Monday, 28 September

12:07

The Watchdog Hydra [The Daily WTF]

Ammar A uses Node to consume an HTTP API. The API uses cookies to track session information, and ensures those cookies expire, so clients need to periodically re-authenticate. How...

11:14

Grrl Power #879 – Immovable grapple [Grrl Power]

He’s scratching his cheek, but I don’t think his cheek can itch. It’s probably an affectation.

Achilles would be a real pain in the ass as a grappler. There are certainly beings who can simple muscle him off, no matter how good of a lock he gets, but short of someone exceptionally strong, there’s no real way to shake him. Wrenching his pinky or thumb back won’t hurt him, you can’t poke him in the eye or kick him in the nuts. Well, you can, but it won’t help.

Of course, the fact that he is so potentially effective as a grappler is something Maxima has encouraged him to pursue. She was keen to impress upon him that drawing fire, while useful, is an underutilization of his abilities. He counter-suggested grappling people while clutching live grenades, as a sort of non-suicide bomber, at which point Maxima referred him to Doctor Frost.

“I meant flashbangs?”

I wonder when the last time the Human Torch was choked out. Sure, high level villains like Apocalypse or Darkseid could throttle him with little effort, but they don’t strike me as grapplers. Besides the high tier antagonists, anyone fire based could swing it. Maybe a Sand Guy. Or an Ice Guy. Or an energy absorber or power negator or someone with Nemesis or Asbestos Man. Okay, come to think of it, he probably gets strangled every other comic.

But you get my point. Someone like the Human Torch or Acid Man or Thorn Gal or Cherenkov Radiation Lass probably aren’t prepared for someone to put them in an arm bar.


Double res version will be posted over at Patreon. Feel free to contribute as much as you like!

11:00

Kentaro Hayashi: dnsZoneEntry: field should be removed when DD is retired [Planet Debian]

It is known that Debian Developer can setup *.debian.net.

wiki.debian.org

When Debian Developer had retired, actual DNS entry is removed, but dnsZoneEntry: field is kept on LDAP (db.debian.org)

So you can not reuse *.debian.net if retired Debian Developer owns your prefered subdomain already.

I've posted question about this current undocumented specification.

lists.debian.org

Vincent Bernat: Syncing RIPE, ARIN and APNIC objects with a custom Ansible module [Planet Debian]

Internet is split into five regional Internet registry: AFRINIC, ARIN, APNIC, LACNIC and RIPE. Each RIR maintains an Internet Routing Registry. An IRR allows one to publish information about the routing of Internet number resources.1 Operators use this to determine the owner of an IP address and to construct and maintain routing filters. To ensure your routes are widely accepted, it is important to keep the prefixes you announce up-to-date in an IRR.

There are two common tools to query this database: whois and bgpq4. The first one allows you to do a query with the WHOIS protocol:

$ whois -BrG 2a0a:e805:400::/40
[…]
inet6num:       2a0a:e805:400::/40
netname:        FR-BLADE-CUSTOMERS-DE
country:        DE
geoloc:         50.1109 8.6821
admin-c:        BN2763-RIPE
tech-c:         BN2763-RIPE
status:         ASSIGNED
mnt-by:         fr-blade-1-mnt
remarks:        synced with cmdb
created:        2020-05-19T08:04:58Z
last-modified:  2020-05-19T08:04:58Z
source:         RIPE

route6:         2a0a:e805:400::/40
descr:          Blade IPv6 - AMS1
origin:         AS64476
mnt-by:         fr-blade-1-mnt
remarks:        synced with cmdb
created:        2019-10-01T08:19:34Z
last-modified:  2020-05-19T08:05:00Z
source:         RIPE

The second one allows you to build route filters using the information contained in the IRR database:

$ bgpq4 -6 -S RIPE -b AS64476
NN = [
    2a0a:e805::/40,
    2a0a:e805:100::/40,
    2a0a:e805:300::/40,
    2a0a:e805:400::/40,
    2a0a:e805:500::/40
];

There is no module available on Ansible Galaxy to manage these objects. Each IRR has different ways of being updated. Some RIRs propose an API but some don’t. If we restrict ourselves to RIPE, ARIN and APNIC, the only common method to update objects is email updates, authenticated with a password or a GPG signature.2 Let’s write a custom Ansible module for this purpose!

Notice

I recommend that you read “Writing a custom Ansible module” as an introduction, as well as “Syncing MySQL tables” for a more instructive example.

Code

The module takes a list of RPSL objects to synchronize and returns the body of an email update if a change is needed:

- name: prepare RIPE objects
  irr_sync:
    irr: RIPE
    mntner: fr-blade-1-mnt
    source: whois-ripe.txt
  register: irr

Prerequisites

The source file should be a set of objects to sync using the RPSL language. This would be the same content you would send manually by email. All objects should be managed by the same maintainer, which is also provided as a parameter.

Signing and sending the result is not the responsibility of this module. You need two additional tasks for this purpose:

- name: sign RIPE objects
  shell:
    cmd: gpg --batch --user noc@example.com --clearsign
    stdin: "{{ irr.objects }}"
  register: signed
  check_mode: false
  changed_when: false

- name: update RIPE objects by email
  mail:
    subject: "NEW: update for RIPE"
    from: noc@example.com
    to: "auto-dbm@ripe.net"
    cc: noc@example.com
    host: smtp.example.com
    port: 25
    charset: us-ascii
    body: "{{ signed.stdout }}"

You also need to authorize the PGP keys used to sign the updates by creating a key-cert object and adding it as a valid authentication method for the corresponding mntner object:

key-cert:  PGPKEY-A791AAAB
certif:    -----BEGIN PGP PUBLIC KEY BLOCK-----
certif:    
certif:    mQGNBF8TLY8BDADEwP3a6/vRhEERBIaPUAFnr23zKCNt5YhWRZyt50mKq1RmQBBY
[]
certif:    -----END PGP PUBLIC KEY BLOCK-----
mnt-by:    fr-blade-1-mnt
source:    RIPE

mntner:    fr-blade-1-mnt
[]
auth:      PGPKEY-A791AAAB
mnt-by:    fr-blade-1-mnt
source:    RIPE

Module definition

Starting from the skeleton described in the previous article, we define the module:

module_args = dict(
    irr=dict(type='str', required=True),
    mntner=dict(type='str', required=True),
    source=dict(type='path', required=True),
)

result = dict(
    changed=False,
)

module = AnsibleModule(
    argument_spec=module_args,
    supports_check_mode=True
)

Getting existing objects

To grab existing objects, we use the whois command to retrieve all the objects from the provided maintainer.

# Per-IRR variations:
# - whois server
whois = {
    'ARIN': 'rr.arin.net',
    'RIPE': 'whois.ripe.net',
    'APNIC': 'whois.apnic.net'
}
# - whois options
options = {
    'ARIN': ['-r'],
    'RIPE': ['-BrG'],
    'APNIC': ['-BrG']
}
# - objects excluded from synchronization
excluded = ["domain"]
if irr == "ARIN":
    # ARIN does not return these objects
    excluded.extend([
        "key-cert",
        "mntner",
    ])

# Grab existing objects
args = ["-h", whois[irr],
        "-s", irr,
        *options[irr],
        "-i", "mnt-by",
        module.params['mntner']]
proc = subprocess.run("whois", *args, capture_output=True)
if proc.returncode != 0:
    raise AnsibleError(
        f"unable to query whois: {args}")
output = proc.stdout.decode('ascii')
got = extract(output, excluded)

The first part of the code setup some IRR-specific constants: the server to query, the options to provide to the whois command and the objects to exclude from synchronization. The second part invokes the whois command, requesting all objects whose mnt-by field is the provided maintainer. Here is an example of output:

$ whois -h whois.ripe.net -s RIPE -BrG -i mnt-by fr-blade-1-mnt
[…]

inet6num:       2a0a:e805:300::/40
netname:        FR-BLADE-CUSTOMERS-FR
country:        FR
geoloc:         48.8566 2.3522
admin-c:        BN2763-RIPE
tech-c:         BN2763-RIPE
status:         ASSIGNED
mnt-by:         fr-blade-1-mnt
remarks:        synced with cmdb
created:        2020-05-19T08:04:59Z
last-modified:  2020-05-19T08:04:59Z
source:         RIPE

[…]

route6:         2a0a:e805:300::/40
descr:          Blade IPv6 - PA1
origin:         AS64476
mnt-by:         fr-blade-1-mnt
remarks:        synced with cmdb
created:        2019-10-01T08:19:34Z
last-modified:  2020-05-19T08:05:00Z
source:         RIPE

[…]

The result is passed to the extract() function. It parses and normalizes the results into a dictionary mapping object names to objects. We store the result in the got variable.

def extract(raw, excluded):
    """Extract objects."""
    # First step, remove comments and unwanted lines
    objects = "\n".join([obj
                         for obj in raw.split("\n")
                         if not obj.startswith((
                                 "#",
                                 "%",
                         ))])
    # Second step, split objects
    objects = [RPSLObject(obj.strip())
               for obj in re.split(r"\n\n+", objects)
               if obj.strip()
               and not obj.startswith(
                   tuple(f"{x}:" for x in excluded))]
    # Last step, put objects in a dict
    objects = {repr(obj): obj
               for obj in objects}
    return objects

RPSLObject() is a class enabling normalization and comparison of objects. Look at the module code for more details.

>>> output="""
... inet6num:       2a0a:e805:300::/40
... […]
... """
>>> pprint({k: str(v) for k,v in extract(output, excluded=[])})
{'<Object:inet6num:2a0a:e805:300::/40>':
   'inet6num:       2a0a:e805:300::/40\n'
   'netname:        FR-BLADE-CUSTOMERS-FR\n'
   'country:        FR\n'
   'geoloc:         48.8566 2.3522\n'
   'admin-c:        BN2763-RIPE\n'
   'tech-c:         BN2763-RIPE\n'
   'status:         ASSIGNED\n'
   'mnt-by:         fr-blade-1-mnt\n'
   'remarks:        synced with cmdb\n'
   'source:         RIPE',
 '<Object:route6:2a0a:e805:300::/40>':
   'route6:         2a0a:e805:300::/40\n'
   'descr:          Blade IPv6 - PA1\n'
   'origin:         AS64476\n'
   'mnt-by:         fr-blade-1-mnt\n'
   'remarks:        synced with cmdb\n'
   'source:         RIPE'}

Comparing with wanted objects

Let’s build the wanted dictionary using the same structure, thanks to the extract() function we can use verbatim:

with open(module.params['source']) as f:
    source = f.read()
wanted = extract(source, excluded)

The next step is to compare got and wanted to build the diff object:

if got != wanted:
    result['changed'] = True
    if module._diff:
        result['diff'] = [
            dict(before_header=k,
                 after_header=k,
                 before=str(got.get(k, "")),
                 after=str(wanted.get(k, "")))
            for k in set((*wanted.keys(), *got.keys()))
            if k not in wanted or k not in got or wanted[k] != got[k]]

Returning updates

The module does not have a side effect. If there is a difference, we return the updates to send by email. We choose to include all wanted objects in the updates (contained in the source variable) and let the IRR ignore unmodified objects. We also append the objects to be deleted by adding a delete: attribute to each them them.

# We send all source objects and deleted objects.
deleted_mark = f"{'delete:':16}deleted by CMDB"
deleted = "\n\n".join([f"{got[k].raw}\n{deleted_mark}"
                       for k in got
                       if k not in wanted])
result['objects'] = f"{source}\n\n{deleted}"

module.exit_json(**result)

The complete code is available on GitHub. The module supports both --diff and --check flags. It does not return anything if no change is detected. It can work with APNIC, RIPE and ARIN. It is not perfect: it may not detect some changes,3 it is not able to modify objects not owned by the provided maintainer4 and some attributes cannot be modified, requiring to manually delete and recreate the updated object.5 However, this module should automate 95% of your needs.


  1. Other IRRs exist without being attached to a RIR. The most notable one is RADb↩︎

  2. ARIN is phasing out this method in favor of IRR-online. RIPE has an API available, but email updates are still supported and not planned to be deprecated. APNIC plans to expose an API↩︎

  3. For ARIN, we cannot query key-cert and mntner objects and therefore we cannot detect changes in them. It is also not possible to detect changes to the auth mechanisms of a mntner object. ↩︎

  4. APNIC do not assign top-level objects to the maintainer associated with the owner. ↩︎

  5. Changing the status of an inetnum object requires deleting and recreating the object. ↩︎

10:28

Here I am [Seth's Blog]

When we say, “here, I made this,” we’re not seeking credit, we’re taking responsibility.

To be seen, to learn, to own it, to do it better next time.

Hiding is too easy. And hiding is a trap.

10:07

Contact tracing and privacy [Richard Stallman's Political Notes]

The UK's Covid-19 contact tracing app asks users to scan a QR code when they enter certain places.

I suspect that scanning the QR code immediately informs the state where the phone is located at that moment. That is a violation of people's privacy.

The Google/Apple contact detection protects privacy pretty well, though I am not an expert on it. I'd be willing to use that, if it did not require a mobile phone.

Italy has an approach I think is better, both for finding all cases and for respecting privacy: simply test all the acquaintances of anyone that catches Covid-19, and don't worry about whether they saw each other recently.

No-knock breakins by thugs [Richard Stallman's Political Notes]

The grand jury did not indict any of the thugs involved in killing Breonna Taylor for that killing. Naturally this triggered protests in many cities.

The decision not to charge the thugs may have been imposed by law. I saw an article, a couple of months ago, which explained that the thugs could legally claim self-defense, and it would have been impossible to convict them.

I did not link to that article because it ended with antisocialist views about right and wrong, which I did not want to link to, and because I did not know if its claims about the legalities were valid. But the outcome suggests that they were.

Since we condemn the outcome, we need to consider this question: at what point did the thugs commit an act that they deserve to be punished for?

I believe that point was when they broke into the house without announcing who they were. When cops act like burglars, they invite the residents to shoot; but if the residents do so, they are the ones that are likely to get killed, as happened this time.

The outcome we want is that innocent people don't risk death. One way to get that outcome is to make cops identify themselves as cops before entering, with no exceptions. Criminals might fight with or without the announcement, but the announcement will inform innocent residents not to.

It is not enough to set a policy against no-knock breakins. It should be a crime for thugs to do that, so we can indeed punish them when they do.

We could allow the cops to send unarmed robots to enter the house, given a warrant. If robots get shot, it is no great loss, and they would not try to shoot back.

Labour's target [Richard Stallman's Political Notes]

*Labour's target should be the Tory party, not Johnson's credibility.*

Plans to build oil wells near Lake Chad [Richard Stallman's Political Notes]

Chad is planning to build oil wells near Lake Chad.

The shore of Lake Chad belongs to four countries, all of which will be harmed when the oil pollutes the lake. Meanwhile, the greenhouse emissions from burning the oil will harm the whole world. We cannot afford to extract all the oil from existing wells, so any new well is at best wasted expense, and at worst an assurance of doom.

Still no federal limits for PFAS compounds [Richard Stallman's Political Notes]

*The federal government has still not set limits for PFAS compounds, and some allege that could be because it is a polluter of them itself*.

Reporter missing since piece on China's Covid-19 response [Richard Stallman's Political Notes]

Chen Qiushi, who reported on China's measures to deal with Covid-19, disappeared on Feb 10. It appears he has been a prisoner ever since.

China continues building prisons for Uighurs [Richard Stallman's Political Notes]

China continues building prisons for Uighurs — 380 have been discovered so far. Some are adjacent to factories.

Some ancient Uighur neighborhoods in Xinjiang are now empty of people. All the inhabitants have been moved, perhaps to those prisons.

08:42

Wretched [Ctrl+Alt+Del Comic]

A future with a true game-streaming service sounds fantastic. I love the idea of leaving the hardware to a supercomputer somewhere, and beaming games directly to people’s TV with little additional hardware to upgrade/maintain. It’s a fantastic concept.

But it has, thus far, not worked on a mass scale. There are still bottlenecks in places these companies have no control over. And yet to my surprise, these companies keep looking at what’s come before, in all of its mediocre glory, and saying “Yeah, I’ll have me some of that.” 

Big companies pushing this concept against its boundaries are probably the only thing that will drive it to maybe eventually succeed on a universal level. But in the meantime… meh.

The post Wretched appeared first on Ctrl+Alt+Del Comic.

08:14

Comic: Hold The Yogurt [Penny Arcade]

New Comic: Hold The Yogurt

07:07

1439 [Looking For Group]

The post 1439 appeared first on Looking For Group.

Girl Genius for Monday, September 28, 2020 [Girl Genius]

The Girl Genius comic for Monday, September 28, 2020 has been posted.

05:07

grep-3.5 released [stable] [Planet GNU]

This is to announce grep-3.5, a stable release.

Thanks especially to Paul Eggert, Norihiro Tanaka and Bruno Haible
for changes both in grep proper and in gnulib.

There have been 56 commits by 3 people in the 38 weeks since 3.4.

See the NEWS below for a summary.

Thanks to everyone who has contributed!
The following people contributed changes to this release:

  Jim Meyering (22)
  Norihiro Tanaka (1)
  Paul Eggert (33)

Jim [on behalf of the grep maintainers]
==================================================================

Here is the GNU grep home page:
    http://gnu.org/s/grep/

For a summary of changes and contributors, see:
  http://git.sv.gnu.org/gitweb/?p=grep.git;a=shortlog;h=v3.5
or run this command from a git-cloned grep directory:
  git shortlog v3.4-almost..v3.5

To summarize the 806 gnulib-related changes, run these commands
from a git-cloned grep directory:
  git checkout v3.5
  git submodule summary v3.4-almost

==================================================================
Here are the compressed sources:
  https://ftp.gnu.org/gnu/grep/grep-3.5.tar.gz   (2.6MB)
  https://ftp.gnu.org/gnu/grep/grep-3.5.tar.xz   (1.6MB)

Here are the GPG detached signatures[*]:
  https://ftp.gnu.org/gnu/grep/grep-3.5.tar.gz.sig
  https://ftp.gnu.org/gnu/grep/grep-3.5.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify grep-3.5.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver keys.gnupg.net --recv-keys 7FD9FCCB000BEEEE

and rerun the 'gpg --verify' command.

This release was bootstrapped with the following tools:
  Autoconf 2.69c
  Automake 1.16b
  Gnulib v0.1-3927-g02b29b878

==================================================================
NEWS

* Noteworthy changes in release 3.5 (2020-09-27) [stable]

** Changes in behavior

  The message that a binary file matches is now sent to standard error
  and the message has been reworded from "Binary file FOO matches" to
  "grep: FOO: binary file matches", to avoid confusion with ordinary
  output or when file names contain spaces and the like, and to be
  more consistent with other diagnostics.  For example, commands
  like 'grep PATTERN FILE | wc' no longer add 1 to the count of
  matching text lines due to the presence of the message.  Like other
  stderr messages, the message is now omitted if the --no-messages
  (-s) option is given.

  Two other stderr messages now use the typical form too.  They are
  now "grep: FOO: warning: recursive directory loop" and "grep: FOO:
  input file is also the output".

  The --files-without-match (-L) option has reverted to its behavior
  in grep 3.1 and earlier.  That is, grep -L again succeeds when a
  line is selected, not when a file is listed.  The behavior in grep
  3.2 through 3.4 was causing compatibility problems.

** Bug fixes

  grep -I no longer issues a spurious "Binary file FOO matches" line.
  [Bug#33552 introduced in grep 2.23]

  In UTF-8 locales, grep -w no longer ignores a multibyte word
  constituent just before what would otherwise be a word match.
  [Bug#43225 introduced in grep 2.28]

  grep -i no longer mishandles ASCII characters that match multibyte
  characters.  For example, 'LC_ALL=tr_TR.utf8 grep -i i' no longer
  dumps core merely because 'i' matches 'İ' (U+0130 LATIN CAPITAL
  LETTER I WITH DOT ABOVE) in Turkish when ignoring case.
  [Bug#43577 introduced partly in grep 2.28 and partly in grep 3.4]

  A performance regression with -E and many patterns has been mostly fixed.
  "Mostly" as there is a performance tradeoff between Bug#22357 and Bug#40634.
  [Bug#40634 introduced in grep 2.28]

  A performance regression with many duplicate patterns has been fixed.
  [Bug#43040 introduced in grep 3.4]

  An N^2 RSS performance regression with many patterns has been fixed
  in common cases (no backref, and no use of -o or --color).
  With only 80,000 lines of /usr/share/dict/linux.words, the following
  would use 100GB of RSS and take 3 minutes. With the fix, it used less
  than 400MB and took less than one second:
    head -80000 /usr/share/dict/linux.words > w; grep -vf w w
  [Bug#43527 introduced in grep 3.4]

** Build-related

  "make dist" builds .tar.gz files again, as they are still used in
  some barebones builds.

04:49

Neck in Neck [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

Tonight's comic is really flexible.

02:35

Grossly Overqualified [QC RSS]

don't try this at home

00:56

Norbert Preining: Cinnamon for Debian – imminent removal from testing [Planet Debian]

I have been more or less maintaining Cinnamon now for quite some time, but using it only sporadically due to my switch to KDE/Plasma. Currently, Cinnamon’s cjs package depends on mozjs52, which also is probably going to be orphaned soon. This will precipitate a lot of changes, not the least being Cinnamon being removed from Debian/testing.

I have pinged upstream several times, without much success. So for now the future looks bleak for cinnamon in Debian. If there are interested developers (Debian or not), please get in touch with me, or directly try to update cjs to mozjs78.

00:07

Steinar H. Gunderson: Introducing plocate [Planet Debian]

In continued annoyance over locate's slowness, I made my own locate using posting lists (thus the name plocate) and compression, and it turns out that you hardly need any tuning at all to make it fast. Example search on a system with 26M files:

cassarossa:~/nmu/plocate> ls -lh /var/lib/mlocate  
total 1,5G                
-rw-r----- 1 root mlocate 1,1G Sep 27 06:33 mlocate.db
-rw-r----- 1 root mlocate 470M Sep 28 00:34 plocate.db

cassarossa:~/nmu/plocate> time mlocate info/mlocate
/var/lib/dpkg/info/mlocate.conffiles
/var/lib/dpkg/info/mlocate.list
/var/lib/dpkg/info/mlocate.md5sums
/var/lib/dpkg/info/mlocate.postinst
/var/lib/dpkg/info/mlocate.postrm
/var/lib/dpkg/info/mlocate.prerm
mlocate info/mlocate  20.75s user 0.14s system 99% cpu 20.915 total

cassarossa:~/nmu/plocate> time plocate info/mlocate
/var/lib/dpkg/info/mlocate.conffiles
/var/lib/dpkg/info/mlocate.list
/var/lib/dpkg/info/mlocate.md5sums
/var/lib/dpkg/info/mlocate.postinst
/var/lib/dpkg/info/mlocate.postrm
/var/lib/dpkg/info/mlocate.prerm
plocate info/mlocate  0.01s user 0.00s system 83% cpu 0.008 total

It will be slower if files are on rotating rust and not cached, but still much faster then mlocate.

It's a prototype, and freerides off of updatedb from mlocate (mlocate.db is converted to plocate.db). Case-sensitive matches only, no regexes or other funny business. Get it from https://git.sesse.net/?p=plocate (clone with --recursive so that you get the TurboPFOR submodule). GPLv2+.

Enrico Zini: Coup d'état in recent Italian history [Planet Debian]

Italy during the cold war has always been in too strategic a position, and with too strong a left wing movement, not to get the CIA involved.

