Saturday, 26 May

09:43

Christophe Rhodes: sbcl method-combination fixes [Planet Lisp]

At the 2018 European Lisp Symposium, the most obviously actionable feedback for SBCL from a presentation was from Didier's remorseless deconstruction of SBCL's support for method combinations (along with the lack of explicitness about behavioural details in the ANSI CL specification and the Art of the Metaobject Protocol). I don't think that Didier meant to imply that SBCL was particularly bad at method combinations, compared with other available implementations - merely that SBCL was a convenient target. And, to be fair, there was a bug report from a discussion with Bruno Haible back in SBCL's history - May/June 2004, according to my search - which had languished largely unfixed for fourteen years.

I said that I found the Symposium energising. And what better use to put that energy than addressing user feedback? So, I spent a bit of time earlier this month thinking, fixing and attempting to work out what behaviours might actually be useful. To be clear, SBCL's support for define-method-combination was (probably) standards-compliant in the usual case, but if you follow the links from above, or listen to Didier's talk, you will be aware that that's not saying all that much, in that almost nothing is specified about behaviours under redefinition of method combinations.

So, to start with, I solved the cache invalidation (one of the hardest problems in Computer Science), making sure that discriminating functions and effective methods are reset and invalidated for all affected generic functions. This was slightly complicated by the strategy that SBCL has of distinguishing short and long method-combinations with distinct classes (and distinct implementation strategies for compute-effective-method); but this just needed to be methodical and careful. Famous last words: I think that all method-combination behaviour in SBCL is now coherent and should meet user expectations.

More interesting, I think, was coming up with test cases for desired behaviours. Method combinations are not, I think, widely used in practice; whether that is because of lack of support, lack of understanding or lack of need of what they provide, I don't know. (In fact in conversations at ELS we discussed another possibility, which is that everyone is more comfortable customising compute-effective-method instead - both that and define-method-combination provide ways for inserting arbitrary code for the effect of a generic function call with particular arguments. But what this means is that there isn't, as far as I know at least, a large corpus of interesting method combinations to play with.

One interesting one which came up: Bike on #lisp designed an implementation using method-combinations of finite state machines, which I adapted to add to SBCL's test suite. My version looks like:

(define-method-combination fsm (default-start)
    ((primary *))
    (:arguments &key start)
  `(let ((state (or ,start ',default-start)))
     (restart-bind
         (,@(mapcar (lambda (m) `(,(first (method-qualifiers m))
                                  (lambda ()
                                    (setq state (call-method ,m))
                                    (if (and (typep state '(and symbol (not null)))
                                             (find-restart state))
                                        (invoke-restart state)
                                        state))))
                    primary))
       (invoke-restart state))))

and there will be more on this use of restart-bind in a later post, I hope. Staying on the topic of method combinations, how might one use this fsm method combination? A simple example might be to recognize strings with an even number of #\a characters:

;;; first, define something to help with all string parsing
(defclass info ()
  ((string :initarg :string)
   (index :initform 0)))
;;; then the state machine itself
(defgeneric even-as (info &key &allow-other-keys)
  (:method-combination fsm :yes))
(defmethod even-as :yes (info &key)
  (with-slots ((s string) (i index)) info
    (cond ((= i (length s)) t) ((char= (char s i) #\a) (incf i) :no) (t (incf i) :yes))))
(defmethod even-as :no (info &key)
  (with-slots ((s string) (i index)) info
    (cond ((= i (length s)) nil) ((char= (char s i) #\a) (incf i) :yes) (t (incf i) :no))))

(Exercise for the reader: adapt this to implement a Turing Machine)

Another example of (I think) an interesting method combination was one which I came up with in the context of generalized specializers, for an ELS a while ago: the HTTP Request method-combination to be used with HTTP Accept specializers. I'm interested in more! A github search found some examples before I ran out of patience; do you have any examples?

And I have one further question. The method combination takes arguments at generic-function definition time (the :yes in (:method-combination fsm :yes)). Normally, arguments to things are evaluated at the appropriate time. At the moment, SBCL (and indeed all other implementations I tested, but that's not strong evidence given the shared heritage) do not evaluate the arguments to :method-combination - treating it more like a macro call than a function call. I'm not sure that is the most helpful behaviour, but I'm struggling to come up with an example where the other is definitely better. Maybe something like

(let ((lock (make-lock)))
  (defgeneric foo (x)
    (:method-combination locked lock)
    (:method (x) ...)))

Which would allow automatic locking around the effective method of FOO through the method combination? I need to think some more here.

In any case: the method-combination fixes are in the current SBCL master branch, shortly to be released as sbcl-1.4.8. And there is still time (though not very much!) to apply for the many jobs advertised at Goldsmiths Computing - what better things to do on a Bank Holiday weekend?

08:53

Social Media Sites Are Full of Pirate Champions League Streamers [TorrentFreak]

This evening, Liverpool and Real Madrid will go head to head in the Champions League final, one of the biggest sports events of the year.

Hundreds of millions of football fans from around the world will be glued to their televisions to follow the spectacle, while the hashtags #RMALIV and #UCLfinal are trending on social media.

While Twitter, Facebook and other social media are great ways to keep fans engaged and generate traction, they also present a threat. According to data released by the global anti-piracy outfit Irdeto, social media rivals traditional pirate streaming sites.

The company analyzed the number of pirated streams it ran into during the knockout stages of the Champions League and found 5,100 unique illegal streams that were rebroadcasting the matches.

Roughly 40 percent of these unauthorized broadcasts came from ‘social’ platforms including Periscope, Facebook and Twitch. Irdeto found 2,093 streams on these sites with an estimated 4,893,902 viewers.

Regular web-based streams on traditional sports pirate sites were the most popular (2,121), followed by ones found through Kodi-addons (886).

“These viewing figures combined with the number of UEFA Champions League streams detected across a variety of channels suggests that more needs to be done to stop the illegal distribution of high profile live European football matches,” the company writes.

Red card…

Rory O’Connor, Irdeto’s Senior Vice President of Cybersecurity Services, notes that criminals are “earning a fortune” from these activities. At the same time, he stresses that people who stream the matches on social media could face criminal action.

“The criminals who profit from these illegal streams have little regard for their viewers and are exposing them to cybercrime, inappropriate content and malware infection. Also, viewers of illegal content can face criminal penalties if they decide to share content with friends on social media,” O’Connor says.

Besides sharing infographics and reporting interesting statistics, including that Real Madrid was the most viewed team with 2,856,011 viewers of illegal social media streams during the knock out stage, Irdeto can also take action.

Whether they already work for UEFA or if this is an unsolicited application is not known to us, but they do work for other rightsholders.

So instead of tuning into the final tonight, they will probably be busy tracking down pirate broadcasts on social media and elsewhere, hoping to shut them down as soon as possible.

The game is on.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Steve Kemp: On collecting metrics [Planet Debian]

Here are some brief notes about metric-collection, for my own reference.

Collecting server and service metrics is a good thing because it lets you spot degrading performance, and see the effect of any improvements you've made.

Of course it is hard to know what metrics you might need in advance, so the common approach is to measure everything, and the most common way to do that is via collectd.

To collect/store metrics the most common approach is to use carbon and graphite-web. I tend to avoid that as being a little more heavyweight than I'd prefer. Instead I'm all about the modern alternatives:

  • Collect metrics via go-carbon
    • This will listen on :2003 and write metrics beneath /srv/metrics
  • Export the metrics via carbonapi
    • This will talk to the go-carbon instance and export the metrics in a compatible fashion to what carbon would have done.
  • Finally you can view your metrics via grafana
    • This lets you make pretty graphs & dashboards.

Configuring all this is pretty simple. Install go-carbon, and give it a path to write data to (/srv/metrics in my world). Enable the receiver on :2003. Enable the carbonserver and make it bind to 127.0.0.1:8888.

Now configure the carbonapi with the backend of the server above:

  # Listen address, should always include hostname or ip address and a port.
  listen: "localhost:8080"

  # "http://host:port" array of instances of carbonserver stores
  # This is the *ONLY* config element in this section that MUST be specified.
  backends:
    - "http://127.0.0.1:8888"

And finally you can add your data-source to grafana of 127.0.0.1:8080, and graph away.

The only part that I'm disliking at the moment is the sheer size of collectd. Getting metrics of your servers (uptime, I/O performance, etc) is very useful, but it feels like installing 10Mb of software to do that is a bit excessive.

I'm sure there must be more lightweight systems out there for collecting "everything". On the other hand I've added metrics exporting to my puppet-master, and similar tools very easily so I have lightweight support for that in the tools themselves.

I have had a good look at metricsd which is exactly the kind of tool I was looking for, but I've not searched too far afield for other alternatives and choices just yet.

I should write more about application-specific metrics in the future, because I've quizzed a few people recently:

  • What's the average response-time of your application? What's the effectiveness of your (gzip) compression?
    • You don't know?
  • What was the quietest time over the past 24 hours for your server?
    • You don't know?
  • What proportion of your incoming HTTP-requests were for HTTP?
    • Do you monitor HTTP-status-codes? Can you see how many times people were served redirects to the SSL version of your site? Will using HST save you bandwidth, if so how much?

Fun times. (Terrible pun is terrible, but I was talking to a guy called Tim. So I could have written "Fun Tims".)

02:53

Illinois: Say No to Warrantless Drone Surveillance [EFF Action Center]

Illinois State Senate bill S.B. 2562 threatens to allow police to conduct drone surveillance of any gathering of more than 100 people—including protests—without a warrant.

If the house adopts the bill, Illinois residents exercising their first amendment right to come together in collective calls for justice, religious groups gathering in worship, or families attending a parade would all be subject to silent surveillance from above. Video, audio, and face recognition data collection would all be available to police with no requirement for a court's approval.

Together we can stop this bill from keeping us apart. Tell Illinois State House representatives to say no to S.B. 2562

02:03

Ireland's referendum results: legalised abortion projected to win "by a landslide" [Boing Boing]

Ireland's no-exceptions-made abortion ban was one of the cruelest and most inhumane in the world, and after years of struggle, the country has finally held a referendum to amend its constitution and strike down the abortion ban in Article 8; the official count isn't out, but the Irish Times has called it for the reformers, in a "landslide," with a projected 68%-32% margin. (more…)

Congressional staffers for Rep. Tom Garrett [R-VA] say they were used as "personal servants" [Boing Boing]

Politico spoke to four former congressional staffers who'd been assigned to Rep. Tom Garrett [R-VA] who say that the Congressman and his wife treated the staff as "personal servants," demanding that they run personal errands for the Congressman and his family (including handling his dog's feces(, and that they were expected to do these things at all hours. (more…)

01:23

Sylvain Beucler: Testing GNU FreeDink in your browser [Planet Debian]

Ever wanted to try this weird GNU FreeDink game, but never had the patience to install it?
Today, you can play it with a single click :)

Play GNU FreeDink

This is a first version that can be polished further but it works quite well.
This is the original C/C++/SDL2 code with a few tweaks, cross-compiled to WebAssembly (and an alternate version in asm.js) with emscripten.
Nothing brand new I know, but things are getting smoother, and WebAssembly is definitely a performance boost.

I like distributed and autonomous tools, so I'm generally not inclined to web-based solutions.
In this case however, this is a local version of the game. There's no server side. Savegames are in your browser local storage. Even importing D-Mods (game add-ons) is performed purely locally in the in-memory virtual FS with a custom .tar.bz2 extractor cross-compiled to WebAssembly.
And you don't have to worry about all these Store policies (and Distros policies^W^W^W.

I'm interested in feedback on how well these works for you in your browsers and devices:

I'm also interested in tips on how to place LibreJS tags - this is all free JavaScript.

Upward-facing Han Solo in carbonite yoga mat [Boing Boing]

Onnit's $65 Solo Yoga Mat features a lifesize Han-in-Carbon for you to perform upward-facing Jabba on. (via Cnet)

00:33

Friday, 25 May

23:43

Steinar H. Gunderson: Debian XU4 images updated [Planet Debian]

I've updated my Debian images for the ODROID XU4; the newest build was done before stretch release, and a lot of minor adjustments have happened since then.

The XU4 is fairly expensive for a single-board computer ($59 plus PSU, storage and case), and it's getting a bit long in the tooth with 32-bit and all, but it's probably still the nicest choice among the machines Hardkernel have to option. In particular, it's fairly fast, the eMMC option is so much better than SD, and these days, you can run mainline kernel on them instead of some 3.10 build nobody cares about anymore. (Well, in Debian's kernel, you don't get HDMI, though…) It's not nearly as widely supported as the Raspberry Pi, of course, and it doesn't have the crazy huge ecosystem, but it's definitely faster. :-)

Debian doesn't officially support the XU4, but with only a small amount of non-free bits in the bootloader, you can get an almost vanilla image; Debian U-Boot (with GRUB!), Debian kernel, and a plain image that comes out of debootstrap with only some minor awkwardness for loading the device tree. My personal one runs sid, but stretch is a good start for a server and it's easy to dist-upgrade, so I haven't bothered making sid images. I probably will make buster images at some point, though.

Enjoy!

Link [Scripting News]

Getting close with my XML-RPC client and server for Node. You can hook the server up to anything, easily. Factoring is good. Also a client that runs in browser. It’s like getting a classic car running. This is how I have fun.

23:03

Friday Squid Blogging: Squid Comic [Schneier on Security]

It's not very good, but it has a squid in it.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

21:33

There's real reasons for Linux to replace ifconfig, netstat, et al. [OSNews]

One of the ongoing system administration controversies in Linux is that there is an ongoing effort to obsolete the old, cross-Unix standard network administration and diagnosis commands of ifconfig, netstat and the like and replace them with fresh new Linux specific things like ss and the ip suite. Old sysadmins are generally grumpy about this; they consider it yet another sign of Linux's 'not invented here' attitude that sees Linux breaking from well-established Unix norms to go its own way. Although I'm an old sysadmin myself, I don't have this reaction. Instead, I think that it might be both sensible and honest for Linux to go off in this direction. There are two reasons for this, one ostensible and one subtle.

US news sites block EU readers due to GDPR [OSNews]

This article is terrible, and clearly chooses sides with advertisers and data harvesters over users - not surprising, coming from Bloomberg.

For some of America's biggest newspapers and online services, it's easier to block half a billion people from accessing your product than comply with Europe's new General Data Protection Regulation. The Los Angeles Times, the Chicago Tribune, and The New York Daily News are just some telling visitors that, "Unfortunately, our website is currently unavailable in most European countries." With about 500 million people living in the European Union, that's a hard ban on one-and-a-half times the population of the U.S. Blanket blocking EU internet connections - which will include any U.S. citizens visiting Europe - isn't limited to newspapers. Popular read-it-later service Instapaper says on its website that it's "temporarily unavailable for residents in Europe as we continue to make changes in light of the General Data Protection Regulation."

Whenever a site blocks EU users, you can safely assume they got caught with their hands in the user data cookie jar. Some of these sites have dozens and dozens of trackers from dozens of different advertisement companies, so the real issue here is even these sites themselves simply have no clue to whom they're shipping off your data - hence making it impossible to comply with the GDPR in the first place.

The GDPR is not only already forcing companies to give insight into the data they collect on you - it's also highlighting those that simply don't care about your privacy. It's amazing how well GDPR is working, and it's only been in effect for one day.

New Books and ARCs, 5/25/18 [Whatever]

As we roll into Memorial Day Weekend, here’s a quick stack of new books and ARCs for you to peruse. Does anything here look like your ideal summer reading? Tell us which ones in the comments!

20:43

Kubernetes recipes: Maintenance and troubleshooting [All - O'Reilly Media]

Recipes that deal with various aspects of troubleshooting, from debugging pods and containers, to testing service connectivity, interpreting a resource’s status, and node maintenance.

In this chapter, you will find recipes that deal with both app-level and cluster-level maintenance. We cover various aspects of troubleshooting, from debugging pods and containers, to testing service connectivity, interpreting a resource’s status, and node maintenance. Last but not least, we look at how to deal with etcd, the Kubernetes control plane storage component. This chapter is relevant for both cluster admins and app developers.

Enabling Autocomplete for kubectl

Problem

It is cumbersome to type full commands and arguments for the kubectl command, so you want an autocomplete function for it.

Solution

Enable autocompletion for kubectl.

For Linux and the bash shell, you can enable kubectl autocompletion in your current shell using the following command:

$ source <(kubectl completion bash)

For other operating systems and shells, please check the documentation.

See Also

Removing a Pod from a Service

Problem

You have a well-defined service (see not available) backed by several pods. But one of the pods is misbehaving, and you would like to take it out of the list of endpoints to examine it at a later time.

Solution

Relabel the pod using the --overwrite option—this will allow you to change the value of the run label on the pod. By overwriting this label, you can ensure that it will not be selected by the service selector (not available) and will be removed from the list of endpoints. At the same time, the replica set watching over your pods will see that a pod has disappeared and will start a new replica.

To see this in action, start with a straightforward deployment generated with kubectl run (see not available):

$ kubectl run nginx --image nginx --replicas 4

When you list the pods and show the label with key run, you’ll see four pods with the value nginx (run=nginx is the label that is automatically generated by the kubectl run command):

$ kubectl get pods -Lrun
NAME                     READY     STATUS            RESTARTS   AGE       RUN
nginx-d5dc44cf7-5g45r    1/1       Running           0          1h        nginx
nginx-d5dc44cf7-l429b    1/1       Running           0          1h        nginx
nginx-d5dc44cf7-pvrfh    1/1       Running           0          1h        nginx
nginx-d5dc44cf7-vm764    1/1       Running           0          1h        nginx

You can then expose this deployment with a service and check the endpoints, which correspond to the IP addresses of each pod:

$ kubectl expose deployments nginx --port 80

$ kubectl get endpoints
NAME         ENDPOINTS                                                 AGE
nginx        172.17.0.11:80,172.17.0.14:80,172.17.0.3:80 + 1 more...   1h

Moving the first pod out of the service traffic via relabeling is done with a single command:

$ kubectl label pods nginx-d5dc44cf7-5g45r run=notworking --overwrite
Tip

To find the IP address of a pod, you can list the pod’s manifest in JSON and run a JQuery query:

$ kubectl get pods nginx-d5dc44cf7-5g45r -o json | \
  jq -r .status.podIP172.17.0.3

You will see a brand new pod appear with the label run=nginx, and you will see that your nonworking pod still exists but no longer appears in the list of service endpoints:

$ kubectl get pods -Lrun
NAME                     READY     STATUS        RESTARTS   AGE       RUN
nginx-d5dc44cf7-5g45r    1/1       Running       0          21h       notworking
nginx-d5dc44cf7-hztlw    1/1       Running       0          21s       nginx
nginx-d5dc44cf7-l429b    1/1       Running       0          5m        nginx
nginx-d5dc44cf7-pvrfh    1/1       Running       0          5m        nginx
nginx-d5dc44cf7-vm764    1/1       Running       0          5m        nginx

$ kubectl describe endpoints nginx
Name:         nginx
Namespace:    default
Labels:       run=nginx
Annotations:  <none>
Subsets:
  Addresses:          172.17.0.11,172.17.0.14,172.17.0.19,172.17.0.7
...

Accessing a ClusterIP Service Outside the Cluster

Problem

You have an internal service that is causing you trouble and you want to test that it is working well locally without exposing the service externally.

Solution

Use a local proxy to the Kubernetes API server with kubectl proxy.

Let’s assume that you have created a deployment and a service as described in Removing a Pod from a Service. You should see an nginx service when you list the services:

$ kubectl get svc
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
nginx        ClusterIP   10.109.24.56   <none>        80/TCP    22h

This service is not reachable outside the Kubernetes cluster. However, you can run a proxy in a separate terminal and then reach it on localhost.

Start by running the proxy in a separate terminal:

$ kubectl proxy
Starting to serve on 127.0.0.1:8001
Tip

You can specify the port that you want the proxy to run on with the --port option.

In your original terminal, you can then use your browser or curl to access the application exposed by your service. Note the specific path to the service; it contains a /proxy part. Without this, you get the JSON object representing the service:

$ curl http://localhost:8001/api/v1/proxy/namespaces/default/services/nginx/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
Note

Note that you can now also access the entire Kubernetes API over localhost using curl.

Understanding and Parsing Resource Statuses

Problem

You want to react based on the status of a resource—say, a pod—in a script or in another automated environment like a CI/CD pipeline.

Solution

Use kubectl get $KIND/$NAME -o json and parse the JSON output using one of the two methods described here.

If you have the JSON query utility jq installed, you can use it to parse the resource status. Let’s assume you have a pod called jump and want to know what Quality of Service (QoS) class1 the pod is in:

$ kubectl get po/jump -o json | jq --raw-output .status.qosClass
BestEffort

Note that the --raw-output argument for jq will show the raw value and that .status.qosClass is the expression that matches the respective subfield.

Another status query could be around the events or state transitions:

$ kubectl get po/jump -o json | jq .status.conditions
[
  {
    "lastProbeTime": null,
    "lastTransitionTime": "2017-08-28T08:06:19Z",
    "status": "True",
    "type": "Initialized"
  },
  {
    "lastProbeTime": null,
    "lastTransitionTime": "2017-08-31T08:21:29Z",
    "status": "True",
    "type": "Ready"
  },
  {
    "lastProbeTime": null,
    "lastTransitionTime": "2017-08-28T08:06:19Z",
    "status": "True",
    "type": "PodScheduled"
  }
]

Of course, these queries are not limited to pods—you can apply this technique to any resource. For example, you can query the revisions of a deployment:

$ kubectl get deploy/prom -o json | jq .metadata.annotations
{
  "deployment.kubernetes.io/revision": "1"
}

Or you can list all the endpoints that make up a service:

$ kubectl get ep/prom-svc -o json | jq '.subsets'
[
  {
    "addresses": [
      {
        "ip": "172.17.0.4",
        "nodeName": "minikube",
        "targetRef": {
          "kind": "Pod",
          "name": "prom-2436944326-pr60g",
          "namespace": "default",
          "resourceVersion": "686093",
          "uid": "eee59623-7f2f-11e7-b58a-080027390640"
        }
      }
    ],
    "ports": [
      {
        "port": 9090,
        "protocol": "TCP"
      }
    ]
  }
]

Now that you’ve seen jq in action, let’s move on to a method that doesn’t require external tooling—that is, the built-in feature of using Go templates.

The Go programming language defines templates in a package called text/template that can be used for any kind of text or data transformation, and kubectl has built-in support for it. For example, to list all the container images used in the current namespace, do this:

$ kubectl get pods -o go-template \
          --template="{{range .items}}{{range .spec.containers}}{{.image}} \
          {{end}}{{end}}"
busybox prom/prometheus

See Also

Debugging Pods

Problem

You have a situation where a pod is either not starting up as expected or fails after some time.

Solution

To systematically discover and fix the cause of the problem, enter an OODA loop:

  1. Observe. What do you see in the container logs? What events have occurred? How is the network connectivity?

  2. Orient. Formulate a set of plausible hypotheses—stay as open-minded as possible and don’t jump to conclusions.

  3. Decide. Pick one of the hypotheses.

  4. Act. Test the hypothesis. If it’s confirmed, you’re done; otherwise, go back to step 1 and continue.

Let’s have a look at a concrete example where a pod fails. Create a manifest called unhappy-pod.yaml with this content:

apiVersion:       extensions/v1beta1
kind:             Deployment
metadata:
  name:           unhappy
spec:
  replicas:       1
  template:
    metadata:
      labels:
        app:      nevermind
    spec:
      containers:
      - name:     shell
        image:    busybox
        command:
        - "sh"
        - "-c"
        - "echo I will just print something here and then exit"

Now when you launch that deployment and look at the pod it creates, you’ll see it’s unhappy:

$ kubectl create -f unhappy-pod.yaml
deployment "unhappy" created

$ kubectl  get po
NAME                       READY     STATUS             RESTARTS   AGE
unhappy-3626010456-4j251   0/1       CrashLoopBackOff   1          7s

$ kubectl describe po/unhappy-3626010456-4j251
Name:           unhappy-3626010456-4j251
Namespace:      default
Node:           minikube/192.168.99.100
Start Time:     Sat, 12 Aug 2017 17:02:37 +0100
Labels:         app=nevermind
                pod-template-hash=3626010456
Annotations:    kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":
"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":
"unhappy-3626010456","uid":
"a9368a97-7f77-11e7-b58a-080027390640"...
Status:         Running
IP:             172.17.0.13
Created By:     ReplicaSet/unhappy-3626010456
Controlled By:  ReplicaSet/unhappy-3626010456
...
Conditions:
  Type          Status
  Initialized   True
  Ready         False
  PodScheduled  True
Volumes:
  default-token-rlm2s:
    Type:       Secret (a volume populated by a Secret)
    SecretName: default-token-rlm2s
    Optional:   false
QoS Class:      BestEffort
Node-Selectors: <none>
Tolerations:    <none>
Events:
  FirstSeen   ...   Reason                  Message
  ---------   ...   ------                  -------
  25s         ...   Scheduled               Successfully assigned
                                            unhappy-3626010456-4j251 to minikube
  25s         ...   SuccessfulMountVolume   MountVolume.SetUp succeeded for
                                            volume "default-token-rlm2s"
  24s         ...   Pulling                 pulling image "busybox"
  22s         ...   Pulled                  Successfully pulled image "busybox"
  22s         ...   Created                 Created container
  22s         ...   Started                 Started container
  19s         ...   BackOff                 Back-off restarting failed container
  19s         ...   FailedSync              Error syncing pod

As you can see, Kubernetes considers this pod as not ready to serve traffic as it encountered an "error syncing pod."

Another way to observe this is using the Kubernetes dashboard to view the deployment (Figure 1), as well as the supervised replica set and the pod (Figure 2).

Screen Shot Of Deployment In Error State
Figure 1. Screenshot of deployment in error state
Screen Shot Of Pod In Error State
Figure 2. Screenshot of pod in error state

Discussion

An issue, be it a pod failing or a node behaving strangely, can have many different causes. Here are some things you’ll want to check before suspecting software bugs:

  • Is the manifest correct? Check with the Kubernetes JSON schema.

  • Does the container run standalone, locally (that is, outside of Kubernetes)?

  • Can Kubernetes reach the container registry and actually pull the container image?

  • Can the nodes talk to each other?

  • Can the nodes reach the master?

  • Is DNS available in the cluster?

  • Are there sufficient resources available on the nodes?

  • Did you restrict the container’s resource usage?

See Also

Getting a Detailed Snapshot of the Cluster State

Problem

You want to get a detailed snapshot of the overall cluster state for orientation, auditing, or troubleshooting purposes.

Solution

Use the kubectl cluster-info dump command. For example, to create a dump of the cluster state in a subdirectory cluster-state-2017-08-13, do this:

$ kubectl cluster-info dump --all-namespaces \
  --output-directory=$PWD/cluster-state-2017-08-13

$ tree ./cluster-state-2017-08-13
.
├── default
│   ├── cockroachdb-0
│   │   └── logs.txt
│   ├── cockroachdb-1
│   │   └── logs.txt
│   ├── cockroachdb-2
│   │   └── logs.txt
│   ├── daemonsets.json
│   ├── deployments.json
│   ├── events.json
│   ├── jump-1247516000-sz87w
│   │   └── logs.txt
│   ├── nginx-4217019353-462mb
│   │   └── logs.txt
│   ├── nginx-4217019353-z3g8d
│   │   └── logs.txt
│   ├── pods.json
│   ├── prom-2436944326-pr60g
│   │   └── logs.txt
│   ├── replicasets.json
│   ├── replication-controllers.json
│   └── services.json
├── kube-public
│   ├── daemonsets.json
│   ├── deployments.json
│   ├── events.json
│   ├── pods.json
│   ├── replicasets.json
│   ├── replication-controllers.json
│   └── services.json
├── kube-system
│   ├── daemonsets.json
│   ├── default-http-backend-wdfwc
│   │   └── logs.txt
│   ├── deployments.json
│   ├── events.json
│   ├── kube-addon-manager-minikube
│   │   └── logs.txt
│   ├── kube-dns-910330662-dvr9f
│   │   └── logs.txt
│   ├── kubernetes-dashboard-5pqmk
│   │   └── logs.txt
│   ├── nginx-ingress-controller-d2f2z
│   │   └── logs.txt
│   ├── pods.json
│   ├── replicasets.json
│   ├── replication-controllers.json
│   └── services.json
└── nodes.json

Adding Kubernetes Worker Nodes

Problem

You need to add a worker node to your Kubernetes cluster.

