Sunday, 25 October


Willowweep Manor Cover Reveal [Skin Horse]

Shaenon: At last I can reveal the cover of The Dire Days of Willowweep Manor, by the great Christopher Baldwin and me, out next year from Simon & Schuster! This is my first graphic novel and I can’t wait for everyone to read it. I’ll keep yinz updated!

Channing: My status has been upgraded to amped. Clearly, our heroine’s umbrella game is strong.


Dirk Eddelbuettel: digest 0.6.27: Build fix [Planet Debian]

Exactly one week after the previous release 0.6.26 of digest, a minor cleanup release 0.6.27 just arrived on CRAN and will go to Debian shortly.

digest creates hash digests of arbitrary R objects (using the md5, sha-1, sha-256, sha-512, crc32, xxhash32, xxhash64, murmur32, spookyhash, and blake3 algorithms) permitting easy comparison of R language objects. It is a fairly widely-used package (currently listed at one million monthly downloads, 282 direct reverse dependencies and 8068 indirect reverse dependencies, or just under half of CRAN) as many tasks may involve caching of objects for which it provides convenient general-purpose hash key generation.

Release 0.6.26 brought support for the (nice, even cryptographic) blake3 hash algorithm. In the interest of broader buildability we had already (with a sad face) disabled a few very hardware-specific implementation aspects using intrinsic ops. But to our chagrin, we left one #error define that raised its head on everybody’s favourite CRAN build platform. Darn. So 0.6.27 cleans that up and also removes the check and #error as … all the actual code was already commented out. If you read this and tears start running down your cheeks, then by all means come and help us bring blake3 to its full (hardware-accelerated) potential. This (probably) only needs a little bit of patient work with the build options and configurations. You know where to find us…

My CRANberries provides the usual summary of changes to the previous version.

For questions or comments use the issue tracker off the GitHub repo.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Saturday, 24 October


[1126] Detritus and Stone [Twokinds]

Comic for October 24, 2020


A Foliage Moment For You [Whatever]

Today was a platonically perfect autumn day: Crisp temperatures, sunny skies and foliage in full color. It’s nice to be able to walk out of the house and get a photo like this. Hope your Saturday is likewise lovely.

— JS


Link [Scripting News]

𝘛𝘩𝘪𝘴 𝘪𝘴 𝘢 𝘵𝘦𝘴𝘵. 𝘍𝘰𝘳 𝘵𝘩𝘦 𝘯𝘦𝘹𝘵 𝘴𝘪𝘹𝘵𝘺 𝘴𝘦𝘤𝘰𝘯𝘥𝘴 𝘵𝘩𝘪𝘴 𝘴𝘵𝘢𝘵𝘪𝘰𝘯 𝘸𝘪𝘭𝘭 𝘤𝘰𝘯𝘥𝘶𝘤𝘵 𝘢 𝘵𝘦𝘴𝘵 𝘰𝘧 𝘵𝘩𝘦 𝘌𝘮𝘦𝘳𝘨𝘦𝘯𝘤𝘺 𝘉𝘳𝘰𝘢𝘥𝘤𝘢𝘴𝘵 𝘚𝘺𝘴𝘵𝘦𝘮.


A Cup of Cocoa by Peni G [Judith Proctor's Journal]

 Delightful 'Good Omens' story in which Aziraphale's charlady struggles with rationing during the war.  A wonderful view of the people who know 'Mr Fell'. 

comment count unavailable comments


Right-wing terrorism [Richard Stallman's Political Notes]

2/3 of the terrorist attacks and plots this year were by right-wing extremists.

A right-wing extremist has just been charged with travelling to Minneapolis to carry out a false-flag attack, burning a thug department building.

He is not the first right-wing provocateur to be charged over violence at Black Lives Matter protests this summer. I wonder if we will find that provocateurs were chiefly responsible for the violence. They fooled a lot of people, including me.

Voting intimidation plan [Richard Stallman's Political Notes]

(satire) *Trump Campaign Reminds Supporters To Make Voting Intimidation Plan.*

Arrest of reporters [Richard Stallman's Political Notes]

RSF: Thugs have arrested TV reporters and fired rubber-coated steel bullets at them, showing not the slightest bit of shame over these crimes.

Bill to protect oceans [Richard Stallman's Political Notes]

A bill to protect US ocean areas from many causes of damage, and rebuild damaged ecosystems.

Annoyed thugs [Richard Stallman's Political Notes]

Boston thugs felt annoyed by the antifascist woman who squeezed a little rubber piggy towards them. They tried to get her fired, by suggesting people boycott her employer because of her.

They pusillanimously asserted that they were not calling for a boycott, merely suggesting the possibility of not buying from there because of her. The difference is too subtle for me.

Then the thugs found out she had not worked there for years. Oops.

Meatpacking and Covid [Richard Stallman's Political Notes]

*Here's How Meatpacking Corporations Could Protect Workers From COVID-19—and What They're Doing Instead.*

We should not allow so much concentration in that industry, or any other industry.

Sick of specter [Richard Stallman's Political Notes]

(satire) *… local psychic Rosemary Shanley confirmed Thursday she was already sick of James Randi’s specter haunting her place of business and ragging on her from the afterlife.*

Pumpkin slaughter [Richard Stallman's Political Notes]

(satire) *… local farmer’s child Owen Morrison, 10, was reportedly forced Thursday to slaughter a pumpkin he had spent all season caring for.*

Supreme suppression [Richard Stallman's Political Notes]

The Supreme Court decided for voter suppression when it blocked polling places in Alabama from collecting ballots from people waiting near the door in their cars.

This voter-suppression measure originated from state officials who ordered that no county in Alabama could do this. A lower court blocked the order; the Supreme Court reinstated it.

This will affect white voters as well as black voters. However, the Republican Party is now a mad cult, so Republican voters may refuse to believe that there is any danger.

Taiwan's civic platform [Richard Stallman's Political Notes]

Taiwan's civic platform, g0v, is effective at helping the people make important policy decisions. It helps people come to agreement.

The software it runs on is free/libre.

Can't afford worry [Richard Stallman's Political Notes]

(satire) *Dr. Ron Craig informed patient Tom Stossel Wednesday that the weird lump that appeared on his neck in July was in fact nothing he can afford to worry about.*

Prohibition of drugs [Richard Stallman's Political Notes]

The DEA proposes to eliminate the crime caused by prohibition of drugs by more vigorous enforcement of the prohibition of drugs. Some drugs degrade and damage whoever uses them, and should not exist, but trying to wipe them out by repression causes more harm than the drugs themselves.

This, by the way, is the reason I do not advocate simple blanket prohibition of nonfree software. It is corrupting, harmful and subjugating, and should not exist — but trying to enforce prohibition of attractive things which are harmful tends to amount to repression.

A Cup of Cocoa by Peni G [Tales From the Riverbank]

 Delightful 'Good Omens' story in which Aziraphale's charlady struggles with rationing during the war.  A wonderful view of the people who know 'Mr Fell'.  This entry was originally posted on Dreamwidth where it has comment count unavailable comments.


GDB 10.1 released []

Version 10.1 of the GDB debugger is out. Changes include support for debugging BPF programs, GDBserver support on the RISC-V architecture, and support for "debuginfod", which is "an HTTP server for distributing ELF/DWARF debugging information as well as source code."


Today in GPF History for Saturday, October 24, 2020 [General Protection Fault: The Comic Strip]

Nick has the perfect costume idea for Halloween, and he seems a little too enthusiastic about finally wearing it...


Link [Scripting News]

We may be, right now, as sure as we're ever going to be that Trump was removed by the people in the 2020 vote.

Link [Scripting News]

I wanted to send an MP3 of the Trailblazers podcast about podcasting to a friend, but couldn't easily find it, and then realized I'd better download a copy and upload it to my server, because who knows how easy it'll be to find in a year or more. The web is pretty ephemeral.

Link [Scripting News]

A couple of hours later, the thread is still peaceful. Thankfully. My friend from the past refers to Trump as a businessman, which causes me to write this screed, which I did not add to the thread. I was curious to know, how does this businessman see the retired people packed into his audience, no distancing, no masks. Are they his customers? His team? His employees? Competitors? Serfs? Prisoners? Slaves? What kind of animal do you treat the way Trump is treating these people? To Trump are they even people?

Will we undo Trump? [Scripting News]

I don't want to jinx things, but when Biden takes office I assume the FBI will fully investigate what really happened in the 2016 election, without any interference from political appointees.

The new Attorney General will release the reports Barr wouldn't let us see. I assume that's going to happen too.

What if we determine that the election was a crime. That the Trump campaign didn't just collude with Russia, it was Russia. Recent revelations about Manafort say that pretty clearly. Everyone was looking for collusion, but it was actually much worse.

We were an occupied country for four years. Should we allow everything Trump did in those four years to stand? Or do we remove the three Supreme Court justices he nominated, tear up all his executive orders, remove all the regulations passed by his agencies. Undo anything that can be reasonably undone.


Link [Scripting News]

Early voting started in New York State today.

Link [Scripting News]

I posted a very short question on Facebook. Do you know anyone like Trump? I asked because I do. I grew up in Queens, a couple of miles from where Trump grew up, only ten years after. So there were lots of Trump-like people in my area. I'm constantly reminded, by something Trump does, of someone I knew in childhood. Anyway, after a dozen or so predictable responses, a former Apple exec, one who did a very good thing for my troubled company back in 1986, said yes he's had golfed with Trump, voted for him in 2016, and was going to vote for him in 2020. He lives in California, so his vote is symbolic, as is mine (I live in NY). It was jarring. No debate has followed, thankfully, and I hope it doesn't. I'm just going to leave it there.

Link [Scripting News]

I realized Trump has killed a lot more Americans than Osama bin Laden.

Pluralistic: 24 Oct 2020 [Pluralistic: Daily links from Cory Doctorow]

Today's links

Davis Haunters rise from the grave (permalink)

The Davis Graveyard is a Portland, Oregon treasure: a family run, nonprofit annual haunt that is indescribably ambitious, spooky and brilliantly executed.

The Davises have been serving their city for more than a decade, but in Sept they announced that they would not be putting on a show this year, due to the risk of exacerbating the pandemic. It was a heartbreak, but it was also the right call.

But this story has a happy ending. The Clackamas County Scare Fair is a 20-30 minute drive-through, pandemic-safe haunt with a soundtrack broadcast on low-power FM radio, and the Davis Haunt has been integrated into it!

Tickets are $20 for "as many people as you can legally fit in your car" or $11 for a solo. It's yet another reason I wish I lived in the region (I tried to move my family there in 2015 when we emigrated to the USA, but we ended up in LA, which has some badass haunts, too).

Dan "Journal of Ride Theory" Howland says "This is going to be a cross between Lion Country Safari and The Haunted Mansion!"

RIAA kills youtube-dl (permalink)

In 1998, Bill Clinton signed the Digital Millennium Copyright Act into law. At the time, most of the attention was on Section 512 – AKA "notice and takedown," which absolves platforms from liability for users' infringement provided they respond quickly to removal demands.

Over the years, this has been horrifically abused, with everyone from post-Soviet dictators to sexual predators to cults and literal Nazis using spurious copyright claims to censor their critics, often without consequence.

But the real ticking time-bomb in the DMCA is Section 1201, the "anti-circumvention" rule, which makes it a felony (punishing by a 5-year prison sentence and a $500k fine) to help people tamper with "access controls" that restrict copyrighted works.

This rule means that if a company designs its products so that you have to remove DRM to use them in legal ways, those uses become felonies. DMCA 1201 is how Apple and John Deere make it a felony for anyone except them to fix their products.

They just design their devices so that after the repair is complete, you need an unlock code to get the system to recognize new parts. Bypassing the unlock code defeats an "access control" and is thus a literal crime.

But there's no copyright infringement here! Swapping a new part into a phone, a tractor or a ventilator is not a copyright infringement. And yet, it is still a (criminal) copyright VIOLATION. DMCA 1201 lets companies felonize ANY conduct that is adverse to their shareholders.

It's "felony contempt of business model" and you can go to prison for it.

Thing is, it would be easy to fix this law. If you thought that DRM deserved its own legal protection, you could get there just by adding "this only applies when copyright infringement takes place."

But from the very first days, it was clear that DMCA1201 was NOT about preventing copyright infringement, it was about enforcing business models. The first users of this law were DVD manufacturers who wanted to stop the public from "de-regionalizing" their DVD players.

The manufacturers and studios had cooked up a racket where they would sell DVDs at different prices in different countries, and they didn't want Americans shopping for cheap DVDs in India.

But going into a store in Mumbai and paying the asking price for a licensed DVD and watching it in NYC is NOT infringement. It is how copyright is supposed to work: a rightsholder names a price, an audience member pays it, then they get to enjoy the work they've bought.

Likewise the early consoles that also took advantage of DMCA 1201. If you own a Sega Dreamcast and I write a game for your Sega Dreamcast and sell it to you, we are doing copyright right: a creator and an audience member exchanging creative works for money.

But Sega – and the App Store businesses it spawned up to and including Apple – used DMCA 1201 to make it a felony for creators to sell their works to audiences without cutting the device manufacturer in for a commission.

Now that everything has software in it, DMCA 1201 can be brought to bear on an ever-widening constellation of devices, from medical implants to kitchen appliances, from printer ink to insulin pumps.

My novella Unauthorized Bread is fiction, but the DRM abuses in it are deadass real:

The metastasis of DRM is a gift to monopolists, who can corral customers, independent competitors and toolsmiths into arrangements of their design.

When the Napster Wars began, the RIAA represented the Big Six record labels. Today, it represents the Big THREE labels, as an entire realm of human endeavor stretching back to a time before language itself is now the near-exclusive purview of three giant corporations.

They are tightening the noose. Yesterday, the RIAA sent a DMCA 1201 takedown notice to Github demanding the removal of youtube-dl, a venerable and popular tool for format-shifting Youtube videos.

As Parker Higgins documents in a brilliant, scathing thread, the complaint is a masterwork of legal shenanigans, claiming that because someone COULD infringe an RIAA member's copyright by saving a Youtube video, Github MUST remove tools that permit this.

The RIAA's lawyers don't mention the millions of hours of public domain Youtube videos that archivists have preserved using youtube-dl, nor the Creative Commons licensed videos that are unambiguously lawful to download with youtube-dl.

Nor do they mentions the limitations to copyright that sometimes make it lawful to download ANY video from Youtube.

DMCA 1201 isn't just a charter to transform your commercial desires into legal obligations, it is also a powerful censorship tool.

I started this essay talking about DMCA 512, the "notice and takedown" rule. That says that if you believe your copyright is being infringed, you can fire off a notice to the host and demand its immediate removal. If they comply, you can sue their user, but not them.

In 1998, Congress recognized that this was ripe for abuse, and created a "counternotice": if your material is taken down and you think you are in the right, you can counternotify the host and they can put your stuff back up, again, without being liable if you're wrong.

If the rightsholder complains again, the host either removes the content (the rightsholder and user can go to court), or they can leave it up if they think the complaint is BS. This system has been wildly inadequate at protecting legit speech, but it's better than nothing.

And "nothing" is what you get under 1201. When the RIAA complains about youtube-dl to Github, Github pulls it down, but if the developers counternotify them, Github can't restore the files without facing CRIMINAL liability (5 years/$500k).

Copyright trolls have long figured this out: DMCA 1201 is a superweapon for getting content removed from Google and elsewhere: if you assert that someone who recorded you doing something abusive is violating 1201, that video goes down and STAYS down, with no counternotice.

DMCA 1201 is a goddamned dumpster fire, a surefire recipe for techno-corporate dystopia. EFF is suing to overturn it. That trial can't come fast enough:

This day in history (permalink)

#5yrsago Globe and Mail: TPP’s copyright chapter will cost Canadians hundreds of millions

#1yrago BBC launches a Tor hidden service mirror to help people evade their countries’ censoring firewalls

#1yrago The Youtubers’ union just wants Google to give them the rulebook

Colophon (permalink)

Today's top sources: Dan Howland (

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Friday's progress: 518 words (76615 total).

Currently reading: Harrow the Ninth, Tamsyn Muir

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 17)

Upcoming appearances:

Recent appearances:

Latest book:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla


The thing about sunk costs [Seth's Blog]

Tomorrow is another opportunity.

There are thirty people over there who are just waiting for you to help connect them, lead them or make things better. But if you’re still defending the stuck project over here, the one you put so much into, you won’t be able to show up for them.

Customers, partners, clients and students who need your voice or your product aren’t going to benefit from it because you’re working so hard to dig yourself out of a previous hole, a situation that is now harder than ever to work your way through.

It’s easy to focus on the problem right in front of us, and to decide that this problem, and only this problem, is the problem for us to solve. But there’s a cost to everything, and the opportunity lost when you’re doing this is just as real, even when you don’t notice it.

Of course, we don’t create contribution by flitting from one thing to another whenever things get difficult. But we also sell ourselves short (and harm the people we’d be able to serve) if we’re unable to quit a project that’s gone sideways.

What happened yesterday already happened. It’s a gift and an asset from your previous self. You don’t have to accept if you don’t want to.


Helping employees avoid catching Covid-19 [Richard Stallman's Political Notes]

The Australian state of Victoria will investigate employers with a view to punishing those that if they fail to help employees avoid catching Covid-19.

If the state really does this, it will be an admirable contrast with all the governments that allow employers to pressure their workers to spread disease.

Indigenous workers in Western Australia [Richard Stallman's Political Notes]

Indigenous workers in Western Australia worked for wages, but Western Australia kept their wages, so it was effectively slavery.

Americans could save energy costs by switching to renewable energy [Richard Stallman's Political Notes]

Americans could save up to $321bn in energy costs by switching to renewable energy, including for cars and heating buildings. Plus trillions from all the unnatural disasters that this will avoid.

However, it is not the case that we can do with a smaller electrical grid just by installing rooftop solar on all buildings. Houses will still need the grid for times when the region is dark or cloudy.

Labeled "antisemitic" for criticizing Israel's occupation of Palestine [Richard Stallman's Political Notes]

The numskull is considering labeling Amnesty, Oxfam and Human Rights Watch as "antisemitic" because they have criticized Israel's occupation of Palestine. If the numskull does this, it will be so absurd that only his hard-core supporters will believe it.

Please, numskull, do it! These bogus accusations, which have typically been made against individuals and weak, obscure organizations, will cease to be plausible and will become risible instead.

Please, everyone, don't campaign to stop this. Let him fall into his own trap first, and _then_ criticize.

And let's limit accusations of antisemitism to people and organizations that spread hatred of Jews.

Glitter is an environmental abomination [Richard Stallman's Political Notes]

*Glitter is an environmental abomination. It's time to stop using it.*

We should do this with a comprehensive law designed to cut down the production of plastic objects that cannot be feasibly recycled or broken down.

Human rights sanctions against Turkish prosecutors [Richard Stallman's Political Notes]

* Campaigners are seeking to use the UK’s Magnitsky-style human rights sanctions against Turkish prosecutors and officials responsible for arresting and imprisoning thousands of lawyers.*

Mental health first responder units [Richard Stallman's Political Notes]

A House bill proposes a step in defunding the police: federal funding for "mental health first responder units."

They would handle some 9-1-1 calls so that people who are upset, but not dangerous, don't have to face armed thugs who might get triggered and pull the trigger.

US spending on incarceration [Richard Stallman's Political Notes]

*The US Spends More Than $80 Billion a Year Incarcerating 2.3 Million People.* Most of them could simply be released.

Many of them are in jail awaiting trial, and they entitled to vote, but the system won't give them a way to vote.

Government acts and appointments made under the conman [Richard Stallman's Political Notes]

Congress can, and should, pass a law cancelling all federal government acts and appointments made under the conman, with a specific list of exceptions of course.

This would get rid of all the extremist judges that the conman appointed, without the need to impeach each one on specific grounds.

Pope Francis supports civil unions for same-sex couples [Richard Stallman's Political Notes]

*Pope Francis Signals 'Historic' Shift for Catholic Church, Publicly Supporting Civil Unions for Same-Sex Couples.*

If only he would endorse abortion and birth control, I would have little quarrel with the Catholic Church. (Though that would not constitute evidence for the existence of a supernatural entity.)

Google will provide AI to US border thugs [Richard Stallman's Political Notes]

Google will provide AI to the US border thugs for total surveillance, tracking and identification around the US border with Mexico.

I have a hunch that this total tracking won't remain limited to areas close to the border. The US government, together with companies such as Anduril, must be itching to apply it to the whole US territory.


Sandro Tosi: Multiple git configurations depending on the repository path [Planet Debian]

For my work on Debian, i want to use my email address, while for my personal projects i want to use my address.

One way to change the git config value is to git config --local in every repo, but that's tedious, error-prone and doesn't scale very well with many repositories (and the chances to forget to set the right one on a new repo are ~100%).

The solution is to use the git-config ability to include extra configuration files, based on the repo path, by using includeIf:

Content of ~/.gitconfig:

name = Sandro Tosi
email = <personal.address>

[includeIf "gitdir:~/deb/"]
path = ~/.gitconfig-deb

Every time the git path is in ~/deb/ (which is where i have all Debian repos) the file ~/.gitconfig-deb will be included; its content:

email =
That results in my personal address being used on all repos not part of Debian, where i use my Debian email address. This approach can be extended to every other git configuration values.


Space Demon From Beyond Pluto Pin [Diesel Sweeties webcomic by rstevens]


This is one of my favorite t-shirts I ever made, millions of years ago.

Now it's a pin, suitable for discovery by future archaeologists.


Jelmer Vernooij: Debian Janitor: Hosters used by Debian packages [Planet Debian]

The Debian Janitor is an automated system that commits fixes for (minor) issues in Debian packages that can be fixed by software. It gradually started proposing merges in early December. The first set of changes sent out ran lintian-brush on sid packages maintained in Git. This post is part of a series about the progress of the Janitor.