Here are a few stories of coup d'état and other kinds of efforts to manipulate Italian politics:

Sunday, 27 September

23:42

Kernel prepatch 5.9-rc7 [LWN.net]

The 5.9-rc7 kernel prepatch is out for testing. "But while I do now know of any remaining gating issues any more, the fixes came in fairly late. So unless I feel insanely optimistic and/or a burning bush tells me that everything is bug-free, my plan right now is that I'll do another rc next Sunday rather than the final 5.9 release. And btw, please no more burning bushes. We're kind of sensitive about those on the West coast right now."

23:21

Iain R. Learmonth: Multicast IPTV [Planet Debian]

For almost a decade, I’ve been very slowly making progress on a multicast IPTV system. Recently I’ve made a significant leap forward in this project, and I wanted to write a little on the topic so I’ll have something to look at when I pick this up next. I was aspiring to have a useable system by the end of today, but for a couple of reasons, it wasn’t possible.

When I started thinking about this project, it was still common to watch broadcast television. Over time the design of this system has been changing as new technologies have become available. Multicast IP is probably the only constant, although I’m now looking at IPv6 rather than IPv4.

Initially, I’d been looking at DVB-T PCI cards. USB devices have become common and are available cheaply. There are also DVB-T hats available for the Raspberry Pi. I’m now looking at a combination of Raspberry Pi hats and USB devices with one of each on a couple of Pis.

Two Raspberry Pis with DVB hats installed, TV antenna sockets showing

Two Raspberry Pis with DVB hats installed, TV antenna sockets showing

The Raspberry Pi devices will run DVBlast, an open-source DVB demultiplexer and streaming server. Each of the tuners will be tuned to a different transponder giving me the ability to stream any combination of available channels simultaneously. This is everything that would be needed to watch TV on PCs on the home network with VLC.

I’ve not yet worked out if Kodi will accept multicast streams as a TV source, but I do know that Tvheadend will. Tvheadend can also act as a PVR to record programmes for later playback so is useful even if the multicast streams can be viewed directly.

So how far did I get? I have built two Raspberry Pis in cases with the DVB-T hats on. They need to sit in the lounge as that’s where the antenna comes down from the roof. There’s no wired network connection in the lounge. I planned to use an OpenBSD box as a gateway, bridging the wireless network to a wired network.

Two problems quickly emerged. The first being that the wireless card I had purchased only supported 2.4GHz, no 5GHz, and I have enough noise from neighbours that the throughput rate and packet loss are unacceptable.

The second problem is that I had forgotten the problems with bridging wireless networks. To create a bridge, you need to be able to spoof the MAC addresses of wired devices on the wireless interface, but this can only be done when the wireless interface is in access point mode.

So when I come back to this, I will have to look at routing rather than bridging to work around the MAC address issue, and I’ll also be on the lookout for a cheap OpenBSD supported mini-PCIe wireless card that can do 5GHz.

23:07

Link [Scripting News]

Poll: Did you pay more taxes than Trump?

22:14

A small set of stable kernels [LWN.net]

The 5.8.12, 5.4.68, and 4.19.148 stable kernels have been released; each contains another set of important fixes.

21:49

Alexander Artemenko: common-lisp-jupyter [Planet Lisp]

This library provides a Common Lisp kernel for Jupyter.

Jupyter is a scientific environment for experiments. It is good when you want to play with data, to plot graphics and provides some comments in markdown.

Jupyter saves your programming session along with results in one file allowing to share your results with other programmers or analytics.

Maybe you didn't know, but GitHub is able to render such notebooks. Here I found a large list of interesting notebooks. Take a look at this one, for example:

https://github.com/mqlaql/geospatial-data/blob/master/Geospatial-Data-with-Python.ipynb

Now, let's return to the Common Lisp. Jupyter is using a protocol allowing to write backends in different programming languages. They are called "kernels".

Here is how we can install Common Lisp Jupyter kernel on OSX. I'm using Homebrew and Roswell because they are making everything so easy!

[poftheday] brew install zeromq

[poftheday] brew install jupyterlab

[poftheday] ros install common-lisp-jupyter

Now we can start a notebook in console mode:

[poftheday] jupyter console --kernel=common-lisp
Jupyter console 6.2.0

common-lisp-jupyter: a Common Lisp Jupyter kernel
(C) 2019 Tarn Burton (MIT)
In [1]: (lisp-implementation-type)
Out[1]: "SBCL"

In [2]: (lisp-implementation-version)
Out[2]: "2.0.8"

In [3]: (values 1 2 3)
Out[3]: 1
Out[3]: 2
Out[3]: 3

In [4]: (jupyter:file "/Users/art/Desktop/Screenshot 2020-09-25 at 23.50.02.png")
Out[4]: /Users/art/Desktop/Screenshot 2020-09-25 at 23.50.02.png

And this command will start a webserver with full Jupyter Notebook:

# To start a web UI, run
[poftheday] jupyter notebook

When the browser will open Jupyter, choose this menu to start Common Lisp Jupyter kernel:

Now if you enter the same code as we did before in console, you'll see, that web version is able to render our "screenshot" file below the "code cell":

It is also very easy to render formulas and to request an input from the user:

Also, you can render any HTML along with styles:

Or you might define functions which will return HTML or files:

This way, libraries extending common-lisp-jupyter may be created. They can do plotting for example, or render graphs, etc.

Here how you can make you own classes renderable by Jupyter:

Though, it would be nice to make it possible to define render method for object not inherited from the jupyter:result.

The developer of this library did a very good job documenting it and providing examples. You will find all of them here.

This project is in active development phase. For example, right now support for Jupyter widgets is added.

Please, join this effort and make your pull requests to this repository, if you are interested in building CL environment for data science!

21:00

Joachim Breitner: Learn Haskell on CodeWorld writing Sokoban [Planet Debian]

Two years ago, I held the CIS194 minicourse on Haskell at the University of Pennsylvania. In that installment of the course, I changed the first four weeks to teach the basics of Haskell using the online Haskell environment CodeWorld, and lead the students towards implementing the game Sokoban.

As it is customary for CIS194, I put my lecture notes and exercises online, and this has been used as a learning resources by people from all over the world. But since I have left the University of Pennsylvania, I lost the ability to update the text, and as the CodeWorld API has evolved, some of the examples and exercises no longer work.

Some recent complains about that, in bug reports against CodeWorld and in unrealistically flattering tweets (“Shame, this was the best Haskell course ever!!!”) motivated me to extract that material and turn it into an updated stand-alone tutorial that I can host myself.

So if you feel like learning Haskell without worrying about local installation, and while creating a reasonably fun game, head over to https://haskell-via-sokoban.nomeata.de/ and get started! Improvements can now also be contributed at https://github.com/nomeata/haskell-via-sokoban.

Credits go to Brent Yorgey, Richard Eisenberg and Noam Zilberstein, who held the previous installments of the course, and Chris Smith for creating the CodeWorld environment.

20:56

Covid-19 is surging in France [Richard Stallman's Political Notes]

Covid-19 is surging in France, filling hospitals with people who are badly sick and forcing the postponement of operations people need for other reasons.

The only way to stop the surge is with distancing, but selfish people are angry at the unpleasantness of this.

British government may be thinking of repealing the GDPR in the UK [Richard Stallman's Political Notes]

The British government may (if I understand this article correctly) be thinking of repealing the GDPR in the UK.

The GDPR are greatly inadequate but they do some good. This would be a change for the worse, and indicates the intent to let companies such as Facebook and Google snoop on Britons more and manipulate them more.

Medical effect studies for men and for women [Richard Stallman's Political Notes]

Medical effect studies need to keep track of outcomes for men and for women separately. Some drugs work well for one and badly for the other.

Experiments to test how long small droplets with coronavirus can be infectious [Richard Stallman's Political Notes]

Experiments will determine how long coronavirus can survive and be infectious in small droplets that float in the air.

Argentine member of Congress was forced to resign [Richard Stallman's Political Notes]

An Argentine member of Congress was forced to resign for a trifle: he engaged in sexplay with his lover and did not realize his camera was on.

Can't those people distinguish between causing embarrassment and really doing wrong?

Asian lawyers mistaken for defendants [Richard Stallman's Political Notes]

*Dozens of Asian [i.e., of Indian ancestry] lawyers [in the UK] say they have been mistaken for defendants.*

Such a mistake can hurt feelings but does not do real damage. However, it is a sign of racial stereotyping that must have other bad effects.

Facebook made its product as addictive as cigarettes [Richard Stallman's Political Notes]

*Facebook's former director of monetization (sic) says Facebook intentionally made its product as addictive as cigarettes.*

The term "monetization" encourages the attitude which leads people to act this way. Let's shun it.

Volkswagen to pay compensation [Richard Stallman's Political Notes]

*Volkswagen to pay compensation for collaborating with Brazil’s [1964-85] dictatorship.*

Senator Sanders has called for an independent election commission [Richard Stallman's Political Notes]

*Senator Bernie Sanders has called for an independent election commission to stop Donald Trump defying the will of the people and plunging the US into a constitutional crisis.*

Doordash scheme to mislead restaurant owners [Richard Stallman's Political Notes]

Doordash has a scheme where it discounts pizza for customers but pays the restaurant full price. (This is a scheme to mislead and trap restaurant owners for the long term.)

One restaurant owner started ordering pizzas from his own restaurant via Doordash, and making money from Doordash on each one.

Arizona thugs told a dog to bite Alfredo Saldivar [Richard Stallman's Political Notes]

Arizona thugs told a dog to bite Alfredo Saldivar because he "hesitated" before obeying a command to stand up.

To dispute whether he really hesitated is a distraction. The point is, even if he did, that is no excuse for such dangerous escalation.

Non-drastic measures to avoid "climate lockdown" [Richard Stallman's Political Notes]

To avoid a future "climate lockdown" where drastic measures are imposed to cut greenhouse gas emissions, we need to use non-drastic measures now to achieve faster reductions.

Facebook being pressured to tag criticism of Israel [Richard Stallman's Political Notes]

Neve Gordon: Facebook is being pressured to tag criticism of Israel automatically as "anti-Semitism."

The change Facebook recently made, which recognizes the claiming that Jews secretly rule the world as anti-Semitism, is correct. That conspiracy theory is antisemitic, and it is not criticism of Israel's occupation and colonization of Palestine.

Big oil companies give public impression of change away from fossil fuels [Richard Stallman's Political Notes]

Big oil companies are giving a public impression of starting to change away from fossil fuels, but the change is pretty small so far.

Here's the detailed report.

Reversing the wrecker's sabotage of US environmental policies [Richard Stallman's Political Notes]

What Biden would need to do to reverse the wrecker's sabotage of US environmental policies.

The article says it it would take two years to undo environmental deregulation, handling each regulation separately, and this would face opposition from extractivist companies. I have another idea.

Those channels are specified by laws. It should be possible to pass a law reverting a specified set of regulations to their status as of January 2017. The old regulations that would go back into effect were approved through the official legal process, so it would be hard to challenge them. The process could be finished in a few months.

This would require eliminating the filibuster.

The wrecker is still at it, now eliminating protection for the Tongass National Forest in Alaska.

Facebook Ad Ban is another hollow gesture [Richard Stallman's Political Notes]

*Facebook Ad Ban on Premature Election Victory Ads Is Yet Another Hollow Gesture.* Because it won't cover premature election victory announcements.

Trudeau pledges tax on 'extreme wealth inequality' [Richard Stallman's Political Notes]

*Trudeau pledges tax on 'extreme wealth inequality' to fund Covid spending plan.*

If he really does this, it would be a great example.

False accusations against Bolivia's President Morales [Richard Stallman's Political Notes]

Sanders and other US legislators called on the Organization of American States to investigate how it came to publish false accusations against Bolivia's President Morales.

Senator Feinstein wants to allow Republicans to block all progressive legislation [Richard Stallman's Political Notes]

Bad news for America: Senator Feinstein wants to allow Republicans to block all progressive legislation, even if the Democrats win a majority in the Senate.

It is logical that a plucratist legislator would want to help the right-wing extremist party to block progressive legislation.

Urgent: Prevent confirmation of a new Supreme Court justice before the presidential inauguration [Richard Stallman's Political Notes]

US citizens: phone your senators at 1-844-335-4855 and implore them to do everything they can to prevent confirmation of a new Supreme Court justice before the presidential inauguration on Jan 20.

17:49

Link [Scripting News]

There's some good news about Covid-19 that you don't see in the news -- eventually it will become less deadly. Most viruses in that family do, the virus mutates, and a strain that kills fewer victims comes to dominate, and that process repeats. The virus spreads out to find new victims and over time it weakens. The 1918 pandemic ended after two years, with no vaccine, but the virus didn't go away, it became seasonal. It still pops up, to this day, but it's nowhere near the problem it was in 1918. That will probably happen with Covid-19 too.

Link [Scripting News]

Must-listen NYT podcast about climate-crisis migration in the US.

Link [Scripting News]

Trump found something to do while the virus rages.

Today in GPF History for Sunday, September 27, 2020 [General Protection Fault: The Comic Strip]

You see, "Star Wars: Galaxies" was this old MMORPG that was really buggy, horribly imbalanced, and the servers were as reliable as a dead aardvark, so back when this was written, the joke was actually funny...

17:42

Pluralistic: 27 Sep 2020 [Pluralistic: Daily links from Cory Doctorow]


Today's links



The joys of tailoring (permalink)

In last weekend's New York Times, Rachel Connolly proposed a seriously great remedy for fast fashion: thrifting and a tailor.

https://www.nytimes.com/2020/09/22/magazine/tailor-clothes-thrifting.html

Connolly starts by reminiscing about her adolescence in Belfast after The Troubles, when the lingering spectre of political violence and economic deprivation meant that there were few options for a young girl who wanted to find her look.

She found her answer in second-hand stores, where everything from trousers to formal dresses could be had for as little as £20, so long as you didn't mind problems with the fit – problems that could be remedied for £15 at the local tailor.

This is a secret superweapon for people who want to dress well on a budget: your local thrift is full of amazing clothes, new and vintage, that you can buy for less than the price of a fancy smoothie, and then have altered to fit.

Connolly describes how using a local tailor means that she can choose a look she likes and then adapt clothes to fit that look, rather than the other way around: "Trousers many sizes too big, taken in but left with wide legs or turned into shorts."

The benefits of this are hard to overstate: first, it diverts clothing from the waste stream, which is a titanic environmental crisis within the larger environmental crisis we're all living through.

It funds the charity that runs your thrift shop, and spends money locally with a skilled tailor whom you can pay a fair price to while still saving money relative to fast-fashion brands.

The money you spend stays in your community, and it goes to merchants who pay decent wages and also meet their tax obligations, supporting your schools, roads and libraries.

And you get to look amazing: like you, rather than like the closest approximation of you that you can approach by buying off-the-peg from a global fashion brand that's probably owned by a toxic private equity fund.

What's more, once you find a tailor you love, you can get them to copy your most treasured garments as they wear out: I have two jackets that I wore until they were in tatters because they fit me so well and looked so great, and I had a tailor copy both.

The copies cost less than the originals, and now that the tailor has the pattern, I can get new ones made for even cheaper (since the patternmaking was a big part of the expense), in any material I choose, while still paying a fair price to the tailor.

Like Connolly, I always find a good tailor when I move to a new neighborhood. In my case, it's the owner of my local dry-cleaner, who does beautiful work and who also does repairs for me when I tear something I love.

Some of the best clothes I ever bought came from the late, lamented Junky Styling in the Truman Brewery in London's Brick Lane – they were masters of repurposing thrifted and end-of-line clothes, making gorgeous new pieces out of them.

Junky's founders published a superb book on their methodology and design philosophy, explaining how to turn thrifted clothes into remarkable, one-of-a-kind pieces:

https://memex.craphound.com/2009/10/09/junky-styling-a-manual-for-thrift-shop-clothes-remixers/



Ransomware for coffee makers (permalink)

My 2019 book RADICALIZED opened with a novella called Unauthorized Bread, a tale of self-determination versus technical oppression that starts with a Libyan refugee hacking her stupid smart-toaster, which locks her into buying proprietary bread.

https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/

I wrote that story after watching the inexorable colonization of every kind of device – from implanted defibrillators to tractors – with computerized controllers that served a variety of purposes, many of them nakedly dystopian.

The existence of laws like Section 1201 of the DMCA really invites companies to make "smart" versions of their devices for the sole purpose of adding DRM to them, because DMCA 1201 makes it a felony to unlock DRM, even for perfectly legal purposes.

That's how John Deere uses DRM: to force farmers to use (and pay for) authorized repair personnel when their tractors break down; it's how Abbott Labs uses DRM, to force people with diabetes not to use third-party insulin pumps with their glucose monitors.

It's the inkjet business-model, but for everything from artificial pancreases to coffee-makers. And because DMCA 1201 is so badly* drafted, it also puts security researchers at risk.

*Assuming you're willing to believe this isn't what the law was supposed to do all along

Adding networked computers to everyday gadgets is a risky business: as with any human endeavor, software is prone to error. And as with any technical pursuit, the only way to reliably root out errors is through adversarial peer review.

That is, to have people who want you to fail go through your stuff looking for stupid mistakes they can mock you over.

It's not enough for you to go over your own work for errors. Anyone who's ever stared right at their own typo and not seen it knows this doesn't work.

Nor is it sufficient for your friends to look over your work – not only will they go easy on you, but sometimes your errors come from a shared set of faulty assumptions.

They CAN'T spot these errors: this is why no argument among Qanoners ever points out the most important fact, which is that the whole fucking thing is batshit.

The default for products is that anyone is allowed to point out their defects. If you buy a pencil and the tip breaks all the time and you do some analysis and discover that the manufacturer sucks at graphite, you can publish that analysis.

But DMCA 1201 prohibits this kind of disclosure if it means that you reveal flaws that might be used to disable the DRM. Security researchers get threatened by "smart device" companies all the time.

Just the spectre of the threat is enough to convince a lot of organizations' lawyers to advise researchers not to go public with this information.

That means that a defect that could crash your car (or your implanted pacemaker) only gets disclosed if the company that made it authorizes the disclosure.

This is seriously bad policy.

Companies add "smarts" to get DRM, because DRM lets them control how their customers use their products, and lets them shut down competitors who try to give control back to customers, and also silence critics who reveal the defects in their products.

DRM can be combined with terms of service, patents, trade secrets, binding arbitration, and other forms of "IP" to deliver near-perfect corporate control over competitors, customers and critics.

https://locusmag.com/2020/09/cory-doctorow-ip/

But it's worse than that, because software designed to exercise this kind of control is necessarily designed for maximum opacity: to hide what it does, how it does it, and how to turn it off.

This obfuscation means that when your device is compromised, malicious code can take advantage of the obscure-by-design nature of the device to run undetectably as it attacks you, your data, and your physical environment.

Malicious code can also leverage DRM's natural tamper-resistance to make it hard to remove malware once it has been detected. Once a device designed to control its owners has been compromised, the attacker gets to control the owner, too.

Which brings me to "Smarter," a "smart" $250 coffee maker that is remarkably insecure, allowing anyone on the same wifi network as the device to replace its firmware, as Martin Hron demonstrates in a recent proof-of-concept attack.

https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/

Hron's attack hijacks the machine, causing it to "turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly."

https://arstechnica.com/information-technology/2020/09/how-a-hacker-turned-a-250-coffee-maker-into-ransom-machine/

As Dan Goodin points out, Hron did all this in just one week, and quite likely could find more ways to attack the device. The defects Hron identified – like the failure to use encryption in the device's communications or firmware updates – are glaring, idiotic errors.

As is the decision to allow for unsigned firmware updates without any user intervention. This kind of design idiocy has been repeatedly identified in many kinds of devices.

Back in 2011, I watched Ang Cui silently update the OS of an HP printer by sending it a gimmicked PDF (HP's printers received new firmware via print-jobs, ingesting everything after a Postscript comment that said, "New firmware starts here").

https://www.youtube.com/watch?v=njVv7J2azY822/21/20/

A decade later, there is no excuse for this kind of mistake. The fact that IoT vendors are making it tells you that the opacity and the power to punish critics is not a power that companies wield wisely – and that you shouldn't trust any IoT gadgets.



My Reddit Privacy AMA (permalink)

Next weekend – Oct 2/3 – I'm doing a long, thoughtful Ask Me Anything session with Reddit's /r/privacy, as part of a pair of AMA's celebrating the subreddit's millionth (!) subscriber.

https://www.reddit.com/r/privacy/comments/j0rhef/a_stunning_milestone_and_two_remarkable_rprivacy/

My AMA will be followed by a weekend-long (Oct 9/10) session with Micah Lee, my former EFF colleague who is now at The Intercept (where he helped report the Snowden leaks, after aiding Snowden in getting them to journalists) and The Freedom of The Press Foundation.

I'll be talking about several new projects:

  • HOW TO DESTROY SURVEILLANCE CAPITALISM, my short book for Onezero:

https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59

  • ATTACK SURFACE, the third Little Brother novel, which comes out in the UK on Oct 1

https://headofzeus.com/books/9781838939960

(it comes out in the US/Canada on Oct 13)

https://read.macmillan.com/torforge/cory-doctorow-virtual-lecture-series/

  • And of course, I'll be talking about my attempt to circumvent Amazon's audiobook hegemony through my ongoing Kickstarter campaign:

https://www.kickstarter.com/projects/doctorow/attack-surface-audiobook-for-the-third-little-brother-book/



This day in history (permalink)

#10yrsago Lockheed Martin sign prohibits sketching and “gathering information” https://www.flickr.com/photos/jef/5028187145/

#5yrsago Black burners on race and Burning Man https://www.theguardian.com/culture/2015/sep/27/black-campers-burning-man-explain-why

#5yrsago Hilo: The Boy Who Crashed to Earth, a fantastic middle-grade adventure comic https://memex.craphound.com/2015/09/26/hilo-the-boy-who-crashed-to-earth-a-fantastic-middle-grade-adventure-comic/

#5yrsago Tomorrow’s Catalan elections are a referendum on independence https://www.theguardian.com/world/2015/sep/25/catalonia-votes-democracy-election-independence-spain

#5yrsago Dustin Yellin’s stupendous, life-sized glass-pane humanoids made from NatGeo clippings https://memex.craphound.com/2015/09/26/dustin-yellins-stupendous-life-sized-glass-pane-humanoids-made-from-natgeo-clippings/

#1yrago The DoJ’s corporate “diversion” program is supposed to change bad corporate culture, but really, it enables repeat offenders https://www.citizen.org/article/soft-on-corporate-crime-deferred-and-non-prosecution-repeat-offender-report/

#1yrago Bruce Sterling on Boris Johnson’s bizarre, cyberpunk dystopia address to the UN https://www.wired.com/beyond-the-beyond/2019/09/visionary-high-points-recent-boris-johnson-speech-united-nations/

#1yrago Report from Defcon’s Voting Village reveals ongoing dismal state of US electronic voting machines https://media.defcon.org/DEF%20CON%2027/voting-village-report-defcon27.pdf

#1yrago Doordash’s breach is different https://memex.craphound.com/2019/09/27/doordashs-breach-is-different/

#1yrago Across America, the average worker can’t afford the median home https://www.marketwatch.com/story/there-are-precious-few-places-in-america-where-the-average-worker-can-afford-a-median-priced-home-2019-09-26

#1yrago Annalee Newitz’s “Future of Another Timeline”: like Handmaid’s Tale meets Hitchhiker’s Guide https://www.latimes.com/entertainment-arts/books/story/2019-09-27/future-of-another-timeline-annalee-newitz

#1yrago Sleuths discover the source of $28m in dark money lobbying in favor of emergency room “surprise bills”: private equity firms that own doctors’ practices https://hcrenewal.blogspot.com/2019/09/who-advocates-for-surprise-medical.html

#1yrago Wework, Uber, Lyft, Netflix, Bird, Amazon: late-stage capitalism is all about money-losing predatory pricing aimed at creating monopolies https://www.businessinsider.com/wework-is-a-prime-example-of-counterfeit-capitalism-2019-9



Colophon (permalink)

Today's top sources: Naked Capitalism (https://www.nakedcapitalism.com/).