Solution

Provision a new machine in whatever way your environment requires (for example, in a bare-metal environment you might need to physically install a new server in a rack, in a public cloud setting you need to create a new VM, etc.), and then install the three components that make up a Kubernetes worker node:

kubelet

This is the node manager and supervisor for all pods, no matter if they’re controlled by the API server or running locally, such as static pods. Note that the kubelet is the final arbiter of what pods can or cannot run on a given node, and takes care of:

  • Reporting node and pod statuses to the API server.

  • Periodically executing liveness probes.

  • Mounting the pod volumes and downloading secrets.

  • Controlling the container runtime (see the following).

Container runtime

This is responsible for downloading container images and running the containers. Initially, this was hardwired to the Docker engine, but nowadays it is a pluggable system based on the Container Runtime Interface (CRI), so you can, for example, use CRI-O rather than Docker.

kube-proxy

This process dynamically configures iptables rules on the node to enable the Kubernetes service abstraction (redirecting the VIP to the endpoints, one or more pods representing the service).

The actual installation of the components depends heavily on your environment and the installation method used (cloud, kubeadm, etc.). For a list of available options, see the kubelet reference and kube-proxy reference.

Discussion

Worker nodes, unlike other Kubernetes resources such as a deployments or services, are not directly created by the Kubernetes control plane but only managed by it. That means when Kubernetes creates a node, it actually only creates an object that represents the worker node. It validates the node by health checks based on the node’s metadata.name field, and if the node is valid—that is, all necessary components are running—it is considered part of the cluster; otherwise, it will be ignored for any cluster activity until it becomes valid.

See Also

Draining Kubernetes Nodes for Maintenance

Problem

You need to carry out maintenance on a node—for example, to apply a security patch or upgrade the operating system.

Solution

Use the kubectl drain command. For example, to do maintenance on node 123-worker:

$ kubectl drain 123-worker

When you are ready to put the node back into service, use kubectl uncordon 123-worker, which will make the node schedulable again.

Discussion

What the kubectl drain command does is to first mark the specified node un-schedulable to prevent new pods from arriving (essentially a kubectl cordon). Then it evicts the pods if the API server supports eviction. Otherwise, it will use normal kubectl delete to delete the pods. The Kubernetes docs have a concise sequence diagram of the steps, reproduced in Figure 3.

Node drain sequence diagram
Figure 3. Node drain sequence diagram

The kubectl drain command evicts or deletes all pods except mirror pods (which cannot be deleted through the API server). For pods supervised by a DaemonSet, drain will not proceed without using --ignore-daemonsets, and regardless it will not delete any DaemonSet-managed pods—those pods would be immediately replaced by the DaemonSet controller, which ignores unschedulable markings.

Warning

drain waits for graceful termination, so you should not operate on this node until the kubectl drain command has completed. Note that kubectl drain $NODE --force will also evict pods not managed by an RC, RS, job, DaemonSet, or StatefulSet.

See Also

Managing etcd

Problem

You need to access etcd to back it up or verify the cluster state directly.

Solution

Get access to etcd and query it, either using curl or etcdctl. For example, in the context of Minikube (with jq installed):

$ minikube ssh

$ curl 127.0.0.1:2379/v2/keys/registry | jq .
{
  "action": "get",
  "node": {
    "key": "/registry",
    "dir": true,
    "nodes": [
      {
        "key": "/registry/persistentvolumeclaims",
        "dir": true,
        "modifiedIndex": 241330,
        "createdIndex": 241330
      },
      {
        "key": "/registry/apiextensions.k8s.io",
        "dir": true,
        "modifiedIndex": 641,
        "createdIndex": 641
      },
...

This technique can be used in environments where etcd is used with the v2 API.

Discussion

In Kubernetes, etcd is a component of the control plane. The API server (see not available) is stateless and the only Kubernetes component that directly communicates with etcd, the distributed storage component that manages the cluster state. Essentially, etcd is a key/value store; in etcd2 the keys formed a hierarchy, but with the introduction of etcd3 this was replaced with a flat model (while maintaining backwards compatibility concerning hierarchical keys).

Note

Up until Kubernetes 1.5.2 we used etcd2, and from then on we switched to etcd3. In Kubernetes 1.5.x, etcd3 is still used in v2 API mode and going forward this is changing to the etcd v3 API with v2 being deprecated soon. Though from a developer’s point of view this doesn’t have any implications, because the API server takes care of abstracting the interactions away, as an admin you want to pay attention to which etcd version is used in which API mode.

In general, it’s the responsibility of the cluster admin to manage etcd—that is, to upgrade it and make sure the data is backed up. In certain environments where the control plane is managed for you, such as in Google Kubernetes Engine, you cannot access etcd directly. This is by design, and there’s no workaround for it.

See Also

Continue reading Kubernetes recipes: Maintenance and troubleshooting.

Security and Human Behavior (SHB 2018) [Schneier on Security]

I'm at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior.

SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers, lawyers, philosophers, anthropologists, business school professors, and a smattering of others. It's not just an interdisciplinary event; most of the people here are individually interdisciplinary.

The goal is to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to 7-10 minutes. The rest of the time is left to open discussion. Four hour-and-a-half panels per day over two days equals eight panels; six people per panel means that 48 people get to speak. We also have lunches, dinners, and receptions -- all designed so people from different disciplines talk to each other.

I invariably find this to be the most intellectually stimulating conference of my year. It influences my thinking in many different, and sometimes surprising, ways.

This year's program is here. This page lists the participants and includes links to some of their work. As he does every year, Ross Anderson is liveblogging the talks. (Ross also maintains a good webpage of psychology and security resources.)

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth SHB workshops. Follow those links to find summaries, papers, and occasionally audio recordings of the various workshops.

Next year, I'll be hosting the event at Harvard.

19:03

Kropotkin’s "Modern Science and Anarchy" published [Anarcho's blog]

I am happy to announce that the final book published in Kropotkin’s lifetime – Modern Science and Anarchy – is now available in English translation, namely 1913's La Science Moderne et L’Anarchie. I would like to thank the comrades of AK Press for this finally happen, 105 years in the making. More details can be found on the UK and USA AK Press webpages.

read more

Apple rejects Valve's Steam Link game streaming app [OSNews]

Valve's game streaming service Steam Link won't be coming to iOS today, despite a successful Android beta launch earlier this month. According to the official Steam Database Twitter account, Apple rejected the Steam Link app over apparent "business conflicts with app guidelines". Steam Link was first announced for mobile back in March, and the app functions as a remote desktop so users can access their Steam library of PC games from a mobile device and stream them directly for touchscreen play or for use with a Bluetooth controller. It's not exactly clear at the moment what the "business conflict" here is, and whether it has anything to do with Apple's somewhat contentious 30 percent App Store fee for all purchases, in-app or otherwise. It may perhaps be due to the fact that Steam Link allows an iOS user to access another app store, namely Steam, within Apple's tightly controlled ecosystem. Apple was not immediately available for comment.

If that really is the reason Apple banned the application, they should ban every single remote desktop application.

Living in a Docker world [OSNews]

Have you ever tried to install Minecraft and seen an error message like, "This application requires a Java Runtime Environment 1.6.0"? Or you try to install something on Windows, and you get an error that says some .NET framework is missing? Or, as a more basic example, have you ever spent a couple hours setting up a new computer with all your applications and preferences? Those are the kinds of problems Docker, and "containers" more broadly (Docker is kind of the Kleenex of containers), are meant to solve. Docker makes it easy to install Linux applications on servers, along with their required dependencies and whatever preferences you might have for those applications. And, as an added bonus, conflicting dependencies between applications (maybe one app relies on Python 2, and another app relies on Python 3) aren't an issue, because everything is isolated in different containers.

18:13

Just revealed: Cook, Serve, Delicious! 2!! and Ken... [Humble Bundle Blog]



Just revealed: Cook, Serve, Delicious! 2!! and Ken Follett’s The Pillars of the Earth!

Yep, we just unlocked more Humble Monthly content early! For only $12, you’ll immediately get not only Destiny 2, but also Cook, Serve, Delicious! 2!! and Ken Follett’s The Pillars of the Earth. And don’t forget, there are still more games to come when the mystery bundle unlocks on the first Friday of June.

And Now, a Quick Update From Phoenix [Whatever]

Actually, everything is groovy. Wednesday was “Elevengeddon” at the Poisoned Pen bookstore, in which more than eleven authors signed books for people, and yesterday was given over to a couple of panels and then mostly hanging out with friends. Above you will see my friend Olivia, being force choked by Darth Vader. That Vader. What a jerk. Today is more panels and hanging out. As is Saturday! As is Sunday! You sense a pattern.

Hope your Memorial Day weekend is going to be a fabulous one. If you have any particular plans for it you feel like sharing, well, that’s what the comment thread is for.

17:23

Today in GPF History for Friday, May 25, 2018 [General Protection Fault: The Comic Strip]

Todd reveals to Ki that Nick's Velociraptor is the key to Trudy's future plans...

16:43

openSUSE Leap 15 released [LWN.net]

OpenSUSE Leap 15 has been released. "With a brand new look developed by the community, openSUSE Leap 15 brings plenty of community packages built on top of a core from SUSE Linux Enterprise (SLE) 15 sources, with the two major releases being built in parallel from the beginning for the first time. Leap 15 shares a common core with SLE 15, which is due for release in the coming months. The first release of Leap was version 42.1, and it was based on the first Service Pack (SP1) of SLE 12. Three years later SUSE’s enterprise version and openSUSE’s community version are now aligned at 15 with a fresh rebase." Leap 15 will receive maintenance and security updates for at least 3 years.

Gorgeous plasticine circuit-board [Boing Boing]

Tim Easley's gorgeous sculpture depicting an elaborate circuit board made from modeling clay, was commissioned by the record label Albert's Favourites as the cover art for Modified Man's new release, Modifications: Set 2. (more…)

A guide to the valuable electronics inside Bird's illegal-in-San Francisco scooters [Boing Boing]

On the occasion of Bird being ordered to remove its scooters from the streets of San Francisco, JWZ has published the beginnings of a costed teardown of the key components of any you find lying around after they become illegal litter: (more…)

Zelda propaganda posters [Boing Boing]

Counter the creeping resurgence of genuine, non-metaphorical Naziism in gamer culture with Fernando Reza's kick-ass WWII style Zelda propaganda posters! $40 each, 18" x 24", printed on archival paper. (more…)

John Hodgman's outstanding Vacationland: now in paperback! [Boing Boing]

I found John Hodgman's Vacationland to be a genuinely moving and hilarious read; and it has stuck with me in the year since its hardcover release -- now it's out in paperback, and Hodgman is touring with it. (more…)

Facebook is worth much less to its users than search and email, but it keeps a larger share of the value [Boing Boing]

Economists Erik Brynjolfsson, Felix Eggers and Avinash Gannamaneni have published an NBER paper (Sci-Hub mirror) detailing an experiment where they offered Americans varying sums to give up Facebook, and then used a less-rigorous means to estimate much much Americans valued other kinds of online services: maps, webmail, search, etc. (more…)

16:03

TRON Cryptocurrency Founder Plans to Buy BitTorrent Inc [TorrentFreak]

Founded by BitTorrent inventor Bram Cohen, BitTorrent Inc. is best known for its torrent client uTorrent, which has more than 100 million users.

Despite this massive userbase, however, the company never transformed into the next billion-dollar tech giant, as some as the early investors had hoped.

In fact, it has only gone downhill in recent years, in part due to questionable management practices. Things have calmed down since, but according to new information gathered by TorrentFreak, there is a major change afoot.

A few weeks ago we reported that BitTorrent Inc. quietly renamed its company to “Rainberry” last year. The company informed us that this was “purely a corporate decision.” While that may be the case, it could also be related to the company’s plans to be acquired.

Legal paperwork filed earlier this year reveals that Rainberry was sued because it allegedly violated a “No Shop” clause in an agreement with a potential buyer. This potential buyer, who signed a letter of intent, is none other than TRON founder Justin Sun.

TRON is one of the hottest and controversial cryptocurrencies. After a successful ICO, it now has a market cap of more than $4 billion, only surpassed by a few others. And with Sun at the helm, it makes headlines nearly every day.

The TRON mainnet, which will go live in a few days, has the ultimate goal to “decentralize the web.” BitTorrent would fit well in this picture, and the TRON whitepaper mentions torrents as one of the pillars.

TRON

Sun first began pursuing the acquisition of BitTorrent Inc.’s assets in September last year. In January 2018, both parties finalized a letter of intent for the acquisition, of which Sun returned a signed copy.

While it appeared that things were moving along nicely, BitTorrent Inc. CEO Ro Choy came back with a surprising reply.

“Within literally hours after the parties agreed to the Letter of Intent, and after Ro Choy began performing the terms of the Letter of Intent, Defendant claims it received three ‘superior’ bids from companies that David Chao admitted they had been communicating with,” Sun claims in the lawsuit.

Sun asked the court for a restraining order to prevent BitTorrent from talking to other potential buyers, as was agreed in the letter of intent. The case was swiftly dismissed by the court, but not without leaving a paper trail.

While it is clear that TRON’s founder is eager to acquire BitTorrent, less is known about what happened afterward. Did both parties throw their letter of intent in the trash mid-February, or was the deal still on?

Then, our research pointed out another interesting fact which suggests that the deal is going forward. At the end of February, right when the exclusivity period set in the letter of intent ended, a holding company named “Rainberry Acquisition” was registered in California.

This company is registered to none other than TRON founder Justin Sun, who completed the statement of information last month, as can be seen below.

Rainberry Acquisition paperwork

TorrentFreak reached out to Justin Sun, but TRON’s founder did not immediately reply to our request for comment.

When we confronted BitTorrent Inc. with the information, the company confirmed our findings and the interest from Sun, but it noted that the acquisition is not 100% finalized yet. More information will likely be released at a later stage, if all goes well.

At this point, Sun’s plans for BitTorrent Inc. remain unclear. He has not spoken about the acquisition in public, obviously, but it’s likely that it will be used to the advantage of TRON.

Interestingly, BitTorrent Inc. founder Bram Cohen has also taken an interest in cryptocurrencies, with the goal of creating a superior one called Chia. As far as we know, he is not part of TRON’s future in any way.

A copy of Sun’s complaint against Rainberry (f/k/a BitTorrent) is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Steal This Show S03E16: The TAO of the DAO Pt. 2 [TorrentFreak]

stslogo180If you enjoy this episode, consider becoming a patron and getting involved with the show. Check out Steal This Show’s Patreon campaign: support us and get all kinds of fantastic benefits!

This is the second part of our interview with Chris Beams, founder of the decentralised cryptocurrency exchange, Bisq. We discuss the inner workings of the Bisq service, how it compares to the widely used platform Local Bitcoins, and the intricacies of designing decentral P2P systems for financial operations.

From there, we move into some of the political/philosophical implications of Bisq as a Distributed Autonomous Organisation (DAO): are we evolving, with Bitcoin and other P2P networks, functionalities which parallel certain present-day institutions, and which could one day eliminate the need for establishment altogether?

And could a future democracy be composed of “opt-in” components that actually do better at providing for our basic human needs?

Steal This Show aims to release bi-weekly episodes featuring insiders discussing copyright and file-sharing news. It complements our regular reporting by adding more room for opinion, commentary, and analysis.

The guests for our news discussions will vary, and we’ll aim to introduce voices from different backgrounds and persuasions. In addition to news, STS will also produce features interviewing some of the great innovators and minds.

Host: Jamie King

Guest: Chris Beams

Produced by Jamie King
Edited & Mixed by Riley Byrne
Original Music by David Triana
Web Production by Siraje Amarniss

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Security updates for Friday [LWN.net]

Security updates have been issued by Arch Linux (bind, libofx, and thunderbird), Debian (thunderbird, xdg-utils, and xen), Fedora (procps-ng), Mageia (gnupg2, mbedtls, pdns, and pdns-recursor), openSUSE (bash, GraphicsMagick, icu, and kernel), Oracle (thunderbird), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, and thunderbird), Scientific Linux (thunderbird), and Ubuntu (curl).

[$] Notes from the 2nd Operating-System-Directed Power-Management Summit [LWN.net]

The second Operating-System-Directed Power-Management (OSPM18) Summit took place at the ReTiS Lab of the Scuola Superiore Sant'Anna in Pisa between April 16 and April 18, 2018. Like last year, the summit was organized as a collection of collaborative sessions focused on trying to improve how operating-system-directed power management and the kernel's task scheduler work together to achieve the goal of reducing energy consumption while still meeting performance and latency requirements. Read on for an extensive set of notes collected by a number of the participants to the summit.

The Trump-Kim commemorative coin now commemorates Trump's disastrous handling of the North Korea talks [Boing Boing]

Ahead of Trump's planned summit with North Korean "Supreme Leader" Kim Jong Un, the White House issued a tacky commemorative coin; once Trump sent his petulant breakup letter to Kim canceling the summit, the coin became the discounted "deal of the day" at the White House gift shop. (more…)

The paleocomputing miracle of the 76477 Space Invaders sound effects chip [Boing Boing]

In 1978, the 76477 Complex Sound Generation chip was foundational to creating the sound effects in many popular games, notably Space Invaders; it was also popular with hobbyists who could buy the chip at Radio Shack -- it could do minor miracles, tweaking a white noise generator to produce everything from drums to explosions, using an integrated digital mixer to layer and sequence these sounds. (more…)

Stick and bucket dance [Judith Proctor's Journal]

 I feel this one is apropriate for the date.




comment count unavailable comments

Stick and bucket dance [Tales From the Riverbank]

 I feel this one is apropriate for the date.


This entry was originally posted on Dreamwidth where it has comment count unavailable comments.

15:13

Talking the writers’ life with the Australia Broadcasting Company’s Green Room show [Cory Doctorow's craphound.com]

Earlier this spring, while I was on my Australia/NZ tour, I sat down with Australian author Nick Earls for his Green Room show, (MP3) to gossip, complain, and daydream about the writer’s life.

Debugging Node apps [Scripting News]

I got the answer to yesterday's query about getting at the data in a Node app using the debugger. There's a new way to do it. First you have to install a Chrome app. Then launch the Node app with a --inspect flag.

  • node --inspect test.js

The app launches. It displays a URL to open in Chrome. Copy it, paste it into the browser address bar, and the debugger opens. Your files are in the left margin. Click one. Set a breakpoint. When the app stops there you'll see the data in the right panel, and when you click the wedge, it expands.

One concern, this process requires using Chrome, and I'm expecting to have to stop using it soon because it breaks all my sites.

My namespace importing trick imported the same three namespaces into each top-level namespace, yet it worked? [The Old New Thing]

A little while ago, I noted a technique formally known as namespace composition. There was one section that appeared to confuse some people:

namespace ABI
{
  using Windows::System::Profile::SystemManufacturers;
  using Windows::UI::ViewManagement;
  using Windows::Security::Cryptography;
}

namespace cx
{
  using Windows::System::Profile::SystemManufacturers;
  using Windows::UI::ViewManagement;
  using Windows::Security::Cryptography;
}

namespace winrt
{
  using Windows::System::Profile::SystemManufacturers;
  using Windows::UI::ViewManagement;
  using Windows::Security::Cryptography;
}

Was this a copy/paste error? After all, the same three namespaces are being imported each time.

Well, no, actually. The text is the same, but each one is interpreted differently.

Let's take a simpler example:

namespace X { namespace W { void f(); }}
namespace Y { namespace W { void f(); }}
namespace W { void f(); }

namespace X
{
    using namespace W;
    auto do_something = f;
}

namespace Y
{
    using namespace W;
    auto do_something = f;
}

namespace Z
{
    using namespace W;
    auto do_something = f;
}

Each of the three namespaces contain a using namespace W;, but each one refers to a different namespace, which you can see by pasting the above into Compiler Explorer and observing the definitions of X::do_something, Y::do_something, and Z::do_something.

The first using namespace W; takes place inside a namespace X, so the search begins relative to that namespace, and we find it at ::X::W.

Similarly, the second using namespace W; takes place inside a namespace Y, so the search begins relative to that namespace, and we find it at ::Y::W.

The third using namespace W; takes place inside a namespace Z, so the search begins relative to that namespace. There is no ::Z::W, so we resume our search at the next outer namespace, which is the global namespace, and we find it as ::W.

Even though the three namespace imports are textually identical, they have different effects because they each occur in different contexts.

I wrote it this way because it showed that I was "pulling in" the relative namespace declarations into the corresponding first-level namespace.

Texas high-school principal fires award-winning, nationally famous journalism teacher to rein in critical student newspaper reporting [Boing Boing]

Dallas-Fort Worth's Prosper High School has an excellent student paper, the Eagle Nation Online, with a most excellent advisor, Lori Oglesbee-Petter, a journalism teacher with 34 years of experience, whose students won 175 state and national journalism awards last year alone. (more…)

14:23

12:53

Detecting Lies through Mouse Movements [Schneier on Security]

Interesting research: "The detection of faked identity using unexpected questions and mouse dynamics," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori.

Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they require prior knowledge of the respondent's true identity. Here, we report a novel technique for detecting faked identities based on the use of unexpected questions that may be used to check the respondent identity without any prior autobiographical information. While truth-tellers respond automatically to unexpected questions, liars have to "build" and verify their responses. This lack of automaticity is reflected in the mouse movements used to record the responses as well as in the number of errors. Responses to unexpected questions are compared to responses to expected and control questions (i.e., questions to which a liar also must respond truthfully). Parameters that encode mouse movement were analyzed using machine learning classifiers and the results indicate that the mouse trajectories and errors on unexpected questions efficiently distinguish liars from truth-tellers. Furthermore, we showed that liars may be identified also when they are responding truthfully. Unexpected questions combined with the analysis of mouse movement may efficiently spot participants with faked identities without the need for any prior information on the examinee.

Boing Boing post.

11:33

Four short links: 25 May 2018 [All - O'Reilly Media]

Bitcoin Badness, True Platform, Hardware Details, and Continuous Game of Life

  1. U.S. Criminal Probe into Bitcoin Manipulation -- also in the news: $1.2 billion of cryptocurrency stolen since 2017.
  2. Bill Gates on Platforms -- A platform is when the economic value of everybody that uses it exceeds the value of the company that creates it. Then it’s a platform. (via Stratechery)
  3. Inside the 76477 Space Invaders Sound Chip -- this is fascinating! The 76477 is primarily analog—most control signals are analog, the chip doesn't have digital control registers, and most sounds are generated from analog circuits—but about a third of the chip's area is digital logic.
  4. Smooth Life -- Conway's Game of Life on a continuous domain. See also Game of Life for Curved Surfaces and accompanying video. (via lobste.rs)

Continue reading Four short links: 25 May 2018.

Error'd: Go Home Google News, You're Drunk [The Daily WTF]

"Well, it looks like Google News was inebriated as well!" Daniel wrote.   "(Translation: Given names similar to Otto) One must wonder which distance measure algorithm they used to...

A sprig of lilac [Tales From the Riverbank]

 It's the 25th of May.



This entry was originally posted on Dreamwidth where it has comment count unavailable comments.

10:43

Thomas Lange: Mini DebConf Hamburg [Planet Debian]

Last week I attended the MiniDebConfHamburg. I worked on new releases of dracut and rinse. Dracut is an initramfs-tools replacement which now supports early microcode loading. Rinse is a tool similar to debootstrap for rpm distributions, which now can create Fedora 28 environments aka chroots.

On Sunday I gave a lightning talk video about how to try out dracut on your computer without removing initramfs-tools. In Debian, we still did not switched the default to dracut, and I like to see more feedback if dracut works in your environment. Later I did a presentation on the FAI.me build service (video, slides). Many thanks to Juri, who implemented a switch on the FAI.me web page for changing between a basic and an advanced mode for the installation images. I've also worked on installing Ubuntu 18.04 LTS (Bionic) using FAI, which was quite simple, because changing the release name from xenial to bionic was most of the work. Yesterday I've added some language support for Ubuntu into FAI, so I hope to release the next version soon.

MiniDebConfHamburg was very nice, a nice location so I hope there will be more MiniDebConfs in Hamburg in the future.

10:03

Feeds | Archiving code and software shared with research: journal, author and re-user perspectives [Planet GridPP]

Archiving code and software shared with research: journal, author and re-user perspectives s.aragon 25 May 2018 - 10:31am

5518280677_581f2a1e3f_z.jpgBy Naomi Penfold, Nikoleta Glynatsi, Yo Yehudi, James Baker, Steve Crouch

This post is part of the Collaborations Workshops 2018 speed blogging series.

Does it help? [Seth Godin's Blog on marketing, tribes and respect]

Okay, you know how you feel, what you need, what you want...

This next thing you're going to do or say: Does it help you get closer to that?

       

09:13

Legal Blackmail: Zero Cases Brought Against Alleged Pirates in Sweden [TorrentFreak]

While several countries in Europe have wilted under sustained pressure from copyright trolls for more than ten years, Sweden managed to avoid their controversial attacks until fairly recently.

With Germany a decade-old pit of misery, with many hundreds of thousands of letters – by now probably millions – sent out to Internet users demanding cash, Sweden avoided the ranks of its European partners until two years ago

In September 2016 it was revealed that an organization calling itself Spridningskollen (Distribution Check) headed up by law firm Gothia Law, would begin targeting the public.

Its spokesperson described its letters as “speeding tickets” for pirates, in that they would only target the guilty. But there was a huge backlash and just a couple of months later Spridningskollen headed for the hills, without a single collection letter being sent out.

That was the calm before the storm.

In February 2017, Danish law firm Njord Law was found to be at the center of a new troll operation targeting the subscribers of several ISPs, including Telia, Tele2 and Bredbandsbolaget. Court documents revealed that thousands of IP addresses had been harvested by the law firm’s partners who were determined to link them with real-life people.

Indeed, in a single batch, Njord Law was granted permission from the court to obtain the identities of citizens behind 25,000 IP addresses, from whom it hoped to obtain cash settlements of around US$550. But it didn’t stop there.

Time and again the trolls headed back to court in an effort to reach more people although until now the true scale of their operations has been open to question. However, a new investigation carried out by SVT has revealed that the promised copyright troll invasion of Sweden is well underway with a huge level of momentum.

Data collated by the publication reveals that since 2017, the personal details behind more than 50,000 IP addresses have been handed over by Swedish Internet service providers to law firms representing copyright trolls and their partners. By the end of this year, Njord Law alone will have sent out 35,000 letters to Swede’s whose IP addresses have been flagged as allegedly infringing copyright.

Even if one is extremely conservative with the figures, the levels of cash involved are significant. Taking a settlement amount of just $300 per letter, very quickly the copyright trolls are looking at $15,000,000 in revenues. On the perimeter, assuming $550 will make a supposed lawsuit go away, we’re looking at a potential $27,500,000 in takings.

But of course, this dragnet approach doesn’t have the desired effect on all recipients.

In 2017, Njord Law said that only 60% of its letters received any kind of response, meaning that even fewer would be settling with the company. So what happens when the public ignores the threatening letters?

“Yes, we will [go to court],” said lawyer Jeppe Brogaard Clausen last year.

“We wish to resolve matters as much as possible through education and dialogue without the assistance of the court though. It is very expensive both for the rights holders and for plaintiffs if we go to court.”

