channel content. Time for a more lengthy article… meanwhile, here’s the contract.”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Russell Coker: Cooperative Learning [Planet Debian]

This post is about my latest idea for learning about computers. I posted it to my local LUG mailing list and received no responses. But I still think it’s a great idea and that I just need to find the right way to launch it.

I think it would be good to try cooperative learning about Computer Science online. The idea is that everyone would join an IRC channel at a suitable time with virtual machine software configured and try out new FOSS software at the same time and exchange ideas about it via IRC. It would be fairly informal and people could come and go as they wish, the session would probably go for about 4 hours but if people want to go on longer then no-one would stop them.

I’ve got some under-utilised KVM servers that I could use to provide test VMs for network software, my original idea was to use those for members of my local LUG. But that doesn’t scale well. If a larger group people are to be involved they would have to run their own virtual machines, use physical hardware, or use trial accounts from VM companies.

The general idea would be for two broad categories of sessions, ones where an expert provides a training session (assigning tasks to students and providing suggestions when they get stuck) and ones where the coordinator has no particular expertise and everyone just learns together (like “let’s all download a random BSD Unix and see how it compares to Linux”).

As this would be IRC based there would be no impediment for people from other regions being involved apart from the fact that it might start at 1AM their time (IE 6PM in the east coast of Australia is 1AM on the west coast of the US). For most people the best times for such education would be evenings on week nights which greatly limits the geographic spread.

While the aims of this would mostly be things that relate to Linux, I would be happy to coordinate a session on ReactOS as well. I’m thinking of running training sessions on etbemon, DNS, Postfix, BTRFS, ZFS, and SE Linux.

I’m thinking of coordinating learning sessions about DragonflyBSD (particularly HAMMER2), ReactOS, Haiku, and Ceph. If people are interested in DragonflyBSD then we should do that one first as in a week or so I’ll probably have learned what I want to learn and moved on (but not become enough of an expert to run a training session).

One of the benefits of this idea is to help in motivation. If you are on your own playing with something new like a different Unix OS in a VM you will be tempted to take a break and watch YouTube or something when you get stuck. If there are a dozen other people also working on it then you will have help in solving problems and an incentive to keep at it while help is available.

So the issues to be discussed are:

  1. What communication method to use? IRC? What server?
  2. What time/date for the first session?
  3. What topic for the first session? DragonflyBSD?
  4. How do we announce recurring meetings? A mailing list?
  5. What else should we setup to facilitate training? A wiki for notes?

Finally while I list things I’m interested in learning and teaching this isn’t just about me. If this becomes successful then I expect that there will be some topics that don’t interest me and some sessions at times when I am have other things to do (like work). I’m sure people can have fun without me. If anyone has already established something like this then I’d be happy to join that instead of starting my own, my aim is not to run another hobbyist/professional group but to learn things and teach things.

There is a Wikipedia page about Cooperative Learning. While that’s interesting I don’t think it has much relevance on what I’m trying to do. The Wikipedia article has some good information on the benefits of cooperative education and situations where it doesn’t work well. My idea is to have a self-selecting people who choose it because of their own personal goals in terms of fun and learning. So it doesn’t have to work for everyone, just for enough people to have a good group.

John Goerzen: Memories, Father’s Day, and an 89-year-old plane [Planet Debian]

“Oh! I have slipped the surly bonds of Earth
And danced the skies on laughter-silvered wings;
Sunward I’ve climbed, and joined the tumbling mirth
of sun-split clouds, — and done a hundred things”

– John Gillespie Magee, Jr.

I clicked on the radio transmitter in my plane.

O’Neill Traffic, Bonanza xx departing to the south. And Trimotor, thanks for flight #1. We really enjoyed it.

And we had. Off to my left, a 1929 Ford Trimotor airliner was heading off into the distance, looking as if it were just hanging in the air, glinting in the morning sun, 1000 feet above the ground. Earlier that morning, my boys and I had been passengers in that very plane. But now we had taken off right after them, as they were taking another load of passengers up for a flight and we were flying back home. To my right was my 8-year-old, and my 11-year-old was in back, both watching out the windows. The radio clicked on, and the three of us heard the other pilot’s response:

Oh thank you. We’re glad you came!

A few seconds later, they were gone out of sight.

The experience of flying in an 89-year-old airliner is quite something. As with the time we rode on the Durango & Silverton railroad, it felt like stepping back into a time machine — into the early heyday of aviation.

Jacob and Oliver had been excited about this day a long time. We had tried to get a ride when it was on tour in Oklahoma, much closer, but one of them got sick on the drive that day and it didn’t work out. So Saturday morning, we took the 1.5-hour-flight up to northern Nebraska. We’d heard they’d have a pancake breakfast fundraiser, and the boys were even more excited. They asked to set the alarm early, so we’d have no risk of missing out on airport pancakes.

Jacob took this photo of the sunrise at the airport while I was doing my preflight checks:


Here’s one of the beautiful views we got as we flew north to meet the Trimotor.


It was quite something to share a ramp with that historic machine. Here’s a photo of our plane not far from the Trimotor.


After we got there, we checked in for the flight, had a great pancake and sausage breakfast, and then into the Trimotor. The engines fired up with a most satisfying low rumble, and soon we were aloft — cruising along at 1000 feet, in that (by modern standards) noisy, slow, and beautiful machine. We explored the Nebraska countryside from the air before returning 20 minutes later. I asked the boys what they thought.

“AWESOME!” was the reply. And I agreed.


Jacob and Oliver have long enjoyed pretending to be flight attendants when we fly somewhere. They want me to make airline-sounding announcements, so I’ll say something like, “This is your captain speaking. In a few moments, we’ll begin our descent into O’Neill. Flight attendants, prepare the cabin for arrival.” Then Jacob will say, “Please return your tray tables that you don’t have to their full upright and locked position, make sure your seat belt is tightly fastened, and your luggage is stowed. This is your last chance to visit the lavatory that we don’t have. We’ll be on the ground shortly.”

Awhile back, I loaded up some zip-lock bags with peanuts and found some particularly small bottles of pop. Since then, it’s become tradition on our longer flights for them to hand out bags of peanuts and small quantities of pop as we cruise along — “just like the airlines.” A little while back, I finally put a small fridge in the hangar so they get to choose a cold beverage right before we leave. (We don’t typically have such things around, so it’s a special treat.)

Last week, as I was thinking about Father’s Day, I told them how I remembered visiting my dad at work, and how he’d let me get a bottle of Squirt from the pop machine there (now somewhat rare). So when we were at the airport on Saturday, it brought me a smile to hear, “DAD! This pop machine has Squirt! Can we get a can? It’s only 75 cents!” “Sure – after our Trimotor flight.” “Great! Oh, thank you dad!”

I realized then I was passing a small but special memory on to another generation. I’ve written before of my childhood memories of my dad, and wondering what my children will remember of me. Martha isn’t old enough yet to remember her cackles of delight as we play peek-a-boo or the books we read at bedtime. Maybe Jacob and Oliver will remember our flights, or playing with mud, or researching dusty maps in a library, playing with radios, or any of the other things we do. Maybe all three of them will remember the cans of Squirt I’m about to stock that hangar fridge with.

But if they remember that I love them and enjoy doing things with them, they will have remembered the most important thing. And that is another special thing I got from my parents, and can pass on to another generation.

Mexican election: saturation robo-calls spreading disinformation about Andres Manuel Lopez Obrador [Boing Boing]

Andres Manuel Lopez Obrador the front-running candidate for president of Mexico on a largely progressive ticket (tuition breaks, increased aid to seniors, drug war amnesty, though it's a mixed bag, reflecting the weird coalition of left-wing and right-wing parties he's fronting); and he is the target of a bizarre, mass-scale disinformation campaign being carried out by blanket robo-calling. (more…)

Shiny animal sculptures from Jud Turner [Boing Boing]

Sculptor Jud Turner (previously) writes, "Been playing with shiny chrome parts in the studio lately (motorcycle parts, mostly) to conjure up things that are currently scaring me: "Stanislav the Russian Boar" and "Hera the Mud Dauber Wasp." Don't worry, I'm using plenty of ventilation and respirator when welding up this toxic but super-fun material. (more…)

Slashdotter: I've had a pillcam stuck in my gut for 12 weeks and counting [Boing Boing]

BeauHD, a Slashdot moderator, has Crohn's Disease, and he lives in an age of modern miracles, which means that he can have his small intestine surveyed by swallowing a tiny pill-sized camera, rather than having a scope threaded up his rectum or down his throat, or having his gut sliced open. (more…)


A young caged teen in a Texas immigration camp is teaching other kids to change caged toddlers' diapers [Boing Boing]

At Ursula, an immigration facility in McAllen, TX, 500 children separated from their families are crammed 20 to a cage. It's home to kids of all ages, from toddlers to young teens (once a teen turns 18, they are magically converted into a criminal and moved to the adult facility). (more…)


Four short links: 18 June 2018 [All - O'Reilly Media]

Innovation Stack, Fundraising, Diversity and Fans, and APIs to MySQL Data

  1. The Innovation Stack (Steve Blank) -- a must-read for anyone whose company needs to "get more of that innovation thing happening here."
  2. Both Sides of the Table -- great advice for fundraising from VCs.
  3. Superfan! (Sacha Judd) -- on teams, life, and some ways in which they all go horribly wrong. Her most excellent talk from Velocity this year.
  4. xmysql -- One command to generate REST APIs for any MySQL Database.

Continue reading Four short links: 18 June 2018.

Four short links: 15 June 2018 [All - O'Reilly Media]

Pose Estimation, Data Ethics, Interactive Explanation, and Serverless Tool

  1. Through-Wall Human Pose Estimation Using Radio Signals -- RF-Pose provides accurate human pose estimation through walls and occlusions. It leverages the fact that wireless signals in the WiFi frequencies traverse walls and reflect off the human body. It uses a deep neural network approach that parses such radio signals to estimate 2D poses.
  2. Data Ethics Framework -- the UK shared their principles, the explanation of each principle, and the workbook for figuring out how to apply them.
  3. Predator and Prey (Mike Bostock) -- a really nice demo of the "what if we didn't publish static text and images, but instead you could interact with the explanation?". Inspired by Bret Victor, obvs.
  4. AWS SAM CLI -- a CLI tool for local development and testing of Serverless applications.

Continue reading Four short links: 15 June 2018.

In two days, an EU committee will vote to crown Google and Facebook permanent lords of internet censorship [Boing Boing]

On June 20, the EU's legislative committee will vote on the new Copyright directive, and decide whether it will include the controversial "Article 13" (automated censorship of anything an algorithm identifies as a copyright violation) and "Article 11" (no linking to news stories without paid permission from the site). (more…)

Ridiculously Insecure Smart Lock [Schneier on Security]

Tapplock sells an "unbreakable" Internet-connected lock that you can open with your fingerprint. It turns out that:

  1. The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it.
  2. Any Tapplock account an unlock every lock.
  3. You can open the lock with a screwdriver.

Regarding the third flaw, the manufacturer has responded that "...the lock is invincible to the people who do not have a screwdriver."

You can't make this stuff up.

EDITED TO ADD: The quote at the end is from a different smart lock manufacturer. Apologies for that.


CodeSOD: The Sanity Check [The Daily WTF]

I've been automating deployments at work, and for Reasons™, this is happening entirely in BASH. Those Reasons™ are that the client wants to use Salt, but doesn't want to give us access to...

Arturo Borrero González: Netfilter Workshop 2018 Berlin summary [Planet Debian]

Netfilter logo

This weekend we had Netfilter Workshop 2018 in Berlin, Germany.

Lots of interesting talks happened, mostly surrounding nftables and how to move forward from the iptables legacy world to the new, modern nft framework.

In a nutshell, the Netfilter project, the FLOSS community driven project, has agreed to consider iptables as a legacy tool. This confidence comes from the maturity of the nftables framework, which is fairly fully-compliant with the old iptables API, including extensions (matches and targets).

Starting now, next iptables upstream releases will include the old iptables binary as /sbin/iptables-legacy, and the same for the other friends.

To summarize:

  • /sbin/iptables-legacy
  • /sbin/iptables-legacy-save
  • /sbin/iptables-legacy-restore
  • /sbin/ip6tables-legacy
  • /sbin/ip6tables-legacy-save
  • /sbin/ip6tables-legacy-restore
  • /sbin/arptables-legacy
  • /sbin/ebtables-legacy

The new binary will be using the nf_tables kernel backend instead, what was formely known as ‘iptables-compat’. Should you find some rough edges with the new binary, you could always use the old -legacy tools. This is for people who want to keep using the old iptables semantics, but the recommendation is to migrate to nftables as soon as possible.

Moving to nftables will add the benefits of improved performance, new features, new semantics, and in general, a modern framework. All major distributions will implement these changes soon, including RedHat, Fedora, CentOS, Suse, Debian and derivatives. We also had some talks regarding firewalld, the firewalling service in use by some rpm-based distros. They gained support for nftables starting with v0.6.0. This is great news, since firewalld is the main firewalling top-level mechanism in these distributions. Good news is that the libnftables high level API is in great shape. It recently gained a new high level JSON API thanks to Phil Sutter. The firewalld tool will use this new JSON API soon.

I gave a talk about the status of Netfilter software packages at Debian, and shared my plans to implement these iptables -> nftables changes in the near future.

We also had an interesting talk by a CloudFlare engineer about how they use the TPROXY Netfilter infraestructure to serve thousand customers. Some discussion happened about caveats and improvements and how nftables could be a better fit if it gains TPROXY-like features. In the field of networking at scale, some vmware engineers also joined the conversation for nft connlimit and nf_conncount, a new approach in nftables for rate-limiting/policing based on conntrack data. This was followed up by a presentation by Pablo Neira about the new flow offload infrastructure for nftables, which can act as a complete kernel bypass in case of packet forwarding.

The venue

Jozsef Kadlecsik shared a deep and detailed investigation on ipset vs nftables and how we could match both frameworks. He gave an overview of what’s missing, what’s already there and what could be a benefit from users migrating from ipset to nftables.

We had some space for load-balancing as well. Laura García shared the last news regarding the nftlb project, the nftables-based load balancer. She shared some interesting numbers about how reptoline affects Netfilter performance. She mentioned that the impact of reptoline is about 17% in nftables and 40% for iptables for her use cases.

Florian Westphal gave a talk regarding br_netfilter and how we could improve the linux kernel networking stack from the Netfilter point of view for bridge use cases. Right now all sorts of nasty things are done to store required information and context for packets traveling bridges (which may need to be evaluated by Netfilter). We have a lot of marging for improvement and Florian’s plan is to invest time in these.

We had a very interesting legal talk by Dr. Till Jaeger regarding GPL enforcement in Germany, related to the Patrick McHardly situation. Some good work is being done in this field to defend the community against activities which hurts the interest of all the Linux users and developers.

Harsha Sharma, 18 years old from India, gave a talk explaining her work on nftables to the rest of Netfilter contributors. This is possible thanks to internship programs like Outreachy and Google Summer of Code. Varsha and Harsha, both are so brave for traveling so far from home to join a mostly european-white-men-only meeting. We where joined by 3 women this workshop and I would like to believe this is a symbol of our inclusiveness, of being a healthy community.

The group

The workshop was sponsorized by vmware, zevenet, redhat, intra2net, oisf, stamus networks, and suricata.


The Consuming Fire: Done! [Whatever]

As of about five minutes ago. Wheeee!

For those of you not aware, this is the follow-up to The Collapsing Empire, and in fact follows directly after the events of the book. Emperox Grayland II, Kiva Lagos, Marce Claremont and Nadashe Nohamapetan are all back, along with explosions, fights, thrilling escapes, space battles and mysterious new characters who aren’t always what they seem. You know, the usual. I think you’re gonna like it. I do.