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Friday's progress: 504 words (65940 total).

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Friday's progress: 670 words (63295 total).

Currently reading: Gideon the Ninth, Tamsyn Muir

Latest podcast: IP https://craphound.com/podcast/2020/09/14/ip/

Upcoming appearances:

Recent appearances:

Latest book:

Upcoming books:


This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

17:28

Mayhaw Jelly and Novel Crunch Time: Two Unrelated Things in a Single Post [Whatever]

A jar of mayhaw jelly

John ScalziFirst: as we recently did a survey of fancy jams here on Whatever, a reader (who I will let self-identify if they wish in the comments) sent along a type of jelly I had not heard of before: mayhaw jelly, “mayhaw” being a seasonal fruit in the South of the US, apparently ripening in May, or thereabouts. I and Athena have sampled the stuff and it’s quite tasty — “like a tarter strawberry” is how our northern palates have translated it. As noted previously, I had not known of mayhaw as a type of fruit (or tree) and I am delighted to still be discovering new flavors indigenous to these fine United States. Also, I can recommend mayhaw jelly (or at the very least this Cane River brand of it), and can assure you all we’ll be working through his jar of the stuff. Thank you to this reader for sending it along. It will definitely not go to waste.

Second: In other, entirely unrelated-to-jellies-and-jams news, we’re coming into crunch time for the novel I’m writing, so over the next few weeks I may be writing shorter and/or skipping days entirely around here. I realize that I say this every time I get into crunch time with a novel, and then often go on a massive post spree, because my brain doesn’t make sense and I am a doofus. But on the off chance I actually stay disciplined this time around, uh, yeah, see that first sentence of this paragraph again. The good news is there is a second contributor to the site now, and also there are a lot of Big Idea pieces for October, so even if I post less, you might not miss me.

Also, until the novel is done, I’m going to try to cut down on my news consumption. Theoretically, when I’m writing I avoid reading the new until the close of the business day; for the next several weeks I will actually attempt to implement this. Of course, the month before a presidential election is not a great time to try this, especially this presidential election. I am helped slightly by the fact that I have already planned to vote early and at the first opportunity, so after that point I can say that I’ve done my part and leave it up to the rest of you to do likewise.

I’m not going to try to hide from news entirely — that’s going to be impossible — but I am going to prioritize my brain cycles. I can focus on the novel, or I can focus on the election. The election will happen whether I focus on it or not; the novel, on the other hand, will not. Don’t worry; I’ll still be yelling at you all to vote, just like I’ve done all year long. But this diminishment of engagement of news might mean fewer topical posts from me until the novel is done. This may be a disappointment for some of you, but then again, people here rarely complain about cat and sunset posts.

So: Mayhaw jelly — pretty great; novel crunch time — also great, but a focus time for me, so be aware. And now you’re all caught up on the trivia of my life that I’m deciding to share right now in a public fashion!

— JS

16:21

Dirk Eddelbuettel: pkgKitten 0.2.0: Now with tinytest and new docs [Planet Debian]

kitten

A new release 0.2.0 of pkgKitten just hit on CRAN today, or about eleven months after the previous release.

This release brings support for tinytest by having pkgKitten::kitten() automagically call tinytest::puppy() if the latter package is installed (and the user did not opt out of calling it). So your newly created minimal package now also uses a wonderful yet tiny testing framework. We also added a new documentation site using the previously tweeted-about wrapper for Material for MkDocs I really dig. And last but not least we switched to BSPM-based Continued Integration (which I wrote about yesterday in R4 #30) and fixed one bug regarding the default NAMESPACE file.

Changes in version 0.2.0 (2020-09-27)

  • Continuous Integration uses the updated BSPM-based script on Travis and with GitHub Actions (Dirk in #11 plus earlier commits).

  • A new default NAMESPACE file is now installed (Dirk in #12).

  • A package documentation website was added (Dirk in #13).

  • Call tinytest::puppy if installed and not opted out (Dirk in #14).

More details about the package are at the pkgKitten webpage, the (new) pkgKitten docs site, and the pkgKitten GitHub repo.

Courtesy of my CRANberries site, there is also a diffstat report for this release.

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Reproducible Builds: ARDC sponsors the Reproducible Builds project [Planet Debian]

The Reproducible Builds project is pleased to announce a donation from Amateur Radio Digital Communications (ARDC) in support of its goals. ARDC’s contribution will propel the Reproducible Builds project’s efforts in ensuring the future health, security and sustainability of our increasingly digital society.

About Amateur Radio Digital Communications (ARDC)

Amateur Radio Digital Communications (ARDC) is a non-profit that was formed to further research and experimentation with digital communications using radio, with a goal of advancing the state of the art of amateur radio and to educate radio operators in these techniques.

It does this by managing the allocation of network resources, encouraging research and experimentation with networking protocols and equipment, publishing technical articles and number of other activities to promote the public good of amateur radio and other related fields. ARDC has recently begun to contribute funding to organisations, groups, individuals and projects towards these and related goals, and their grant to the Reproducible Builds project is part of this new initiative.

Amateur radio is an entirely volunteer activity performed by knowledgeable hobbyists who have proven their ability by passing the appropriate government examinations. No remuneration is permitted. “Ham radio,” as it is also known, has proven its value in advancements of the state of the communications arts, as well as in public service during disasters and in times of emergency.

For more information about ARDC, please see their website at ampr.org.

About the Reproducible Builds project

One of the original promises of open source software was that peer review would result in greater end-user security and stability of our digital ecosystem. However, although it is theoretically possible to inspect and build the original source code in order to avoid maliciously-inserted flaws, almost all software today is distributed in prepackaged form.

This disconnect allows third-parties to compromise systems by injecting code into seemingly secure software during the build process, as well as by manipulating copies distributed from ‘app stores’ and other package repositories.

In order to address this, ‘Reproducible builds’ are a set of software development practices, ideas and tools that create an independently-verifiable path from the original source code, all the way to what is actually running on our machines. Reproducible builds can reveal the injection of backdoors introduced by the hacking of developers’ own computers, build servers and package repositories, but can also expose where volunteers or companies have been coerced into making changes via blackmail, government order, and so on.

A world without reproducible builds is a world where our digital infrastructure cannot be trusted and where online communities are slower to grow, collaborate less and are increasingly fragile. Without reproducible builds, we leave space for greater encroachments on our liberties both by individuals as well as powerful, unaccountable actors such as governments, large corporations and autocratic regimes.

The Reproducible Builds project began as a project within the Debian community, but is now working with many crucial and well-known free software projects such as Coreboot, openSUSE, OpenWrt, Tails, GNU Guix, Arch Linux, Tor, and many others. It is now an entirely Linux distribution independent effort and serves as the central ‘clearing house’ for all issues related to securing build systems and software supply chains of all kinds.

For more about the Reproducible Builds project, please see their website at reproducible-builds.org.


If you are interested in ensuring the ongoing security of the software that underpins our civilisation, and wish to sponsor the Reproducible Builds project, please reach out to the project by emailing contact@reproducible-builds.org.

Link [Scripting News]

I haven't been in Clubhouse in a couple of weeks. I've been lurking a bit the last few hours. People talk like they're in therapy, and they're the therapist. Or like they're in the United Nations and they're from a small country, afraid they're going to start a war. Everyone is very cautions, non-committal.

15:35

Link [Scripting News]

I just gave $25 to Jaime Harrison because Lindsey Graham is a kook. I think he's crazy. I think he's unfit for office.

Link [Scripting News]

I don’t understand why people say this Supreme Court nomination is the end of everything. The Repubs now have a 5-3 advantage. Is 6-3 so different? Our big immediate crisis is how we turn the corner on the Nov 3 election, coupled with the ongoing Covid catastrophe.

Link [Scripting News]

It’s the bottom of the ninth. Other team is up. Two out. You have a one run lead. Bases loaded. The only runner that matters is the one on third. The guy on first is trying to get you to pick him off. Don’t fall for it.

13:28

All Glory to the New Management! [Charlie's Diary]

Dead Lies Dreaming - UK cover

Today is September 27th, 2020. On October 27th, Dead Lies Dreaming will be published in the USA and Canada: the British edition drops on October 29th. (Yes, there will be audio editions too, via the usual outlets.)

This book is being marketed as the tenth Laundry Files novel. That's not exactly true, though it's not entirely wrong, either: the tenth Laundry book, about the continuing tribulations of Bob Howard and his co-workers, hasn't been written yet. (Bob is a civil servant who by implication deals with political movers and shakers, and politics has turned so batshit crazy in the past three years that I just can't go there right now.)

There is a novella about Bob coming next summer. It's titled Escape from Puroland and Tor.com will be publishing it as an ebook and hardcover in the USA. (No UK publication is scheduled as yet, but we're working on it.) I've got one more novella planned, about Derek the DM, and then either one or two final books: I'm not certain how many it will take to wrap the main story arc yet, but rest assured that the tale of SOE's Q-Division, the Laundry, reaches its conclusion some time in 2015. Also rest assured that at least one of our protagonists survives ... as does the New Management.

All Glory to the Black Pharaoh! Long may he rule over this spectred isle!

(But what's this book about?)

Dead Lies Dreaming - US cover

Dead Lies Dreaming is the first book in a project I dreamed up in (our world's) 2017, with the working title Tales of the New Management. It came about due to an unhappy incident: I found out the hard way that writing productively while one of your parents is dying is rather difficult. The first time it happened, it took down a promising space opera project. I plan to pick it up and re-do it next year, but it was the kind of learning experience I could happily have done without. The second time it happened, I had to stop work on Invisible Sun, the third and final Empire Games novel—I just couldn't get into the right head-space. (Empire Games is now written and in the hands of the production folks at Tor. It will almost certainly be published next September, if the publishing industry survives the catastrophe novel we're all living through right now.)

Anyway, I was unable work on the a project with a fixed deadline, but I couldn't not write: so I gave myself license to doodle therapeutically. The therapeutic doodles somehow colonized the abandoned first third of a magical realist novel I pitched in 2014, and turned into an unexpected attack novel titled Lost Boys. (It was retitled Dead Lies Dreaming because a cult comedy movie from 1987 got remade for TV in 2020—unless you're a major bestseller you do not want your book title to clash with an unrelated movie—but it's still Lost Boys in my headcanon.)

Lost Boys—that is, Dead Lies Dreaming—riffs heavily off Peter and Wendy, the original taproot of Peter Pan, a stage play and novel by J. M. Barrie that predates the more familiar, twee, animated Disney version of Peter Pan from 1953 by some decades. (Actually Peter and Wendy recycled Barrie's character from an earlier work, The Little White Bird, from 1902, but let's not get into the J. M. Barrie arcana at this point.) Peter and Wendy can be downloaded from Project Gutenberg here. And if you only know Pan from Disney, you're in for a shock.

Barrie was writing in an era when antibiotics hadn't been discovered, and far fewer vaccines were available for childhood diseases. Almost 20% of children died before reaching their fifth birthday, and this was a huge improvement over the earlier decades of the 19th century: parents expected some of their babies to die, and furthermore, had to explain infant deaths to toddlers and pre-tweens. Disney's Peter is a child of the carefree first flowering of the antibiotic age, and thereby de-fanged, but the original Peter Pan isn't a twee fairy-like escapist fantasy. He's a narcissistic monster, a kidnapper and serial killer of infants who is so far detached from reality that his own shadow can't keep up. Barrie's story is a metaphor designed to introduce toddlers to the horror of a sibling's death. And I was looking at it in this light when I realized, "hey, what if Peter survived the teind of infant mortality, only to grow up under the dictatorship of the New Management?"

This led me down all sorts of rabbit holes, only some of which are explored in Dead Lies Dreaming. The nerdish world-building impulse took over: it turns out that civilian life under the rule of N'yar lat-Hotep, the Black Pharaoh (in his current incarnation as Fabian Everyman MP), is harrowing and gruesome in its own right—there's a Tzompantli on Marble Arch: indications that Lovecraft's Elder Gods were worshipped under other names by other cultures: oligarchs and private equity funds employ private armies: and Brexit is still happening—but nevertheless, ordinary life goes on. There are jobs for cycle couriers, administrative assistants, and ex-detective constables-turned-security guards. People still need supermarkets and high street banks and toy shops. The displays of severed heads on the traffic cameras on the M25 don't stop drivers trying to speed. Boys who never grew up are still looking for a purpose in life, at risk of their necks, while their big sisters try to save them. And so on.

Dead Lies Dreaming is the first of the Tales of the New Management, which are being positioned as a continuation of the Laundry Files (because Marketing). There will be more. A second novel, In His House, already exists in first draft. Tt's a continuation of the story, remixed with Sweeney Todd and Mary Poppins—who in the original form is, like Peter Pan, much more sinister than the Disney whitewash suggests. A third novel, Bones and Nightmares, is planned. (However, I can't give you a publication date, other than to say that In His house can't be published before late 2022: COVID19 has royally screwed up publishers' timetables.)

Anyway, you probably realized that instead of riffing off classic British spy thrillers or urban fantasy tropes, I'm now perverting beloved childhood icons for my own nefarious purposes—and I'm having a gas. Let's just hope that the December of 2016 in which Dead Lies Dreaming is set doesn't look impossibly utopian and optimistic by the time we get to the looming and very real December of 2020! I really hate it when reality front-runs my horror novels ...

10:07

“What time is your flight?” [Seth's Blog]

Why do cab drivers ask this question?

It’s not like they can get to the airport any faster.

It simply serves to create tension where no tension is helpful.

There are a hundred ways to introduce tension into a conversation. It’s worth doing it with intent, when it serves a function.

So an ancient TV set can bring down the mighty broadband? Good | David Mitchell [David Mitchell | The Guardian]

As one who resists technological change, I think we should defend the telly that took out a Welsh village’s internet

The mystery of the disappearing Welsh broadband has been solved. I don’t know what you’d expect the broadband signal to be like in the isolated village of Aberhosan in Powys. Personally, I’d expect it to be terrible. And it really was terrible. But it seems the villagers didn’t expect that. To them, this was a mystery.

My low expectations of data flow to rural areas will doubtless offend some. I apologise: it may be outdated but I mean it nicely. It’s not a slur on the countryside. Not being able to access the internet is a plus as far as I’m concerned. I look back fondly on the afternoon in 2009 on the Isle of Skye that I spent waving a Samsung flip phone around my head in the hope of it coinciding with a big enough blob of reception to get a text to send. I was significantly more likely to catch a flying splat of seagull shit. But the inconvenience makes you feel remote and, for me, that was the point of going there. Nowadays, I could probably get streaming HD. Which sounds like a disease. And maybe it is.

We don’t have to pretend to like things just because they’re inevitable

Continue reading...

05:49

Monster of the Week Notes [Skin Horse]

Shaenon: The Skin Horse 9&10 Kickstarter has passed its second stretch goal! That means I’ll be drawing another season of my X-Files recap comic Monster of the Week. As you can see, I’ve already started watching X-Files and taking notes.

There are just a few days left on the Kickstarter. Thank you so much to everyone for making the next volumes of Skin Horse happen, and please keep spreading the word!

Channing: My deepest thanks to all of you guys for pledging enough to convince Shaenon to do this, if for no other reason than I get to enjoy it too.

Saturday, 26 September

23:14

Andrew Cater: Final post from media team for the day - most of the ordinary images and live images have been tested [Planet Debian]

 Winding down slightly - we've worked our way through most of the images and testing. Schweer tested all of the Debian Edu/Skolelinux images for which many thanks

Sledge, RattusRattus, Isy and I have been working pretty much solidly for 10 3/4 hours. There's still some images to build - mips, mipsel and s390x but these are all images that we don't have hardware to test on particularly.

Another good and useful day - bits and pieces done throughout. NOTE: There appear to have been some security updates since the main release this morning so, as ever, it's worth updating machines on a regular basis.

Waiting for the final images to finish building so that we can check the archive for completeness and then publish to the media mirrors. All the best until next time: thanks as ever to Sledge for his invaluable help. See you again in a couple of months in all likelihood. 

A much smaller release: some time in the next month we hope to be able to build and test an Alpha release for Bullseye. Bullseye is likely to be released somewhere round the middle of next year so we'll have additional Buster stable point releases in the meantime.

23:07

And Now, Something Relaxing [Whatever]

It’s not that I was having a stressful Saturday — it was in fact mostly fine! — but the world is a lot these days, isn’t it, and you might need a moment to center yourself. This lovely new song by musician Rachel Croft just might do the trick for you. Enjoy, and have a lovely rest of your Saturday.

— JS

22:49

Link [Scripting News]

Last time I listened to Sheryl Crow was a great time of my life. I can tell because the way it makes me feel today. A Master of the Universe type feeling. This is mine. I made it, I own it, I can make it do what I want. It's the feeling in a young man's heart.

Link [Scripting News]

Imagine if AIDS had just appeared and everyone is still have unprotected sex with everyone else.

Sign of Biden [Scripting News]

The Biden/Harris/2020 sign looks great in town a friend's front lawn.

21:42

François Marier: Repairing a corrupt ext4 root partition [Planet Debian]

I ran into filesystem corruption (ext4) on the root partition of my backup server which caused it to go into read-only mode. Since it's the root partition, it's not possible to unmount it and repair it while it's running. Normally I would boot from an Ubuntu live CD / USB stick, but in this case the machine is using the mipsel architecture and so that's not an option.

Repair using a USB enclosure

I had to pull the shutdown the server and then pull the SSD drive out. I then moved it to an external USB enclosure and connected it to my laptop.

I started with an automatic filesystem repair:

fsck.ext4 -pf /dev/sde2

which failed for some reason and so I moved to an interactive repair:

fsck.ext4 -f /dev/sde2

Once all of the errors were fixed, I ran a full surface scan to update the list of bad blocks:

fsck.ext4 -c /dev/sde2

Finally, I forced another check to make sure that everything was fixed at the filesystem level:

fsck.ext4 -f /dev/sde2

Fix invalid alternate GPT

The other thing I noticed is this messge in my dmesg log:

scsi 8:0:0:0: Direct-Access     KINGSTON  SA400S37120     SBFK PQ: 0 ANSI: 6
sd 8:0:0:0: Attached scsi generic sg4 type 0
sd 8:0:0:0: [sde] 234441644 512-byte logical blocks: (120 GB/112 GiB)
sd 8:0:0:0: [sde] Write Protect is off
sd 8:0:0:0: [sde] Mode Sense: 31 00 00 00
sd 8:0:0:0: [sde] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
sd 8:0:0:0: [sde] Optimal transfer size 33553920 bytes
Alternate GPT is invalid, using primary GPT.
 sde: sde1 sde2

I therefore checked to see if the partition table looked fine and got the following:

$ fdisk -l /dev/sde
GPT PMBR size mismatch (234441643 != 234441647) will be corrected by write.
The backup GPT table is not on the end of the device. This problem will be corrected by write.
Disk /dev/sde: 111.8 GiB, 120034123776 bytes, 234441648 sectors
Disk model: KINGSTON SA400S3
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 799CD830-526B-42CE-8EE7-8C94EF098D46

Device       Start       End   Sectors   Size Type
/dev/sde1     2048   8390655   8388608     4G Linux swap
/dev/sde2  8390656 234441614 226050959 107.8G Linux filesystem

It turns out that all I had to do, since only the backup / alternate GPT partition table was corrupt and the primary one was fine, was to re-write the partition table:

$ fdisk /dev/sde

Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

GPT PMBR size mismatch (234441643 != 234441647) will be corrected by write.
The backup GPT table is not on the end of the device. This problem will be corrected by write.

Command (m for help): w

The partition table has been altered.
Syncing disks.

Run SMART checks

Since I still didn't know what caused the filesystem corruption in the first place, I decided to do one last check: SMART errors.

I couldn't do this via the USB enclosure since the SMART commands aren't forwarded to the drive and so I popped the drive back into the backup server and booted it up.

First, I checked whether any SMART errors had been reported using smartmontools:

smartctl -a /dev/sda

That didn't show any errors and so I kicked off an extended test:

smartctl -t long /dev/sda

which ran for 30 minutes and then passed without any errors.

The mystery remains unsolved.

18:35

Dirk Eddelbuettel: #30: Easy, Reliable, Fast and Portable Linux and macOS Continuous Integration [Planet Debian]

Welcome to the 30th post in the rarified R recommendation resources series or R4 for short. The last post introduced BSPM. In the four weeks since, we have worked some more on BSPM to bring it to the point where it is ready for use with continuous integration. Building on this, it is now used inside the run.sh script that driven our CI use for many years (via the r-travis repo).

Which we actually use right now on three different platforms:

All three use the exact same script facilitating this, and run a ‘matrix’ over Linux and macOS. You read this right: one CI setup that is portable and which you can take to your CI provider of choice. No lock-in or tie-in. Use what works, change at will. Or run on all three if you like burning extra cycles.

This is already used by handful of my repos as well as by at least two repos of friends also deploying r-travis. How does it work? In a nutshell we are

  • downloading run.sh via curl and changing its mode;
  • running run.sh bootstrap which sets the operating system default:
    • on Linux we use Ubuntu,
      • add two PPAs repos for R itself and over 4600 r-cran-* binaries,
      • and enable BSPM to use these from install.packages()
    • on macOS we use the standard setup also used on Travis, GitHub Actions and elsewhere;
    • this provides us with fast, reliable, easy, and portable access to binaries on two OSs under dependency resolution;
  • running run.sh install_deps to install just the requireded Depends:, Imports: and LinkingTo:
  • running run.sh tests to build the tarball and test it via R CMD check --as-cran.

There are several customizations that are possible via environment variables

  • additional PPAs or drat repos can be added to offer even more package choice;
  • alternatively one could run run.sh install_all to also install Suggests:;
  • optionally one could run run.sh install_r pkgA pkgB ... to install packages explicitly listed;
  • optionally one could also run run.sh install_aptget r-cran-pkga r-cran-pkgb otherpackage to add more Ubuntu binaries.

We find this setup compelling. The scheme is simple: there really is just one shell script behind it which can also be downloaded and altered. The scheme is also portable as we can (as shown) rotate between CI provides. The scheme is also more flexible: in case of debugging needs one can simply run the script on a local Docker or VM instance. Lastly, the scheme moves away from single points of failure or breakage.

Currently the script uses only BSPM as I had the hunch that it would a) work and b) be compelling. Adding support for RSPM would be equally easy, but I have no immediate need to do so. Adding BioConductor installation may be next. That is easy when BioConductor uses r-release; it may be little more challenging under r-devel to but it should work too. Stay tuned.

In the meantime, if the above sounds compelling, give run.sh from r-travis a go!

If you like this or other open-source work I do, you can now sponsor me at GitHub. For the first year, GitHub will match your contributions.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

18:21

Link [Scripting News]

BTW, here's something obvious but unthinkable. Trump is having all these rallies, larger and larger, knowing the deaths they cause won't be obvious until after the election. Now in a way it's much better not to live in a swing state.

Shake yourself up [Scripting News]

Here's something.

I think a lot of people are trying to get past Covid and Trump without making radical changes to their lives.

This is a mistake.