But despite the tough-talking, SVT’s investigation has turned up an interesting fact. The nuclear option, of taking people to court and winning a case when they refuse to pay, has never happened.

After trawling records held by the Patent and Market Court and all those held by the District Courts dating back five years, SVT did not find a single case of a troll taking a citizen to court and winning a case. Furthermore, no law firm contacted by the publication could show that such a thing had happened.

“In Sweden, we have not yet taken someone to court, but we are planning to file for the right in 2018,” Emelie Svensson, lawyer at Njord Law, told SVT.

While a case may yet reach the courts, when it does it is guaranteed to be a cut-and-dried one. Letter recipients can often say things to damage their case, even when they’re only getting a letter due to their name being on the Internet bill. These are the people who find themselves under the most pressure to pay, whether they’re guilty or not.

“There is a risk of what is known in English as ‘legal blackmailing’,” says Mårten Schultz, professor of civil law at Stockholm University.

“With [the copyright holders’] legal and economic muscles, small citizens are scared into paying claims that they do not legally have to pay.”

It’s a position shared by Marianne Levine, Professor of Intellectual Property Law at Stockholm University.

“One can only show that an IP address appears in some context, but there is no point in the evidence. Namely, that it is the subscriber who also downloaded illegitimate material,” she told SVT.

Njord Law, on the other hand, sees things differently.

“In Sweden, we have no legal case saying that you are not responsible for your IP address,” Emelie Svensson says.

Whether Njord Law will carry through with its threats will remain to be seen but there can be little doubt that while significant numbers of people keep paying up, this practice will continue and escalate. The trolls have come too far to give up now.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

08:23

Comic: Lil’ Heretics [Penny Arcade]

New Comic: Lil’ Heretics

Girl Genius for Friday, May 25, 2018 [Girl Genius]

The Girl Genius comic for Friday, May 25, 2018 has been posted.

The Starcaster Chronicles 06.05 [Ctrl+Alt+Del Comic]

As a result of some nonsense enacted by people that live an ocean away from me, we’ve updated our privacy policy, effective today. Your continued use of this website shall be construed as consent to all said policies, as well as forfeiture of a 1/644th ownership stake in the upper quadrant of your “Soul,” the exact portion of which to be determined by us (“The Company”) at the precise moment of your departure from your mortal coil. This agreement is binding, irrevocable and enacted in perpitude through your subsequent lineage, excluding, but not limited to, every third male heir.

06:53

News Post: Lil’ Heretics [Penny Arcade]

Tycho: I’ve heard a bunch of really amazing shit about the new Warhammer 40k stuff; the last time I played my Necrons, games still took six hours.  From friends, it sounds like it’s hitting that ribald, skirmish scale that attracted me to Warmahordes and Infinity.  And let me be clear: I feel like that was six hours well spent.  I just don’t have time like that all in a row these days.  I’m willing to put up with a lot of horseshit when it comes to my tiny men, and I didn’t mind how it comported itself mechanically.  I was into it. But it was…

05:33

Beam Me Up, Zombie [Diesel Sweeties webcomic by rstevens]

sleep is dumb

We all agree everyone on Star Trek dies when they use the transporter, right?

huge spring t-shirt sale! 🌸 [Diesel Sweeties webcomic by rstevens]

Six of my favorite shirts are $13 until Monday, 5/28. Sizes *will* run out.

🌸 Check 'em out here. 🌸


This is one of my favorite weeks of the year- the anniversary of quitting my extremely boring corporate job to have a lot less money but want to punch far fewer people.

Let's celebrate by making some space in my warehouse!

😚✨🌸🌸🌸🌸🌸

And one more thing: Everything on my LAST CALL page is just $5 until Monday. There's some good, weird stuff in there. Some of it glows in the dark.

LAST CALL T-SHIRT ZONE ASSEMBLE!

Thanks for sticking around so long.

Thursday, 24 May

23:23

Get Hacknet - Deluxe Edition for FREE! You’ll get the game and... [Humble Bundle Blog]



Get Hacknet - Deluxe Edition for FREE! 

You’ll get the game and the official soundtrack, too. It’s available until 10 a.m. PT Saturday, May 26 or while supplies last. 

Plus, the Humble Store Spring Sale Encore is here, with hundreds of games now back on sale!


Assets for Press and Partners

How to manage file access permissions for Windows Store apps [OSNews]

In this new version, there are two ways to control file access. You can either decide which apps can access your files stored in the Documents, Pictures, or Videos libraries. Or you can choose which apps have full system access to all of your files, including the ones in the Documents, Pictures, Videos, and local OneDrive folders. In this Windows 10 guide, we'll walk you through the steps to manage settings to prevent apps from accessing your files.

A nifty little feature I didn't even know existed.

NVIDIA Shield TV finally gets Android 8.0 Oreo update [OSNews]

Big news for those of you who have NVIDIA Shield TV - which, by the way, is the only Android TV box you should consider right now. The Android 8.0 Oreo update (which brings it up to the latest major version of Android) is available starting today. This'll bring along a major update to the user interface. You'll get new sections along the left side of the screen, with your favorite apps (customizable, of course), play next (where what you've been watching and playing recently will appear) and channels (which is what apps are now called, sort of). In addition, Amazon Prime Video will get a major refresh, Plex Media Service is improved, and a whole bunch more.

The NVIDIA Shield TV is a device with a what I guess is a small, but very dedicated fanbase. I'm always tempted to buy one to see what all the fuss is about.

Why Android P gestures are a risk worth taking [OSNews]

Instead, the problem with the gestures in the current iteration of the Android P beta is one that is sadly familiar to Android users: jank. That's the technical term (no really) that Google itself uses to describe the behavior of the System UI on this beta. "Jank" is usually translated as weird jitters, effects, and scrolling behavior. I trust that much of that will be resolved in later iterations of the software, but I'm frankly terrified that the subtler issues won't be. I'm speaking about the basic feel of moving elements around on the screen. It needs to be as close to perfect as possible - as good as it is on the iPhone X in my opinion - otherwise that sense of "jank" is going to permeate everything.

On a modern flagship, I haven't experienced any animation issues on Android in years. I remain convinced that iOS users think Android scrolling is "laggy" because Android scrolling is different, not because it's actually any worse on a flagship, that is. I haven't touched a lower-spec Android phone in ages, so I don't know how bad the situation is on those phones.

Essential up for sale, cancels next phone [OSNews]

Essential Products Inc., a startup co-founded by Android creator Andy Rubin that launched last year to great fanfare, is considering selling itself and has canceled development of a new smartphone, according to people familiar with the matter.

Well, that was a short run.

Have Some Photos! [Whatever]

Good evening, everyone! Today I’ve been really busy with schoolwork and running errands, and I realized I should probably post something before it gets to be too late in the day, since not everyone is as much of a night owl as I tend to be.

For today’s post, I thought I’d share with you guys some of my photography! If you follow me on Twitter or Instagram, you’ve probably already seen a few of these, but if you don’t, or you just happened to miss them, here is a few of my favorites!

Instagram Photo

Instagram Photo

Instagram Photo

Instagram Photo

Instagram Photo

Instagram Photo

I mostly like to take pictures of flowers and scenery, but I really like cloud and sunrise/sunset photos, too. Hopefully this summer I’ll use some of my free time to take more pictures of nature-y things!

If you have any awesome pictures of yours you’d like to show me, put them in the comments and I’ll check them out. Have a great day!

22:43

Movie Studios Sue Founder & Distributors of Popular ‘Pirate’ App Showbox [TorrentFreak]

For many years media companies have focused their anti-piracy efforts on pirate sites, including torrent and streaming portals.

More recently, these efforts expanded to streaming boxes, with the Alliance for Creativity and Entertainment (ACE) targeting several vendors of such devices.

This week, a group of independent movie studios has targeted yet another largely overseen element of the piracy ecosystem. Dallas Buyers Club, Cobbler Nevada, Bodyguard Productions, and several other studios are going after the popular Android-based app Showbox.

Showbox hasn’t caught many headlines, but the tool is used by hundreds of thousands, if not millions of people. It allows users to stream movies and TV shows via torrents and direct sources, all through a Netflix-style interface.

In a lawsuit filed at the US District Court of Hawaii, the movie companies are now taking action against several people and sites which distribute the application.

This includes the alleged founder and developer ‘Andrew Crow,’ Showboxappdownload.co founder ‘Mark Willow,’ and the people behind Showboxappdownload.com and Showbox.en.uptodown.com/android.

In addition, the complaint also targets the persons who made the application available on Rawapk.com/showbox-apk-download/, a repository of APK files.

“Plaintiffs bring this action to stop the massive piracy of their motion pictures brought on by the software application Show Box app,” the complaint reads.

“The Defendants misleadingly promote the Show Box app as a legitimate means for viewing content to the public, who eagerly install the Show Box app to watch copyright protected content, thereby leading to profit for the Defendants.”

The lawsuit follows on the heels of another case where a phone store employee was accused of promoting the Showbox app. Similar to that case, the current lawsuit also relies on input from an alleged user of the application. In this case, that’s Hawaiian resident James Sosa.

“I visited the website showboxappdownload.com and followed the instructions on the website to download the Show Box app to my Dell tablet,” Sosa testifies. “The language on the website led me to believe that I could use the Show Box app to watch free movies legally.”

From the complaint

According to the movie studios, most of which have thus far been very active in filing lawsuits against individual BitTorrent downloaders, Showbox is a pirate tool, plain and simple.

“Defendants promote the use of the Show Box app user for overwhelmingly, if not exclusively, infringing purposes, and that is how the users use the Show Box app,” the studios write.

The defendants all stand accused of contributory copyright infringement. The studios are asking the court for actual or statutory damages to compensate their losses, as well as temporary, preliminary and permanent injunctions to stop the allegedly infringing activities.

In addition, the studios also request an order preventing internet search engines, hosting companies, domain-name registrars, and domain name registries to stop facilitating access to the allegedly infringing domain names and websites.

The two recent Showbox related cases reveal an interesting trend. Where many of these movie studios were previously engaged in so-called copyright trolling lawsuits, they are now going after the people who promote, develop, and distribute a popular streaming app. It will be interesting to see if this trend continues.

A copy of the complaint filed by Venice PI, Headhunter, MON, LHF Productions, Cook Productions, Glacier Films, Colossal Movie Productions, Automata Productions, Criminal Productions, Dallas Buyers Club, Clear Skies Nevada, Bodyguard Productions, I.T. Productions, SVZ Productions, Splintered, Cobbler Nevada and Justice Everywhere Productions is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Edge still most efficient Windows browser; Chrome gets closer [OSNews]

One of the big advantages that Microsoft has been promoting for its Edge browser is that it's more battery efficient than both Chrome and Firefox. My own anecdotal experience bears this out; although I use Chrome for most browsing, I've found it burns battery faster than Edge under similar workloads. Whenever I'm mobile, I switch to Microsoft's browser over Google's. Microsoft's own figures use a video-playback benchmark, and the company has duly released a new comparison for the Windows 10 April 2018 Update, version 1803. Edge still comes out ahead - it lasts 98 percent longer than Mozilla Firefox, and 14 percent longer than Google Chrome - but it's striking that the gap with Chrome has narrowed.

I'm one of those weird people who legitimately prefers Edge over other browsers on Windows, and I can say that it's getting better with every single update. The battery life issue is a huge win over Chrome, but what's most important to me is that Edge seems to tax my processor less, and, of course it actually looks like a Windows application, whereas Chrome looks like an outdated eyesore that stands out.

For now, I'll keep using Edge over other browsers, but as always, I keep an eye on developments like this.

22:03

Designing our friendly robot companions isn't about the AI [All - O'Reilly Media]

Ben Brown on why messaging design will become as important as responsive design.

Continue reading Designing our friendly robot companions isn't about the AI.

Robin "Roblimo" Miller [LWN.net]

The Linux Journal mourns the passing of Robin Miller, a longtime presence in our community. "Miller was perhaps best known by the community for his role as Editor in Chief of Open Source Technology Group, the company that owned Slashdot, SourceForge.net, freshmeat, Linux.com, NewsForge, and ThinkGeek from 2000 to 2008."

19:03

RIP Robin "Roblimo" Miller (Linux Journal) [LWN.net]

Linux Journal reports that Robin "Roblimo" Miller has passed away. "Miller was perhaps best known by the community for his roll as Editor in Chief of Open Source Technology Group, the company that owned Slashdot, SourceForge.net, freshmeat, Linux.com, NewsForge, and ThinkGeek from 2000 to 2008."

3 Charged In Fatal Kansas ‘Swatting’ Attack [Krebs on Security]

Federal prosecutors have charged three men with carrying out a deadly hoax known as “swatting,” in which perpetrators call or message a target’s local 911 operators claiming a fake hostage situation or a bomb threat in progress at the target’s address — with the expectation that local police may respond to the scene with deadly force. While only one of the three men is accused of making the phony call to police that got an innocent man shot and killed, investigators say the other two men’s efforts to taunt and deceive one another ultimately helped point the gun.

Tyler “SWAuTistic” Barriss. Photo: AP

According to prosecutors, the tragic hoax started with a dispute over a match in the online game “Call of Duty.” The indictment says Shane M. Gaskill, a 19-year-old Wichita, Kansas resident, and Casey S. Viner, 18, had a falling out over a $1.50 game wager.

Viner allegedly wanted to get back at Gaskill, and so enlisted the help of another man — Tyler R. Barriss — a serial swatter known by the alias “SWAuTistic” who’d bragged of “swatting” hundreds of schools and dozens of private residences.

The federal indictment references transcripts of alleged online chats among the three men. In an exchange on Dec. 28, 2017, Gaskill taunts Barriss on Twitter after noticing that Barriss’s Twitter account (@swattingaccount) had suddenly started following him.

Viner and Barriss both allegedly say if Gaskill isn’t scared of getting swatted, he should give up his home address. But the address that Gaskill gave Viner to pass on to Barriss no longer belonged to him and was occupied by a new tenant.

Barriss allegedly then called the emergency 911 operators in Wichita and said he was at the address provided by Viner, that he’d just shot his father in the head, was holding his mom and sister at gunpoint, and was thinking about burning down the home with everyone inside.

Wichita police quickly responded to the fake hostage report and surrounded the address given by Gaskill. Seconds later, 28-year-old Andrew Finch exited his mom’s home and was killed by a single shot from a Wichita police officer. Finch, a father of two, had no party to the gamers’ dispute and was simply in the wrong place at the wrong time.

Just minutes after the fatal shooting, Barriss — who is in Los Angeles  — is allegedly anxious to learn if his Kansas swat attempt was successful. Someone has just sent Barriss a screenshot of a conversation between Viner and Gaskill mentioning police at Gaskill’s home and someone getting killed. So Barriss allegedly then starts needling Gaskill via instant message:

Defendant BARRISS: Yo answer me this
Defendant BARRISS: Did police show up to your house yes or no
Defendant GASKILL: No dumb fuck
Defendant BARRISS: Lmao here’s how I know you’re lying

Prosecutors say Barriss then posted a screen shot showing the following conversation between Viner and Gaskill:

Defendant VINER: Oi
Defendant GASKILL: Hi
Defendant VINER: Did anyone show @ your house?
Defendant VINER: Be honest
Defendant GASKILL: Nope
Defendant GASKILL: The cops are at my house because someone ik just killed his dad

Barriss and Gaskill then allegedly continued their conversation:

Defendant GASKILL: They showed up to my old house retard
Defendant BARRISS: That was the call script
Defendant BARRISS: Lol
Defendant GASKILL: Your literally retarded
Defendant GASKILL: Ik dumb ass
Defendant BARRISS: So you just got caught in a lie
Defendant GASKILL: No I played along with you
Defendant GASKILL: They showed up to my old house that we own and rented out
Defendant GASKILL: We don’t live there anymore bahahaha
Defendant GASKILL: ik you just wasted your time and now your pissed
Defendant BARRISS: Not really
Defendant BARRISS: Once you said “killed his dad” I knew it worked lol
Defendant BARRISS: That was the call lol
Defendant GASKILL: Yes it did buy they never showed up to my house
Defendant GASKILL: You guys got trolled
Defendant GASKILL: Look up who live there we moved out almost a year ago
Defendant GASKILL: I give you props though you’re the 1% that can actually swat babahaha
Defendant BARRISS: Dude MY point is You gave an address that you dont live at but you were acting tough lol
Defendant BARRISS: So you’re a bitch

Later on the evening of Dec. 28, after news of the fatal swatting started blanketing the local television coverage in Kansas, Gaskill allegedly told Barriss to delete their previous messages. “Bape” in this conversation refers to a nickname allegedly used by Casey Viner:

Defendant GASKILL: Dm asap
Defendant GASKILL: Please it’s very fucking impi
Defendant GASKILL: Hello
Defendant BARRISS: ?
Defendant BARRISS: What you want
Defendant GASKILL: Dude
Defendant GASKILL: Me you and bape
Defendant GASKILL: Need to delete everything
Defendant GASKILL: This is a murder case now
Defendant GASKILL: Casey deleted everything
Defendant GASKILL: You need 2 as well
Defendant GASKILL: This isn’t a joke K troll anymore
Defendant GASKILL: If you don’t you’re literally retarded I’m trying to help you both out
Defendant GASKILL: They know it was swat call

The indictment also features chat records between Viner and others in which he admits to his role in the deadly swatting attack. In the follow chat excerpt, Viner was allegedly talking with someone identified only as “J.D.”

Defendant VINER: I literally said you’re gonna be swatted, and the guy who swatted him can easily say I convinced him or something when I said hey can you swat this guy and then gave him the address and he said yes and then said he’d do it for free because I said he doesn’t think anything will happen
Defendant VINER: How can I not worry when I googled what happens when you’re involved and it said a eu [sic] kid and a US person got 20 years in prison min
Defendant VINER: And he didn’t even give his address he gave a false address apparently
J.D.: You didn’t call the hoax in…
Defendant VINER: Does t [sic] even matter ?????? I was involved I asked him to do it in the first place
Defendant VINER: I gave him the address to do it, but then again so did the other guy he gave him the address to do it as well and said do it pull up etc

Barriss is charged with multiple counts of making false information and hoaxes; cyberstalking; threatening to kill another or damage property by fire; interstate threats, conspiracy; and wire fraud. Viner and Gaskill were both charged with wire fraud, conspiracy and obstruction of justice. A copy of the indictment is available here.

The Associated Press reports that the most serious charge of making a hoax call carries a potential life sentence because it resulted in a death, and that some of the other charges carry sentences of up to 20 years.

The moment that police in Kansas fired a single shot that killed Andrew Finch.

As I told the AP, swatting has been a problem for years, but it seems to have intensified around the time that top online gamers started being able to make serious money playing games online and streaming those games live to thousands or even tens of thousands of paying subscribers. Indeed, Barriss himself had earned a reputation as someone who delighted in watching police kick in doors behind celebrity gamers who were live-streaming.

This case is not the first time federal prosecutors have charged multiple people in the same swatting attacks even if only one person was involved in actually making the phony hoax calls to police. In 2013, my home was the target of a swatting attack that thankfully ended without incident. The government ultimately charged four men — several of whom were minors at the time — with conducting that swat attack as well as many others they’d perpetrated against public figures and celebrities.

But despite spending considerable resources investigating those crimes, prosecutors were able to secure only light punishments for those involved in the swatting spree. One of those men, a serial swatter and cyberstalker named Mir Islam, was sentenced to to just one year in jail for his role in multiple swattings.  Another individual who was part of that group — Eric “Cosmo the God” Taylorgot three years of probation.

Something tells me Barriss, Gaskill and Viner aren’t going to be so lucky. Barriss has admitted his role in many swattings, and he admitted to his last, fatal swatting in an interview he gave to KrebsOnSecurity less than 24 hours after Andrew Finch’s murder — saying he was not the person who pulled the trigger.

18:23

Comcast's $1.2b/year modem-rental scam picks your pocket, then exposes you to hackers, stalkers and identity thieves [Boing Boing]

For most of a century, AT&T ripped off its customers by requiring them to rent their phones, meaning that over the life of your phone subscription, you would buy your phone thousands of times over. (more…)

Thoughtful, devastating critique of Jordan Peterson's "12 Rules for Life" [Boing Boing]

Jordan Peterson is really easy to make fun of -- what with the mystical nonsense and the pseudoscientific evolutionary biology -- but there are millions of (largely white, largely young, largely male) readers who've found his "12 Rules for Life" to be a balm for their souls and a rallying cry for a movement that has legitimized the most murderous strains of toxic masculinity. (more…)

17:33

Cable industry attains the impossible: makes Americans hate it even more [Boing Boing]

Comcast is America's perennial most hated company, so it's hard to imagine how it could get even less popular, but you've got to give the company credit: on the way to growing to never-seen size and profitability, it continues to lead its ever-more-unpopular industry in customer dissatisfaction! (more…)

Mining the Panama Papers and other leaks to reveal the hidden looting of West Africa by its corrupt elite [Boing Boing]

The International Consortium of Investigative Journalists teamed up with the Norbert Zongo Cell for Investigative Journalism (Cenozo) to delve deep into 27.5 million files from the Offshore Leaks, Swiss Leaks, Panama Papers and Paradise Papers to investigate how the super-rich in 15 West African countries have looted their countries' wealth and then smuggled it offshore through a network of tax-havens, even as their countries starve. (more…)

Why "leftism" is parting ways with "liberalism" and what it means for the future of American politics [Boing Boing]

The 2016 elections were fraught and game-changing on many axes, but one important one that is still playing out is the split between the "left" (universal healthcare, steeply progressive taxation, no more wars of aggression, free higher education, and measures to remediate historical injustices on the basis of race, gender, sexual orientation, etc) and "liberals" (more representation in corporate board-rooms, responsible business practices, limiting profits from private healthcare companies, etc). (more…)

Today in GPF History for Thursday, May 24, 2018 [General Protection Fault: The Comic Strip]

In the "Negaverse", the Greys pick up the pieces after an explosion under the palace...

16:43

Debugging AI is a "hard problem" [Boing Boing]

Writing code is a lot easier than fixing code! For a lot of well-understood reasons, code requires a lot of debugging to run safely and property, and different code structures and practices make debugging harder or easier. S. Zayd Enam, an AI researcher at Stanford, writes about the specific problems of debugging AI code, which is extremely difficult. (more…)

FBI sinkholes a key domain used by the malware that infected 500,000 home routers, declares partial victory and Russian attribution [Boing Boing]

VPNFilter is a virulent, sophisticated, multistage worm that has successfully infected 500,000 home routers, leaving them vulnerable to both surveillance (the malware snoops network traffic for passwords) and region-wide internet shutdowns (VPNFilter can brick the routers it infects, and an attacker could shut down most or all of the home/small business internet access in a region by triggering this). (more…)

15:53

What to expect at the JupyterCon 2018 Business Summit [All - O'Reilly Media]

One of our goals is to bring Jupyter’s enterprise use cases and practices into one place.

We've seen a dramatic shift in Jupyter’s deployment over the past two years: starting with mostly use by individuals, but moving to enterprise production deployments at scale. Even while enterprise use cases for Jupyter tend to share common themes, however, there hasn't been a forum for comparing approaches. So, we’re excited to be expanding the enterprise-related content at the Business Summit at JupyterCon 2018 in New York City in August. The track will open with Enterprise usage of Jupyter: The business case and best practices for leveraging open source, by Project Jupyter co-lead Brian Granger. His talk will include training aspects, which get applied later in the summit during the discussion groups:

  • the business case for adopting open source in large organizations
  • how Jupyter is evolving to address enterprise usage cases
  • developing infrastructure tooling based on open standards
  • how open source projects work from a governance perspective
  • best practices for enterprise to engage with open source (what to do, what not to do)
  • engaging with Jupyter through strategic initiatives: Jupyter white papers, roadmap planning, etc.

That follows with speakers throughout the two-day track presenting enterprise use cases (in most cases, initial-year results) from Capital One, DoD, Amazon AWS, Booz Allen Hamilton, GE, Teradata, PayPal, Two Sigma, Capsule8. Enterprise organizations are leveraging Jupyter to build out their collaborative data infrastructures internally. While those use cases leverage open source tooling, such as JupyterHub, once the software gets deployed, the organizational challenges immediately rise to the fore. These represent pain points that enterprise organizations share: collaboration, discovery, needs for reproducible work, security, data privacy, compliance, ethics, and data access patterns—all of which aren’t one size fits all.

We’ve encountered several large use cases within DoD and finance, for example, so one of our goals for the Business Summit at JupyterCon 2018 is to bring those use cases and practices into one place. Many opportunities exist for collaboration, sharing best practices, and supporting crossover between government and industry. Themes being explored through enterprise case studies—presented by the practitioners—include:

We had many more excellent session proposals than could be included in the program; these will be presented as “poster sessions” in the concourse for the Business Summit to facilitate discussion during breaks.

The first day’s track will conclude with a roundtable discussion: The Current Environment: Compliance, ethics, ML model interpretation, GDPR, etc., with participation from IBM, Capital One, DoD, Amazon AWS, and Oracle. This roundtable is intended to summarize common themes across the different use cases being presented, plus provide time for extended Q&A. The audience will have opportunities to submit questions in advance to the moderator. Note that the Q&A is intended as dialog among practitioners: we ask that members of the press hold their questions for other opportunities outside of the Business Summit.

At the end of the second day, the summit concludes with unconference-style break-out sessions, intended as a “two-way street” for enterprise stakeholders to give input to Project Jupyter directly about features needed, roadmap priorities, and who will partner on specific projects.

Participants who attend the Business Summit will receive a certificate of participation for “Enterprise Engagement in Open Source.” Note that we are exploring options for providing CEUs (continuing education credits) for Business Summit participation—to align more closely with government agency accounting requirements.

Diversity, fundraising, and registration discounts

We believe that true innovation depends on hearing from, and listening to, people with a variety of perspectives. Please read our Diversity Statement and learn more about our Diversity & Inclusion scholarship program. We had several recipients in 2017, and are looking to nearly double that number in 2018.

While JupyterCon registration is open, we’re raising funds for PyLadies, an international mentorship group with a focus on helping more women become active participants and leaders in the Python open source community. We ask that you consider joining us in supporting this worthy organization by making a modest donation when you sign up. O’Reilly will match those donations at the end of the conference. We wouldn’t usually make a financial contribution selected by default, but we hope this underscores how crucial we think it is to support diversity. Also, we welcome your thoughts about this or other successful diversity efforts you’ve encountered. Send suggestions, comments, and feedback to diversity@oreilly.com.

Along with the diversity scholarships, there are several other categories for discount rate eligibility in JupyterCon registrations:

  • Government/Academic/Nonprofit: You are eligible for this rate if you are a full-time employee of the government, an academic institution, or a 501(c)(3). Please register with your .gov, .edu, or .org email address.
  • Students: For the student rate, please provide proof of full-time student status and register with your .edu email address if possible. If you are a college-level student based in the U.S. and need financial support to attend JupyterCon 2018, aid is available from Project Jupyter. Please apply by June 16, 2018.
  • Jupyter Volunteer: You are eligible for this rate if you are contributing to the Jupyter planetary ecosystem as a volunteer via the code base or other contribution. Please include your GitHub ID or other relevant links.
  • Alumni/Safari: You are eligible for this rate if you have attended a previous O’Reilly conference or have a current Safari membership.
  • Group discounts: 20% off per person if you register 3-5 people from one company; use TEAM in the discount code field. We offer 25% off for teams of 6-9 and 30% off for 10 or more; please contact confreg@oreilly.com for details.

Or in general, save 20% on conference registration for having read this article all the way to the end! Use PJ20 in the discount code field.

Continue reading What to expect at the JupyterCon 2018 Business Summit.

The evolution of data science, data engineering, and AI [All - O'Reilly Media]

The O’Reilly Data Show Podcast: A special episode to mark the 100th episode.