The Janitor knows how to talk to different hosting platforms. For each hosting platform, it needs to support the platform- specific API for creating and managing merge proposals. For each hoster it also needs to have credentials.

At the moment, it supports the GitHub API, Launchpad API and GitLab API. Both GitHub and Launchpad have only a single instance; the GitLab instances it supports are and

This provides coverage for the vast majority of Debian packages that can be accessed using Git. More than 75% of all packages are available on salsa - although in some cases, the Vcs-Git header has not yet been updated.

Of the other 25%, the majority either does not declare where it is hosted using a Vcs-* header (10.5%), or have not yet migrated from alioth to another hosting platform (9.7%). A further 2.3% are hosted somewhere on GitHub (2%), Launchpad (0.18%) or (0.15%), in many cases in the same repository as the upstream code.

The remaining 1.6% are hosted on many other hosts, primarily people’s personal servers (which usually don’t have an API for creating pull requests).

Packages per hoster

Outdated Vcs-* headers

It is possible that the 20% of packages that do not have a Vcs-* header or have a Vcs header that say there on alioth are actually hosted elsewhere. However, it is hard to know where they are until a version with an updated Vcs-Git header is uploaded.

The Janitor primarily relies on vcswatch to find the correct locations of repositories. vcswatch looks at Vcs-* headers but has its own heuristics as well. For about 2,000 packages (6%) that still have Vcs-* headers that point to alioth, vcswatch successfully finds their new home on salsa.

Merge Proposals by Hoster

These proportions are also visible in the number of pull requests created by the Janitor on various hosters. The vast majority so far has been created on Salsa.

Hoster Open Merged & Applied Closed 92 168 5 12 3 0 24 51 1 1,360 5,657 126
Merge Proposal statistics

In this graph, “Open” means that the pull request has been created but likely nobody has looked at it yet. Merged means that the pull request has been marked as merged on the hoster, and applied means that the changes have ended up in the packaging branch but via a different route (e.g. cherry-picked or manually applied). Closed means that the pull request was closed without the changes being incorporated.

Note that this excludes ~5,600 direct pushes, all of which were to salsa-hosted repositories.

See also:

For more information about the Janitor's lintian-fixes efforts, see the landing page.


[From Arch] libtraceevent>=5.9-1 update requires manual intervention [Planet GNU]

The libtraceevent package prior to version 5.9-1 was missing a soname link. This has been fixed in 5.9-1, so the upgrade will need to overwrite the untracked files created by ldconfig. If you get any of these errors

libtraceevent: /usr/lib/ exists in filesystem

when updating, use

pacman -Syu --overwrite /usr/lib/

to perform the upgrade.

Alexander Artemenko: parseq [Planet Lisp]

With this library, you can write parsers to process strings, lists and binary data!

Let's take a look at one of the examples. It is a parser for the dates from RFC 5322. This format is used in email messages:

Thu, 13 Jul 2017 13:28:03 +0200

Parser consist of rules, combined in different ways. We'll go through the parser's parts one by one.

This simple rule matches one space character:

POFTHEDAY> (parseq:defrule FWS ()

;; It matches if string contains one space
POFTHEDAY> (parseq:parseq 'FWS
                          " ")

;; But not on string from many spaces:
POFTHEDAY> (parseq:parseq 'FWS
                          "   ")

;; And of cause not on some other string
POFTHEDAY> (parseq:parseq 'FWS

The next rule we need is the rule to parse hours, minutes and seconds. These parts have two digits and we'll use rep expression to specify how many digits matches the rule:

POFTHEDAY> (parseq:defrule hour ()
               (rep 2 digit))

POFTHEDAY> (parseq:parseq 'hour
(#\1 #\5)

See, this rule returns digits as the list! But to make it useful, we need the integer. Parseq rules support different kinds of transformations. They can are optional and can be specified like this:

;; This transformation will return as the string instead of list:
POFTHEDAY> (parseq:defrule hour ()
               (rep 2 digit)

POFTHEDAY> (parseq:parseq 'hour

;; Now we'll add a transformation from string to integer:
POFTHEDAY> (parseq:defrule hour ()
               (rep 2 digit)
             (:function #'parse-integer))

POFTHEDAY> (parseq:parseq 'hour
15 (4 bits, #xF, #o17, #b1111)

We'll define the minute and second rules the same way.

The next rule matches the abbreviated day of the week. It combines other rules or terms using or expression:

POFTHEDAY> (parseq:defrule day-of-week ()
               (or "Mon" "Tue" "Wed"
                   "Thu" "Fri" "Sat"

POFTHEDAY> (parseq:parseq 'day-of-week

POFTHEDAY> (parseq:parseq 'day-of-week

;; The same way we define a rule for month abbrefiation
POFTHEDAY> (parseq:defrule month ()
               (or "Jan" "Feb" "Mar" "Apr"
                   "May" "Jun" "Jul" "Aug"
                   "Sep" "Oct" "Nov" "Dec"))

A little bit complex rule is used for matching timezone. Timezone is a string from 4 digits prefixed by plus or minus sign. We'll combine this knowledge using or/and expressions and will use option :string to get results as a single string:

POFTHEDAY> (parseq:defrule zone ()
               (and (or "+" "-")
                    (rep 4 digit))

POFTHEDAY> (parseq:parseq 'zone

POFTHEDAY> (parseq:parseq 'zone

POFTHEDAY> (parseq:parseq 'zone

Now let's return to the time of day parsing. According to the RFC, seconds part is optional. Parseq has an expression ? to match optional rules.

Here is how a rule matching the time of day will look like:

POFTHEDAY> (parseq:defrule time-of-day ()
               (and hour
                    (? (and ":" second))))

POFTHEDAY> (parseq:parseq 'time-of-day
(10 ":" 31 (":" 5))

To make the rule return only digits we have to use :choose transform. Choose extracts from results by index. You can specify index as an integer or as a list if you need to extract the value from the nested list:

POFTHEDAY> (parseq:defrule time-of-day ()
               (and hour
                    (? (and ":" second)))
             (:choose 0 2 '(3 1)))

POFTHEDAY> (parseq:parseq 'time-of-day
(10 31 5)

;; Seconds are optional because of ? expression:
POFTHEDAY> (parseq:parseq 'time-of-day
(10 31 NIL)

;; This (:choose 0 2 '(3 1)) is equivalent to:
POFTHEDAY> (let ((r '(10 ":" 31 (":" 5))))
             (list (elt r 0)
                   (elt r 2)
                   (elt (elt r 3)
(10 31 5)

Another interesting transformation rule is :flatten. It is used to "streamline" result having nested structure and used in this rule which matches both time of day and timezone:

;; Without flatten we'll get nested lists:
POFTHEDAY> (parseq:defrule time ()
               (and time-of-day FWS zone)
             (:choose 0 2))

POFTHEDAY> (parseq:parseq 'time
                          "10:31 +0300")
((10 31 NIL) "+0300")

POFTHEDAY> (parseq:defrule time ()
               (and time-of-day FWS zone)
             (:choose 0 2)

;; Pay attention, :flatten removes nils:
POFTHEDAY> (parseq:parseq 'time
                          "10:31 +0300")
(10 31 "+0300")

Now, knowing how rules are combined and data is transformed, you will be able to read rest rules yourself:

POFTHEDAY> (parseq:defrule day ()
               (and (? FWS)
                    (rep (1 2) digit)
             (:choose 1)
             (:function #'parse-integer))

POFTHEDAY> (parseq:defrule year ()
               (and FWS
                    (rep 4 digit)
             (:choose 1)
             (:function #'parse-integer))

POFTHEDAY> (parseq:defrule date ()
               (and day month year))

(parseq:defrule date-time ()
    (and (? (and day-of-week ","))
  (:choose '(0 0) 1 2)

Another cool Parseq's feature is an ability to debug parser execution. Now I'll turn on this debug mode and parse a string:

POFTHEDAY> (parseq:trace-rule 'date-time :recursive t)

POFTHEDAY> (parseq:parseq 'date-time
                          "Thu, 13 Jul 2017 13:28:03 +0200")
 2: DAY-OF-WEEK 0?
 2: DAY-OF-WEEK 0-3 -> "Thu"
 2: DATE 4?
  3: DAY 4?
   4: FWS 4?
   4: FWS 4-5 -> #\ 
   4: FWS 7?
   4: FWS 7-8 -> #\ 
  3: DAY 4-8 -> 13
  3: MONTH 8?
  3: MONTH 8-11 -> "Jul"
  3: YEAR 11?
   4: FWS 11?
   4: FWS 11-12 -> #\ 
   4: FWS 16?
   4: FWS 16-17 -> #\ 
  3: YEAR 11-17 -> 2017
 2: DATE 4-17 -> (13 "Jul" 2017)
 2: TIME 17?
  3: TIME-OF-DAY 17?
   4: HOUR 17?
   4: HOUR 17-19 -> 13
   4: MINUTE 20?
   4: MINUTE 20-22 -> 28
   4: SECOND 23?
   4: SECOND 23-25 -> 3
  3: TIME-OF-DAY 17-25 -> (13 28 3)
  3: FWS 25?
  3: FWS 25-26 -> #\ 
  3: ZONE 26?
  3: ZONE 26-31 -> "+0200"
 2: TIME 17-31 -> (13 28 3 "+0200")
1: DATE-TIME 0-31 -> ("Thu" 13 "Jul" 2017 13 28 3 "+0200")

("Thu" 13 "Jul" 2017 13 28 3 "+0200")

We can improve this parser by using :function transformation to return a local-time:timestamp. First, let's redefine rule for matching the month and make it return the month number:

POFTHEDAY> (parseq:defrule january  () "Jan" (:constant 1))
POFTHEDAY> (parseq:defrule february () "Feb" (:constant 2))
POFTHEDAY> (parseq:defrule march    () "Mar" (:constant 3))
POFTHEDAY> (parseq:defrule april    () "Apr" (:constant 4))
POFTHEDAY> (parseq:defrule may      () "May" (:constant 5))
POFTHEDAY> (parseq:defrule june     () "Jun" (:constant 6))
POFTHEDAY> (parseq:defrule july     () "Jul" (:constant 7))
POFTHEDAY> (parseq:defrule august   () "Aug" (:constant 8))
POFTHEDAY> (parseq:defrule september () "Sep" (:constant 9))
POFTHEDAY> (parseq:defrule october  () "Oct" (:constant 10))
POFTHEDAY> (parseq:defrule november () "Nov" (:constant 11))
POFTHEDAY> (parseq:defrule december () "Dec" (:constant 12))

POFTHEDAY> (parseq:defrule month ()
               (or january february march april
                   may june july august
                   september october november december))

POFTHEDAY> (parseq:parseq 'month "Sep")
9 (4 bits, #x9, #o11, #b1001)

Next, we need to reimplement the rule matching a timezone to make it return local-time:timezone.

We'll be using an advanced technique of binding variables to pass value from one rule to another, because I want to store the timezone as a string and to parse it's hour and minute parts simultaneously.

To accomplish this task, we have to divide or timezone matching rule into two. The first rule will match it as a string of sign and four digits. Then it will save the result into an external variable and exit with a nil result to give a chance to execute the second rule:

POFTHEDAY> (parseq:defrule zone-as-str ()
               (and (or #\+ #\-)
                    (rep 4 digit))
             (:external zone-as-str)
             ;; Save the value into a variable:
             (:lambda (z)
               (setf zone-as-str z))
             ;; and just exit:
             (:test (z)
               (declare (ignore z))

Now we'll redefine our zone rule to call zone-as-str first and then to parse the same text again, this time as hours and minutes. As the final step, it creates a local-time:timezone object:

POFTHEDAY> (parseq:defrule zone ()
               (or zone-as-str
                   (and (or #\+ #\-)
             (:let zone-as-str)
             (:lambda (sign hour minute)
                ;; This is an offset in seconds:
                (+ (* (ecase sign
                        (#\+ 1)
                        (#\- -1))
                   (* minute 60)))))

;; Here is the execution trace:
POFTHEDAY> (parseq:parseq 'zone
1: ZONE 0?
 2: ZONE-AS-STR 0?
 2: ZONE-AS-STR -|
 2: HOUR 1?
 2: HOUR 1-3 -> 3
 2: MINUTE 3?
 2: MINUTE 3-5 -> 0
1: ZONE 0-5 -> #<LOCAL-TIME::TIMEZONE +0300>

Now we need to redefine the original date-time rule, to create local-time:timestamp as the result:

POFTHEDAY> (parseq:parseq 'date-time
                          "Thu, 13 Jul 2017 13:28:03 +0200")
("Thu" 13 7 2017 13 28 3 #<LOCAL-TIME::TIMEZONE +0200>)

POFTHEDAY> (parseq:defrule date-time ()
               (and (? (and day-of-week ","))
             (:choose '(1 2)                       ; year
                      '(1 1)                       ; month
                      '(1 0)                       ; day
                      '(2 0)                       ; hour
                      '(2 1)                       ; minute
                      '(2 2)                       ; second
                      '(2 3))                      ; timezone
             (:lambda (year month day hour minute second timezone)
                0             ; nanoseconds
                (or second 0) ; secs are optional
                :timezone (or timezone

POFTHEDAY> (parseq:parseq 'date-time
                          "Thu, 13 Jul 2017 13:28:03 +0200")

I've got a different value for the time because local-time prints timestamp in my timezone which is UTC+3.

The cool feature of the Parseq is its ability to work with any data, including binary. This way it can be used to parse binary formats.

As an example of parsing binary data, Parseq includes this parser rules for working with PNG image format:

There are other interesting features. Please, read the docs to learn more.

If you are aware of other parsing libraries which worth to be written about, let me know in the comments.


Dirk Eddelbuettel: RcppSpdlog 0.0.3: New features and much more docs [Planet Debian]

A good month after the initial two releases, we are thrilled to announce relase 0.0.3 of RcppSpdlog. This brings us release 1.8.1 of spdlog as well as a few local changes (more below).

RcppSpdlog bundles spdlog, a wonderful header-only C++ logging library with all the bells and whistles you would want that was written by Gabi Melman, and also includes fmt by Victor Zverovic.

This version of RcppSpdlog brings a new top-level function setLogLevel to control what events get logged, updates the main example to show this and to also make the R-aware logger the default logger, and adds both an extended vignette showing several key features and a new (external) package documentation site.

The NEWS entry for this release follows.

Changes in RcppSpdlog version 0.0.3 (2020-10-23)

  • New function setLogLevel with R accessor in exampleRsink example

  • Updated exampleRsink to use default logger instance

  • Upgraded to upstream release 1.8.1 which contains finalised upstream use to switch to REprintf() if R compilation detected

  • Added new vignette with extensive usage examples, added compile-time logging switch example

  • A package documentation website was added

Courtesy of my CRANberries, there is also a diffstat report. More detailed information is on the RcppSpdlog page.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Friday, 23 October



New Books and ARCs, 10/23/20 [Whatever]

As we ease into the weekend, here’s a nice hefty stack of new books and ARCs that have come into the Scalzi Compound in the last couple of weeks. See anything here that makes your fingers twitch in desire? Share in the comments!

— JS


Friday Squid Blogging: Squid-like Nebula [Schneier on Security]

Pretty astronomical photo.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.



News Post: Grand Closing [Penny Arcade]

Tycho: Hades is real good. This is a fact in evidence, and I'd talk about it way more if I didn't consider a couple of the people who made it not even friends but, like… allies. I would spend more time praising them if I didn't know them, which is its own counterproductive dynamic. I'm actually in a position to know how much they give a shit about what they make, products which strike almost unerringly, and that's what keeps me from doing it. You could certainly argue that I've spent this paragraph doing the opposite of what I've just said, but I'd…



Birger Schacht: An Analysis of 5 Million OpenPGP Keys [Planet Debian]

In July I finished my Bachelor’s Degree in IT Security at the University of Applied Sciences in St. Poelten. During the studies I did some elective courses, one of which was about Data Analysis using Python, Pandas and Jupyter Notebooks. I found it very interesting to do calculations on different data sets and to visualize them. Towards the end of the Bachelor I had to find a topic for my Bachelor Thesis and as a long time user of OpenPGP I thought it would be interesting to do an analysis of the collection of OpenPGP keys that are available on the keyservers of the SKS keyserver network.

So in June 2019 I fetched a copy of one of the key dumps of the one of the keyservers (some keyserver publish these copies of their key database so people who want to join the SKS keyserver network can do an initial import). At that time the copy of the key database contained 5,499,675 keys and was around 12GB. Using the hockeypuck keyserver software I imported the keys into an PostgreSQL database. Hockeypuck uses a table called keys to store the keys and in there the column doc stores the OpenPGP keys in JSON format (always with a data field containing the original unparsed data).

For the thesis I split the analysis in three parts, first looking at the Public Key packets, then analysing the User ID packets and finally studying the Signature Packets. To analyse the respective packets I used SQL to export the data to CSV files and then used the pandas read_csv method to create a dataframe of the values. In a couple of cases I did some parsing before converting to a DataFrame to make the analysis step faster. The parsing was done using the pgpdump python library.

Together with my advisor I decided to submit the thesis for a journal, so we revised and compressed the whole paper and the outcome was now


in the Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA).

I think the work gives some valuable insight in the development of the use of OpenPGP in the last 30 years. Looking at the public key packets we were able to compare the different public key algorithms and for example visualize how DSA was the most used algorithm until around 2010 when it was replaced by RSA. When looking at the less used algorithms a trend towards ECC based crytography is visible.

What we also noticed was an increase of RSA keys with algorithm ID 3 (RSA Sign-Only), which are deprecated. When we took a deeper look at those keys we realized that most of those keys used a specific User ID string in the User ID packets which allowed us to attribute those keys to two software projects both using the Bouncy Castle Java Cryptographic API (resp. the Spongy Castle version for Android). We also stumbled over a tutorial on how to create RSA keys with Bouncycastle which also describes how to create RSA keys with code that produces RSA Sign-Only keys. In one of those projects, this was then fixed.

By looking at the User ID packets we did some statistics about the most used email providers used by OpenPGP users. One domain stood out, because it is not the domain of an email provider: is a domain used in around 45,000 keys. Tellfinder is a Big Data analysis software and the UID of all but two of those keys is TellFinder Page Archiver- Signing Key <>.

We also looked at the comments used in OpenPGP User ID fields. In 2013 Daniel Kahn Gillmor published a blog post titled OpenPGP User ID Comments considered harmful in which he pointed out that most of the comments in the User ID field of OpenPGP keys are duplicating information that is already present somewhere in the User ID or the key itself. In our dataset 3,133 comments were exactly the same as the name, 3,346 were the same as the domain and 18,246 comments were similar to the local part of the email address

Last but not least we looked at the signature subpackets and the development of some of the preferences (Preferred Symmetric Algorithm, Preferred Hash Algorithm) that are being published using signature packets.

Analysing this huge dataset of cryptographic keys of the last 20 to 30 years was very interesting and I learned a lot about the history of PGP resp. OpenPGP and the evolution of cryptography overall. I think it would be interesting to look at even more properties of OpenPGP keys and I also think it would be valuable for the OpenPGP ecosystem if these kinds analysis could be done regularly. An approach like Tor Metrics could lead to interesting findings and could also help to back decisions regarding future developments of the OpenPGP standard.


Enrico Zini: Hetzner build machine [Planet Debian]

This is part of a series of posts on compiling a custom version of Qt5 in order to develop for both amd64 and a Raspberry Pi.

Building Qt5 takes a long time. The build server I was using had CPUs and RAM, but was very slow on I/O. I was very frustrated by that, and I started evaluating alternatives. I ended up setting up scripts to automatically provision a throwaway cloud server at Hetzner.

Initial setup

I got an API key from my customer's Hetzner account.

I installed hcloud-cli, currently only in testing and unstable:

apt install hcloud-cli

Then I configured hcloud with the API key:

hcloud context create

Spin up

I wrote a quick and dirty script to spin up a new machine, which grew a bit with little tweaks:


# Create the server
hcloud server create --name buildqt --ssh-key … --start-after-create \
                     --type cpx51 --image debian-10 --datacenter …

# Query server IP
IP="$(hcloud server describe buildqt -o json | jq -r .public_net.ipv4.ip)"

# Update ansible host file
echo "buildqt ansible_user=root ansible_host=$IP" > hosts

# Remove old host key
ssh-keygen -f ~/.ssh/known_hosts -R "$IP"

# Update login script
echo "#!/bin/sh" > login
echo "ssh root@$IP" >> login
chmod 0755 login

I picked a datacenter in the same location as where we have other servers, to get quicker data transfers.

I like that CLI tools have JSON output that I can cleanly pick at with jq. Sadly, my ISP doesn't do IPv6 yet.

Since the server just got regenerated, I remove a possibly cached host key.

Provisioning the machine

One git server I need is behind HTTP authentication. Here's a quick hack to pass the relevant .netrc credentials to ansible before provisioning:


import subprocess
import netrc
import tempfile
import json

login, account, password = netrc.netrc().authenticators("…")

with tempfile.NamedTemporaryFile(mode="wt", suffix=".json") as fd:
        "repo_user": login,
        "repo_password": password,
    }, fd)
        "-i", "hosts",
        "-l", "buildqt",
        "--extra-vars", f"@{}",
        ], check=True)

And here's the ansible playbook:

#!/usr/bin/env ansible-playbook

- name: Install and configure buildqt
  hosts: all
   - name: Update apt cache
        update_cache: yes
        cache_valid_time: 86400

   - name: Create build user
        name: build
        comment: QT5 Build User
        shell: /bin/bash

   - name: Create sources directory
     become: yes
     become_user: build
        path: ~/sources
        state: directory
        mode: 0755

   - name: Download sources
     become: yes
     become_user: build
        url: "https://…/{{item}}"
        dest: "~/sources/{{item}}"
        mode: 0644
      - "qt-everywhere-src-5.15.1.tar.xz"
      - "qt-creator-enterprise-src-4.13.2.tar.gz"

   - name: Populate home directory
     become: yes
     become_user: build
        src: build
        dest: ~/
        mode: preserve

   - name: Write .netrc
     become: yes
     become_user: build
        dest: ~/.netrc
        mode: 0600
        content: |
           machine …
           login {{repo_user}}
           password {{repo_password}}

   - name: Write .screenrc
     become: yes
     become_user: build
        dest: ~/.screenrc
        mode: 0644
        content: |
           hardstatus alwayslastline
           hardstatus string '%{= cw}%-Lw%{= KW}%50>%n%f* %t%{= cw}%+Lw%< %{= kK}%-=%D %Y-%m-%d %c%{-}'
           startup_message off
           defutf8 on
           defscrollback 10240

   - name: Install base packages
        name: git,mc,ncdu,neovim,eatmydata,devscripts,equivs,screen
        state: present

   - name: Clone git repo
     become: yes
     become_user: build
        repo: https://…@…/….git
        dest: ~/…

   - name: Copy Qt license
     become: yes
     become_user: build
        src: qt-license.txt
        dest: ~/.qt-license
        mode: 0600

Now everything is ready for a 16 core, 32Gb ram build on SSD storage.