A friend asked what could he do to combat fascism. This is it. Do something to radically shake up your life, by choice.

Each of us are trying to reboot as if taking a box, without changing its shape, and moving it across the world.

It's all going to change. If we emerge from these days, the world will be very different. We have to be different too. We have to be prepared for it.

At some point you have to ask was the shape really the right shape, and what would I give up by changing.

Radical change. Quit your job. Give your car away. Jump out of a plane. Get a sex change. Destroy your business model. Say something unthinkable. Whatever it takes.

I'm reminded of a talk by Bruce Sterling that I keep coming back to. When something radical changes in your life, that's a good time to make other big changes. Death of a parent or spouse. Stock market crash. Major illness. Divorce. A time when you start over. When you have to start over. No choice.

Now, we all have been through that. We've had a major change not just on an individual basis, but on a global scale. Global. Everyone changed. So we can do it. We can change our lives radically. Trump demands it. Covid demands it. The climate crisis demands it.

Your sense of what's normal is worth $0.24. You might find that much money on a sidewalk. I know this because I buried both my parents, and I know how much they thought their opinion mattered, and I know the truth. In the end, what they thought was worth about $0.24, approx.

So fuck it. Destroy your business model. Start over.

Once you've made such a change, you'll find you want to make others.

17:49

Andrew Cater: Chunking through the tests for various media images ... [Planet Debian]

We're working our way through some of the CD/DVD/Blu-Ray media images, doing test installs, noting failures and so on. It's repetitive work but vital if we're going to provide some assurance that folk can install from the images we make. 

There's always the few things that catch us out and there's always something to note for next time. Schweer has joined us and is busy chasing down debian-edu/Skolelinux installs from Germany. We're getting there, one way and another, and significantly ahead of where we were last time around when the gremlins got in and delayed us. All good :)


17:35

Link [Scripting News]

Joe Biden: "When I'm elected..."

17:21

Today in GPF History for Saturday, September 26, 2020 [General Protection Fault: The Comic Strip]

As paramilitary soldiers open fire on their car, Nick and Trudy make a desperate escape from the Lakatos resort...

16:49

Link [Scripting News]

David Frum says he's "worried by a judge who'd accept a nomination under these circumstances." Me too. The nominee no doubt knows that the nominator expects the nominee to do his bidding. Every decision she makes will be viewed in that light.

14:42

Andrew Cater: There are things that money can't buy - and sensible Debian colleagues are worth gold and diamonds :) [Planet Debian]

 Participating in the Debian media testing on debian-cd. One of my colleagues has just spent time to sort out an email issue having spent a couple of hours with me the other night. I now have good, working email for the first time in years - I can't value that highly enough.

Sledge, RattusRattus, Isy and myself are all engaged in testing various CD images. At the same time, they're debugging a new application to save us from wiki problems when we do this - and we're also able to use a video link which is really handy to chat backwards and forwards and means I can sit virtually in Cambridge :)

Lots of backchat and messages flying backwards and forwards - couldn't wish for a better way to spend an afternoon with friends.



12:21

Andrew Cater: There's a Debian point release for Debian stable happening this weekend - 10.6 [Planet Debian]

 Nothing particularly new or unexpected: there's a point release happening at some point this weekend for Debian stable. Usual rules apply: if you've already got a system current and up to date, there's not much to do but the base files version will change at some point to reflect 10.6 when you next update. 

If you have media from 10.5, you may not _have_ to go and get media this weekend but it's always useful to get new media in due course. There's an updated kernel and an ABI bump. You _will_ need to reboot at some time to use the new kernel image.

This point release will contain security fixes, consequent changes etc. as usual - it is always good and useful to keep machines up to date.

Working with the CD team to eventually test, build and release CD / DVD images and media as and when files gradually become available. As ever, this may take 12-16 hours. As ever, I'll post some blog entries as we go.

Currently "sitting in Cambridge" via video link with Sledge, RattusRattus and Isy who are all involved in the testing and we'll have a great day, as ever.


10:21

The magic of trade-offs [Seth's Blog]

If you make a laptop more powerful, the battery life will suffer and it will get heavier too.

Trade-offs.

If you make a plane bigger, it won’t land at every airport, and it will cost more to fly, even if you don’t sell all the seats.

Another set of trade-offs.

Good engineers don’t whine about trade-offs, because they realize that they’re the entire point.

If there were no trade-offs, we wouldn’t need their help, there would be no interesting problems worth solving.

In our work and our lives, we can train ourselves to say, “oh, good, an interesting trade-off.”

Fun with QR library [RevK®'s ramblings]

My QR code generation library works well, but one of the features was generating a "colour" QR code. No, QR codes are not normally coloured, the idea is to just show the anatomy of a QR code, which parts are which. Wikipedia does a good job too.

As part of generating the code I have to create the data part, and padding, and then generate the error correction code (ECC) part, and apply various format control bits and fixed black/white units to make the image.

I have updated the library so it will make a QR code which shows what is what. It was a tad complicated by the fact that the error correction code is interleaved. This means that blocks of data and ECC are scrambled so that each block is actually spread out over the QR code. This means you can remove a chunk of the code - e.g. tear off a corner, and that is a small part of several separate blocks. You will notice the padding (green) below is spread out because of this interleaving.

Each block of data and ECC allows recreating of the data from a relatively small part of the overall block, so the distinction between data and ECC is not that relevant. But the colour coding shows how much is used for what quite nicely even so.


This has colour coding for :-

  • Blue: the actual data for the content
  • Green: padding bytes and bits
  • Red: the ECC code
  • Grey: formatting/control
  • Black/White: the fixed pixels in this size QR code

So that is it, just in case you wondered...

(That one above is an NHS COVID-19 QR code).

P.S. I have been having more fun with custom padding bytes. E.g. the following is correct ECC for the data and padding used.

Of course, if you want to get a bit meta, you can put one type of barcode in the padding of another type. This is a Datamatrix barcode in a QR barcode. A real Frankenstein barcode!

03:49

News Post: Kit Slash Caboodle [Penny Arcade]

Tycho: One of the more elaborate ongoing genres of strip is the Mike's Birthday Strip, of which there are several examples. As today is his birthday in Truth, we have delivered what we hope will be a work of comfort for those who celebrate - wherever they may find themselves. It should also be said that despite what is essentially an unprecedented level of brand awareness for a person's date of birth - only the lamb of hosts Jesus Christ can claim a more robust campaign - I still didn't get him anything for his birthday. This is literally after writing today's strip with him,…

02:14

Firefox Nightly flips on new JIT “Warp” code for greater JavaScript performance [OSnews]

Warp aims to improve the Firefox JavaScript performance by reducing the amount of internal type information that is tracked along with other optimizations. Warp can lead to greater responsiveness and faster page load speed. Numbers cited by Warm developers are normally in the 5~15% range.

As of yesterday, Firefox Nightly now enables Warp by default. The enabling in Firefox Nightly is seeing 20% faster load times for Win64 Google Docs, 13% faster for the Android Reddit SpeedIndex, 18% faster for PDFPaint, and other measurable improvements elsewhere.

That’s a big improvement, and sadly, due to the state of the modern web, a very, very welcome one.

Microsoft’s Windows XP and Windows Server 2003 source code leaked online [OSnews]

The source code for Windows XP SP1 and other versions of the operating system was allegedly leaked online today.

The leaker claims to have spent the last two months compiling a collection of leaked Microsoft source code. This 43GB collection was then released today as a torrent on the 4chan forum.

This is a massive leak of old code, and other than Windows XP, it also includes Windows Server 2003 and various versions of MS-DOS and Windows CE. One of the funnier tidbits we’ve already learned from the leak is that Microsoft was working on a Mac OS X Aqua theme for Windows XP, probably just to see if they could.

I doubt much of this code will be useful to any serious projects, since no serious developer working on things like ReactOS or Wine will want to be found anywhere near this code. That being said, individuals, tinkerers, and those crazy people still making community-updated builds of Windows XP will have a field day with this stuff.

Swift System is now open source [OSnews]

In June, Apple introduced Swift System, a new library for Apple platforms that provides idiomatic interfaces to system calls and low-level currency types. Today, I’m excited to announce that we’re open-sourcing System and adding Linux support! Our vision is for System to eventually act as the single home for low-level system interfaces for all supported Swift platforms.

Never a bad thing to see potentially useful code enter the open source world.

01:49

Alexander Artemenko: which [Planet Lisp]

This is a tiny library by Fernando Borretti. It implements analogue of the UNIX utility which:

POFTHEDAY> (which:which "which")
#P"/usr/bin/which"

POFTHEDAY> (which:which "sbcl")
#P"/Users/art/.bin/sbcl"

POFTHEDAY> (which:which "python3")
#P"/usr/bin/python3"

POFTHEDAY> (which:which "missing-binary")
NIL

That is it. No more, no less. What do you think, when this library can be useful?

By the way, there are many other trivial (but useful) libraries. All of them are marked with a trivial tag on #pofthedday site.

01:28

Link [Scripting News]

Poll: Why do Trump and the Repubs do what they do?

Friday, 25 September

23:56

21:35

21:28

Friday Squid Blogging: COVID-19 Found on Chinese Squid Packaging [Schneier on Security]

I thought the virus doesn’t survive well on food packaging:

Authorities in China’s northeastern Jilin province have found the novel coronavirus on the packaging of imported squid, health authorities in the city of Fuyu said on Sunday, urging anyone who may have bought it to get themselves tested.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

21:21

Quicklisp news: September 2020 Quicklisp dist update now available [Planet Lisp]

 New projects

  • cl-base16 — Common Lisp implementation of base16 — GPLv2
  • cl-bcrypt — Common Lisp system for generating and parsing of bcrypt password hashes — BSD 2-Clause
  • cl-getx — This is a naive, persisted, in memory (lazy loading) data store for Common Lisp. — MIT
  • cl-indentify — A code beautifier for Common Lisp. — MIT
  • cl-kaputt — A Simple Interactive Test Framework for Common Lisp — MIT
  • cl-mango — A minimalist CouchDB 2.x database client. — BSD3
  • cl-minify-css — To minify css with common lisp. — GPLv3
  • cl-rfc4251 — Common Lisp library for encoding and decoding data in RFC 4251 compliant format — BSD 2-Clause
  • cl-setlocale — FFI to setlocale and ncurses locale helper — 2-clause BSD
  • cl-ssh-keys — Common Lisp system for generating and parsing of OpenSSH keys — BSD 2-Clause
  • cl-wave-file-writer — A wave file writer — MIT
  • class-options — Provides easy access to the defining class and its options during initialization. — Unlicense
  • compatible-metaclasses — Validates superclasses according to a simple substitution model, thereby greatly simplifying the definition of class mixins. — Unlicense
  • enhanced-find-class — Provides a canonical way of converting class designators to classes. — Unlicense
  • evaled-when — Provides a way of extracting and replicating the compile-time side-effects of forms. — Unlicense
  • file-attributes — Access to file attributes (uid, gid, atime, mtime, mod) — zlib
  • gadgets — Ben McGunigle's utility collection — Apache License, version 2.0
  • gooptest — A microcontroller testing framework. — GPL-3.0
  • kekule-clj — A Kekule widget for Common Lisp Jupyter — MIT
  • magicffi — cffi interface to libmagic(3) — Simplified BSD License
  • math —это математическая библиотека, реализующая некоторые алгоритмы: - линейной алгебры; - операций работы с матрицами; - статистические функции; - линейной и билинейной интерполяции; - нахождения приближающих многочленов, реализованная на Common Lisp — GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 or later
  • messagebox — A library to show a native message box dialog. — zlib
  • metalock — A metaclass that makes building parallel systems easier by providing each slot within a class a lock which is grabbed automatically. — MIT
  • nbd — Network Block Device server library. — MIT
  • object-class — Ensures that special subclasses of standard-object cluster right in front of standard-object in the class precedence list. — Unlicense
  • picl — Python Itertools in Common Lisp — MIT
  • pkg-doc — View package documentation in a clim-treeview — BSD Simplified
  • py4cl2 — Some improvements over py4cl — MIT
  • shasht — JSON reading and writing for the Kzinti. — MIT
  • simple-guess — Defines a simple extensible protocol for computing a guess using advisors. — Unlicense
  • trivial-do — Looping extensions that follow the style of the core DO functions. — MIT
  • uncursed — Another TUI library, this time without curses. — BSD 3-Clause
  • xcat — XCAT mass LAN big file distributor — MIT
  • zippy — A fast zip archive library — zlib

Updated projects3b-hdr3bmdacclimationalexandriaalgaeanypoolaprilatomicsbabelbdefbstci-utilscity-hashcl-allcl-aristidcl-autowrapcl-base64cl-bnfcl-cffi-gtkcl-collidercl-conllucl-covid19cl-dotcl-erlang-termcl-fixcl-formscl-fusecl-gamepadcl-gservercl-html-parsecl-krakencl-liballegrocl-liballegro-nuklearcl-marklesscl-migratumcl-mixedcl-mpg123cl-naive-storecl-patternscl-pngcl-pslibcl-rabbitcl-readlinecl-rediscl-renderdoccl-rrtcl-rsvg2cl-sdl2-ttfcl-steamworkscl-stompcl-storecl-strcl-unificationcl-utilscl-webkitcl-zyreclack-pretendclastclawkclcs-codeclimacscljcloser-mopclunit2com-oncom.google.basecommon-lisp-jupytercommonqtcroatoandeploydiff-match-patchdjulaeasy-audioeasy-routeseazy-processeclectoreosexscribef2clfare-quasiquotefast-iofile-selectfiveamflareflexi-streamsflexichainfloat-featuresfont-discoveryfsetfunctional-treesgendlgeneric-clglacierglsl-toolkitgolden-utilsgtirbgtirb-capstoneharmonyhu.dwim.asdfhu.dwim.delicohu.dwim.walkerhunchentoot-multi-acceptorhyperluminal-memhyperobjectinferior-shellinner-conditionalironcladjingohjonathanjpeg-turbokmrcllazylinear-programminglisp-binarylisp-gflagslispcordliterate-lisplocal-timelog4clmaidenmarkupmcclimmethod-hooksmgl-paxmodfmutilitynamed-readtablesnibblesnodguinull-packageopticloriginosicatoverlordparen6parsepathname-utilsperceptual-hashespetalispphoe-toolboxpngloadportable-condition-systempostmodernprotobufpsychiqpy4clquilcquux-hunchentootrandom-stateread-as-stringreplicroanrpcqs-graphvizsanity-clausesc-extensionsscalplselserapeumshadowsheepleshellpoolsimple-actorsslimeslysnoozestumpwmsxqltootertrace-dbtriviatrivial-argumentstrivial-clipboardtrivial-custom-debuggertrivial-garbagetrivial-gray-streamstrivial-utf-8trucleruax-14umbraunix-optsvernacular.

Removed projects: unicly.

To get this update, use (ql:update-dist "quicklisp").

Enjoy!

20:14

Page 60 [Flipside]

Page 60 is done.

20:00

18:28

[$] Toward a "modern" Emacs [LWN.net]

It has only been a few months since the Emacs community went through an extended discussion on how to make the Emacs editor "popular again". As the community gears up for the Emacs 28 development cycle, (after the Emacs 27.1 release in August) that discussion has returned with a vengeance. The themes of this discussion differ somewhat from the last; developers are concerned about making Emacs — an editor with decades of history — seem "modern" to attract new users.

17:49

Joshua tree [Richard Stallman's Political Notes]

California will study whether the Joshua tree needs legal protection from being wiped out by global heating.

Manslaughter and miscarriages [Richard Stallman's Political Notes]

* Dozens of women have been convicted for manslaughter, homicide and aggravated homicide after having miscarriages, stillbirths and other obstetric emergencies since El Salvador introduced a total ban on abortion in 1998.*

Security risk [Richard Stallman's Political Notes]

*White House 'pressured official to say John Bolton book was security risk'.*

It's another example of how the wrecker corrupts every government activity.

US Chamber of Commerce [Richard Stallman's Political Notes]

The US Chamber of Commerce has found 23 Democrats in Congress sufficiently plutocratist to endorse their election campaigns.

Talking about concerns [Richard Stallman's Political Notes]

Some large US corporations have learned to talk about concern for "stakeholders" other than their owners and executives, but it's only talk.

Hardly discussing global heating disaster [Richard Stallman's Political Notes]

In this year's presidential debates, the danger of global heating disaster may hardly be discussed.

If there is a question about this issue, it is likely to use the vague, neutral term "climate change" which invites candidates to miss the point.

Bolstering companies who laid off [Richard Stallman's Political Notes]

*The Federal Reserve bond purchasing program meant to prevent workers from losing their jobs amid the Covid-19 pandemic instead bolstered companies who laid off more than one million workers while paying massive dividends to shareholders.*

Climate activists and energy bill [Richard Stallman's Political Notes]

Climate activists call for defeat of the Congressional Democrats' inadequate energy bill.

The article says that passing that bill would by a "Pyrrhic" victory, which is incorrect use of the word. "Pyrrhic" describes a victory won at such a great cost that you can't afford to win another. (King Pyrrhos of Epirus said that about his victory over Rome.) This bill would be, rather, a dummy victory.

The oil companies' conservation plans are also drastically inadequate.

2021 Ecuador election [Richard Stallman's Political Notes]

Ecuador's treacherous president Moreno is trying to rig the 2021 election by stopping Correa and his supporters from running.

Earth is dating the Moon [Richard Stallman's Political Notes]

(satire) *… the National Aeronautics and Space Administration confirmed Monday that the Earth is dating the Moon.*

Inciting violence against reporters [Richard Stallman's Political Notes]

The bully continually incites violence against reporters but pretends not to be doing so.

Remember how in 2016 a Republican candidate apologized for punching a reporter, but the bully praised it anyway?

Zero greenhouse emissions vehicles [Richard Stallman's Political Notes]

Governor Newsom ordered that all vehicles sold in California after 2035 make zero greenhouse gas emissions, but he failed to take real steps to reduce oil and gas extraction in the state.

Stealing the election [Richard Stallman's Political Notes]

*Trump Keeps Telling Us How He and Republicans Plan to Steal This Election. Can we stop him and save our republic before it's too late?*

Is "steal" the correct word? The final step would use a loophole in the Constitution, and that a such would not be stealing it. But the first step is a fraudulent accusation of fraud, and I think that would justify the word "steal".

Why are Republicans in control of all the swing states' legislatures? Some of those states now vote majority Democrat, but gerrymandering has prevented the voters from electing legislators that reflect their views.

17:42

Today in GPF History for Friday, September 25, 2020 [General Protection Fault: The Comic Strip]

As the Physaric fleet retreats from the solar system that was formerly the home of the Earth, a familiar, sneering face emerges from a pool of slime...

17:14

Link [Scripting News]

Reporters forget past atrocities, so they can re-discover them, so it's (as far as they're concerned) news -- again. This makes their job approachable. Anything beyond this would require them to adapt, risk, improvise, grow. In software, ideas from users can be confusing, but also incredibly valuable. Users have nothing invested in the way you do things. They just know what they want. Knowing what users want is valuable, but news doesn't incorporate that, because they never listen to users, they only listen to each other, and often not even that.

Link [Scripting News]

It's true that in 2016 Trump said he wouldn't honor the vote if he lost, but there is a big difference between then and now. Now he's the president, and he lives in the White House and is commander in chief of the armed forces. There's a lot of time between Election Day and Inauguration Day. Time Trump can really fuck things up for us, beyond how fucked up they already are. Everyone thinks Trump is going to lose but refuse to leave. I think he has another plan. When I was playing a board game with my little brother when we were kids, if he didn't like how it was going, well you know what little brothers do. That's Trump. A snotty ass little brother if there ever was one. 😄

Trump plus the virus [Scripting News]

I remember reading this piece, carefully, word for word and beling relieved that there was a way to fight the virus. It's a summary of a podcast McNeil did on March 12.

  • March 22: "Terrifying though the coronavirus may be, it can be turned back. China, South Korea, Singapore and Taiwan have demonstrated that, with furious efforts, the contagion can be brought to heel."

It's one of those things that I'll remember forever. Before listening, I had no idea how we fight this. After listening, I understood how it works. And that it had worked, in China and South Korea and other places. It would have amazed me then that here it is 6 months later and only a few states have done it remotely this way. Our efforts in the Northeast are primitive in comparison, but they worked. A lot of people were made very sick, and a lot of people died, but we got the virus under control. But it's raging out of control elsewhere in the country. You know when the Dems say the election is about health, they're talking about the ACA, but that's wrong. There's a pandemic raging through our country and it's growing again. We have to connect with this. And we won't have any hope, any hope at all, if Trump remains president.

September 7: "If you accept the premise that [Trump is] hell-bent on building a fascist reich, and I do, the virus is a powerful ally that Hitler never had. Hitler had to wait to start exterminating his enemies until he had absolute power locked down. Trump doesn't have to."

It's time to be scared. In the moment when you still have power. Later it will be too late. Trump plus the virus -- that's what we're up against.

16:56

Friday Larchive – Positively Delartful [Looking For Group]

Fridays, we open the Larchives, Lar’s extensive archive of art work oddities, and share a few pieces. Sometimes there will be a theme, or a reason behind the choices. Other times there will be none. Normally I dip deeper into […]

The post Friday Larchive – Positively Delartful appeared first on Looking For Group.

Russell Coker: Bandwidth for Video Conferencing [Planet Debian]

For the Linux Users of Victoria (LUV) I’ve run video conferences on Jitsi and BBB (see my previous post about BBB vs Jitsi [1]). One issue with video conferences is the bandwidth requirements.

The place I’m hosting my video conference server has a NBN link with allegedly 40Mb/s transmission speed and 100Mb/s reception speed. My tests show that it can transmit at about 37Mb/s and receive at speeds significantly higher than that but also quite a bit lower than 100Mb/s (around 60 or 70Mb/s). For a video conference server you have a small number of sources of video and audio and a larger number of targets as usually most people will have their microphones muted and video cameras turned off. This means that the transmission speed is the bottleneck. In every test the reception speed was well below half the transmission speed, so the tests confirmed my expectation that transmission was the only bottleneck, but the reception speed was higher than I had expected.

When we tested bandwidth use the maximum upload speed we saw was about 4MB/s (32Mb/s) with 8+ video cameras and maybe 20 people seeing some of the video (with a bit of lag). We used 3.5MB/s (28Mb/s) when we only had 6 cameras which seemed to be the maximum for good performance.

In another test run we had 4 people all sending video and the transmission speed was about 260KB/s.

I don’t know how BBB manages the small versions of video streams. It might reduce the bandwidth when the display window is smaller.

I don’t know the resolutions of the cameras. When you start sending video in BBB you are prompted for the “quality” with “medium” being default. I don’t know how different camera hardware and different choices about “quality” affect bandwidth.

These tests showed that for the cameras we had available a small group of people video chatting a 100/40 NBN link (the fastest Internet link in Australia that’s not really expensive) a small group of people can be all sending video or a medium size group of people can watch video streams from a small group.

For meetings of the typical size of LUV meetings we won’t have a bandwidth problem.

There is one common case that I haven’t yet tested, where there is a single video stream that many people are watching. If 4 people are all sending video with 260KB/s transmission bandwidth then 1 person could probably send video to 4 for 65KB/s. Doing some simple calculations on those numbers implies that we could have 1 person sending video to 240 people without running out of bandwidth. I really doubt that would work, but further testing is needed.