This episode of the Data Show marks our 100th episode. This podcast stemmed out of video interviews conducted at O’Reilly’s 2014 Foo Camp. We had a collection of friends who were key members of the data science and big data communities on hand and we decided to record short conversations with them. We originally conceived of using those initial conversations to be the basis of a regular series of video interviews. The logistics of studio interviews proved too complicated, but those Foo Camp conversations got us thinking about starting a podcast, and the Data Show was born.

To mark this milestone, my colleague Paco Nathan, co-chair of Jupytercon, turned the tables on me and asked me questions about previous Data Show episodes. In particular, we examined the evolution of key topics covered in this podcast: data science and machine learning, data engineering and architecture, AI, and the impact of each of these areas on businesses and companies. I’m proud of how this show has reached so many people across the world, and I’m looking forward to sharing more conversations in the future.

Continue reading The evolution of data science, data engineering, and AI.

[$] Easier container security with entitlements [LWN.net]

During KubeCon + CloudNativeCon Europe 2018, Justin Cormack and Nassim Eddequiouaq presented a proposal to simplify the setting of security parameters for containerized applications. Containers depend on a large set of intricate security primitives that can have weird interactions. Because they are so hard to use, people often just turn the whole thing off. The goal of the proposal is to make those controls easier to understand and use; it is partly inspired by mobile apps on iOS and Android platforms, an idea that trickled back into Microsoft and Apple desktops. The time seems ripe to improve the field of container security, which is in desperate need of simpler controls.

Security updates for Thursday [LWN.net]

Security updates have been issued by Debian (imagemagick), Fedora (curl, glibc, kernel, and thunderbird-enigmail), openSUSE (enigmail, knot, and python), Oracle (procps-ng), Red Hat (librelp, procps-ng, redhat-virtualization-host, rhev-hypervisor7, and unboundid-ldapsdk), Scientific Linux (procps-ng), SUSE (bash, ceph, icu, kvm, and qemu), and Ubuntu (procps and spice, spice-protocol).

Link [Scripting News]

Quick video that illustrates a problem I'm having with node-debug. Any help much appreciated.

What’s In a Game? – DORK TOWER 22.05.18 [Dork Tower]

The Dork Tower Patreon goal of THREE new strips every week is within reach, thanks to our amazing patrons! Help us reach that goal:  JOIN THE FUN (also see the comics early, get bonus content and swag, plus a lot, lot more) for as little as $1 a month ($.12 a comic!)

15:13

Link [Scripting News]

Listen. If you have something worth saying that requires more than a single tweet, as a reader I will feel more respected if you write it in a blog post, and refine it so it's easy to figure out what your point is. There still is a cacaphony of people wanting attention, more all the time, and it might be that more people will see your tweets, but I think more people will comprehend your thinking if you write it, as opposed to tweeting it. There is a difference. (Also I'm more inclined to route a blog post through my linkblog. I rarely circulate tweets that way.)

What's normal is what's real [Scripting News]

Josh Marshall wrote a piece yesterday saying it's time for journalism to stop talking about norms. Of course I agree. I've been writing about that a lot lately.

Here's an analogy. Suppose you have a horrible accident and one of your legs is amputated. So you're trying to learn how to live with a single leg. All the while you're screaming at anyone who will listen: This is not normal. This is not normal.

But it is normal. It just isn't what was normal in the past.

There's a word for reporters who behave as if The Trump Totalitarian State, the one that's still emerging, isn't normal. Deluded. Not coping with reality. There are proper ways to respond to a totalitarian state, but saying it's not normal is not a good response.

We're in a weird period where (following the analogy) the leg hasn't been fully amputated yet. For example we still have a court system that's willing to order the president to stop blocking people on Twitter.

  • An aside, how will that be implemented? Will Twitter disable the block command on his account? Will they unblock all the people he's previously blocked? Surely they're not depending on El Presidentè to personally obey the order?

We still appear to have free speech. The right to assemble. Our votes still seem to work, even though some our votes are suppressed. But there's no question the doctor intends to amputate. So maybe we should be talking about things other than the incorrect idea that this is not normal. It most definitely is.

How do I create a disabled checkbox for a listview item? [The Old New Thing]

A customer was using the LVS_EX_CHECK­BOXES extended listview style to get checkboxes for the listview items. However, they also wanted some items to have a disabled checkbox, which is not a feature that LVS_EX_CHECK­BOXES supports.

They solved the problem by turning off the LVS_EX_CHECK­BOXES extended style and replicating and extending the functionality of LVS_EX_CHECK­BOXES by creating a custom state imagelist consisting of enabled and disabled and checked and unchecked check boxes and setting that as the state imagelist for the listview. They also handled the mouse and keyboard notifications so that clicking on the state image or pressing the space bar toggled the check/unchecked state of the item.

So far so good.

However, there is still the issue of accessibility: Accessibility tools understand that the LVS_EX_CHECK­BOXES extended style means that the state images are check boxes, but since they aren't using that style, that leaves accessibility tools in the dark.

How do they get accessibility tools the information they need?

One way is to subclass the listview control and customize the WM_GET­OBJECT message handler by wrapping the standard accessible object for the listview, and then override the get_accState method to report the state for each item.

Alternatively, they can use Dynamic Annotation to report the state for the item. Direct Annotation is a push model, where the control pushes the current state each time it changes. Server Annotation is a pull model, where the control registers a server that produces the state of each item upon request. (Here's an example for a custom control.)

The customer chose to go with Dynamic Annotation and reported that it solved their problem.

12:53

7 questions to ask before you launch an enterprise blockchain project [All - O'Reilly Media]

Successful projects will think seriously about what blockchains mean, and how to use them effectively.

We’re only at the beginning of the blockchain story, not the middle or the end. There’s no shortage of activity and ferment. If the Bitcoin blockchain is the first-generation proof-of-concept, and the Ethereum blockchain is the second, we’re now starting to see third-generation blockchains. Those blockchains include projects like Hyperledger, Cardano, and EOS. They focus on the obvious shortcomings of the existing blockchains--most notably, transaction throughput and a user interface that can fairly be described as “savage.”

Enterprise blockchain projects will only be successful if they take advantage of a blockchain’s unique properties. I’ve written elsewhere that a blockchain is a distributed ledger, shared by untrusted participants, with strong guarantees about accuracy and consistency. With that in mind, here are some questions to ask if you’re considering an enterprise blockchain project.

What exactly are you trying to accomplish?

Look carefully at your requirements, and ask yourself whether you really need a blockchain. Do you need the additional guarantees about agreement that a blockchain provides, or would a distributed database suffice?

How much do you trust your partners?

Untrusted business partners point you in the direction of blockchains. And they may also point toward proof-of-work or proof-of-stake, rather than simpler (and faster) permissioned blockchains.

How public or open do you need to be?

Who needs to participate in your blockchain? There is a continuum between a public blockchain like Bitcoin or Ethereum and the smallest, most carefully controlled, private blockchain. I can imagine special-purpose public blockchains for applications like power microgrids (or, for that matter, locavore farming). I can imagine blockchains in financial services that only serve a small number of partners, and are essentially private. A blockchain that only serves a single organization is probably a cargo cult. It may look like a blockchain, but it doesn't add any value.

What are your data integration issues?

The biggest problem facing enterprise blockchains might not be an agreement protocol, but integrating all the legacy data formats and structures that blockchain participants use. Health care blockchains are a good example of this problem. There are hundreds of medical records formats in use, and any medical blockchain will have to do something to reconcile those formats. Any blockchain that crosses enterprise boundaries (and even blockchains that live within corporate boundaries) will need to deal with data integration, and solving those problems may well be harder than building the blockchain itself.

If you need “miners,” who will they be, and how will you compensate them?

On most current blockchains, including Bitcoin and Ethereum, “miners” do the job of validating the blockchain’s consistency and adding blocks. They don’t do this work for free. ICOs (initial coin offerings) are all the rage, and it’s easy to imagine paying miners with cryptocurrency (after all, that’s what Bitcoin and Ethereum do), but it’s hard to imagine established enterprises issuing their own currencies. Are there alternate forms of compensation (for example, data or CryptoKitties) that might work?

What are your performance requirements, and how will you meet them?

The Bitcoin and Ethereum blockchains currently handle about a dozen transactions per second. For many enterprise applications, that is too slow, by several orders of magnitude. You need to think about what kind of performance you need, and how you’ll get it. There are a number of possible solutions, including the Bitcoin Lightning Network; replacing the compute-intensive “proof of work” that miners perform to add blocks; and permissioned blockchains, such as Hyperledger’s Fabric.

What are the legal ramifications?

Recently, I’ve seen several people ask whether blockchain applications can comply with GDPR and other regulations. That is certainly uncharted territory. It’s very difficult to see how a “right to be forgotten” could be implemented on a ledger that doesn’t allow previous entries to be deleted. I don’t think the answer is that blockchains can’t comply; the answer will depend on exactly what data you’re storing in the blockchain, how that data is used, and how private or public your blockchain is.

Many cryptocurrency advocates are critical of enterprise blockchains, and these questions are largely drawn from those criticisms. Those criticisms don’t mean that enterprise blockchains don’t work, but they do raise issues that need to be addressed. You don’t want to build a blockchain just to discover that you’ve really created a very slow distributed database, or that nobody wants to verify your blockchain’s consistency because you haven’t thought through compensation.

This is a great time to be experimenting with blockchain technologies. Aside from Bitcoin itself, we haven’t seen many projects emerge from the tire-kicking stage yet. I’m confident that, in the next few years, we will see many enterprise blockchains in production. The ones that survive won’t be the “me too” projects; they’ll be the projects that have thought seriously about what blockchains mean, and how to use them effectively.

Related:

Learning Path: Introduction to Blockchain Applications — Dr. Jonathan Reichental helps you fully understand the scope of blockchain technology and how it can be used across a variety of applications and industries.

Continue reading 7 questions to ask before you launch an enterprise blockchain project.

Winner of the Top Innovator Award at AI NY 2018: temi [All - O'Reilly Media]

The personal robot temi refactors robotic human behaviors we encounter in the “iPhone Slump,” and moves those back to actual robots.

When I was a child, I viewed as a child—viewed a lot of science fiction, that is. We were promised a future with amazing robots. As a child, I viewed that as a completely awesome possibility. Fully embodied robots with which we could talk, reason, argue, and possibly even trade jokes. Robots sophisticated enough to understand emotion. How cool would that be? Rosie in The Jetsons. Class B–9-M–3 General Utility Non-Theorizing Environmental Control Robot from Lost In Space. Maschinenmensch from Metropolis. Bishop 341-B in Aliens. Replicants!

That was a long time ago. Along the way, we got some amazing science fiction-ish tech marvels. For example, Steve Jobs’ “god phone”—which reeducated +2 billion people worldwide how to communicate effectively, or something. I only met Steve once, and he’s been gone for several years now. Even so, I encounter his ghost everyday: myriads of people slumped over, absorbed in swiping their smartphones, unknowingly mimicking Jobs’ edgy indifference to the world around—exercising their primary means of “communicating” with others. Yeah, I do it now, too.

What about the AI we’d been promised by futuristic stories? That raptured off to ephemeral clouds. Machine learning, disembodied. More closely resembling the “bodiless exultation of cyberspace” described in William Gibson’s Neuromancer novel. Heartless and sometimes horribly biased algorithms, carefully cordoned behind layers of firewalls. Secretly curated as “disruptive accelerators of synergies” by product managers hellbent on their drive toward GA. Digital innovation hubs of collaborative social multidisciplinary ecosystem working groups! Gobbledegoo exhaust from a strange new species of corporation hellbent on racing toward trillion dollar valuations. Nothing even vaguely close to the cuddly likeableness of Rosie the robot, zooming brightly on her castor wheels with antennae blaring.

That’s probably why I felt so captivated by the AI NY '18 keynote “Autonomy and human-AI interaction,” by Professor Manuela Veloso at CMU. Her team has developed CoBots—short for Collaborative Robots—which are capable of seeing, planning, and moving. One catch: based on CMU’s concept of “symbiotic autonomy,” those robots need help from humans. Often. For example, any time a CoBot needs to move between floors in the building, someone must help call an elevator. Because, so far, CoBots lack arms. Sarah Conner can sleep soundly. From the CoBot researchers:

Our CoBot robots follow a novel symbiotic autonomy, in which the robots are aware of their perceptual, physical, and reasoning limitations and proactively ask for help from humans, for example for object manipulation actions.

Through the CoBots, Veloso’s team is researching how humans can interact with AI. CoBots understand their own limitations, expressing need and vulnerability—two words about human-like characteristics rarely overheard in Silicon Valley, outside of VC strategy meetings. How refreshing! CMU’s outcomes may put a ding in the universe.

Over in the expo hall of AI NY ’18—or rather, all about the expo hall—I encountered another handsomely affective embodiment: temi the personal robot. Winner of the Top Innovator Award at AI NY ’18. Judges from our program committee evaluated the AI start-ups participating in this award contest based on:

  • overall market potential
  • value proposition: disruptive potential in industry and society
  • stage of development and time to market

I watched carefully as Danny Isserles, head of temi HQ in NYC, summoned temi the robot. Most immediately, the head tracking stood out: temi tilted its “face” upward to track Danny. Practically speaking, temi adjusted its tablet screen so that Danny’s face would be centered in the video camera perspective—but that seemed exactly like temi was glancing up to look at Danny. “Because temi cares,” was my immediate impression. Rosie would’ve been proud.

From that point, Danny began putting temi through its paces: making a video call, transcribing a conversation, playing music, suggesting restaurants in a particular area, etc.

At first, some people might only notice the parts: roughly speaking, part Alexa, part iPad, part high-end boombox, all rolling atop a Roomba and wired together with some software. However, that misses the bigger picture: temi refactors those aforementioned robotic human behaviors that we encounter in the “iPhone Slump,” moving those back to actual robots. When you get home from work, ditch your smartphone atop temi’s charging deck, then talk with people close to you, who aren’t currently nearby, via video chat while you do other things—fix dinner, play guitar, throw pottery, whatever. Hell, go play guitar with them. Because temi can follow you, keeping you in the video chat talking with loved ones while you’re living your life and not stuck slumping over some smartphone. This is particularly engaging for families separated by distance. Kiddos can talk with their parents or grandparents more naturally in video.

While the company behind temi has nine years developing robots for the DoD (e.g., med-evac bots) the origin story for temi happened closer to home. The company founder was visiting an elderly relative who wanted to serve him tea—walking slowly, hands shaking, focused on the serving tray and hot liquid so much that she nearly stumbled and fell. It turns out that older folks fall in their own homes most often while trying to carry things. Unfortunately, I had a parent in ER recently for that very reason. Now we have a personal robot, temi, that can carry things, follow people, and do much more.

There’s a $1,400 retail price for temi, which seems remarkable given how that costs so much less than the laptop on which I’m typing. The designers of temi decided that, except for its tablet, they needed to build every component—including 16 sensors for lidar, laser distance, multiple cameras, etc. Their software is based on Android apps, with an SDK in the works for release soon so that people can customize temi, plug-in other software services, make extensions for fully embodied connections.

My one chance encounter with Steve Jobs was when he’d been blocking the only path to the restroom at our mutually favorite Palo Alto coffeehouse. I asked politely, somewhat urgently. He glanced up from his smartphone distractedly and mumbled “Oh, sorry” then moved aside. Pretty sure that temi would’ve moved graciously without even needing to be asked. And served my chai latte at exactly 165 degrees.

h/t @wu_ming_80, @randerzander, @FloWi

Continue reading Winner of the Top Innovator Award at AI NY 2018: temi.

Font Steganography [Schneier on Security]

Interesting research in steganography at the font level.

12:03

Improv for Programmers: Just for Transformers [The Daily WTF]

We're back again with a little something different, brought to you by Raygun. Once again, the cast of "Improv for Programmers" is going to create some comedy on the fly for you, and this...

11:13

Four short links: 24 May 2018 [All - O'Reilly Media]

Biosynthesising Nanomaterials, OS X Age, Debugging Machine Learning, and Deepfake Detection

  1. Recombinant E. Coli As a Biofactory for the Biosynthesis of Diverse Nanomaterials -- Summary: A metabolic research group has developed a recombinant E. coli strain that biosynthesizes 60 different nanomaterials covering 35 elements on the periodic table. Among the elements, the team could biosynthesize 33 novel nanomaterials for the first time, advancing the forward design of nanomaterials through the biosynthesis of various single and multi-elements.
  2. This Will Make You Feel Old -- OS X is now as old as MacOS was when OS X was introduced.
  3. Machine Learning is a Fundamentally Hard Debugging Problem -- in addition to algorithm and implementation issues, in the case of machine learning pipelines, there are two additional dimensions along which bugs are common: the actual model and the data.
  4. U.S. Military Funding Deepfake Detection -- “It’s gone from state-sponsored actors and Hollywood to someone on Reddit,” says Hany Farid, a professor at Dartmouth who specializes in digital forensics. “The urgency we feel now is in protecting democracy.”

Continue reading Four short links: 24 May 2018.

Feeds | Five failed tests for scientific software [Planet GridPP]

Five failed tests for scientific software s.aragon 24 May 2018 - 10:59am

3631348557_7d705f856e_z.jpgBy Andrew Walker, Sam Mangham, Robert Maftei, Adam Jackson, Becky Arnold, Sammie Buzzards, and Eike Mueller

This post is part of the Collaborations Workshops 2018 speed blogging series.

The order [Seth Godin's Blog on marketing, tribes and respect]

It's tempting to decide to make a profit first, then invest in training, people, facilities, promotion, customer service and most of all, doing important work.

In general, though, it goes the other way.

       

08:53

Fully-Loaded Kodi Box Sellers Receive Hefty Jail Sentences [TorrentFreak]

While users of older peer-to-peer based file-sharing systems have to work relatively hard to obtain content, users of the Kodi media player have things an awful lot easier.

As standard, Kodi is perfectly legal. However, when augmented with third-party add-ons it becomes a media discovery powerhouse, providing most of the content anyone could desire. A system like this can be set up by the user but for many, buying a so-called “fully-loaded” box from a seller is the easier option.

As a result, hundreds – probably thousands – of cottage industries have sprung up to service this hungry market in the UK, with regular people making a business out of setting up and selling such devices. Until three years ago, that’s what Michael Jarman and Natalie Forber of Colwyn Bay, Wales, found themselves doing.

According to reports in local media, Jarman was arrested in January 2015 when police were called to a disturbance at Jarman and Forber’s home. A large number of devices were spotted and an investigation was launched by Trading Standards officers. The pair were later arrested and charged with fraud offenses.

While 37-year-old Jarman pleaded guilty, 36-year-old Forber initially denied the charges and was due to stand trial. However, she later changed her mind and like Jarman, pleaded guilty to participating in a fraudulent business. Forber also pleaded guilty to transferring criminal property by shifting cash from the scheme through various bank accounts.

The pair attended a sentencing hearing before Judge Niclas Parry at Caernarfon Crown Court yesterday. According to local reporter Eryl Crump, the Court heard that the couple had run their business for about two years, selling around 1,000 fully-loaded Kodi-enabled devices for £100 each via social media.

According to David Birrell for the prosecution, the operation wasn’t particularly sophisticated but it involved Forber programming the devices as well as handling customer service. Forber claimed she was forced into the scheme by Jarman but that claim was rejected by the prosecution.

Between February 2013 and January 2015 the pair banked £105,000 from the business, money that was transferred between bank accounts in an effort to launder the takings.

Reporting from Court via Twitter, Crump said that Jarman’s defense lawyer accepted that a prison sentence was inevitable for his client but asked for the most lenient sentence possible.

Forber’s lawyer pointed out she had no previous convictions. The mother-of-two broke up with Jarman following her arrest and is now back in work and studying at college.

Sentencing the pair, Judge Niclas Parry described the offenses as a “relatively sophisticated fraud” carried out over a significant period. He jailed Jarman for 21 months and Forber for 16 months, suspended for two years. She must also carry out 200 hours of unpaid work.

The pair will also face a Proceeds of Crime investigation which could see them paying large sums to the state, should any assets be recoverable.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

08:13

1194 [LFG Comics]

The post 1194 appeared first on Looking For Group.

05:53

The Ohm of Least Resistance [Diesel Sweeties webcomic by rstevens]

sleep is dumb

Tonight's comic admits that humans kind of suck.

03:33

[$] LWN.net Weekly Edition for May 24, 2018 [LWN.net]

The LWN.net Weekly Edition for May 24, 2018 is available.

01:23

One more week of the Humble Book Bundle: Cosplay 2.0! Make your... [Humble Bundle Blog]



One more week of the Humble Book Bundle: Cosplay 2.0! 

Make your nerdy dreams into reality with the Humble Book Bundle: Cosplay 2.0! You’ll get over $240 worth of ebooks, including Foamsmith 2: How to Forge Foam Weapons, Roustan Body Paint, Primer: Moldmaking, The Book of Cosplay Lights, and more to bring your visions to life. 

The little kid you, who wore a towel for a superhero cape, would be proud.


Assets for Press and Partners

00:33

Microsoft extends GDPR's rights to all of its customers [OSNews]

Microsoft is extending the GDPR's rights to all of its customers across the world.

That's why today we are announcing that we will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide. Known as Data Subject Rights, they include the right to know what data we collect about you, to correct that data, to delete it and even to take it somewhere else. Our privacy dashboard gives users the tools they need to take control of their data.

Good move, but these controls and options should've been there from the start. Goes to show that corporations are terrible at self-regulation - something everybody should know by now. In any event, I'll be spending some time this weekend digging through all the data Google, Apple, and Microsoft have on me.

Today Mac OS X is as old as the Classic Mac OS [OSNews]

Here's a bit of numerology for you. Today marks 17 years, one month, and 29 days since Mac OS X 10.0 was released on March 24, 2001. That's a strangely odd number - 6269 days - but it also happens to be the exactly length of time between January 24, 1984 (the launch of the original Macintosh) and March 24, 2001. In other words, today the Mac's second operating system era, powered by Mac OS X (now macOS) has been in existence as long as the first era was.

Time is a weird thing, and it truly doesn't feel like OS X is that old.

Music Time! [Whatever]

Hello, everyone! Today I’d like to introduce you to some songs I really enjoy, by an artist named Sam Tinnesz. I have composed a little playlist of my five personal favorite songs of his. His music is dark, intense, ominous, melodic, honestly almost hypnotizing, and I hope you enjoy it as much as I do.

The first song I ever heard by him was “Play With Fire”. It is also my favorite of his. Figured we should start off strong! This is the only song of his I have heard that has a female voice in it alongside his. I think the main reason it is my favorite is because it was the first one I heard, and the only one of his I listened to for a good while before I decided to give his other stuff a try. “Play With Fire” has a killer rhythm, a powerful chorus, a dark edge to it, and great lyrics.

If you’re wondering how I found this song, I got it from this amazing Black Butler (my favorite anime) edit:

The second song I have chosen is called “Heart of the Darkness”. This one is much calmer, more melodic sounding, and not as intense. One downside to it is that it is pretty repetitive, but if you’re looking for a song that is easy to learn the lyrics to, that probably won’t bother you. I think this particular song really showcases his voice more so than some of the others, though he doesn’t have a crazy range to begin with, I still find it pleasant.

For the third song, I’ve chosen one that is a little more similar to “Play With Fire”, as it is more upbeat than “Heart of the Darkness”. It is called “Legends Are Made”, and I really like the lyrics in this one. I can see this one being played in the background of a movie during a pre-battle scene.

For the fourth song, I chose “Bloody City”. If you liked the dark edge in “Play With Fire”, you will love how ominous and creepy this one is. The occasional spooky sound in the background mixed with the rhythmic music is seriously awesome and somewhat chilling. The lyrics don’t flow amazingly well, which is why this is number four on the list.

Okay, last one! For the fifth and final piece, I chose something that sounds completely different from the other four. The tone of this one is so much softer, slower, and has almost none of the same elements as the previous four. This one is called “Hold On For Your Life”. I find this one to be somewhat depressing sounding, it honestly made me tear up a little bit because I imagined it being put to a heartfelt death scene in a movie. The main instrument in “Hold On For Your Life” is a piano, which differs greatly from most of his other songs. It is very beautiful and emotion-inducing, in my opinion, but also has that same issue of being slightly too repetitive.

So, there you have it! Those are my top five picks from Sam Tinnesz. If you enjoy any of these or find other songs by him you like, leave a comment! Hope you enjoyed listening to these and also hope you have a great day!

View From a Hotel Window, 5/23/18: Phoenix [Whatever]

There is a parking lot below the building at the front, but I decided not to feature it in the photo. Hey! Not every “view from a hotel window” photo has to have a parking lot.

Reminder to everyone here in the Phoenix area that tonight at 7 I will be at the Poisoned Pen, along with many many other authors, signing books, and tomorrow through Sunday I’ll be at Phoenix Comic Fest, doing panels, signing books and generally hanging about. Come see me at one or the other.

Wednesday, 23 May

23:53

Court rules that Trump can't block people on Twitter [Boing Boing]

A New York federal judge has ruled that Donald Trump can't block people he doesn't like on Twitter, because he uses Twitter to communicate his edicts and policies as President of the United States, and the US government can't exclude communications based on viewpoint, as this violates the First Amendment. (more…)

22:13

[$] An update on bcachefs [LWN.net]

The bcachefs filesystem has been under development for a number of years now; according to lead developer Kent Overstreet, it is time to start talking about getting the code upstream. He came to the 2018 Linux Storage, Filesystem, and Memory-Management Summit (LSFMM) to discuss that in a combined filesystem and storage session. Bcachefs grew out of bcache, which is a block layer cache that was merged into Linux 3.10 in mid-2013.

500,000 home routers have been infected with VPNFilter, malware that steals data and bricks devices [Boing Boing]

VPNFilter is a sophisticated, multi-stage malware package, part of the new breed of boot-persistent malware (software that can survive a reboot); it targets home routers and network-attached storage devices, then steals passwords and logins that traverse the network and exfiltrates it to the creators' servers. (more…)

The FBI's mountain of uncrackable crimephones was nearly entirely imaginary [Boing Boing]

The FBI has been trying to ban working cryptography since the Clinton years, a losing battle whose stakes go up with each passing day as the number of devices that depend on working crypto to secure them and their users goes up and up and up. (more…)

21:33

The Humble Comics Bundle: Summer Reading List by BOOM!... [Humble Bundle Blog]



The Humble Comics Bundle: Summer Reading List by BOOM! Studios! 

Summer will be bright with this comic bundle from BOOM! Studios. Get Lumberjanes, Joyride, The Cloud, Mouse Guard, and lots more. Let the comics take you on a glorious reading vacation!


Assets for Press and Partners

We’ll be doing a fundraising stream for St. Jude PLAY... [Humble Bundle Blog]



We’ll be doing a fundraising stream for St. Jude PLAY LIVE this Saturday, May 26 at 2 p.m. Pacific time! Join us for fun games, prizes, and silly shenanigans! 

St. Jude Children’s Research Hospital is leading the way the world understands, treats and defeats childhood cancer and other life-threatening diseases. Join us as we play video games and raise awareness for St. Jude.

🎮 twitch.tv/humble
💜 tiltify.com/@humble/humble-bundle-x-st-jude-play-live

Available now: Planet of Peace emblem for Destiny 2Subscribe to... [Humble Bundle Blog]



Available now: Planet of Peace emblem for Destiny 2

Subscribe to Humble Monthly this month to receive the Planet of Peace emblem for Destiny 2, as thanks for supporting the Bungie Foundation’s iPads for Kids Program!

Humble Monthly is a curated bundle of games sent to your inbox every month. Subscribe for $12/month to immediately unlock Destiny 2 ( MSRP: $59.99) with more to come!

The Humble Book Bundle: Web Design & Development by... [Humble Bundle Blog]



The Humble Book Bundle: Web Design & Development by O'Reilly! 