Tear down

When done:

hcloud server delete buildqt

The whole spin up plus provisioning takes around a minute, so I can do it when I start a work day, and take it down at the end. The build machine wasn't that expensive to begin with, and this way it will even be billed by the hour.

A first try on a CPX51 machine has just built the full Qt5 Everywhere Enterprise including QtWebEngine and all its frills, for amd64, in under 1 hour and 40 minutes.

Pluralistic: 23 Oct 2020 [Pluralistic: Daily links from Cory Doctorow]

Today's links

Student loans are dischargeable (permalink)

Not only are Americans drowning in student loans they have no hope of repaying, but it's commonly understood that student debt can't be discharged in bankruptcy. 1 in 4 bankruptcies involves student debt, and that debt is almost never discharged.

A generation's worth of tacit conspiracies between higher-learning institutions, lenders, and educational advisors has saddled millions of Americans with crushing, punitive debt, subjected to outrageous interest rates and penalties.

These people took out loans when they were children in hopes of attaining a middle-class life through education. They got the education, but are mired in spiralling poverty thanks to the debt they took on to get it.

Meanwhile, that debt has been spun into a form of toxic Wall Street asset, the "student loan asset-backed security" (SLAB), which securitizes the payment streams from immiserated people whose student debts will chase them into the grave.

What if it's all a con, though? What if the law that prevents student debt from being discharged in bankruptcy had been systematically misinterpreted? What if all that debt could just be erased through bankruptcies that are not nearly so awful as the debts they'd clear?

That'd be wild, huh?

Earlier this month, Above the Law ran a long, fascinating feature by Ian Frisch, telling the story of Austin Smith, a lawyer who happened upon a long-buried legal secret while working on a law review article assignment for law-school in 2014.

Smith discovered that most student debt could be discharged in bankruptcy, that the "educational benefit" clause of the 1990 bankruptcy act clearly didn't mean what the courts and the legal profession had taken it to mean. It was right there, in the Congressional Record.

Government student loans couldn't be readily discharged, but the $150b in private student loans, a form of subprime debt dominated by an obscure institution called The National Collegiate Student Loan Trust (no employees, office, or website!) could be.

After law school, Smith got a job at an NYC white-shoe firm and convinced the partners to let him test his theory: he sued Citibank on behalf of a student debtor…and won. It was his first time in court, he didn't even know where to stand, but the case was crystal clear.

His bosses thought the win was cute, but they were in the business of representing banks, not suing them. Smith quit and started his own firm, and racked up 50 individual victories in four years, totalling millions.

Starting in 2016, Smith forged alliances with other lawyers to begin mass-scale class action cases against banks holding student debt.

These cases cover 500k borrowers and $3b in debt, and have three demands:

I. All outstanding debt is wiped away, you never call these people and ask for this money again

II. Give back all the money you have collected since the date of these people’s initial bankruptcies

III. Pay punitive damages for your illegal conduct

He's particularly interested in the NCSLT, that shadowy LLC with no employees or offices, that oversees $12b in debt that it neither originated, issued or serviced.

NCSLT is a front for Massachusetts's First Marblehead, a bank so tiny it lacks a federal charter.

Without a charter, First Marblehead can't originate out-of-state loans, so it created a rent-a-charter arrangement with PNC Bank, Jpmorganchase and Wells Fargo, who originate 11% loans to the poorest, most desperate children hoping for university educations.

First Marblehead buys the loans and pays finders' fees to the big banks. It also works directly with universities, who act as loan originators to desperate kids, knowing that First Marblehead will immediately buy those loans and pay the university a commission.

First Marblehead acquired a nonprofit, The Education Resources Institute, and laundered loans through that division, making the "nonprofit loans" that, it believed, would be immune to discharge in bankruptcy. The company went public in 2003 and shares jumped 250% in a year.

First Marblehead uses NCSLT to turn these subprime loans into SLABS, and the SLABS are unloaded onto investors by Goldman Sachs, Deutschebank, Citibank, and UBS.

One set of giant banks originates the loans, another set buys them, and in between sits First Marblehead and NCSLT, whose sole purpose is to wrap them in a legal fiction that makes them eternal millstones around borrowers necks, immune to bankruptcy.

This is why Smith's work is so important: when he shows that the law has been incorrectly interpreted – as he has in so many cases before now – the whole rotten system collapses and hundreds of thousands of Americans will get justice.

And while NCSLT is the worst offender, it's not the only one. Smith's also locked in legal battles with Navient (formerly Sally Mae) and many other lenders.

Godspeed, Austin Smith, you slayer of debt!

Cracking the Ghislaine Maxwell redactions (permalink)

Since the earliest days of digital legal records, redaction failures have been a source of perpetual mirth and chaos. The most common failure is simply adding black boxes over text in PDFs; the text can be easily recovered by selecting the underlying text and copying it.

I first encountered this in the early 2000s, and it was the stupid mistake that no one ever learned from. Not the TSA in 2009:

Not the DHS in 2016:

Nor Facebook's legal opponents in 2018:

This 2011 study by Timothy B Lee for Public Resource reveals how widespread the problem was a decade ago:

It's only gotten worse since. Better redaction systems – blurring and pixelation – turn out be vulnerable to machine learning attacks that unblur these elements:

But this week revealed a new kind of redaction failure, in the spectacular, high-profile case of Ghislaine Maxwell, the woman accused of being the procurer for the child rapist Jeffrey Epstein.

Maxwell was deposed on Epstein's crimes in 2016. Yesterday, a federal court released a redacted transcript of her deposition, in which the names of high profile individuals who've been accused of collaborating with Epstein in sex-crimes were redacted.

Within a few hours, journalists at Slate had reversed many of these redactions! Their secret weapon was the deposition's index, which was also redacted, but which nevertheless served as a key for uncovering the masked-out names.

For example: the journalists saw that a redacted word that fell alphabetically between "client" and "clock" appeared on several pages. They know that this is a name that starts with "Cl." But only some instances of that name have been redacted.

On page 135, line 7, that name appears in the clear: "President Clinton." Now we know that all the places in which that name is redacted, it can be unmasked as "President Clinton."

A similar method revealed the places where Alan Dershowitz's name had been blacked out: a word that comes between "Airport" and "Alcohol" appears before a word that comes between "Depth" and "Describe" on several pages.

The inference that the A-word is "Alan" and the D-word is "Dershowitz" is validated through context.

A related technique reveals the blacked-out instances of Prince Andrew's name.

All in all, the journalists de-redacted mentions of 15 people, from Chelsea Clinton to Marvin Minsky to Kevin Spacey to Al Gore. Note that their presence in this record is not proof of their direct complicity in sex-crimes.

Epstein's method involved mixing legitimate business (particularly scientific research) with child rape in ways that blended people who suspected his crimes, knew of his crimes, and participated in his crimes, all together in a jumble of varying complicity and knowledge.

I don't know if we'll ever know the full truth of the crimes committed (and abetted) by wealthy, powerful people.

But this de-redaction attack is noteworthy irrespective of the Epstein case. In some ways, it militates for a heavier hand in redaction, blocking all instances of a term (even those that don't reveal sensitive info) and/or redacting indexes.

As to the Maxwell deposition, the Slate journalists are seeking help in reversing the remaining redactions in the document.

Bring back the CCC (permalink)

In 1933, FDR created the Civilian Conservation Corps, which went on to employ 3m workers (5% of the US male workforce!) in projects whose benefit we still feel today: road- and trail-building, tree-planting, firefighting, infrastructure maintenance and more.

The CCC had serious flaws – notably a policy of racial and gender discrimination – but for those who were lucky enough to qualify, it was a transformative experience, an end to the years-long terror of economic precarity and a chance to make a difference in the world.

Millions of working-class Americans were given a chance to see their country and be immersed in the natural environment in a way that mainstreamed the principles of conservation. The beautiful outdoor spaces Americans enjoy today are the legacy of that program.

Today, about a quarter of the US workforce is unemployed; when you add in the people who are underemployed, or whose employment is in through a precarious, exploitative "gig economy" app that misclassifies them as contractors, the number climbs even higher.

But America does not lack for work that needs doing. The nation's crumbling infrastructure and public works need more than maintenance: the needs remediation and hardening against the coming waves of climate emergency.

Just in California, we need at least $1b worth of brush clearout and controlled burns, ANNUALLY, for the next DECADE, to make up for a century of forest mismanagement, terribly exacerbated by climate change.

There's caring work, too, as people are traumatized by climate change and its heralds: invasive species, pandemic, dislocations.

Long term, there's relocating every coastal city inland. We have full employment for the next three centuries. At least.

The leading theorist of a modernized workforce to cope with climate emergency is Pavlina Tcherneva, whose "The Case for a Job Guarantee" makes the case that, beyond "programs" like CCC, we need to make employment for those who want it into a legal right.

The Sanders campaign endorsed the idea, as do progressive elements of the Democratic Congressional caucus. But even though the party establishment hasn't come around to a guarantee, they have come out for a rebooted CCC, a Civilian Climate Corps.

The new CCC is in the Biden platform, and versions of it have been mooted by Sen Dick Durbin [D-IL] and Rep Marcy Kaptur [D-OH]. As MattSimon points out in his Wired story, the CCC is an American institution, something with a national history.

The American exceptionalism used to dismiss other commonsense measures like universal health care ("Maybe it works in Sweden, but it won't work here") can't be applied to CCC: it has worked here, and left behind a beloved legacy.

The popularity of a new CCC is another sign that Reaganomics and its emphasis on enriching the wealthy in the hopes of some trickledown for the rest of us is on the way out.

If the US government gives people good jobs that pay inclusive wages and humane benefits, it will create massive demand for goods and services from the private sector.

"A revived CCC could pour money into tackling a bevy of other environmental problems, too. Revitalizing public green spaces, for instance, benefits all Americans. We urgently need to better prepare our coastlines for rising seas. Restoring wetlands and forests would pull double duty, returning ecosystems to their former glory and creating carbon sinks: Plant more trees and you can sequester more CO2 from the atmosphere. Actually, in the case of wetlands, make that triple duty—healthy wetlands work as flood control during hurricanes, absorbing surges of water."

Foxconn out-trumped Trump (permalink)

In 2017, Donald Trump declared victory. Working with the far-right Wisconsin governor Scott Walker, he had brokered a deal to bring high-tech manufacturing jobs back to America, with a new, massive Foxconn plant that would anchor the new Wisconn Valley.

Right away, there were three serious, obvious problems.

I. Foxconn are crooks. It's not just the Apple device factories where they drive workers to suicide, it's a long history of promising to build massive factories, absorbing billions in subsidies, and then bailing.

It's a con they'd already pulled in Indonesia, Vietnam, Brazil and in Pennsylvania. The US heist happened only four years before the Wisconsin deal (which offered $4b in subsidies!) was signed.

II. The plant made no sense. Foxconn promised that it would employ tens of thousands of American workers building massive LCDs. The world did not need massive LCDs. It had a glut of them. The price for cheap LCDs built by low-waged workers in the Pacific Rim was tumbling.

III. There was already stuff where the plant was supposed to be built. Notably, there were family homes, places that had been owned by Wisconsinites for generations, real homesteads.

In order for Foxconn to build its nonsensical plant and receive $4b in US public subsidies, these families would have to be expropriated and their homes – their whole communities – literally bulldozed and dumped into landfills.

The deal revealed – if there was any doubt – that Trump is a rube, a sucker, a fool. Foxconn played him and played Walker and the state of Wisconsin. They never planned to build an LCD plant. Indeed, they seem never to have planned to build ANYTHING.

They wanted the free money as a subsidy for exploring what they might build, and they knew that the best way to get Wisconsin and the USA to subsidize this speculation was to tell risible lies about multibillion-dollar LCD factories that credulous US leaders would swallow.

No news outlet has done more to chronicle the endless, absurd, idiotic Foxconn grift than The Verge, and while many writers there have worked on the story (like Bruce Murphy and James Vincent), Josh Dzieza has been the most indefatigable chronicler of the Foxconn shitshow.

Now, after reporting out piece after piece on the Foxconn deal, Dzieza has published a kind of master narrative that tells the whole story from beginning to end, piecing it all together and augmenting it with new insider dope:

Dzieza's masterpiece leaves no doubt that this was a titanic fraud, nor that it was incompetently negotiated by Wisconsin's local and state officials as well as the federal government.

Take the subsidies: to qualify for them, Foxconn had to meet various hiring targets.

But those targets were easily gamed. So long as Foxconn had a certain number of workers on the books in December, it could count them as employed for the whole year, even if it laid them off in January.

Which, of course, it did. Indeed, the way Foxconn uses human lives as conveniences not worthy of any consideration make it clear that the suicides at its Apple factories are not isolated incidents (and also constitute a stinging rebuke to Walker and Trump's union-bashing).

To prop up its sham, Foxconn sent recruiters out to hold high-pressure job fairs where applicants were pressured to immediately accept job offers and tender their resignations at their current employers.

Then they were strung along for months as they jobs they'd been promised didn't materialized, and, for many, those jobs did not ever materialize. Workers who DID get jobs hardly fared better, showered in racist abuse about their inferiority to Asian workers.

They were asked to work in facilities without furniture, made to bring in their own pencils and networking equipment, made to buy new elevator carpets out of their own pockets to assuage the screaming rages of their managers, given impossible duties or none at all.

At various stages, these workers were called in to brainstorm ideas for building something, anything, in the facilities that Foxconn had been given at firesale prices by the state of Wisconsin.

Some ideas:

  • A fish-farm that could absorb the subsidized water they'd been guaranteed for cooling the data-center they would never build
  • An AI research lab

  • A Wework clone

  • A dairy exporter serving the Chinese market

  • A federal tech contractor

None of this bore fruit. The only time Foxconn turned a nickel was when they bought in-use office buildings with the intention of using them for some harebrained scheme but lost interest before they could evict the businesses tenanted there, and so earned some rent.

Foxconn eventually laid off the bulk of its US workforce and hired Indian and Chinese tech-workers on H1B visas, whom it showered with even more abuse, backstopped by threats of deportation if any of them dared to complain.

All along, Foxconn just told stupid lies that Wisconsin's business community gobbled up: Foxconn founder Terry Guo got fantastic praise for his $100m donation to the U Wisconsin system. None of that praise was revoked when he only delivered $700k of it.

The Foxconn deal is a black hole that has sucked Wisconsin's productive economy through its event horizon. The company charged local businesses thousands of dollars to get signed up as suppliers, then stiffed them on their invoices.

And the towns – like Mt Pleasant – that destroyed their residents' family homes to clear the way for Foxconn lost those taxpayers – and never got the promised tax payments that a Foxconn facility was supposed to deliver.

Here's Dzieza's masterful summary: "Trump promised to bring back manufacturing… Into the gap between appearance and reality fell people’s jobs, homes, and livelihoods."

Trump calls the Foxconn plant "The Eighth Wonder of the World."

In 2018, Wisconsin voters fired Scott Walker for being such a plute-sucking rube.

In 2020, they have the chance to fire Trump.

This day in history (permalink)

#15yrsago Technorati indexes 20 millionth blog

#5yrsago DoJ to Apple: your software is licensed, not sold, so we can force you to decrypt

#5yrsago Botnets running on CCTVs and NASs

#5yrsago Astounding showpiece table full of hidden compartments nested in hidden compartments

#5yrsago Investing in David v Goliath: hundreds of millions slosh into litigation finance funds

#5yrsago Ta-Nehisi Coates’s “Between the World and Me” is the next book you should read

#5yrsago Antioxidants protect cancer cells, help tumors to spread

#5yrsago 70% of CEOs’ effect on company performance can be attributed to random chance

#5yrsago FCC trying to stop phone companies that rip off prisoners’ families

#1yrago A visual history of Soviet anti-religious artwork

#1yrago When the HR department is a robotic phrenologist: “face-scanning algorithm” gains popularity as a job-applicant screener

#1yrago Japanese robot hotel chain ignored repeated warnings that its in-room “bed-facing” robots could be turned into spy devices

#1yrago The wonderful You Must Remember This podcast returns to tell the secret history of Disney’s most racist movie, Song of the South

#1yrago New York Times abruptly eliminates its “director of information security” position: “there is no need for a dedicated focus on newsroom and journalistic security”

#1yrago Educational spyware company to school boards: hire us to spy on your kids and we’ll help you sabotage teachers’ strikes

Colophon (permalink)

Today's top sources: Naked Capitalism (, Lowering the Bar (

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 520 words (76061 total).

Currently reading: Harrow the Ninth, Tamsyn Muir

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 17)

Upcoming appearances:

Recent appearances:

Latest book:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla


Page 12 [Flipside]

Page 12 is done.


Link [Scripting News]

I like promoting other people's products when they're good. I am unhappy when I see bad products promoted by people I respect. If I think a product is not good, unless I think people will be hurt by it, or if the badness can be fixed and the product would then be useful, I'll generally say nothing.


Friday Larchive – He’s A Murdelar! [Looking For Group]

Fridays, we open the Larchives, Lar’s extensive archive of art work oddities, and share a few pieces. Sometimes there will be a theme, or a reason behind the choices. Other times there will be none. If you are reading this, […]

The post Friday Larchive – He’s A Murdelar! appeared first on Looking For Group.

[$] Rejuvenating Autoconf []

GNU Autoconf, a widely used build tool that shines at compatibility with a variety of Unixes, has accumulated many improvements since its last release in 2012 — and there are patches awaiting review. While many projects have switched to other build systems, interest in Autoconf remains. Now, a small team (disclaimer: including article author Sumana Harihareswara) is rejuvenating it, working through some deferred maintenance and code review. A testable beta is now out, a new stable release is due in early November, and interested parties can build on this momentum to further refresh the rest of the GNU Build System (also known as Autotools).

Security updates for Friday []

Security updates have been issued by Gentoo (freetype), openSUSE (mailman), Red Hat (firefox, java-11-openjdk, OpenShift Container Platform 3.11.306 jenkins, and rh-maven35-jackson-databind), SUSE (kernel, mercurial, openldap2, python-pip, and xen), and Ubuntu (firefox, netty-3.9, and python-pip).

How can I tell whether a file is on an SSD? [The Old New Thing]

You might want your program to change its behavior depending on whether the file you are operating on is on an SSD or not. Maybe you’d use Prefetch­Virtual­Memory to get the contents of a memory-mapped file into memory more efficiently if the file is on a hard drive, but not bother if the file is on an SSD, since the SSD can produce the data quickly enough anyway.

bool IsFileOnSsd(PCWSTR filePath)
  wil::unique_hfile volume = GetVolumeHandleForFile(filePath);

  query.PropertyId = StorageDeviceSeekPenaltyProperty;
  query.QueryType = PropertyStandardQuery;
  DWORD bytesWritten;

  if (DeviceIoControl(volume.get(), IOCTL_STORAGE_QUERY_PROPERTY,
      &query, sizeof(query),
      &result, sizeof(result),
      &bytesWritten, nullptr)) {
    return !result.IncursSeekPenalty;
  return false;

This takes advantage of the trick we learned last time where you can make a storage query against a volume, and it will report the answer if the volume has a single extent.

We aren’t so much checking whether it’s on an SSD drive as we are checking whether seeks are free. That is true for SSDs, but it’s also true for RAM drives. But RAM drives are even faster than SSDs, so I think it’s okay to treat them as “super-awesome SSDs”.

The Get­Volume­Handle­For­File function we wrote a few days ago will throw if the file is remote (on a network). We probably want to report network files as “not on an SSD”, because even if they are on an SSD on the server, the network transmission cost will make it feel slow.

wil::unique_hfile GetVolumeHandleForFile(PCWSTR filePath)
  wchar_t volumePath[MAX_PATH];
                                volumePath, ARRAYSIZE(volumePath)));

  wchar_t volumeName[MAX_PATH];
  if (!GetVolumeNameForVolumeMountPoint(volumePath,
                                volumeName, ARRAYSIZE(volumeName))) {
    return {};

  auto length = wcslen(volumeName);
  if (length && volumeName[length - 1] == L'\\')
    volumeName[length - 1] = L'\0';

  wil::unique_hfile result{ CreateFile(volumeName, 0,
                nullptr, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, nullptr) };
  return result;

We would then check whether a volume was gotten:

bool IsFileOnSsd(PCWSTR filePath)
  wil::unique_hfile volume = GetVolumeHandleForFile(filePath);
  if (!volume) return false;

  query.PropertyId = StorageDeviceSeekPenaltyProperty;
  query.QueryType = PropertyStandardQuery;
  DWORD bytesWritten;

  if (DeviceIoControl(volume.get(), IOCTL_STORAGE_QUERY_PROPERTY,
      &query, sizeof(query),
      &result, sizeof(result),
      &bytesWritten, nullptr)) {
    return !result.IncursSeekPenalty;
  return false;

As we noted last time, the query against a volume will fail if the volume spans multiple physical disks. If you have a volume that spans multiple SSDs, this function will nevertheless report that it isn’t an SSD.