16:28

Four short links: 25 September 2020 [Radar]

<ol>
<li><a href=’http://adapton.org/‘>Adapton</a> — <i>A program P is incremental if repeating P with a changed input is faster than from-scratch computation. Adapton offers programming language abstractions for incremental computation.</i></li>
<li><a href=’https://octopus.com/blog/database-migrations-lessons-learned‘>Migration Lessons Learned</a> — <i>Keep your migration scripts away from your production code; Keep it low-tech, don’t deserialize; Write tests to exercise each migration script individually; Consider running long migrations online; Consider versioning your documents.</i></li>
<li><a href=’https://venturebeat.com/2020/09/22/microsoft-gets-exclusive-license-for-openais-gpt-3-language-model/‘>Microsoft Exclusive License to GPT-3</a> — If you’re selling compute, the logical complement is a clever system that sucks compute. I assume that’s why Oracle now have a slice of Tik-Tok. Capitalism is weird.</li>
<li><a href=’https://ucnv.github.io/pnglitch/‘>PNGlitch</a> — <i>However, we do not look at image formats from a general point of view, but rather think of ways to glitch them. When we look at PNG from the point of view of glitch, what kind of peculiarity does it have?</i></li>
</ol>

16:14

Calibre 5.0 released [LWN.net]

Version 5.0 of the Calibre electronic-book manager has been released. "There has been a lot of work on the calibre E-book viewer. It now supports Highlighting. The highlights can be colors, underlines, strikethrough, etc. and have added notes. All highlights can be both stored in EPUB files for easy sharing and centrally in the calibre library for easy browsing. Additionally, the E-book viewer now supports both vertical and right-to-left text." Another significant change is a port to Python 3; that was a necessary change but it means that there are a number of plugins that have not yet been ported and thus won't work. The status of many plugins can be found on this page.

Security updates for Friday [LWN.net]

Security updates have been issued by Debian (rails), openSUSE (chromium, jasper, ovmf, roundcubemail, samba, and singularity), Oracle (firefox), SUSE (bcm43xx-firmware, firefox, libqt5-qtbase, qemu, and tiff), and Ubuntu (aptdaemon, atftp, awl, packagekit, and spip).

15:42

BingeWorthy profile pages [Scripting News]

Here's the deal with profile pages.

  • You have one. I have one.
  • Anyone who has signed on to BingeWorthy has one.
  • They list all the shows you've rated, from best to worst.
  • Profile pages are designed to share. When someone asks for a list of good things to binge, instead of thinking of a few off the top of the head, share a link to your profile page.
  • You can edit your name, the image URL, description so if you're not happy with the initial versions (which we got from your Twitter profile), you can change them in the Settings dialog in BingeWorthy. All this is echoed in your Facebook and Twitter metadata, so it'll show up when you paste a link into those services, and many others that read this form of metadata.

If your screenname is bullmancuso, this is your profile page.

If you have questions or comments, please post them here.

Screen shot of the top part of my profile page.

INSANE CHARITY BIKE RIDE 2020! [Dork Tower]



In three days, I attempt Insane Charity Bike Ride 2020. Now with a duck on my head. (We passed the $10,000 mark). Possibly with two.
Another insanity – I failed to post about it here, on DorkTower.com! Though most of my blogging will be over at the Dork Tower Patreon page, I blame #PandemicBrain.

So here is the last-minute low-down:

STRETCH GOALS:
$10,000 Goal – I wear the Duck of Doom on my helmet for the ride. PASSED.
$11,000 – I will wear the tentacles again (pictured above). PASSED.
$12,000 – Daughter, Age 11, will ride 10 miles with me. PASSED.
$14,000 – Comics legend Gail Simone will write a limerick for the ride, which I will illustrate. All backers will get a PDF of this. PASSED.
$15,000 – the Gail Simone limerick will be included as a signed mini-print for swag-level ($25 and up) backers. PASSED.

$16,000 – (Final stretch-goal) – I will wear BOTH ducks on my helmet (pictured above)!

Every year, this ride helps the FairShare CSA Coalition bring fresh, organic food from Dane County, WI, farms to low-income families in the Madison area.

It’s an amazing local charity, helping farmers as well as low-income families. But obviously, this year, the need is greater.

The Army of Dorkness (this means YOU!) has become hugely important to this campaign, raising more than $90,000 over the past seven years! You all are AMAZING!

If you have the means, please support Insane Charity Bike Ride 2020!

Aside from making me cycle a very long distance (now with a duck on my head), here’s what I’ll send you, in return.
1) EACH and EVERY pledge will get a pdf of the limericks Neil Gaiman, Patrick Rothfuss and now Gail Simone created for the ride, illustrated by me. PLUS, a pdf copy of both charity coloring books I drew.
2) A pledge of $25  gets the signed 2020 MUNCHKIN CHARITY POSTCARD! Created exclusively for donors of this ride, this will let you start one game of Munchkin at Level 3. And now, of course, the Gail Simone limerick mini-print, as well as the PDF limericks and coloring books.
3) A pledge $50 will get all of the above, plus a unique-to-this-ride ARMY OF DORKNESS Sergeant button!
4) A pledge $125 will get all of the above, plus last year’s GAMEHOLE CON plushie – the Displacer Kitten! 2 of 10 left)
5) A pledge of $175 will get you this year’s postcard, the Sergeant button, plus all seven previous Charity postcards! (These are running low, and this is probably the last year this can be offered).  (4 of 10 left)
6) A pledge of $250 will get you this year’s postcard, the Sergeant button, and an ORIGINAL PIECE OF MUNCHKIN CARD ART. This is the only way you can get original Munchkin card art – I never sell it. I choose my favorite pieces to send to ride backers. The art will be from a classic Munchkin core set or supplement. You also get the button, and this year’s postcard. (22 of 30 left)
7) A $500 pledge gets you the postcard, the button, the PDFs, the Displacer Kitten plushie, the Original Munchkin art,  the Owlbear backpack, and next year’s GameholeCon Plushie, the Blink Puppy!  (This will be mailed to you as soon as we receive them). (2 of 10 remaining).
8) A $1,500 pledge means EITHER (a) I will paint a cartoon portrait of you, and/or your family (up to five members), and/or your pets, either digitally (for use on cards, etc.) or physical (acrylics on canvas, 14″ x 16″ or larger). Or (b) You get to star in an original DORK TOWER comic, and also get to keep the original artwork! You also get a piece of Munchkin art, the current postcard, the pdfs and the badge. (3 of 4 remaining)
Oh, and if you’re also a Dork Tower Patreon supporter, or have backed The Tao of Igor Kickstarter, you will also receive this unique-to-this-ride Army of Dorkness button, featuring Gilly!
Anyway, there you have it. INSANE CHARITY BIKE RIDE 2020. Help me help farmers get fresh food to local low-income families. Or simply do it to force a second duck upon my head.  Your choice.
You’ll still be able to donate, and get swag, for a couple of weeks after the event. But the shot at that second duck? Gone, after Sunday.
– John

15:28

Pluralistic: 25 Sep 2020 [Pluralistic: Daily links from Cory Doctorow]


Today's links



A New American Manifesto (permalink)

In case you'd forgotten just how subversive and angry the Declaration of Independence actually is, in case the words have turned into hollow platitudes due to repetition and archaic language, feast your senses upon "A New American Manifesto."

https://medium.com/@absurdistwords/a-new-american-manifesto-c75f35318091

Absurdist Words has updated the Declaration into contemporary, informal language, updating the references for eerie correspondences to our current political fights:

Here are the Receipts:

  1. He is lawless. He has no respect whatsoever for the rules of this country
  2. He has interfered with state Governors’ abilities to take care of their states in times of crisis, constantly breaking promises and being unreliable, just to wear them down so that they will do whatever he wants and then neglects them even when they do it

  3. He has abused the powers of the Presidency, leveraging people’s rights for business purposes.

  4. He turns public events into personal campaign stunts, wearing all the rational people down with his antics and erratic behavior…

…We tried to be empathetic to those who support Trump and his nationalism. We tried to give them the heads up that they had made a terrible choice. We tried to remind them that many of them were immigrants and that they should think twice about how we deny others entry. We tried to appeal to their sense of honor. To their sense of civics. To their sense of duty. We tried to appeal to the fact that we’re all in this together and that we are all one nation. We tried to explain that backing authoritarianism would be terrible for everyone.But they wouldn’t listen. We tried. We wanted to fight Trump together. But they mock justice and shun the idea of unity. So nothing personal, but they picked a side.



Adventures of a Dwergish Girl (permalink)

Few authors have had as much influence on my progress as a human being – to say nothing of my writing – as Daniel Pinkwater. The course of my life was profoundly altered by reading Alan Mendelsohn, the Boy From Mars in middle school, and I have read dozens of his books since.

I find that many distinctive authors circle themes and plots, like a cannoneer rangefinding with artillery, trying to bullseye some impossible-to-define perfect target. I county myself in that group, and I definitely count Pinkwater there.

I can't tell you exactly what it is he's trying to hit, but every book seems to come closer to some irreducible Pinkwaterian ideal, and his latest, Adventures of a Dwergish Girl, is the closest he's come yet.

https://tachyonpublications.com/bestselling-author-daniel-pinkwater-returns-in-classic-form-with-the-illustrated-middle-grade-adventures-of-a-dwergish-girl/

First, let me attempt* to summarize the plot. Dwergs are basically a magical race inhabiting the Hudson Valley. They're something like Tolkien's dwarves, but not. Male dwergs are pretty odd-looking and rarely venture into the world.

*"Attempt" is doing a lot of work here.

But female Dwergs, like protagonist Molly O'Malley, can pass for short-ish humans, albeit with very large feet and the ability to move with uncanny speed through the woods near Kingston, NY.

Molly can't abide the sameness and dullness of life in the unchanging, eternal Dwergish village of her birth, so she moves to Kingston, NY, where she befriends Arnold Babatunji, a Naples-obsessed restaurateur who runs the Hudson Valley's greatest pizzeria, who hires Molly.

For a time, life is good. Molly learns about pizza, pals around with a former boy-genius who runs the village radio station, and sleeps in a forest dwelling of her own devising, supplementing her income with the cash from the lumpy Dwergish gold coin she's pawned.

But the pawn-broker is tied up with gangsters – some of them ghosts, some living – and then Molly befriends Leni, an indigenous girl whose people have lived in the Catskills since time immemorial.

Leni tempts Molly to ride the Greyhound to NYC, where she rides the subway, and, more importantly, samples the indescribable wonderments of papaya juice and all-beef franks, which change her life.

And of course, while in New York, Molly encounters Carlos Chatterjee, a Revolutionary War reenactor who runs a spectacular junk shoppe on the mezzanine of an uptown MTA station.

Carlos turns out to be crucial to the resolution of Molly's main challenge, which is the transdimensional meat-robots in British redcoat uniforms who seem to be bent on reenacting the 1777 burning of Kingston (spoilers!).

Averting this disaster is a big project for Molly, who enlists the Catskills Witch (who has moved to Manhattan) and the semi-mythical King of the Dwergs, who uses bee-style waggle-dancing to advise them.

This is a book with:

So.

Much.

Stuff.

My all-time favorite place to eat in NYC is Shopsins. Pinkwater novels are like expanded Shopsins menus. Motto: "nothing exceeds like excess." But this isn't mere kitchen-sinkery: it's skilled wunderkammering, a carefully curated study in contrasts.

https://www.shopsins.com/s/order

Pinkwater insists that his books aren't "weird" and even bristles at the suggestion:

https://twitter.com/DanielPinkwater/status/1227548549199650817

I take him to mean that he's describing the world as he perceives it, not adding any weirdness. We live in a weird place. 2020 certainly proves that hypothesis.

I think there's something to this – the thing that makes Pinkwater's work so great is his ability to describe the everyday absurdity in terms that make it clear how weird normalcy is (and vice-versa).

That's definitely Dwergish Girl's charm. I read this to my 12 year old, who is way too cool to be getting bedtime stories of her old, irrelevant father's favorite weird writers.

Every night, she insisted that she didn't want me to read from it. Every night, she begged for another chapter when I was done (and interrupted repeatedly to ask incisive questions about the Revolutionary war, papaya juice, ghosts, radio announcers, etc).

Pinkwater's got The Magic (whatever that is) and he keeps getting better at it.



Trudeau promises massive covid stimulus (permalink)

Canadian Prime Ministers have a fun gambit: when things start to go really badly for them, they "prorogue" (suspend) Parliament, which dissolves all committees, inquiries, etc, until such time as they are ready to reconvene, with a tabula rasa.

Most egregiously, the far-right asshole and climate criminal Stephen Harper prorogued Parliament in the middle of the 2008 Great Financial Crisis in order to avoid a no-confidence vote that would have triggered new elections.

https://en.wikipedia.org/wiki/2008%E2%80%932009_Canadian_parliamentary_dispute

While this DID save Harper's bacon, it also left Canada without a legislature during a global crisis that threatened the nation's entire future. It was a crazed, reckless thing to do.

Canada has a safeguard to prevent this kind of gambit: as a constitutional monarchy, Canadian parliamentary manoeuvres have to receive the Crown's blessing, in the form of assent from the Governor General, the Queen's rep to Canada.

This is the sober, apolitical adult supervision that fans of constitutional monarchies are always banging on about, and then-Governor General Michaëlle Jean completely failed to do her fucking job, leaving Canada without a Parliament during the GFC. She literally had one job.

Proroguing Parliament didn't just save Harper from a no-confidence vote: it also dissolved all the Parliamentary inquiries underway at the time, including the "Afghan detainee transfer" affair, which was investigating Canadian forces' complicity in the torture-murder of POWs.

In many ways, Trudeau is the anti-Harper: a charismatic Liberal who tells refugees they're welcome in Canada, marches with Greta Thunberg, and appoints the first-ever First Nations person to serve as Attorney General .

Truly, there is no policy so progressive that Trudeau won't endorse it…provided he doesn't actually have to make it into policy. Because many of his policies are indistinguishable from Harperism, albeit with a better haircut.

This started before he won the election, when Trudeau (whose father once declared martial law!) whipped his MPs to vote for a human-rights-denying mass surveillance bill, C-51.

Trudeau did so while insisting that the bill was a massive overreach and totally unacceptable, but claiming that the "loyal opposition" should still back it so as not to be accused of being soft on terrorism in the coming election. He promised to repeal it after.

Of course, he didn't.

Trudeau is often compared to Obama, a young and charismatic fellow who makes compromises, sure, but comes through in the clutch.

Tell that to pipeline protesters.

After the Obama administration killed the Transmountain Pipeline – the continent-spanning tube that would make filthy, planet-destroying tar sands profitable enough to bring to market – Trudeau bailed it out, spending billions of federal dollars to keep it alive.

Then, Trudeau – who campaigned on nation-to-nation truth and reconciliation with First Nations – announced that he would shove this toxic tar-sand tube through unceded treaty lands across the breadth of the nation.

And then he had the audacity to march with Greta Thunberg at the head of a climate march, demanding a change to policies that would see billions dead in the coming century.

His own policies.

I mean, Trudeau's boosters have a point – Harper never could have pulled that off.

The Harper years were a Trumpian orgy of blatant self-dealing and cronyism.

The Trudeau years, on the other hand…

One of Trudeau's major donors is SNC Lavalin, a crime syndicate masquerading as a global engineering firm (think Halliburton with less morals).

SNC Lavalin had done so much crime that it was on its final notice with the Canadian legal sysem, a probation that it must not violate on penalty of real, big boy federal criminal prosecutions.

Then it did more crimes.

Remember Trudeau's historic appointment of a First Nations woman to the Attorney General's seat? Now was AG Jody Wilson-Raybould's moment to shine.

As Wilson-Raybould began aggressively pursuing these corporate criminals, she started getting calls from Trudeau's office.

For avoidance of doubt, these were not calls of support. They were demands to drop the case and let the SNC Lavalin crime syndicate get off scot-free. Eventually the PM himself called her and demanded that she give his cronies a pass on their repeated criminal actions.

Wilson-Raybould went public, decrying political meddling in the justice system. Trudeau denied everything and began to smear her (Harper had tons of scandals like this, BTW, only the counterpart was usually a rich old white guy, not a First Nations woman).

But Wilson-Raybould had recorded the conversations, and she released the recordings, and proved that Trudeau had lied about the whole thing. Trudeau fired her and kicked her out of the party.

But at least he's not Trump, right? He's the anti-Trump! (Well, except for the pipeline and that time he announced "No country would find 173 billion barrels of oil in the ground and leave them there").

Remember the Muslim Ban? As Trump was tormenting refugees at the US border, Trudeau tweeted "To those fleeing persecution, terror & war, Canadians will welcome you, regardless of your faith. Diversity is our strength #WelcomeToCanada."

Yes, that was awesome. There is no policy so progressive that Trudeau won't endorse it…provided that he never has to do anything to make it happen.

Canada and the US have a "Safe Third Country Agreement" that says that asylum-seekers turned away from the US border can't try again in Canada. To make #WelcomeToCanada more than a hashtag, Trudeau's government would have to suspend that agreement.

Instead, Trudeau's government insisted that under Trump, "the conditions of the Safe Third Country Agreement continued to be met" and thus they would not suspend the agreement and give hearings to those turned away by Trump's border guards.

But at least Trudeau handled the pandemic better than Harper handled the Great Financial Crisis.

No, really, he did!

Mostly.

I mean, unless you were in a nursing home or on a First Nations reservation.

https://www.canadalandshow.com/podcast/an-emergency-season-pandemic/

But still, Trudeau's government did a much better job than the Trump government, or Boris Johnson's Tories. Neither Liberals nor Conservatives will really fight cronyism, climate change or authoritarianism, but there are still substantive differences between them.

But in some ways, they are depressingly similar.

Take corruption.

Long before the plague struck, Canadaland was publishing damning reports on We Charity, a massive, beloved Canadian charitable institution nominally devoted to ending child slavery.

Canadaland's initial reporting on the charity focused on its partnerships with companies that were using child slaves to make their products, but the investigations mushroomed after the charity sent dire legal threats to the news organisation over its coverage.

And then Canadaland founder Jesse Brown found himself smeared by a US dirty-tricks organization that got its start working for GOP politicians, who got a contract to plant editorials criticizing Canadaland's We coverage in small-town US newspapers.

Private eyes started following Brown around, even keeping tabs on his small children. Rather than being intimidated, Brown kept up the pressure on We, which prompted whistleblowers to leak him even more details about the charity's activities.

https://pluralistic.net/2020/08/03/turnkey-authoritarianism/#we-charity

These included massive, mysterious real-estate holdings, hard-to-excuse criminal investigations of its Kenyan activities, and (here's where I've been going with this all along) giant cash payments to Trudeau's family, as well as valuable gifts to his Finance Minister.

And, as with the Wilson-Reybould affair, Trudeau's initial response to this was to simply deny it, calling his accusers liars. But then the scandal kept unspooling, his Finance Minister quit in disgrace, the charity (sort of) folded up and shut down, and Trudeau…

Well, Trudeau prorogued Parliament, shutting down Canada's government in the midst of a crisis that was – unimaginably – even worse than the 2008 crisis that Harper had left the nation rudderless through to avoid his own scandal.

(Again, for constitutional monarchy fans, that's two entirely political proroguings in the midsts of global crises, signed off on by the Queen's supposedly apolitical and sober check on reckless activity)

Shutting down Parliament seems to have rescued Trudeau's government from snap elections, which may well have been won by the Tories, who have resolved their longstanding racist and plutocratic tensions with a new ghoulish nightmare leader:

https://jacobinmag.com/2020/09/canada-erin-otoole-conservative-party-cpc/

And, as Trudeau has reconvened Parliament, he's promised something genuinely amazing: a massive, national stimulus package meant to keep families, workers and small businesses afloat through the looming second pandemic wave.

https://www.reuters.com/article/us-health-coronavirus-canada-economy/canada-bets-the-farm-on-big-spending-as-second-wave-threatens-economic-recovery-idUSKCN26F1NF

This is something Canada – and the US, for that matter – desperately needs. Canada is monetarily sovereign: it issues its own currency and its debt is in the same currency, meaning it can never run out of money (no more than Apple could ever run out of Itunes gift cards).

The Canadian government does face constraints on its spending, but they're just not monetary constraints – they're resource constraints. If the Canadian government creates money to buy the same things the private sector is shopping for, there'll be a bidding war, AKA inflation.

But as a new wave of lockdowns and mass illness looms over the country, there's going to be a hell of a lot of things the private sector isn't trying to buy – notably, the labour of the Canadian workforce, millions of whom will be locked indoors through the winter.

An analyst warns that Trudeau's proposal is likely to add CAD30B to the deficit, which is a completely irrelevant fact unless that new money is going to be chasing the same goods that Canadian business and citizens are seeking to buy.

Trudeau has promised to create a national prescription drug plan (a longstanding hole in Canada's national health care system), as well as universal childcare, and he's denounced austerity as a response to the crisis.

There's a part of me that is very glad to see this. My family and friends are in Canada, after all, and if Trudeau lives up to his promise, he will shield them from the collapse we're seeing in the USA.

But that is a big if. Trudeau isn't Harper. He's more charismatic, he's got better hair, and he says much, much better things than Harper.

However, when the chips are down, Trudeau out-Harpers Harper.

Mass surveillance legislation. Corruption scandals. Lying about corruption scandals. Bailing out the pipeline. "No country would find 173 billion barrels of oil in the ground and leave them there." Abandoning asylum-seekers to Trump's lawless regime.

"Once is happenstance. Twice is coincidence. The third time it's enemy action." It would be pretty naive to assume that merely because Trudeau has promised to do the right thing, that he will do the right thing.

Indeed, if history is any indicator, the best way to predict what Trudeau will do is to assume that it will be the opposite of whatever he promises.

I won't lie. I felt a spark of hope when I read Trudeau's words.

But hope is all I've got – and it's a far cry from confidence.

Or relief.



This day in history (permalink)

#15yrsago Kate Wilhelm’s must-read writerly advice/history of Clarion https://memex.craphound.com/2005/09/25/kate-wilhelms-must-read-writerly-advice-history-of-clarion/

#10yrsago FTC clobbers Roca Labs, the terrible weight-loss company that banned negative reviews https://www.popehat.com/2015/09/24/roca-labs-weight-loss-company-that-sues-its-critics-sued-by-ftc-over-deceptive-advertising-and-dont-criticize-us-gag-clause/

#10yrsago Not just emissions: manufacturers’ dirty tricks fake everything about cars https://www.economist.com/briefing/2015/09/26/a-mucky-business

#5yrsago KARMA POLICE: GCHQ’s plan to track every Web user in the world https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-users-online-identities/

#5yrsago Appeals court rules Batmobile is a “character” and is copyrighted by DC https://arstechnica.com/tech-policy/2015/09/pow-appeals-court-assigns-copyright-to-the-batmobile/

#5yrsago The other ad-blocking ecosystem: blame-ducking https://medium.com/message/how-we-pass-the-buck-d63fcf409247

#1yrago Thomas Cook travel collapsed and stranded 150,000 passengers, but still had millions for the execs who tanked it https://www.reuters.com/article/us-thomas-cook-grp-passengers-idUSKBN1W90HO

#1yrago Lynda Barry is a Macarthur “genius” https://www.chicagotribune.com/entertainment/ct-ent-2019-macarthur-genius-grants-0926-20190925-k77l2xldrfhrvluq4xsmdradpi-story.html

#1yrago Stargazing: Jen Wang’s semi-autobiographical graphic novel for young readers is a complex tale of identity, talent, and loyalty https://memex.craphound.com/2019/09/25/stargazing-jen-wangs-semi-autobiographical-graphic-novel-for-young-readers-is-a-complex-tale-of-identity-talent-and-loyalty/



Colophon (permalink)

Today's top sources: JWZ (https://www.jwz.org/blog/)

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 560 words (65436 total).