It’s out October 16. Yes, that’s soon, in terms of book production. This is the second book I am turning in at literally the last possible instant. I do not recommend this strategy, people.

Off to do a couple of quick copy edits, and then off it goes to my editor, and then off I go, to sleep. Catch you later. Much later.



Foxtel Pirate Site Blocking Application Could Be Granted in Record Time [TorrentFreak]

Back in April, pay TV company Foxtel filed the latest in a series of blocking applications, this time targeting more than two dozen domain names facilitating access to 15 torrent and streaming services.

To save on time and costs, Foxtel envisioned things going a little bit differently this time around. The company didn’t want to have expert witnesses present in court and asked whether live demonstrations of websites could be replaced by videos and screenshots instead.

Foxtel also said that if the ISPs expected to block the domains agree, it wouldn’t serve its evidence on them as it had done previously.

The company then asked Justice Nicholas to deal with the entire injunction application “on paper.” He declined, instead scheduling a hearing to take place today.

As hoped by Foxtel, events were indeed more streamlined. According to a ZDNet report, the hearing lasted for just an hour, with no live website demonstrations and the requested videos being allowed.

The application targeted 15 torrent site domains and ten streaming sites located overseas (a requirement for blocking under Australian law), each of which “unashamedly and flagrantly” infringes copyright.

ComputerWorld lists the torrent sites as ETTV, MagnetDL, Torrent Download (possibly TorrentDownloads.me), Torrent Room (TorrentRoom.com), and Torrents.me. A domain facilitating access to the previously-blocked Pirate Bay was also included in the application.

Also demonstrated in Court was a search bar that can be used to access content on torrent sites including 1337x and The Pirate Bay. No further details on the bar have been made available, but as a standalone item, blocking seems unlikely.

The streaming services targeted by Foxtel include HDO, HDEuropix, 123Hulu, Watch32, Sockshare, NewEpisodes, 1Movies, 5Movies, WatchFreeMovies and SeriesTop. They represent just a handful of the hundreds of similar domains offering streaming today.

Both the torrent and streaming sites stand accused of facilitating access to a range of popular TV shows including Game of Thrones, Grey’s Anatomy and Fear the Walking Dead plus movies including Jason Bourne, Pacific Rim, and Red Sparrow.

Under Section 115a of the Copyright Act, Foxtel wants the usual ISPs – Optus, Vocus, Telstra, TPG plus their subsidiaries – to render the sites inaccessible by the usual means.

None were present in Court today, and none turned up at the case management hearing on Friday either. It’s a pattern that’s likely to continue moving forward.

Due to no special systems or technology being deployed by any of the websites in question, the application is expected to run smoothly. Indeed, reports suggest that Justice Nicholas could hand down a decision as soon as 21 June.

Update: The order was granted this morning, June 20, just a day after the hearing. The process was straightforward and reported here and here.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Cold yeast [Seth's Blog]

Almost every element of good bread happens long before it goes into the oven.

Too often, we spend our time and effort on the exciting last step. And too often, we forget to spend our time and attention on the preparation that’s a lot less urgent or glamorous, but far more important.

Poor preparation is a lousy excuse for a last-minute selfish frenzy. That frenzy distracts us from doing it right the next time.

If you want to understand where mastery and success come from, take a look at the inputs and the journey, not simply the outputs.


Top 10 Most Pirated Movies of The Week on BitTorrent – 06/18/18 [TorrentFreak]

This week we have three newcomers in our chart.

Escape Plan 2: Hades is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the articles of the recent weekly movie download charts.

This week’s most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (…) Escape Plan 2: Hades 3.9 / trailer
2 (1) Tomb Raider 6.6 / trailer
3 (2) Pacific Rim: Uprising 5.8 / trailer
4 (4) Avengers: Infinity War (HDCam) 9.1 / trailer
5 (…) Acrimony 5.0 / trailer
6 (8) Sherlock Gnomes 4.8 / trailer
7 (6) A Quiet Place 8.0 / trailer
8 (5) 211 4.3 / trailer
9 (7) Black Panther 7.9 / trailer
10 (…) Beirut 6.5 / trailer

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

1201 [LFG Comics]

The post 1201 appeared first on Looking For Group.

GenCon! GenCon! GenCon! [LFG Comics]

Yup, that’s right kids! Everyone’s favourite show of the year, GenCon, is fast approaching! It’s The Best Four Days in Gaming™ and we have a ton of awesome and secret stuff lined up for you all *cough*newgame*Coughcough*expansion*cough* to enjoy! But […]

The post GenCon! GenCon! GenCon! appeared first on Looking For Group.

1198 [LFG Comics]

The post 1198 appeared first on Looking For Group.

NPC: The Non-Updating Elephant in the Room [LFG Comics]

It’s clear by now that my dream of re-starting NPC keeps getting pushed back and delayed, as other projects, better paying projects unfortunately keep taking precedence. That said, I adore NPC. Writing it, trying new story techniques and styles helped […]

The post NPC: The Non-Updating Elephant in the Room appeared first on Looking For Group.

LFG and Patreon [LFG Comics]

As you may or may not have noticed, we’ve recently given LFG.co a bit of a facelift. We like to keep things fresh around here and the updated site is a little more, what you’d call, “mobile-friendly.” You may also […]

The post LFG and Patreon appeared first on Looking For Group.

Comic: Conduct Unbecoming [Penny Arcade]

New Comic: Conduct Unbecoming


Sunset for Liberal Democracy [George Monbiot]

The denial of popular sovereignty by mainstream leaders allows demagogues like Trump to pose as democratic champions.

By George Monbiot, published in the Guardian 18th June 2018


He gets almost everything wrong. But last weekend Donald Trump got something right. To the horror of the other leaders of the rich world, he defended democracy against its detractors. Perhaps predictably, he has been universally condemned for it.

His crime was to insist that the North American Free Trade Agreement (Nafta) should have a sunset clause. In other words, it should not remain “valid indefinitely”, but expire after five years, allowing its members either to renegotiate it or to walk away. To howls of execration from the world’s media, his insistence has torpedoed efforts to update the treaty.

In The Rights of Man, published in 1791, Thomas Paine argued that “Every age and generation must be as free to act for itself, in all cases, as the ages and generations which preceded it. The vanity and presumption of governing beyond the grave is the most ridiculous and insolent of all tyrannies.” This is widely accepted – in theory if not in practice – as a basic democratic principle.

Even if the people of the US, Canada and Mexico had explicitly consented to Nafta in 1994, the idea that a decision made then should bind everyone in North America for all time is repulsive. So is the notion, championed by the Canadian and Mexican governments, that any slightly modified version of the deal agreed now should bind all future governments.

As it happens, the people of North America did not explicitly consent to Nafta. They were never asked to vote on the deal, and its bipartisan support ensured that there was little scope for dissent. The huge grassroots resistance in all three nations was ignored or maligned. The deal was fixed between political and commercial elites, and granted immortality.

In seeking to update the treaty, the three countries candidly sought to thwart the will of the people. Their stated intention was to finish the job before Mexico’s presidential election in July. The leading candidate, Andres Lopez Obrador, has expressed hostility to Nafta, so it had to be done before the people cast their vote. They might wonder why so many have lost faith in democracy.

Nafta provides a perfect illustration of why all trade treaties should contain a sunset clause. Provisions that made sense to the negotiators in the early 1990s make no sense to anyone today, except fossil fuel companies and greedy lawyers. The most obvious example is the way in which its rules for investor-state dispute settlement have been interpreted. These clauses (Chapter 11 of the treaty) were supposed to prevent states from unfairly expropriating the assets of foreign companies. But they have spawned a new industry, in which aggressive lawyers discover ever more lucrative means of overriding democracy.

Chapter 11 grants opaque panels of corporate lawyers, meeting behind closed doors, supreme authority over the courts and parliaments of its member states. An investigation by BuzzFeed revealed that such provisions have been used around the world to halt criminal cases, overturn penalties incurred by convicted fraudsters, allow companies to get away with trashing rainforests and poisoning villages, and, by placing foreign businesses above the law, intimidate governments into abandoning public protections.

Under Nafta, these provisions have become, metaphorically and literally, toxic. When Canada tried to ban a fuel additive called MMT, a potentially dangerous neurotoxin, the US manufacturer used Chapter 11 to sue the government. Canada was forced to lift the ban, award the company $13 million in compensation and issue a public apology. After Mexican authorities refused a US corporation permission to build a hazardous waste facility, the company sued before a Nafta panel, and extracted $15 million in compensation. Another US firm, Lone Pine Resources, is currently suing Canada for $118 million, because the government of Québec has banned fracking under the St Lawrence River.

As the US Justice Department woke up to the implications of Chapter 11, BuzzFeed records, it began to panic: it realised that it “could severely undermine our system of justice” and grant foreign companies “more rights than Americans have”. One official noted that “no one thought about this when Nafta implementing law passed.”

Nor did they think about climate breakdown. Nafta obliges Canada not only to export most of its oil and half its natural gas to the US, but also to ensure that the proportion of these fuels produced from tar sands and fracking does not change. It forbids Canada to leave its most polluting fossil fuels in the ground. As a result, the Canadian government cannot adhere to both its commitments under the Paris agreement on climate change and its commitments under the North American Free Trade Agreement. While the Paris commitments are voluntary, Nafta’s are compulsory.

Were such disasters foreseen by the negotiators? If so, the trade agreement was a plot against the people. If not – and the evidence strongly suggests they were not – its unanticipated outcomes are a powerful argument for a sunset clause. The update the US had in mind was also a formula for calamity, that future governments might wish to reverse. But this is likely to be difficult, even impossible, without the threat – currently forbidden – of walking out.

Those who defend the immortality of trade agreements argue that it provides certainty for business. It’s true that there is a conflict between business confidence and democratic freedom. This conflict is repeatedly resolved in favour of business. That the only defender of popular sovereignty in this case is an odious demagogue illustrates the corruption of 21st-century liberal democracy.

There was much rejoicing this week over the photo of Trump being harangued by the other G7 leaders. But when I saw it, I thought, “the stitch-ups engineered by people like you produce people like him.” The machinations of remote elites in forums such as the G7, the IMF and the European Central Bank and the opaque negotiation of unpopular treaties destroy both trust and democratic agency, fuelling the frustration that demagogues exploit.

Trump was right to spike the Trans-Pacific Partnership. He is right to demand a sunset clause for Nafta. When this devious, hollow, self-interested man offers a better approximation of the people’s champion than any other leader, you know democracy is in trouble.




Armada: A Star Wars Sorry – DORK TOWER 18.06.18 [Dork Tower]

Huge thanks to my pal Charlie Bates for a tremendous guest week, as I work on the Tao of Igor Kickstarter (wait – WHAT?)! Check out his fantastic comics at DevilBear.com, and follow him on Twitter at @Batesian!

Hey! Dork Tower has a Patreon, that makes all this happen! Check it out, why don’t you?


Hot-Blooded, Brew it and See [Diesel Sweeties webcomic by rstevens]

sleep is dumb

Tonight's comic has strong feelings about summer.

Girl Genius for Monday, June 18, 2018 [Girl Genius]

The Girl Genius comic for Monday, June 18, 2018 has been posted.


Steve Kemp: Monkeying around with intepreters - Result [Planet Debian]

So I challenged myself to writing a BASIC intepreter over the weekend, unfortunately I did not succeed.

What I did was take an existing monkey-repl and extend it with a series of changes to make sure that I understood all the various parts of the intepreter design.

Initially I was just making basic changes:

  • Added support for single-line comments.
    • For example "// This is a comment".
  • Added support for multi-line comments.
    • For example "/* This is a multi-line comment */".
  • Expand \n and \t in strings.
  • Allow the index operation to be applied to strings.
    • For example "Steve Kemp"[0] would result in S.
  • Added a type function.
    • For example "type(3.13)" would return "float".
    • For example "type(3)" would return "integer".
    • For example "type("Moi")" would return "string".

Once I did that I overhauled the built-in functions, allowing callers to register golang functions to make them available to their monkey-scripts. Using this I wrote a simple "standard library" with some simple math, string, and file I/O functions.

The end result was that I could read files, line-by-line, or even just return an array of the lines in a file:

 // "wc -l /etc/passwd" - sorta
 let lines = file.lines( "/etc/passwd" );
 if ( lines ) {
    puts( "Read ", len(lines), " lines\n" )

Adding file I/O was pretty neat, although I only did reading. Handling looping over a file-contents is a little verbose:

 // wc -c /etc/passwd, sorta.
 let handle = file.open("/etc/passwd");
 if ( handle < 0 ) {
   puts( "Failed to open file" )

 let c = 0;       // count of characters
 let run = true;  // still reading?

 for( run == true ) {

    let r = read(handle);
    let l = len(r);
    if ( l > 0 ) {
        let c = c + l;
    else {
        let run = false;

 puts( "Read " , c, " characters from file.\n" );

This morning I added some code to interpolate hash-values into a string:

 // Hash we'll interpolate from
 let data = { "Name":"Steve", "Contact":"+358449...", "Age": 41 };

 // Expand the string using that hash
 let out = string.interpolate( "My name is ${Name}, I am ${Age}", data );

 // Show it worked
 puts(out + "\n");

Finally I added some type-conversions, allowing strings/floats to be converted to integers, and allowing other value to be changed to strings. With the addition of a math.random function we then got:

 // math.random() returns a float between 0 and 1.
 let rand = math.random();

 // modify to make it from 1-10 & show it
 let val = int( rand * 10 ) + 1 ;
 puts( "math.random() -> ", val , "\n");

The only other signification change was the addition of a new form of function definition. Rather than defining functions like this:

 let hello = fn() { puts( "Hello, world\n" ) };

I updated things so that you could also define a function like this:

 function hello() { puts( "Hello, world\n" ) };

(The old form still works, but this is "clearer" in my eyes.)

Maybe next weekend I'll try some more BASIC work, though for the moment I think my monkeying around is done. The world doesn't need another scripting language, and as I mentioned there are a bunch of implementations of this around.

The new structure I made makes adding a real set of standard-libraries simple, and you could embed the project, but I'm struggling to think of why you would want to. (Though I guess you could pretend you're embedding something more stable than anko and not everybody loves javascript as a golang extension language.)

Sunday, 17 June


Clint Adams: Before the combination with all the asterisks [Planet Debian]

We assembled at the rally point on the wrong side of the tracks. When consensus was achieved, we began our march to the Candy Kingdom. Before we had made it even a single kilometer, a man began yelling at us.

„It’s not here,” he exclaimed. “It’s that way.”

This seemed incredible. It became apparent that, despite his fedora, he was probably the King of Ooo.

Nevertheless, we followed him in the direction he indicated. He did not offer us space in his vehicle, but we managed to catch up eventually.

„It’s to the right of the cafe. Look for сиська,” he announced.

It occurred to me that the only sign I had seen that said сиська was right by where he had intercepted us. It also occurred to me that the cafe had three sides, and “right” was rather ambiguous.

There was much confusion until the Banana Man showed up.

Posted on 2018-06-17
Tags: mintings


Cockygate defeated: judge finds "Cocky" trademark for romance titles unenforceable [Boing Boing]

You'll recall that self-published romance author Faleena Hopkins undertook the sociopathic step of registering a trademark on the word "Cocky" in the titles of romance novels and then had her rivals' works removed from Amazon, threatening to sue any writer who used the common word in a title in the future. (more…)


[$] 4.18 Merge window, part 2 [LWN.net]

By the time that Linus Torvalds released 4.18-rc1 and closed the merge window for this development cycle, 11,594 non-merge changesets had found their way into the mainline kernel repository. Nearly 4,500 of those were pulled after last week's summary was written. Thus, in terms of commit traffic, 4.18 looks to be quite similar to its predecessors. As usual, the entry of significant new features has slowed toward the end of the merge window, but there are still some important changes on the list.