So we probably would be better off checking the SSD-ness of every physical drive in the volume. That’s a lot of work, so I’m going to cheat and check just the first physical drive in the volume, on the theory that when people create multi-drive volumes, they’re going to be drives of similar performance characteristics.

bool IsFileOnSsd(PCWSTR filePath)
  wil::unique_hfile volume = GetVolumeHandleForFile(filePath);
  if (!volume) return false;

  wil::unique_hfile disk =
  if (!disk) return false;

  query.PropertyId = StorageDeviceSeekPenaltyProperty;
  query.QueryType = PropertyStandardQuery;
  DWORD bytesWritten;

  if (DeviceIoControl(disk.get(), IOCTL_STORAGE_QUERY_PROPERTY,
      &query, sizeof(query),
      &result, sizeof(result),
      &bytesWritten, nullptr)) {
    return !result.IncursSeekPenalty;
  return false;

Bonus chatter: Many people cheat even further and also assume that the volume is mounted as a drive letter. In that case, obtaining the volume handle for the file is a simple matter of opening \\.\X:, where X: is the drive letter of the file you are interested in.

The post How can I tell whether a file is on an SSD? appeared first on The Old New Thing.

Today in GPF History for Friday, October 23, 2020 [General Protection Fault: The Comic Strip]

"s1r3n" (aka Trudy) visits "b0r0m1r" (Yoshi), only to learn that he is Ki's little brother and that "Ki's boyfriend" just walked in through the front door...


Link [Scripting News]

I added a note to my status outline with an update on my work on, which is getting a new name.

Link [Scripting News]

When I was growing up, there was a purpose that even I, a kid, could understand. I think that's been missing ever since we got to the moon. Since then we haven't had a reason to be a country.

October Is Almost Over So Make Some Seasonal Treats While You Still Can! [Whatever]

Athena ScalziIt may very well be pumpkin spice season, but let’s not forget it’s also apple cider season! Fewer things in life delight like a warm mug of apple cider. Well, that is, if it’s my cider you’re drinking. And it could be yours too! I’m here today to share with you a recipe for apple cider so good, you’ll never be able to drink store bought again. If you’re not ready for that level of awesomeness, do not scroll any further.

I actually got this recipe online somewhere, and I can’t remember where because it was sophomore year of high school and I have terrible memory. But I do remember that the original recipe was for “apple pie moonshine” that was basically just apple juice and vodka. So all I did was leave out the alcohol and voila! A perfect cider recipe.

the ingredients required for the apple cider

Pictured here is everything you need! As you can see, the secret ingredient to my cider is store-bought apple cider. All I do is add some sugar and spice and it turns out way better than it originally was! So, the recipe is as follows:

2 quarts apple cider

2 quarts apple juice

1 cup brown sugar

1 cup white sugar

2-4 cinnamon sticks

6-8 whole cloves

For the apple cider, I just grab whatever brand is at the store, it doesn’t really matter. As for the juice, again you can use any brand, I just prefer Mott’s. And for the brown sugar you can use light or dark, whatever you have on hand is fine!

So, combine the cider and juice in a big pot and heat it up, do not boil! You just want to get it warm enough so that when you add the sugars, they dissolve. After adding the sugars, reduce to a simmer and add the cinnamon and cloves, then put a lid on it and let it all come together for about an hour. Then remove the cinnamon sticks and cloves and it’s ready to be enjoyed!

I made this cider for my teachers sophomore year, and then I made it again my sophomore year of college for my dormmates, and I’m making it again this year for my family. It’s really simple and I’ve gotten a ton of positive feedback on it, so I really recommend this recipe.

If you try it out, please let me know what you think in the comments! And have a great day!


Foliage Photo Album + Quick Thoughts on Photoshop 2021 [Whatever]

A very vibrant fall leaf.

First off: Hey, you like fall foliage? I happen to have a lot of it around my house, and I’ve collected some photos of this year’s foliage in a Flickr album. My plan is to add to it, not only this year but also in subsequent years, so it’s just becomes this amazing album of autumnal splendor. Get in on the ground floor!

Second off, a new version of Photoshop has arrived and as someone with a Creative Cloud membership, I downloaded it and have been playing with it. It comes with some nifty-but-not-always-useful new features, including Sky Replacement, “Neural Filters” and more substantive color grading features.

And how are they?

Well, the one I’m most impressed with is the “Replace Sky” feature, because it does both a very good job of replacing the sky without a whole lot of obvious artifacts where the sky meets the foreground, and with then color grading the photo as a whole to match the sky, uh, atmospherics. Photoshop has presets for skies or you can upload your own, and they don’t even have to be real skies — I uploaded a photo of one of my cats and was treated to a seamless photo of a Godzilla-sized Spice peeping over the roof of my house.

The feature is impressive and also one that I don’t think it’s likely I will use a whole lot of, one, because the skies around my house are generally impressive enough, and two because it feels a little on the wrong side of the “totally ‘shopped” line. More accurately I might use it for amusement purposes (see: Catzilla), but if I were to use it otherwise I would probably feel obliged to disclose. I’m not exactly a sky purist — I fiddle around with levels for my skies and am not above ‘shopping out a contrail or two — but I do generally feel like the sky you see has some relation to the sky I shot.

(On the other hand, I can see someone doing portrait photography where the focus was a person swapping out a notably crappy sky for something nicer, because why not. I’m not judging, unless you take a stock sky are and all “look at this perfect sky that just happened to exist where I am” or something.)

The Photoshop “neural filters” are a real mixed bag. I showed off some of what they can do the other day with the “Fake Young Scalzis” entry, and my thought was the “de-aging” filter was fun to play with but not especially useful in the real world — it would have to be a lot more fine-grained in its controls for that (Adobe is aware of this — it’s listed as being in “beta”). Other features are even less fine-tuned, including the ones that are meant to change expressions but mostly just make the face you’re playing with look creepy as hell.

The most successful of the neural filters is the one that offers “skin smoothing,” which is best understood as virtual foundation makeup, and which, when used appropriately, does a very decent job in de-blotching skin, which I think is an entirely acceptable use. Go too far and then suddenly you’re in the Uncanny Valley, which is not great. A little goes a long way. But it is nicely done. This is one of the neural filters that is not in beta.

Finally this year Photoshop offers better color grading options for RAW photos, similar to the color grading you might find with video programs. It’s cool but it’s not something I’ve personally found a use for yet. I figure I will with time.

My overall impression of a lot of these new Photoshop features is that they are fun but not actually essential, with the one thing I can see being essential-ish (the color grading) something I personally don’t have much call for. I’m not sure any of them will make my pictures better, more than they give me something else to play with when I’m processing my photos. This is not a complaint, and anyway since I have the subscription these aren’t upgrades I paid an additional fee for. So why not. They do no harm to the Photoshop program or the way I work with pictures, so ultimately I feel vaguely positive about these features. It’s nice to have new toys.

— JS


Link [Scripting News]

Maybe there should be real debates on TV every week between leaders on issues that Congress is going to vote on. And a way of measuring public opinion. No personal attacks allowed. Strict control via Mute button. This week the debate would be about the merits of approving a new radical Supreme Court justice in the middle of an election when everyone's attention is focused elsewhere. Some actions are so important they deserve everyone's focus.


New Report on Police Decryption Capabilities [Schneier on Security]

There is a new report on police decryption capabilities: specifically, mobile device forensic tools (MDFTs). Short summary: it’s not just the FBI that can do it.

This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant. To our knowledge, this is the first time that such records have been widely disclosed.

Lots of details in the report. And in this news article:

At least 49 of the 50 largest U.S. police departments have the tools, according to the records, as do the police and sheriffs in small towns and counties across the country, including Buckeye, Ariz.; Shaker Heights, Ohio; and Walla Walla, Wash. And local law enforcement agencies that don’t have such tools can often send a locked phone to a state or federal crime lab that does.


The tools mostly come from Grayshift, an Atlanta company co-founded by a former Apple engineer, and Cellebrite, an Israeli unit of Japan’s Sun Corporation. Their flagship tools cost roughly $9,000 to $18,000, plus $3,500 to $15,000 in annual licensing fees, according to invoices obtained by Upturn.


Link [Scripting News]

I am so exhausted from US politics, this state going back to the summer of 2016. I made it through about 15 minutes of last night's debate before I couldn't stand it. All it took was one gaffe from Biden to shred all hope of a reprieve from this shitshow. Then I had a thought, what if Amazon released the new Borat movie a few hours early? Wouldn't that be great. So I looked. And they had! So I watched the first half, returned to the debate, which still was not over, and went back and watched a bit more, and returned to the debate just in time to hear the wrapup. Then I listened to Maddow's review of Trump's lies about Covid (the part I had heard) and I felt better so I went to bed. Only to wake up this morning and find that the feeling if utter misery was even worse. The election is 11 days from now.

Link [Scripting News]

BTW, the new Borat movie is good. I laughed all the way. Out loud.

Re 2-factor-authentication [Scripting News]

Has anyone ever thought what happens when you lose control of the phone that is your second factor?

So, how hard is it to hijack a phone?

A few years back I had a phone hijacked via AT&T.

I never got it back. But I was able to terminate the account.


Molly de Blanc: Endorsements [Planet Debian]

Transparency is essential to trusting a technology. Through transparency we can understand what we’re using and build trust. When we know what is actually going on, what processes are occurring and how it is made, we are able to decide whether interacting with it is something we actually want, and we’re able to trust it and use it with confidence.

This transparency could mean many things, though it most frequently refers to the technology itself: the code or, in the case of hardware, the designs. We could also apply it to the overall architecture of a system. We could think about the decision making, practices, and policies of whomever is designing and/or making the technology. These are all valuable in some of the same ways, including that they allow us to make a conscious choice about what we are supporting.

When we choose to use a piece of technology, we are supporting those who produce it. This could be because we are directly paying for it, however our support is not limited to direct financial contributions. In some cases this is because of things hidden within a technology: tracking mechanisms or backdoors that could allow companies or governments access to what we’re doing. When creating different types of files on a computer, these files can contain metadata that says what software was used to make it. This is an implicit endorsement, and you can also explicitly endorse a technology by talking about that or how you use it. In this, you have a right (not just a duty) to be aware of what you’re supporting. This includes, for example, organizational practices and whether a given company relies on abusive labor policies, indentured servitude, or slave labor.
Endorsements inspire others to choose a piece of technology. Most of my technology is something I investigate purely for functionality, and the pieces I investigate are based on what people I know use. The people I trust in these cases are more inclined than most to do this kind of research, to perform technical interrogations, and to be aware of what producers of technology are up to.

This is how technology spreads and becomes common or the standard choice. In one sense, we all have the responsibility (one I am shirking) to investigate our technologies before we choose them. However, we must acknowledge that not everyone has the resources for this – the time, the skills, the knowledge, and therein endorsements become even more important to recognize.

Those producing a technology have the responsibility of making all of these angles something one could investigate. Understanding cannot only be the realm of experts. It should not require an extensive background in research and investigative journalism to find out whether a company punishes employees who try to unionize or pay non-living wages. Instead, these must be easy activities to carry out. It should be standard for a company (or other technology producer) to be open and share with people using their technology what makes them function. It should be considered shameful and shady to not do so. Not only does this empower those making choices about what technologies to use, but it empowers others down the line, who rely on those choices. It also respects the people involved in the processes of making these technologies. By acknowledging their role in bringing our tools to life, we are respecting their labor. By holding companies accountable for their practices and policies, we are respecting their lives.


Error'd: Errors by the Pound [The Daily WTF]

"I can understand selling swiss cheese by the slice, but copier paper by the pound?" Dave P. wrote.   Amanda R. writes, "Ok, that's fine, but can the 1% correctly spell...


Big business vs. small business [Seth's Blog]

Small companies create almost all the jobs. They are the insurgents, the agents of change.

Big companies are a backbone, reliable providers of goods and services. Big companies operate at a scale that most of us can’t even imagine.

The two points of view often conflict. And each can learn from the other.

Net neutrality is an argument between freedom of innovation by small business vs. control from big business.

Campaign finance reform is an argument against big companies and their leaders buying the outcomes of elections.

It’s not always about capitalism vs. the alternative. It’s often about the status quo vs. what’s next.

Worth noting: A small business is not a big business that hasn’t grown up yet. It’s different. A small business has an owner, someone who can make decisions without meetings, who can listen to customers and who can embrace the work at hand.

If you run a small business, I hope you’ll check out the new workshop from my friend and colleague Ramon Ray. The folks at Akimbo are working with Ramon to help connect small business people on their journey to making a bigger impact. It works better together.


Comic: Grand Closing [Penny Arcade]

New Comic: Grand Closing



The conman's legal trouble [Richard Stallman's Political Notes]

If the conman does not hold on to the presidency, he faces lots of legal trouble.

This article does not include possible criminal charges for crimes while in office, including obstruction of justice (which Mueller found the evidence for).

I expect he will have Air Force One drop him off on Jan 18 or so in a country he expects to will him from US justice.

Girl Genius for Friday, October 23, 2020 [Girl Genius]

The Girl Genius comic for Friday, October 23, 2020 has been posted.


Tips 'N Tricks [QC RSS]

Useful info



Ubuntu 20.10 released [OSnews]

Ubuntu 20.10 rides atop the Linux 5.8 kernel, includes the GNOME 3.38 release, has new wallpapers, Active Directory integration (for enterprise users) in the installer, and carries a clutch of updated software, tools, and libraries.

Plus this is the first version of Ubuntu to offer desktop support for the Raspberry Pi 4 (4GB + 8GB models).

Not a massive release, but welcome new versions of the core parts of the distribution nonetheless.

FreeBSD gets experimental PowerPC little-endian support, can now be built on Linux and macOS [OSnews]

The FreeBSD project has published its latest quarterly report, and there’s some good changes and improvements in there. First, there’s the project to allow FreeBSD to be built on non-FreeBSD hosts – Linux and macOS specifically. This project has made major headway.

As of September 2020 it should be possible to use the buildworld and buildkernel make targets to build a fully-functional FreeBSD installation on macOS and Linux hosts. We use this in our continuous integration system to build and test CheriBSD disk images for multiple architectures. I have also committed a GitHub Actions configuration upstream that takes approximately 10 minutes to build an amd64 kernel. This will ensure that changes that break crossbuilding from Linux/macOS can be detected easily.

Another major improvement is experimental support for little-endian PowerPC. Note, however, that this does not mean big-endian support is going away or being deprecated.

As of r366063, experimental support for little-endian PowerPC64, (PowerPC64LE) is available in -CURRENT for POWER8 and POWER9 machines.

There’s a lot more stuff to cover, so head on over and read the whole report for all the details.

Thursday, 22 October


The Now-Defunct Firms Behind 8chan, QAnon [Krebs on Security]

Some of the world’s largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have overlooked a simple legal solution to that end: Both the Nevada-based web hosting company owned by 8chan’s current figurehead and the California firm that provides its sole connection to the Internet are defunct businesses in the eyes of their respective state regulators.

In practical terms, what this means is that the legal contracts which granted these companies temporary control over large swaths of Internet address space are now null and void, and American Internet regulators would be well within their rights to cancel those contracts and reclaim the space.

The IP address ranges in the upper-left portion of this map of QAnon and 8kun-related sites — some 21,000 IP addresses beginning in “206.” and “207.” — are assigned to N.T. Technology Inc. Image source:

That idea was floated by Ron Guilmette, a longtime anti-spam crusader who recently turned his attention to disrupting the online presence of QAnon and 8chan (recently renamed “8kun”).

On Sunday, 8chan and a host of other sites related to QAnon conspiracy theories were briefly knocked offline after Guilmette called 8chan’s anti-DDoS provider and convinced them to stop protecting the site from crippling online attacks (8Chan is now protected by an anti-DDoS provider in St. Petersburg, Russia).

The public face of 8chan is Jim Watkins, a pig farmer in the Philippines who many experts believe is also the person behind the shadowy persona of “Q” at the center of the conspiracy theory movement.

Watkin owns and operates a Reno, Nev.-based hosting firm called N.T. Technology Inc. That company has a legal contract with the American Registry for Internet Numbers (ARIN), the non-profit which administers IP addresses for entities based in North America.

ARIN’s contract with N.T. Technology gives the latter the right to use more than 21,500 IP addresses. But as Guilmette discovered recently, N.T. Technology is listed in Nevada Secretary of State records as under an “administrative hold,” which according to Nevada statute is a “terminated” status indicator meaning the company no longer has the right to transact business in the state.

N.T. Technology’s listing in the Nevada Secretary of State records. Click to Enlarge.

The same is true for Centauri Communications, a Freemont, Calif.-based Internet Service Provider that serves as N.T. Technology’s colocation provider and sole connection to the larger Internet. Centauri was granted more than 4,000 IPv4 addresses by ARIN more than a decade ago.

According to the California Secretary of State, Centauri’s status as a business in the state is “suspended.” It appears that Centauri hasn’t filed any business records with the state since 2009, and the state subsequently suspended the company’s license to do business in Aug. 2012. Separately, the California State Franchise Tax Board (FTB) suspended this company as of April 1, 2014.

Centauri Communications’ listing with the California Secretary of State’s office.

Neither Centauri Communications nor N.T. Technology responded to repeated requests for comment.

KrebsOnSecurity shared Guilmette’s findings with ARIN, which said it would investigate the matter.

“ARIN has received a fraud report from you and is evaluating it,” a spokesperson for ARIN said. “We do not comment on such reports publicly.”

Guilmette said apart from reclaiming the Internet address space from Centauri and NT Technology, ARIN could simply remove each company’s listings from the global WHOIS routing records. Such a move, he said, would likely result in most ISPs blocking access to those IP addresses.

“If ARIN were to remove these records from the WHOIS database, it would serve to de-legitimize the use of these IP blocks by the parties involved,” he said. “And globally, it would make it more difficult for the parties to find people willing to route packets to and from those blocks of addresses.”


GNU Parallel 20201022 ('Samuel Paty') [Planet GNU]

GNU Parallel 20201022 ('Samuel Paty') has been released. It is available for download at:

Please help spreading GNU Parallel by making a testimonial video like Juan Sierra Pons: It does not have to be as detailed as Juan's. It is perfectly fine if you just say your name, and what field you are using GNU Parallel for.

Quote of the month:

  I get a weird sense of satisfaction every single time I see the lovely logo of #GNU Parallel (plus, what an underrated piece of great software!)
    -- Emre Sevinç @EmreSevinc@twitter

New in this release:

  • --termseq now works for jobs running remotely.
  • parsort: Performance optimized for 64-core machines.
  • Bug fixes and man page updates.

News about GNU Parallel:

Get the book: GNU Parallel 2018

GNU Parallel - For people who live life in the parallel lane.

If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include command that uses GNU Parallel if you feel like it.

About GNU Parallel

GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.

If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.

GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.

For example you can run this to convert all jpeg files into png and gif files and have a progress bar:

  parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif

Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:

  find . -name '*.jpg' |
    parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200

You can find more about GNU Parallel at:

You can install GNU Parallel in just 10 seconds with:

    $ (wget -O - || lynx -source || curl || \
       fetch -o - ) >
    $ sha1sum | grep 3374ec53bacb199b245af2dda86df6c9
    12345678 3374ec53 bacb199b 245af2dd a86df6c9
    $ md5sum | grep 029a9ac06e8b5bc6052eac57b2c3c9ca
    029a9ac0 6e8b5bc6 052eac57 b2c3c9ca
    $ sha512sum | grep f517006d9897747bed8a4694b1acba1b
    40f53af6 9e20dae5 713ba06c f517006d 9897747b ed8a4694 b1acba1b 1464beb4
    60055629 3f2356f3 3e9c4e3c 76e3f3af a9db4b32 bd33322b 975696fc e6b23cfb
    $ bash

Watch the intro video on

Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.

When using programs that use GNU Parallel to process data for publication please cite:

O. Tange (2018): GNU Parallel 2018, March 2018,

If you like GNU Parallel:

  • Give a demo at your local user group/team/colleagues
  • Post the intro videos on Reddit/Diaspora*/forums/blogs/ lists
  • Get the merchandise
  • Request or write a review for your favourite blog or magazine
  • Request or build a package for your favourite distribution (if it is not already there)
  • Invite me for your next conference

If you use programs that use GNU Parallel for research:

  • Please cite GNU Parallel in you publications (use --citation)

If GNU Parallel saves you money:


GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.

The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.

When using GNU SQL for a publication please cite:

O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.

About GNU Niceload

GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.




Ubuntu 20.10 (Groovy Gorilla) released []

The Ubuntu 20.10 release is out. "The Ubuntu kernel has been updated to the 5.8 based Linux kernel, and our default toolchain has moved to gcc 10 with glibc 2.32. Additionally, there is now a desktop variant of the Raspberry Pi image for Raspberry Pi 4 4GB and 8GB. Ubuntu Desktop 20.10 introduces GNOME 3.38, the fastest release yet with significant performance improvements delivering a more responsive Experience". See the release notes for more details.


2020-21 is the asterisk academic year [I, Cringely]

A few weeks ago I wrote a column about helping our children cope with distance learning as we hide from COVID-19. Since then I’ve watched the progress of my own children — Cole (16) and Fallon (14) are still at home — and I’ve spoken to friends and teachers all over the world. It isn’t going well. In fact, the whole distance learning experience has been a disaster that will ultimately result in this academic year being forever assigned an asterisk to separate it from every other academic year, before or after.

I hope your experience is better, but I doubt that is the case. And the fact that people aren’t generally saying what I am here is because there’s lag in the system and the teachers and school administrators, frankly, don’t want to admit just how bad things are. But shit will shortly hit fans all over the world, I assure you, and the impact will last for years to come.