Currently reading: Gideon the Ninth, Tamsyn Muir

Latest podcast: IP https://craphound.com/podcast/2020/09/14/ip/

Upcoming appearances:

Recent appearances:

Latest book:

Upcoming books:


This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

15:21

Structured binding may be the new hotness, but we’ll always have std::tie [The Old New Thing]

C++17 introduced structured binding, which lets you assign an expression to multiple variables.

auto [a,b] = std::pair(1, "hello");
// int a = 1
// char const* b = "hello"

However, this is for creating new variables to hold the result. If you want to assign the result to existing variables, then you can use the old standby std::tie.

int a;
char const* b;
std::tie(a, b) = std::pair(1, "hello");

This comes in handy in C++/WinRT if you have a winrt::com_array<T> and you need to return it in its ABI form of a uint32_t coupled with a T*.

winrt::com_array<int32_t> CalculateResult();

HRESULT GetInt32Array(uint32_t* size, int32_t** value) try
{
  *size = 0;
  *value = nullptr;
  std::tie(*size, *value) = winrt::detach_abi(CalculateResult());
  return S_OK;
}
catch (...) { return winrt::to_hresult(); }

When applied to a com_array, the detach_abi function returns a std::pair representing the size of the conformant array and a pointer to the start of the array. This is a form ready to be assigned to the tie of the two output parameters.

The type of the pointer part of the return value of detach_abi(com_array<T> a) is a pointer to the C++/WinRT ABI representation of T. Here are some examples:

T detach_abi(com_array<T>) returns
int32_t std::pair<uint32_t, int32_t*>
hstring std::pair<uint32_t, void**>
ISomething std::pair<uint32_t, mystery_abi*>
  • If you have a com_array of a scalar type, then you will get a pointer to a conformant array of that scalar type.
  • If you have a com_array of a string type, then you will get a pointer to a conformant array of void*.
  • If you have a com_array of a reference type, then you will get a pointer to a conformant array of mystery pointers.

In the last case, you should just treat the resulting pointer as if it were a void**.

HRESULT GetNames(uint32_t* size, HSTRING** value) try
{
  *size = 0;
  *value = nullptr;
  std::tie(*size, reinterpret_cast<void*&>(*value)) =
    winrt::detach_abi(CalculateNames());
  return S_OK;
}
catch (...) { return winrt::to_hresult(); }
HRESULT GetSomethingArray(uint32_t* size, ISomething*** value) try
{
  *size = 0;
  *value = nullptr;
  std::tie(*size, reinterpret_cast<void*&>(*value)) =
    winrt::detach_abi(CalculateSomethings());
  return S_OK;
}
catch (...) { return winrt::to_hresult(); }

Note that in both cases we reinterpret-cast the output pointer to just void*. Any pointer type can be assigned to void*, so we just use that to soak up the C++/WinRT ABI pointer, without needing to know what it actually is.¹

¹ The C++/WinRT ABI requires that all data pointers have the same size and representation, so this sort of type pun is legal from an ABI point of view.

The post Structured binding may be the new hotness, but we’ll always have std::tie appeared first on The Old New Thing.

14:56

Link [Scripting News]

I have a huge collection of MP3s and a new Android phone. Is there a music-playing Android app that can access files in Google Drive? I've been using that to transfer photos and movies from the phone to other devices and onto the web. I could easily do the same with music if I could play the MP3s from GD.

Bigby’s Grasping WiFi – DORK TOWER 25.09.20 [Dork Tower]

Dork Tower is updated Mondays, Wednesdays and Fridays, thanks to its amazing Patreon supporters. Support the DORK TOWER PATREON, and help bring more Dork Tower to the world (you also get swag, our eternal gratitude, and more)! Even a $1 pledge is appreciated!

If a Patreon seems too much of a commitment, please do consider supporting INSANE CHARITY BIKE RIDE 2020!

14:42

Who is Tech Investor John Bernard? [Krebs on Security]

John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his wife on their honeymoon in India.

The Private Office of John Bernard, which advertises itself as a capital investment firm based in Switzerland, has for years been listed on multiple investment sites as the home of a millionaire who made his fortunes in the dot-com boom 20 years ago and who has oodles of cash to invest in tech startups.

But as last week’s story noted, Bernard’s investment company is a bit like a bad slot machine that never pays out. KrebsOnSecurity interviewed multiple investment brokers who all told the same story: After promising to invest millions after one or two phone calls and with little or no pushback, Bernard would insist that companies pay tens of thousands of dollars worth of due diligence fees up front.

However, the due diligence company he insisted on using — another Swiss firm called Inside Knowledge — also was secretly owned by Bernard, who would invariably pull out of the deal after receiving the due diligence money.

Neither Mr. Bernard nor anyone from his various companies responded to multiple requests for comment over the past few weeks. What’s more, virtually all of the employee profiles tied to Bernard’s office have since last week removed those firms from their work experience as listed on their LinkedIn resumes — or else deleted their profiles altogether.

Sometime on Thursday John Bernard’s main website — the-private-office.ch — replaced the content on its homepage with a note saying it was closing up shop.

“We are pleased to announce that we are currently closing The Private Office fund as we have reached our intended investment level and that we now plan to focus on helping those companies we have invested into to grow and succeed,” the message reads.

As noted in last week’s story, the beauty of a scam like the one multiple investment brokers said was being run by Mr. Bernard is that companies bilked by small-time investment schemes rarely pursue legal action, mainly because the legal fees involved can quickly surpass the losses. What’s more, most victims will likely be too ashamed to come forward.

Also, John Bernard’s office typically did not reach out to investment brokers directly. Rather, he had his firm included on a list of angel investors focused on technology companies, so those seeking investments usually came to him.

Finally, multiple sources interviewed for this story said Bernard’s office offered a finders fee for any investment leads that brokers brought his way. While such commissions are not unusual, the amount promised — five percent of the total investment in a given firm that signed an agreement — is extremely generous. However, none of the investment brokers who spoke to KrebsOnSecurity were able to collect those fees, because Bernard’s office never actually consummated any of the deals they referred to him.

PAY NO ATTENTION TO THE EMPTY BOOKSHELVES

After last week’s story ran, KrebsOnSecurity heard from a number of other investment brokers who had near identical experiences with Bernard. Several said they at one point spoke with him via phone or Zoom conference calls, and that he had a distinctive British accent.

When questioned about why his staff was virtually all based in Ukraine when his companies were supposedly in Switzerland, Bernard replied that his wife was Ukrainian and that they were living there to be closer to her family.

One investment broker who recently got into a deal with Bernard shared a screen shot from a recent Zoom call with him. That screen shot shows Bernard bears a striking resemblance to one John Clifton Davies, a 59-year-old from Milton Keynes, a large town in Buckinghamshire, England about 50 miles (80 km) northwest of London.

John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015.

In 2015, Mr. Davies was convicted of stealing more than GBP 750,000 from struggling companies looking to restructure their debt. For at least seven years, Davies ran multiple scam businesses that claimed to provide insolvency consulting to distressed companies, even though he was not licensed to do so.

“After gaining the firm’s trust, he took control of their assets and would later pocket the cash intended for creditors,” according to a U.K. news report from 2015. “After snatching the cash, Davies proceeded to spend the stolen money on a life of luxury, purchasing a new upmarket home fitted with a high-tech cinema system and new kitchen.”

Davies disappeared before he was convicted of fraud in 2015. Two years before that, Davies was released from prison after being held in custody for 16 months on suspicion of murdering his new bride in 2004 on their honeymoon in India.

Davies’ former wife Colette Davies, 39, died after falling 80 feet from a viewing point at a steep gorge in the Himachal Pradesh region of India. Mr. Davies was charged with murder and fraud after he attempted to collect GBP 132,000 in her life insurance payout, but British prosecutors ultimately conceded they did not have enough evidence to convict him.

THE SWISS AND UKRAINE CONNECTIONS

While the photos above are similar, there are other clues that suggest the two identities may be the same person. A review of business records tied to Davies’ phony insolvency consulting businesses between 2007 and 2013 provides some additional pointers.

John Clifton Davies’ former listing at the official U.K. business registrar Companies House show his company was registered at the address 26 Dean Forest Way, Broughton, Milton Keynes.

A search on that street address at 4iq.com turns up several interesting results, including a listing for senecaequities.com registered to a John Davies at the email address john888@myswissmail.ch.

A Companies House official record for Seneca Equities puts it at John Davies’ old U.K. address at 26 Dean Forest Way and lists 46-year-old Iryna Davies as a director. “Iryna” is a uniquely Ukrainian spelling of the name Irene (the Russian equivalent is typically “Irina”).

A search on John Clifton Davies and Iryna turned up this 2013 story from The Daily Mirror which says Iryna is John C. Davies’ fourth wife, and that the two were married in 2010.

A review of the Swiss company registrar for The Inside Knowledge GmbH shows an Ihor Hubskyi was named as president of the company. This name is phonetically the same as Igor Gubskyi, a Ukrainian man who was listed in the U.K.’s Companies House records as one of five officers for Seneca Equities along with Iryna Davies.

KrebsOnSecurity sought comment from both the U.K. police district that prosecuted Davies’ case and the U.K.’s National Crime Agency (NCA). Neither wished to comment on the findings. “We can neither confirm nor deny the existence of an investigation or subjects of interest,” a spokesperson for the NCA said.

13:28

Get Gud, Scrub [Whatever]

A shot of

I’ve always loved video games. My whole life, I’ve been enamored with the gaming world, from the PS2 to the Nintendo Switch, from arcade machines at the movie theater to the PC (which is obviously the best but we’ll save that for another post). But there is one thing I’ve been noticing recently that I never really had an issue with when I was younger. I’m not sure if it’s just me or if it’s like, a newer game problem, but: Everything is too difficult.

I know, I sound like a big crybaby who isn’t very good at video games. And you’re right, I am exactly that. But I honestly believe that combat in recent video games is too difficult! I tried to play Fallout 4 on the PS4 this year and no joke I got my shit rocked by glowing ghouls and synths alike. I’m less than halfway through the game because I simply can’t complete the missions I’m supposed to, I just get sick of trying after like my seventh attempt.

I’m mentioning all this because I was planning to write a post this week over Red Dead Redemption 2. All I had to do was complete the last mission and then I was going to write up my post, easy peasy. However, when I sat down yesterday to finish the game, I found that I was getting my ass handed to me on a silver platter by some cowboy NPCs. So instead of making that post, I’m making this one to complain about how tough this shit can be.

Most of my life, I’ve played games where you can adjust the difficulty setting. Even some newer games, like Spider-Man for the PS4, have choices between easier combat for players who are more focused on the story, and harder combat for those who like a challenge. Some games like this will make fun of you for choosing the easy route, but I’m not about to set myself up for failure by picking something harder than I can handle.

A picture of the Castle Wolfenstein difficulty setting "Can I Play, Daddy?"

This difficulty setting from Wolfenstein is especially funny to me because when I was a kid I would play games with my dad on his computer. I would sit in his lap and he’d let me be the guns and he’d do the movement, and we’d kick the shit out of aliens in Half-Life.

When it comes to games being so difficult you can’t even play them, I think the first one that comes to anyone’s mind is Dark Souls. Absolutely bonkers. Rage quit every time. Listen, I bought the remastered version on the Switch earlier this year and I’m quite literally not even past the second boss. This game gets a pass in my mind though because it’s specifically meant to be hard as fuck. Or is that false, and I just think that because I’ve heard my whole life that it’s ridiculously hard?

Anyways, maybe I’m just worse at video games than I previously thought. Maybe I just don’t have that pro-gamer gene in me. All I know is, I’ve abandoned a lot of games, games that I really liked and enjoyed and thought were super cool, just because I simply can’t continue. It’s just too hard.

This is one of the interesting things about a game like Skyrim. You can go around and explore and find things to fight in the woods. However, if you accidentally come across a level 90 dragon priest up in the mountains, you can RUN AWAY. You don’t have to fight! You can outrun pretty much any enemy. So yes, the combat can be hard if you stumble upon an NPC that’s a way higher level than you, but you can just as easily avoid said conflicts or even run away from them. You should always have a “chicken out” option.

There are just so many games I’ve stopped playing either halfway through, or at the final boss fight. Another good example is Breath of the Wild. As much as I adore practically everything about it, the Divine Beasts are ridiculously hard. I started with the elephant and the camel, and I had to look up walkthroughs for both. I would have never gotten them on my own, and they’re supposed to be the easier two of the four!

I’m really starting to think this might just be a me problem though, because all of my friends that play the same games seem to have no trouble with them. Especially the handful of my friends that are really good at Dark Souls. Maybe I’m just the weak link in my gamer group, y’know?

(Unrelated to combat being too difficult, but can we talk about how RIDICULOUSLY DIFFICULT Rocket League is?! GOD that shit is so annoying.)

Okay, back to my original point. It’s especially frustrating to not be able to beat a game when you spend sixty bucks on it. Like, at that point I’m just mad at myself that not only am I not good enough to win, but I spent money on this unbeatable game!

So, yeah. Just wanted to have a quick vent about that and explain why you all shan’t be receiving a Red Dead Redemption 2 post (yet). I’m off to give it another whirl. Yee-haw!

-AMS

13:21

13:00

Colin Watson: Porting Launchpad to Python 3: progress report [Planet Debian]

Launchpad still requires Python 2, which in 2020 is a bit of a problem. Unlike a lot of the rest of 2020, though, there’s good reason to be optimistic about progress.

I’ve been porting Python 2 code to Python 3 on and off for a long time, from back when I was on the Ubuntu Foundations team and maintaining things like the Ubiquity installer. When I moved to Launchpad in 2015 it was certainly on my mind that this was a large body of code still stuck on Python 2. One option would have been to just accept that and leave it as it is, maybe doing more backporting work over time as support for Python 2 fades away. I’ve long been of the opinion that this would doom Launchpad to being unmaintainable in the long run, and since I genuinely love working on Launchpad - I find it an incredibly rewarding project - this wasn’t something I was willing to accept. We’re already seeing some of our important dependencies dropping support for Python 2, which is perfectly reasonable on their terms but which is starting to become a genuine obstacle to delivering important features when we need new features from newer versions of those dependencies. It also looks as though it may be difficult for us to run on Ubuntu 20.04 LTS (we’re currently on 16.04, with an upgrade to 18.04 in progress) as long as we still require Python 2, since we have some system dependencies that 20.04 no longer provides. And then there are exciting new features like type hints and async/await that we’d like to be able to use.

However, until last year there were so many blockers that even considering a port was barely conceivable. What changed in 2019 was sorting out a trifecta of core dependencies. We ported our database layer, Storm. We upgraded to modern versions of our Zope Toolkit dependencies (after contributing various fixes upstream, including some substantial changes to Zope’s test runner that we’d carried as local patches for some years). And we ported our Bazaar code hosting infrastructure to Breezy. With all that in place, a port seemed more of a realistic possibility.

Still, even with this, it was never going to be a matter of just following some standard porting advice and calling it good. Launchpad has almost a million lines of Python code in its main git tree, and around 250 dependencies of which a number are quite Launchpad-specific. In a project that size, not only is following standard porting advice an extremely time-consuming task in its own right, but just about every strange corner case is going to show up somewhere. (Did you know that StringIO.StringIO(None) and io.StringIO(None) do different things even after you account for the native string vs. Unicode text difference? How about the behaviour of .union() on a subclass of frozenset?) Launchpad’s test suite is fortunately extremely thorough, but even just starting up the test suite involves importing most of the data model code, so before you can start taking advantage of it you have to make a large fraction of the codebase be at least syntactically-correct Python 3 code and use only modules that exist in Python 3 while still working in Python 2; in a project this size that turns out to be a large effort on its own, and can be quite risky in places.

Canonical’s product engineering teams work on a six-month cycle, but it just isn’t possible to cram this sort of thing into six months unless you do literally nothing else, and “please can we put all feature development on hold while we run to stand still” is a pretty tough sell to even the most understanding management. Fortunately, we’ve been able to grow the Launchpad team in the last year or so, and so it’s been possible to put “Python 3” on our roadmap on the understanding that we aren’t going to get all the way there in one cycle, while still being able to do other substantial feature development work as well.

So, with all that preamble, what have we done this cycle? We’ve taken a two-pronged approach. From one end, we identified 147 classes that needed to be ported away from some compatibility code in our database layer that was substantially less friendly to Python 3: we’ve ported 38 of those, so there’s clearly a fair bit more to do, but we were able to distribute this work out among the team quite effectively. From the other end, it was clear that it would be very inefficient to do general porting work when any attempt to even run the test suite would run straight into the same crashes in the same order, so I set myself a target of getting the test suite to start up, and started hacking on an enormous git branch that I never expected to try to land directly: instead, I felt free to commit just about anything that looked reasonable and moved things forward even if it was very rough, and every so often went back to tidy things up and cherry-pick individual commits into a form that included some kind of explanation and passed existing tests so that I could propose them for review.

This strategy has been dramatically more successful than anything I’ve tried before at this scale. So far this cycle, considering only Launchpad’s main git tree, we’ve landed 137 Python-3-relevant merge proposals for a total of 39552 lines of git diff output, keeping our existing tests passing along the way and deploying incrementally to production. We have about 27000 more lines of patch at varying degrees of quality to tidy up and merge. Our main development branch is only perhaps 10 or 20 more patches away from the test suite being able to start up, at which point we’ll be able to get a buildbot running so that multiple developers can work on this much more easily and see the effect of their work. With the full unlanded patch stack, about 75% of the test suite passes on Python 3! This still leaves a long tail of several thousand tests to figure out and fix, but it’s a much more incrementally-tractable kind of problem than where we started.

Finally: the funniest (to me) bug I’ve encountered in this effort was the one I encountered in the test runner and fixed in zopefoundation/zope.testrunner#106: IDs of failing tests were written to a pipe, so if you have a test suite that’s large enough and broken enough then eventually that pipe would reach its capacity and your test runner would just give up and hang. Pretty annoying when it meant an overnight test run didn’t give useful results, but also eloquent commentary of sorts.

12:28

CEO of NS8 Charged with Securities Fraud [Schneier on Security]

The founder and CEO of the Internet security company NS8 has been arrested and “charged in a Complaint in Manhattan federal court with securities fraud, fraud in the offer and sale of securities, and wire fraud.”

I admit that I’ve never even heard of the company before.

12:21

Error'd: Where to go, Next? [The Daily WTF]

"In this screenshot, 'Lyckades' means 'Succeeded' and the buttons say 'Try again' and 'Cancel'. There is no 'Next' button," wrote Martin...

11:28

One at a time, over and over [Seth's Blog]

It’s 2018, a special night out. The restaurant shouldn’t have been as disappointing as it was. The room was beautiful, the staff was trying hard, the menu was ambitious–and yet it fell flat.

I realized that the problem is one that many of us face:

All shift long, there’s a lot to do. Another plate to fire, another customer to serve, another plate to clean. And yet this customer doesn’t care about all of that. For any given diner, this may very well be the only time he or she will ever eat here. For any given diner, this dish, this interaction–that’s the only chance you’re going to get.

It doesn’t matter to them that you have 100 tops to serve in the next hour. It doesn’t matter that the last week’s worth of customers all left happy. To this customer, there’s just this one time.

Over and over.

Just this one time.

Over and over.

08:49

Comic: Kit Slash Caboodle [Penny Arcade]

New Comic: Kit Slash Caboodle

06:00

Girl Genius for Friday, September 25, 2020 [Girl Genius]

The Girl Genius comic for Friday, September 25, 2020 has been posted.

04:28

Hint: It's a Ghost [Diesel Sweeties webcomic by rstevens]

this is a diesel sweeties comic strip

I'm having a hard time getting into the Halloween "spirit."

02:49

Cookie TIme [QC RSS]

its mfing cookie time

02:35

Link [Scripting News]

I might subscribe to the New Yorker if they split the fee with a small publication they admire that they think everyone should read. I abhor the idea of just the big old stodgy names getting funded. I won't do it.

Thursday, 24 September

23:21

In Which I Offer An Opinion So Contentious It May Rock the Very Fabric of Our Society [Whatever]

A picture of a single Brach's Mellocreme Pumpkin

And it is:

Brach’s Mellocreme Pumpkins are the best mass-produced, fall-themed candies of them all.

Discuss.

— JS

22:49

Link [Scripting News]

The note George HW Bush left for Bill Clinton in the Oval Office during the peaceful transfer of power in 1993.

22:07

Link [Scripting News]

A huge box of fresh picked apples at Adams in Kingston.

19:49

Roll2020 – DORK TOWER 23.09.20 [Dork Tower]

Dork Tower is updated Mondays, Wednesdays and Fridays, thanks to its amazing Patreon supporters. Support the DORK TOWER PATREON, and help bring more Dork Tower to the world (you also get swag, our eternal gratitude, and more)! Even a $1 pledge is appreciated!

If a Patreon seems too much of a commitment, please do consider supporting INSANE CHARITY BIKE RIDE 2020!

19:21

Autoconf 2.69c [beta] [Planet GNU]

Autoconf 2.69c has been released, see the release announcement:
<https://lists.gnu.org/archive/html/autoconf/2020-09/msg00006.html>

19:00

Link [Scripting News]

Trump should be impeached for what he said yesterday.

Link [Scripting News]

The journalists want taxpayers to fund news. As a user, I want to fund it, just not the way they have it set up. They want a blank check, they'll have even less reason to listen to users and the product will continue to drift. More here.

18:35

From the FSF Bulletin: Trial by proprietary software [Planet GNU]

This article was originally published in the Spring 2020 issue of the Free Software Foundation Bulletin, our biannual newsletter, which is mailed to over 10,000 free software supporters around the world. See the rest of the special expanded online issue of the Bulletin at https://static.fsf.org/nosvn/magazine/2020-spring/.

"At a remote eviction hearing...in Collin County, Texas, the court granted landlords the right to evict five people who didn't or couldn't dial into the [Zoom] hearing."

John Sullivan, Executive Director of the FSF, does a presentation at the FSF Continuing Legal Education Seminar in Raleigh, North Carolina, in October 2019.

John Sullivan, Executive Director of the FSF, does a presentation at the FSF Continuing Legal Education Seminar in Raleigh, North Carolina, in October 2019.

There has been so much to worry about during the COVID-19 pandemic, even just within the category of technology policy. At the FSF, our role is to worry specifically about the impact of software on human freedom. Software can be a tremendous tool for solving social and scientific problems, but only when the terms of its distribution and use allow everyone to inspect how it works, share copies of it, modify it for their own purposes, and share those improvements or tweaks with others.

Unfortunately, with the shutdown of in-person institutions around the world, people have turned to the proprietary software companies that had the sales and marketing resources to quickly insert themselves as "solutions." Among these institutions are courts of law, many of which have been conducting some proceedings over Zoom. While Zoom is a "service," it also requires those using it to run nonfree software on their local devices -- either the official client application, or downloaded nonfree JavaScript when connecting via a Web browser.

While Zoom's software itself doesn't cost an individual any money to use, it raises two clear categories of concern: requiring people to agree to Zoom's arbitrary demands as a condition for access to justice, and the state's public endorsement of Zoom.