Happy Father’s Day! [Whatever]

Today is Father’s Day, as many of you may already know, and since it is Father’s Day, I feel justified in bragging about my dad, so that’s exactly what I’m going to do!

My dad is possibly the most awesome person I know. If you’ve ever seen my dad perform or read any of his books (aside from The God Engines), you know he’s hilarious. This is a trait I like to think I inherited in full. Though he may be kind of a showoff and sometimes a tad bit of a mansplainer, he really is smart. I’m convinced he could win any trivia gameshow, he knows so much random stuff it’s unbelievable. But it’s not just random knowledge that makes him smart, he’s just an intelligent person in general, which is a trait I definitely did not inherit.

My dad grew up poor as dirt (which led to him writing his Being Poor post) and now he’s a New York Times best-selling author. He is the perfect example of a “rags to riches” story. My dad went from working at Del Taco to becoming a Hugo Award winning author. I mean, he really went out there and achieved his dream. How many people can say that they became what they always wanted to be as a kid? Well, my dad can, and I am so proud of him for everything he’s done.

Best of all, he believes in me. For as long as I can remember, I’ve been told I can do anything and everything I want. Whatever I want to achieve, whatever I want to become, I have his full support. He has given me amazing opportunities to reach my dreams. Paying for my college, letting me write on this blog, all of it is to help become what I want to be. I know he will always back me up (#7).

My dad is my role model, and I mean that 100%. I hope someday I can become half, even a quarter, of the amazing, caring, successful, awesome dude my dad is.

Me, 3/25/16



The Humble Manga Bundle: Manga to Anime by Kodansha! Our manga... [Humble Bundle Blog]

The Humble Manga Bundle: Manga to Anime by Kodansha! 

Our manga bundle has over $800 (seriously) worth of ebooks, including Battle Angel Alita, Inuyashiki, The Ghost In The Shell, and more! Ko-doncha wanna read some new comics?

Assets for Press and Partners

Torrents Turn Rambo-Prequel Novel into a Success [TorrentFreak]

In this day and age, aspiring artists have access to a wide variety of tools they can use to create a decent product.

Creating something is easy, but the real challenge is to escape obscurity and get noticed by the public.

Traditionally, this task has been fulfilled by major publishers and other media distributors, but there are also alternative routes.

The stories of YouTube sensations who turned into their own media empires come to mind. But in darker corners of the web, which are mostly associated with piracy, there are success stories too.

This week we spoke to Italian author Wallace Lee, whose unofficial Rambo-prequel “Rambo Year One” received great reviews after relying on torrents as a main distribution channel.

Lee’s story starts several years ago, when he began publishing short Rambo stories on a personal blog hosted by WordPress. It was fan-fiction in its purest form, but the author soon realized that not everyone was happy with his work.

“Two years before free-sharing my first novel, I had a blog where I used to post my Rambo prequel short tales for free. And yet, a few months later, my site was shut down because the laws in the US allow copyright owners to stop fanfiction too, and even if it’s just for free.”

It turned out that a rightsholder objected to his use of the Rambo character. While Lee doesn’t recall the sender of the notice, it meant that he could no longer publish his work as he pleased.

Caught in a copyright stranglehold, the author felt limited in his creative expression. Ironically, he saw torrents as his way out. If he published his works on The Pirate Bay, copyright holders couldn’t touch him, he thought.

It was a defiant thought, which may have worked, but luckily for him, it didn’t get that far. Instead of becoming a ‘pirate writer,’ Lee received permission from David Morrell, author of the novel “First Blood” on which the Rambo empire was built.

“Frankly, I feel very lucky things ended up this way because I did not want to be at war with the same guys who owned Rambo in the first place,” Lee tells TorrentFreak.

With permission to freely share his book, the unofficial Rambo-prequel was finally released. While Lee no longer had to turn to piracy, he was still committed to using torrent sites to get exposure and escape obscurity.

That worked to a certain degree. The book was picked up here and there, but without a major publisher, it was hard to be taken seriously by literary critics.

“The prejudice was extremely harsh and lasted for a very long time. For one whole year at least, I was just ‘the crazy guy who was writing a Rambo-prequel saga for nothing’,” Lee says.

That changed when the author started to point people toward the historical accuracy of the book, which has the Vietnam war as the backdrop, and using that as one of the main selling points.

“Everyone was astonished by the idea that a Rambo prequel aspired to be a good historical novel too, and that was when important people decided to finally give me a chance. And when they did, they were pleased.”

This eventually led to more and more positive reviews, including a reading recommendation from the Calvino literary awards in Italy.


Looking back, Lee doesn’t think he would have come this far without torrents. They helped, not only to keep distribution costs low, but also to make his work visible to an audience of millions.

“Torrents helped a lot, and they’re still doing so in terms of distribution. Distribution is the most important part of the success of ANY artwork: books, music, films, everything,” Lee tells us.

“Torrents solved the problem by making my work worldwide both visible and available at the same time. Without the torrents, thousands of people in the world would have never found my websites and novels on the internet.”

Now, a few years later, the book has been translated by fans into two more languages, German and Spanish. They are all available for free in Epub, Mobi, and Pdf format, and the author uploaded new torrents on several sites just last week.

Rambo Year One

In addition to public sites such as The Pirate Bay, 1337X and Ettv, Lee also uploaded the release to the Italian private tracker TNT Village, which helped him a lot over the years.

Looking back, the whole experience has been a great success. In addition to getting recognized internationally as an Italian author, he is now in talks with several publishing companies to publish his non-Rambo novels.

Lee currently accepts donations on his site, where people can also find his other novels, for free. He never made a penny from the Rambo-prequel though, and never intended to. What he got instead was worth much more than that.

“Receiving words of appreciation from actual US veterans of the wars in Afghanistan and Iraq for your Rambo-prequel novels, has no price,” Lee says.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

France's Front National (who support the EU's mandatory copyright filters) furious when Youtube's copyright filters kill their channel [Boing Boing]

On June 20, an EU committee will vote on mandatory copyright filters -- the idea that everything that gets posted to an EU service should be checked for copyright violations by a machine learning system that will decide what gets published and what gets censored. (more…)


Today in GPF History for Sunday, June 17, 2018 [General Protection Fault: The Comic Strip]

Resorting to desperate measures, Sharon finally gets Fooker to open up about his family...


A musical salute to Father's Day, courtesy of Groucho Marx and Junior Bear [Boing Boing]


Behold, my two most favorite pieces of Father's Day media. I'm thousands of miles from my own family today, but I'm celebrating Father's Day in my own way. (more…)


Canada's best weapon in a US trade-war: invalidating US pharma patents [Boing Boing]

As the US-Canada trade war heats up, Canada finds itself in an asymmetrical battle, vastly overmatched against a country with an order of magnitude population advantage. (more…)


Here are 15 privacy settings you should change from defaults, from Linkedin to cellphones to smart TVs [Boing Boing]

The Washington Post rounds up 15 privacy defaults that no one in their right mind would want to leave as-is, and provides direct links to change 'em (hilariously and predictably, Verizon/Oath/Yahoo's privacy settings dashboard times out when you try to load it) -- once you're done with that, go back and follow his links to unfuck the privacy defaults for Google, Apple, Amazon, Microsoft and #DeleteFacebook. (via Reddit)

Across America, the Poor Peoples' Campaign is building steam and refusing to be intimidated by crackdowns [Boing Boing]

We're into the fifth week of the Poor People’s Campaign: A National Call for a Moral Revival, a national uprising over the state of the richest nation in the world, where 140,000,000 people live at or below the poverty line (America is history's first rich poor country). (more…)

It's often cheaper to pay cash for your prescriptions rather than the co-pay, but the pharmacy is legally prohibited from suggesting it [Boing Boing]

America's health care is totally screwed up, Part Ten Gazillion: in many cases, the medicines your doctor prescribes are cheaper than the co-pay your health insurance charges, which means that if you just buy the meds instead of charging them to insurance, you save money. (more…)


Frozen Rat Kidney Shipping Container: The incredibly bounty of the NIH's 3D printables repository [Boing Boing]

The National Institutes of Health maintain a 3D Print Exchange, a kind of miniature Thingiverse for open-licensed, 3D printable objects for teaching and practicing public health. (more…)

114 candidates in Mexico's upcoming elections have been murdered, so far [Boing Boing]


Alejandro Chavez Zavala was running for mayor of Tareta in the state of Michoacan when he was gunned down following a campaign event. (more…)

Employees who practice mindfulness meditation are less motivated, having realized the futility of their jobs [Boing Boing]

In the NYT, a pair of behavioral scientists describe a forthcoming Organizational Behavior and Human Decision Processes article (Sci-Hub mirror) that studied the effect of mindfulness meditation (a trendy workplace moral-booster) on workers' motivation and performance. (more…)


Bits from Debian: Debian Artwork: Call for Proposals for Debian 10 (Buster) [Planet Debian]

This is the official call for artwork proposals for the Buster cycle.

For the most up to date details, please refer to the wiki.

We would also like to take this opportunity to thank Juliette Taka Belin for doing the Softwaves theme for stretch.

The deadlines for submissions is: 2018-09-05

The artwork is usually picked based on which themes look the most:

  • ''Debian'': admittedly not the most defined concept, since everyone has their own take on what Debian means to them.
  • ''plausible to integrate without patching core software'': as much as we love some of the insanely hot looking themes, some would require heavy GTK+ theming and patching GDM/GNOME.
  • ''clean / well designed'': without becoming something that gets annoying to look at a year down the road. Examples of good themes include Joy, Lines and Softwaves.

If you'd like more information, please use the Debian Desktop mailing list.


Sceper Set to Return After Attempted Sale “Turned Into a Scam” [TorrentFreak]

Earlier this year, TorrentFreak received a steady stream of emails from users of Sceper.ws, one of the most popular “release blog” sites.

After about eight years of serving up links to large volumes of mainstream content, the site had apparently disappeared. There was no warning or indication of what may have transpired, but several weeks ago a message appeared on its homepage, indicating the platform was up for sale.

Intrigued as to why its operators had decided to throw in the towel, TF made contact seeking information. This week we received a response from part owner and long-standing editor ‘Error’ but it wasn’t what we were expecting.

“The problems started when we stopped paying attention to our website due to real-life issues,” Error explained.

“Once we forgot to renew our domain which caused a few days of down time and more recently we switched to a new server and the payment renewal was not automated, so it expired. In the end, I decided it would be better to sell the site to a person who can actually take care of it and run it as we used to years back.”

Error says that after putting the site up for sale they had a lot of responses from people with bids, but one individual stood out as a reasonable person with a decent offer.

In the world of ‘warez’, however, not many things are straightforward. Few people want to make their identities known and meeting people face to face is mostly out of the question. Error says he asked the prospective buyer to nominate an intermediary, such as a trusted and well-known person within the warez scene. The offer was declined.

“[The buyer] said that he didn’t trust anyone and was fine sending the money in two payments, half before he received the database and half after he was satisfied that he can work with the old database. Then the domain transfer could happen,” Error explains.

The buyer identified himself as a former editor of a Sceper rival which had shut down under legal pressure back in 2012.

Additional proof came in the form of a panel screenshot which showed the buyer had access to a current scene release blog and other related domains. An email address used in correspondence with Error also belonged to the same blog, confirming the buyer’s identity.

Error says he hadn’t heard of the release blog until that moment, but he concluded that Sceper would be safe under this potential new ownership. However, when asked to send the first payment before receiving the Sceper database, the buyer asked for the database in advance, ostensibly to see it working first. Error put trust in him.

“After a couple of days he told me that the database had some issues, it was too big and consuming a lot of hardware resources, so he needed to run it live,” Error explains. After some back and forth, Error agreed to add the buyer’s nameservers to the Sceper.ws domain.

“The site went live and I came back to check the next day. He said MySQL had some issues and he needed more time to extract posts and import everything to a fresh installation to resolve the issues completely.”

With technical discussions underway on Skype, chats seen by TF dating back to May reveal Error repeatedly asking for an initial payment. Each time, the prospective buyer – who we will call ‘FD’ – gave reasons not to pay.

“I know you waited long, but it was very hard work. I worked whole days on it, please be a little more patient. I am not sure many people would be able to fix this, if any, so basically you found the right person,” FD said.

What followed was a discussion about what money system to use, such as bitcoin, but the conversation suddenly died on Saturday, May 26. Messages sent on a daily basis after that went ignored.

On May 30, FD finally responded, informing Error that he’d been in an accident and asking for more time. Error asked for more details but received no response. It took until June 3 before radio silence was broken by a person on Skype claiming to be FD’s brother.

Apparently, ‘FD’ had been involved in a “direct hit” with another car whose driver had fallen asleep at the wheel and veered onto the other side of the road. FD reportedly had significant injuries and was in hospital but had managed to brief his brother on the Sceper deal, from both technical and financial perspectives.

Messages reviewed by TF show clear similarities in writing style between the supposed brothers, something which didn’t go unnoticed by Error. Nevertheless, in correspondence Error remained both calm and polite, showing concern for the reportedly injured party and assisting with the transfer.

“I just didn’t want to be too rude and out of courtesy gave him the benefit of doubt,” he says.

“Of course, I did not believe it, it was too obvious the way he was messaging, acting like he knows every technical detail like his brother but backing off the moment I brought up the topic of money.”

From June 6, several messages to FD and/or his supposed brother went unanswered but with Error dealing with real-life issues, the site became less of a priority.

A couple of days later, however, Error noticed that the Sceper homepage had an announcement advising former users of Sceper.ws to switch to Sceper.net. This coincided with several posts to Reddit (by an account known to be affiliated with the release blog run by the prospective buyer) telling people to use the .net domain.

Sceper.net itself, which was registered just days before, also carried a notice claiming to be the new home of Sceper.ws.

“That rang the alarm bell. I logged in to my Skype and FD was no longer in my friend list. I removed his name servers and placed an image on Sceper.ws,” Error explains.

From there the dispute moved to email, with FD insisting that he’d been in the hospital for the previous 15 days. However, he did offer an explanation for the mysterious and coincidental promotion of the Sceper.net domain.

“I am investigating the happening around Sceper at the moment,” he wrote in a June 12 email to Error.

“I see that someone redirected Sceper.ws traffic somehow. The leak might be coming from the server, there’s been a couple of brute force attacks recently, so some data might have been compromised.”

In response, Error pointed out the mounting issues. The reluctance to pay, the posts on Reddit and elsewhere advertising the .net domain, being blocked on Skype, not to mention the disabling of Error’s WordPress account.

FD responded by doubling down on the malware claims and stating that at this point he was simply glad to be alive. Ever polite, Error wished FD a speedy recovery but was then offered something extraordinary in return.

“Since you’ve been very patient and understanding I will neglect your accusations pointed at me. I can help you bring down Sceper.net cause I found out how and where my data got stolen,” FD said.

The quid pro quo for this generous act was that FD wouldn’t be paying for the database anymore because it had failed to live up to expectations and wouldn’t generate the traffic he hoped. Instead, there would be a new deal, with him buying just the Sceper.ws domain in two installments. Error flatly refused and said that he’d only accept payment for the full amount.

“Have a nice day,” Error concluded. And that was that.

After reviewing all chat logs and emails detailing the proposed sale and negotiations after that, TorrentFreak contacted ‘FD’ for his take on the above allegations. At the time of publication, we had not received a response.

So now a new wait continues, not necessarily for the sale of Sceper.ws, but for its relaunch. With a fresh outlook, Error says the site will relaunch “very soon.” He’ll be hoping that moving forward, any drama will be kept to a minimum.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

The trap of insightful selection [Seth's Blog]

“Which one do you want?”