Untangle web design and development with this ebook bundle from O'Reilly Media! Snag titles like React Native Cookbook, CSS: The Definitive Guide, High Performance Images, and more. Then go forth and weave something awesome.


Assets for Press and Partners

Yo, time’s running out on the Humble War Gamez Bundle. Think... [Humble Bundle Blog]



Yo, time’s running out on the Humble War Gamez Bundle. 

Think we’d let you miss out on this fly deal? As if. You’ve still got a few dayz left to score Day of Infamy Deluxe Edition, Rising Storm 2: Vietnam - Digital Deluxe Edition, Panzer Corps + Allied Corps DLC, and more. So kickflip your way into this bundle of sweet gamez, fool.


Assets for Press and Partners

MORE FREE DRM-free games! Download four DRM-free Humble... [Humble Bundle Blog]



MORE FREE DRM-free games! 

Download four DRM-free Humble Originals right now (yes, even without a Monthly subscription). You’ll get Quiet City, Knight Club, Uurnog, and Hitchhiker!

Want more? Active Humble Monthly subscribers get ongoing access to the full Humble Trove of over forty DRM-free titles.

i got better [WIL WHEATON dot NET]

Thanks for all your kind thoughts and empathy about my damn panic attacks. It really means a lot to me, and it makes me feel like less of a weird […]

The history of the Philips CD-i, failed PlayStation ancestor [OSNews]

Behold the Philips CD-i! It's got Mario! Zelda! Movies on CD! Uh… interactive encyclopedias! What could go wrong? Apparently, everything. Born out of the same aborted efforts to create a CD-based console for Nintendo that would eventually produce the Sony Playstation, the CD-i was an ambitious attempt to create a multi-purpose home entertainment console. However, instead of kickstarting the trend of CD-based gaming, the CD-i turned into one of the great failures of the video game industry, reportedly costing Philips near a billion dollars by the time it was discontinued. Nonetheless, it did end up fostering some amazingly idiosyncratic (and widely reviled) pieces of video game history.

Since I'm Dutch and have lived in The Netherlands my whole life, I feel like the CD-i is a much greater part of my memory than of people in other countries. Philips is a Dutch company, after all, and I vaguely recall the CD-i being hyped into the stratosphere over here. I wanted one when the hype started, but I never did even see one in real life.

Hackintosh before hackintosh: when Mac fans skinned Windows [OSNews]

There's something about the macOS operating system that kind of drives people wild. (Heck, even the original Mac OS has its strong partisans.) In the 17 years since Apple first launched the first iteration of the operating system based on its Darwin Unix variant, something fairly curious started to happen: People without Macs suddenly wanted the operating system, if not the hardware it ran on. This phenomenon is somewhat common today - I personally just set up a Hackintosh of my own recently - but I'd like to highlight a different kind of "Hackintosh", the kind that played dress-up with Windows. Today's Tedium talks about the phenomenon of Mac skinning, specifically on Windows. Hide your computer's true colors under the hood.

I used to do this back in the early 2000s (goodness, I've been here way too long!). It was a fun thing to do, since you could never make it quite good enough - there was always something to improve. Good times.

The Democratic candidate for the Georgia governorship is a Black woman running on an "unapologetic progressive" platform [Boing Boing]

Stacey Abrams has won a bitterly contested primary for the Democratic candidate in Georgia's upcoming gubernatorial race; Abrams aims to be the first Black, woman governor in US history, and she plans on taking that office with an "unapologetic progressive" platform of gun control, financial aid for low-income families, and marijuana decriminalization. (more…)

20:53

News Post: Mumm-Wha?! [Penny Arcade]

Tycho: I didn’t really live in the Eighties people lionize, let alone lion-o.  I wasn’t allowed to like the music and shows people recall with such fondness.  I always mention this, but the extra part you should know is that I didn’t feel hard-done by it generally.  I didn’t resent it.  I believed in the mechanism that was being used to curate my mental diet:  I understood that the Devil was using the culture to mainstream concepts like witchcraft and, yes, even premarital sex. So the way it worked was that you would be watching cartoons and then…

Apple launches new privacy portal due to GDPR [OSNews]

Apple has today launched its new Data and Privacy website, allowing Apple users to download everything that Apple personally associates with your account, from Apple ID info, App Store activity, AppleCare history to data stored in iCloud like photos and documents. This is currently only available for European Union accounts, to comply with GDPR, and will roll out worldwide in the coming months. There are also simple shortcuts to updating your info, temporarily deactivating your account and options to permanently delete it.

It's almost like all the people whining about suddenly having to care about their users' personal data were wrong, and the GDPR is actually doing what it's supposed to do: force accountability onto data holders.

Judge rules Trump can't block users on Twitter [OSNews]

A federal district court judge on Wednesday ruled that President Trump can't block people from viewing his Twitter feed over their political views. Judge Naomi Reice Buchwald, of the U.S. District Court for the Southern District of New York, said President Trump's Twitter account is a public forum and blocking people who reply to his tweets with differing opinions constitutes viewpoint discrimination, which violates the First Amendment.

I'm sure an autocrat like Trump will respect the wishes of a court. I mean, it's not like he has a history of attacking courts and judges, right?

More evidence for Microsoft's foldable device in latest SDK [OSNews]

Twitter user WalkingCat, famous for finding and sharing this kind of information, has discovered files in the SDK mentioning an "Andromeda device" and "Andromeda OS". As previously reported, Andromeda OS is just one variant of the upcoming Windows Core OS the company has been working on. WalkingCat has found mention of Polaris as well - the version of Windows Core OS targeted at more traditional PCs. Windows Core OS is a new, "modern" version of Microsoft's flagship OS, which strips out most of the legacy compatibility and software, making the operating system lighter and more flexible. Core OS is said to adapt its interface to all different kinds of devices thanks to the new CShell UI.

Eventually, the hammer's gonna drop: all new laptops and PCs will ship with a Win32-less version of Windows. The signs are clear for anyone to see, and as a Windows developer, you'd do good by preparing yourself.

A hard look at the wastefulness of "proof of work," the idea at the core of the blockchain [Boing Boing]

David Gerard is a technically minded, sharp-witted, scathing critic of Bitcoin and other cryptocurrencies; his criticism is long, comprehensive and multipartite, but of particular interest is is critique of "proof of work" (an idea that is central to the blockchain, but which many cryptographers are skeptical of). (more…)

Charlie Stross on the "soft genocide" of eugenics-tainted, alt-right climate dystopia [Boing Boing]

Right now, the eugenics-happy alt-right are also climate deniers; but climate denial has a short half-life -- its undeniability will only grow, as the world gets hotter, more dangerous, drier, wetter, colder, stormier, more becalmed -- more uninhabitable. (more…)

20:03

[$] What's coming in OpenLDAP 2.5 [LWN.net]

If pressed, I will admit to thinking that, if NIS was good enough for Charles Babbage, it's good enough for me. I am therefore not a huge fan of LDAP; I feel I can detect in it the heavy hand of the ITU, which seems to wish to apply X.500 to everything. Nevertheless, for secure, distributed, multi-platform identity management it's quite hard to beat. If you decide to run an LDAP server on Unix, one of the major free implementations is slapd, the core engine of the OpenLDAP project. Howard Chu is the chief architect of the project, and spoke at FLOSS 2018 about the upcoming 2.5 release. Any rumors that he might have passed the time while the room filled up by giving a short but nicely rendered fiddle recital are completely true.

17:43

Phone Store Employee Sued For Promoting ‘Pirate’ App Showbox [TorrentFreak]

In recent years, a group of select companies have pressured hundreds of thousands of alleged pirates to pay significant settlement fees, or face legal repercussions.

Traditionally, the companies go after BitTorrent users, as they are easy to track down by their IP-addresses. In Hawaii, however, a newly filed case adds a twist to this scheme.

The studios ME2 Productions and Headhunter, who own the rights to the movies ‘Mechanic: Resurrection‘ and ‘A Family Man‘ respectively, are suing an employee of a phone store who allegedly promoted and installed the ‘pirate’ application Showbox on a customer’s device.

Showbox is a popular movie and TV-show streaming application that’s particularly popular among mobile Android users. The app is capable of streaming torrents and works on a wide variety of devices.

While it can be used to stream legitimate content, many people use it to stream copyrighted works. In fact, the application itself displays this infringing use on its homepage, showing off pirated movies.

In a complaint filed at the US District Court of Hawaii, the studios accuse local resident Taylor Wolf of promoting Showbox and its infringing uses.

According to the studios, Wolf works at the Verizon-branded phone store Victra, where she helped customers set up and install phones, tablets and other devices. In doing so, the employee allegedly recommended the Showbox application.

“The Defendant promoted the software application Show Box to said members of the general public, including Kazzandra Pokini,” the complaint reads, adding that Wolf installed the Showbox app on the customer’s tablet, so she could watch pirated content.

From the complaint

The movie studios note that the defendant told the customer in question that her tablet could be used to watch free movies. The employee allegedly installed the Showbox app on the device in the store and showed the customer how to use it.

“Defendant knew that the Show Box app would cause Kazzandra Pokini to make copies of copyrighted content in violation of copyright laws of the United States,” the complaint adds.

The lawsuit is unique in the sense that the studios are going after someone who’s not directly accused of sharing their films. In the traditional lawsuits, they go after the people who share their work.

The complaint doesn’t mention why they chose this tactic. One option is that they initially went after the customer, who then pointed ME2 and Headhunter toward the phone store employee.

Neither studio is new to the piracy lawsuit game. ME2 is connected to Millennium Films and Headhunter is an affiliate of Voltage Pictures, one of the pioneers of so-called copyright trolling cases in the US.

As in most other cases, the copyright holders demand a preliminary injunction to stop Wolf from engaging in any infringing activities, as well as statutory damages, which theoretically can go up to $150,000 per pirated film, but are usually settled for a fraction of that.

A copy of the complaint filed against Taylor Wolf at the US District Court of Hawaii is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Con Season 2018: Phoenix Comic Fest [LFG Comics]

Oh my stars and garters, it’s here! Once again it’s time to take to the skies and travel across this great land to… Phoenix? Really? That’s a place? Not just an overblown comic story or fodder for tattoos? Huh, who […]

The post Con Season 2018: Phoenix Comic Fest appeared first on Looking For Group.

1192 [LFG Comics]

The post 1192 appeared first on Looking For Group.

1190 [LFG Comics]

The post 1190 appeared first on Looking For Group.

1189 [LFG Comics]

The post 1189 appeared first on Looking For Group.

1187 [LFG Comics]

The post 1187 appeared first on Looking For Group.

Jonathan Dowland: Mastodon [Planet Debian]

I'm experimenting with Mastodon, an alternative to Twitter. My account is @jon@argh.club. I'm happy for recommendations on interesting people to follow!

Inspired by Iustin, I also started taking a look at Hakyll as a possible replacement for IkiWiki. (That's at grr.argh.club/~jon, although there's nothing to see yet.)

Benjamin Mako Hill: Natural experiment showing how “wide walls” can support engagement and learning [Planet Debian]

Seymour Papert is credited as saying that tools to support learning should have “high ceilings” and “low floors.” The phrase is meant to suggest that tools should allow learners to do complex and intellectually sophisticated things but should also be easy to begin using quickly. Mitchel Resnick extended the metaphor to argue that learning toolkits should also have “wide walls” in that they should appeal to diverse groups of learners and allow for a broad variety of creative outcomes. In a new paper, Sayamindu Dasgupta and I attempted to provide an empirical test of Resnick’s wide walls theory. Using a natural experiment in the Scratch online community, we found causal evidence that “widening walls” can, as Resnick suggested, increase both engagement and learning.

Over the last ten years, the “wide walls” design principle has been widely cited in the design of new systems. For example, Resnick and his collaborators relied heavily on the principle in the design of the Scratch programming language. Scratch allows young learners to produce not only games, but also interactive art, music videos, greetings card, stories, and much more. As part of that team, Sayamindu was guided by “wide walls” principle when he designed and implemented the Scratch cloud variables system in 2011-2012.

While designing the system, Sayamindu hoped to “widen walls” by supporting a broader range of ways to use variables and data structures in Scratch. Scratch cloud variables extend the affordances of the normal Scratch variable by adding persistence and shared-ness. A simple example of something possible with cloud variables, but not without them, is a global high-score leaderboard in a game (example code is below). After the system was launched, we saw many young Scratch users using the system to engage with data structures in new and incredibly creative ways.

cloud-variable-scriptExample of Scratch code that uses a cloud variable to keep track of high-scores among all players of a game.

Although these examples reflected powerful anecdotal evidence, we were also interested in using quantitative data to reflect the causal effect of the system. Understanding the causal effect of a new design in real world settings is a major challenge. To do so, we took advantage of a “natural experiment” and some clever techniques from econometrics to measure how learners’ behavior changed when they were given access to a wider design space.

Understanding the design of our study requires understanding a little bit about how access to the Scratch cloud variable system is granted. Although the system has been accessible to Scratch users since 2013, new Scratch users do not get access immediately. They are granted access only after a certain amount of time and activity on the website (the specific criteria are not public). Our “experiment” involved a sudden change in policy that altered the criteria for who gets access to the cloud variable feature. Through no act of their own, more than 14,000 users were given access to feature, literally overnight. We looked at these Scratch users immediately before and after the policy change to estimate the effect of access to the broader design space that cloud variables afforded.

We found that use of data-related features was, as predicted, increased by both access to and use of cloud variables. We also found that this increase was not only an effect of projects that use cloud variables themselves. In other words, learners with access to cloud variables—and especially those who had used it—were more likely to use “plain-old” data-structures in their projects as well.

The graph below visualizes the results of one of the statistical models in our paper and suggests that we would expect that 33% of projects by a prototypical “average” Scratch user would use data structures if the user in question had never used used cloud variables but that we would expect that 60% of projects by a similar user would if they had used the system.

Model-predicted probability that a project made by a prototypical Scratch user will contain data structures (w/o counting projects with cloud variables)

It is important to note that the estimated effective above is a “local average effect” among people who used the system because they were granted access by the sudden change in policy (this is a subtle but important point that we explain this in some depth in the paper). Although we urge care and skepticism in interpreting our numbers, we believe our results are encouraging evidence in support of the “wide walls” design principle.

Of course, our work is not without important limitations. Critically, we also found that rate of adoption of cloud variables was very low. Although it is hard to pinpoint the exact reason for this from the data we observed, it has been suggested that widening walls may have a potential negative side-effect of making it harder for learners to imagine what the new creative possibilities might be in the absence of targeted support and scaffolding. Also important to remember is that our study measures “wide walls” in a specific way in a specific context and that it is hard to know how well our findings will generalize to other contexts and communities. We discuss these caveats, as well as our methods, models, and theoretical background in detail in our paper which now available for download as an open-access piece from the ACM digital library.


This blog post, and the open access paper that it describes, is a collaborative project with Sayamindu Dasgupta. Financial support came from the eScience Institute and the Department of Communication at the University of Washington. Quantitative analyses for this project were completed using the Hyak high performance computing cluster at the University of Washington.

The Computer History Museum just published the sourcecode for Eudora [Boing Boing]

Eudora -- first released in 1988 -- was the first industrial-strength email client designed to run on personal computers like IBM PC and the Macintosh; though there are still die-hard users of the program, the last version was published in 2006. (more…)

Today in GPF History for Wednesday, May 23, 2018 [General Protection Fault: The Comic Strip]

In Paris, the German lies to maintain his ruse in front of Sharon...

16:53

Charting a data journey to the cloud [All - O'Reilly Media]

Mick Hollison, Sven Löffler, and Robert Neumann explain how Deutsche Telekom is harnessing machine learning and analytics in the cloud to build Europe’s largest IoT data marketplace.

Continue reading Charting a data journey to the cloud.

The Paradise Papers: Behind the scenes with the ICIJ [All - O'Reilly Media]

Pierre Romera explores the challenges in making 1.4 TB of data securely available to journalists all over the world.

Continue reading The Paradise Papers: Behind the scenes with the ICIJ.

Highlights from the Strata Data Conference in London 2018 [All - O'Reilly Media]

Watch highlights covering machine learning, GDPR, data protection, and more. From the Strata Data Conference in London 2018.

Experts from across the data world came together for the Strata Data Conference in London. Below you'll find links to highlights from the event.

Charting a data journey to the cloud

Mick Hollison, Sven Löffler, and Robert Neumann explain how Deutsche Telekom is harnessing machine learning and analytics in the cloud to build Europe’s largest IoT data marketplace.

Journey to GDPR compliance

May 25 is an important day for data protection in the EU and elsewhere. Alison Howard explains how Microsoft has prepared for May 25 and beyond.

Humans and the machine: Machine learning in context

Jean-François Puget explains why human context should be embraced as a guide to building better and smarter systems.

Building a stronger data ecosystem

Ben Lorica looks at the problems we’re facing as we collect and store data, particularly when our machine learning models require huge amounts of labeled data.

-->

The Paradise Papers: Behind the scenes with the ICIJ

Pierre Romera explores the challenges in making 1.4 TB of data securely available to journalists all over the world.

Data protection and innovation

Eva Kaili outlines the fundamentals of GDPR and applications of blockchain.

So, you want to be successful in the open future?

Louise Beaumont explores the five characteristics of companies that choose to succeed.

Machine learning: Research & industry

Having worked in both research and industry, Mikio Braun shares insights into what's the same, what's different, and how deep learning might change the game.

--> Moving machine learning and analytics to hyperspeed

Amr Awadallah, Ankit Tharwani, and Bala Chandrasekaran explore how Barclay’s is applying machine learning and analytics to real-time data in Apache Kudu.

--> When to KISS

Zubin Siganporia explains how the KISS principle (“Keep It Simple, Stupid”) applies to solving problems and convincing end-users to adopt data-driven solutions to their challenges.

--> Cloud and the golden age of data analytics

Tom Grey says we are on the cusp of a golden age of analytics and machine learning.

--> Out of the lab and into real life

Christine Foster discusses how today’s academic papers turn into tomorrow’s data science.

The good, the bad, and the internet?

Martha Lane Fox considers the unintended consequences of technology.

-->

Continue reading Highlights from the Strata Data Conference in London 2018.

Data protection and innovation [All - O'Reilly Media]

Eva Kaili outlines the fundamentals of GDPR and applications of blockchain.

Continue reading Data protection and innovation.

Humans and the machine: Machine learning in context [All - O'Reilly Media]

Jean-François Puget explains why human context should be embraced as a guide to building better and smarter systems.

Continue reading Humans and the machine: Machine learning in context.

Journey to GDPR compliance [All - O'Reilly Media]

May 25 is an important day for data protection in the EU and elsewhere. Alison Howard explains how Microsoft has prepared for May 25 and beyond.

Continue reading Journey to GDPR compliance.

[$] Shortening the Python release schedule [LWN.net]

The Python release cycle has an 18-month cadence; a new major release (e.g. Python 3.7) is made roughly on that schedule. But Łukasz Langa, who is the release manager for Python 3.8 and 3.9, would like to see things move more quickly—perhaps on a yearly cadence. In the first session after lunch at the 2018 Python Language Summit, Langa wanted to discuss that idea.

16:03

Security updates for Wednesday [LWN.net]

Security updates have been issued by CentOS (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Debian (procps), Fedora (curl, mariadb, and procps-ng), Gentoo (samba, shadow, and virtualbox), openSUSE (opencv, openjpeg2, pdns, qemu, and wget), Oracle (java-1.8.0-openjdk and kernel), Red Hat (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, kernel-rt, libvirt, qemu-kvm, qemu-kvm-rhev, redhat-virtualization-host, and vdsm), Scientific Linux (java-1.7.0-openjdk, java-1.8.0-openjdk, kernel, libvirt, and qemu-kvm), Slackware (kernel, mozilla, and procps), SUSE (ghostscript-library, kernel, mariadb, python, qemu, and wget), and Ubuntu (linux-raspi2 and linux-raspi2, linux-snapdragon).

Comic: Mumm-Wha?! [Penny Arcade]

New Comic: Mumm-Wha?!

Working replica of Snake Plissken's Lifeclock countdown timer watch from Escape From New York [Boing Boing]

The Lifeclock One: Snake Edition is a $300 licensed replica of the countdown timer watch worn by Snake Plissken in Escape From New York: it's very cool looking and faithful to the original prop, but regrettably, the designers have added in a bunch of "smart-watch" features (Bluetooth, an app, text-message and app notifications from your phone) that raise the price, create needless attack surface, and add complexity. (more…)

15:13

[$] Case-insensitive filesystem lookups [LWN.net]

Case-insensitive file name lookups are a feature that is fairly frequently raised at the Linux Storage, Filesystem, and Memory-Management Summit (LSFMM). At the 2018 summit, Gabriel Krisman Bertazi proposed a new way to support the feature, though it met with a rather skeptical reception—with one notable exception. Ted Ts'o seemed favorably disposed to the idea, in part because it would potentially be a way to get rid of some longstanding Android ugliness: wrapfs.

Link [Scripting News]

I couldn't sleep after last night's excellent game between the Rockets and Warriors, so I tuned into the midnight re-broadcast of Maddow. She had an ex-CIA guy on as the big guest, he has a book out. He says he believes, now that he's retired, that the Russians did influence the outcome of the election. Rachel paused, as if some big moment had passed. She seemed to be saying, aha now at last the truth has come out. I thought this is so laughably ridiculous. Of course we all knew that the Russians influenced the outcome of the election. This. Is. Not. News. Stop being so ridiculous Rachel. Let's move beyond what we all know. We all know what happened in 2016. Now let's put up some defenses against what's happening now.

Nothing To See Here – DORK TOWER 17.05.18 [Dork Tower]

The Dork Tower Patreon goal of THREE new strips every week is within reach, thanks to our amazing patrons! Help us reach that goal:  JOIN THE FUN (also see the comics early, get bonus content and swag, plus a lot, lot more) for as little as $1 a month ($.12 a comic!)

If you say that your buffer can hold 200 characters, then it had better hold 200 characters [The Old New Thing]

A security vulnerability report claimed that there was a vulnerability in the Get­Doodad­Name function (not the actual function name):

There is a buffer overflow bug in the Get­Doodad­Name function. If the doodad's name is 10 characters long, and the caller provides a buffer of size 11 characters, but specifies a buffer size of 200, then the Get­Doodad­Name function will write more than 11 characters (10 characters for the name, plus the null terminator). Even though the caller passed an incorrect buffer size, the overflow should not happen because the caller's buffer was large enough to hold the actual result.

The original report was difficult to understand, probably because English was not the finder's native language, and there are parts of the report where I couldn't figure out what the finder was trying to say.

Going back to the issue at hand: If you pass a buffer to a function and say that it can hold up to 200 characters, then the function is welcome to use the entire buffer, even if the final result doesn't require full use of the buffer. This is just part of the basic ground rules for programming:

A function is permitted to write to the full extent of the buffer provided by the caller, even if not all of the buffer is required to hold the result.

In this case, what happens is that the Get­Doodad­Name function relies upon an internal function, let's call it Get­Doodad­Full­Name, which returns a fully-qualified name. It then removes the unnecessary qualifications, resulting in the final doodad name for the caller.

The simple implementation of this would go something like this:

DWORD GetDoodadName(
    HANDLE doodad,
    PWSTR buffer, UINT bufferSize,
    UINT* actualSize)
{
 *actualSize = 0;

 UINT actualFullSize;
 DWORD result = GetDoodadFullName(doodad,
   nullptr, 0, &actualFullSize);

 // If something went wrong other than "buffer too small",
 // then give up.
 if (result != ERROR_MORE_DATA) return result;

 PWSTR fullName = (PWSTR)HeapAlloc(
    GetProcessHeap(), 0, actualFullSize);
 if (!fullName) return ERROR_NOT_ENOUGH_MEMORY;
 result = GetDoodadFullName(doodad,
    fullName, actualFullSize, &actualFullSize);
 if (result == ERROR_SUCCESS) {
  *actualSize = ExtractLocalNameFromFullName(
    fullName, buffer, bufferSize);
 }
 HeapFree(GetProcessHeap(), 0, fullName);
 return result;
}

Since you're going to have to call Get­Doodad­Full­Name anyway, you may as well see if you're lucky, and the full name fits inside the caller-provided buffer. In that case, you need only call Get­Doodad­Full­Name once, and you don't need to allocate the temporary buffer either. That saves you a memory allocation and two calls to the doodad server.

DWORD GetDoodadName(HANDLE doodad, PWSTR buffer, UINT bufferSize,
    UINT* actualSize)
{
 *actualSize = 0;

 UINT actualFullSize;
 DWORD result = GetDoodadFullName(doodad,
    buffer, bufferSize, &actualFullSize);
 if (result == ERROR_SUCCESS) {
  // The caller's buffer is big enough to hold the full name.
  *actualSize = ExtractLocalNameFromFullName(
    buffer, buffer, bufferSize);
  return result;
 }

 // If something went wrong other than "buffer too small",
 // then give up.
 if (result != ERROR_MORE_DATA) return result;

 PWSTR fullName = (PWSTR)HeapAlloc(
    GetProcessHeap(), 0, actualFullSize);
 if (!fullName) return ERROR_NOT_ENOUGH_MEMORY;
 result = GetDoodadFullName(doodad,
    fullName, actualFullSize, &actualFullSize);
 if (result == ERROR_SUCCESS) {
  *actualSize = ExtractLocalNameFromFullName(
    fullName, buffer, bufferSize);
 }
 HeapFree(GetProcessHeap(), 0, fullName);
 return result;
}

This is a legitimate optimization because the function has free use of the caller-provided buffer, for the full extent of the caller-specified size of the buffer, until the function returns. And this function takes advantage of this freedom by using the caller-provided buffer as a temporary buffer for holding the full name.

If the caller provides a buffer of size 200, then that buffer had better be 200 characters in size, and all 200 of those characters had better be expendable.

What's even more dangerous about this is that the caller cannot guarantee the length of the doodad's local name. A doodad's name can be changed by anybody who can find the doodad in the system doodad table, so you can't say, "Well, my code created the doodad with a local name whose length I know to be exactly 10, so it's safe to overstate the buffer size because I know that the result won't use more than 11 characters." Some other program may have changed the doodad's name, and your "knowledge" that the result will require only 11 of those characters is no longer valid.

Curiously, the finder even acknowledged the fact that the name could change for reasons outside the program's control, and noted that if the new name requires more than 11 characters, then more than 11 characters will be modified.

So I don't know what the finder was trying to say. Since the length of the name cannot be known ahead of time, the caller doesn't know how much of the putatively 200-character buffer will be used, so the caller needs to be prepared for the case that all of it will be used. If the caller had important data at character 12, the caller may be in for an unpleasant surprise.

The buffer overflow in the report is not a vulnerability in the Get­Doodad­Name function. It is a vulnerability in the caller, for passing the wrong buffer size.

We asked the finder to clarify why they considered this a flaw in the Get­Doodad­Name function, but the response was not readily comprehensible. They seemed to be more interested in the change in behavior when the incorrectly-specified buffer size is large enough to hold the full name, as opposed to when it isn't.

One part that was sort of understandable went like this (after correcting grammar):

According to the design principle, even if I have provided an incorrect buffer size, a crash should not happen, because the user provided an actual buffer large enough to hold the (undecorated) doodad name.

I'm not sure what design principle says that if a caller provides an incorrect buffer size, we should somehow detect and avoid overflowing the buffer. If that were possible, then why have buffer size parameters at all? Just detect the correct buffer size automatically for all callers!

The changing or missing antecedents makes the clarification hard to decipher as well. Sometimes the invalid parameter came from "me", sometimes it was provided by "the user", and sometimes the agent that crashed is left unspecified.

The crash is interesting if it occurs at a different security level from the caller who passed invalid (or malicious) parameters. In this case, the invalid parameters are coming from the calling application, and the buffer overflow occurs in the calling application, and the crash occurs in the calling application. So everything happens at the same security level, and there is no elevation. What you found is a way for a malicious caller to corrupt its own memory in a very roundabout way.