Nobody likes distance learning. Kids miss their friends, parents miss sending their kids off to school each day, and teachers miss their traditional classroom settings, systems, and power structures. For the most part none of us had a choice in this, nor did we have a chance to prepare. Yes, we had a few weeks of distance learning last spring, but that year mainly ended intact and most of us didn’t expect to still be doing it six months later.

This is NOT an argument for reopening schools. There is still a pandemic, after all. Reopening schools at this point would just cost more lives, so we shouldn’t do it yet. But we also have to face the fact that distance learning has societal costs.

The vast majority of students do better in an actual classroom. While distance learning may have been a novelty last spring, this fall that novelty is long gone, replaced with dread and a sense that something is very wrong. We’ll see it when grades start coming-in, because those grades are going to be terrible.

And if the grades aren’t terrible, that’s probably even worse because they should be terrible. In most cases good grades will be lies.

There are too many cracks in this system and too many kids falling through those cracks.

Among the many problems of distance learning is that there’s no tradition of it and no training. Teachers were hired with no thought to how they’d do as distance educators. It’s a completely different skill set, I assure you. While Sal Khan of Khan Academy fame may be a perfect distance teacher, we have no idea how he’d do in an actual classroom. By the same token, a teacher with 30 years of classroom experience may or may not (probably not) be able to transfer much of that expertise into distance learning.

Teachers and students alike are pissed-off and tired.

I see with my own kids that systems aren’t working very well. I try to monitor their progress, but that requires my using four separate systems here in Santa Rosa, California — the school web site, Google Classroom, and Illuminate and Jupiter Ed (two digital grade books). That’s too much, too complex, too stupid. Why have two different grade books? This makes no sense.

Google Classroom is set up for teachers and students, not parents, for example. Try to log-in and it asks if you are a student or a teacher? Well I am neither. It turns out there is a way to get an account as a guardian, but you have to really dig to find that and hardly anyone even knows the capability exists. Ask your school. This has to change because without parents the whole distance learning system falls apart.

Just getting your kids reliably to class is a challenge. When they are actually in a physical school building, it requires real effort on the student’s part NOT to be in class. With distance learning, missing class is as easy as over-sleeping. And 14-16 year-old boys are EXPERTS at over-sleeping. You can remind them 10 minutes before class and they still may miss it.

Worse still, some teachers are so bad at using the technology that your kids can make it to class yet their attendance still goes unrecorded. We’ve had that happen several times. I get an e-mail saying my son missed class. It’s always a day late, too, when it would make sense to send out the e-mails at the halfway point of the class so I still have a fighting chance of getting my kid into the room. Why wait a day? This makes no sense.

I sent emails to all seven of Fallon’s teachers. Two replied immediately, two more in a week, and the last three took 10 days and three follow-ups. Nearly all of them promised me information that I have yet to receive. Are they really too busy? I don’t think so.

Teachers can be remarkably bad at grading homework, too. Did they receive the homework or didn’t they receive it? Why do these grading systems automatically give a zero grade if the teacher hasn’t even looked at the work? Who is that supposed to motivate? It doesn’t seem to be working.

Remembering my own student days, my mother thought teachers were infallible. In sixth grade I remember complaining all year about my crazy teacher, Mrs. Connolly, who was, well, crazy. For the entire year all we studied was math, which isn’t bad in itself but how, then, did she give me a grade in English? Mom said I was just a lazy little shit and Mrs. Connolly was great. How did Mom know that? The next year, when my sister was in Mrs. Connolly’s class, the teacher had a mental breakdown about a month into the school year and was institutionalized. Oops. My point here is that not only aren’t we hiring teachers with distance learning skills, we have no good ways of monitoring either student OR TEACHER performance.

One might argue, since everything is digital, that I am precisely wrong, that we have total access to everything, but that’s simply not true. Is that zero really a zero? Did you go to class or didn’t you? For that matter, what are the criteria for grading and how closely are those criteria being followed? There is absolutely no way of knowing.

So while we might assume that everything is going smoothly I can tell you absolutely that it isn’t, because even perfect performance with this system is just barely adequate in terms of student and teacher involvement. If your kid is struggling with distance learning it is very possible — very LIKELY — that his teacher doesn’t even know that.

What does this mean for next year, when presumably we’ll have a vaccine and everyone will be back in class? It means that we won’t be able to count on our kids having learned what they were supposed to have learned this year. They’ll have to learn it all over again. OR we’ll just say that it doesn’t matter. At the very least (very best) we’ll have to add a new layer of testing that absolutely doesn’t yet exist.

We’re in an education crisis that won’t go away with another economic stimulus package and won’t even go away with a vaccine. In fact it is going to only get worse. That’s why I predict this will be an asterisk year.

Think of the effect on college admissions. What used to be a pretty organized system with transcripts and essays and standardized tests like the SAT and ACT has been turned on its head. For this year at least, we’ll need to come up with some other way of deciding who gets into universities and who doesn’t. There will inevitably be victims of this bastardized system. We’ve told our children for 12 years this is what you need to do to get into UC Berkeley only now it’s all changed. Sorry.

The education system will repair itself over time. The pandemic will end, wounds will appear to heal, but the class of 2021 may go for another 40+ years with the stigma of that asterisk. It’s not their fault, but they’ll still be held responsible.

Or maybe the problem will simply disappear, in which case the facade of educational superiority may disappear with it. I know my kids are questioning the whole system: Why can’t we spend Grandma’s 529 money on surfing lessons?

Why, again, are we doing this, especially if we’re in a world where the idea that we’re preparing our kids for careers could be completely wrong? With career skill sets that now last less than a decade, it’s a question that will take years to definitively answer.

Remember you heard it here first.

Digital Branding
Web Design Marketing


Link [Scripting News]

Tying. A big company uses a monopoly in one area to create a monopoly in another. It was the basis for the anti-trust case against Microsoft in the 90s. They were forcing PC manufacturers to bundle their web browser, which was not a monopoly with their operating system, which was, thus forcing the leading browser, Netscape, out of the market. This happens over and over in tech. Google does it by using their monopoly in search to crush competitors in other categories. It can't be allowed. Products must compete on merit, not because we are forced to use them.

Link [Scripting News]

Andrew has a new version of the rssCloud server, a beta of v2.0.


Bastian Blank: Salsa updated to GitLab 13.5 [Planet Debian]

Today, GitLab released the version 13.5 with several new features. Also Salsa got some changes applied to it.

GitLab 13.5

GitLab 13.5 includes several new features. See the upstream release postfix for a full list.

Shared runner builds on larger instances

It's been way over two years since we started to use Google Compute Engine (GCE) for Salsa. Since then, all the jobs running on the shared runners run within a n1-standard-1 instance, providing a fresh set of one vCPU and 3.75GB of RAM for each and every build.

GCE supports several new instance types, featuring better and faster CPUs, including current AMD EPICs. However, as it turns out, GCE does not support any single vCPU instances for any of those types. So jobs in the future will use n2d-standard-2 for the time being, provinding two vCPUs and 8GB of RAM..

Builds run with IPv6 enabled

All builds run with IPv6 enabled in the Docker environment. This means the lo network device got the IPv6 loopback address ::1 assigned. So tests that need minimal IPv6 support can succeed. It however does not include any external IPv6 connectivity.


Political (Dis)Engagement [Whatever]

Here’s a piece I’m thinking about today, in the New York Times: The Real Divide in America Is Between Political Junkies and Everyone Else.

The opening grafs from the article:

The common view of American politics today is of a clamorous divide between Democrats and Republicans, an unyielding, inevitable clash of harsh partisan polarization.

But that focus obscures another, enormous gulf — the gap between those who follow politics closely and those who don’t. Call it the “attention divide.”

What we found is that most Americans — upward of 80 percent to 85 percent — follow politics casually or not at all. Just 15 percent to 20 percent follow it closely (the people we call “deeply involved”): the group of people who monitor everything from covfefe to the politics of “Cuties.”

What the article describes is… fairly accurate in my experience? My own circle of friends is pretty political in general — either being political is part of their identity, or their identity is political, or both — but outside of my circle of friends are family, acquaintances and neighbors who largely don’t engage with politics with the same attentiveness or fervor. When you are a politically-oriented person, it’s easy to forget that many if most people don’t engage with politics with the same intensity.

I’ll be the first to note that this doesn’t make sense to me — I am of the opinion that politics is only slightly less important than breathing — but then again I was and am a professional opinion-haver. I think you all will recall that I was a newspaper columnist back in the day, and in that column I was writing about current events, including politics. And of course for the last twenty-two years I’ve been writing about it here and elsewhere, too. I have to acknowledge that both professionally and personally, it’s possible I’m an outlier.

And you might be, too! If you are a politically-oriented person, it’s not really that much of a surprise that your immediate circle of friends might be politically-oriented as well. It’s not that much of a surprise because whatever one’s enthusiasms, it makes sense that the people you like spending time with might have similar enthusiasms. Did you know: I write science fiction novels? Do you know what it is that quite a lot of my friends and acquaintances read (and write)? Science fiction novels! And yet, immediately outside of that circle of friends, the number of people who read and write science fiction novels drops off precipitately, into the realm of people who read science fiction novels seldom, or, indeed, at all.

Politics is more important than science fiction, though, you might say, and I wouldn’t disagree with that. But just because something is important doesn’t mean people give it importance. Cishet white folks most of all can make that choice, but I don’t think it’s something that only cishet white people do; I know friends of various marginalized communities who have expressed frustration at others in those communities who are not as politically engaged. Some people don’t care, or think it’s important, or, at the very least, don’t think it’s something they need to think about all the time.

Does this mean that they won’t be responsible voters every couple of years? I think the knee-jerk reaction of everyone who prioritizes politics is to say that they won’t be responsible voters — this is where cranky people say things like “I would rather they don’t vote at all!” — but I think that’s uncharitable. I think it’s possible for someone who doesn’t live and breathe politics to take some time prior to voting to catch up on the big stuff and vote responsibly. And if they don’t… well, as I said in a previous entry, I don’t think political parties really see that as much of a problem. They’re just as happy with someone who will go in and reflexively vote a straight line party ticket as they are with someone who sweats their choices in every race, and maybe even more so, since the person who is really thinking about it might make a non-party-line vote.

I should be clear that how one votes matters, and once again, I think voting for Trump this year is an intrinsically bigoted and dangerous act, not to be excused by “well, I’m not really that political.” One can act politically even when one doesn’t engage with the field of politics. But I do think that those of us who live and breathe politics do well to remember that it’s not an all-encompassing thing for a whole lot of people. They’re not ignorant, or dimwitted, or apathetic. They have a different set of priorities regarding how they want to apportion their brain cycles. One can agree or disagree with those choices, but it doesn’t change the fact those choices are being made.

— JS


Link [Scripting News]

Since Andrew is working on a new version of the rssCloud server now, he asked if it would make sense to support OPML in rssCloud. That would mean adding a <head> element that had all the info that's in the rssCloud element in an RSS feed. It's a good idea, but.. (sorry) -- OPML already has a realtime notification service, it came after rssCloud and is based on web sockects. It's the core tech behind the Instant Outliner, a protocol that LO2 implements.

Waze and Means – DORK TOWER 21.10.20 [Dork Tower]

Dork Tower is updated Mondays, Wednesdays and Fridays, thanks to its amazing Patreon supporters. Help bring more Dork Tower to the world – support the DORK TOWER PATREON,  (you also get swag, our eternal gratitude, and even more)! Lots of different levels to choose from, but even a $1 pledge helps!


[$] Constant-action bitmaps for seccomp() []

The seccomp() system call allows user space to load one or more (classic) BPF programs to be run whenever the calling process invokes a system call. Those programs can examine (to an extent) the arguments to each call and inform the kernel whether the call should be allowed to proceed or not. This feature is used in a number of containerization solutions (and beyond) as a way of reducing the kernel's attack surface. In some situations, though, using seccomp() can result in a significant performance reduction. There are currently two patch sets in circulation that are aimed at reducing the overhead of seccomp() for one common use case.

Security updates for Thursday []

Security updates have been issued by Arch Linux (freetype2), Debian (bluez, firefox-esr, and freetype), Fedora (firefox), openSUSE (chromium), Oracle (kernel), Red Hat (java-11-openjdk), Slackware (kernel), SUSE (freetype2, gnutls, kernel, php7, and tomcat), and Ubuntu (flightgear, italc, libapache2-mod-auth-mellon, libetpan, and php-imagick).

Michał Herda: The Common Lisp Condition System is out now [Planet Lisp]


After just a bit more than six months, my first programming book is out and generally available. I hope that it works well for everyone who wants to explore the condition system, how it differs from standard exception-throwing systems in other programming languages, how to implement it and how to leverage it in real-world scenarios.


  • Apress - for buying and general information
  • Amazon - for buying and general information
  • GitHub - includes the full source code from the book and the online-only Appendix E ("Discussing the Common Lisp Condition System")

[Filler] Twokinds 17th Anniversary! [Twokinds]

Comic for October 22, 2020

Pluralistic: 22 Oct 2020 [Pluralistic: Daily links from Cory Doctorow]

Today's links

IDing anonymized cops with facial recognition (permalink)

As pandemic and climate emergency force the contradictions of capitalism to the breaking-point, the world's streets have erupted in ceaseless, ferocious protest. In a desperate bid to prolong their rule, elites have fielded increasingly cruel and violent police responses.

The cops are, to varying degrees, complicit. They have chosen to follow orders rather than risk their jobs (or even, in some cases, their safety from state retaliation).

The increasingly obvious injustice of the cause they fight for also increases the risk they bear.

There are three risks for the shock troops of late-stage capitalism:

I. the risk of official sanction by the state they fight for

II. the risk of punishment by a new regime should their cause fail

III. the risk of vigilante justice for the people they brutalize and murder

To reduce this risk, cops are going anonymous: not just wearing covid masks, but also removing their badges, nametags, and (notoriously in Portland), all insignia save generic windbreakers emblazoned POLICE, so even their agency affiliation is anonymized.

For every measure, there is a countermeasure. Networked authoritarianism has driven down the cost of facial recognition tools, and protesters have turned these tools on anonymized cops.

Kashmir Hill's NY Times story on the phenomenon is wild.

During the Hong Kong uprisings, Colin Cheung was arrested after he posted a video showing how he was identifying anonymized cops from online photos:

Artist Paolo Cirio posted an online exhibit called "Capture" with images of 4,000 French cops who participated in the crackdown of the Gilet Jaunes protests as a step toward automated identification (the photos were removed after government threats).

And in Portland, a self-taught programmer named Christopher Howell responded to police leadership's exhortation for officers to cover their nametags by developing facial recognition to reidentify law enforcement officers who took the advice.

Howell's project came to light when he responded to the city's call for comments on a proposal to ban facial recognition tools, a measure that was meant to curb authoritarian surveillance. He wanted to know if the rule also banned antiauthoritarian surveillance?

The city's lawyer confirmed that Howell's tools would be legal as the rule only banned organizations – not individuals – from using facial recognition.

According to Hill, the authorities are "not pleased."

ENDSARS (permalink)

People of Nigerian descent and human rights activists around the world have taken to the streets under the banner of #EndSARSProtest: a global protest movement over Nigeria's lawless, murdering Special Anti-Robbery Squad.

SARS was founded in 1984 in answer to a wave of property crimes, today, its founder Fulani Kwajafa says that it has "turned into banditry" – Amnesty International has documented 82 cases of torture, brutality and murder by SARS since 2017.

The current wave of protests was ignited by the public murder of a young man by SARS officers on Oct 8. President Muhammadu Buhari has disbanded the unit, but the criminals who served in it have been deployed elsewhere in Nigerian security forces, spreading the contagion.

The End SARS movement has five demands:

I. Release protesters

II. Justice for survivors of police violence and for families of the murdered

III. Independent oversight of police brutality complaints

IV. Retraining and psych evals for former SARS officers before they are allowed to serve again

V. A living wage for cops so they do not need to commit crimes in order to survive

#EndSARS protests have been met with brutality in Nigeria, including lethal police gunfire.

This video from Trevor Noah is an excellent backgrounder on the protests and their demands.

Companies target robots in disclosures (permalink)

To understand financialized snake-oil, you must understand Goodhart's Law: "Any measure can become a target." Goodhart's Law explains why something that works really well at the outset quickly turns into an arms-race with grifters.

For a recent example, think of Pagerank, the original secret sauce of Google Search. Larry Page had a key insight: a link from one web page to another page was an indicator of significance.

The web was written primarily by human hands and making links took work. If a web-writer linked to something on the web, it meant that they thought it was important. Thus, you could assess the relative significance of a web page by counting the number of links pointing to it.

This worked far better than rivals' methods – Altavista's idiotic keyword-counting, for example (a page is relevant to the query "cat" if the word "cat" and its synonyms appear frequently on that page; pages with the most "cat"s go at the top of the listing).

At the outset, inbound links were a great measurement of significance. But once inbound links became a way to game search-rank, they became a target, too: web-writers found ways to garner inbound links, from the relatively benign "webrings" to gross "linkfarms."

Today, Google's search ranking considers hundreds of "signals," locked in an arms race scammers who want to chaff or spoof the system.

The same thing is going on in finance.

Public companies have a regulatory duty to publish financial disclosures, which range from fanciful (Warren Buffet's annual letters) to dry. Finance analysts once carefully pored over these reports looking for clues to a company's fortunes.

As natural language parsing tools and machine learning improved, this process was automated. The robots that digested these reports didn't confine their analysis to the numbers: they also used "sentiment analysis" to try to guess at the mental state of the reports' authors.

Sentiment analysis is a notoriously garbage technology, grounded in low-quality, unreplicable psych research. Even when implemented by the biggest corporate R&D; labs, it is effectively ML graphology, pure pseudoscience.

The finance sector is full of superstitious nonsense. This is the industry whose "smartest investors" hand (literal) trillions to hedge funds that underperform simple index funds. It's not surprising that they were marks for slicksters selling sentiment analysis magic-beans.

Analysts' ratings control share-prices, and corporate executives derive the lion's share of their pay from stock in their own companies, and so corporate governance becomes a giant game of Goodhart's Law in which execs target the metrics that analysts rely on.

Share-based compensation is supposed to align managers' interests with the shareholders: instead, it aligns their interests with the prejudices of analysts.

Think of how Frontier went bankrupt after leaving $800m in profits on the table because the spending needed to get it was dispreferred by the analysts who controlled the company's share price (and thus its execs' take-home pay):

Predictably, then: the modern financial disclosure is optimized for machine readability by analysts' robots, and it uses language that is designed to be interpreted as positive by sentiment analysis systems:

"Firms with high expected machine downloads manage textual sentiment and audio emotion in ways catered to machine and AI readers, such as by differentially avoiding words that are perceived as negative by computational algorithms as compared to those by human readers, and by exhibiting speech emotion favored by machine learning software processors."

-"How to Talk When a Machine is Listening: Corporate Disclosure in the Age of AI," Cao, Jiang, Yang & Zhang, NBER

The most grimly hilarious part of this: it will doubtless be offered as evidence for sentiment analysis, when the real lesson is a tautology: "If you speak in words that algorithms interpret as positive, the algorithms will interpret the speech in a positive light."

It's the finance version of self-driving car grifters who insist that their vehicles will be safe for pedestrians once we teach all the pedestrians to behave in ways that the cars can correctly interpret.

US border cruelty, powered by Google cloud (permalink)

In 2018, 20,000 googlers walked off the job in a protest over the company's tolerance for (and rewards to) sexual predators.

The walkout was the culmination of a long year of moral reckonings for Google workers, amid revelations that the company was secretly building AI tools to help the Pentagon's drone program and search tools to help the Chinese state suppress and spy on dissidence.

And while the walkouts killed these controversial projects, forced some exec resignations, and ended the company's use of binding arbitration clauses in employment contracts, the key organizers were forced out:

Ultimately, the company's commitment to networked authoritarianism and profits over human rights has continued to overpower any fear of worker walkouts. How else to explain yesterday's news that the company is helping CBP police the US-Mexican border?

As Lee Fang and Sam Biddle write for The Intercept, Google's role in providing cloud AI services for the "virtual border" was laundered through Thundercat Technology, a fact revealed by Jack Poulson, an AI scientist who quit Google over its Chinese censorship project.

Google's Cloud and AI systems are being integrated with tools sold by Anduril Industries, the company founded by the neofascist Palmer Luckey, who was made a billionare by Facebook when they bought his Oculus VR startup at a hugely inflated price.

Luckey is a sociopath pariah who has been caught secretly funding white nationalist movements. His company is allied with Palantir, a company that produces tools for automating racial oppression and mass surveillance.

Luckey boasts that his company's recruiting materials court engineers who want to build weapons. He has donated $1.7m to Donald Trump's re-election campagin. He is precisely the kind of unsavory would-be war-criminal that Google leadership promised it wouldn't associate with.

The history of tech is strewn with technologists who turned a blind eye to the use of their inventions to commit hideous war crimes, such as IBM's complicity in Nazi death camps.

Google's use of a cutout to disguise its participation in the ethnic cleansing project on the US sourther border is eerily reminiscent of IBM's systems for laundering its complicity with extermination camps.

Free the law of Wisconsin (permalink)

Wisconsin's judges work with the state university system to produce standard "jury instructions" that are key to how the state's juries interpret the law when they deliberate. Judges then adapt these for each trial based on the facts of the case.

Jury instructions are produced at public expense, by public employees, including members of the judiciary in the course of their normal duties. By any reasonable standard, these should free and in the public domain.

A bedrock of law – dating to the Magna Carta – is that it must be public to be the law.

But neither the standard instructions nor the case-based versions are available to the public. They are sold for $500 a pop, festooned with copyright notices and dire warnings.

This is red meat for rogue archivist Carl Malamud, who has made a career out of publishing copyrighted laws, including a recent victory at the Supreme Court over whether the state of Georgia's copyright claims over its laws were valid.