There were 100 quarts of strawberries at the farmer’s market yesterday. In answer to the farmer’s question, the person ahead of me in line spent a full minute looking them all over before picking one.

The thing is: 90% of the strawberries in a quart are hidden from view. They’re beneath the top layer. There’s no strategy to tell which quart is better than the other, unless you (erroneously) believe that the top layer is an accurate indicator of what lies below.

The analogy wasn’t lost on me: We do this all the time. We do it with job interviews, with dating sites, with decisions about who to trust with an investment or even to drive our Lyft.

The other thing is: We get satisfaction out of picking, even if we know that our data is suspect and evidence is limited. We like the feeling of power and control, even though we have very little.

If all you’re seeing is the top layer, you’ve learned nothing. Maybe less than nothing. Con men are particularly good at seeming trustworthy, and the outfit worn to a job interview tells you nothing about someone’s dedication, work ethic or honesty.

The real information comes from experience. If the farmer is the sort of person who won’t put the clinkers on the bottom, she’s earned our trust.



As a society, we must get over the green loo | David Mitchell [David Mitchell | The Guardian]

The avocado bathroom suite is an interior design no-no these days, but it hardly proves that civilisation has reached its zenith

For some reason, Samsung has commissioned a study into what people think are the worst interior decoration fads of the last 50 years. I say “for some reason” because, at heart, I’m an optimist. I try to believe there’s a good reason or, failing that, some sort of reason for most of the things people do. But I must admit, in this instance, I’m struggling to think of one.

Raising brand awareness perhaps? It certainly will do that, to a modest extent. Articles mentioning the study will probably mention Samsung, so it’s getting more mentions. But are they apposite mentions? It’s not as if Samsung makes interior designy things – or, if it does, there’s still a lot more brand awareness work to be done where I’m concerned. Can you get Samsung sofas, or curtains, or lamps, or wallpaper? Why didn’t Dulux or Laura Ashley or Ikea pay for this survey? I thought Samsung made mobile phones?

Our culture has completely lost its sense of perspective about avocado bathrooms

Continue reading...


June 2018 Wallpaper: My Pal Bitey [Skin Horse]


Shaenon: Last month I got to visit London and see the National Gallery.  It reminded me of how much I love the paintings of Henri Rousseau, so this month I did a Rousseau-inspired illustration.

If you make a donation in any amount to the Skin Horse Tip Jar, or contribute any amount to our Patreon, we’ll give you a link to this wallpaper. Patreon contributors will continue to receive new wallpaper for the length of their contribution.

Channing: Man, this is one of the prettiest things to ever come out of something I originally intended as a stupid one-off gag.


A set of weekend stable kernel updates [LWN.net]

The stable update machine continues to crank out releases: 4.17.2, 4.16.16, 4.14.50, 4.9.109, and 4.4.138 are all available with another set of important fixes.

Kernel prepatch 4.18-rc1 [LWN.net]

The first 4.18 prepatch is out, and the merge window has closed for this development cycle. "You may think it's still Saturday for me, and that I should give you one more day of merge window to send in some last-minute pull requests, but I know better. I'm in Japan, and it's Sunday here."


A True Gem More People Should Know About: The Road to El Dorado [Whatever]

It has come to my attention that not a lot of people have heard of or seen Dreamworks’ The Road to El Dorado. This is a downright shame and I’m here today to promote it and all of its awesomeness!

If you’re looking for a movie that is fun, colorful, hilarious, heartfelt, and has an amazing soundtrack, then do I have the movie for you! The Road to El Dorado is all of these and so much more. It came out in 2000, but I didn’t see it until a couple years ago, and it immediately became one of my all-time favorite movies. This is a movie where the characters really make it go from a good movie to a fantastic one. The main characters, Miguel and Tulio, are two street scammers in Spain with the dream of being rich and living an adventurous life. They wind up in El Dorado, the City of Gold, and are mistaken by the Aztecs as their deities. It’s so much fun and only an hour and a half and it’s on Netflix, so I really think y’all should check it out sometime.

If you have seen it before, let me know which character is your favorite or if you have a favorite moment! If you’ve never seen it, what are some of your other favorite Dreamworks animated movies? Personally, my favorite is probably Rise of the Guardians, but How to Train Your Dragon is also a great one. And as always, have a great day!

Saturday, 16 June


Just 48 hours left of the The Humble Book Bundle: Pocket Primers... [Humble Bundle Blog]

Just 48 hours left of the The Humble Book Bundle: Pocket Primers by Mercury! 

This bundle has over $400 worth of ebooks on Python 3, Android, HTML5 Mobile, CSS3, and more.

You choose where your money goes. Pick a charity from our database of thousands!

Assets for Press and Partners

U.S. Drops Indictment Against Alleged Operator of Pirate App Store [TorrentFreak]

applanetAssisted by police in France and the Netherlands, the FBI took down the “pirate” Android stores Appbucket, Applanet, and SnappzMarket during the summer of 2012.

During the years that followed several people connected to the Android app sites were arrested and indicted, resulting in prison sentences for some.

SnappzMarket’s Scott Walton was handed a 46-month prison sentence for conspiracy to commit copyright infringement, and his colleague Joshua Taylor was sentenced to a 16-month term.

While some defendants pleaded guilty in order to get a reduced sentence, not all did. David Lee, a California man linked to Applanet, decided to fight the case instead, and not without success.

The US Government had charged Lee with aiding and abetting criminal copyright infringement (pdf). In addition, he was charged with conspiring to infringe copyrights and violating the DMCA’s anti-circumvention provision.

As the case progressed, it became clear that the U.S. Government’s evidence wasn’t as strong as initially thought. Before the trial even started, the prosecution voluntarily dropped the criminal copyright infringement charge.

What remained was the conspiracy charge, but after hearing evidence and testimony from both sides of the case, the jury was unable to issue a unanimous decision. As a result, the case ended in a mistrial two years ago.

The Department of Justice did not let the case go though. Soon after the mistrial, it informed the court that it would re-try Lee. This second trial was delayed a few times but never took place.

Instead, the US Government asked the court to dismiss the indictment against the alleged pirate app store operator, without providing any context. This request was granted earlier this week, which means that Lee is relieved of all charges.

It is not clear what moved the US to dismiss the case. TorrentFreak contacted both Lee’s lawyers and the US Department of Justice for comment, but at the time of publication, we have yet to hear back.

However, with the indictment dismissed, Lee can close this chapter of his life after nearly six years.

Indictment dismissed

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Today in GPF History for Saturday, June 16, 2018 [General Protection Fault: The Comic Strip]

As a full-time secret agent, Fooker slowly gets out of sync with popular culture...


Hi rez images from NASA's 1967/8 Lunar Orbiters were withheld to hide US spying capabilities [Boing Boing]

In 1967, the Lunar Orbiter missions sent back exciting -- but grainy and low-rez -- photos of the moon's surface. (more…)

Adventure House: the sequel to the Haunted Mansion that never was [Boing Boing]

In 1976, Walt Disney World was riding high: the oil crisis was over, tourists were flocking back to Florida, and the successful bicentennial celebration at the Florida Disney resort had been national news. (more…)


Steve Kemp: Monkeying around with intepreters [Planet Debian]

Recently I've had an overwhelming desire to write a BASIC intepreter. I can't think why, but the idea popped into my mind, and wouldn't go away.

So I challenged myself to spend the weekend looking at it.

Writing an intepreter is pretty well-understood problem:

  • Parse the input into tokens, such as "LET", "GOTO", "INT:3"
    • This is called lexical analysis / lexing.
  • Taking those tokens and building an abstract syntax tree.
    • The AST
  • Walking the tree, evaluating as you go.
    • Hey ho.

Of course BASIC is annoying because a program is prefixed by line-numbers, for example:

 20 GOTO 10

The naive way of approaching this is to repeat the whole process for each line. So a program would consist of an array of input-strings each line being treated independently.

Anyway reminding myself of all this fun took a few hours, and during the course of that time I came across Writing an intepreter in Go which seems to be well-regarded. The book walks you through creating an interpreter for a language called "Monkey".

I found a bunch of implementations, which were nice and clean. So to give myself something to do I started by adding a new built-in function rnd(). Then I tested this:

let r = 0;
let c = 0;

for( r != 50 ) {
   let r = rnd();
   let c = c + 1;

puts "It took ";
puts c;
puts " attempts to find a random-number equalling 50!";

Unfortunately this crashed. It crashed inside the body of the loop, and it seemed that the projects I looked at each handled the let statement in a slightly-odd way - the statement wouldn't return a value, and would instead fall-through a case statement, hitting the next implementation.

For example in monkey-intepreter we see that happen in this section. (Notice how there's no return after the env.Set call?)

So I reported this as a meta-bug to the book author. It might be the master source is wrong, or might be that the unrelated individuals all made the same error - meaning the text is unclear.

Anyway the end result is I have a language, in go, that I think I understand and have been able to modify. Now I'll have to find some time to go back to BASIC-work.

I found a bunch of basic-intepreters, including ubasic, but unfortunately almost all of them were missing many many features - such as implementing operations like RND(), ABS(), COS().

Perhaps room for another interpreter after all!


The danger of “not good enough” [Seth's Blog]

That’s how we choose who to work with.

We want someone who’s good at their job. And the ones we pass up are usually labeled as, “not good enough.” And we label ourselves as well. “I’d like to do that sort of work, but I’m not good enough.”

This is obviously a trap.

In almost every line of work, the truthful sentence is, “not good enough yet.”

Of course, at least once you wrote a great line of code or crafted a good headline. At least once you made a good diagnosis or calmed a patient. At least once you did something extraordinary. So it’s not that you can’t do it.

It might be that you don’t care enough to try.

“I’d like to hire that programmer, but he doesn’t care enough to get really good at his craft.” That’s certainly more true than, “He’s never going to be good at programming, because his DNA doesn’t match the DNA of a good coder.”

It’s true that you’re not good enough yet. None of us are. But if you commit to trying hard enough and long enough, you’ll get better.


Yandex and Google Put on Notice Over ‘Pirate’ Search Results [TorrentFreak]

With the online piracy wars about to enter their third decade, there’s an increasing emphasis on pressurizing influential third-parties to tackle the problem.

As a result, much blame is laid at the feet of companies like Google, who are regularly blamed for not doing more to tackle infringements carried out by individuals and entities outside of their control.

Search results are a particularly sticky subject. Google, Bing, and Yahoo, for example, wish to provide the most comprehensive indexes possible. On the flip side, entertainment industry companies insist that those indexes shouldn’t help people find pirated content. If they do, it’s argued that these companies act as piracy facilitators.

This familiar battle is now underway in Russia, where Yandex is in receipt of a strongly-worded letter which accuses the search giant of being a big part of the piracy problem.

According to local publication Vedomosti, the letter is signed by Leonid Agronov, general director of the National Federation of the Music Industry, Alexei Byrdin, general director of the Internet Video Association, Sergei Selyanov, director of the Association of Film and Television Producers, and Pavel Stepanov, president of the Media Communication Union.

The entertainment giants explain that due to ‘pirate’ search results appearing in its indexes, Yandex is contributing to the growth of online piracy. They want the company to show responsibility by adopting measures to both find and remove infringing links from search and related products.

“We urge Yandex to use all available methods to detect illegal content and eliminate it both from search results and from the applications and services of Yandex,” the letter reads.

It’s suggested that Yandex should take a similar path to that taken by search companies in the UK, via the signing of a Memorandum of Understanding which declares common interests in fighting piracy.

Yandex won’t be alone, however.

A spokesman for the Media and Communications Union, which is one of the groups behind the letter, told Vedomosti that a similar letter would be sent to Google in the near future. Needless to say, Google is no stranger to these kinds of allegations, whether in Europe or the United States.

In the letter, search engines like Yandex are accused of promoting illegal resources over legal content, resulting in revenue being siphoned away from legitimate players and into the hands of criminals. The search engine is also accused of taking down material in response to demands under the DMCA, but not doing enough in Russia.

“Yandex actively cooperates with copyright holders and is working to improve the culture of legal content consumption,” the company said in a statement, adding that it actually stands to benefit from ads promoting sales of non-infringing content.

“Yandex stands for an honest Internet, in which quality legal content is available to the user and rightsholders earn from that legitimate consumption,” the company said.

Unlike in the United States under the DMCA, content isn’t as readily taken down in Russia. Yandex also opposes filtering search results, warning that the system is easily abused by rightsholders and others looking to stifle competition.

That being said, Yandex says that rightsholders are welcome to take advantage of the local site-blocking mechanism which tackles both source sites and their mirrors. With these inaccessible, ‘pirate’ search results become useless.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


Playing Favorites With My Cats [Whatever]

As many of you already know, we have three cats. Sugar, Spice, and Zeus. I know a lot of people have a hard time picking their favorite of their pets, because how could you possibly choose between all of your loving, adorable pets? Well, it’s easy for me, because Zeus and Spice are total jerks. Sugar is BY FAR my favorite cat. Zeus has been an asshole cat since day one, but I had hope for Spice in the beginning, then she turned out to be just like him. Sugar is the only good one. So today I’m going to show you a couple of my favorite pictures I’ve taken of her over the past two years.

She is just the cutest and the nicest of the all the cats. Not that I don’t love the other two, I just think Sugar is the sweetest!


Christophe Rhodes: sbcl method tracing [Planet Lisp]

Since approximately forever, sbcl has advertised the possibility of tracing individual methods of a generic function by passing :methods t as an argument to trace. Until recently, tracing methods was only supported using the :encapsulate nil style of tracing, modifying the compiled code for function objects directly.

For a variety of reasons, the alternative :encapsulate t implementation of tracing, effectively wrapping the function with some code to run around it, is more robust. One problem with :encapsulate nil tracing is that if the object being traced is a closure, the modification of the function's code will affect all of the closures, not just any single one - closures are distinct objects with distinct closed-over environments, but they share the same execuable code, so modifying one of them modifies all of them. However, the implementation of method tracing I wrote in 2005 - essentially, finding and tracing the method functions and the method fast-functions (on which more later) - was fundamentally incompatible with encapsulation; the method functions are essentially never called by name by CLOS, but by more esoteric means.

What are those esoteric means, I hear you ask?! I'm glad I can hear you. The Metaobject Protocol defines a method calling convention, such that method calls receive as two arguments firstly: the entire argument list as the method body would expect to handle; and secondly: the list of sorted applicable next methods, such that the first element is the method which should be invoked if the method uses call-next-method. So a method function conforming to this protocol has to:

  1. destructure its first argument to bind the method parameters to the arguments given;
  2. if call-next-method is used, reconstruct an argument list (in general, because the arguments to the next method need not be the same as the arguments to the existing method) before calling the next method's method-function with the reconstructed argument list and the rest of the next methods.

But! For a given set of actual arguments, for that call, the set of applicable methods is known; the precedence order is known; and, with a bit of bookkeeping in the implementation of defmethod, whether any individual method actually calls call-next-method is known. So it is possible, at the point of calling a generic-function with a set of arguments, to know not only the first applicable method, but in fact all the applicable methods, their ordering, and the combination of those methods that will actually get called (which is determined by whether methods invoke call-next-method and also by the generic function's method combination).

Therefore, a sophisticated (and by "sophisticated" here I mean "written by the wizards at Xerox PARC)") implementation of CLOS can compile an effective method for a given call, resolve all the next-method calls, perform some extra optimizations on slot-value and slot accessors, improve the calling convention (we no longer need the list of next methods, but only a single next effective-method, so we can spread the argument list once more), and cache the resulting function for future use. So the one-time cost for each set of applicable methods generates an optimized effective method, making use of fast-method-functions with the improved calling convention.