For the first time in nearly 40 years, there's a new Parliament album! [Boing Boing]

George Clinton, explaining why Medicaid Fraud Dogg was being released under the Parliament banner, rather than Funkadelic: "Because the last album was (2014's) Funkadelic First Ya Gotta Shake The Gate. It's Parliament's turn." (more…)

The company that made Grenfell Tower's flammable, poisonous insulation used dangerous lies to make hundreds of sales [Boing Boing]

Celotex convinced the owners of Grenfell Tower and hundreds of other buildings in the UK to insulate with their RS5000 insulation product -- a product that had never passed safety tests. The company claimed it was safe for use because a different version of RS5000 (one that used much more flame-retardant) had been through the tests. (more…)

14:23

Link [Scripting News]

What if, instead of only studying the way Trump is crashing our democracy, we devoted equal time to studying life in a totalitarian state, so we can anticipate what's coming next. We still have a long way to go before the Constitution is gone, so the more we know about what's coming next, the more effective we can be at heading it off. In other words, what if we didn't panic and instead learned how to put up the best defense possible. This is especially relevant for tech people, because life in our totalitarian state will be more completely totalitarian than any before, thanks to the incredible spying devices we carry in our pockets and install in our homes, naĂŻvely assuming they only have benign applications. We create that technology. And already we are refusing to help, and that's a good sign, of course.

The oligarchs must know climate change is real [Scripting News]

I always figured that our oligarchs know full well that climate change is real, they just have a different strategy for dealing with it.

I read this piece by Charles Stross yesterday where he outlined what I assumed was their actual plan. Here's the relevant section.

  • Right now climate denialism is a touchstone of the American right, but the evidence is almost impossible to argue against right now and it's increasingly obvious that many of the people who espouse disbelief are faking it—virtue signalling on the hard right. Sooner or later they'll flip. When they do so, they will inevitably come to the sincere, deeply held belief that culling the bottom 50% to 90% of the planetary population will give them a shot at survival in the post-greenhouse world.

I have told this story myself, once at full volume in a crowded NYC subway car (inadvertently, I tend to speak loudly) and was rewarded with agreement from fellow subway riders.

Yiwu [Original Fiction – Tor.com]

Can dreams come true? They can if you win the lottery, which promises to provide what your heart desires. For a humble shopkeeper in Yiwu, it’s a living, selling lottery tickets. Until a winning ticket opens up mysteries he’d never imagined.

 

 

1.

In all his time working for the lottery, Eshamuddin had only ever sold three winning tickets but, as a consequence, he had seen three miraculous things.

The first purchaser, years before, was one of his first ever customers. She was a young, dark-haired girl with a look of intense concentration on her face as she handed over the cash money, and she retained one coin—a Martian shekel with the Golda Meir simulacrum’s head on– to scratch the card, which she did with a slow seesawing motion, gently blowing the cheap dust of silver foil as she searched for her luck.

Then her face changed. Not open disappointment, or stoic acceptance, of the sort that people always wore, nor the greedy desperation that meant they would ask for another ticket, and then another, until their money ran out.

But neither was it amazement, or shock, or any reaction of the sort he’d have expected were someone to get lucky. For someone to win.

It was more like she had found something that she had always half-suspected was there. That she was merely, at last, able to confirm a thing she’d always, instinctively, known.

And then she smiled.

And then she turned into a black-headed ibis and flew away into the sky.

 

2.

The second one was a couple of years later and it was a much more ordinary affair. The winner this time was a middle-aged man from Guangzhou, with a comb-over and bottle-top glasses and a nice smile; he had the sort of face that smiled easily, and sometimes ruefully, at the world’s foibles. It was the third card he’d bought and he was chatting to Esham all this while, a running commentary about the day’s weather (it was humid), the cost per unit of elastic hair bands (he had recently found a new manufacturer who could make them a point cheaper, saving him thousands), and his daughter’s new boyfriend (a no-good know-it-all, but what were you going to do? Kids today and all that). Then the silver foil all came off and the man’s face slackened and his lips stopped moving and he rocked in place as though he’d been struck, and Esham said, “Sir? Sir? Are you all right?” and the man just nodded, over and over, and finally gave him a goofy grin.

“Look,” he said. “Would you look at that.”

A car appeared ’round the corner and came to a stop beside Esham’s lottery stall. It was a long black limousine, with darkened windows. The doors opened and two men in dark suits and dark sunglasses stepped out. They both had short cropped hair and were very trim and fit. One held the door of the limousine open. The other said, “Congratulations, sir. Please, come with us.”

“But where are we going?” the man said.

“It’s only a short ride to the airport, sir.”

“The airport?”

“To get to the Singapore beanstalk, sir. It isn’t a long flight, sir.”

“Singapore? I have never been to Singapore.”

“It will only be a short stop, sir. A pod on the beanstalk is already reserved for you. Here, sir. Your ticket.”

“My ticket?”

“For your onward journey.”

The man stared at the ticket. He looked, almost pleadingly, at Eshamuddin.

“So it’s really true?” he said. “I won? I won the lottery?”

“Yes, sir.”

“I’ve always wanted to see Mars,” the man said. “Olympus Mons and Tong Yun City and the Valles Marineris kibbutzim…”

“Whatever your true heart’s desire, sir,” the man said. It was the same legend that was etched—in now dusty letters—above Esham’s lottery stall. The same legend that was on every lottery stall, anywhere. That was on every ticket.

Whatever your true heart’s desire.

“But my daughter, my job, I can’t just… elastic hair bands,” he said, desperately.

The car waited. Esham waited. The two men in their short cropped hair and smart black suits and ties waited. The man mopped his brow. “I suppose…” he said.

“Sir?”

He meekly let them lead him to the car. He folded into the cool interior and the doors shut and the two men disappeared inside and the car started up and drove away and the man was gone.

To Mars, Esham supposed.

“Mars!” said Mrs Li. She pushed her way to the booth and leered at Esham. “Who in their right mind would want to go to Mars, boy?” She shoved a handful of coins across the counter. “Give me a ticket.”

Esham took the money and gave her a ticket. You could count on Mrs Li to buy a few at a time. He wondered what her true heart’s desire was.

“That’s none of your damn business, boy!” Mrs Li said.

She scratched the card with maniacal glee.

 

3.

The third time he witnessed a miracle it wasn’t anything like that.

It was a foreigner, a trader on a purchasing trip to Yiwu from one of the coastal African states. He was with a couple of colleagues, and he bore an amused smile as he paid for the ticket. It was just something to do, a local custom, something to pass the time, he seemed to suggest. He scratched the card and looked at it with that same tolerant smile, and he began to say, in bad Mandarin, “What does this mean–” when it happened.

It was like a curtain swished behind the man. The man half-turned, looked, and there was an expression on his face that Esham couldn’t read. The man reached out one hand and touched the curtain. He prodded it with his fingers. He took a half step, and then another. There was nothing there, and yet there was. He half-turned back and smiled at Esham. Then he stepped through into the whatever-it-was and just… disappeared.

His two colleagues did a lot of shouting and Esham did a lot of hand waving and shouting back and finally some of the market police came along and they did a little shouting too and then, after a while, everyone left.

Esham stayed, of course. But business was slow and after another hour he closed the stall for the day. It had been a strange one. He wondered where the man went, and what he saw, and whether he was happy there.

He ate a bowl of crossing-the-bridge noodles at a Yunnanese stall, then had sweetened mint tea at a Lebanese café near the Zone 7 mosque, and then he walked slowly back. Two blind musicians played the guqin outside Pig Sty Alley, and the air was perfumed with wisteria. The smell was manufactured in the factories of Zone 10, at a very reasonable per unit cost, and consequently sold all across the world.

That night, Esham drew the walls of his stall-home down and sat inside. He tuned in to the latest episode of his favourite soap, Chains of Assembly, which broadcast across the hub network of the Conversation in near space, all the way from Mars. In the air before him, The Beautiful Maharani argued with Johnny Novum inside her domed palace, as ice meteorites fell onto the red sands far in the distance. Esham ate shaved ice with lychee syrup. It had been a strange day, he thought.

 

4.

Esham was born in Yiwu but he wasn’t Chinese. Many native-born residents of Yiwu weren’t. His father had been a small-goods trader from the Ecclesiastical Confederacy of Iran, and his mother was an interpreter for a mining company based in the Belt, which purchased mass-market goods for the asteroid longhouses. A space Dayak, she often complained of discomfort in Earth’s gravity, not because she was not used to it but because, unlike on the longhouses, there was simply no escaping it, even for a time. In the Up and Out, she’d told the young Esham, one could simply kick off into a free-fall zone, where you could fly: where you could be free.

He didn’t know what his mother’s true heart’s desire would have been. He remembered them both as loving parents—which is not to say they did not sometimes shout at him, in frustration, or that they did not fight, which they did—but when he thought of them, what he remembered first was love. His father was away a lot, a train man, as they called them, forever riding the rails along the Silk Road, from Yiwu to Tehran. He’d come back bearing gifts for Esham’s mother—saffron and dried apricots, tiny pickled cucumbers, rose water and golpar—and for Esham he’d bring back little hand-made curios, wood and wire intertwined with wildtech components, toys that existed in both the virtual and the real.

They died in a simple transport capsule accident on a visit to the underwater cities of Hainan. The new cities were the jewels of the South China Sea, glittering biospheres abundant in offshore aquaculture, home to millions of people who lived and breathed under water. It was just a stupid accident, the sort that never even made the news. He was still only a boy when it happened. After that the state took him in. For a long time he’d had the dream of buying lottery tickets until he’d found a winning one and then the lottery would bring his parents back to life. Even though he knew it was just a dream. Even the lottery could not bring back the dead.

The lottery really began as just another roadside tradition, around the time they rebuilt Yiwu from scratch into the lotus flower shape it had now. Each petal a zone, each zone a market to rival all other markets. There was nothing, it was said, that you couldn’t buy in Yiwu. But mostly it was the small stuff, the domestic stuff, still, then and now: key rings and bath mats, mugs and toothbrushes, artificial flowers, ladies’ handbags, raincoats and mascaras, pens and watches, clocks and toys and festive decorations… the factories in the outer zones beyond the city never slept, the market traders in their petal-sections of the market-city only ever slept in shifts, and the trains never stopped coming and going with the giant containers on their backs.

The first lottery was on the same scale. It really was just a community sort of thing. People coming together to make your life a little easier, a little better. When people would get together and buy tickets and each would win something they needed—help with repairs on their house, or delivery assistance for groceries, or someone to bring you food while you were sick, if you didn’t have family to care for you.

At least, that was the story.

On how the lottery really came to be, there were as many stories as there were fish in the fish market or toys in the toy market or pens in the pen stalls or fake snow in the Christmas pavilion. They said the lottery used Shenzhen ghost market tech and was overseen by the Others, those mysterious digital intelligences that first evolved in Jerusalem’s Breeding Grounds and now lived in impenetrable Cores guarded over by the mercenaries of Clan Ayodhya. Others said it was run by the Kunming Toads under Boss Gui, whose labs in the Golden Triangle churned out verboten technology and traded in illicit info-weapons and employed Strigoi assassins for all that they were banned on Earth. Others still said it was wild hagiratech from Jettisoned, that farthest outpost of humanity on the moon called Charon, from where the sun appeared as little more than a baleful raven’s eye in the sky, and that the lottery was run from off-world, and you know what people in the Up and Out were like.

Esham didn’t know. He didn’t even think to ask. The lottery just was, and it gave a few people every year something impossible and precious: their true heart’s desire. And it gave him, Esham, a job.

 

5.

Every morning he sat up in his cot and brushed his teeth in the sink and washed his face and his armpits and he drank a cup of tea. Then he unfolded the walls of the lottery booth and prepared to welcome the day. If the previous day’s take was good, he might walk to a nearby stall for a bowl of congee. If the take was not good, he would usually forego breakfast. His accommodation was free and his needs were few, and only the rich, as the old proverb goes, have time to dream. But that’s what the lottery was for, he thought. For the poor to have dreams.

From time to time he would move the lottery stall around the city. There were many lottery stalls but they all travelled if they needed to. Currently he was stationed in Zone 7, where the automata market was. Every late afternoon he’d shut the booth for an hour or so and take a stroll. The petal of Zone 7 rose high into the air above the central pistil. From up here you could look all over the city, to the zone-petals and their markets heaving with humanity and goods, and to the mountains that ranged Yiwu, and to the outer zones where the workers lived in the vast container shanties and grew their hydroponics food in green growtainers, and then beyond to the ring of factories. The petals were designed to catch wind and sun and rain, to reuse everything, to draw power from the elements. If the previous day’s take was good he might buy himself a modest lunch of some sort: Vietnamese banh mi or pho, or an Egyptian falafel or a bowl of noodles. If the take was good he might go to the public baths to wash. While the city operated on a range of digital currencies in the Conversation, the lottery only ever accepted coins. Why that was he didn’t know. They did not mind the type of currency, so each day Esham would sort out the day’s take by type and place of origin: Martian shekels and rubles alongside Belt-issued ringgit, local yuan, Micronesian dollars, lunar vatu… the list went on and on. Each evening he would pack the coins and place them in the appropriate bin provided, and each morning they would be gone.

Esham had his regulars. Mrs Li, who owned a factory that made snow globes, visited him every day. Mr Mansur, who came each year to Yiwu to buy lights, so many lights that he shipped to his distant home, would visit avidly when he was in town. He could always be relied upon to buy the extra ticket, and his face always bore a hopeful, yet simultaneously sad, look. He was a quiet, courteous man. There were others. They came and went like the tides.

In the afternoon a troupe of Martian Re-Born walked past, red-skinned, four-armed, laughing, wearing lanyards with laminated cards on their chests. They were of an Up and Out order which believed in an ancient Martian civilization ruled over by an Emperor of Time, and they modified their bodies to match their imagined perspective of that long vanished warrior race. They stopped, curious, at his stall and each bought one ticket, and they paid with coins that bore the profile of a P’rin, those imaginary reptilian birds that the Re-Born believed were the time-travelling messengers of their Emperor. None of them won.

A street cleaning machine crept past along the road, humming cheerfully to itself. Trams whooshed overhead on their graceful spirals, moving between the zones. The air smelled of hot leather, shoe polish, fried garlic, knockoff Chanel No. 5 perfume, uncollected garbage, frangipani and the recycled air blown out of a thousand air conditioners. It was then that he saw her, emerging from the market doors out into the hot street beyond.

The woman was no taller than Esham, but she moved with a quiet purpose that he envied: a sense of completeness, a comfort in one’s own skin he had never possessed. Esham was the sort of person who skulked through life, careful to avoid any potential for trouble. He had few friends and fewer vices and he never played the lottery.

The woman crossed the road and came to his stall and stopped. The laminated card attached to her lanyard said her name was Ms Qiu.

“Hello,” she said. The smile she offered him would have broken his heart had he opened his heart to it.

“Hello,” he said.

She had just an ordinary face, the sort you would easily lose in a crowd. Her hair was cut in a fashionable style that was nevertheless a year or so behind whatever the current trend was in Shanghai that spring. Her hand rested on the counter, lightly. Her fingers tapped on the surface. He looked away from her.

“May I have a card?” she said.

“Of course.”

She smiled when he gave it to her. She scratched it with an old 50-mongo coin. She looked at it, almost puzzled, then shrugged and left it on the counter.

“Thank you,” she said.

“You’re welcome.”

He watched her walk away.

 

6.

This became a daily routine. He came to await the moment when Ms Qiu appeared out of the market entrance. He’d watch her cross the road. He’d always wait. She’d say, “Hello.” He’d say, “Hello.” She’d ask for a card, and he would pass one to her, and she’d pay him with whatever coins she happened to carry that day—rubles, dinars, one time with a gold sovereign. Then she’d frown, shrug, give him a final smile or say, “Goodbye,” quietly, and walk away.

Sometimes, on his break, he would search for her in the market. He’d pass the rows of artificial cockatoos and peacocks, and the little singing birds in their cages with their bright glass eyes, and the enclosure of the animatronics tigers and the dodo arcade, but only once he thought he saw her, at a distance, speaking to a man in a navy-blue suit, but he could not be sure and, when he came closer, she was gone, if it had been her at all.

He took to eating his lunch at a Melanesian stall serving sup blong buluk wetem raes, simple, filling fare, and cheaply priced, a place popular with many of the Pacific traders. It was across the aisle from a stall that sold genuine synthetic bears’ gall bladder, and the girl who worked at that stall would often take her lunch around the same time.

“Don’t you remember me?” she said. “Isa, from the home.”

“Isa,” Esham said. “Of course. Of course.”

“I’ve seen you around,” she said. “So you went with the lottery.”

“I did. You?”

“Well, you can see.”

“Artificial gall bladders.”

“I have my own place now,” she said. “It’s in container town but I’m there alone, no one else.”

He knew what she meant. Growing up the way they did they were never alone, there were always others, nights filled with snores and farts and someone crying or talking in their sleep.

“Me, too,” he said. “It isn’t much but…”

She smiled.

“I know.”

She sat down across from him, with her tray. “You ever think of going away?” she said. “Mars, or the moon, or Beijing?”

He thought about it.

“No,” he said.

She nodded. “Me neither.”

She spooned beef stew over the rice and ate, wasting nothing, and he did the same.

 

7.

The way it happened wasn’t supposed to happen. There was something wrong, in hindsight, with the whole day, some intimation of disaster one could trace in the slight rise in air pressure or in the swoosh of the trams overhead, or in the clinking of coinage. Mrs Li came and bought three tickets, and left with a huff. Mr Mansur came by and bought one, and stopped to chat for a little while before he, too, left. A couple of monks went past and did not buy tickets. A bulk buyer from the Martian Soviet came and got a ticket and then a trader from Harbin.

It was just an ordinary day, the way Esham liked it. Order and routine, a knowing of what was expected. At the usual time, Ms Qiu emerged from the market doors. She crossed the road. She came to the stand and smiled at him and said, “Hello,” and asked for a ticket.

He sold her one. She scratched the silver foil with a 10-baht coin.

She looked at the card, almost puzzled, then shrugged and left it on the counter.

“No luck?” Esham said.

She pushed the ticket towards him. He glanced down, barely registering the impossible at first: the three identical symbols of a beckoning gold cat that meant it was a winning ticket.

He glanced up at Ms Qiu.

Nothing happened.

“Thank you,” Ms Qiu said.

She gave him a last, almost bemused smile, then turned and walked away.

Still nothing happened.

He stared at the good luck cats.

Nothing.

Ms Qiu crossed the road and walked away the way she always did, until she turned a corner and was out of sight.

Still nothing happened.

They said when old Mr Chow won, it had rained fish all that day, all over the city.

They said that when Mrs Kim won, statues came to life and danced for a full five minutes to a K-pop song before they suddenly and abruptly became stone again.

They said when Mr Huang won, a dragon flew over the city, and summer flowers bloomed, and when young Miss Yuen won, she vanished and reappeared in digital form as a speaking part character on Chains of Assembly, where she had a brief but intense romance with Johnny Novum before falling afoul of Count Victor’s machinations against the Beautiful Maharani, after which she was not seen again on the programme.

Esham stared after Ms Qiu, but nothing happened. He held the winning ticket, stared at it. Something was wrong, he thought. It wasn’t supposed to happen like this.

Rain clouds gathered over the flower-city of Yiwu.

He stared up at the sky, but they were just ordinary rain clouds.

 

8.

“Area Controller Dee will be with you shortly. Please wait.”

Lottery sub-level 15 was a mix of physical reality and the virtual. Disembodied daemons moved through the air whispering machine language instructions while forklifts drifted across the factory space moving heavy bags of coinage, and in the far end the printing presses thumped and hummed, churning out sheets and sheets of promised miracles which were then chopped neatly by other machines and sorted for delivery to the various stalls. In many ways it could have been the quintessential Yiwu market floor, small scale manufacturing, large scale distribution, only here they didn’t sell bath mats or doorknobs, they sold miracles.

He wondered what they did with all the coins.

“Only, how long will it be?” he said. “This is very important.”

“Please wait. Area Controller Dee will be with you shortly.”

Esham touched the bruise on his cheek.

There had been trouble the night before.

He’d been careless, a customer came past shortly after and they saw he held a winning ticket. He’d tried to explain but he didn’t know how.

Word spread.

The rumour went around that there was a winning ticket up for grabs. Even though everyone knew the lottery didn’t work that way.

They came to gawk at his lottery stand, only a few at first, then more, until it was more like a mob that surrounded him. Night fell and the air had a wild, festive feel to it, but mixed with a sense of unpredictability. People lit torches and drank beer and baiju. Fights broke out. People kept shouting questions at him. He couldn’t leave. Then a group of young men set on him. They demanded to see the ticket. He tried to shut the booth but they started pushing it, rocking it from side to side. Esham tried to slip out and someone pushed him, and he fell. The mood turned ugly. He looked up and saw their faces, lit and hungry. He curled up into a ball. He’d been kicked before, the key was to try and minimise the damage.

They started landing blows. Fists, feet. Then someone shouted, “Leave him alone!”

It was Isa, from the market. She came in, fearless, and stood over him and faced down the bullies.

“Go away,” she told them.

Which, remarkably, they did.

She helped him to his feet.

“Are you all right?”

He tried to smile, though it hurt.

“Here,” she said. “You’re bleeding.” She sat him down on a bench and cleaned the cut in his face. His ribs hurt from the kicking. The city shone overhead in a million lights.

“Thanks, Isa.”

“We’ve got to look after each other,” she said. “Or who else will?”

He nodded. He felt very tired.

They sat together on the warm bench under the petal zones of the city, side by side, in companionable silence.

 

9.

“I must speak to the Area Controller,” Esham said. It had taken him hours to find the lottery regional office. It really was just a door, tucked in the back of Zone 2, and he’d had to pass through miles of near-identical corridors, through stalls which sold miniature models of folding Beijings, fish from Lijiang and flowers from Shazui, Perky Pat dolls bound for Mars and replica guns from Isher, anti-spiritual pollution spray in aluminum cans, Samsara wheels that played a song as they were spun and little self-assembly spacecraft models from General Products—a sea of kipple, an endless, rolling expanse, heap upon heap of old stuff someone, somewhere, simply couldn’t let go of.

He went past it. He found the door. It was just a door.

“I must speak to the Area Controller,” he said.

The door seemed to hesitate.

“This is most irregular,” it said.

“The situation is most irregular!” Esham said, with more force than he meant to.

“I’m sorry,” he said.

“Don’t mention it,” said the door.

“Can I come through?”

The door hesitated.

“We’re very busy right now,” it said.

“This is important!”

“I am sure,” the door said, in a maddeningly reasonable voice, “that is seems very important to you.” It sighed. “I wasn’t always a door, you know,” it said. “I used to be a poet.” It reflected for a while. “Still. I like being a door. Sometimes you’re open. Sometimes you’re closed. There’s very little in between. I find that comforting. Don’t you?”

“Me?”

“Well, you’re not a door,” the door said. “So I suppose you wouldn’t understand.”

It seemed to reflect again.

“Oh, well,” it said at last. “But don’t say I didn’t warn you.”

The door irised open.

Esham stepped through.

 

10.

The corridor felt like an access tube strung over some enormous height. The accordion walls contracted and expanded and the whole passage seemed to move as though buffeted by unseen wind. He stumbled along it, holding on to the walls to stay upright. Lights flashed overhead. A mechanical voice kept counting, “Eight billion point two four five, eight billion point two four seven, eight billion point two five one,” incomprehensively. Esham came to the end of the corridor. He stepped through…

For a moment he had the sense of galactic space all around him. He saw a planet adorned with rings, and fireflies in formation all around it, and the sun far against the endless dark, a lone yellow star. Then it vanished and the voice stopped the count and a new voice said, “Welcome to Lottery sub-level 15, vendor human type Eshamuddin. Area Controller Dee will be with you shortly.”

He looked around him, at this ordinary floor. It could have been any market level in Yiwu. Though he was suddenly certain he was nowhere near Yiwu. Not even on Earth, maybe. There were windows in the far walls. He could see a night sky, but not much else. Height, though. He was high up, in a skyscraper, somewhere foreign. He was almost sure. He began to walk to the windows. If only he could see…

“Sir? Come with me, please.”

 

11.

Area Controller Dee was a short, fat man in a chequered shirt with one button too many undone and thinning black hair that stuck to his forehead. He mopped his face and pushed the basket of food on his desk towards Esham.

“Prawns?”

Grease shone on his fingers. Esham shook his head.

“No. Thank you.”

“Suit yourself.”

Dee ate fast. When he finished he let out a satisfied burp and wiped his fingers clean on a dirty napkin.

“So,” he said. “What is all this about?”

“Sir,” Esham said. “Do you mind if I ask where we are?”

“The lottery building,” Area Controller Dee said.

“But where, I mean what–”

“The lottery is the lottery,” Area Controller Dee said. “Yes?”

“Yes, sir.”

“Now, could you get to the point? I don’t have all day.”

“It’s about this ticket, sir. It’s a winning ticket, sir.”

“A winning ticket? Let me see.”

Dee took the scratch card from him. He looked at it and pursed his lips. His eyes glazed, for a moment, as he accessed his node.

“Ah, yes,” he said. “Defunct.”

“Defunct, sir?”

“It was an error,” Dee said. “Don’t worry about it.”

“So it didn’t work? But Ms Qiu–”

“Ms Qiu?” Dee said.

“The woman who purchased it, sir.”

“Not human,” Dee said.

“Not human, sir?”

“Automaton. Replica. Animatroni– well, you know.” He waved his hand. “Ex-display.”

“Ex-display?”

“Do you just repeat everything anyone ever says to you?” Dee said.

“Yes, sir. I mean, no, sir. Sir, what do we do here? What is the lottery for?”

Area Controller Dee unwrapped a lollypop and stuck it in his mouth. He sucked on it noisily then took it out with a pop.

“The lottery’s the lottery,” he said, with an air of satisfied finality.

 

12.

Arrows led him back the way he’d come across the floor. Far in the distance he saw an old mechanical slat board that kept clacking, with figures that kept changing for Mars, Lunar Port, Titan, Ganymede, Io, Calisto, Jettisoned, Ceres, Vesta, Calypso, Hyperion, Nix and Hydra. And Earth, of course. The same mechanical voice returned, “eight billion point two six eight, eight billion point two seven one,” droning on. Esham came to a door. He opened it, and stepped out onto a street in Yiwu.

It was late afternoon. The sun was low against the mountains. The petals of the market zones rose in the sky, casting shadows over the surface streets. He was in a quiet residential neighbourhood not far from Zone 7. As he stood there, he saw Ms Qiu cross the street. She walked in that same assured, unhurried pace. She didn’t see him. She came to a small house with a well-tended front garden and a little white fence. Two children came running out to greet her, and Esham thought he saw the outline of a man waiting at the door. Ms Qiu went in with the children.

Esham came a little closer. He peeked through the windows, which were open to let in the breeze. He saw them sit down at the dinner table, the children talking animatedly, Ms Qiu smiling quietly. The man said something and she laughed.

Esham left them to have their privacy. He walked back to his stall, and saw that Isa was there, waiting for him.

“I thought I’d take you out to dinner,” she said.

“I’d like that,” Esham said.

“What shall we have?” she said. She laughed. “Whatever is your true heart’s desire.”

So they shared crossing-the-bridge noodles at the Yunnanese stall, and then they had sweetened mint tea at the Lebanese café.

And then, together, they went home.

Text copyright © 2018 by Lavie Tidhar
Art copyright © 2018 by Feifei Ruan

12:53

Scalzi at Phoenix Comic Fest This Weekend [Whatever]

As a reminder, starting today(!) I will be in the lovely and very hot town of Phoenix for Phoenix Comic Fest (previously known as Phoenix Comic Con), to sign books, be on panels and do a whole lot of schmoozing. And you(!) can be a part of that, if you happen to be in or around Phoenix this weekend.