After being contacted by a WI lawyer – who pointed out that law firms were relying on out-of-date versions of jury instructions because staying current costs $500/yr – Malamud wrote to the judges and the law profs behind the jury instructions.

Malamud put them on notice that they should be publishing this vital part of the state's law, and that if they didn't, he would. The judges never wrote back, and the law profs turned it the matter over to their university's counsel.

After some delays, the university's lawyer wrote back to Malamud and told him that they were getting out of the business of copyrighting the law, and the WI judicial conference would be making these public by February.

The letter claims they're doing this because it's right, but adds Wisconsin is within its rights to continue to claim copyright over the law.

To understand why this is a terrible and wrong idea, check out Public Resource's excellent explainer video:

The video features EFF legal director Corynne McSherry, who has represented Malamud on many occasions. Her explanation (about 25 mins in) is an excellent, <10m primer on the need for the law to be public.

This day in history (permalink)

#5yrsago Fable Comics: anthology of great comics artists telling fables from around the world

#5yrsago Son of Dieselgate: second line of VWs may have used “defeat devices”

#5yrsago DHS admits it uses Stingrays for VIPs, vows to sometimes get warrants, stop lying to judges

#5yrsago Half of Vanuatu’s government is going to jail

#5yrsago Obama administration petitions judge for no mercy in student debt bankruptcy

#1yrago Margaret Atwood’s “The Testaments”: a long-awaited Handmaid’s Tale sequel fulfills its promise

#1yrago Materiality: a new science fiction story for the Oslo Architecture Triennale about sustainable, green abundance

#1yrago Ernst and Young subjected women employees to “training” about keeping the company’s men happy

#1yrago NJ school district bans indebted students from prom and field trips, refuses offer to pay off lunch debt

Colophon (permalink)

Today's top sources: Four Short Links (, Slashdot (

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 530 words (75542 total).

Currently reading: Harrow the Ninth, Tamsyn Muir

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 17)

Upcoming appearances:

Recent appearances:

Latest book:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla


Today in GPF History for Thursday, October 22, 2020 [General Protection Fault: The Comic Strip]

Someone is trying to DDoS GPF's servers, but their sloppy handiwork leads Fooker straight to the culprit...


Our Favorite Questions [Radar]

On peut interroger n’importe qui, dans n’importe quel état; ce sont rarement les réponses qui apportent la vérité, mais l’enchaînement des questions.

You can interrogate anyone, no matter what their state of being.  It’s rarely their answers that unveil the truth, but the sequence of questions that you have to ask.
–  Inspector Pastor in La Fée Carabine, by Daniel Pennac

The authors’ jobs all involve asking questions.  A lot of questions. We do so out of genuine curiosity as well as professional necessity: Q is an ML/AI consultant, Chris is a product manager in the AI space, and Shane is an attorney.  While we approach our questions from different angles because of our different roles,  we all have the same goal in mind: we want to elicit truth and get people working with us to dig deeper into an issue. Preferably before things get out of hand, but sometimes precisely because they have.

A recent discussion led us down the path of our favorite questions: what they are, why they’re useful, and when they don’t work so well.  We then each chose our top three questions, which we’ve detailed in this article.

We hope you’re able to borrow questions you haven’t used before, and even cook up new questions that are more closely related to your personal and professional interests.

What makes a good question?

Before we get too far, let’s explore what we mean by a “good question.”

For one, it’s broad and open-ended.  It’s a lot less “did this happen?” and more “what happened?”  It encourages people to share their thoughts and go deep.

There’s an implied “tell me more” in an open-ended question.  Follow it with silence, and (as any professional interrogator will tell you) people will fill in extra details. They will get to what happened, along with when and how and why.  They will tell a full story, which may then lead to more questions, which branch into other stories. All of this fills in more pieces to the puzzle.  Sometimes, it sheds light on parts of the puzzle you didn’t know existed.

By comparison, yes/no questions implicitly demand nothing more than what was expressly asked.  That makes them too easy to dodge.

Two, a good question challenges the person asking it as much as (if not more than) the person who is expected to answer.  Anyone can toss out questions at random, in an attempt to fill the silence. To pose useful questions requires that you first understand the present situation, know where you want to wind up, and map out stepping-stones between the two.

Case in point: the Daniel Pennac line that opened this piece was uttered by a detective who was “interviewing” a person in a coma.  As he inspected their wounds, he asked more questions to  explore their backstory, and that helped him to piece together his next steps of the investigation.  Perhaps Inspector Pennac was inspired by Georg Cantor, who once said: “To ask the right question is harder than to answer it.”

Three, a good question doesn’t always have a right answer.  Some of them don’t have any answer at all.  And that’s fine. Sometimes the goal of asking a question is to break the ice on a topic, opening a discussion that paints a larger picture.

Four, sometimes a question is effective precisely because it comes from an unexpected place or person. While writing this piece, one author pointed out (spoiler alert) that the attorney asked all of the technical questions, which seems odd, until you realize that he’s had to ask those because other people did not. When questions seem to come out of nowhere—but they are really born of experience—they can shake people out of the fog of status quo and open their eyes to new thoughts.

A brief disclaimer

The opinions presented here are personal, do not reflect the view of our employers, and are not professional product, consulting, or legal advice.

The questions

What does this company really do?

Source: Q

The backstory: This is the kind of question you sometimes have to ask three times. The first time, someone will try to hand you the company’s mission statement or slogan. The second time, they’ll provide a description of the company: industry vertical, size, and revenue. So you ask again, this time with an emphasis on the really. And then you wait for the question to sink in, and for the person to work backwards from all of the company’s disparate activities to see what it’s all truly for. Which will be somewhere between the raison d’etre and the sine qua non.

Taking the time to work this out is like building a mathematical model: if you understand what a company truly does, you don’t just get a better understanding of the present, but you can also predict the future. It guides decisions such as what projects to implement, what competitors to buy, and whom to hire into certain roles.

As a concrete example, take Amazon. Everyone thinks it’s a store. It has a store, but at its core, Amazon is a delivery/logistics powerhouse.  Everything they do has to end with your purchases winding up in your hot little hands. Nothing else they do matters—not the slick website, not the voice-activated ordering, not the recommendation engine—unless they get delivery and logistics down.

How I use it: I explore this early in a consulting relationship. Sometimes even early in the sales cycle. And I don’t try to hide it; I’ll ask it, flat-out, and wait for people to fill the silence.

Why it’s useful: My work focuses on helping companies to start, restart, and assess their ML/AI efforts. Understanding the company’s true purpose unlocks the business model and sheds light on what is useful to do with the data. As a bonus, it can also highlight cases of conflict. Because sometimes key figures have very different ideas of what the company is and what it should do next.

When it doesn’t work so well: This question can catch people off-guard.  Since I work in the AI space, people sometimes have a preconceived notion that I’ll only talk about data and models.  Hearing this question from an ostensibly technical person can be jarring… though, sometimes, that can actually help the conversation along.  So it’s definitely a double-edged sword.

What is a bad idea?

Source: Chris

The backstory: Ideation is about coming up with the “best” ideas. What is the best way to solve this problem? What is the most important? What is best for the business?

The problem with “best” is that it is tied up with all of the biases and assumptions someone already has. To get to what really matters we have to understand the edge of what is good or bad. The gray area between those tells you the shape of the problem.

Half the time this question will give you real, bad ideas. 

What has been surprising to me is that the other half of the time, the so-called “bad” idea is really a “good” idea in disguise.  You just have to relax certain assumptions. Often these assumptions were just set at some point without a reason or much to back it up.

How I use it: I like to ask this after going through a lot of the “best” questions in an ideation session. It can be adapted to focus on different types of “bad,” like “stupid,” “wasteful,” and “unethical.”  Ask follow up questions about why they believe the idea is “bad” and why it might actually be “good.”

Why it’s useful: How can you truly know what is good without also knowing what is bad?

When it doesn’t work so well: When I was a design consultant working for clients in highly regulated industries (.e.g banking, insurance, etc.), I found this can be a difficult question to ask. In those cases you will need to get your legal team to either grant the attorney/client privilege to ask the questions, or ask the prompt/response in such a way that it protects people in the conversation.

How did you obtain your training data?

Source: Shane

The backstory: In the early days of ML training data, companies and research teams frequently used “some stuff we found on the Internet” as a source for training data. This approach has two problems: (1) there may not be an appropriate license attached to the data, and (2) the data may not be a good representative sample for the intended use. It’s worth noting that the first issue is not just limited to images collected from the Internet. In recent years a number of research datasets (including Stanford’s Brainwash, Microsoft’s MS Celeb, and Duke’s MTMC) were withdrawn for reasons including a lack of clarity around the permission and rights granted by people appearing in the datasets. More recently, at least one company has earned itself significant PR and legal controversy for collecting training data sources from social media platforms under circumstances that were at least arguably a violation of both the platform’s terms of service and platform users’ legal rights. 

The safest course of action is also the slowest and most expensive: obtain your training data as part of a collection strategy that includes efforts to obtain the correct representative sample under an explicit license for use as training data. The next best approach is to use existing data collected under broad licensing rights that include use as training data even if that use was not the explicit purpose of the collection.

How I use it: I like to ask this as early as possible.  You don’t want to invest your time, effort, and money building models only to later realize that you can’t use them, or that using them will be much more expensive than anticipated because of unexpected licenses or royalty payments. It’s also a good indirect measure of training data quality: a team that does not know where their data originated is likely to not know other important details about the data as well.

Why it’s useful: No matter how the data is collected, a review by legal counsel before starting a project—and allow me to emphasise the word before—can prevent significant downstream headaches.

When it doesn’t work so well:  This question is most useful when asked before the model goes into production. It loses value once the model is on sale or in service, particularly if it is embedded in a hardware device that can’t be easily updated.

What is the intended use of the model? How many people will use it? And what happens when it fails?

Source: Shane

The backstory: One of the most interesting aspects of machine learning (ML) is its very broad applicability across a variety of industries and use cases. ML can be used to identify cats in photos as well as to guide autonomous vehicles. Understandably, the potential harm caused by showing a customer a dog when they expected to see a cat is significantly different from the potential harm caused by an autonomous driving model failing to properly recognize a stop sign.  Determining the risk profile of a given model requires a case-by-case evaluation but it can be useful to think of the failure risk in three broad categories:

  • “If this model fails, someone might die or have their sensitive data exposed” — Examples of these kinds of uses include automated driving/flying systems and biometric access features. ML models directly involved in critical safety systems are generally easy to identify as areas of concern. That said, the risks involved require a very careful evaluation of the processes used to generate, test, and deploy those models, particularly in cases where there are significant public risks involved in any of the aforementioned steps.
  • “If this model fails, someone might lose access to an important service” — Say, payment fraud detection and social media content detection algorithms. Most of us have had the experience of temporarily losing access to a credit card for buying something that “didn’t fit our spending profile.” Recently, a law professor who studies automated content moderation was suspended … by a social media platform’s automated content moderation system. All this because they quoted a reporter who writes about automated content moderation. These kinds of service-access ML models are increasingly used to make decisions about what we can spend, what we can say, and even where and how we can travel. The end-user risks are not as critical as in a safety or data protection system, but their failure can represent a significant reputation risk to the business that uses them when the failure mode is to effectively ban users from a product or service. It is important for companies employing ML in these situations to understand how this all fits into the overall risk profile of the company. They’d do well to carefully weigh the relative merit of using ML to augment existing controls and human decision-making versus replace those controls and leave the model as the sole decision-maker.
  • “If this model fails, people may be mildly inconvenienced or embarrassed” —  Such systems include image classifiers, recommendation engines, and automated image manipulation tools. In my experience, companies significantly understate the potential downside for ML failures that, while only inconvenient to individual users, can carry significant PR risk in the aggregate. A company may think that failures in a shopping recommendation algorithm are “not a big deal” until the algorithm suggests highly inappropriate results to millions of users for an innocuous and very common query.  Similarly, employees working on a face autodetection routine for a camera may think occasional failures are insignificant until the product is on sale and users discover that the feature fails to recognize faces with facial hair, or a particular hairstyle, or a particular range of skin color.

How I use it: I use this question to determine both the potential risk from an individual failure and the potential aggregate risk from a systemic failure.  It also feeds back into my question about training data: some relatively minor potential harms are worth additional investment in training data and testing if they could inconvenience millions, or billions, of users or create a significant negative PR cycle for a company.

Why it’s useful: This is the sort of question that gets people thinking about the importance of their model in the overall business. It can also be a helpful guide that companies invest in such a model, and the kinds of business processes that are amenable to models.  Remember that models that work nearly perfectly can still fail spectacularly in unusual situations.

When it doesn’t work so well: We don’t always have the luxury of time or accurate foresight. Sometimes a business does not know how a model will be used: a model is developed for Product X and repurposed for Product Y, a minor beta feature suddenly becomes an overnight success, or a business necessity unexpectedly forces a model into widespread production.

What’s the cost of doing nothing?

Source: Q

The backstory: A consultant is an agent of change. When a prospect contacts me to discuss a project, I find it helpful to compare the cost of the desired change to the cost of another-change or even to the cost of the not-change. “What happens if you don’t do this? What costs do you incur, what exposures do take on now? And six months from now?” A high cost of doing nothing means that this is an urgent matter.

Some consultants will tell you that a high cost of doing nothing is universally great (it means the prospect is ready to move) and a low cost is universally bad (the prospect isn’t really interested).  I see it differently: we can use that cost of doing nothing as a guide to how we define the project’s timeline, fee structure, and approach. If the change is extremely urgent—a very high cost of doing nothing—it may warrant a quick fix now, soon followed by a more formal approach once the system is stable. A low cost of doing nothing, by comparison, means that we can define the project as “research” or “an experiment,” and move at a slower pace.

How I use it: I will ask this one, flat-out, once a consulting prospect has outlined what they want to do.

Why it’s useful: Besides helping to shape the structure of the project, understanding the cost of doing nothing can also shed light on the prospect’s motivations. That, in turn, can unlock additional information that can be relevant to the project. (For example, maybe the services I provide will help them reach the desired change, but that change won’t really help the company. Perhaps I can refer them to someone else in that case.)

When it doesn’t work so well: Sometimes people don’t have a good handle on the risks and challenges they (don’t) face. They may hastily answer that this is an urgent matter when it’s not; or they may try to convince you that everything is fine when you can clearly see that the proverbial house is on fire. When you detect that their words and the situation don’t align, you can ask them to shed light on their longer-term plans. That may help them to see the situation more clearly.

How would we know we are wrong?

Source: Chris

The backstory: This is something that was inspired from the intersection of an incredibly boring decision-science book and roadmap planning. Decision trees and roadmaps are very useful when building out the possible spaces of the future. However, for both decision trees and roadmaps we are usually overly optimistic in how we will proceed. 

We fail at properly considering failure. 

To appropriately plan for the future we must consider the different ways we can be wrong. Sometimes it will be at a certain decision point (“we didn’t get enough signups to move forward”) or an event trigger (“we see too many complaints”). 

If we consider this wrong-ness and the possible next step, we can start to normalize this failure and make better decisions.

How I use it:  It’s best to ask this when you find that certainty is at a high point for the project. More often than not, people don’t consider ways to detect that they need to change course.

Why it’s useful: You build a map into the future based on what you can detect. This helps make hard decisions easier because you are effectively practicing the decision process before you are in the heat of the moment.

When it doesn’t work so well: When things are currently going “wrong” it can be a sensitive subject for people. I’ve found it is easier to talk about how to get out of a current wrong situation than considering additional future situations.

What upstream obligations do you have, and what downstream rights do you want to retain?

Source: Shane

The backstory: Imagine you employ a vendor to provide or enrich your training data, or you pay for consulting services related to ML. What happens to the information used by the vendors to build your product?  Their downstream rights there run the gamut from “absolutely nothing” to “retaining a full copy of the training data, labels, trained models, and test results.” The median position, in my observation, tends to be that the vendor retains control of any new techniques and information derived from the work that would be useful in general, such as new methods of programmatically applying error correction to a trained model, but not the specific data used to train the model or the resulting trained model.

From the customer perspective, downstream rights are tied to competition/cost tradeoffs and the rights associated with training data.  A company that considers ML a competitive advantage likely will not want their models or derivative data available to competitors, and they must balance this against the business consideration that vendors which retain downstream rights typically charge lower fees (because reselling that data or models can be a source of revenue). In addition, training data usually comes with contractual limitations and customers of ML services need to ensure they are not granting downstream rights that they don’t have in their upstream agreements. Finally, some kinds of training data, such as medical records or classified government data, may forbid unauthorized access or use in systems that lack adequate safeguards and audit logs.

How I use it: This question is less relevant to companies that have an entirely in-house workflow (they generate their own training data, train their own models, and use models with their own employees and tools).  It is highly relevant to companies that buy or sell ML services, use external vendors for part of their workflow, or handle sensitive data.

Why it’s useful:  The notion of downstream rights is not a new question, nor is it specific to the ML world.  Almost all vendor relationships involve delineating the intellectual property (IP) and tools that each party brings to the project, as well as the ownership of new IP developed during the project. Helping founders to recognize and establish those boundaries early on can save them a lot of trouble later.

When it doesn’t work so well: This is a question a company definitely wants to answer before they’ve provided data or services to a counterparty.  These issues can be very difficult to resolve once data has been shared or work has begun.

What if …? Then …?  and What next?

Source: Q

The backstory: A risk is a potential change that comes with consequences.  To properly manage risk—to avoid those consequences—you need to identify those changes in advance (perform a risk assessment) and sort out what to do about them (devise your risk mitigation plans). That’s where this trio of questions comes in: “What if?” is the key to a risk assessment, as it opens the discussion on ways a project may deviate from its intended path.  “Then?” explores the consequences of that deviation. The “What next?” starts the discussion on how to handle them.

What if … our data vendor goes out of business? Then? Our business is hamstrung. What next? We’d better have a backup data vendor in the wings.  Or better yet, keep two vendors running concurrently so that we can switch over with minimal downtime.”

What if … something changes, and the model’s predictions are wrong most of the time? Then? We’re in serious trouble, because that model is used to automate purchases. What next? We should implement monitors around the model, so that we can note when it’s acting out of turn. We should also add a ‘big red button’ so that a person can quickly, easily, and completely shut it down if it starts to go haywire.”

How I use it:  Once we’ve sorted out what the client wants to achieve, I’ll round out the picture by walking them through some “What if? Then? What next?” scenarios where things don’t work out.

Why it’s useful: It’s too easy to pretend the not-intended outcomes don’t exist if you don’t bring them up. I want my clients to understand what they’re getting into, so they can make informed decisions on whether and how to proceed. Going through even a small-scale risk assessment like this can shed light on the possible downside loss that’s lurking alongside their desired path. All of that risk can weigh heavily on their investment, and possibly even wipe out any intended benefit.

When it doesn’t work so well: The business world, especially Western business culture, has a strange relationship with positive attitudes. This energy can be infectious and it can help to motivate a team across the finish line. It can also convince people to pretend that the non-intended outcomes are too remote or otherwise not worth consideration. That’s usually when they find out, the hard way, what can really go wrong.

How to handle this varies based on your role in the company, internal company politics, your ability to bring about change, and your ability to weather a storm.

A random question

Source: Chris

The backstory: The most important question is one that isn’t expected. It is one that leads to unexpected answers. We don’t have dialog for dialog sake; we do it to learn something new. Sometimes the thing we learn is that we aren’t aligned.

I’ve found that the most unexpected thing is something that we wouldn’t choose based on our current thought process. Randomly choosing a question from a collection appropriate for your domain is really valuable. If you are building something for the web, what kinds of questions could you ask about a web project? This is helpful when the checklists of things to do get too large to try all of them. Pick a few at random.

You can take it a step further and pick questions from outside of your domain. This can simply be a list of provocations that require a high amount of interpretation by you to make sense. This is because randomness doesn’t work without the lens of human intuition. 

Randomness without this intuition is just garbage. We do the work to bridge from random questions to some new idea related to our problem. We build the analogies in our mind even when something is seemingly not connected at first.

How I use it: When you find that you keep asking the same questions. I have decks of cards like Oblique Strategies for provocations, Triggers for domain-specific questions, and others that can provide randomness. Domain-specific random questions can also be very impactful. Eventually, I expect models like GPT-n to provide appropriate random questions to prompts.

Why it’s useful: Even with all of the questions we ask to get out of bias, we are still biased. We still have assumptions we don’t realize. Randomness doesn’t care about your biases and assumptions. It will ask a question that you think on the surface is stupid, but when you think about it is important.

When it doesn’t work so well: With teams that are high on certainty they may think of the random question as a toy or distraction. The people I’ve found to be incredibly confident in their world trivialize the need to question bias. They will even try to actively subvert the process sometimes. If you hide the fact that a question was randomly chosen, it can go over better.

In search of the bigger picture …

If you’re collecting facts—names, numbers, times—then narrow questions will suffice.  But if you’re looking to understand the bigger picture, if you want to get a meeting out of a rut, if you want people to reflect before they speak, then open-ended questions will serve you well.  Doubly so when they come from an unexpected source and at an unexpected time.

The questions we’ve documented here have helped us in our roles as an AI consultant, a product manager, and an attorney. (We also found it interesting that we use a lot of the same questions, which tells us how widely applicable they are.) We hope you’re able to put our favorite questions to use in your work. Perhaps they will even inspire you to devise and test a few of your own.

One point we hope we’ve driven home is that your goal in asking good questions isn’t to make yourself look smarter. Nor is it to get the answers you want to hear. Instead, your goal is to explore a problem space, shed light on new options, and mitigate risk. With that new, deeper understanding, you’re more prepared to work on the wicked problems that face us in the workplace and in the world at large.

Link [Scripting News]

I think I will at least try to watch the debate tonight. Too much at stake, and too much Looney Tunes from El Orange the would-be dictator of the United States of America.