Here's the trick, then: this effective method is compiled into a chain of method-call and fast-method-call objects, which call their embedded functions. This, then, is ripe for encapsulation; to allow method tracing, all we need to do is arrange at compute-effective-method time that those embedded functions are wrapped in code that performs the tracing, and that any attempt to untrace the generic function (or to modify the tracing parameters) reinitializes the generic function instance, which clears all the effective method caches. And then Hey Bob, Your Uncle's Presto! and everything works.

(defgeneric foo (x)
  (:method (x) 3))
(defmethod foo :around ((x fixnum))
  (1+ (call-next-method)))
(defmethod foo ((x integer))
  (* 2 (call-next-method)))
(defmethod foo ((x float))
  (* 3 (call-next-method)))
(defmethod foo :before ((x single-float))
(defmethod foo :after ((x double-float))

Here's a generic function foo with moderately complex methods. How can we work out what is going on? Call the method tracer!

CL-USER> (foo 2.0d0)
  0: (FOO 2.0d0)
    1: ((SB-PCL::COMBINED-METHOD FOO) 2.0d0)
      2: ((METHOD FOO (FLOAT)) 2.0d0)
        3: ((METHOD FOO (T)) 2.0d0)
        3: (METHOD FOO (T)) returned 3
      2: (METHOD FOO (FLOAT)) returned 9
      2: ((METHOD FOO :AFTER (DOUBLE-FLOAT)) 2.0d0)
    1: (SB-PCL::COMBINED-METHOD FOO) returned 9
  0: FOO returned 9

This mostly works. It doesn't quite handle all cases, specifically when the CLOS user adds a method and implements call-next-method for themselves:

(add-method #'foo
            (make-instance 'standard-method
             :qualifiers '()
             :specializers (list (find-class 'fixnum))
             :lambda-list '(x)
             :function (lambda (args nms) (+ 2 (funcall (sb-mop:method-function (first nms)) args (rest nms))))))
CL-USER> (foo 3)
  0: (FOO 3)
      2: ((METHOD FOO (FIXNUM)) 3)
      2: (METHOD FOO (FIXNUM)) returned 8
    1: (METHOD FOO :AROUND (FIXNUM)) returned 9
  0: FOO returned 9

In this trace, we have lost the method trace from the direct call to the method-function, and calls that that function makes; this is the cost of performing the trace in the effective method, though a mitigating factor is that we have visibility of method combination (through the (sb-pcl::combined-method foo) line in the trace above). It would probably be possible to do the encapsulation in the method object itself, by modifying the function and the fast-function, but this requires rather more book-keeping and (at least theoretically) breaks the object identity: we do not have licence to modify the function stored in a method object. So, for now, sbcl has this imperfect solution for users to try (expected to be in sbcl-1.4.9, probably released towards the end of June).

(I can't really believe it's taken me twelve years to do this. Other implementations have had this working for years. Sorry!)

Friday, 15 June


PayPal Bans Soulseek Over Piracy Concerns, Again [TorrentFreak]

Founded around the turn of the last century, Soulseek is a small dinosaur in the file-sharing world.

Created by former Napster programmer Nir Arbel, the application swiftly turned into a tight community of music fans, which is still active today.

Over the years Soulseek operators Nir and Roz Arbel have seen other file-sharing tools come and go, but all this time they remained dedicated to their principles. Despite its name, Soulseek had long found its purpose.

While it kept a relatively low profile, Soulseek is not immune to the “stigma” that comes with being a file-sharing tool. In 2015, PayPal cut off its ability to collect donations, claiming that sharing tools required pre-approval, even though that policy didn’t exist when it signed up.

Soulseek is not a profit-oriented platform but donations are welcomed. Without PayPal, this became a challenge, but luckily for the developers, the Electonic Frontier Foundation (EFF) was able to intervene.

February 2016 everything returned to normal when the PayPal account was restored, for a while at least. Earlier his year, PayPal apparently changed its mind and booted the application once again.

Soulseek operator Roz Arbel was told that the application violated the payment service’s acceptable use policy and that ‘pre-approval’ was required for ‘file-sharing’ tools. It was pretty much the same recycled argument from years before.

Faced with this deja-vu, Soulseek turned to EFF for help once again, but this time PayPal wouldn’t budge.

“PayPal made it clear that they’re not willing to offer Soulseek financial services any longer. The company did give the Arbels access to their funds and tax documentation, after a request from EFF,” the digital rights group writes.

EFF asked whether PayPal’s latest ban was linked to a concrete copyright complaint, but the payment processor didn’t provide any further information. It just confirmed that Soulseek was banned, apparently for good.

This stance doesn’t come as a complete surprise. PayPal is widely known for its aggressive stance towards BitTorrent sites, Usenet providers and file-hosting services after all.

While some cases may be clearer than others, EFF sees the Soulseek example as a clear illustration of financial censorship.

“What the Arbels are experiencing is a form of financial censorship that has, unfortunately, become increasingly widespread. Following the law isn’t enough—PayPal apparently expects a small message board service with a file-sharing function to do far more than the law requires.”

“PayPal explained to us that they will cut off sites that ‘allow for the transfer or download of copyrighted material.’ Taken literally, that’s a staggeringly broad claim,” EFF writes.

EFF points out that pretty much all content on the Internet is automatically copyrighted. Still, there are thousands of online services that allow people to share it. Downloading copyrighted material is also possible on Dropbox and Google Drive, for example.

In PayPal’s policy, the company suggests that merchants must have a procedure to both “monitor” the files on their service and “remove or otherwise prevent access” to copyright-infringing work. Perhaps that’s where Soulseek goes wrong, but that wouldn’t be fair according to EFF.

“If payment processors were to cut off Internet services simply because they could be used for copyright infringement, a huge swath of the web would lose the ability to accept payments,” EFF writes.

“As a matter of policy, Soulseek respects its users’ privacy by not surveilling their conversations or file exchanges. Violating users’ privacy shouldn’t be the price of entry for using a payment processor.”

It’s clear that Soulseek and PayPal have parted ways. While EFF may not be able to change that, it encourages PayPal and other Internet companies to be more transparent about when and how often they terminate accounts due to complaints from governments or copyright holders.

PayPal’s file-sharing service policy

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.


On the sad state of Macintosh hardware [OSNews]

Rather than attempting to wow the world with "innovative" new designs like the failed Mac Pro, Apple could and should simply provide updates and speed bumps to the entire lineup on a much more frequent basis. The much smaller Apple of the mid-2000s managed this with ease. Their current failure to keep the Mac lineup fresh, even as they approach a trillion dollar market cap, is both baffling and frightening to anyone who depends on the platform for their livelihood. Given the incredibly sad state of the Mac lineup, it's difficult to understand how WWDC could have come and gone with no hardware releases. Apple's transparency in 2017 regarding their miscalculation with the Mac Pro seemed encouraging, but over a year later, the company has utterly failed to produce anything tangible. Instead, customers are still forced to choose between purchasing new computers that are actually years old or holding out in the faint hope that hardware updates are still to come. Every day, the situation becomes more dire.

The Rogue Amoeba tea is not wrong. Apple's Mac line-up is pretty much a joke at this point, and despite Tim Cook's endless "we have great stuff in the pipeline" remarks, Apple is simply failing to deliver. The Mac is still not in a good spot.

RetroBSD: Unix for microcontrollers [OSNews]

RetroBSD is a port of 2.11BSD Unix intended for embedded systems with fixed memory mapping. The current target is Microchip PIC32 microcontroller with 128 kbytes of RAM and 512 kbytes of Flash. PIC32 processor has MIPS M4K architecture, executable data memory and flexible RAM partitioning between user and kernel modes.

It looks like Google is readying the Pixelbook to run Windows 10 [OSNews]

Google's Pixelbook is some beautiful, well-built hardware, but its use of Chrome OS means that for many people, it will be too limited to be useful. Although Chrome OS is no longer entirely dependent on Web applications - it can also be used to run Android applications, and Linux application support is also in development - the lack of Windows support means that most traditional desktop applications are unusable. But that may be changing due to indications that Google is adding Windows support to its hardware. Earlier this year, changes made to the Pixelbook's firmware indicated that Google is working on a mode called AltOS that would allow switching between Chrome OS and an "alternative OS," in some kind of dual-boot configuration. A couple candidates for that alternative OS are Google's own Fuchsia and, of course, Windows.

The Pixelbook is a nice piece of kit, but Chrome OS simply isn't good enough for me personally. The ability to run Windows would make it more desirable, but since it's not even available in The Netherlands - or in most other places, for that matter - I doubt this will attract any new buyers.

The 5G standard is finally finished [OSNews]

It's been a long time coming, but there's finally a finished 5G standard. Earlier this week, the 3GPP - the international group that governs cellular standards - officially signed off on the standalone 5G New Radio (NR) spec. It's another major step toward next-generation cellular networks finally becoming a reality. Now, if you've been paying attention to the cellular industry, this may sound familiar and for good reason: the 3GPP also announced a finished 5G standard in December 2017. The difference is that the December specification was for the non-standalone version of 5G NR, which would still be built on top of existing legacy LTE networks. The agreed-upon specification from this week is the standalone version of 5G, which allows for new deployments of 5G in places that didn't necessarily have that existing infrastructure.

Friday Squid Blogging: Cephalopod Week on Science Friday [Schneier on Security]

It's Cephalopod Week! "Three hearts, eight arms, can't lose."

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.


Sven Hoexter: imagine you no longer own your infrastructure [Planet Debian]

Sounds crazy and nobody would ever do that, but just for a moment imagine you no longer own your infrastructure.

Imagine you just run your container on something like GKE with Kubernetes.

Imagine you build your software with something like Jenkins running in a container, using the GKE provided docker interface to build stuff in another container.

And for a $reason imagine you're not using the Google provided container registry, but your own one hosted somewhere else on the internet.

Of course you access your registry via HTTPS, so your connection is secured at the transport level.

Now imagine your certificate is at the end of its validity period. Like ending the next day.

Imagine you just do what you do every time that happens, and you just order a new certificate from one of the left over CAs like DigiCert.

You receive your certificate within 15 minutes.

You deploy it to your registry.

You validate that your certificate chain validates against different certificate stores.

The one shipped in ca-certificates on various Debian releases you run.

The one in your browser.

Maybe you even test it with Google Chrome.

Everything is cool and validates. I mean, of course it does. DigiCert is a known CA player and the root CA certificate was created five years ago. A lot of time for a CA to be included and shipped in many places.

But still there is one issue. The docker commands you run in your build jobs fail to pull images from your registry because the certificate can not be validated.

You take a look at the underlying OS and indeed it's not shipping the 5 year old root CA certificate that issued your intermediate CA that just issued your new server certificate.

If it were your own infrastructure you would now just ship the missing certificate.

Maybe by including it in your internal ca-certificates build.

Or by just deploying it with ansible to /usr/share/ca-certificates/myfoo/ and adding that to the configuration in /etc/ca-certificates.conf so update-ca-certificates can create the relevant hash links for you in /etc/ssl/certs/.

But this time it's not your infrastructure and you can not modify the operating system context your docker container are running in.

Sounds insane, right? Luckily we're just making up a crazy story and something like that would never happen in the real world, because we all insist on owning our infrastructure.

Cambridge Analytica's key staffers formed a new company that's working on Trump 2020 [Boing Boing]

Cambridge Analytica declared bankruptcy last month, but it's not like all its evil masterminds joined a Buddhist monastery -- they've started a new company Data Propria, helmed by Cambridge Analytica alum Matt Oczkowski, who bragged in public that he and Trump campaign manager Brad Parscale were "doing the president’s work for 2020." (more…)


Sune Vuorela: Partially initialized objects [Planet Debian]

I found this construct some time ago. It took some reading to understand why it worked. I’m still not sure if it is actually legal, or just works only because m_derivedData is not accessed in Base::Base.

struct Base {
    std::string& m_derivedData;
    Base(std::string& data) : m_derivedData(data) {

struct Derived : public Base {
    std::string m_data;
    struct Derived() : Base(m_data), m_data("foo") {


News Post: Splash Row [Penny Arcade]

Tycho: The story is true, unfortunately.  Unfortunately for him.  For the rest of us, we get bloomed-out, nostalgic imagery to enjoy. We have a lot of strips that feature doctors of various kinds.  This one was five years ago, and lead to a host of startling outcomes.  His particular weak point in this context is specifically The Dentist, a context I have only positive associations with.  Brenna and I schedule them for the same time so we can go to the dentist together and then we have lunch.  It’s a whole thing. But this was a dental visit that involved…


Comic: Splash Row [Penny Arcade]

New Comic: Splash Row

24,25,23 Years [Whatever]

Not done with the book yet and lots to do before it’s done. But I wanted to note that on this day 24 years ago I proposed to Krissy. 25 years ago tomorrow, we went on our first official date. 23 years ago on Sunday, we were married. It’s our traditional three-day anniversary period. Yes, we planned it that way.

All this means that for more than half my life now, Krissy has been in it, and as a consequence my life has been blessed in ways I can’t even begin to describe. Poor planning on my part means I’m trapped in front of a computer this weekend rather than out with her (well, I should be done on Sunday, so I may be free on our actual anniversary, but I’ll be brain-dead, and that’s no fun). But I want you all to know that on these three days, as I do every day, I’m so very grateful I get to be with her. She is, literally, the best person I know.

Okay, back to it for me. Have a good “our anniversary” weekend, folks.


Page 2 [Flipside]

Page 2 is done.

Today in GPF History for Friday, June 15, 2018 [General Protection Fault: The Comic Strip]

The Lakatos VP of distribution sets off all of Trudy's old evil mastermind alarms...


[$] Toward a fully reproducible Debian [LWN.net]

It's been a little over one year since we last covered Debian's reproducible builds project. The effort has not stopped in the interim; progress continues to be made, the message has sharpened up, and word is spreading. Chris Lamb, speaking about this at FLOSS UK in a talk called "You may think you're not a target: a tale of three developers", hinted that the end may be starting to come into sight.

An Irish band's tribute to Aaron Swartz [Boing Boing]

Brian writes, "I play in band in Dublin, Ireland. In January 2017 we released an album called 'Long Gone' and on it we had a song called 'Papaya' which I wrote after watching The Internet's Own Boy. It is a tribute to Aaron Swartz. The title came when I was singing 'The panic is spreading like fire' I really spat out the 'like fire' and the rest of the guys in the band thought I was saying 'papaya'. The 'Simple, really, simple reallys...' came from RSS." (more…)

Stephen Colbert explains Jesus' position on ripping children from their parents to Jeff Sessions [Boing Boing]

Jeff Sessions says that the Bible commands him to cruelly separate thousands of children from their parents, but Colbert -- a devout Catholic -- begs to differ. (Thanks, Rutherford B Hayes!)

Eye tracking and fMRI confirm that we don't even perceive security warnings before clicking past them [Boing Boing]

A team of computer scientists, psychologists and neuroscientists used eye-tracking and fMRI to measure how users perceived security warnings, such as warnings about app permissions and browser warnings about insecure pages and plugin installations. (more…)


Epic’s Fortnite Copyright Infringement Claims Need Work, Court Says [TorrentFreak]

Frustrated by thousands of cheaters who wreak havoc in Fortnite’s “Battle Royale,” game publisher Epic Games decided to take several to court.

The game developer isn’t trying to bankrupt these people financially. It is mainly interested in preventing them from cheating in the future.

The main strategy thus far has been to ‘settle’ the cases. Several accused cheaters have signed consent judgments, promising not to cheat or engage in any copyright infringing activity going forward.

This tactic doesn’t work in all cases. One of the accused, a man from Russia going by the name of Konstantin Vladimirovich Rak, has failed to respond to the allegations in court.

This failure prompted Epic Games to file for a default judgment, requesting an injunction that would prevent the defendant from using Epic’s copyrighted works to develop cheats, as well as other infringing activity.