What’s my schedule?

Wednesday (today):

  • 2018 Elevengeddon: A Multi-Author Sci-Fi Event
    7:00pm, Poisoned Pen Bookstore
    Event & Signing
    Authors: Myke Cole (Tor.com Publishing), Emily Devenport, Cory Doctorow, K Arsenault Rivera, John Scalzi, V.E. Schwab, Charles Soule, Sam Sykes

Thursday:

  • Out in the Field – Bizarre Things I Learned While Researching My Boo​k & Post-Panel Signing
    1:30pm-2:30pm, North 126AB
    ​Panelists: Aaron Mahnke, K Arsenault Rivera, John Scalzi, V.E. Schwab
  • Prophets of Sci-Fi
    3:00pm-4:00pm, North 125AB
    Panelists: Cory Doctorow, John Scalzi, Emily Devenport, Sylvain Neuvel
  • Tor Author Group Signing
    4:30pm-5:30pm, Changing Hands Author Signing Area
    All attending Tor Authors

Friday:

  • Tor Presents: Two Truths and A Lie – Authors Edition
    10:30am-11:30am, North 122ABC
    Panelists: Cory Doctorow, Emily Devenport, K Arsenault Rivera, John Scalzi
    Moderator: Myke Cole (Tor.com Publishing)
  • Marching Orders – Military in Sci-Fi and Fantasy Stories & Post-Panel Signing
    1:30pm-2:30pm, North 126C
    Panelists: John Scalzi, Melinda Snodgrass, Sylvain Neuvel, Mark Gardner, Kevin Ikenberry

Saturday:

  • Cory Doctorow & John Scalzi in Conversation about Politics in Sci-Fi and Fantasy & Post-Panel Signing
    12:00pm-1:00pm, North 124AB
    Panelists: Cory Doctorow and John Scalzi
  • Tor Presents #FearlessWomen & Post-Panel Signing
    1:30pm-2:30pm, North 125AB
    Panelists: V.E. Schwab, K Arsenault Rivera, Emily Devenport, John Scalzi

Sunday:

  • John Scalzi Solo Panel & Post-Panel Signing
    1:30pm-2:30pm, North 126AB

(All this information taken from Tor.com’s PCF schedule, which also features the schedule of other Tor-related authors, like VE Schwab, Cory Doctorow and Myke Cole among others.)

I’ll note that on Sunday, at my solo panel, I’ll likely be reading new material that I’ve not read anywhere else yet, so if that’s a thing you want to hear, get yourself there.

See you in Phoenix! Uh, unless I don’t, in which case have a good rest of your week anyway, okay?

12:13

Cory Doctorow on the fight for a configurable and free internet [All - O'Reilly Media]

It’s time to sort the sheep from the goats, or the willing from the unwilling.

In this episode of the O’Reilly Podcast, I talk with Cory Doctorow, who is a science fiction author, editor of Boing Boing, the former European director of the Electronic Frontier Foundation (EFF), and currently a special advisor for the EFF. Doctorow will be a keynote speaker at the O’Reilly Fluent Conference, June 11-14, 2018, in San Jose.

Discussion points:

On the current “tech lash”: Doctorow welcomes the tech lash we’re seeing, because “on the one hand, we're very worried that a small coterie of unaccountable technologists can write code that changes the lives of billions of people for the worse. But it seems like the mainstream of the critique of that won't, or can't, contemplate the possibility that a small group of people might write code that would change people's lives for the better. That may be the way, or part of the way, that we hold tech to account—by having our own tech, by seizing the means of information.”

We do need to build a better web: He continues, arguing that there are “companies with a fair degree of impunity to just make ads more invasive, more surveillant, more crappy, and more dangerous. Gathering all that data and warehousing it means that you put it at risk of being breached or subpoenaed or in some other way commandeered and then used against the people who you are advertising to.”

Go forth and learn from Larry Lessig: Harvard Law school professor and founder of the Creative Commons, Lessig is key here, as Doctorow references: “Larry says that the world is influenced by four forces: 1) code, what's technologically possible, 2) law, what's legally available, 3) norms, what's socially acceptable, and 4) markets, what's profitable.”

How we build a better web: Cory makes a two-prong argument on how we build a better web, which starts with a way to “sort the sheep from the goats or the willing from the unwilling...1) we should always design computers that obey their users or owners when there's a conflict between what that person wants and what some remote entity like, say, a government or a police force or an advertiser or whatever wants. 2) Part two is that it should always be legal to disclose defects in computers. So, if you discover that there's a problem with a computer that other people rely on, you should be able to warn them even if the manufacturer would prefer that you not.”

On privacy, data breaches, and a new business as usual: Doctorow opines that we’re not at a watershed moment because: “When the next crisis comes, it reaches an even higher peak. More people care about it and they care about it more intensely. When the crisis passes and the new normal asserts itself, it's a new normal in which the crisis is more salient yet. That's how we attain change.”

The good and bad of technology in the long history of the internet: Doctorow says this is nothing new: "That consciousness has been there since the very beginning, really. No one founds a group like the Electronic Frontier Foundation because they think technology is going to automatically be great. The reason the Free Software Foundation and EFF and other projects try to think about the social implications and how technology could be made safer for human habitation is because of this dual sense that on the one hand, technology held an enormous power to change the balance in social justice struggles and to make people's lives much better.

"At the same time, it held an enormous power to make people's lives much worse and change the balance of power so that it favored the already powerful. Technology has done both. If there's a real criticism of the techlash it's that it decides that only one of those things is real. They're both real. Technology has given us community and it's given us kindness and it's given us all kinds of joys and human flourishing. It's taken those away, too."

Net Neutrality is just one phase of the fight for the open and free web: Doctorow says the fight for a free internet is never over: “Maybe this time they'll be scared of the internet for two years. Then in three years, we'll do something that will make them scared of the internet for five years. We'll just keep doing it. The arc of history is long. It bends toward justice. It bends toward justice because we sit there and we hang on it and we bend it as hard as we can and we never, ever stop.”

Continue reading Cory Doctorow on the fight for a configurable and free internet.

Four short links: 23 May 2018 [All - O'Reilly Media]

Remote Work, AWS Production Checklist, Proof of Work, and Face Recognition

  1. Remote Workers Make Enterprises More Competitive -- job ads that include the term "remote work" get six times more applicants.
  2. AWS Production Readiness Checklist -- everything you need to do before you go live. (via blog)
  3. Bitcoin Mining and Proof of Work -- Non-technical people often assume that bitcoin will get more efficient as it goes on—like other technologies do. This isn’t the case at all. With every other technology, the economic motivation is to reduce energy costs. But with bitcoin, you make your bitcoins by spending absolutely as much energy as you can throw at the problem.
  4. Machine Learning to Spot Celebrities -- it's so emblematic. China uses face recognition to spot criminals and track association; the West uses face recognition to automatically track and record celebrities for a television broadcast.

Continue reading Four short links: 23 May 2018.

Business Driven Development [The Daily WTF]

Every now and then, you come across a special project. You know the sort, where some business user decides that they know exactly what they need and exactly how it should be built. They get the...

11:23

BPI Wants Piracy Dealt With Under New UK Internet ‘Clean-Up’ Laws [TorrentFreak]

For the past several years, the UK Government has expressed a strong desire to “clean up” the Internet.

Strong emphasis has been placed on making the Internet safer for children but that’s just the tip of a much larger iceberg.

This week, the Government published its response to the Internet Safety Strategy green paper, stating unequivocally that more needs to be done to tackle “online harm”.

Noting that six out of ten people report seeing inappropriate or harmful content online, the Government said that work already underway with social media companies to protect users had borne fruit but overall industry response has been less satisfactory.

As a result, the Government will now carry through with its threat to introduce new legislation, albeit with the assistance of technology companies, children’s charities and other stakeholders.

“Digital technology is overwhelmingly a force for good across the world and we must always champion innovation and change for the better,” said Matt Hancock, Secretary of State for Digital, Culture, Media and Sport.

“At the same time I have been clear that we have to address the Wild West elements of the Internet through legislation, in a way that supports innovation. We strongly support technology companies to start up and grow, and we want to work with them to keep our citizens safe.”

While emphasis is being placed on hot-button topics such as cyberbullying and online child exploitation, the Government is clear that it wishes to tackle “the full range” of online harms. That has been greeted by UK music group BPI with a request that the Government introduces new measures to tackle Internet piracy.

In a statement issued this week, BPI chief executive Geoff Taylor welcomed the move towards legislative change and urged the Government to encompass the music industry and beyond.

“This is a vital opportunity to protect consumers and boost the UK’s music and creative industries. The BPI has long pressed for internet intermediaries and online platforms to take responsibility for the content that they promote to users,” Taylor said.

“Government should now take the power in legislation to require online giants to take effective, proactive measures to clean illegal content from their sites and services. This will keep fans away from dodgy sites full of harmful content and prevent criminals from undermining creative businesses that create UK jobs.”

The BPI has published four initial requests, each of which provides food for thought.

The demand to “establish a new fast-track process for blocking illegal sites” is not entirely unexpected, particularly given the expense of launching applications for blocking injunctions at the High Court.

“The BPI has taken a large number of actions against individual websites – 63 injunctions are in place against sites that are wholly or mainly infringing and whose business is simply to profit from criminal activity,” the BPI says.

Those injunctions can be expanded fairly easily to include new sites operating under similar banners or facilitating access to those already covered, but it’s clear the BPI would like something more streamlined. Voluntary schemes, such as the one in place in Portugal, could be an option but it’s unclear how troublesome that could be for ISPs. New legislation could solve that dilemma, however.

Another big thorn in the side for groups like the BPI are people and entities that post infringing content. The BPI is very good at taking these listings down from sites and search engines in particular (more than 600 million requests to date) but it’s a game of whac-a-mole the group would rather not engage in.

With that in mind, the BPI would like the Government to impose new rules that would compel online platforms to stop content from being re-posted after it’s been taken down while removing the accounts of repeat infringers.

Thirdly, the BPI would like the Government to introduce penalties for “online operators” who do not provide “transparent contact and ownership information.” The music group isn’t any more specific than that, but the suggestion is that operators of some sites have a tendency to hide in the shadows, something which frustrates enforcement activity.

Finally, and perhaps most interestingly, the BPI is calling on the Government to legislate for a new “duty of care” for online intermediaries and platforms. Specifically, the BPI wants “effective action” taken against businesses that use the Internet to “encourage” consumers to access content illegally.

While this could easily encompass pirate sites and services themselves, this proposal has the breadth to include a wide range of offenders, from people posting piracy-focused tutorials on monetized YouTube channels to those selling fully-loaded Kodi devices on eBay or social media.

Overall, the BPI clearly wants to place pressure on intermediaries to take action against piracy when they’re in a position to do so, and particularly those who may not have shown much enthusiasm towards industry collaboration in the past.

“Legislation in this Bill, to take powers to intervene with respect to operators that do not co-operate, would bring focus to the roundtable process and ensure that intermediaries take their responsibilities seriously,” the BPI says.

The Department for Digital, Culture, Media & Sport and the Home Office will now work on a White Paper, to be published later this year, to set out legislation to tackle “online harms”. The BPI and similar entities will hope that the Government takes their concerns on board.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Big crew/little crew [Seth Godin's Blog on marketing, tribes and respect]

Software projects work better with small teams.

On the other hand, it makes sense to have multiple teams of workers if you're paving a patch of highly trafficked highway.

Three reasons:

Coordination

Learning

Ramp up time

As we learned from the Mythical Man Month more than fifty years ago, software projects rely on coordination of work. As you add programmers, the work doesn't go faster, it gets slower. Ramp up time is expensive. And if the project involves learning as you go, then big teams waste far more time at the beginning while you're figuring things out.

On the other hand, it doesn't make any sense at all to have a single crew working on a paving project. If you need to close the road for two weeks as they work from one end to the other, you've cost the users of the road a fortune. Ramp up time for trained professionals is trivial, and there's no learning and not much coordination. Better to have five crews working on different sections and open the road after just one or two days.

Often, we default to a small crew because we don't believe we can afford a bigger one. But if the work is worth doing, it might be worth doing more quickly. It's easier than ever to find ways to scale project labor now.

And sometimes, we mistakenly choose to use a big crew, thinking that nine women, working very carefully in coordination, can have a baby in one month. Wishful thinking that ends up in disappointment.

If you want to see how a project got into trouble, look for how crew size was decided.

       

09:03

223 [LFG Comics]

The post 223 appeared first on Tiny Dick Adventures.

Vincent Bernat: Multi-tier load-balancing with Linux [Planet Debian]

A common solution to provide a highly-available and scalable service is to insert a load-balancing layer to spread requests from users to backend servers.1 We usually have several expectations for such a layer:

scalability
It allows a service to scale by pushing traffic to newly provisioned backend servers. It should also be able to scale itself when it becomes the bottleneck.
availability
It provides high availability to the service. If one server becomes unavailable, the traffic should be quickly steered to another server. The load-balancing layer itself should also be highly available.
flexibility
It handles both short and long connections. It is flexible enough to offer all the features backends generally expect from a load-balancer like TLS or HTTP routing.
operability
With some cooperation, any expected change should be seamless: rolling out a new software on the backends, adding or removing backends, or scaling up or down the load-balancing layer itself.

The problem and its solutions are well known. From recently published articles on the topic, “Introduction to modern network load-balancing and proxying” provides an overview of the state of the art. Google released “Maglev: A Fast and Reliable Software Network Load Balancer” describing their in-house solution in details.2 However, the associated software is not available. Basically, building a load-balancing solution with commodity servers consists of assembling three components:

  • ECMP routing
  • stateless L4 load-balancing
  • stateful L7 load-balancing

In this article, I describe and support a multi-tier solution using Linux and only open-source components. It should offer you the basis to build a production-ready load-balancing layer.

Update (2018.05)

Facebook just released Katran, an L4 load-balancer implemented with XDP and eBPF and using consistent hashing. It could be inserted in the configuration described below.

Last tier: L7 load-balancing🔗

Let’s start with the last tier. Its role is to provide high availability, by forwarding requests to only healthy backends, and scalability, by spreading requests fairly between them. Working in the highest layers of the OSI model, it can also offer additional services, like TLS-termination, HTTP routing, header rewriting, rate-limiting of unauthenticated users, and so on. Being stateful, it can leverage complex load-balancing algorithm. Being the first point of contact with backend servers, it should ease maintenances and minimize impact during daily changes.

L7 load-balancers
The last tier of the load-balancing solution is a set of L7 load-balancers receiving user connections and forwarding them to the backends.

It also terminates client TCP connections. This introduces some loose coupling between the load-balancing components and the backend servers with the following benefits:

  • connections to servers can be kept open for lower resource use and latency,
  • requests can be retried transparently in case of failure,
  • clients can use a different IP protocol than servers, and
  • servers do not have to care about path MTU discovery, TCP congestion control algorithms, avoidance of the TIME-WAIT state and various other low-level details.

Many pieces of software would fit in this layer and an ample literature exists on how to configure them. You could look at HAProxy, Envoy or Træfik. Here is a configuration example for HAProxy:

# L7 load-balancer endpoint
frontend l7lb
  # Listen on both IPv4 and IPv6
  bind :80 v4v6
  # Redirect everything to a default backend
  default_backend servers
  # Healthchecking
  acl dead nbsrv(servers) lt 1
  acl disabled nbsrv(enabler) lt 1
  monitor-uri /healthcheck
  monitor fail if dead || disabled

# IPv6-only servers with HTTP healthchecking and remote agent checks
backend servers
  balance roundrobin
  option httpchk
  server web1 [2001:db8:1:0:2::1]:80 send-proxy check agent-check agent-port 5555
  server web2 [2001:db8:1:0:2::2]:80 send-proxy check agent-check agent-port 5555
  server web3 [2001:db8:1:0:2::3]:80 send-proxy check agent-check agent-port 5555
  server web4 [2001:db8:1:0:2::4]:80 send-proxy check agent-check agent-port 5555

# Fake backend: if the local agent check fails, we assume we are dead
backend enabler
  server enabler [::1]:0 agent-check agent-port 5555

This configuration is the most incomplete piece of this guide. However, it illustrates two key concepts for operability:

  1. Healthchecking of the web servers is done both at HTTP-level (with check and option httpchk) and using an auxiliary agent check (with agent-check). The later makes it easy to put a server to maintenance or to orchestrate a progressive rollout. On each backend, you need a process listening on port 5555 and reporting the status of the service (UP, DOWN, MAINT). A simple socat process can do the trick:3

    socat -ly \
      TCP6-LISTEN:5555,ipv6only=0,reuseaddr,fork \
      OPEN:/etc/lb/agent-check,rdonly
    

    Put UP in /etc/lb/agent-check when the service is in nominal mode. If the regular healthcheck is also positive, HAProxy will send requests to this node. When you need to put it in maintenance, write MAINT and wait for the existing connections to terminate. Use READY to cancel this mode.

  2. The load-balancer itself should provide an healthcheck endpoint (/healthcheck) for the upper tier. It will return a 503 error if either there is no backend servers available or if put down the enabler backend through the agent check. The same mechanism as for regular backends can be used to signal the unavailability of this load-balancer.

Additionally, the send-proxy directive enables the proxy protocol to transmit the real clients’ IP addresses. This protocol also works for non-HTTP connections and is supported by a variety of servers, including nginx:

http {
  server {
    listen [::]:80 default ipv6only=off proxy_protocol;
    root /var/www;
    set_real_ip_from ::/0;
    real_ip_header proxy_protocol;
  }
}

As is, this solution is not complete. We have just moved the availability and scalability problem somewhere else. How do we load-balance the requests between the load-balancers?

First tier: ECMP routing🔗

On most modern routed IP networks, redundant paths exist between clients and servers. For each packet, routers have to choose a path. When the cost associated to each path is equal, incoming flows4 are load-balanced among the available destinations. This characteristic can be used to balance connections among available load-balancers:

ECMP routing
ECMP routing is used as a first tier. Flows are spread among available L7 load-balancers. Routing is stateless and asymmetric. Backend servers are not represented.

There is little control over the load-balancing but ECMP routing brings the ability to scale horizontally both tiers. A common way to implement such a solution is to use BGP, a routing protocol to exchange routes between network equipments. Each load-balancer announces to its connected routers the IP addresses it is serving.

If we assume you already have BGP-enabled routers available, ExaBGP is a flexible solution to let the load-balancers advertise their availability. Here is a configuration for one of the load-balancers:

# Healthcheck for IPv6
process service-v6 {
  run python -m exabgp healthcheck -s --interval 10 --increase 0 --cmd "test -f /etc/lb/v6-ready -a ! -f /etc/lb/disable";
  encoder text;
}

template {
  # Template for IPv6 neighbors
  neighbor v6 {
    router-id 192.0.2.132;
    local-address 2001:db8::192.0.2.132;
    local-as 65000;
    peer-as 65000;
    hold-time 6;
    family {
      ipv6 unicast;
    }
    api services-v6 {
      processes [ service-v6 ];
    }
  }
}

# First router
neighbor 2001:db8::192.0.2.254 {
  inherit v6;
}

# Second router
neighbor 2001:db8::192.0.2.253 {
  inherit v6;
}

If /etc/lb/v6-ready is present and /etc/lb/disable is absent, all the IP addresses configured on the lo interface will be announced to both routers. If the other load-balancers use a similar configuration, the routers will distribute incoming flows between them. Some external process should manage the existence of the /etc/lb/v6-ready file by checking for the healthiness of the load-balancer (using the /healthcheck endpoint for example). An operator can remove a load-balancer from the rotation by creating the /etc/lb/disable file.

To get more details on this part, have a look at “High availability with ExaBGP.” If you are in the cloud, this tier is usually implemented by your cloud provider, either using an anycast IP address or a basic L4 load-balancer.

Unfortunately, this solution is not resilient when an expected or unexpected change happens. Notably, when adding or removing a load-balancer, the number of available routes for a destination changes. The hashing algorithm used by routers is not consistent and flows are reshuffled among the available load-balancers, breaking existing connections:

Stability of ECMP routing 1/2
ECMP routing is unstable when a change happens. An additional load-balancer is added to the pool and the flows are routed to different load-balancers, which do not have the appropriate entries in their connection tables.

Moreover, each router may choose its own routes. When a router becomes unavailable, the second one may route the same flows differently:

Stability of ECMP routing 2/2
A router becomes unavailable and the remaining router load-balances its flows differently. One of them is routed to a different load-balancer, which do not have the appropriate entry in its connection table.

If you think this is not an acceptable outcome, notably if you need to handle long connections like file downloads, video streaming or websocket connections, you need an additional tier. Keep reading!

Second tier: L4 load-balancing🔗

The second tier is the glue between the stateless world of IP routers and the stateful land of L7 load-balancing. It is implemented with L4 load-balancing. The terminology can be a bit confusing here: this tier routes IP datagrams (no TCP termination) but the scheduler uses both destination IP and port to choose an available L7 load-balancer. The purpose of this tier is to ensure all members take the same scheduling decision for an incoming packet.

There are two options:

  • stateful L4 load-balancing with state synchronization accross the members, or
  • stateless L4 load-balancing with consistent hashing.

The first option increases complexity and limits scalability. We won’t use it.5 The second option is less resilient during some changes but can be enhanced with an hybrid approach using a local state.

We use IPVS, a performant L4 load-balancer running inside the Linux kernel, with Keepalived, a frontend to IPVS with a set of healthcheckers to kick out an unhealthy component. IPVS is configured to use the Maglev scheduler, a consistent hashing algorithm from Google. Among its family, this is a great algorithm because it spreads connections fairly, minimizes disruptions during changes and is quite fast at building its lookup table. Finally, to improve performance, we let the last tier—the L7 load-balancers—sends back answers directly to the clients without involving the second tier—the L4 load-balancers. This is referred to as direct server return (DSR) or direct routing (DR).

Second tier: L4 load-balancing
L4 load-balancing with IPVS and consistent hashing as a glue between the first tier and the third tier. Backend servers have been omitted. Dotted lines represent the path for the return packets.

With such a setup, we expect packets from a flow to be able to move freely between the components of the two first tiers while sticking to the same L7 load-balancer.

Configuration🔗

Assuming ExaBGP has already been configured like described in the previous section, let’s start with the configuration of Keepalived:

virtual_server_group VS_GROUP_MH_IPv6 {
  2001:db8::198.51.100.1 80
}
virtual_server group VS_GROUP_MH_IPv6 {
  lvs_method TUN  # Tunnel mode for DSR
  lvs_sched mh    # Scheduler: Maglev
  sh-port         # Use port information for scheduling
  protocol TCP
  delay_loop 5
  alpha           # All servers are down on start
  omega           # Execute quorum_down on shutdown
  quorum_up   "/bin/touch /etc/lb/v6-ready"
  quorum_down "/bin/rm -f /etc/lb/v6-ready"

  # First L7 load-balancer
  real_server 2001:db8::192.0.2.132 80 {
    weight 1
    HTTP_GET {
      url {
        path /healthcheck
        status_code 200
      }
      connect_timeout 2
    }
  }

  # Many others...
}

The quorum_up and quorum_down statements define the commands to be executed when the service becomes available and unavailable respectively. The /etc/lb/v6-ready file is used as a signal to ExaBGP to advertise the service IP address to the neighbor routers.

Additionally, IPVS needs to be configured to continue routing packets from a flow moved from another L4 load-balancer. It should also continue routing packets from unavailable destinations to ensure we can drain properly a L7 load-balancer.

# Schedule non-SYN packets
sysctl -qw net.ipv4.vs.sloppy_tcp=1
# Do NOT reschedule a connection when destination
# doesn't exist anymore
sysctl -qw net.ipv4.vs.expire_nodest_conn=0
sysctl -qw net.ipv4.vs.expire_quiescent_template=0

The Maglev scheduling algorithm will be available with Linux 4.18, thanks to Inju Song. For older kernels, I have prepared a backport.6 Use of source hashing as a scheduling algorithm will hurt the resilience of the setup.

DSR is implemented using the tunnel mode. This method is compatible with routed datacenters and cloud environments. Requests are tunneled to the scheduled peer using IPIP encapsulation. It adds a small overhead and may lead to MTU issues. If possible, ensure you are using a larger MTU for communication between the second and the third tier.7 Otherwise, it is better to explicitely allow fragmentation of IP packets:

sysctl -qw net.ipv4.vs.pmtu_disc=0

You also need to configure the L7 load-balancers to handle encapsulated traffic:8

# Setup IPIP tunnel to accept packets from any source
ip tunnel add tunlv6 mode ip6ip6 local 2001:db8::192.0.2.132
ip link set up dev tunlv6
ip addr add 2001:db8::198.51.100.1/128 dev tunlv6

Evaluation of the resilience🔗

As configured, the second tier increases the resilience of this setup for two reasons:

  1. The scheduling algorithm is using a consistent hash to choose its destination. Such an algorithm reduces the negative impact of expected or unexpected changes by minimizing the number of flows moving to a new destination. “Consistent Hashing: Algorithmic Tradeoffs” offers more details on this subject.

  2. IPVS keeps a local connection table for known flows. When a change impacts only the third tier, existing flows will be correctly directed according to the connection table.

If we add or remove a L4 load-balancer, existing flows are not impacted because each load-balancer takes the same decision, as long as they see the same set of L7 load-balancers:

L4 load-balancing instability 1/3
Loosing a L4 load-balancer has no impact on existing flows. Each arrow is an example of flow. The dots are flow endpoints bound to the associated load-balancer. If they had moved to another load-balancer, connection would have been lost.

If we add a L7 load-balancer, existing flows are not impacted either because only new connections will be scheduled to it. For existing connections, IPVS will look at its local connection table and continue to forward packets to the original destination. Similarly, if we remove a L7 load-balancer, only existing flows terminating at this load-balancer are impacted. Other existing connections will be forwarded correctly:

L4 load-balancing instability 2/3
Loosing a L7 load-balancer only impacts the flows bound to it.

We need to have simultaneous changes on both levels to get a noticeable impact. For example, when adding both a L4 load-balancer and a L7 load-balancer, only connections moved to a L4 load-balancer without state and scheduled to the new load-balancer will be broken. Thanks to the consistent hashing algorithm, other connections will stay bound to the right L7 load-balancer. During a planned change, this disruption can be minimized by adding the new L4 load-balancers first, waiting a few minutes, then adding the new L7 load-balancers.

L4 load-balancing instability 3/3
Both a L4 load-balancer and a L7 load-balancer come back to life. The consistent hash algorithm ensures that only one fifth of the existing connections would be moved to the incoming L7 load-balancer. Some of them continue to be routed through their original L4 load-balancer, which mitigates the impact.

Additionally, IPVS correctly routes ICMP messages to the same L7 load-balancers as the associated connections. This ensures notably path MTU discovery works and there is no need for smart workarounds.

Tier 0: DNS load-balancing🔗

Optionally, you can add DNS load-balancing to the mix. This is useful either if your setup is spanned accross multiple datacenters, or multiple cloud regions, or if you want to break a large load-balancing cluster into smaller ones. It is not intended to replace the first tier as it doesn’t share the same characteristics: load-balancing is unfair (it is not flow-based) and recovery from a failure is slow.