First, for a person to use Zoom, they ostensibly have to agree to Zoom's terms of service. Having to agree to a contract with a private company in order to access public services is immediately objectionable. It puts that company in the position of being an actual gatekeeper for our rights under the law. The fact that they can change their terms at any time makes the situation even worse. Right now, they make users promise not to aid any effort to reverse engineer Zoom software -- something which is ethical and legal when done cleanly. Similarly to a celebrity's rider, they also require assent to an assortment of ridiculous provisions. Don't you dare put a Zoom trademark in a picture frame! It's not allowed, if you want to use Zoom. A company attempting to make you mind their trademarks in such specific ways before you can explain why you shouldn't lose your home is horrifying.

Second, for the state to require use of Zoom is for it to promote and subsidize that company. This promotion influences public perception of videoconferencing tools, a business area that depends heavily on network effect (people will use the tools that most other people they know are already using). If the state is going to promote a platform, it should be one that all citizens -- and their businesses -- can use and build on. The money spent every month on Zoom contracts could instead be spent improving free software, on the foundation of some very capable free platforms that already exist for this purpose, like Jitsi Meet and Big Blue Button. The state's choice of Zoom sends the wrong social message and misappropriates public resources. Further, the state has an obligation to preserve its own autonomy, which it by definition cannot do when it cannot see the source code or choose from multiple providers to fix or improve the software.

Whether videoconferencing is acceptable for court proceedings at all is a separate and important topic. Even free software wouldn't address the fact that videoconferencing requires a sufficiently capable Internet connection and a sufficiently powerful computer with a camera, neither of which everyone has access to. Other issues, like how personal data is handled by the service, also need to be considered, separately from what software is used. But no matter what, if there is videoconferencing, people should never be required to run nonfree programs to participate. We should not accept opaque, proprietary software as infrastructure for our democracy.

It is asking a lot to say that people should refuse to use Zoom for a court date, since they could face serious repercussions. If anyone is able to take such a stand, the FSF will amplify their story and help make it count. When localities anywhere in the world do the right thing, we can highlight their work and help share how they did it. As an individual, even without a court date, you should write letters to your local officials, and then share those letters on libreplanet.org so others can reuse them and add to them. The FSF will be working hard with you on these challenges through the pandemic and beyond. We know that if we don't do this together, user freedom won't get the public hearing it needs.

And if you do have to attend a Zoom court date, please consider putting a framed copy of the Zoom logo on the wall behind you.

Photo Copyright ©2019 Free Software Foundation, Inc. This image is licensed under a Creative Commons Attribution ShareAlike 4.0 International license.

18:28

Microsoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw [Krebs on Security]

Microsoft warned on Wednesday that malicious hackers are exploiting a particularly dangerous flaw in Windows Server systems that could be used to give attackers the keys to the kingdom inside a vulnerable corporate network. Microsoft’s warning comes just days after the U.S. Department of Homeland Security issued an emergency directive instructing all federal agencies to patch the vulnerability by Sept. 21 at the latest.

DHS’s Cybersecurity and Infrastructure Agency (CISA) said in the directive that it expected imminent exploitation of the flaw — CVE-2020-1472 and dubbed “ZeroLogon” — because exploit code which can be used to take advantage of it was circulating online.

Last night, Microsoft’s Security Intelligence unit tweeted that the company is “tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon vulnerability.”

“We have observed attacks where public exploits have been incorporated into attacker playbooks,” Microsoft said. “We strongly recommend customers to immediately apply security updates.”

Microsoft released a patch for the vulnerability in August, but it is not uncommon for businesses to delay deploying updates for days or weeks while testing to ensure the fixes do not interfere with or disrupt specific applications and software.

CVE-2020-1472 earned Microsoft’s most-dire “critical” severity rating, meaning attackers can exploit it with little or no help from users. The flaw is present in most supported versions of Windows Server, from Server 2008 through Server 2019.

The vulnerability could let an unauthenticated attacker gain administrative access to a Windows domain controller and run an application of their choosing. A domain controller is a server that responds to security authentication requests in a Windows environment, and a compromised domain controller can give attackers the keys to the kingdom inside a corporate network.

Scott Caveza, research engineering manager at security firm Tenable, said several samples of malicious .NET executables with the filename ‘SharpZeroLogon.exe’ have been uploaded to VirusTotal, a service owned by Google that scans suspicious files against dozens of antivirus products.

“Given the flaw is easily exploitable and would allow an attacker to completely take over a Windows domain, it should come as no surprise that we’re seeing attacks in the wild,” Caveza said. “Administrators should prioritize patching this flaw as soon as possible. Based on the rapid speed of exploitation already, we anticipate this flaw will be a popular choice amongst attackers and integrated into malicious campaigns.”

18:14

Link [Scripting News]

My new BingeWorthy profile page.

Link [Scripting News]

We need a new doc like the Declaration of Independence, totally non-partisan, that we can declare our loyalty to. In today's language. We re-commit to re-form our government, so it can't be abused as Trump has. An oath to our reboot.

18:07

Plotting violence ahead of rallies [Richard Stallman's Political Notes]

*Revealed: pro-Trump activists plotted violence ahead of Portland rallies.*

*Patriots Coalition members suggested political assassinations and said ‘laws will be broken, people will get hurt’, leaked chats show.*

We all suspected this, but we could not be sure. Now we know that the bully's supporters are a criminal gang.

Assange extradition hearings [Richard Stallman's Political Notes]

I have not had time to keep up with Craig Murray's coverage of Julian Assange's extradition hearings, so here are the links.

Day 8.

Day 9.

Day 10.

Day 11.

Day 12.

Day 13.

Day 14.

Day 15.

2C of global heating [Richard Stallman's Political Notes]

After 2C of global heating, Antarctic ice melt would raise sea level 2.7 meters.

That would be in addition to the effects of melting in Greenland and the expansion of the ocean due to its own heating. I don't know what the total would be.

Weird burning sensation [Richard Stallman's Political Notes]

(satire) *Earth reportedly expressed hope Tuesday that a weird burning sensation was nothing serious.*

Sandwich method [Richard Stallman's Political Notes]

(satire) *… Xi Jinping jailed Chinese real estate tycoon Ren Zhiqiang Tuesday for failing to use the sandwich method of constructive criticism when condemning him.*

Amnesty denied access [Richard Stallman's Political Notes]

Amnesty International rebukes the UK for denying it access to monitor Assange's extradition hearing.

If it were not for Craig Murray's coverage, the hearing would be effectively secret. This is what we expect from outright tyrannies such as China, but apparently the UK is approaching the same level of decay.

Scope of Pebble Mine [Richard Stallman's Political Notes]

The developers of the Pebble Mine in Alaska pretend it will be 5 square miles, which is merely large, but what they say in private is that it will be enormous.

Tapping phones of protesters [Richard Stallman's Political Notes]

*If Report Proven, ACLU Says Federal Agents Tapping Phones of Protesters Would Be 'Outrageous' Constitutional Violation.*

Derecognizing journalists [Richard Stallman's Political Notes]

Hong Kong's puppet government has derecognized most journalists, as a preparatory step for repression.

Remember this if politicians in your country try to impose rules about who is a journalist and who is not. For instance, if they claim that Julian Assange is not a journalist.

QAnon orphans [Richard Stallman's Political Notes]

*The QAnon orphans: people who have lost loved ones to conspiracy theories.*

Cults like these used to be run as businesses: Scientology, and the Moonies. As far as I know, there is no one business profiting off QAnon. But with so many credulous people, I'm sure there are people with plans to profit off exploiting them in a tight, cult-like way.

Door-to-door at JPMorgan [Richard Stallman's Political Notes]

(satire) *As the Democratic presidential nominee ramped up his in-person efforts to get out the vote, members of the Joe Biden campaign reportedly went door-to-door Tuesday in the JPMorgan Chase headquarters.*

Chosen to run the Pentagon [Richard Stallman's Political Notes]

Medea Benjamin: reports say that Biden will choose, to run the Pentagon, the architect of the US policy of military intimidation around the world.

Biden is proving to be every bit as bad as we expected last spring. I expect he will put money into the military rather than saving poor Americans from total misery. *Facebook says it may quit Europe over ban on sharing data with US.*

This is the road to victory! Make sure Facebook leaves Europe, and the US, and then everywhere else.

17:14

Today in GPF History for Thursday, September 24, 2020 [General Protection Fault: The Comic Strip]

A trio of Newshounds cover the chaos during the Battle of Manhattan, but part of the evidence they've collected appears to vanished right before their eyes (and camera lenses)...

16:56

[$] Saying goodbye to set_fs() [LWN.net]

The set_fs() function dates back to the earliest days of the Linux kernel; it is a key part of the machinery that keeps user-space and kernel-space memory separated from each other. It is also easy to misuse and has been the source of various security problems over the years; kernel developers have long wanted to be rid of it. They won't completely get their wish in the 5.10 kernel but, as the result of work that has been quietly progressing for several months, the end of set_fs() will be easily visible at that point.

Pluralistic: 24 Sep 2020 [Pluralistic: Daily links from Cory Doctorow]


Today's links



Announcing the Attack Surface tour (permalink)

It's been 12 years since I went on my first book tour and in the years since, I've met and spoken with tens of thousands of readers in hundreds of cities on five continents in support of more than a dozen books.

Now I've got another major book coming out: ATTACK SURFACE.

How do you tour a book during a pandemic? I think we're still figuring that out. I'll tell you one thing, I won't be leaving Los Angeles this time around. Instead, my US publisher, Tor Books, has set up eight remote "Attack Surface Lectures."

https://read.macmillan.com/torforge/cory-doctorow-virtual-lecture-series/

Each event has a different theme and different guest-hosts/co-discussants, chosen both for their expertise and their ability to discuss their subjects in ways that are fascinating and engaging.

ATTACK SURFACE is the third Little Brother book, a standalone book for adults.

It stars Masha, a young woman who is finally reckoning with the moral character of the work she's done, developing surveillance tools to fight Iraqi insurgents and ex-Soviet democracy activists.

Masha has struggled with her work for years, compartmentalizing her qualms, rationalizing her way into worse situations.

She goes home to San Francisco and discovers her best friend, a BLM activist, is being targeted by the surveillance weapons Masha herself invented.

What follows is a Little Brother-style technothriller, full of rigorous description and extrapolation on cybersecurity, surveillance and resistance, that illuminates the tale of a tech worker grappling with their own life's work.

Obviously, this covers a lot of ground, as is reflected in the eight nights of talks we're announcing today:

I. Politics & Protest, Oct 13, with Eva Galperin and Ron Deibert, hosted by The Strand Bookstore

II. Cross-Medium SciFi, Oct 14, with Amber Benson and John Rogers, hosted by Brookline Booksmith

III. ​​Intersectionality: Race, Surveillance, and Tech and Its History, Oct 15, with Malkia Cyril and Meredith Whittaker, hosted by Booksmith

IV. SciFi Genre, Oct 16, with Sarah Gailey and Chuck Wendig, hosted by Fountain Books

V. Cyberpunk and Post-Cyberpunk, Oct 19, with Bruce Sterling and Christopher Brown, hosted by Andeersons Bookshop

VI. Tech in SciFi, Oct 20, with Ken Liu and Annalee Newitz, hosted by Interabang

VII. Little Revolutions, Oct 21, with Tochi Onyebuchi and Bethany C Morrow, hosted by Skylight Books

VIII. OpSec & Personal Cyber-Security: How Can You Be Safe?, Oct 22, with Runa Sandvik and Window Snyder, hosted by Third Place Books

Some of the events come with either a hardcover and a signed bookplate, or, with some stores, actual signed books.

(those stores' stock is being shipped to my house, and I'm signing after each event and mailing out from here)

(yes, really)

I've never done anything like this and I'd be lying if I said I wasn't nervous about it. Book tours are crazy marathons – I did 35 cities in 3 countries in 45 days for Walkaway a couple years ago – and this is an entirely different kind of thing.

But I'm also (very) excited. Revisiting Little Brother after seven years is quite an experience. ATTACK SURFACE – a book about uprisings, police-state tactics, and the digital tools as oppressors and liberators – is (unfortunately) very timely.

Having an excuse to talk about this book and its themes with you all – and with so many distinguished and brilliant guests – is going to keep me sane next month. I really hope you can make it.



WV's deabeat governor now owes $140m (permalink)

Jim Justice's 2016 campaign for Governor of West Virginia made a simple pitch: Justice is the richest man in WV, a billionaire, and therefore he is better than everyone else and will do a good job governing the state.

Unfortunately (for WV), every billionaire is policy failure and Justice is no exception.

You know the old saw about how rich people are super cheap and that's why they're rich? It's definitely true that a lot of plutes are cheap, but what's more true is that plutes cheat.

Justice made his money the old fashioned way: fraud.

After inheriting a coal empire from daddy, Justice built up the family fortune by (checks notes) not paying his bills.

Justice companies have been named in 600+ nonpayment suits in 20+ states.

https://pluralistic.net/2020/05/27/literal-gunhumping/#injustice

Justice is good at fraud: he stiffs you and makes you sue him for nonpayment. Then he stiffs you on the judgment and makes you sue him again. And again. And again. He's been at it since the go-go coal days of the 1990s and never stopped – not even after becoming governor.

Justice is an equal-opportunity deadbeat. He stiffed his coal companies' insurance company, stranding his own workers with no care for chronic illnesses they got while working in his coal businesses.

(Justice also stiffed the DoJ when they fined him for safety violations)

Many of the untreated workers died.

Justice has stolen his workers' wages, then stiffed them on their judgments. He's stolen from the federal government, defrauding them and then stiffing them on their judgments.

Back in May, Propublica's Ken Ward Jr and Alex Mierjeski created an interactive Jim Justice crime explorer, allowing you to search through the $128m in outstanding claims against the governor.

https://www.propublica.org/article/see-whos-taken-billionaire-gov-jim-justice-to-court-over-unpaid-bills

In the few short months since, Justice's bad debts have ballooned to $140,000,000 (!!), thanks to crimes involving stiffing Essar Steel Algoma for steel shipments, stiffing a Texas company over bulldozers, and more.

https://www.propublica.org/article/this-billionaire-governors-companies-have-now-reached-140-million-in-lawsuit-settlements-and-judgments-over-unpaid-bills

Justice is running for re-election and standing on his record as a businessman and a governor. He followed Trump's lead in 2016, refusing to put his assets in a blind trust to avoid conflicts of interest.

He has conflicts! Like the environmental protection settlement he's on both sides of, which stands to save him millions.



Faulty TV behind daily, town-wide internet outages (permalink)

For 18 months, people in the Welsh village of Aberhosan lost their broadband signal at 7 every morning. No one could figure it out. Engineers at BT Openreach – the privatized engineering spinoff from BT – undertook multiple steps, including replacing cabling to the village.

Finally, after a year and a half, they figured it out.

One of the villagers had an old TV set they'd switch on every day at 7. The faulty TV would blast out a single high-level impulse noise (SHINE) that knocked out broadband for the whole village.

https://www.bbc.com/news/uk-wales-54239180

You might think the quirkiest thing about this story is the broken TV and its mortified owner, but you'd be wrong. The most amazing thing here is the BT Openreach, literally the worst company in the world, solved a single, solitary problem, even if it did take them 18 months.

Seriously: if BT Openreach was a satirical comedy about technical incompetence, poor back-end support, buck-passing, jobsworthing, and pure sadism, it would be cancelled midway through the first series for being so broad than no one could suspend their disbelief.

But I didn't post this merely to note the amusing busted TV or to remind everyone that BT Openreach should be shoved into a lead-lined pit, sealed with 200m of concrete, and the whole thing signposted MENE MENE TECKEL UPHARISIN.

Mostly I posted it because I wanted an excuse to relay the funniest everything-stops-working-every-day-at-the-same-time story I ever heard.

It's Michael Skeet's story, and it comes from the days when he was working at the old CBC Toronto studios on Jarvis St.

Every night at 9PM, all the equipment in one of the studios would suddenly lose power and then restart. Then it would happen again every morning at 3AM.

Engineers tore the studio apart, rebuilt key power supply components, etc. Nothing worked.

Then, one morning at 5AM, the cursed studio had an explosion in its main transformer. When the smoke cleared, the entire studio was spattered with…baked beans.

Have you figured it out?

I didn't.

The overnight security guard would arrive on shift every night at 9. He would open the main transformer door and put his dinner – a can of beans – on top of the transformer to heat up.

At 3AM, he'd open the door again to get out his hot beany supper.

The transformer had an automated safety feature: when you opened the door, it cut the power so that you didn't electrocute yourself.

After years of this, the night watchman forgot to get his beans out, and….boom.

Mystery solved!

PS: BT Openreach sucks.

(Image: Arnold Chao, CC BY-NC)



Blogcritics on Attack Surface (permalink)

The most nail-biting moments in a novelist's career are that moment just before publication, when the very first reviews start to trickle in, and you don't know how the book will be received. It's hard not to fall prey to gnawing doubt!

For me, that moment is now: just before ATTACK SURFACE, the third Little Brother book, comes out (Oct 1 in UK/AU/NZ/SA etc; Oct 13 in US/Canada).

Thankfully, things are looking good on that score!

For example, Richard Marcus's new review on Blogcritics, the venerable web publication, which calls it: "A brilliant book with a great main character, a riveting plot, and an incredibly topical story combine to make this an essential read."

https://blogcritics.org/book-review-attack-surface-by-cory-doctorow/

Seriously, you can't ask for better than that – though Marcus manages it, saying "Doctorow has recreated our world in all its scary detail."

(the review is also scheduled to run in the Seattle Post Intelligencer!)

Now, in the interest of balance, I must note this review from "McMasters," who wrote the first Amazon review on the book:

"A bit childish and making too much of an effort to have 'strong female characters', to the point of only havng female charcters. I guess that sells?"

He gave it one star.

For the record, there are some male "charcters" too!



This day in history (permalink)

#10yrsago Microsoft’s DRM makes your computer vulnerable to attack https://www.exploit-db.com/exploits/15061

#10yrsago Multinational copyright companies will require French ISPs turn over 150,000 subscriber names and addresses per day https://torrentfreak.com/france-starts-reporting-millions-of-file-sharers-100921/

#5yrsago Kentucky Republican state Senator: the First Amendment protects my right to receive bribes https://theintercept.com/2015/09/24/state-senator-files-lawsuit-says-ban-lobbyist-gifts-violates-freedom-speech/

#5yrsago Walt Disney’s plan for the FBI of tomorrow https://www.muckrock.com/news/archives/2015/sep/24/walt-disneys-fbi-file/

#5yrsago Study: tracking every RPG book in every public & academic library in the worldhttps://boingboing.net/wp-content/uploads/2015/09/Libraries_and_RPGs.pdf

#5yrsago Dooce quits mommyblogging amid toxic pressure from advertisers https://www.theguardian.com/media/2015/sep/23/heather-armstrong-leaving-dooce-mommy-blog-advertisers

#1yrago Here’s how to take Wired’s advice and get your own e-scooter, for a fraction of the cost https://memex.craphound.com/2019/09/24/heres-how-to-take-wireds-advice-and-get-your-own-e-scooter-for-a-fraction-of-the-cost/

#1yrago Trial begins for the “cum/ex” bankers accused of stealing €447m and trying for €60b https://www.theguardian.com/business/2019/sep/20/the-men-who-plundered-europe-city-of-london-practices-on-trial-in-bonn

#1yrago At the UN, Greta Thunberg excoriates world leaders and her elders for climate inaction https://www.youtube.com/watch?v=qWEpTok6AJo

#1yrago Far-right Australian billionaire demands $500k and a vow of silence from a satirical vlogger https://gizmodo.com/billionaire-threatens-to-sue-youtuber-for-calling-him-f-1838392409

#1yrago Nerf unveils “DRM for darts” https://www.theverge.com/2019/9/23/20880209/nerf-ultra-one-blaster-foam-darts-120-feet-incompatible-ammo-drm-date-price

#1yrago Permanent Record: Edward Snowden and the making of a whistleblower https://memex.craphound.com/2019/09/24/permanent-record-edward-snowden-and-the-making-of-a-whistleblower/

#1yrago Annalee Newitz’s “Future of Another Timeline”: in which punk feminist time travelers battle Men’s Rights Advocates who want to stop feminism from every emerging https://memex.craphound.com/2019/09/24/annalee-newitzs-future-of-another-timeline-in-which-punk-feminist-time-travelers-battle-mens-rights-advocates-who-want-to-stop-feminism-from-every-emerging/



Colophon (permalink)

Today's top sources: Slashdot (https://slashdot.org).

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 507 words (64876 total).

Currently reading: Gideon the Ninth, Tamsyn Muir

Latest podcast: IP https://craphound.com/podcast/2020/09/14/ip/

Upcoming appearances:

Recent appearances:

  • Little Brother vs. Big Audiobook (Techdirt podcast): https://www.techdirt.com/articles/20200922/12403045358/techdirt-podcast-episode-256-little-brother-vs-big-audiobook-with-cory-doctorow.shtml
  • Control, Power and Resistance in the 21st Century (Novara Media): https://youtu.be/aKOe20vqc6I

  • Tech, surveillance & more (Marco Montemagno): https://www.youtube.com/watch?v=VMxNcSNDzLI

Latest book:

Upcoming books:


This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

15:28

PostgreSQL 13 released [LWN.net]

Version 13 of the PostgreSQL database management system is out. "PostgreSQL 13 includes significant improvements to its indexing and lookup system that benefit large databases, including space savings and performance gains for indexes, faster response times for queries that use aggregates or partitions, better query planning when using enhanced statistics, and more. Along with highly requested features like parallelized vacuuming and incremental sorting, PostgreSQL 13 provides a better data management experience for workloads big and small, with optimizations for daily administration, more conveniences for application developers, and security enhancements."

15:14

Link [Scripting News]

Idea for Lincoln Project ad. Take us through history, pictures of the great bloodless transitions in American history. Like this.

Link [Scripting News]

According to Matt McDermott, Trump refusing to commit to a peaceful transfer of power is on page A15 of today's NYT print edition, not the front page. It'd be interesting to hear, from them, why.

Link [Scripting News]

Biden's campaign had a slogan, Build Back Better, but it didn't stick. Campaigns need slogans. For example, with ThinkTank we had See What You Think. Of course Trump has many. MAGA. Mexico will pay for it. Fine people, on both sides. We'll have to see. Just a few. It's okay if a slogan translates into a concrete promise, but it doesn't have to. Obama had Yes We Can. That's pretty good, hard to refute and doesn't really commit to anything in particular. I liked FDR's Happy Days Are Here Again. That campaign happened long before I was born, but in a sense, I remember it. The same way I guess today's kids remember the Beatles.

Inside C++/WinRT: How does C++/WinRT represent ABI types? [The Old New Thing]

C++/WinRT offers a high-level interface to the the low-level Windows Runtime ABI (application binary interface). It does this without any dependency on the Windows header files, which means that it needs some way to talk about the ABI types without actually using the ABI types. How does this work?

C++/WinRT sets up a collection of types which run parallel to the ABI types defined in the system header files. The types are not the same, but they are equivalent at the ABI level, meaning that they have identical binary representations.

When you work in C++/WinRT, there are three (sometimes four) versions of every type, listed here in decreasing order of popularity:

  • C++/WinRT projected types.
  • C++/WinRT implementation types.
  • C++/WinRT ABI-equivalent types.
  • System-defined ABI types. (Not used by C++/WinRT.)

In practice, you will be spending nearly all of your time with C++/WinRT projected types. If you are implementing C++/WinRT classes, then you will also have to deal with C++/WinRT implementation types.

But you will rarely have to deal with C++/WinRT ABI-equivalent types or the underlying system-defined ABI types. Those come into play only when you are interoperating at the ABI layer, and that’s typically something you let the C++/WinRT library do for you.

But I’m going to discuss it anyway, because you may on occasion find yourself having to work at the ABI layer.