Without Rak being able to put up a defense, one might expect an easy win for Fortnite’s developer, but that’s certainly not the case.

In an order published this week, United States Magistrate Judge Laurel Beeler notes that the balance currently weighs against granting the default judgment.

Judge Beeler is specifically concerned with the merits of Epic’s claims and the sufficiency of the complaint. This includes the copyright infringement accusations, which need work.

One of the claims is that Mr. Rak engaged in direct copyright infringement. This requires Epic to show that the alleged infringer violates its exclusive rights, but that’s not the case here,

“Epic alleges that users can download Mr. Rak’s cheat and then inject the cheat into Fortnite code, but it does not allege that Mr. Rak himself injected the cheat into Fortnite code or created an unauthorized derivative work,” Judge Beeler notes.

In addition, the defendant allegedly displayed the cheat in action by posting gameplay on YouTube, thereby violating its exclusive right ‘to perform the copyrighted work publicly.’ However, without further details, the court is not convinced that this is copyright infringement.

“Epic does not allege what exactly Mr. Rak publicly performed or address whether its copyright extends to that performance. On this issue, Epic’s complaint says only that the Rak Video ‘showed full-screen gameplay using the cheat,’ without more,” Judge Beeler writes.

Then, there is the issue of whether posting gameplay material on YouTube is, in fact, copyright infringement. The court doesn’t want to draw any hard conclusions without hearing both sides but concludes that Epic’s claims are not sufficient.

“[T]the court declines to rule on whether posting a video on YouTube of gameplay from a video game does or does not infringe upon a copyright holder’s […] rights. The court will just say this: if it does infringe, Epic has not met its burden of demonstrating that to the court.”

Besides issues with the copyright claims, the trademark allegations are also lacking. Epic claims that the defendant uses the Fortnite trademark without authorization, but doesn’t link this to the sale of goods or services, as it should.

“Epic does not plead that Mr. Rak proposed any commercial transaction or offered anything for sale, much less that consumers would be misled into buying something from him or any other third party under the mistaken belief that it was coming from Epic,” Judge Beeler writes.

Before making a final recommendation, the court will allow Epic to amend its complaint to address the deficiencies. In addition, Epic has to provide the defendant with Russian translations of its filings.

If it chooses not to do so, however, the default judgment will be denied.

A copy of US Magistrate Judge Laurel Beeler’s order is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

The coming era of privacy by default: Brave and the Basic Attention Token [All - O'Reilly Media]

Brendan Eich asks what it would mean to the web if we start building products, apps, and systems that are private by default.

Continue reading The coming era of privacy by default: Brave and the Basic Attention Token.

The cost of JavaScript [All - O'Reilly Media]

Addy Osmani explains why JavaScript is the most expensive resource your site uses today—especially on mobile.

Continue reading The cost of JavaScript.

You are (w)here? Geospatial web dev off the beaten map [All - O'Reilly Media]

Focusing on a mix of artificial, scientific, and environmental sensing data, Aurelia Moser explores fantasy and farcical mapping.

Continue reading You are (w)here? Geospatial web dev off the beaten map.

Can open source change the ratio? [All - O'Reilly Media]

Tracy Lee helps you think differently about how to increase diversity in technology with open source.

Continue reading Can open source change the ratio?.

Question and answer session with Brendan Eich [All - O'Reilly Media]

Brendan Eich shares his thoughts on the future of the web, cryptocurrency, browsers, and JavaScript.

Continue reading Question and answer session with Brendan Eich.

Security updates for Friday [LWN.net]

Security updates have been issued by CentOS (plexus-archiver), Fedora (chromium, kernel, and plexus-archiver), Mageia (firefox, gifsicle, jasper, leptonica, patch, perl-DBD-mysql, qt3, and scummvm), openSUSE (opencv), Oracle (kernel), Red Hat (kernel), Scientific Linux (kernel), SUSE (gpg2, nautilus, and postgresql96), and Ubuntu (gnupg2 and linux-raspi2).

Andrej Shadura: Working in open source: part 1 [Planet Debian]

Three years ago on this day I joined Collabora to work on free software full-time. It still feels a bit like yesterday, despite so much time passing since then. In this post, I’m going to reconstruct the events of that year.

Back in 2015, I worked for Alcatel-Lucent, who had a branch in Bratislava. I can’t say I didn’t like my job — quite contrary, I found it quite exciting: I worked with mobile technologies such as 3G and LTE, I had really knowledgeable and smart colleagues, and it was the first ‘real’ job (not counting the small business my father and I ran) where using Linux for development was not only not frowned upon, but was a mandatory part of the standard workflow, and running it on your workstation was common too, even though not official.

However, after working for Alcatel-Lucent for a year, I found I don’t like some of the things about this job. We developed proprietary software for the routers and gateways the company produced, and despite the fact we used quite a lot of open source libraries and free software tools, we very rarely contributed anything back, and if this happened at all, it usually happened unofficially and not on the company’s time. Each time I tried to suggest we need to upstream our local changes so that we don’t have to maintain three different patchsets for different upstream versions ourselves, I was told I know nothing about how the business works, and that doing that would give up the control on the code, and we can’t do that. At the same time, we had no issue incorporating permissively-licensed free software code. The more I worked at Alcatel-Lucent, the more I felt I am just getting useless knowledge of a proprietary product I will never be able to reuse once and if I leave the company. At some point, in a discussion at work someone said that doing software development (including my free software work) even on my free time may constitute a conflict of interests, and the company may be unhappy about it. Add to that that despite relatively flexible hours, working from home was almost never allowed, as was working from other offices of the company.

These were the major reasons I quit my job at Alcatel-Lucent, and my last day was 10 April 2018. Luckily, we reached an agreement that I will still get my normal pay while on the notice period despite not actually going to the office or doing any work, which allowed me to enjoy two months of working on my hobby projects while not having to worry about money.

To be honest, I don’t want to seem like I quit my job just because it was all proprietary software, and I did plan to live from donations or something, it wasn’t quite like that. While still working for Alcatel-Lucent, I was offered a job which was developing real-time software running inside the Linux kernel. While I have declined this job offer, mostly because it was a small company with less than a dozen employees, and I would need to take over the responsibility for a huge piece of code — which was, in fact, also proprietary, this job offer taught me this thing: there were jobs out there where my knowledge of Linux was of an actual use, even in the city I lived in. The other thing I learnt was this: there were remote Linux jobs too, but I needed to become self-employed to be able to take them, since my immigration status at the moment didn’t allow me to be employed abroad.

Picture of the business license. Text in Slovak: ‘Osvedčenie o živnostenskom opravnení. Andrei Shadura’.

The business license I received within a few days of quitting my job

Feeling free as a bird, having the business registered, I’ve spent two months hacking, relaxing, travelling to places in Slovakia and Ukraine, and thinking about how am I going to earn money when my two months vacation ends.

A street in Trenčín; the castle can be seen above the building’s roof.

In Trenčín

The obvious idea was to consult, but that wouldn’t guarantee me constant income. I could consult on Debian or Linux in general, or on version control systems — in 2015 I was an active member of the Kallithea project and I believed I could help companies migrate from CVS and Subversion to Mercurial and Git hosted internally on Kallithea. (I’ve actually also got a job offer from Unity Technologies to hack on Kallithea and related tools, but I had to decline it since it would require moving to Copenhagen, which I wasn’t ready for, despite liking the place when I visited them in May 2015.)

Another obvious idea was working for Red Hat, but knowing how slow their HR department was, I didn’t put too much hope into it. Besides, when I contacted them, they said they need to get an approval for me to work for them remotely and as a self-employed, lowering my chances on getting a job there without having to relocate to Brno or elsewhere.

At some point, reading Debian Planet, I found a blog post by Simon McVittie on polkit, in which he mentioned Collabora. Soon, I applied, had my interviews and a job offer.

To be continued later today…

GDP vs human thriving: a "healthy" economy means debt-haunted people, desperately searching for housing [Boing Boing]

GDP and stock market performance are the two metrics that economists (and politicians) use to measure the health of a nation's economy, and by those metrics, Trump is doing a hell of a job. (more…)


Is there a problem with Create­Remote­Thread on 64-bit systems? [The Old New Thing]

Back in the days when it was still fashionable to talk about the Itanium, a customer reported that the Create­Remote­Thread function didn't work. The customer explained that any attempt to call the Create­Remote­Thread function results in the target process being terminated. When they attempt to create a remote thread in Explorer, then the Explorer process crashes. When they attempt to create a remote thread in lsass.exe, lsass.exe process crashes, and the system restarts. They included a sample program that demonstrated the problem.

// Code in italics is wrong.  In fact, this is so wrong
// I've intentionally introduced compiler errors so you
// can't possibly use it in production.
struct UsefulInfo {
    int thing1;
    int thing2;

DWORD RemoteThreadProc(void* lpParameter)
  UsefulInfo* info =

  blah blah blah
  try {
    blah blah blah
  } catch (...) {
    blah blah blah
  return 0;

// This symbol lets us find the end of the RemoteThread function.
static void EndOfRemoteThreadProc() { }

// Error checking removed for simplicity of exposition.
void InjectTheThread(
    UsefulInfo* info,
    HANDLE targetProcess)
  // Calculate the size of the function.
  DWORD codeSize = (DWORD)EndOfRemoteThreadProc - (DWORD)RemoteThreadProc;

  // Allocate an executable buffer in the target process.
  BYTE* codeBuffer = VirtualAllocEx(targetProcess,
                     codeSize + sizeof(*info),

 // Copy the useful information to the target process
 WriteProcessMemory(targetProcess, codeBuffer,
                    info, sizeof(*info));

 // Followed by the code
 WriteProcessMemory(targetProcess, codeBuffer + sizeof(*info),
                    (void*)RemoteThreadProc, codeSize);
 // Execute it and pass a pointer to the useful information.
                    codeBuffer + sizeof(*info), codeBuffer);

There is so much wrong with this code it's hard to say where to start.

There's no guarantee that all the code in the Remote­Thread­Proc function is contiguous. The compiler might choose to spread it out into multiple chunks, possibly based on Profile-Guided Optimizations.

Similarly, there is no guarantee that the End­Of­Remote­Thread­Proc function will be placed immediately after Remote­Thread­Proc function in memory.

There is no guarantee that the code in the Remote­Thread­Proc function is position-independent.

There is no guarantee that the code in the Remote­Thread­Proc function is self-contained. There may be supporting data in the read-only data segment, such as jump tables for switch statements.

The Remote­Thread­Proc function uses C++ exception handling, but the code didn't inject the C runtime support library or fix up the references to the runtime library.

The code didn't register any exception tables for the dynamically-generated code. x86 is the only architecture that does not require explicit exception vector registration. Everybody else uses table-based exception handling.

Now some ia64-specific remarks.

Function pointers on ia64 don't point to the first byte of code, so subtracting function pointers doesn't give you any information about the size of the function (whatever that means), and copying data starting at the function pointer does not actually copy any code.

Conversely, when you take a pointer to a block of memory that contains code and treat it as a function pointer, you are actually causing the first two 8-byte values at that address to be interpreted as a global pointer and a code address. This results in a garbage global pointer, and code executing from a random location.

The copied code doesn't start at a multiple of 16. Code on ia64 must be 16-byte-aligned.

In general the Create­Remote­Thread function requires deep knowledge of the machine architecture. Its intended audience was debugggers, which are already well-versed in the details of the machine architecture.

We encouraged the customer to avoid the Create­Remote­Thread function entirely. In particular, using it with critical system processes like lsass.exe is a serious issue for system reliability. Faults in that process can bring the whole system down (as the customer observed), or cause other strange behavior like damaging parts of the security infrastructure, which will lead to hard-to-debug authentication problems at best and full-fledged security vulnerabilities at worst. And the system may in the future take stronger steps to prevent code injection and data tampering in critical system processes, so a design based on Create­Remote­Thread is living on borrowed time. It's not clear what the customer is trying to do, but they should investigate whether there are supported extensibility mechanisms that give them what they want.

The customer replied that their product contains important functionality that they have constructed out of the Create­Remote­Thread function, and they cannot afford to abandon it at this point.

Customers like this scare me.

(The customer liaison never revealed the name of the customer, but I did learn that they develop anti-malware software. So now I'm even more scared. Fortunately, fixing this code to work on Itanium became a moot issue, but I still worry about their x64 version, because many of the issues here also apply to x64.)

Danish anti-piracy lawyers stole millions from their clients, sentenced to years in prison [Boing Boing]

Johan Schlüter is (was!) a Danish lawyer whose firm contracted with the Antipiratgruppen (an entertainment industry group now called RettighedsAlliancen, whose members include the MPAA) to run legal campaigns against file-sharing services and their users. (more…)

The UN's top free speech expert just denounced the new EU copyright plan as a "potential violation of international human rights law" [Boing Boing]

David Kaye (previously) is the UN's Special Rapporteur on freedom of expression; he just released a detailed report on the catastrophic free speech implications of Article 13, the EU's proposed copyright rule that would make sites filter everything their users post to check for copyright violations. (more…)


Link [Scripting News]

I'm traveling, so updates have been infrequent.

Link [Scripting News]

I watched the whole of the first season of Barry, an HBO series starring Bill Hader. It's billed as a comedy, I guess, but it's not casual. No spoiler to say that Barry is a hitman, you find out in the very first scene. But it is a bit profound, and lots of plot twists, and about as excellent as you would expect given the brilliance of Hader.

Link [Scripting News]

I also watched All the Money In the World, quite good.

Link [Scripting News]

I'm writing this as a speaker from Amazon, a sponsor of the conference I'm at, is giving a commercial. IBM also did one earlier. Otherwise the conference, SOTN18, put on by my longtime friend Paolo Valdemarin, has been excellent. I am being interviewed on-stage by Italian journalist Anna Masera at 9AM Eastern.


Cook: security things in Linux v4.17 [LWN.net]

Kees Cook describes the security-oriented changes included in the 4.17 kernel release. "It was possible that old memory contents would live in a new process’s kernel stack. While normally not visible, “uninitialized” memory read flaws or read overflows could expose these contents (especially stuff “deeper” in the stack that may never get overwritten for the life of the process). To avoid this, I made sure that new stacks were always zeroed. Oddly, this “priming” of the cache appeared to actually improve performance, though it was mostly in the noise."

Backdoored images downloaded 5 million times finally removed from Docker Hub (ars technica) [LWN.net]

Ars technica has the story of a set of Docker images containing cryptocurrency miners that persisted on Docker Hub for the better part of a year — after being discovered. "Neither the Docker Hub account nor the malicious images it submitted were taken down. Over the coming months, the account went on to submit 14 more malicious images. The submissions were publicly called out two more times, once in January by security firm Sysdig and again in May by security company Fortinet. Eight days after last month's report, Docker Hub finally removed the images."


Error'd: Just Handle It [The Daily WTF]

Clint writes, "On Facebook, I tried to report a post as spam. I think I might just have to accept it."   "Jira seems to have strange ideas about my keyboard layout... Or is there a...

GridPP storage news | DPM Workshop 2018 Report [Planet GridPP]

CESNET hosted the 2018 DPM Workshop in Prague, 31st May to 1st June.

As always, the Workshop was built around the announcement of a new DPM release - 1.10.x - and promotion of the aims and roadmaps of the DPM core development team represented by it.

Since the 1.9.x series, the focus of DPM development has been on the next-generation "DOME" codebase. The 1.10 release, therefore, shows performance improvements in managing requests for all supported transfer protocols - GridFTP, Xroot, HTTP - but only when the DOME adapter is managing them.
(DOME itself is an http/WebDAV based management protocol, implemented as a plugin to xrootd, and directly implementing the dmlite API as an adapter.)