Link [Scripting News]

I had way too much to eat and drink at dinner yesterday, but it was great. A local restaurant has a great patio, set up comfortably, and they serve excellent food. Woodstock is a small town, but it has the amenties of a town in the Bay Area (e.g. Berkeley, Palo Alto). But I did eat too much and I'm paying the price for it today. Oy!

Link [Scripting News]

Glad that Andrew is reviewing PagePark now. There are all kinds of loose-ends. That's what happens when you're developing only for yourself. Looking forward to going back over it and cleaning things up a bit. It's a very fine piece of software imho. In many ways the web server I've always wanted.

Link [Scripting News]

One outcome from our recent back and forth is that I'm re-recommending It's nice connection between LO2 and the FAQ-type pages I've been doing, like Google and HTTP and the trolling faq (and many others). Blogs aren't enough. You need a place to put long-lived docs that you're going to work on over time.


Russian spy claims [Richard Stallman's Political Notes]

*Trump’s false ‘Russian spy’ claims put me in danger, says Steele dossier source.*

He claims that the bully's falsehoods wiped out his career and put his life in danger.

Catastrophic failure of test and trace [Richard Stallman's Political Notes]

George Monbiot: *Bypassing the NHS and handing crucial services to corporate executives has led to the catastrophic failure of test and trace [in the UK].*

Discouraged to vote [Richard Stallman's Political Notes]

A Republican official in Florida sent voters a confusing letter designed to discourage them from voting.

Socialist party victory [Richard Stallman's Political Notes]

Analyzing the reasons for the Bolivian Socialist Party's victory, and the challenges it must face now.

Missing parents [Richard Stallman's Political Notes]

Three years ago, obeying the orders of the bully, the US rushed to deport parents of 1030 children, without bothering to ask how to find them again. The children remained in the US. Since then, the ACLU has been trying to find their parents, but it has found parents of only 465 of the children. That's the Department of Hatred and Sadism for you.

Some of those parents may have been killed — after all, they were fleeing from the danger of violence. Perhaps, as they died, they were glad that they had sent their children to a place of safety.

But is it really a place of safety? Will the US let them stay and become citizens? Or will it deport them when they get older to a country they don't remember?

Suing acting king [Richard Stallman's Political Notes]

Jamal Khashoggi's fiancee, Hatice Cengiz, has sued the acting king of Salafi Arabia and 28 henchmen in US court.

The goal is to "compel US agencies and officials to disclose new information about what happened to Khashoggi."


Upcoming Attractions! [Charlie's Diary]

As you know by now, my next novel, Dead Lies Dreaming comes out next week—on Tuesday the 27th in the US and Thursday 29th in the UK, because I've got different publishers in different territories).

Signed copies can be ordered from Transreal Fiction in Edinburgh via the Hive online mail order service.

(You can also order it via Big River co and all good bookshops, but they don't stock signed copies: Link to Amazon US: Link to Amazon UK. Ebooks are available too, and I gather the audiobook—again, there's a different version in the US, from Audible, and the UK, from Hachette Digital—should be released at the same time.)

COVID-19 has put a brake on any plans I might have had to promote the book in public, but I'm doing a number of webcast events over the next few weeks. Here are the highlights:

Outpost 2020 is a virtual SF convention taking place from Friday 23rd (tomorrow!) to Sunday 25th. I'm on a discussion panel on Saturday 24th at 4pm (UK time), on the subject of "Reborn from the Apocalypse": Both history and current events teach that a Biblical-proportioned apocalypse is not necessarily confined to the realms of fiction. How can we reinvent ourselves, and more importantly, will we?. (Panelists: Charlie Stross, Gabriel Partida, David D. Perlmutter. Moderator: Mike Fatum.)

Orbit Live! As part of a series of Crowdcast events, at 8pm GMT on Thursday 27th RJ Barker is going to host myself and Luke Arnold in conversation about our new books: sign up for the crowdcast here.

Reddit AmA: No book launch is complete these days without an Ask me Anything on Reddit, which in my case is booked for Tuesday 3rd, starting at 5pm, UK time (9am on the US west coast, give or take an hour—the clocks change this weekend in the UK but I'm not sure when the US catches up).

The Nürnberg Digital Festival is a community driven Festival with about 20.000 attendees in Nuremberg, to discuss the future, change and everything that comes with it. Obviously this year it's an extra-digital (i.e. online-only) festival, which has the silver lining of enabling the organizers to invite guests to connect from a long way away. Which is why I'm doing an interview/keynote on Monday November 9th at 5pm (UK time). You can find out more about the Festival here (as well as buying tickets for any or all days' events). It's titled "Are we in dystopian times?" which seems to be an ongoing theme of most of the events I'm being invited to these days, and probably gives you some idea of what my answer is likely to be ...

Anyway, that's all for now: I'll add to this post if new events show up.


Peaceful Transfer [Scenes From A Multiverse]

If you dislike elections, take heart: this one may be the last.

Good luck to us all.


Taking a shortcut: You can query properties from a volume, and it will forward to the physical drive [The Old New Thing]

If you have the handle to a volume, you can issue certain disk ioctls to the volume, and it will forward them to the underlying disk. We saw this earlier when we used IOCTL_STORAGE_GET_DEVICE_NUMBER to obtain the physical drive number from a volume. The name of the ioctl is IOCTL_STORAGE, but we issued it against a volume anyway.

And as we saw earlier, if the volume does not have a unique physical disk, then the call will fail.

This feature is particularly handy with storage property queries. For example, you can ask what how the drive is connected to the system by querying the volume:

wil::unique_hfile volume = GetVolumeHandleForFile(L"C:\\");

query.PropertyId = StorageAdapterProperty;
query.QueryType = PropertyStandardQuery;
DWORD bytesWritten;

if (DeviceIoControl(volume.get(), IOCTL_STORAGE_QUERY_PROPERTY,
    &query, sizeof(query),
    &result, sizeof(result),
    &bytesWritten, nullptr)) {
    /* result.BusType tells you how the drive is connected */

Next time, we’ll use this to answer a commonly-asked question.

The post Taking a shortcut: You can query properties from a volume, and it will forward to the physical drive appeared first on The Old New Thing.


The Big Idea: Elizabeth Bear [Whatever]

Things work… until they don’t. And when they don’t, what then? Elizabeth Bear has thoughts on this, and how they relate to her latest novel, Machine.


Hello, everybody! Thanks for this moment of your time. I’m here to tell you about The Big Idea (or at least one or two of the big ideas) behind my new book, Machine. 

Machine is a space opera about Dr. Brookllyn Jens, a rescue and trauma specialist whose vocation involves jumping out of one perfectly good space ship to reach another, usually significantly less perfectly good one—and then locating any people inside the second ship and getting them to safety as quickly as she can. 

(There’s also a poop joke near the beginning that I put in just for John.)

It takes place in the same setting as Ancestral Night (2019) and when I wrote the Big Idea post for that book, I focused pretty heavily on ideas for new systems of government and maintaining social order and justice. Machine contains some of that as well (as you might expect) but in writing this book, I was much more concerned with what happens to us—as people, as societies—when the systems we have come to rely on and trust betray us. When they break, or when somebody breaks them.

Dr. Jens is a character who is close to my heart. She’s crusty and hypercompetent and has the dark sense of humor you might expect from a first responder or a trauma doc, if you’ve known many of either. (I used to work in a hospital and I am married to a former firefighter, so I’m… familiar with the breed.) She also deals with chronic pain and requires adaptive technology to do her job, and as somebody with chronic pain issues of my own I found that aspect of her character pretty emotional to write. 

She’s dedicated to her calling and devoted to her job, and she’s even more devoted to the institution for which she works. Core General, the biggest hospital in the galaxy, owes a huge debt to the works of James White, an Irish SF writer and pacifist whose Sector General stories were formative for me. 

Jens’ loyalty to the ideals of the hospital and its service to sentient-kind is her most basic motivation. That sense of duty leads her to make choices that have a real adverse effect on her family and on her own emotional life, and she’s so driven she has a hard time seeing that effect. So what happens to somebody like that when they realize that not only is the thing they have been most devoted to broken… but they were among the causes of it getting broken?

And what happens when that break reveals even deeper ruptures and betrayals that go back to the very beginning? 

What do they do then?


Machine: Amazon|Barnes & Noble|Bookshop

Read an excerpt. Visit Elizabeth Bear: Instagram|Twitter|Website


Sunrise, Fog and Trees [Whatever]

Not a bad combination, I have to say.

Hello, world. Let’s get to it, shall we?

— JS


Vincent Fourmond: QSoas tips and tricks: generating smooth curves from a fit [Planet Debian]

Often, one would want to generate smooth data from a fit over a small number of data points. For an example, take the data in the following file. It contains (fake) experimental data points that obey to Michaelis-Menten kinetics: $$v = \frac{v_m}{1 + K_m/s}$$ in which \(v\) is the measured rate (the y values of the data), \(s\) the concentration of substrate (the x values of the data), \(v_m\) the maximal rate and \(K_m\) the Michaelis constant. To fit this equation to the data, just use the fit-arb fit:

QSoas> l michaelis.dat
QSoas> fit-arb vm/(1+km/x)
After running the fit, the window should look like this:
Now, with the fit, we have reasonable values for \(v_m\) (vm) and \(K_m\) (km). But, for publication, one would want to generate "smooth" curve going through the lines... Saving the curve from "Data.../Save all" doesn't help, since the data has as many points as the original data and looks very "jaggy" (like on the screenshot above)... So one needs a curve with more data points. Maybe the most natural solution is simply to use generate-buffer together with apply-formula using the formula and the values of km and vm obtained from the fit, like:
QSoas> generate-buffer 0 20
QSoas> apply-formula y=3.51742/(1+3.69767/x)
By default, generate-buffer generate 1000 evenly spaced x values, but you can change their number using the /samples option. The two above commands can be combined to just one call to generate-buffer:
QSoas> generate-buffer 0 20 3.51742/(1+3.69767/x)
This works, but it is quite cumbersome and it is not going to work well for complex formulas or the results of differential equations or kinetic systems... This is why to each fit- command corresponds a sim- command that computes the result of the fit using a "saved parameters" file (here, michaelis.params, but you can also save it yourself) and buffers as "models" for X values:
QSoas> generate-buffer 0 20
QSoas> sim-arb vm/(1+km/x) michaelis.params 0
This strategy works with every single fit ! As an added benefit, you even get the fit parameters as meta-data, which are displayed by the show command:
QSoas> show 0
Dataset generated_fit_arb.dat: 2 cols, 1000 rows, 1 segments, #0
Meta-data:      commands =       sim-arb vm/(1+km/x) michaelis.params 0 fit =    arb (formula: vm/(1+km/x))     km =     3.69767
        vm =     3.5174
They also get saved as comments if you save the data. Important note: the sim-arb command will be available only in the 3.0 release, although you can already enjoy it if you use the github version.

About QSoas

QSoas is a powerful open source data analysis program that focuses on flexibility and powerful fitting capacities. It is released under the GNU General Public License. It is described in Fourmond, Anal. Chem., 2016, 88 (10), pp 5050–5052. Current version is 2.2. You can download its source code and compile it yourself or buy precompiled versions for MacOS and Windows there.


CodeSOD: Query Elegance [The Daily WTF]

It’s generally hard to do worse than a SQL injection vulnerability. Data access is fundamental to pretty much every application, and every programming environment has some set of rich tools that make...


Grrl Power #886 – Insert joke about airbags here [Grrl Power]

This sort of thing can only really go down a few ways. Max gets a face to the bosoms, or she takes a crotch or butt to her face. I mean, yes, technically, they could just collide in a less amusing way, but why would I allow that?

I guess this page makes Maxima a Motorboat Eskimo Sister with Dabbler and Cora. An ignominious accolade for her, to be certain.

Not too much else to say about this page, so instead I’ll tell you about how I almost forgot to post it. I got to playing Half-Life Alyx last night and I wound up with some serious eye strain, so I wound up going to bed early. Then an hour later I suddenly remembered it was Wednesday night and I had to post the comic. So I almost forgot to post, which I think I’ve only ever done one other time. Maybe twice.

So my super short review of HL:A and the Vive in general. It makes me excited for the next few generations of VR hardware. The Vive is on the verge of being too low fidelity for me. It has 1080p* screens which sounds adequate, but they’re like 3cm from your eyes, so it’s lacking compared to a decent gaming monitor, plus the lenses inside the headset are lenticular meaning there’s a choppy kind of grain and focus issues at the edges of your vision. I also found it impossible to get it all focused correctly as well. I don’t know if that’s a limitation of my eyes or the hardware. All that apparently adds up to a lot of eye strain for me.

*Edit: I looked it up and the screens are actually 1440p, so I guess I have to attribute most of the eye strain I suffered to the lenticular lenses and possibly my own prescription issues.

Despite that, it is fantastically immersive. There’s just no comparison to even sitting right up on a 60″ TV, much less lounging on your couch or sitting in front of your computer. Being able to move around in an environment and just look around with your head like you would naturally, with the screen taking up almost all of your peripheral vision is pretty amazing. It just makes me wish the display technology was better. Honestly I think the low-res screens might have more to do with managing rendering expectations since as far as I’m aware, anything rendered in VR has to be fully rendered twice, once for each lens. There might be some clever shenanigans they can pull to cut down on some of that processing time needed, but you can’t just take a 2D image and split it into two separate 2D images with depth separation for each eye, because that makes everything look like a bunch of parallaxed 2D cutouts.

The controllers are excellent, with finger-level controls. Things like having to manually reload your pistol and rack the slide to chamber the first round in HL:A is great, and also incredibly stressful when monsters are lurching toward you. My biggest complaint about it is the whole setup is missing a piece. Movement. Obviously it’s a problem, you can’t just sell everyone a 4 way treadmill or something. That would cost as much as the Vive itself at the super cheap end. Immersiveness is the name of the game with VR, but the lack of ambulation tracking means that every game has you teleporting around everywhere, which utterly breaks the immersiveness. The other option is that you use the little thumbsticks on the controller to glide around like you’re playing on a console, which may not seem terrible if you do most of your gaming on consoles, but it’s very difficult to get used to, and especially hard to manage while you’re trying to reload your gun or carry a gas can to set up a trap for a bunch of enemies. Basically every encounter I’ve had in the game has me standing stock still, because it’s too much to try and backpedal and reload at the same time.

Like I said, it’s… partially awesome, and kind of sucky, and I hope the next few revisions of hardware deal with some of the issues I have with eye strain. I just don’t know what they can to about movement. Hell, sitting in a chair and duct taping a mouse to my foot might work.

Double res version will be posted over at Patreon. Feel free to contribute as much as you like!


Steinar H. Gunderson: plocate in testing [Planet Debian]

plocate hit testing today, so it's officially on its way to bullseye :-) I'd love to add a backport to stable, but bpo policy says only to backport packages with a “notable userbase”, and I guess 19 installations in popcon isn't that :-) It's also hit Arch Linux, obviously Ubuntu universe, and seemingly also other distributions like Manjaro. No Fedora yet, but hopefully, some Fedora maintainer will pick it up. :-)

Also, pabs pointed out another possible use case, although this is just a proof-of-concept:

pannekake:~/dev/plocate/obj> time apt-file search bin/updatedb                 
locate: /usr/bin/updatedb.findutils       
mlocate: /usr/bin/updatedb.mlocate
roundcube-core: /usr/share/roundcube/bin/
apt-file search bin/updatedb  1,19s user 0,58s system 163% cpu 1,083 total

pannekake:~/dev/plocate/obj> time ./plocate -d apt-file.plocate.db bin/updatedb
locate: /usr/bin/updatedb.findutils
mlocate: /usr/bin/updatedb.mlocate
roundcube-core: /usr/share/roundcube/bin/
./plocate -d apt-file.plocate.db bin/updatedb  0,00s user 0,01s system 79% cpu 0,012 total

Things will probably be quieting down now; there's just not that many more logical features to add.


“That’s not what I meant” [Seth's Blog]

Disagreements among people who mean well usually begin with that emotion.

You meant to say something or agree to something, but the “other side” didn’t hear it that way.

That’s enough for a customer to walk away forever. That’s enough for a lawsuit. Because denying the experience of the other person doesn’t open the door for re-connection.

Forward motion is possible if we can extend the sentence to, “That’s not what I meant, but that must be what you heard, how do we fix this? Will you help me make things right again?”

If we can agree on intent, it’s a lot easier to figure out how to move forward.


The fatal fire in a London public housing building [Richard Stallman's Political Notes]

The fatal fire in a large London public housing building was caused by bad design choices, secretly and illegally made by the Tory-run local council, which was aiming to save money at all costs.

The council was trying so hard to save money because of squash-the-poor Tory policies.

Austerity kills in many ways, but usually it kills people one by one and there is no inquiry into the specific causes.

Venezuelan oil tanker [Richard Stallman's Political Notes]

The owners of a Venezuelan oil tanker have kept it near the coast since Feb 2019 waiting for the US to let them pump the oil out. If it leaks, it could kill a large part of the Caribbean Sea.

Facebook's right-wing bias [Richard Stallman's Political Notes]

Facebook bent over backwards for right-wing sites, relaxing its rules against misinformation and thus implementing right-wing bias.

Right-wing extremists have learned to lie without a qualm. That includes telling the lie that media are biased against them, as a cynical means of pressuring media to shift to bias for them.

Drones in the Mediterranean [Richard Stallman's Political Notes]

The EU will operate drones in the Mediterranean searching for refugees in boats.

When the drone spots a boat full of people, it won't have guns to shoot them with, but what will European countries do to them?

The rise of carbon dioxide 252 million years ago [Richard Stallman's Political Notes]

252 million years ago, *the rise of carbon dioxide in the atmosphere set off a chain of events that successively extinguished almost all life in the seas.*

That rise of CO2, caused by a supervolcano in Siberia, was not terribly fast. We are now increasing the CO2 level 14 times as fast.

The article does not state an estimate for the peak atmospheric CO2 level in the end-Permian. Can anyone find an estimate for that? It would be interesting to compare that with where we are heading.

(satire) Jason Momoa's scene double [Richard Stallman's Political Notes]

(satire) *Jason Momoa, star of the forthcoming Aquaman 2, told reporters Monday he and the film’s producers had brought in a scene double to help execute a particularly challenging facial expression required of his character.*

Twitter and Facebook blocked Craig Murray and Wikileaks [Richard Stallman's Political Notes]

During the Assange hearing, Craig Murray and Wikileaks found that Twitter and Facebook blocked their posts from reaching most of their followers.

Those sites did not inform Murray or Wikileaks, nor the people who posted about them, nor their followers, that their messages were reaching hardly any of those followers.

As regards Hunter Biden and Ukraine, there may be something fishy there, but if so it is minor compared with the plutocratist acts Biden is likely to commit overtly (and lawfully) if he wins, which in turn are less dangerous than the wrecker's practice of seizing every opportunity to corrupt and ruin.

Move to Amend ( says that Facebook searches for "Move to Amend" gets a warning that the search is associated with QAnonsense. Move to Amend advocates a constitutional amendment to reverse the "Citizens United" decision.

QAnonsense spreader smeared some museums in Berlin [Richard Stallman's Political Notes]

A QAnonsense spreader smeared some museums in Berlin, and then someone smeared oil on antiquities and art in the museums.

I encourage you to visit the Pergamon Museum if you ever have the chance.

Polluting the environment with tear gas [Richard Stallman's Political Notes]

Environmentalists are suing the Department of Hatred and Sadism for harming human health and polluting the environment with tear gas.


1446 [Looking For Group]

The post 1446 appeared first on Looking For Group.


[$] Weekly Edition for October 22, 2020 []

The Weekly Edition for October 22, 2020 is available.


Ultra Wand [Oh Joy Sex Toy]

Ultra Wand

Thank you to FemmeFunn for sending us this cute lil wand! I’d been drawn to it while browsing the Early to Bed storefront – it looked sleek, colorful, and futuristic, but still small and dainty, and I thought, heck, Erika will love this. Turns out I was sort of right? It’s a toy that has […]


Crunch Crunch Crunch [QC RSS]

Yay no that's someone' pet!!!


Introducing Microsoft Edge preview builds for Linux [OSnews]

We are pleased to announce the availability of the Microsoft Edge Dev Channel for Linux!


Today’s release supports Ubuntu, Debian, Fedora, and openSUSE distributions. Going forward, we plan to release weekly builds following our typical Dev Channel cadence alongside our other supported platforms. In this post, we’ll walk you through how to install Microsoft Edge on your distribution, what to expect from the Dev Channel, and how to share your feedback.

I’m not entirely sure who, exactly, Edge for Linux is for – but there’s no denying the fact Microsoft feels that it’s necessary to have their browser on Linux means the company is definitely taking desktop Linux seriously.

Wednesday, 21 October



Page 11 [Flipside]

Page 11 is done.



Create the ultimate fantasy with this game dev asset bundle [Humble Bundle Blog]

We’ve teamed up with Infinity PBR for our newest bundle! Get top-quality character assets like Dragons, Humans, Armor, a complete

Continue reading

The post Create the ultimate fantasy with this game dev asset bundle appeared first on Humble Bundle Blog.


Christian Kastner: RStudio is a refreshingly intuitive IDE [Planet Debian]

I currently need to dabble with R for a smallish thing. I have previously dabbled with R only once, for an afternoon, and that was about a decade ago, so I had no prior experience to speak of regarding the language and its surrounding ecosystem.

Somebody recommended that I try out RStudio, a popular IDE for R. I was happy to see that an open-source community edition exists, in the form of a .deb package no less, so I installed it and gave it a try.

It's remarkable how intuitive this IDE is. My first guess at doing something has so far been correct every. single. time. I didn't have to open the help, or search the web, for any solutions, either -- they just seem to offer themselves up.

And it's not just my inputs; it's the output, too. The RStudio window has multiple tiles, and each tile has multiple tabs. I found this quite confusing and intimidating on first impression, but once I started doing some work, I was surprised to see that whenever I did something that produced output in one or more of the tabs, it was (again) always in an intuitive manner. There's a fine line between informing with relevant context and distracting with irrelevant context, but RStudio seems to have placed itself on the right side of it.