Complete load-balancing solution
A complete load-balancing solution spanning accross two datacenters.

gdnsd is an authoritative-only DNS server with integrated healthchecking. It can serve zones from master files using the RFC 1035 zone format:

@ SOA ns1 ns1.example.org. 1 7200 1800 259200 900
@ NS ns1.example.com.
@ NS ns1.example.net.
@ MX 10 smtp

@     60 DYNA multifo!web
www   60 DYNA multifo!web
smtp     A    198.51.100.99

The special RR type DYNA will return A and AAAA records after querying the specified plugin. Here, the multifo plugin implements an all-active failover of monitored addresses:

service_types => {
  web => {
    plugin => http_status
    url_path => /healthcheck
    down_thresh => 5
    interval => 5
  }
  ext => {
    plugin => extfile
    file => /etc/lb/ext
    def_down => false
  }
}

plugins => {
  multifo => {
    web => {
      service_types => [ ext, web ]
      addrs_v4 => [ 198.51.100.1, 198.51.100.2 ]
      addrs_v6 => [ 2001:db8::198.51.100.1, 2001:db8::198.51.100.2 ]
    }
  }
}

In nominal state, an A request will be answered with both 198.51.100.1 and 198.51.100.2. An healthcheck failure will update the returned set accordingly. It is also possible to administratively remove an entry by modifying the /etc/lb/ext file. For example, with the following content, 198.51.100.2 will not be advertised anymore:

198.51.100.1 => UP
198.51.100.2 => DOWN
2001:db8::c633:6401 => UP
2001:db8::c633:6402 => UP

You can find all the configuration files and the setup of each tier in the GitHub repository. If you want to replicate this setup at a smaller scale, it is possible to collapse the second and the third tiers by using either localnode or network namespaces. Even if you don’t need its fancy load-balancing services, you should keep the last tier: while backend servers come and go, the L7 load-balancers bring stability, which translates to resiliency.


  1. In this article, “backend servers” are the servers behind the load-balancing layer. To avoid confusion, we will not use the term “frontend.” ↩︎

  2. A good summary of the paper is available from Adrian Colyer. From the same author, you may also have a look at the summary for “Stateless datacenter load-balancing with Beamer.” ↩︎

  3. If you feel this solution is fragile, feel free to develop your own agent. It could coordinate with a key-value store to determine the wanted state of the server. It is possible to centralize the agent in a single location, but you may get a chicken-and-egg problem to ensure its availability. ↩︎

  4. A flow is usually determined by the source and destination IP and the L4 protocol. Alternatively, the source and destination port can also be used. The router hashes these information to choose the destination. For Linux, you may find more information on this topic in “Celebrating ECMP in Linux.” ↩︎

  5. On Linux, it can be implemented by using Netfilter for load-balancing and conntrackd to synchronize state. IPVS only provides active/backup synchronization. ↩︎

  6. The backport is not strictly equivalent to its original version. Be sure to check the README file to understand the differences. Briefly, in Keepalived configuration, you should:

    • not use inhibit_on_failure
    • use sh-port
    • not use sh-fallback

    ↩︎

  7. At least 1520 for IPv4 and 1540 for IPv6. ↩︎

  8. As is, this configuration is a insecure. You need to ensure only the L4 load-balancers will be able to send IPIP traffic. ↩︎

08:13

Joachim Breitner: The diameter of German+English [Planet Debian]

Languages never map directly onto each other. The English word fresh can mean frisch or frech, but frish can also be cool. Jumping from one words to another like this yields entertaining sequences that take you to completely different things. Here is one I came up with:

frechfreshfrishcoolabweisenddismissivewegwerfendtrashingverhauendbangingGeklopfeknocking – …

And I could go on … but how far? So here is a little experiment I ran:

  1. I obtained a German-English dictionary. Conveniently, after registration, you can get dict.cc’s translation file, which is simply a text file with three columns: German, English, Word form.

  2. I wrote a program that takes these words and first canonicalizes them a bit: Removing attributes like [ugs.] [regional], {f}, the to in front of verbs and other embellishment.

  3. I created the undirected, bipartite graph of all these words. This is a pretty big graph – ~750k words in each language, a million edges. A path in this graph is precisely a sequence like the one above.

  4. In this graph, I tried to find a diameter. The diameter of a graph is the longest path between two nodes that you cannot connect with a shorter path.

Because the graph is big (and my code maybe not fully optimized), it ran a few hours, but here it is: The English expression be annoyed by sb. and the German noun Icterus are related by 55 translations. Here is the full list:

  • be annoyed by sb.
  • durch jdn. verärgert sein
  • be vexed with sb.
  • auf jdn. böse sein
  • be angry with sb.
  • jdm. böse sein
  • have a grudge against sb.
  • jdm. grollen
  • bear sb. a grudge
  • jdm. etw. nachtragen
  • hold sth. against sb.
  • jdm. etw. anlasten
  • charge sb. with sth.
  • jdn. mit etw. [Dat.] betrauen
  • entrust sb. with sth.
  • jdm. etw. anvertrauen
  • entrust sth. to sb.
  • jdm. etw. befehlen
  • tell sb. to do sth.
  • jdn. etw. heißen
  • call sb. names
  • jdn. beschimpfen
  • abuse sb.
  • jdn. traktieren
  • pester sb.
  • jdn. belästigen
  • accost sb.
  • jdn. ansprechen
  • address oneself to sb.
  • sich an jdn. wenden
  • approach
  • erreichen
  • hit
  • Treffer
  • direct hit
  • Volltreffer
  • bullseye
  • Hahnenfuß-ähnlicher Wassernabel
  • pennywort
  • Mauer-Zimbelkraut
  • Aaron's beard
  • Großkelchiges Johanniskraut
  • Jerusalem star
  • Austernpflanze
  • goatsbeard
  • Geißbart
  • goatee
  • Ziegenbart
  • buckhorn plantain
  • Breitwegerich / Breit-Wegerich
  • birdseed
  • Acker-Senf / Ackersenf
  • yellows
  • Gelbsucht
  • icterus
  • Icterus

Pretty neat!

So what next?

I could try to obtain an even longer chain by forgetting whether a word is English or German (and lower-casing everything), thus allowing wild jumps like hathuthüttelodge.

Or write a tool where you can enter two arbitrary words and it finds such a path between them, if there exists one. Unfortunately, it seems that the terms of the dict.cc data dump would not allow me to create such a tool as a web site (but maybe I can ask).

Or I could throw in additional languages!

What would you do?

05:13

Cat is a Career Path [Diesel Sweeties webcomic by rstevens]

sleep is dumb

Tonight's comic somehow manages to fill every moment of the day, no matter how little it has to do.

Girl Genius for Wednesday, May 23, 2018 [Girl Genius]

The Girl Genius comic for Wednesday, May 23, 2018 has been posted.

00:53

05/21/18 PHD comic: 'Upgrade' [PHD Comics]

Piled Higher & Deeper by Jorge Cham
www.phdcomics.com
Click on the title below to read the comic
title: "Upgrade" - originally published 5/21/2018

For the latest news in PHD Comics, CLICK HERE!

A gorgeous guide to the first wave of personal computers [OSNews]

Photographer James Ball (aka Docubyte) knows what a computer is. He's spent part of career lovingly photographing the machines of yesteryear, from the giant mainframes of the '50s and '60s to the first wave of personal computers in the late '70s and '80s. When he saw Apple's iPad pro advertisement that ended with a young girl asking "What's a computer?" as she typed away on her tablet, it provoked him.

"I'm not some old technophobe, and I get the whole post-computing cloud/device blah blah thing," Ball told Motherboard via email. "But I wanted to pick up an old Mac and say 'Hey! Remember this? This is a computer. The era of crazy shaped beige boxes and clunky clicking keyboards, for me and a lot of other people, that is a computer."

To honor those machines, Ball has created a series of high resolution animated gifs honoring 16 machines from the era of the birth of the personal computer. He calls the project 'I Am a Computer: Icons of Beige.'

These are gorgeous.

Eudora source code released [OSNews]

Computer History Museum (CHM), the world's leading institution exploring the history of computing and its impact on the human experience, today announced the public release and long-term preservation of the Eudora source code, one of the early successful email clients, as part of its Center for Software History's Historical Source Code. The release comes after a five-year negotiation with Qualcomm.

The source code for both the Mac and Windows versions are released, and there's a post on Medium with more details about this latest work by the Computer History Museum.

I've never used Eudora in any serious manner, so I don't have the kind of connection with it that some others have. Still, I am always happy when 'dead' software's source code is released as open source, so that it effectively never dies.

PlayStation CEO: PS4 entering final phase of life cycle [OSNews]

PlayStation 4 is entering the final phase of its life cycle, Sony Interactive Entertainment president and CEO John (Tsuyoshi) Kodera said at Sony Investor Relations Day 2018 in Tokyo today. The platform first launched in North America and Europe in November 2013, followed by Japan in February 2014. It has shipped 79 million units as of March 31, 2018.

Didn't I just buy a PS4 Pro? Am I the only one to whom this seems... A little premature?

Savage Love [The Stranger, Seattle's Only Newspaper: Savage Love]

Can she still call herself a lesbian if she sleeps with guys? by Dan Savage

I like watersports, and I heard about a guy in a rural area who holds piss parties in his backyard. I found a mailing list for those interested in piss play, and it wasn't long before he posted about one of these parties. People on the list talk a big game, but no one else has stepped up to host something, including me. (I would, but four neighbors look into my backyard.) The host has very simple rules for who can attend: You have to identify as a guy and wear masculine attire. I get to the party, and there were about four guys and the host. I had a good time. The host had plenty of drinks out, towels, chairs, canopies, and candles to ward off the mosquitoes. I've been back a couple times. Everyone is friendly enough and there's the right amount of perversion. So what's the problem? The host. He's loud and annoying. He insists on putting classical music on (it doesn't set the mood very well). He tells the same lame jokes every time he's pissing on someone. He will complain that people say they're coming and don't show. If you are having a moment with someone, he will invariably horn in on the action. Without being rude, I've tried to make it clear that we are not looking for company, but he doesn't take the hint. It's his party, and props to him for hosting it—but it takes the fun out of it when the host doesn't know when to back off. I've gotten to the point where it's not worth the effort to go. Do I just get over it, or say something privately?

Person Exasperates Enthusiast

The advice I gave a different reader about dealing with a guest horning in on the action at an orgy applies in your case: "Even kind and decent people can be terrible about taking hints—especially when doing so means getting cut out of a drunken fuckfest. So don't hint, tell. There's no rule of etiquette that can paper over the discomfort and awkwardness of that moment, so you'll just have to power through it."

Swap out "drunken fuckfest" for "drenchin' piss scene," and the advice works—up to a point, PEE, because the person in your case who needs telling, not hinting, isn't one of the guests, he's the host. (And he sounds like a gracious host. I mean, drinks, towels, and canapés* at a piss party? Swank.) But your host's behavior sounds genuinely annoying. Hosting a sex party doesn't give someone the right to insert himself into someone else's scene, and stupid jokes have the power to kill the mood and murder the boners.

So what do you do?

Well, you could send your host an e-mail or give him a call. Thank him for the invite, let him know you appreciate the effort he goes to (such delicious canapés!), and then tell him why some people say they're coming and don't show: You're too loud, your music is awful, you have a bad habit of horning in on the action, and you need to learn some new jokes to tell when you're pissing on someone (or, better yet, not tell any jokes at all). But I don't think ticking off a list of his shortcomings is going to get you anywhere other than crossed off the invite list to future parties.

So why not make your own piss party? You don't need a big backyard—I mean, presumably your place has a tub. Supplement your tub with a couple of kiddie pools on top of some plastic tarp laid down on the living room or basement floor. Ask your guests to keep it in the tub or pool or on the tarp. You get to choose the guys, you get to select the music, and, as host, you can lay down the law about making jokes and horning in on the action: Both are forbidden, and joke-telling horner-inners will be asked to pull up their pants and leave.

One last thought: If you have it in you to invest some time in getting to know this guy—if you treat him like a human being—you might be able to draw him out on something that clearly frustrates him: guys who say they're coming to the party but don't show. If he seems genuinely baffled, PEE, that's your opening to ask if he'd like some constructive feedback. If he says yes, you can very gently run through your list of ways to improve his parties: no jokes, better music, and a "no horning in" rule for all (not just for him).

* Yes, I know: There were canopies at the party, not canapés—tents, not hors d'oeuvres. But I read it as canapés at first, and the mental image of piss players daintily eating canapés between scenes was so much more entertaining than the mental image of piss players huddling under canopies that I stuck with my original reading.


I had a MMF threesome with my husband and a man we met on Instagram (of all places)! Everyone had a good time, and there was no awkwardness afterward. I think things went so well because after years of reading Savage Love, we knew to "use our words" and treat our "very special guest star" with respect! Thanks, Dan!

My Ultimate Fantasy Fulfilled

You're welcome, MUFF!


I'm a cis woman and recently came out as a lesbian after identifying as bisexual for three years. After having sexual encounters with men and women, I finally admitted to myself that I am gay. Now that I'm finally out, I don't want to do anything that would make me feel like denying it again. My question is, am I a bad lesbian if I sleep with a guy? I'm currently working 50 hours a week and going to school. I don't have time for a relationship, and finding casual hookups with women is difficult. A male friend I know and trust recently propositioned me. At first I said no, but now I'm rethinking it. Sex with men doesn't compare at all to sex with women for me. On a scale of 1 to 10, it's definitely in the below 5 range. But my mind says, "It's still sex!" and I would enjoy it to a point. But I worry that doing this would call my sexuality into question. I feel like I'd definitely have to hide this from my friends. And if I feel guilty enough to hide it, maybe I shouldn't do it? Finally identifying as a lesbian was like breathing out for me. I feel way more like myself and am way happier now. But I worry that even being willing to consider this makes me seem bi. I guess I'm looking for permission and absolution. Would this make me a "bad" lesbian? Or would it mean I should identify as bi?

Girl Asking You

I've often been accused of having a pro-dick- sitting bias, GAY, so I decided to recuse myself and pass your question on to a couple of lesbians.

"She is way too concerned with labels," said Lesbian #1. "I used to slip on a dick once every few years—before I quit drinking tequila—and that didn't make me any less of a raging, homo-romantic dyke. And if her friends give that much of a fuck about who she bones, she needs friends with more interesting hobbies."

"I don't think there is anything wrong with her or any lesbian wanting to sleep with a guy," said Lesbian #2. "I wouldn't sleep with a guy, but I do agree that women trying to casually hook up with other women is much more difficult than men with men or even men with women. Women instantly want to be your long-term partner after one hookup—the U-Haul jokes are fucking real. But if identifying as something is important to her, I think identifying as queer might be a better option for now rather than struggling to figure out if she is only bi or only lesbian and only those forever."


On the Lovecast, porn by women, for women?
Yes, please: savagelovecast.com.

mail@savagelove.net

@fakedansavage

ITMFA.org

[ Comment on this story ]

[ Subscribe to the comments on this story ]

Tuesday, 22 May

23:23

Jonathan McDowell: Home Automation: Graphing MQTT sensor data [Planet Debian]

So I’ve setup a MQTT broker and I’m feeding it temperature data. How do I actually make use of this data? Turns out collectd has an MQTT plugin, so I went about setting it up to record temperature over time.

First problem was that although the plugin supports MQTT/TLS it doesn’t support it for subscriptions until 5.8, so I had to backport the fix to the 5.7.1 packages my main collectd host is running.

The other problem is that collectd is picky about the format it accepts for incoming data. The topic name should be of the format <host>/<plugin>-<plugin_instance>/<type>-<type_instance> and the data is <unixtime>:<value>. I modified my MQTT temperature reporter to publish to collectd/mqtt-host/mqtt/temperature-study, changed the publish line to include the timestamp:

publish.single(pub_topic, str(time.time()) + ':' + str(temp),
            hostname=Broker, port=8883,
            auth=auth, tls={})

and added a new collectd user to the Mosquitto configuration:

mosquitto_passwd -b /etc/mosquitto/mosquitto.users collectd collectdpass

And granted it read-only access to the collectd/ prefix via /etc/mosquitto/mosquitto.acl:

user collectd
topic read collectd/#

(I also created an mqtt-temp user with write access to that prefix for the Python script to connect to.)

Then, on the collectd host, I created /etc/collectd/collectd.conf.d/mqtt.conf containing:

LoadPlugin mqtt

<Plugin "mqtt">
        <Subscribe "ha">
                Host "mqtt-host"
                Port "8883"
                User "collectd"
                Password "collectdpass"
                CACert "/etc/ssl/certs/ca-certificates.crt"
                Topic "collectd/#"
        </Subscribe>
</Plugin>

I had some initial problems when I tried setting CACert to the Let’s Encrypt certificate; it actually wants to point to the “DST Root CA X3” certificate that signs that. Or using the full set of installed root certificates as I’ve done works too. Of course the errors you get back are just of the form:

collectd[8853]: mqtt plugin: mosquitto_loop failed: A TLS error occurred.

which is far from helpful. Once that was sorted collectd started happily receiving data via MQTT and producing graphs for me:

Study temperature

This is a pretty long winded way of ending up with some temperature graphs - I could have just graphed the temperature sensor using collectd on the Pi to send it to the monitoring host, but it has allowed a simple MQTT broker, publisher + subscriber setup with TLS and authentication to be constructed and confirmed as working.

Watermelon Salsa! [Whatever]

Hey guys! To kick off day two of writing on Whatever, I have decided to post a recipe. There were a surprising number of people in the comments of yesterday’s post that said they were looking forward to seeing what I make in the kitchen, and I was planning to make something today anyways, so I figured I might as well post it!

This past winter was, like, the longest winter I’ve ever lived through. I forgot for a second what in-season fruit tasted like. But now that summer is finally here, I bought a watermelon! I have never bought one before now, so that was an enthralling experience.

There a ton of recipes online for watermelon salsa, and while they are all unique in their own ways, they are all basically composed of the same few ingredients, which is watermelon, cucumber, red onion, and mango. Using my collective knowledge of these recipes, I just went for it and threw it together in a bowl.

Here’s what I used:

3 cups watermelon, diced

1 cucumber, peeled and diced

1/3 of a regular sized sweet red onion, diced

Juice of one lime

1 tbsp of sugar

Sprinkle of garlic salt (optional)

A very inexact amount of cayenne pepper (also optional)

Salt and pepper

So yeah, just throw all that together in a bowl and mix! Originally, I also had a mango I was going to use, but I had never bought a mango before today and apparently the one I bought was very very not ripe. So instead I added a little bit of mango flavored white balsamic vinegar, but I really wish there were actual chunks of mango in this bad boy. I think the sweetness of the mango would’ve been a great addition, as well as added some awesome color.

As for the cayenne pepper, just add as much as you want! Originally, I wasn’t even going to put any in because I’m a weakling in the ways of spice, but it seems like most other people in this household likes a kick to their food, so I just sprinkled a good amount in and hoped I wouldn’t die later.

Okay, so, about cost. From the store, I bought a watermelon, a mango, two limes (you only need one, though), a red onion, and a cucumber. I already had the garlic salt and cayenne pepper at home. All together, the produce cost $8.86 (this is including the mango I ended up not using). The most expensive thing was the watermelon, which was five bucks for a whole seedless one. Cost is very important to me. Food prices add up quickly, especially in recipes where you have none of the ingredients at home and have to go out and buy literally everything on the list.

If you end up making this, send me a picture on Twitter (@ascalzi98)! I would love to see if y’all end up adding anything, like the mango, or whatever else you think would be good in it! Hope you enjoy this summery and fresh salsa!

22:33

05/22/18 [Flipside]

Just updated my Patreon with 4 more pages of the adult Flipside comic! https://www.patreon.com/user?u=4949215

Eddy Petrișor: rust for cortex-m7 baremetal [Planet Debian]

This is a reminder for myself, if you want to install rust for a baremetal Cortex-M7 target, this seems to be a tier 3 platform:

https://forge.rust-lang.org/platform-support.html

Higlighting the relevant part:

Target std rustc cargo notes
...
msp430-none-elf * 16-bit MSP430 microcontrollers
sparc64-unknown-netbsd NetBSD/sparc64
thumbv6m-none-eabi * Bare Cortex-M0, M0+, M1
thumbv7em-none-eabi *

Bare Cortex-M4, M7
thumbv7em-none-eabihf * Bare Cortex-M4F, M7F, FPU, hardfloat
thumbv7m-none-eabi * Bare Cortex-M3
...
x86_64-unknown-openbsd 64-bit OpenBSD

In order to enable the relevant support, use the nightly build and add the relevant target:
eddy@feodora:~/usr/src/rust-uc$ rustup show
Default host: x86_64-unknown-linux-gnu

installed toolchains
--------------------

stable-x86_64-unknown-linux-gnu
nightly-x86_64-unknown-linux-gnu (default)

active toolchain
----------------

nightly-x86_64-unknown-linux-gnu (default)
rustc 1.28.0-nightly (cb20f68d0 2018-05-21)
If not using nightly, switch to that:

eddy@feodora:~/usr/src/rust-uc$ rustup default nightly-x86_64-unknown-linux-gnu
info: using existing install for 'nightly-x86_64-unknown-linux-gnu'
info: default toolchain set to 'nightly-x86_64-unknown-linux-gnu'

  nightly-x86_64-unknown-linux-gnu unchanged - rustc 1.28.0-nightly (cb20f68d0 2018-05-21)
Add the needed target:
eddy@feodora:~/usr/src/rust-uc$ rustup target add thumbv7em-none-eabi
info: downloading component 'rust-std' for 'thumbv7em-none-eabi'
  5.4 MiB /   5.4 MiB (100 %)   5.1 MiB/s ETA:   0 s               
info: installing component 'rust-std' for 'thumbv7em-none-eabi'
eddy@feodora:~/usr/src/rust-uc$ rustup show
Default host: x86_64-unknown-linux-gnu

installed toolchains
--------------------

stable-x86_64-unknown-linux-gnu
nightly-x86_64-unknown-linux-gnu (default)

installed targets for active toolchain
--------------------------------------

thumbv7em-none-eabi
x86_64-unknown-linux-gnu

active toolchain
----------------

nightly-x86_64-unknown-linux-gnu (default)
rustc 1.28.0-nightly (cb20f68d0 2018-05-21)
Then compile with --target.

[1028] Aural Explanation [Twokinds]

Comic for May 22, 2018

Delaware! Tonight, a public vote will determine the fate of one of the state's most important libraries [Boing Boing]

Walter Stabosz writes, "Delaware was the first state to ratify the US constitution, giving it the moniker 'The First State.' It is also the second smallest state, and has only three counties. Tonight in Delaware's most populous county, New Castle County, there will be a vote that may decide the fate of a library built in one of New Castle's most underserved and at-risk communities. (more…)

21:43

Where to find me at Phoenix Comics Fest this week [Cory Doctorow's craphound.com]

I’m heading to Phoenix Comics Fest tomorrow (going straight to the airport from my daughter’s elementary school graduation) (!), and I’ve got a busy schedule so I thought I’d produce a comprehensive list of the places you can find me in Phoenix:


Wednesday, May 23: Elevenageddon at Poisoned Pen books, 4014 N Goldwater Blvd, Scottsdale, AZ 85251, 7-8PM (“A Multi-Author Sci-Fi Event”)

Thursday, May 24:

Transhumans and Transhumanism in Fiction, North 126AB, with Emily Devenport and Sylvain Neuvel, 12PM-1PM

Prophets of Sci-Fi, North 125AB, with Emily Devenport, Sylvain Neuvel and John Scalzi, 3PM-4PM

Tor Authors Signing, Exhibitor Hall Author Signing area, 4:30PM-530PM

Building a Franken-Book, North 126C, with Bob Beard, Joey Eschrich and Ed Finn


Friday, May 25:

Two Truths and a Lie, North 122ABC, with Myke Cole, Emily Devenport, K Arsenault Rivera and John Scalzi, 1030AM-1130AM

Solo Presentation, North 122ABC, 1:30PM-2:30PM

Signing, Exhibitor Hall Author Signing Area, 3PM-4PM

Saturday, May 26:

Cory Doctorow & John Scalzi in Conversation about Politics in Sci Fi and Fantasy, North 125AB, 12PM-1PM

Signing, North 124AB, 1:15PM-2:15PM

Feeds

FeedRSSLast fetchedNext fetched after
XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
a bag of four grapes XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
A Smart Bear: Startups and Marketing for Geeks XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
All - O'Reilly Media XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Anarcho's blog XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Ansible XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Bad Science XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Black Doggerel XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Blog – Official site of Stephen Fry XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Boing Boing XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Broodhollow XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Charlie Brooker | The Guardian XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Charlie's Diary XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Chasing the Sunset - Comics Only XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Clay Shirky XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Coding Horror XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Cory Doctorow's craphound.com XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Ctrl+Alt+Del Comic XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Cyberunions XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
David Mitchell | The Guardian XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
DC's Improbable Science XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Debian GNU/Linux System Administration Resources XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Deeplinks XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Diesel Sweeties webcomic by rstevens XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Dork Tower XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Edmund Finney's Quest to Find the Meaning of Life XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Eerie Cuties XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
EFF Action Center XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Erin Dies Alone XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Events XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Falkvinge on Liberty XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Flipside XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Free software jobs XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Full Frontal Nerdity by Aaron Williams XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
General Protection Fault: The Comic Strip XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
George Monbiot XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Girl Genius XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
God Hates Astronauts XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Graeme Smith XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Groklaw XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Hackney Anarchist Group XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://cashing-knowledge.jp/?feed=rss2 XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://dungeond.com/comic.rss XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://eng.anarchoblogs.org/feed/atom/ XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://feed43.com/3874015735218037.xml XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://feeds2.feedburner.com/GeekEtiquette?format=xml XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://fulltextrssfeed.com/feeds2.feedburner.com/uclick/doonesbury?format=xml XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://london.indymedia.org/articles.rss XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://the-programmers-stone.com/feed/ XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://thecommune.co.uk/feed/ XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://ubuntuweblogs.org/atom.xml XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.amongruins.org/?feed=atom XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.baen.com/baenebooks XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.freedompress.org.uk/news/feed/ XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.goblinscomic.com/category/comics/feed/ XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.hackneysolidarity.info/rss.xml XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.steampunkmagazine.com/inside/feed/ XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
http://www.tinycat.co.uk/feed/ XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
https://hackbloc.org/rss.xml XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
https://kajafoglio.livejournal.com/data/atom/ XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
https://kimmo.suominen.com/stuff/dilbert-daily.xml XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
https://philfoglio.livejournal.com/data/atom/ XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
https://studiofoglio.livejournal.com/data/atom/ XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
https://twitter.com/statuses/user_timeline/22724360.rss XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
https://web.randi.org/?format=feed&type=rss XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Humble Bundle Blog XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
I, Cringely XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Irregular Webcomic! XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Joel on Software XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Judith Proctor's Journal XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Krebs on Security XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Lambda the Ultimate - Programming Languages Weblog XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
LFG Comics XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
LLVM Project Blog XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Loomio Blog XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
LWN.net XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Menage a 3 XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Mimi and Eunice XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Neil Gaiman's Journal XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Nina Paley's Blog XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
O Abnormal – Scifi/Fantasy Artist XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Oglaf! -- Comics. Often dirty. XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Order of the Stick XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Original Fiction – Tor.com XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
OSNews XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Paul Graham: Unofficial RSS Feed XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Penny Arcade XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Penny Red XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
PHD Comics XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Phil's blog XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Planet Debian XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Planet GridPP XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Planet Lisp XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Property is Theft! XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
QC RSS XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Scenes From A Multiverse XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Schneier on Security XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
SCHNEWS.ORG.UK XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Scripting News XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Seth Godin's Blog on marketing, tribes and respect XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Skin Horse XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Starslip by Kris Straub XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Tales From the Riverbank XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Adventures of Dr. McNinja XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Bumpycat sat on the mat XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Command Line XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Daily WTF XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Monochrome Mob XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Non-Adventures of Wonderella XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Old New Thing XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Open Source Grid Engine Blog XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Phoenix Requiem XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Rogues Gallery XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
The Stranger, Seattle's Only Newspaper: Savage Love XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
TorrentFreak XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
towerhamletsalarm XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Twokinds XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
UK Indymedia Features XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Uploads from ne11y XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Uploads from piasladic XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
What If? XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Whatever XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
Whitechapel Anarchist Group XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
WIL WHEATON dot NET XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
wish XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May
xkcd.com XML 10:23, Saturday, 26 May 11:03, Saturday, 26 May