By contrast, the old lcgdm code paths are increasingly obsolesced in 1.10 - the most significant work done on the SRM daemon supported via these paths was the fix to Centos7 SOAP handling*.

As a consequence of this, there was a floated suggestion that SRM (and the rest of the lcgdm legacy codebase for DPM) be marked as "unsupported" from 1 June 2019 - a year after this workshop. There was some lively debate about the consequences of this, and two presentations (from ATLAS and CMS) covering the possibility of using SRMless storage. [In short: this is probably not a problem, for those experiements.]
There was some significant concern mainly about historical dependancies on SRM - both for our transfer orchestration infrastructure, for which non-SRM transfers are less tested, and for historical file catalogues, which may have "srm://" paths embedded in them.

As an additional point, there was a discussion of longstanding configuration "issues" with Xrootd redirection into the CMS AAA hierarchy, as discovered and amended by Andrea Sartirana at the end of 2017.

Other presentations from the contributing regions had a significant focus on testing other new features of DPM in 1.9.x; the distributed site approach (using DOME to manage pool nodes at geographically remote locations relative to the head, securely), and the new "volatile pool" model for lightweight caching in DPM.

For Italy, Alessandra Doria reported on the "distributed" DPM configuration across Roma, Napoli and LNF (Frascati), implemented currently as a testbed. This is an interesting implementation of both distributed DPM, and the volatile pools - each site has both a local permanent storage pool, plus a volatile cache pool, enabling the global namespace across the entire distributed DPM to be transparent (as remote files are cached in the volatile pool from other sites).

For Belle 2, Silvio Pardi reported on some investigations and tests of volatile pools for caching of data for analysis.

We also presented, from the UK, work on implementing the old ARGUS-DPM bridge for DMLITE/DOME. This api bridge allows the ARGUS service - the component of the WLCG site framework which centralises authentication and authorisation decisions - to make user and group ban status available to a local DPM. (DPM, especially in DMLITE and DOME eras, does not perform account mapping in the way that compute elements do, so the most useful part of ARGUS's functionality is the binary authorisation component. As site ARGUS' are federated with the general WLCG ARGUS instance to allow "federated user banning" as a security feature, the ability to set storage policies via the same framework is useful.)

*Centos7 gSOAP libraries changed behaviour such that they handle connection timeouts poorly, resulting in erroneous errors being sent to clients to an SRM when they reopen a connection. A work-around was developed at the CGI-GSOAP level, and deployed initially at UK sites which had noticed the issue.


Better and different [Seth's Blog]

Digital analogs only work when they’re better and different, not when they’re almost the same.

Chat isn’t the same as chatting. Email isn’t a replacement for mail. Video conferencing isn’t just like being in a real conference…

There’s still plenty of room for digital innovations to impact our world. But they won’t simply be a replacement for what we have now. They only earn widespread engagement when they’re much better than the status quo they replace.

And the only way they can be better is when they’re different.


UK Govt Mulls Options to Make Anti-Piracy Enforcement Easier [TorrentFreak]

The UK has some of the toughest intellectual property legislation to be found anywhere in the world and rightsholders have plenty of options available, from civil action through to criminal referrals.

For the past several years the government has also shown a willingness to engage with the private sector in respect of online piracy. It has provided funding and resources to initiatives including the Police Intellectual Property Crime Unit and the multi-faceted Operation Creative, a commitment that looks set to continue.

At the heart of many of these matters sits the Intellectual Property Office (IPO), the government department responsible for copyrights, trademarks, patents and designs. This week the IPO published two documents, one detailing its corporate plan for 2018-2019 and the other outlining its overall strategy to 2021. Both contain statements relating to online copyright enforcement.

“IP matters. It touches everything that makes modern life, easier, safer, prosperous and more enjoyable,” the IPO Strategy 2018 report begins.

“Our work gives researchers, inventors and creators, whether as individuals or businesses, the confidence to invest their time, energy and money in doing something new and making life better.”

The IPO says its aim is to help the UK become the most creative and innovative country in the world by providing excellent IP services, a world-leading IP environment, and by making the IPO itself a great place to work. Much of the information in the reports focuses on how that progress will be made in the broader sense, including via the reduction of IP crime and infringement.

The IPO believes this can be achieved in a number of ways, including by investing in enforcement and improving access to enforcement options for rights holders. Investment in intelligence and an increased capacity for strategic leadership are foreseen, in addition to spending boosts to convince everyone that infringement is unacceptable.

“We will work towards a time where infringement is seen as socially unacceptable by all,” the IPO writes.

Periodically over the past couple of years, the government has stepped into the middle of disputes between rightsholders and Internet intermediaries, suggesting that if agreements to curb piracy aren’t reached, legislation could follow.

The IPO sees this kind of work continuing over the next couple of years with an offer to “broker greater engagement from online intermediaries in the fight against infringement and IP crime.”

The IPO Corporate Plan 2018-2019 touches on similar issues, promising to ensure that appropriate resources are available to deliver on promises made as part of the government’s enforcement strategy.

“Reducing IP crime requires a multi-faceted approach. The UK is already a world leader in the enforcement of IP. We want to build upon what we are doing to create a paradigm shift around infringement,” the IPO writes.

“Before we can make this happen we need to improve our knowledge around consumer understanding of IP crime and infringement and what works to change behavior in this space. We need to understand the strengths and challenges of our enforcement approach, continue to invest in education and intelligence, and maintain and increase our capacity to lead.”

The IPO says it will consider if there are ways to reduce the costs of enforcement for rights holders, such as reducing the time taken to bring a matter to court and reducing costs once there.

The Office also wants to consider the possibility of more administrative approaches, including “administrative blocking injunctions”, something which it hopes to understand the “pros and cons” of by March 2019. But the plans don’t stop there.

“We will work with the Department for Digital, Culture, Media & Sport [DCMS] and industry to support the proposed program of roundtable discussions outlined in the Creative Industries’ Sector Deal.

“A key aspect will be ensuring they are used effectively to assess the evidence for, and where appropriate, to agree future action to tackle the infringement of IP rights online,” the IPO notes.

In conjunction with industry, the IPO hopes to develop “voluntary measures” to target online marketplaces, social media, and digital advertising, while continuing to co-fund the Creative Content UK (CCUK) educational campaign in conjunction with DCMS.

“To begin the work towards making the infringement of IP socially unacceptable, we need a better view of consumer attitudes to IP crime and what messaging changes behavior.

“We know that behavioral change is long-term and never easy, but we want to secure general cultural change where respecting IP is seen as the right thing to do. This work will link up with the messaging on IP’s economic and career impact,” the IPO concludes.

The IPO Strategy 2018 report can be found here (pdf)
The IPO Corporate Plan 2018-2019 can be found here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Steinar H. Gunderson: Qt flag types [Planet Debian]

typeid(Qt::AlignRight) = Qt::AlignmentFlag (implicitly convertible to QVariant
typeid(Qt::AlignRight | Qt::AlignVCenter) = QFlags<Qt::AlignmentFlag> (not implicitly convertible to QVariant)
typeid(Qt::AlignRight + Qt::AlignVCenter) = int (implicitly convertible to QVariant)

Qt, what is wrong with you?

Daniel Pocock: The questions you really want FSFE to answer [Planet Debian]

As the last man standing as a fellowship representative in FSFE, I propose to give a report at the community meeting at RMLL.

I'm keen to get feedback from the wider community as well, including former fellows, volunteers and anybody else who has come into contact with FSFE.

It is important for me to understand the topics you want me to cover as so many things have happened in free software and in FSFE in recent times.

last man standing

Some of the things people already asked me about:

  • the status of the fellowship and the membership status of fellows
  • use of non-free software and cloud services in FSFE, deviating from the philosophy that people associate with the FSF / FSFE family
  • measuring both the impact and cost of campaigns, to see if we get value for money (a high level view of expenditure is here)

What are the issues you would like me to address? Please feel free to email me privately or publicly. If I don't have answers immediately I would seek to get them for you as I prepare my report. Without your support and feedback, I don't have a mandate to pursue these issues on your behalf so if you have any concerns, please reply.

Your fellowship representative


bisco: Third GSoC Report [Planet Debian]

The last two weeks went by pretty fast, probably also because the last courses this semester started and i have a lot of additional work to do.

I closed the last report with writing about the implementation of the test suite. I’ve added a lot more tests since then and there are now around 80 tests that are run with every commit. Using unit tests that do some basic testing really makes life a lot easier- next time i start a software project i’ll definitly start early on with writing tests. I’ve also read a bit about the difference of integration and unit tests. A unit test should only test one specific functionality, so i refactored some of the old tests and made them more granular.

I then also looked into coding style checkers and decided to go with flake8. There were a huge pile of coding style violations in my code, most of them lines that were more than 79 characters. I’ve integrated flake8 in the test suite and removed all the violations. One more thing about python: i’ve read python3 with pleasure which gives a great overview about some of the new features of python3 and i’ve made some notes about stuff i want to integrate (i.e. pathlib)

Regarding the functionality of nacho i’ve added the possibility to delete an account. SSH keys are now validated on upload and it is possilbe to configure the key types that are allowed. I initially just checked if the key string consists of valid base64 encoded data, but that was not really a good solution so i decided to use sshpubkeys to check the validity of the keys. Nacho now also checks the profile image before storing it in the LDAP database- it is possible to configure the image size and list allowed image types, which is verified using python-magic. I also made a big change concerning the configuration: all the relevant configuration options are now moved to a seperate configuration file in json format, which is parsed when nacho is started. This makes it also a lot easier to have default values and to let users override them in their local config. I also updated the documentation and the debian package.

Now that the issues with nacho are slowly becoming smaller, i’ll start to look into existing SSO solutions that then can be used with the LDAP backend. There are four solutions i’ve on my list at the moment, that are keycloak, ipsilon, lemonldap-ng and glewlwyd.


The Clone Zone [Diesel Sweeties webcomic by rstevens]

sleep is dumb

Tonight's comic would have preferred if you asked permission first.


Girl Genius for Friday, June 15, 2018 [Girl Genius]

The Girl Genius comic for Friday, June 15, 2018 has been posted.


A Visit to the Farmer’s Market [Whatever]

Photo courtesy of https://www.piquafarmersmarket.com/

Today I went to a farmer’s market in the next town over! I am a huge fan of the idea of them, but have never actually been to one before. Most of the time, they’re too early in the morning for me (anything before noon is too early for me), but this one was in the afternoon. I am a supporter of others supporting small businesses and believe in buying things from actual people, the whole “farm to table” ideal. Of course, that’s just in a perfect world. In the real world it’s difficult to not get McDonald’s and buy tons of groceries from Walmart, because they have what you need at any hour of the day, and it’s cheaper.

Anyways, this farmer’s market was pretty small, but they closed down one of the more mainstream roads for it. I had no idea what I wanted to get or what was even available, so I went up and down the middle for awhile and probably looked suspicious as hell. One vendor had nothing but honey, another had handmade jewelry, one had baked goods, and a lot of them had vegetables. I ended up getting lemon bars from a nice Amish family, and green onions for a dollar from another Amish family!

I’ve always thought it would be so fun to have a stand at a farmer’s market and sell the produce I worked so hard to grow. Agriculture is fascinating to me, and maybe it’s just because of where I live, but I love seeing the plants grow and bear fruit. I mean, one day you have a seed, and soon enough you have food! It’s amazing! It’s hard work that actually ends up providing something useful, it’s never effort in vain, you know? Someday I’d like to have chickens, and sell the eggs, or keep bees and sell honey, nothing fancy, just helping provide for my community. All of this post should be read in a country accent, by the way.

If anyone knows something that the green onions would be perfect for, please tell me, because it’s a pretty good amount and I’m always lookin’ to get cookin’! And as always, have a great day!


Gunnar Wolf: «Understanding the Digital World» — By Brian Kernighan [Planet Debian]

I came across Kernighan's 2017 book, Understanding the Digital World — What You Need to Know about Computers, the Internet, Privacy, and Security. I picked it up thanks to a random recommendation I read somewhere I don't recall. And it's really a great read.
Of course, basically every reader that usually comes across this blog will be familiar with Kernighan. Be it because his most classic books from the 1970s, The Unix Programming Environment or The C Programming Language, or from the much more recent The Practice of Programming or The Go Programming Language, Kernighan is a world-renowned authority for technical content, for highly technical professionals at the time of their writing — And they tend to define the playing field later on.
But this book I read is... For the general public. And it is superb at that.
Kernighan states in his Preface that he teaches a very introductory course at Princeton (a title he admits to be too vague, Computers in our World) to people in the social sciences and humanities field. And this book shows how he explains all sorts of scary stuff to newcomers.
As it's easier than doing a full commentary on it, I'll just copy the table of contents (only to the section level, it gets just too long if I also list subsections). The list of contents is very thorough (and the book is only 238 pages long!), but take a look at basically every chapter... And picture explaining those topics to computing laymen. An admirable feat!

  • Part I: Hardware
    • 1. What's in a computer?
      • Logical construction
      • Physical construction
      • Moore's Law
      • Summary
    • 2. Bits, Bytes, and Representation of Information
      • Analog versus Digital
      • Analog-Digital Conversion
      • Bits, Bytes and Binary
      • Summary
    • 3. Inside the CPU
      • The Toy Computer
      • Real CPUs
      • Caching
      • Other Kinds of Computers
      • Summary

    Wrapup on Hardware

  • Part II: Software
    • 4. Algorithms
      • Linear Algorithms
      • Binary Search
      • Sorting
      • Hard Problems and Complexity
      • Summary
    • 5. Programming and Programming Languages
      • Assembly Language
      • High Level Languages
      • Software Development
      • Intellectual Property
      • Standards
      • Open Source
      • Summary
    • 6. Software Systems
      • Operating Systems
      • How an Operating System works
      • Other Operating Systems
      • File Systems
      • Applications
      • Layers of Software
      • Summary
    • 7. Learning to Program
      • Programming Language Concepts
      • A First JavaScript Example
      • A Second JavaScript Example
      • Loops
      • Conditionals
      • Libraries and Interfaces
      • How JavaScript Works
      • Summary

    Wrapup on Software

  • Part III: Communications
    • 8. Networks
      • Telephones and Modems
      • Cable and DSL
      • Local Area Networks and Ethernet
      • Wireless
      • Cell Phones
      • Bandwidth
      • Compression
      • Error Detection and Correction
      • Summary
    • The Internet
      • An Internet Overview
      • Domain Names and Addresses
      • Routing
      • TCP/IP protocols
      • Higher-Level Protocols
      • Copyright on the Internet
      • The Internet of Things
      • Summary
    • 10. The World Wide Web
      • How the Web works
      • HTML
      • Cookies
      • Active Content in Web Pages
      • Active Content Elsewhere
      • Viruses, Worms and Trojan Horses
      • Web Security
      • Defending Yourself
      • Summary
    • 11. Data and Information
      • Search
      • Tracking
      • Social Networks
      • Data Mining and Aggregation
      • Cloud Computing
      • Summary
    • 12. Privacy and Security
      • Cryptography
      • Anonymity
      • Summary
    • 13. Wrapping up

I must say, I also very much enjoyed learning of my overall ideological alignment with Brian Kernighan. I am very opinionated, but I believe he didn't make me do a even mild scoffing — and he goes to many issues I have strong feelings about (free software, anonymity, the way the world works...)
So, maybe I enjoyed this book so much because I enjoy teaching, and it conveys great ways to teach the topics I'm most passionate about. But, anyway, I have felt for several days the urge to share this book with the group of people that come across my blog ☺


EdgeControl: CDN tools to appease your inner control freak [All - O'Reilly Media]

Dave Andrews explains how to wield the power of a global 50 Tbps application delivery network to ensure maximum availability during and after a change.

Continue reading EdgeControl: CDN tools to appease your inner control freak.