This, and many other features that pop up here and there, like the live-rendering of LaTeX equations, contributed to what has to be one of the most positive experiences with an IDE that I've had so far.


News Post: Anti-Trust Issues [Penny Arcade]

Tycho: I guess I sorta figured they'd haul a bunch of these fucking warlocks onto Zoom and yell at them for a while, and that was gonna be it. It wasn't. And then, when we started talking about writing a strip about it, we laughed ourselves hoarse because it turns out our entire workflow winds through Google's intestinal tract. There's a lot of odd dialogue that surrounds this stuff, like if you hate the naked exertion of monopoly power you're just hating the player or some shit. That you have a problem with people winning or something, issues with the concept of profit…


Do you have what it takes to enter the Black Library? [Humble Bundle Blog]

We’ve teamed up with Black Library for our newest bundle! Get audiobooks like First and Only, Realmslayer, Soul Wars, For

Continue reading

The post Do you have what it takes to enter the Black Library? appeared first on Humble Bundle Blog.



Humble Bundle x Extra Life 2020 on Oct. 28 [Humble Bundle Blog]

Hey Humble Bundle fans, The Humble Bundle team is excited to announce that this year we will be participating in

Continue reading

The post Humble Bundle x Extra Life 2020 on Oct. 28 appeared first on Humble Bundle Blog.


Link [Scripting News]

Anyone who votes for Trump is suicidal and I can prove it. 1. The virus is real, doesn't matter what you believe, it is in fact killing people and destroying other people's lives. 2. We aren't doing anything to stop it, because the president doesn't want us to. He has that power. 3. If you re-elect him, you'll get more of the same; if you don't we'll start fighting it asap. If for no other reason than you want to live, you should vote for Biden/Harris.

Link [Scripting News]

I will totally accept the result of the World Series -- if the Mets win.

Link [Scripting News]

The canonical Biden picture.


[$] What is coming in PHP 8 []

Recently, PHP 8 release candidate 2 was posted by the project. A lot of changes are coming with this release, including a just-in-time compiler, a good number of backward-compatibility breaks, and new features that developers have been requesting for years. Now that the dust has settled, and the community is focusing on squashing bugs for the general-availability release scheduled for November 26, it's a good time to look at what to expect.


Today in GPF History for Wednesday, October 21, 2020 [General Protection Fault: The Comic Strip]

In Sharon's dream world of Harry Barker, the revelation that Dwayne is a "Beowulf" results in him getting sacked. But since he's no longer Harry's teacher, he bestows upon Harry a parting gift...


GFL – Page 0037 [Looking For Group]

Grouping For Looks is a page-by-page retelling of the Looking For Group saga through the lens of a mirror universe where Cale is a goateed tyrant and Richard is a holy soul trying to set him on a good path. […]

The post GFL – Page 0037 appeared first on Looking For Group.


Pluralistic: 21 Oct 2020 [Pluralistic: Daily links from Cory Doctorow]

Today's links

Comedic obituary poetry (permalink)

The Imagineers who worked on the Haunted Mansion drew heavily on reference material, combining a surprising number of real Victorian ghostly and sepulchral traditions, flourishes and details, which is all part of what makes the Mansion such a rich, immersive experience.

Some of my favorite gags are the rhyming tombstones in the small graveyard in the queue area, each of which pays tribute to one of the Imagineers who worked on the Mansion (e.g. "At peaceful rest lies Brother Claude, planted here beneath this sod" for Claude Coats).

These turn out to be the McGuffin of a late Victorian novel, 1874' s "Out of the Hurly-Burly," by Charles Heber Clark (under the pen-name "Max Adeler"), about an obit writer who publishes doggerel about the deceased.

Typewriter historian Harry Stephen Keeler published a fantastic thread that collects many of these, and they are unmissably great. Here are three of my faves:

I. The death-angel smote Alexander McGlue,
And gave him protracted repose;
He wore a checked shirt and a Number Nine shoe,
And he had a pink wart on his nose.
No doubt he is happier dwelling in space
Over there on the evergreen shore.
His friends are informed that his funeral takes place
Precisely at quarter-past four.

II. Willie had a purple monkey climbing on a yellow stick,
And when he sucked the paint all off it made him deathly sick;
And in his latest hours he clasped that monkey in his hand,
And bade good-bye to earth and went into a better land.
Oh! no more he'll shoot his sister with his little wooden gun;
And no more he'll twist the pussy's tail and make her yowl, for fun.
The pussy's tail now stands out straight; the gun is laid aside;
The monkey doesn't jump around since little Willie died.

III. Little Alexander's dead;
Jam him in a coffin;
Don't have as good a chance
For a fun'ral often.
Rush his body right around
To the cemetery;
Drop him in the sepulchre
With his Uncle Jerry."

I don't know if the Disney Imagineering archive and library had a copy of Out of the Hurly-Burly (it's been years since I had access to it), but these are so reminiscent of the "family plot" tombstones at the Mansion that I have a hard time thinking it's a coincidence.

Tom Lehrer in the public domain (permalink)

Tom Lehrer is one of our great nerdy, comedic songwriters, a Harvard-educated mathematician who produced a string of witty, unforgettable science- and math-themed comedic airs with nary a dud.

Now in his nineties, Lehrer remains both a political and scientific hero, sung the world round by geeks of every age. When my daughter was young, we taught her "Poisoning Pigeons in the Park."

Undergrads at UC Santa Cruz would sign up for his math class just to learn freshman algebra from the "Wehrner Von Braun" guy.

Now, Lehrer has done something absolutely remarkable.

In a note on his website, Lehrer has released the lyrics (and music, for those songs where he was the composer) into the public domain, warning fans to download the songs before 12/31/2024, when he says he will delete his site.

Only the lyrics to 96 songs are in the release; Lehrer cautions the accompanying music will appear later "with further disclaimers."

But it's quite a list, including "Bright College Days," "The Elements," "Oedipus Rex," "Smut," "Wehrner Von Braun," "The Vatican Rag," and yes, "Poisoning Pigeons in the Park!"

In his note, Lehrer urges us to make up our own tunes for these: "In particular, permission is hereby granted to anyone to set any of these lyrics to their own music and publish or perform their versions without fear of legal action."

Trustbusting is stimulus (permalink)

Antitrust enforcement is virtually a dead letter in America (it was killed 40 years ago by Reagan's court sorcerer Robert Bork, better known as the Nixonite criminal who couldn't get approved for a SCOTUS seat).

But even when we were enforcing antitrust, we tended to pump the brakes during economic crises: no one wants to put additional constraints on business during a downturn.

That's wrong. Antitrust enforcement isn't an economic drag, it's an economic STIMULUS.

Monopolies extract higher profits by crushing workers and small competitors, but workers and small businesses spend their earnings back into the economy.

Monopolist's shareholders, on the other hand, tend to bank their winnings, or spend it on items with small multipliers like superyachts and fractional shares in rare artworks shuttered in climate-controlled containers in Swiss freeports.

By contrast, workers buy groceries, pay contractors to fix their roofs, or buy braces for their kids. That money recirculates in the communities in which it is earned, multiplying itself over and over again.

Writing in Promarket, Hal Singer and Marshall Steinbaum present us with some contrafactuals:

"Rather than having one tech giant controlling social media and the associated advertising, imagine we had 10: Assuming the same revenues, it is not a stretch to conclude industry-wide spending on R&D; and labor under the decentralized configuration would be larger."

And they propose ways that the state can intervene before monopolies emerge, to prevent them from leveraging early wins into stagnating, strangulating dominance.

Example: Tesla is set to corner the market on EVs in part via its national network of superchargers. So invest in public chargers, which can be privately operated by entities not affiliated with any manufacturer, "so Tesla’s nascent rivals can compete in the short run."

But instead of securing the stimulus effect of competition, Congress and the Trump admin are sitting by idly as giant firms spend their stimulus money colluding to reduce competition (like Jetblue and AA announcing a "marketing partnership" with their bailout money).

Without antimonopoly vigilance, downturns become bonanzas of anticompetitive takeovers: all the small companies that are tipped into precarity by the crisis can be bought for pennies on the dollar by dominant firms, further cementing their dominance.

It's time to guillotine Borkism and its idiotic, plute-friendly doctrine of permitting monopolistic conduct unless it results in immediate, impossible-to-prove "consumer harm."

Not only has Borkism been shown to be a catastrophic failure, it is a failure that is especially dangerous during this crisis. This is the moment at which America needs firms to thrive by doing things that make us all better off – not by choking their competitors.

The last time the DoJ did any real antitrust was in 1982, when they broke up AT&T.; At the time, Borkists warned that DoJ was handing a gift to the Japanese tech industry, which they characterized as sinister copycats descended from the fascist enterprises of Imperial Japan.

They said that America needed AT&T as a "national champion" to defend itself against this pretender half a world away. Today, we hear the same arguments about Big Tech antitrust and the Chinese tech companies.

But breaking up AT&T in 1982 was the best thing that could have happened to America. AT&T's core project in 1982 wasn't fighting Japanese electronics companies: it was suppressing the growth of the internet in the USA, to preserve its monopoly on telecoms.

AT&T's business model was controlling all the services available on the network and charging money for every "feature" your phone came with. Not just charging farcical markups for long-distance…remember when you had to pay for "caller ID"?

That's the equivalent of your email provider charging extra to see who a message comes from before you open and read it! AT&T's stranglehold over telecoms let it nickel-and-dime Americans for every "feature" of the system.

The internet moved control over services to the edge of the network – the programs running on the computers in users' homes (and later, pockets). It annihilated the a-la-carte grift of Ma Bell and jumpstarted a new, US-dominanted form of global soft power.

In other words, breaking up America's "national champion" in '82 allowed all the current Big Tech companies – the new national champions that Borkists say we mustn't break up – to come into existence and grow.

Imagine how many brilliant ideas, products and services the current Big Tech companies are strangling!

After the Bell breakup, the DoJ entered its 40 year hibernation, sleeping through AT&T's re-acquisition of the "Baby Bells," which resurrected the telecoms octopus.

The DoJ has announced new antitrust action against Google, a long overdue move that will doubtless lead to antitrust enforcement against other dominant firms in tech and other industries (do AT&T next!). But the DoJ complaint focuses on Borkean "consumer harm."

It's time to jettison "consumer harm." The reason to fight monopolies is that they monopolize. They crush workers and small rivals, and pervert regulation and law. They enrich wealthy shareholders at the expense of the rest of us.

Monopolies should be killed because they are monopolies.

Falsehoods programmers believe about time (permalink)

The categories we think of as discrete, bounded entities are most often continua, with broadly coherent centers and hairy, noisy edges that defy categorization.

Computers operate on binary states, but the actual electronics that represent these ones and zeroes are quite noisy, and only average out to "off" and "on." It's quite ironic, because computerization so often forces us to incinerate the edge-cases.

Prior to computerization, the fuzziness of analog record-keeping and the potential for official forebearance allowed us to maintain the pretence of neat categories while (sometimes) accommodating the infinite complexity of the edges.

My grandparents had given names, Russian names, Hebrew names, Yiddish names, anglicized names AND English nicknames, jumbled across their official forms and paperwork.

My grandfather Avram (Abe, Abraham, William, Bill) Doctorow (Doctorowicz, Doktorowicz, Doctorovitch, Doctorov, Doktorov) would sometimes have to explain this to officials, and they could accept it or even note it in the margins in ink.

Computerization doesn't necessarily allow this. A "name" field of 64 characters allows names up to 64 chars, period. If your name is longer than that, tough shit.

Computerization is often undertaken by isolated, wealthy execs from the global north, directing technologists.

In that sense, it is hegemonic, a way for an elite coterie to project its will over millions, even billions of people who lack even a means of registering their discontent.

Remember when Facebook and Google waged cruel warfare against their users with their "Real Names" policy that unilaterally declared what a name was (and was not)?

They were carrying on the work of the Global War on Terror. After 9/11, the world saw waves of official name-change requests.

The requesters weren't changing their names: they were preserving them.

The names they'd used all their lives were suddenly cause for suspicion, due to discrepancies between their real names and their official names. In the world of unchecked GWOT power and paranoia, that discrepancy could cost you a job or a border-crossing or your liberty.

Ambiguous categories are the rule, not the exception. It's a commonplace that the idea of "race" within humanity is incoherent, but so is the idea of "species" in biology, where often animals of different species can still produce fertile offspring.

Computerization resolves ambiguity by steamrollering it, not by accepting it. I spent years as EFF's rep to a DRM standards committee, DVB-CPCM, whose project was to computationally define a valid "family" (so you could share video with your family).

The committee – overwhelmingly white, male, wealthy and Anglo – ensured that bizarre, rarely seen "families" fit the definition. If you had a summer home in France, a houseboat, and a lux SUV with seatback videos, they had you covered.

But if you were migrant-worker parents in Manila whose son was a construction worker in Qatar and whose daughter was an RN in Dallas, you were fucked. This was an "edge-case" they couldn't accommodate without opening up the possibility of "piracy."

All of that to introduce a highly amusing list called "Falsehoods programmers believe about time," which demonstrates that even the most objective, quantitative constructions are riddled with irreducible complexity resulting from qualitative factors.

The list includes obvious ones like "February is always 28 days long" but also "The system clock will never be set to a time that is in the distant past or the far future" and "There is only one calendar system in use at one time" and "Time always goes forwards."

Each of these is the epitaph from some programmer's postmortem of a ghastly error. Each is a reminder that time can be weaponized.

Think of Chinese time, a nation that is notionally many timezones wide, all yoked to a single zone based on Beijing's sunrise and sunset.

People in outlying territories start their workdays in the dark, or with the sun high in the sky, all so a bureaucrat in the capital need not trifle with subtracting or adding a few hours before phoning a local administrator to bark orders at them.

"Falsehoods programmers believe about…" is a whole genre unto itself:

  • Music
  • Online shopping
  • Email addresses
  • Gender
  • Language
  • Addresses

These falsehoods cover a wide range of cases, but so many can be reduced to a longstanding and important exception that was quietly made in the analog recordkeeping world that can't be easily adapted to a database schema.

There are many ways to handle another person's exception to your experience, "Computer says no" is surely the worst.

This day in history (permalink)

#5yrsago Ham operator corrects Morse code on the Disneyland Railroad

#10yrsago Tentacle pot pie!

#10yrsago Terrified feds try to bar Bunnie Huang from testifying at Xbox jailbreaking trial

#10yrsago Derren Brown’s Confessions of a Conjuror: funny memoir is also a meditation on attention, theatrics and psychology

#5yrsago Hungarian camerawoman who tripped refugee announces she will sue that refugee

#5yrsago UK “anti-radicalisation” law can take kids from thoughtcriming parents in secret trials

#5yrsago How a mathematician teaches “Little Brother” to a first-year seminar

#1yrago Griefer terrorizes baby by taking over their Nest babycam…again

#1yrago Haunted Mansion/Ikea mashup tee

#1yrago Rep Katie Porter: an Elizabeth Warren protege and single mom who destroys bumbling, mediocre rich guys in Congressional hearings

Colophon (permalink)

Today's top sources: Dan Howland (, Naked Capitalism (, Four Short Links (

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 508 words (75012 total).

Currently reading: Harrow the Ninth, Tamsyn Muir

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 17)

Upcoming appearances:

Recent appearances:

Latest book:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

Attorney general lying [Richard Stallman's Political Notes]

One of the Breonna Taylor grand jurors has accused the attorney general of lying about what he said to the grand jury. He did not offer them the chance to indict for her killing.

That article practices the fashionable symbolic bigotry of capitalizing "black" but not "white". I linked to the article despite that because its substance is important.

Quasi-monopoly [Richard Stallman's Political Notes]

How Google used its quasi-monopoly power against Yelp.

It is ironic that Yelp itself is using its market power to help GrubHub cheat restaurants.

We should not try to understand this in terms of "good companies" and "bad companies". Rather, we need to prevent any companies from using their market power to get bigger. More generally, we need to make large companies split up so as to greatly increase the number of competitors in every field.

My tax proposal might help.

Monitoring crackers [Richard Stallman's Political Notes]

The US indictment of crackers working for the Russian spy agency GRU shows that the US is deeply monitoring their activities.

It also shows that the group's attacks have caused people to suffer and perhaps even die, in Ukraine and maybe Pennsylvania.

Overreaction [Richard Stallman's Political Notes]

A wildly foolish overreaction: the New Yorker has "suspended" writer Jeffrey Toobin and is "investigating" him for masturbating while thinking his camera was turned off.

Hey, New Yorker, instead of "investigating" this mistake as if it were a crime, you should have your meetings with Mumble (freedom-respecting software which does only audio) rather than with proprietary Zoom.

Legalization [Richard Stallman's Political Notes]

A new initiative in the UK demands legalization of cocaine and ecstasy with controlled sale in pharmacies.

This would eliminate the dangers that result from black market sale: unexpected overdoses, and mixture with unknown other drugs. It would reduce drug-fueled gangsterism by taking away its most regular customers.

I am surprised and cheered to see that the former president of Colombia, Santos, is campaigning for legalization of cocaine. Prohibition of cocaine has been devastating for Colombia.

Collective racism and sexism [Richard Stallman's Political Notes]

A special thug unit in the UK is being formally investigated for engaging in gross collective racism and sexism in its office.

To make such talk a crime would be repressive, but we cannot let such attitudes fester among cops; they will certainly translate it into their exercise of their power.

World domination [Richard Stallman's Political Notes]

How the US turned in 1940 to a foreign policy of trying to dominate the world, how Biden will probably ramp it up, and why the US continues it despite ever worse results.


FeedRSSLast fetchedNext fetched after
XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
a bag of four grapes XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
A Smart Bear: Startups and Marketing for Geeks XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
Anarcho's blog XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
Ansible XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October
Bad Science XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
Black Doggerel XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
Blog – Official site of Stephen Fry XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
Broodhollow XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
Charlie Brooker | The Guardian XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
Charlie's Diary XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
Chasing the Sunset - Comics Only XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
Clay Shirky XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
Coding Horror XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October
Cory Doctorow – Boing Boing XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
Cory Doctorow's XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
Ctrl+Alt+Del Comic XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
Cyberunions XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
David Mitchell | The Guardian XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October
Debian GNU/Linux System Administration Resources XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
Deeplinks XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
Diesel Sweeties webcomic by rstevens XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October
Dilbert XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
Dork Tower XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
Edmund Finney's Quest to Find the Meaning of Life XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October
Eerie Cuties XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October
EFF Action Center XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October
Enspiral Tales - Medium XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October
Erin Dies Alone XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October
Events XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
Falkvinge on Liberty XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
Flipside XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
Free software jobs XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October
Full Frontal Nerdity by Aaron Williams XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
General Protection Fault: The Comic Strip XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
George Monbiot XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October
Girl Genius XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October
God Hates Astronauts XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
Graeme Smith XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
Groklaw XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
Grrl Power XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
Hackney Anarchist Group XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October;_render=rss XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October
Humble Bundle Blog XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October
I, Cringely XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
Irregular Webcomic! XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
Joel on Software XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October
Judith Proctor's Journal XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October
Krebs on Security XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
Lambda the Ultimate - Programming Languages Weblog XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October
LLVM Project Blog XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October
Looking For Group XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
Loomio Blog XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
Menage a 3 XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
Mimi and Eunice XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October
Neil Gaiman's Journal XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October
Nina Paley XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October
O Abnormal – Scifi/Fantasy Artist XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October
Oglaf! -- Comics. Often dirty. XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
Oh Joy Sex Toy XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
Order of the Stick XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
Original Fiction – XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
OSnews XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October
Paul Graham: Unofficial RSS Feed XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October
Penny Arcade XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
Penny Red XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October
PHD Comics XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
Phil's blog XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
Planet Debian XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October
Planet GNU XML 07:07, Sunday, 25 October 07:48, Sunday, 25 October
Planet GridPP XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October
Planet Lisp XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
Pluralistic: Daily links from Cory Doctorow XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October
Property is Theft! XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October
PS238 by Aaron Williams XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
QC RSS XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October
Radar XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
RevK®'s ramblings XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October
Richard Stallman's Political Notes XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
Scenes From A Multiverse XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October
Schneier on Security XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October
SCHNEWS.ORG.UK XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
Scripting News XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
Seth's Blog XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October
Skin Horse XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
Starslip by Kris Straub XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
Tales From the Riverbank XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
The Adventures of Dr. McNinja XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October
The Bumpycat sat on the mat XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October
The Command Line XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October
The Daily WTF XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October
The Monochrome Mob XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
The Non-Adventures of Wonderella XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October
The Old New Thing XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
The Open Source Grid Engine Blog XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October
The Phoenix Requiem XML 06:56, Sunday, 25 October 07:36, Sunday, 25 October
The Rogues Gallery XML 07:14, Sunday, 25 October 08:02, Sunday, 25 October
The Stranger, Seattle's Only Newspaper: Savage Love XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October
TorrentFreak XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October
towerhamletsalarm XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October
Twokinds XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
UK Indymedia Features XML 07:14, Sunday, 25 October 07:56, Sunday, 25 October
Uploads from ne11y XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October
Uploads from piasladic XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October
Use Sword on Monster XML 07:14, Sunday, 25 October 08:01, Sunday, 25 October
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 07:07, Sunday, 25 October 07:53, Sunday, 25 October
What If? XML 06:56, Sunday, 25 October 07:37, Sunday, 25 October
Whatever XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
Whitechapel Anarchist Group XML 07:00, Sunday, 25 October 07:49, Sunday, 25 October
WIL WHEATON dot NET XML 06:49, Sunday, 25 October 07:33, Sunday, 25 October
wish XML 06:49, Sunday, 25 October 07:34, Sunday, 25 October XML 06:49, Sunday, 25 October 07:32, Sunday, 25 October