Here’s how it works for scalar types:

System C++/WinRT
ABI ABI Projection
BYTE uint8_t
INT16 int16_t
UINT16 uint16_t
INT32 int32_t
UINT32 uint32_t
INT64 int64_t
UINT64 uint64_t
FLOAT float
DOUBLE double
boolean bool
WCHAR char16_t
GUID winrt::guid
enum int32_t
uint32_t
enum
HSTRING void* winrt::hstring
HRESULT int32_t winrt::hresult

For enumerations, the C++/WinRT ABI type is int32_t, unless the enumeration is a flags enumeration, in which case the C++/WinRT ABI type is uint32_t.

The C++/WinRT ABI structures take the form of structures where each member has its corresponding C++/WinRT ABI type. For example,

System ABI struct
{
 INT16 Value1;
 HSTRING Value2;
 SomeEnum Value3;
};
C++/WinRT ABI struct
{
 int16_t Value1;
 void* Value2;
 int32_t Value3;
};
Projection struct
{
 int16_t Value1;
 hstring Value2;
 SomeEnum Value3;
};
System C++/WinRT
ABI ABI Projection
struct
{
 INT16 Value1;
 HSTRING Value2;
 SomeEnum Value3;
};
struct
{
 int16_t Value1;
 void* Value2;
 int32_t Value3;
};
struct
{
 int16_t Value1;
 hstring Value2;
 SomeEnum Value3;
};
-->

If the structure contains another structure, then the rule is applied recursively.

Finally, C++/WinRT interfaces are represented in the C++/WinRT ABI by a pure virtual class whose members are the interface methods, but with all parameters converted to their C++/WinRT ABI types. For example,

System ABI struct ISomething : ::IInspectable
{
 virtual HRESULT
  Method1(INT32 param1) = 0;
 virtual HRESULT
  Method2(HSTRING* result) = 0;
};
C++/WinRT ABI struct ISomething : inspectable_abi
{
 virtual int32_t
  Method1(int32_t param1) = 0;
 virtual int32_t
  Method2(void** result) = 0;
};
Projection struct ISomething : winrt::IInspectable
{
 void Method1(int32_t param1);
 winrt::hstring Method2();
};
System C++/WinRT
ABI ABI Projection
struct ISomething : ::IInspectable
{
 virtual HRESULT
  Method1(INT32 param1) = 0;
 virtual HRESULT
  Method2(HSTRING* result) = 0;
};
struct ISomething :: inspectable_abi
{
 virtual int32_t
  Method1(int32_t param1) = 0;
 virtual int32_t
  Method2(void** result) = 0;
};
struct ISomething : winrt::IInspectable
{
 void Method1(int32_t param1);
 winrt::hstring Method2();
};
-->

These different versions are placed in separate namespaces.

The System ABI puts metadata-defined types in the ABI namespace. For example, Windows.Foundation.Point is defined in the System ABI as ABI::Windows::Foundation::Point. (Metadata types are the types defined in the .winmd metadata files. Fundamental types like the basic integer types, HSTRING, IUnknown, and IInspectable are not defined in metadata and reside in the global namespace.)

The C++/WinRT ABI puts metadata-defined types in the winrt::impl namespace, often as anonymous types. You need to know that they exist, and what they look like, but you aren’t expected to be using them directly.

The C++/WinRT projection puts metadata-defined types in the winrt namespace. For example, Windows.Foundation.Point is defined in the C++/WinRT projection as winrt::Windows::Foundation::Point.

The winrt::impl namespace contains internal implementation details, and that’s where the abi template type hangs out. Its job is to convert C++/WinRT types into their corresponding C++/WinRT ABI types. For any projected type T, the type winrt::impl::abi<T>::type is the corresponding C++/WinRT ABI type. You shouldn’t be using this template directly, but I’m mentioning it so that when you find yourself single-stepping through the C++/WinRT library, you’ll know what that weird abi template is.

The post Inside C++/WinRT: How does C++/WinRT represent ABI types? appeared first on The Old New Thing.

14:42

Security updates for Thursday [LWN.net]

Security updates have been issued by Fedora (firefox, libproxy, mbedtls, samba, and zeromq), openSUSE (chromium and virtualbox), Red Hat (firefox and kernel), SUSE (cifs-utils, conmon, fuse-overlayfs, libcontainers-common, podman, libcdio, python-pip, samba, and wavpack), and Ubuntu (rdflib).

14:28

Link [Scripting News]

Why does the browser’s Back button not work in Facebook? When you hit the Back button you're taken to a random place. You have to remember to look for a link to the previous comment, or the post, and usually you forget. No other website works like this. And once you erroneously hit the Back button the Forward button doesn't work either. The place you were at is lost. This is pretty bad for software that's ten years old, and the bug persists even in the new version, suggesting it's a deep flaw in the design, or worse, it's intentional.

12:28

Iranian Government Hacking Android [Schneier on Security]

The New York Times wrote about a still-unreleased report from Chckpoint and the Miaan Group:

The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought to be secure mobile phones and computers belonging to the targets, overcoming obstacles created by encrypted applications such as Telegram and, according to Miaan, even gaining access to information on WhatsApp. Both are popular messaging tools in Iran. The hackers also have created malware disguised as Android applications, the reports said.

It looks like the standard technique of getting the victim to open a document or application.

12:00

CodeSOD: A Generic Comment [The Daily WTF]

To my mind, code comments are important to explain why the code what it does, not so much what it does. Ideally, the what is clear enough from the code that you don’t have to. Today, we have no code,...

11:28

Grrl Power #878 – Fist face floor [Grrl Power]

The hardest part about being Cora is coming up with a UI that lets her pull from her quite frankly asinine arsenal in a quick and efficient manner. She hasn’t quite cracked the tech that makes the world slow down when she opens her weapon wheel. “Hmm. Chainfist? Chainsaw fist? Meat tenderizer? Tazer knuckles? Spike fist with DNA collector? Aw, who am I kidding, they wind up with plenty of DNA on them.”

I know what you’re wondering. Has Cora been stabbed and hacked in the limbs enough for her to install a subroutine that makes little clamps to automatically entangle said stabby or hacky implements?

The answer is yes.

It occurs to me that Cora is basically Green Lantern, but just for her own limbs. With more color options.

I had an odd thought while coloring this page. Would Cora’s hard light “metal” armor be reflective? Not like, reflecting lasers, I mean would it reflect the environment? Probably not, right? Unless she programmed it to. (Or more likely, grabbed some open source shader) But if you’re making holographic battle armor to perfectly align with your projected force fields, how much processor time do you devote to rendering? Cora has hella thicc FlOps, so it probably doesn’t matter, but it’s interesting to think about the various iterations of her hard light gear. Like the first version could have been flat shaded, no specular highlights or self shading, leaving her walking around looking like something out of The Last Starfighter (which had some basic ass rendering). I guess she eventually she decided that making her hard light gear actually look like real physical materials would help her in situations where people thought she was wearing nothing but a thin cotton T-Shirt and a pair of Daisy Dukes.

Wondering if she put the effort into making a holographic thin cotton T-Shirt go all transparent when it gets wet?

The answer is yes.

I should mention, Detla’s design is kind of… let’s call it homage to a model made by Dmytro Bajda, who is really good at sculpting skinny girls with sexy lips.


Double res version will be posted over at Patreon. Feel free to contribute as much as you like!

10:21

When can we talk about our systems? [Seth's Blog]

Your team is down by a few points and the game is almost over. What play should you call?

[When can we talk about the system of drafting and training that got your team to this situation in the first place?]

Your back hurts and you think you need surgery to help with the pain.

[When can we talk about the technique you use when you go running every day?]

Your employee shows up late regularly. How can you get them to care more?

[When can we talk about your hiring and leadership approaches?]

There’s racial injustice and unfairness all around us.

[Can we talk about persistent indoctrination around caste?]

You just had an argument with your brother. What’s the best way for him to see that you’re right?

[When can we talk about the narratives your family has developed for generations?]

Universities and local schools are in crisis with testing in disarray and distant learning ineffective…

[When can we talk about what school is for?]

It’s comfortable to ignore the system, to assume it is as permanent as the water surrounding your goldfish. But the fact that we have these tactical problems is all the evidence we need to see that something is causing them, and that spending time on the underlying structure could make a difference.

In a crisis, there’s maximum attention. And in a crisis, we often discard any pretense of caring about systems and resilience and focus only on how to get back to normal. This is precisely why normal is what normal is, because we fight to get back to it.

Changing the system changes everything. And it might be even less work than pouring water on today’s tactical emergency.

Feeds

FeedRSSLast fetchedNext fetched after
XML 11:42, Monday, 28 September 12:23, Monday, 28 September
a bag of four grapes XML 12:00, Monday, 28 September 12:42, Monday, 28 September
A Smart Bear: Startups and Marketing for Geeks XML 11:42, Monday, 28 September 12:23, Monday, 28 September
Anarcho's blog XML 11:49, Monday, 28 September 12:33, Monday, 28 September
Ansible XML 11:42, Monday, 28 September 12:22, Monday, 28 September
Bad Science XML 11:49, Monday, 28 September 12:38, Monday, 28 September
Black Doggerel XML 11:42, Monday, 28 September 12:23, Monday, 28 September
Blog – Official site of Stephen Fry XML 11:49, Monday, 28 September 12:38, Monday, 28 September
Broodhollow XML 11:42, Monday, 28 September 12:23, Monday, 28 September
Charlie Brooker | The Guardian XML 12:00, Monday, 28 September 12:42, Monday, 28 September
Charlie's Diary XML 11:21, Monday, 28 September 12:09, Monday, 28 September
Chasing the Sunset - Comics Only XML 11:49, Monday, 28 September 12:38, Monday, 28 September
Clay Shirky XML 11:49, Monday, 28 September 12:33, Monday, 28 September
Coding Horror XML 11:21, Monday, 28 September 12:08, Monday, 28 September
Cory Doctorow – Boing Boing XML 11:42, Monday, 28 September 12:23, Monday, 28 September
Cory Doctorow's craphound.com XML 12:00, Monday, 28 September 12:42, Monday, 28 September
Ctrl+Alt+Del Comic XML 11:21, Monday, 28 September 12:09, Monday, 28 September
Cyberunions XML 11:49, Monday, 28 September 12:38, Monday, 28 September
David Mitchell | The Guardian XML 11:49, Monday, 28 September 12:32, Monday, 28 September
Debian GNU/Linux System Administration Resources XML 11:42, Monday, 28 September 12:23, Monday, 28 September
Deeplinks XML 11:49, Monday, 28 September 12:33, Monday, 28 September
Diesel Sweeties webcomic by rstevens XML 11:49, Monday, 28 September 12:32, Monday, 28 September
Dilbert XML 11:49, Monday, 28 September 12:38, Monday, 28 September
Dork Tower XML 12:00, Monday, 28 September 12:42, Monday, 28 September
Edmund Finney's Quest to Find the Meaning of Life XML 11:49, Monday, 28 September 12:32, Monday, 28 September
Eerie Cuties XML 11:21, Monday, 28 September 12:08, Monday, 28 September
EFF Action Center XML 11:49, Monday, 28 September 12:32, Monday, 28 September
Enspiral Tales - Medium XML 11:49, Monday, 28 September 12:34, Monday, 28 September
Erin Dies Alone XML 11:21, Monday, 28 September 12:08, Monday, 28 September
Events XML 11:21, Monday, 28 September 12:09, Monday, 28 September
Falkvinge on Liberty XML 11:21, Monday, 28 September 12:09, Monday, 28 September
Flipside XML 12:00, Monday, 28 September 12:42, Monday, 28 September
Free software jobs XML 11:42, Monday, 28 September 12:22, Monday, 28 September
Full Frontal Nerdity by Aaron Williams XML 11:21, Monday, 28 September 12:09, Monday, 28 September
General Protection Fault: The Comic Strip XML 11:21, Monday, 28 September 12:09, Monday, 28 September
George Monbiot XML 11:49, Monday, 28 September 12:32, Monday, 28 September
Girl Genius XML 11:49, Monday, 28 September 12:32, Monday, 28 September
God Hates Astronauts XML 11:21, Monday, 28 September 12:09, Monday, 28 September
Graeme Smith XML 11:49, Monday, 28 September 12:33, Monday, 28 September
Groklaw XML 11:21, Monday, 28 September 12:09, Monday, 28 September
Grrl Power XML 12:00, Monday, 28 September 12:42, Monday, 28 September
Hackney Anarchist Group XML 11:49, Monday, 28 September 12:38, Monday, 28 September
http://calendar.google.com/calendar/feeds/q7s5o02sj8hcam52hutbcofoo4%40group.calendar.google.com/public/basic XML 11:42, Monday, 28 September 12:22, Monday, 28 September
http://dynamic.boingboing.net/cgi-bin/mt/mt-cp.cgi?__mode=feed&_type=posts&blog_id=1&id=1 XML 11:49, Monday, 28 September 12:34, Monday, 28 September
http://eng.anarchoblogs.org/feed/atom/ XML 12:07, Monday, 28 September 12:53, Monday, 28 September
http://feed43.com/3874015735218037.xml XML 12:07, Monday, 28 September 12:53, Monday, 28 September
http://feeds2.feedburner.com/GeekEtiquette?format=xml XML 11:49, Monday, 28 September 12:32, Monday, 28 September
http://fulltextrssfeed.com/ XML 11:49, Monday, 28 September 12:32, Monday, 28 September
http://london.indymedia.org/articles.rss XML 11:21, Monday, 28 September 12:08, Monday, 28 September
http://pipes.yahoo.com/pipes/pipe.run?_id=ad0530218c055aa302f7e0e84d5d6515&amp;_render=rss XML 12:07, Monday, 28 September 12:53, Monday, 28 September
http://the-programmers-stone.com/feed/ XML 11:21, Monday, 28 September 12:08, Monday, 28 September
http://thecommune.co.uk/feed/ XML 11:49, Monday, 28 September 12:34, Monday, 28 September
http://www.airshipentertainment.com/buck/buckcomic/buck.rss XML 11:49, Monday, 28 September 12:38, Monday, 28 September
http://www.airshipentertainment.com/growf/growfcomic/growf.rss XML 11:49, Monday, 28 September 12:33, Monday, 28 September
http://www.airshipentertainment.com/myth/mythcomic/myth.rss XML 12:00, Monday, 28 September 12:42, Monday, 28 September
http://www.baen.com/baenebooks XML 11:49, Monday, 28 September 12:33, Monday, 28 September
http://www.dcscience.net/feed/medium.co XML 11:49, Monday, 28 September 12:38, Monday, 28 September
http://www.feedsapi.com/makefulltextfeed.php?url=http%3A%2F%2Fwww.somethingpositive.net%2Fsp.xml&what=auto&key=&max=7&links=preserve&exc=&privacy=I+accept XML 11:49, Monday, 28 September 12:33, Monday, 28 September
http://www.freedompress.org.uk/news/feed/ XML 11:21, Monday, 28 September 12:09, Monday, 28 September
http://www.steampunkmagazine.com/inside/feed/ XML 11:42, Monday, 28 September 12:23, Monday, 28 September
http://www.tinycat.co.uk/feed/ XML 11:42, Monday, 28 September 12:22, Monday, 28 September
https://hackbloc.org/rss.xml XML 11:42, Monday, 28 September 12:23, Monday, 28 September
https://kajafoglio.livejournal.com/data/atom/ XML 11:49, Monday, 28 September 12:38, Monday, 28 September
https://philfoglio.livejournal.com/data/atom/ XML 11:21, Monday, 28 September 12:08, Monday, 28 September
https://studiofoglio.livejournal.com/data/atom/ XML 12:07, Monday, 28 September 12:53, Monday, 28 September
https://twitter.com/statuses/user_timeline/22724360.rss XML 11:42, Monday, 28 September 12:22, Monday, 28 September
https://web.randi.org/?format=feed&type=rss XML 11:49, Monday, 28 September 12:32, Monday, 28 September
https://www.DropCatch.com/domain/ubuntuweblogs.org XML 12:07, Monday, 28 September 12:53, Monday, 28 September
https://www.goblinscomic.com/category/comics/feed/ XML 11:42, Monday, 28 September 12:22, Monday, 28 September
https://www.hackneysolidarity.info/rss.xml XML 11:49, Monday, 28 September 12:34, Monday, 28 September
https://www.newstatesman.com/feeds/blogs/laurie-penny.rss XML 11:42, Monday, 28 September 12:23, Monday, 28 September
https://www.patreon.com/graveyardgreg/posts/comic.rss XML 11:21, Monday, 28 September 12:08, Monday, 28 September
https://www.rightmove.co.uk/rss/property-for-sale/find.html?locationIdentifier=REGION^876&maxPrice=240000&minBedrooms=2&displayPropertyType=houses&oldDisplayPropertyType=houses&primaryDisplayPropertyType=houses&oldPrimaryDisplayPropertyType=houses&numberOfPropertiesPerPage=24 XML 11:49, Monday, 28 September 12:32, Monday, 28 September
Humble Bundle Blog XML 11:21, Monday, 28 September 12:08, Monday, 28 September
I, Cringely XML 11:21, Monday, 28 September 12:09, Monday, 28 September
Irregular Webcomic! XML 11:42, Monday, 28 September 12:23, Monday, 28 September
Joel on Software XML 12:07, Monday, 28 September 12:53, Monday, 28 September
Judith Proctor's Journal XML 11:42, Monday, 28 September 12:22, Monday, 28 September
Krebs on Security XML 11:42, Monday, 28 September 12:23, Monday, 28 September
Lambda the Ultimate - Programming Languages Weblog XML 11:42, Monday, 28 September 12:22, Monday, 28 September
LLVM Project Blog XML 11:49, Monday, 28 September 12:34, Monday, 28 September
Looking For Group XML 11:49, Monday, 28 September 12:33, Monday, 28 September
Loomio Blog XML 12:07, Monday, 28 September 12:53, Monday, 28 September
LWN.net XML 11:42, Monday, 28 September 12:23, Monday, 28 September
Menage a 3 XML 11:49, Monday, 28 September 12:33, Monday, 28 September
Mimi and Eunice XML 11:49, Monday, 28 September 12:34, Monday, 28 September
Neil Gaiman's Journal XML 11:42, Monday, 28 September 12:22, Monday, 28 September
Nina Paley XML 11:21, Monday, 28 September 12:08, Monday, 28 September
O Abnormal – Scifi/Fantasy Artist XML 11:49, Monday, 28 September 12:34, Monday, 28 September
Oglaf! -- Comics. Often dirty. XML 11:21, Monday, 28 September 12:09, Monday, 28 September
Oh Joy Sex Toy XML 11:49, Monday, 28 September 12:33, Monday, 28 September
Order of the Stick XML 11:49, Monday, 28 September 12:33, Monday, 28 September
Original Fiction – Tor.com XML 12:00, Monday, 28 September 12:42, Monday, 28 September
OSnews XML 11:49, Monday, 28 September 12:34, Monday, 28 September
Paul Graham: Unofficial RSS Feed XML 11:49, Monday, 28 September 12:34, Monday, 28 September
Penny Arcade XML 12:00, Monday, 28 September 12:42, Monday, 28 September
Penny Red XML 11:49, Monday, 28 September 12:34, Monday, 28 September
PHD Comics XML 11:49, Monday, 28 September 12:38, Monday, 28 September
Phil's blog XML 11:21, Monday, 28 September 12:09, Monday, 28 September
Planet Debian XML 11:49, Monday, 28 September 12:34, Monday, 28 September
Planet GNU XML 11:49, Monday, 28 September 12:30, Monday, 28 September
Planet GridPP XML 11:21, Monday, 28 September 12:08, Monday, 28 September
Planet Lisp XML 11:49, Monday, 28 September 12:38, Monday, 28 September
Pluralistic: Daily links from Cory Doctorow XML 11:42, Monday, 28 September 12:22, Monday, 28 September
Property is Theft! XML 11:42, Monday, 28 September 12:22, Monday, 28 September
PS238 by Aaron Williams XML 11:21, Monday, 28 September 12:09, Monday, 28 September
QC RSS XML 11:21, Monday, 28 September 12:08, Monday, 28 September
Radar XML 12:00, Monday, 28 September 12:42, Monday, 28 September
RevK®'s ramblings XML 12:07, Monday, 28 September 12:53, Monday, 28 September
Richard Stallman's Political Notes XML 11:49, Monday, 28 September 12:38, Monday, 28 September
Scenes From A Multiverse XML 11:21, Monday, 28 September 12:08, Monday, 28 September
Schneier on Security XML 11:42, Monday, 28 September 12:22, Monday, 28 September
SCHNEWS.ORG.UK XML 11:49, Monday, 28 September 12:33, Monday, 28 September
Scripting News XML 12:00, Monday, 28 September 12:42, Monday, 28 September
Seth's Blog XML 12:07, Monday, 28 September 12:53, Monday, 28 September
Skin Horse XML 12:00, Monday, 28 September 12:42, Monday, 28 September
Starslip by Kris Straub XML 12:00, Monday, 28 September 12:42, Monday, 28 September
Tales From the Riverbank XML 11:49, Monday, 28 September 12:38, Monday, 28 September
The Adventures of Dr. McNinja XML 11:49, Monday, 28 September 12:34, Monday, 28 September
The Bumpycat sat on the mat XML 11:42, Monday, 28 September 12:22, Monday, 28 September
The Command Line XML 12:07, Monday, 28 September 12:53, Monday, 28 September
The Daily WTF XML 12:07, Monday, 28 September 12:53, Monday, 28 September
The Monochrome Mob XML 11:42, Monday, 28 September 12:23, Monday, 28 September
The Non-Adventures of Wonderella XML 11:49, Monday, 28 September 12:32, Monday, 28 September
The Old New Thing XML 11:49, Monday, 28 September 12:33, Monday, 28 September
The Open Source Grid Engine Blog XML 11:21, Monday, 28 September 12:08, Monday, 28 September
The Phoenix Requiem XML 11:42, Monday, 28 September 12:22, Monday, 28 September
The Rogues Gallery XML 11:21, Monday, 28 September 12:09, Monday, 28 September
The Stranger, Seattle's Only Newspaper: Savage Love XML 11:49, Monday, 28 September 12:34, Monday, 28 September
TorrentFreak XML 11:49, Monday, 28 September 12:32, Monday, 28 September
towerhamletsalarm XML 12:07, Monday, 28 September 12:53, Monday, 28 September
Twokinds XML 12:00, Monday, 28 September 12:42, Monday, 28 September
UK Indymedia Features XML 12:00, Monday, 28 September 12:42, Monday, 28 September
Uploads from ne11y XML 12:07, Monday, 28 September 12:53, Monday, 28 September
Uploads from piasladic XML 11:49, Monday, 28 September 12:32, Monday, 28 September
Use Sword on Monster XML 11:21, Monday, 28 September 12:08, Monday, 28 September
Wayward Sons: Legends - Sci-Fi Full Page Webcomic - Updates Daily XML 12:07, Monday, 28 September 12:53, Monday, 28 September
What If? XML 11:42, Monday, 28 September 12:23, Monday, 28 September
Whatever XML 11:49, Monday, 28 September 12:38, Monday, 28 September
Whitechapel Anarchist Group XML 11:49, Monday, 28 September 12:38, Monday, 28 September
WIL WHEATON dot NET XML 11:49, Monday, 28 September 12:33, Monday, 28 September
wish XML 11:49, Monday, 28 September 12:34, Monday, 28 September
xkcd.com XML 11:49, Monday, 28 September 12:32, Monday, 28 September