Artificial intelligence versus actionable intelligence [All - O'Reilly Media]

David Hayes explains why adding a manageable dose of actionable intelligence to your operations management workflow can save you time and aggravation.

Continue reading Artificial intelligence versus actionable intelligence.

Secrets and surprises of high performance: What the data says [All - O'Reilly Media]

Nicole Forsgren shares results and stories behind high-performing technology-driven teams and organizations.

Continue reading Secrets and surprises of high performance: What the data says.

Declarative application configuration: Mixing the old with the new [All - O'Reilly Media]

Bryan Liles explains how to evaluate and integrate new declarative application management practices into continuous integration pipelines.

Continue reading Declarative application configuration: Mixing the old with the new.

Jepsen 9: The center cannot hold [All - O'Reilly Media]

Kyle Kingsbury explores anomalies in three distributed systems and shares strategies for correctness testing using Jepsen.

Continue reading Jepsen 9: The center cannot hold.

Scaling yourself during hypergrowth [All - O'Reilly Media]

Julia Grace shares how she learned to rapidly scale herself and her leadership team during a period of hypergrowth at Slack.

Continue reading Scaling yourself during hypergrowth.

Kees Cook: security things in Linux v4.17 [Planet Debian]

Previously: v4.16.

Linux kernel v4.17 was released last week, and here are some of the security things I think are interesting:

Jailhouse hypervisor

Jan Kiszka landed Jailhouse hypervisor support, which uses static partitioning (i.e. no resource over-committing), where the root “cell” spawns new jails by shrinking its own CPU/memory/etc resources and hands them over to the new jail. There’s a nice write-up of the hypervisor on LWN from 2014.

Sparc ADI

Khalid Aziz landed the userspace support for Sparc Application Data Integrity (ADI or SSM: Silicon Secured Memory), which is the hardware memory coloring (tagging) feature in Sparc M7. I’d love to see this extended into the kernel itself, as it would kill linear overflows between allocations, since the base pointer being used is tagged to belong to only a certain allocation (sized to a multiple of cache lines). Any attempt to increment beyond, into memory with a different tag, raises an exception. Enrico Perla has some great write-ups on using ADI in allocators and a comparison of ADI to Intel’s MPX.

new kernel stacks cleared on fork

It was possible that old memory contents would live in a new process’s kernel stack. While normally not visible, “uninitialized” memory read flaws or read overflows could expose these contents (especially stuff “deeper” in the stack that may never get overwritten for the life of the process). To avoid this, I made sure that new stacks were always zeroed. Oddly, this “priming” of the cache appeared to actually improve performance, though it was mostly in the noise.


As part of further defense in depth against attacks like Stack Clash, Michal Hocko created MAP_FIXED_NOREPLACE. The regular MAP_FIXED has a subtle behavior not normally noticed (but used by some, so it couldn’t just be fixed): it will replace any overlapping portion of a pre-existing mapping. This means the kernel would silently overlap the stack into mmap or text regions, since MAP_FIXED was being used to build a new process’s memory layout. Instead, MAP_FIXED_NOREPLACE has all the features of MAP_FIXED without the replacement behavior: it will fail if a pre-existing mapping overlaps with the newly requested one. The ELF loader has been switched to use MAP_FIXED_NOREPLACE, and it’s available to userspace too, for similar use-cases.

pin stack limit during exec

I used a big hammer and pinned the RLIMIT_STACK values during exec. There were multiple methods to change the limit (through at least setrlimit() and prlimit()), and there were multiple places the limit got used to make decisions, so it seemed best to just pin the values for the life of the exec so no games could get played with them. Too much assumed the value wasn’t changing, so better to make that assumption actually true. Hopefully this is the last of the fixes for these bad interactions between stack limits and memory layouts during exec (which have all been defensive measures against flaws like Stack Clash).

Variable Length Array removals start

Following some discussion over Alexander Popov’s ongoing port of the stackleak GCC plugin, Linus declared that Variable Length Arrays (VLAs) should be eliminated from the kernel entirely. This is great because it kills several stack exhaustion attacks, including weird stuff like stepping over guard pages with giant stack allocations. However, with several hundred uses in the kernel, this wasn’t going to be an easy job. Thankfully, a whole bunch of people stepped up to help out: Gustavo A. R. Silva, Himanshu Jha, Joern Engel, Kyle Spiers, Laura Abbott, Lorenzo Bianconi, Nikolay Borisov, Salvatore Mesoraca, Stephen Kitt, Takashi Iwai, Tobin C. Harding, and Tycho Andersen. With Linus Torvalds and Martin Uecker, I also helped rewrite the max() macro to eliminate false positives seen by the -Wvla compiler option. Overall, about 1/3rd of the VLA instances were solved for v4.17, with many more coming for v4.18. I’m hoping we’ll have entirely eliminated VLAs by the time v4.19 ships.

That’s in for now! Please let me know if you think I missed anything. Stay tuned for v4.18; the merge window is open. :)

© 2018, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

Thursday, 14 June


Sponsor my next Little Brother novel and a short story in the Clarion Write-a-Thon [Boing Boing]

I'm in the home stretch on CRYPTO WARS, the third Little Brother novel; and making good progress on RADICALIZED, a short story about suicide bombers and US health care; you can follow my progress and sponsor my work on the Clarion Write-a-Thon, which raises funds to subsidize the tuition at the Clarion Writing Workshop, which I graduated from in 1992 and donate to every year.


Making an espresso machine from a (thoroughly scrubbed) motorbike piston [Boing Boing]

Rulof Maker used a salvaged motorcycle piston and cylinder, mounted in an Ikea lamp, to create a homebrew espresso machine, using a lever to pressurize water at temperature through a puck of coffee grounds.


Louis-Philippe Véronneau: IMAP Spam Begone (ISBG) version 2.1.0 is out! [Planet Debian]

When I first started at the non-profit where I work, one of the problems people had was rampant spam on their email boxes. The email addresses we use are pretty old (+10 years) and over time they have been added to all the possible spam lists there are.

That would not be a real problem if our email hosting company did not have very bad spam filters. They are a worker's coop and charge us next to nothing for hosting our emails, but sadly they lack the resources to run a real bayesian-based spam filtering solution like SpamAssassin. "Luckily" for us, it seems that a lot of ISPs and email hosting enterprises also tend to have pretty bad spam filtering on the email boxes they provide and there were a few programs out there to fix this.

One of the solutions I found to alleviate this problem was to use IMAP Spam Begone (ISBG), a script that makes it easy to scan an IMAP inbox for spam using your own SpamAssassin server and get your spam moved around via IMAP. Since then, I've been maintaining the upstream project.

At the time, ISBG was somewhat abandoned and was mostly a script made of old python2 code. No classes, no functions, just a long script that ran from top to bottom.

Well, I'm happy to say that ISBG now has a new major release! Version 2.1.0 is out and replaces the last main release, 1.0.0. From a script, ISBG has now evolved into a full-fledged python module using classes and functions. Although the code still works with python2, everything is now python3 compliant as well. We even started using CI tests recently!

That, and you know, tons of bugs were fixed. I'd like to thank all the folks who submitted patches, as very few of the actual code was written by me.

If you want to give ISBG a try, you can find the documentation here. Here's also a nice terminal capture I made of ISBG working in verbose mode:


Frankenbook: collective annotations on Mary Shelley's 200 year old novel "Frankenstein" [Boing Boing]

Joey from Arizona State University’s Center for Science and the Imagination writes, "Frankenbook is a collective reading experience of the original 1818 text of Mary Wollstonecraft Shelley’s Frankenstein. The project is hosted by Arizona State University’s Center for Science and the Imagination, The MIT Press, and MIT Media Lab. It features annotations from over 80 experts in disciplines ranging from philosophy and literature to astrobiology and neuroscience; essays by science fiction authors, scientists, and ethicists; audio journalism; and original animations and interactives. Readers can contribute their own text and rich-media annotations to the book and customize their reading experience by turning on and off a variety of themes that filter annotations by topic; themes range from literary history and political theory to health, technology, and equity and inclusion. Frankenbook is free to use, open to everyone, and built using the open-source PubPub platform for collaborative community publishing." (more…)

Bubble, a new dystopian podcast sitcom! [Boing Boing]

The Maximum Fun podcast network (home to such shows as Judge John Hodgman (previously), Oh No Ross and Carrie (previously), and Sawbones) has just launched its most ambitious project to date: a science fiction sitcom about life in a domed city in a monster-haunted wasteland called Bubble, and it's hilarious. (more…)

Dank Learning: teaching a machine learning algorithm to generate memes [Boing Boing]

A physics student and an engineering student from Stanford fed 400,000 memes to a Long Short-Term Memory Recurrent Neural Network and asked it to generate more memes of its own. (more…)


What's cooking in the AWS kitchen? Recipes for a better web [All - O'Reilly Media]

Cherie Wong shares common developer pain points and recipes to solve them using AWS.

Continue reading What's cooking in the AWS kitchen? Recipes for a better web.

Question and answer session with Cory Doctorow [All - O'Reilly Media]

Cory Doctorow fields questions on the future of the web, privacy, and net neutrality.

Continue reading Question and answer session with Cory Doctorow.

The parallel future of the browser [All - O'Reilly Media]

Lin Clark explains what browser vendors need to do over the next few years to ensure their browsers, and the web itself, meet upcoming demands.

Continue reading The parallel future of the browser.

The freedom to configure is the freedom to make a better world [All - O'Reilly Media]

Cory Doctorow says the right to configure technology is the signature right of the 21st century.

Continue reading The freedom to configure is the freedom to make a better world.

Highlights from the O'Reilly Fluent Conference in San Jose 2018 [All - O'Reilly Media]

Watch highlights covering JavaScript, accessibility, privacy, and more. From the O'Reilly Fluent Conference in San Jose 2018.

Experts from across the web world came together for the O'Reilly Fluent Conference in San Jose. Below you'll find links to highlights from the event.

Fixing JavaScript Date: A journey from Minneapolis to Microsoft, TC39, and everywhere in between

Maggie Pint explains how bad date support in JavaScript took her from making HR software to working as an Azure SRE.

What's cooking in the AWS kitchen? Recipes for a better web

Cherie Wong shares common developer pain points and recipes to solve them using AWS.

The parallel future of the browser

Lin Clark explains what browser vendors need to do over the next few years to ensure their browsers, and the web itself, meet upcoming demands.

It's spelled "accessibility," not "disability"

Scott Davis explains why accessibility should be just as important to you as a mobile design strategy was 10 years ago.

The freedom to configure is the freedom to make a better world

Cory Doctorow says the right to configure technology is the signature right of the 21st century.

Question and answer session with Cory Doctorow

Cory Doctorow fields questions on the future of the web, privacy, and net neutrality.

You are (w)here? Geospatial web dev off the beaten map

Focusing on a mix of artificial, scientific, and environmental sensing data, Aurelia Moser explores fantasy and farcical mapping.

The cost of JavaScript

Addy Osmani explains why JavaScript is the most expensive resource your site uses today—especially on mobile.

Can open source change the ratio?

Tracy Lee helps you think differently about how to increase diversity in technology with open source.

The coming era of privacy by default: Brave and the Basic Attention Token

Brendan Eich asks what it would mean to the web if we start building products, apps, and systems that are private by default.

Question and answer session with Brendan Eich

Brendan Eich shares his thoughts on the future of the web, cryptocurrency, browsers, and JavaScript.

Continue reading Highlights from the O'Reilly Fluent Conference in San Jose 2018.


FeedRSSLast fetchedNext fetched after
XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
a bag of four grapes XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
A Smart Bear: Startups and Marketing for Geeks XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
All - O'Reilly Media XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Anarcho's blog XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Ansible XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Bad Science XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Black Doggerel XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Blog – Official site of Stephen Fry XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Boing Boing XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Broodhollow XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Charlie Brooker | The Guardian XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Charlie's Diary XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Chasing the Sunset - Comics Only XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Clay Shirky XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Coding Horror XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Cory Doctorow's craphound.com XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Ctrl+Alt+Del Comic XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Cyberunions XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
David Mitchell | The Guardian XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
DC's Improbable Science XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Debian GNU/Linux System Administration Resources XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Deeplinks XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Diesel Sweeties webcomic by rstevens XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Dork Tower XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Edmund Finney's Quest to Find the Meaning of Life XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Eerie Cuties XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
EFF Action Center XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Erin Dies Alone XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Events XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Falkvinge on Liberty XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Flipside XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Free software jobs XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Full Frontal Nerdity by Aaron Williams XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
General Protection Fault: The Comic Strip XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
George Monbiot XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Girl Genius XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
God Hates Astronauts XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Graeme Smith XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Groklaw XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Hackney Anarchist Group XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://cashing-knowledge.jp/?feed=rss2 XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://dungeond.com/comic.rss XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://eng.anarchoblogs.org/feed/atom/ XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://feed43.com/3874015735218037.xml XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://feeds2.feedburner.com/GeekEtiquette?format=xml XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://fulltextrssfeed.com/feeds2.feedburner.com/uclick/doonesbury?format=xml XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://london.indymedia.org/articles.rss XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://the-programmers-stone.com/feed/ XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://thecommune.co.uk/feed/ XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://ubuntuweblogs.org/atom.xml XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.amongruins.org/?feed=atom XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.baen.com/baenebooks XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.freedompress.org.uk/news/feed/ XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.goblinscomic.com/category/comics/feed/ XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.hackneysolidarity.info/rss.xml XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.steampunkmagazine.com/inside/feed/ XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
http://www.tinycat.co.uk/feed/ XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
https://hackbloc.org/rss.xml XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
https://kajafoglio.livejournal.com/data/atom/ XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
https://kimmo.suominen.com/stuff/dilbert-daily.xml XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
https://philfoglio.livejournal.com/data/atom/ XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
https://studiofoglio.livejournal.com/data/atom/ XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
https://twitter.com/statuses/user_timeline/22724360.rss XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
https://web.randi.org/?format=feed&type=rss XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Humble Bundle Blog XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
I, Cringely XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Irregular Webcomic! XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Joel on Software XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Judith Proctor's Journal XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Krebs on Security XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Lambda the Ultimate - Programming Languages Weblog XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
LFG Comics XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
LLVM Project Blog XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Loomio Blog XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
LWN.net XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Menage a 3 XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Mimi and Eunice XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Neil Gaiman's Journal XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Nina Paley's Blog XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
O Abnormal – Scifi/Fantasy Artist XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Oglaf! -- Comics. Often dirty. XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Oh Joy Sex Toy XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Order of the Stick XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Original Fiction – Tor.com XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
OSNews XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Paul Graham: Unofficial RSS Feed XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Penny Arcade XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Penny Red XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
PHD Comics XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Phil's blog XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Planet Debian XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Planet GridPP XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Planet Lisp XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Property is Theft! XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
QC RSS XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Scenes From A Multiverse XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Schneier on Security XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
SCHNEWS.ORG.UK XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Scripting News XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Seth's Blog XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Skin Horse XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Starslip by Kris Straub XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Tales From the Riverbank XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Adventures of Dr. McNinja XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Bumpycat sat on the mat XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Command Line XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Daily WTF XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Monochrome Mob XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Non-Adventures of Wonderella XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Old New Thing XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Open Source Grid Engine Blog XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Phoenix Requiem XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Rogues Gallery XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
The Stranger, Seattle's Only Newspaper: Savage Love XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
TorrentFreak XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
towerhamletsalarm XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Twokinds XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
UK Indymedia Features XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Uploads from ne11y XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Uploads from piasladic XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
What If? XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Whatever XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
Whitechapel Anarchist Group XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
WIL WHEATON dot NET XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
wish XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June
xkcd.com XML 15:13, Tuesday, 19 June 15:53, Tuesday, 19 June